Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BRE-385: POC share encryption keys #197

Closed

Conversation

mimartin12
Copy link
Contributor

No description provided.

mimartin12 and others added 30 commits June 19, 2024 14:40
commit 1116424
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 11:03:52 2024 -0600

    Add feature flag support
    - Create a configmap that is templated from source values
    - Mount the config map into general directory /etc/bitwarden/code
    - Set `globalSettings__launchDarkly__flagDataFilePath` value to the path

commit 36504d7
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 10:56:46 2024 -0600

    Update linter

commit de88464
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 10:43:06 2024 -0600

    Add feature flag inputs to values file.
- Ensure that the last item doesn't have a trailing comma.
- Update .gitignore to ignore test values for now
- Add hooks for feature flag confirm map
- Have comments for code complexity
commit 6e803d6
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 17:02:04 2024 -0600

    Fix logs indentation

commit b4b7128
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:48:06 2024 -0600

    Linting

commit 0474ef9
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:45:34 2024 -0600

    Update test values and base values

commit 2dd7115
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:42:06 2024 -0600

    Remove key connector resources on helm uninstall.

commit c293506
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:36:08 2024 -0600

    Update mount paths for Key Connector files

commit a9a4bfc
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:35:38 2024 -0600

    Update config maps
    - Support custom cloud URIs
    - Update paths for Key Connector files

commit 1178afa
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 15:24:00 2024 -0600

    Fix paths for key connector ingress

commit dcaf36a
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 10:07:04 2024 -0600

    Check in test values

commit 0798f5e
Author: Micaiah Martin <[email protected]>
Date:   Tue Jun 25 16:32:02 2024 -0600

    Fix incorrect service name being used

commit 207d669
Author: Micaiah Martin <[email protected]>
Date:   Tue Jun 25 14:51:09 2024 -0600

    Add Key Connector deployment
    - Adds Key connector component configs
    - Supports setting up JSON database, certificate RSA, and filesystem cert provider
    - Automatically generate the certificate and filesystem structure
    - Setup PVC for JSON db

commit 557849d
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 14:47:34 2024 -0600

    Fix schema

commit 88fd30f
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 14:43:59 2024 -0600

    Add inputs for Key Connector to Values file
- Allows users to set annotations to each component and volume
- Implement sync waves
- conditionally handle jobs based on toggle for Argo CD.
- Default argoCDSupport to be true
…on keys

Add pre-install-secret-main which does the following:
- Generate a secure MSSQL password and then hit the endpoints for Bitwarden installation keys/ID
- Provide users the values for these secrets via a pod, which can be access via the Argo CD GUI.
- Utilize Akv2k8s to create a single Kubernetes secret with shared secrets from a provided Azure Key Vault name
- Add a bit of output to the generate-cloud-ids container
- Add inputs for GitHub metadata, expecting to be passed by ApplicationSet
- Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap
- Extend service account permissions to create config maps
---
Users may need to specify a specific version for a single component.

Argo CD Image updater will need to update these to digests when a new image is pushed to the registry

This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so.

Deployments now have a $tag variable and this value is set on the logic of
Check for .tag value > Check for override value > Set value from Default

There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector.
- By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync.
- Moved DB storageClass to managed disk and RWO
- Setup init container to ensure the permissions are set to container user
- Adds ability to toggle deployment of a DB client for interacting with the ephemeral database.
commit 895b5e0
Author: Micaiah Martin <[email protected]>
Date:   Tue Oct 1 09:54:18 2024 -0600

    Set tags as "dev" by default
* Added additional SMTP environment variables  (bitwarden#174)

* Updated core and web versions (bitwarden#179)

* Bumped version to 2024.9.1 (bitwarden#180)

* Added additional annotations for nginx (bitwarden#178)

* chore(deps): update gh minor (bitwarden#165)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Updated core and web versions (bitwarden#183)

* Bumped version to 2024.9.2 (bitwarden#184)

* Update README.md

* Squashed commit of the following:

commit 1116424
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 11:03:52 2024 -0600

    Add feature flag support
    - Create a configmap that is templated from source values
    - Mount the config map into general directory /etc/bitwarden/code
    - Set `globalSettings__launchDarkly__flagDataFilePath` value to the path

commit 36504d7
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 10:56:46 2024 -0600

    Update linter

commit de88464
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 10:43:06 2024 -0600

    Add feature flag inputs to values file.

