From fc2d0db7d1f03e5a64f1003a27b1484ae4c8e35d Mon Sep 17 00:00:00 2001
From: Jory Irving <jory@jory.dev>
Date: Mon, 12 Feb 2024 10:20:23 -0700
Subject: [PATCH] ditch bw-cli

---
 .../bitwarden/clustersecretstore.yaml         | 24 --------
 .../bitwarden/helmrelease.yaml                | 61 -------------------
 .../bitwarden/kustomization.yaml              |  9 ---
 .../bitwarden/network-policy.yaml             | 17 ------
 .../bitwarden/secret.sops.yaml                | 28 ---------
 .../external-secrets/external-secrets/ks.yaml | 23 -------
 .../weave-gitops/app/externalsecret.yaml      |  2 +-
 .../thanos/app/kustomization.yaml             |  2 +-
 8 files changed, 2 insertions(+), 164 deletions(-)
 delete mode 100644 kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/clustersecretstore.yaml
 delete mode 100644 kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/helmrelease.yaml
 delete mode 100644 kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/kustomization.yaml
 delete mode 100644 kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/network-policy.yaml
 delete mode 100644 kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/secret.sops.yaml

diff --git a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/clustersecretstore.yaml b/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/clustersecretstore.yaml
deleted file mode 100644
index de2e237b07..0000000000
--- a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/clustersecretstore.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: bitwarden-login
-spec:
-  provider:
-    webhook:
-      url: "http://bitwarden.external-secrets.svc.cluster.local:8087/object/item/{{ .remoteRef.key }}"
-      headers:
-        Content-Type: application/json
-      result:
-        jsonPath: "$.data.login.{{ .remoteRef.property }}"
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: bitwarden-fields
-spec:
-  provider:
-    webhook:
-      url: "http://bitwarden.external-secrets.svc.cluster.local:8087/object/item/{{ .remoteRef.key }}"
-      result:
-        jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"
diff --git a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/helmrelease.yaml b/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/helmrelease.yaml
deleted file mode 100644
index bc81344e40..0000000000
--- a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/helmrelease.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
----
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
-metadata:
-  name: bitwarden
-spec:
-  interval: 5m
-  chart:
-    spec:
-      chart: app-template
-      version: 2.5.0
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  maxHistory: 2
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  uninstall:
-    keepHistory: false
-  values:
-    controllers:
-      main:
-        strategy: RollingUpdate
-        annotations:
-          reloader.stakater.com/auto: "true"
-        containers:
-          main:
-            image:
-              repository: ghcr.io/lildrunkensmurf/bitwarden-cli
-              tag: 2024.2.0@sha256:4780c595ede55834503ca1af1df1597118b4618d2728a52e71b269ec18c320c2
-            envFrom:
-              - secretRef:
-                  name: bitwarden-cli
-            probes:
-              liveness:
-                enabled: true
-                custom: true
-                spec:
-                  exec:
-                    command:  ["wget", "-q", "http://127.0.0.1:8087/sync", "--post-data=''"]
-                  timeoutSeconds: 5
-              readiness:
-                enabled: false
-            resources:
-              requests:
-                cpu: 100m
-                memory: 256Mi
-              limits:
-                memory: 512Mi
-    service:
-      main:
-        ports:
-          http:
-            port: 8087
diff --git a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/kustomization.yaml b/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/kustomization.yaml
deleted file mode 100644
index f46e6962d4..0000000000
--- a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./clustersecretstore.yaml
-  - ./helmrelease.yaml
-  - ./network-policy.yaml
-  - ./secret.sops.yaml
diff --git a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/network-policy.yaml b/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/network-policy.yaml
