From 7b2586943b6521d5bdd98484b9613b4efe441665 Mon Sep 17 00:00:00 2001
From: Jason Witkowski <jason@witkow.ski>
Date: Thu, 21 Sep 2023 09:55:29 -0400
Subject: [PATCH] Fix: kube-apiserver tag will overwrite secrets-at-rest token
 if used independently (#10460)

Signed-off-by: Jason Witkowski <jwitko1@gmail.com>
---
 roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml | 2 --
 roles/kubernetes/control-plane/tasks/main.yml            | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
index b88f57c3c..209e4c730 100644
--- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
+++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
@@ -38,5 +38,3 @@
     owner: root
     group: "{{ kube_cert_group }}"
     mode: 0640
-  tags:
-    - kube-apiserver
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index 1840e3bb6..4f251a89b 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -28,6 +28,8 @@
   import_tasks: encrypt-at-rest.yml
   when:
     - kube_encrypt_secret_data
+  tags:
+    - kube-apiserver
 
 - name: Install | Copy kubectl binary from download dir
   copy: