---
- name: Setup nodi worker Kubernetes e join cluster
  hosts: workers
  become: yes
  vars:
    kube_version: "1.34"
  tasks:
    - name: Aggiorna sistema operativo
      dnf:
        name: "*"
        state: latest
        update_cache: yes

    - name: Imposta hostname worker
      hostname:
        name: "{{ inventory_hostname }}"

    - name: Aggiunge voce hosts master e workers
      lineinfile:
        path: /etc/hosts
        line: "{{ item }}"
      loop:
        - "192.168.1.17 k8s-m"
        - "192.168.1.18 k8s-w1"
        - "192.168.1.19 k8s-w2"

    - name: Disabilita swap temporaneamente e permanentemente
      block:
        - command: swapoff -a
          args:
            warn: false
          changed_when: false
        - replace:
            path: /etc/fstab
            regexp: '(^.* swap .*$)'
            replace: '#\1'

    - name: Imposta SELinux in permissive (runtime e config)
      block:
        - command: setenforce 0
          args:
            warn: false
        - lineinfile:
            path: /etc/selinux/config
            regexp: '^SELINUX='
            line: 'SELINUX=permissive'

    - name: Configura firewall worker (porte tcp)
      firewalld:
        port: "{{ item }}/tcp"
        permanent: yes
        state: enabled
      loop: [179,10250]

    - name: Apre porta UDP firewall worker
      firewalld:
        port: 4789/udp
        permanent: yes
        state: enabled

    - name: Apre NodePort range TCP
      firewalld:
        port: 30000-32767/tcp
        permanent: yes
        state: enabled

    - name: Ricarica firewall
      command: firewall-cmd --reload
      args:
        warn: false

    - name: Carica moduli kernel containerd
      copy:
        dest: /etc/modules-load.d/containerd.conf
        content: |
          overlay
          br_netfilter

    - name: Carica modulo overlay
      modprobe:
        name: overlay
        state: present

    - name: Carica modulo br_netfilter
      modprobe:
        name: br_netfilter
        state: present

    - name: Configura sysctl per Kubernetes
      copy:
        dest: /etc/sysctl.d/k8s.conf
        content: |
          net.bridge.bridge-nf-call-iptables = 1
          net.ipv4.ip_forward = 1
          net.bridge.bridge-nf-call-ip6tables = 1

    - name: Applica sysctl
      command: sysctl --system
      args:
        warn: false

    - name: Aggiungi repo Docker per containerd
      get_url:
        url: https://download.docker.com/linux/centos/docker-ce.repo
        dest: /etc/yum.repos.d/docker-ce.repo

    - name: Installa containerd
      dnf:
        name: containerd.io
        state: present

    - name: Configura containerd systemd
      shell: |
        containerd config default > /etc/containerd/config.toml
        sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml

    - name: Riavvia e abilita containerd
      systemd:
        name: containerd
        state: restarted
        enabled: yes

    - name: Aggiungi repo Kubernetes
      copy:
        dest: /etc/yum.repos.d/kubernetes.repo
        content: |
          [kubernetes]
          name=Kubernetes
          baseurl=https://pkgs.k8s.io/core:/stable:/v{{ kube_version }}/rpm/
          enabled=1
          gpgcheck=1
          gpgkey=https://pkgs.k8s.io/core:/stable:/v{{ kube_version }}/rpm/repodata/repomd.xml.key
          exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni

    - name: Installa kubelet kubeadm kubectl
      dnf:
        name:
          - kubelet
          - kubeadm
          - kubectl
        state: present
        disable_excludes: kubernetes

    - name: Avvia e abilita kubelet
      systemd:
        name: kubelet
        state: started
        enabled: yes

    - name: Unisciti al cluster Kubernetes usando comando join
      command: "{{ join_command }}"
      when: join_command is defined