doc: updated readme and fixed some todos

Devolutions · Feb 20, 2023 · 106c0e8 · 106c0e8
1 parent 6dc32d4
commit 106c0e8
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,32 @@
 # dvls-kubernetes-operator
-// TODO(user): Add simple overview of use/purpose
+:warning: **This operator is a work in progress, expect breaking changes between releases** :warning:
+
+Operator to sync Devolutions Server `Credential Entry - Username / Password` entries as Kubernetes Secrets
 
 ## Description
-// TODO(user): An in-depth paragraph about your project and overview of use
+This operator uses the defined custom resource DvlsSecret which manages its own Kubernetes Secret and will keep itself up to date at a defined interval (every minute by default).
+The Docker image can be found [here](https://hub.docker.com/r/devolutions/dvls-kubernetes-operator).
+
+### Operator configuration
+The following Environment Variables can be used to configure the operator :
+- `DEVO_OPERATOR_DVLS_BASEURI` (required) - DVLS instance base URI
+- `DEVO_OPERATOR_DVLS_APPID` (required) - DVLS Application ID
+- `DEVO_OPERATOR_DVLS_APPSECRET` (required) - DVLS Application Secret
+- `DEVO_OPERATOR_REQUEUE_DURATION` (optional) - Entry/Secret resync interval (default 60s). Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+
+A sample of the custom resource can be found [here](https://github.com/Devolutions/dvls-kubernetes-operator/blob/master/config/samples/dvls_v1alpha1_dvlssecret.yaml).
+The entry ID can be fetched by going in the entry properties, `Advanced -> Session ID`.
+
+### Devolutions Server configuration
+We recommend creating an [Application ID](https://helpserver.devolutions.net/webinterface_applications.html?q=application) specifically to be used with the Operator that has [minimal access to a vault](https://helpserver.devolutions.net/vaults_applications.html?q=application) that only contains the secrets to be synchronized.
+
+Only `Credential Entry - Username / Password` entries are supported at the moment. The following entry data is available per secret :
+- entry name
+- username
+- password
+
+### Kubernetes configuration
+Since this operator uses Kubernetes Secrets, it is recommended that you follow [best practices](https://kubernetes.io/docs/concepts/security/secrets-good-practices/) surrounding secrets, especially [encryption at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
 
 ## Getting Started
 You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.
@@ -42,7 +66,6 @@ make undeploy
 ```
 
 ## Contributing
-// TODO(user): Add detailed information on how you would like others to contribute to this project
 
 ### How it works
 This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)

diff --git a/api/v1alpha1/dvlssecret_types.go b/api/v1alpha1/dvlssecret_types.go
@@ -29,8 +29,6 @@ type DvlsSecretSpec struct {
 	// Important: Run "make" to regenerate code after modifying this file
 
 	EntryID string `json:"entryId"` // entry id on dvls
-	// SecretName string `json:"secretName"` // secret name on kubernetes
-	// Namespace  string `json:"namespace"`  // secret namespace on kubernetes
 }
 
 // DvlsSecretStatus defines the observed state of DvlsSecret

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -58,13 +58,8 @@ spec:
       #               - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - /manager
@@ -89,14 +84,11 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
         resources:
           limits:
-            cpu: 500m
             memory: 128Mi
           requests:
-            cpu: 10m
+            cpu: 100m
             memory: 64Mi
         env:
           - name: DEVO_OPERATOR_DVLS_APPID

diff --git a/config/samples/dvls_v1alpha1_dvlssecret.yaml b/config/samples/dvls_v1alpha1_dvlssecret.yaml
@@ -9,5 +9,4 @@ metadata:
     app.kubernetes.io/created-by: dvls-kubernetes-operator
   name: dvlssecret-sample
 spec:
-  # TODO(user): Add fields here
-  entryId: (entry id)
+  entryId: 00000000-0000-0000-0000-000000000000
diff --git a/controllers/dvlssecret_controller.go b/controllers/dvlssecret_controller.go
@@ -66,13 +66,6 @@ type DvlsSecretReconciler struct {
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the DvlsSecret object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
-//
-// For more details, check Reconcile and its Result here:
-// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
 func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx)