|
|
|
|
@@ -128,15 +128,15 @@ kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: deployment-example
|
|
|
|
|
annotations:
|
|
|
|
|
onepasswordoperator/item-path: "vaults/{vault_id_or_title}/items/{item_id_or_title}"
|
|
|
|
|
onepasswordoperator/item-name: "{secret_name}"
|
|
|
|
|
operator.1password.io/item-path: "vaults/{vault_id_or_title}/items/{item_id_or_title}"
|
|
|
|
|
operator.1password.io/item-name: "{secret_name}"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Applying this yaml file will create a Kubernetes Secret with the name `{secret_name}` and contents from the location specified at the specified Item Path.
|
|
|
|
|
|
|
|
|
|
Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `onepasswordoperator./item-path` and `onepasswordoperator/item-name` and no other deployment is using the secret.
|
|
|
|
|
Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-path` and `operator.1password.io/item-name` and no other deployment is using the secret.
|
|
|
|
|
|
|
|
|
|
If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `onepasswordconnectoperator:ignore_secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes.
|
|
|
|
|
If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `operator.1password.io:ignore-secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
**NOTE**
|
|
|
|
|
@@ -147,44 +147,44 @@ If multiple 1Password vaults/items have the same `title` when using a title in t
|
|
|
|
|
|
|
|
|
|
### Configuring Automatic Rolling Restarts of Deployments
|
|
|
|
|
|
|
|
|
|
If a 1Password Item that is linked to a Kubernetes Secret is updated, any deployments configured to `auto_restart` AND are using that secret will be given a rolling restart the next time 1Password Connect is polled for updates.
|
|
|
|
|
If a 1Password Item that is linked to a Kubernetes Secret is updated, any deployments configured to `auto-restart` AND are using that secret will be given a rolling restart the next time 1Password Connect is polled for updates.
|
|
|
|
|
|
|
|
|
|
There are many levels of granularity on which to configure auto restarts on deployments: at the operator level, per-namespace, or per-deployment.
|
|
|
|
|
|
|
|
|
|
**On the operator**: This method allows for managing auto restarts on all deployments within the namespaces watched by operator. Auto restarts can be enabled by setting the environemnt variable `AUTO_RESTART` to true. If the value is not set, the operator will default this value to false.
|
|
|
|
|
|
|
|
|
|
**Per Namespace**: This method allows for managing auto restarts on all deployments within a namespace. Auto restarts can by managed by setting the annotation `onepasswordoperator/auto_restart` to either `true` or `false` on the desired namespace. An example of this is shown below:
|
|
|
|
|
**Per Namespace**: This method allows for managing auto restarts on all deployments within a namespace. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired namespace. An example of this is shown below:
|
|
|
|
|
```yaml
|
|
|
|
|
# enabled auto restarts for all deployments within a namespace unless overwritten within a deployment
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Namespace
|
|
|
|
|
metadata:
|
|
|
|
|
name: "example-namespace"
|
|
|
|
|
onepasswordoperator/auto_restart: "true"
|
|
|
|
|
operator.1password.io/auto-restart: "true"
|
|
|
|
|
```
|
|
|
|
|
If the value is not set, the auto reset settings on the operator will be used. This value can be overwritten by deployment.
|
|
|
|
|
|
|
|
|
|
**Per Deployment**
|
|
|
|
|
This method allows for managing auto restarts on a given deployment. Auto restarts can by managed by setting the annotation `onepasswordoperator/auto_restart` to either `true` or `false` on the desired deployment. An example of this is shown below:
|
|
|
|
|
This method allows for managing auto restarts on a given deployment. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired deployment. An example of this is shown below:
|
|
|
|
|
```yaml
|
|
|
|
|
# enabled auto restarts for the deployment
|
|
|
|
|
apiVersion: v1
|
|
|
|
|
kind: Deployment
|
|
|
|
|
metadata:
|
|
|
|
|
name: "example-deployment"
|
|
|
|
|
onepasswordoperator/auto_restart: "true"
|
|
|
|
|
operator.1password.io/auto-restart: "true"
|
|
|
|
|
```
|
|
|
|
|
If the value is not set, the auto reset settings on the namespace will be used.
|
|
|
|
|
|
|
|
|
|
**Per OnePasswordItem Custom Resource**
|
|
|
|
|
This method allows for managing auto restarts on a given OnePasswordItem custom resource. Auto restarts can by managed by setting the annotation `onepasswordoperator/auto_restart` to either `true` or `false` on the desired OnePasswordItem. An example of this is shown below:
|
|
|
|
|
This method allows for managing auto restarts on a given OnePasswordItem custom resource. Auto restarts can by managed by setting the annotation `operator.1password.io/auto_restart` to either `true` or `false` on the desired OnePasswordItem. An example of this is shown below:
|
|
|
|
|
```yaml
|
|
|
|
|
# enabled auto restarts for the OnePasswordItem
|
|
|
|
|
apiVersion: onepassword.com/v1
|
|
|
|
|
kind: OnePasswordItem
|
|
|
|
|
metadata:
|
|
|
|
|
name: example
|
|
|
|
|
onepasswordoperator/auto_restart: "true"
|
|
|
|
|
operator.1password.io/auto-restart: "true"
|
|
|
|
|
```
|
|
|
|
|
If the value is not set, the auto reset settings on the deployment will be used.
|
|
|
|
|
|
|
|
|
|
|
jillianwilson