Refactor Argo CD application management by removing noble-kyverno and noble-platform configurations, transitioning to Ansible-driven installations. Update documentation to clarify the optional nature of app-of-apps and the role of kustomization.yaml as an empty resource holder. Ensure users are informed about the need to delete stale Applications when migrating from previous configurations.

2026-03-28 15:17:54 -04:00
parent 207cdca0cf
commit 46cedc965f
40 changed files with 1264 additions and 187 deletions
--- a/ansible/roles/noble_post_deploy/tasks/main.yml
+++ b/ansible/roles/noble_post_deploy/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Vault — manual steps (not automated)
+  ansible.builtin.debug:
+    msg: |
+      1. kubectl -n vault get pods  (wait for Running)
+      2. kubectl -n vault exec -it vault-0 -- vault operator init  (once; save keys)
+      3. Unseal per clusters/noble/apps/vault/README.md
+      4. ./clusters/noble/apps/vault/configure-kubernetes-auth.sh
+      5. kubectl apply -f clusters/noble/apps/external-secrets/examples/vault-cluster-secret-store.yaml
+
+- name: Optional — apply Vault ClusterSecretStore for External Secrets
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - apply
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/apps/external-secrets/examples/vault-cluster-secret-store.yaml"
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  when: noble_apply_vault_cluster_secret_store | default(false) | bool
+  changed_when: true
+
+- name: Argo CD optional root Application (empty app-of-apps)
+  ansible.builtin.debug:
+    msg: >-
+      Optional: kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
+      after editing repoURL. Core workloads are not synced by Argo — see bootstrap/argocd/apps/README.md