40 lines
1.3 KiB
Markdown
Executable File
40 lines
1.3 KiB
Markdown
Executable File
# `warden-operator`
|
|
|
|
This is an operator for syncing secrets from Bitwarden or Vaultwarden.
|
|
|
|
It operates by syncing via the bw cli and then syncing secrets which
|
|
match a certain uri pattern into the cluster.
|
|
|
|
Secrets destined for each cluster may be selected via collection or
|
|
any other visibility mechanism for the secret. Any secrets seen by
|
|
the operator and matching the pattern will be synced. The purpose
|
|
of this setup is so that a secret which is generally useful will end
|
|
up in the same place on all clusters with which it's shared.
|
|
|
|
## Onboarding a cluster
|
|
|
|
* Create an organization for all of your clusters and join it with
|
|
your personal user.
|
|
|
|
* Create a user in vaultwarden to be used only by this cluster.
|
|
|
|
* Create a collection in vaultwarden to be used to filter this
|
|
cluster's items.
|
|
|
|
* Allow your user to edit the new collection
|
|
|
|
* Allow the cluster user to view the new collection
|
|
|
|
* Create a secret named warden-login containing
|
|
* `url=https://warden.your.domain`
|
|
* `username=bobcluster@your.domain`
|
|
* `password=1234abcd`
|
|
|
|
* deploy yaml files
|
|
* if you are planning to simply use this repo, you may use flux
|
|
to deploy the yaml files.
|
|
* TODO: make flux files for deploying this.
|
|
|
|
* `make deploy` if you are customizing this deployment
|
|
* This will create a new image and pin it in deploy.yaml
|