- name: Dashboard setup
  block:
    - name: namespace
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        definition:
          api_version: v1
          kind: Namespace
          metadata:
            name: kubernetes-dashboard
            labels:
              namespace: 'kubernetes-dashboard'
    - name: dashboard install
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        resource_definition: "{{ lookup('file', item) | from_yaml }}"
      with_items:
        - NetworkPolicies/default-deny-ingress.yaml
        - NetworkPolicies/allow-from-namespace.yaml
        - traefik/dashboard-traefik-auth-sa.yaml
        - traefik/dashboard-traefik-auth-crb.yaml

    - name: get the dashboard-token secret name
      ansible.builtin.command: kubectl --context {{ my_context }} get sa kubernetes-dashboard-traefik -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}'
      changed_when: false
      register: secret_name

    - name: get the sa token
      ansible.builtin.command: kubectl --context {{ my_context }} get secret -n kubernetes-dashboard {{ secret_name.stdout }} -o jsonpath='{.data.token}'
      changed_when: false
      register: token_value

    - name: write the token to traefik v2 middleware
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        definition:
          apiVersion: traefik.containo.us/v1alpha1
          kind: Middleware
          metadata:
            name: kubernetes-dashboard-auth
            namespace: kubernetes-dashboard
          spec:
            headers:
              customRequestHeaders:
                Authorization: "Bearer {{ token_value.stdout | b64decode }}"
      when:
        - traefik_version is defined
        - traefik_version | regex_search('(^2.)')

    - name: Defined Dashboard repository
      kubernetes.core.helm_repository:
        name: kubernetes-dashboard
        repo_url: "https://kubernetes.github.io/dashboard/"

    - name: Deploy latest version of Dashboard
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: kubernetes-dashboard
        chart_ref: kubernetes-dashboard/kubernetes-dashboard
        chart_version: "5.10.0"
        release_namespace: "kubernetes-dashboard"
        values:
          protocolHttp: true
          metricsScraper:
            enabled: true
          serviceAccount:
            create: false
            name: kubernetes-dashboard-traefik

    - name: ingress dashboard install
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        resource_definition: "{{ lookup('template', item) | from_yaml }}"
      with_items:
        - dashboard-ingress.yaml