- block:

    - name: Initialize tempfile
      ansible.builtin.tempfile:
        state: file
      register: values_file

    - name: Lookup current chart values
      kubernetes.core.helm_info:
        name: step-certificates
        namespace: step-ca
        kubeconfig: "{{ kubeconfig.path }}"
      register: stepca_values

    - name: Write chart values w/ password to tempfile
      ansible.builtin.copy:
        dest: "{{ values_file.path }}"
        content: "{{ stepca_values.status | json_query('values') | to_yaml }}"
      no_log: true

    - name: Upgrade step-ca chart
      kubernetes.core.helm:
        name: step-certificates
        chart_ref: /opt/metacluster/helm-charts/step-certificates
        release_namespace: step-ca
        wait: false
        kubeconfig: "{{ kubeconfig.path }}"
        values_files:
          - "{{ values_file.path }}"

    - name: Cleanup tempfile
      ansible.builtin.file:
        path: "{{ values_file.path }}"
        state: absent
      when: values_file.path is defined

    - name: Ensure step-ca API availability
      ansible.builtin.uri:
        url: https://ca.{{ vapp['metacluster.fqdn'] }}/health
        method: GET
      register: api_readycheck
      until:
        - api_readycheck.json.status is defined
        - api_readycheck.json.status == 'ok'
      retries: "{{ playbook.retries }}"
      delay: "{{ (storage_benchmark | int) * (playbook.delay.long | int) }}"

  module_defaults:
    ansible.builtin.uri:
      validate_certs: no
      status_code: [200, 201]
      body_format: json