Enhance Argo CD integration by adding support for a bootstrap root application. Update group_vars/all.yml and role defaults to include noble_argocd_apply_bootstrap_root_application. Modify tasks to apply the bootstrap application conditionally. Revise documentation to clarify the GitOps workflow and the relationship between the core platform and optional applications. Remove outdated references and streamline the README for better user guidance.

ansible/README.md

@@ -79,7 +79,7 @@ ansible-playbook playbooks/noble.yml --tags velero -e noble_velero_install=true
 
 ### Variables — `group_vars/all.yml` and role defaults
 
-- **`group_vars/all.yml`:** **`noble_newt_install`**, **`noble_velero_install`**, **`noble_cert_manager_require_cloudflare_secret`**, **`noble_argocd_apply_root_application`**, **`noble_k8s_api_server_override`**, **`noble_k8s_api_server_auto_fallback`**, **`noble_k8s_api_server_fallback`**, **`noble_skip_k8s_health_check`**
+- **`group_vars/all.yml`:** **`noble_newt_install`**, **`noble_velero_install`**, **`noble_cert_manager_require_cloudflare_secret`**, **`noble_argocd_apply_root_application`**, **`noble_argocd_apply_bootstrap_root_application`**, **`noble_k8s_api_server_override`**, **`noble_k8s_api_server_auto_fallback`**, **`noble_k8s_api_server_fallback`**, **`noble_skip_k8s_health_check`**
 - **`roles/noble_platform/defaults/main.yml`:** **`noble_apply_sops_secrets`**, **`noble_sops_age_key_file`** (SOPS secrets under **`clusters/noble/secrets/`**)
 
 ## Roles

ansible/group_vars/all.yml

@@ -24,3 +24,5 @@ noble_velero_install: false
 
 # Argo CD — apply app-of-apps root Application (clusters/noble/bootstrap/argocd/root-application.yaml). Set false to skip.
 noble_argocd_apply_root_application: true
+# Bootstrap kustomize in Argo (**noble-bootstrap-root** → **clusters/noble/bootstrap**). Applied with manual sync; enable automation after **noble.yml** (see **clusters/noble/bootstrap/argocd/README.md** §5).
+noble_argocd_apply_bootstrap_root_application: true

ansible/roles/noble_argocd/defaults/main.yml

@@ -2,3 +2,5 @@
 # When true, applies clusters/noble/bootstrap/argocd/root-application.yaml (app-of-apps).
 # Edit spec.source.repoURL in that file if your Git remote differs.
 noble_argocd_apply_root_application: false
+# When true, applies clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml (noble-bootstrap-root; manual sync until README §5).
+noble_argocd_apply_bootstrap_root_application: true

ansible/roles/noble_argocd/tasks/main.yml

@@ -32,3 +32,15 @@
     KUBECONFIG: "{{ noble_kubeconfig }}"
   when: noble_argocd_apply_root_application | default(false) | bool
   changed_when: true
+
+- name: Apply Argo CD bootstrap app-of-apps Application
+  ansible.builtin.command:
+    argv:
+      - kubectl
+      - apply
+      - -f
+      - "{{ noble_repo_root }}/clusters/noble/bootstrap/argocd/bootstrap-root-application.yaml"
+  environment:
+    KUBECONFIG: "{{ noble_kubeconfig }}"
+  when: noble_argocd_apply_bootstrap_root_application | default(false) | bool
+  changed_when: true

ansible/roles/noble_post_deploy/tasks/main.yml

@@ -9,6 +9,7 @@
 - name: Argo CD optional root Application (empty app-of-apps)
   ansible.builtin.debug:
     msg: >-
-      App-of-apps: noble.yml applies root-application.yaml when noble_argocd_apply_root_application is true
-      (group_vars/all.yml). Otherwise: kubectl apply -f clusters/noble/bootstrap/argocd/root-application.yaml
-      after editing spec.source.repoURL. Core platform is Ansible — see clusters/noble/apps/README.md
+      App-of-apps: noble.yml applies root-application.yaml when noble_argocd_apply_root_application is true;
+      bootstrap-root-application.yaml when noble_argocd_apply_bootstrap_root_application is true (group_vars/all.yml).
+      noble-bootstrap-root uses manual sync until you enable automation after the playbook —
+      clusters/noble/bootstrap/argocd/README.md §5. See clusters/noble/apps/README.md and that README.