- hosts: all
  roles:
    - role: use-buildset-registry
    - role: clear-firewall
    - role: ensure-docker
    - role: ensure-minikube
    - role: ensure-helm
  tasks:
    - name: Start minikube
      command: minikube start --cpus max --memory max --container-runtime cri-o

    - name: Add buildset registry to minikube /etc/hosts
      command: "minikube ssh 'echo -e \"\n{{ buildset_registry.host }}\tzuul-jobs.buildset-registry\" | sudo tee -a /etc/hosts'"

    - name: Replace minikube registries.conf
      block:
        - name: Copy registries.conf from the host to minikube
          command: minikube cp /etc/containers/registries.conf /etc/containers/registries.conf

        - name: Signal new config to minikube crio daemon
          command: "minikube ssh 'sudo pkill -HUP crio'"

    - name: Replace minikube kubelet config.json
      shell: minikube cp ~/.docker/config.json /var/lib/kubelet/config.json

    - name: Install buildset registry CA certificate in minikube
      block:
        - name: Copy the CA certificate from the host to minikube
          command: "minikube cp /usr/local/share/ca-certificates/{{ buildset_registry_alias }}.crt /usr/local/share/ca-certificates/{{ buildset_registry_alias }}.crt"

        - name: Run update-ca-certificates in minikube
          command: "minikube ssh 'sudo update-ca-certificates'"