resource "null_resource" "kubeadm_token" {
  depends_on = [libvirt_domain.master]  # or whatever your master resource is

  provisioner "remote-exec" {
    inline = [
      "until sudo kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes; do sleep 5; done",
      "sudo kubeadm token create --print-join-command > /tmp/join-command.txt"
    ]

    connection {
      type        = "ssh"
      host        = local.master_ip
      user        = "ubuntu"
      private_key = file("~/.ssh/id_rsa")
      timeout     = "10m"  # connection timeout
    }
  }

  provisioner "local-exec" {
    command = "scp -o StrictHostKeyChecking=no ubuntu@${local.master_ip}:/tmp/join-command.txt ./join-command.txt"
  }
}

data "local_file" "join_command" {
  depends_on = [null_resource.kubeadm_token]
  filename   = "./join-command.txt"
}

# get kubeconfig and store it locally
resource "null_resource" "kubeconfig" {

  provisioner "remote-exec" {
    inline = [
      "until sudo ls -la /etc/kubernetes/admin.conf; do sleep 5; done",
      "sudo cp /etc/kubernetes/admin.conf /tmp/admin.conf",
      "sudo chown $(id -u):$(id -g) /tmp/admin.conf",
      # Rewrite server address from localhost/internal to accessible IP
      "sudo sed -i 's|server: https://.*:6443|server: https://${local.master_ip}:6443|' /tmp/admin.conf"
    ]

    connection {
      type        = "ssh"
      host        = local.master_ip
      user        = "ubuntu"
      private_key = file("~/.ssh/id_rsa")
    }
  }

  provisioner "local-exec" {
    command = "scp -o StrictHostKeyChecking=no ubuntu@${local.master_ip}:/tmp/admin.conf ./kubeconfig"
  }
}


locals {
  # parse: kubeadm join 192.168.1.10:6443 --token xxx --discovery-token-ca-cert-hash sha256:yyy
  join_command = trimspace(data.local_file.join_command.content)
}