# ============================================================================= # Secrets Configuration - 示例文件 (外部 Secret Manager) # ============================================================================= # 生产环境使用 External Secrets Operator (ESO) 从 Vault/AWS SM/Azure KeyVault 同步 # https://external-secrets.io/ # # 密钥管理器需要预先配置 SecretStore,例如 Vault: # apiVersion: external-secrets.io/v1beta1 # kind: SecretStore # metadata: # name: vault-backend # namespace: gitdataai # spec: # vault: # server: "https://vault.example.com" # pathPrefix: /secret # auth: # kubernetes: # mountPath: kubernetes # role: gitdata # # 密钥路径约定: # gitdata/database → { url: "postgresql://..." } # gitdata/redis → { url: "redis://..." } # gitdata/qdrant → { apiKey: "..." } # ============================================================================= # ----------------------------------------------------------------------------- # External Secrets 配置 # ----------------------------------------------------------------------------- externalSecrets: # SecretStore / ClusterSecretStore 名称 (集群预先配置) storeName: "vault-backend" storeKind: "SecretStore" # 或 ClusterSecretStore (跨 namespace) # Vault 密钥路径 databaseKey: "gitdata/database" redisKey: "gitdata/redis" qdrantKey: "gitdata/qdrant" # ----------------------------------------------------------------------------- # Secret 名称 (与 ExternalSecret target.name 对应) # ----------------------------------------------------------------------------- database: existingSecret: "gitdata-database-secret" secretKeys: url: APP_DATABASE_URL redis: existingSecret: "gitdata-redis-secret" secretKeys: url: APP_REDIS_URL # ----------------------------------------------------------------------------- # Qdrant (启用 AI 功能时需要) # ----------------------------------------------------------------------------- qdrant: enabled: true url: "http://qdrant.qdrant.svc.cluster.local:6333" existingSecret: "gitdata-qdrant-secret" secretKeys: apiKey: APP_QDRANT_API_KEY # ----------------------------------------------------------------------------- # 本地开发 / CI/CD 快速部署 (secrets.create: true) # 生产环境请使用 externalSecrets 配置 # ----------------------------------------------------------------------------- # secrets: # create: true # databaseUrl: "postgresql://..." # redisUrl: "redis://..."