From 756747a678cae6064fc842d7e8e364b036ceea0c Mon Sep 17 00:00:00 2001
From: Michael McCulloch <mjm.gitlab@fastmail.com>
Date: Thu, 8 Feb 2024 06:14:50 -0700
Subject: [PATCH] Allow pods on the control plane immediately if possible

---
 tasks/control-plane-aux-setup.yml | 26 ++++++++++++++++++++++++++
 tasks/control-plane-setup.yml     | 13 +++++++++++++
 tasks/main.yml                    | 15 ---------------
 3 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/tasks/control-plane-aux-setup.yml b/tasks/control-plane-aux-setup.yml
index 47ad1f5..970b881 100644
--- a/tasks/control-plane-aux-setup.yml
+++ b/tasks/control-plane-aux-setup.yml
@@ -5,3 +5,29 @@
   args:
     creates: /etc/kubernetes/kubelet.conf
   tags: ["skip_ansible_lint"]
+
+- name: Ensure .kube directory exists.
+  file:
+    path: ~/.kube
+    state: directory
+    mode: 0755
+
+- name: Symlink the kubectl admin.conf to ~/.kube/conf.
+  file:
+    src: /etc/kubernetes/admin.conf
+    dest: ~/.kube/config
+    state: link
+    mode: 0644
+
+- name: Allow pods on control plane (if configured).
+  command: "kubectl taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane-"
+  register: taint_removed
+  until: >
+    ("untainted" in taint_removed.stdout) or
+    ("not found" in taint_removed.stderr)
+  changed_when: "'untainted' in taint_removed.stdout"
+  failed_when: false
+  retries: 100
+  delay: 5
+  when:
+    - kubernetes_allow_pods_on_control_plane | bool
diff --git a/tasks/control-plane-setup.yml b/tasks/control-plane-setup.yml
index e22f839..511acb6 100644
--- a/tasks/control-plane-setup.yml
+++ b/tasks/control-plane-setup.yml
@@ -87,6 +87,19 @@
     state: link
     mode: 0644
 
+- name: Allow pods on control plane (if configured).
+  command: "kubectl taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane-"
+  register: taint_removed
+  until: >
+    ("untainted" in taint_removed.stdout) or
+    ("not found" in taint_removed.stderr)
+  changed_when: "'untainted' in taint_removed.stdout"
+  failed_when: false
+  retries: 100
+  delay: 5
+  when:
+    - kubernetes_allow_pods_on_control_plane | bool
+
 - name: Write Cilium Helm values to file
   copy:
     dest: "/tmp/cilium_helm.yaml"
diff --git a/tasks/main.yml b/tasks/main.yml
index 8abac17..89bd659 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -101,18 +101,3 @@
     - inventory_hostname != groups['k8s_control_plane'][0]
     - inventory_hostname == item
   loop: "{{ groups['k8s_control_plane'] }}"
-
-- name: Allow pods on control plane (if configured).
-  command: "kubectl taint nodes {{ item }} node-role.kubernetes.io/control-plane-"
-  register: taint_removed
-  until: >
-    ("untainted" in taint_removed.stdout) or
-    ("not found" in taint_removed.stderr)
-  changed_when: "'untainted' in taint_removed.stdout"
-  failed_when: false
-  retries: 100
-  delay: 5
-  loop: "{{ groups['k8s_control_plane'] }}"
-  when:
-    - kubernetes_allow_pods_on_control_plane | bool
-    - inventory_hostname == groups['k8s_control_plane'][0]