---
- name: Create Kubernetes/kube-apiserver config directory
  file:
    path: "{{k8s_conf_dir}}"
    state: directory
    mode: 0700
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-controller-manager config directory
  file:
    path: "{{k8s_controller_manager_conf_dir}}"
    state: directory
    mode: 0700
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-controller-manager kubeconfig
  template:
    src: "{{k8s_config_directory}}/kube-controller-manager.kubeconfig"
    dest: "{{k8s_controller_manager_conf_dir}}/kube-controller-manager.kubeconfig"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-worker
    - k8s-controller-base

- name: Create scheduler config directory
  file:
    path: "{{k8s_scheduler_conf_dir}}"
    state: directory
    mode: 0700
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-scheduler kubeconfig
  template:
    src: "{{k8s_config_directory}}/kube-scheduler.kubeconfig"
    dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.kubeconfig"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kube-scheduler.yaml
  template:
    src: "templates/var/lib/kube-scheduler/kube-scheduler.yaml.j2"
    dest: "{{k8s_scheduler_conf_dir}}/kube-scheduler.yaml"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Create kubeconfig for admin user
  template:
    src: "{{k8s_config_directory}}/admin.kubeconfig"
    dest: "{{k8s_conf_dir}}/admin.kubeconfig"
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Copy etcd certificates
  copy:
    src: "{{k8s_ca_conf_directory}}/{{item}}"
    dest: "{{k8s_conf_dir}}/{{item}}"
    mode: 0640
    owner: root
    group: root
  with_items:
    - "{{etcd_certificates}}"
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Copy Kubernetes certificates
  copy:
    src: "{{k8s_ca_conf_directory}}/{{item}}"
    dest: "{{k8s_conf_dir}}/{{item}}"
    mode: 0640
    owner: root
    group: root
  with_items:
    - "{{k8s_certificates}}"
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Downloading official Kubernetes binaries
  get_url:
    url: https://storage.googleapis.com/kubernetes-release/release/v{{k8s_release}}/bin/linux/amd64/{{item}}
    dest: "{{k8s_bin_dir}}"
    mode: 0755
  with_items:
    - "{{k8s_controller_binaries}}"
  notify:
    - restart kube-apiserver
    - restart kube-controller-manager
    - restart kube-scheduler
  tags:
    - k8s-controller

- name: Copy encryption provider config file
  copy:
    src: "{{k8s_config_directory}}/encryption-config.yaml"
    dest: "{{k8s_conf_dir}}/encryption-config.yaml"
    mode: 0644
    owner: root
    group: root
  tags:
    - k8s-controller
    - k8s-controller-base

- name: Combine k8s_apiserver_settings and k8s_apiserver_settings_user (if defined)
  set_fact:
    k8s_apiserver_settings: "{{k8s_apiserver_settings | combine(k8s_apiserver_settings_user|default({})) }}"
  tags:
    - k8s-controller

- name: Create systemd unit file for kube-apiserver
  template:
    src: etc/systemd/system/kube-apiserver.service.j2
    dest: /etc/systemd/system/kube-apiserver.service
    owner: root
    group: root
    mode: 0644
  tags:
    - k8s-controller
  notify:
    - reload systemd

- name: Enable and start kube-apiserver
  service:
    name: kube-apiserver
    enabled: yes
    state: started
  tags:
    - k8s-controller

- name: Combine k8s_controller_manager_settings and k8s_controller_manager_settings_user (if defined)
  set_fact:
    k8s_controller_manager_settings: "{{k8s_controller_manager_settings | combine(k8s_controller_manager_settings_user|default({})) }}"
  tags:
    - k8s-controller

- name: Create systemd unit file for kube-controller-manager
  template:
    src: etc/systemd/system/kube-controller-manager.service.j2
    dest: /etc/systemd/system/kube-controller-manager.service
    owner: root
    group: root
    mode: 0644
  notify:
    - reload systemd
  tags:
    - k8s-controller

- name: Enable and start kube-controller-manager
  service:
    name: kube-controller-manager
    enabled: yes
    state: started
  tags:
    - k8s-controller

- name: Combine k8s_scheduler_settings and k8s_scheduler_settings_user (if defined)
  set_fact:
    k8s_scheduler_settings: "{{k8s_scheduler_settings | combine(k8s_scheduler_settings_user|default({})) }}"
  tags:
    - k8s-controller
 
- name: Create systemd unit file for kube-scheduler
  template:
    src: etc/systemd/system/kube-scheduler.service.j2
    dest: /etc/systemd/system/kube-scheduler.service
    owner: root
    group: root
    mode: 0644
  notify:
    - reload systemd
  tags:
    - k8s-controller

- name: Enable and start kube-scheduler
  service:
    name: kube-scheduler
    enabled: yes
    state: started
  tags:
    - k8s-controller

# TODO: Check if ClusterRole + ClusterRoleBinding are already configured

- name: Copy kube-apiserver-to-kubelet ClusterRole
  copy:
    src: "files/kube-apiserver-to-kubelet_cluster_role.yaml"
    dest: "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
    mode: 0600
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Copy kube-apiserver-to-kubelet ClusterRoleBinding
  copy:
    src: "files/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
    dest: "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
    mode: 0600
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Wait 300 seconds for kube-apiserver port 6443 to become open on the host
  wait_for:
    port: 6443
    delay: 5
    host: "{{hostvars[inventory_hostname]['ansible_' + k8s_interface].ipv4.address}}"
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"

- name: Apply kube-apiserver-to-kubelet ClusterRole
  shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
  register: kube_apiserver_to_kubelet_cluster_role
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Apply kube-apiserver-to-kubelet ClusterRoleBinding
  shell: "kubectl apply --kubeconfig {{k8s_conf_dir}}/admin.kubeconfig -f /tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
  register: kube_apiserver_to_kubelet_cluster_role_binding
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller

- name: Remove temporary files
  file:
    path: "{{item}}"
    state: absent
  with_items:
    - "/tmp/kube-apiserver-to-kubelet_cluster_role.yaml"
    - "/tmp/kube-apiserver-to-kubelet_cluster_role_binding.yaml"
  run_once: true
  delegate_to: "{{groups.k8s_master|first}}"
  tags:
    - k8s-controller