---
- name: Deploy container-pod-yaml with validation
  block:
  - name: Make sure unzip is installed
    become: true
    ansible.builtin.package:
      name: unzip
      state: present

  - name: Set correct kubeval version for 64bit
    ansible.builtin.set_fact:
      kubeval_arch: amd64
    when: ansible_architecture == "x86_64"

  - name: Set correct kubeval version for 64bit
    ansible.builtin.set_fact:
      kubeval_arch: 386
    when: ansible_architecture == "i386"

  - name: Continue without validation as we can't get kubeval for this arch
    ansible.builtin.set_fact:
      container_pod_yaml_template_validation: false
    when: kubeval_arch is undefined

  - name: Get latest kubeval version
    become: true
    ansible.builtin.unarchive:
      src: "{{ kubeval_url }}/download/kubeval-linux-{{ kubeval_arch }}.tar.gz"
      dest: "/usr/local/bin"
      owner: "root"
      group: "root"
      mode: "0755"
      exclude:
        - README.md
        - LICENSE
      remote_src: true
      keep_newer: true

  - name: Deploy container configuration
    ansible.builtin.template:
      src: "{{ container_pod_yaml_template }}"
      dest: "{{ container_pod_yaml }}"
      owner: "{{ container_run_as_user }}"
      group: "{{ container_run_as_group }}"
      mode: '0640'
      validate: /usr/local/bin/kubeval %s
    notify: restart service
  when: container_pod_yaml_template_validation

- name: container-pod-yaml without validation
  ansible.builtin.template:
    src: "{{ container_pod_yaml_template }}"
    dest: "{{ container_pod_yaml }}"
    owner: "{{ container_run_as_user }}"
    group: "{{ container_run_as_group }}"
    mode: '0640'
  notify: restart service
  when: not container_pod_yaml_template_validation