- name: traefik setup
  block:
  - name: namespace
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      definition:
        api_version: v1
        kind: Namespace
        metadata:
          name: traefik
          labels:
            namespace: '{{ traefik_namespace }}'

  - name: Create a Secret object for basic authentification
    k8s:
      state: present
      context: "{{ my_context }}"
      definition:
        apiVersion: v1
        kind: Secret
        metadata:
          name: basic-auth
          namespace: '{{ traefik_namespace }}'
        type: Opaque
        data:
          basic_auth: "{{ basic_auth_data | b64encode }}"
    when:
      - basic_auth|bool

  - name: Add host label for traefik deployment
    k8s:
      state: present
      context: "{{ my_context }}"
      definition:
        apiVersion: v1
        kind: Node
        metadata:
          name: "{{ item }}"
          labels:
            entrypoint: traefik
    with_items:
      - '{{ traefik_node_selector }}'
    when:
      - traefik_node_selector is defined

#  - name: Get Deployment information object
#    k8s_info:
#      context: "{{ my_context }}"
#      api_version: v1
#      kind: DaemonSet
#      name: traefik
#      namespace: '{{ traefik_namespace }}'
#      field_selectors:
#        - spec.template.spec.containers.image
#    register: traefik_actual_resources
#
#  - name: Retreive actual traefik version
#    shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq
#    register: traefik_actual_version
#
#  - name: Remove old traefik version {{ traefik_actual_version.stdout }}
#    k8s:
#      state: "absent"
#      context: "{{ my_context }}"
#      resource_definition: "{{ lookup('template', item) | from_yaml }}"
#    with_items:
#      - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout | regex_replace('[.]','_') + '_list') | reverse | list }}"
##      - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse
#    when:
#      - not traefik_actual_version.stdout == "[]"
#      - not traefik_version == traefik_actual_version.stdout
#      - traefik_actual_version.stdout is version(traefik_version, '>')

  - name: Defined traefik repository
    community.kubernetes.helm_repository:
      name: traefik
      repo_url: "https://helm.traefik.io/traefik"
    tags: traefik
  - name: Deploy latest version of Traefik
    community.kubernetes.helm:
      context: "{{ my_context }}"
      name: traefik
      chart_ref: traefik/traefik
      release_namespace: "{{ traefik_namespace }}"
      values:
        image:
          tag: "{{ traefik_version_2_3 }}"
        additionalArguments:
          - --configFile=/etc/traefik/traefik.yaml
        podSecurityPolicy:
          enabled: true
        service:
          enabled: false
        ingressRoute:
          dashboard:
            enabled: false
        ingressClass:
          enabled: true
          isDefaultClass: true
        ports:
          web:
            redirectTo: websecure
            hostPort: 80
          websecure:
            hostPort: 443
        volumes:
          - mountPath: /etc/traefik
            name: traefik-conf
            type: configMap
          - mountPath: /etc/traefik/file
            name: traefik-files
            type: configMap
          - mountPath: /etc/traefik/basic-auth
            name: basic-auth
            type: secret

  - name: Install traefik configuration
    k8s:
      state: "present"
      context: "{{ my_context }}"
      namespace: '{{ traefik_namespace }}'
#      merge_type: merge
      apply: yes
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
#      - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
      - traefik-cm.yml.j2
      - traefik-files.yml.j2
#      - traefik-sa.yml.j2
      - traefik-ingressroute.yml.j2
      - traefik-svc.yml.j2

  tags: traefik