Webhook that injects secrets into pods

2025-10-22 23:48:05 +00:00 · 2021-10-14 13:06:07 -03:00
parent a5f4a7a0c1
commit a8e6a4a4f1
117 changed files with 30234 additions and 7078 deletions
--- a/secret-injector/app_example.yaml
+++ b/secret-injector/app_example.yaml
@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: app-example
+spec:
+  type: NodePort
+  selector:
+    app: app-example
+  ports:
+    - port: 5000
+      name: app-example
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app-example
+spec:
+  selector:
+    matchLabels:
+      app: app-example
+  template:
+    metadata:
+      annotations:
+        operator.1password.io/inject: "app-example"
+      labels:
+        app: app-example
+    spec:
+      containers:
+        - name: app-example
+          command: ["./example"]
+          image: connect-app-example:latest
+          imagePullPolicy: Never
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "0.2"
+          ports:
+            - containerPort: 5000
+          env:
+            - name: OP_VAULT
+              value: ApplicationConfiguration
+            - name: APP_TITLE
+              value: op://ApplicationConfiguration/Webapp/title
+            - name: BUTTON_TEXT
+              value: op://ApplicationConfiguration/Webapp/action
+            - name: OP_CONNECT_HOST
+              value: http://onepassword-connect:8080/
+            - name: OP_CONNECT_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: onepassword-token
+                  key: token