apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  labels:
    app.kubernetes.io/component: connect
    app.kubernetes.io/instance: 1password-connect
    app.kubernetes.io/name: connect
    app.kubernetes.io/version: 1.7.2
    helm.sh/chart: connect-1.14.0
  name: onepassword-connect
  namespace: 1password
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: onepassword-connect
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: onepassword-connect
        app.kubernetes.io/component: connect
        version: 1.7.2
    spec:
      containers:
      - env:
        - name: OP_SESSION
          valueFrom:
            secretKeyRef:
              key: 1password-credentials.json
              name: op-credentials
        - name: OP_BUS_PORT
          value: "11220"
        - name: OP_BUS_PEERS
          value: localhost:11221
        - name: OP_HTTP_PORT
          value: "8080"
        - name: OP_LOG_LEVEL
          value: info
        image: 1password/connect-api:1.7.2
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /heartbeat
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        name: connect-api
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        securityContext:
          allowPrivilegeEscalation: false
          runAsGroup: 999
          runAsUser: 999
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /home/opuser/.op/data
          name: shared-data
      - env:
        - name: OP_HTTP_PORT
          value: "8081"
        - name: OP_SESSION
          valueFrom:
            secretKeyRef:
              key: 1password-credentials.json
              name: op-credentials
        - name: OP_BUS_PORT
          value: "11221"
        - name: OP_BUS_PEERS
          value: localhost:11220
        - name: OP_LOG_LEVEL
          value: info
        image: 1password/connect-sync:1.7.2
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /heartbeat
            port: 8081
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        name: connect-sync
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /health
            port: 8081
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        securityContext:
          allowPrivilegeEscalation: false
          runAsGroup: 999
          runAsUser: 999
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /home/opuser/.op/data
          name: shared-data
      dnsPolicy: ClusterFirst
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
      tolerations:
      - key: "node-role.kubernetes.io/control-plane"
        operator: "Exists"
        effect: "NoSchedule"
      restartPolicy: Always
      schedulerName: default-scheduler
      terminationGracePeriodSeconds: 30
      volumes:
      - name: shared-data
      - name: credentials
        secret:
          defaultMode: 420
          secretName: op-credentials