- name: traefik setup
  block:
  - name: namespace
    k8s:
      state: present
      context: "{{ my_context }}"
      merge_type: merge
      definition:
        api_version: v1
        kind: Namespace
        metadata:
          name: traefik
          labels:
            namespace: traefik

  - name: Create a Secret object for basic authentification
    k8s:
      state: present
      context: "{{ my_context }}"
      definition:
        apiVersion: v1
        kind: Secret
        metadata:
          name: basic-auth
          namespace: traefik
        type: Opaque
        data:
          basic_auth: "{{ basic_auth_data | b64encode }}"
    when:
      - basic_auth|bool

  - name: Add host label for traefik deployment
    k8s:
      state: present
      context: "{{ my_context }}"
      definition:
        apiVersion: v1
        kind: Node
        metadata:
          name: "{{ item }}"
          labels:
            entrypoint: traefik
    with_items:
      - '{{ traefik_node_selector }}'
    when:
      - traefik_node_selector is defined

  - name: Get Deployment information object
    k8s_info:
      context: "{{ my_context }}"
      api_version: v1
      kind: Deployment
      name: traefik
      namespace: traefik
      field_selectors:
        - spec.template.spec.containers.image
    register: traefik_actual_resources

  - name: Retreive actual traefik version
    shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq
    register: traefik_actual_version

  - name: Remove old traefik version {{ traefik_actual_version.stdout }}
    k8s:
      state: "absent"
      context: "{{ my_context }}"
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
      - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout + '_list') | reverse | list }}"
#      - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse
    when:
      - not traefik_actual_version.stdout == "[]"
      - not traefik_version == traefik_actual_version.stdout

  - name: Install traefik version {{ traefik_version }}
    k8s:
      state: "present"
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
      - "{{ lookup('vars', 'traefik_' + traefik_version + '_list') }}"

  - name: Define state of ipwhitelist middleware to present
    set_fact:
      traefik_ipwhitelist_state: present
    when:
      - traefik_version | regex_search('(^2.)')
      - ingress_whitelist is defined
  - name: Define state of ipwhitelist middleware to absent
    set_fact:
      traefik_ipwhitelist_state: absent
    when:
      - not ingress_whitelist is defined or traefik_ipwhitelist_state is not defined
  - name: IP white list need to be {{ traefik_ipwhitelist_state }}
    k8s:
      state: "{{ traefik_ipwhitelist_state }}"
      context: "{{ my_context }}"
      merge_type: merge
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
      - traefik-middleware-ipwhitelist.yml.j2

  tags: traefik