From d571195e88eb81c2052d88427160d6dc1a285c99 Mon Sep 17 00:00:00 2001
From: David Reuss <dr@peytz.dk>
Date: Wed, 18 May 2016 08:42:25 +0200
Subject: [PATCH] Synchronize certs in case they're missing

The run_once only sets the variable for the first host in the play,
which usually is the first master, which already has the certs. Ensure
we set it for all hosts in the current play, so they get certs
synchronized properly.
---
 roles/kubernetes/secrets/tasks/check-certs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/secrets/tasks/check-certs.yml b/roles/kubernetes/secrets/tasks/check-certs.yml
index 97c6f7226..4a93527a1 100644
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@@ -14,6 +14,7 @@
 - name: "Check_certs | Set 'sync_certs' and 'gen_certs' to true"
   set_fact:
     gen_certs: true
+    sync_certs: true
   when: not kubecert_master.stat.exists
   run_once: true
 
@@ -33,4 +34,3 @@
          {%- set _ = certs.update({'sync': True}) -%}
       {%- endfor -%}
       {{ certs.sync }}
-  run_once: true