---
- hosts: masters,workers
  become: yes
  become_method: sudo
  become_user: root
  tasks:
    - name: Add overlay modprobe module
      community.general.modprobe:
        name: overlay
        persistent: present
        state: present

    - name: Add br_netfilter module
      community.general.modprobe:
        name: br_netfilter
        persistent: present
        state: present

    - name: Set SELinux to Permissive
      ansible.posix.selinux:
        state: permissive

    - name: Set firewalld configuration | Master Nodes
      ansible.posix.firewalld:
        port: "{{ item }}"
        permanent: true
        state: enabled
      loop:
        - "6443/tcp"
        - "2379-2380/tcp"
        - "10250/tcp"
        - "10251/tcp"
        - "10259/tcp"
        - "10257/tcp"
        - "179/tcp"
        - "4789/udp"
      when: master | default(false)

    - name: Set firewalld configuration | Worker Nodes
      ansible.posix.firewalld:
        port: "{{ item }}"
        permanent: true
        state: enabled
      loop:
        - "179/tcp"
        - "10250/tcp"
        - "30000-32767/tcp"
        - "4789/udp"
      when: worker | default(false)

    - name: Create network settings configuration file
      ansible.builtin.blockinfile:
        path: "/etc/sysctl.d/99-kubernetes-cri.conf"
        block: |
          net.bridge.bridge-nf-call-iptables = 1
          net.ipv4.ip_forward = 1
          net.bridge.bridge-nf-call-ip6tables = 1
        create: true
    
    - name: Apply new sysctl settings
      ansible.builtin.shell:
        cmd: sysctl --system
      changed_when: false

    - name: Add docker repo
      ansible.builtin.shell:
        cmd: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
      changed_when: false

    - name: Install containerd
      ansible.builtin.yum:
        name: containerd.io
        state: present
      
    - name: Build default containerd config
      ansible.builtin.shell:
        cmd: set -o pipefail && mkdir -p /etc/containerd && containerd config default | tee /etc/containerd/config.toml
      changed_when: false

    - name: Restart containerd
      ansible.builtin.service:
        name: containerd
        state: restarted
        enabled: true
    
    - name: Create Kubernetes repo
      ansible.builtin.blockinfile:
        path: "/etc/yum.repos.d/kubernetes.repo"
        create: true
        block: |
          [kubernetes]
          name=Kubernetes
          baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
          enabled=1
          gpgcheck=1
          gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
          exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni

    - name: Install Kubernetes components
      ansible.builtin.yum:
        name:
          - kubelet
          - kubeadm
          - kubectl
        state: present
        disable_excludes: all

    - name: Disable running swap
      ansible.builtin.shell:
        cmd: swapoff -a
      changed_when: false

    - name: Disable swap in fstab
      ansible.builtin.shell:
        cmd: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
      changed_when: false