lerentis/bitwarden-crd-operator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 18 Wiki Activity

wip
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Tobias Trabelsi
2022-09-04 23:21:33 +02:00
parent 7f98c98728
commit 22a35062fd
18 changed files with 454 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.dockerignore Normal file
View File

@@ -0,0 +1,5 @@
chart
bin
include
lib
lib64

45
.drone.yml Normal file
View File

@@ -0,0 +1,45 @@
---
kind: pipeline
type: kubernetes
name: build-bitwarden-crd-operator
platform:
os: linux
arch: amd64
steps:
- name: build-bitwarden-crd-operator
image: plugins/kaniko
settings:
dockerfile: Dockerfile
password:
from_secret: docker_password
username:
from_secret: docker_username
repo: lerentis/bitwarden-crd-operator
tags:
- ${DRONE_COMMIT_SHA}
- latest
when:
event:
- push
- pull_request
- cron
resources:
limits:
cpu: 200
memory: 1024MiB
- name: trivy
image: aquasec/trivy:0.31.3
commands:
- trivy lerentis/bitwarden-crd-operator:${DRONE_COMMIT_SHA}
environment:
TRIVY_USERNAME:
from_secret: docker_username
TRIVY_PASSWORD:
from_secret: docker_password
when:
event:
- push
- pull_request
- cron

4
.gitignore vendored
View File

@@ -160,3 +160,7 @@ cython_debug/
# option (not recommended) you can uncomment the following to ignore the entire idea folder. # option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/ #.idea/
bin
include
lib
lib64

30
Dockerfile Normal file
View File

@@ -0,0 +1,30 @@
FROM alpine:latest as builder
ARG BW_VERSION=2022.8.0
RUN apk add wget unzip
RUN cd /tmp && wget https://github.com/bitwarden/clients/releases/download/cli-v${BW_VERSION}/bw-linux-${BW_VERSION}.zip && \
unzip /tmp/bw-linux-${BW_VERSION}.zip
FROM ubuntu:jammy
COPY --from=builder /tmp/bw /usr/local/bin/bw
COPY requirements.txt requirements.txt
RUN set -eux; \
groupadd -r bw-operator ; \
useradd -r -g bw-operator -s /sbin/nologin bw-operator; \
mkdir -p /home/bw-operator; \
chown -R bw-operator /home/bw-operator; \
chmod +x /usr/local/bin/bw; \
apt-get update; \
apt-get install -y --no-install-recommends python3 python3-pip; \
pip install -r requirements.txt
COPY --chown=bw-operator:bw-operator operator.py /home/bw-operator/operator.py
USER bw-operator
ENTRYPOINT [ "/home/bw-operator/operator.py" ]
CMD [ "--help" ]

1
README.md
View File

@@ -1,2 +1,3 @@
# bitwarden-crd-operator # bitwarden-crd-operator
[![Build Status](https://drone.uploadfilter24.eu/api/badges/lerentis/bitwarden-crd-operator/status.svg?ref=refs/heads/main)](https://drone.uploadfilter24.eu/lerentis/bitwarden-crd-operator)

23
chart/bitwarden-crd-operator/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
chart/bitwarden-crd-operator/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: bitwarden-crd-operator
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

22
chart/bitwarden-crd-operator/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bitwarden-crd-operator.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "bitwarden-crd-operator.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bitwarden-crd-operator.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bitwarden-crd-operator.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

62
chart/bitwarden-crd-operator/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "bitwarden-crd-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "bitwarden-crd-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "bitwarden-crd-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "bitwarden-crd-operator.labels" -}}
helm.sh/chart: {{ include "bitwarden-crd-operator.chart" . }}
{{ include "bitwarden-crd-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "bitwarden-crd-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "bitwarden-crd-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "bitwarden-crd-operator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "bitwarden-crd-operator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

65
chart/bitwarden-crd-operator/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,65 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "bitwarden-crd-operator.fullname" . }}
labels:
{{- include "bitwarden-crd-operator.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "bitwarden-crd-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "bitwarden-crd-operator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "bitwarden-crd-operator.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

28
chart/bitwarden-crd-operator/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "bitwarden-crd-operator.fullname" . }}
labels:
{{- include "bitwarden-crd-operator.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "bitwarden-crd-operator.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

12
chart/bitwarden-crd-operator/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}
labels:
{{- include "bitwarden-crd-operator.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

15
chart/bitwarden-crd-operator/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "bitwarden-crd-operator.fullname" . }}-test-connection"
labels:
{{- include "bitwarden-crd-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "bitwarden-crd-operator.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

70
chart/bitwarden-crd-operator/values.yaml Normal file
View File

@@ -0,0 +1,70 @@
# Default values for bitwarden-crd-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: lerentis/bitwarden-crd-operator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
#env:
# - name: BITWARDEN_OPERATOR_HOST
# value: "define_it"
# - name: BITWARDEN_OPERATOR_USERNAME
# value: "define_it"
# - name: BITWARDEN_OPERATOR_PASSWORD
# value: "define_it"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

27
crd.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bitwarden-secret.lerentis.uploadfilter24.eu
spec:
scope: Namespaced
group: lerentis.uploadfilter24.eu
names:
kind: BitwardenSecret
plural: BitwardenSecrets
singular: BitwardenSecret
shortNames:
- bws
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true

17
operator.py Normal file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env python3
import kopf
@kopf.on.create('bitwarden-secret')
def create_fn(body, **kwargs):
# The all-purpose function for the event creation.
kopf.event(body, type="SomeType", reason="SomeReason", message="Some message")
# The shortcuts for the conventional events and common cases.
kopf.info(body, reason="SomeReason", message="Some message")
kopf.warn(body, reason="SomeReason", message="Some message")
try:
raise RuntimeError("Exception text.")
except Exception:
kopf.exception(body, reason="SomeReason", message="Some exception:")

3
pyvenv.cfg Normal file
View File

@@ -0,0 +1,3 @@
home = /usr/bin
include-system-site-packages = false
version = 3.10.6

1
requirements.txt Normal file
View File

@@ -0,0 +1 @@
kopf