♻️(dev) refacto tilt stack

To be able to move the repository on the new organization and to facilitate external developer integration we need to create a standalone dev stack and use external secret.
2025-01-07 15:53:36 +01:00
parent cd7135da00
commit b848f9eca6
27 changed files with 455 additions and 756 deletions
--- a/src/helm/extra/Chart.yaml
+++ b/src/helm/extra/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
 name: extra
-description: A Helm chart to add some manifests to desk
+description: A Helm chart to add some manifests to meet
 type: application
 version: 0.1.0
--- a/src/helm/extra/templates/clustersecretstore.yaml
+++ b/src/helm/extra/templates/clustersecretstore.yaml
@@ -0,0 +1,34 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: bitwarden-login-{{ $.Release.Namespace }}
+  namespace: external-secrets
+spec:
+  provider:
+    webhook:
+      url: "http://bitwarden-cli-{{ $.Release.Namespace }}.{{ $.Release.Namespace }}.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
+      headers:
+        Content-Type: application/json
+      result:
+        jsonPath: "$.data.login.{{`{{ .remoteRef.property }}`}}"
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: bitwarden-fields-{{ $.Release.Namespace }}
+spec:
+  provider:
+    webhook:
+      url: "http://bitwarden-cli-{{ $.Release.Namespace }}.{{ $.Release.Namespace }}.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
+      result:
+        jsonPath: "$.data.fields[?@.name==\"{{`{{ .remoteRef.property }}`}}\"].value"
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: bitwarden-attachments-{{ $.Release.Namespace }}
+spec:
+  provider:
+    webhook:
+      url: "http://bitwarden-cli-{{ $.Release.Namespace }}.{{ $.Release.Namespace }}.svc.cluster.local:8087/object/attachment/{{`{{ .remoteRef.property }}`}}?itemid={{`{{ .remoteRef.key }}`}}"
+      result: {}
--- a/src/helm/extra/templates/external_secret.yaml
+++ b/src/helm/extra/templates/external_secret.yaml
@@ -0,0 +1,28 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: backend
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  refreshInterval: "1m"
+  target:
+    name: backend
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+{{- range .Values.secrets }}
+        {{ .podVariable }}: |-
+          {{`{{`}} {{ print "." .name }} {{`}}`}}
+{{- end }}
+  data:
+{{- range .Values.secrets }}
+    - secretKey: {{ .name }}
+      sourceRef:
+        storeRef:
+          name: {{ .clusterSecretStore }}
+          kind: ClusterSecretStore
+      remoteRef:
+        key: {{ .itemId }}
+        property: {{ .field }}
+{{- end }}
--- a/src/helm/extra/templates/external_secret_deployment.yaml
+++ b/src/helm/extra/templates/external_secret_deployment.yaml
@@ -0,0 +1,92 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bitwarden-cli-{{ $.Release.Namespace }}
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    app.kubernetes.io/instance: bitwarden-cli
+    app.kubernetes.io/name: bitwarden-cli
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: bitwarden-cli
+      app.kubernetes.io/instance: bitwarden-cli
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: bitwarden-cli
+        app.kubernetes.io/instance: bitwarden-cli
+    spec:
+      containers:
+        - name: bitwarden-cli
+          image: lasuite/vaultwarden-api:0.1
+          imagePullPolicy: Always
+          env:
+            - name: BW_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: bitwarden-cli-{{ $.Release.Namespace }}
+                  key: BW_HOST
+            - name: BW_USER
+              valueFrom:
+                secretKeyRef:
+                  name: bitwarden-cli-{{ $.Release.Namespace }}
+                  key: BW_USERNAME
+            - name: BW_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: bitwarden-cli-{{ $.Release.Namespace }}
+                  key: BW_PASSWORD
+          ports:
+            - name: http
+              containerPort: 8087
+              protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+                - wget
+                - -q
+                - http://127.0.0.1:8087/sync?force=true
+                - --post-data=''
+            initialDelaySeconds: 20
+            failureThreshold: 3
+            timeoutSeconds: 10
+            periodSeconds: 120
+          readinessProbe:
+            tcpSocket:
+              port: 8087
+            initialDelaySeconds: 20
+            failureThreshold: 3
+            timeoutSeconds: 1
+            periodSeconds: 10
+          startupProbe:
+            tcpSocket:
+              port: 8087
+            initialDelaySeconds: 10
+            failureThreshold: 30
+            timeoutSeconds: 1
+            periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden-cli-{{ $.Release.Namespace }}
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    app.kubernetes.io/instance: bitwarden-cli
+    app.kubernetes.io/name: bitwarden-cli
+  annotations:
+spec:
+  type: ClusterIP
+  ports:
+  - port: 8087
+    targetPort: http
+    protocol: TCP
+    name: http
+  selector:
+    app.kubernetes.io/name: bitwarden-cli
+    app.kubernetes.io/instance: bitwarden-cli
--- a/src/helm/extra/templates/keydb.yaml
+++ b/src/helm/extra/templates/keydb.yaml
@@ -1,7 +0,0 @@
-apiVersion: core.libre.sh/v1alpha1
-kind: Redis
-metadata:
-  name: redis
-  namespace: {{ .Release.Namespace | quote }}
-spec:
-  disableAuth: false
--- a/src/helm/extra/templates/postgresql.yaml
+++ b/src/helm/extra/templates/postgresql.yaml
@@ -1,7 +0,0 @@
-apiVersion: core.libre.sh/v1alpha1
-kind: Postgres
-metadata:
-  name: postgresql
-  namespace: {{ .Release.Namespace | quote }}
-spec:
-  database: desk