---
- name: Slurp original k3s.yaml from primary K3s server
  ansible.builtin.slurp:
    src: /etc/rancher/k3s/k3s.yaml
  register: original_k3s_kubeconfig_slurp
  become: true

- name: Parse original k3s.yaml content to extract cert data
  ansible.builtin.set_fact:
    original_parsed_k3s_kubeconfig: "{{ original_k3s_kubeconfig_slurp.content | b64decode | from_yaml }}"
  delegate_to: localhost
  run_once: true

- name: Set facts for certificate and key data needed by the template
  ansible.builtin.set_fact:
    k3s_server_ca_data: "{{ original_parsed_k3s_kubeconfig.clusters[0].cluster['certificate-authority-data'] }}"
    k3s_client_cert_data: "{{ original_parsed_k3s_kubeconfig.users[0].user['client-certificate-data'] }}"
    k3s_client_key_data: "{{ original_parsed_k3s_kubeconfig.users[0].user['client-key-data'] }}"
  delegate_to: localhost
  run_once: true

- name: Decode and save K3s Server CA certificate
  ansible.builtin.copy:
    content: "{{ k3s_server_ca_data | b64decode }}"
    dest: "/tmp/k3s-ca.crt"
    mode: "0644"
  delegate_to: localhost
  become: false

- name: Decode and save K3s Client certificate
  ansible.builtin.copy:
    content: "{{ k3s_client_cert_data | b64decode }}"
    dest: "/tmp/k3s-client.crt"
    mode: "0644"
  delegate_to: localhost
  become: false

- name: Decode and save K3s Client key
  ansible.builtin.copy:
    content: "{{ k3s_client_key_data | b64decode }}"
    dest: "/tmp/k3s-client.key"
    mode: "0600"
  delegate_to: localhost
  become: false

- name: Add K3s cluster to kubeconfig
  ansible.builtin.command: >
    kubectl config set-cluster "{{ k3s_cluster_name }}"
    --server="https://{{ k3s_server_name }}:6443"
    --certificate-authority=/tmp/k3s-ca.crt
    --embed-certs=true
  environment:
    KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config"
  delegate_to: localhost
  become: false

- name: Add K3s user credentials to kubeconfig
  ansible.builtin.command: >
    kubectl config set-credentials "{{ k3s_user_name }}"
    --client-certificate=/tmp/k3s-client.crt
    --client-key=/tmp/k3s-client.key
    --embed-certs=true
  environment:
    KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config"
  delegate_to: localhost
  become: false

- name: Add K3s context to kubeconfig
  ansible.builtin.command: >
    kubectl config set-context "{{ k3s_context_name }}"
    --cluster="{{ k3s_cluster_name }}"
    --user="{{ k3s_user_name }}"
  environment:
    KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config"
  delegate_to: localhost
  become: false

- name: Clean up temporary certificate and key files
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - "/tmp/k3s-ca.crt"
    - "/tmp/k3s-client.crt"
    - "/tmp/k3s-client.key"
  delegate_to: localhost
  become: false