- name: Setup container registry
  hosts: "{{ target_host }}"

  environment:
    PATH: "{{ ansible_env.PATH }}:/home/{{ansible_user}}/bin"

  vars_files:
    - vars/k8s-vars.yml
    - vars/container-vars.yml
    - vars/dns-vars.yml

  tasks:
    - name: Generate spec file for the container-registry stack
      template:
        src: "./templates/specs/container-registry.spec.j2"
        dest: "{{ansible_env.HOME}}/container-registry.spec"

    - name: Create a deployment for the container-registry stack
      command: laconic-so --stack container-registry deploy create --deployment-dir container-registry --spec-file container-registry.spec

    - name: Base64 encode the container registry credentials
      set_fact:
        b64_encoded_cred: "{{ (container_registry_username + ':' + container_registry_password) | b64encode }}"

    - name: Encrypt the container registry credentials to create an htpasswd file
      command: >
        htpasswd -bB -c container-registry/configmaps/config/htpasswd
        {{ container_registry_username }} {{ container_registry_password }}
      register: htpasswd_file

    - name: Read the htpasswd file
      slurp:
        src: "container-registry/configmaps/config/htpasswd"
      register: htpasswd_file_content

    - name: Extract the hashed password (after the colon)
      set_fact:
        hashed_password: "{{ (htpasswd_file_content.content | b64decode).split(':')[1] | trim }}"

    - name: Create container-registry/my_password.json file
      template:
        src: "./templates/my_password.json.j2"
        dest: "container-registry/my_password.json"

    - name: Configure the file container-registry/config.env
      copy:
        dest: "container-registry/config.env"
        content: |
          REGISTRY_AUTH=htpasswd
          REGISTRY_AUTH_HTPASSWD_REALM="{{org_id}} Service Provider Image Registry"
          REGISTRY_AUTH_HTPASSWD_PATH="/config/htpasswd"
          REGISTRY_HTTP_SECRET='{{ hashed_password }}'

    - name: Set KUBECONFIG environment variable
      set_fact:
        kubeconfig_path: "{{ ansible_env.HOME }}/.kube/config-default.yaml"

    - name: Add the container registry credentials as a secret available to the cluster
      command: >
        kubectl create secret generic laconic-registry
        --from-file=.dockerconfigjson=container-registry/my_password.json
        --type=kubernetes.io/dockerconfigjson
      environment:
        KUBECONFIG: "{{ kubeconfig_path }}"

    # TODO: Investigate why container registry throws error if started immediately
    - name: Wait for 90 seconds
      pause:
        seconds: 90

    - block:
        - name: Get Kubernetes nodes with wide output
          command: kubectl get nodes -o wide
          environment:
            KUBECONFIG: "{{ kubeconfig_path }}"
          register: nodes_output

        - name: Print output of 'kubectl get nodes -o wide'
          debug:
            var: nodes_output.stdout

        - name: Get all secrets from all namespaces
          command: kubectl get secrets --all-namespaces
          environment:
            KUBECONFIG: "{{ kubeconfig_path }}"
          register: secrets_output

        - name: Print output of 'kubectl get secrets --all-namespaces'
          debug:
            var: secrets_output.stdout

        - name: Get cluster issuers
          command: kubectl get clusterissuer
          environment:
            KUBECONFIG: "{{ kubeconfig_path }}"
          register: clusterissuer_output

        - name: Print output of 'kubectl get clusterissuer'
          debug:
            var: clusterissuer_output.stdout

        - name: Get certificates
          command: kubectl get certificates
          environment:
            KUBECONFIG: "{{ kubeconfig_path }}"
          register: certificates_output

        - name: Print output of 'kubectl get certificates'
          debug:
            var: certificates_output.stdout

        - name: Get DaemonSets in all namespaces
          command: kubectl get ds --all-namespaces
          environment:
            KUBECONFIG: "{{ kubeconfig_path }}"
          register: daemonsets_output

        - name: Print output of 'kubectl get ds --all-namespaces'
          debug:
            var: daemonsets_output.stdout

      ignore_errors: yes
      
    - name: Deploy the container registry
      command: >
        laconic-so deployment --dir container-registry start

    - name: Get cluster_id from container-registry-deployment
      slurp:
        src: container-registry/deployment.yml
      register: deployment_file

    - name: Decode and extract cluster-id
      set_fact:
        extracted_cluster_id: "{{ deployment_file.content | b64decode | regex_search('cluster-id: (.+)', '\\1') }}"

    - name: Set modified cluster-id
      set_fact:
        formatted_cluster_id: "{{ extracted_cluster_id | replace('[', '') | replace(']', '') | replace(\"'\", '') }}"

    - name: Display the cluster ID
      debug:
        msg: "The cluster ID is: {{ formatted_cluster_id }}"

    - name: Annotate ingress for proxy body size
      command: >
        kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-body-size=0
      environment:
        KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"

    - name: Annotate ingress for proxy read timeout
      command: >
        kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-read-timeout=600
      environment:
        KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"

    - name: Annotate ingress for proxy send timeout
      command: >
        kubectl annotate ingress {{ formatted_cluster_id }}-ingress nginx.ingress.kubernetes.io/proxy-send-timeout=600
      environment:
        KUBECONFIG: "{{ ansible_env.HOME }}/.kube/config-default.yaml"