From fedd671d68bfadc3446ae5a5c9961ae769773c4a Mon Sep 17 00:00:00 2001
From: Etienne Champetier <e.champetier@ateme.com>
Date: Wed, 3 Mar 2021 15:30:07 -0500
Subject: [PATCH] Remove pre kubeadm cert migration tasks

apiserver.pem is not used since ddffdb63bfcc65a1731a16d316ce10d4903e3261

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
---
 .../tasks/kubeadm-cleanup-old-certs.yml       | 17 ---------
 .../tasks/kubeadm-migrate-certs.yml           | 21 -----------
 .../control-plane/tasks/kubeadm-setup.yml     | 35 -------------------
 3 files changed, 73 deletions(-)
 delete mode 100644 roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml
 delete mode 100644 roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml

diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml b/roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml
deleted file mode 100644
index adca631c2f3..00000000000
--- a/roles/kubernetes/control-plane/tasks/kubeadm-cleanup-old-certs.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: kubeadm | Retrieve files to purge
-  find:
-    paths: "{{ kube_cert_dir }}"
-    patterns: '*.pem'
-  register: files_to_purge_for_kubeadm
-
-- name: kubeadm | Purge old certs
-  file:
-    path: "{{ item.path }}"
-    state: absent
-  with_items: "{{ files_to_purge_for_kubeadm.files }}"
-
-- name: kubeadm | Purge old kubeconfig
-  file:
-    path: "{{ ansible_env.HOME | default('/root') }}/.kube/config"
-    state: absent
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml b/roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml
deleted file mode 100644
index cae5749cf83..00000000000
--- a/roles/kubernetes/control-plane/tasks/kubeadm-migrate-certs.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: Copy old certs to the kubeadm expected path
-  copy:
-    src: "{{ kube_cert_dir }}/{{ item.src }}"
-    dest: "{{ kube_cert_dir }}/{{ item.dest }}"
-    mode: 0640
-    remote_src: yes
-  with_items:
-    - {src: apiserver.pem, dest: apiserver.crt}
-    - {src: apiserver-key.pem, dest: apiserver.key}
-    - {src: ca.pem, dest: ca.crt}
-    - {src: ca-key.pem, dest: ca.key}
-    - {src: front-proxy-ca.pem, dest: front-proxy-ca.crt}
-    - {src: front-proxy-ca-key.pem, dest: front-proxy-ca.key}
-    - {src: front-proxy-client.pem, dest: front-proxy-client.crt}
-    - {src: front-proxy-client-key.pem, dest: front-proxy-client.key}
-    - {src: service-account-key.pem, dest: sa.pub}
-    - {src: service-account-key.pem, dest: sa.key}
-    - {src: "node-{{ inventory_hostname }}.pem", dest: apiserver-kubelet-client.crt}
-    - {src: "node-{{ inventory_hostname }}-key.pem", dest: apiserver-kubelet-client.key}
-  register: kubeadm_copy_old_certs
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index e71b9b586ad..6769c5318a9 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -1,18 +1,4 @@
 ---
-- name: kubeadm | Check if old apiserver cert exists on host
-  stat:
-    path: "{{ kube_cert_dir }}/apiserver.pem"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
-  register: old_apiserver_cert
-  delegate_to: "{{ groups['kube-master'] | first }}"
-  run_once: true
-
-- name: kubeadm | Migrate old certs if necessary
-  import_tasks: kubeadm-migrate-certs.yml
-  when: old_apiserver_cert.stat.exists
-
 - name: Install OIDC certificate
   copy:
     content: "{{ kube_oidc_ca_cert | b64decode }}"
@@ -48,22 +34,6 @@
   when:
     - not kubeadm_already_run.stat.exists
 
-- name: kubeadm | Delete old static pods
-  file:
-    path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
-    state: absent
-  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
-  when:
-    - old_apiserver_cert.stat.exists
-
-- name: kubeadm | Forcefully delete old static pods
-  shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
-  args:
-    executable: /bin/bash
-  with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
-  when:
-    - old_apiserver_cert.stat.exists
-
 - name: kubeadm | aggregate all SANs
   set_fact:
     apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
@@ -231,11 +201,6 @@
   notify: Master | set secret_changed
   when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum
 
-- name: kubeadm | cleanup old certs if necessary
-  import_tasks: kubeadm-cleanup-old-certs.yml
-  when:
-    - old_apiserver_cert.stat.exists
-
 # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
 - name: kubeadm | Remove taint for master with node role
   command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} {{ item }}"