From ce0b7834ff4fb25ad9809b4b1e0b8f609f770498 Mon Sep 17 00:00:00 2001
From: Frank Ritchie <12985912+fritchie@users.noreply.github.com>
Date: Mon, 19 Apr 2021 05:06:36 -0400
Subject: [PATCH] Refactor cilium_ipsec_enabled check (#7520)

This is a followup to

https://github.com/kubernetes-sigs/kubespray/pull/7413

Although the code worked there was a desire for a better solution.
Hopefully people will be happy with this alternative.
---
 roles/network_plugin/cilium/tasks/install.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml
index 5c2d46639..c6e59f47d 100644
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -33,14 +33,14 @@
     - {name: cilium, file: cilium-config.yml, type: cm}
     - {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}
     - {name: cilium, file: cilium-cr.yml, type: clusterrole}
-    - {name: cilium, file: cilium-secret.yml, type: secret}
+    - {name: cilium, file: cilium-secret.yml, type: secret, when: "{{ cilium_ipsec_enabled }}"}
     - {name: cilium, file: cilium-ds.yml, type: ds}
     - {name: cilium, file: cilium-deploy.yml, type: deploy}
     - {name: cilium, file: cilium-sa.yml, type: sa}
   register: cilium_node_manifests
   when:
     - inventory_hostname in groups['kube_control_plane']
-    - item.file != "cilium-secret.yml" or (item.file == "cilium-secret.yml" and cilium_ipsec_enabled)
+    - item.when | default(True) | bool
 
 - name: Cilium | Enable portmap addon
   template: