- name: traefik setup
  block:
    - name: namespace
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        merge_type: merge
        definition:
          api_version: v1
          kind: Namespace
          metadata:
            name: '{{ traefik_namespace }}'
            labels:
              namespace: '{{ traefik_namespace }}'

    - name: Create a Secret object for basic authentification
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        namespace: '{{ traefik_namespace }}'
        definition:
          apiVersion: v1
          kind: Secret
          metadata:
            name: basic-auth
          type: Opaque
          data:
            basic_auth: "{{ basic_auth_data | b64encode }}"
      when:
        - basic_auth|bool

    - name: Add host label for traefik deployment
      kubernetes.core.k8s:
        state: present
        context: "{{ my_context }}"
        definition:
          apiVersion: v1
          kind: Node
          metadata:
            name: "{{ item }}"
            labels:
              entrypoint: traefik
      with_items:
        - '{{ traefik_node_selector }}'
      when:
        - traefik_node_selector is defined

    - name: Deploy latest version of CrowdSec Traefik bouncer
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: crowdsec-traefik-bouncer
        release_namespace: "{{ traefik_namespace }}"
        create_namespace: true
        chart_ref: crowdsec/crowdsec-traefik-bouncer
        chart_version: "{{ crowdsec_traefik_bouncer_chart_version }}"
        values:
          bouncer:
            crowdsec_bouncer_api_key: "{{ traefik_crowdsec_bouncer_apikey }}"
            crowdsec_agent_host: "crowdsec-service.{{ crowdsec_namespace }}.svc.cluster.local:8080"
          replicaCount: 1
          podSecurityContext:
            fsGroup: 2000
          securityContext:
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
      when:
        - traefik_crowdsec_bouncer_apikey is defined

#    - name: Get Deployment information object
#      kubernetes.core.k8s_info:
#        context: "{{ my_context }}"
#        api_version: v1
#        kind: DaemonSet
#        name: traefik
#        namespace: '{{ traefik_namespace }}'
#        field_selectors:
#          - spec.template.spec.containers.image
#      register: traefik_actual_resources
# 
#    - name: Retreive actual traefik version
#      ansible.builtin.shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq
#      register: traefik_actual_version
# 
#    - name: Remove old traefik version {{ traefik_actual_version.stdout }}
#      kubernetes.core.k8s:
#        state: "absent"
#        context: "{{ my_context }}"
#        resource_definition: "{{ lookup('template', item) | from_yaml }}"
#      with_items:
#        - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout | regex_replace('[.]','_') + '_list') | reverse | list }}"
##        - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse
#      when:
#        - not traefik_actual_version.stdout == "[]"
#        - not traefik_version == traefik_actual_version.stdout
#        - traefik_actual_version.stdout is version(traefik_version, '>')

    - name: Defined traefik repository
      kubernetes.core.helm_repository:
        name: traefik
        repo_url: "https://helm.traefik.io/traefik"
    - name: Deploy latest version of Traefik
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: traefik
        chart_ref: traefik/traefik
        release_namespace: "{{ traefik_namespace }}"
        values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}"

    - name: Install traefik configuration
      kubernetes.core.k8s:
        state: "present"
        context: "{{ my_context }}"
        namespace: '{{ traefik_namespace }}'
#        merge_type: merge
        apply: true
        resource_definition: "{{ lookup('template', item) | from_yaml }}"
      with_items:
#        - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
        - traefik-certificate.yml.j2
        - traefik-cm.yml.j2
        - traefik-files.yml.j2
#        - traefik-sa.yml.j2
        - traefik-ingressroute.yml.j2
#        - traefik-svc.yml.j2
#        - traefik-defaultbackend.yml.j2

    - name: Install traefik plugin's
      kubernetes.core.k8s:
        state: "present"
        context: "{{ my_context }}"
        namespace: '{{ traefik_namespace }}'
#        merge_type: merge
        apply: true
        resource_definition: "{{ lookup('template', item) | from_yaml_all }}"
      with_items:
        - traefik-ondemand-plugin.yml.j2
      when:
        - traefik_ondemand is defined

    - name: Defined traefik-hub repository
      kubernetes.core.helm_repository:
        name: traefik-hub
        repo_url: "https://helm.traefik.io/hub"
      when:
        - traefik_hub_token is defined
    - name: Deploy latest version of Traefik-hub
      kubernetes.core.helm:
        context: "{{ my_context }}"
        name: hub-agent
        chart_ref: traefik-hub/hub-agent
        release_namespace: "{{ traefik_namespace }}"
        values:
          token: "{{ traefik_hub_token }}"
      when:
        - traefik_hub_token is defined

  tags: traefik