---
# Applies egress labels to worker nodes.
# TODO: any other labels? zone? region?
- name: Get a list of worker nodes.
  kubernets.core.k8s_info:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: node
    label_selectors:
      - node-role.kubernetes.io/worker=''
  register: workers

- name: Apply a label patch to all the worker nodes.
  kubernets.core.k8s:
    kubeconfig: tmp/kubeconfig-ocp4
    validate_certs: no
    api_version: v1
    kind: node
    name: "{{ item }}"
    state: patched
    resource_definition:
      metadata:
        labels:
          k8s.ovn.org/egress-assignable=''
  loop: "{{ workers | ansible.builtin.json_query('resources[*].metadata.name') }}"
...