fix(gitops): split external secrets bootstrap

infra/apps/core/accounts/base/oci-repository.yaml

@@ -4,7 +4,7 @@ metadata:
   name: accounts-chart
 spec:
   interval: 10m0s
-  url: oci://ghcr.io/x-evor/charts/app-service
+  url: oci://ghcr.io/x-evor/app-service
   ref:
     semver: "0.1.0"
   layerSelector:

infra/apps/core/console/base/oci-repository.yaml

@@ -4,7 +4,7 @@ metadata:
   name: console-chart
 spec:
   interval: 10m0s
-  url: oci://ghcr.io/x-evor/charts/app-service
+  url: oci://ghcr.io/x-evor/app-service
   ref:
     semver: "0.1.0"
   layerSelector:

infra/clusters/prod/infrastructure-kustomization.yaml

@@ -12,3 +12,5 @@ spec:
     kind: GitRepository
     name: platform-config
   path: ./infra/infrastructure
+  dependsOn:
+    - name: platform-secrets-stack

infra/clusters/prod/kustomization.yaml

@@ -3,6 +3,8 @@ kind: Kustomization
 resources:
   - namespaces.yaml
   - platform-kustomization.yaml
+  - platform-secrets-kustomization.yaml
+  - platform-services-kustomization.yaml
   - infrastructure-kustomization.yaml
   - observability-kustomization.yaml
   - console-prod-kustomization.yaml

infra/clusters/prod/platform-secrets-kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: platform-secrets-stack
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  prune: true
+  wait: true
+  timeout: 5m0s
+  sourceRef:
+    kind: GitRepository
+    name: platform-config
+  path: ./infra/platform-secrets
+  dependsOn:
+    - name: platform-stack

infra/clusters/prod/platform-services-kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: platform-services-stack
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  prune: true
+  wait: true
+  timeout: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: platform-config
+  path: ./infra/platform/external-dns
+  dependsOn:
+    - name: platform-secrets-stack

infra/infrastructure/postgresql/oci-repository.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: database
 spec:
   interval: 10m0s
-  url: oci://ghcr.io/x-evor/charts/postgresql
+  url: oci://ghcr.io/x-evor/postgresql
   ref:
     semver: "1.1.0"
   layerSelector:

infra/observability/observability-stack/oci-repository.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: observability
 spec:
   interval: 10m0s
-  url: oci://ghcr.io/x-evor/charts/observability
+  url: oci://ghcr.io/x-evor/observability
   ref:
     semver: "0.1.0"
   layerSelector:

infra/platform-secrets/clustersecretstore.yaml

@@ -15,4 +15,3 @@ spec:
           serviceAccountRef:
             name: external-secrets
             namespace: platform
-

infra/platform-secrets/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - clustersecretstore.yaml

infra/platform/external-secrets/kustomization.yaml

@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - helmrelease.yaml
-  - clustersecretstore.yaml

infra/platform/k3s-platform/oci-repository.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: platform
 spec:
   interval: 10m0s
-  url: oci://ghcr.io/x-evor/charts/k3s-platform-chart
+  url: oci://ghcr.io/x-evor/k3s-platform-chart
   ref:
     semver: "0.1.0"
   layerSelector:

infra/platform/kustomization.yaml

@@ -4,5 +4,4 @@ resources:
   - repositories.yaml
   - k3s-platform
   - external-secrets
-  - external-dns
   - reloader