---
- name: Create Concourse namespace
  kubernetes.core.k8s:
    name: concourse
    api_version: v1
    kind: Namespace
    state: present
    definition:
      metadata:
        labels:
          prometheus: default

- name: Add Concourse chart repo
  kubernetes.core.helm_repository:
    name: concourse
    repo_url: https://concourse-charts.storage.googleapis.com/

- name: Create Concourse worker secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: concourse-worker
        namespace: concourse
      data:
        host-key-pub: "{{ concourse.worker.hostKeyPub | b64encode}}"
        worker-key: "{{ concourse.worker.workerKey | b64encode}}"
        worker-key-pub: "{{ concourse.worker.workerKeyPub | b64encode}}"

- name: Create Concourse web secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: concourse-web
        namespace: concourse
      data:
        worker-key-pub: "{{ concourse.worker.workerKeyPub | b64encode}}"
        host-key: "{{ concourse.web.hostKey | b64encode}}"
        session-signing-key: "{{ concourse.web.sessionSigningKey | b64encode}}"
        postgresql-user: "{{ concourse.db.user | b64encode}}"
        postgresql-password: "{{ concourse.db.password | b64encode}}"
        encryption-key: "{{ concourse.encryptionKey | b64encode}}"
        oidc-client-id: "{{ concourse.auth.clientId | b64encode }}"
        oidc-client-secret: "{{ concourse.auth.clientSecret | b64encode }}"
        local-users: "{{ ('concourse:%s' % concourse.local.password) | b64encode }}"

- name: Deploy Concourse chart
  kubernetes.core.helm:
    name: concourse
    chart_ref: concourse/concourse
    release_namespace: concourse
    chart_version: 17.1.0
    update_repo_cache: true
    release_values: "{{ lookup('template', 'values.concourse.yml.j2') | from_yaml }}"

- name: Create concourse RBAC resources
  kubernetes.core.k8s:
    state: present
    definition: "{{ lookup('template', 'rbac/deploy-role.yml.j2') | from_yaml }}"

- name: Bind service account for deployment
  kubernetes.core.k8s:
    name: "{{ item }}"
    namespace: "{{ item }}"
    definition: "{{ lookup('template', 'rbac/deploy-rolebinding.yml.j2') | from_yaml }}"
    state: present
  loop:
    - concourse-main
    - concourse-inetmock
    - blog
    - inetmock

- name: Create Gitea team credentials
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: gitea-credentials
        namespace: "concourse-{{ item }}"
      data:
        user: "{{ concourse.gitea.user | b64encode}}"
        token: "{{ concourse.gitea.token | b64encode}}"
  loop:
    - main
    - inetmock

- name: Create Github team credentials
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: github-credentials
        namespace: "concourse-{{ item }}"
      data:
        token: "{{ github.token | b64encode}}"
  loop:
    - main
    - inetmock