68f9745c06
- Helm charts: onelab app + observability (Loki/Promtail/Grafana) - Values under gitops/values/ with public-safe placeholders - Argo CD Application (spec.sources, 2.6+) Made-with: Cursor
GitOps values (operator entry point)
All environment-specific Helm input for the Argo CD Application should live here (plus repoURL / targetRevision in ../argocd/application.yaml).
Files
| File | Purpose |
|---|---|
env-example.yaml |
Tracked example for OneLab chart: ingress, persistence, registry pull secret wiring, placeholder secrets. Fork and edit hostnames/TLS names, then replace placeholders or overlay secrets.local.yaml. |
observability.yaml |
Loki / Promtail / Grafana: retention, Promtail host paths, Grafana ingress host, placeholder admin password. Edit hosts/TLS together with grafana.ini.server. |
secrets.example.yaml |
Template of secret-shaped keys only — copy to *.local.yaml (gitignored) and reference from Argo. |
instance-overrides.example.yaml |
Optional features (compliance, LDAP) — merge or add as another value file. |
Argo helm.valueFiles (path rules)
Paths are relative to each source’s path in the Application:
- Source
gitops/charts/onelab→ e.g.../../values/env-example.yaml, then optionally../../values/secrets.local.yaml. - Source
gitops/observability→ e.g.../../values/observability.yaml, then optionally../../values/observability.local.yaml.
Later files in the list override earlier ones.
Private secrets without committing them
- Copy
secrets.example.yamltosecrets.local.yaml(ignored by*.local.yamlat repo root). - Fill in real registry password, Postgres password, app tokens, Intercom, etc.
- Add
- ../../values/secrets.local.yamlunder the onelab source’shelm.valueFilesin your local Application manifest or a private overlay — or keep that change only on a private branch.
For Grafana, set grafana.adminPassword in a gitignored file merged with observability.yaml, or edit observability.yaml in a private fork.
See the full bootstrap narrative in ../README.md.