Add manifest

manifest.yaml

@@ -0,0 +1,128 @@
+kind: SealedSecret
+apiVersion: bitnami.com/v1alpha1
+metadata:
+  name: bitwarden-cli-env-secrets
+  namespace: tools
+  lables:
+    app.kubernetes.io/name: bitwarden-cli
+    app.kubernetes.io/component: cli
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/part-of: vaultwarden
+spec:
+  encryptedData:
+    BW_CLIENTID: AgDdI9Hb3/BebsZKIqS2NNj1nFSTRh1sWvuMClrqtgwZsN+Kyla5KaAq7uVgGqmJbGLtMNettJNv3Sjn4WZTZnSVfCJTEnc+rTZ9C52s+HlJxSF+nqIbnxzC84pzYlrP3eZ2DbZXTRSWVGK1pQnN/iQnd67oWSA01Ja4Ni0Sca9Cfgvn/aCA/5VoxLpq3q08mT0xjMFpIvL+gjZHdM9zanQqglIpIoM9eqIB/Ar6Jc9I+C9QOVAmGSRhAm64mgJlmTS1VIZTcrSphqNRUWO0xPhzfZvxWLgmNRrDu4awOHJlVoT3SgzSdVf8/RY/vM7tHjvpgM9Cl13tQkpvMHVnUErKNUbHGY6nSb0bgO9VkYEMxkLzWi65qG6Fb4W915Z/mAb2fJG8eWQl4xZTEGVj8BCLARqF1eYbYCVeUfB8AhSENvlTHGlVKXOsh83yx8xhtaw+3c2LXxWkUUeFJUepreOXDB8JLU0XQPY59KPs/iAPjDDNGrh6fxGIKeiFVhpqYAHhCY0ddL2DhHMsFR3ICxrYMvdTWugxtRFyr/Lt2XrbUvm1PJu86bpGevuUuTSYq4pNH3KY60MCsHe76CM91oPdIJuuIgoVmf4ZRL9ESuu0ByR0qDAAFUyYwCbQ2sx6p2DUVmyLGScjlJTJ77fZ9vd/qWnA4LeLQ3Lk/FpOHenQp57VDcixQxIhvwwSWxk6OD0Sdw1biNcl3R3WltlMDTcETBqYgml2pgv/H58Amo7nxFMHOtt1G9jxJA==
+    BW_CLIENTSECRET: AgAg/wekG0X2vvLJrcB6DIg7n+AaZndplm4t7ldrL0WsueXXdfqJQGbeaHkYm1lOE+H3IcQVQWvj1gLcB5u7kemnIOOQRtTcdS4HbLvPln+eOBjKl7md7Z4msfKGKZMgmwHs9KEOIWvAkwHZupv3s7Cv6G1o8iwmDKuaM5rO91I6NQs4tKHbXKB+dLIRzHWFs//6nFtnt4YW3YyhsWJ/VmmtTRnU4riHeA95avP/4/CUxmvyYv3rPH5RgM3qUIPJ7d62VqU8z559iabsIc0d1POysCb8zteo1o09/2rrEfIcUhhE5fJGW6tVdgXslxal8TicNoBIrZaaye/meTE5VS6riH7gMDsFfQrTWotJufrROTxM75j//bTQ0cbegkHkXO9mZ4xXCAuMyDprBV8H18ONy+r0b8bHxHEnPo5mihdnmUA8u8+4bMS+ZK1Z0AhDe6BLvQ2PA+LI6KLeHac35LSoQujcbJ12fKUlZr0RLaYnnsWsIZheVtfEboe8jYDO1uwPxBVzsG95+9dBetxKgJsuXX6dakiUZT5+bM9fKpOTND+yNEfbRsUOtrHKq9Wh8lZPgyBKpGjlDv0ARoPtPv/lWitbRWspjp4P3meBNH1aFd+10e+/eVKzTe7S2i4tVtc0uIwWhpG4PeCo1wa9MEBkKsfwtuLtfWFmQP57RCLsWEUqbVRPuBKFU1Gf8TsuAffpTwVY4RenexKy7F119ZN8eh9LZtBaEi7e+eNiZE0=
+    BW_PASSWORD: AgBPkDgXejrXTil88k08v6TOwu13xQnYW9U8VhQXa0V9UMfwC5Q0yeE4vPDXYNLpo7qQBIkHK/pReOoBdsjqCIZmu70ANUlU3emIkxgPoK6YkRNx2eSkZUYbrEi6o4YumBpNFqo5UE7kA6yZCwgWMrci35vMj1oVHE38jCLQRGyUoM4DAUza8eTdB5k73T9mu59A/DhCXNfpLithjQrqWFBYILIrrYSwWm/Os0cqSSHy0dGVJtG8MJjH4UPOBXa5xMZXBGUof5y2Pqj9rHydtT99K9U9Jn+quyeD6Zo4cpUauhM5ij99oE0vfHJV7wzpCnAjiBLIl8Qgh7hDgEoNZDiRgjSrA0h0OZLA1+CquauXfSps3FAFlFfXRCExFACkMmXkFenKR+uyr8u/NZCfiWC79tsf3s/uWBaas+9u9oCMndbhfeNnIEhlHEcnsgLc8EZ+8tdJt/SXYAv65iZebuJv6y4VI+dEEoVgzzZUXUWdX2V9eMy16DcRDeBkjXvZeJe8AsWSTvRl6k8kKQ7rwoN7O2pAUmIAYFrFqEBjJtBq00UGBTOKPwWJoB5tPb8mLnGqdWzjcEAmmb5GXeAggnU63nY18RYBNKz4krfhiTKA0ltuA1DAwoaH5a/BKx0dg1YMBCSJ2U/Vs0vfG7Q18qSV99z2NX9jQIAbFxge0LdcGJb33lwQvjb+bngUMeXetBRQ0mMehKFu3FnVP4GMuYVKkr+IKeACwA==
+  template:
+    metadata:
+      labels:
+        app: bitwarden-cli
+      name: bitwarden-cli-env-secrets
+      namespace: tools
+    type: Opaque
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: bitwarden-cli-env
