Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.

clusters/noble/bootstrap/cilium/values-kpr.yaml

@@ -0,0 +1,49 @@
+# Optional phase 2: kube-proxy replacement via Cilium + KubePrism (Talos apid forwards :7445 → :6443).
+# Prerequisites:
+#   1. Phase 1 Cilium installed and healthy; nodes Ready.
+#   2. Add to Talos machine config on ALL nodes:
+#        cluster:
+#          proxy:
+#            disabled: true
+#      (keep cluster.network.cni.name: none). Regenerate, apply-config, reboot as needed.
+#   3. Remove legacy kube-proxy objects if still present:
+#        kubectl delete ds -n kube-system kube-proxy --ignore-not-found
+#        kubectl delete cm -n kube-system kube-proxy --ignore-not-found
+#   4. helm upgrade cilium ... -f values-kpr.yaml
+#
+# Ref: https://www.talos.dev/latest/kubernetes-guides/network/deploying-cilium/
+
+ipam:
+  mode: kubernetes
+
+kubeProxyReplacement: "true"
+
+k8sServiceHost: localhost
+k8sServicePort: "7445"
+
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+
+bpf:
+  masquerade: false