sync certs tasks (fix #2596 #2667)

roles/kubernetes/secrets/tasks/check-certs.yml

@@ -14,27 +14,6 @@
     gen_certs: false
     secret_changed: false
 
-- name: "Check certs | check if a cert already exists on node"
-  stat:
-    path: "{{ kube_cert_dir }}/{{ item }}"
-  register: kubecert_node
-  with_items:
-    - ca.pem
-    - apiserver.pem
-    - apiserver-key.pem
-    - kube-scheduler.pem
-    - kube-scheduler-key.pem
-    - kube-controller-manager.pem
-    - kube-controller-manager-key.pem
-    - front-proxy-client.pem
-    - front-proxy-client-key.pem
-    - admin-{{ inventory_hostname }}.pem
-    - admin-{{ inventory_hostname }}-key.pem
-    - node-{{ inventory_hostname }}.pem
-    - node-{{ inventory_hostname }}-key.pem
-    - kube-proxy-{{ inventory_hostname }}.pem
-    - kube-proxy-{{ inventory_hostname }}-key.pem
-
 - name: "Check_certs | Set 'gen_certs' to true"
   set_fact:
     gen_certs: true
@@ -85,7 +64,6 @@
       {{ gen }}
   run_once: true
 
-
 - name: "Check_certs | Set 'gen_node_certs' to true"
   set_fact:
     gen_node_certs: |-
@@ -102,17 +80,3 @@
       {% endfor %}
       }
   run_once: true
-
-- name: "Check_certs | Set 'sync_certs' to true"
-  set_fact:
-    sync_certs: true
-  when: |-
-      {%- set certs = {'sync': False} -%}
-      {% if gen_node_certs[inventory_hostname] or
-        (not kubecert_node.results[0].stat.exists|default(False)) or
-          (not kubecert_node.results[12].stat.exists|default(False)) or
-            (not kubecert_node.results[8].stat.exists|default(False)) or
-              (kubecert_node.results[12].stat.checksum|default('') != kubecert_master.files|selectattr("path", "equalto", kubecert_node.results[12].stat.path)|map(attribute="checksum")|first|default('')) -%}
-                {%- set _ = certs.update({'sync': True}) -%}
-      {% endif %}
-      {{ certs.sync }}