+  namespace: tools
+  labels:
+    app.kubernetes.io/name: bitwarden-cli
+    app.kubernetes.io/component: cli
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/part-of: vaultwarden
+data:
+  BW_SERVER: "https://bitwarden.theautomation.nl"
+  BW_ITEMID: "<itemid>" # Item to pull from vault
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: bitwarden-cli-commands
+  namespace: tools
+  labels:
+    app.kubernetes.io/name: bitwarden-cli
+    app.kubernetes.io/component: cli
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/part-of: vaultwarden
+data:
+  bitwarden-cli-commands.sh: |
+    #!/bin/bash
+    set -e
+    bw config server ${BW_SERVER}
+    bw login --apikey
+    bw unlock --raw --passwordenv BW_PASSWORD > ./.bw_session
+    export BW_SESSION=$(cat ./.bw_session)
+    sleep 5
+    export USERNAME=$(bw get username "${BW_ITEMID}")
+    export PASSWORD=$(bw get password "${BW_ITEMID}")
+    set +e
+    export TOTP=$(bw get totp "${BW_ITEMID}")
+    set -e
+    cat <<EOF >/tmp/.retrieved.env
+    RETRIEVED_USERNAME="${USERNAME}"
+    RETRIEVED_PASSWORD="${PASSWORD}"
+    RETRIEVED_TOTP="${TOTP}"
+    EOF
+    bw logout
+    rm ./.bw_session
+
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: bitwarden-cli
+  namespace: tools
+  labels:
+    app.kubernetes.io/name: bitwarden-cli
+    app.kubernetes.io/component: cli
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/part-of: vaultwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: bitwarden-cli
+      app.kubernetes.io/component: cli
+      app.kubernetes.io/instance: production
+      app.kubernetes.io/part-of: vaultwarden
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: bitwarden-cli
+        app.kubernetes.io/component: cli
+        app.kubernetes.io/instance: production
+        app.kubernetes.io/part-of: vaultwarden
+    spec:
+      containers:
+        - name: bitwarden-cli
+          image: "ghcr.io/theautomation/bitwarden-cli-init:main"
+          imagePullPolicy: Always
+          resources: {}
+          command: ["/bin/bash"]
+          args: ["/home/bitwarden-cli-commands.sh"]
+          envFrom:
+            - secretRef:
+                name: bitwarden-cli-env-secrets
+                optional: false
+            - configMapRef:
+                name: bitwarden-cli-env
+                optional: true
+          volumeMounts:
+            - name: bitwarden-cli-output
+              mountPath: /tmp
+            - name: bitwarden-cli-commands
+              mountPath: /home/bitwarden-cli-commands.sh
+              subPath: bitwarden-cli-commands.sh
+      volumes:
+        - name: bitwarden-cli-output
+          emptyDir:
+            sizeLimit: 200Mi
+        - name: bitwarden-cli-commands
+          configMap:
+            name: bitwarden-cli-commands
+            defaultMode: 0777
+      imagePullSecrets:
+        - name: github-registry-creds