ensure ALL certs are synced between masters

9f8466a1 · Spencer Smith · 5253b3ec · 9f8466a1
Commit 9f8466a1 authored 8 years ago by Spencer Smith
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -21,7 +21,7 @@
  notify: set secret_changed

 - set_fact:
-    master_certs: ['ca.pem', 'ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
+    master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
    node_certs: ['ca.pem', 'node.pem', 'node-key.pem']

 - name: certs | Get the certs from first master
@@ -39,8 +39,7 @@
    content: "{{ item.content|b64decode }}"
    dest: "{{ item.source }}"
  with_items: '{{slurp_certs.results}}'
-  when: item.item in master_certs and
-        inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
+  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
        inventory_hostname != groups['kube-master'][0]

 - name: certs | Copy certs on nodes