-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BRE-385: POC share encryption keys #197
Closed
mimartin12
wants to merge
69
commits into
bitwarden:main
from
bitwarden:BRE-385-share-encryption-keys
Closed
BRE-385: POC share encryption keys #197
mimartin12
wants to merge
69
commits into
bitwarden:main
from
bitwarden:BRE-385-share-encryption-keys
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 1116424 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 11:03:52 2024 -0600 Add feature flag support - Create a configmap that is templated from source values - Mount the config map into general directory /etc/bitwarden/code - Set `globalSettings__launchDarkly__flagDataFilePath` value to the path commit 36504d7 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 10:56:46 2024 -0600 Update linter commit de88464 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 10:43:06 2024 -0600 Add feature flag inputs to values file.
- Ensure that the last item doesn't have a trailing comma. - Update .gitignore to ignore test values for now
- Add hooks for feature flag confirm map - Have comments for code complexity
commit 6e803d6 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 17:02:04 2024 -0600 Fix logs indentation commit b4b7128 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:48:06 2024 -0600 Linting commit 0474ef9 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:45:34 2024 -0600 Update test values and base values commit 2dd7115 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:42:06 2024 -0600 Remove key connector resources on helm uninstall. commit c293506 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:36:08 2024 -0600 Update mount paths for Key Connector files commit a9a4bfc Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:35:38 2024 -0600 Update config maps - Support custom cloud URIs - Update paths for Key Connector files commit 1178afa Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 15:24:00 2024 -0600 Fix paths for key connector ingress commit dcaf36a Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 10:07:04 2024 -0600 Check in test values commit 0798f5e Author: Micaiah Martin <[email protected]> Date: Tue Jun 25 16:32:02 2024 -0600 Fix incorrect service name being used commit 207d669 Author: Micaiah Martin <[email protected]> Date: Tue Jun 25 14:51:09 2024 -0600 Add Key Connector deployment - Adds Key connector component configs - Supports setting up JSON database, certificate RSA, and filesystem cert provider - Automatically generate the certificate and filesystem structure - Setup PVC for JSON db commit 557849d Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 14:47:34 2024 -0600 Fix schema commit 88fd30f Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 14:43:59 2024 -0600 Add inputs for Key Connector to Values file
- Allows users to set annotations to each component and volume
- Implement sync waves - conditionally handle jobs based on toggle for Argo CD. - Default argoCDSupport to be true
…on keys Add pre-install-secret-main which does the following: - Generate a secure MSSQL password and then hit the endpoints for Bitwarden installation keys/ID - Provide users the values for these secrets via a pod, which can be access via the Argo CD GUI. - Utilize Akv2k8s to create a single Kubernetes secret with shared secrets from a provided Azure Key Vault name
- Add a bit of output to the generate-cloud-ids container
- Add inputs for GitHub metadata, expecting to be passed by ApplicationSet - Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap - Extend service account permissions to create config maps
--- Users may need to specify a specific version for a single component. Argo CD Image updater will need to update these to digests when a new image is pushed to the registry This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so. Deployments now have a $tag variable and this value is set on the logic of Check for .tag value > Check for override value > Set value from Default There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector.
- By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync.
- Moved DB storageClass to managed disk and RWO - Setup init container to ensure the permissions are set to container user
- Adds ability to toggle deployment of a DB client for interacting with the ephemeral database.
commit 895b5e0 Author: Micaiah Martin <[email protected]> Date: Tue Oct 1 09:54:18 2024 -0600 Set tags as "dev" by default
This reverts commit 895b5e0.
