---
# Copyright 2019 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

dependencies:
  - role: creategroup
    _name: kube
    _gid: "{{ caas.uid.kube }}"
    become: true
    become_user: "root"

  - role: createuser
    _name: kube
    _group: kube
    _groups: ''
    _shell: /sbin/nologin
    _home: /
    _uid: "{{ caas.uid.kube }}"
    become: true
    become_user: "root"

  # apiserver cert
  - role: cert
    instance: "apiserver{{ nodeindex }}"
    cert_path: /etc/kubernetes/ssl
    common_name: "system:apiserver"
    alt_names:
      dns:
        - "{{ caas.apiserver_service_name}}"
        - "{{ caas.apiserver_in_hosts }}"
      ip:
        - "{{ ansible_host }}"
        - "{{ caas.apiserver_svc_ip }}"
    add_users:
      - kube
    become: true
    become_user: "root"
  # kube-controller-manager cert
  - role: cert
    instance: "kube-controller-manager{{ nodeindex }}"
    cert_path: /etc/kubernetes/ssl
    common_name: "system:kube-controller-manager"
    org_name: "system:masters"
    alt_names:
      ip:
        - "{{ ansible_host }}"
    add_users:
      - kube
    kube_conf:
      - path: "/etc/kubernetes/kubeconfig/cmc.yml"
        apiserver: "{{ caas.apiserver_svc_ip }}"
        apiserver_port: "{{ caas.apiserver_svc_port }}"
    become: true
    become_user: "root"
  # scheduler cert
  - role: cert
    instance: "kube-scheduler{{ nodeindex }}"
    cert_path: /etc/kubernetes/ssl
    common_name: "system:kube-scheduler"
    alt_names:
      ip:
        - "{{ ansible_host }}"
    add_users:
      - kube
    kube_conf:
      - path: "/etc/kubernetes/kubeconfig/schedulerc.yml"
        apiserver: "{{ caas.apiserver_svc_ip }}"
        apiserver_port: "{{ caas.apiserver_svc_port }}"
    become: true
    become_user: "root"

  - role: cert
    instance: "metrics"
    cert_name: "metrics.crt"
    key_name: "metrics.key"
    common_name: "metrics"
    cert_path: /etc/kubernetes/ssl
    alt_names:
      dns:
        - custom-metrics-apiserver.kube-system.svc.nokia.net
    add_users:
      - kube
    become: true
    become_user: "root"

  - role: docker_image_load
    images:
      - hyperkube