From d5320961e9780df47571537d5fd370d823de4c7e Mon Sep 17 00:00:00 2001
From: Smaine Kahlouch <smaine.kahlouch@arkena.com>
Date: Tue, 5 Jan 2016 15:33:23 +0100
Subject: [PATCH] enforce user root when sudo is used

---
 roles/kubernetes/master/tasks/main.yml  | 1 +
 roles/kubernetes/node/tasks/main.yml    | 4 ++--
 roles/kubernetes/node/tasks/secrets.yml | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 0ba27a33e..b1c94ac3d 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -27,6 +27,7 @@
     recursive: yes
     delete: yes
     rsync_opts: [ '--one-file-system']
+    set_remote_user: false
   with_items:
     - "{{ kube_token_dir }}"
     - "{{ kube_cert_dir }}"
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 5e54c51be..68d4f7579 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -21,12 +21,12 @@
     system=yes
     groups={{ kube_cert_group }}
 
-- include: install.yml
-
 - include: secrets.yml
   tags:
     - secrets
 
+- include: install.yml
+
 - name: Write kubelet config file
   template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet backup=yes
   notify:
diff --git a/roles/kubernetes/node/tasks/secrets.yml b/roles/kubernetes/node/tasks/secrets.yml
index 4b2c20802..436d51926 100644
--- a/roles/kubernetes/node/tasks/secrets.yml
+++ b/roles/kubernetes/node/tasks/secrets.yml
@@ -43,6 +43,7 @@
     recursive: yes
     delete: yes
     rsync_opts: [ '--one-file-system']
+    set_remote_user: false
   with_items:
     - "{{ kube_cert_dir}}/ca.pem"
     - "{{ kube_cert_dir}}/node.pem"