From f3efdda66f173d2b8ce86490d4e7cd34b84fe766 Mon Sep 17 00:00:00 2001 From: j37hr0 Date: Sun, 22 Mar 2026 20:41:01 +1300 Subject: [PATCH] AI changes to try fix bsm clusterstore --- .../bitwarden/bitwarden-sdk-certs.yaml | 66 +++++++++++++++++++ .../bitwarden/clustersecretstore.yaml | 6 +- infrastructure/bitwarden/kustomization.yaml | 3 +- infrastructure/eso/helmrelease.yaml | 6 ++ 4 files changed, 77 insertions(+), 4 deletions(-) create mode 100644 infrastructure/bitwarden/bitwarden-sdk-certs.yaml diff --git a/infrastructure/bitwarden/bitwarden-sdk-certs.yaml b/infrastructure/bitwarden/bitwarden-sdk-certs.yaml new file mode 100644 index 0000000..19412fc --- /dev/null +++ b/infrastructure/bitwarden/bitwarden-sdk-certs.yaml @@ -0,0 +1,66 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: bitwarden-bootstrap-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: bitwarden-bootstrap-certificate + namespace: cert-manager +spec: + isCA: true + secretName: bitwarden-bootstrap-certs + subject: + organizations: + - external-secrets.io + dnsNames: + - external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local + - bitwarden-sdk-server.external-secrets.svc.cluster.local + - localhost + ipAddresses: + - 127.0.0.1 + - ::1 + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + rotationPolicy: Always + issuerRef: + name: bitwarden-bootstrap-issuer + kind: ClusterIssuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: bitwarden-certificate-issuer +spec: + ca: + secretName: bitwarden-bootstrap-certs +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: bitwarden-tls-certs + namespace: external-secrets +spec: + secretName: bitwarden-tls-certs + dnsNames: + - bitwarden-sdk-server.external-secrets.svc.cluster.local + - external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local + - localhost + ipAddresses: + - 127.0.0.1 + - ::1 + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + rotationPolicy: Always + issuerRef: + name: bitwarden-certificate-issuer + kind: ClusterIssuer + group: cert-manager.io diff --git a/infrastructure/bitwarden/clustersecretstore.yaml b/infrastructure/bitwarden/clustersecretstore.yaml index 6ebdea5..37c02d5 100644 --- a/infrastructure/bitwarden/clustersecretstore.yaml +++ b/infrastructure/bitwarden/clustersecretstore.yaml @@ -7,11 +7,11 @@ spec: bitwardensecretsmanager: apiURL: https://api.bitwarden.com identityURL: https://identity.bitwarden.com - bitwardenServerSDKURL: https://sdk.bitwarden.com + bitwardenServerSDKURL: https://bitwarden-sdk-server.external-secrets.svc.cluster.local:9998 caProvider: type: Secret - name: store-ca-bundle - namespace: security + name: bitwarden-tls-certs + namespace: external-secrets key: ca.crt organizationID: 0df293ad-6afb-4d0b-b3ff-b41000581de5 projectID: cafdbc0f-9d64-47eb-a0f5-b4100059cbc7 diff --git a/infrastructure/bitwarden/kustomization.yaml b/infrastructure/bitwarden/kustomization.yaml index fb1d472..91b7dda 100644 --- a/infrastructure/bitwarden/kustomization.yaml +++ b/infrastructure/bitwarden/kustomization.yaml @@ -3,5 +3,6 @@ kind: Kustomization resources: - helmrelease.yaml - bitwardenaccesstoken.enc.yaml -# - clustersecretstore.yaml + - bitwarden-sdk-certs.yaml + - clustersecretstore.yaml - namespace.yaml \ No newline at end of file diff --git a/infrastructure/eso/helmrelease.yaml b/infrastructure/eso/helmrelease.yaml index 7446659..da92687 100644 --- a/infrastructure/eso/helmrelease.yaml +++ b/infrastructure/eso/helmrelease.yaml @@ -15,3 +15,9 @@ spec: namespace: flux-system install: createNamespace: true + values: + bitwarden-sdk-server: + enabled: true + image: + tls: + secretName: bitwarden-tls-certs