Remove deprecated Argo CD application configurations for various components including cert-manager, Cilium, CSI snapshot controllers, kube-vip, and others. Update README.md to reflect the current state of leaf applications and clarify optional components. Adjust kustomization files to streamline resource management for bootstrap workloads.

clusters/noble/bootstrap/argocd/README.md

@@ -57,8 +57,6 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o
 1. Edit **`root-application.yaml`** and **`bootstrap-root-application.yaml`**: set **`repoURL`** and **`targetRevision`**. The **`resources-finalizer.argocd.argoproj.io/background`** finalizer uses Argo’s path-qualified form so **`kubectl apply`** does not warn about finalizer names.
 2. Optional add-on apps: add **`Application`** manifests under **`clusters/noble/apps/`** (see **`clusters/noble/apps/README.md`**).
 3. **Bootstrap kustomize** (namespaces, datasource, leaf **`Application`**s under **`argocd/app-of-apps/`**, etc.): **`noble-bootstrap-root`** syncs **`clusters/noble/bootstrap`**. It is created with **manual** sync only so Argo does not apply changes while **`noble.yml`** is still running.
-   Current leaf apps include: **cilium**, **metrics-server**, **longhorn**, **metallb**, **traefik**, **cert-manager**, **kube-vip**, **csi-snapshot-crds**, **csi-snapshot-controller**, **kyverno**, **kyverno-policies**, **kube-prometheus**, **loki**, **fluent-bit**, **headlamp**.
-   Optional components with extra runtime credentials (for example **newt** and **velero**) are still Ansible-driven by default.
 
    **`ansible/playbooks/noble.yml`** (role **`noble_argocd`**) applies both roots when **`noble_argocd_apply_root_application`** / **`noble_argocd_apply_bootstrap_root_application`** are true in **`ansible/group_vars/all.yml`**.
 

clusters/noble/bootstrap/argocd/app-of-apps/cert-manager-application.yaml

@@ -1,33 +0,0 @@
-# Bootstrap app-of-apps leaf: cert-manager (namespace + issuers + Helm chart).
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-cert-manager
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      path: clusters/noble/bootstrap/cert-manager
-    - repoURL: https://charts.jetstack.io
-      chart: cert-manager
-      targetRevision: v1.20.0
-      helm:
-        releaseName: cert-manager
-        valueFiles:
-          - $values/clusters/noble/bootstrap/cert-manager/values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: cert-manager
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/cilium-application.yaml

@@ -1,30 +0,0 @@
-# Bootstrap app-of-apps leaf: Cilium CNI.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-cilium
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://helm.cilium.io/
-      chart: cilium
-      targetRevision: 1.16.6
-      helm:
-        releaseName: cilium
-        valueFiles:
-          - $values/clusters/noble/bootstrap/cilium/values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kube-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-controller-application.yaml

@@ -1,21 +0,0 @@
-# Bootstrap app-of-apps leaf: external-snapshotter controller manifests.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-csi-snapshot-controller
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  source:
-    repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-    targetRevision: HEAD
-    path: clusters/noble/bootstrap/csi-snapshot-controller/controller
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kube-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true

clusters/noble/bootstrap/argocd/app-of-apps/csi-snapshot-crds-application.yaml

@@ -1,21 +0,0 @@
-# Bootstrap app-of-apps leaf: external-snapshotter CRDs.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-csi-snapshot-crds
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  source:
-    repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-    targetRevision: HEAD
-    path: clusters/noble/bootstrap/csi-snapshot-controller/crd
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kube-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true

clusters/noble/bootstrap/argocd/app-of-apps/kube-vip-application.yaml

@@ -1,21 +0,0 @@
-# Bootstrap app-of-apps leaf: kube-vip API virtual IP manifests.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-kube-vip
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  source:
-    repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-    targetRevision: HEAD
-    path: clusters/noble/bootstrap/kube-vip
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kube-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true

