Update documentation and playbook to clarify Trivy Operator installation via Argo CD, removing direct Ansible role references. Adjust README and related files to reflect the new deployment order and ensure proper resource ownership, enhancing overall clarity for users.

2026-05-14 17:04:25 -04:00
parent c3c89b8f0a
commit a5869c242a
11 changed files with 25 additions and 20 deletions
--- a/ansible/roles/helm_repos/defaults/main.yml
+++ b/ansible/roles/helm_repos/defaults/main.yml
@@ -14,6 +14,5 @@ noble_helm_repos:
  - { name: headlamp, url: "https://kubernetes-sigs.github.io/headlamp/" }
  - { name: kyverno, url: "https://kyverno.github.io/kyverno/" }
  - { name: vmware-tanzu, url: "https://vmware-tanzu.github.io/helm-charts" }
-  - { name: aqua, url: "https://aquasecurity.github.io/helm-charts/" }
  - { name: goauthentik, url: "https://charts.goauthentik.io" }
  - { name: oauth2-proxy, url: "https://oauth2-proxy.github.io/manifests" }
--- a/ansible/roles/noble_argocd/tasks/applications_post_platform.yml
+++ b/ansible/roles/noble_argocd/tasks/applications_post_platform.yml
@@ -1,7 +1,7 @@
 ---
-# Run from **ansible/playbooks/noble.yml** *after* roles **noble_platform**, **noble_authentik**, **noble_trivy**,
-# **noble_velero** (see play **tasks:**). Leaf **Application** CRs must not be reconciled before Ansible Helm
-# finishes, or **argocd-controller** can SSA resources without Helm release metadata (e.g. Trivy ServiceAccount).
+# Run from **ansible/playbooks/noble.yml** *after* roles **noble_platform**, **noble_authentik**, **noble_velero**
+# (see play **tasks:**). Leaf **Application** CRs must not be reconciled before Ansible Helm finishes, or
+# **argocd-controller** can SSA resources without Helm release metadata (e.g. chart-owned ServiceAccounts).
 - name: Apply Argo CD root Application (app-of-apps)
  ansible.builtin.command:
    argv:
--- a/ansible/roles/noble_post_deploy/tasks/main.yml
+++ b/ansible/roles/noble_post_deploy/tasks/main.yml
@@ -9,7 +9,7 @@
 - name: Argo CD optional root Application (empty app-of-apps)
  ansible.builtin.debug:
    msg: >-
-      App-of-apps: at the **end** of **noble.yml** (after **noble_platform**, **noble_authentik**, **noble_trivy**,
+      App-of-apps: at the **end** of **noble.yml** (after **noble_platform**, **noble_authentik**,
      **noble_velero**), **noble_argocd** `applications_post_platform.yml` runs: root-application.yaml when
      noble_argocd_apply_root_application is true; bootstrap-root + **kubectl apply -k argocd/app-of-apps**
      when noble_argocd_apply_bootstrap_root_application is true (inventory/group_vars/all.yml).