1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-21 23:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Making casing of annotations consistent

Browse Source
This commit is contained in:
jillianwilson
2021-04-07 17:18:23 -03:00
parent 990ac86297
commit 62ca0c25fd
6 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@@ -128,15 +128,15 @@ kind: Deployment
metadata: metadata:
name: deployment-example name: deployment-example
annotations: annotations:
onepasswordoperator/item-path: "vaults/{vault_id_or_title}/items/{item_id_or_title}" operator.1password.io/item-path: "vaults/{vault_id_or_title}/items/{item_id_or_title}"
onepasswordoperator/item-name: "{secret_name}" operator.1password.io/item-name: "{secret_name}"
``` ```
Applying this yaml file will create a Kubernetes Secret with the name `{secret_name}` and contents from the location specified at the specified Item Path. Applying this yaml file will create a Kubernetes Secret with the name `{secret_name}` and contents from the location specified at the specified Item Path.
Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `onepasswordoperator./item-path` and `onepasswordoperator/item-name` and no other deployment is using the secret. Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-path` and `operator.1password.io/item-name` and no other deployment is using the secret.
If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `onepasswordconnectoperator:ignore_secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes. If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `operator.1password.io:ignore-secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes.
--- ---
**NOTE** **NOTE**
@@ -147,44 +147,44 @@ If multiple 1Password vaults/items have the same `title` when using a title in t
### Configuring Automatic Rolling Restarts of Deployments ### Configuring Automatic Rolling Restarts of Deployments
If a 1Password Item that is linked to a Kubernetes Secret is updated, any deployments configured to `auto_restart` AND are using that secret will be given a rolling restart the next time 1Password Connect is polled for updates. If a 1Password Item that is linked to a Kubernetes Secret is updated, any deployments configured to `auto-restart` AND are using that secret will be given a rolling restart the next time 1Password Connect is polled for updates.
There are many levels of granularity on which to configure auto restarts on deployments: at the operator level, per-namespace, or per-deployment. There are many levels of granularity on which to configure auto restarts on deployments: at the operator level, per-namespace, or per-deployment.
**On the operator**: This method allows for managing auto restarts on all deployments within the namespaces watched by operator. Auto restarts can be enabled by setting the environemnt variable `AUTO_RESTART` to true. If the value is not set, the operator will default this value to false. **On the operator**: This method allows for managing auto restarts on all deployments within the namespaces watched by operator. Auto restarts can be enabled by setting the environemnt variable `AUTO_RESTART` to true. If the value is not set, the operator will default this value to false.
**Per Namespace**: This method allows for managing auto restarts on all deployments within a namespace. Auto restarts can by managed by setting the annotation `onepasswordoperator/auto_restart` to either `true` or `false` on the desired namespace. An example of this is shown below: **Per Namespace**: This method allows for managing auto restarts on all deployments within a namespace. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired namespace. An example of this is shown below:
```yaml ```yaml
# enabled auto restarts for all deployments within a namespace unless overwritten within a deployment # enabled auto restarts for all deployments within a namespace unless overwritten within a deployment
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: "example-namespace" name: "example-namespace"
onepasswordoperator/auto_restart: "true" operator.1password.io/auto-restart: "true"
``` ```
If the value is not set, the auto reset settings on the operator will be used. This value can be overwritten by deployment. If the value is not set, the auto reset settings on the operator will be used. This value can be overwritten by deployment.
**Per Deployment** **Per Deployment**
This method allows for managing auto restarts on a given deployment. Auto restarts can by managed by setting the annotation `onepasswordoperator/auto_restart` to either `true` or `false` on the desired deployment. An example of this is shown below: This method allows for managing auto restarts on a given deployment. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired deployment. An example of this is shown below:
```yaml ```yaml
# enabled auto restarts for the deployment # enabled auto restarts for the deployment
apiVersion: v1 apiVersion: v1
kind: Deployment kind: Deployment
metadata: metadata:
name: "example-deployment" name: "example-deployment"
onepasswordoperator/auto_restart: "true" operator.1password.io/auto-restart: "true"
``` ```
If the value is not set, the auto reset settings on the namespace will be used. If the value is not set, the auto reset settings on the namespace will be used.
