From a4215cbef9c359786c5f8a28a148edc0c810307f Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Sat, 14 Feb 2026 14:07:59 +0000
Subject: [PATCH] Remove workaround for kubeadm bug which is no longer
 necessary (#12991)

Introduced in 14b63ede8 (Fixup kubelet.conf to point to
kubelet-client-current.pem (#7347), 2021-03-09)
---
 .../tasks/kubelet-fix-client-cert-rotation.yml | 18 ------------------
 roles/kubernetes/control-plane/tasks/main.yml  |  4 ----
 2 files changed, 22 deletions(-)
 delete mode 100644 roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml

diff --git a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
deleted file mode 100644
index 16fec4e4a..000000000
--- a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: Fixup kubelet client cert rotation 1/2
-  lineinfile:
-    path: "{{ kube_config_dir }}/kubelet.conf"
-    regexp: '^    client-certificate-data: '
-    line: '    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
-    backup: true
-  notify:
-    - "Control plane | reload kubelet"
-
-- name: Fixup kubelet client cert rotation 2/2
-  lineinfile:
-    path: "{{ kube_config_dir }}/kubelet.conf"
-    regexp: '^    client-key-data: '
-    line: '    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
-    backup: true
-  notify:
-    - "Control plane | reload kubelet"
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index be47d1a09..0cb7292cd 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -106,10 +106,6 @@
   loop: "{{ ['v1alpha1', 'v1beta1', 'v1'] | reject('equalto', kube_apiserver_authorization_config_api_version) | list }}"
   when: kube_apiserver_use_authorization_config_file
 
-- name: Include kubelet client cert rotation fixes
-  include_tasks: kubelet-fix-client-cert-rotation.yml
-  when: kubelet_rotate_certificates
-
 - name: Install script to renew K8S control plane certificates
   template:
     src: k8s-certs-renew.sh.j2