---
- name: Reconfigure graceful shutdown for kubelet
  hosts: kubernetes
  tasks:
    - name: Reconfigure shutdownGracePeriod
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriod:'
        line: 'shutdownGracePeriod: 5m'
    - name: Reconfigure shutdownGracePeriodCriticalPods
      ansible.builtin.lineinfile:
        path: /var/lib/kubelet/config.yaml
        regexp: '^shutdownGracePeriodCriticalPods:'
        line: 'shutdownGracePeriodCriticalPods: 5m'
    - name: Work around unattended-upgrades
      ansible.builtin.lineinfile:
        path: /lib/systemd/logind.conf.d/unattended-upgrades-logind-maxdelay.conf
        regexp: '^InhibitDelayMaxSec='
        line: 'InhibitDelayMaxSec=5m0s'

- name: Pin kube components
  hosts: kubernetes
  tasks:
    - name: Pin packages
      loop:
        - kubeadm
        - kubectl
        - kubelet
      ansible.builtin.copy:
        dest: "/etc/apt/preferences.d/{{ item }}"
        content: |
          Package: {{ item }}
          Pin: version 1.26.*
          Pin-Priority: 1001

- name: Reset /etc/containers/registries.conf
  hosts: kubernetes
  tasks:
  - name: Copy /etc/containers/registries.conf
    ansible.builtin.copy:
      content: "unqualified-search-registries = [\"docker.io\"]\n"
      dest: /etc/containers/registries.conf
    register: registries
  - name: Restart CRI-O
    service:
      name: cri-o
      state: restarted
    when: registries.changed

- name: Reset /etc/modules
  hosts: kubernetes
  tasks:
  - name: Copy /etc/modules
    ansible.builtin.copy:
      content: |
        overlay
        br_netfilter
      dest: /etc/modules
    register: kernel_modules
  - name: Load kernel modules
    ansible.builtin.shell: "cat /etc/modules | xargs -L 1 -t modprobe"
    when: kernel_modules.changed

- name: Reset /etc/sysctl.d/99-k8s.conf
  hosts: kubernetes
  tasks:
  - name: Copy /etc/sysctl.d/99-k8s.conf
    ansible.builtin.copy:
      content: |
        cat > /etc/sysctl.d/99-k8s.conf << EOF
        net.ipv4.conf.all.accept_redirects  = 0
        net.bridge.bridge-nf-call-iptables  = 1
        net.ipv4.ip_forward                 = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        vm.max_map_count                    = 524288
        fs.inotify.max_user_instances       = 1280
        fs.inotify.max_user_watches         = 655360
      dest: /etc/sysctl.d/99-k8s.conf
    register: sysctl
  - name: Reload sysctl config
    ansible.builtin.shell: "sysctl --system"
    when: sysctl.changed