Declarative AWS infrastructure for devantler-tech, managed as Crossplane managed resources and delivered GitOps-style.
deploy/holds the desired AWS state as Crossplane managed resources (provider-aws family). Manifests are namespace-agnostic — the platform injects the target namespace.- Releases publish
deploy/as a cosign-signed OCI manifests artifact atoci://ghcr.io/devantler-tech/aws/manifests(see.github/workflows/cd.yaml). - The platform consumes the artifact via
the
awstenant (FluxOCIRepository+Kustomizationwith cosign verification), and the in-cluster AWS Crossplane provider reconciles the resources against AWS.
Authentication (namespace, SecretStore, bootstrap-credential ExternalSecret, and
the ProviderConfig) is provisioned platform-side — see
platform#2325.
Changes go through pull requests; CI validates that deploy/ renders with
kubectl kustomize. Merges to main release automatically via semantic-release
(Conventional Commit titles decide the version).