# CI/CD Secrets for Tekton Pipelines # # WARNING: This file contains EXAMPLE values only! # DO NOT use these values in production. # # To create actual secrets, use ONE of these methods: # # Method 1 (Recommended): Use the generate-secrets.sh script # ./generate-secrets.sh --gitea-user --gitea-password # # Method 2: Create secrets manually with kubectl # kubectl create secret generic gitea-webhook-secret \ # --namespace tekton-pipelines \ # --from-literal=secretToken="$(openssl rand -hex 32)" # # Method 3: Use Sealed Secrets for GitOps # kubeseal < secrets-template.yaml > sealed-secrets.yaml # # Method 4: Use External Secrets Operator # Configure ESO to pull from your secret store (Vault, AWS SM, etc.) --- # Example Secret for Gitea webhook validation # Used by EventListener to validate incoming webhooks apiVersion: v1 kind: Secret metadata: name: gitea-webhook-secret namespace: tekton-pipelines labels: app.kubernetes.io/name: bakery-ia-cicd app.kubernetes.io/component: triggers annotations: note: "EXAMPLE - Replace with actual secret using generate-secrets.sh" type: Opaque stringData: # Generate with: openssl rand -hex 32 secretToken: "example-webhook-token-do-not-use-in-production" --- # Example Secret for Gitea container registry credentials # Used by Kaniko to push images to Gitea registry apiVersion: v1 kind: Secret metadata: name: gitea-registry-credentials namespace: tekton-pipelines labels: app.kubernetes.io/name: bakery-ia-cicd app.kubernetes.io/component: build annotations: note: "EXAMPLE - Replace with actual secret using generate-secrets.sh" type: kubernetes.io/dockerconfigjson stringData: .dockerconfigjson: | { "auths": { "gitea.bakery-ia.local:5000": { "username": "example-user", "password": "example-password" } } } --- # Example Secret for Git credentials (used by pipeline to push GitOps updates) apiVersion: v1 kind: Secret metadata: name: gitea-git-credentials namespace: tekton-pipelines labels: app.kubernetes.io/name: bakery-ia-cicd app.kubernetes.io/component: gitops annotations: note: "EXAMPLE - Replace with actual secret using generate-secrets.sh" type: Opaque stringData: username: "example-user" password: "example-password" --- # Example Secret for Flux GitRepository access # Used by Flux to pull from Gitea repository apiVersion: v1 kind: Secret metadata: name: gitea-credentials namespace: flux-system labels: app.kubernetes.io/name: bakery-ia-cicd app.kubernetes.io/component: flux annotations: note: "EXAMPLE - Replace with actual secret using generate-secrets.sh" type: Opaque stringData: username: "example-user" password: "example-password"