OpenStaticFish/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
f49b08f50cfe2814e9baf16f255f17d67dd96b34
HetznerTerra/ansible/roles/doppler-bootstrap/tasks/main.yml
T

25 lines
951 B
YAML
Raw Normal View History

feat: sync runtime secrets from doppler
2026-03-09 00:25:41 +00:00
---
- name: Ensure Doppler service token is provided
assert:
that:
- doppler_hetznerterra_service_token | length > 0
fail_msg: doppler_hetznerterra_service_token must be provided for External Secrets bootstrap.
- name: Ensure external-secrets namespace exists
shell: kubectl create namespace external-secrets --dry-run=client -o yaml | kubectl apply -f -
changed_when: true
- name: Apply Doppler service token secret
shell: >-
kubectl -n external-secrets create secret generic doppler-hetznerterra-service-token
--from-literal=dopplerToken='{{ doppler_hetznerterra_service_token }}'
--dry-run=client -o yaml | kubectl apply -f -
changed_when: true
fix: avoid resetting healthy observability
2026-04-26 20:25:42 +00:00
no_log: true
fix: bootstrap doppler store outside flux
2026-03-09 02:58:26 +00:00
fix: defer doppler store until eso is installed
2026-03-20 09:30:17 +00:00
- name: Note pending Doppler ClusterSecretStore bootstrap
debug:
msg: >-
fix: wait for ESO webhook before ClusterSecretStore
2026-04-24 23:13:03 +00:00
Doppler service token secret is bootstrapped. The deploy workflow creates the
ClusterSecretStore after External Secrets CRDs and webhook endpoints are ready.
Reference in New Issue Copy Permalink