j37hr0/k8s
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

AI changes to try fix bsm clusterstore

Browse source
This commit is contained in:
j37hr0 2026-03-22 20:41:01 +13:00
parent b97fdd3d7e
commit f3efdda66f
4 changed files with 77 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
infrastructure/bitwarden/bitwarden-sdk-certs.yaml Normal file
View file

@ -0,0 +1,66 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: bitwarden-bootstrap-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bitwarden-bootstrap-certificate
namespace: cert-manager
spec:
isCA: true
secretName: bitwarden-bootstrap-certs
subject:
organizations:
- external-secrets.io
dnsNames:
- external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local
- bitwarden-sdk-server.external-secrets.svc.cluster.local
- localhost
ipAddresses:
- 127.0.0.1
- ::1
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
rotationPolicy: Always
issuerRef:
name: bitwarden-bootstrap-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: bitwarden-certificate-issuer
spec:
ca:
secretName: bitwarden-bootstrap-certs
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bitwarden-tls-certs
namespace: external-secrets
spec:
secretName: bitwarden-tls-certs
dnsNames:
- bitwarden-sdk-server.external-secrets.svc.cluster.local
- external-secrets-bitwarden-sdk-server.external-secrets.svc.cluster.local
- localhost
ipAddresses:
- 127.0.0.1
- ::1
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
rotationPolicy: Always
issuerRef:
name: bitwarden-certificate-issuer
kind: ClusterIssuer
group: cert-manager.io

6
infrastructure/bitwarden/clustersecretstore.yaml
View file

@ -7,11 +7,11 @@ spec:
bitwardensecretsmanager: bitwardensecretsmanager:
apiURL: https://api.bitwarden.com apiURL: https://api.bitwarden.com
identityURL: https://identity.bitwarden.com identityURL: https://identity.bitwarden.com
bitwardenServerSDKURL: https://sdk.bitwarden.com bitwardenServerSDKURL: https://bitwarden-sdk-server.external-secrets.svc.cluster.local:9998
caProvider: caProvider:
type: Secret type: Secret
name: store-ca-bundle name: bitwarden-tls-certs
namespace: security namespace: external-secrets
key: ca.crt key: ca.crt
organizationID: 0df293ad-6afb-4d0b-b3ff-b41000581de5 organizationID: 0df293ad-6afb-4d0b-b3ff-b41000581de5
projectID: cafdbc0f-9d64-47eb-a0f5-b4100059cbc7 projectID: cafdbc0f-9d64-47eb-a0f5-b4100059cbc7

3
infrastructure/bitwarden/kustomization.yaml
View file

@ -3,5 +3,6 @@ kind: Kustomization
resources: resources:
- helmrelease.yaml - helmrelease.yaml
- bitwardenaccesstoken.enc.yaml - bitwardenaccesstoken.enc.yaml
# - clustersecretstore.yaml - bitwarden-sdk-certs.yaml
- clustersecretstore.yaml
- namespace.yaml - namespace.yaml

6
infrastructure/eso/helmrelease.yaml
View file

@ -15,3 +15,9 @@ spec:
namespace: flux-system namespace: flux-system
install: install:
createNamespace: true createNamespace: true
values:
bitwarden-sdk-server:
enabled: true
image:
tls:
secretName: bitwarden-tls-certs