# EN: Kubernetes Secrets Template for GoodGo Production # VI: Template Secrets Kubernetes cho GoodGo Production # # DO NOT commit actual secrets to Git. # Use this as a template to create secrets via kubectl or sealed-secrets. # # ============================================================================= # Option 1: Create secrets using kubectl (manual) # ============================================================================= # # kubectl create secret generic goodgo-secrets \ # --from-literal=Jwt__Secret='your-production-jwt-secret-min-64-chars-strong-random' \ # --from-literal=Jwt__RefreshSecret='your-production-refresh-secret-min-64-chars-strong-random' \ # --from-literal=IdentityServer__IssuerUri='https://api.goodgo.vn' \ # --from-literal=IAM_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/iam_production?sslmode=require&pgbouncer=true' \ # --from-literal=MERCHANT_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/merchant_production?sslmode=require&pgbouncer=true' \ # --from-literal=ORDER_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/order_production?sslmode=require&pgbouncer=true' \ # --from-literal=FNB_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/fnb_production?sslmode=require&pgbouncer=true' \ # --from-literal=INVENTORY_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/inventory_production?sslmode=require&pgbouncer=true' \ # --from-literal=WALLET_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/wallet_production?sslmode=require&pgbouncer=true' \ # --from-literal=CATALOG_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/catalog_production?sslmode=require&pgbouncer=true' \ # --from-literal=BOOKING_DATABASE_URL='postgresql://user:pass@ep-xxx.region.neon.tech/booking_production?sslmode=require&pgbouncer=true' \ # --from-literal=Redis__Password='your-strong-redis-password' \ # --from-literal=ConnectionStrings__Redis='redis:6379,password=your-strong-redis-password,abortConnect=false' \ # --from-literal=Storage__MinIO__Endpoint='minio.goodgo.vn' \ # --from-literal=Storage__MinIO__AccessKey='your-minio-access-key' \ # --from-literal=Storage__MinIO__SecretKey='your-minio-secret-key' \ # --from-literal=RabbitMQ__Host='rabbitmq' \ # --from-literal=RabbitMQ__Username='goodgo' \ # --from-literal=RabbitMQ__Password='your-strong-rabbitmq-password' \ # -n production # # ============================================================================= # Option 2: Use GitHub Secrets in CI/CD (for automated deployments) # ============================================================================= # # Required GitHub Secrets: # - KUBECONFIG_PRODUCTION (base64 encoded kubeconfig) # - DOCKER_USERNAME / DOCKER_PASSWORD # - NEON_IAM_DATABASE_URL_PRODUCTION # - NEON_MERCHANT_DATABASE_URL_PRODUCTION # - NEON_ORDER_DATABASE_URL_PRODUCTION # - NEON_FNB_DATABASE_URL_PRODUCTION # - NEON_INVENTORY_DATABASE_URL_PRODUCTION # - NEON_WALLET_DATABASE_URL_PRODUCTION # - NEON_CATALOG_DATABASE_URL_PRODUCTION # - NEON_BOOKING_DATABASE_URL_PRODUCTION # - JWT_SECRET_PRODUCTION # - JWT_REFRESH_SECRET_PRODUCTION # - REDIS_PASSWORD_PRODUCTION # - MINIO_ACCESS_KEY_PRODUCTION # - MINIO_SECRET_KEY_PRODUCTION # - RABBITMQ_PASSWORD_PRODUCTION # # ============================================================================= # Option 3: Use sealed-secrets or external-secrets operator (RECOMMENDED for production) # ============================================================================= # # Install sealed-secrets controller: # kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.5/controller.yaml # # Create sealed secret: # kubeseal --format yaml < secret.yaml > sealed-secret.yaml # kubectl apply -f sealed-secret.yaml