18 lines
1.0 KiB
YAML
18 lines
1.0 KiB
YAML
---
|
|
- name: SOPS secrets (workstation)
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
Encrypted Kubernetes Secrets live under clusters/noble/secrets/ (Mozilla SOPS + age).
|
|
Private key: age-key.txt at repo root (gitignored). See clusters/noble/secrets/README.md
|
|
and .sops.yaml. noble.yml decrypt-applies these when age-key.txt exists.
|
|
|
|
- name: Argo CD optional root Application (empty app-of-apps)
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
App-of-apps: at the **end** of **noble.yml** (after **noble_platform**, **noble_authentik**, **noble_trivy**,
|
|
**noble_velero**), **noble_argocd** `applications_post_platform.yml` runs: root-application.yaml when
|
|
noble_argocd_apply_root_application is true; bootstrap-root + **kubectl apply -k argocd/app-of-apps**
|
|
when noble_argocd_apply_bootstrap_root_application is true (inventory/group_vars/all.yml).
|
|
noble-bootstrap-root uses manual sync until you enable automation after the playbook —
|
|
clusters/noble/bootstrap/argocd/README.md §5. See clusters/noble/apps/README.md and that README.
|