Update .gitignore to include .env file and enhance README.md with instructions for deploying secrets. Refactor noble.yml to improve Kubernetes health check handling and update templates for error reporting. Modify cert-manager and metallb tasks to apply secrets from .env and adjust timeout settings. Clarify Newt installation requirements in tasks. These changes aim to streamline deployment processes and improve documentation clarity.

2026-03-28 15:36:52 -04:00
parent 46cedc965f
commit a48ac16c14
15 changed files with 123 additions and 14 deletions
--- a/ansible/roles/noble_newt/tasks/from_env.yml
+++ b/ansible/roles/noble_newt/tasks/from_env.yml
@@ -0,0 +1,30 @@
+---
+# See repository **.env.sample** — copy to **.env** (gitignored).
+- name: Stat repository .env for deploy secrets
+  ansible.builtin.stat:
+    path: "{{ noble_repo_root }}/.env"
+  register: noble_deploy_env_file
+  changed_when: false
+
+- name: Create newt-pangolin-auth Secret from .env
+  ansible.builtin.shell: |
+    set -euo pipefail
+    set -a
+    . "{{ noble_repo_root }}/.env"
+    set +a
+    if [ -z "${PANGOLIN_ENDPOINT:-}" ] || [ -z "${NEWT_ID:-}" ] || [ -z "${NEWT_SECRET:-}" ]; then
+      echo NO_VARS
+      exit 0
+    fi
+    kubectl -n newt create secret generic newt-pangolin-auth \
+      --from-literal=PANGOLIN_ENDPOINT="${PANGOLIN_ENDPOINT}" \
+      --from-literal=NEWT_ID="${NEWT_ID}" \
+      --from-literal=NEWT_SECRET="${NEWT_SECRET}" \
+      --dry-run=client -o yaml | kubectl apply -f -
+    echo APPLIED
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  when: noble_deploy_env_file.stat.exists | default(false)
+  no_log: true
+  register: noble_newt_secret_from_env
+  changed_when: "'APPLIED' in (noble_newt_secret_from_env.stdout | default(''))"