Remove pre kubeadm cert migration tasks

apiserver.pem is not used since ddffdb63bf

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit fedd671d68)

Conflicts:
	roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml
	roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml

roles/kubernetes/master/tasks/kubeadm-cleanup-old-certs.yml

@@ -1,17 +0,0 @@
----
-- name: kubeadm | Retrieve files to purge
-  find:
-    paths: "{{ kube_cert_dir }}"
-    patterns: '*.pem'
-  register: files_to_purge_for_kubeadm
-
-- name: kubeadm | Purge old certs
-  file:
-    path: "{{ item.path }}"
-    state: absent
-  with_items: "{{ files_to_purge_for_kubeadm.files }}"
-
-- name: kubeadm | Purge old kubeconfig
-  file:
-    path: "{{ ansible_env.HOME | default('/root') }}/.kube/config"
-    state: absent

roles/kubernetes/master/tasks/kubeadm-migrate-certs.yml

@@ -1,21 +0,0 @@
----
-- name: Copy old certs to the kubeadm expected path
-  copy:
-    src: "{{ kube_cert_dir }}/{{ item.src }}"
-    dest: "{{ kube_cert_dir }}/{{ item.dest }}"
-    mode: 0640
-    remote_src: yes
-  with_items:
-    - {src: apiserver.pem, dest: apiserver.crt}
-    - {src: apiserver-key.pem, dest: apiserver.key}
-    - {src: ca.pem, dest: ca.crt}
-    - {src: ca-key.pem, dest: ca.key}
-    - {src: front-proxy-ca.pem, dest: front-proxy-ca.crt}
-    - {src: front-proxy-ca-key.pem, dest: front-proxy-ca.key}
-    - {src: front-proxy-client.pem, dest: front-proxy-client.crt}
-    - {src: front-proxy-client-key.pem, dest: front-proxy-client.key}
-    - {src: service-account-key.pem, dest: sa.pub}
-    - {src: service-account-key.pem, dest: sa.key}
-    - {src: "node-{{ inventory_hostname }}.pem", dest: apiserver-kubelet-client.crt}
-    - {src: "node-{{ inventory_hostname }}-key.pem", dest: apiserver-kubelet-client.key}
-  register: kubeadm_copy_old_certs

roles/kubernetes/master/tasks/kubeadm-setup.yml

@@ -1,18 +1,4 @@
 ---
-- name: kubeadm | Check if old apiserver cert exists on host
-  stat:
-    path: "{{ kube_cert_dir }}/apiserver.pem"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
-  register: old_apiserver_cert
-  delegate_to: "{{ groups['kube-master'] | first }}"
-  run_once: true
-
-- name: kubeadm | Migrate old certs if necessary
-  import_tasks: kubeadm-migrate-certs.yml
-  when: old_apiserver_cert.stat.exists
-
 - name: Install OIDC certificate
   copy:
     content: "{{ kube_oidc_ca_cert | b64decode }}"
@@ -48,22 +34,6 @@
   when:
     - not kubeadm_already_run.stat.exists
 
-- name: kubeadm | Delete old static pods
-  file:
-    path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
-    state: absent
-  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
-  when:
-    - old_apiserver_cert.stat.exists
-
-- name: kubeadm | Forcefully delete old static pods
-  shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
-  args:
-    executable: /bin/bash
-  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
-  when:
-    - old_apiserver_cert.stat.exists
-
 - name: kubeadm | aggregate all SANs
   set_fact:
     apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
@@ -231,11 +201,6 @@
   notify: Master | set secret_changed
   when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum
 
-- name: kubeadm | cleanup old certs if necessary
-  import_tasks: kubeadm-cleanup-old-certs.yml
-  when:
-    - old_apiserver_cert.stat.exists
-
 # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
 - name: kubeadm | Remove taint for master with node role
   command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"