- name: Dashboard setup
  block:
  - name: Include file list
    include_vars: "dashboard-files.yaml"

  - name: namespace
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      definition:
        api_version: v1
        kind: Namespace
        metadata:
          name: kubernetes-dashboard
          labels:
            namespace: 'kubernetes-dashboard'
  - name: dashboard install
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('file', item) | from_yaml }}"
    with_items:
      - NetworkPolicies/default-deny-ingress.yaml
      - NetworkPolicies/allow-from-namespace.yaml
      - traefik/dashboard-traefik-auth-sa.yaml
      - traefik/dashboard-traefik-auth-crb.yaml
      - "{{ dashboard_files_list }}"
  - name: get the dashboard-token secret name
    command: kubectl --context {{ my_context }} get sa kubernetes-dashboard-traefik -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}'
    register: secret_name

  - name: get the sa token
    command: kubectl --context {{ my_context }} get secret -n kubernetes-dashboard {{ secret_name.stdout }} -o jsonpath='{.data.token}'
    register: token_value

  - name: write the token to traefik v2 middleware
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      definition:
        apiVersion: traefik.containo.us/v1alpha1
        kind: Middleware
        metadata:
          name: kubernetes-dashboard-auth
          namespace: kubernetes-dashboard
        spec:
          headers:
            customRequestHeaders:
                Authorization: "Bearer {{ token_value.stdout | b64decode }}"
    when:
      - traefik_version is defined
      - traefik_version | regex_search('(^2.)')

  - name: ingress dashboard install
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
      - dashboard-ingress.yaml