---
# roles/swarm_cadvisor/tasks/main.yml
# Deploy cAdvisor for container-level resource monitoring

- name: Ensure cAdvisor container is running
  community.docker.docker_container:
    name: "{{ cadvisor_container_name }}"
    image: "gcr.io/cadvisor/cadvisor:{{ cadvisor_version }}"
    state: started
    restart_policy: "{{ cadvisor_restart_policy }}"
    ports:
      - "{{ cadvisor_port }}:8080"
    volumes: "{{ cadvisor_volumes }}"
    privileged: true
    # === WHY PRIVILEGED? ===
    # cAdvisor needs to read cgroup metrics from /sys/fs/cgroup
    # This requires elevated permissions. In production, consider
    # using specific capabilities instead of full privileged mode:
    # cap_add: ["SYS_ADMIN"]
    devices:
      - "/dev/kmsg:/dev/kmsg"
  register: cadvisor_container

- name: Verify cAdvisor is responding
  ansible.builtin.uri:
    url: "http://localhost:{{ cadvisor_port }}/metrics"
    method: GET
    status_code: 200
  retries: 3
  delay: 5
  register: cadvisor_health
  failed_when: cadvisor_health.status != 200

- name: Display cAdvisor endpoint
  ansible.builtin.debug:
    msg: "✅ cAdvisor is running on {{ ansible_hostname }}:{{ cadvisor_port }}"