kubeadm_patches: remove old patches on inventory change (#13022)

Currently, if changing the inventory variable `kubeadm_patches`, new
patches will be created, but the existing ones will also be left on the
filesystem, and applied by kubeadm ; this means that removed or changed
configuration can linger.

Cleanup old patches (which are the difference between existing patches
on filesystem and the one created for the current runs).

Co-authored-by: Max Gautier <mg@max.gautier.name>

roles/kubernetes/kubeadm_common/tasks/main.yml

@@ -3,9 +3,19 @@
   file:
     path: "{{ kubeadm_patches_dir }}"
     state: directory
-    mode: "0640"
+    mode: "0750"
   when: kubeadm_patches | length > 0
 
+- name: Kubeadm | List existing kubeadm patches
+  find:
+    paths:
+      - "{{ kubeadm_patches_dir }}"
+    file_type: file
+    use_regex: true
+    patterns:
+      - '^(kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration)[0-9]+\+(strategic|json|merge).yaml$'
+  register: existing_kubeadm_patches
+
 - name: Kubeadm | Copy kubeadm patches from inventory files
   copy:
     content: "{{ item.patch | to_yaml }}"
@@ -15,3 +25,13 @@
   loop: "{{ kubeadm_patches }}"
   loop_control:
     index_var: suffix
+  register: current_kubeadm_patches
+
+- name: Kubeadm | Delete old patches
+  loop: "{{ existing_kubeadm_patches.files | map(attribute='path') |
+            difference(
+            current_kubeadm_patches.results | map(attribute='dest')
+            ) }}"
+  file:
+    state: absent
+    path: "{{ item }}"