# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
- name: Mount tmpfs to /var/lib/etcd
  mount:
    path: /var/lib/etcd
    src: tmpfs
    fstype: tmpfs
    opts: size=1g
    state: mounted

- name: Prepare kubeadm config
  template:
    src: files/kubeadm_config.yaml
    dest: /tmp/kubeadm_config.yaml

- name: Initialize the Kubernetes cluster using kubeadm
  command: kubeadm init --config /tmp/kubeadm_config.yaml

- name: "Setup kubeconfig for {{ kubectl.user }} user"
  shell: |
    mkdir -p /home/{{ kubectl.user }}/.kube
    cp -i /etc/kubernetes/admin.conf /home/{{ kubectl.user }}/.kube/config
    chown -R {{ kubectl.user }}:{{ kubectl.group }} /home/{{ kubectl.user }}/.kube
  args:
    executable: /bin/bash

- name: Deploy Calico
  become: false
  command: kubectl apply -f /tmp/calico.yaml

- name: Sleep before trying to check Calico pods
  pause:
    seconds: 20

- name: Wait for Calico pods ready
  become: false
  command: kubectl -n kube-system wait --timeout=240s --for=condition=Ready pods -l k8s-app=calico-node

- name: Prepare Calico patch
  copy:
    src: files/calico_patch.yaml
    dest: /tmp/calico_patch.yaml

- name: Patch Calico
  become: false
  command: kubectl -n kube-system patch daemonset calico-node --patch-file /tmp/calico_patch.yaml

- name: Wait for Calico pods ready
  become: false
  command: kubectl -n kube-system wait --timeout=240s --for=condition=Ready pods -l k8s-app=calico-node

- name: Generate join command
  command: kubeadm token create --print-join-command
  register: join_command

- name: Untaint Kubernetes control plane node
  become: false
  command: kubectl taint nodes -l 'node-role.kubernetes.io/control-plane' node-role.kubernetes.io/control-plane-

- name: Enable recursive queries for coredns
  become: false
  shell: |
    PATCH=$(mktemp)
    kubectl get configmap coredns -n kube-system -o json | jq -r "{data: .data}"  | sed 's/ready\\n/header \{\\n        response set ra\\n    \}\\n    ready\\n/g' > "${PATCH}"
    kubectl patch configmap coredns -n kube-system --patch-file "${PATCH}"
    kubectl set image deployment coredns -n kube-system "coredns=registry.k8s.io/coredns/coredns:v1.9.4"
    kubectl rollout restart -n kube-system deployment/coredns
    sleep 10
    kubectl -n kube-system wait --timeout=240s --for=condition=Ready pods -l k8s-app=kube-dns
    rm -f "${PATCH}"
  args:
    executable: /bin/bash
...