Changed requiredSecrets to defaultSecrets

2025-12-30 00:03:31 +00:00
parent 2684c46de4
commit 8d62d65d6f
20 changed files with 35 additions and 35 deletions
--- a/apps/README.md
+++ b/apps/README.md
@@ -34,7 +34,7 @@ defaultConfig:
  dbHostname: postgres.postgres.svc.cluster.local
  dbUsername: immich
  domain: immich.{{ .cloud.domain }}
-requiredSecrets:
+defaultSecrets:
  - apps.immich.dbPassword
  - apps.postgres.password
 ```
@@ -47,7 +47,7 @@ Explanation of the fields:
 - `icon`: A URL to an icon representing the app.
 - `requires`: A list of other apps that this app depends on. Each entry should be the name of another app.
 - `defaultConfig`: A set of default configuration values for the app. When an app is added using `wild-app-add`, these values will be added to the Wild Cloud `config.yaml` file.
- `requiredSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added.
+- `defaultSecrets`: A list of secrets that must be set in the Wild Cloud `secrets.yaml` file for the app to function properly. These secrets are typically sensitive information like database passwords or API keys. Keys with random values will be generated automatically when the app is added.

 ### Kustomization

@@ -168,7 +168,7 @@ Examples of apps with db-init jobs: `gitea`, `codimd`, `immich`, `openproject`
      key: apps.appname.dbUrl
 ```

-Add `apps.appname.dbUrl` to the manifest's `requiredSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials.
+Add `apps.appname.dbUrl` to the manifest's `defaultSecrets` and the `wild-app-add` script will generate the complete URL with embedded credentials.

 ##### Security Context Requirements

@@ -198,7 +198,7 @@ For PostgreSQL init jobs, use `runAsUser: 999` (postgres user). For other databa

 #### Secrets

-Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `requiredSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps.<app-name>.<secret-name>` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `<app-name>-secrets`, containing all secrets defined in the manifest's `requiredSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. 
+Secrets are managed in the `secrets.yaml` file in the Wild Cloud home directory. The app's `manifest.yaml` should list any required secrets under `defaultSecrets`. When the app is added, default secret values will be generated and stored in the `secrets.yaml` file. Secrets are always stored and referenced in the `apps.<app-name>.<secret-name>` yaml path. When `wild-app-deploy` is run, a Secret resource will be created in the Kubernetes cluster with the name `<app-name>-secrets`, containing all secrets defined in the manifest's `defaultSecrets` key. These secrets can then be referenced in the app's Kustomize files using a `secretKeyRef`. 

 **Important:** Always use the full dotted path from the manifest as the secret key, not just the last segment. For example, to mount a secret in an environment variable, you would use:

--- a/apps/discourse/manifest.yaml
+++ b/apps/discourse/manifest.yaml
@@ -26,7 +26,7 @@ defaultConfig:
    from: "{{ .cloud.smtp.from }}"
    tls: {{ .cloud.smtp.tls }}
    startTls: {{ .cloud.smtp.startTls }}
-requiredSecrets:
+defaultSecrets:
  - apps.discourse.adminPassword
  - apps.discourse.dbPassword
  - apps.discourse.dbUrl
--- a/apps/ghost/manifest.yaml
+++ b/apps/ghost/manifest.yaml
@@ -24,7 +24,7 @@ defaultConfig:
    port: "{{ .cloud.smtp.port }}"
    from: "{{ .cloud.smtp.from }}"
    user: "{{ .cloud.smtp.user }}"
-requiredSecrets:
+defaultSecrets:
  - apps.ghost.adminPassword
  - apps.ghost.dbPassword
  - apps.ghost.smtpPassword
--- a/apps/gitea/README.md
+++ b/apps/gitea/README.md
@@ -20,7 +20,7 @@ Sensitive configuration is stored in the `gitea-secrets` secret and managed by t
 - `dbPassword` - Database password
 - `smtpPassword` - SMTP authentication password

-Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `requiredSecrets`. The `wild-app-deploy` command automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment.
+Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `defaultSecrets`. The `wild-app-deploy` command automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment.