* Added additional SMTP environment variables (bitwarden#174) * Updated core and web versions (bitwarden#179) * Bumped version to 2024.9.1 (bitwarden#180) * Added additional annotations for nginx (bitwarden#178) * chore(deps): update gh minor (bitwarden#165) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Updated core and web versions (bitwarden#183) * Bumped version to 2024.9.2 (bitwarden#184) * Update README.md * Squashed commit of the following: commit 1116424 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 11:03:52 2024 -0600 Add feature flag support - Create a configmap that is templated from source values - Mount the config map into general directory /etc/bitwarden/code - Set `globalSettings__launchDarkly__flagDataFilePath` value to the path commit 36504d7 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 10:56:46 2024 -0600 Update linter commit de88464 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 10:43:06 2024 -0600 Add feature flag inputs to values file. * Fix issue with only a single feature flag defined. - Ensure that the last item doesn't have a trailing comma. - Update .gitignore to ignore test values for now * Add comments and hook annotations - Add hooks for feature flag confirm map - Have comments for code complexity * Add Key Connector deployment via toggle for helm chart. commit 6e803d6 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 17:02:04 2024 -0600 Fix logs indentation commit b4b7128 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:48:06 2024 -0600 Linting commit 0474ef9 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:45:34 2024 -0600 Update test values and base values commit 2dd7115 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:42:06 2024 -0600 Remove key connector resources on helm uninstall. commit c293506 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:36:08 2024 -0600 Update mount paths for Key Connector files commit a9a4bfc Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:35:38 2024 -0600 Update config maps - Support custom cloud URIs - Update paths for Key Connector files commit 1178afa Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 15:24:00 2024 -0600 Fix paths for key connector ingress commit dcaf36a Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 10:07:04 2024 -0600 Check in test values commit 0798f5e Author: Micaiah Martin <[email protected]> Date: Tue Jun 25 16:32:02 2024 -0600 Fix incorrect service name being used commit 207d669 Author: Micaiah Martin <[email protected]> Date: Tue Jun 25 14:51:09 2024 -0600 Add Key Connector deployment - Adds Key connector component configs - Supports setting up JSON database, certificate RSA, and filesystem cert provider - Automatically generate the certificate and filesystem structure - Setup PVC for JSON db commit 557849d Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 14:47:34 2024 -0600 Fix schema commit 88fd30f Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 14:43:59 2024 -0600 Add inputs for Key Connector to Values file * Add annotation support for components and volumes - Allows users to set annotations to each component and volume * Add Argo CD support - Implement sync waves - conditionally handle jobs based on toggle for Argo CD. - Default argoCDSupport to be true * BRE-166 Support generating secrets for MSSQL and Bitwarden installation keys Add pre-install-secret-main which does the following: - Generate a secure MSSQL password and then hit the endpoints for Bitwarden installation keys/ID - Provide users the values for these secrets via a pod, which can be access via the Argo CD GUI. - Utilize Akv2k8s to create a single Kubernetes secret with shared secrets from a provided Azure Key Vault name * BRE-166: Set defaults to USDEV for argo cd syncs - Add a bit of output to the generate-cloud-ids container * BRE-166: Fix Argo CD sync as it doesn't support Helm lookup functions. * Set default key vault to USDEV * Publish endpoints to GitHub Pull Request - Add inputs for GitHub metadata, expecting to be passed by ApplicationSet - Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap - Extend service account permissions to create config maps * Set default annotations via values file * BRE-178: Support individual tags for components --- Users may need to specify a specific version for a single component. Argo CD Image updater will need to update these to digests when a new image is pushed to the registry This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so. Deployments now have a $tag variable and this value is set on the logic of Check for .tag value > Check for override value > Set value from Default There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector. * BRE 270: Fix email auth * BRE-273: Add workaround for PVC removal and database re-creation - By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync. * BRE-275: Set defaults for image registry to ACR. * BRE-274: Expose MSSQL via Ingress * BRE-300: Resolve MSSQL storage deployment permissions - Moved DB storageClass to managed disk and RWO - Setup init container to ensure the permissions are set to container user * BRE-298: DB Client extension - Adds ability to toggle deployment of a DB client for interacting with the ephemeral database. * Update Key Connector registry and bump version * BRE-255: Added 'Go to Environment' button, fixes the default URL button * Squashed commit of the following: commit 895b5e0 Author: Micaiah Martin <[email protected]> Date: Tue Oct 1 09:54:18 2024 -0600 Set tags as "dev" by default * Revert "Set tags as "dev" by default" This reverts commit 895b5e0. --------- Co-authored-by: keithhubner <[email protected]> Co-authored-by: Bitwarden DevOps <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Add a bit of output to the generate-cloud-ids container
- Add inputs for GitHub metadata, expecting to be passed by ApplicationSet - Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap - Extend service account permissions to create config maps
--- Users may need to specify a specific version for a single component. Argo CD Image updater will need to update these to digests when a new image is pushed to the registry This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so. Deployments now have a $tag variable and this value is set on the logic of Check for .tag value > Check for override value > Set value from Default There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector.
- By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync.
- Moved DB storageClass to managed disk and RWO - Setup init container to ensure the permissions are set to container user
- Adds ability to toggle deployment of a DB client for interacting with the ephemeral database.
commit 895b5e0 Author: Micaiah Martin <[email protected]> Date: Tue Oct 1 09:54:18 2024 -0600 Set tags as "dev" by default
This reverts commit 895b5e0.
