---
# Map WireGuard tunnel to Kedge governed overlay.
# Creates a KedgeTunnel CR that binds the WireGuard interface to a VNI.

- name: Ensure kubectl is available
  ansible.builtin.command: kubectl version --client
  changed_when: false

- name: Deploy KedgeTunnel manifest
  ansible.builtin.template:
    src: kedge-tunnel.yml.j2
    dest: "/tmp/kedge-tunnel-{{ kedge_tunnel_site_id }}.yml"
    mode: "0644"

- name: Apply KedgeTunnel CR
  ansible.builtin.command: >
    kubectl apply -f /tmp/kedge-tunnel-{{ kedge_tunnel_site_id }}.yml
  changed_when: true

- name: Clean up temporary manifest
  ansible.builtin.file:
    path: "/tmp/kedge-tunnel-{{ kedge_tunnel_site_id }}.yml"
    state: absent