fix: bootstrap doppler store outside flux

ansible/roles/doppler-bootstrap/tasks/main.yml

@@ -15,3 +15,22 @@
     --from-literal=dopplerToken='{{ doppler_hetznerterra_service_token }}'
     --dry-run=client -o yaml | kubectl apply -f -
   changed_when: true
+
+- name: Apply Doppler ClusterSecretStore
+  shell: |
+    cat <<'EOF' | kubectl apply -f -
+    apiVersion: external-secrets.io/v1
+    kind: ClusterSecretStore
+    metadata:
+      name: doppler-hetznerterra
+    spec:
+      provider:
+        doppler:
+          auth:
+            secretRef:
+              dopplerToken:
+                name: doppler-hetznerterra-service-token
+                key: dopplerToken
+                namespace: external-secrets
+    EOF
+  changed_when: true

infrastructure/kustomization-secrets.yaml

@@ -1,17 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: secrets
-  namespace: flux-system
-spec:
-  interval: 10m
-  prune: true
-  validation: none
-  sourceRef:
-    kind: GitRepository
-    name: platform
-  path: ./infrastructure/secret-stores
-  dependsOn:
-    - name: addon-external-secrets
-  wait: true
-  timeout: 5m

infrastructure/kustomization.yaml

@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - addons
-  - kustomization-secrets.yaml

infrastructure/secret-stores/clustersecretstore-doppler-hetznerterra.yaml

@@ -1,13 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ClusterSecretStore
-metadata:
-  name: doppler-hetznerterra
-spec:
-  provider:
-    doppler:
-      auth:
-        secretRef:
-          dopplerToken:
-            name: doppler-hetznerterra-service-token
-            key: dopplerToken
-            namespace: external-secrets

infrastructure/secret-stores/kustomization.yaml

@@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - clustersecretstore-doppler-hetznerterra.yaml