duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove ArgoCD certificate and key files; add External Secrets Helm chart with Bitwarden SDK server integration, including configuration files, templates, and monitoring dashboard.

Browse Source
This commit is contained in:
duynguyen
2026-04-12 21:11:11 +07:00
parent 9545b79b7a
commit 26f8dd6b11
64 changed files with 36725 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
manifest/external-secrets/templates/crds/mfa.yaml Normal file
View File

@@ -0,0 +1,100 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4}}
{{- end }}
{{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook
{{- end }}
controller-gen.kubebuilder.io/version: v0.19.0
labels:
external-secrets.io/component: controller
name: mfas.generators.external-secrets.io
spec:
group: generators.external-secrets.io
names:
categories:
- external-secrets
- external-secrets-generators
kind: MFA
listKind: MFAList
plural: mfas
singular: mfa
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MFA generates a new TOTP token that is compliant with RFC 6238.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MFASpec controls the behavior of the mfa generator.
properties:
algorithm:
description: Algorithm to use for encoding. Defaults to SHA1 as per the RFC.
type: string
length:
description: Length defines the token length. Defaults to 6 characters.
type: integer
secret:
description: Secret is a secret selector to a secret containing the seed secret to generate the TOTP value from.
properties:
key:
description: |-
A key in the referenced Secret.
Some instances of this field may be defaulted, in others it may be required.
maxLength: 253
minLength: 1
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: The name of the Secret resource being referred to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
namespace:
description: |-
The namespace of the Secret resource being referred to.
Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
timePeriod:
description: TimePeriod defines how long the token can be active. Defaults to 30 seconds.
type: integer
when:
description: When defines a time parameter that can be used to pin the origin time of the generated token.
format: date-time
type: string
required:
- secret
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}