Adding configuration for auto rolling restart on deployments

- Locked secrets will not trigger rolling restarts of deployments - Configure restart of deployments via operator environment variables, namespace annotations, or deployment annotations - Updating permissions examples to include the ability to list namespaces - Updated readme to reflect additional cofiguration options
2025-10-22 07:28:06 +00:00 · 2021-01-13 14:02:00 -04:00
parent d0eafd93ab
commit e2fc9e228e
10 changed files with 494 additions and 49 deletions
--- a/deploy/operator.yaml
+++ b/deploy/operator.yaml
@@ -35,3 +35,5 @@ spec:
                secretKeyRef:
                  name: onepassword-token
                  key: token
+            - name: AUTO_RESTART
+              value: "false"
--- a/deploy/operator_multi_namespace_example.yaml
+++ b/deploy/operator_multi_namespace_example.yaml
@@ -16,9 +16,7 @@ spec:
      containers:
        - name: onepassword-connect-operator
          image: 1password/onepassword-operator
-          command:
-          - onepassword-connect-operator
-          imagePullPolicy: Never
+          command: ["/manager"]
          env:
            - name: WATCH_NAMESPACE
              value: "default,development"
@@ -29,7 +27,7 @@ spec:
            - name: OPERATOR_NAME
              value: "onepassword-connect-operator"
            - name: OP_CONNECT_HOST
-              value: "http://secret-service:8080"
+              value: "http://onepassword-connect:8080"
            - name: POLLING_INTERVAL
              value: "10"
            - name: OP_CONNECT_TOKEN
@@ -37,3 +35,5 @@ spec:
                secretKeyRef:
                  name: onepassword-token
                  key: token
+            - name: AUTO_RESTART
+              value: "false"
--- a/deploy/permissions.yaml
+++ b/deploy/permissions.yaml
@@ -3,7 +3,7 @@ kind: ServiceAccount
 metadata:
  name: onepassword-connect-operator
 ---
-kind: RoleBinding
+kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: onepassword-connect-operator-default
@@ -13,12 +13,12 @@ subjects:
  name: onepassword-connect-operator
  namespace: default
 roleRef:
-  kind: Role
+  kind: ClusterRole
  name: onepassword-connect-operator
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
  creationTimestamp: null
  name: onepassword-connect-operator
@@ -34,6 +34,7 @@ rules:
  - events
  - configmaps
  - secrets
+  - namespaces
  verbs:
  - create
  - delete
--- a/deploy/permissions_multi_namespace_example.yaml
+++ b/deploy/permissions_multi_namespace_example.yaml
@@ -3,7 +3,7 @@ kind: ServiceAccount
 metadata:
  name: onepassword-connect-operator
 ---
-kind: RoleBinding
+kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: onepassword-connect-operator-default
@@ -17,7 +17,7 @@ roleRef:
  name: onepassword-connect-operator
  apiGroup: rbac.authorization.k8s.io
 ---
-kind: RoleBinding
+kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: onepassword-connect-operator-development
@@ -48,6 +48,7 @@ rules:
  - events
  - configmaps
  - secrets
+  - namespaces
  verbs:
  - create
  - delete