---
- name: Set kubeadm_discovery_address
  set_fact:
    kubeadm_discovery_address: >-
      {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
      {{ first_kube_master }}:{{ kube_apiserver_port }}
      {%- else -%}
      {{ kube_apiserver_endpoint }}
      {%- endif %}
  tags:
    - facts

- name: Check if kubelet.conf exists
  stat:
    path: "{{ kube_config_dir }}/kubelet.conf"
  register: kubelet_conf

- name: Calculate kubeadm CA cert hash
  shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  register: kubeadm_ca_hash
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Create kubeadm token for joining nodes with 24h expiration (default)
  command: "{{ bin_dir }}/kubeadm token create"
  run_once: true
  register: temp_token
  delegate_to: "{{ groups['kube-master'][0] }}"

- name: gets the kubeadm version
  command: "{{ bin_dir }}/kubeadm version -o short"
  register: kubeadm_output

- name: sets kubeadm api version to v1alpha1
  set_fact:
    kubeadmConfig_api_version: v1alpha1
  when: kubeadm_output.stdout is version('v1.11.0', '<')

- name: sets kubeadm api version to v1alpha2
  set_fact:
    kubeadmConfig_api_version: v1alpha2
  when:
    - kubeadm_output.stdout is version('v1.11.0', '>=')
    - kubeadm_output.stdout is version('v1.12.0', '<')

- name: sets kubeadm api version to v1alpha3
  set_fact:
    kubeadmConfig_api_version: v1alpha3
  when:
    - kubeadm_output.stdout is version('v1.12.0', '>=')
    - kubeadm_output.stdout is version('v1.13.0', '<')

- name: sets kubeadm api version to v1beta1
  set_fact:
    kubeadmConfig_api_version: v1beta1
  when: kubeadm_output.stdout is version('v1.13.0', '>=')

- name: Create kubeadm client config
  template:
    src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
    dest: "{{ kube_config_dir }}/kubeadm-client.conf"
    backup: yes
  when: not is_kube_master
  vars:
    kubeadm_token: "{{ temp_token.stdout }}"

- name: Join to cluster if needed
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
  when: not is_kube_master and (not kubelet_conf.stat.exists)
  block:

    - name: Join to cluster
      command: >-
        {{ bin_dir }}/kubeadm join
        --config {{ kube_config_dir}}/kubeadm-client.conf
        --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
      register: kubeadm_join
      async: 60
      poll: 15

  rescue:

    - name: Join to cluster with ignores
      command: >-
        {{ bin_dir }}/kubeadm join
        --config {{ kube_config_dir}}/kubeadm-client.conf
        --ignore-preflight-errors=all
      register: kubeadm_join
      async: 60
      poll: 15

  always:

    - name: Display kubeadm join stderr if any
      when: kubeadm_join is failed
      debug:
        message: |
          Joined with warnings
          {{ kubeadm_join.stderr_lines }}

- name: Wait for kubelet bootstrap to create config
  wait_for:
    path: "{{ kube_config_dir }}/kubelet.conf"
    delay: 1
    timeout: 60

- name: Update server field in kubelet kubeconfig
  lineinfile:
    dest: "{{ kube_config_dir }}/kubelet.conf"
    regexp: 'server:'
    line: '    server: {{ kube_apiserver_endpoint }}'
    backup: yes
  when:
    - kubeadm_config_api_fqdn is not defined
    - not is_kube_master
    - kubeadm_discovery_address != kube_apiserver_endpoint
  notify: restart kubelet

- name: Update server field in kube-proxy kubeconfig
  shell: >-
    {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
    | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
    | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when:
    - kubeadm_config_api_fqdn is not defined
    - is_kube_master
    - kubeadm_discovery_address != kube_apiserver_endpoint
    - not kube_proxy_remove
  tags:
    - kube-proxy

- name: Restart all kube-proxy pods to ensure that they load the new configmap
  shell: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf delete pod -n kube-system -l k8s-app=kube-proxy --force --grace-period=0"
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when:
    - kubeadm_config_api_fqdn is not defined
    - is_kube_master
    - kubeadm_discovery_address != kube_apiserver_endpoint
    - not kube_proxy_remove
  tags:
    - kube-proxy

# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
- name: Symlink kubelet kubeconfig for calico/canal
  file:
    src: "{{ kube_config_dir }}/kubelet.conf"
    dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
    state: link
    force: yes
  when:
    - kube_network_plugin in ['calico','canal']
    - calico_version is version('v3.3.0', '<')

# FIXME(jjo): need to post-remove kube-proxy until https://github.com/kubernetes/kubeadm/issues/776
# is fixed
- name: Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
  shell: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete daemonset -n kube-system kube-proxy"
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when:
    - kube_proxy_remove
    - is_kube_master
    - kubeadm_discovery_address != kube_apiserver_endpoint
  tags:
    - kube-proxy