# Copyright 2017 The Openstack-Helm Authors.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

- name: storing node hostname
  set_fact:
    kubeadm_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}"

- name: deploy config file and make dir structure
  block:
    - name: setup directorys on host
      file:
        path: "{{ item }}"
        state: directory
      with_items:
        - /etc/kubernetes
        - /etc/kubernetes/pki
    - name: generating initial admin token
      delegate_to: 127.0.0.1
      command: /usr/bin/kubeadm token generate
      register: kubeadm_bootstrap_token
    - name: storing initial admin token
      set_fact:
        kubeadm_bootstrap_token: "{{ kubeadm_bootstrap_token.stdout }}"
    - name: kubelet | copying config to host
      template:
        src: kubeadm-conf.yaml.j2
        dest: /etc/kubernetes/kubeadm-conf.yaml
        mode: 0640

- name: generating certs
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | certs | ca
      command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver
      command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | apiserver-kubelet-client
      command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | sa
      command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | front-proxy-ca
      command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | certs | front-proxy-client
      command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- name: generating kubeconfigs
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | kubeconfig | admin
      command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | kubelet
      command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | controller-manager
      command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | kubeconfig | scheduler
      command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- name: generating etcd static manifest
  delegate_to: 127.0.0.1
  command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- name: generating controlplane static manifests
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | controlplane | apiserver
      command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | controlplane | controller-manager
      command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
    - name: master | deploy | controlplane | scheduler
      command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- name: wait for kube components
  delegate_to: 127.0.0.1
  block:
    - name: wait for kube api
      shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; python /usr/bin/test-kube-api.py
      register: task_result
      until: task_result.rc == 0
      retries: 120
      delay: 5
    - name: wait for node to come online
      shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '\(^Ready\)\|\(^NotReady\)'
      register: task_result
      until: task_result.rc == 0
      retries: 120
      delay: 5
    - include_tasks: wait-for-kube-system-namespace.yaml

- name: deploying kube-proxy
  delegate_to: 127.0.0.1
  command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- include_tasks: helm-cni.yaml

- name: wait for kube components
  delegate_to: 127.0.0.1
  block:
    - name: wait for node to be ready
      shell: export KUBECONFIG=/mnt/rootfs/etc/kubernetes/admin.conf; kubectl get node "{{ kubeadm_node_hostname }}" --no-headers | gawk '{ print $2 }' | grep -q '^Ready'
      register: task_result
      until: task_result.rc == 0
      retries: 120
      delay: 5
    - include_tasks: wait-for-kube-system-namespace.yaml

# - name: deploying kube-dns addon
#   delegate_to: 127.0.0.1
#   block:
#     - name: master | deploy | kube-dns
#       command: kubeadm alpha phase addon kube-dns --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
#     - include_tasks: wait-for-kube-system-namespace.yaml

- include_tasks: helm-dns.yaml
- include_tasks: helm-deploy.yaml

- name: uploading cluster config to api
  delegate_to: 127.0.0.1
  command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- name: generating bootstrap-token objects
  delegate_to: 127.0.0.1
  block:
    - name: master | deploy | bootstrap-token | allow-post-csrs
      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
    - name: master | deploy | bootstrap-token | allow-auto-approve
      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve

- name: generating bootstrap-token objects
  delegate_to: 127.0.0.1
  block:
    - name: check if kube-public namespace exists
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf get ns kube-public
      register: kube_public_ns_exists
      ignore_errors: True
    - name: create kube-public namespace if required
      when: kube_public_ns_exists | failed
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create ns kube-public
    - name: sourcing kube cluster admin credentials
      include_vars: /etc/kubernetes/admin.conf
    - name: creating cluster-info configmap manifest on host
      template:
        src: cluster-info.yaml.j2
        dest: /etc/kubernetes/cluster-info.yaml
        mode: 0644
    - name: removing any pre-existing cluster-info configmap
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf delete -f /etc/kubernetes/cluster-info.yaml --ignore-not-found
    - name: creating cluster-info configmap
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf create -f /etc/kubernetes/cluster-info.yaml
    - name: removing cluster-info configmap manifest from host
      file:
        path: "{{ item }}"
        state: absent
      with_items:
        - /etc/kubernetes/cluster-info.yaml

    - name: check if kube-public configmap role exists
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get role system:bootstrap-signer-clusterinfo
      register: kube_public_configmap_role_exists
      ignore_errors: True
    - name: create kube-public configmap role if required
      when: kube_public_configmap_role_exists | failed
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create role system:bootstrap-signer-clusterinfo --verb get --resource configmaps

    - name: check if kube-public configmap rolebinding exists
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public get rolebinding kubeadm:bootstrap-signer-clusterinfo
      register: kube_public_configmap_rolebinding_exists
      ignore_errors: True
    - name: create kube-public configmap rolebinding if required
      when: kube_public_configmap_rolebinding_exists | failed
      command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create rolebinding kubeadm:bootstrap-signer-clusterinfo --role system:bootstrap-signer-clusterinfo --user system:anonymous

- name: converting the cluster to be selfhosted
  when: k8s.selfHosted|bool == true
  delegate_to: 127.0.0.1
  command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml

- name: setting up kubectl client on host
  block:
    - name: kubectl | copying kubectl binary to host
      copy:
        src: /usr/bin/kubectl
        dest: /usr/bin/kubectl
        owner: root
        group: root
        mode: 0555
    - name: kubectl | master | ensure kube config directory exists for user
      file:
        path: "{{ item }}"
        state: directory
      with_items:
        - "{{ vars.user.home }}/.kube"
    - name: kubectl | master | deploy kube config file for user
      copy:
        src: /mnt/rootfs/etc/kubernetes/admin.conf
        dest: "{{ vars.user.home }}/.kube/config"
        owner: "{{ vars.user.uid }}"
        group: "{{ vars.user.gid }}"
        mode: 0600