diff --git a/docs/ansible/ansible.md b/docs/ansible/ansible.md
index 5e79d966d9032c7622f920d011101896886ca360..3297e10805a91b068d509c2897a2da033c5f6503 100644
--- a/docs/ansible/ansible.md
+++ b/docs/ansible/ansible.md
@@ -174,8 +174,6 @@ The following tags are defined in playbooks:
 | init                           | Windows kubernetes init nodes                         |
 | iptables                       | Flush and clear iptable when resetting                |
 | k8s-pre-upgrade                | Upgrading K8s cluster                                 |
-| k8s-secrets                    | Configuring K8s certs/keys                            |
-| k8s-gen-tokens                 | Configuring K8s tokens                                |
 | kata-containers                | Configuring kata-containers runtime                   |
 | krew                           | Install and manage krew                               |
 | kubeadm                        | Roles linked to kubeadm tasks                         |
diff --git a/docs/operations/upgrades.md b/docs/operations/upgrades.md
index 6c915c76585ba8177216218a997773652c51bc8d..ff768ebdcdce6ef8d9a9f178c775e6d33c939e19 100644
--- a/docs/operations/upgrades.md
+++ b/docs/operations/upgrades.md
@@ -392,7 +392,7 @@ ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=etcd --limi
 Upgrade kubelet:
 
 ```ShellSession
-ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=node --skip-tags=k8s-gen-certs,k8s-gen-tokens
+ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=node --skip-tags=k8s-gen-certs
 ```
 
 Upgrade Kubernetes master components:
diff --git a/roles/kubernetes/control-plane/meta/main.yml b/roles/kubernetes/control-plane/meta/main.yml
index 7b2cfe3655ddefbbc3360432c52a821e3f32f19f..9e5d86e0fd57ecf604b8a4139171523a56a48c5f 100644
--- a/roles/kubernetes/control-plane/meta/main.yml
+++ b/roles/kubernetes/control-plane/meta/main.yml
@@ -1,10 +1,6 @@
 ---
 dependencies:
   - role: kubernetes/kubeadm_common
-  - role: kubernetes/tokens
-    when: kube_token_auth
-    tags:
-      - k8s-secrets
   - role: adduser
     user: "{{ addusers.etcd }}"
     when:
diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
index 7c4072c95c7717d3a3dcb454da5e28a1e7b0ea6a..7f1cdb5d32199c2b37622b9bea164dd8b8ca0fad 100644
--- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
+++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
@@ -9,7 +9,6 @@
   become: true
   tags:
     - kubelet
-    - k8s-secrets
     - kube-controller-manager
     - kube-apiserver
     - bootstrap-os
@@ -34,7 +33,6 @@
   become: true
   tags:
     - kubelet
-    - k8s-secrets
     - kube-controller-manager
     - kube-apiserver
     - bootstrap-os
diff --git a/roles/kubernetes/tokens/files/kube-gen-token.sh b/roles/kubernetes/tokens/files/kube-gen-token.sh
deleted file mode 100644
index 121b52263b9773cbbb0858d1ed6cdb7b287318ca..0000000000000000000000000000000000000000
--- a/roles/kubernetes/tokens/files/kube-gen-token.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-# Copyright 2015 The Kubernetes Authors All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-token_dir=${TOKEN_DIR:-/var/srv/kubernetes}
-token_file="${token_dir}/known_tokens.csv"
-
-create_accounts=($@)
-
-if [ ! -e "${token_file}" ]; then
-  touch "${token_file}"
-fi
-
-for account in "${create_accounts[@]}"; do
-  if grep ",${account}," "${token_file}" ; then
-    continue
-  fi
-  token=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null)
-  echo "${token},${account},${account}" >> "${token_file}"
-  echo "${token}" > "${token_dir}/${account}.token"
-  echo "Added ${account}"
-done
diff --git a/roles/kubernetes/tokens/tasks/check-tokens.yml b/roles/kubernetes/tokens/tasks/check-tokens.yml
deleted file mode 100644
index baa0c9f03168d94a06fe64b094057f6e7f7eba2f..0000000000000000000000000000000000000000
--- a/roles/kubernetes/tokens/tasks/check-tokens.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-- name: "Check_tokens | check if the tokens have already been generated on first control plane node"
-  stat:
-    path: "{{ kube_token_dir }}/known_tokens.csv"
-    get_attributes: false
-    get_checksum: true
-    get_mime: false
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  register: known_tokens_control_plane
