From c5319a5436a15b7bf782edd3479f377580184952 Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <82239765+nikpcenicni@users.noreply.github.com>
Date: Sat, 28 Mar 2026 02:10:44 -0400
Subject: [PATCH] Refactor Argo CD application configuration to utilize plain
 Kustomize for YAML resources and streamline Helm chart management. Update
 kustomization.yaml to remove Helm chart definitions, shifting to a
 multi-source approach in noble-platform.yaml. Revise documentation in
 README.md and apps/README.md to clarify the new structure and eliminate the
 need for Helm inflation in values.yaml.

---
 clusters/noble/apps/kustomization.yaml        | 64 +------------
 clusters/noble/bootstrap/argocd/README.md     |  2 +-
 .../noble/bootstrap/argocd/apps/README.md     |  4 +-
 .../bootstrap/argocd/apps/noble-platform.yaml | 89 +++++++++++++++++--
 .../bootstrap/argocd/root-application.yaml    |  4 +-
 clusters/noble/bootstrap/argocd/values.yaml   |  3 -
 6 files changed, 87 insertions(+), 79 deletions(-)

diff --git a/clusters/noble/apps/kustomization.yaml b/clusters/noble/apps/kustomization.yaml
index 296d13e..c3187dc 100644
--- a/clusters/noble/apps/kustomization.yaml
+++ b/clusters/noble/apps/kustomization.yaml
@@ -1,8 +1,5 @@
-# Umbrella for Argo CD Application **noble-platform** — one sync target for core Helm releases
-# plus shared manifests. Per-app READMEs keep manual **`helm upgrade --install`** commands;
-# **values.yaml** paths match those commands.
-#
-# Requires repo-server Kustomize **--enable-helm** (see **bootstrap/argocd/values.yaml**).
+# Plain Kustomize (namespaces + extra YAML only). Helm charts are **Application** sources in
+# **bootstrap/argocd/apps/noble-platform.yaml** so Argo CD does not need **kustomize --enable-helm**.
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
@@ -18,60 +15,3 @@ resources:
   - grafana-loki-datasource/loki-datasource.yaml
   - vault/unseal-cronjob.yaml
   - vault/cilium-network-policy.yaml
-
-helmCharts:
-  - name: kube-prometheus-stack
-    repo: https://prometheus-community.github.io/helm-charts
-    version: 82.15.1
-    releaseName: kube-prometheus
-    namespace: monitoring
-    valuesFile: kube-prometheus-stack/values.yaml
-    includeCRDs: true
-  - name: loki
-    repo: https://grafana.github.io/helm-charts
-    version: 6.55.0
-    releaseName: loki
-    namespace: loki
-    valuesFile: loki/values.yaml
-  - name: fluent-bit
-    repo: https://fluent.github.io/helm-charts
-    version: 0.56.0
-    releaseName: fluent-bit
-    namespace: logging
-    valuesFile: fluent-bit/values.yaml
-  - name: sealed-secrets
-    repo: https://bitnami-labs.github.io/sealed-secrets
-    version: 2.18.4
-    releaseName: sealed-secrets
-    namespace: sealed-secrets
-    valuesFile: sealed-secrets/values.yaml
-  - name: external-secrets
-    repo: https://charts.external-secrets.io
-    version: 2.2.0
-    releaseName: external-secrets
-    namespace: external-secrets
-    valuesFile: external-secrets/values.yaml
-  - name: vault
-    repo: https://helm.releases.hashicorp.com
-    version: 0.32.0
-    releaseName: vault
-    namespace: vault
-    valuesFile: vault/values.yaml
-  - name: kyverno
-    repo: https://kyverno.github.io/kyverno/
-    version: 3.7.1
-    releaseName: kyverno
-    namespace: kyverno
-    valuesFile: kyverno/values.yaml
-  - name: kyverno-policies
-    repo: https://kyverno.github.io/kyverno/
-    version: 3.7.1
-    releaseName: kyverno-policies
-    namespace: kyverno
-    valuesFile: kyverno/policies-values.yaml
-  - name: headlamp
-    repo: https://kubernetes-sigs.github.io/headlamp/
-    version: 0.40.1
-    releaseName: headlamp
-    namespace: headlamp
-    valuesFile: headlamp/values.yaml
diff --git a/clusters/noble/bootstrap/argocd/README.md b/clusters/noble/bootstrap/argocd/README.md
index a74f165..37c7c26 100644
--- a/clusters/noble/bootstrap/argocd/README.md
+++ b/clusters/noble/bootstrap/argocd/README.md
@@ -49,7 +49,7 @@ Use **Settings → Repositories** in the UI, or `argocd repo add` / a `Secret` o
    kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
    ```
 
