fix: bootstrap doppler store outside flux

2026-03-09 02:58:26 +00:00
parent 4a83d981c8
commit 2d4de6cff8
5 changed files with 19 additions and 35 deletions
--- a/ansible/roles/doppler-bootstrap/tasks/main.yml
+++ b/ansible/roles/doppler-bootstrap/tasks/main.yml
@@ -15,3 +15,22 @@
    --from-literal=dopplerToken='{{ doppler_hetznerterra_service_token }}'
    --dry-run=client -o yaml | kubectl apply -f -
  changed_when: true
+
+- name: Apply Doppler ClusterSecretStore
+  shell: |
+    cat <<'EOF' | kubectl apply -f -
+    apiVersion: external-secrets.io/v1
+    kind: ClusterSecretStore
+    metadata:
+      name: doppler-hetznerterra
+    spec:
+      provider:
+        doppler:
+          auth:
+            secretRef:
+              dopplerToken:
+                name: doppler-hetznerterra-service-token
+                key: dopplerToken
+                namespace: external-secrets
+    EOF
+  changed_when: true