---
- name: check if kubeconfig kubelet.conf already exists
  stat:
    path: /etc/kubernetes/kubelet.conf
  register: kubeconfig_kubelet_stats

- name: generate kubeadm.config
  template:
    src: kubeadm-init.config.j2
    dest: /etc/kubernetes/kubeadm.config
  register: kubeadm_config

### cluster not yet initialized

- name: create new cluster
  when: not kubeconfig_kubelet_stats.stat.exists
  block:

  - name: initialize kubernetes primary control-plane node and store log
    block:
    - name: initialize kubernetes primary control-plane node
      command: "kubeadm init --config /etc/kubernetes/kubeadm.config --skip-token-print"
      args:
        creates: /etc/kubernetes/pki/ca.crt
      register: kubeadm_init

    always:
    - name: dump output of kubeadm init to log file
      when: kubeadm_init.changed
      copy:
        content: "{{ kubeadm_init.stdout }}\n"
        dest: /etc/kubernetes/kubeadm-init.log

    - name: dump error output of kubeadm init to log file
      when: kubeadm_init.changed and kubeadm_init.stderr
      copy:
        content: "{{ kubeadm_init.stderr }}\n"
        dest: /etc/kubernetes/kubeadm-init.errors

  - name: create bootstrap token for new cluster
    command: kubeadm token create --ttl 42m
    check_mode: no
    register: kubeadm_token_generate


### cluster is already initialized but config has changed

- name: upgrade cluster config
  when: kubeconfig_kubelet_stats.stat.exists and kubeadm_config is changed
  block:

  - name: fail for cluster upgrades
    fail:
      msg: "upgrading cluster config is currently not supported!"


### cluster is already initialized

- name: prepare cluster for new nodes
  when: kubeconfig_kubelet_stats.stat.exists and kubeadm_config is not changed
  block:

  - name: fetch list of current nodes
    command: kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes -o name
    changed_when: False
    check_mode: no
    register: kubectl_node_list

  - name: save list of current nodes
    set_fact:
      kubernetes_current_nodes: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list }}"

  - name: create bootstrap token for existing cluster
    when: "groups['_kubernetes_nodes_'] | difference(kubernetes_current_nodes) | length > 0"
    command: kubeadm token create --ttl 42m
    check_mode: no
    register: kubeadm_token_create


## calculate certificate digest

- name: install openssl
  apt:
    name: openssl
    state: present

- name: get ca certificate digest
  shell: "set -o pipefail && openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'"
  args:
    executable: /bin/bash
  check_mode: no
  register: kube_ca_openssl
  changed_when: False

- name: set variables needed by kubernetes/nodes to join the cluster
  set_fact:
    kube_bootstrap_token: "{% if kubeadm_token_generate.stdout is defined %}{{ kubeadm_token_generate.stdout }}{% elif kubeadm_token_create.stdout is defined %}{{ kubeadm_token_create.stdout }}{% endif %}"
    kube_bootstrap_ca_cert_hash: "sha256:{{ kube_ca_openssl.stdout }}"
  delegate_to: "{{ item }}"
  delegate_facts: True
  loop: "{{ groups['_kubernetes_nodes_'] }}"


## install node-local-dns

- name: generate node-local dns cache config
  template:
    src: node-local-dns.yml.j2
    dest: /etc/kubernetes/node-local-dns.yml

- name: check if node-local dns cache is already installed
  check_mode: no
  command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/node-local-dns.yml
  failed_when: false
  changed_when: false
  register: kube_node_local_dns_diff_result

- name: install node-local dns cache
  when: kube_node_local_dns_diff_result.rc != 0
  command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/node-local-dns.yml


## Network Plugin

- name: install network plugin
  include_tasks: "net_{{ kubernetes_network_plugin }}.yml"