luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
68f9745c06acf36ca8f36c14576db18df8b3f030
onelab-k8s-1.27/gitops/values/README.md
timotheereausanofi 68f9745c06 OneLab Kubernetes GitOps (Argo CD) 
- Helm charts: onelab app + observability (Loki/Promtail/Grafana)
- Values under gitops/values/ with public-safe placeholders
- Argo CD Application (spec.sources, 2.6+)

Made-with: Cursor
2026-03-20 12:27:45 +01:00

32 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# GitOps values (operator entry point)
All environment-specific Helm input for the Argo CD `Application` should live here (plus `repoURL` / `targetRevision` in [`../argocd/application.yaml`](../argocd/application.yaml)).
## Files
| File | Purpose |
|------|---------|
| [`env-example.yaml`](env-example.yaml) | Tracked example for OneLab chart: ingress, persistence, registry pull secret wiring, **placeholder** secrets. Fork and edit hostnames/TLS names, then replace placeholders or overlay `secrets.local.yaml`. |
| [`observability.yaml`](observability.yaml) | Loki / Promtail / Grafana: retention, Promtail host paths, Grafana ingress host, **placeholder** admin password. Edit hosts/TLS together with `grafana.ini.server`. |
| [`secrets.example.yaml`](secrets.example.yaml) | Template of secret-shaped keys only — copy to `*.local.yaml` (gitignored) and reference from Argo. |
| [`instance-overrides.example.yaml`](instance-overrides.example.yaml) | Optional features (compliance, LDAP) — merge or add as another value file. |
## Argo `helm.valueFiles` (path rules)
Paths are **relative to each sources `path`** in the Application:
- Source `gitops/charts/onelab` → e.g. `../../values/env-example.yaml`, then optionally `../../values/secrets.local.yaml`.
- Source `gitops/observability` → e.g. `../../values/observability.yaml`, then optionally `../../values/observability.local.yaml`.
Later files in the list **override** earlier ones.
## Private secrets without committing them
1. Copy `secrets.example.yaml` to `secrets.local.yaml` (ignored by `*.local.yaml` at repo root).
2. Fill in real registry password, Postgres password, app tokens, Intercom, etc.
3. Add `- ../../values/secrets.local.yaml` under the onelab sources `helm.valueFiles` in your **local** Application manifest or a private overlay — or keep that change only on a private branch.
For Grafana, set `grafana.adminPassword` in a gitignored file merged with [`observability.yaml`](observability.yaml), or edit `observability.yaml` in a private fork.
See the full bootstrap narrative in [`../README.md`](../README.md).
Reference in New Issue View Git Blame Copy Permalink