|
1 | 1 | # dvls-kubernetes-operator
|
2 |
| -// TODO(user): Add simple overview of use/purpose |
| 2 | +:warning: **This operator is a work in progress, expect breaking changes between releases** :warning: |
| 3 | + |
| 4 | +Operator to sync Devolutions Server `Credential Entry - Username / Password` entries as Kubernetes Secrets |
3 | 5 |
|
4 | 6 | ## Description
|
5 |
| -// TODO(user): An in-depth paragraph about your project and overview of use |
| 7 | +This operator uses the defined custom resource DvlsSecret which manages its own Kubernetes Secret and will keep itself up to date at a defined interval (every minute by default). |
| 8 | +The Docker image can be found [here](https://hub.docker.com/r/devolutions/dvls-kubernetes-operator). |
| 9 | + |
| 10 | +### Operator configuration |
| 11 | +The following Environment Variables can be used to configure the operator : |
| 12 | +- `DEVO_OPERATOR_DVLS_BASEURI` (required) - DVLS instance base URI |
| 13 | +- `DEVO_OPERATOR_DVLS_APPID` (required) - DVLS Application ID |
| 14 | +- `DEVO_OPERATOR_DVLS_APPSECRET` (required) - DVLS Application Secret |
| 15 | +- `DEVO_OPERATOR_REQUEUE_DURATION` (optional) - Entry/Secret resync interval (default 60s). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". |
| 16 | + |
| 17 | +A sample of the custom resource can be found [here](https://github.com/Devolutions/dvls-kubernetes-operator/blob/master/config/samples/dvls_v1alpha1_dvlssecret.yaml). |
| 18 | +The entry ID can be fetched by going in the entry properties, `Advanced -> Session ID`. |
| 19 | + |
| 20 | +### Devolutions Server configuration |
| 21 | +We recommend creating an [Application ID](https://helpserver.devolutions.net/webinterface_applications.html?q=application) specifically to be used with the Operator that has [minimal access to a vault](https://helpserver.devolutions.net/vaults_applications.html?q=application) that only contains the secrets to be synchronized. |
| 22 | + |
| 23 | +Only `Credential Entry - Username / Password` entries are supported at the moment. The following entry data is available per secret : |
| 24 | +- entry name |
| 25 | +- username |
| 26 | +- password |
| 27 | + |
| 28 | +### Kubernetes configuration |
| 29 | +Since this operator uses Kubernetes Secrets, it is recommended that you follow [best practices](https://kubernetes.io/docs/concepts/security/secrets-good-practices/) surrounding secrets, especially [encryption at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). |
6 | 30 |
|
7 | 31 | ## Getting Started
|
8 | 32 | You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.
|
@@ -42,7 +66,6 @@ make undeploy
|
42 | 66 | ```
|
43 | 67 |
|
44 | 68 | ## Contributing
|
45 |
| -// TODO(user): Add detailed information on how you would like others to contribute to this project |
46 | 69 |
|
47 | 70 | ### How it works
|
48 | 71 | This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)
|
|
0 commit comments