Skip to content

Commit

Permalink
Merge pull request #107 from klaus385/klaus385-improved-networking
Browse files Browse the repository at this point in the history
1Password Connect Improved Networking
  • Loading branch information
jpcoenen authored Oct 17, 2022
2 parents 8c7f0f5 + 68b341e commit ef37bdd
Show file tree
Hide file tree
Showing 6 changed files with 305 additions and 13 deletions.
17 changes: 13 additions & 4 deletions charts/connect/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

## Deploying 1Password Connect
Installing the Helm Chart with default configurations will deploy 1Password Connect in your default Namespace. However, Using 1Password Connect in Kubernetes requires that a 1password-credentials.json file be stored as a Kubernetes Secret. This credentials file can be saved as a Kubernetes secret by setting the file in your helm install command:

```bash
helm install connect 1password/connect --set-file connect.credentials=<path/to/1password-credentials.json>
```

More information about 1Password Connect and how to generate a 1password-credentials.json file can be found at https://support.1password.com/secrets-automation/.

## Deploying 1Password Connect Kubernetes Operator
Expand All @@ -32,12 +32,12 @@ The 1Password Connect Helm chart offers many configuration options for deploymen

>To override values in a chart, use either the '--values' flag and pass in a file or use the '--set' flag and pass configuration from the command line, to force a string value use '--set-string'. In case a value is large and therefore you want not to use neither '--values' nor '--set', use '--set-file' to read the single large value from file.
For example:
For example:
```bash
$ helm install -f myvalues.yaml connect ./connect
```

or
or

```bash
$ helm install --set connect.applicationName=connect connect ./connect
Expand All @@ -60,6 +60,15 @@ $ helm install --set connect.applicationName=connect connect ./connect
| connect.dataVolume.type | string | `"emptyDir"` | The type of the shared volume used between 1Password Connect Containers |
| connect.dataVolume.values | object | `{}` | Desribes the fields and values for configuration of shared volume for 1Password Connect |
| connect.imagePullPolicy | string | `"IfNotPresent` | The 1Password Connect API image pull policy |
| connect.ingress.annotations | object | `{}` | The 1Password Connect Ingress Annotations |
| connect.ingress.enabled | bool | `false` | The boolean value to enable/disable the 1Password Connect |
| connect.ingress.extraPaths | list | `[]` | Additional Ingress Paths |
| connect.ingress.hosts[0].host | string | `"chart-example.local"` | The 1Password Connect Ingress Hostname |
| connect.ingress.hosts[0].paths | list | `[]` | The 1Password Connect Ingress Path |
| connect.ingress.ingressClassName | string | `""` | Optionally use ingressClassName instead of deprecated annotation. |
| connect.ingress.labels | object | `{}` | Ingress labels for 1Password Connect |
| connect.ingress.pathType | string | `"Prefix"` | Ingress PathType see [docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) |
| connect.ingress.tls | list | `[]` | Ingress TLS see [docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) |
| connect.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the Connect pod |
| connect.probes.readiness | boolean | `true` | Denotes whether the 1Password Connect API readiness probe will operate and ensure the pod is ready before serving traffic |
| connect.probes.liveness | boolean | `true` | Denotes whether the 1Password Connect API will be continually checked by Kubernetes for liveness and restarted if the pod becomes unresponsive |
Expand Down
33 changes: 33 additions & 0 deletions charts/connect/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,36 @@ https://{{ .Values.connect.applicationName }}:{{ .Values.connect.api.httpsPort
http://{{ .Values.connect.applicationName }}:{{ .Values.connect.api.httpPort }}
{{- end }}
{{- end }}

{{/*
loadBalancer configuration for the the 1Password API and Sync service.
Supported inputs are Values.connect
*/}}
{{- define "service.loadBalancer" -}}
{{- if eq (.serviceType | toString) "LoadBalancer" }}
{{- if .loadBalancerIP }}
loadBalancerIP: {{ .loadBalancerIP }}
{{- end }}
{{- with .loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range . }}
- {{ . }}
{{- end }}
{{- end -}}
{{- end }}
{{- end -}}

{{/*
Sets extra ingress annotations
*/}}
{{- define "onepassword-connect.ingress.annotations" -}}
{{- if .Values.connect.ingress.annotations }}
annotations:
{{- $tp := typeOf .Values.connect.ingress.annotations }}
{{- if eq $tp "string" }}
{{- tpl .Values.connect.ingress.annotations . | nindent 4 }}
{{- else }}
{{- toYaml .Values.connect.ingress.annotations | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/connect/templates/connect-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ spec:
failureThreshold: 3
periodSeconds: 30
initialDelaySeconds: 15
{{ end }}
{{ end }}
volumeMounts:
- mountPath: /home/opuser/.op/data
name: {{ .Values.connect.dataVolume.name }}
79 changes: 79 additions & 0 deletions charts/connect/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
{{- if .Values.connect.ingress.enabled -}}
{{- $extraPaths := .Values.connect.ingress.extraPaths -}}
{{- $serviceName := .Values.connect.applicationName -}}
{{- $tlsEnabled := .Values.connect.tls.enabled -}}
{{- $apiHttpPort := .Values.connect.api.httpPort -}}
{{- $apiHttpsPort := .Values.connect.api.httpsPort -}}
{{- $pathType := .Values.connect.ingress.pathType -}}
{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
apiVersion: networking.k8s.io/v1
{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end }}
kind: Ingress
metadata:
name: {{ template "onepassword-connect.name" . }}
namespace: {{ .Release.Namespace }}
labels:
helm.sh/chart: {{ include "onepassword-connect.chart" . }}
app.kubernetes.io/name: {{ include "onepassword-connect.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.connect.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- template "onepassword-connect.ingress.annotations" . }}
spec:
{{- if .Values.connect.ingress.tls }}
tls:
{{- range .Values.connect.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- if .Values.connect.ingress.ingressClassName }}
ingressClassName: {{ .Values.connect.ingress.ingressClassName }}
{{- end }}
rules:
{{- range .Values.connect.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{ if $extraPaths }}
{{ toYaml $extraPaths | indent 10 }}
{{- end }}
{{- range (.paths | default (list "/")) }}
- path: {{ . }}
{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
pathType: {{ $pathType }}
{{ end }}
backend:
{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
service:
{{- if $tlsEnabled }}
name: {{ $serviceName }}-https
port:
number: {{ $apiHttpsPort }}
{{- else }}
name: {{ $serviceName }}
port:
number: {{ $apiHttpPort }}
{{- end }}
{{ else }}
{{- if $tlsEnabled }}
serviceName: {{ $serviceName }}-https
servicePort: {{ $apiHttpsPort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $apiHttpPort }}
{{- end }}
{{ end }}
{{- end }}
{{- end }}
{{- end }}
9 changes: 9 additions & 0 deletions charts/connect/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,12 @@ spec:
- port: {{ .Values.connect.api.httpPort }}
name: {{ .Values.connect.api.name }}
{{- end }}
{{if eq .Values.connect.serviceType "LoadBalancer"}}
{{- if .Values.connect.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.connect.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{if .Values.connect.loadBalancerIP}}
loadBalancerIP: {{.Values.connect.loadBalancerIP}}
{{end}}
{{end}}
Loading

0 comments on commit ef37bdd

Please sign in to comment.