143 lines
3.9 KiB
YAML
143 lines
3.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
annotations:
|
|
deployment.kubernetes.io/revision: "1"
|
|
labels:
|
|
app.kubernetes.io/component: connect
|
|
app.kubernetes.io/instance: 1password-connect
|
|
app.kubernetes.io/name: connect
|
|
app.kubernetes.io/version: 1.7.2
|
|
helm.sh/chart: connect-1.14.0
|
|
name: onepassword-connect
|
|
namespace: 1password
|
|
spec:
|
|
progressDeadlineSeconds: 600
|
|
replicas: 1
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
app: onepassword-connect
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 25%
|
|
maxUnavailable: 25%
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app: onepassword-connect
|
|
app.kubernetes.io/component: connect
|
|
version: 1.7.2
|
|
spec:
|
|
containers:
|
|
- env:
|
|
- name: OP_SESSION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: 1password-credentials.json
|
|
name: op-credentials
|
|
- name: OP_BUS_PORT
|
|
value: "11220"
|
|
- name: OP_BUS_PEERS
|
|
value: localhost:11221
|
|
- name: OP_HTTP_PORT
|
|
value: "8080"
|
|
- name: OP_LOG_LEVEL
|
|
value: info
|
|
image: 1password/connect-api:1.7.2
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /heartbeat
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
name: connect-api
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
runAsGroup: 999
|
|
runAsUser: 999
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /home/opuser/.op/data
|
|
name: shared-data
|
|
- env:
|
|
- name: OP_HTTP_PORT
|
|
value: "8081"
|
|
- name: OP_SESSION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: 1password-credentials.json
|
|
name: op-credentials
|
|
- name: OP_BUS_PORT
|
|
value: "11221"
|
|
- name: OP_BUS_PEERS
|
|
value: localhost:11220
|
|
- name: OP_LOG_LEVEL
|
|
value: info
|
|
image: 1password/connect-sync:1.7.2
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /heartbeat
|
|
port: 8081
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
name: connect-sync
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /health
|
|
port: 8081
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
runAsGroup: 999
|
|
runAsUser: 999
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /home/opuser/.op/data
|
|
name: shared-data
|
|
dnsPolicy: ClusterFirst
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: ""
|
|
tolerations:
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
restartPolicy: Always
|
|
schedulerName: default-scheduler
|
|
terminationGracePeriodSeconds: 30
|
|
volumes:
|
|
- name: shared-data
|
|
- name: credentials
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: op-credentials
|