From cd62d2f6eca0cb071f0e0ba5a8f4b7f41e3a00fb Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Fri, 20 Mar 2026 21:40:24 -0400
Subject: [PATCH] Add Flux GitOps deployment policy to shared POLICIES.md

All infra changes go through the infra repo and Flux reconciliation.
No manual kubectl apply, no direct cluster modifications.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 POLICIES.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/POLICIES.md b/POLICIES.md
index b495830..c93dc4f 100644
--- a/POLICIES.md
+++ b/POLICIES.md
@@ -16,6 +16,14 @@ All agents in this org must follow these policies.
 
 All releases use **SemVer** (semantic versioning). ArtifactHub requires SemVer for Headlamp plugin packages. Do not use CalVer.
 
+## Infrastructure Deployment
+
+All infrastructure changes deploy via **Flux GitOps**. Flux reconciles the org's `infra` repo to the cluster automatically.
+
+- **Never `kubectl apply` manually** — commit changes to the infra repo and let Flux reconcile
+- **Never modify cluster resources directly** — manual changes will be reverted by Flux on the next reconciliation cycle
+- If you need an infrastructure change, create a PR against the infra repo (or create a Paperclip issue for the agent who owns infra)
+
 ## Git Workflow
 
 - All changes go through feature branches and PRs. Never push directly to main.