dev ok

Makefile

@@ -301,6 +301,36 @@ build-k8s-cluster: ## build the kubernetes cluster using kind
 	./bin/start-kind.sh
 .PHONY: build-k8s-cluster
 
+install-secret:
+	if kubectl -n meet get secrets bitwarden-cli-visio; then \
+		echo "Secret already present"; \
+	else \
+		echo "Please provide the following information:"; \
+		read -p "Enter your vaultwarden email login: " LOGIN; \
+		read -p "Enter your vaultwarden password: " PASSWORD; \
+		read -p "Enter your vaultwarden server url: " URL; \
+		echo "\nCreate vaultwarden secret"; \
+		echo "apiVersion: v1" > /tmp/secret.yaml; \
+		echo "kind: Secret" >> /tmp/secret.yaml; \
+		echo "metadata:" >> /tmp/secret.yaml; \
+		echo "  name: bitwarden-cli-visio" >> /tmp/secret.yaml; \
+		echo "  namespace: meet" >> /tmp/secret.yaml; \
+		echo "type: Opaque" >> /tmp/secret.yaml; \
+		echo "stringData:" >> /tmp/secret.yaml; \
+		echo "  BW_HOST: $$URL" >> /tmp/secret.yaml; \
+		echo "  BW_PASSWORD: $$PASSWORD" >> /tmp/secret.yaml; \
+		echo "  BW_USERNAME: $$LOGIN" >> /tmp/secret.yaml; \
+		kubectl -n meet apply -f /tmp/secret.yaml;\
+		rm -f /tmp/secret.yaml; \
+		helm repo add external-secrets https://charts.external-secrets.io; \
+		helm upgrade --install external-secrets \
+      external-secrets/external-secrets \
+       -n meet \
+       --create-namespace \
+       --set installCRDs=true; \
+	fi
+.PHONY: build-k8s-cluster
+
 start-tilt: ## start the kubernetes cluster using kind
 	tilt up -f ./bin/Tiltfile
 .PHONY: build-k8s-cluster

src/helm/env.d/dev/values.meet.yaml.gotmpl

@@ -8,6 +8,7 @@ secrets:
     itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
     field: password
     podVariable: OIDC_RP_CLIENT_SECRET
+    clusterSecretStore: bitwarden-login-visio
 image:
   repository: localhost:5001/meet-backend
   pullPolicy: Always

src/helm/extra/templates/clustersecretstore.yaml

@@ -0,0 +1,13 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: bitwarden-login-visio
+  namespace: {{ $.Release.Namespace | quote }}
+spec:
+  provider:
+    webhook:
+      url: "http://bitwarden-cli-visio.meet.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
+      headers:
+        Content-Type: application/json
+      result:
+        jsonPath: "$.data.login.{{`{{ .remoteRef.property }}`}}"

src/helm/extra/templates/external_secret.yaml

@@ -3,12 +3,8 @@ kind: ExternalSecret
 metadata:
   name: backend
   namespace: {{ .Release.Namespace | quote }}
-  annotations:
-    "helm.sh/hook": pre-install,pre-upgrade
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": before-hook-creation
 spec:
-  refreshInterval: "5m"
+  refreshInterval: "1m"
   target:
     name: backend
     deletionPolicy: Delete

src/helm/extra/templates/external_secret_deployment.yaml

@@ -0,0 +1,92 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bitwarden-cli-visio
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    app.kubernetes.io/instance: bitwarden-cli
+    app.kubernetes.io/name: bitwarden-cli
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: bitwarden-cli
+      app.kubernetes.io/instance: bitwarden-cli
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: bitwarden-cli
+        app.kubernetes.io/instance: bitwarden-cli
+    spec:
+      containers:
+        - name: bitwarden-cli
+          image: lasuite/vaultwarden-api:0.1
+          imagePullPolicy: Always
+          env:
+            - name: BW_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: bitwarden-cli-visio
+                  key: BW_HOST
+            - name: BW_USER
+              valueFrom:
+                secretKeyRef:
+                  name: bitwarden-cli-visio
+                  key: BW_USERNAME
+            - name: BW_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: bitwarden-cli-visio
+                  key: BW_PASSWORD
+          ports:
+            - name: http
+              containerPort: 8087
+              protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+                - wget
+                - -q
+                - http://127.0.0.1:8087/sync?force=true
+                - --post-data=''
+            initialDelaySeconds: 20
+            failureThreshold: 3
+            timeoutSeconds: 10
+            periodSeconds: 120
+          readinessProbe:
+            tcpSocket:
+              port: 8087
+            initialDelaySeconds: 20
+            failureThreshold: 3
+            timeoutSeconds: 1
+            periodSeconds: 10
+          startupProbe:
+            tcpSocket:
+              port: 8087
+            initialDelaySeconds: 10
+            failureThreshold: 30
+            timeoutSeconds: 1
+            periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden-cli-visio
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    app.kubernetes.io/instance: bitwarden-cli
+    app.kubernetes.io/name: bitwarden-cli
+  annotations:
+spec:
+  type: ClusterIP
+  ports:
+  - port: 8087
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    app.kubernetes.io/name: bitwarden-cli
+    app.kubernetes.io/instance: bitwarden-cli

src/helm/helmfile.yaml

@@ -113,7 +113,7 @@ releases:
         architecture: standalone
 
   - name: extra
-    installed: {{ not (regexMatch "^dev.*" .Environment.Name) | toYaml }}
+    installed: {{ regexMatch "^dev.*" .Environment.Name | toYaml }}
     missingFileHandler: Warn
     namespace: {{ .Namespace }}
     chart: ./extra