add admin secret

2023-05-16 20:06:10 -05:00
parent d789f54f26
commit 09e0dd44fe
2 changed files with 42 additions and 4 deletions
--- a/bitwarden/templates/deployment.yaml
+++ b/bitwarden/templates/deployment.yaml
@@ -28,9 +28,9 @@ spec:
          containerPort: 80
        env:
          - name: SIGNUPS_ALLOWED
-            value: "TRUE"
+            value: "FALSE"
          - name: INVITATIONS_ALLOWED
-            value: "TRUE"                      
+            value: "FALSE"                      
          - name: WEBSOCKET_ENABLED
            value: "TRUE"          
          - name: ROCKET_ENV
@@ -39,6 +39,11 @@ spec:
            value: "80"            
          - name: ROCKET_WORKERS
            value: "10"
+          - name: SECRET_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: bitwarden-secret
+                key: ADMIN_TOKEN
      volumes:
      - name: bitwarden-pvc
        persistentVolumeClaim:
--- a/bitwarden/templates/secrets.yaml
+++ b/bitwarden/templates/secrets.yaml
@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: bitwarden-secret
+spec:
+  secretStoreRef:
+    name: vault-bitwarden
+    kind: SecretStore
+  target:
+    name: bitwarden-secret
+  data:
+  - secretKey: dbpass
+    remoteRef:
+      key: bitwarden/admin
+      property: ADMIN_TOKEN
+
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-bitwarden
+spec:
+  provider:
+    vault:
+      server: "http://vault.vault.svc.cluster.local:8200"
+      path: "bitwarden"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "external-secrets"
+