#############################################################
## NOT FOR PRODUCTION USE.                                 ##
## THE CONTENT OF THIS FILE IS FOR LEARNING PURPOSES ONLY  ##
## created by David Surey, Amazon Web Services, 2020       ##
#############################################################

- name: get eks cluster vpc
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  shell: >
    aws eks describe-cluster --name {{ eksexample_clustername }} \
    --query "cluster.resourcesVpcConfig.vpcId" --output text --region {{ eksexample_region }}
  register: eks_vpcinfo

- name: get eks cluster vpc cidr
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  shell: >
    aws ec2 describe-vpcs --vpc-ids {{ eks_vpcinfo.stdout }} \
    --query "Vpcs[].CidrBlock" --output text --region {{ eksexample_region }}
  register: eks_vpccidr

- name: get eks private subnet ids
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  shell: > 
    aws ec2 describe-subnets --region {{ eksexample_region }} --filter Name=vpc-id,Values={{ eks_vpcinfo.stdout }} \
    | jq -r '.Subnets[] | select(.Tags[].Value | contains("SubnetPrivate")) | .SubnetId' | sort -u
  register: eks_subnetinfo

- name: create Roles and Policies for efs csi
  cloudformation:
    profile: "{{ eksexample_aws_profilename }}"
    stack_name: "{{ eksexample_clustername }}-storage-provider-efscsi-policy"
    state: present
    region: "{{ eksexample_region }}"
    template: "./cloudformation/eks-storage-provider-efscsi-iam.template.yaml"

- name: create efs storage for efs csi
  cloudformation:
    profile: "{{ eksexample_aws_profilename }}"
    stack_name: "{{ eksexample_clustername }}-storage-provider-efscsi-storage"
    state: present
    region: "{{ eksexample_region }}"
    template: "./cloudformation/eks-storage-provider-efscsi-storage.template.yaml"
    template_parameters:
      Ekscidrblock: "{{ eks_vpccidr.stdout }}"
      Ekssubnetids: "{{ eks_subnetinfo.stdout | replace('\n', ', ') }}"
      Eksvpcid: "{{ eks_vpcinfo.stdout }}"
  register: efs_filesystem

- name: setup service account for efs csi controller
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  shell: >
    . /home/ec2-user/.bashrc && \
    eksctl  create iamserviceaccount \
    --name efs-csi-controller-sa \
    --namespace kube-system \
    --cluster "{{ eksexample_clustername }}" \
    --attach-policy-arn "arn:aws:iam::{{ caller_info.account }}:policy/EKSStorageProviderEFSCsiPolicy" \
    --approve \
    --region {{ eksexample_region }} \
    --override-existing-serviceaccounts

- name: add the EFS CSI Driver helm repo
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  kubernetes.core.helm_repository:
    name: aws-efs-csi-driver
    repo_url: "https://kubernetes-sigs.github.io/aws-efs-csi-driver/"

- name: Deploy latest version of AWS EFS CSI Driver chart inside kube-system namespace
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  kubernetes.core.helm:
    name: aws-efs-csi-driver
    chart_ref: aws-efs-csi-driver/aws-efs-csi-driver
    release_namespace: kube-system
    values: 
      controller: 
        serviceAccount:
          create: false 
          name: efs-csi-controller-sa

- name: create efs Storage Class
  delegate_to: "{{ EKSBastionInstancePublicIP }}"
  kubernetes.core.k8s: 
    state: present
    apply: yes
    definition:
      kind: StorageClass
      apiVersion: storage.k8s.io/v1
      metadata:
        name: efs-sc
      provisioner: efs.csi.aws.com