diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index 7178bce0c..1fd9de07b 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -65,3 +65,11 @@
   shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
   when: inventory_hostname in groups['kube-master']
   changed_when: false
+
+- name: Gen_certs | download certs for remote kubectl
+  fetch: src="{{ kube_cert_dir }}/{{ item }}" dest="output/tokens/{{ item }}" flat=yes
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  with_items:
+    - "ca.pem"
+    - "admin.pem"
+    - "admin-key.pem"