Added external-secrets

k8s/core/external-secrets/extra/external-secrets.yaml

@@ -1,148 +0,0 @@
-# ---
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: bitwarden-cli
-#   namespace: external-secrets
-# data:
-#   BW_HOST: base64(url)
-#   BW_USERNAME: base64(name)
-#   BW_PASSWORD: base64(pass)
-# 81212111-6350-4069-8bcf-19a67d3964a5
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bitwarden-cli
-  namespace: external-secrets
-  labels:
-    reloader.stakater.com/auto: "true"
-    app.kubernetes.io/instance: bitwarden-cli
-    app.kubernetes.io/name: bitwarden-cli
-spec:
-  replicas: 1
-  strategy:
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: bitwarden-cli
-      app.kubernetes.io/instance: bitwarden-cli
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: bitwarden-cli
-        app.kubernetes.io/instance: bitwarden-cli
-    spec:
-      nodeSelector:
-        kubernetes.io/arch: amd64
-        kubernetes.io/hostname: master.tail2fe2d.ts.net
-      containers:
-        - name: bitwarden-cli
-          image: ultradesu/bitwarden-client:2024.7.2
-          imagePullPolicy: Always
-          env:
-            - name: BW_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-cli
-                  key: BW_HOST
-            - name: BW_USER
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-cli
-                  key: BW_USERNAME
-            - name: BW_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-cli
-                  key: BW_PASSWORD
-          ports:
-            - name: http
-              containerPort: 8087
-              protocol: TCP
-          livenessProbe:
-            exec:
-              command:
-                - wget
-                - -q
-                - http://127.0.0.1:8087/sync
-                - --post-data=''
-            initialDelaySeconds: 20
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 120
-          readinessProbe:
-            tcpSocket:
-              port: 8087
-            initialDelaySeconds: 20
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: 8087
-            initialDelaySeconds: 10
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: bitwarden-cli
-  namespace: external-secrets
-  labels:
-    app.kubernetes.io/instance: bitwarden-cli
-    app.kubernetes.io/name: bitwarden-cli
-  annotations:
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8087
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: bitwarden-cli
-    app.kubernetes.io/instance: bitwarden-cli
----
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  namespace: external-secrets
-  name: external-secret-2-bw-cli
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/instance: bitwarden-cli
-      app.kubernetes.io/name: bitwarden-cli
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/instance: external-secrets
-              app.kubernetes.io/name: external-secrets
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vaultwarden-login
-spec:
-  provider:
-    webhook:
-      url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}"
-      headers:
-        Content-Type: application/json
-      result:
-        jsonPath: "$.data.{{ .remoteRef.property }}"
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vaultwarden-fields
-spec:
-  provider:
-    webhook:
-      url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}"
-      result:
-        jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"

k8s/core/external-secrets/kustomization.yaml

@@ -1,16 +0,0 @@
-helmCharts:
-  - name: external-secrets
-    repo: https://charts.external-secrets.io
-    version: 0.9.13
-    releaseName: external-secrets
-    namespace: external-secrets
-    valuesFile: values.yaml
-    includeCRDs: true
-    createNamespace: true
-
-resources:
-  - extra/bitwarden-deployment.yaml
-# - extra/clustersecretstore-login.yaml
-# - extra/clustersecretstore-fields.yaml
-# - extra/networkpolicy.yaml
-

k8s/core/external-secrets/values.yaml

@@ -1 +0,0 @@
-installCRDs: true

k8s/state/apps/external-secrets.yaml

@@ -6,16 +6,18 @@ metadata:
 spec:
   project: homelab
   source:
-    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
-    targetRevision: HEAD
-    path: k8s/core/external-secrets
-    kustomize:
-      version: v4.5.7
+    repoURL: https://charts.external-secrets.io
+    chart: external-secrets
+    targetRevision: 0.9.13
+    helm:
+      releaseName: external-secrets
+      values: |
+        installCRDs: true
   destination:
     server: https://kubernetes.default.svc
     namespace: external-secrets
   syncPolicy:
     automated:
-      selfHeal: true
       prune: true
+      selfHeal: true