---
- name: Cilium | Ensure BPFFS mounted
  ansible.posix.mount:
    fstype: bpf
    path: /sys/fs/bpf
    src: bpffs
    state: mounted

- name: Cilium | Create Cilium certs directory
  file:
    dest: "{{ cilium_cert_dir }}"
    state: directory
    mode: "0750"
    owner: root
    group: root
  when:
    - cilium_identity_allocation_mode == "kvstore"

- name: Cilium | Link etcd certificates for cilium
  file:
    src: "{{ etcd_cert_dir }}/{{ item.s }}"
    dest: "{{ cilium_cert_dir }}/{{ item.d }}"
    mode: "0644"
    state: hard
    force: true
  loop:
    - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
    - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
    - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
  when:
    - cilium_identity_allocation_mode == "kvstore"

- name: Cilium | Enable portmap addon
  template:
    src: 000-cilium-portmap.conflist.j2
    dest: /etc/cni/net.d/000-cilium-portmap.conflist
    mode: "0644"
  when: cilium_enable_portmap

- name: Cilium | Render values
  template:
    src: values.yaml.j2
    dest: "{{ kube_config_dir }}/cilium-values.yaml"
    mode: "0644"
  when:
    - inventory_hostname == groups['kube_control_plane'][0]

- name: Cilium | Copy Ciliumcli binary from download dir
  copy:
    src: "{{ local_release_dir }}/cilium"
    dest: "{{ bin_dir }}/cilium"
    mode: "0755"
    remote_src: true