diff --git a/kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml b/kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml index 5ee07b51b..864c5d3ee 100644 --- a/kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml +++ b/kubernetes/apps/kube-system/external-secrets/stores/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 sourceRef: kind: HelmRepository name: bjw-s @@ -26,99 +26,113 @@ spec: uninstall: keepHistory: false values: - controller: - annotations: - reloader.stakater.com/auto: "true" - image: - repository: docker.io/1password/connect-api - tag: 1.7.2 - env: - OP_BUS_PORT: "11220" - OP_BUS_PEERS: "localhost:11221" - OP_HTTP_PORT: &port 8080 - OP_SESSION: - valueFrom: - secretKeyRef: - name: onepassword-connect-secret - key: 1password-credentials.json + defaultPodOptions: + enableServiceLinks: false + securityContext: + runAsUser: 999 + runAsGroup: 999 + controllers: + main: + replicas: 2 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + main: + image: + repository: docker.io/1password/connect-api + tag: 1.7.2 + env: + OP_BUS_PORT: "11220" + OP_BUS_PEERS: "localhost:11221" + OP_HTTP_PORT: &port 8080 + OP_SESSION: + valueFrom: + secretKeyRef: + name: onepassword-connect-secret + key: 1password-credentials.json + probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /heartbeat + port: *port + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: *port + initialDelaySeconds: 15 + startup: + enabled: false + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 100Mi + sync: + image: + repository: docker.io/1password/connect-sync + image: 1.7.2 + env: + OP_HTTP_PORT: &port 8081 } + OP_BUS_PORT: 11221 + OP_BUS_PEERS: localhost:11220 + OP_SESSION: + valueFrom: + secretKeyRef: + name: onepassword-connect-secret + key: 1password-credentials.json + probes: + readinessProbe: + httpGet: + path: /health + port: *port + initialDelaySeconds: 15 + livenessProbe: + httpGet: + path: /heartbeat + port: *port + failureThreshold: 3 + periodSeconds: 30 + initialDelaySeconds: 15 + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 100Mi service: main: ports: http: port: *port - probes: - liveness: - enabled: true - custom: true - spec: - httpGet: - path: /heartbeat - port: *port - initialDelaySeconds: 15 - periodSeconds: 30 - failureThreshold: 3 - readiness: - enabled: true - custom: true - spec: - httpGet: - path: /health - port: *port - initialDelaySeconds: 15 - startup: - enabled: false ingress: main: enabled: true - ingressClassName: nginx + className: nginx annotations: hajimari.io/enable: "false" hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" paths: - path: / - pathType: Prefix + service: + name: main + port: http tls: - hosts: - *host - podSecurityContext: - runAsUser: 999 - runAsGroup: 999 persistence: shared: - enabled: true type: emptyDir - mountPath: /home/opuser/.op/data - resources: - requests: - cpu: 5m - memory: 10Mi - limits: - memory: 100Mi - sidecars: - sync: - image: docker.io/1password/connect-sync:1.7.2 - imagePullPolicy: IfNotPresent - env: - - { name: OP_HTTP_PORT, value: &port 8081 } - - { name: OP_BUS_PORT, value: "11221" } - - { name: OP_BUS_PEERS, value: "localhost:11220" } - - name: OP_SESSION - valueFrom: - secretKeyRef: - name: onepassword-connect-secret - key: 1password-credentials.json - readinessProbe: - httpGet: - path: /health - port: *port - initialDelaySeconds: 15 - livenessProbe: - httpGet: - path: /heartbeat - port: *port - failureThreshold: 3 - periodSeconds: 30 - initialDelaySeconds: 15 - volumeMounts: - - { name: shared, mountPath: /home/opuser/.op/data } + globalMounts: + - path: /home/opuser/.op/data