bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8461226a97340e61f3e0b1ec7eeaec6c92801097
bakery-ia/infrastructure/cicd/tekton/secrets/secrets-template.yaml
Urtzi Alfaro 35f164f0cd Add new infra architecture
2026-01-19 11:55:17 +01:00

80 lines
2.0 KiB
YAML
Raw Blame History

# CI/CD Secrets Template for Tekton Pipelines
#
# DO NOT commit this file with actual credentials!
# Use the generate-secrets.sh script to create secrets safely.
#
# For production, use one of these approaches:
# 1. Sealed Secrets: kubeseal < secrets.yaml > sealed-secrets.yaml
# 2. External Secrets Operator: Configure with your secret store
# 3. Manual creation: kubectl create secret ... (see generate-secrets.sh)
---
# Secret for Gitea webhook validation
# Used by EventListener to validate incoming webhooks
apiVersion: v1
kind: Secret
metadata:
name: gitea-webhook-secret
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: bakery-ia-cicd
app.kubernetes.io/component: triggers
type: Opaque
stringData:
# Generate with: openssl rand -hex 32
secretToken: "${WEBHOOK_SECRET_TOKEN}"
---
# Secret for Gitea container registry credentials
# Used by Kaniko to push images to Gitea registry
apiVersion: v1
kind: Secret
metadata:
name: gitea-registry-credentials
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: bakery-ia-cicd
app.kubernetes.io/component: build
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"${REGISTRY_URL}": {
"username": "${GITEA_USERNAME}",
"password": "${GITEA_PASSWORD}"
}
}
}
---
# Secret for Git credentials (used by pipeline to push GitOps updates)
apiVersion: v1
kind: Secret
metadata:
name: gitea-git-credentials
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: bakery-ia-cicd
app.kubernetes.io/component: gitops
type: Opaque
stringData:
username: "${GITEA_USERNAME}"
password: "${GITEA_PASSWORD}"
---
# Secret for Flux GitRepository access
# Used by Flux to pull from Gitea repository
apiVersion: v1
kind: Secret
metadata:
name: gitea-credentials
namespace: flux-system
labels:
app.kubernetes.io/name: bakery-ia-cicd
app.kubernetes.io/component: flux
type: Opaque
stringData:
username: "${GITEA_USERNAME}"
password: "${GITEA_PASSWORD}"
Reference in New Issue View Git Blame Copy Permalink