Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.

clusters/noble/bootstrap/external-secrets/examples/vault-cluster-secret-store.yaml

@@ -0,0 +1,31 @@
+# ClusterSecretStore for HashiCorp Vault (KV v2) using Kubernetes auth.
+#
+# Do not apply until Vault is running, reachable from the cluster, and configured with:
+# - Kubernetes auth at mountPath (default: kubernetes)
+# - A role (below: external-secrets) bound to this service account:
+#     name: external-secrets
+#     namespace: external-secrets
+# - A policy allowing read on the KV path used below (e.g. secret/data/* for path "secret")
+#
+# Adjust server, mountPath, role, and path to match your Vault deployment. If Vault uses TLS
+# with a private CA, set provider.vault.caProvider or caBundle (see README).
+#
+# kubectl apply -f clusters/noble/apps/external-secrets/examples/vault-cluster-secret-store.yaml
+---
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: vault
+spec:
+  provider:
+    vault:
+      server: "http://vault.vault.svc.cluster.local:8200"
+      path: secret
+      version: v2
+      auth:
+        kubernetes:
+          mountPath: kubernetes
+          role: external-secrets
+          serviceAccountRef:
+            name: external-secrets
+            namespace: external-secrets