51 lines
1.7 KiB
YAML
51 lines
1.7 KiB
YAML
---
|
|
- name: Ensure Doppler service token is provided
|
|
assert:
|
|
that:
|
|
- doppler_hetznerterra_service_token | length > 0
|
|
fail_msg: doppler_hetznerterra_service_token must be provided for External Secrets bootstrap.
|
|
|
|
- name: Ensure external-secrets namespace exists
|
|
shell: kubectl create namespace external-secrets --dry-run=client -o yaml | kubectl apply -f -
|
|
changed_when: true
|
|
|
|
- name: Apply Doppler service token secret
|
|
shell: >-
|
|
kubectl -n external-secrets create secret generic doppler-hetznerterra-service-token
|
|
--from-literal=dopplerToken='{{ doppler_hetznerterra_service_token }}'
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
changed_when: true
|
|
|
|
- name: Check for ClusterSecretStore CRD
|
|
command: kubectl get crd clustersecretstores.external-secrets.io
|
|
register: doppler_clustersecretstore_crd
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Apply Doppler ClusterSecretStore
|
|
shell: |
|
|
cat <<'EOF' | kubectl apply -f -
|
|
apiVersion: external-secrets.io/v1
|
|
kind: ClusterSecretStore
|
|
metadata:
|
|
name: doppler-hetznerterra
|
|
spec:
|
|
provider:
|
|
doppler:
|
|
auth:
|
|
secretRef:
|
|
dopplerToken:
|
|
name: doppler-hetznerterra-service-token
|
|
key: dopplerToken
|
|
namespace: external-secrets
|
|
EOF
|
|
changed_when: true
|
|
when: doppler_clustersecretstore_crd.rc == 0
|
|
|
|
- name: Note pending Doppler ClusterSecretStore bootstrap
|
|
debug:
|
|
msg: >-
|
|
Skipping Doppler ClusterSecretStore bootstrap because the External Secrets CRD
|
|
is not available yet. Re-run after External Secrets is installed.
|
|
when: doppler_clustersecretstore_crd.rc != 0
|