no-secrets-athq-ansible/roles/kubernetes-base/tasks/cluster_setup.yaml

- name: include services ports
  include_vars: kubernetes.yaml

- name: Configure K8S Master Block
  block:
  - name: Initialise the Kubernetes cluster using kubeadm
    become: true
    command: kubeadm init --apiserver-advertise-address={{ ansible_default_ipv4.address }} --pod-network-cidr={{ k8s_pod_network }}
    args:
      creates: "{{ k8s_admin_config }}"

  - name: Wait for apiserver to become ready
    wait_for:
      port: 6443
      sleep: 10

  - name: Setup kubeconfig for {{ k8s_user }} user
    file:
      path: "{{ k8s_user_home }}/.kube"
      state: directory
      owner: "{{ k8s_user }}"
      group: "{{ k8s_user }}"
      mode: "0750"
  
  - name: Copy {{ k8s_admin_config }}
    become: true
    copy:
      src: "{{ k8s_admin_config }}"
      dest: "{{ k8s_user_home }}/.kube/config"
      owner: "{{ k8s_user }}"
      group: "{{ k8s_user }}"
      mode: "0640"
      remote_src: yes
  
              #  - name: Copy {{ calico_rbac_config }}
              #    copy:
              #      src: "{{ calico_rbac_config }}"
              #      dest: "{{ k8s_user_home }}/{{ calico_rbac_config }}"
              #      owner: "{{ k8s_user }}"
              #      group: "{{ k8s_user }}"
              #      mode: "0640"
              #  
              #  - name: Copy {{ calico_net_url }}
              #    copy:
              #      src: "{{ calico_net_config }}"
              #      dest: "{{ k8s_user_home }}/{{ calico_net_config }}"
              #      owner: "{{ k8s_user }}"
              #      group: "{{ k8s_user }}"
              #      mode: "0640"     
              #
              #  - name: Set CALICO_IPV4POOL_CIDR to {{ k8s_pod_network }}
              #    replace:
              #      path: "{{ k8s_user_home }}/{{ calico_net_config }}"
              #      regexp: "192.168.0.0/16"
              #      replace: "{{ k8s_pod_network }}"
  
  - name: Download Dashboard
    get_url:
      url: "{{ dashboard_url }}"
      dest: "{{ k8s_user_home }}/{{ dashboard_config }}"
      owner: "{{ k8s_user }}"
      group: "{{ k8s_user }}"
      mode: "0640"     
  
              #  - name: Install calico pod network {{ calico_rbac_config }}
              #    remote_user: false
              #    remote_user: "{{ k8s_user }}"
              #    command: kubectl apply -f "{{ k8s_user_home }}/{{ calico_rbac_config }}"
              #  
              #  - name: Install calico pod network {{ calico_net_config }}
              #    become: false
              #    remote_user: "{{ k8s_user }}"
              #    command: kubectl apply -f "{{ k8s_user_home }}/{{ calico_net_config }}"
  
  - name: Install K8S dashboard {{ dashboard_config }}
    become: false
    remote_user: "{{ k8s_user }}"
    command: kubectl apply -f "{{ k8s_user_home }}/{{ dashboard_config }}"
  
  - name: Create service account
    become: false
    remote_user: "{{ k8s_user }}"
    command: kubectl create serviceaccount dashboard -n default
    ignore_errors: yes
  
  - name: Create cluster role binding dashboard-admin
    remote_user: "{{ k8s_user }}"
    become: false
    command: kubectl create clusterrolebinding dashboard-admin -n default --clusterrole=cluster-admin --serviceaccount=default:dashboard
    ignore_errors: yes
  
  - name: Create {{ k8s_dashboard_adminuser_config }} for service account
    copy:
      src: "files/{{ k8s_dashboard_adminuser_config }}"
      dest: "{{ k8s_user_home }}/{{ k8s_dashboard_adminuser_config }}"
      owner: "{{ k8s_user }}"
      group: "{{ k8s_user }}"
      mode: "0640"
  
  - name: Create service account
    become: false
    remote_user: "{{ k8s_user }}"
    command: kubectl apply -f "{{ k8s_user_home }}/{{ k8s_dashboard_adminuser_config }}"
    ignore_errors: yes
  
  - name: Create cluster role binding cluster-system-anonymous
    become: false
    remote_user: "{{ k8s_user }}"
    command: kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
    ignore_errors: yes
  
  - name: Test K8S dashboard and wait for HTTP 200
    uri:
      url: "{{ k8s_dashboard_url }}"
      status_code: 200
      validate_certs: no
    ignore_errors: yes
    register: result_k8s_dashboard_page
    retries: 10
    delay: 6
    until: result_k8s_dashboard_page is succeeded

  - name: K8S dashboard URL
    debug:
      var: k8s_dashboard_url
  
  - name: Generate join command
    command: kubeadm token create --print-join-command
    register: join_command
  
  - name: Copy join command to local file
    become: false
    remote_user: "{{ k8s_user }}"
    copy:
        content: "{{ join_command.stdout_lines[0] }}"
        dest: "{{ k8s_token_file }}"
    delegate_to: localhost
  when: is_k8s_master is defined and is_k8s_master

- name: Configure K8S Node Block
  block:
  - name: Copy {{ k8s_token_file }} to server location
    copy: 
      src: "{{ k8s_token_file }}"
      dest: "{{ k8s_user_home }}/{{ k8s_token_file }}.sh"
      owner: "{{ k8s_user }}"
      group: "{{ k8s_user }}"
      mode: "0750"

  - name: Join the node to cluster unless file {{ k8s_kubelet_config }} exists
    become: true
    command: sh "{{ k8s_user_home }}/{{ k8s_token_file }}.sh"
    args:
      creates: "{{ k8s_kubelet_config }}"
  when: is_k8s_node is defined and is_k8s_node