From 5253b3ec132ff7edd4c4ca3ebc9bd80dcc3403c5 Mon Sep 17 00:00:00 2001
From: Spencer Smith <robertspencersmith@gmail.com>
Date: Wed, 11 May 2016 09:06:08 -0700
Subject: [PATCH 1/2] ensure ca.pem makes it to multi-masters

---
 roles/kubernetes/secrets/tasks/gen_certs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index 280aa2182..d6e233e2f 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -21,7 +21,7 @@
   notify: set secret_changed
 
 - set_fact:
-    master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
+    master_certs: ['ca.pem', 'ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
 
 - name: certs | Get the certs from first master

From 9f8466a186b4c16f28b2ab878da94d4382a11a21 Mon Sep 17 00:00:00 2001
From: Spencer Smith <robertspencersmith@gmail.com>
Date: Wed, 11 May 2016 10:09:13 -0700
Subject: [PATCH 2/2] ensure ALL certs are synced between masters

---
 roles/kubernetes/secrets/tasks/gen_certs.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/roles/kubernetes/secrets/tasks/gen_certs.yml b/roles/kubernetes/secrets/tasks/gen_certs.yml
index d6e233e2f..37568d694 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -21,7 +21,7 @@
   notify: set secret_changed
 
 - set_fact:
-    master_certs: ['ca.pem', 'ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
+    master_certs: ['ca-key.pem', 'admin.pem', 'admin-key.pem', 'apiserver-key.pem', 'apiserver.pem']
     node_certs: ['ca.pem', 'node.pem', 'node-key.pem']
 
 - name: certs | Get the certs from first master
@@ -39,8 +39,7 @@
     content: "{{ item.content|b64decode }}"
     dest: "{{ item.source }}"
   with_items: '{{slurp_certs.results}}'
-  when: item.item in master_certs and
-        inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
+  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
         inventory_hostname != groups['kube-master'][0]
 
 - name: certs | Copy certs on nodes