Comments (8)
Yes, it does, but you have to explicitly enable it:
operator:
create: true
serviceAccount:
create: true
roleBinding:
create: true
clusterRole:
create: true
In the next release, we'll make it create the RBAC resources by default so you'll only have to add --set operator.create=true
.
from connect-helm-charts.
- Move the secrets from your
values.yaml
to a 1Password vault - Set up 1Password Secrets Automation for that vault
- Use the Helm chart to deploy Connect+operator
- For every secret you want to make available in your Kubernetes cluster, add a
OnePasswordItem
CRD where you specify which 1Password item should map to which Kubernetes Secret.
And all your deployment specs can stay the same if they were using Kubernetes Secrets already.
from connect-helm-charts.
@florisvdg thanks for the help.
I have completed steps 1, 2, 3.
ubuntu@kubectl:/tmp$ kubectl get pods
NAME READY STATUS RESTARTS AGE
onepassword-connect-57bcf96ff8-vzvt6 2/2 Running 0 6m8s
When trying to store the CRD though, I am getting the following error::
ubuntu@kubectl:/tmp$ kubectl create -f test-onepassword-secret.yaml
error: unable to recognize "test-onepassword-secret.yaml": no matches for kind "OnePasswordItem" in version "onepassword.com/v1"
The contents of test-onepassword-secret.yaml
is:
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: onepassword-api-env
spec:
itemPath: vaults/Acme-Test/items/api-env
from connect-helm-charts.
@florisvdg found my problem, needed a few more flags when doing the Helm install:
helm install onepassword-connect 1password/connect --set-file connect.credentials=~/1password-credentials.json --set operator.create=true --set operator.token.value=<ONEPASSWORD_TOKEN>
I was able to store the secret using the above test-onepassword-secret.yaml
, but arent I supposed to be able to see the secret when doing:
kubectl get secrets
I do see the onepassworditem
CRD:
ubuntu@kubectl:/tmp$ kubectl describe onepassworditem onepassword-api-env
Name: onepassword-api-env
Namespace: default
Labels: <none>
Annotations: <none>
API Version: onepassword.com/v1
Kind: OnePasswordItem
Metadata:
Creation Timestamp: 2021-04-20T22:45:33Z
Generation: 1
Managed Fields:
API Version: onepassword.com/v1
Fields Type: FieldsV1
fieldsV1:
f:spec:
.:
f:itemPath:
Manager: kubectl-create
Operation: Update
Time: 2021-04-20T22:45:33Z
Resource Version: 58891898
Self Link: /apis/onepassword.com/v1/namespaces/default/onepassworditems/onepassword-api-env
UID: 7ea1037f-039a-41f7-8c96-410696c0ce3b
Spec:
Item Path: vaults/Acme-Test/items/api-env
Events: <none>
from connect-helm-charts.
@nodesocket When you set up using the helm chart did you create a cluster role, service account, and rolebinding for the operator?
from connect-helm-charts.
@jillianwilson thanks for the reply. Doesn't the official helm chart create the cluster role, service account, and role binding? If not, why not? Also, I must have missed that in the documentation. Can you point me to it?
from connect-helm-charts.
@florisvdg ok thanks. Any idea when the next release is due to come out with RBAC resources created by default?
Also, can I use Secure Notes
in 1Password? Does the Kubernetes integration care what sort type in 1Password it is?
from connect-helm-charts.
v1.2.0
has just been released, but note: you do have to change the Helm repo URL to https://1password.github.io/connect-helm-charts to get the update.
And about the secure notes, the Kubernetes operator treats them like any other 1Password item. The Kubernetes Secret field where the note contents will get mapped to is notesPlain
.
from connect-helm-charts.
Related Issues (20)
- SQLITE ERROR when using PVC HOT 1
- Wrongly generated serviceName when tls is enabled
- Wrongly generated serviceName when tls is enabled HOT 1
- Pod fails to create non-existent mountPath HOT 3
- Incorrect default operator.pollingInterval value HOT 2
- Distinct standalone operator Helm deployments use the same lock HOT 2
- Secret injector deployment incorrectly marked as hook
- Proxy Support or custom env HOT 4
- Chart repo down HOT 3
- Wrong Log severity in GKE & Google Cloud Logs
- Volume "credentials" doesn't seem to be used in the connect deployment
- Chart is broken and unusable HOT 1
- Add ability to install custom CA certificates in the Operator HOT 1
- Please add an extravolumes and extravolumeMounts into connect deployment
- helm uninstall does not remove deployment HOT 2
- failed calling webhook "secrets-injector.1password.com" HOT 1
- Add priorityClassName for the deployments HOT 1
- Ingress resource is not created HOT 7
- connect enable: false is not working
- Secrets Injector failing to create with error 'serviceaccount "secrets-injector" not found' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connect-helm-charts.