6 changed files with 36 additions and 37 deletions
--- a/ansible/roles/assets/tasks/main.yml
+++ b/ansible/roles/assets/tasks/main.yml
@ -29,3 +29,4 @@
 - import_tasks: manifests.yml
 - import_tasks: kubeadm.yml
 - import_tasks: containerimages.yml
+- import_tasks: nodetemplates.yml
--- a/ansible/roles/assets/tasks/nodetemplates.yml
+++ b/ansible/roles/assets/tasks/nodetemplates.yml
@ -0,0 +1,4 @@
+- name: Download node-template image
+  ansible.builtin.uri:
+    url: "{{ components.clusterapi.workload.node_template.url }}"
+    dest: /opt/workloadcluster/node-templates/{{ components.clusterapi.workload.node_template.url | basename}}
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml
@ -172,7 +172,7 @@

 - name: Generate nodepool kustomization manifest
  ansible.builtin.template:
-    src: kustomization.longhorn-storage.j2
+    src: kustomization.nodepool.j2
    dest: "{{ capi_clustermanifest.path }}/kustomization.yaml"
  vars:
    _template:
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
@ -4,6 +4,34 @@ resources:
 - cluster-template.yaml

 patches:
+- patch: |-
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: csi-vsphere-config
+      namespace: '${NAMESPACE}'
+    stringData:
+      data: |
+        apiVersion: v1
+        kind: Secret
+        metadata:
+          name: csi-vsphere-config
+          namespace: kube-system
+        stringData:
+          csi-vsphere.conf: |+
+            [Global]
+            insecure-flag = true
+            thumbprint = "${VSPHERE_TLS_THUMBPRINT}"
+            cluster-id = "${NAMESPACE}/${CLUSTER_NAME}"
+
+            [VirtualCenter "${VSPHERE_SERVER}"]
+            user = "${VSPHERE_USERNAME}"
+            password = "${VSPHERE_PASSWORD}"
+            datacenters = "${VSPHERE_DATACENTER}"
+
+            [Network]
+            public-network = "${VSPHERE_NETWORK}"
+        type: Opaque
 - patch: |-
    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
    kind: KubeadmControlPlane
@ -67,7 +95,6 @@ patches:
    spec:
      template:
        spec:
-          diskGiB: 60
          network:
            devices:
            - dhcp4: false
@ -87,7 +114,6 @@ patches:
    spec:
      template:
        spec:
-          diskGiB: 60
          network:
            devices:
            - dhcp4: false
@ -99,25 +125,6 @@ patches:
              - {{ _template.network.dnsserver }}
              networkName: '${VSPHERE_NETWORK}'

- target:
-    group: addons.cluster.x-k8s.io
-    version: v1beta1
-    kind: ClusterResourceSet
-    name: \${CLUSTER_NAME}-crs-0
-  patch: |-
-    - op: replace
-      path: /spec/resources
-      value:
-        - kind: Secret
-          name: cloud-controller-manager
-        - kind: Secret
-          name: cloud-provider-vsphere-credentials
-        - kind: ConfigMap
-          name: cpi-manifests
-    - op: add
-      path: /spec/strategy
-      value: Reconcile
-
 - target:
    group: controlplane.cluster.x-k8s.io
    version: v1beta1
@ -191,8 +198,6 @@ patches:
    - op: replace
      path: /metadata/name
      value: ${CLUSTER_NAME}-master
-    - op: remove
-      path: /spec/template/spec/thumbprint
 - target:
    group: controlplane.cluster.x-k8s.io
    version: v1beta1
@ -232,8 +237,6 @@ patches:
    - op: replace
      path: /spec/template/spec/memoryMiB
      value: {{ _template.nodesize.memory }}
-    - op: remove
-      path: /spec/template/spec/thumbprint
 - target:
    group: cluster.x-k8s.io
    version: v1beta1
@ -255,12 +258,3 @@ patches:
    - op: replace
      path: /metadata/name
      value: ${CLUSTER_NAME}-worker
-
- target:
-    group: infrastructure.cluster.x-k8s.io
-    version: v1beta1
-    kind: VSphereCluster
-    name: .*
-  patch: |-
-    - op: remove
-      path: /spec/thumbprint
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.longhorn-storage.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.longhorn-storage.j2
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -122,8 +122,8 @@ components:
        calico: v3.27.3
        k8s: v1.30.1
      node_template:
-      # Not used anymore; should be uploaded to hypervisor manually!
-      # https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/releases/download/templates%2Fv1.30.0/
+        # url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.27.1.ova
+        url: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/releases/download/templates%2Fv1.30.0/ubuntu-2204-kube-v1.30.0.ova

  dex:
    helm: