[ci skip] add sealed secrets convention: fileset + kubernetes_manifest pattern
- Document sealed secrets workflow in AGENTS.md and CLAUDE.md - Add kubernetes_manifest + fileset(sealed-*.yaml) block to plotting-book as reference - Users: kubeseal encrypt → commit sealed-*.yaml → CI applies via Terraform - E2E tested: seal/commit/plan/apply/decrypt cycle verified
This commit is contained in:
Viktor Barzin
parent
6b3e84f465
commit
2fa8ba2038
3 changed files with 24 additions and 1 deletions
|
|
@ -167,3 +167,9 @@ module "ingress" {
|
|||
"gethomepage.dev/pod-selector" = ""
|
||||
}
|
||||
}
|
||||
|
||||
# Sealed Secrets — encrypted secrets safe to commit to git
|
||||
resource "kubernetes_manifest" "sealed_secrets" {
|
||||
for_each = fileset(path.module, "sealed-*.yaml")
|
||||
manifest = yamldecode(file("${path.module}/${each.value}"))
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue