homeserver/friedhof/mgrote_sealed_secrets/tasks/main.yml

27 lines
786 B
YAML
Raw Permalink Normal View History

---
- name: include user tasks
ansible.builtin.include_tasks: user.yml
- name: check if kubeseal is installed
ansible.builtin.command: which kubeseal
changed_when: false
failed_when: kubeseal_installed.rc not in [0,1]
register: kubeseal_installed
- name: download sealed_secrets binary
ansible.builtin.unarchive:
src: "{{ kubeseal_download_url }}"
dest: "{{ kubeseal_path_bin }}"
mode: "0755"
owner: "{{ sealed_secrets_user }}"
group: "{{ sealed_secrets_user_group }}"
remote_src: true
creates: "{{ kubeseal_path_bin }}/kubeseal"
when: kubeseal_installed.rc not in [ 0 ]
- name: include import tasks
ansible.builtin.include_tasks: import.yml
# der ganze block nur auf enem host
run_once: true
when: ansible_host == flux_install_host