tegwick
64d7c18c3f
Define platform-owned AppProjects, root app-of-apps, repository registration templates, and tenant onboarding docs so issue-core can deploy via ArgoCD. Ignore encrypted repository secrets locally and cross-link OpenBao delivery guidance with the new GitOps contract.
24 lines
718 B
Markdown
24 lines
718 B
Markdown
# ArgoCD Repository Registration
|
|
|
|
ArgoCD discovers Git repositories from Kubernetes Secrets in the `argocd`
|
|
namespace with `argocd.argoproj.io/secret-type: repository`.
|
|
|
|
Use the templates in this directory to create SOPS-encrypted, non-plaintext
|
|
repository Secret files. Credentials must be sourced from the approved
|
|
operator/OpenBao path and must never be committed in plaintext.
|
|
|
|
Recommended OpenBao path:
|
|
|
|
```text
|
|
platform/operators/argocd/repositories/<repo-name>
|
|
```
|
|
|
|
After creating an encrypted file such as
|
|
`argocd/repositories/railiance-platform.repository.sops.yaml`, apply it with:
|
|
|
|
```bash
|
|
ARGOCD_REPOSITORY_SECRET=argocd/repositories/railiance-platform.repository.sops.yaml \
|
|
make argocd-repo-apply
|
|
```
|
|
|