tegwick
2a4312643d
- helm/gitea-db-cluster.yaml: cnpg Cluster for Gitea (1 instance, 10Gi, pg16) bootstraps gitea DB from gitea-db-credentials secret in databases namespace - helm/gitea-db-secret.sops.yaml.template: credential secret template (encrypt before use) - Makefile: add db-deploy, db-status, db-shell, db-logs targets; mark pg-deploy legacy - .gitignore: allow *-cluster.yaml (k8s manifests with no secrets) Cluster applied to live cluster. RAIL-HO-WP-0004-T03. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
15 lines
458 B
Plaintext
15 lines
458 B
Plaintext
# Template for the gitea-db-credentials Secret.
|
|
# DO NOT commit this file with real credentials.
|
|
# Encrypt with: sops -e -i helm/gitea-db-secret.sops.yaml
|
|
# Apply with: kubectl apply -f <(sops -d helm/gitea-db-secret.sops.yaml)
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: gitea-db-credentials
|
|
namespace: databases
|
|
type: kubernetes.io/basic-auth
|
|
stringData:
|
|
username: gitea
|
|
password: REPLACE_WITH_PASSWORD # encrypt with SOPS before committing
|