Refactor Argo CD application management by removing noble-kyverno and noble-platform configurations, transitioning to Ansible-driven installations. Update documentation to clarify the optional nature of app-of-apps and the role of kustomization.yaml as an empty resource holder. Ensure users are informed about the need to delete stale Applications when migrating from previous configurations.

2026-03-28 15:17:54 -04:00
parent 207cdca0cf
commit 46cedc965f
40 changed files with 1264 additions and 187 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -0,0 +1,23 @@
+---
+# noble_repo_root / noble_kubeconfig are set in playbooks (use **playbook_dir** magic var).
+
+# When kubeconfig points at the API VIP but this workstation cannot reach the lab LAN (VPN off, etc.),
+# set a reachable control-plane URL — same as: kubectl config set-cluster noble --server=https://<cp-ip>:6443
+# Example: ansible-playbook playbooks/noble.yml -e 'noble_k8s_api_server_override=https://192.168.50.20:6443'
+noble_k8s_api_server_override: ""
+
+# When /healthz fails with **network unreachable** to the VIP and **override** is empty, retry using this URL (neon).
+noble_k8s_api_server_auto_fallback: true
+noble_k8s_api_server_fallback: "https://192.168.50.20:6443"
+
+# Only if you must skip the kubectl /healthz preflight (not recommended).
+noble_skip_k8s_health_check: false
+
+# Pangolin / Newt — set true only after creating newt-pangolin-auth Secret (see clusters/noble/apps/newt/README.md)
+noble_newt_install: false
+
+# cert-manager needs Secret cloudflare-dns-api-token in cert-manager namespace before ClusterIssuers work
+noble_cert_manager_require_cloudflare_secret: true
+
+# post_deploy.yml — apply Vault ClusterSecretStore only after Vault is initialized and K8s auth is configured
+noble_apply_vault_cluster_secret_store: false