warden-operator/deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: warden-operator
  namespace: warden-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      app: warden-operator
  template:
    metadata:
      labels:
        app: warden-operator
    spec:
      volumes:
        - name: script
          configMap:
            name: warden-operator-sync-script
      containers:
        - name: sync
          env:
            - name: SCHEME
              value: k8s
            - name: SYNC_INTERVAL
              value: "60"
            - name: OVERRIDE_OWNERSHIP
              value: "yes"
          image: git.strudelline.net/james/warden-operator:latest
          command: [sh, /usr/local/bin/warden-operator-sync]
          volumeMounts:
            - name: script
              mountPath: /usr/local/bin
      initContainers:
        - name: bitwarden-cli
          env:
            - name: BW_HOST
              valueFrom:
                secretKeyRef:
                  name: warden-login
                  key: url
            - name: BW_USERNAME
              valueFrom:
                secretKeyRef:
                  name: warden-login
                  key: username
            - name: BW_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: warden-login
                  key: password
          image: git.strudelline.net/james/warden-operator:latest
          command:
            - bash
            - -c
            - |-
              bw config server "$BW_HOST"
              export BW_SESSION=$(bw login "${BW_USERNAME}" --passwordenv BW_PASSWORD --raw)
              bw unlock --check
              bw serve --hostname 0.0.0.0              
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
              command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
            failureThreshold: 3
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 29
          restartPolicy: Always
          ports:
            - containerPort: 8087
              name: http
              protocol: TCP
          readinessProbe:
            exec:
              command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"]
            failureThreshold: 3
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 29
          resources: {}
          startupProbe:
            exec:
              command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"]
            failureThreshold: 30
            initialDelaySeconds: 10
            periodSeconds: 30
            successThreshold: 1
            timeoutSeconds: 29
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: warden-operator
      serviceAccountName: warden-operator
      terminationGracePeriodSeconds: 0