enforce user root when sudo is used

roles/kubernetes/master/tasks/main.yml

@@ -27,6 +27,7 @@
     recursive: yes
     delete: yes
     rsync_opts: [ '--one-file-system']
+    set_remote_user: false
   with_items:
     - "{{ kube_token_dir }}"
     - "{{ kube_cert_dir }}"

roles/kubernetes/node/tasks/main.yml

@@ -21,12 +21,12 @@
     system=yes
     groups={{ kube_cert_group }}
 
-- include: install.yml
-
 - include: secrets.yml
   tags:
     - secrets
 
+- include: install.yml
+
 - name: Write kubelet config file
   template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet backup=yes
   notify:

roles/kubernetes/node/tasks/secrets.yml

@@ -43,6 +43,7 @@
     recursive: yes
     delete: yes
     rsync_opts: [ '--one-file-system']
+    set_remote_user: false
   with_items:
     - "{{ kube_cert_dir}}/ca.pem"
     - "{{ kube_cert_dir}}/node.pem"