- name: Install kubernetes
  become: true
  hosts: incus-k8s-nodes
  tasks:
    - name: Disable SELinux
      ansible.posix.selinux:
        state: disabled

    - name: Install nfs-utils
      ansible.builtin.dnf:
        name: nfs-utils
        state: present
        update_cache: true

    - name: Check if firewalld is installed
      ansible.builtin.command:
        cmd: rpm -q firewalld
      failed_when: false
      changed_when: false
      register: firewalld_check

    - name: Disable firewall
      ansible.builtin.systemd_service:
        name: firewalld
        state: stopped
        enabled: false
        masked: true
      when: firewalld_check.rc == 0

    - name: Install iptables and iproute-tc
      ansible.builtin.dnf:
        name: "{{ item }}"
        state: present
        update_cache: true
      loop:
        - iptables
        - iproute-tc

    - name: Configure network
      block:
        - name: Configure kernel modules
          ansible.builtin.copy:
            src: files/etc_modules-load.d_k8s.conf
            dest: /etc/modules-load.d/k8s.conf
            owner: root
            group: root
            mode: "0644"

        - name: Enable overlay and br_netfilter module
          community.general.modprobe:
            name: "{{ item }}"
            state: present
          loop:
            - overlay
            - br_netfilter

        - name: Configure sysctl
          ansible.posix.sysctl:
            name: "{{ item.key }}"
            value: "{{ item.value }}"
            state: present
            reload: true
          loop:
            - { key: net.bridge.bridge-nf-call-iptables, value: 1 }
            - { key: net.bridge.bridge-nf-call-ip6tables, value: 1 }
            - { key: net.ipv4.ip_forward, value: 1 }

    - name: Install kubernetes
      ansible.builtin.dnf:
        name: "{{ item }}"
        state: present
      loop:
        - cri-o1.34
        - kubernetes1.34
        - kubernetes1.34-kubeadm
        - kubernetes1.34-client

    - name: Start and enable cri-o
      ansible.builtin.systemd_service:
        name: crio
        state: started
        enabled: true

    - name: Start and enable kubelet
      ansible.builtin.systemd_service:
        name: kubelet
        state: started
        enabled: true

    - name: Check if kubeadm_init_result.txt exists on kube-main
      when: inventory_hostname == "kube-main"
      ansible.builtin.stat:
        path: /root/kubeadm_init_result.txt
      register: kubeadm_init_file_check
      failed_when: false

      #  --token=xn6uig.fkf8debm23p79wwv

    - name: Run init command
      when: inventory_hostname == "kube-main" and kubeadm_init_file_check.stat.exists == false
      ansible.builtin.shell:
        cmd: "kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/crio/crio.sock > /root/kubeadm_init_result.txt"
      register: kubeadm_init_result
      changed_when: kubeadm_init_result.rc == 0
      failed_when: kubeadm_init_result.rc != 0

    - name: AFTER INIT -- Check if kubeadm_init_result.txt exists on kube-main
      when: inventory_hostname == "kube-main"
      ansible.builtin.stat:
        path: /root/kubeadm_init_result.txt
      register: kubeadm_init_file_check

    - name: Read init result file content
      when: inventory_hostname == "kube-main" and kubeadm_init_file_check.stat.exists == true
      ansible.builtin.command:
        cmd: cat /root/kubeadm_init_result.txt
      register: kubeadm_init_file_content

    - name: Retrieve kubeadm_init_file_content for other tasks
      ansible.builtin.set_fact:
        kubeadm_init_file_content: "{{ kubeadm_init_file_content }}"
      run_once: true
      delegate_to: localhost

    - name: Set join command from file content
      ansible.builtin.set_fact:
        join_command: >-
          {{
            (kubeadm_init_file_content.stdout_lines[-2] +
             kubeadm_init_file_content.stdout_lines[-1])
             | to_json()
             | replace("\\", '')
             | replace("\t", '')
             | replace('"', '')
          }}

    - name: Display join command on worker nodes
      when: inventory_hostname in ["kube-worker1", "kube-worker2"]
      ansible.builtin.debug:
        var: join_command

    - name: Check if kubeadm join was already runned
      when: inventory_hostname in ["kube-worker1", "kube-worker2"]
      ansible.builtin.stat:
        path: /var/log/kubeadm_join.log
      register: kubeadm_join_file_check

    - name: Join worker nodes to the cluster
      when: inventory_hostname in ["kube-worker1", "kube-worker2"] and kubeadm_join_file_check.stat.exists == false
      ansible.builtin.command:
        cmd: "{{ join_command }} >> /var/log/kubeadm_join.log"
      register: kubeadm_join_result
      changed_when: kubeadm_join_result.rc == 0
      failed_when: kubeadm_join_result.rc != 0

    - name: Create .kube directory on localhost
      ansible.builtin.file:
        path: ~/.kube
        state: directory
        mode: "0755"

    - name: Fetch admin.conf from kube-main
      when: inventory_hostname == "kube-main"
      ansible.builtin.fetch:
        src: /etc/kubernetes/admin.conf
        dest: ~/.kube/config
        flat: true