Oleks
bdc43bb1d6
ci/woodpecker/push/container Pipeline was successful
The deploy/fleet-overlay templates had drifted from what actually runs in anton-helm-workloads (verified live + against the emdash-kotkanagrilli reference). Canonical design co-locates everything in the `kotkan` namespace: - source.yaml: GitRepository flux-system -> kotkan, so the HelmRelease chart sourceRef resolves same-namespace (no cross-namespace ref). - secrets.yaml: deploy-key Secret -> kotkan, defined once in the staging overlay; dropped the duplicate definition from the production overlay (production references the shared key by name). - image-automation.yaml: IUA write-back sourceRef anton-workloads-image-automation/flux-system -> anton-helm-workloads/kotkan (the existing read source already has push access). - README.md / DEPLOYMENT.md: namespace + ownership docs corrected.
deploy/
Two sibling directories with very different lifecycles:
helm/— the Helm chart that runs the pod. FluxCD pulls it directly from this repo on the branch matching each environment (nohelm pushstep). Edit this in lockstep with the app code that depends on it.fleet-overlay/— templates for the FluxCD manifests that live in theanton-helm-workloadsrepo. Not consumed from here — they're versioned alongside the chart so the chart's contract with Flux stays legible.
See ../DEPLOYMENT.md for the end-to-end pipeline.