######################################
#tasks for vanilla kubernetes install#
######################################
---
- name: Get OS version name
  command: lsb_release -cs
  register: os_codename
  changed_when: false

- name: Get OS release number
  command: lsb_release -rs
  register: os_release
  changed_when: false

- name: Add an apt signing key for CRI-O
  apt_key:
    url: "{{ item }}"
    state: present
  loop:
    - 'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/Debian_{{ os_release.stdout }}/Release.key'
    - 'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_{{ os_release.stdout }}/Release.key'

- name: Add CRI-O apt repository for stable version
  apt_repository:
    repo: deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_{{ os_release.stdout }}/ /
    filename: devel:kubic:libcontainers:stable.list
    state: present
    update_cache: yes
- apt_repository:
    repo: deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ crio_version }}/Debian_{{ os_release.stdout }}/ /
    filename: devel:kubic:libcontainers:stable:cri-o:{{ crio_version }}.list
    state: present
    update_cache: yes

- name: Install CRI-O packages
  apt:
    name: "{{ packages }}"
    state: present
    update_cache: yes
    allow_unauthenticated: true
  vars:
    packages:
    - cri-o
    - cri-o-runc

- name: Enable and start CRI-O service
  ansible.builtin.systemd:
    name: crio.service
    state: started
    enabled: yes

- name: CRI-O use systemd cgroup driver
  copy:
    dest: "/etc/crio/crio.conf.d/02-cgroup-manager.conf"
    content: |
      [crio.runtime]
      conmon_cgroup = "pod"
      cgroup_manager = "systemd"

- name: Overriding the CRI-O sandbox (pause) image
  lineinfile:
    path: /etc/crio/crio.conf
    regexp: '#? ?pause_image ?= ?"registry\.k8s\.io/pause:(.+)"'
    backrefs: True
    line: pause_image = "registry.k8s.io/pause:\1"

- name: Forwarding IPv4 and letting iptables see bridged traffic
  copy:
    dest: "/etc/modules-load.d/k8s.conf"
    content: |
      overlay
      br_netfilter

- name: modprobe overlay & br-netfilter
  command:  "{{ item }}"
  loop:
    - modprobe overlay
    - modprobe br_netfilter

#sysctl params required by setup, params persist across reboots
- name: ipv4 bridge forward
  copy:
    dest: "/etc/sysctl.d/k8s.conf"
    content: |
      net.bridge.bridge-nf-call-iptables  = 1
      net.bridge.bridge-nf-call-ip6tables = 1
      net.ipv4.ip_forward                 = 1

- name: Apply sysctl params without reboot
  command:  sysctl --system


- name: Import Kubernetes GPG key
  raw: "curl -fsSL https://pkgs.k8s.io/core:/stable:/v{{ kubernetesVersion.split('.')[:2] | join('.') }}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg"

- name: Add Kubernetes apt repository
  raw: "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v{{ kubernetesVersion.split('.')[:2] | join('.') }}/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list"

- name: Remove swapfile from /etc/fstab
  mount:
    name: "{{ item }}"
    fstype: swap
    state: absent
  with_items:
    - swap
    - none

- name: Disable swap
  command: swapoff -a

- name: Update apt cache
  raw: apt-get -y update
  changed_when: False

- name: Install Kubernetes binaries
  apt:
    name: "{{ packages }}"
    state: present
    update_cache: yes
  vars:
    packages:
      - "kubelet={{ kubernetesVersion }}-1.1"
      - "kubeadm={{ kubernetesVersion }}-1.1"
      - "kubectl={{ kubernetesVersion }}-1.1"

- name: Add kubectl completion bash
  lineinfile:
    path: ~/.bashrc
    line: source <(kubectl completion bash)