change to defaultSecrets

2025-12-30 03:38:39 +00:00
parent 351f58b80d
commit a4db0d0f6a
13 changed files with 55 additions and 55 deletions
--- a/ADDING-APPS.md
+++ b/ADDING-APPS.md
@@ -40,7 +40,7 @@ defaultConfig:
  dbHostname: postgres.postgres.svc.cluster.local
  dbUsername: immich
  domain: immich.{{ .cloud.domain }}
-requiredSecrets:
+defaultSecrets:
  - apps.immich.dbPassword
  - apps.postgres.password
 ```
@@ -55,7 +55,7 @@ requiredSecrets:
 | `icon` | No | URL to app icon for UI display |
 | `requires` | No | List of dependency apps (e.g., `postgres`, `redis`) |
 | `defaultConfig` | Yes | Default configuration values merged into operator's `config.yaml` |
-| `requiredSecrets` | No | List of secrets in dotted-path format (e.g., `apps.appname.dbPassword`) |
+| `defaultSecrets` | No | List of secrets in dotted-path format (e.g., `apps.appname.dbPassword`) |

 **Important:** All configuration keys referenced in templates (via `{{ .apps.appname.key }}`) must be defined in `defaultConfig` or be standard Wild Cloud variables.

@@ -177,7 +177,7 @@ When apps need database URLs with embedded credentials, **always use a dedicated
      key: apps.myapp.dbUrl
 ```

-Add `apps.myapp.dbUrl` to your manifest's `requiredSecrets`, and the system will generate the complete URL with embedded credentials automatically when the app is added.
+Add `apps.myapp.dbUrl` to your manifest's `defaultSecrets`, and the system will generate the complete URL with embedded credentials automatically when the app is added.

 ## Security Requirements

@@ -215,7 +215,7 @@ Secrets use a **full dotted-path naming convention** to prevent naming conflicts

