---
# NOTE: This file contains example secrets for development.
# For production, use one of the following:
# 1. Sealed Secrets (bitnami-labs/sealed-secrets)
# 2. External Secrets Operator
# 3. HashiCorp Vault
# 4. Cloud provider secret managers (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault)
#
# NEVER commit real production secrets to git!

apiVersion: v1
kind: Secret
metadata:
  name: grafana-admin
  namespace: monitoring
type: Opaque
stringData:
  admin-user: admin
  # CHANGE THIS PASSWORD IN PRODUCTION!
  # Generate with: openssl rand -base64 32
  admin-password: "CHANGE_ME_IN_PRODUCTION"

---
apiVersion: v1
kind: Secret
metadata:
  name: alertmanager-secrets
  namespace: monitoring
type: Opaque
stringData:
  # SMTP configuration for email alerts
  # CHANGE THESE VALUES IN PRODUCTION!
  smtp-host: "smtp.gmail.com:587"
  smtp-username: "alerts@yourdomain.com"
  smtp-password: "CHANGE_ME_IN_PRODUCTION"
  smtp-from: "alerts@yourdomain.com"

  # Slack webhook URL (optional)
  slack-webhook-url: "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"

---
apiVersion: v1
kind: Secret
metadata:
  name: postgres-exporter
  namespace: monitoring
type: Opaque
stringData:
  # PostgreSQL connection string
  # Format: postgresql://username:password@hostname:port/database?sslmode=disable
  # CHANGE THIS IN PRODUCTION!
  data-source-name: "postgresql://postgres:postgres@postgres.bakery-ia:5432/bakery?sslmode=disable"