---
- name: Kubernetes Apps | Wait for kube-apiserver
  uri:
    url: http://localhost:{{ kube_apiserver_insecure_port }}/healthz
  register: result
  until: result.status == 200
  retries: 10
  delay: 6
  when: inventory_hostname == groups['kube-master'][0]

- name: Kubernetes Apps | Lay Down KubeDNS Template
  template:
    src: "{{item.file}}"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
    - {name: kubedns, file: kubedns-sa.yml, type: sa}
    - {name: kubedns, file: kubedns-deploy.yml.j2, type: deployment}
    - {name: kubedns, file: kubedns-svc.yml, type: svc}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
    - {name: kubedns-autoscaler, file: kubedns-autoscaler.yml.j2, type: deployment}
  register: manifests
  when:
    - dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
    - rbac_enabled or item.type not in rbac_resources
  tags: dnsmasq

# see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
  command: >
    {{bin_dir}}/kubectl patch clusterrole system:kube-dns
    --patch='{
               "rules": [
                 {
                   "apiGroups" : [""],
                   "resources" : ["endpoints", "services"],
                   "verbs": ["list", "watch", "get"]
                 }
               ]
             }'
  when:
    - dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
    - rbac_enabled and kubedns_version|version_compare("1.11.0", "<", strict=True)
  tags: dnsmasq

- name: Kubernetes Apps | Start Resources
  kube:
    name: "{{item.item.name}}"
    namespace: "{{ system_namespace }}"
    kubectl: "{{bin_dir}}/kubectl"
    resource: "{{item.item.type}}"
    filename: "{{kube_config_dir}}/{{item.item.file}}"
    state: "{{item.changed | ternary('latest','present') }}"
  with_items: "{{ manifests.results }}"
  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
  tags: dnsmasq

- name: Kubernetes Apps | Netchecker
  include: tasks/netchecker.yml
  when: deploy_netchecker
  tags: netchecker