Refactor Argo CD application management by removing the obsolete root-application.yaml and updating the bootstrap-root-application.yaml to include optional add-on Application manifests from clusters/noble/apps. Adjust documentation to clarify the deployment order and resource ownership, ensuring a streamlined GitOps process with Ansible and Argo CD.

2026-05-14 17:18:41 -04:00
parent 4cb8574109
commit c347416668
18 changed files with 54 additions and 93 deletions
--- a/ansible/roles/noble_argocd/defaults/main.yml
+++ b/ansible/roles/noble_argocd/defaults/main.yml
@@ -1,6 +1,3 @@
 ---
-# When true, applies clusters/noble/bootstrap/argocd/root-application.yaml (app-of-apps).
-# Edit spec.source.repoURL in that file if your Git remote differs.
-noble_argocd_apply_root_application: false
 # When true, applies clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml (noble-bootstrap-root; manual sync until README §5).
 noble_argocd_apply_bootstrap_root_application: true
--- a/ansible/roles/noble_argocd/tasks/applications_post_platform.yml
+++ b/ansible/roles/noble_argocd/tasks/applications_post_platform.yml
@@ -2,18 +2,6 @@
 # Run from **ansible/playbooks/noble.yml** *after* roles **noble_platform**, **noble_authentik**, **noble_velero**
 # (see play **tasks:**). Leaf **Application** CRs must not be reconciled before Ansible Helm finishes, or
 # **argocd-controller** can SSA resources without Helm release metadata (e.g. chart-owned ServiceAccounts).
- name: Apply Argo CD root Application (app-of-apps)
-  ansible.builtin.command:
-    argv:
-      - kubectl
-      - apply
-      - -f
-      - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/root-application.yaml"
-  environment:
-    KUBECONFIG: "{{ noble_kubeconfig }}"
-  when: noble_argocd_apply_root_application | default(false) | bool
-  changed_when: true
-
 - name: Apply Argo CD bootstrap root Application
  ansible.builtin.command:
    argv:
--- a/ansible/roles/noble_post_deploy/tasks/main.yml
+++ b/ansible/roles/noble_post_deploy/tasks/main.yml
@@ -6,12 +6,12 @@
      Private key: age-key.txt at repo root (gitignored). See clusters/noble/secrets/README.md
      and .sops.yaml. noble.yml decrypt-applies these when age-key.txt exists.

- name: Argo CD optional root Application (empty app-of-apps)
+- name: Argo CD bootstrap root and leaf Applications
  ansible.builtin.debug:
    msg: >-
      App-of-apps: at the **end** of **noble.yml** (after **noble_platform**, **noble_authentik**,
-      **noble_velero**), **noble_argocd** `applications_post_platform.yml` runs: root-application.yaml when
-      noble_argocd_apply_root_application is true; bootstrap-root + **kubectl apply -k argocd/app-of-apps**
-      when noble_argocd_apply_bootstrap_root_application is true (inventory/group_vars/all.yml).
-      noble-bootstrap-root uses manual sync until you enable automation after the playbook —
+      **noble_velero**), **noble_argocd** `applications_post_platform.yml` applies **bootstrap-root-application.yaml**
+      and **kubectl apply -k argocd/app-of-apps** when **noble_argocd_apply_bootstrap_root_application** is true
+      (inventory/group_vars/all.yml).
+      **noble-bootstrap-root** syncs **clusters/noble/bootstrap** (which includes **clusters/noble/apps**); manual sync until you enable automation after the playbook —
      clusters/noble/bootstrap/argocd/README.md §5. See clusters/noble/apps/README.md and that README.