---
- name: Install Wireguard
  ansible.builtin.apt:
    name:
      - wireguard
    update_cache: false
  when: >
    ansible_os_family == 'Debian'
  #    and
  #  kubernetes.networking.encrypt | default(false) | bool


- name: Enable Cluster Encryption
  ansible.builtin.command:
    cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
  changed_when: false
  when: >
    kubernetes_config.cluster.prime.name == inventory_hostname

- name: Set Kubernetes Encryption Final Install Fact
  ansible.builtin.set_fact:
    kubernetes_installed_encryption: true