diff --git a/ADDING-APPS.md b/ADDING-APPS.md index cb9ae72..4ce041c 100644 --- a/ADDING-APPS.md +++ b/ADDING-APPS.md @@ -40,7 +40,7 @@ defaultConfig: dbHostname: postgres.postgres.svc.cluster.local dbUsername: immich domain: immich.{{ .cloud.domain }} -requiredSecrets: +defaultSecrets: - apps.immich.dbPassword - apps.postgres.password ``` @@ -55,7 +55,7 @@ requiredSecrets: | `icon` | No | URL to app icon for UI display | | `requires` | No | List of dependency apps (e.g., `postgres`, `redis`) | | `defaultConfig` | Yes | Default configuration values merged into operator's `config.yaml` | -| `requiredSecrets` | No | List of secrets in dotted-path format (e.g., `apps.appname.dbPassword`) | +| `defaultSecrets` | No | List of secrets in dotted-path format (e.g., `apps.appname.dbPassword`) | **Important:** All configuration keys referenced in templates (via `{{ .apps.appname.key }}`) must be defined in `defaultConfig` or be standard Wild Cloud variables. @@ -177,7 +177,7 @@ When apps need database URLs with embedded credentials, **always use a dedicated key: apps.myapp.dbUrl ``` -Add `apps.myapp.dbUrl` to your manifest's `requiredSecrets`, and the system will generate the complete URL with embedded credentials automatically when the app is added. +Add `apps.myapp.dbUrl` to your manifest's `defaultSecrets`, and the system will generate the complete URL with embedded credentials automatically when the app is added. ## Security Requirements @@ -215,7 +215,7 @@ Secrets use a **full dotted-path naming convention** to prevent naming conflicts **In manifest:** ```yaml -requiredSecrets: +defaultSecrets: - apps.myapp.dbPassword - apps.postgres.password ``` @@ -231,7 +231,7 @@ env: ``` **Secret workflow:** -1. List secrets in manifest's `requiredSecrets` +1. List secrets in manifest's `defaultSecrets` 2. When adding an app, the system generates random values in the instance's `secrets.yaml` 3. When deploying, the system creates a Kubernetes Secret named `-secrets` 4. Resources reference secrets using full dotted paths diff --git a/discourse/manifest.yaml b/discourse/manifest.yaml index 1ab50a2..f1e1fe7 100644 --- a/discourse/manifest.yaml +++ b/discourse/manifest.yaml @@ -26,11 +26,11 @@ defaultConfig: from: "{{ .cloud.smtp.from }}" tls: {{ .cloud.smtp.tls }} startTls: {{ .cloud.smtp.startTls }} -requiredSecrets: - - apps.discourse.adminPassword - - apps.discourse.dbPassword - - apps.discourse.dbUrl - - apps.redis.password - - apps.discourse.secretKeyBase - - apps.discourse.smtpPassword - - apps.postgres.password \ No newline at end of file +defaultSecrets: + - - key: apps.discourse.adminPassword + - - key: apps.discourse.dbPassword + - - key: apps.discourse.dbUrl + - - key: apps.redis.password + - - key: apps.discourse.secretKeyBase + - - key: apps.discourse.smtpPassword + - - key: apps.postgres.password \ No newline at end of file diff --git a/ghost/manifest.yaml b/ghost/manifest.yaml index 8a27a2b..8adbb52 100644 --- a/ghost/manifest.yaml +++ b/ghost/manifest.yaml @@ -24,7 +24,7 @@ defaultConfig: port: "{{ .cloud.smtp.port }}" from: "{{ .cloud.smtp.from }}" user: "{{ .cloud.smtp.user }}" -requiredSecrets: - - apps.ghost.adminPassword - - apps.ghost.dbPassword - - apps.ghost.smtpPassword \ No newline at end of file +defaultSecrets: + - key: apps.ghost.adminPassword + - key: apps.ghost.dbPassword + - key: apps.ghost.smtpPassword \ No newline at end of file diff --git a/gitea/README.md b/gitea/README.md index f42fc75..6268ca9 100644 --- a/gitea/README.md +++ b/gitea/README.md @@ -20,7 +20,7 @@ Sensitive configuration is stored in the `gitea-secrets` secret and managed by t - `dbPassword` - Database password - `smtpPassword` - SMTP authentication password -Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `requiredSecrets`. When deploying, the system automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment. +Secrets are defined in `secrets.yaml` and listed in `manifest.yaml` under `defaultSecrets`. When deploying, the system automatically ensures all required secrets exist in the `gitea-secrets` secret before deployment. ### Persistent Configuration (app.ini) Gitea manages its own `app.ini` file on persistent storage for: @@ -46,7 +46,7 @@ Gitea manages its own `app.ini` file on persistent storage for: ### Secret Settings 1. Edit `secrets.yaml` with your secret values -2. Ensure the secret key is listed in `manifest.yaml` under `requiredSecrets` +2. Ensure the secret key is listed in `manifest.yaml` under `defaultSecrets` 3. Deploy the app via