fix(k8s): remove stale GITEA_ACCESS_TOKEN/GITEA_API_URL/QDRANT_URL from k8s config

These env vars are no longer read by the application — all runtime
settings are managed through the Admin Dashboard Web UI backed by
SQLite. Only PORT remains in the ConfigMap. Secret resource removed
entirely. README k8s sections updated accordingly.

README.md

@@ -183,23 +183,13 @@ docker-compose up -d
 
 Kubernetes manifests are located in the `k8s/` directory.
 
-**1. Configure Secrets**
+**1. Configure**
 
-Only the Gitea access token needs to be in the Secret (the only sensitive env-var-level setting):
+The only env var in the ConfigMap is `PORT`. All other settings (Gitea connection, webhook secret, admin password, review engine, Feishu, etc.) are configured through the **Admin Dashboard Web UI** after deployment — they are auto-seeded with secure defaults on first boot.
 
-```bash
-echo -n "your_gitea_token" | base64
-```
+Ensure persistent storage is configured for the `/app/data` directory to retain the SQLite database and encryption key.
 
-Update `GITEA_ACCESS_TOKEN` in `k8s/gitea-assistant.yaml`.
-
-**2. Configure Application**
-
-Edit the ConfigMap in `k8s/gitea-assistant.yaml`:
-
-- Set `GITEA_API_URL` to your Gitea instance API endpoint
-
-> **Note**: All other settings (webhook secret, admin password, review engine, Feishu, etc.) are configured through the Admin Dashboard Web UI after deployment. They are auto-seeded on first boot. Ensure persistent storage is configured for the `/app/data` directory.
+**2. Deploy**
 **3. Deploy**
 
 ```bash

docs/README.zh-CN.md

@@ -183,21 +183,13 @@ docker-compose up -d
 
 Kubernetes 部署清单位于 `k8s/` 目录。
 
-**1. 配置密钥**
+**1. 配置**
 
-只需将 Gitea 访问令牌编码为 base64 并填入 `k8s/gitea-assistant.yaml`：
+ConfigMap 中唯一的环境变量是 `PORT`。所有其他设置（Gitea 连接、Webhook 密钥、管理员密码、审查引擎、飞书等）均在部署后通过 **Web 管理后台** 配置，首次启动时自动以安全默认值初始化。
 
-```bash
-echo -n "your_gitea_token" | base64
-```
+请确保为 `/app/data` 目录配置持久化存储，以保留 SQLite 数据库和加密密钥。
 
-**2. 配置应用**
-
-编辑 `k8s/gitea-assistant.yaml` 中的 ConfigMap：
-
-- 将 `GITEA_API_URL` 设置为你的 Gitea 实例 API 地址
-
-> **注意**: 所有其他设置（Webhook 密钥、管理员密码、审查引擎、飞书等）均在应用部署后通过管理后台进行配置，首次启动时自动初始化。请确保为 `/app/data` 目录配置持久化存储。
+**2. 部署**
 **3. 部署**
 
 ```bash

k8s/gitea-assistant.yaml

@@ -1,21 +1,5 @@
 ---
-# Secret for sensitive environment variables
-# Replace base64-encoded values before applying:
-#   echo -n "your_value" | base64
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gitea-assistant-secret
-  namespace: gitea-assistant
-  labels:
-    app.kubernetes.io/name: gitea-assistant
-    app.kubernetes.io/part-of: gitea-assistant
-type: Opaque
-data:
-  # REQUIRED: replace with your own base64-encoded Gitea access token
-  GITEA_ACCESS_TOKEN: eW91cl9naXRlYV90b2tlbg==
-
----
+# ConfigMap: only infrastructure-level env vars that must be known before DB init
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -25,14 +9,10 @@ metadata:
     app.kubernetes.io/name: gitea-assistant
     app.kubernetes.io/part-of: gitea-assistant
 data:
-  # Required: set to your Gitea instance API endpoint
-  GITEA_API_URL: "http://localhost:3000/api/v1"
   PORT: "3000"
-  # Optional: Qdrant vector DB for memory features (configure memory settings via Web UI)
-  QDRANT_URL: "http://qdrant.gitea-assistant.svc.cluster.local:6333"
-  # All other settings (review engine, Feishu, admin password, etc.) are managed
-  # through the Admin Dashboard Web UI. They are auto-seeded on first boot.
-
+  # All settings (Gitea connection, webhook secret, admin password, review engine,
+  # Feishu, memory, etc.) are managed through the Admin Dashboard Web UI.
+  # They are auto-seeded with secure defaults on first boot.
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -63,8 +43,6 @@ spec:
           envFrom:
             - configMapRef:
                 name: gitea-assistant-config
-            - secretRef:
-                name: gitea-assistant-secret
           resources:
             limits:
               memory: "512Mi"