**Per OnePasswordItem Custom Resource** **Per OnePasswordItem Custom Resource**
This method allows for managing auto restarts on a given OnePasswordItem custom resource. Auto restarts can by managed by setting the annotation `onepasswordoperator/auto_restart` to either `true` or `false` on the desired OnePasswordItem. An example of this is shown below: This method allows for managing auto restarts on a given OnePasswordItem custom resource. Auto restarts can by managed by setting the annotation `operator.1password.io/auto_restart` to either `true` or `false` on the desired OnePasswordItem. An example of this is shown below:
```yaml ```yaml
# enabled auto restarts for the OnePasswordItem # enabled auto restarts for the OnePasswordItem
apiVersion: onepassword.com/v1 apiVersion: onepassword.com/v1
kind: OnePasswordItem kind: OnePasswordItem
metadata: metadata:
name: example name: example
onepasswordoperator/auto_restart: "true" operator.1password.io/auto-restart: "true"
``` ```
If the value is not set, the auto reset settings on the deployment will be used. If the value is not set, the auto reset settings on the deployment will be used.

2
pkg/controller/deployment/deployment_controller.go
View File

@@ -28,7 +28,7 @@ import (
var log = logf.Log.WithName("controller_deployment") var log = logf.Log.WithName("controller_deployment")
var finalizer = "onepassword.com/finalizer.secret" var finalizer = "onepassword.com/finalizer.secret"
const annotationRegExpString = "^onepasswordoperator\\/[a-zA-Z\\.]+" const annotationRegExpString = "^operator.1password.io\\/[a-zA-Z\\.]+"
func Add(mgr manager.Manager, opConnectClient connect.Client) error { func Add(mgr manager.Manager, opConnectClient connect.Client) error {
return add(mgr, newReconciler(mgr, opConnectClient)) return add(mgr, newReconciler(mgr, opConnectClient))

6
pkg/kubernetessecrets/kubernetes_secrets_builder.go
View File

@@ -14,12 +14,12 @@ import (
logf "sigs.k8s.io/controller-runtime/pkg/log" logf "sigs.k8s.io/controller-runtime/pkg/log"
) )
const OnepasswordPrefix = "onepasswordoperator" const OnepasswordPrefix = "operator.1password.io"
const NameAnnotation = OnepasswordPrefix + "/item-name" const NameAnnotation = OnepasswordPrefix + "/item-name"
const VersionAnnotation = OnepasswordPrefix + "/item-version" const VersionAnnotation = OnepasswordPrefix + "/item-version"
const restartAnnotation = OnepasswordPrefix + "/lastRestarted" const restartAnnotation = OnepasswordPrefix + "/last-restarted"
const ItemPathAnnotation = OnepasswordPrefix + "/item-path" const ItemPathAnnotation = OnepasswordPrefix + "/item-path"
const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto_restart" const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart"
var log = logf.Log var log = logf.Log

6
pkg/onepassword/annotations.go
View File

@@ -8,12 +8,12 @@ import (
) )
const ( const (
OnepasswordPrefix = "onepasswordoperator" OnepasswordPrefix = "operator.1password.io"
ItemPathAnnotation = OnepasswordPrefix + "/item-path" ItemPathAnnotation = OnepasswordPrefix + "/item-path"
NameAnnotation = OnepasswordPrefix + "/item-name" NameAnnotation = OnepasswordPrefix + "/item-name"
VersionAnnotation = OnepasswordPrefix + "/item-version" VersionAnnotation = OnepasswordPrefix + "/item-version"
RestartAnnotation = OnepasswordPrefix + "/lastRestarted" RestartAnnotation = OnepasswordPrefix + "/last-restarted"
RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto_restart" RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart"
) )
func GetAnnotationsForDeployment(deployment *appsv1.Deployment, regex *regexp.Regexp) (map[string]string, bool) { func GetAnnotationsForDeployment(deployment *appsv1.Deployment, regex *regexp.Regexp) (map[string]string, bool) {

2
pkg/onepassword/annotations_test.go
View File

@@ -7,7 +7,7 @@ import (
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
) )
const AnnotationRegExpString = "^onepasswordoperator\\/[a-zA-Z\\.]+" const AnnotationRegExpString = "^operator.1password.io\\/[a-zA-Z\\.]+"
func TestFilterAnnotations(t *testing.T) { func TestFilterAnnotations(t *testing.T) {
invalidAnnotation1 := "onepasswordconnect/vaultId" invalidAnnotation1 := "onepasswordconnect/vaultId"

2
pkg/onepassword/secret_update_handler.go
View File

@@ -17,7 +17,7 @@ import (
) )
const envHostVariable = "OP_HOST" const envHostVariable = "OP_HOST"
const lockTag = "onepasswordconnectoperator:ignore_secret" const lockTag = "operator.1password.io:ignore-secret"
var log = logf.Log.WithName("update_op_kubernetes_secrets_task") var log = logf.Log.WithName("update_op_kubernetes_secrets_task")