-  run_once: true
-
-- name: "Check_tokens | Set default value for 'sync_tokens' and 'gen_tokens' to false"
-  set_fact:
-    sync_tokens: false
-    gen_tokens: false
-
-- name: "Check_tokens | Set 'sync_tokens' and 'gen_tokens' to true"
-  set_fact:
-    gen_tokens: true
-  when: not known_tokens_control_plane.stat.exists and kube_token_auth | default(true)
-  run_once: true
-
-- name: "Check tokens | check if a cert already exists"
-  stat:
-    path: "{{ kube_token_dir }}/known_tokens.csv"
-    get_attributes: false
-    get_checksum: true
-    get_mime: false
-  register: known_tokens
-
-- name: "Check_tokens | Set 'sync_tokens' to true"
-  set_fact:
-    sync_tokens: >-
-      {%- set tokens = {'sync': False} -%}
-      {%- for server in groups['kube_control_plane'] | intersect(ansible_play_batch)
-        if (not hostvars[server].known_tokens.stat.exists) or
-        (hostvars[server].known_tokens.stat.checksum | default('') != known_tokens_control_plane.stat.checksum | default('')) -%}
-        {%- set _ = tokens.update({'sync': True}) -%}
-      {%- endfor -%}
-      {{ tokens.sync }}
-  run_once: true
diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml
deleted file mode 100644
index 67b45f9ae4bf34ff79ab10450194fa657028587d..0000000000000000000000000000000000000000
--- a/roles/kubernetes/tokens/tasks/gen_tokens.yml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-- name: Gen_tokens | copy tokens generation script
-  copy:
-    src: "kube-gen-token.sh"
-    dest: "{{ kube_script_dir }}/kube-gen-token.sh"
-    mode: "0700"
-  run_once: true
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  when: gen_tokens | default(false)
-
-- name: Gen_tokens | generate tokens for control plane components
-  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
-  environment:
-    TOKEN_DIR: "{{ kube_token_dir }}"
-  with_nested:
-    - [ "system:kubectl" ]
-    - "{{ groups['kube_control_plane'] }}"
-  register: gentoken_control_plane
-  changed_when: "'Added' in gentoken_control_plane.stdout"
-  run_once: true
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  when: gen_tokens | default(false)
-
-- name: Gen_tokens | generate tokens for node components
-  command: "{{ kube_script_dir }}/kube-gen-token.sh {{ item[0] }}-{{ item[1] }}"
-  environment:
-    TOKEN_DIR: "{{ kube_token_dir }}"
-  with_nested:
-    - [ 'system:kubelet' ]
-    - "{{ groups['kube_node'] }}"
-  register: gentoken_node
-  changed_when: "'Added' in gentoken_node.stdout"
-  run_once: true
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  when: gen_tokens | default(false)
-
-- name: Gen_tokens | Get list of tokens from first control plane node
-  command: "find {{ kube_token_dir }} -maxdepth 1 -type f"
-  register: tokens_list
-  check_mode: false
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  run_once: true
-  when: sync_tokens | default(false)
-
-- name: Gen_tokens | Gather tokens
-  shell: "set -o pipefail && tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
-  args:
-    executable: /bin/bash
-  register: tokens_data
-  check_mode: false
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  run_once: true
-  when: sync_tokens | default(false)
-
-- name: Gen_tokens | Copy tokens on control plane nodes
-  shell: "set -o pipefail && echo '{{ tokens_data.stdout | quote }}' | base64 -d | tar xz -C /"
-  args:
-    executable: /bin/bash
-  when:
-    - ('kube_control_plane' in group_names)
-    - sync_tokens | default(false)
-    - inventory_hostname != groups['kube_control_plane'][0]
-    - tokens_data.stdout
diff --git a/roles/kubernetes/tokens/tasks/main.yml b/roles/kubernetes/tokens/tasks/main.yml
deleted file mode 100644
index cab5a06bd9fd0c5fa3337252f0e7b882f40b2e2b..0000000000000000000000000000000000000000
--- a/roles/kubernetes/tokens/tasks/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-
-- name: Check tokens
-  import_tasks: check-tokens.yml
-  tags:
-    - k8s-secrets
-    - k8s-gen-tokens
-    - facts
-
-- name: Make sure the tokens directory exits
-  file:
-    path: "{{ kube_token_dir }}"
-    state: directory
-    mode: "0644"
-    group: "{{ kube_cert_group }}"
-
-- name: Generate tokens
-  import_tasks: gen_tokens.yml
-  tags:
-    - k8s-secrets
-    - k8s-gen-tokens