diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 1a0b6a2cb..707915047 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -48,5 +48,5 @@ spec:
       path: {{ kube_config_dir }}
     name: kubernetes-config
   - hostPath:
-      path: /usr/share/ca-certificates
+      path: /etc/ssl/certs/
     name: ssl-certs-host
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index 4b9ed2f74..3ae4c18fc 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -16,6 +16,10 @@ spec:
     - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
     - --root-ca-file={{ kube_cert_dir }}/ca.pem
     - --v={{ kube_log_level | default('2') }}
+{% if cloud_provider is defined and cloud_provider == "openstack" %}
+    - --cloud-provider=openstack
+    - --cloud-config={{ kube_config_dir }}/cloud_config
+{% endif %}
     livenessProbe:
       httpGet:
         host: 127.0.0.1
@@ -30,10 +34,20 @@ spec:
     - mountPath: /etc/ssl/certs
       name: ssl-certs-host
       readOnly: true
+{% if cloud_provider is defined and cloud_provider == "openstack" %}
+    - mountPath: {{ kube_config_dir }}/cloud_config
+      name: cloudconfig
+      readOnly: true
+{% endif %}
   volumes:
   - hostPath:
       path: {{ kube_cert_dir }}
     name: ssl-certs-kubernetes
   - hostPath:
-      path: /usr/share/ca-certificates
+      path: /etc/ssl/certs/
     name: ssl-certs-host
+{% if cloud_provider is defined and cloud_provider == "openstack" %}
+  - hostPath:
+      path: {{ kube_config_dir }}/cloud_config
+    name: cloudconfig
+{% endif %}