Write certs to an absolute path

pkg/cluster/certs.go

@@ -8,18 +8,19 @@ import (
 func (c *Cluster) initCerts() {
 	// Prepare the cluster PKI
 	if c.node.Role == Master {
-		ca, err := pki.NewClusterCA("pki")
+		ca, err := pki.NewClusterCA("/pki")
 		if err != nil {
 			logrus.Fatal("could not initialize pki: ", err)
 		}
-		masterCerts, err := pki.NewMasterCerts("master", c.networking.NodeAddress.IP)
+		masterCerts, err := pki.NewMasterCerts("/master", c.networking.NodeAddress.IP)
 		if err != nil {
 			logrus.Fatal("could not initialize master certs: ", err)
 		}
 		c.pki = ca
 		c.masterCerts = masterCerts
+		c.pki.SignMasterCerts(c.masterCerts)
 	} else {
-		ca, err := pki.EmptyClusterCA("pki")
+		ca, err := pki.EmptyClusterCA("/pki")
 		if err != nil {
 			logrus.Fatal("could not initialize pki: ", err)
 		}
@@ -27,7 +28,7 @@ func (c *Cluster) initCerts() {
 	}
 	c.ml.State.PKI = c.pki
 	// Initialize node certificates
-	certs, err := pki.NewNodeCerts("certs", c.node.Name)
+	certs, err := pki.NewNodeCerts("/certs", c.node.Name)
 	if err != nil {
 		logrus.Fatal("could not initialize node certificates: ", err)
 	}
@@ -40,7 +41,6 @@ func (c *Cluster) handlePKI() {
 	if c.node.Role != Master {
 		return
 	}
-	c.pki.SignMasterCerts(c.masterCerts)
 	for name, certs := range c.ml.State.Certificates {
 		c.pki.SignNodeCerts(name, certs)
 	}