gitops: public-safe values, docs; remove legacy app/resources

- Sanitize placeholders, centralize values under gitops/values/ - Argo Application placeholder repoURL; env-example + observability.yaml - Remove Swarm app/, resources/, install.sh; add root README Made-with: Cursor
2026-03-20 12:25:01 +01:00
parent 3e5dfaa1cb
commit 5e120c4d74
87 changed files with 397 additions and 3263 deletions
--- a/gitops/charts/onelab/values.yaml
+++ b/gitops/charts/onelab/values.yaml
@@ -23,13 +23,13 @@ images:
 imagePullSecrets: []
 # - name: hub-andrewalliance

-# Same defaults as app/playbooks/tasks/manage-images.yml (docker login before pull).
+# Override registry credentials in gitops/values/ (see gitops/values/secrets.example.yaml).
 registry:
  createPullSecret: false
  pullSecretName: hub-andrewalliance
  server: hub.andrewalliance.com
  username: public
-  password: Andrew01..Release
+  password: "REPLACE_REGISTRY_PASSWORD"

 # hostPath: matches typical single-node Swarm-style install (shared /data and /logs).
 # Use persistence.mode: pvc + a ReadWriteMany class for multi-node shared storage.
@@ -71,12 +71,12 @@ syncWaves:
 onelab:
  domain: "https://localhost"
  mailer:
-    noreply: "no-reply@andrewalliance.com"
+    noreply: "no-reply@example.com"
  secrets:
    authTokenKey: "TokenAuthPlaceholder"
    monitoringToken: "TokenMonitoringPlaceholder"
    rabbitToken: "TokenRabbitPlaceholder"
-  # Mirrors app/configurations.yml params.compliance (enable without editing app/).
+  # Mirrors legacy OneLab configurations.yml params.compliance (templated from charts/onelab/files/configurations.gotmpl).
  compliance:
    enabled: false
    requireElectronicSignature: true
@@ -97,8 +97,8 @@ onelab:
    tlsCiphers: ""
    tlsSslVersion: ""
  intercom:
-    appid: "zxvgsagz"
-    secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"
+    appid: "REPLACE_INTERCOM_APP_ID"
+    secret: "REPLACE_INTERCOM_SECRET"

 features:
  # Deprecated for LDAP: prefer onelab.ldap.enabled (either enables ldap-worker + ldap.enabled in config).