---
- name: tokens | generate tokens for master components
  become: False
  local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
  environment:
    TOKEN_DIR: "{{ role_path }}/files/tokens"
  with_nested:
    - [ "system:kubectl" ]
    - "{{ groups['kube-master'] }}"
  register: gentoken_master
  changed_when: "'Added' in gentoken_master.stdout"
  notify: set secret_changed

- name: tokens | generate tokens for node components
  become: False
  local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
  environment:
    TOKEN_DIR: "{{ role_path }}/files/tokens"
  with_nested:
    - [ 'system:kubelet' ]
    - "{{ groups['kube-node'] }}"
  register: gentoken_node
  changed_when: "'Added' in gentoken_node.stdout"
  notify: set secret_changed

- name: tokens | Copy tokens on master
  copy:
    src: "tokens"
    dest: "/etc/kubernetes"
  when: inventory_hostname in "{{ groups['kube-master'] }}"