Secrets are now in the HelmRelease spec.values field.
This allows Flux to pass them directly to Helm during deployment.
Next step: Extract these to SOPS-encrypted Secret and use valuesFrom.
Individual MCP charts don't support existingSecret pattern.
Secrets are now embedded in values.yaml which is stored in git.
NOTE: This is a temporary solution. Future improvement should:
- Modify MCP charts to support existingSecret
- Or use SealedSecrets/SOPS-encrypted valuesFrom in Flux
All 16 MCP charts now ready for deployment via Flux.
- Updated Chart.yaml dependencies to use OCI registry
- Added HelmRepository resource for Harbor
- Created Harbor registry secret (SOPS-encrypted)
- Updated HelmRelease to use HelmRepository instead of Git source
- Packaged and pushed all 16 MCP charts to Harbor OCI registry
- Updated .sops.yaml to handle platform secrets
All MCP charts are now available at:
oci://images.caffeinetux.com/mcp-charts
- Added SOPS-encrypted Gotify API token
- Created Gotify notification provider for Flux alerts
- Added bootstrap Kustomization for notifications
- Updated .sops.yaml to handle bootstrap directory
- Configured alerts for all GitRepository, Kustomization, and HelmRelease events
