18 lines
1.1 KiB
YAML
18 lines
1.1 KiB
YAML
---
|
|
- name: SOPS secrets (workstation)
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
Encrypted Kubernetes Secrets live under clusters/noble/secrets/ (Mozilla SOPS + age).
|
|
Private key: age-key.txt at repo root (gitignored). See clusters/noble/secrets/README.md
|
|
and .sops.yaml. noble.yml decrypt-applies these when age-key.txt exists.
|
|
|
|
- name: Argo CD bootstrap root and leaf Applications
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
App-of-apps: at the **end** of **noble.yml** (after **noble_platform**, **noble_authentik**,
|
|
**noble_velero**), **noble_argocd** `applications_post_platform.yml` applies **bootstrap-root-application.yaml**
|
|
and **kubectl apply -k argocd/app-of-apps** when **noble_argocd_apply_bootstrap_root_application** is true
|
|
(inventory/group_vars/all.yml).
|
|
**noble-bootstrap-root** syncs **clusters/noble/bootstrap** (which includes **clusters/noble/apps**); manual sync until you enable automation after the playbook —
|
|
clusters/noble/bootstrap/argocd/README.md §5. See clusters/noble/apps/README.md and that README.
|