--- # Mirrors former **noble-platform** Argo Application: Helm releases + plain manifests under clusters/noble/bootstrap. - name: Apply clusters/noble/bootstrap kustomize (namespaces, Grafana Loki datasource, Vault extras) ansible.builtin.command: argv: - kubectl - apply - "--request-timeout={{ noble_platform_kubectl_request_timeout }}" - -k - "{{ noble_repo_root }}/clusters/noble/bootstrap" environment: KUBECONFIG: "{{ noble_kubeconfig }}" register: noble_platform_kustomize retries: "{{ noble_platform_kustomize_retries | int }}" delay: "{{ noble_platform_kustomize_delay | int }}" until: noble_platform_kustomize.rc == 0 changed_when: true - name: Install Sealed Secrets ansible.builtin.command: argv: - helm - upgrade - --install - sealed-secrets - sealed-secrets/sealed-secrets - --namespace - sealed-secrets - --version - "2.18.4" - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/sealed-secrets/values.yaml" - --wait environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true - name: Install External Secrets Operator ansible.builtin.command: argv: - helm - upgrade - --install - external-secrets - external-secrets/external-secrets - --namespace - external-secrets - --version - "2.2.0" - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/external-secrets/values.yaml" - --wait environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true # vault-k8s patches webhook CA after install; Helm 3/4 SSA then conflicts on upgrade. Removing the MWC lets Helm re-apply cleanly; injector repopulates caBundle. - name: Delete Vault agent injector MutatingWebhookConfiguration before Helm (avoids caBundle field conflict) ansible.builtin.command: argv: - kubectl - delete - mutatingwebhookconfiguration - vault-agent-injector-cfg - --ignore-not-found environment: KUBECONFIG: "{{ noble_kubeconfig }}" register: noble_vault_mwc_delete when: noble_vault_delete_injector_webhook_before_helm | default(true) | bool changed_when: "'deleted' in (noble_vault_mwc_delete.stdout | default(''))" - name: Install Vault ansible.builtin.command: argv: - helm - upgrade - --install - vault - hashicorp/vault - --namespace - vault - --version - "0.32.0" - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/vault/values.yaml" - --wait environment: KUBECONFIG: "{{ noble_kubeconfig }}" HELM_SERVER_SIDE_APPLY: "false" changed_when: true - name: Install kube-prometheus-stack ansible.builtin.command: argv: - helm - upgrade - --install - kube-prometheus - prometheus-community/kube-prometheus-stack - -n - monitoring - --version - "82.15.1" - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/kube-prometheus-stack/values.yaml" - --wait - --timeout - 30m environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true - name: Install Loki ansible.builtin.command: argv: - helm - upgrade - --install - loki - grafana/loki - -n - loki - --version - "6.55.0" - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/loki/values.yaml" - --wait environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true - name: Install Fluent Bit ansible.builtin.command: argv: - helm - upgrade - --install - fluent-bit - fluent/fluent-bit - -n - logging - --version - "0.56.0" - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/fluent-bit/values.yaml" - --wait environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true - name: Install Headlamp ansible.builtin.command: argv: - helm - upgrade - --install - headlamp - headlamp/headlamp - --version - "0.40.1" - -n - headlamp - -f - "{{ noble_repo_root }}/clusters/noble/bootstrap/headlamp/values.yaml" - --wait environment: KUBECONFIG: "{{ noble_kubeconfig }}" changed_when: true