GitOps
All infrastructure and application deployments follow GitOps principles — git repositories are the source of truth for desired cluster state.
Stack
- ArgoCD — watches git repos and syncs Kubernetes manifests
- Kargo — progressive delivery and image promotion
- Kustomize + Helm — manifest templating and composition
- CDK8s (TypeScript) — programmatic manifest generation in ArgoCD-EDA
Patterns
Application Seeds: Each deployable system has an ArgoCD Application resource in k8s-lab/other-seeds/. Seeds point to a repo + path and auto-sync.
Two-Ingress Pattern: Public endpoints get OAuth authentication via the traefik-ingress helm chart. Local endpoints bypass auth.
Central Secret Store: Shared secrets in central-secret-store namespace, referenced by workloads via External Secrets Operator or direct mounts.
Repos
- k8s-lab — cluster config, seeds, components
- ArgoCD-EDA — platform mono-repo with EDA + image factory
- Individual app repos contain their own
k8s/manifests