gitea_admin/deploy-app-kargo-private
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: SOPS + age encrypted secrets structure

Browse Source 
- .sops.yaml with 3 age keys (admin, dev, prod)
- infra/gitea/values/*.enc.yaml — per-env encrypted Helm values
- infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets
- kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops)
- infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops
- All repoURLs point to deploy-app-kargo-private

Structure from deploy-app-kargo (reference), adapted for SOPS workflow
This commit is contained in:
XoR
2026-03-11 10:01:26 +03:00
parent 720748be50
commit 4dd68859d8
60 changed files with 1444 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
infra/traefik-routes/manifests/kargo-ingress.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Kargo dashboard HTTPS IngressRoute
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: kargo-https
namespace: kargo
spec:
entryPoints:
- websecure
routes:
- match: HostRegexp(`kargo.k3s\..+\.local`)
kind: Rule
middlewares:
- name: kargo-tls-middleware
namespace: kargo
services:
- name: kargo-api
port: 443
scheme: https
serversTransport: kargo-skip-verify
tls: {}