Here we go, writing yaml because the chart doesn't work

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>

apps-kustomized/1password-connect/crd.yaml

@@ -0,0 +1,73 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: onepassworditems.onepassword.com
+spec:
+  conversion:
+    strategy: None
+  group: onepassword.com
+  names:
+    kind: OnePasswordItem
+    listKind: OnePasswordItemList
+    plural: onepassworditems
+    singular: onepassworditem
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: OnePasswordItem is the Schema for the onepassworditems API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OnePasswordItemSpec defines the desired state of OnePasswordItem
+            properties:
+              itemPath:
+                type: string
+            type: object
+          status:
+            description: OnePasswordItemStatus defines the observed state of OnePasswordItem
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transit from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: Human-readable message indicating details about
+                        last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition, Completed.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+            required:
+            - conditions
+            type: object
+          type:
+            description: 'Kubernetes secret type. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types'
+            type: string
+        type: object
+    served: true
+    storage: true

apps-kustomized/1password-connect/deploy.yaml

@@ -0,0 +1,142 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "1"
+  labels:
+    app.kubernetes.io/component: connect
+    app.kubernetes.io/instance: 1password-connect
+    app.kubernetes.io/name: connect
+    app.kubernetes.io/version: 1.7.2
+    helm.sh/chart: connect-1.14.0
+  name: onepassword-connect
+  namespace: 1password
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: onepassword-connect
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: onepassword-connect
+        app.kubernetes.io/component: connect
+        version: 1.7.2
+    spec:
+      containers:
+      - env:
+        - name: OP_SESSION
+          valueFrom:
+            secretKeyRef:
+              key: 1password-credentials.json
+              name: op-credentials
+        - name: OP_BUS_PORT
+          value: "11220"
+        - name: OP_BUS_PEERS
+          value: localhost:11221
+        - name: OP_HTTP_PORT
+          value: "8080"
+        - name: OP_LOG_LEVEL
+          value: info
+        image: 1password/connect-api:1.7.2
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /heartbeat
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 30
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: connect-api
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsGroup: 999
+          runAsUser: 999
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /home/opuser/.op/data
+          name: shared-data
+      - env:
+        - name: OP_HTTP_PORT
+          value: "8081"
+        - name: OP_SESSION
+          valueFrom:
+            secretKeyRef:
+              key: 1password-credentials.json
+              name: op-credentials
+        - name: OP_BUS_PORT
+          value: "11221"
+        - name: OP_BUS_PEERS
+          value: localhost:11220
+        - name: OP_LOG_LEVEL
+          value: info
+        image: 1password/connect-sync:1.7.2
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /heartbeat
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 30
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: connect-sync
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /health
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsGroup: 999
+          runAsUser: 999
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /home/opuser/.op/data
+          name: shared-data
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: ""
+      tolerations:
+      - key: "node-role.kubernetes.io/control-plane"
+        operator: "Exists"
+        effect: "NoSchedule"
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: shared-data
+      - name: credentials
+        secret:
+          defaultMode: 420
+          secretName: op-credentials

apps-kustomized/1password-connect/service.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: connect
+    app.kubernetes.io/instance: 1password-connect
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: connect
+    app.kubernetes.io/version: 1.7.2
+    helm.sh/chart: connect-1.14.0
+  name: onepassword-connect
+  namespace: 1password
+spec:
+  clusterIP: 10.98.124.125
+  clusterIPs:
+  - 10.98.124.125
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: connect-sync
+    nodePort: 30656
+    port: 8081
+  - name: connect-api
+    nodePort: 31060
+    port: 8080
+  selector:
+    app: onepassword-connect
+  type: NodePort