apiVersion: apps/v1 kind: Deployment metadata: name: warden-operator namespace: warden-operator spec: replicas: 1 selector: matchLabels: app: warden-operator template: metadata: labels: app: warden-operator spec: volumes: - name: script configMap: name: warden-operator-sync-script containers: - name: sync env: - name: SCHEME value: k8s - name: SYNC_INTERVAL value: "60" - name: OVERRIDE_OWNERSHIP value: "yes" image: git.strudelline.net/james/warden-operator:latest command: [sh, /usr/local/bin/warden-operator-sync] volumeMounts: - name: script mountPath: /usr/local/bin initContainers: - name: bitwarden-cli env: - name: BW_HOST valueFrom: secretKeyRef: name: warden-login key: url - name: BW_USERNAME valueFrom: secretKeyRef: name: warden-login key: username - name: BW_PASSWORD valueFrom: secretKeyRef: name: warden-login key: password image: git.strudelline.net/james/warden-operator:latest command: - bash - -c - |- bw config server "$BW_HOST" export BW_SESSION=$(bw login "${BW_USERNAME}" --passwordenv BW_PASSWORD --raw) bw unlock --check bw serve --hostname 0.0.0.0 imagePullPolicy: IfNotPresent livenessProbe: exec: command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"] failureThreshold: 3 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 29 restartPolicy: Always ports: - containerPort: 8087 name: http protocol: TCP readinessProbe: exec: command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"] failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 29 resources: {} startupProbe: exec: command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"] failureThreshold: 30 initialDelaySeconds: 10 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 29 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: warden-operator serviceAccountName: warden-operator terminationGracePeriodSeconds: 0