---

- name: sync_kube_node_certs | Create list of needed certs
  set_fact:
    kube_node_cert_list: "{{ kube_node_cert_list|default([]) + ['node-' + inventory_hostname + '.pem'] }}"

- include_tasks: ../../../vault/tasks/shared/sync_file.yml
  vars:
    sync_file: "{{ item }}"
    sync_file_dir: "{{ kube_cert_dir }}"
    sync_file_group: "{{ kube_cert_group }}"
    sync_file_hosts: [ "{{ inventory_hostname }}" ]
    sync_file_is_cert: true
    sync_file_owner: kube
  with_items: "{{ kube_node_cert_list|default([]) }}"

- name: sync_kube_node_certs | Set facts for kube-master sync_file results
  set_fact:
    kube_node_certs_needed: "{{ kube_node_certs_needed|default([]) + [item.path] }}"
  with_items: "{{ sync_file_results|d([]) }}"
  when: item.no_srcs|bool

- name: sync_kube_node_certs | Unset sync_file_results after kube node certs
  set_fact:
    sync_file_results: []

- include_tasks: ../../../vault/tasks/shared/sync_file.yml
  vars:
    sync_file: ca.pem
    sync_file_dir: "{{ kube_cert_dir }}"
    sync_file_group: "{{ kube_cert_group }}"
    sync_file_hosts: "{{ groups['k8s-cluster'] }}"
    sync_file_owner: kube

- name: sync_kube_node_certs | Unset sync_file_results after ca.pem
  set_fact:
    sync_file_results: []

- name: sync_kube_node_certs | Create list of needed kube-proxy certs
  set_fact:
    kube_proxy_cert_list: "{{ kube_proxy_cert_list|default([]) + ['kube-proxy-' + inventory_hostname + '.pem'] }}"

- include_tasks: ../../../vault/tasks/shared/sync_file.yml
  vars:
    sync_file: "{{ item }}"
    sync_file_dir: "{{ kube_cert_dir }}"
    sync_file_group: "{{ kube_cert_group }}"
    sync_file_hosts: [ "{{ inventory_hostname }}" ]
    sync_file_owner: kube
  with_items: "{{ kube_proxy_cert_list|default([]) }}"

- name: sync_kube_node_certs | Set facts for kube-proxy sync_file results
  set_fact:
    kube_proxy_certs_needed: "{{ kube_proxy_certs_needed|default([]) + [item.path] }}"
  with_items: "{{ sync_file_results|d([]) }}"
  when: item.no_srcs|bool

- name: sync_kube_node_certs | Unset sync_file_results after kube proxy certs
  set_fact:
    sync_file_results: []