lerentis/bitwarden-crd-operator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 18 Wiki Activity

added support for dockerconfigjson regcred
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Tobias Trabelsi
2022-10-30 00:34:54 +02:00
parent 2c9d1794a5
commit 06efcf1a55
9 changed files with 230 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
charts/bitwarden-crd-operator/README.md
View File

@@ -1,6 +1,6 @@
# Bitwarden CRD Operator
[![Build Status](https://drone.uploadfilter24.eu/api/badges/lerentis/bitwarden-crd-operator/status.svg?ref=refs/heads/main)](https://drone.uploadfilter24.eu/lerentis/bitwarden-crd-operator)
[![Build Status](https://drone.uploadfilter24.eu/api/badges/lerentis/bitwarden-crd-operator/status.svg?ref=refs/heads/main)](https://drone.uploadfilter24.eu/lerentis/bitwarden-crd-operator) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/lerentis)](https://artifacthub.io/packages/search?repo=lerentis)
Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
@@ -45,11 +45,13 @@ kubectl create namespace bw-operator
helm upgrade --install --namespace bw-operator -f values.yaml bw-operator bitwarden-operator/bitwarden-crd-operator
```
## BitwardenSecret
And you are set to create your first secret using this operator. For that you need to add a CRD Object like this to your cluster:
```yaml
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
kind: BitwardenSecret
metadata:
name: name-of-your-management-object
@@ -83,6 +85,41 @@ metadata:
type: Opaque
```
## RegistryCredential
For managing registry credentials, or pull secrets, you can create another kind of object to let the operator create these as well for you:
```yaml
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
kind: RegistryCredential
metadata:
name: name-of-your-management-object
spec:
usernameRef: nameOfTheFieldInBitwarden # for example username
passwordRef: nameOfTheFieldInBitwarden # for example password
registry: "docker.io"
id: "A Secret ID from bitwarden"
name: "Name of the secret to be created"
namespace: "Namespace of the secret to be created"
```
The resulting secret looks something like this:
```yaml
apiVersion: v1
data:
.dockerconfigjson: "base64 encoded json auth string for your registry"
kind: Secret
metadata:
annotations:
managed: bitwarden-secrets.lerentis.uploadfilter24.eu
managedObject: bw-operator/test
name: name-of-your-management-object
namespace: default
type: dockerconfigjson
```
## Short Term Roadmap
- [ ] support more types

2
charts/bitwarden-crd-operator/crds/bitwarden-secrets.yaml
View File

@@ -12,7 +12,7 @@ spec:
shortNames:
- bws
versions:
- name: v1beta2
- name: v1beta3
served: true
storage: true
schema:

43
charts/bitwarden-crd-operator/crds/registry-credentials.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: registry-credentials.lerentis.uploadfilter24.eu
spec:
scope: Namespaced
group: lerentis.uploadfilter24.eu
names:
kind: RegistryCredential
plural: registry-credentials
singular: registry-credential
shortNames:
- rgc
versions:
- name: v1beta3
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
usernameRef:
type: string
passwordRef:
type: string
registry:
type: string
id:
type: string
namespace:
type: string
name:
type: string
required:
- id
- namespace
- name
- usernameRef
- passwordRef
- registry

2
charts/bitwarden-crd-operator/templates/clusterrole.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
rules:
- apiGroups: ["lerentis.uploadfilter24.eu"]
resources: ["bitwarden-secrets"]
resources: ["bitwarden-secrets", "registry-credentials"]
verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
- apiGroups: [""]
resources: ["secrets"]