---
- name: Check AppArmor status
  command: which apparmor_parser
  register: apparmor_status
  failed_when: false
  changed_when: apparmor_status.rc != 0

- name: Set apparmor_enabled
  set_fact:
    apparmor_enabled: "{{ apparmor_status.rc == 0 }}"

- name: Render templates for PodSecurityPolicy
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
    mode: 0640
  register: psp_manifests
  with_items:
    - {file: psp.yml, type: psp, name: psp}
    - {file: psp-cr.yml, type: clusterrole, name: psp-cr}
    - {file: psp-crb.yml, type: rolebinding, name: psp-crb}

- name: Add policies, roles, bindings for PodSecurityPolicy
  kube:
    name: "{{ item.item.name }}"
    kubectl: "{{ bin_dir }}/kubectl"
    resource: "{{ item.item.type }}"
    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
    state: "latest"
  register: result
  until: result is succeeded
  retries: 10
  delay: 6
  with_items: "{{ psp_manifests.results }}"
  environment:
    KUBECONFIG: "{{ kube_config_dir }}/admin.conf"
  loop_control:
    label: "{{ item.item.file }}"