3aaa319264
- web/src/pages/Pricing.tsx: tier comparison, monthly/yearly toggle, stripe checkout CTA - web/src/pages/Settings.tsx: Plan section shows Free/Pro + Upgrade or Manage Subscription (opens Stripe Customer Portal) - web/src/lib/api.ts: startCheckout(), openBillingPortal() + extended ApiUser - footer on Home gets a discreet "Pricing →" link - k8s/secrets.example.yml: documents STRIPE_* env vars - .gitignore: exclude .env files to prevent leaking credentials Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
78 lines
2.9 KiB
YAML
78 lines
2.9 KiB
YAML
# ---------------------------------------------------------------------------
|
|
# Template for cluster secrets. DO NOT commit the real file.
|
|
#
|
|
# To create the real secrets on the cluster:
|
|
#
|
|
# # Postgres — generate a strong password
|
|
# POSTGRES_PASSWORD=$(openssl rand -base64 32 | tr -d '=+/')
|
|
# kubectl -n anydrop create secret generic postgres-credentials \
|
|
# --from-literal=username=anydrop \
|
|
# --from-literal=password="$POSTGRES_PASSWORD"
|
|
#
|
|
# # App secrets — session signing + DB URL
|
|
# SESSION_SECRET=$(openssl rand -base64 64 | tr -d '=+/')
|
|
# DATABASE_URL="postgres://anydrop:${POSTGRES_PASSWORD}@postgres.anydrop.svc.cluster.local:5432/anydrop"
|
|
# kubectl -n anydrop create secret generic anydrop-app-secrets \
|
|
# --from-literal=SESSION_SECRET="$SESSION_SECRET" \
|
|
# --from-literal=DATABASE_URL="$DATABASE_URL" \
|
|
# --from-literal=STRIPE_SECRET_KEY="sk_live_…" \
|
|
# --from-literal=STRIPE_WEBHOOK_SECRET="whsec_…" \
|
|
# --from-literal=STRIPE_PRICE_MONTHLY="price_…" \
|
|
# --from-literal=STRIPE_PRICE_YEARLY="price_…"
|
|
#
|
|
# # MinIO — reuses the shared cluster MinIO in the `minio` namespace.
|
|
# # Create a scoped user + policy on MinIO (one-shot), then store its
|
|
# # credentials here. Don't use the MinIO root account.
|
|
# # kubectl -n minio exec deploy/minio -- sh -c '
|
|
# # mc alias set local http://localhost:9000 "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD"
|
|
# # mc mb --ignore-existing local/transfers
|
|
# # mc anonymous set none local/transfers
|
|
# # mc admin user add local anydrop <STRONG_SECRET>
|
|
# # # Attach a policy scoped to the transfers bucket only.
|
|
# # '
|
|
# kubectl -n anydrop create secret generic minio-credentials \
|
|
# --from-literal=access_key="anydrop" \
|
|
# --from-literal=secret_key="<STRONG_SECRET>"
|
|
#
|
|
# Rotate by replacing the secret and restarting the pods:
|
|
# kubectl -n anydrop rollout restart deployment/anydrop-server
|
|
# ---------------------------------------------------------------------------
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: postgres-credentials
|
|
namespace: anydrop
|
|
type: Opaque
|
|
stringData:
|
|
username: anydrop
|
|
password: CHANGE_ME_STRONG_PASSWORD
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: anydrop-app-secrets
|
|
namespace: anydrop
|
|
type: Opaque
|
|
stringData:
|
|
SESSION_SECRET: CHANGE_ME_64_BYTE_RANDOM_STRING
|
|
DATABASE_URL: postgres://anydrop:CHANGE_ME@postgres.anydrop.svc.cluster.local:5432/anydrop
|
|
# Phase 3 — Stripe billing. Create the product + recurring prices in the
|
|
# Stripe dashboard, then fill these in. Leaving them unset disables the
|
|
# /api/billing/* and webhook routes gracefully (503).
|
|
STRIPE_SECRET_KEY: CHANGE_ME_sk_live_xxx
|
|
STRIPE_WEBHOOK_SECRET: CHANGE_ME_whsec_xxx
|
|
STRIPE_PRICE_MONTHLY: CHANGE_ME_price_xxx
|
|
STRIPE_PRICE_YEARLY: CHANGE_ME_price_xxx
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: minio-credentials
|
|
namespace: anydrop
|
|
type: Opaque
|
|
stringData:
|
|
access_key: CHANGE_ME_ACCESS_KEY
|
|
secret_key: CHANGE_ME_SECRET_KEY
|