--- - name: check if private key exists ansible.builtin.command: kubectl get secrets sealed-secrets-keytsq4k -n kube-system register: key ignore_errors: true changed_when: false - name: Template private key file ansible.builtin.template: src: private.key.j2 dest: /root/private.key owner: root group: root mode: '0400' when: key.rc not in [ 0 ] no_log: "{{ no_debug | default('true') }}" - name: apply private key # noqa no-changed-when ansible.builtin.command: kubectl apply -f /root/private.key when: key.rc not in [ 0 ] - name: remove old pod # noqa no-changed-when ansible.builtin.command: kubectl delete pod -n kube-system -l name=sealed-secrets-controller when: key.rc not in [ 0 ] - name: remove private key file ansible.builtin.file: path: /root/private.key state: absent