Ansible creates resources for disabled applications.
If an application is disabled (or better put: not enabled by putting it in enabled_applications
), the ansible tasks for that application will be run regardless.
I came across this issue when trying to restore a velero backup. This can be harmful, because the ansible tasks for applications can create new secrets, with new passwords, if you do not have the secrets
folder of your old cluster on your provisioning machine. Additionally, we create PVCs for applications that are not enabled and thus not used.
Velero seems to recover (some?) data to a PVC that was created by our ansible playbook, but it refuses to restore secrets that were already created by our playbook.