-**`apps/noble-platform.yaml`** points at **`clusters/noble/apps`** (see **`kustomization.yaml`** there). After **`values.yaml`** changes that affect repo-server (e.g. **`kustomize.buildOptions`**), run **`helm upgrade`** for Argo CD again.
+**`apps/noble-platform.yaml`** lists Helm charts and a Git **`path`** for **`clusters/noble/apps`** (see **`kustomization.yaml`** there).
 
 ## Versions
 
diff --git a/clusters/noble/bootstrap/argocd/apps/README.md b/clusters/noble/bootstrap/argocd/apps/README.md
index cbfc067..8d66922 100644
--- a/clusters/noble/bootstrap/argocd/apps/README.md
+++ b/clusters/noble/bootstrap/argocd/apps/README.md
@@ -2,6 +2,4 @@
 
 **`noble-root`** syncs this directory. Keep **one** child Application (**`noble-platform`**) so the UI does not list every Helm release separately.
 
-- **`noble-platform.yaml`** — syncs **`clusters/noble/apps`** via **`kustomization.yaml`** (namespaces, extra YAML, and **helmCharts** with the same **`values.yaml`** files as the manual install commands in each app README).
-
-After changing **`clusters/noble/bootstrap/argocd/values.yaml`** (e.g. **`kustomize.buildOptions`**), roll the Argo CD Helm release so repo-server picks up the new ConfigMap.
+- **`noble-platform.yaml`** — one **Application** with **multiple sources**: Helm charts from upstream repos plus a Git **`ref: values`** entry that supplies **`$values/.../values.yaml`** and **`path: clusters/noble/apps`** for plain **Kustomize** (namespaces + extra YAML only). No **`kustomize --enable-helm`** required.
diff --git a/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml b/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml
index 7263623..d03d2a8 100644
--- a/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml
+++ b/clusters/noble/bootstrap/argocd/apps/noble-platform.yaml
@@ -1,8 +1,8 @@
-# Noble cluster workloads — one Application so the Argo CD UI stays a single “platform” row
-# under **noble-root** (app-of-apps). Renders **clusters/noble/apps** (Kustomize + Helm).
+# Noble cluster workloads — one Application row: Helm charts (native sources) + Git/Kustomize
+# for plain YAML. Values come from this repo via **$values** (last source). Release names match
+# the per-app README **helm upgrade --install** commands.
 #
-# Adopting existing manual Helm releases: release names and namespaces must match
-# **clusters/noble/apps/kustomization.yaml** (same as the README install commands).
+# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -12,10 +12,83 @@ metadata:
     - resources-finalizer.argocd.argoproj.io/background
 spec:
   project: default
-  source:
-    repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-    targetRevision: main
-    path: clusters/noble/apps
+  sources:
+    - repoURL: https://prometheus-community.github.io/helm-charts
+      chart: kube-prometheus-stack
+      targetRevision: "82.15.1"
+      helm:
+        releaseName: kube-prometheus
+        namespace: monitoring
+        valueFiles:
+          - $values/clusters/noble/apps/kube-prometheus-stack/values.yaml
+    - repoURL: https://grafana.github.io/helm-charts
+      chart: loki
+      targetRevision: "6.55.0"
+      helm:
+        releaseName: loki
+        namespace: loki
+        valueFiles:
+          - $values/clusters/noble/apps/loki/values.yaml
+    - repoURL: https://fluent.github.io/helm-charts
+      chart: fluent-bit
+      targetRevision: "0.56.0"
+      helm:
+        releaseName: fluent-bit
