# ============================================================ # 公共 Secret 模板 1:数据库凭证(26 个服务共用) # ============================================================ apiVersion: v1 kind: Secret metadata: name: common-db-credentials namespace: default labels: type: database shared: "true" type: Opaque data: # Base64 编码的凭证 # username: root -> cm9vdA== # password: Fxjxtdacf8f_a3d_202600104d6c_41 db-username: cm9vdA== db-password: RnhqeHRkYWNmOGZfYTNkXzIwMjYwMDEwNGQ2Y180MQ== db-host: cm0tYnAxOXQ5MHQ3dThuNWIwZmgubXlzcWwucmRzLmFsaXl1bmNzLmNvbQ== db-port: MzMwNg== --- # ============================================================ # 公共 Secret 模板 2:Redis 凭证(30+ 个服务共用) # ============================================================ apiVersion: v1 kind: Secret metadata: name: common-redis-credentials namespace: default labels: type: redis shared: "true" type: Opaque data: redis-password: M3NtX3JlZGlz redis-database: MTU= redis-sentinel-master: bXltYXN0ZXI= redis-sentinel-nodes: | cmVkaXMuanhmeC5jb206MjcwMDAKcmVkaXMuanhmeC5jb206MjcwMDAK cmVkaXMuanhmeC5jb206MjcwMDA= --- # ============================================================ # 公共 Secret 模板 3:RabbitMQ 凭证(20+ 个服务共用) # ============================================================ apiVersion: v1 kind: Secret metadata: name: common-rabbitmq-credentials namespace: default labels: type: rabbitmq shared: "true" type: Opaque data: rabbitmq-username: Z3Vlc3Q= rabbitmq-password: Z3Vlc3Q= rabbitmq-host: bXEuYmFrLmNvbQ== rabbitmq-port: NTY3Mg== --- # ============================================================ # 公共 Secret 模板 4:微信凭证(5 个服务共用) # ============================================================ apiVersion: v1 kind: Secret metadata: name: wechat-credentials namespace: default labels: type: wechat shared: "true" type: Opaque data: # 门店相关 store-app-id: d3hjMDZjNTdkMzFhOTI2MTIy store-app-secret: MTFhMjVjMjYzZWQ0ZGNmN2RlYTllZjM2MzdkOTUyZjc= # 商户相关 merchant-app-id: d3g0Y2M2NDQyODlkZjMyZWJh merchant-app-secret: NzNmNTcwNGMxOGU0OTc5MjJlZTMxMWYwN2JmNDE3M2M= # 代卖相关 buy-app-id: d3gyZjdjYzE3ODQ0M2YzM2M0 buy-app-secret: OTdjNGY4YmJlOTQ0MmIxZDNhNWNiMDc1YjZiMmVlNmQ= # AI宝相关 aibao-app-id: d3gxY2M0OGM5YjdjMWJmNmYy aibao-app-secret: MGEyNDM0ZjIyOTIyYTNjOTViZWJhYjczMWYyMGIyN2Q= --- # ============================================================ # 公共 Secret 模板 5:Nacos 凭证(2 个服务) # ============================================================ apiVersion: v1 kind: Secret metadata: name: nacos-credentials namespace: default labels: type: nacos shared: "true" type: Opaque data: nacos-username: bmFjb3M= nacos-password: bmFjb3M= nacos-server-address: bmFjb3MuYmFrLmNvbQ== nacos-port: ODg0OA== --- # ============================================================ # 公共 Secret 模板 6:Seata 凭证(分布式事务) # ============================================================ apiVersion: v1 kind: Secret metadata: name: seata-credentials namespace: default labels: type: seata shared: "true" type: Opaque data: seata-username: bmFjb3M= seata-password: bmFjb3M= seata-server-address: bmFjb3MuYmFrLmNvbTg4NDg= --- # ============================================================ # 公共 Secret 模板 7:MongoDB 凭证(2-3 个服务) # ============================================================ apiVersion: v1 kind: Secret metadata: name: mongodb-credentials namespace: default labels: type: mongodb shared: "true" type: Opaque data: mongodb-username: cm9vdA== mongodb-password: MTIzNDU2 mongodb-host: bWcuYmFrLmNvbQ== mongodb-port: MjcwMTc= mongodb-database: cmVjeWNsZQ== --- # ============================================================ # ConfigMap 生成提示 # ============================================================ # 对于每个服务的 ConfigMap,模板如下: # # apiVersion: v1 # kind: ConfigMap # metadata: # name: [service-name]-config # namespace: default # labels: # app: [service-name] # config-type: public # data: # application.yml: | # server: # port: [port-number] # spring: # application: # name: [service-name] # # 其他非敏感配置... # redis: # sentinel: # master: mymaster # nodes: # - redis.jxfx1.com:27000 # - redis.jxfx2.com:27000 # - redis.jxfx3.com:27000 # password: ${REDIS_PASSWORD} # 从 Secret 注入 # database: ${REDIS_DATABASE} # 从 Secret 注入 # datasource: # url: jdbc:mysql://[host]/[database] # username: ${DB_USERNAME} # 从 Secret 注入 # password: ${DB_PASSWORD} # 从 Secret 注入 --- # ============================================================ # Deployment 环境变量注入示例 # ============================================================ # 在 Deployment 中参考如下方式注入 Secret 值: # # env: # # 从数据库 Secret 注入 # - name: DB_USERNAME # valueFrom: # secretKeyRef: # name: common-db-credentials # key: db-username # - name: DB_PASSWORD # valueFrom: # secretKeyRef: # name: common-db-credentials # key: db-password # - name: DB_HOST # valueFrom: # secretKeyRef: # name: common-db-credentials # key: db-host # # # 从 Redis Secret 注入 # - name: REDIS_PASSWORD # valueFrom: # secretKeyRef: # name: common-redis-credentials # key: redis-password # - name: REDIS_DATABASE # valueFrom: # secretKeyRef: # name: common-redis-credentials # key: redis-database # # # 从 RabbitMQ Secret 注入 # - name: RABBITMQ_USERNAME # valueFrom: # secretKeyRef: # name: common-rabbitmq-credentials # key: rabbitmq-username # - name: RABBITMQ_PASSWORD # valueFrom: # secretKeyRef: # name: common-rabbitmq-credentials # key: rabbitmq-password # # # 从微信 Secret 注入 # - name: WECHAT_STORE_APP_SECRET # valueFrom: # secretKeyRef: # name: wechat-credentials # key: store-app-secret