 **In manifest:**
 ```yaml
-requiredSecrets:
+defaultSecrets:
  - apps.myapp.dbPassword
  - apps.postgres.password
 ```
@@ -231,7 +231,7 @@ env:
 ```

 **Secret workflow:**
-1. List secrets in manifest's `requiredSecrets`
+1. List secrets in manifest's `defaultSecrets`
 2. When adding an app, the system generates random values in the instance's `secrets.yaml`
 3. When deploying, the system creates a Kubernetes Secret named `<app-name>-secrets`
 4. Resources reference secrets using full dotted paths
--- a/discourse/manifest.yaml
+++ b/discourse/manifest.yaml
@@ -26,11 +26,11 @@ defaultConfig:
    from: "{{ .cloud.smtp.from }}"
    tls: {{ .cloud.smtp.tls }}
    startTls: {{ .cloud.smtp.startTls }}
-requiredSecrets:
-  - apps.discourse.adminPassword
-  - apps.discourse.dbPassword
-  - apps.discourse.dbUrl
-  - apps.redis.password
-  - apps.discourse.secretKeyBase
-  - apps.discourse.smtpPassword
-  - apps.postgres.password
+defaultSecrets:
+  - - key: apps.discourse.adminPassword
+  - - key: apps.discourse.dbPassword
+  - - key: apps.discourse.dbUrl
+  - - key: apps.redis.password
+  - - key: apps.discourse.secretKeyBase
+  - - key: apps.discourse.smtpPassword
+  - - key: apps.postgres.password
--- a/ghost/manifest.yaml
+++ b/ghost/manifest.yaml
@@ -24,7 +24,7 @@ defaultConfig:
    port: "{{ .cloud.smtp.port }}"
    from: "{{ .cloud.smtp.from }}"
    user: "{{ .cloud.smtp.user }}"
-requiredSecrets:
-  - apps.ghost.adminPassword
-  - apps.ghost.dbPassword
-  - apps.ghost.smtpPassword
+defaultSecrets:
+  - key: apps.ghost.adminPassword
+  - key: apps.ghost.dbPassword
+  - key: apps.ghost.smtpPassword
--- a/gitea/README.md
+++ b/gitea/README.md
@@ -20,7 +20,7 @@ Sensitive configuration is stored in the `gitea-secrets` secret and managed by t
 - `dbPassword` - Database password
 - `smtpPassword` - SMTP authentication password

-Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `requiredSecrets`. When deploying, the system automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment.
+Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `defaultSecrets`. When deploying, the system automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment.

 ### Persistent Configuration (app.ini)
 Gitea manages its own `app.ini` file on persistent storage for:
@@ -46,7 +46,7 @@ Gitea manages its own `app.ini` file on persistent storage for:

 ### Secret Settings
 1. Edit `secrets.yaml` with your secret values
-2. Ensure the secret key is listed in `manifest.yaml` under `requiredSecrets`
+2. Ensure the secret key is listed in `manifest.yaml` under `defaultSecrets`
 3. Deploy the app via the web app, CLI, or API - this will automatically update the `gitea-secrets` secret and restart the pod

 ### Web UI Changes
--- a/gitea/manifest.yaml
+++ b/gitea/manifest.yaml
@@ -21,13 +21,13 @@ defaultConfig:
  timezone: UTC
  runMode: prod
  smtp:
-    host: TBD
-    port: 465
-    from: no-reply@{{ .cloud.domain }}
-    user: TBD
-requiredSecrets:
-  - apps.gitea.adminPassword
-  - apps.gitea.dbPassword
-  - apps.gitea.secretKey
-  - apps.gitea.jwtSecret
-  - apps.gitea.smtpPassword
+    host: "{{ .cloud.smtp.host }}"
+    port: "{{ .cloud.smtp.port }}"
+    user: "{{ .cloud.smtp.user }}"
+    from: "{{ .cloud.smtp.from }}"
+defaultSecrets:
+  - key: apps.gitea.adminPassword
+  - key: apps.gitea.dbPassword
+  - key: apps.gitea.secretKey
+  - key: apps.gitea.jwtSecret
+  - key: apps.gitea.smtpPassword
--- a/immich/manifest.yaml
+++ b/immich/manifest.yaml
@@ -19,7 +19,7 @@ defaultConfig:
  dbUsername: immich
  domain: immich.{{ .cloud.domain }}
  tlsSecretName: wildcard-wild-cloud-tls
-requiredSecrets:
-  - apps.immich.dbPassword
-  - apps.postgres.password
-  - apps.redis.password
+defaultSecrets:
+  - key: apps.immich.dbPassword
+  - key: apps.postgres.password
+  - key: apps.redis.password
--- a/keila/manifest.yaml
+++ b/keila/manifest.yaml
@@ -22,10 +22,10 @@ defaultConfig:
    user: "{{ .cloud.smtp.user }}"
    tls: {{ .cloud.smtp.tls }}
    startTls: {{ .cloud.smtp.startTls }}
-requiredSecrets:
-  - apps.keila.secretKeyBase
-  - apps.keila.dbPassword
-  - apps.keila.dbUrl
-  - apps.keila.adminPassword
-  - apps.keila.smtpPassword
-  - apps.postgres.password
+defaultSecrets:
+  - key: apps.keila.secretKeyBase
+  - key: apps.keila.dbPassword
+  - key: apps.keila.dbUrl
+  - key: apps.keila.adminPassword
+  - key: apps.keila.smtpPassword
+  - key: apps.postgres.password
--- a/listmonk/manifest.yaml
+++ b/listmonk/manifest.yaml
@@ -14,7 +14,7 @@ defaultConfig:
  dbUser: listmonk
  dbSSLMode: disable
  timezone: UTC
-requiredSecrets:
-  - apps.listmonk.dbPassword
-  - apps.listmonk.dbUrl
-  - apps.postgres.password
+defaultSecrets:
+  - key: apps.listmonk.dbPassword
+  - key: apps.listmonk.dbUrl
+  - key: apps.postgres.password
--- a/memcached/manifest.yaml
+++ b/memcached/manifest.yaml
@@ -16,4 +16,4 @@ defaultConfig:
    limits:
      memory: 128Mi
      cpu: 200m
-requiredSecrets: []
+defaultSecrets: []
--- a/mysql/manifest.yaml
+++ b/mysql/manifest.yaml
@@ -12,6 +12,6 @@ defaultConfig:
  user: mysql
  timezone: UTC
  enableSSL: false
-requiredSecrets:
-  - apps.mysql.rootPassword
-  - apps.mysql.password
+defaultSecrets:
+  - key: apps.mysql.rootPassword
+  - key: apps.mysql.password
--- a/open-webui/manifest.yaml
+++ b/open-webui/manifest.yaml
@@ -13,5 +13,5 @@ defaultConfig:
  # Authentication settings
  enableAuth: true
  enableSignup: false
-requiredSecrets:
-  - apps.openWebui.secretKey
+defaultSecrets:
+  - key: apps.openWebui.secretKey
--- a/openproject/manifest.yaml
+++ b/openproject/manifest.yaml
@@ -27,7 +27,7 @@ defaultConfig:
  tlsSecretName: wildcard-wild-cloud-tls
  cacheStore: memcache
  railsRelativeUrlRoot: ""
-requiredSecrets:
-  - apps.openproject.dbPassword
-  - apps.openproject.adminPassword
-  - apps.postgres.password
+defaultSecrets:
+  - key: apps.openproject.dbPassword
+  - key: apps.openproject.adminPassword
+  - key: apps.postgres.password
--- a/vllm/manifest.yaml
+++ b/vllm/manifest.yaml
@@ -18,4 +18,4 @@ defaultConfig:
  gpuCount: 1
  domain: vllm.{{ .cloud.domain }}
  namespace: llm
-requiredSecrets: []
+defaultSecrets: []