---
- name: Calico | Check if typha-server exists
  command: "{{ kubectl }} -n kube-system get secret typha-server"
  register: typha_server_secret
  changed_when: false
  failed_when: false

- name: Calico | Ensure calico certs dir
  file:
    path: /etc/calico/certs
    state: directory
    mode: 0755
  when: typha_server_secret.rc != 0

- name: Calico | Copy ssl script for typha certs
  template:
    src: make-ssl-calico.sh.j2
    dest: "{{ bin_dir }}/make-ssl-typha.sh"
    mode: 0755
  when: typha_server_secret.rc != 0

- name: Calico | Copy ssl config for typha certs
  copy:
    src: openssl.conf
    dest: /etc/calico/certs/openssl.conf
    mode: 0644
  when: typha_server_secret.rc != 0

- name: Calico | Generate typha certs
  command: >-
    {{ bin_dir }}/make-ssl-typha.sh
    -f /etc/calico/certs/openssl.conf
    -c {{ kube_cert_dir }}
    -d /etc/calico/certs
    -s typha
  when: typha_server_secret.rc != 0

- name: Calico | Create typha tls secrets
  command: >-
    {{ kubectl }} -n kube-system
    create secret tls {{ item.name }}
    --cert {{ item.cert }}
    --key {{ item.key }}
  with_items:
    - name: typha-server
      cert: /etc/calico/certs/typha-server.crt
      key: /etc/calico/certs/typha-server.key
    - name: typha-client
      cert: /etc/calico/certs/typha-client.crt
      key: /etc/calico/certs/typha-client.key
  when: typha_server_secret.rc != 0