feat: add instructions for setting a dashboard password and create secret.yaml template

kubernetes/README.md

@@ -22,13 +22,17 @@ Once the EXTERNAL-IP is assigned, access your deception server at `http://<EXTER
 
 ### Retrieving Dashboard Path
 
-Check server startup logs or get the secret with 
+Check server startup logs or get the secret with
 
 ```bash
 kubectl get secret krawl-server -n krawl-system \
   -o jsonpath='{.data.dashboard-path}' | base64 -d && echo
 ```
 
+### Setting Dashboard Password
+
+To set a custom password for protected dashboard panels, create the `secret.yaml` manifest (see `kubernetes/manifests/secret.yaml`) and uncomment the `KRAWL_DASHBOARD_PASSWORD` env var in the deployment. If not set, a random password is auto-generated and printed in the pod logs.
+
 ### From Source (Python 3.11+)
 
 Clone the repository:

kubernetes/manifests/deployment.yaml

@@ -33,6 +33,12 @@ spec:
         env:
         - name: CONFIG_LOCATION
           value: "config.yaml"
+        # Uncomment to use dashboard password from secret
+        # - name: KRAWL_DASHBOARD_PASSWORD
+        #   valueFrom:
+        #     secretKeyRef:
+        #       name: krawl-dashboard
+        #       key: dashboard-password
         volumeMounts:
         - name: config
           mountPath: /app/config.yaml

kubernetes/manifests/secret.yaml

@@ -0,0 +1,15 @@
+# Source: krawl-chart/templates/secret.yaml
+# Uncomment and set your dashboard password below.
+# If not created, the password will be auto-generated and printed in the pod logs.
+#
+# apiVersion: v1
+# kind: Secret
+# metadata:
+#   name: krawl-dashboard
+#   namespace: krawl-system
+#   labels:
+#     app.kubernetes.io/name: krawl
+#     app.kubernetes.io/instance: krawl
+# type: Opaque
+# stringData:
+#   dashboard-password: "your-secret-password"