refactor(devsvc): enhance secret management in values.yaml
- Removed hardcoded sensitive configurations (Gitea token, MongoDB URI, RabbitMQ password, and default Git password) from the values.yaml file. - Introduced a structured secrets section to reference these sensitive values from FreeleapsSecretStore, improving security and maintainability. - This change continues the effort to centralize and secure sensitive information management across the application. Signed-off-by: zhenyus <zhenyus@mathmast.com>
This commit is contained in:
zhenyus
parent
6584ab12c5
commit
df862dfa39
@ -58,10 +58,6 @@ devsvc:
|
|||||||
serviceApiAccessPort: "8013"
|
serviceApiAccessPort: "8013"
|
||||||
# MONGODB_NAME
|
# MONGODB_NAME
|
||||||
mongodbName: ""
|
mongodbName: ""
|
||||||
# MONGODB_URI
|
|
||||||
mongodbUri: ""
|
|
||||||
# GITEA_TOKEN
|
|
||||||
giteaToken: ""
|
|
||||||
# GITEA_URL
|
# GITEA_URL
|
||||||
giteaUrl: ""
|
giteaUrl: ""
|
||||||
# GITEA_DEPOT_ORGANIZATION
|
# GITEA_DEPOT_ORGANIZATION
|
||||||
@ -82,22 +78,45 @@ devsvc:
|
|||||||
rabbitmqPort: ""
|
rabbitmqPort: ""
|
||||||
# RABBITMQ_USERNAME
|
# RABBITMQ_USERNAME
|
||||||
rabbitmqUsername: ""
|
rabbitmqUsername: ""
|
||||||
# RABBITMQ_PASSWORD
|
|
||||||
rabbitmqPassword: ""
|
|
||||||
# RABBITMQ_VIRTUAL_HOST
|
# RABBITMQ_VIRTUAL_HOST
|
||||||
rabbitmqVirtualHost: ""
|
rabbitmqVirtualHost: ""
|
||||||
# DEFAULT_GIT_USERNAME
|
# DEFAULT_GIT_USERNAME
|
||||||
defaultGitUsername: ""
|
defaultGitUsername: ""
|
||||||
# DEFAULT_GIT_PASSWORD
|
|
||||||
defaultGitPassword: ""
|
|
||||||
# DEVOPS_DOCKER_REGISTRY_URL
|
# DEVOPS_DOCKER_REGISTRY_URL
|
||||||
devopsDockerRegistryUrl: ""
|
devopsDockerRegistryUrl: ""
|
||||||
# DEVOPS_DOCKER_REGISTRY_REPOSITORY_NAME
|
# DEVOPS_DOCKER_REGISTRY_REPOSITORY_NAME
|
||||||
devopsDockerRegistryRepositoryName: ""
|
devopsDockerRegistryRepositoryName: ""
|
||||||
# DEVOPS_DOCKER_REGISTRY_USERNAME
|
# DEVOPS_DOCKER_REGISTRY_USERNAME
|
||||||
devopsDockerRegistryUsername: ""
|
devopsDockerRegistryUsername: ""
|
||||||
# DEVOPS_DOCKER_REGISTRY_PASSWORD
|
secrets:
|
||||||
devopsDockerRegistryPassword: ""
|
secretStoreRef:
|
||||||
|
kind: FreeleapsSecretStore
|
||||||
|
name: freeleaps-main-secret-store
|
||||||
|
target:
|
||||||
|
name: "freeleaps-devsvc-secrets"
|
||||||
|
creationPolicy: "Owner"
|
||||||
|
refreshInterval: 30s
|
||||||
|
data:
|
||||||
|
- key: giteaToken
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-gitea-token"
|
||||||
|
type: Secret
|
||||||
|
- key: mongodbUri
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-mongodb-uri"
|
||||||
|
type: Secret
|
||||||
|
- key: rabbitmqPassword
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-rabbitmq-password"
|
||||||
|
type: Secret
|
||||||
|
- key: defaultGitPassword
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-gitea-password"
|
||||||
|
type: Secret
|
||||||
|
- key: devopsDockerRegistryPassword
|
||||||
|
remoteRef:
|
||||||
|
key: "freeleaps-alpha-devops-docker-registry-password"
|
||||||
|
type: Secret
|
||||||
vpa:
|
vpa:
|
||||||
minAllowed:
|
minAllowed:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user