#SPDX-License-Identifier: MIT-0
---
# tasks/main.yml

## shell used as workaround cause get.helm.sh is down atm
- name: Add helm key
  shell: |
    curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
  args:
    creates: /usr/share/keyrings/helm.gpg

- name: Add helm repo
  lineinfile:
    path: /etc/apt/sources.list.d/helm-stable-debian.list
    line: "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main"
    create: yes

- name: Update apt repository
  apt:
    update_cache: yes

- name: Install required packages
  apt:
    name:
      - curl
      - wget
      - apt-transport-https
      - ca-certificates
      - pip
      - gpg
      - helm
    state: present

- name: Install python kubernetes module
  ansible.builtin.pip:
    break_system_packages: yes
    name: kubernetes

### Ubuntu workaround
#- name: Install helm
#  command: snap install --classic helm

### k3s config for Cilium CNI installation
#- name: Copy k3s.config to server
#  ansible.builtin.copy:
#    src: k3s.config
#    dest: "{{ confdir }}"/config.yaml

- name: Install k3s (disabled traefik in favour of nginx for modSecurity support)
  shell: |
    curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --disable=traefik --cluster-init" sh -s -
  args:
    executable: /bin/bash

- name: Check if k3s is running
  systemd:
    name: k3s
    state: started
    enabled: yes

- name: Get k3s version
  command: k3s --version
  register: k3s_version

- name: Show k3s version
  debug:
    msg: "K3s version: {{ k3s_version.stdout }}"

# Download kubeconfig for remote access
- name: Fetch kubconfig
  ansible.builtin.fetch:
    src: /etc/rancher/k3s/k3s.yaml
    dest: ../kubeconfig
    flat: yes