---
- name: Canal | Write Canal cni config
  template:
    src: "cni-canal.conflist.j2"
    dest: "/etc/cni/net.d/10-canal.conflist"
    owner: kube

- name: Canal | Create canal certs directory
  file:
    dest: "{{ canal_cert_dir }}"
    state: directory
    mode: 0750
    owner: root
    group: root

- name: Canal | Link etcd certificates for canal-node
  file:
    src: "{{ etcd_cert_dir }}/{{ item.s }}"
    dest: "{{ canal_cert_dir }}/{{ item.d }}"
    state: hard
    force: yes
  with_items:
    - {s: "ca.pem", d: "ca_cert.crt"}
    - {s: "node-{{ inventory_hostname }}.pem", d: "cert.crt"}
    - {s: "node-{{ inventory_hostname }}-key.pem", d: "key.pem"}

- name: Canal | Set Flannel etcd configuration
  command: |-
    {{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} \
    set /{{ cluster_name }}/network/config \
    '{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  delegate_to: "{{groups['etcd'][0]}}"
  changed_when: false
  run_once: true
  environment:
    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"

- name: Canal | Create canal node manifests
  template:
    src: "{{item.file}}.j2"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items:
    - {name: canal-config, file: canal-config.yaml, type: cm}
    - {name: canal-node, file: canal-node.yaml, type: ds}
    - {name: canal, file: canal-node-sa.yml, type: sa}
    - {name: calico, file: canal-cr-calico.yml, type: clusterrole}
    - {name: flannel, file: canal-cr-flannel.yml, type: clusterrole}
    - {name: canal-calico, file: canal-crb-calico.yml, type: clusterrolebinding}
    - {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding}
  register: canal_manifests
  when:
    - inventory_hostname in groups['kube-master']

- name: Canal | Set cni directory permissions
  file:
    path: /opt/cni/bin
    state: directory
    owner: kube
    recurse: true
    mode: 0755

- name: Canal | Copy cni plugins
  unarchive:
    src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
    dest: "/opt/cni/bin"
    mode: 0755
    remote_src: yes

- name: Canal | Copy cni plugins from calico/cni
  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
  register: cni_task_result
  until: cni_task_result.rc == 0
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  changed_when: false
  tags:
    - hyperkube
    - upgrade

- name: Canal | Set cni directory permissions
  file:
    path: /opt/cni/bin
    state: directory
    owner: kube
    recurse: true
    mode: 0755

- name: Canal | Install calicoctl container script
  template:
    src: calicoctl-container.j2
    dest: "{{ bin_dir }}/calicoctl"
    mode: 0755
    owner: root
    group: root

- name: Canal | Create network policy directory
  file:
    path: "{{ canal_policy_dir }}"
    state: directory