Support for disabling apiserver insecure port

This allows `kube_apiserver_insecure_port` to be set to 0 (disabled).

Rework of #1937 with kubeadm support

Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key

roles/kubernetes/preinstall/tasks/verify-settings.yml

@@ -79,9 +79,14 @@
   when: kubelet_fail_swap_on|default(true)
   ignore_errors: "{{ ignore_assert_errors }}"
 
-
 - name: Stop if RBAC is not enabled when dashboard is enabled
   assert:
     that: rbac_enabled
   when: dashboard_enabled
+  ignore_errors: "{{ ignore_assert_errors }}"
+
+- name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
+  assert:
+    that: rbac_enabled and kube_api_anonymous_auth
+  when: kube_apiserver_insecure_port == 0
   ignore_errors: "{{ ignore_assert_errors }}"