From 82d10b882cfc39f96c4d9d828d9548ab6e6d0a29 Mon Sep 17 00:00:00 2001
From: woopstar <andreas@kruger.nu>
Date: Mon, 5 Feb 2018 20:06:55 +0100
Subject: [PATCH] Added fixes from whereismyjetpack

---
 roles/kubernetes/secrets/files/make-ssl.sh          | 2 +-
 roles/kubernetes/secrets/tasks/check-certs.yml      | 5 +++--
 roles/kubernetes/secrets/tasks/gen_certs_script.yml | 2 ++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/kubernetes/secrets/files/make-ssl.sh b/roles/kubernetes/secrets/files/make-ssl.sh
index 8cfc0728a..61668992d 100755
--- a/roles/kubernetes/secrets/files/make-ssl.sh
+++ b/roles/kubernetes/secrets/files/make-ssl.sh
@@ -94,7 +94,7 @@ if [ -n "$MASTERS" ]; then
     # kube-controller-manager
     gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager"
     # metrics aggregator
-    gen_key_and_cert "aggregator-proxy-client" "/CN=system:aggregator-proxy-client"
+    gen_key_and_cert "aggregator-proxy-client" "/CN=aggregator"
 
     for host in $MASTERS; do
         cn="${host%%.*}"
diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 782da6863..3b3b20300 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -105,7 +105,8 @@
       {% if gen_node_certs[inventory_hostname] or
         (not kubecert_node.results[0].stat.exists|default(False)) or
           (not kubecert_node.results[10].stat.exists|default(False)) or
-            (kubecert_node.results[10].stat.checksum|default('') != kubecert_master.files|selectattr("path", "equalto", kubecert_node.results[10].stat.path)|map(attribute="checksum")|first|default('')) -%}
-              {%- set _ = certs.update({'sync': True}) -%}
+            (not kubecert_node.results[7].stat.exists|default(False)) or
+              (kubecert_node.results[10].stat.checksum|default('') != kubecert_master.files|selectattr("path", "equalto", kubecert_node.results[10].stat.path)|map(attribute="checksum")|first|default('')) -%}
+                {%- set _ = certs.update({'sync': True}) -%}
       {% endif %}
       {{ certs.sync }}
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_script.yml b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
index 9be59fb7b..0b88e0f14 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -84,6 +84,8 @@
                       'admin-{{ inventory_hostname }}-key.pem',
                       'apiserver.pem',
                       'apiserver-key.pem',
+                      'aggregator-proxy-client.pem',
+                      'aggregator-proxy-client-key.pem',
                       'kube-scheduler.pem',
                       'kube-scheduler-key.pem',
                       'kube-controller-manager.pem',
-- 
GitLab