---
- name: Update apt cache
  apt:
    update_cache: yes
    cache_valid_time: 3600

- name: Upgrade all packages
  apt:
    upgrade: dist

- name: Install required system packages
  apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - software-properties-common
      - gnupg
    state: present

- name: Disable swap
  command: swapoff -a
  when: ansible_swaptotal_mb > 0

- name: Disable swap in dphys-swapfile
  lineinfile:
    path: /etc/dphys-swapfile
    regexp: '^CONF_SWAPSIZE='
    line: 'CONF_SWAPSIZE=0'
  notify: restart kubelet

- name: Enable cgroup features in cmdline.txt
  replace:
    path: /boot/cmdline.txt
    regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1\b).*)$'
    replace: '\1 cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1'
  register: cgroup_update

- name: Reboot if cgroup features updated
  reboot:
  when: cgroup_update.changed

- name: Load kernel modules for containerd
  copy:
    dest: /etc/modules-load.d/containerd.conf
    content: |
      overlay
      br_netfilter

- name: Load overlay module
  modprobe:
    name: overlay
    state: present

- name: Load br_netfilter module
  modprobe:
    name: br_netfilter
    state: present

- name: Configure sysctl params for Kubernetes
  copy:
    dest: /etc/sysctl.d/99-kubernetes-cri.conf
    content: |
      net.bridge.bridge-nf-call-iptables  = 1
      net.ipv4.ip_forward                 = 1
      net.bridge.bridge-nf-call-ip6tables = 1
  register: sysctl_config

- name: Apply sysctl params
  command: sysctl --system
  when: sysctl_config.changed

- name: Install containerd
  apt:
    name: containerd
    state: present

- name: Create containerd config directory
  file:
    path: /etc/containerd
    state: directory

- name: Generate default containerd config
  shell: containerd config default > /etc/containerd/config.toml
  args:
    creates: /etc/containerd/config.toml

- name: Configure SystemdCgroup in containerd config
  replace:
    path: /etc/containerd/config.toml
    regexp: 'SystemdCgroup = false'
    replace: 'SystemdCgroup = true'
  notify: restart containerd

- name: Create keyrings directory
  file:
    path: /etc/apt/keyrings
    state: directory
    mode: '0755'

- name: Download Kubernetes GPG key
  get_url:
    url: https://pkgs.k8s.io/core:/stable:/v1.35/deb/Release.key
    dest: /etc/apt/keyrings/kubernetes-apt-keyring.asc
    mode: '0644'

- name: Add Kubernetes apt repository
  apt_repository:
    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v1.35/deb/ /"
    state: present
    filename: kubernetes

- name: Install Kubernetes binaries
  apt:
    name:
      - kubelet
      - kubeadm
      - kubectl
    state: present
    update_cache: yes

- name: Hold Kubernetes packages
  dpkg_selections:
    name: "{{ item }}"
    selection: hold
  loop:
    - kubelet
    - kubeadm
    - kubectl