Added fixes from whereismyjetpack

roles/kubernetes/secrets/files/make-ssl.sh

@@ -94,7 +94,7 @@ if [ -n "$MASTERS" ]; then
     # kube-controller-manager
     gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager"
     # metrics aggregator
-    gen_key_and_cert "aggregator-proxy-client" "/CN=system:aggregator-proxy-client"
+    gen_key_and_cert "aggregator-proxy-client" "/CN=aggregator"
 
     for host in $MASTERS; do
         cn="${host%%.*}"

roles/kubernetes/secrets/tasks/check-certs.yml

@@ -105,7 +105,8 @@
       {% if gen_node_certs[inventory_hostname] or
         (not kubecert_node.results[0].stat.exists|default(False)) or
           (not kubecert_node.results[10].stat.exists|default(False)) or
-            (kubecert_node.results[10].stat.checksum|default('') != kubecert_master.files|selectattr("path", "equalto", kubecert_node.results[10].stat.path)|map(attribute="checksum")|first|default('')) -%}
-              {%- set _ = certs.update({'sync': True}) -%}
+            (not kubecert_node.results[7].stat.exists|default(False)) or
+              (kubecert_node.results[10].stat.checksum|default('') != kubecert_master.files|selectattr("path", "equalto", kubecert_node.results[10].stat.path)|map(attribute="checksum")|first|default('')) -%}
+                {%- set _ = certs.update({'sync': True}) -%}
       {% endif %}
       {{ certs.sync }}

roles/kubernetes/secrets/tasks/gen_certs_script.yml

@@ -84,6 +84,8 @@
                       'admin-{{ inventory_hostname }}-key.pem',
                       'apiserver.pem',
                       'apiserver-key.pem',
+                      'aggregator-proxy-client.pem',
+                      'aggregator-proxy-client-key.pem',
                       'kube-scheduler.pem',
                       'kube-scheduler-key.pem',
                       'kube-controller-manager.pem',