Refactoring
This commit is contained in:
dahoud
@@ -6,8 +6,175 @@ metadata:
|
||||
labels:
|
||||
app: afterwork-api
|
||||
component: secrets
|
||||
environment: production
|
||||
project: lions-infrastructure-2025
|
||||
type: Opaque
|
||||
stringData:
|
||||
# Base de données PostgreSQL
|
||||
# Pattern cohérent avec unionflow et btpxpress
|
||||
# ==============================================================================
|
||||
# BASE DE DONNÉES PostgreSQL
|
||||
# ==============================================================================
|
||||
# Utilise le PostgreSQL de l'infrastructure Lions
|
||||
# postgresql-service.postgresql.svc.cluster.local:5432
|
||||
DB_PASSWORD: "AfterWork2025!"
|
||||
|
||||
# ==============================================================================
|
||||
# JWT / SÉCURITÉ
|
||||
# ==============================================================================
|
||||
# Clé secrète JWT (minimum 32 caractères, aléatoire)
|
||||
# Générer avec: openssl rand -base64 32
|
||||
JWT_SECRET: "AfterWorkJWTSecret2025LionsInfrastructureKey"
|
||||
|
||||
# ==============================================================================
|
||||
# COMPTE ADMINISTRATEUR INITIAL
|
||||
# ==============================================================================
|
||||
ADMIN_EMAIL: "admin@afterwork.ci"
|
||||
ADMIN_PASSWORD: "AdminAfterWork2025!"
|
||||
|
||||
# ==============================================================================
|
||||
# SERVICE EMAIL (SMTP)
|
||||
# ==============================================================================
|
||||
# Configuration Gmail ou autre SMTP
|
||||
MAILER_USERNAME: "noreply@afterwork.ci"
|
||||
MAILER_PASSWORD: "CHANGEZ_MOI_SMTP_PASSWORD"
|
||||
|
||||
# ==============================================================================
|
||||
# WAVE PAYMENT (Intégration paiement)
|
||||
# ==============================================================================
|
||||
WAVE_API_KEY: "CHANGEZ_MOI_WAVE_API_KEY"
|
||||
WAVE_SECRET: "CHANGEZ_MOI_WAVE_SECRET"
|
||||
|
||||
---
|
||||
# ==============================================================================
|
||||
# CONFIGMAP POUR CONFIGURATION NON-SENSIBLE
|
||||
# ==============================================================================
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: afterwork-config
|
||||
namespace: applications
|
||||
labels:
|
||||
app: afterwork-api
|
||||
component: configuration
|
||||
environment: production
|
||||
project: lions-infrastructure-2025
|
||||
data:
|
||||
# ==============================================================================
|
||||
# BASE DE DONNÉES - Lions PostgreSQL
|
||||
# ==============================================================================
|
||||
DB_HOST: "postgresql-service.postgresql.svc.cluster.local"
|
||||
DB_PORT: "5432"
|
||||
DB_NAME: "mic-after-work-server-impl-quarkus-main"
|
||||
DB_USERNAME: "lionsuser"
|
||||
|
||||
# ==============================================================================
|
||||
# QUARKUS
|
||||
# ==============================================================================
|
||||
QUARKUS_PROFILE: "prod"
|
||||
QUARKUS_LOG_LEVEL: "INFO"
|
||||
QUARKUS_LOG_CONSOLE_JSON: "true"
|
||||
|
||||
# ==============================================================================
|
||||
# JWT
|
||||
# ==============================================================================
|
||||
JWT_LIFESPAN: "86400"
|
||||
JWT_ISSUER: "afterwork-api"
|
||||
|
||||
# ==============================================================================
|
||||
# KAFKA - Lions Infrastructure
|
||||
# ==============================================================================
|
||||
# Utilise le Kafka déployé dans le namespace kafka
|
