microservice-helm/secret-templates-common.yaml

# ============================================================
# 公共 Secret 模板 1：数据库凭证（26 个服务共用）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: common-db-credentials
  namespace: default
  labels:
    type: database
    shared: "true"
type: Opaque
data:
  # Base64 编码的凭证
  # username: root -> cm9vdA==
  # password: Fxjxtdacf8f_a3d_202600104d6c_41
  db-username: cm9vdA==
  db-password: RnhqeHRkYWNmOGZfYTNkXzIwMjYwMDEwNGQ2Y180MQ==
  db-host: cm0tYnAxOXQ5MHQ3dThuNWIwZmgubXlzcWwucmRzLmFsaXl1bmNzLmNvbQ==
  db-port: MzMwNg==

---
# ============================================================
# 公共 Secret 模板 2：Redis 凭证（30+ 个服务共用）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: common-redis-credentials
  namespace: default
  labels:
    type: redis
    shared: "true"
type: Opaque
data:
  redis-password: M3NtX3JlZGlz
  redis-database: MTU=
  redis-sentinel-master: bXltYXN0ZXI=
  redis-sentinel-nodes: |
    cmVkaXMuanhmeC5jb206MjcwMDAKcmVkaXMuanhmeC5jb206MjcwMDAK
    cmVkaXMuanhmeC5jb206MjcwMDA=

---
# ============================================================
# 公共 Secret 模板 3：RabbitMQ 凭证（20+ 个服务共用）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: common-rabbitmq-credentials
  namespace: default
  labels:
    type: rabbitmq
    shared: "true"
type: Opaque
data:
  rabbitmq-username: Z3Vlc3Q=
  rabbitmq-password: Z3Vlc3Q=
  rabbitmq-host: bXEuYmFrLmNvbQ==
  rabbitmq-port: NTY3Mg==

---
# ============================================================
# 公共 Secret 模板 4：微信凭证（5 个服务共用）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: wechat-credentials
  namespace: default
  labels:
    type: wechat
    shared: "true"
type: Opaque
data:
  # 门店相关
  store-app-id: d3hjMDZjNTdkMzFhOTI2MTIy
  store-app-secret: MTFhMjVjMjYzZWQ0ZGNmN2RlYTllZjM2MzdkOTUyZjc=
  
  # 商户相关
  merchant-app-id: d3g0Y2M2NDQyODlkZjMyZWJh
  merchant-app-secret: NzNmNTcwNGMxOGU0OTc5MjJlZTMxMWYwN2JmNDE3M2M=
  
  # 代卖相关
  buy-app-id: d3gyZjdjYzE3ODQ0M2YzM2M0
  buy-app-secret: OTdjNGY4YmJlOTQ0MmIxZDNhNWNiMDc1YjZiMmVlNmQ=
  
  # AI宝相关
  aibao-app-id: d3gxY2M0OGM5YjdjMWJmNmYy
  aibao-app-secret: MGEyNDM0ZjIyOTIyYTNjOTViZWJhYjczMWYyMGIyN2Q=

---
# ============================================================
# 公共 Secret 模板 5：Nacos 凭证（2 个服务）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: nacos-credentials
  namespace: default
  labels:
    type: nacos
    shared: "true"
type: Opaque
data:
  nacos-username: bmFjb3M=
  nacos-password: bmFjb3M=
  nacos-server-address: bmFjb3MuYmFrLmNvbQ==
  nacos-port: ODg0OA==

---
# ============================================================
# 公共 Secret 模板 6：Seata 凭证（分布式事务）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: seata-credentials
  namespace: default
  labels:
    type: seata
    shared: "true"
type: Opaque
data:
  seata-username: bmFjb3M=
  seata-password: bmFjb3M=
  seata-server-address: bmFjb3MuYmFrLmNvbTg4NDg=

---
# ============================================================
# 公共 Secret 模板 7：MongoDB 凭证（2-3 个服务）
# ============================================================
apiVersion: v1
kind: Secret
metadata:
  name: mongodb-credentials
  namespace: default
  labels:
    type: mongodb
    shared: "true"
type: Opaque
data:
  mongodb-username: cm9vdA==
  mongodb-password: MTIzNDU2
  mongodb-host: bWcuYmFrLmNvbQ==
  mongodb-port: MjcwMTc=
  mongodb-database: cmVjeWNsZQ==

---
# ============================================================
# ConfigMap 生成提示
# ============================================================
# 对于每个服务的 ConfigMap，模板如下：
#
# apiVersion: v1
# kind: ConfigMap
# metadata:
#   name: [service-name]-config
#   namespace: default
#   labels:
#     app: [service-name]
#     config-type: public
# data:
#   application.yml: |
#     server:
#       port: [port-number]
#     spring:
#       application:
#         name: [service-name]
#       # 其他非敏感配置...
#       redis:
#         sentinel:
#           master: mymaster
#           nodes:
#             - redis.jxfx1.com:27000
#             - redis.jxfx2.com:27000
#             - redis.jxfx3.com:27000
#         password: ${REDIS_PASSWORD}  # 从 Secret 注入
#         database: ${REDIS_DATABASE}  # 从 Secret 注入
#       datasource:
#         url: jdbc:mysql://[host]/[database]
#         username: ${DB_USERNAME}     # 从 Secret 注入
#         password: ${DB_PASSWORD}     # 从 Secret 注入

---
# ============================================================
# Deployment 环境变量注入示例
# ============================================================
# 在 Deployment 中参考如下方式注入 Secret 值：
#
# env:
# # 从数据库 Secret 注入
# - name: DB_USERNAME
#   valueFrom:
#     secretKeyRef:
#       name: common-db-credentials
#       key: db-username
# - name: DB_PASSWORD
#   valueFrom:
#     secretKeyRef:
#       name: common-db-credentials
#       key: db-password
# - name: DB_HOST
#   valueFrom:
#     secretKeyRef:
#       name: common-db-credentials
#       key: db-host
#
# # 从 Redis Secret 注入
# - name: REDIS_PASSWORD
#   valueFrom:
#     secretKeyRef:
#       name: common-redis-credentials
#       key: redis-password
# - name: REDIS_DATABASE
#   valueFrom:
#     secretKeyRef:
#       name: common-redis-credentials
#       key: redis-database
#
# # 从 RabbitMQ Secret 注入
# - name: RABBITMQ_USERNAME
#   valueFrom:
#     secretKeyRef:
#       name: common-rabbitmq-credentials
#       key: rabbitmq-username
# - name: RABBITMQ_PASSWORD
#   valueFrom:
#     secretKeyRef:
#       name: common-rabbitmq-credentials
#       key: rabbitmq-password
#
# # 从微信 Secret 注入
# - name: WECHAT_STORE_APP_SECRET
#   valueFrom:
#     secretKeyRef:
#       name: wechat-credentials
#       key: store-app-secret