+        namespace: logging
+        valueFiles:
+          - $values/clusters/noble/apps/fluent-bit/values.yaml
+    - repoURL: https://bitnami-labs.github.io/sealed-secrets
+      chart: sealed-secrets
+      targetRevision: "2.18.4"
+      helm:
+        releaseName: sealed-secrets
+        namespace: sealed-secrets
+        valueFiles:
+          - $values/clusters/noble/apps/sealed-secrets/values.yaml
+    - repoURL: https://charts.external-secrets.io
+      chart: external-secrets
+      targetRevision: "2.2.0"
+      helm:
+        releaseName: external-secrets
+        namespace: external-secrets
+        valueFiles:
+          - $values/clusters/noble/apps/external-secrets/values.yaml
+    - repoURL: https://helm.releases.hashicorp.com
+      chart: vault
+      targetRevision: "0.32.0"
+      helm:
+        releaseName: vault
+        namespace: vault
+        valueFiles:
+          - $values/clusters/noble/apps/vault/values.yaml
+    - repoURL: https://kyverno.github.io/kyverno/
+      chart: kyverno
+      targetRevision: "3.7.1"
+      helm:
+        releaseName: kyverno
+        namespace: kyverno
+        valueFiles:
+          - $values/clusters/noble/apps/kyverno/values.yaml
+    - repoURL: https://kyverno.github.io/kyverno/
+      chart: kyverno-policies
+      targetRevision: "3.7.1"
+      helm:
+        releaseName: kyverno-policies
+        namespace: kyverno
+        valueFiles:
+          - $values/clusters/noble/apps/kyverno/policies-values.yaml
+    - repoURL: https://kubernetes-sigs.github.io/headlamp/
+      chart: headlamp
+      targetRevision: "0.40.1"
+      helm:
+        releaseName: headlamp
+        namespace: headlamp
+        valueFiles:
+          - $values/clusters/noble/apps/headlamp/values.yaml
+    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
+      targetRevision: main
+      ref: values
+      path: clusters/noble/apps
   destination:
     server: https://kubernetes.default.svc
     namespace: default
diff --git a/clusters/noble/bootstrap/argocd/root-application.yaml b/clusters/noble/bootstrap/argocd/root-application.yaml
index f6f3652..8e2c466 100644
--- a/clusters/noble/bootstrap/argocd/root-application.yaml
+++ b/clusters/noble/bootstrap/argocd/root-application.yaml
@@ -4,8 +4,8 @@
 # 2. kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
 #
 # Syncs **Application** YAMLs under **apps/** (today: **noble-platform**). Cluster
-# workloads are defined by **clusters/noble/apps/kustomization.yaml** (Kustomize +
-# Helm); per-app **values.yaml** and READMEs stay the source of truth for versions.
+# workloads are defined by **clusters/noble/apps/kustomization.yaml** (plain Kustomize)
+# and **apps/noble-platform.yaml** (Helm chart sources); per-app **values.yaml** and READMEs stay the source of truth for versions.
 #
 apiVersion: argoproj.io/v1alpha1
 kind: Application
diff --git a/clusters/noble/bootstrap/argocd/values.yaml b/clusters/noble/bootstrap/argocd/values.yaml
index 7037af5..b606dab 100644
--- a/clusters/noble/bootstrap/argocd/values.yaml
+++ b/clusters/noble/bootstrap/argocd/values.yaml
@@ -17,9 +17,6 @@ global:
   domain: argo.apps.noble.lab.pcenicni.dev
 
 configs:
-  # Kustomize **helmCharts** in **clusters/noble/apps/kustomization.yaml** need Helm inflation.
-  cm:
-    kustomize.buildOptions: --enable-helm
   params:
     # TLS terminates at Traefik / cert-manager; Argo CD serves HTTP behind the Ingress.
     server.insecure: true