-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecret.yaml
More file actions
101 lines (86 loc) · 4.51 KB
/
secret.yaml
File metadata and controls
101 lines (86 loc) · 4.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# =============================================================================
# Git-Bridge Secret Example
# =============================================================================
#
# Contains all credentials injected as environment variables into the pod.
# Values here are referenced by ${ENV_VAR} syntax in config.yaml.
#
# Naming convention: <TYPE>_<NAME>_<FIELD>
# - AWS services (CodeCommit, SQS): geographic NAME — EU, US, AP
# - Platform services (GitLab, GitHub): descriptive NAME — MAIN, SECONDARY
# - NAME is free-form — use any identifier that fits your setup
#
# See docs/naming-convention.md for the full guide.
#
# IMPORTANT: Replace all placeholder values with your actual credentials
# before applying to your cluster.
# =============================================================================
apiVersion: v1
kind: Secret
metadata:
name: git-bridge-secret
namespace: git-bridge
type: Opaque
stringData:
# ---------------------------------------------------------------------------
# CodeCommit Provider — geographic naming (AWS region-based)
# ---------------------------------------------------------------------------
# Generate Git credentials: AWS Console > IAM > Users > Security credentials
# > HTTPS Git credentials for AWS CodeCommit > Generate credentials
# EU region
CODECOMMIT_EU_REGION: "eu-central-1"
CODECOMMIT_EU_GIT_USERNAME: "<your-codecommit-eu-git-username>"
CODECOMMIT_EU_GIT_PASSWORD: "<your-codecommit-eu-git-password>"
# US region (uncomment to add multi-region)
# CODECOMMIT_US_REGION: "us-east-1"
# CODECOMMIT_US_GIT_USERNAME: "<your-codecommit-us-git-username>"
# CODECOMMIT_US_GIT_PASSWORD: "<your-codecommit-us-git-password>"
# ---------------------------------------------------------------------------
# GitLab Provider — descriptive naming (instance-based)
# ---------------------------------------------------------------------------
# Create token: GitLab > User Settings > Access Tokens
# > Scopes: api (or read_repository + write_repository)
# Main instance
GITLAB_MAIN_BASE_URL: "https://gitlab.example.com"
GITLAB_MAIN_TOKEN: "<your-gitlab-personal-access-token>"
# Secondary instance (uncomment to add)
# GITLAB_SECONDARY_BASE_URL: "https://gitlab-staging.example.com"
# GITLAB_SECONDARY_TOKEN: "<your-gitlab-secondary-token>"
# ---------------------------------------------------------------------------
# GitHub Provider — descriptive naming (instance-based)
# ---------------------------------------------------------------------------
# Create token: GitHub > Settings > Developer settings > Personal access tokens
# > Scopes: repo (Full control of private repositories)
# Main account
GITHUB_MAIN_TOKEN: "<your-github-personal-access-token>"
# Secondary account (uncomment to add)
# GITHUB_SECONDARY_TOKEN: "<your-github-secondary-token>"
# ---------------------------------------------------------------------------
# SQS Consumer — geographic naming (AWS region-based)
# ---------------------------------------------------------------------------
# SQS queue receives CodeCommit events via EventBridge rule.
# Create IAM user with SQS read/delete permissions for the target queue.
# EU region
SQS_EU_QUEUE_URL: "https://sqs.eu-central-1.amazonaws.com/123456789012/codecommit-mirror"
SQS_EU_REGION: "eu-central-1"
SQS_EU_ACCESS_KEY: "<your-aws-access-key>"
SQS_EU_SECRET_KEY: "<your-aws-secret-key>"
# US region (uncomment to add multi-region)
# SQS_US_QUEUE_URL: "https://sqs.us-east-1.amazonaws.com/123456789012/codecommit-mirror"
# SQS_US_REGION: "us-east-1"
# SQS_US_ACCESS_KEY: "<your-aws-access-key>"
# SQS_US_SECRET_KEY: "<your-aws-secret-key>"
# ---------------------------------------------------------------------------
# Webhook Secrets
# ---------------------------------------------------------------------------
# Used to verify incoming webhook requests.
# Set the same value in GitLab/GitHub webhook configuration.
# Leave empty to skip verification (not recommended for production).
WEBHOOK_GITLAB_SECRET: "<your-gitlab-webhook-secret>" # X-Gitlab-Token
WEBHOOK_GITHUB_SECRET: "<your-github-webhook-secret>" # HMAC-SHA256
# ---------------------------------------------------------------------------
# Notification
# ---------------------------------------------------------------------------
# Slack incoming webhook URL for sync notifications.
# Leave empty to disable.
SLACK_WEBHOOK_URL: "https://hooks.slack.com/services/T.../B.../..."