fix: Generate and store kubeconfig in repository

ansible/roles/firstboot/files/ansible_payload/bootstrap/playbook.yml

@@ -2,6 +2,9 @@
 - hosts: 127.0.0.1
   connection: local
   gather_facts: true
+  vars:
+    # Needed by some templating in various tasks
+    _newline: "\n"
   vars_files:
     - defaults.yml
     - metacluster.yml

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml

@@ -109,7 +109,6 @@
         state: present
         kubeconfig: "{{ kubeconfig.path }}"
       vars:
-        _newline: "\n"
         _template:
           name: "{{ item.name }}"
           namespace: "{{ item.namespace }}"

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml

@@ -125,6 +125,12 @@
                 auto_init: true
                 default_branch: main
                 description: GitOps manifests
+            - organization: wl
+              body:
+                name: ClusterAccess.Store
+                auto_init: true
+                default_branch: main
+                description: Kubeconfig files
           loop_control:
             label: "{{ item.organization ~ '/' ~ item.body.name }}"
 

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/authentication.yml

@@ -0,0 +1,36 @@
+- name: Initialize tempfolder
+  ansible.builtin.tempfile:
+    state: directory
+  register: pinniped_kubeconfig
+
+- name: Pull existing repository
+  ansible.builtin.git:
+    repo: https://git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
+    dest: "{{ pinniped_kubeconfig.path }}"
+    version: main
+
+- name: Generate kubeconfig
+  ansible.builtin.shell:
+    cmd: pinniped get kubeconfig --kubeconfig {{ capi_kubeconfig.path }}
+  register: pinniped_config
+
+- name: Store kubeconfig in tempfile
+  ansible.builtin.copy:
+    dest: "{{ pinniped_kubeconfig.path }}"
+    content: "{{ pinniped_config.stdout }}"
+    mode: 0600
+  no_log: true
+
+- name: Push git repository
+  lvrfrc87.git_acp.git_acp:
+    path: "{{ pinniped_kubeconfig.path }}"
+    branch: main
+    comment: "Upload kubeconfig files"
+    add:
+      - .
+    url: https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/ClusterAccess.Store.git
+  environment:
+    GIT_AUTHOR_NAME: administrator
+    GIT_AUTHOR_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
+    GIT_COMMITTER_NAME: administrator
+    GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/gitops.yml

@@ -34,7 +34,6 @@
   vars:
     manifest: "{{ item.0 }}"
     src: "{{ item.1.src }}"
-    _newline: "\n"
     _template: "{{ item.1._template }}"
   loop: "{{ query('ansible.builtin.subelements', query('ansible.builtin.dict', downstream_components), 'value.extra_manifests') }}"
   loop_control:
@@ -70,19 +69,6 @@
     GIT_COMMITTER_NAME: administrator
     GIT_COMMITTER_EMAIL: administrator@{{ vapp['metacluster.fqdn'] }}
 
-# - name: Initialize/Push git repository
-#   ansible.builtin.shell:
-#     cmd: |
-#       git init
-#       git config --global user.email "administrator@{{ vapp['metacluster.fqdn'] }}"
-#       git config --global user.name "administrator"
-#       git checkout -b main
-#       git add .
-#       git commit -m "Upload charts"
-#       git remote add origin https://git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git
-#       git push https://administrator:{{ vapp['metacluster.password'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/wl/GitOps.Config.git --all
-#     chdir: /opt/workloadcluster/git-repositories/gitops
-
 - name: Retrieve workload-cluster kubeconfig
   kubernetes.core.k8s_info:
     kind: Secret

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/main.yml

@@ -6,6 +6,7 @@
 
     - import_tasks: clusterapi.yml
     - import_tasks: gitops.yml
+    - import_tasks: authentication.yml
 
   when:
     - vapp['deployment.type'] != 'core'

ansible/vars/metacluster.yml

@@ -117,9 +117,9 @@ components:
             - https://auth.{{ vapp['metacluster.fqdn'] }}/sso/callback
           enablePasswordDB: true
           staticPasswords:
-          - email: admin@{{ vapp['metacluster.fqdn'] }}
+          - email: user@{{ vapp['metacluster.fqdn'] }}
             hash: "{{ vapp['metacluster.password'] | password_hash('bcrypt') }}"
-            username: admin
+            username: user
             userID: "{{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['metacluster.fqdn']) | to_uuid }}"
         ingress:
           enabled: true