homeserver/friedhof/mgrote_sealed_secrets/tasks/import.yml

---
- name: check if private key exists
  ansible.builtin.command: kubectl get secrets sealed-secrets-keytsq4k -n kube-system
  register: key
  ignore_errors: true
  changed_when: false

- name: Template private key file
  ansible.builtin.template:
    src: private.key.j2
    dest: /root/private.key
    owner: root
    group: root
    mode: '0400'
  when: key.rc not in [ 0 ]
  no_log: "{{ no_debug | default('true') }}"

- name: apply private key # noqa no-changed-when
  ansible.builtin.command: kubectl apply -f /root/private.key
  when: key.rc not in [ 0 ]

- name: remove old pod # noqa no-changed-when
  ansible.builtin.command: kubectl delete pod -n kube-system -l name=sealed-secrets-controller
  when: key.rc not in [ 0 ]

- name: remove private key file
  ansible.builtin.file:
    path: /root/private.key
    state: absent