mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-23 07:58:04 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			84 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			84 lines
		
	
	
		
			2.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| apiVersion: apps/v1
 | |
| kind: Deployment
 | |
| metadata:
 | |
|   name: onepassword-connect-operator
 | |
|   namespace: system
 | |
|   labels:
 | |
|     name: onepassword-connect-operator
 | |
| spec:
 | |
|   selector:
 | |
|     matchLabels:
 | |
|       name: onepassword-connect-operator
 | |
|   replicas: 1
 | |
|   template:
 | |
|     metadata:
 | |
|       annotations:
 | |
|         kubectl.kubernetes.io/default-container: manager
 | |
|       labels:
 | |
|         name: onepassword-connect-operator
 | |
|     spec:
 | |
|       securityContext:
 | |
|         runAsNonRoot: true
 | |
|         # TODO(user): For common cases that do not require escalating privileges
 | |
|         # it is recommended to ensure that all your Pods/Containers are restrictive.
 | |
|         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 | |
|         # Please uncomment the following code if your project does NOT have to work on old Kubernetes
 | |
|         # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
 | |
|         # seccompProfile:
 | |
|         #   type: RuntimeDefault
 | |
|       containers:
 | |
|       - command:
 | |
|         - /manager
 | |
|         args:
 | |
|         - --leader-elect
 | |
|         image: 1password/onepassword-operator:latest
 | |
|         name: manager
 | |
|         env:
 | |
|           - name: WATCH_NAMESPACE
 | |
|             value: "default"
 | |
|           - name: POD_NAME
 | |
|             valueFrom:
 | |
|               fieldRef:
 | |
|                 fieldPath: metadata.name
 | |
|           - name: OPERATOR_NAME
 | |
|             value: "onepassword-connect-operator"
 | |
|           - name: OP_CONNECT_HOST
 | |
|             value: "http://onepassword-connect:8080"
 | |
|           - name: POLLING_INTERVAL
 | |
|             value: "10"
 | |
|           - name: OP_CONNECT_TOKEN
 | |
|             valueFrom:
 | |
|               secretKeyRef:
 | |
|                 name: onepassword-token
 | |
|                 key: token
 | |
|           - name: AUTO_RESTART
 | |
|             value: "false"
 | |
|         securityContext:
 | |
|           allowPrivilegeEscalation: false
 | |
|           capabilities:
 | |
|             drop:
 | |
|               - "ALL"
 | |
|         livenessProbe:
 | |
|           httpGet:
 | |
|             path: /healthz
 | |
|             port: 8081
 | |
|           initialDelaySeconds: 15
 | |
|           periodSeconds: 20
 | |
|         readinessProbe:
 | |
|           httpGet:
 | |
|             path: /readyz
 | |
|             port: 8081
 | |
|           initialDelaySeconds: 5
 | |
|           periodSeconds: 10
 | |
|         # TODO(user): Configure the resources accordingly based on the project requirements.
 | |
|         # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 | |
|         resources:
 | |
|           limits:
 | |
|             cpu: 500m
 | |
|             memory: 128Mi
 | |
|           requests:
 | |
|             cpu: 10m
 | |
|             memory: 64Mi
 | |
|       serviceAccountName: onepassword-connect-operator
 | |
|       terminationGracePeriodSeconds: 10
 | 
