From a83ecd5c011600893b7c0412ad6462b02481f23b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Tue, 18 Nov 2025 09:40:04 +0100 Subject: [PATCH] docs(gitops.md): [#206] Add warning about secrets in pre-rendered yaml files --- .gitlab-ci.yml | 2 +- docs/enhanced-configuration/gitops.md | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f36c6be4..ac0b31e4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,7 @@ --- include: - project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}" - ref: "v2.4.10" + ref: "v2.4.17" file: - "ci/common/lint.yml" - "ci/release-automation/semantic-release.yml" diff --git a/docs/enhanced-configuration/gitops.md b/docs/enhanced-configuration/gitops.md index cc52aa92..33813950 100644 --- a/docs/enhanced-configuration/gitops.md +++ b/docs/enhanced-configuration/gitops.md @@ -31,6 +31,11 @@ There are two options to deploy openDesk via Argo CD described in the following ## Option 1: Use YAML manifests +> [!warning] +> Pre-rendering the YAML files will also embed all referenced secrets into the resulting outputs. +> You must ensure that these files are accessible solely to individuals who are expressly authorized +> to view the corresponding secrets, as well as the infrastructure and data protected by them. + This option requires a preprocessing step before using Argo CD. This step requires you to compile the Helmfile based deployment into Kubernetes YAML manifest, to do so you need to execute the helmfile binary: