duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove ArgoCD certificate and key files; add External Secrets Helm chart with Bitwarden SDK server integration, including configuration files, templates, and monitoring dashboard.

Browse Source
This commit is contained in:
duynguyen
2026-04-12 21:11:11 +07:00
parent 9545b79b7a
commit 26f8dd6b11
64 changed files with 36725 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
manifest/external-secrets/charts/bitwarden-sdk-server/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,117 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "bitwarden-sdk-server.fullname" . }}
namespace: {{ template "bitwarden-sdk-server.namespace" . }}
{{- with .Values.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "bitwarden-sdk-server.labels" . | nindent 4 }}
{{- with .Values.deploymentLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "bitwarden-sdk-server.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "bitwarden-sdk-server.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "bitwarden-sdk-server.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.podDnsPolicy }}
dnsPolicy: {{ .Values.podDnsPolicy }}
{{- end }}
{{- with .Values.podDnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if not .Values.image.tls.enabled }}
args:
- --insecure
{{- end }}
{{- with .Values.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.image.tls.enabled }}
volumeMounts:
{{- if .Values.image.tls.volumeMounts }}
{{- toYaml .Values.image.tls.volumeMounts | nindent 12 }}
{{- else }}
- mountPath: /certs
name: {{ .Values.image.tls.secretName }}
{{- end}}
{{- end}}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /live
port: http
{{- if .Values.image.tls.enabled }}
scheme: HTTPS
{{- end }}
readinessProbe:
httpGet:
path: /ready
port: http
{{- if .Values.image.tls.enabled }}
scheme: HTTPS
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.image.tls.enabled }}
volumes:
{{- if .Values.image.tls.volumes }}
{{- toYaml .Values.image.tls.volumes | nindent 8 }}
{{- else }}
- name: {{ .Values.image.tls.secretName }}
secret:
secretName: {{ .Values.image.tls.secretName }}
items:
- key: tls.crt
path: cert.pem
- key: tls.key
path: key.pem
- key: ca.crt
path: ca.pem
{{- end}}
{{- end}}