---
- name: Check if Hetzner CCM is already deployed
  command: kubectl get namespace hetzner-cloud-system
  register: ccm_namespace
  failed_when: false
  changed_when: false

- name: Create Hetzner CCM namespace
  command: kubectl create namespace hetzner-cloud-system
  when: ccm_namespace.rc != 0
  changed_when: true

- name: Create Hetzner cloud secret
  shell: |
    kubectl -n hetzner-cloud-system create secret generic hcloud \
      --from-literal=token='{{ hcloud_token }}' \
      --from-literal=network='{{ cluster_name }}-network' \
      --dry-run=client -o yaml | kubectl apply -f -
  no_log: true
  when: hcloud_token is defined
  changed_when: true

- name: Deploy Hetzner CCM
  command: kubectl apply -f https://raw.githubusercontent.com/hetznercloud/hcloud-cloud-controller-manager/main/deploy/ccm-networks.yaml
  changed_when: true

- name: Detect CCM workload kind
  shell: |
    if kubectl -n hetzner-cloud-system get deployment hcloud-cloud-controller-manager >/dev/null 2>&1; then
      echo deployment
    elif kubectl -n hetzner-cloud-system get daemonset hcloud-cloud-controller-manager >/dev/null 2>&1; then
      echo daemonset
    else
      echo missing
    fi
  register: ccm_workload_kind
  changed_when: false

- name: Wait for CCM deployment rollout
  command: kubectl rollout status deployment/hcloud-cloud-controller-manager -n hetzner-cloud-system
  register: ccm_rollout_deploy
  until: ccm_rollout_deploy.rc == 0
  changed_when: false
  retries: 30
  delay: 10
  when: ccm_workload_kind.stdout == "deployment"

- name: Wait for CCM daemonset rollout
  command: kubectl rollout status daemonset/hcloud-cloud-controller-manager -n hetzner-cloud-system
  register: ccm_rollout_ds
  until: ccm_rollout_ds.rc == 0
  changed_when: false
  retries: 30
  delay: 10
  when: ccm_workload_kind.stdout == "daemonset"

- name: Show CCM namespace objects when workload missing
  command: kubectl -n hetzner-cloud-system get all
  register: ccm_ns_objects
  changed_when: false
  when: ccm_workload_kind.stdout == "missing"

- name: Fail when CCM workload is missing
  fail:
    msg: |
      hcloud-cloud-controller-manager workload not found after applying manifest.
      Namespace objects:
      {{ ccm_ns_objects.stdout | default('n/a') }}
  when: ccm_workload_kind.stdout == "missing"