2022-11-04 20:58:37 +01:00
|
|
|
---
|
|
|
|
- name: check if private key exists
|
2023-08-23 23:20:26 +02:00
|
|
|
ansible.builtin.command: kubectl get secrets sealed-secrets-keytsq4k -n kube-system
|
2022-11-04 20:58:37 +01:00
|
|
|
register: key
|
|
|
|
ignore_errors: yes
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Template private key file
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: private.key.j2
|
|
|
|
dest: /root/private.key
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0400'
|
|
|
|
when: key.rc not in [ 0 ]
|
2023-08-23 23:20:26 +02:00
|
|
|
#no_log: True
|
2022-11-04 20:58:37 +01:00
|
|
|
|
|
|
|
- name: apply private key
|
|
|
|
ansible.builtin.command: kubectl apply -f /root/private.key
|
|
|
|
when: key.rc not in [ 0 ]
|
|
|
|
|
|
|
|
- name: remove old pod
|
|
|
|
ansible.builtin.command: kubectl delete pod -n kube-system -l name=sealed-secrets-controller
|
|
|
|
when: key.rc not in [ 0 ]
|
|
|
|
|
|
|
|
- name: remove private key file
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /root/private.key
|
|
|
|
state: absent
|