OpenStaticFish/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wait for ESO webhook before ClusterSecretStore
Deploy Cluster / Terraform (push) Successful in 29s
Details
Deploy Cluster / Ansible (push) Failing after 10m13s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-04-24 23:13:03 +00:00
parent 7b2eca07ab
commit e56a3a6c38
2 changed files with 5 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/deploy.yml
+3
View File
@@ -347,6 +347,9 @@ jobs:
kubectl wait --for=condition=established --timeout=600s crd/clustersecretstores.external-secrets.io kubectl wait --for=condition=established --timeout=600s crd/clustersecretstores.external-secrets.io
kubectl wait --for=condition=established --timeout=600s crd/externalsecrets.external-secrets.io kubectl wait --for=condition=established --timeout=600s crd/externalsecrets.external-secrets.io
kubectl -n external-secrets rollout status deployment/external-secrets --timeout=600s kubectl -n external-secrets rollout status deployment/external-secrets --timeout=600s
wait_for_resource external-secrets service/external-secrets-external-secrets-webhook 600
wait_for_resource external-secrets endpoints/external-secrets-external-secrets-webhook 600
kubectl -n external-secrets wait --for=jsonpath='{.subsets[0].addresses[0].ip}' endpoints/external-secrets-external-secrets-webhook --timeout=600s
# Create Doppler ClusterSecretStore now that ESO CRDs are available # Create Doppler ClusterSecretStore now that ESO CRDs are available
kubectl apply -f - <<'EOF' kubectl apply -f - <<'EOF'
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
ansible/roles/doppler-bootstrap/tasks/main.yml
+2 -29
View File
@@ -16,35 +16,8 @@
--dry-run=client -o yaml | kubectl apply -f - --dry-run=client -o yaml | kubectl apply -f -
changed_when: true changed_when: true
- name: Check for ClusterSecretStore CRD
command: kubectl get crd clustersecretstores.external-secrets.io
register: doppler_clustersecretstore_crd
changed_when: false
failed_when: false
- name: Apply Doppler ClusterSecretStore
shell: |
cat <<'EOF' | kubectl apply -f -
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: doppler-hetznerterra
spec:
provider:
doppler:
auth:
secretRef:
dopplerToken:
name: doppler-hetznerterra-service-token
key: dopplerToken
namespace: external-secrets
EOF
changed_when: true
when: doppler_clustersecretstore_crd.rc == 0
- name: Note pending Doppler ClusterSecretStore bootstrap - name: Note pending Doppler ClusterSecretStore bootstrap
debug: debug:
msg: >- msg: >-
Skipping Doppler ClusterSecretStore bootstrap because the External Secrets CRD Doppler service token secret is bootstrapped. The deploy workflow creates the
is not available yet. Re-run after External Secrets is installed. ClusterSecretStore after External Secrets CRDs and webhook endpoints are ready.
when: doppler_clustersecretstore_crd.rc != 0