Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Latest commit

 

History

History
67 lines (60 loc) · 5.46 KB

File metadata and controls

67 lines (60 loc) · 5.46 KB

bwsm-eso-provider

Version: 0.1.1 Type: application AppVersion: 0.1.1

Helm chart to use Bitwarden Secrets Manaager (BWSM) as a Provider for External Secrets Operator (ESO)

Maintainers

Name Email Url
Bojan Raic [email protected] https://github.com/bojanraic

Values

Key Type Default Description
affinity object {}
autoscaling.enabled bool false enable pod autoscaling
autoscaling.maxReplicas int 100 max number of pods to spin up
autoscaling.minReplicas int 1 minimum number of pods to keep
autoscaling.targetCPUUtilizationPercentage int 80
bwsm_eso_provider.auth.accessToken string "" bitwarden secrets manager access token to use to authenticate BWS CLI and fetch secrets in the pod; ignored if existingSecret is set
bwsm_eso_provider.auth.existingSecret string "" use an existing secret for bitwarden secrets manager credentials; ignores above credentials if this is set
bwsm_eso_provider.auth.secretKeys.accessToken string "BWS_ACCESS_TOKEN" secret key for bitwarden secrets manager access token to use to authenticate BWS CLI and fetch secrets in the pod; do not change unless customizing the Express.JS wrapper code
bwsm_eso_provider.create_cluster_secret_store bool true if set to True, we'll create a cluster-wide Cluster Secret Store see: https://external-secrets.io/latest/introduction/overview/#clustersecretstore
bwsm_eso_provider.eso_namespace string "external-secrets" specify namespace where ESO is installed
bwsm_eso_provider.network_policy.cilium bool false if Cilium is used (for creating a CiliumNetworkPolicy)
bwsm_eso_provider.network_policy.enabled bool true enable a network policy between BWSM pod(s) and ESO namespace; highly recommended as the Express.js App provides no authentication
bwsm_eso_provider.network_policy.labels object {"app.kubernetes.io/name":"external-secrets"} specify the labels to match against for the network policy
bwsm_eso_provider.sample_secret.create bool false create a sample external secret for quick verification; works only when create_cluster_secret_store is True
bwsm_eso_provider.sample_secret.remoteRef.key string "" Bitwarden Secrets Manager Secret ID (must be a valid UUID)
bwsm_eso_provider.sample_secret.remoteRef.property string "key" Bitwarden Secrets Manager Secret property to extract the value of
bwsm_eso_provider.sample_secret.secretKey string "" name of the sample ExternalSecret's (and the corresponding k8s secret's) key
bwsm_eso_provider.sample_secret.secretName string "" name of the sample ExternalSecret and corresponding k8s secret
fullnameOverride string ""
image.pullPolicy string "IfNotPresent" Overrides the image pullPolicy. Hint: set to Always if using latest tag
image.repository string "bojanraic/bwsm-eso" Overrides the image repository; useful if building one's own image
image.tag string "" Overrides the image tag whose default is the chart appVersion; do not change unless building your custom image or really needed
imagePullSecrets list []
livenessProbe.failureThreshold int 3 liveness probe failure threshold
livenessProbe.initialDelaySeconds int 15 liveness probe initial delay
livenessProbe.periodSeconds int 10 liveness probe period
livenessProbe.timeoutSeconds int 1 liveness probe timeout
nameOverride string "" this overrides the name of the chart
nodeSelector object {}
podAnnotations object {} additional annotations to apply to the bitwarden ESO provider pod
podSecurityContext object {}
readinessProbe.failureThreshold int 3 readiness probe failure threshold
readinessProbe.initialDelaySeconds int 15 readiness probe initial delay
readinessProbe.periodSeconds int 10 readiness probe period
readinessProbe.timeoutSeconds int 1 readiness probe timeout
replicaCount int 1 number of replicas to deploy
resources object {}
securityContext object {}
service.port int 8080 port to broadcast for k8s service internally on the cluster
service.targetPort int 8080 port on the container to target for the k8s service;
service.type string "ClusterIP"
serviceAccount.annotations object {} Annotations to add to the service account
serviceAccount.automount bool true Automatically mount a ServiceAccount's API credentials?
serviceAccount.create bool true Specifies whether a service account should be created
serviceAccount.name string "" The name of the service account to use. If not set and create is true, a name is generated using the fullname template
startupProbe.failureThreshold int 3 readiness probe failure threshold
startupProbe.initialDelaySeconds int 15 readiness probe initial delay
startupProbe.periodSeconds int 10 readiness Probe period
startupProbe.timeoutSeconds int 1 readiness probe timeout
tolerations list []