---
- name: Create the directory for the kubernetes_config_file
  file:
    path: "{{ kubernetes_kubeadm_kubelet_config_file_path | dirname }}"
    state: directory

- name: Deploy the config-file for kubeadm and kubelet
  template:
    src: "kubeadm-kubelet-config.j2"
    dest: "{{ kubernetes_kubeadm_kubelet_config_file_path }}"

- name: Determine if we are replacing kube-proxy with cilium
  set_fact:
    replace_kube_proxy="{{ (kubernetes_pod_network.cni == 'cilium') and
        (kubernetes_cilium_values is defined) and
        (kubernetes_cilium_values.kubeProxyReplacement is defined) and
        (kubernetes_cilium_values.kubeProxyReplacement) | bool }}"

- name: Determine if we installing Gateway API
  set_fact:
    install_gateway_api="{{ (replace_kube_proxy) and
        (kubernetes_cilium_values.gatewayAPI.enabled is defined) and
        (kubernetes_cilium_values.gatewayAPI.enabled)| bool }}"

- name: Initialize Kubernetes control plane with kubeadm init
  command: >
    kubeadm init
    --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
    {{ kubernetes_kubeadm_init_extra_opts }}
  register: kubeadmin_init
  when:
    - not kubernetes_init_stat.stat.exists
    - kubernetes_ignore_preflight_errors is not defined
    - not replace_kube_proxy

- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
  command: >
    kubeadm init
    --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
    --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
    {{ kubernetes_kubeadm_init_extra_opts }}
  register: kubeadmin_init
  when:
    - not kubernetes_init_stat.stat.exists
    - kubernetes_ignore_preflight_errors is defined
    - not replace_kube_proxy

- name: Initialize Kubernetes control plane with kubeadm init without kube-proxy
  command: >
    kubeadm init
    --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
    --skip-phases=addon/kube-proxy
    {{ kubernetes_kubeadm_init_extra_opts }}
  register: kubeadmin_init
  when:
    - not kubernetes_init_stat.stat.exists
    - kubernetes_ignore_preflight_errors is not defined
    - replace_kube_proxy

- name: Initialize Kubernetes control plane with kubeadm init without kube-proxy and ignore_preflight_errors
  command: >
    kubeadm init
    --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
    --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
    --skip-phases=addon/kube-proxy
    {{ kubernetes_kubeadm_init_extra_opts }}
  register: kubeadmin_init
  when:
    - not kubernetes_init_stat.stat.exists
    - kubernetes_ignore_preflight_errors is defined
    - replace_kube_proxy

- name: Print the init output to screen.
  debug:
    var: kubeadmin_init.stdout
    verbosity: 2
  when: not kubernetes_init_stat.stat.exists

- name: Ensure .kube directory exists.
  file:
    path: ~/.kube
    state: directory
    mode: 0755

- name: Symlink the kubectl admin.conf to ~/.kube/conf.
  file:
    src: /etc/kubernetes/admin.conf
    dest: ~/.kube/config
    state: link
    mode: 0644

- name: Write Cilium Helm values to file
  copy:
    dest: "/tmp/cilium_helm.yaml"
    content: "{{ kubernetes_cilium_values | to_yaml }}"
  when:
    - kubernetes_pod_network.cni == 'cilium'
    - not kubernetes_init_stat.stat.exists

- name: Taint nodes with cilium agent-not-ready
  command: kubectl taint nodes --all node.cilium.io/agent-not-ready=true:NoExecute
  when:
    - kubernetes_pod_network.cni == 'cilium'
    - not kubernetes_init_stat.stat.exists
  register: cilium_taint
  changed_when: "'tainted' in cilium_taint.stdout"
  until: cilium_taint is not failed
  retries: 12
  delay: 5

- name: Install Prerequisite CRDs for Cilium Gateway API support.
  when: install_gateway_api
  register: gateway_crds
  changed_when: "'created' in gateway_crds.stdout"
  command: "kubectl apply -f {{ item }}"
  loop:
    - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.0.0/config/crd/standard/gateway.networking.k8s.io_gatewayclasses.yaml
    - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.0.0/config/crd/standard/gateway.networking.k8s.io_gateways.yaml
    - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.0.0/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml
    - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.0.0/config/crd/standard/gateway.networking.k8s.io_referencegrants.yaml
    - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.0.0/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml
    - https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.0.0/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml

- name: Configure Cilium networking
  command: >
    /usr/local/bin/cilium install
    --version {{ kubernetes_cilium_version }}
    --datapath-mode {{ kubernetes_cilium_datapath }}
    --values /tmp/cilium_helm.yaml
  when:
    - kubernetes_pod_network.cni == 'cilium'
    - not kubernetes_init_stat.stat.exists
    - not replace_kube_proxy
  register: cilium_result
  changed_when: "'Error' not in cilium_result.stdout"
  until: cilium_result is not failed
  retries: 20
  delay: 5

- name: Configure Cilium networking and replace kube-proxy
  command: >
    /usr/local/bin/cilium install
    --version {{ kubernetes_cilium_version }}
    --datapath-mode {{ kubernetes_cilium_datapath }}
    --values /tmp/cilium_helm.yaml
    --set k8sServiceHost="{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}"
    --set k8sServicePort=6443
  when:
    - kubernetes_pod_network.cni == 'cilium'
    - not kubernetes_init_stat.stat.exists
    - replace_kube_proxy

  register: cilium_result
  changed_when: "'Error' not in cilium_result.stdout"
  until: cilium_result is not failed
  retries: 20
  delay: 5

- name: Configure Flannel networking.
  command: "kubectl apply -f {{ kubernetes_flannel_manifest_file }}"
  register: flannel_result
  changed_when: "'created' in flannel_result.stdout"
  when: kubernetes_pod_network.cni == 'flannel'
  until: flannel_result is not failed
  retries: 12
  delay: 5

- name: Configure Calico networking.
  command: "kubectl apply -f {{ kubernetes_calico_manifest_file }}"
  register: calico_result
  changed_when: "'created' in calico_result.stdout"
  when: kubernetes_pod_network.cni == 'calico'
  until: calico_result is not failed
  retries: 12
  delay: 5

- name: Get Kubernetes version for Weave installation.
  shell: kubectl version | base64 | tr -d '\n'
  changed_when: false
  register: kubectl_version
  when: kubernetes_pod_network.cni == 'weave'
  until: kubectl_version is not failed
  retries: 12
  delay: 5

- name: Configure Weave networking.
  command: "{{ item }}"
  with_items:
    - "kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version={{ kubectl_version.stdout_lines[0] }}"
  register: weave_result
  changed_when: "'created' in weave_result.stdout"
  when: kubernetes_pod_network.cni == 'weave'

# TODO: Check if taint exists with something like `kubectl describe nodes`
# instead of using kubernetes_init_stat.stat.exists check.
- name: Allow pods on control plane (if configured).
  command: "kubectl taint nodes --all node-role.kubernetes.io/control-plane-"
  when:
    - kubernetes_allow_pods_on_control_plane | bool
    - not kubernetes_init_stat.stat.exists