* Fix issue with only a single feature flag defined.
- Ensure that the last item doesn't have a trailing comma.
- Update .gitignore to ignore test values for now

* Add comments and hook annotations
- Add hooks for feature flag confirm map
- Have comments for code complexity

* Add Key Connector deployment via toggle for helm chart.

commit 6e803d6
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 17:02:04 2024 -0600

    Fix logs indentation

commit b4b7128
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:48:06 2024 -0600

    Linting

commit 0474ef9
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:45:34 2024 -0600

    Update test values and base values

commit 2dd7115
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:42:06 2024 -0600

    Remove key connector resources on helm uninstall.

commit c293506
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:36:08 2024 -0600

    Update mount paths for Key Connector files

commit a9a4bfc
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:35:38 2024 -0600

    Update config maps
    - Support custom cloud URIs
    - Update paths for Key Connector files

commit 1178afa
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 15:24:00 2024 -0600

    Fix paths for key connector ingress

commit dcaf36a
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 10:07:04 2024 -0600

    Check in test values

commit 0798f5e
Author: Micaiah Martin <[email protected]>
Date:   Tue Jun 25 16:32:02 2024 -0600

    Fix incorrect service name being used

commit 207d669
Author: Micaiah Martin <[email protected]>
Date:   Tue Jun 25 14:51:09 2024 -0600

    Add Key Connector deployment
    - Adds Key connector component configs
    - Supports setting up JSON database, certificate RSA, and filesystem cert provider
    - Automatically generate the certificate and filesystem structure
    - Setup PVC for JSON db

commit 557849d
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 14:47:34 2024 -0600

    Fix schema

commit 88fd30f
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 14:43:59 2024 -0600

    Add inputs for Key Connector to Values file

* Add annotation support for components and volumes
- Allows users to set annotations to each component and volume

* Add Argo CD support
- Implement sync waves
- conditionally handle jobs based on toggle for Argo CD.
- Default argoCDSupport to be true

* BRE-166 Support generating secrets for MSSQL and Bitwarden installation keys

Add pre-install-secret-main which does the following:
- Generate a secure MSSQL password and then hit the endpoints for Bitwarden installation keys/ID
- Provide users the values for these secrets via a pod, which can be access via the Argo CD GUI.
- Utilize Akv2k8s to create a single Kubernetes secret with shared secrets from a provided Azure Key Vault name

* BRE-166: Set defaults to USDEV for argo cd syncs
- Add a bit of output to the generate-cloud-ids container

* BRE-166: Fix Argo CD sync as it doesn't support Helm lookup functions.

* Set default key vault to USDEV

* Publish endpoints to GitHub Pull Request
- Add inputs for GitHub metadata, expecting to be passed by ApplicationSet
- Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap
- Extend service account permissions to create config maps

* Set default annotations via values file

* BRE-178: Support individual tags for components
---
Users may need to specify a specific version for a single component.

Argo CD Image updater will need to update these to digests when a new image is pushed to the registry

This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so.

Deployments now have a $tag variable and this value is set on the logic of
Check for .tag value > Check for override value > Set value from Default

There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector.

* BRE 270: Fix email auth

* BRE-273: Add workaround for PVC removal and database re-creation
- By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync.

* BRE-275: Set defaults for image registry to ACR.

* BRE-274: Expose MSSQL via Ingress

* BRE-300: Resolve MSSQL storage deployment permissions
- Moved DB storageClass to managed disk and RWO
- Setup init container to ensure the permissions are set to container user

* BRE-298: DB Client extension
- Adds ability to toggle deployment of a DB client for interacting with the ephemeral database.

* Update Key Connector registry and bump version

* BRE-255: Added 'Go to Environment' button, fixes the default URL button

* Squashed commit of the following:

commit 895b5e0
Author: Micaiah Martin <[email protected]>
Date:   Tue Oct 1 09:54:18 2024 -0600

    Set tags as "dev" by default

* Revert "Set tags as "dev" by default"

This reverts commit 895b5e0.

---------

Co-authored-by: keithhubner <[email protected]>
Co-authored-by: Bitwarden DevOps <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
mimartin12 and others added 28 commits October 17, 2024 11:38
- Add a bit of output to the generate-cloud-ids container
- Add inputs for GitHub metadata, expecting to be passed by ApplicationSet
- Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap
- Extend service account permissions to create config maps
---
Users may need to specify a specific version for a single component.

Argo CD Image updater will need to update these to digests when a new image is pushed to the registry

This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so.

Deployments now have a $tag variable and this value is set on the logic of
Check for .tag value > Check for override value > Set value from Default

There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector.
- By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync.
- Moved DB storageClass to managed disk and RWO
- Setup init container to ensure the permissions are set to container user
- Adds ability to toggle deployment of a DB client for interacting with the ephemeral database.
commit 895b5e0
Author: Micaiah Martin <[email protected]>
Date:   Tue Oct 1 09:54:18 2024 -0600

    Set tags as "dev" by default
* Added additional SMTP environment variables  (bitwarden#174)

* Updated core and web versions (bitwarden#179)

* Bumped version to 2024.9.1 (bitwarden#180)

* Added additional annotations for nginx (bitwarden#178)

* chore(deps): update gh minor (bitwarden#165)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Updated core and web versions (bitwarden#183)

* Bumped version to 2024.9.2 (bitwarden#184)

* Update README.md

* Squashed commit of the following:

commit 1116424
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 11:03:52 2024 -0600

    Add feature flag support
    - Create a configmap that is templated from source values
    - Mount the config map into general directory /etc/bitwarden/code
    - Set `globalSettings__launchDarkly__flagDataFilePath` value to the path

commit 36504d7
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 10:56:46 2024 -0600

    Update linter

commit de88464
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 10:43:06 2024 -0600

    Add feature flag inputs to values file.

