diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
index d8bbc73..bce344c 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
@@ -8,35 +8,39 @@
     kubeconfig: "{{ kubeconfig.path }}"
     values: "{{ components.stepcertificates.chart_values }}"
 
-- block:
+- name: Retrieve configmap w/ root certificate
+  kubernetes.core.k8s_info:
+    kind: ConfigMap
+    name: step-certificates-certs
+    namespace: step-ca
+    kubeconfig: "{{ kubeconfig.path }}"
+  register: stepca_cm_certs
 
-    - name: Retrieve configmap w/ root certificate
-      kubernetes.core.k8s_info:
-        kind: ConfigMap
+- name: Create target namespaces
+  kubernetes.core.k8s:
+    kind: Namespace
+    name: "{{ item }}"
+    state: present
+    kubeconfig: "{{ kubeconfig.path }}"
+  loop:
+    - argo-cd
+    # - kube-system
+
+- name: Store root certificate in namespaced secrets
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
         name: step-certificates-certs
-        namespace: step-ca
-        kubeconfig: "{{ kubeconfig.path }}"
-      register: stepca_cm_certs
-
-    - name: Store root certificate in namespaced secrets
-      kubernetes.core.k8s:
-        state: present
-        definition:
-          apiVersion: v1
-          kind: Secret
-          metadata:
-            name: step-certificates-certs
-            namespace: "{{ item }}"
-          data:
-            root_ca.crt: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
-        kubeconfig: "{{ kubeconfig.path }}"
-      loop:
-        - argo-cd
-        - kube-system
-
-  tags:
-    - never
-    - final
+        namespace: "{{ item }}"
+      data:
+        root_ca.crt: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
+    kubeconfig: "{{ kubeconfig.path }}"
+  loop:
+    - argo-cd
+    - kube-system
 
 - name: Configure step-ca passthrough ingress
   ansible.builtin.template:
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
index 5b99ca6..34400c5 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
@@ -15,7 +15,7 @@
         url: https://gitops.{{ vapp['metacluster.fqdn'] }}/api/version
         method: GET
       register: api_readycheck
-      until: api_readycheck.json.Version | default(false) | bool
+      until: api_readycheck.json.Version is defined
       retries: 3
       delay: 30