28 lines
1.6 KiB
YAML
28 lines
1.6 KiB
YAML
# ═══════════════════════════════════════════════════════════════
|
|
# Secret — 敏感凭证
|
|
# ───────────────────────────────────────────────────────────────
|
|
# 部署前请务必修改下面所有占位密码!
|
|
# 推荐用 kubectl 在集群内生成(避免把明文提交到 git):
|
|
# kubectl -n resource-library create secret generic resource-library-secret \
|
|
# --from-literal=MYSQL_ROOT_PASSWORD='...' \
|
|
# --from-literal=MYSQL_PASSWORD='...' \
|
|
# --from-literal=SECRET_KEY="$(python -c 'import secrets;print(secrets.token_hex(32))')" \
|
|
# --from-literal=ADMIN_PASSWORD='...'
|
|
# 或使用 sealed-secrets / external-secrets 管理。
|
|
# ═══════════════════════════════════════════════════════════════
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: resource-library-secret
|
|
namespace: resource-library
|
|
type: Opaque
|
|
stringData:
|
|
# MySQL root 密码(仅 init 容器和 DBA 使用)
|
|
MYSQL_ROOT_PASSWORD: "CHANGE_ME_root_password"
|
|
# 应用使用的业务账号密码
|
|
MYSQL_PASSWORD: "CHANGE_ME_app_password"
|
|
# Flask SECRET_KEY(用于 session/签名),至少 32 字节随机
|
|
SECRET_KEY: "CHANGE_ME_please_run_python_secrets_token_hex_32"
|
|
# 首次启动自动创建的管理员密码
|
|
ADMIN_PASSWORD: "CHANGE_ME_Admin@123456"
|