the web app, CLI, or API - this will automatically update the `gitea-secrets` secret and restart the pod ### Web UI Changes diff --git a/gitea/manifest.yaml b/gitea/manifest.yaml index ac5b58a..d1efb54 100644 --- a/gitea/manifest.yaml +++ b/gitea/manifest.yaml @@ -21,13 +21,13 @@ defaultConfig: timezone: UTC runMode: prod smtp: - host: TBD - port: 465 - from: no-reply@{{ .cloud.domain }} - user: TBD -requiredSecrets: - - apps.gitea.adminPassword - - apps.gitea.dbPassword - - apps.gitea.secretKey - - apps.gitea.jwtSecret - - apps.gitea.smtpPassword + host: "{{ .cloud.smtp.host }}" + port: "{{ .cloud.smtp.port }}" + user: "{{ .cloud.smtp.user }}" + from: "{{ .cloud.smtp.from }}" +defaultSecrets: + - key: apps.gitea.adminPassword + - key: apps.gitea.dbPassword + - key: apps.gitea.secretKey + - key: apps.gitea.jwtSecret + - key: apps.gitea.smtpPassword diff --git a/immich/manifest.yaml b/immich/manifest.yaml index 6a3a397..e21bc0a 100644 --- a/immich/manifest.yaml +++ b/immich/manifest.yaml @@ -19,7 +19,7 @@ defaultConfig: dbUsername: immich domain: immich.{{ .cloud.domain }} tlsSecretName: wildcard-wild-cloud-tls -requiredSecrets: - - apps.immich.dbPassword - - apps.postgres.password - - apps.redis.password +defaultSecrets: + - key: apps.immich.dbPassword + - key: apps.postgres.password + - key: apps.redis.password diff --git a/keila/manifest.yaml b/keila/manifest.yaml index 7b52dfb..1ed7870 100644 --- a/keila/manifest.yaml +++ b/keila/manifest.yaml @@ -22,10 +22,10 @@ defaultConfig: user: "{{ .cloud.smtp.user }}" tls: {{ .cloud.smtp.tls }} startTls: {{ .cloud.smtp.startTls }} -requiredSecrets: - - apps.keila.secretKeyBase - - apps.keila.dbPassword - - apps.keila.dbUrl - - apps.keila.adminPassword - - apps.keila.smtpPassword - - apps.postgres.password \ No newline at end of file +defaultSecrets: + - key: apps.keila.secretKeyBase + - key: apps.keila.dbPassword + - key: apps.keila.dbUrl + - key: apps.keila.adminPassword + - key: apps.keila.smtpPassword + - key: apps.postgres.password \ No newline at end of file diff --git a/listmonk/manifest.yaml b/listmonk/manifest.yaml index cf6d907..09bb9dd 100644 --- a/listmonk/manifest.yaml +++ b/listmonk/manifest.yaml @@ -14,7 +14,7 @@ defaultConfig: dbUser: listmonk dbSSLMode: disable timezone: UTC -requiredSecrets: - - apps.listmonk.dbPassword - - apps.listmonk.dbUrl - - apps.postgres.password \ No newline at end of file +defaultSecrets: + - key: apps.listmonk.dbPassword + - key: apps.listmonk.dbUrl + - key: apps.postgres.password \ No newline at end of file diff --git a/memcached/manifest.yaml b/memcached/manifest.yaml index 57ed9f9..b1fba9e 100644 --- a/memcached/manifest.yaml +++ b/memcached/manifest.yaml @@ -16,4 +16,4 @@ defaultConfig: limits: memory: 128Mi cpu: 200m -requiredSecrets: [] \ No newline at end of file +defaultSecrets: [] \ No newline at end of file diff --git a/mysql/manifest.yaml b/mysql/manifest.yaml index ceaa2cd..b5efbdf 100644 --- a/mysql/manifest.yaml +++ b/mysql/manifest.yaml @@ -12,6 +12,6 @@ defaultConfig: user: mysql timezone: UTC enableSSL: false -requiredSecrets: - - apps.mysql.rootPassword - - apps.mysql.password \ No newline at end of file +defaultSecrets: + - key: apps.mysql.rootPassword + - key: apps.mysql.password \ No newline at end of file diff --git a/open-webui/manifest.yaml b/open-webui/manifest.yaml index 4076741..6cd78dd 100644 --- a/open-webui/manifest.yaml +++ b/open-webui/manifest.yaml @@ -13,5 +13,5 @@ defaultConfig: # Authentication settings enableAuth: true enableSignup: false -requiredSecrets: - - apps.openWebui.secretKey \ No newline at end of file +defaultSecrets: + - key: apps.openWebui.secretKey \ No newline at end of file diff --git a/openproject/manifest.yaml b/openproject/manifest.yaml index 9ba646f..fa2248f 100644 --- a/openproject/manifest.yaml +++ b/openproject/manifest.yaml @@ -27,7 +27,7 @@ defaultConfig: tlsSecretName: wildcard-wild-cloud-tls cacheStore: memcache railsRelativeUrlRoot: "" -requiredSecrets: - - apps.openproject.dbPassword - - apps.openproject.adminPassword - - apps.postgres.password +defaultSecrets: + - key: apps.openproject.dbPassword + - key: apps.openproject.adminPassword + - key: apps.postgres.password diff --git a/vllm/manifest.yaml b/vllm/manifest.yaml index 1ab8ffd..89d88fb 100644 --- a/vllm/manifest.yaml +++ b/vllm/manifest.yaml @@ -18,4 +18,4 @@ defaultConfig: gpuCount: 1 domain: vllm.{{ .cloud.domain }} namespace: llm -requiredSecrets: [] \ No newline at end of file +defaultSecrets: [] \ No newline at end of file