* Fix issue with only a single feature flag defined.
- Ensure that the last item doesn't have a trailing comma.
- Update .gitignore to ignore test values for now

* Add comments and hook annotations
- Add hooks for feature flag confirm map
- Have comments for code complexity

* Add Key Connector deployment via toggle for helm chart.

commit 6e803d6
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 17:02:04 2024 -0600

    Fix logs indentation

commit b4b7128
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:48:06 2024 -0600

    Linting

commit 0474ef9
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:45:34 2024 -0600

    Update test values and base values

commit 2dd7115
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:42:06 2024 -0600

    Remove key connector resources on helm uninstall.

commit c293506
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:36:08 2024 -0600

    Update mount paths for Key Connector files

commit a9a4bfc
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 16:35:38 2024 -0600

    Update config maps
    - Support custom cloud URIs
    - Update paths for Key Connector files

commit 1178afa
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 15:24:00 2024 -0600

    Fix paths for key connector ingress

commit dcaf36a
Author: Micaiah Martin <[email protected]>
Date:   Wed Jun 26 10:07:04 2024 -0600

    Check in test values

commit 0798f5e
Author: Micaiah Martin <[email protected]>
Date:   Tue Jun 25 16:32:02 2024 -0600

    Fix incorrect service name being used

commit 207d669
Author: Micaiah Martin <[email protected]>
Date:   Tue Jun 25 14:51:09 2024 -0600

    Add Key Connector deployment
    - Adds Key connector component configs
    - Supports setting up JSON database, certificate RSA, and filesystem cert provider
    - Automatically generate the certificate and filesystem structure
    - Setup PVC for JSON db

commit 557849d
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 14:47:34 2024 -0600

    Fix schema

commit 88fd30f
Author: Micaiah Martin <[email protected]>
Date:   Fri Jun 21 14:43:59 2024 -0600

    Add inputs for Key Connector to Values file

* Add annotation support for components and volumes
- Allows users to set annotations to each component and volume

* Add Argo CD support
- Implement sync waves
- conditionally handle jobs based on toggle for Argo CD.
- Default argoCDSupport to be true

* BRE-166 Support generating secrets for MSSQL and Bitwarden installation keys

Add pre-install-secret-main which does the following:
- Generate a secure MSSQL password and then hit the endpoints for Bitwarden installation keys/ID
- Provide users the values for these secrets via a pod, which can be access via the Argo CD GUI.
- Utilize Akv2k8s to create a single Kubernetes secret with shared secrets from a provided Azure Key Vault name

* BRE-166: Set defaults to USDEV for argo cd syncs
- Add a bit of output to the generate-cloud-ids container

* BRE-166: Fix Argo CD sync as it doesn't support Helm lookup functions.

* Set default key vault to USDEV

* Publish endpoints to GitHub Pull Request
- Add inputs for GitHub metadata, expecting to be passed by ApplicationSet
- Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap
- Extend service account permissions to create config maps

* Set default annotations via values file

* BRE-178: Support individual tags for components
---
Users may need to specify a specific version for a single component.

Argo CD Image updater will need to update these to digests when a new image is pushed to the registry

This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so.

Deployments now have a $tag variable and this value is set on the logic of
Check for .tag value > Check for override value > Set value from Default

There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector.

* BRE 270: Fix email auth

* BRE-273: Add workaround for PVC removal and database re-creation
- By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync.

* BRE-275: Set defaults for image registry to ACR.

* BRE-274: Expose MSSQL via Ingress

* BRE-300: Resolve MSSQL storage deployment permissions
- Moved DB storageClass to managed disk and RWO
- Setup init container to ensure the permissions are set to container user

* BRE-298: DB Client extension
- Adds ability to toggle deployment of a DB client for interacting with the ephemeral database.

* Update Key Connector registry and bump version

* BRE-255: Added 'Go to Environment' button, fixes the default URL button

* Squashed commit of the following:

commit 895b5e0
Author: Micaiah Martin <[email protected]>
Date:   Tue Oct 1 09:54:18 2024 -0600

    Set tags as "dev" by default

* Revert "Set tags as "dev" by default"

This reverts commit 895b5e0.

---------

Co-authored-by: keithhubner <[email protected]>
Co-authored-by: Bitwarden DevOps <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…rom-all-workflows

[BRE-372] - Clean up document start
@mimartin12 mimartin12 closed this Nov 4, 2024
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ Eeebru
❌ mimartin12
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants