Enhance noble_landing_urls role by adding support for generating a Headlamp ServiceAccount token with a configurable duration. Update documentation to reflect changes in the markdown output for Headlamp sign-in. Modify fetch_credentials task to include token generation alongside existing credential fetching. These updates improve the usability and security of the Headlamp integration.

ansible/roles/noble_landing_urls/tasks/fetch_credentials.yml

@@ -1,5 +1,5 @@
 ---
-# Populates template variables from Secrets (no_log on kubectl to avoid leaking into Ansible stdout).
+# Populates template variables from Secrets + Headlamp token (no_log on kubectl to avoid leaking into Ansible stdout).
 - name: Fetch Argo CD initial admin password (base64)
   ansible.builtin.command:
     argv:
@@ -53,3 +53,20 @@
   failed_when: false
   changed_when: false
   no_log: true
+
+- name: Create Headlamp ServiceAccount token (for UI sign-in)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - -n
+      - headlamp
+      - create
+      - token
+      - headlamp
+      - "--duration={{ noble_landing_urls_headlamp_token_duration | default('48h') }}"
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  register: noble_fetch_headlamp_token
+  failed_when: false
+  changed_when: false
+  no_log: true