49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
# SOPS Secret Template
|
|
# Use this template for creating encrypted secrets
|
|
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: app-secret
|
|
namespace: app-namespace
|
|
type: Opaque
|
|
data:
|
|
# These fields will be encrypted by SOPS
|
|
# Replace with actual base64-encoded values before encryption
|
|
DATABASE_PASSWORD: <REPLACE_WITH_BASE64_ENCODED_PASSWORD>
|
|
S3_ACCESS_KEY: <REPLACE_WITH_BASE64_ENCODED_KEY>
|
|
S3_SECRET_KEY: <REPLACE_WITH_BASE64_ENCODED_SECRET>
|
|
REDIS_PASSWORD: <REPLACE_WITH_BASE64_ENCODED_PASSWORD>
|
|
|
|
---
|
|
# ConfigMap for non-sensitive configuration
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: app-config
|
|
namespace: app-namespace
|
|
data:
|
|
# Database connection
|
|
DATABASE_HOST: "postgresql-shared-rw.postgresql-system.svc.cluster.local"
|
|
DATABASE_PORT: "5432"
|
|
DATABASE_NAME: "app_database"
|
|
|
|
# Redis connection
|
|
REDIS_HOST: "redis-ha-haproxy.redis-system.svc.cluster.local"
|
|
REDIS_PORT: "6379"
|
|
|
|
# S3 storage configuration
|
|
S3_BUCKET: "app-bucket"
|
|
S3_REGION: "<REPLACE_WITH_S3_REGION>"
|
|
S3_ENDPOINT: "<REPLACE_WITH_S3_ENDPOINT>"
|
|
S3_CDN_URL: "<REPLACE_WITH_CDN_URL>"
|
|
|
|
# Application settings
|
|
APP_ENV: "production"
|
|
APP_DEBUG: "false"
|
|
|
|
# SOPS encryption commands:
|
|
# sops -e -i this-file.yaml
|
|
# sops this-file.yaml # to edit
|
|
# sops -d this-file.yaml | kubectl apply -f - # to apply
|