28 lines
1.1 KiB
YAML
28 lines
1.1 KiB
YAML
---
|
|
- name: Vault — manual steps (not automated)
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
1. kubectl -n vault get pods (wait for Running)
|
|
2. kubectl -n vault exec -it vault-0 -- vault operator init (once; save keys)
|
|
3. Unseal per clusters/noble/bootstrap/vault/README.md
|
|
4. ./clusters/noble/bootstrap/vault/configure-kubernetes-auth.sh
|
|
5. kubectl apply -f clusters/noble/bootstrap/external-secrets/examples/vault-cluster-secret-store.yaml
|
|
|
|
- name: Optional — apply Vault ClusterSecretStore for External Secrets
|
|
ansible.builtin.command:
|
|
argv:
|
|
- kubectl
|
|
- apply
|
|
- -f
|
|
- "{{ noble_repo_root }}/clusters/noble/bootstrap/external-secrets/examples/vault-cluster-secret-store.yaml"
|
|
environment:
|
|
KUBECONFIG: "{{ noble_kubeconfig }}"
|
|
when: noble_apply_vault_cluster_secret_store | default(false) | bool
|
|
changed_when: true
|
|
|
|
- name: Argo CD optional root Application (empty app-of-apps)
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
Optional: kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
|
|
after editing repoURL. Core workloads are not synced by Argo — see clusters/noble/apps/README.md
|