mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-26 09:20:45 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			135 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			135 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| apiVersion: v1
 | |
| kind: Namespace
 | |
| metadata:
 | |
|   labels:
 | |
|     control-plane: onepassword-connect-operator
 | |
|     app.kubernetes.io/name: namespace
 | |
|     app.kubernetes.io/instance: system
 | |
|     app.kubernetes.io/component: manager
 | |
|     app.kubernetes.io/created-by: onepassword-connect-operator
 | |
|     app.kubernetes.io/part-of: onepassword-connect-operator
 | |
|     app.kubernetes.io/managed-by: kustomize
 | |
|   name: system
 | |
| ---
 | |
| apiVersion: apps/v1
 | |
| kind: Deployment
 | |
| metadata:
 | |
|   name: onepassword-connect-operator
 | |
|   namespace: system
 | |
|   labels:
 | |
|     control-plane: controller-manager
 | |
|     app.kubernetes.io/name: deployment
 | |
|     app.kubernetes.io/instance: controller-manager
 | |
|     app.kubernetes.io/component: manager
 | |
|     app.kubernetes.io/created-by: onepassword-connect-operator
 | |
|     app.kubernetes.io/part-of: onepassword-connect-operator
 | |
|     app.kubernetes.io/managed-by: kustomize
 | |
| spec:
 | |
|   selector:
 | |
|     matchLabels:
 | |
|       name: onepassword-connect-operator
 | |
|       control-plane: onepassword-connect-operator
 | |
|   replicas: 1
 | |
|   template:
 | |
|     metadata:
 | |
|       annotations:
 | |
|         kubectl.kubernetes.io/default-container: manager
 | |
|       labels:
 | |
|         name: onepassword-connect-operator
 | |
|         control-plane: onepassword-connect-operator
 | |
|     spec:
 | |
|       # TODO(user): Uncomment the following code to configure the nodeAffinity expression
 | |
|       # according to the platforms which are supported by your solution.
 | |
|       # It is considered best practice to support multiple architectures. You can
 | |
|       # build your manager image using the makefile target docker-buildx.
 | |
|       # affinity:
 | |
|       #   nodeAffinity:
 | |
|       #     requiredDuringSchedulingIgnoredDuringExecution:
 | |
|       #       nodeSelectorTerms:
 | |
|       #         - matchExpressions:
 | |
|       #           - key: kubernetes.io/arch
 | |
|       #             operator: In
 | |
|       #             values:
 | |
|       #               - amd64
 | |
|       #               - arm64
 | |
|       #               - ppc64le
 | |
|       #               - s390x
 | |
|       #           - key: kubernetes.io/os
 | |
|       #             operator: In
 | |
|       #             values:
 | |
|       #               - linux
 | |
|       securityContext:
 | |
|         runAsNonRoot: true
 | |
|         # TODO(user): For common cases that do not require escalating privileges
 | |
|         # it is recommended to ensure that all your Pods/Containers are restrictive.
 | |
|         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 | |
|         # Please uncomment the following code if your project does NOT have to work on old Kubernetes
 | |
|         # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
 | |
|         # seccompProfile:
 | |
|         #   type: RuntimeDefault
 | |
|       containers:
 | |
|       - command:
 | |
|         - /manager
 | |
|         args:
 | |
|         - --leader-elect
 | |
|         - --health-probe-bind-address=:8081
 | |
|         image: 1password/onepassword-operator:latest
 | |
|         imagePullPolicy: Never
 | |
|         name: manager
 | |
|         env:
 | |
|           - name: OPERATOR_NAME
 | |
|             value: "onepassword-connect-operator"
 | |
|           - name: POD_NAME
 | |
|             valueFrom:
 | |
|               fieldRef:
 | |
|                 fieldPath: metadata.name
 | |
|           - name: WATCH_NAMESPACE
 | |
|             value: "default"
 | |
|           - name: POLLING_INTERVAL
 | |
|             value: "10"
 | |
|           - name: AUTO_RESTART
 | |
|             value: "false"
 | |
|           - name: OP_CONNECT_HOST
 | |
|             value: "http://onepassword-connect:8080"
 | |
|           - name: OP_CONNECT_TOKEN
 | |
|             valueFrom:
 | |
|               secretKeyRef:
 | |
|                 name: onepassword-token
 | |
|                 key: token
 | |
|           - name: MANAGE_CONNECT
 | |
|             value: "true"
 | |
| #            Uncomment the following lines to enable service account token and comment out the OP_CONNECT_TOKEN, OP_CONNECT_HOST and MANAGE_CONNECT env vars.
 | |
| #          - name: OP_SERVICE_ACCOUNT_TOKEN
 | |
| #            valueFrom:
 | |
| #              secretKeyRef:
 | |
| #                name: onepassword-service-account-token
 | |
| #                key: token
 | |
|         securityContext:
 | |
|           allowPrivilegeEscalation: false
 | |
|           capabilities:
 | |
|             drop:
 | |
|             - "ALL"
 | |
|         livenessProbe:
 | |
|           httpGet:
 | |
|             path: /healthz
 | |
|             port: 8081
 | |
|           initialDelaySeconds: 15
 | |
|           periodSeconds: 20
 | |
|         readinessProbe:
 | |
|           httpGet:
 | |
|             path: /readyz
 | |
|             port: 8081
 | |
|           initialDelaySeconds: 5
 | |
|           periodSeconds: 10
 | |
|         # TODO(user): Configure the resources accordingly based on the project requirements.
 | |
|         # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | |
|         resources:
 | |
|           limits:
 | |
|             cpu: 500m
 | |
|             memory: 512Mi
 | |
|           requests:
 | |
|             cpu: 100m
 | |
|             memory: 128Mi
 | |
|       serviceAccountName: onepassword-connect-operator
 | |
|       terminationGracePeriodSeconds: 10
 | 
