---
- name: Download K3s install script to /tmp/
  ansible.builtin.get_url:
    url: https://get.k3s.io
    dest: /tmp/k3s_install.sh
    mode: "0755"

- name: Install K3s server with node taint and TLS SAN
  when: (ansible_default_ipv4.address == k3s_primary_server_ip)
  ansible.builtin.command: |
    /tmp/k3s_install.sh server \
    --node-taint CriticalAddonsOnly=true:NoExecute \
    --tls-san {{ hostvars['k3s-loadbalancer'].ansible_default_ipv4.address }}
    --tls-san {{ k3s_server_name }}
  become: true
  register: k3s_primary_install

- name: Install K3s on the secondary servers
  when: (ansible_default_ipv4.address != k3s_primary_server_ip)
  ansible.builtin.command: |
    /tmp/k3s_install.sh server \
    --node-taint CriticalAddonsOnly=true:NoExecute \
    --tls-san {{ k3s.loadbalancer.ip }}
  environment:
    K3S_TOKEN: "{{ k3s_token }}"
  become: true