gitea_admin/deploy-app-kargo-private

Go to file

XoR a2d0682168 fix: remove traefik-dashboard IngressRoute (conflicts with k3s built-in Traefik Helm chart)

The built-in k3s Traefik Helm chart creates its own traefik-dashboard
IngressRoute. Our ArgoCD-managed copy blocked Helm install because
Helm requires ownership labels (app.kubernetes.io/managed-by=Helm).

Removing our copy lets the built-in chart manage the dashboard route.

2026-03-11 20:04:55 +03:00

fix: remove traefik-dashboard IngressRoute (conflicts with k3s built-in Traefik Helm chart)

2026-03-11 20:04:55 +03:00

ci/gitea-runner

feat: SOPS + age encrypted secrets structure

2026-03-11 10:01:26 +03:00

refactor: bootstrap/infra/ci separation (#27 )

2026-03-11 13:18:22 +03:00

refactor: bootstrap/infra/ci separation (#27 )

2026-03-11 13:18:22 +03:00

feat: SOPS + age encrypted secrets structure

2026-03-11 10:01:26 +03:00

.sops.yaml

feat: SOPS + age encrypted secrets structure

2026-03-11 10:01:26 +03:00

README.md

feat: SOPS + age encrypted secrets structure

2026-03-11 10:01:26 +03:00

README.md

deploy-app-kargo-private

Private ArgoCD ApplicationSet repository with SOPS-encrypted secrets.

Structure

infra/ — Infrastructure apps (cert-manager, gitea, kargo, etc.)
ci/ — CI apps (gitea-runner, etc.)
kargo/ — Kargo pipeline definitions + encrypted credentials
.sops.yaml — SOPS encryption rules (3 age keys: admin, dev, prod)

Encryption

Secrets in *.enc.yaml files are encrypted with SOPS + age:

*.dev.enc.yaml — decryptable by admin + dev keys
*.prod.enc.yaml — decryptable by admin + prod keys
*.shared.enc.yaml — decryptable by all three keys

Branches

main — source of truth
infra/stage/dev — dev cluster (Kargo promotion)
infra/stage/test — test stage (Kargo verification)
infra/stage/prod — prod cluster (Kargo promotion via PR)