store openstack external cloud controller ca.cert in a k8s secret instead of the host filesystem (#7603)

roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml

@@ -2,31 +2,19 @@
 - include_tasks: openstack-credential-check.yml
   tags: external-openstack
 
-- name: External OpenStack Cloud Controller | Write cacert file
-  include_tasks: openstack-write-cacert.yml
-  run_once: true
-  loop: "{{ groups['k8s_cluster'] }}"
-  loop_control:
-    loop_var: delegate_host_to_write_cacert
+- name: External OpenStack Cloud Controller | Get base64 cacert
+  slurp:
+    src: "{{ external_openstack_cacert }}"
+  register: external_openstack_cacert_b64
   when:
-    - inventory_hostname in groups['k8s_cluster']
+    - inventory_hostname == groups['k8s_control_plane'][0]
     - external_openstack_cacert is defined
     - external_openstack_cacert | length > 0
   tags: external-openstack
 
-- name: External OpenStack Cloud Controller | Write External OpenStack cloud-config
-  template:
-    src: "external-openstack-cloud-config.j2"
-    dest: "{{ kube_config_dir }}/external_openstack_cloud_config"
-    group: "{{ kube_cert_group }}"
-    mode: 0640
-  when: inventory_hostname == groups['kube_control_plane'][0]
-  tags: external-openstack
-
 - name: External OpenStack Cloud Controller | Get base64 cloud-config
-  slurp:
-    src: "{{ kube_config_dir }}/external_openstack_cloud_config"
-  register: external_openstack_cloud_config_secret
+  set_fact:
+    external_openstack_cloud_config_secret: "{{ lookup('template', 'external-openstack-cloud-config.j2') | b64encode }}"
   when: inventory_hostname == groups['kube_control_plane'][0]
   tags: external-openstack