clusters/noble/bootstrap/argocd/app-of-apps/kustomization.yaml

@@ -1,20 +1,9 @@
-# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**.
+# Sub-kustomization included by **clusters/noble/bootstrap/kustomization.yaml**. Leaf **Application** /
-# Leaf Argo **Application** resources for bootstrap workloads that should appear as separate apps
+# **AppProject** resources (Helm apps you migrate off raw **helm upgrade** in Ansible). Synced with the
-# in Argo CD under **noble-bootstrap-root**.
+# rest of **clusters/noble/bootstrap** via **noble-bootstrap-root** once automated sync is enabled.
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - cilium-application.yaml
-  - metrics-server-application.yaml
-  - longhorn-application.yaml
-  - metallb-application.yaml
-  - traefik-application.yaml
-  - cert-manager-application.yaml
-  - kyverno-application.yaml
-  - kyverno-policies-application.yaml
-  - kube-vip-application.yaml
-  - csi-snapshot-crds-application.yaml
-  - csi-snapshot-controller-application.yaml
   - kube-prometheus-application.yaml
   - loki-application.yaml
   - fluent-bit-application.yaml

clusters/noble/bootstrap/argocd/app-of-apps/kyverno-application.yaml

@@ -1,30 +0,0 @@
-# Bootstrap app-of-apps leaf: Kyverno admission controller.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-kyverno
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://kyverno.github.io/kyverno/
-      chart: kyverno
-      targetRevision: 3.7.1
-      helm:
-        releaseName: kyverno
-        valueFiles:
-          - $values/clusters/noble/bootstrap/kyverno/values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kyverno
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/kyverno-policies-application.yaml

@@ -1,30 +0,0 @@
-# Bootstrap app-of-apps leaf: Kyverno policy chart.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-kyverno-policies
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://kyverno.github.io/kyverno/
-      chart: kyverno-policies
-      targetRevision: 3.7.1
-      helm:
-        releaseName: kyverno-policies
-        valueFiles:
-          - $values/clusters/noble/bootstrap/kyverno/policies-values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kyverno
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/longhorn-application.yaml

@@ -1,33 +0,0 @@
-# Bootstrap app-of-apps leaf: Longhorn (namespace labels + Helm chart).
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-longhorn
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      path: clusters/noble/bootstrap/longhorn
-    - repoURL: https://charts.longhorn.io
-      chart: longhorn
-      targetRevision: 1.11.1
-      helm:
-        releaseName: longhorn
-        valueFiles:
-          - $values/clusters/noble/bootstrap/longhorn/values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: longhorn-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/metallb-application.yaml

@@ -1,28 +0,0 @@
-# Bootstrap app-of-apps leaf: MetalLB (namespace labels + Helm chart + IP pool/L2 advert).
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-metallb
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      path: clusters/noble/bootstrap/metallb
-    - repoURL: https://metallb.github.io/metallb
-      chart: metallb
-      targetRevision: 0.15.3
-      helm:
-        releaseName: metallb
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: metallb-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/metrics-server-application.yaml

@@ -1,30 +0,0 @@
-# Bootstrap app-of-apps leaf: metrics-server.
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-metrics-server
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://kubernetes-sigs.github.io/metrics-server/
-      chart: metrics-server
-      targetRevision: 3.13.0
-      helm:
-        releaseName: metrics-server
-        valueFiles:
-          - $values/clusters/noble/bootstrap/metrics-server/values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kube-system
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/argocd/app-of-apps/traefik-application.yaml

@@ -1,30 +0,0 @@
-# Bootstrap app-of-apps leaf: Traefik ingress (namespace + Helm chart).
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: noble-traefik
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io/background
-spec:
-  project: default
-  sources:
-    - repoURL: https://traefik.github.io/charts
-      chart: traefik
-      targetRevision: 39.0.6
-      helm:
-        releaseName: traefik
-        valueFiles:
-          - $values/clusters/noble/bootstrap/traefik/values.yaml
-    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-      targetRevision: HEAD
-      ref: values
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: traefik
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true

clusters/noble/bootstrap/cert-manager/kustomization.yaml

@@ -1,6 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - namespace.yaml
   - clusterissuer-letsencrypt-staging.yaml
   - clusterissuer-letsencrypt-prod.yaml

clusters/noble/bootstrap/metallb/kustomization.yaml

@@ -1,5 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - namespace.yaml
   - ip-address-pool.yaml