# manage helm
class rke2::helm (
  Enum['server', 'agent'] $node_type = $rke2::node_type,
  Stdlib::Fqdn            $bootstrap_node = $rke2::bootstrap_node,
  Boolean                 $helm_install = $rke2::helm_install,
  Hash                    $helm_repos = $rke2::helm_repos
){

  # when installing helm, manage the repos
  if $helm_install {

    package {'helm':
      ensure => installed,
    }

    file { '/etc/helm':
      ensure => directory,
      owner  => 'root',
      group  => 'root',
      mode   => '0755',
    }

    # on the controller nodes only, and after 3 master nodes exist
    if $node_type == 'server' and $facts['k8s_masters'] and $facts['k8s_masters'] > 2 {

      # check if the repo already exists
      $helm_repos.each | String $repo, Stdlib::HTTPSUrl $url | {

        # if repo isnt in repo list from helm, install it
        if ! $facts['helm_repos'].any |$existing| { $existing['name'] == $repo } {

          exec { "helm_add_repo_${repo}":
            command     => "helm repo add ${repo} ${url} --repository-config /etc/helm/repositories.yaml",
            path        => ['/usr/bin'],
            environment => [
              'KUBECONFIG=/etc/rancher/rke2/rke2.yaml',
            ],
          }
        }
      }

      # install specific helm charts to bootstrap environment
      $plb_cmd = 'helm install purelb purelb/purelb \
                  --create-namespace \
                  --namespace=purelb \
                  --repository-config /etc/helm/repositories.yaml'
      exec { 'install_purelb':
        command     => $plb_cmd,
        path        => ['/usr/bin', '/bin'],
        environment => ['KUBECONFIG=/etc/rancher/rke2/rke2.yaml'],
        unless      => 'helm list -n purelb | grep -q ^purelb',
      }

      $cm_cmd = 'helm install cert-manager jetstack/cert-manager \
                  --namespace cert-manager \
                  --create-namespace \
                  --set crds.enabled=true \
                  --repository-config /etc/helm/repositories.yaml'
      exec { 'install_cert_manager':
        command     => $cm_cmd,
        path        => ['/usr/bin', '/bin'],
        environment => ['KUBECONFIG=/etc/rancher/rke2/rke2.yaml'],
        unless      => 'helm list -n cert-manager | grep -q ^cert-manager',
      }

      $r_cmd = 'helm install rancher rancher-stable/rancher \
                  --namespace cattle-system \
                  --create-namespace \
                  --set hostname=rancher.main.unkin.net \
                  --set bootstrapPassword=admin \
                  --set ingress.tls.source=secret \
                  --repository-config /etc/helm/repositories.yaml'
      exec { 'install_rancher':
        command     => $r_cmd,
        path        => ['/usr/bin', '/bin'],
        environment => ['KUBECONFIG=/etc/rancher/rke2/rke2.yaml'],
        unless      => 'helm list -n cattle-system | grep -q ^rancher',
      }
    }
  }
}