---
- name: Remove kubeadm cronjob that renews certificates
  cron:
    name: "Use kubeadm renew certificates"
    special_time: monthly
    user: root
    job: "/usr/bin/kubeadm alpha certs renew all"
    cron_file: yunion_kubeadm_renew_certs
    state: absent
  become: true

- name: Ensure a cronjob that renews k8s certificates
  cron:
    name: "Use ocadm renew certificates"
    special_time: monthly
    user: root
    job: "/opt/yunion/bin/ocadm alpha certs renew all"
    cron_file: yunion_ocadm_renew_certs
  become: true

- name: Check if k3s.service.env file exists
  ansible.builtin.stat:
    path: /etc/systemd/system/k3s.service.env
  register: k3s_service_env_file
  become: true

- name: Add CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS to k3s.service.env if not set
  ansible.builtin.lineinfile:
    path: /etc/systemd/system/k3s.service.env
    line: "CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650"
    regexp: "^CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS="
    state: present
    create: false
  when: k3s_service_env_file.stat.exists
  become: true