 ### Persistent Configuration (app.ini)
 Gitea manages its own `app.ini` file on persistent storage for:
@@ -46,7 +46,7 @@ Gitea manages its own `app.ini` file on persistent storage for:

 ### Secret Settings
 1. Edit `secrets.yaml` with your secret values
-2. Ensure the secret key is listed in `manifest.yaml` under `requiredSecrets`
+2. Ensure the secret key is listed in `manifest.yaml` under `defaultSecrets`
 3. Run `wild-app-deploy gitea` - this will automatically update the `gitea-secrets` secret and restart the pod

 ### Web UI Changes
--- a/apps/gitea/manifest.yaml
+++ b/apps/gitea/manifest.yaml
@@ -25,7 +25,7 @@ defaultConfig:
    port: 465
    from: no-reply@{{ .cloud.domain }}
    user: TBD
-requiredSecrets:
+defaultSecrets:
  - apps.gitea.adminPassword
  - apps.gitea.dbPassword
  - apps.gitea.secretKey
--- a/apps/immich/manifest.yaml
+++ b/apps/immich/manifest.yaml
@@ -19,7 +19,7 @@ defaultConfig:
  dbUsername: immich
  domain: immich.{{ .cloud.domain }}
  tlsSecretName: wildcard-wild-cloud-tls
-requiredSecrets:
+defaultSecrets:
  - apps.immich.dbPassword
  - apps.postgres.password
  - apps.redis.password
--- a/apps/keila/manifest.yaml
+++ b/apps/keila/manifest.yaml
@@ -22,7 +22,7 @@ defaultConfig:
    user: "{{ .cloud.smtp.user }}"
    tls: {{ .cloud.smtp.tls }}
    startTls: {{ .cloud.smtp.startTls }}
-requiredSecrets:
+defaultSecrets:
  - apps.keila.secretKeyBase
  - apps.keila.dbPassword
  - apps.keila.dbUrl
--- a/apps/listmonk/manifest.yaml
+++ b/apps/listmonk/manifest.yaml
@@ -14,7 +14,7 @@ defaultConfig:
  dbUser: listmonk
  dbSSLMode: disable
  timezone: UTC
-requiredSecrets:
+defaultSecrets:
  - apps.listmonk.dbPassword
  - apps.listmonk.dbUrl
  - apps.postgres.password
--- a/apps/memcached/manifest.yaml
+++ b/apps/memcached/manifest.yaml
@@ -16,4 +16,4 @@ defaultConfig:
    limits:
      memory: 128Mi
      cpu: 200m
-requiredSecrets: []
+defaultSecrets: []
--- a/apps/mysql/manifest.yaml
+++ b/apps/mysql/manifest.yaml
@@ -12,6 +12,6 @@ defaultConfig:
  user: mysql
  timezone: UTC
  enableSSL: false
-requiredSecrets:
+defaultSecrets:
  - apps.mysql.rootPassword
  - apps.mysql.password
--- a/apps/open-webui/manifest.yaml
+++ b/apps/open-webui/manifest.yaml
@@ -13,5 +13,5 @@ defaultConfig:
  # Authentication settings
  enableAuth: true
  enableSignup: false
-requiredSecrets:
+defaultSecrets:
  - apps.openWebui.secretKey
--- a/apps/openproject/manifest.yaml
+++ b/apps/openproject/manifest.yaml
@@ -27,7 +27,7 @@ defaultConfig:
  tlsSecretName: wildcard-wild-cloud-tls
  cacheStore: memcache
  railsRelativeUrlRoot: ""
-requiredSecrets:
+defaultSecrets:
  - apps.openproject.dbPassword
  - apps.openproject.adminPassword
  - apps.postgres.password
--- a/apps/postgres/manifest.yaml
+++ b/apps/postgres/manifest.yaml
@@ -9,5 +9,5 @@ defaultConfig:
  storage: 10Gi
  image: pgvector/pgvector:pg15
  timezone: UTC
-requiredSecrets:
+defaultSecrets:
  - apps.postgres.password
--- a/apps/redis/manifest.yaml
+++ b/apps/redis/manifest.yaml
@@ -7,5 +7,5 @@ defaultConfig:
  image: redis:alpine
  timezone: UTC
  port: 6379
-requiredSecrets:
+defaultSecrets:
  - apps.redis.password
--- a/apps/vllm/manifest.yaml
+++ b/apps/vllm/manifest.yaml
@@ -18,4 +18,4 @@ defaultConfig:
  gpuCount: 1
  domain: vllm.{{ .cloud.domain }}
  namespace: llm
-requiredSecrets: []
+defaultSecrets: []