diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 5875fdbf45b23faee140a2091a52f68a0739f624..1d64dd0f16b8abe28df8b45b7e0679b1e2f9c35e 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -1,5 +1,5 @@
 ---
-- name: "Check certs | check if the certs have already been generated on first master"
+- name: "Check_certs | check if the certs have already been generated on first master"
   stat:
     path: "{{ kube_cert_dir }}/ca.pem"
   delegate_to: "{{groups['kube-master'][0]}}"
diff --git a/roles/kubernetes/secrets/tasks/check-tokens.yml b/roles/kubernetes/secrets/tasks/check-tokens.yml
index cfb579ad7a8862d05dec3eed4758c565522b879d..1ecaa70060bcd213e77e69de3dc6088b6deb52c8 100644
--- a/roles/kubernetes/secrets/tasks/check-tokens.yml
+++ b/roles/kubernetes/secrets/tasks/check-tokens.yml
@@ -1,5 +1,5 @@
 ---
-- name: "Check tokens | check if the tokens have already been generated on first master"
+- name: "Check_tokens | check if the tokens have already been generated on first master"
   stat:
     path: "{{ kube_token_dir }}/known_tokens.csv"
   delegate_to: "{{groups['kube-master'][0]}}"
diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index 295ebcb0c61503f41302bf750ca27e59eee74c91..7178bce0c9d7fe340e13d4b9861efb34bd1914f5 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -1,5 +1,5 @@
 ---
-- name: certs | write openssl config
+- name: Gen_certs | write openssl config
   template:
     src: "openssl.conf.j2"
     dest: "{{ kube_config_dir }}/openssl.conf"
@@ -7,7 +7,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_certs|default(false)
 
-- name: certs | copy certs generation script
+- name: Gen_certs | copy certs generation script
   copy:
     src: "make-ssl.sh"
     dest: "{{ kube_script_dir }}/make-ssl.sh"
@@ -16,7 +16,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_certs|default(false)
 
-- name: certs | run cert generation script
+- name: Gen_certs | run cert generation script
   command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}"
   run_once: yes
   delegate_to: "{{groups['kube-master'][0]}}"
@@ -27,7 +27,7 @@
     master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
 
-- name: certs | Get the certs from first master
+- name: Gen_certs | Get the certs from first master
   slurp:
     src: "{{ kube_cert_dir }}/{{ item }}"
   delegate_to: "{{groups['kube-master'][0]}}"
@@ -37,7 +37,7 @@
   run_once: true
   notify: set secret_changed
 
-- name: certs | Copy certs on masters
+- name: Gen_certs | Copy certs on masters
   copy:
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
@@ -45,7 +45,7 @@
   when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
-- name: certs | Copy certs on nodes
+- name: Gen_certs | Copy certs on nodes
   copy:
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
@@ -54,19 +54,14 @@
         inventory_hostname in groups['kube-node'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
-- name: certs | check certificate permissions
+- name: Gen_certs | check certificate permissions
   file:
     path={{ kube_cert_dir }}
     group={{ kube_cert_group }}
     owner=kube
     recurse=yes
 
-- shell: ls {{ kube_cert_dir}}/*key.pem
-  register: keyfiles
+- name: Gen_certs | set permissions on keys
+  shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
+  when: inventory_hostname in groups['kube-master']
   changed_when: false
-
-- name: certs | set permissions on keys
-  file:
-    path: "{{ item }}"
-    mode: 0600
-  with_items: "{{ keyfiles.stdout_lines }}"
diff --git a/roles/kubernetes/secrets/tasks/gen_tokens.yml b/roles/kubernetes/secrets/tasks/gen_tokens.yml
index b432132475ec447fbe06bacb579356cead460379..796657f650a23a9a6ef8a27b98b9e53164590269 100644
--- a/roles/kubernetes/secrets/tasks/gen_tokens.yml
+++ b/roles/kubernetes/secrets/tasks/gen_tokens.yml
@@ -1,5 +1,5 @@
 ---
-- name: tokens | copy tokens generation script
+- name: Gen_tokens | copy tokens generation script
   copy:
     src: "kube-gen-token.sh"
     dest: "{{ kube_script_dir }}/kube-gen-token.sh"
@@ -8,7 +8,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- name: tokens | generate tokens for master components
+- name: Gen_tokens | generate tokens for master components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
   environment:
     TOKEN_DIR: "{{ kube_token_dir }}"
@@ -22,7 +22,7 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- name: tokens | generate tokens for node components
+- name: Gen_tokens | generate tokens for node components
   command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
   environment:
     TOKEN_DIR: "{{ kube_token_dir }}"
@@ -36,14 +36,14 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- name: tokens | Get list of tokens from first master
+- name: Gen_tokens | Get list of tokens from first master
   shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
   register: tokens_list
   changed_when: false
   delegate_to: "{{groups['kube-master'][0]}}"
   when: sync_tokens|default(false)
 
-- name: tokens | Get the tokens from first master
+- name: Gen_tokens | Get the tokens from first master
   slurp:
     src: "{{ item }}"
   register: slurp_tokens
@@ -53,7 +53,7 @@
   when: sync_tokens|default(false)
   notify: set secret_changed
 
-- name: tokens | Copy tokens on masters
+- name: Gen_tokens | Copy tokens on masters
   copy:
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
diff --git a/roles/network_plugin/flannel/handlers/main.yml b/roles/network_plugin/flannel/handlers/main.yml
index 4273705698c6366e45f0777d838e3f0a16f40007..cb3986312b5dd4786e2825edb5550120bc926c50 100644
--- a/roles/network_plugin/flannel/handlers/main.yml
+++ b/roles/network_plugin/flannel/handlers/main.yml
@@ -1,4 +1,9 @@
 ---
+- name: delete default docker bridge
+  command: ip link delete docker0
+  ignore_errors: yes
+  notify: restart docker
+
 - name: restart docker
   command: /bin/true
   notify:
@@ -6,11 +11,6 @@
     - reload docker
     - reload kubelet
 
-- name: delete default docker bridge
-  command: ip link delete docker0
-  ignore_errors: yes
-  notify: restart docker
-
 - name : reload systemd
   shell: systemctl daemon-reload
   when: ansible_service_mgr == "systemd"