# 密钥管理层 - 通过postBuild从flux-env Secret注入变量
# 所有环境流程一致: kubectl create secret generic flux-env -n infra-gitops --from-env-file=.env
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: secrets
  namespace: infra-gitops
spec:
  interval: 30m
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux
  path: ./flux/infrastructure/secrets
  prune: false
  wait: true
  dependsOn:
    - name: sources
  postBuild:
    substituteFrom:
      - kind: Secret
        name: flux-env