Add Trivy integration to noble cluster setup, including namespace and application configurations. Update README and playbook tags to reflect new security scanning capabilities. Enhance Longhorn and kube-prometheus-stack deployment reliability with increased timeout settings and retry mechanisms.

ansible/playbooks/noble.yml

@@ -4,7 +4,7 @@
 # Run from repo **ansible/** directory:  ansible-playbook playbooks/noble.yml
 #
 # Tags: repos, cilium, csi_snapshot, metrics, longhorn, metallb, kube_vip, traefik, cert_manager, newt,
-#       argocd, kyverno, kyverno_policies, platform, velero, all (default)
+#       argocd, kyverno, kyverno_policies, platform, trivy, velero, all (default)
 - name: Noble cluster — platform stack (Ansible-managed)
   hosts: localhost
   connection: local
@@ -206,6 +206,12 @@
       tags: [csi_snapshot, snapshot, storage]
     - role: noble_metrics_server
       tags: [metrics, metrics_server]
+    # Kyverno before Longhorn: Longhorn post-upgrade Job is admitted through Kyverno; policies use
+    # failurePolicy Ignore so webhook transport timeouts do not fail Helm (see policies-values.yaml).
+    - role: noble_kyverno
+      tags: [kyverno, policy]
+    - role: noble_kyverno_policies
+      tags: [kyverno_policies, policy]
     - role: noble_longhorn
       tags: [longhorn, storage]
     - role: noble_metallb
@@ -220,12 +226,10 @@
       tags: [newt]
     - role: noble_argocd
       tags: [argocd, gitops]
-    - role: noble_kyverno
-      tags: [kyverno, policy]
-    - role: noble_kyverno_policies
-      tags: [kyverno_policies, policy]
     - role: noble_platform
       tags: [platform, observability, apps]
+    - role: noble_trivy
+      tags: [trivy, security, scanning]
     - role: noble_velero
       tags: [velero, backups]
     - role: noble_landing_urls