Add scale master features (#3946)

* Add scale master features

* Add certificate management with kubeadm

* Add kubeadm kubeconfig

* Fix ymalroles error

* fix upgrade cluster fialed

* force update cert and keys when you reconfigure cluster

roles/kubernetes/master/tasks/kubeadm-certificate.yml

@@ -0,0 +1,42 @@
+---
+- name: Backup old certs and keys
+  copy:
+    src: "{{ kube_cert_dir }}/{{ item.src }}"
+    dest: "{{ kube_cert_dir }}/{{ item.dest }}"
+    remote_src: yes
+  with_items:
+    - {src: apiserver.crt, dest: apiserver.crt.old}
+    - {src: apiserver.key, dest: apiserver.key.old}
+    - {src: apiserver-kubelet-client.crt, dest: apiserver-kubelet-client.crt.old}
+    - {src: apiserver-kubelet-client.key, dest: apiserver-kubelet-client.key.old}
+    - {src: front-proxy-client.crt, dest: front-proxy-client.crt.old}
+    - {src: front-proxy-client.key, dest: front-proxy-client.key.old}
+  ignore_errors: yes
+
+- name: Remove old certs and keys
+  file:
+    path: "{{ kube_cert_dir }}/{{ item }}"
+    state: absent
+  with_items:
+    - apiserver.crt
+    - apiserver.key
+    - apiserver-kubelet-client.crt
+    - apiserver-kubelet-client.key
+    - front-proxy-client.crt
+    - front-proxy-client.key
+
+- name: Generate new certs and keys
+  command: "{{ bin_dir }}/kubeadm init phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
+  with_items:
+    - apiserver
+    - apiserver-kubelet-client
+    - front-proxy-client
+  when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '>=')
+
+- name: Generate new certs and keys
+  command: "{{ bin_dir }}/kubeadm alpha phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
+  with_items:
+    - apiserver
+    - apiserver-kubelet-client
+    - front-proxy-client
+  when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '<')