24 lines
936 B
YAML
24 lines
936 B
YAML
---
|
|
- name: Ensure Doppler service token is provided
|
|
assert:
|
|
that:
|
|
- doppler_hetznerterra_service_token | length > 0
|
|
fail_msg: doppler_hetznerterra_service_token must be provided for External Secrets bootstrap.
|
|
|
|
- name: Ensure external-secrets namespace exists
|
|
shell: kubectl create namespace external-secrets --dry-run=client -o yaml | kubectl apply -f -
|
|
changed_when: true
|
|
|
|
- name: Apply Doppler service token secret
|
|
shell: >-
|
|
kubectl -n external-secrets create secret generic doppler-hetznerterra-service-token
|
|
--from-literal=dopplerToken='{{ doppler_hetznerterra_service_token }}'
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
changed_when: true
|
|
|
|
- name: Note pending Doppler ClusterSecretStore bootstrap
|
|
debug:
|
|
msg: >-
|
|
Doppler service token secret is bootstrapped. The deploy workflow creates the
|
|
ClusterSecretStore after External Secrets CRDs and webhook endpoints are ready.
|