# IMPORTANT: This is a template file for secrets configuration # DO NOT commit actual secret values to version control # Use kubectl create secret or external secret management tools apiVersion: v1 kind: Secret metadata: name: wifi-densepose-secrets namespace: wifi-densepose labels: app: wifi-densepose component: secrets type: Opaque data: # Database credentials (base64 encoded) # Example: echo -n "your_password" | base64 DATABASE_PASSWORD: DATABASE_URL: # Redis credentials REDIS_PASSWORD: REDIS_URL: # JWT and API secrets SECRET_KEY: JWT_SECRET: API_KEY: # External service credentials ROUTER_SSH_KEY: ROUTER_PASSWORD: # Monitoring credentials GRAFANA_ADMIN_PASSWORD: PROMETHEUS_PASSWORD: --- apiVersion: v1 kind: Secret metadata: name: postgres-secret namespace: wifi-densepose labels: app: wifi-densepose component: postgres type: Opaque data: # PostgreSQL credentials POSTGRES_USER: POSTGRES_PASSWORD: POSTGRES_DB: --- apiVersion: v1 kind: Secret metadata: name: redis-secret namespace: wifi-densepose labels: app: wifi-densepose component: redis type: Opaque data: # Redis credentials REDIS_PASSWORD: --- apiVersion: v1 kind: Secret metadata: name: tls-secret namespace: wifi-densepose labels: app: wifi-densepose component: tls type: kubernetes.io/tls data: # TLS certificate and key (base64 encoded) tls.crt: tls.key: --- # Example script to create secrets from environment variables # Save this as create-secrets.sh and run with proper environment variables set # #!/bin/bash # # # Ensure namespace exists # kubectl create namespace wifi-densepose --dry-run=client -o yaml | kubectl apply -f - # # # Create main application secrets # kubectl create secret generic wifi-densepose-secrets \ # --namespace=wifi-densepose \ # --from-literal=DATABASE_PASSWORD="${DATABASE_PASSWORD}" \ # --from-literal=DATABASE_URL="${DATABASE_URL}" \ # --from-literal=REDIS_PASSWORD="${REDIS_PASSWORD}" \ # --from-literal=REDIS_URL="${REDIS_URL}" \ # --from-literal=SECRET_KEY="${SECRET_KEY}" \ # --from-literal=JWT_SECRET="${JWT_SECRET}" \ # --from-literal=API_KEY="${API_KEY}" \ # --from-literal=ROUTER_SSH_KEY="${ROUTER_SSH_KEY}" \ # --from-literal=ROUTER_PASSWORD="${ROUTER_PASSWORD}" \ # --from-literal=GRAFANA_ADMIN_PASSWORD="${GRAFANA_ADMIN_PASSWORD}" \ # --from-literal=PROMETHEUS_PASSWORD="${PROMETHEUS_PASSWORD}" \ # --dry-run=client -o yaml | kubectl apply -f - # # # Create PostgreSQL secrets # kubectl create secret generic postgres-secret \ # --namespace=wifi-densepose \ # --from-literal=POSTGRES_USER="${POSTGRES_USER}" \ # --from-literal=POSTGRES_PASSWORD="${POSTGRES_PASSWORD}" \ # --from-literal=POSTGRES_DB="${POSTGRES_DB}" \ # --dry-run=client -o yaml | kubectl apply -f - # # # Create Redis secrets # kubectl create secret generic redis-secret \ # --namespace=wifi-densepose \ # --from-literal=REDIS_PASSWORD="${REDIS_PASSWORD}" \ # --dry-run=client -o yaml | kubectl apply -f - # # # Create TLS secrets from certificate files # kubectl create secret tls tls-secret \ # --namespace=wifi-densepose \ # --cert=path/to/tls.crt \ # --key=path/to/tls.key \ # --dry-run=client -o yaml | kubectl apply -f - # # echo "Secrets created successfully!" --- # External Secrets Operator configuration (if using external secret management) apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata: name: vault-secret-store namespace: wifi-densepose spec: provider: vault: server: "https://vault.example.com" path: "secret" version: "v2" auth: kubernetes: mountPath: "kubernetes" role: "wifi-densepose" serviceAccountRef: name: "wifi-densepose-sa" --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: wifi-densepose-external-secrets namespace: wifi-densepose spec: refreshInterval: 1h secretStoreRef: name: vault-secret-store kind: SecretStore target: name: wifi-densepose-secrets creationPolicy: Owner data: - secretKey: DATABASE_PASSWORD remoteRef: key: wifi-densepose/database property: password - secretKey: REDIS_PASSWORD remoteRef: key: wifi-densepose/redis property: password - secretKey: JWT_SECRET remoteRef: key: wifi-densepose/auth property: jwt_secret - secretKey: API_KEY remoteRef: key: wifi-densepose/auth property: api_key