Skip to content

Commit 106c0e8

Browse files
committed
doc: updated readme and fixed some todos
1 parent 6dc32d4 commit 106c0e8

File tree

5 files changed

+30
-25
lines changed

5 files changed

+30
-25
lines changed

README.md

Lines changed: 26 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,32 @@
11
# dvls-kubernetes-operator
2-
// TODO(user): Add simple overview of use/purpose
2+
:warning: **This operator is a work in progress, expect breaking changes between releases** :warning:
3+
4+
Operator to sync Devolutions Server `Credential Entry - Username / Password` entries as Kubernetes Secrets
35

46
## Description
5-
// TODO(user): An in-depth paragraph about your project and overview of use
7+
This operator uses the defined custom resource DvlsSecret which manages its own Kubernetes Secret and will keep itself up to date at a defined interval (every minute by default).
8+
The Docker image can be found [here](https://hub.docker.com/r/devolutions/dvls-kubernetes-operator).
9+
10+
### Operator configuration
11+
The following Environment Variables can be used to configure the operator :
12+
- `DEVO_OPERATOR_DVLS_BASEURI` (required) - DVLS instance base URI
13+
- `DEVO_OPERATOR_DVLS_APPID` (required) - DVLS Application ID
14+
- `DEVO_OPERATOR_DVLS_APPSECRET` (required) - DVLS Application Secret
15+
- `DEVO_OPERATOR_REQUEUE_DURATION` (optional) - Entry/Secret resync interval (default 60s). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
16+
17+
A sample of the custom resource can be found [here](https://github.com/Devolutions/dvls-kubernetes-operator/blob/master/config/samples/dvls_v1alpha1_dvlssecret.yaml).
18+
The entry ID can be fetched by going in the entry properties, `Advanced -> Session ID`.
19+
20+
### Devolutions Server configuration
21+
We recommend creating an [Application ID](https://helpserver.devolutions.net/webinterface_applications.html?q=application) specifically to be used with the Operator that has [minimal access to a vault](https://helpserver.devolutions.net/vaults_applications.html?q=application) that only contains the secrets to be synchronized.
22+
23+
Only `Credential Entry - Username / Password` entries are supported at the moment. The following entry data is available per secret :
24+
- entry name
25+
- username
26+
- password
27+
28+
### Kubernetes configuration
29+
Since this operator uses Kubernetes Secrets, it is recommended that you follow [best practices](https://kubernetes.io/docs/concepts/security/secrets-good-practices/) surrounding secrets, especially [encryption at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
630

731
## Getting Started
832
You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.
@@ -42,7 +66,6 @@ make undeploy
4266
```
4367

4468
## Contributing
45-
// TODO(user): Add detailed information on how you would like others to contribute to this project
4669

4770
### How it works
4871
This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)

api/v1alpha1/dvlssecret_types.go

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,6 @@ type DvlsSecretSpec struct {
2929
// Important: Run "make" to regenerate code after modifying this file
3030

3131
EntryID string `json:"entryId"` // entry id on dvls
32-
// SecretName string `json:"secretName"` // secret name on kubernetes
33-
// Namespace string `json:"namespace"` // secret namespace on kubernetes
3432
}
3533

3634
// DvlsSecretStatus defines the observed state of DvlsSecret

config/manager/manager.yaml

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -58,13 +58,8 @@ spec:
5858
# - linux
5959
securityContext:
6060
runAsNonRoot: true
61-
# TODO(user): For common cases that do not require escalating privileges
62-
# it is recommended to ensure that all your Pods/Containers are restrictive.
63-
# More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
64-
# Please uncomment the following code if your project does NOT have to work on old Kubernetes
65-
# versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
66-
# seccompProfile:
67-
# type: RuntimeDefault
61+
seccompProfile:
62+
type: RuntimeDefault
6863
containers:
6964
- command:
7065
- /manager
@@ -89,14 +84,11 @@ spec:
8984
port: 8081
9085
initialDelaySeconds: 5
9186
periodSeconds: 10
92-
# TODO(user): Configure the resources accordingly based on the project requirements.
93-
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
9487
resources:
9588
limits:
96-
cpu: 500m
9789
memory: 128Mi
9890
requests:
99-
cpu: 10m
91+
cpu: 100m
10092
memory: 64Mi
10193
env:
10294
- name: DEVO_OPERATOR_DVLS_APPID

config/samples/dvls_v1alpha1_dvlssecret.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,4 @@ metadata:
99
app.kubernetes.io/created-by: dvls-kubernetes-operator
1010
name: dvlssecret-sample
1111
spec:
12-
# TODO(user): Add fields here
13-
entryId: (entry id)
12+
entryId: 00000000-0000-0000-0000-000000000000

controllers/dvlssecret_controller.go

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -66,13 +66,6 @@ type DvlsSecretReconciler struct {
6666

6767
// Reconcile is part of the main kubernetes reconciliation loop which aims to
6868
// move the current state of the cluster closer to the desired state.
69-
// TODO(user): Modify the Reconcile function to compare the state specified by
70-
// the DvlsSecret object against the actual cluster state, and then
71-
// perform operations to make the cluster state reflect the state specified by
72-
// the user.
73-
//
74-
// For more details, check Reconcile and its Result here:
75-
// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.13.0/pkg/reconcile
7669
func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
7770
log := log.FromContext(ctx)
7871

0 commit comments

Comments
 (0)