Refactor container-engine dependencies (#12946)

Signed-off-by: Tushar Sharma <tusharkumargzb6@gmail.com>

roles/container-engine/meta/main.yml

@@ -1,58 +0,0 @@
-# noqa role-name - this is a meta role that doesn't need a name
----
-dependencies:
-  - role: container-engine/validate-container-engine
-    tags:
-      - container-engine
-      - validate-container-engine
-
-  - role: container-engine/kata-containers
-    when:
-      - kata_containers_enabled
-    tags:
-      - container-engine
-      - kata-containers
-
-  - role: container-engine/gvisor
-    when:
-      - gvisor_enabled
-      - container_manager in ['docker', 'containerd']
-    tags:
-      - container-engine
-      - gvisor
-
-  - role: container-engine/crun
-    when:
-      - crun_enabled
-    tags:
-      - container-engine
-      - crun
-
-  - role: container-engine/youki
-    when:
-      - youki_enabled
-      - container_manager == 'crio'
-    tags:
-      - container-engine
-      - youki
-
-  - role: container-engine/cri-o
-    when:
-      - container_manager == 'crio'
-    tags:
-      - container-engine
-      - crio
-
-  - role: container-engine/containerd
-    when:
-      - container_manager == 'containerd'
-    tags:
-      - container-engine
-      - containerd
-
-  - role: container-engine/cri-dockerd
-    when:
-      - container_manager == 'docker'
-    tags:
-      - container-engine
-      - docker

roles/container-engine/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: Validate container engine
+  import_role:
+    name: container-engine/validate-container-engine
+  tags:
+    - container-engine
+    - validate-container-engine
+
+- name: Container runtimes
+  include_role:
+    name: "container-engine/{{ item.role }}"
+    apply:
+      tags:
+        - container-engine
+        - "{{ item.role }}"
+  loop:
+    - { role: 'kata-containers', enabled: "{{ kata_containers_enabled }}" }
+    - { role: 'gvisor', enabled: "{{ gvisor_enabled and container_manager in ['docker', 'containerd'] }}" }
+    - { role: 'crun', enabled: "{{ crun_enabled }}" }
+    - { role: 'youki', enabled: "{{ youki_enabled and container_manager == 'crio' }}" }
+  # TODO: Technically, this is more container-runtime than engine
+  when: item.enabled
+  tags:
+    - container-engine
+    - kata-containers
+    - gvisor
+    - crun
+    - youki
+
+- name: Container Manager
+  vars:
+    container_manager_role:
+      crio: cri-o
+      docker: cri-dockerd
+      containerd: containerd
+  include_role:
+    name: "container-engine/{{ container_manager_role[container_manager] }}"
+    apply:
+      tags:
+        - container-engine
+        - crio
+        - docker
+        - containerd
+  tags:
+    - container-engine
+    - crio
+    - docker
+    - containerd

roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml

@@ -1,18 +0,0 @@
----
-- name: Fixup kubelet client cert rotation 1/2
-  lineinfile:
-    path: "{{ kube_config_dir }}/kubelet.conf"
-    regexp: '^    client-certificate-data: '
-    line: '    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
-    backup: true
-  notify:
-    - "Control plane | reload kubelet"
-
-- name: Fixup kubelet client cert rotation 2/2
-  lineinfile:
-    path: "{{ kube_config_dir }}/kubelet.conf"
-    regexp: '^    client-key-data: '
-    line: '    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
-    backup: true
-  notify:
-    - "Control plane | reload kubelet"

roles/kubernetes/control-plane/tasks/main.yml

@@ -106,10 +106,6 @@
   loop: "{{ ['v1alpha1', 'v1beta1', 'v1'] | reject('equalto', kube_apiserver_authorization_config_api_version) | list }}"
   when: kube_apiserver_use_authorization_config_file
 
-- name: Include kubelet client cert rotation fixes
-  include_tasks: kubelet-fix-client-cert-rotation.yml
-  when: kubelet_rotate_certificates
-
 - name: Install script to renew K8S control plane certificates
   template:
     src: k8s-certs-renew.sh.j2