* Added additional SMTP environment variables (bitwarden#174) * Updated core and web versions (bitwarden#179) * Bumped version to 2024.9.1 (bitwarden#180) * Added additional annotations for nginx (bitwarden#178) * chore(deps): update gh minor (bitwarden#165) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Updated core and web versions (bitwarden#183) * Bumped version to 2024.9.2 (bitwarden#184) * Update README.md * Squashed commit of the following: commit 1116424 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 11:03:52 2024 -0600 Add feature flag support - Create a configmap that is templated from source values - Mount the config map into general directory /etc/bitwarden/code - Set `globalSettings__launchDarkly__flagDataFilePath` value to the path commit 36504d7 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 10:56:46 2024 -0600 Update linter commit de88464 Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 10:43:06 2024 -0600 Add feature flag inputs to values file. * Fix issue with only a single feature flag defined. - Ensure that the last item doesn't have a trailing comma. - Update .gitignore to ignore test values for now * Add comments and hook annotations - Add hooks for feature flag confirm map - Have comments for code complexity * Add Key Connector deployment via toggle for helm chart. commit 6e803d6 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 17:02:04 2024 -0600 Fix logs indentation commit b4b7128 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:48:06 2024 -0600 Linting commit 0474ef9 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:45:34 2024 -0600 Update test values and base values commit 2dd7115 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:42:06 2024 -0600 Remove key connector resources on helm uninstall. commit c293506 Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:36:08 2024 -0600 Update mount paths for Key Connector files commit a9a4bfc Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 16:35:38 2024 -0600 Update config maps - Support custom cloud URIs - Update paths for Key Connector files commit 1178afa Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 15:24:00 2024 -0600 Fix paths for key connector ingress commit dcaf36a Author: Micaiah Martin <[email protected]> Date: Wed Jun 26 10:07:04 2024 -0600 Check in test values commit 0798f5e Author: Micaiah Martin <[email protected]> Date: Tue Jun 25 16:32:02 2024 -0600 Fix incorrect service name being used commit 207d669 Author: Micaiah Martin <[email protected]> Date: Tue Jun 25 14:51:09 2024 -0600 Add Key Connector deployment - Adds Key connector component configs - Supports setting up JSON database, certificate RSA, and filesystem cert provider - Automatically generate the certificate and filesystem structure - Setup PVC for JSON db commit 557849d Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 14:47:34 2024 -0600 Fix schema commit 88fd30f Author: Micaiah Martin <[email protected]> Date: Fri Jun 21 14:43:59 2024 -0600 Add inputs for Key Connector to Values file * Add annotation support for components and volumes - Allows users to set annotations to each component and volume * Add Argo CD support - Implement sync waves - conditionally handle jobs based on toggle for Argo CD. - Default argoCDSupport to be true * BRE-166 Support generating secrets for MSSQL and Bitwarden installation keys Add pre-install-secret-main which does the following: - Generate a secure MSSQL password and then hit the endpoints for Bitwarden installation keys/ID - Provide users the values for these secrets via a pod, which can be access via the Argo CD GUI. - Utilize Akv2k8s to create a single Kubernetes secret with shared secrets from a provided Azure Key Vault name * BRE-166: Set defaults to USDEV for argo cd syncs - Add a bit of output to the generate-cloud-ids container * BRE-166: Fix Argo CD sync as it doesn't support Helm lookup functions. * Set default key vault to USDEV * Publish endpoints to GitHub Pull Request - Add inputs for GitHub metadata, expecting to be passed by ApplicationSet - Add job to publish endpoints to a github comment and store the comment ID state as a ConfigMap - Extend service account permissions to create config maps * Set default annotations via values file * BRE-178: Support individual tags for components --- Users may need to specify a specific version for a single component. Argo CD Image updater will need to update these to digests when a new image is pushed to the registry This adds the ability to define tags for each Bitwarden component and the MSSQL migrator utility. Allowing us to use a tag for each component if we wish to do so. Deployments now have a $tag variable and this value is set on the logic of Check for .tag value > Check for override value > Set value from Default There was also some refactor for Key Connector to bring it in alignment with this new pattern, we no longer use `version` but instead use `tag` for key connector. * BRE 270: Fix email auth * BRE-273: Add workaround for PVC removal and database re-creation - By adding argocd.argoproj.io/hook-delete-policy: HookFailed annotation, we only remove the PVCs and DB if the hook fails, instead of every sync. * BRE-275: Set defaults for image registry to ACR. * BRE-274: Expose MSSQL via Ingress * BRE-300: Resolve MSSQL storage deployment permissions - Moved DB storageClass to managed disk and RWO - Setup init container to ensure the permissions are set to container user * BRE-298: DB Client extension - Adds ability to toggle deployment of a DB client for interacting with the ephemeral database. * Update Key Connector registry and bump version * BRE-255: Added 'Go to Environment' button, fixes the default URL button * Squashed commit of the following: commit 895b5e0 Author: Micaiah Martin <[email protected]> Date: Tue Oct 1 09:54:18 2024 -0600 Set tags as "dev" by default * Revert "Set tags as "dev" by default" This reverts commit 895b5e0. --------- Co-authored-by: keithhubner <[email protected]> Co-authored-by: Bitwarden DevOps <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…rom-all-workflows [BRE-372] - Clean up document start
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.