feat: migrate core addons toward flux

ansible/roles/addon-secrets-bootstrap/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Apply Hetzner cloud secret
+  shell: >-
+    kubectl -n kube-system create secret generic hcloud
+    --from-literal=token='{{ hcloud_token }}'
+    --from-literal=network='{{ cluster_name }}-network'
+    --dry-run=client -o yaml | kubectl apply -f -
+  changed_when: true
+  no_log: true
+  when: hcloud_token | default('') | length > 0
+
+- name: Apply Tailscale operator OAuth secret
+  shell: >-
+    kubectl -n {{ tailscale_operator_namespace | default('tailscale-system') }} create secret generic operator-oauth
+    --from-literal=client_id='{{ tailscale_oauth_client_id }}'
+    --from-literal=client_secret='{{ tailscale_oauth_client_secret }}'
+    --dry-run=client -o yaml | kubectl apply -f -
+  changed_when: true
+  no_log: true
+  when:
+    - tailscale_oauth_client_id | default('') | length > 0
+    - tailscale_oauth_client_secret | default('') | length > 0

ansible/site.yml

@@ -80,21 +80,31 @@
   become: true
 
   roles:
-    - ccm
+    - role: ccm
+      when: not (ccm_gitops_enabled | default(true) | bool)
 
 - name: Deploy Hetzner CSI
   hosts: control_plane[0]
   become: true
 
   roles:
-    - csi
+    - role: csi
+      when: not (csi_gitops_enabled | default(true) | bool)
 
 - name: Deploy Tailscale Kubernetes Operator
   hosts: control_plane[0]
   become: true
 
   roles:
-    - tailscale-operator
+    - role: tailscale-operator
+      when: not (tailscale_operator_gitops_enabled | default(true) | bool)
+
+- name: Bootstrap addon prerequisite secrets
+  hosts: control_plane[0]
+  become: true
+
+  roles:
+    - addon-secrets-bootstrap
 
 - name: Deploy observability stack
   hosts: control_plane[0]