generated from coulomb/repo-seed
45 lines
1.2 KiB
Markdown
45 lines
1.2 KiB
Markdown
# Pattern: GitOps with Guardrails
|
|
|
|
Status: seed
|
|
Readiness target: RL3 production
|
|
Primary owners: Railiance platform, product repos
|
|
Genesis family: Kubernetes and platform
|
|
|
|
## Problem
|
|
|
|
GitOps can make operations reproducible while still deploying unsafe
|
|
state if review, policy, secrets, and provenance controls are weak.
|
|
|
|
## Context
|
|
|
|
Use this pattern for platform and product deployment repositories,
|
|
environment promotion, configuration changes, and operational rollbacks.
|
|
|
|
## Forces
|
|
|
|
- Desired state should be reviewable and auditable.
|
|
- Secrets must not be exposed in Git.
|
|
- Policy checks need to run before reconciliation.
|
|
- Emergency changes need traceability.
|
|
|
|
## Solution
|
|
|
|
Use Git as the reviewed desired-state source while enforcing branch
|
|
protection, policy-as-code checks, encrypted secret references, signed
|
|
artifact admission, and clear rollback procedures.
|
|
|
|
## Verification
|
|
|
|
- Production changes enter through reviewed commits or documented
|
|
emergency paths.
|
|
- Reconciliation rejects policy failures.
|
|
- Secret plaintext is absent from Git.
|
|
- Rollbacks preserve audit and policy evidence.
|
|
|
|
## Related Patterns
|
|
|
|
- Protected Main Branch.
|
|
- Policy-as-Code Admission Control.
|
|
- Sealed Secret / Encrypted Git Secret.
|
|
- Signed Image Admission.
|