---
- hosts: h1.pdp7.net
  tasks:
  - name: get public cert
    ansible.builtin.slurp:
      src: "/etc/apache2/md/domains/alex.corcoles.net/pubcert.pem"
    register: public_cert
  - name: get private key
    ansible.builtin.slurp:
      src: "/etc/apache2/md/domains/alex.corcoles.net/privkey.pem"
    register: private_key
  - name: push secret
    k8s:
      context: "admin@k8s-prod.h1"
      state: present
      definition:
        kind: Secret
        metadata:
          namespace: blog
          name: tls-gemini
        data:
          tls.crt: "{{ public_cert.content }}"
          tls.key: "{{ private_key.content }}"
    delegate_to: 127.0.0.1
  - name: restart pods
    command: kubectl --context admin@k8s-prod.h1 rollout restart -n blog deployment/blog
    delegate_to: 127.0.0.1