K3S/addons/ext-proxy/role/tasks/main.yml

---
# ── Validate inputs ───────────────────────────────────────────────────────────

- name: Validate ext_proxy_proxies is defined and non-empty
  ansible.builtin.assert:
    that:
      - ext_proxy_proxies is defined
      - ext_proxy_proxies | length > 0
    fail_msg: >
      ext_proxy_proxies is empty. Define at least one proxy in
      group_vars/all/addons.yml → ext_proxy_proxies.
    success_msg: "ext_proxy_proxies: {{ ext_proxy_proxies | length }} service(s) defined"

# ── Create namespace ──────────────────────────────────────────────────────────

- name: Create ext-proxy namespace
  ansible.builtin.command: >
    k3s kubectl create namespace {{ ext_proxy_namespace }}
    --dry-run=client -o yaml | k3s kubectl apply -f -
  become: true
  changed_when: false

# ── Copy Helm chart to master node ───────────────────────────────────────────

- name: Ensure chart temp directory is clean
  ansible.builtin.file:
    path: /tmp/ext-proxy-chart
    state: absent
  become: true

- name: Create chart temp directory
  ansible.builtin.file:
    path: /tmp/ext-proxy-chart
    state: directory
    mode: "0755"
  become: true

- name: Copy Helm chart to master
  ansible.builtin.copy:
    src: "{{ role_path }}/chart/"
    dest: /tmp/ext-proxy-chart/
    mode: preserve
  become: true

# ── Template Helm values ──────────────────────────────────────────────────────

- name: Template Helm values
  ansible.builtin.template:
    src: values.yaml.j2
    dest: /tmp/ext-proxy-values.yaml
    mode: "0640"
  become: true

- name: Show generated Helm values
  ansible.builtin.command: cat /tmp/ext-proxy-values.yaml
  become: true
  changed_when: false
  register: _ext_proxy_values

- name: Debug generated values
  ansible.builtin.debug:
    var: _ext_proxy_values.stdout_lines

# ── Lint chart before deploying ───────────────────────────────────────────────

- name: Lint Helm chart
  ansible.builtin.command: >
    helm lint /tmp/ext-proxy-chart
    --values /tmp/ext-proxy-values.yaml
  become: true
  changed_when: false
  register: _helm_lint
  failed_when: _helm_lint.rc != 0

# ── Deploy chart ──────────────────────────────────────────────────────────────

- name: Deploy ext-proxy via Helm
  ansible.builtin.command: >
    helm upgrade --install {{ ext_proxy_release_name }}
    /tmp/ext-proxy-chart
    --namespace {{ ext_proxy_namespace }}
    --values /tmp/ext-proxy-values.yaml
    --atomic
    --wait
    --timeout 60s
  become: true
  register: _helm_result
  changed_when: true

# ── Verify deployment ─────────────────────────────────────────────────────────

- name: Get Ingress list
  ansible.builtin.command: >
    k3s kubectl -n {{ ext_proxy_namespace }} get ingress -o wide
  become: true
  changed_when: false
  register: _ingress_list

- name: Get Endpoints list
  ansible.builtin.command: >
    k3s kubectl -n {{ ext_proxy_namespace }} get endpoints
  become: true
  changed_when: false
  register: _endpoints_list

# ── Summary ───────────────────────────────────────────────────────────────────

- name: "=== External Services Ingress Proxy Ready ==="
  ansible.builtin.debug:
    msg:
      - "╔══════════════════════════════════════════════════════════════╗"
      - "║      External Services Ingress Proxy — Deployed              ║"
      - "╚══════════════════════════════════════════════════════════════╝"
      - ""
      - "  Namespace : {{ ext_proxy_namespace }}"
      - "  Release   : {{ ext_proxy_release_name }}"
      - "  Services  : {{ ext_proxy_proxies | length }}"
      - ""
      - "  Ingress resources:"
      - "{{ _ingress_list.stdout_lines | to_yaml }}"
      - ""
      - "  Endpoints:"
      - "{{ _endpoints_list.stdout_lines | to_yaml }}"
      - ""
      - "  kube-vip VIP: {{ ext_proxy_vip | default('<check kube-vip>') }}"
      - "  → Point all proxy hostnames to the VIP in DNS/hosts file"
      - ""
      - "  Verify: kubectl -n {{ ext_proxy_namespace }} describe ingress"