Update .gitignore to include generated noble-lab-ui-urls.md and enhance README.md with new role documentation. Refactor noble.yml to incorporate noble_landing_urls role for improved URL management. Add ingress configurations for alertmanager, prometheus, longhorn, and vault to support TLS termination via Traefik. Update network policies and values.yaml for vault to allow traffic from Traefik. These changes aim to streamline deployment and enhance service accessibility.

2026-03-28 16:32:21 -04:00
parent a48ac16c14
commit 0e8eaa2f0d
15 changed files with 284 additions and 3 deletions
--- a/ansible/roles/noble_landing_urls/tasks/fetch_credentials.yml
+++ b/ansible/roles/noble_landing_urls/tasks/fetch_credentials.yml
@@ -0,0 +1,55 @@
+---
+# Populates template variables from Secrets (no_log on kubectl to avoid leaking into Ansible stdout).
+- name: Fetch Argo CD initial admin password (base64)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - argocd
+      - get
+      - secret
+      - argocd-initial-admin-secret
+      - -o
+      - jsonpath={.data.password}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_argocd_pw_b64
+  failed_when: false
+  changed_when: false
+  no_log: true
+
+- name: Fetch Grafana admin user (base64)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - monitoring
+      - get
+      - secret
+      - kube-prometheus-grafana
+      - -o
+      - jsonpath={.data.admin-user}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_grafana_user_b64
+  failed_when: false
+  changed_when: false
+  no_log: true
+
+- name: Fetch Grafana admin password (base64)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - monitoring
+      - get
+      - secret
+      - kube-prometheus-grafana
+      - -o
+      - jsonpath={.data.admin-password}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_grafana_pw_b64
+  failed_when: false
+  changed_when: false
+  no_log: true
--- a/ansible/roles/noble_landing_urls/tasks/main.yml
+++ b/ansible/roles/noble_landing_urls/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Ensure output directory for generated landing page
+  ansible.builtin.file:
+    path: "{{ noble_repo_root }}/ansible/output"
+    state: directory
+    mode: "0755"
+
+- name: Fetch initial credentials from cluster Secrets (optional)
+  ansible.builtin.include_tasks: fetch_credentials.yml
+  when: noble_landing_urls_fetch_credentials | default(true) | bool
+
+- name: Write noble lab UI URLs (markdown landing page)
+  ansible.builtin.template:
+    src: noble-lab-ui-urls.md.j2
+    dest: "{{ noble_landing_urls_dest }}"
+    mode: "0644"
+
+- name: Show landing page path
+  ansible.builtin.debug:
+    msg: "Noble lab UI list written to {{ noble_landing_urls_dest }}"