diff --git a/README.md b/README.md index 430a9ed..6bda565 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,75 @@ -# bitwarden-crd-operator +# Bitwarden CRD Operator [![Build Status](https://drone.uploadfilter24.eu/api/badges/lerentis/bitwarden-crd-operator/status.svg?ref=refs/heads/main)](https://drone.uploadfilter24.eu/lerentis/bitwarden-crd-operator) -This project is still very work in progress :) +Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden. -I will add documentation when this is actually usefull at some point +> DISCLAIMER: +> This project is still very work in progress :) + +## Getting started + +For now a few secrets need to be passed to helm. I will change this in the future to give the option to also use a kubernetes secret for this. + +You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password. +Expose these to the operator as described in this example: + +```yaml +env: + - name: BW_HOST + value: "https://bitwarden.your.tld.org" + - name: BW_CLIENTID + value: "user.your-client-id" + - name: BW_CLIENTSECRET + value: "YoUrCliEntSecRet" + - name: BW_PASSWORD + value: "YourSuperSecurePassword" +``` + +`BW_HOST` can be omitted if you are using the Bitwarden SaaS offering. + +After that it is a basic helm deployment: + +```bash +kubectl create namespace bw-operator +helm upgrade --install --namespace bw-operator -f chart/bitwarden-crd-operator/values.yaml bw-operator chart/bitwarden-crd-operator +``` + +And you are set to create your first secret using this operator. For that you need to add a CRD Object like this to your cluster: + +```yaml +--- +apiVersion: "lerentis.uploadfilter24.eu/v1beta1" +kind: BitwardenSecret +metadata: + name: name-of-your-management-object +spec: + type: "UsernamePassword" + id: "A Secret ID from bitwarden" + name: "Name of the secret to be created" + namespace: "Namespace of the secret to be created" +``` + +The ID can be extracted from the browser when you open a item the ID is in the URL. The resulting secret looks something like this: + +```yaml +apiVersion: v1 +data: + password: "base64 encoded password" + username: "base64 encoded username" +kind: Secret +metadata: + annotations: + managed: bitwarden-secrets.lerentis.uploadfilter24.eu + managedObject: bw-operator/test + name: name-of-your-management-object + namespace: default +type: Opaque +``` + +## Short Term Roadmap + +[] support more types +[] offer option to use a existing secret in helm chart +[] host chart on gh pages +[] maybe extend spec to offer modification of keys as well diff --git a/chart/bitwarden-crd-operator/.helmignore b/chart/bitwarden-crd-operator/.helmignore index 0e8a0eb..c51516c 100644 --- a/chart/bitwarden-crd-operator/.helmignore +++ b/chart/bitwarden-crd-operator/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +myvalues.yaml \ No newline at end of file diff --git a/chart/bitwarden-crd-operator/Chart.yaml b/chart/bitwarden-crd-operator/Chart.yaml index e33ba53..8ecb9da 100644 --- a/chart/bitwarden-crd-operator/Chart.yaml +++ b/chart/bitwarden-crd-operator/Chart.yaml @@ -1,24 +1,9 @@ apiVersion: v2 name: bitwarden-crd-operator -description: A Helm chart for Kubernetes +description: Deploy the Bitwarden CRD Operator -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.0 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "0.1.0" diff --git a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml index c28fc61..cfa1d7c 100644 --- a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml +++ b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml @@ -12,7 +12,7 @@ spec: shortNames: - bws versions: - - name: v1 + - name: v1beta1 served: true storage: true schema: diff --git a/chart/bitwarden-crd-operator/values.yaml b/chart/bitwarden-crd-operator/values.yaml index 7607b8a..71bcc76 100644 --- a/chart/bitwarden-crd-operator/values.yaml +++ b/chart/bitwarden-crd-operator/values.yaml @@ -8,7 +8,7 @@ image: repository: lerentis/bitwarden-crd-operator pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "dev-5" + tag: "a1287a1a6d436d18e5a4a44745e6a990835e60b0" imagePullSecrets: [] nameOverride: "" diff --git a/test.yaml b/example.yaml similarity index 73% rename from test.yaml rename to example.yaml index 9b85019..5b1e9e8 100644 --- a/test.yaml +++ b/example.yaml @@ -1,5 +1,5 @@ --- -apiVersion: "lerentis.uploadfilter24.eu/v1" +apiVersion: "lerentis.uploadfilter24.eu/v1beta1" kind: BitwardenSecret metadata: name: test