---
# tasks file for master
- name: Initialize K8s cluster
  shell: >
    kubeadm init
    --apiserver-advertise-address={{ master_apiserver_address }}
    --pod-network-cidr={{ master_pod_network_cidr }}
  args:
    creates: /etc/kubernetes/admin.conf

- name: Setup kubeconfig for {{ master_user }}
  shell: |
    mkdir -p /home/{{ master_user }}/.kube
    cp -i /etc/kubernetes/admin.conf /home/{{ master_user }}/.kube/config
    chown {{ master_user }}:{{ master_user }} /home/{{ master_user }}/.kube/config
  args:
    creates: "/home/{{ master_user }}/.kube/config"

- name: Wait for API server to be ready
  become: false
  shell: kubectl cluster-info
  register: api_check
  until: api_check.rc == 0
  retries: 30
  delay: 10
  changed_when: false

- name: Install Flannel CNI
  become: false
  shell: "kubectl apply -f {{ flannel_manifest_url }}"

- name: Check if metrics server is installed
  become: false
  shell: kubectl get deployment metrics-server -n kube-system -o name
  register: metrics_check
  failed_when: false
  changed_when: false

- name: Remove taint
  become: false
  shell: "kubectl taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane:NoSchedule-"
  register: taint_result
  failed_when: taint_result.rc != 0 and 'not found' not in taint_result.stderr
  changed_when: taint_result.rc == 0
  when: master_remove_taint

- name: Install metrics server
  become: false
  shell: "kubectl apply -f {{ metrics_server_manifest_url }}"
  when: metrics_check.rc != 0

- name: Check if insecure-tls flag is already set
  become: false
  shell: >
    kubectl get deployment metrics-server -n kube-system
    -o jsonpath='{.spec.template.spec.containers[0].args}'
  register: metrics_args
  changed_when: false
  when: metrics_server_insecure_tls

- name: Patch metrics server to allow insecure TLS
  become: false
  shell: >
    kubectl patch deployment metrics-server -n kube-system --type='json'
    -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'
  when:
    - metrics_server_insecure_tls
    - "'--kubelet-insecure-tls' not in metrics_args.stdout"

- name: Wait for metrics server to be ready
  become: false
  shell: kubectl get deployment metrics-server -n kube-system -o jsonpath='{.status.readyReplicas}'
  register: ready_replicas
  until: ready_replicas.stdout == "1"
  retries: "{{ metrics_server_ready_retries }}"
  delay: "{{ metrics_server_ready_delay }}"
  changed_when: false

- name: Get join command
  shell: kubeadm token create --print-join-command
  register: join_command_raw

- name: Set join command fact
  set_fact:
    join_command: "{{ join_command_raw.stdout }}"

- name: Install Helm
  shell: curl {{ install_helm }} | bash
  args:
    creates: /usr/local/bin/helm

- name: Install local-path-provisioner
  become: false
  shell: kubectl apply -f {{ local_path_provisioner_url }}

- name: Set local-path as default StorageClass
  become: false
  shell: >
    kubectl patch storageclass local-path
    -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

- name: Create argocd namespace
  become: false
  shell: kubectl create namespace argocd
  register: argocd_ns
  failed_when: argocd_ns.rc != 0 and 'already exists' not in argocd_ns.stderr
  changed_when: argocd_ns.rc == 0

- name: Install ArgoCD
  become: false
  shell: kubectl apply -n argocd -f {{ argocd_manifest_url }} --server-side

- name: Patch ArgoCD server to NodePort
  become: false
  shell: >
    kubectl patch svc argocd-server -n argocd
    -p '{"spec": {"type": "NodePort"}}'

- name: Clone Git repository
  git:
    repo: "{{ git_repo_url }}"
    dest: /home/{{ master_user }}/K8s_project
    version: main
  become: false