---
- name: Backup old certs and keys
  copy:
    src: "{{ kube_cert_dir }}/{{ item.src }}"
    dest: "{{ kube_cert_dir }}/{{ item.dest }}"
    remote_src: yes
  with_items:
    - {src: apiserver.crt, dest: apiserver.crt.old}
    - {src: apiserver.key, dest: apiserver.key.old}
    - {src: apiserver-kubelet-client.crt, dest: apiserver-kubelet-client.crt.old}
    - {src: apiserver-kubelet-client.key, dest: apiserver-kubelet-client.key.old}
    - {src: front-proxy-client.crt, dest: front-proxy-client.crt.old}
    - {src: front-proxy-client.key, dest: front-proxy-client.key.old}
  ignore_errors: yes

- name: Remove old certs and keys
  file:
    path: "{{ kube_cert_dir }}/{{ item }}"
    state: absent
  with_items:
    - apiserver.crt
    - apiserver.key
    - apiserver-kubelet-client.crt
    - apiserver-kubelet-client.key
    - front-proxy-client.crt
    - front-proxy-client.key

- name: Generate new certs and keys
  command: "{{ bin_dir }}/kubeadm init phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
  environment: "{{ proxy_env }}"
  with_items:
    - apiserver
    - apiserver-kubelet-client
    - front-proxy-client
  when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '>=')

- name: Generate new certs and keys
  command: "{{ bin_dir }}/kubeadm alpha phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
  environment: "{{ proxy_env }}"
  with_items:
    - apiserver
    - apiserver-kubelet-client
    - front-proxy-client
  when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '<')