deleted file mode 100644
index cf76115f89..0000000000
--- a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/network-policy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: external-secrets-to-bw-cli
-spec:
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/instance: bitwarden
-      app.kubernetes.io/name: bitwarden
-  ingress:
-    - fromEndpoints:
-        - matchLabels:
-            app.kubernetes.io/instance: external-secrets
-            app.kubernetes.io/name: external-secrets
-            ## Namespace where external-secret lives. Can be removed if they're in the same namespace
-            k8s:io.kubernetes.pod.namespace: external-secrets
diff --git a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/secret.sops.yaml b/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/secret.sops.yaml
deleted file mode 100644
index 84402b167d..0000000000
--- a/kubernetes/pi/apps/external-secrets/external-secrets/bitwarden/secret.sops.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: bitwarden-cli
-stringData:
-    BW_CLIENTID: ENC[AES256_GCM,data:FGhFGVRfzXWiK6RdhGhggceSDGKil+w8SF3nT2suhiYeRtvT1ci+hxc=,iv:UeCGsZoYNu05uuhnvJtlnfElFLBTFzEzLUnNvVQ9M0s=,tag:tW0eOdC8B8QLgyAcUsFFWw==,type:str]
-    BW_CLIENTSECRET: ENC[AES256_GCM,data:Z2Z/hyh63sJx9enIDjIFRSEFFa094ta6pNkS5Mi3,iv:SGqgJSPU3thJQ81mQA0hXa5W5vqHSQTQw+RDYrLMSVo=,tag:PmXWhQoFvOWEH0mB3Yl5iQ==,type:str]
-    BW_PASSWORD: ENC[AES256_GCM,data:NA+NDpP/27H1,iv:Ozk3+jqk813G63BA3zShJt+dttJm5+VL6juExd/Cjxg=,tag:U2W764ncB3/1JSRTlHu35w==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age12v9uw8k6myrr49z9aq6jmcwa79aepu0p6p462nrv968qcae72pcspwldec
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWVR4eGJYWUJ1V0F4Z2x0
-            NW8wbFQrY1YxakY3RGtuQmozbFlyL0NqekVzCmZXNWFBdVg5RlBtdUp1dHVFWDlm
-            ZVlGOXRjUGpJRm1rMzh1ck5BSVhadmsKLS0tIGVqeE5HUnZVczl4NkJmNEJ1NVoz
-            KzRDbWFsVEpsalByQ1pKL2VsbHZuaTQKKQ+Ia4b12/kVhKvypUlf/riQuTQFh9zy
-            T/Lp0g6o1eW7KoE+tFk9QgPGYLphyXn/iVNWpz+bMTXhcgFL0qTQZA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-20T17:19:48Z"
-    mac: ENC[AES256_GCM,data:i3gXz+yey23lRKIYGX0OKqHXlcec7y12AAqexSjqz9FAq4d3+37OBCb0+JIB2BX5H9R4u4sj2o9/vwEhQORou/y+zNKwl+jtLO15oXmBT3eNjBy92qsr9UUi46CNUn/1f+9u0BCP6j7dArASPMAIuOyPSEKoEsFRV5gX1KbQYqQ=,iv:onsKrIvUAMMRPluUaIw/CmacWYBlBqIdOMUSZ2oWWN0=,tag:tv9I+kYoF8HcZphScw9/Ww==,type:str]
-    pgp: []
-    encrypted_regex: ^(data|stringData)$
-    version: 3.8.1
diff --git a/kubernetes/pi/apps/external-secrets/external-secrets/ks.yaml b/kubernetes/pi/apps/external-secrets/external-secrets/ks.yaml
index eecf1718db..4611a910f4 100644
--- a/kubernetes/pi/apps/external-secrets/external-secrets/ks.yaml
+++ b/kubernetes/pi/apps/external-secrets/external-secrets/ks.yaml
@@ -23,29 +23,6 @@ spec:
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
-metadata:
-  name: &app external-secrets-bitwarden
-  namespace: flux-system
-spec:
-  targetNamespace: external-secrets
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: external-secrets
-  path: ./kubernetes/pi/apps/external-secrets/external-secrets/bitwarden
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
----
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
 metadata:
   name: &app external-secrets-bitwarden-secrets-manager
   namespace: flux-system
diff --git a/kubernetes/teyvat/apps/flux-system/weave-gitops/app/externalsecret.yaml b/kubernetes/teyvat/apps/flux-system/weave-gitops/app/externalsecret.yaml
index 7ec5c9cd68..8d8ff7f267 100644
--- a/kubernetes/teyvat/apps/flux-system/weave-gitops/app/externalsecret.yaml
+++ b/kubernetes/teyvat/apps/flux-system/weave-gitops/app/externalsecret.yaml
@@ -15,7 +15,7 @@ spec:
       data:
         # Admin User
         username: "{{ .WEAVE_USER }}"
-        password: "{{ .WEAVE_PASS }}"
+        password: "{{ .WEAVE_PASS_ENCODED }}"
   dataFrom:
   - extract:
       key: weave-gitops
diff --git a/kubernetes/teyvat/apps/observability/thanos/app/kustomization.yaml b/kubernetes/teyvat/apps/observability/thanos/app/kustomization.yaml
index e80d0a0724..5063bccf50 100644
--- a/kubernetes/teyvat/apps/observability/thanos/app/kustomization.yaml
+++ b/kubernetes/teyvat/apps/observability/thanos/app/kustomization.yaml
@@ -4,4 +4,4 @@ kind: Kustomization
 resources:
 - ./objectbucketclaim.yaml
 - ./helmrelease.yaml
-# - ./pushsecret.yaml
+- ./pushsecret.yaml