---
- name: Deploy latest AWX on Kubernetes using AWX Operator
  hosts: localhost
  connection: local
  become: false
  gather_facts: false

  vars:
    awx_namespace: awx
    awx_operator_version: 2.19.1  # Latest as of available releases; corresponds to AWX 24.6.1
    awx_instance_name: awx-demo
    awx_service_type: nodeport  # Change to 'clusterip' if using ingress or on OpenShift

  collections:
    - kubernetes.core

  tasks:
    - name: Ensure kubernetes.core collection is installed
      command: ansible-galaxy collection install kubernetes.core
      changed_when: false
      ignore_errors: true  # In case already installed

    - name: Create AWX namespace
      k8s:
        state: present
        definition:
          apiVersion: v1
          kind: Namespace
          metadata:
            name: "{{ awx_namespace }}"
      kubeconfig: /home/semaphore/.kube/config

    - name: Set current namespace context (optional, for convenience)
      command: kubectl config set-context --current --namespace={{ awx_namespace }}
      changed_when: false

    - name: Install AWX Operator using kustomize
      command: >-
        kubectl apply -k "github.com/ansible/awx-operator/config/default?ref={{ awx_operator_version }}"
      environment:
        KUBECONFIG: /home/semaphore/.kube/config
      changed_when: false

    - name: Wait for AWX Operator to be ready
      k8s_info:
        api_version: apps/v1
        kind: Deployment
        namespace: "{{ awx_namespace }}"
        name: awx-operator-controller-manager
      register: operator_deployment
      until: operator_deployment.resources[0].status.readyReplicas == operator_deployment.resources[0].status.replicas
      retries: 30
      delay: 10

    - name: Create AWX instance
      k8s:
        state: present
        namespace: "{{ awx_namespace }}"
        definition:
          apiVersion: awx.ansible.com/v1beta1
          kind: AWX
          metadata:
            name: "{{ awx_instance_name }}"
          spec:
            service_type: "{{ awx_service_type }}"

    - name: Wait for AWX pods to be ready
      k8s_info:
        kind: Pod
        namespace: "{{ awx_namespace }}"
        label_selectors:
          - "app.kubernetes.io/managed-by=awx-operator"
      register: awx_pods
      until: >-
        awx_pods.resources | selectattr('status.phase', 'equalto', 'Running') | length == awx_pods.resources | length
      retries: 60
      delay: 10

    - name: Get AWX admin password
      k8s_info:
        api_version: v1
        kind: Secret
        namespace: "{{ awx_namespace }}"
        name: "{{ awx_instance_name }}-admin-password"
      register: awx_secret

    - name: Display AWX access information
      debug:
        msg: >-
          AWX is deployed. Access it at the NodePort service (use 'kubectl get svc {{ awx_instance_name }}-service -n {{ awx_namespace }}' to find the port).
          Default username: admin
          Password: {{ awx_secret.resources[0].data.password | b64decode }}