---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: onepassword-connect
namespace: security
spec:
interval: 30m
chart:
chart: app-template
version: 1.5.1
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
values:
controller:
annotations:
reloader.stakater.com/auto: "true"
image:
repository: docker.io/1password/connect-api
tag: 1.7.2@sha256:6aa94cf713f99c0fa58c12ffdd1b160404b4c13a7f501a73a791aa84b608c5a1
env:
OP_BUS_PORT: "11220"
OP_BUS_PEERS: "localhost:11221"
OP_HTTP_PORT: &port 8080
OP_SESSION:
valueFrom:
secretKeyRef:
name: onepassword-connect-secret
key: onepassword-credentials.json
service:
main:
ports:
http:
port: *port
ingress:
enabled: true
ingressClassName: "nginx"
nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
hosts:
- host: &host "1pwconnect.valinor.social"
paths:
- path: /
tls:
- hosts:
- *host
probes:
liveness:
custom: true
httpGet:
path: /heartbeat
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 3
readiness:
path: /health
startup:
failureThreshold: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
podSecurityContext:
runAsUser: 999
runAsGroup: 999
persistence:
shared:
type: emptyDir
mountPath: /home/opuser/.op/data
resources:
requests:
cpu: 5m
memory: 10Mi
limits:
memory: 100Mi
sidecars:
sync:
name: sync
image: docker.io/1password/connect-sync:1.7.2@sha256:fe527ed9d81f193d8dfbba4140d61f9e8c8dceb0966b3009259087504e5ff79c
- name: OP_SESSION
- name: OP_HTTP_PORT
value: &port 8081
- name: OP_BUS_PORT
value: "11221"
- name: OP_BUS_PEERS
value: "localhost:11220"
readinessProbe:
livenessProbe:
volumeMounts:
- name: shared