tegwick
64d7c18c3f
Define platform-owned AppProjects, root app-of-apps, repository registration templates, and tenant onboarding docs so issue-core can deploy via ArgoCD. Ignore encrypted repository secrets locally and cross-link OpenBao delivery guidance with the new GitOps contract.
19 lines
519 B
Plaintext
19 lines
519 B
Plaintext
# Decrypted helm values — never commit plaintext secrets
|
|
helm/*.yaml
|
|
!helm/*.sops.yaml
|
|
!helm/*.yaml.template
|
|
!helm/openbao-values.yaml
|
|
!helm/openbao-middleware.yaml
|
|
!helm/openbao-ui-overlay-k8s.yaml
|
|
# Kubernetes manifests (no secrets) are safe to commit
|
|
!helm/*-cluster.yaml
|
|
!helm/*-networkpolicies.yaml
|
|
!helm/*-databases.yaml
|
|
|
|
# ArgoCD repository credentials — encrypt locally, never commit
|
|
argocd/repositories/*.repository.sops.yaml
|
|
!argocd/repositories/*.repository.sops.yaml.template
|
|
|
|
# Kubeconfig
|
|
*.kubeconfig
|