store secrets & definitions in a tempfile dir, fix postgres label

roles/backup/tasks/awx-cro.yml

@@ -23,12 +23,12 @@
 - name: Template AWX object definition
   template:
     src: awx_object.yml.j2
-    dest: "_secrets/awx_object.yml"
+    dest: "{{ secrets_dir.path }}/awx_object.yml"
     mode: '0600'
 
 - name: Set AWX object template file as var
   set_fact:
-    awx_object_template: "{{ lookup('file', '_secrets/awx_object.yml') }}"
+    awx_object_template: "{{ lookup('file', '{{ secrets_dir.path }}/awx_object.yml') }}"
 
 - name: Write awx object to pvc
   k8s_exec:

roles/backup/tasks/cleanup.yml

@@ -1,11 +1,5 @@
 ---
 
-# After copying secret files to the PVC, delete the local tmp copies
-- name: Clean up _secrets directory
-  file:
-    path: "_secrets"
-    state: absent
-
 - name: Delete any existing management pod
   k8s:
     name: "{{ meta.name }}-db-management"

roles/backup/tasks/postgres.yml

@@ -32,7 +32,7 @@
     kind: Pod
     namespace: '{{ meta.namespace }}'
     label_selectors:
-      - "app={{ tower_name }}-{{ deployment_type }}-postgres"
+      - "app.kubernetes.io/name={{ tower_name }}-postgres"
   register: postgres_pod
   until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
   delay: 5

roles/backup/tasks/secrets.yml

@@ -1,10 +1,10 @@
 ---
 
-- name: Make _secrets directory
-  file:
-    path: "_secrets"
+- name: Make temp secrets directory
+  tempfile:
+    prefix: "secrets-"
     state: directory
-    mode: '0700'
+  register: secrets_dir
 
 - name: Get secret_key
   k8s_info:
@@ -20,12 +20,12 @@
 - name: Template secret_key definition
   template:
     src: secret_key_secret.yml.j2
-    dest: "_secrets/secret_key_secret.yml"
+    dest: "{{ secrets_dir.path }}/secret_key_secret.yml"
     mode: '0700'
 
 - name: Set secret key template
   set_fact:
-    secret_key_template: "{{ lookup('file', '_secrets/secret_key_secret.yml') }}"
+    secret_key_template: "{{ lookup('file', '{{ secrets_dir.path }}/secret_key_secret.yml') }}"
 
 - name: Write secret_key to pvc
   k8s_exec:
@@ -48,12 +48,12 @@
 - name: Template admin_password definition
   template:
     src: admin_password_secret.yml.j2
-    dest: "_secrets/admin_password_secret.yml"
+    dest: "{{ secrets_dir.path }}/admin_password_secret.yml"
     mode: '0700'
 
 - name: Set admin_password template
   set_fact:
-    admin_password_template: "{{ lookup('file', '_secrets/admin_password_secret.yml') }}"
+    admin_password_template: "{{ lookup('file', '{{ secrets_dir.path }}/admin_password_secret.yml') }}"
 
 - name: Write secret_key to pvc
   k8s_exec:
@@ -76,12 +76,12 @@
 - name: Template broadcast_websocket definition
   template:
     src: broadcast_websocket_secret.yml.j2
-    dest: "_secrets/broadcast_websocket_secret.yml"
+    dest: "{{ secrets_dir.path }}/broadcast_websocket_secret.yml"
     mode: '0700'
 
 - name: Set broadcast_websocket template
   set_fact:
-    broadcast_websocket_template: "{{ lookup('file', '_secrets/broadcast_websocket_secret.yml') }}"
+    broadcast_websocket_template: "{{ lookup('file', '{{ secrets_dir.path }}/broadcast_websocket_secret.yml') }}"
 
 - name: Write broadcast_websocket definition to pvc
   k8s_exec:
@@ -109,12 +109,12 @@
 - name: Template postgres configuration definition
   template:
     src: postgres_secret.yml.j2
-    dest: "_secrets/postgres_secret.yml"
+    dest: "{{ secrets_dir.path }}/postgres_secret.yml"
     mode: '0700'
 
 - name: Set postgres configuration
   set_fact:
-    postgres_secret_template: "{{ lookup('file', '_secrets/postgres_secret.yml') }}"
+    postgres_secret_template: "{{ lookup('file', '{{ secrets_dir.path }}/postgres_secret.yml') }}"
 
 - name: Write postgres configuration to pvc
   k8s_exec: