generate secrets on deployment machine

test travis with sudo=true instead of required

roles/kubernetes/secrets/tasks/gen_tokens.yml

@@ -0,0 +1,30 @@
+---
+- name: tokens | generate tokens for master components
+  sudo: False
+  local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
+  environment:
+    TOKEN_DIR: "{{ role_path }}/files/tokens"
+  with_nested:
+    - [ "system:kubectl" ]
+    - "{{ groups['kube-master'] }}"
+  register: gentoken_master
+  changed_when: "'Added' in gentoken_master.stdout"
+  notify: set secret_changed
+
+- name: tokens | generate tokens for node components
+  sudo: False
+  local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
+  environment:
+    TOKEN_DIR: "{{ role_path }}/files/tokens"
+  with_nested:
+    - [ 'system:kubelet' ]
+    - "{{ groups['kube-node'] }}"
+  register: gentoken_node
+  changed_when: "'Added' in gentoken_node.stdout"
+  notify: set secret_changed
+
+- name: tokens | Copy tokens on master
+  copy:
+    src: "tokens"
+    dest: "/etc/kubernetes"
+  when: inventory_hostname in "{{ groups['kube-master'] }}"