---

- name: Kubernetes Apps | Check if netchecker-server manifest already exists
  stat:
    path: "{{ kube_config_dir }}/netchecker-server-deployment.yml"
  register: netchecker_server_manifest
  tags:
    - facts
    - upgrade

- name: Kubernetes Apps | Apply netchecker-server manifest to update annotations
  kube:
    name: "netchecker-server"
    namespace: "{{ netcheck_namespace }}"
    filename: "{{ netchecker_server_manifest.stat.path }}"
    kubectl: "{{bin_dir}}/kubectl"
    resource: "deploy"
    state: latest
  when: inventory_hostname == groups['kube-master'][0] and netchecker_server_manifest.stat.exists
  tags:
    - upgrade

- name: Kubernetes Apps | Netchecker Templates list
  set_fact:
    netchecker_templates:
      - {file: netchecker-ns.yml, type: ns, name: netchecker-namespace}
      - {file: netchecker-agent-sa.yml, type: sa, name: netchecker-agent}
      - {file: netchecker-agent-ds.yml, type: ds, name: netchecker-agent}
      - {file: netchecker-agent-hostnet-ds.yml, type: ds, name: netchecker-agent-hostnet}
      - {file: netchecker-server-sa.yml, type: sa, name: netchecker-server}
      - {file: netchecker-server-clusterrole.yml, type: clusterrole, name: netchecker-server}
      - {file: netchecker-server-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-server}
      - {file: netchecker-server-deployment.yml, type: deployment, name: netchecker-server}
      - {file: netchecker-server-svc.yml, type: svc, name: netchecker-service}
    netchecker_templates_for_psp:
      - {file: netchecker-agent-hostnet-psp.yml, type: podsecuritypolicy, name: netchecker-agent-hostnet-policy}
      - {file: netchecker-agent-hostnet-clusterrole.yml, type: clusterrole, name: netchecker-agent}
      - {file: netchecker-agent-hostnet-clusterrolebinding.yml, type: clusterrolebinding, name: netchecker-agent}

- name: Kubernetes Apps | Append extra templates to Netchecker Templates list for PodSecurityPolicy
  set_fact:
    netchecker_templates: "{{ netchecker_templates_for_psp + netchecker_templates}}"
  when: podsecuritypolicy_enabled

- name: Kubernetes Apps | Lay Down Netchecker Template
  template:
    src: "{{item.file}}.j2"
    dest: "{{kube_config_dir}}/{{item.file}}"
  with_items: "{{ netchecker_templates }}"
  register: manifests
  when:
    - inventory_hostname == groups['kube-master'][0]

- name: Kubernetes Apps | Purge old Netchecker server
  kube:
    name: "netchecker-server"
    namespace: "{{ netcheck_namespace }}"
    kubectl: "{{bin_dir}}/kubectl"
    resource: "po"
    state: absent
  when: inventory_hostname == groups['kube-master'][0]

- name: Kubernetes Apps | Start Netchecker Resources
  kube:
    name: "{{item.item.name}}"
    namespace: "{{netcheck_namespace}}"
    kubectl: "{{bin_dir}}/kubectl"
    resource: "{{item.item.type}}"
    filename: "{{kube_config_dir}}/{{item.item.file}}"
    state: "latest"
  with_items: "{{ manifests.results }}"
  when: inventory_hostname == groups['kube-master'][0] and not item is skipped