gitea_admin/deploy-app-kargo-private
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11 Commits 18 Branches 1 Tag
bea103a280f798940acd30f007250df663225f35
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
XoR bea103a280 fix(test-env): replace Job with initContainer for runner registration 
Problem: Job ran on every ArgoCD sync, creating duplicate runners in Gitea.
Solution:
- initContainer gets token + saves to PVC (/data/.registration-token)
- Runner container registers once, persists .runner file in PVC
- Subsequent restarts skip registration (idempotent)
- PVC runner-data (1Gi) persists registration across pod restarts
- Removed register-job.yaml, moved RBAC to rbac.yaml
- Runner waits for DinD before starting
- Stable runner name: test-env-runner
- Labels: edt + ubuntu-latest
2026-03-12 13:29:36 +03:00
bootstrap
fix: rename traefik-dashboard → traefik-dashboard-https
2026-03-11 20:16:01 +03:00
ci/gitea-runner
feat: SOPS + age encrypted secrets structure
2026-03-11 10:01:26 +03:00
dev
feat(test-env): add 1C test environment (#11)
2026-03-12 12:33:50 +03:00
infra
refactor: bootstrap/infra/ci separation (#27)
2026-03-11 13:18:22 +03:00
kargo
refactor: bootstrap/infra/ci separation (#27)
2026-03-11 13:18:22 +03:00
test-env
fix(test-env): replace Job with initContainer for runner registration
2026-03-12 13:29:36 +03:00
.sops.yaml
feat: SOPS + age encrypted secrets structure
2026-03-11 10:01:26 +03:00
README.md
feat: SOPS + age encrypted secrets structure
2026-03-11 10:01:26 +03:00

README.md

deploy-app-kargo-private

Private ArgoCD ApplicationSet repository with SOPS-encrypted secrets.

Structure

  • infra/ — Infrastructure apps (cert-manager, gitea, kargo, etc.)
  • ci/ — CI apps (gitea-runner, etc.)
  • kargo/ — Kargo pipeline definitions + encrypted credentials
  • .sops.yaml — SOPS encryption rules (3 age keys: admin, dev, prod)

Encryption

Secrets in *.enc.yaml files are encrypted with SOPS + age:

  • *.dev.enc.yaml — decryptable by admin + dev keys
  • *.prod.enc.yaml — decryptable by admin + prod keys
  • *.shared.enc.yaml — decryptable by all three keys

Branches

  • main — source of truth
  • infra/stage/dev — dev cluster (Kargo promotion)
  • infra/stage/test — test stage (Kargo verification)
  • infra/stage/prod — prod cluster (Kargo promotion via PR)
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 104 KiB
Languages
Shell 100%