efb2427586
* feat(test-env): add 1C test environment manifests (#11) - PostgreSQL 18.x-2.1C StatefulSet with ru_RU.UTF-8 locale init - 1C server (ragent+crserver+ras) StatefulSet with stable hostname - Gitea runner Deployment with edt label for apk-ci-ng - NodePort services for external 1C access (31540-31545) - Deploy/verify script: dev/deploy-test-env.sh - config.yaml for ApplicationSet integration - test-env only in dev cluster (not in prod AppSet) * fix(test-env): use initContainer for PG data + remove custom entrypoint PVC mount on /var/lib/postgresql wipes the image's pre-built cluster. Solution: initContainer copies cluster data from image to PVC on first run. Removed custom pg-entrypoint.sh ConfigMap — image has its own. * feat(test-env): DinD sidecar for runner + auto-registration Job - Add Docker-in-Docker sidecar to gitea-runner Deployment - Add register-job.yaml: Job that obtains Gitea runner token via API, creates Secret, and scales runner to 1 - RBAC: ServiceAccount + Role/ClusterRole for cross-namespace secret access - Runner labels: edt (for apk-ci-ng), ubuntu-latest --------- Co-authored-by: XoR <xor@benadis.ru>
deploy-app-kargo-private
Private ArgoCD ApplicationSet repository with SOPS-encrypted secrets.
Structure
infra/— Infrastructure apps (cert-manager, gitea, kargo, etc.)ci/— CI apps (gitea-runner, etc.)kargo/— Kargo pipeline definitions + encrypted credentials.sops.yaml— SOPS encryption rules (3 age keys: admin, dev, prod)
Encryption
Secrets in *.enc.yaml files are encrypted with SOPS + age:
*.dev.enc.yaml— decryptable by admin + dev keys*.prod.enc.yaml— decryptable by admin + prod keys*.shared.enc.yaml— decryptable by all three keys
Branches
main— source of truthinfra/stage/dev— dev cluster (Kargo promotion)infra/stage/test— test stage (Kargo verification)infra/stage/prod— prod cluster (Kargo promotion via PR)