From e7afe8eafbe66ea7d9fb2ff2aa24275434542099 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 6 Feb 2017 10:43:07 -0500
Subject: Remove legacy router/registry certs and client configs from
 synchronized master certs.

---
 filter_plugins/openshift_master.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'filter_plugins')

diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index 77b0a3dc9..4ccee91f9 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -525,13 +525,7 @@ class FilterModule(object):
                  'admin.key',
                  'admin.kubeconfig',
                  'master.kubelet-client.crt',
-                 'master.kubelet-client.key',
-                 'openshift-registry.crt',
-                 'openshift-registry.key',
-                 'openshift-registry.kubeconfig',
-                 'openshift-router.crt',
-                 'openshift-router.key',
-                 'openshift-router.kubeconfig']
+                 'master.kubelet-client.key']
         if bool(include_ca):
             certs += ['ca.crt', 'ca.key']
         if bool(include_keys):
@@ -547,6 +541,13 @@ class FilterModule(object):
         if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']):
             certs += ['service-signer.crt',
                       'service-signer.key']
+        if not bool(hostvars['openshift']['common']['version_gte_3_5_or_1_5']):
+            certs += ['openshift-registry.crt',
+                      'openshift-registry.key',
+                      'openshift-registry.kubeconfig',
+                      'openshift-router.crt',
+                      'openshift-router.key',
+                      'openshift-router.kubeconfig']
         return certs
 
     @staticmethod
-- 
cgit v1.2.1