added possibility to use an existing secret for deployment

README.md

@@ -9,8 +9,6 @@ Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.c
 
 ## Getting started
 
-For now a few secrets need to be passed to helm. I will change this in the future to give the option to also use a kubernetes secret for this.
-
 You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
 Expose these to the operator as described in this example:
 
@@ -26,6 +24,16 @@ env:
     value: "YourSuperSecurePassword"
 ```
 
+you can also create a secret manually with these information and reference the existing secret like this in the `values.yaml`:
+
+```yaml
+externalConfigSecret:
+  enabled: true
+  name: "my-existing-secret"
+```
+
+the helm template will use all environment variables from this secret, so make sure to prepare this secret with the key value pairs as described above.
+
 `BW_HOST` can be omitted if you are using the Bitwarden SaaS offering.
 
 After that it is a basic helm deployment:
@@ -78,7 +86,7 @@ type: Opaque
 ## Short Term Roadmap
 
 - [ ] support more types
-- [ ] offer option to use a existing secret in helm chart
+- [x] offer option to use a existing secret in helm chart
 - [x] host chart on gh pages
 - [x] write release pipeline
 - [x] maybe extend spec to offer modification of keys as well

charts/bitwarden-crd-operator/Chart.yaml

@@ -4,6 +4,41 @@ description: Deploy the Bitwarden CRD Operator
 
 type: application
 
-version: "v0.1.2"
+version: "v0.2.0"
 
 appVersion: "0.1.2"
+
+keywords:
+  - operator
+  - bitwarden
+  - vaultwarden
+
+home: https://lerentis.github.io/bitwarden-crd-operator/
+
+sources:
+  - https://github.com/Lerentis/bitwarden-crd-operator
+
+kubeVersion: '>= 1.13.0-0'
+
+maintainers:
+  - name: lerentis
+    email: lerentis+helm@uploadfilter24.eu
+
+annotations:
+  artifacthub.io/links: |
+    - name: Chart Source
+      url: https://github.com/Lerentis/bitwarden-crd-operator
+  artifacthub.io/crds: |
+    - kind: BitwardenSecret
+      version: v1beta2
+      name: bitwarden-secret
+      displayName: Bitwarden Secret
+      description: Management Object to create secrets from bitwarden
+  artifacthub.io/license: MIT
+  artifacthub.io/operator: "true"  
+  artifacthub.io/changes: |
+    - kind: changed
+      description: "added possibility to configure operator from existing secret"
+  artifacthub.io/images: |
+    - name: bitwarden-crd-operator
+      image: lerentis/bitwarden-crd-operator:0.1.2

charts/bitwarden-crd-operator/README.md

@@ -0,0 +1,92 @@
+# Bitwarden CRD Operator
+
+[![Build Status](https://drone.uploadfilter24.eu/api/badges/lerentis/bitwarden-crd-operator/status.svg?ref=refs/heads/main)](https://drone.uploadfilter24.eu/lerentis/bitwarden-crd-operator)
+
+Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
+
+> DISCLAIMER:  
+> This project is still very work in progress :)
+
+## Getting started
+
+You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
+Expose these to the operator as described in this example:
+
+```yaml
+env:
+  - name: BW_HOST
+    value: "https://bitwarden.your.tld.org"
+  - name: BW_CLIENTID
+    value: "user.your-client-id"
+  - name: BW_CLIENTSECRET
+    value: "YoUrCliEntSecRet"
+  - name: BW_PASSWORD
+    value: "YourSuperSecurePassword"
+```
+
+you can also create a secret manually with these information and reference the existing secret like this in the `values.yaml`:
+
+```yaml
+externalConfigSecret:
+  enabled: true
+  name: "my-existing-secret"
+```
+
+the helm template will use all environment variables from this secret, so make sure to prepare this secret with the key value pairs as described above.
+
+`BW_HOST` can be omitted if you are using the Bitwarden SaaS offering.
+
+After that it is a basic helm deployment:
+
+```bash
+helm repo add bitwarden-operator https://lerentis.github.io/bitwarden-crd-operator
+helm repo update 
+kubectl create namespace bw-operator
+helm upgrade --install --namespace bw-operator -f values.yaml bw-operator bitwarden-operator/bitwarden-crd-operator
+```
+
+And you are set to create your first secret using this operator. For that you need to add a CRD Object like this to your cluster:
+
+```yaml
+---
+apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
+kind: BitwardenSecret
+metadata:
+  name: name-of-your-management-object
+spec:
+  content:
+    - element:
+        secretName: nameOfTheFieldInBitwarden # for example username
+        secretRef: nameOfTheKeyInTheSecretToBeCreated 
+    - element:
+        secretName: nameOfAnotherFieldInBitwarden # for example password
+        secretRef: nameOfAnotherKeyInTheSecretToBeCreated 
+  id: "A Secret ID from bitwarden"
+  name: "Name of the secret to be created"
+  namespace: "Namespace of the secret to be created"
+```
+
+The ID can be extracted from the browser when you open a item the ID is in the URL. The resulting secret looks something like this:
+
+```yaml
+apiVersion: v1
+data:
+  nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden"
+  nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden"
+kind: Secret
+metadata:
+  annotations:
+    managed: bitwarden-secrets.lerentis.uploadfilter24.eu
+    managedObject: bw-operator/test
+  name: name-of-your-management-object
+  namespace: default
+type: Opaque
+```
+
+## Short Term Roadmap
+
+- [ ] support more types
+- [x] offer option to use a existing secret in helm chart
+- [x] host chart on gh pages
+- [x] write release pipeline
+- [x] maybe extend spec to offer modification of keys as well

charts/bitwarden-crd-operator/templates/deployment.yaml

@@ -33,10 +33,15 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- with .Values.env }}
           env:
+          {{- with .Values.env }}
             {{- . | toYaml | trim | nindent 12 }}
           {{- end }}
+          {{- if .Values.externalConfigSecret.enabled }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.externalConfigSecret.name }}
+          {{- end }}
           ports:
             - name: http
               containerPort: 8080

charts/bitwarden-crd-operator/values.yaml

@@ -24,6 +24,11 @@ fullnameOverride: ""
 #  - name: BW_PASSWORD
 #    value: "define_id"
 
+externalConfigSecret:
+  enabled: false
+
+  name: ""
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true