Update .gitignore to include generated noble-lab-ui-urls.md and enhance README.md with new role documentation. Refactor noble.yml to incorporate noble_landing_urls role for improved URL management. Add ingress configurations for alertmanager, prometheus, longhorn, and vault to support TLS termination via Traefik. Update network policies and values.yaml for vault to allow traffic from Traefik. These changes aim to streamline deployment and enhance service accessibility.

ansible/roles/noble_landing_urls/tasks/fetch_credentials.yml

@@ -0,0 +1,55 @@
+---
+# Populates template variables from Secrets (no_log on kubectl to avoid leaking into Ansible stdout).
+- name: Fetch Argo CD initial admin password (base64)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - argocd
+      - get
+      - secret
+      - argocd-initial-admin-secret
+      - -o
+      - jsonpath={.data.password}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_argocd_pw_b64
+  failed_when: false
+  changed_when: false
+  no_log: true
+
+- name: Fetch Grafana admin user (base64)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - monitoring
+      - get
+      - secret
+      - kube-prometheus-grafana
+      - -o
+      - jsonpath={.data.admin-user}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_grafana_user_b64
+  failed_when: false
+  changed_when: false
+  no_log: true
+
+- name: Fetch Grafana admin password (base64)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - monitoring
+      - get
+      - secret
+      - kube-prometheus-grafana
+      - -o
+      - jsonpath={.data.admin-password}
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_grafana_pw_b64
+  failed_when: false
+  changed_when: false
+  no_log: true