72 lines
2.5 KiB
Plaintext
72 lines
2.5 KiB
Plaintext
# =============================================================================
|
||
# Secrets Configuration - 示例文件 (外部 Secret Manager)
|
||
# =============================================================================
|
||
# 生产环境使用 External Secrets Operator (ESO) 从 Vault/AWS SM/Azure KeyVault 同步
|
||
# https://external-secrets.io/
|
||
#
|
||
# 密钥管理器需要预先配置 SecretStore,例如 Vault:
|
||
# apiVersion: external-secrets.io/v1beta1
|
||
# kind: SecretStore
|
||
# metadata:
|
||
# name: vault-backend
|
||
# namespace: gitdataai
|
||
# spec:
|
||
# vault:
|
||
# server: "https://vault.example.com"
|
||
# pathPrefix: /secret
|
||
# auth:
|
||
# kubernetes:
|
||
# mountPath: kubernetes
|
||
# role: gitdata
|
||
#
|
||
# 密钥路径约定:
|
||
# gitdata/database → { url: "postgresql://..." }
|
||
# gitdata/redis → { url: "redis://..." }
|
||
# gitdata/qdrant → { apiKey: "..." }
|
||
# =============================================================================
|
||
|
||
# -----------------------------------------------------------------------------
|
||
# External Secrets 配置
|
||
# -----------------------------------------------------------------------------
|
||
externalSecrets:
|
||
# SecretStore / ClusterSecretStore 名称 (集群预先配置)
|
||
storeName: "vault-backend"
|
||
storeKind: "SecretStore" # 或 ClusterSecretStore (跨 namespace)
|
||
|
||
# Vault 密钥路径
|
||
databaseKey: "gitdata/database"
|
||
redisKey: "gitdata/redis"
|
||
qdrantKey: "gitdata/qdrant"
|
||
|
||
# -----------------------------------------------------------------------------
|
||
# Secret 名称 (与 ExternalSecret target.name 对应)
|
||
# -----------------------------------------------------------------------------
|
||
database:
|
||
existingSecret: "gitdata-database-secret"
|
||
secretKeys:
|
||
url: APP_DATABASE_URL
|
||
|
||
redis:
|
||
existingSecret: "gitdata-redis-secret"
|
||
secretKeys:
|
||
url: APP_REDIS_URL
|
||
|
||
# -----------------------------------------------------------------------------
|
||
# Qdrant (启用 AI 功能时需要)
|
||
# -----------------------------------------------------------------------------
|
||
qdrant:
|
||
enabled: true
|
||
url: "http://qdrant.qdrant.svc.cluster.local:6333"
|
||
existingSecret: "gitdata-qdrant-secret"
|
||
secretKeys:
|
||
apiKey: APP_QDRANT_API_KEY
|
||
|
||
# -----------------------------------------------------------------------------
|
||
# 本地开发 / CI/CD 快速部署 (secrets.create: true)
|
||
# 生产环境请使用 externalSecrets 配置
|
||
# -----------------------------------------------------------------------------
|
||
# secrets:
|
||
# create: true
|
||
# databaseUrl: "postgresql://..."
|
||
# redisUrl: "redis://..."
|