From 572ab650dbd2f091e6d8a7c6321b1f04f1825222 Mon Sep 17 00:00:00 2001
From: georgejdli <georgejdli@gmail.com>
Date: Fri, 30 Mar 2018 13:00:01 -0500
Subject: [PATCH] copy dedicated service account token signing key for kubeadm
 migration

---
 roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml b/roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
index a9f938318..58eaaa66f 100644
--- a/roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml
@@ -9,4 +9,6 @@
     - {src: apiserver-key.pem, dest: apiserver.key}
     - {src: ca.pem, dest: ca.crt}
     - {src: ca-key.pem, dest: ca.key}
+    - {src: service-account-key.pem, dest: sa.pub}
+    - {src: service-account-key.pem, dest: sa.key}
   register: kubeadm_copy_old_certs