diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml b/roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml deleted file mode 100644 index adca631c2..000000000 --- a/roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: kubeadm | Retrieve files to purge - find: - paths: "{{ kube_cert_dir }}" - patterns: '*.pem' - register: files_to_purge_for_kubeadm - -- name: kubeadm | Purge old certs - file: - path: "{{ item.path }}" - state: absent - with_items: "{{ files_to_purge_for_kubeadm.files }}" - -- name: kubeadm | Purge old kubeconfig - file: - path: "{{ ansible_env.HOME | default('/root') }}/.kube/config" - state: absent diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml b/roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml deleted file mode 100644 index cae5749cf..000000000 --- a/roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Copy old certs to the kubeadm expected path - copy: - src: "{{ kube_cert_dir }}/{{ item.src }}" - dest: "{{ kube_cert_dir }}/{{ item.dest }}" - mode: 0640 - remote_src: yes - with_items: - - {src: apiserver.pem, dest: apiserver.crt} - - {src: apiserver-key.pem, dest: apiserver.key} - - {src: ca.pem, dest: ca.crt} - - {src: ca-key.pem, dest: ca.key} - - {src: front-proxy-ca.pem, dest: front-proxy-ca.crt} - - {src: front-proxy-ca-key.pem, dest: front-proxy-ca.key} - - {src: front-proxy-client.pem, dest: front-proxy-client.crt} - - {src: front-proxy-client-key.pem, dest: front-proxy-client.key} - - {src: service-account-key.pem, dest: sa.pub} - - {src: service-account-key.pem, dest: sa.key} - - {src: "node-{{ inventory_hostname }}.pem", dest: apiserver-kubelet-client.crt} - - {src: "node-{{ inventory_hostname }}-key.pem", dest: apiserver-kubelet-client.key} - register: kubeadm_copy_old_certs diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index e71b9b586..6769c5318 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -1,18 +1,4 @@ --- -- name: kubeadm | Check if old apiserver cert exists on host - stat: - path: "{{ kube_cert_dir }}/apiserver.pem" - get_attributes: no - get_checksum: no - get_mime: no - register: old_apiserver_cert - delegate_to: "{{ groups['kube-master'] | first }}" - run_once: true - -- name: kubeadm | Migrate old certs if necessary - import_tasks: kubeadm-migrate-certs.yml - when: old_apiserver_cert.stat.exists - - name: Install OIDC certificate copy: content: "{{ kube_oidc_ca_cert | b64decode }}" @@ -48,22 +34,6 @@ when: - not kubeadm_already_run.stat.exists -- name: kubeadm | Delete old static pods - file: - path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest" - state: absent - with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"] - when: - - old_apiserver_cert.stat.exists - -- name: kubeadm | Forcefully delete old static pods - shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f" - args: - executable: /bin/bash - with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] - when: - - old_apiserver_cert.stat.exists - - name: kubeadm | aggregate all SANs set_fact: apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}" @@ -231,11 +201,6 @@ notify: Master | set secret_changed when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum -- name: kubeadm | cleanup old certs if necessary - import_tasks: kubeadm-cleanup-old-certs.yml - when: - - old_apiserver_cert.stat.exists - # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. - name: kubeadm | Remove taint for master with node role command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} {{ item }}"