From 09e0dd44fe244ba430baee813a05f773678b372c Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Tue, 16 May 2023 20:06:10 -0500 Subject: [PATCH] add admin secret --- bitwarden/templates/deployment.yaml | 13 ++++++++---- bitwarden/templates/secrets.yaml | 33 +++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 bitwarden/templates/secrets.yaml diff --git a/bitwarden/templates/deployment.yaml b/bitwarden/templates/deployment.yaml index 2433db8..3f00198 100644 --- a/bitwarden/templates/deployment.yaml +++ b/bitwarden/templates/deployment.yaml @@ -28,9 +28,9 @@ spec: containerPort: 80 env: - name: SIGNUPS_ALLOWED - value: "TRUE" + value: "FALSE" - name: INVITATIONS_ALLOWED - value: "TRUE" + value: "FALSE" - name: WEBSOCKET_ENABLED value: "TRUE" - name: ROCKET_ENV @@ -38,8 +38,13 @@ spec: - name: ROCKET_PORT value: "80" - name: ROCKET_WORKERS - value: "10" + value: "10" + - name: SECRET_USERNAME + valueFrom: + secretKeyRef: + name: bitwarden-secret + key: ADMIN_TOKEN volumes: - name: bitwarden-pvc persistentVolumeClaim: - claimName: bitwarden-pvc \ No newline at end of file + claimName: bitwarden-pvc diff --git a/bitwarden/templates/secrets.yaml b/bitwarden/templates/secrets.yaml new file mode 100644 index 0000000..6fb1c18 --- /dev/null +++ b/bitwarden/templates/secrets.yaml @@ -0,0 +1,33 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: bitwarden-secret +spec: + secretStoreRef: + name: vault-bitwarden + kind: SecretStore + target: + name: bitwarden-secret + data: + - secretKey: dbpass + remoteRef: + key: bitwarden/admin + property: ADMIN_TOKEN + +--- + +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: vault-bitwarden +spec: + provider: + vault: + server: "http://vault.vault.svc.cluster.local:8200" + path: "bitwarden" + version: "v2" + auth: + kubernetes: + mountPath: "kubernetes" + role: "external-secrets" +