Move cluster roles and system namespace to new role

This should be done after kubeconfig is set for admin and
before network plugins are up.

roles/kubernetes-apps/ansible/tasks/main.yml

@@ -5,26 +5,9 @@
   register: result
   until: result.status == 200
   retries: 10
-  delay: 6
+  delay: 2
   when: inventory_hostname == groups['kube-master'][0]
 
-- name: Kubernetes Apps | Add ClusterRoleBinding to admit nodes
-  template:
-    src: "node-crb.yml.j2"
-    dest: "{{ kube_config_dir }}/node-crb.yml"
-  register: node_crb_manifest
-  when: rbac_enabled
-
-- name: Apply workaround to allow all nodes with cert O=system:nodes to register
-  kube:
-    name: "system:node"
-    kubectl: "{{bin_dir}}/kubectl"
-    resource: "clusterrolebinding"
-    filename: "{{ kube_config_dir }}/node-crb.yml"
-  when:
-    - rbac_enabled
-    - node_crb_manifest.changed
-
 - name: Kubernetes Apps | Delete old kubedns resources
   kube:
     name: "kubedns"

roles/kubernetes-apps/ansible/templates/node-crb.yml.j2

@@ -1,17 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  labels:
-    kubernetes.io/bootstrapping: rbac-defaults
-  name: system:node
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:node
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: system:nodes