File Locations
Purpose: For platform engineers, provides paths for config files, generated output, keys, caches, and kubeconfigs.
Configuration Files
| File | Description |
|---|---|
~/.config/opencenter/clusters/<org>/<cluster>/.<cluster>-config.yaml | Cluster configuration |
~/.config/opencenter/config.yaml | Global CLI settings |
The --config global flag overrides the default config path for any command.
Generated Repository
After opencenter cluster setup, the customer repo is created at:
customers/<customer-id>-<customer-name>/
Key paths within the repo:
| Path | Description |
|---|---|
infrastructure/clusters/<cluster>/main.tf | Terraform entry point |
infrastructure/clusters/<cluster>/inventory/ | Kubespray inventory and group_vars |
infrastructure/clusters/<cluster>/kubeconfig.yaml | Cluster kubeconfig (post-provision) |
applications/overlays/<cluster>/flux-system/ | FluxCD bootstrap manifests |
applications/overlays/<cluster>/services/sources/ | GitRepository CRDs |
applications/overlays/<cluster>/services/fluxcd/ | Kustomization CRDs |
applications/overlays/<cluster>/managed-services/ | Customer application manifests |
Encryption Keys
| Path | Description |
|---|---|
secrets/age/<cluster>_keys.txt | SOPS Age private key |
secrets/ssh/<cluster>_id_ed25519 | SSH private key |
secrets/ssh/<cluster>_id_ed25519.pub | SSH public key |
These files are local-only and must not be committed to Git. The Age key is synced to the cluster as a Kubernetes Secret (sops-age in flux-system namespace) by opencenter cluster bootstrap.
SOPS Configuration
| Path | Scope |
|---|---|
.sops.yaml (repo root) | Organization-wide encryption rules |
infrastructure/clusters/<cluster>/.sops.yaml | Infrastructure secrets |
applications/overlays/<cluster>/.sops.yaml | Application secrets |
Air-Gap Build Paths
After opencenter-airgap init:
| Path | Description |
|---|---|
config/versions.env | Component version pinning |
config/components.yaml | Component manifest |
build/ | Intermediate build artifacts |
dist/ | Final Zarf package output |
assets/ | Static assets bundled into package |
Logs
| Path | Description |
|---|---|
~/.config/opencenter/logs/ | CLI operation logs |
build.log | Air-gap build log (in project root) |
Kubeconfig
After infrastructure provisioning, the kubeconfig is written to:
infrastructure/clusters/<cluster>/kubeconfig.yaml
The opencenter cluster env command sets KUBECONFIG to this path automatically.