| image | ||
| deploy.yaml | ||
| LICENSE | ||
| Makefile | ||
| ns.yaml | ||
| operator-script.yaml | ||
| README.md | ||
| sa.yaml | ||
| warden-operator-sync | ||
warden-operator
This is an operator for syncing secrets from Bitwarden or Vaultwarden.
It operates by syncing via the bw cli and then syncing secrets which match a certain uri pattern into the cluster.
Secrets destined for each cluster may be selected via collection or any other visibility mechanism for the secret. Any secrets seen by the operator and matching the pattern will be synced. The purpose of this setup is so that a secret which is generally useful will end up in the same place on all clusters with which it's shared.
Onboarding a cluster
-
Create an organization for all of your clusters and join it with your personal user.
-
Create a user in vaultwarden to be used only by this cluster.
-
Create a collection in vaultwarden to be used to filter this cluster's items.
-
Allow your user to edit the new collection
-
Allow the cluster user to view the new collection
-
Create a secret named warden-login containing
url=https://warden.your.domainusername=bobcluster@your.domainpassword=1234abcd
-
deploy yaml files
- if you are planning to simply use this repo, you may use flux to deploy the yaml files.
- TODO: make flux files for deploying this.
-
make deployif you are customizing this deployment- This will create a new image and pin it in deploy.yaml