Webhook that injects secrets into pods

2025-10-22 15:38:06 +00:00 · 2021-10-14 13:06:07 -03:00
parent a5f4a7a0c1
commit a8e6a4a4f1
117 changed files with 30234 additions and 7078 deletions
--- a/secret-injector/deploy/deployment.yaml
+++ b/secret-injector/deploy/deployment.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: op-secret-injector-webhook-deployment
+  namespace: op-secret-injector
+  labels:
+    app: op-secret-injector
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: op-secret-injector
+  template:
+    metadata:
+      labels:
+        app: op-secret-injector
+    spec:
+      containers:
+        - name: op-secret-injector
+          image: local/onepassword-secrets-injector:v1.1.0
+          imagePullPolicy: Never
+          args:
+          - -tlsCertFile=/etc/webhook/certs/cert.pem
+          - -tlsKeyFile=/etc/webhook/certs/key.pem
+          - -alsologtostderr
+          - -v=4
+          - 2>&1
+          env:
+          - name: OP_CONNECT_HOST
+            value: http://onepassword-connect:8080/
+          - name: OP_CONNECT_TOKEN_NAME
+            value: onepassword-token
+          - name: OP_CONNECT_TOKEN_KEY
+            value: token
+          volumeMounts:
+          - name: webhook-certs
+            mountPath: /etc/webhook/certs
+            readOnly: true
+      volumes:
+      - name: webhook-certs
+        secret:
+          secretName: op-secret-injector-webhook-certs