Update .gitignore to include .env file and enhance README.md with instructions for deploying secrets. Refactor noble.yml to improve Kubernetes health check handling and update templates for error reporting. Modify cert-manager and metallb tasks to apply secrets from .env and adjust timeout settings. Clarify Newt installation requirements in tasks. These changes aim to streamline deployment processes and improve documentation clarity.

ansible/roles/noble_cert_manager/tasks/from_env.yml

@@ -0,0 +1,28 @@
+---
+# See repository **.env.sample** — copy to **.env** (gitignored).
+- name: Stat repository .env for deploy secrets
+  ansible.builtin.stat:
+    path: "{{ noble_repo_root }}/.env"
+  register: noble_deploy_env_file
+  changed_when: false
+
+- name: Create cert-manager Cloudflare DNS secret from .env
+  ansible.builtin.shell: |
+    set -euo pipefail
+    set -a
+    . "{{ noble_repo_root }}/.env"
+    set +a
+    if [ -z "${CLOUDFLARE_DNS_API_TOKEN:-}" ]; then
+      echo NO_TOKEN
+      exit 0
+    fi
+    kubectl -n cert-manager create secret generic cloudflare-dns-api-token \
+      --from-literal=api-token="${CLOUDFLARE_DNS_API_TOKEN}" \
+      --dry-run=client -o yaml | kubectl apply -f -
+    echo APPLIED
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  when: noble_deploy_env_file.stat.exists | default(false)
+  no_log: true
+  register: noble_cf_secret_from_env
+  changed_when: "'APPLIED' in (noble_cf_secret_from_env.stdout | default(''))"