fix: bootstrap tailscale namespace before secret

2026-03-20 09:24:35 +00:00
parent 522626a52b
commit 349f75729a
1 changed files with 19 additions and 0 deletions
--- a/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
+++ b/ansible/roles/addon-secrets-bootstrap/tasks/main.yml
@@ -9,6 +9,25 @@
  no_log: true
  when: hcloud_token | default('') | length > 0

+- name: Ensure Tailscale operator namespace exists
+  command: >-
+    kubectl create namespace {{ tailscale_operator_namespace | default('tailscale-system') }}
+    --dry-run=client -o yaml
+  register: tailscale_namespace_manifest
+  changed_when: false
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0
+
+- name: Apply Tailscale operator namespace
+  command: kubectl apply -f -
+  args:
+    stdin: "{{ tailscale_namespace_manifest.stdout }}"
+  changed_when: true
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0
+
 - name: Apply Tailscale operator OAuth secret
  shell: >-
    kubectl -n {{ tailscale_operator_namespace | default('tailscale-system') }} create secret generic operator-oauth