refactor(devsvc): enhance secret management in values.yaml

- Removed hardcoded sensitive configurations (Gitea token, MongoDB URI, RabbitMQ password, and default Git password) from the values.yaml file. - Introduced a structured secrets section to reference these sensitive values from FreeleapsSecretStore, improving security and maintainability. - This change continues the effort to centralize and secure sensitive information management across the application. Signed-off-by: zhenyus <zhenyus@mathmast.com>
2025-08-18 16:33:42 +08:00 · 2025-08-18 16:33:42 +08:00 · df862dfa39
commit df862dfa39
parent 6584ab12c5
1 changed files with 29 additions and 10 deletions
--- a/freeleaps/helm-pkg/devsvc/values.yaml
+++ b/freeleaps/helm-pkg/devsvc/values.yaml
@ -58,10 +58,6 @@ devsvc:
    serviceApiAccessPort: "8013"
    # MONGODB_NAME
    mongodbName: ""
-    # MONGODB_URI
-    mongodbUri: ""
-    # GITEA_TOKEN
-    giteaToken: ""
    # GITEA_URL
    giteaUrl: ""
    # GITEA_DEPOT_ORGANIZATION
@ -82,22 +78,45 @@ devsvc:
    rabbitmqPort: ""
    # RABBITMQ_USERNAME
    rabbitmqUsername: ""
-    # RABBITMQ_PASSWORD
-    rabbitmqPassword: ""
    # RABBITMQ_VIRTUAL_HOST
    rabbitmqVirtualHost: ""
    # DEFAULT_GIT_USERNAME
    defaultGitUsername: ""
-    # DEFAULT_GIT_PASSWORD
-    defaultGitPassword: ""
    # DEVOPS_DOCKER_REGISTRY_URL
    devopsDockerRegistryUrl: ""
    # DEVOPS_DOCKER_REGISTRY_REPOSITORY_NAME
    devopsDockerRegistryRepositoryName: ""
    # DEVOPS_DOCKER_REGISTRY_USERNAME
    devopsDockerRegistryUsername: ""
-    # DEVOPS_DOCKER_REGISTRY_PASSWORD
-    devopsDockerRegistryPassword: ""
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-devsvc-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: giteaToken
+        remoteRef:
+          key: "freeleaps-alpha-gitea-token"
+          type: Secret
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-alpha-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-alpha-rabbitmq-password"
+          type: Secret
+      - key: defaultGitPassword
+        remoteRef:
+          key: "freeleaps-alpha-gitea-password"
+          type: Secret
+      - key: devopsDockerRegistryPassword
+        remoteRef:
+          key: "freeleaps-alpha-devops-docker-registry-password"
+          type: Secret
  vpa:
    minAllowed:
      enabled: false