From 7cf8ad4dc732f5f09ee59a6b1d9b8c620a972b9d Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Tue, 6 Aug 2019 10:59:53 +0300
Subject: [PATCH] Optionally refresh kubeadm token every time (#5043)

Change-Id: I278cb14aa93abf20160cc001f69e2f472504e6d8
---
 roles/kubernetes/master/defaults/main/main.yml  | 3 +++
 roles/kubernetes/master/tasks/kubeadm-setup.yml | 1 +
 2 files changed, 4 insertions(+)

diff --git a/roles/kubernetes/master/defaults/main/main.yml b/roles/kubernetes/master/defaults/main/main.yml
index 28b4a0980..65e06c01e 100644
--- a/roles/kubernetes/master/defaults/main/main.yml
+++ b/roles/kubernetes/master/defaults/main/main.yml
@@ -41,6 +41,9 @@ kube_scheduler_bind_address: 0.0.0.0
 # discovery_timeout modifies the discovery timeout
 discovery_timeout: 5m0s
 
+# Instruct first master to refresh kubeadm token
+kubeadm_refresh_token: true
+
 # audit support
 kubernetes_audit: false
 # path to audit log file
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index a6baac2a6..3cbd2feb8 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -146,6 +146,7 @@
   when:
     - inventory_hostname == groups['kube-master']|first
     - kubeadm_token is defined
+    - kubeadm_refresh_token
   tags:
     - kubeadm_token