---
#- name: Add kubernetes repository
#  yumrepo:
#    name: kubernetes
#    description: "Kubernetes Repository"
#    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-$releasever-x86_64
#    gpgcheck: yes
#    enabled: yes
#    gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg
#    state: present

#- name: Add Official kubernetes's repo
#  template:
#    src: "etc/yum.repos.d/kubernetes.repo.j2"
#    dest: "/etc/yum.repos.d/kubernetes.repo"
#    group: root
#    owner: root
#    mode: 0644
#  when:
#    - not ansible_machine == "armv7l"
#    - not ansible_machine == "armv6l"
#    - kubernetes_cri != "k3s"

- name: Add Official kubernetes's repo
  yum_repository:
    name: kubernetes
    description: Kubernetes
    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
    enabled: true
    gpgcheck: true
    repo_gpgcheck: true
    gpgkey: https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    exclude: kubelet kubeadm kubectl
  become: true
  when:
    - not ansible_machine == "armv7l"
    - not ansible_machine == "armv6l"
    - kubernetes_cri != "k3s"

#- name: redhat | Installing K8s Packages
#  package:
#    name:
#      - kubectl
#      - kubelet
#      - kubeadm
#      - iproute-tc
#      - ipvsadm
#    state: present
#    disable_excludes: kubernetes
#  become: true
#  register: result
#  until: result is successful

- name: Register kubernetes firewalld service
  template:
    src: "etc/firewalld/services/kubernetes.xml.j2"
    dest: "/etc/firewalld/services/kubernetes.xml"
    group: root
    owner: root
    mode: 0644
  register: need_firewalld_reload
  when:
    - kubernetes_server|bool

- name: Reload firewalld configuration
  service:
    name: firewalld
    state: reloaded
    enabled: yes
  when:
    - kubernetes_server|bool
    - need_firewalld_reload is changed

#- name: reload firewalld to refresh service list
#  command: firewall-cmd --reload
#  when:
#    - need_firewalld_reload is changed
#    - kubernetes_server|bool

# Définir interface
- name: Open Firewalld
  firewalld:
    zone: external
    service: kubernetes
    permanent: true
    state: enabled
    immediate: true
  when:
#    - need_firewall|bool
#    - firewall_name == "firewalld"
    - kubernetes_server|bool

#- name: Create kubernetes firewalld zone
#  firewalld:
#    zone: kubernetes
#    permanent: true
#    state: present
#  when:
#    - kubernetes_server|bool
- name: Add kubernetes networks to trusted firewalld zone
  firewalld:
#    zone: kubernetes
    zone: trusted
    permanent: true
    state: enabled
    source: "{{ item }}"
  when:
    - kubernetes_server|bool
  with_items:
    - "{{ kubernetes_pods_network }}"
    - "10.96.0.0/12"

- name: Install kubernetes tools
  dnf:
    name: "{{ kubernetes_package_name }}"
    enablerepo: "kubernetes"
    state: present
    update_cache: yes
    disable_excludes: kubernetes
#  notify: Restart kubelet
  when:
    - ansible_pkg_mgr == "dnf"
    - (not kubernetes_server|bool) or ( kubernetes_server|bool and kubernetes_cri != "k3s")

- name: Install kubernetes tools
  yum:
    name: "{{ kubernetes_package_name }}"
    enablerepo: "kubernetes"
    state: present
    update_cache: yes
#  notify: Restart kubelet
  when:
    - ansible_pkg_mgr == "yum"
    - (not kubernetes_server|bool) or ( kubernetes_server|bool and kubernetes_cri != "k3s")