Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for all workloads #18

Open
nesl247 opened this issue Apr 13, 2021 · 7 comments
Open

Support for all workloads #18

nesl247 opened this issue Apr 13, 2021 · 7 comments
Labels
enhancement New feature or request tracked Issue is tracked in 1Password's internal ticketing system as well.

Comments

@nesl247
Copy link

nesl247 commented Apr 13, 2021

I'm not 100% sure as I haven't tested this yet, but from what it looks like (code and docs), this only works with Deployments. Please add support for all workloads: DaemonSet, CronJob, Job, etc.
@florisvdg
Copy link
Member

florisvdg commented Apr 15, 2021
edited

The OnePasswordItem CRD works independently from any specific Kubernetes workload type, because the output will be a regular Kubernetes Secret. So anything that can use Kubernetes secrets (though Opaque only as of now) should be able to source them from 1Password.

What you're seeing about Deployments is a shorthand to quickly add a single secret to a deployment. We'll update the docs to make this a bit more clear.

Or were you talking about the auto restart feature?

@nesl247
Copy link
Author

nesl247 commented Apr 15, 2021

I was referring to both. There shouldn't be a limitation in my opinion on the different workload types for the annotations.

@SimonBarendse SimonBarendse added the enhancement New feature or request label May 12, 2021
@SimonBarendse
Copy link
Member

Yes, definitely good to add support for more workload types!

@nesl247 In the meantime, does using OnePasswordItem CRDs work for your use case?

@nesl247
Copy link
Author

nesl247 commented May 12, 2021

I believe so.

@edif2008 edif2008 added the tracked Issue is tracked in 1Password's internal ticketing system as well. label May 30, 2022
@edif2008 edif2008 mentioned this issue Mar 13, 2023
Closed
@edif2008
Copy link
Member

Based on #143 the annotations should work for the following as well (at least): Pod, CornJob, StatefulSet.

@otherguy
Copy link

Thanks @edif2008 for directing me here. So it's easier to find, I'll repeat my ticket here:

The operator.1password.io/item-path annotation isn't working when attached to a Pod or a StatefulSet, only when attached to a Deployment object.

For external Helm charts (like for example https://artifacthub.io/packages/helm/bitnami/rabbitmq) it would be great if it were possible to use the 1Password annotation directly on a Pod.

We use dozens of external Helm charts deployed through ArgoCD and we would love to use 1Password with many of them. When the Helm charts make use of Deployments, and allow custom annotations, it's simple. But for Helm charts that deploy StatefulSets or DaemonSets, this is not possible. And only very few charts allow creating arbitrary resources (like OnePasswordItems) through their values.

What would be really cool as well, is if we could create a Secret manually and use the operator.1password.io/item-path annotation directly on the Secret and it would populate the secret without the need for a second resource (be it OnePasswordItem or Deployments).

@otherguy otherguy mentioned this issue May 24, 2023
Open
@AWildBeard
Copy link

I too am finding myself running into this limitation.

@uhthomas uhthomas mentioned this issue Nov 4, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request tracked Issue is tracked in 1Password's internal ticketing system as well.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@nesl247 @otherguy @florisvdg @SimonBarendse @AWildBeard @edif2008