-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
helmrelease.yaml
140 lines (140 loc) 路 3.93 KB
/
helmrelease.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app onepassword-connect
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.2.1
sourceRef:
kind: HelmRepository
name: bjw-s-charts
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
controllers:
onepassword-connect:
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
containers:
api:
image:
repository: docker.io/1password/connect-api
tag: 1.7.2@sha256:0c5ae74396e3c18c3b65acb89cb76d31088968cf0c25deca3818c72b01586606
env:
XDG_DATA_HOME: &configDir /config
OP_HTTP_PORT: &apiPort 80
OP_BUS_PORT: 11220
OP_BUS_PEERS: localhost:11221
OP_SESSION:
valueFrom:
secretKeyRef:
name: onepassword-connect-secret
key: 1password-credentials.json
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /heartbeat
port: *apiPort
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /health
port: *apiPort
initialDelaySeconds: 15
resources: &resources
requests:
cpu: 10m
limits:
memory: 256M
securityContext: &securityContext
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
sync:
image:
repository: docker.io/1password/connect-sync
tag: 1.7.2@sha256:ff5bf86187ac4da88224e63a5896b393b5a53f81434e8dbc5314e406a0f1db89
env:
XDG_DATA_HOME: *configDir
OP_HTTP_PORT: &syncPort 8081
OP_BUS_PORT: 11221
OP_BUS_PEERS: localhost:11220
OP_SESSION:
valueFrom:
secretKeyRef:
name: onepassword-connect-secret
key: 1password-credentials.json
probes:
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /heartbeat
port: *syncPort
initialDelaySeconds: 15
periodSeconds: 30
failureThreshold: 3
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /health
port: *syncPort
initialDelaySeconds: 15
resources: *resources
securityContext: *securityContext
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 999
runAsGroup: 999
ingress:
app:
className: internal
annotations:
hajimari.io/enable: "false"
hosts:
- host: &host "{{ .Release.Name }}.${PUBLIC_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
config:
type: emptyDir
globalMounts:
- path: *configDir
service:
app:
controller: *app
ports:
http:
port: *apiPort