---
- name: slurp kubeadm certs
  slurp:
    src: "{{ item }}"
  with_items:
    - "{{ kube_cert_dir }}/apiserver.crt"
    - "{{ kube_cert_dir }}/apiserver.key"
    - "{{ kube_cert_dir }}/apiserver-kubelet-client.crt"
    - "{{ kube_cert_dir }}/apiserver-kubelet-client.key"
    - "{{ kube_cert_dir }}/ca.crt"
    - "{{ kube_cert_dir }}/ca.key"
    - "{{ kube_cert_dir }}/front-proxy-ca.crt"
    - "{{ kube_cert_dir }}/front-proxy-ca.key"
    - "{{ kube_cert_dir }}/front-proxy-client.crt"
    - "{{ kube_cert_dir }}/front-proxy-client.key"
    - "{{ kube_cert_dir }}/sa.key"
    - "{{ kube_cert_dir }}/sa.pub"
  register: kubeadm_certs
  delegate_to: "{{ groups['kube-master']|first }}"

- name: kubeadm | write out kubeadm certs
  copy:
    dest: "{{ item.item }}"
    content: "{{ item.content | b64decode }}"
    owner: root
    group: root
    mode: 0600
  no_log: true
  register: copy_kubeadm_certs
  with_items: "{{ kubeadm_certs.results }}"
  when: inventory_hostname != groups['kube-master']|first

- name: kubeadm | Init other uninitialized masters
  command: timeout -k 600s 600s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all --skip-phases=addon/coredns
  register: kubeadm_init
  retries: 10
  until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
  when:
    - inventory_hostname != groups['kube-master']|first
    - not kubeadm_already_run.stat.exists
  failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
  environment:
    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
  notify: Master | restart kubelet