From 1c9f6428a247da0f62b79d32eb41131e5b0693ec Mon Sep 17 00:00:00 2001 From: Martyn Ranyard Date: Sun, 12 Nov 2023 19:07:27 +0100 Subject: [PATCH] Here we go, writing yaml because the chart doesn't work Signed-off-by: Martyn Ranyard --- apps-kustomized/1password-connect/crd.yaml | 73 +++++++++ apps-kustomized/1password-connect/deploy.yaml | 142 ++++++++++++++++++ .../1password-connect/service.yaml | 30 ++++ 3 files changed, 245 insertions(+) create mode 100644 apps-kustomized/1password-connect/crd.yaml create mode 100644 apps-kustomized/1password-connect/deploy.yaml create mode 100644 apps-kustomized/1password-connect/service.yaml diff --git a/apps-kustomized/1password-connect/crd.yaml b/apps-kustomized/1password-connect/crd.yaml new file mode 100644 index 0000000..06e03f8 --- /dev/null +++ b/apps-kustomized/1password-connect/crd.yaml @@ -0,0 +1,73 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: onepassworditems.onepassword.com +spec: + conversion: + strategy: None + group: onepassword.com + names: + kind: OnePasswordItem + listKind: OnePasswordItemList + plural: onepassworditems + singular: onepassworditem + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: OnePasswordItem is the Schema for the onepassworditems API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OnePasswordItemSpec defines the desired state of OnePasswordItem + properties: + itemPath: + type: string + type: object + status: + description: OnePasswordItemStatus defines the observed state of OnePasswordItem + properties: + conditions: + items: + properties: + lastTransitionTime: + description: Last time the condition transit from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition, Completed. + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: + description: 'Kubernetes secret type. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types' + type: string + type: object + served: true + storage: true diff --git a/apps-kustomized/1password-connect/deploy.yaml b/apps-kustomized/1password-connect/deploy.yaml new file mode 100644 index 0000000..28235aa --- /dev/null +++ b/apps-kustomized/1password-connect/deploy.yaml @@ -0,0 +1,142 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + labels: + app.kubernetes.io/component: connect + app.kubernetes.io/instance: 1password-connect + app.kubernetes.io/name: connect + app.kubernetes.io/version: 1.7.2 + helm.sh/chart: connect-1.14.0 + name: onepassword-connect + namespace: 1password +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: onepassword-connect + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: onepassword-connect + app.kubernetes.io/component: connect + version: 1.7.2 + spec: + containers: + - env: + - name: OP_SESSION + valueFrom: + secretKeyRef: + key: 1password-credentials.json + name: op-credentials + - name: OP_BUS_PORT + value: "11220" + - name: OP_BUS_PEERS + value: localhost:11221 + - name: OP_HTTP_PORT + value: "8080" + - name: OP_LOG_LEVEL + value: info + image: 1password/connect-api:1.7.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /heartbeat + port: 8080 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: connect-api + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /home/opuser/.op/data + name: shared-data + - env: + - name: OP_HTTP_PORT + value: "8081" + - name: OP_SESSION + valueFrom: + secretKeyRef: + key: 1password-credentials.json + name: op-credentials + - name: OP_BUS_PORT + value: "11221" + - name: OP_BUS_PEERS + value: localhost:11220 + - name: OP_LOG_LEVEL + value: info + image: 1password/connect-sync:1.7.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /heartbeat + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + name: connect-sync + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + runAsGroup: 999 + runAsUser: 999 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /home/opuser/.op/data + name: shared-data + dnsPolicy: ClusterFirst + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 + volumes: + - name: shared-data + - name: credentials + secret: + defaultMode: 420 + secretName: op-credentials diff --git a/apps-kustomized/1password-connect/service.yaml b/apps-kustomized/1password-connect/service.yaml new file mode 100644 index 0000000..1125e11 --- /dev/null +++ b/apps-kustomized/1password-connect/service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: connect + app.kubernetes.io/instance: 1password-connect + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: connect + app.kubernetes.io/version: 1.7.2 + helm.sh/chart: connect-1.14.0 + name: onepassword-connect + namespace: 1password +spec: + clusterIP: 10.98.124.125 + clusterIPs: + - 10.98.124.125 + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: connect-sync + nodePort: 30656 + port: 8081 + - name: connect-api + nodePort: 31060 + port: 8080 + selector: + app: onepassword-connect + type: NodePort