---
- name: Helm | Make sure HELM_HOME directory exists
  file: path={{ helm_home_dir }} state=directory

- name: Helm | Set up helm launcher
  include_tasks: "install_{{ helm_deployment_type }}.yml"

- name: Helm | Lay Down Helm Manifests (RBAC)
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
  with_items:
    - {name: tiller, file: tiller-namespace.yml, type: namespace}
    - {name: tiller, file: tiller-sa.yml, type: sa}
    - {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
  register: manifests
  when:
    - dns_mode != 'none'
    - inventory_hostname == groups['kube-master'][0]
    - helm_version is version('v3.0.0', '<')

- name: Helm | Apply Helm Manifests (RBAC)
  kube:
    name: "{{ item.item.name }}"
    namespace: "{{ tiller_namespace }}"
    kubectl: "{{ bin_dir }}/kubectl"
    resource: "{{ item.item.type }}"
    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
    state: "latest"
  with_items: "{{ manifests.results }}"
  when:
    - dns_mode != 'none'
    - inventory_hostname == groups['kube-master'][0]
    - helm_version is version('v3.0.0', '<')

# Generate necessary certs for securing Helm and Tiller connection with TLS
- name: Helm | Set up TLS
  include_tasks: "gen_helm_tiller_certs.yml"
  when:
    - tiller_enable_tls
    - helm_version is version('v3.0.0', '<')

- name: Helm | Install client on all masters
  command: >
    {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }}
    {% if helm_skip_refresh %} --skip-refresh{% endif %}
    {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
    --client-only
  environment: "{{ proxy_env }}"
  changed_when: false
  when:
    - helm_version is version('v3.0.0', '<')

# FIXME: https://github.com/helm/helm/issues/6374
- name: Helm | Install/upgrade helm
  shell: >
    {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }}
    {% if helm_skip_refresh %} --skip-refresh{% endif %}
    {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
    --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }}
    {% if rbac_enabled %} --service-account=tiller{% endif %}
    {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %}
    --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}
    {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %}
    {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %}
    {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %}
    {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
    --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
    {% if tiller_wait %} --wait{% endif %}
    --output yaml
    | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@'
    | {{ bin_dir }}/kubectl apply -f -
  register: install_helm
  when:
    - inventory_hostname == groups['kube-master'][0]
    - helm_version is version('v3.0.0', '<')
  changed_when: false
  environment: "{{ proxy_env }}"

# FIXME: https://github.com/helm/helm/issues/4063
- name: Helm | Force apply tiller overrides if necessary
  shell: >
    {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }}
    {% if helm_skip_refresh %} --skip-refresh{% endif %}
    {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
    {% if rbac_enabled %} --service-account=tiller{% endif %}
    {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %}
    --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}
    {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %}
    {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %}
    {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %}
    {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %}
    --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm'
    {% if tiller_wait %} --wait{% endif %}
    --output yaml
    | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@'
    | {{ bin_dir }}/kubectl apply -f -
  changed_when: false
  when:
    - inventory_hostname == groups['kube-master'][0]
    - helm_version is version('v3.0.0', '<')
  environment: "{{ proxy_env }}"

- name: Helm | Add/update stable repo on all masters
  command: "{{ bin_dir }}/helm repo add stable {{ helm_stable_repo_url }}"
  environment: "{{ proxy_env }}"
  when:
    - helm_version is version('v3.0.0', '>=')
    - helm_stable_repo_url is defined

- name: Make sure bash_completion.d folder exists
  file:
    name: "/etc/bash_completion.d/"
    state: directory
  when:
    - ((helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed))
    - ansible_os_family in ["ClearLinux"]

- name: Helm | Set up bash completion
  shell: "umask 022 && {{ bin_dir }}/helm completion bash >/etc/bash_completion.d/helm.sh"
  when:
    - ((helm_container is defined and helm_container.changed) or (helm_task_result is defined and helm_task_result.changed))
    - not ansible_os_family in ["CoreOS", "Coreos", "Container Linux by CoreOS", "Flatcar", "Flatcar Container Linux by Kinvolk"]