docs: add readme to the services

applications/base/services/cert-manager/README.md

@@ -0,0 +1,14 @@
+# Cert-manager – Base Configuration
+
+This directory contains the **base manifests** for deploying [Cert-manager](https://cert-manager.io/). It is intended to be consumed by **cluster repositories** as a remote base, with the option to provide cluster-specific overrides.
+
+## Cert-Manager
+
+- Automates the management and renewal of TLS certificates in Kubernetes clusters.
+- Supports multiple certificate sources such as Let's Encrypt, HashiCorp Vault, and private PKI.
+- Uses custom resources like Issuer, ClusterIssuer, and Certificate to define how certificates are requested and managed.
+- Stores issued certificates and private keys securely in Kubernetes Secrets.
+- Handles ACME challenges, certificate revocation, and self-signed certificates.
+- Minimizes manual intervention and prevents downtime from expired certificates.
+- Commonly used to secure ingress controllers, internal services, and any workloads requiring TLS.
+- Simplifies certificate lifecycle management and enhances overall cluster security.

applications/base/services/external-snapshotter/README.md

@@ -0,0 +1,14 @@
+# External-Snapshotter – Base Configuration
+
+This directory contains the **base manifests** for deploying the [External Snapshotter](https://kubernetes-csi.github.io/docs/snapshot-controller.html), a Kubernetes CSI component responsible for managing volume snapshots.  
+It is designed to be **consumed by cluster repositories** as a remote base, allowing each cluster to apply **custom overrides** as needed.
+
+**About External-Snapshotter:**
+
+- Provides Kubernetes-native APIs (`VolumeSnapshot`, `VolumeSnapshotContent`, and `VolumeSnapshotClass`) for managing persistent volume snapshots.  
+- Works with CSI drivers that support snapshot capabilities to create, restore, and delete snapshots.  
+- Consists of the **snapshot-controller**, **CRDs**, and **webhook** components.  
+- Enables backup, restore, and cloning workflows for persistent volumes.  
+- Decouples snapshot lifecycle management from storage vendors, offering a consistent interface across environments.  
+- Commonly used in backup automation, disaster recovery, and application data protection scenarios.  
+- Simplifies volume snapshot management and improves data resilience in Kubernetes clusters.  

applications/base/services/gateway-api/README.md

@@ -3,125 +3,10 @@
 This directory contains the **base manifests** for deploying the [Envoy Gateway](https://gateway.envoyproxy.io/) as a managed service.
 It is intended to be consumed by **cluster repositories** as a remote base, with the option to provide cluster-specific overrides.
 
-- `namespace.yaml` - Defines the `envoy-gateway-system` namespace.
-- `envoyproxy-source.yaml` - Defines the helm repository to install `envoy-gateway-api`.
-- `helmrelease.yaml` - FluxCD `HelmRelease` for deploying Envoy Gateway from the configured Helm repository.
-- `helm-values/hardened_values_v0.0.0.yaml` - Default “hardened” baseline values.
-  These are designed as production-ready defaults.
-- `kustomization.yaml` – Wires together the namespace, HelmRelease, and default values.
-  Also generates a `Secret` (`envoy-gateway-api-values-base`) from the hardened values.
+**About Envoy Gateway:**
 
-## Usage in a Cluster Repository
-
-A cluster repository should reference this base using a FluxCD `Kustomization` that points to the GitRepository containing this repo.
-
-Example `Kustomization` in the cluster repo:
-
-```yaml
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: envoy-gateway-api-base
-  namespace: flux-system
-spec:
-  interval: 1m
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: opencenter-gateway-api #<= its the base flux gitrepository resource
-    namespace: flux-system
-  path: base/services/gateway-api
-  targetNamespace: envoy-gateway-system
-  wait: true
-```
-
-```yaml
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: opencenter-gateway-api
-  namespace: flux-system
-spec:
-  interval: 1m
-  url: https://github.com/pratik705/opencenter1.git
-  ref:
-    branch: main
-```
-
-This will deploy Envoy Gateway with the default hardened configuration.
-
-## Overriding Values
-
-User can provide **cluster-specific overrides** without modifying this base.
-
-1. Create a folder in the cluster repo:
-
-   ```
-   applications/overlays/<cluster>/services/gateway-api/helm-values/
-   └── override_values.yaml
-   ```
-
-2. Reference both hardened values (from this base) and local overrides in a `Secret` (via `secretGenerator` or plain YAML). Example in cluster repo:
-
-```yaml
-namespace: envoy-gateway-system
-
-secretGenerator:
-  - name: envoy-gateway-api-values-override
-    namespace: envoy-gateway-system
-    type: Opaque
-    files:
-      - override.yaml=helm-values/override_values.yaml
-    options:
-      disableNameSuffixHash: true
-```
-
-3. The base HelmRelease is configured with `valuesFrom` so both hardened and override values are merged.
-   - Hardened defaults provide a secure baseline.
-   - Overrides take precedence when defined.
-
-## Example Override (cluster repo)
-
-`helm-values/override_values.yaml`:
-
-```yaml
-replicaCount: 2
-```
-
-This overrides replica count and service configuration while keeping the rest of the hardened defaults intact.
-
-## Adding Additional Resources
-
-User may also add **extra Kubernetes resources** (NetworkPolicies, ConfigMaps, etc.) alongside the override values.
-These will be applied together with the base and override.
-
-Example in cluster repo:
-
-```
-applications/overlays/<cluster>/services/gateway-api/
-├── helm-values/
-│   └── override_values.yaml
-├── networkpolicy.yaml
-├── opencenter-source.yaml
-└── kustomization.yaml
-```
-
-`kustomization.yaml:`
-
-```yaml
-namespace: envoy-gateway-system
-
-resources:
-  - "./opencenter-source.yaml"
-  - "./networkpolicy.yaml"
-
-secretGenerator:
-  - name: envoy-gateway-api-values-override
-    namespace: envoy-gateway-system
-    type: Opaque
-    files:
-      - override.yaml=helm-values/override_values.yaml
-    options:
-      disableNameSuffixHash: true
-```
+- Implements the Kubernetes **Gateway API** to manage north-south traffic routing for services.  
+- Simplifies Envoy deployment and configuration through a controller-based approach.
+- Integrates seamlessly with **Cert-Manager** for automatic TLS certificate provisioning.  
+- Supports advanced traffic management features such as path-based routing, header manipulation, timeouts, retries, and rate limiting.  
+- Commonly used to expose applications, APIs, and services securely to external clients.  

applications/base/services/harbor/README.md

@@ -0,0 +1,14 @@
+# Harbor – Base Configuration
+
+This directory contains the **base manifests** for deploying [Harbor](https://goharbor.io/), a cloud-native registry that stores, signs, and scans container images and Helm charts.  
+It is designed to be **consumed by cluster repositories** as a remote base, allowing each cluster to apply **custom overrides** as needed.
+
+**About Harbor:**
+
+- Acts as a **secure and centralized container registry** for storing and managing OCI images and Helm charts.  
+- Provides **role-based access control(RBAC)** and **OIDC authentication** for user and project management.  
+- Supports **vulnerability scanning**, **image signing (Notary)**, and **content trust** to enhance supply chain security.  
+- Integrates with **Trivy** for image vulnerability scanning and **ChartMuseum** for Helm chart management.  
+- Can serve as a **private OCI registry** for GitOps workflows and Flux/Kustomize-based deployments.  
+- Features an intuitive web UI, REST API, and CLI tools for efficient image lifecycle management.  
+- Improves compliance, security, and performance for enterprise container environments.