forked from ab/homelab
		
	Added external-secrets
This commit is contained in:
		
							
								
								
									
										148
									
								
								k8s/core/external-secrets-extra/external-secrets.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										148
									
								
								k8s/core/external-secrets-extra/external-secrets.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,148 @@ | ||||
| # --- | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: bitwarden-cli | ||||
| #   namespace: external-secrets | ||||
| # data: | ||||
| #   BW_HOST: base64(url) | ||||
| #   BW_USERNAME: base64(name) | ||||
| #   BW_PASSWORD: base64(pass) | ||||
| # 81212111-6350-4069-8bcf-19a67d3964a5 | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: bitwarden-cli | ||||
|   namespace: external-secrets | ||||
|   labels: | ||||
|     reloader.stakater.com/auto: "true" | ||||
|     app.kubernetes.io/instance: bitwarden-cli | ||||
|     app.kubernetes.io/name: bitwarden-cli | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: RollingUpdate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: bitwarden-cli | ||||
|       app.kubernetes.io/instance: bitwarden-cli | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: bitwarden-cli | ||||
|         app.kubernetes.io/instance: bitwarden-cli | ||||
|     spec: | ||||
|       nodeSelector: | ||||
|         kubernetes.io/arch: amd64 | ||||
|         kubernetes.io/hostname: master.tail2fe2d.ts.net | ||||
|       containers: | ||||
|         - name: bitwarden-cli | ||||
|           image: ultradesu/bitwarden-client:2024.7.2 | ||||
|           imagePullPolicy: Always | ||||
|           env: | ||||
|             - name: BW_HOST | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: bitwarden-cli | ||||
|                   key: BW_HOST | ||||
|             - name: BW_USER | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: bitwarden-cli | ||||
|                   key: BW_USERNAME | ||||
|             - name: BW_PASSWORD | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: bitwarden-cli | ||||
|                   key: BW_PASSWORD | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 8087 | ||||
|               protocol: TCP | ||||
|           livenessProbe: | ||||
|             exec: | ||||
|               command: | ||||
|                 - wget | ||||
|                 - -q | ||||
|                 - http://127.0.0.1:8087/sync | ||||
|                 - --post-data='' | ||||
|             initialDelaySeconds: 20 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 120 | ||||
|           readinessProbe: | ||||
|             tcpSocket: | ||||
|               port: 8087 | ||||
|             initialDelaySeconds: 20 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           startupProbe: | ||||
|             tcpSocket: | ||||
|               port: 8087 | ||||
|             initialDelaySeconds: 10 | ||||
|             failureThreshold: 30 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 5 | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: bitwarden-cli | ||||
|   namespace: external-secrets | ||||
|   labels: | ||||
|     app.kubernetes.io/instance: bitwarden-cli | ||||
|     app.kubernetes.io/name: bitwarden-cli | ||||
|   annotations: | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 8087 | ||||
|       targetPort: http | ||||
|       protocol: TCP | ||||
|       name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: bitwarden-cli | ||||
|     app.kubernetes.io/instance: bitwarden-cli | ||||
| --- | ||||
| kind: NetworkPolicy | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| metadata: | ||||
|   namespace: external-secrets | ||||
|   name: external-secret-2-bw-cli | ||||
| spec: | ||||
|   podSelector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/instance: bitwarden-cli | ||||
|       app.kubernetes.io/name: bitwarden-cli | ||||
|   ingress: | ||||
|     - from: | ||||
|         - podSelector: | ||||
|             matchLabels: | ||||
|               app.kubernetes.io/instance: external-secrets | ||||
|               app.kubernetes.io/name: external-secrets | ||||
| --- | ||||
| apiVersion: external-secrets.io/v1beta1 | ||||
| kind: ClusterSecretStore | ||||
| metadata: | ||||
|   name: vaultwarden-login | ||||
| spec: | ||||
|   provider: | ||||
|     webhook: | ||||
|       url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" | ||||
|       headers: | ||||
|         Content-Type: application/json | ||||
|       result: | ||||
|         jsonPath: "$.data.{{ .remoteRef.property }}" | ||||
| --- | ||||
| apiVersion: external-secrets.io/v1beta1 | ||||
| kind: ClusterSecretStore | ||||
| metadata: | ||||
|   name: vaultwarden-fields | ||||
| spec: | ||||
|   provider: | ||||
|     webhook: | ||||
|       url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" | ||||
|       result: | ||||
|         jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value" | ||||
		Reference in New Issue
	
	Block a user