Refactor Argo CD application management by removing noble-kyverno and noble-platform configurations, transitioning to Ansible-driven installations. Update documentation to clarify the optional nature of app-of-apps and the role of kustomization.yaml as an empty resource holder. Ensure users are informed about the need to delete stale Applications when migrating from previous configurations.

ansible/roles/noble_platform/tasks/main.yml

@@ -0,0 +1,147 @@
+---
+# Mirrors former **noble-platform** Argo Application: Helm releases + plain manifests under clusters/noble/apps.
+- name: Apply clusters/noble/apps kustomize (namespaces, Grafana Loki datasource, Vault extras)
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - apply
+      - -k
+      - "{{ noble_repo_root }}/clusters/noble/apps"
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install Sealed Secrets
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - sealed-secrets
+      - sealed-secrets/sealed-secrets
+      - --namespace
+      - sealed-secrets
+      - --version
+      - "2.18.4"
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/sealed-secrets/values.yaml"
+      - --wait
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install External Secrets Operator
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - external-secrets
+      - external-secrets/external-secrets
+      - --namespace
+      - external-secrets
+      - --version
+      - "2.2.0"
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/external-secrets/values.yaml"
+      - --wait
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install Vault
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - vault
+      - hashicorp/vault
+      - --namespace
+      - vault
+      - --version
+      - "0.32.0"
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/vault/values.yaml"
+      - --wait
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install kube-prometheus-stack
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - kube-prometheus
+      - prometheus-community/kube-prometheus-stack
+      - -n
+      - monitoring
+      - --version
+      - "82.15.1"
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/kube-prometheus-stack/values.yaml"
+      - --wait
+      - --timeout
+      - 30m
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install Loki
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - loki
+      - grafana/loki
+      - -n
+      - loki
+      - --version
+      - "6.55.0"
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/loki/values.yaml"
+      - --wait
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install Fluent Bit
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - fluent-bit
+      - fluent/fluent-bit
+      - -n
+      - logging
+      - --version
+      - "0.56.0"
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/fluent-bit/values.yaml"
+      - --wait
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true
+
+- name: Install Headlamp
+  ansible.builtin.command:
+    argv:
+      - helm
+      - upgrade
+      - --install
+      - headlamp
+      - headlamp/headlamp
+      - --version
+      - "0.40.1"
+      - -n
+      - headlamp
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/headlamp/values.yaml"
+      - --wait
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  changed_when: true