Tugboat Labs the issue with a branch per environment is PR complexity merging into the correct merge and the cognitive load when making changes. Using this directory structure means its a single branch and updating base updates all environments at once which is powerful for us.

With regards to secrets, we use Bitnami Sealed Secrets and have a dedicated repository for that called “k8s-secrets” and then have a dedicated flux instance in the cluster reconciling. The directory structure of the repo is as below

sealed-secrets
├── dev
├── prd
├── sbx
├── stg
└── tools