---
- name: prepare variables and do some sanity checks
  hosts: _kubernetes_nodes_
  gather_facts: no
  run_once: yes
  tasks:
  - name: sanity checks for kubeguard
    when: kubernetes_network_plugin == 'kubeguard'
    block:
    - name: check whether every node has a node_index assigned
      assert:
        msg: "There are nodes without an assigned node_index: {{ groups['_kubernetes_nodes_'] | difference(kubeguard.node_index.keys()) | join(', ') }}"
        that: groups['_kubernetes_nodes_'] | difference(kubeguard.node_index.keys()) | length == 0

    - name: check whether node indizes are unique
      assert:
        msg: "There are duplicate entries in the node_index table, every node_index is only allowed once"
        that: (kubeguard.node_index.keys() | length) == (kubeguard.node_index.values() | unique | length)

    - name: check whether node indizes are all > 0
      assert:
        msg: "At least one node_index is < 1 (indizes start at 1)"
        that: (kubeguard.node_index.values() | min) > 0

    - name: check whether overlay node io is configured > 0
      assert:
        msg: "For kubeguard to work you need to configure kubernetes_overlay_node_ip"
        that: kubernetes_overlay_node_ip is defined

  - name: make sure the kubernetes_cri_socket variable is configured correctly
    when: kubernetes_container_runtime == 'containerd'
    assert:
      msg: "The variable kubernetes_cri_socket is not configured correctly for use with containerd!"
      that:
      - kubernetes_cri_socket == "unix:///run/containerd/containerd.sock"

########
- name: kubernetes base installation
  hosts: _kubernetes_nodes_
  roles:
  - role: apt-repo/spreadspace
    when: kubernetes_network_plugin == 'kubeguard'
  - role: kubernetes/net/kubeguard
    when: kubernetes_network_plugin == 'kubeguard'
  - role: kubernetes/base
  - role: kubernetes/kubeadm/base

- name: configure kubernetes primary master
  hosts: _kubernetes_primary_master_
  roles:
  - role: kubernetes/kubeadm/master

- name: configure kubernetes secondary masters
  hosts: _kubernetes_masters_:!_kubernetes_primary_master_
  roles:
  - role: kubernetes/kubeadm/master

- name: configure kubernetes non-master nodes
  hosts: _kubernetes_nodes_:!_kubernetes_masters_
  roles:
  - role: kubernetes/kubeadm/node

### TODO: add node labels (ie. for ingress daeomnset)