main.yml

---
- name: Set kubeadm_discovery_address
  set_fact:
    kubeadm_discovery_address: >-
      {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
      {{ first_kube_master }}:{{ kube_apiserver_port }}
      {%- else -%}
      {{ kube_apiserver_endpoint }}
      {%- endif %}
  tags:
    - facts

- name: Check if kubelet.conf exists
  stat:
    path: "{{ kube_config_dir }}/kubelet.conf"
  register: kubelet_conf

- name: Calculate kubeadm CA cert hash
  shell: openssl x509 -pubkey -in {{ kube_config_dir }}/ssl/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  register: kubeadm_ca_hash
  delegate_to: "{{ groups['kube-master'][0] }}"
  run_once: true

- name: Create kubeadm token for joining nodes with 24h expiration (default)
  command: "{{ bin_dir }}/kubeadm token create"
  run_once: true
  register: temp_token
  delegate_to: "{{ groups['kube-master'][0] }}"

- name: Create kubeadm client config
  template:
    src: kubeadm-client.conf.j2
    dest: "{{ kube_config_dir }}/kubeadm-client.conf"
    backup: yes
  when: not is_kube_master
  vars:
    kubeadm_token: "{{ temp_token.stdout }}"
  register: kubeadm_client_conf

- name: Join to cluster if needed
  command: >-
    {{ bin_dir }}/kubeadm join
    --config {{ kube_config_dir}}/kubeadm-client.conf
    --ignore-preflight-errors=all
  register: kubeadm_join
  when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)

- name: Wait for kubelet bootstrap to create config
  wait_for:
    path: "{{ kube_config_dir }}/kubelet.conf"
    delay: 1
    timeout: 60

- name: Update server field in kubelet kubeconfig
  lineinfile:
    dest: "{{ kube_config_dir }}/kubelet.conf"
    regexp: 'server:'
    line: '    server: {{ kube_apiserver_endpoint }}'
    backup: yes
  when: not is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint
  notify: restart kubelet

- name: Update server field in kube-proxy kubeconfig
  shell: >-
    {{ bin_dir }}/kubectl get configmap kube-proxy -n kube-system -o yaml
    | sed 's#server:.*#server:\ {{ kube_apiserver_endpoint }}#g'
    | {{ bin_dir }}/kubectl replace -f -
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when: is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint

- name: Restart all kube-proxy pods to ensure that they load the new configmap
  shell: "{{ bin_dir }}/kubectl delete pod -n kube-system -l k8s-app=kube-proxy"
  delegate_to: "{{groups['kube-master']|first}}"
  run_once: true
  when: is_kube_master and kubeadm_discovery_address != kube_apiserver_endpoint

# FIXME(mattymo): Reconcile kubelet kubeconfig filename for both deploy modes
- name: Symlink kubelet kubeconfig for calico/canal
  file:
    src: "{{ kube_config_dir }}/kubelet.conf"
    dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
    state: link
    force: yes
  when: kube_network_plugin in ['calico','canal']