# --- # apiVersion: v1 # kind: Secret # metadata: # name: bitwarden-cli # namespace: external-secrets # data: # BW_HOST: base64(url) # BW_USERNAME: base64(name) # BW_PASSWORD: base64(pass) # 81212111-6350-4069-8bcf-19a67d3964a5 --- apiVersion: apps/v1 kind: Deployment metadata: name: bitwarden-cli namespace: external-secrets labels: reloader.stakater.com/auto: "true" app.kubernetes.io/instance: bitwarden-cli app.kubernetes.io/name: bitwarden-cli spec: replicas: 1 strategy: type: RollingUpdate selector: matchLabels: app.kubernetes.io/name: bitwarden-cli app.kubernetes.io/instance: bitwarden-cli template: metadata: labels: app.kubernetes.io/name: bitwarden-cli app.kubernetes.io/instance: bitwarden-cli spec: nodeSelector: kubernetes.io/arch: amd64 kubernetes.io/hostname: master.tail2fe2d.ts.net containers: - name: bitwarden-cli image: ultradesu/bitwarden-client:2024.7.2 imagePullPolicy: Always env: - name: BW_HOST valueFrom: secretKeyRef: name: bitwarden-cli key: BW_HOST - name: BW_USER valueFrom: secretKeyRef: name: bitwarden-cli key: BW_USERNAME - name: BW_PASSWORD valueFrom: secretKeyRef: name: bitwarden-cli key: BW_PASSWORD ports: - name: http containerPort: 8087 protocol: TCP livenessProbe: exec: command: - wget - -q - http://127.0.0.1:8087/sync - --post-data='' initialDelaySeconds: 20 failureThreshold: 3 timeoutSeconds: 1 periodSeconds: 120 readinessProbe: tcpSocket: port: 8087 initialDelaySeconds: 20 failureThreshold: 3 timeoutSeconds: 1 periodSeconds: 10 startupProbe: tcpSocket: port: 8087 initialDelaySeconds: 10 failureThreshold: 30 timeoutSeconds: 1 periodSeconds: 5 --- apiVersion: v1 kind: Service metadata: name: bitwarden-cli namespace: external-secrets labels: app.kubernetes.io/instance: bitwarden-cli app.kubernetes.io/name: bitwarden-cli annotations: spec: type: ClusterIP ports: - port: 8087 targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: bitwarden-cli app.kubernetes.io/instance: bitwarden-cli --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: namespace: external-secrets name: external-secret-2-bw-cli spec: podSelector: matchLabels: app.kubernetes.io/instance: bitwarden-cli app.kubernetes.io/name: bitwarden-cli ingress: - from: - podSelector: matchLabels: app.kubernetes.io/instance: external-secrets app.kubernetes.io/name: external-secrets --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: vaultwarden-login spec: provider: webhook: url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" headers: Content-Type: application/json result: jsonPath: "$.data.{{ .remoteRef.property }}" --- apiVersion: external-secrets.io/v1beta1 kind: ClusterSecretStore metadata: name: vaultwarden-fields spec: provider: webhook: url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" result: jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"