||||
KAFKA_BOOTSTRAP_SERVERS: "kafka-service.kafka.svc.cluster.local:9092"
|
||||
|
||||
# ==============================================================================
|
||||
# EMAIL (SMTP)
|
||||
# ==============================================================================
|
||||
MAILER_HOST: "smtp.gmail.com"
|
||||
MAILER_PORT: "587"
|
||||
MAILER_FROM: "AfterWork <noreply@afterwork.ci>"
|
||||
MAILER_START_TLS: "REQUIRED"
|
||||
# En production, mettre false. true = mock (pas d'envoi réel)
|
||||
MAILER_MOCK: "true"
|
||||
|
||||
# ==============================================================================
|
||||
# RATE LIMITING
|
||||
# ==============================================================================
|
||||
AFTERWORK_RATELIMIT_MAX_REQUESTS: "10"
|
||||
AFTERWORK_RATELIMIT_WINDOW_SECONDS: "60"
|
||||
|
||||
# ==============================================================================
|
||||
# WAVE PAYMENT
|
||||
# ==============================================================================
|
||||
WAVE_BASE_URL: "https://api.wave.com"
|
||||
WAVE_CURRENCY: "XOF"
|
||||
WAVE_CALLBACK_URL: "https://api.lions.dev/afterwork/webhooks/wave"
|
||||
|
||||
# ==============================================================================
|
||||
# OBSERVABILITY - Lions Prometheus/Grafana
|
||||
# ==============================================================================
|
||||
# Prometheus scrape via annotations sur le pod
|
||||
# Grafana disponible sur https://grafana.lions.dev
|
||||
|
||||
# ==============================================================================
|
||||
# KEYCLOAK / SSO (optionnel)
|
||||
# ==============================================================================
|
||||
# OIDC_AUTH_SERVER_URL: "https://security.lions.dev/realms/lions"
|
||||
# OIDC_CLIENT_ID: "afterwork-api"
|
||||
|
||||
---
|
||||
# ==============================================================================
|
||||
# EXTERNAL SECRET - Intégration Vault (ACTIF)
|
||||
# ==============================================================================
|
||||
# Vault est déverrouillé sur https://vault.lions.dev
|
||||
# Les secrets sont synchronisés depuis Vault vers Kubernetes automatiquement
|
||||
#
|
||||
# PRÉREQUIS: Créer les secrets dans Vault avec:
|
||||
# vault kv put lions/afterwork \
|
||||
# db_password="AfterWork2025!" \
|
||||
# jwt_secret="AfterWorkJWTSecret2025LionsInfrastructureKey" \
|
||||
# admin_password="AdminAfterWork2025!" \
|
||||
# mailer_password="SMTP_PASSWORD" \
|
||||
# wave_api_key="WAVE_KEY" \
|
||||
# wave_secret="WAVE_SECRET"
|
||||
#
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: afterwork-vault-secrets
|
||||
namespace: applications
|
||||
labels:
|
||||
app: afterwork-api
|
||||
component: external-secrets
|
||||
project: lions-infrastructure-2025
|
||||
spec:
|
||||
refreshInterval: "1h"
|
||||
secretStoreRef:
|
||||
name: vault-backend
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: afterwork-secrets-vault
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: DB_PASSWORD
|
||||
remoteRef:
|
||||
key: lions/data/afterwork
|
||||
property: db_password
|
||||
- secretKey: JWT_SECRET
|
||||
remoteRef:
|
||||
key: lions/data/afterwork
|
||||
property: jwt_secret
|
||||
- secretKey: ADMIN_PASSWORD
|
||||
remoteRef:
|
||||
key: lions/data/afterwork
|
||||
property: admin_password
|
||||
- secretKey: MAILER_PASSWORD
|
||||
remoteRef:
|
||||
key: lions/data/afterwork
|
||||
property: mailer_password
|
||||
- secretKey: WAVE_API_KEY
|
||||
remoteRef:
|
||||
key: lions/data/afterwork
|
||||
property: wave_api_key
|
||||
- secretKey: WAVE_SECRET
|
||||
remoteRef:
|
||||
key: lions/data/afterwork
|
||||
property: wave_secret
|
||||
|
||||
Reference in New Issue
Block a user