---

- name: Kubernetes Apps | Lay Down KubeDNS Template
  action: "{{ item.module }}"
  args:
    src: "{{ item.file }}{% if item.module == 'template' %}.j2{% endif %}"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
  with_items:
    - { name: kube-dns, module: template, file: kubedns-sa.yml, type: sa }
    - { name: kube-dns, module: template, file: kubedns-config.yml, type: configmap }
    - { name: kube-dns, module: template, file: kubedns-deploy.yml, type: deployment }
    - { name: kube-dns, module: template, file: kubedns-svc.yml, type: svc }
    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-sa.yml, type: sa }
    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
    - { name: dns-autoscaler, module: template, file: dns-autoscaler.yml, type: deployment }
  register: kubedns_manifests
  when:
    - dns_mode in ['kubedns','dnsmasq_kubedns']
    - inventory_hostname == groups['kube-master'][0]
  tags:
    - dnsmasq
    - kubedns

# see https://github.com/kubernetes/kubernetes/issues/45084, only needed for "old" kube-dns
- name: Kubernetes Apps | Patch system:kube-dns ClusterRole
  command: >
    {{ bin_dir }}/kubectl patch clusterrole system:kube-dns
    --patch='{
               "rules": [
                 {
                   "apiGroups" : [""],
                   "resources" : ["endpoints", "services"],
                   "verbs": ["list", "watch", "get"]
                 }
               ]
             }'
  when:
    - dns_mode in ['kubedns', 'dnsmasq_kubedns']
    - inventory_hostname == groups['kube-master'][0]
    - rbac_enabled and kubedns_version is version("1.11.0", "<", strict=True)
  tags:
    - dnsmasq
    - kubedns