From 14b1cab5d2105f090f879379b65a8b0a73e4deac Mon Sep 17 00:00:00 2001
From: Sergey <s.bondarev@southbridge.ru>
Date: Mon, 10 Feb 2020 17:09:54 +0300
Subject: [PATCH] force rotate control plane certifcate on master node when
 upgrade cluster (#5596)

---
 roles/kubernetes/master/tasks/kubeadm-upgrade.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/kubernetes/master/tasks/kubeadm-upgrade.yml b/roles/kubernetes/master/tasks/kubeadm-upgrade.yml
index 3dd9dc14e..448a71baa 100644
--- a/roles/kubernetes/master/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-upgrade.yml
@@ -9,6 +9,7 @@
     --allow-experimental-upgrades
     --allow-release-candidate-upgrades
     --etcd-upgrade=false
+    {{ (kubeadm_output.stdout is version('v1.16.0', '>=')) | ternary('--certificate-renewal=true', '') }}
     --force
   register: kubeadm_upgrade
   # Retry is because upload config sometimes fails
@@ -29,6 +30,7 @@
     --allow-experimental-upgrades
     --allow-release-candidate-upgrades
     --etcd-upgrade=false
+    {{ (kubeadm_output.stdout is version('v1.16.0', '>=')) | ternary('--certificate-renewal=true', '') }}
     --force
   register: kubeadm_upgrade
   when: inventory_hostname != groups['kube-master']|first