1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-31 11:49:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
78ec743a6dab2d354075fce7e856912dd9235ed6
onepassword-operator/config/connect/deployment.yaml

92 lines
2.5 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: onepassword-connect
spec:
selector:
matchLabels:
app: onepassword-connect
template:
metadata:
labels:
app: onepassword-connect
version: "1.0.0"
spec:
securityContext:
runAsNonRoot: true
fsGroup: 999
fsGroupChangePolicy: OnRootMismatch
volumes:
- name: shared-data
emptyDir: {}
- name: credentials
secret:
secretName: op-credentials
initContainers:
- name: sqlite-permissions
image: alpine:3.12
command:
- "/bin/sh"
- "-c"
args:
- "mkdir -p /home/opuser/.op/data && chown -R 999 /home/opuser && chmod -R 700 /home/opuser && chmod -f -R 600 /home/opuser/.op/config || :"
volumeMounts:
- mountPath: /home/opuser/.op/data
name: shared-data
securityContext:
runAsUser: 0
runAsNonRoot: false
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
add: ["CHOWN", "FOWNER"]
containers:
- name: connect-api
image: 1password/connect-api:latest
securityContext:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
allowPrivilegeEscalation: false
resources:
limits:
memory: "128Mi"
requests:
cpu: "0.2"
ports:
- containerPort: 8080
env:
- name: OP_SESSION
valueFrom:
secretKeyRef:
name: op-credentials
key: op-session
volumeMounts:
- mountPath: /home/opuser/.op/data
name: shared-data
- name: connect-sync
image: 1password/connect-sync:latest
securityContext:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
allowPrivilegeEscalation: false
resources:
limits:
memory: "128Mi"
requests:
cpu: "0.2"
ports:
- containerPort: 8081
env:
- name: OP_HTTP_PORT
value: "8081"
- name: OP_SESSION
valueFrom:
secretKeyRef:
name: op-credentials
key: op-session
volumeMounts:
- mountPath: /home/opuser/.op/data
name: shared-data
Reference in New Issue View Git Blame Copy Permalink