0

Is it possible to create and k8s secret from a file in ansible?

Currently, I am doing it like this but it only works on the first run because if I run the playbook again it says the secret already exists

- name: generate keypair 
  openssh_keypair:
    path: /srv/{{item.namespace}}/id_{{item.name}}_rsa  
  when: item.additional_keys == true
  loop: "{{ containers_release }}"

- name: create private key secret for auth api
  shell: kubectl -n {{ item.namespace }} create secret generic id-{{ item.name }}-rsa-priv --from-file=/srv/{{ item.namespace }}/id_authapi_rsa
  when: item.additional_keys == true
  loop: "{{ containers_release }}"

- name: create public key secret for {{ item.name }}
  shell: kubectl -n {{ item.namespace }} create secret generic id-{{ item.name }}-rsa-pub --from-file=/srv/{{ item.namespace }}/id_{{ item.name }}_rsa.pub
  when: item.additional_keys == true
  loop: "{{ containers_release }}"
Ydrab
  • 21
  • 1
  • 5
  • Ansible is idempotent. If the configuration is already in place, Ansible makes no change. That is why after running playbook again your are getting playbook again it say info that the secret already exists. Did you take a look https://stackoverflow.com/questions/59203583/how-can-i-create-a-kubernetes-secret-with-ansible – Malgorzata Mar 11 '21 at 14:32
  • 1
    Does this answer your question? [How can I create a Kubernetes Secret with Ansible?](https://stackoverflow.com/questions/59203583/how-can-i-create-a-kubernetes-secret-with-ansible) – Andrew Savinykh Oct 20 '21 at 23:24

1 Answers1

1

As I have mentioned in comment section ansible is idempotent. If the configuration is already in place, ansible makes no change after redeploying. That is why after running playbook again your are getting playbook again it say info that the secret already exists.

Take a look: create-secret-with-ansible.

You can try to use SecretHub.

See: ansible-playbook-secret.

Malgorzata
  • 6,409
  • 1
  • 10
  • 27