---
# Install K3s as a single-node Kubernetes cluster.
# This role is intentionally minimal: it installs K3s, waits for the API,
# and makes kubectl + the kubeconfig usable for the downstream ess-pro role.

- name: Check whether K3s is already installed
  ansible.builtin.stat:
    path: /usr/local/bin/k3s
  register: k3s_binary

- name: Ensure curl is installed
  ansible.builtin.apt:
    name: curl
    state: present
    update_cache: true
  when: not k3s_binary.stat.exists

- name: Download K3s install script
  ansible.builtin.get_url:
    url: "{{ k3s_install_script_url }}"
    dest: /tmp/k3s-install.sh
    mode: "0755"
  when: not k3s_binary.stat.exists

- name: Build INSTALL_K3S_EXEC string
  ansible.builtin.set_fact:
    k3s_exec_args: >-
      {{
        (['--write-kubeconfig-mode=' ~ k3s_write_kubeconfig_mode]
          + (k3s_disable_components | map('regex_replace', '^(.*)$', '--disable=\\1') | list)
          + ['--cluster-cidr=' ~ k3s_cluster_cidr,
             '--service-cidr=' ~ k3s_service_cidr]
          + k3s_extra_args) | join(' ')
      }}

- name: Install K3s
  ansible.builtin.command:
    cmd: /tmp/k3s-install.sh
  environment:
    INSTALL_K3S_VERSION: "{{ k3s_version }}"
    INSTALL_K3S_CHANNEL: "{{ k3s_channel }}"
    INSTALL_K3S_EXEC: "{{ k3s_exec_args }}"
  args:
    creates: /usr/local/bin/k3s
  notify: Restart k3s

- name: Ensure k3s service is started and enabled
  ansible.builtin.systemd:
    name: k3s
    state: started
    enabled: true

- name: Wait for kubeconfig to appear
  ansible.builtin.wait_for:
    path: /etc/rancher/k3s/k3s.yaml
    state: present
    timeout: 60

- name: Wait for Kubernetes API to respond
  ansible.builtin.command: kubectl --kubeconfig /etc/rancher/k3s/k3s.yaml get --raw=/readyz
  register: k3s_ready
  retries: 30
  delay: 5
  until: k3s_ready.rc == 0
  changed_when: false

- name: Create symlink for kubectl
  ansible.builtin.file:
    src: /usr/local/bin/k3s
    dest: /usr/local/bin/kubectl
    state: link
    force: false
  failed_when: false

- name: Ensure ~/.kube exists for root
  ansible.builtin.file:
    path: /root/.kube
    state: directory
    mode: "0700"

- name: Provide kubeconfig at /root/.kube/config
  ansible.builtin.copy:
    src: /etc/rancher/k3s/k3s.yaml
    dest: /root/.kube/config
    remote_src: true
    mode: "0600"