aitbc/infra/k8s/sealed-secrets.yaml

# SealedSecrets Controller Installation
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: sealed-secrets
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: https://bitnami-labs.github.io/sealed-secrets
    chart: sealed-secrets
    targetRevision: 2.15.0
    helm:
      releaseName: sealed-secrets
      parameters:
      - name: namespace
        value: kube-system
  destination:
    server: https://kubernetes.default.svc
    namespace: kube-system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
---
# Example SealedSecret for Coordinator API Keys
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: coordinator-api-keys
  namespace: default
  annotations:
    sealedsecrets.bitnami.com/cluster-wide: "true"
spec:
  encryptedData:
    # Production API key (encrypted)
    api-key-prod: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
    # Staging API key (encrypted)
    api-key-staging: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
    # Development API key (encrypted)
    api-key-dev: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
  template:
    metadata:
      name: coordinator-api-keys
      namespace: default
    type: Opaque
---
# Example SealedSecret for Database Credentials
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: coordinator-db-credentials
  namespace: default
spec:
  encryptedData:
    username: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
    password: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
    database: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
  template:
    metadata:
      name: coordinator-db-credentials
      namespace: default
    type: Opaque
---
# Example SealedSecret for JWT Signing Keys (if needed in future)
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  name: coordinator-jwt-keys
  namespace: default
spec:
  encryptedData:
    private-key: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
    public-key: AgBy3i4OJSWK+PiTySYZZA9rO43cGDEQAx...
  template:
    metadata:
      name: coordinator-jwt-keys
      namespace: default
    type: Opaque