26 lines
962 B
Text
26 lines
962 B
Text
|
|
# Template for the apps-pg-credentials Secret.
|
||
|
|
# DO NOT commit this file with real credentials.
|
||
|
|
# Encrypt with: sops -e -i helm/apps-pg-secret.sops.yaml
|
||
|
|
# Apply with: kubectl apply -f <(sops -d helm/apps-pg-secret.sops.yaml)
|
||
|
|
#
|
||
|
|
# This Secret is consumed by the bootstrap.initdb stanza of
|
||
|
|
# helm/apps-pg-cluster.yaml and only exists to create the platform
|
||
|
|
# bootstrap role `apps_admin` and meta DB `apps_meta`. It is NOT a
|
||
|
|
# runtime credential for any S5 application — those are issued per
|
||
|
|
# consumer through the onboarding contract in docs/apps-pg.md.
|
||
|
|
---
|
||
|
|
apiVersion: v1
|
||
|
|
kind: Secret
|
||
|
|
metadata:
|
||
|
|
name: apps-pg-credentials
|
||
|
|
namespace: databases
|
||
|
|
labels:
|
||
|
|
app.kubernetes.io/name: apps-pg
|
||
|
|
app.kubernetes.io/component: database-bootstrap
|
||
|
|
app.kubernetes.io/managed-by: manual
|
||
|
|
railiance.io/layer: s3-platform
|
||
|
|
type: kubernetes.io/basic-auth
|
||
|
|
stringData:
|
||
|
|
username: apps_admin
|
||
|
|
password: REPLACE_WITH_PASSWORD # encrypt with SOPS before committing
|