Yesterday I tried to manually bridge Bitwarden and Kubernetes with certificates… a total mess. By the way, I complained that you have very poor documentation, but obviously some “clever” person deleted the post… and I was writing…
Today I did it with “helm”
but for some reason I don’t understand, it doesn’t work:
I understand that the token on my machine is incorrect… or it never actually worked. I regenerated it and it still doesn’t work.
This doesn’t seem to be my problem anymore. You should look into it.
- Manual method (a mess)
- Create the Bitwarden access token as a secret in Kubernetes
Manual command to create the secret with the Bitwarden token. - Install External Secrets Operator and the SDK Server
Deploy both resources, ensuring the SDK Server is up and accessible. - Generate a self-signed certificate
Create a TLS certificate with the correct CN and SAN.
Create a Kubernetes secret with tls.crt, tls.key, and ca.crt (three required keys). - Extract the certificate in base64
Encode the certificate and paste it into the caBundle field of the manifest. - Write and apply the SecretStore and ExternalSecret manifests
Configure URLs, IDs, referrers, and the CA bundle correctly. - Check and troubleshoot errors
tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
x509 → invalid certificate.
Deal with DNS errors, missing keys, ports, certificates, and SAN policies.
…I left it here, not working.
- Helm method
Imgur: The magic of the Internet
Could someone tell me if the bridge between the token machine and Kubernetes isn’t broken?