---
- name: begining chart deployments
  run_once: true
  no_log: true
  tags: 
    - k8s
    - k8s-apply-secrets
  block:

  - name: apply template based secrets
    ansible.builtin.template:
      src: "templates/shared/secret.yaml.j2"
      dest: "{{ k8s_manifests_path }}/{{ item.name }}-secret.yaml"
      mode: 0600
    loop: "{{ k8s_secrets }}"
    when:
      - item.values is defined
      - item.type == "template"

  - name: apply locally stored secrets
    delegate_to: localhost
    connection: local
    become: false
    ansible.builtin.shell: "{{ role_path }}/scripts/get-secret.sh"
    args:
      chdir: "{{ playbook_dir }}"
    environment:
      PLAYBOOK_DIR: "{{ playbook_dir }}"
      KUBECONTEXT: "{{ k8s_cluster_name }}"
      SECRET: "{{ item.source }}"
    loop: "{{ k8s_secrets }}"
    when:
      - item.values is defined
      - item.type == "file"