23 lines
1.0 KiB
YAML
23 lines
1.0 KiB
YAML
# 可复用:在 kube-system 下确保 cloudflared-credentials Secret(key=TUNNEL_TOKEN)。
|
||
# 调用方传入 verify_tunnel_token(非空);no_log,勿在日志中回显 token。
|
||
- name: Assert verify_tunnel_token for cloudflared secret
|
||
ansible.builtin.assert:
|
||
that:
|
||
- verify_tunnel_token is defined
|
||
- (verify_tunnel_token | trim | length) > 0
|
||
fail_msg: "verify_common ensure-cloudflared-tunnel-secret:verify_tunnel_token 为空"
|
||
|
||
- name: Apply cloudflared-credentials Secret in kube-system
|
||
ansible.builtin.shell: |
|
||
set -euo pipefail
|
||
KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl -n kube-system create secret generic cloudflared-credentials \
|
||
--from-literal=TUNNEL_TOKEN="$TUNNEL_TOKEN" \
|
||
--dry-run=client -o yaml \
|
||
| KUBECONFIG={{ k3s_kubeconfig | default('/etc/rancher/k3s/k3s.yaml') }} kubectl apply -f -
|
||
environment:
|
||
TUNNEL_TOKEN: "{{ verify_tunnel_token | trim }}"
|
||
args:
|
||
executable: /bin/bash
|
||
changed_when: true
|
||
no_log: true
|