mattymo/gist:54c816414c413401a60f5847db0b7a7c

## gistfile1.txt
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 99ed2bd..a74e52b 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -27,3 +27,5 @@ nginx_cpu_requests: 50m

 nginx_image_repo: nginx
 nginx_image_tag: 1.11.4-alpine
+
+etcd_config_dir: /etc/ssl/etcd
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index 48da9f7..12ce01c 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/rkt run \
         --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
         --volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
         --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
+        --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
         --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
         --volume run,kind=host,source=/run,readOnly=false \
         --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
@@ -34,6 +35,7 @@ ExecStart=/usr/bin/rkt run \
         --mount volume=etc-cni,target=/etc/cni \
         --mount volume=etc-kubernetes,target={{ kube_config_dir }} \
         --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+        --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
         --mount volume=opt-cni,target=/opt/cni \
         --mount volume=run,target=/run \
         --mount volume=usr-share-certs,target=/usr/share/ca-certificates \
	diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
	index 99ed2bd..a74e52b 100644
	--- a/roles/kubernetes/node/defaults/main.yml
	+++ b/roles/kubernetes/node/defaults/main.yml
	@@ -27,3 +27,5 @@ nginx_cpu_requests: 50m

	nginx_image_repo: nginx
	nginx_image_tag: 1.11.4-alpine
	+
	+etcd_config_dir: /etc/ssl/etcd
	diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
	index 48da9f7..12ce01c 100644
	--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
	+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
	@@ -24,6 +24,7 @@ ExecStart=/usr/bin/rkt run \
	--volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
	--volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
	--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
	+ --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
	--volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
	--volume run,kind=host,source=/run,readOnly=false \
	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
	@@ -34,6 +35,7 @@ ExecStart=/usr/bin/rkt run \
	--mount volume=etc-cni,target=/etc/cni \
	--mount volume=etc-kubernetes,target={{ kube_config_dir }} \
	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
	+ --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
	--mount volume=opt-cni,target=/opt/cni \
	--mount volume=run,target=/run \
	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \