diff --git a/apps/README.md b/apps/README.md index 606eeb2..ceff035 100644 --- a/apps/README.md +++ b/apps/README.md @@ -34,7 +34,7 @@ defaultConfig: dbHostname: postgres.postgres.svc.cluster.local dbUsername: immich domain: immich.{{ .cloud.domain }} -requiredSecrets: +defaultSecrets: - apps.immich.dbPassword - apps.postgres.password ``` @@ -47,7 +47,7 @@ Explanation of the fields: - `icon`: A URL to an icon representing the app. - `requires`: A list of other apps that this app depends on. Each entry should be the name of another app. - `defaultConfig`: A set of default configuration values for the app. When an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file. -- `requiredSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added. +- `defaultSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added. ### Kustomization @@ -168,7 +168,7 @@ Examples of apps with db-init jobs: `gitea`, `codimd`, `immich`, `openproject` key: apps.appname.dbUrl ``` -Add `apps.appname.dbUrl` to the manifest's `requiredSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials. +Add `apps.appname.dbUrl` to the manifest's `defaultSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials. ##### Security Context Requirements @@ -198,7 +198,7 @@ For PostgreSQL init jobs, use `runAsUser: 999` (postgres user). For other databa #### Secrets -Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `requiredSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps..` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `-secrets`, containing all secrets defined in the manifest's `requiredSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. +Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `defaultSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps..` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `-secrets`, containing all secrets defined in the manifest's `defaultSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. **Important:** Always use the full dotted path from the manifest as the secret key, not just the last segment. For example, to mount a secret in an environment variable, you would use: diff --git a/apps/discourse/manifest.yaml b/apps/discourse/manifest.yaml index 1ab50a2..c67aa18 100644 --- a/apps/discourse/manifest.yaml +++ b/apps/discourse/manifest.yaml @@ -26,7 +26,7 @@ defaultConfig: from: "{{ .cloud.smtp.from }}" tls: {{ .cloud.smtp.tls }} startTls: {{ .cloud.smtp.startTls }} -requiredSecrets: +defaultSecrets: - apps.discourse.adminPassword - apps.discourse.dbPassword - apps.discourse.dbUrl diff --git a/apps/ghost/manifest.yaml b/apps/ghost/manifest.yaml index 8a27a2b..c18e11f 100644 --- a/apps/ghost/manifest.yaml +++ b/apps/ghost/manifest.yaml @@ -24,7 +24,7 @@ defaultConfig: port: "{{ .cloud.smtp.port }}" from: "{{ .cloud.smtp.from }}" user: "{{ .cloud.smtp.user }}" -requiredSecrets: +defaultSecrets: - apps.ghost.adminPassword - apps.ghost.dbPassword - apps.ghost.smtpPassword \ No newline at end of file diff --git a/apps/gitea/README.md b/apps/gitea/README.md index 8e8b947..e070714 100644 --- a/apps/gitea/README.md +++ b/apps/gitea/README.md @@ -20,7 +20,7 @@ Sensitive configuration is stored in the `gitea-secrets` secret and managed by t - `dbPassword` - Database password - `smtpPassword` - SMTP authentication password -Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `requiredSecrets`. The `wild-app-deploy` command automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment. +Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `defaultSecrets`. The `wild-app-deploy` command automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment. ### Persistent Configuration (app.ini) Gitea manages its own `app.ini` file on persistent storage for: @@ -46,7 +46,7 @@ Gitea manages its own `app.ini` file on persistent storage for: ### Secret Settings 1. Edit `secrets.yaml` with your secret values -2. Ensure the secret key is listed in `manifest.yaml` under `requiredSecrets` +2. Ensure the secret key is listed in `manifest.yaml` under `defaultSecrets` 3. Run `wild-app-deploy gitea` - this will automatically update the `gitea-secrets` secret and restart the pod ### Web UI Changes diff --git a/apps/gitea/manifest.yaml b/apps/gitea/manifest.yaml index ac5b58a..c43b993 100644 --- a/apps/gitea/manifest.yaml +++ b/apps/gitea/manifest.yaml @@ -25,7 +25,7 @@ defaultConfig: port: 465 from: no-reply@{{ .cloud.domain }} user: TBD -requiredSecrets: +defaultSecrets: - apps.gitea.adminPassword - apps.gitea.dbPassword - apps.gitea.secretKey diff --git a/apps/immich/manifest.yaml b/apps/immich/manifest.yaml index 6a3a397..d064b49 100644 --- a/apps/immich/manifest.yaml +++ b/apps/immich/manifest.yaml @@ -19,7 +19,7 @@ defaultConfig: dbUsername: immich domain: immich.{{ .cloud.domain }} tlsSecretName: wildcard-wild-cloud-tls -requiredSecrets: +defaultSecrets: - apps.immich.dbPassword - apps.postgres.password - apps.redis.password diff --git a/apps/keila/manifest.yaml b/apps/keila/manifest.yaml index 7b52dfb..a6737c8 100644 --- a/apps/keila/manifest.yaml +++ b/apps/keila/manifest.yaml @@ -22,7 +22,7 @@ defaultConfig: user: "{{ .cloud.smtp.user }}" tls: {{ .cloud.smtp.tls }} startTls: {{ .cloud.smtp.startTls }} -requiredSecrets: +defaultSecrets: - apps.keila.secretKeyBase - apps.keila.dbPassword - apps.keila.dbUrl diff --git a/apps/listmonk/manifest.yaml b/apps/listmonk/manifest.yaml index cf6d907..76d9124 100644 --- a/apps/listmonk/manifest.yaml +++ b/apps/listmonk/manifest.yaml @@ -14,7 +14,7 @@ defaultConfig: dbUser: listmonk dbSSLMode: disable timezone: UTC -requiredSecrets: +defaultSecrets: - apps.listmonk.dbPassword - apps.listmonk.dbUrl - apps.postgres.password \ No newline at end of file diff --git a/apps/memcached/manifest.yaml b/apps/memcached/manifest.yaml index 57ed9f9..b1fba9e 100644 --- a/apps/memcached/manifest.yaml +++ b/apps/memcached/manifest.yaml @@ -16,4 +16,4 @@ defaultConfig: limits: memory: 128Mi cpu: 200m -requiredSecrets: [] \ No newline at end of file +defaultSecrets: [] \ No newline at end of file diff --git a/apps/mysql/manifest.yaml b/apps/mysql/manifest.yaml index 80d6f27..347c8f5 100644 --- a/apps/mysql/manifest.yaml +++ b/apps/mysql/manifest.yaml @@ -12,6 +12,6 @@ defaultConfig: user: mysql timezone: UTC enableSSL: false -requiredSecrets: +defaultSecrets: - apps.mysql.rootPassword - apps.mysql.password \ No newline at end of file diff --git a/apps/open-webui/manifest.yaml b/apps/open-webui/manifest.yaml index 4076741..fa9de6f 100644 --- a/apps/open-webui/manifest.yaml +++ b/apps/open-webui/manifest.yaml @@ -13,5 +13,5 @@ defaultConfig: # Authentication settings enableAuth: true enableSignup: false -requiredSecrets: +defaultSecrets: - apps.openWebui.secretKey \ No newline at end of file diff --git a/apps/openproject/manifest.yaml b/apps/openproject/manifest.yaml index 9ba646f..fc8b193 100644 --- a/apps/openproject/manifest.yaml +++ b/apps/openproject/manifest.yaml @@ -27,7 +27,7 @@ defaultConfig: tlsSecretName: wildcard-wild-cloud-tls cacheStore: memcache railsRelativeUrlRoot: "" -requiredSecrets: +defaultSecrets: - apps.openproject.dbPassword - apps.openproject.adminPassword - apps.postgres.password diff --git a/apps/postgres/manifest.yaml b/apps/postgres/manifest.yaml index 53d7113..ef85cde 100644 --- a/apps/postgres/manifest.yaml +++ b/apps/postgres/manifest.yaml @@ -9,5 +9,5 @@ defaultConfig: storage: 10Gi image: pgvector/pgvector:pg15 timezone: UTC -requiredSecrets: +defaultSecrets: - apps.postgres.password diff --git a/apps/redis/manifest.yaml b/apps/redis/manifest.yaml index d3e7c06..1d4d356 100644 --- a/apps/redis/manifest.yaml +++ b/apps/redis/manifest.yaml @@ -7,5 +7,5 @@ defaultConfig: image: redis:alpine timezone: UTC port: 6379 -requiredSecrets: +defaultSecrets: - apps.redis.password diff --git a/apps/vllm/manifest.yaml b/apps/vllm/manifest.yaml index 1ab8ffd..89d88fb 100644 --- a/apps/vllm/manifest.yaml +++ b/apps/vllm/manifest.yaml @@ -18,4 +18,4 @@ defaultConfig: gpuCount: 1 domain: vllm.{{ .cloud.domain }} namespace: llm -requiredSecrets: [] \ No newline at end of file +defaultSecrets: [] \ No newline at end of file diff --git a/bin/wild-app-add b/bin/wild-app-add index 818f007..85e287f 100755 --- a/bin/wild-app-add +++ b/bin/wild-app-add @@ -109,7 +109,7 @@ mkdir -p "${DEST_APP_DIR}" # Step 1: Copy manifest.yaml from repository first MANIFEST_FILE="${SOURCE_APP_DIR}/manifest.yaml" if [ -f "${MANIFEST_FILE}" ]; then - # manifest.yaml is allowed to have gomplate variables in the defaultConfig and requiredSecrets sections. + # manifest.yaml is allowed to have gomplate variables in the defaultConfig and defaultSecrets sections. # We need to use gomplate to process these variables before using yq. echo "Processing app manifest." DEST_MANIFEST="${DEST_APP_DIR}/manifest.yaml" @@ -155,7 +155,7 @@ if yq eval '.defaultConfig' "${DEST_MANIFEST}" | grep -q -v '^null$'; then fi # Scaffold required secrets into .wildcloud/secrets.yaml if they don't exist -if yq eval '.requiredSecrets' "${DEST_MANIFEST}" | grep -q -v '^null$'; then +if yq eval '.defaultSecrets' "${DEST_MANIFEST}" | grep -q -v '^null$'; then # Ensure .wildcloud/secrets.yaml exists if [ ! -f "${SECRETS_FILE}" ]; then @@ -174,7 +174,7 @@ if yq eval '.requiredSecrets' "${DEST_MANIFEST}" | grep -q -v '^null$'; then random_secret=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-32) yq eval ".${secret_path} = \"${random_secret}\"" -i "${SECRETS_FILE}" fi - done < <(yq eval '.requiredSecrets[]' "${DEST_MANIFEST}") + done < <(yq eval '.defaultSecrets[]' "${DEST_MANIFEST}") echo "Required secrets declared in app manifest added to '${SECRETS_FILE}'." fi diff --git a/bin/wild-app-deploy b/bin/wild-app-deploy index f0034bf..22e6fbf 100755 --- a/bin/wild-app-deploy +++ b/bin/wild-app-deploy @@ -63,14 +63,14 @@ deploy_secrets() { local app_name="$1" local target_namespace="${2:-${app_name}}" # Default to app name if not specified - # Check if app has a manifest with requiredSecrets + # Check if app has a manifest with defaultSecrets local manifest_file="apps/${app_name}/manifest.yaml" if [ ! -f "${manifest_file}" ]; then return 0 fi # Check if there are required secrets defined - if ! yq eval '.requiredSecrets' "${manifest_file}" | grep -q -v '^null$'; then + if ! yq eval '.defaultSecrets' "${manifest_file}" | grep -q -v '^null$'; then return 0 fi @@ -89,7 +89,7 @@ deploy_secrets() { echo "Error: Required secret '${secret_path}' not found in ${SECRETS_FILE} for app '${app_name}'" exit 1 fi - done < <(yq eval '.requiredSecrets[]' "${manifest_file}") + done < <(yq eval '.defaultSecrets[]' "${manifest_file}") # Create/update app secret in cluster if [ -n "${secret_data}" ]; then diff --git a/docs/agent-context/wildcloud/apps-system.md b/docs/agent-context/wildcloud/apps-system.md index 037aab3..a7a6f9d 100644 --- a/docs/agent-context/wildcloud/apps-system.md +++ b/docs/agent-context/wildcloud/apps-system.md @@ -43,7 +43,7 @@ defaultConfig: storage: 10Gi dbHostname: postgres.postgres.svc.cluster.local dbUsername: myapp -requiredSecrets: +defaultSecrets: - apps.myapp.dbPassword - apps.postgres.password ``` @@ -55,7 +55,7 @@ requiredSecrets: - `icon` - A URL to an icon representing the app - `requires` - A list of other apps that this app depends on (each entry should be the name of another app) - `defaultConfig` - A set of default configuration values for the app (when an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file) -- `requiredSecrets` - A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly (these secrets are typically sensitive information like database passwords or API keys; keys with random values will be generated automatically when the app is added) +- `defaultSecrets` - A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly (these secrets are typically sensitive information like database passwords or API keys; keys with random values will be generated automatically when the app is added) ### Kustomization Configuration @@ -354,7 +354,7 @@ spec: ```yaml # In manifest.yaml -requiredSecrets: +defaultSecrets: - apps.myapp.dbUrl # Generated secret (by wild-app-add) @@ -509,7 +509,7 @@ Wild Cloud includes apps for common self-hosted services: **Manifest Design**: - Include comprehensive `defaultConfig` for all configurable values -- List all `requiredSecrets` the app needs +- List all `defaultSecrets` the app needs - Specify dependencies in `requires` field - Use semantic versioning diff --git a/docs/agent-context/wildcloud/configuration-system.md b/docs/agent-context/wildcloud/configuration-system.md index 6954434..5960705 100644 --- a/docs/agent-context/wildcloud/configuration-system.md +++ b/docs/agent-context/wildcloud/configuration-system.md @@ -247,7 +247,7 @@ wild-secret-set apps.database '{"user":"admin","password":"secret"}' When you run `wild-app-add`, Wild Cloud automatically generates required secrets: -1. **Reads App Manifest**: Identifies `requiredSecrets` list +1. **Reads App Manifest**: Identifies `defaultSecrets` list 2. **Checks Existing Secrets**: Never overwrites existing values 3. **Generates Missing Secrets**: Creates secure random values 4. **Updates secrets.yaml**: Adds new secrets with proper structure @@ -255,7 +255,7 @@ When you run `wild-app-add`, Wild Cloud automatically generates required secrets **Example App Manifest**: ```yaml name: ghost -requiredSecrets: +defaultSecrets: - apps.ghost.dbPassword # Auto-generated if missing - apps.ghost.jwtSecret # Auto-generated if missing - apps.postgresql.password # Auto-generated if missing (dependency) diff --git a/docs/guides/adding-apps.md b/docs/guides/adding-apps.md index a110db6..daf9c2d 100644 --- a/docs/guides/adding-apps.md +++ b/docs/guides/adding-apps.md @@ -34,7 +34,7 @@ defaultConfig: dbHostname: postgres.postgres.svc.cluster.local dbUsername: immich domain: immich.{{ .cloud.domain }} -requiredSecrets: +defaultSecrets: - apps.immich.dbPassword - apps.postgres.password ``` @@ -47,7 +47,7 @@ Explanation of the fields: - `icon`: A URL to an icon representing the app. - `requires`: A list of other apps that this app depends on. Each entry should be the name of another app. - `defaultConfig`: A set of default configuration values for the app. When an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file. -- `requiredSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added. +- `defaultSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added. ### Kustomization @@ -168,7 +168,7 @@ Examples of apps with db-init jobs: `gitea`, `codimd`, `immich`, `openproject` key: apps.appname.dbUrl ``` -Add `apps.appname.dbUrl` to the manifest's `requiredSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials. +Add `apps.appname.dbUrl` to the manifest's `defaultSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials. ##### Security Context Requirements @@ -198,7 +198,7 @@ For PostgreSQL init jobs, use `runAsUser: 999` (postgres user). For other databa #### Secrets -Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `requiredSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps..` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `-secrets`, containing all secrets defined in the manifest's `requiredSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. +Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `defaultSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps..` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `-secrets`, containing all secrets defined in the manifest's `defaultSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. **Important:** Always use the full dotted path from the manifest as the secret key, not just the last segment. For example, to mount a secret in an environment variable, you would use: