Merge remote-tracking branch 'onepassword/main' into add-hpa-pdb-affi…

…nity # Conflicts: # charts/connect/README.md # charts/connect/templates/connect-deployment.yaml # charts/connect/templates/operator-deployment.yaml
1Password · Aug 27, 2024 · ddad408 · ddad408
2 parents a0a154c + f4505e6
commit ddad408
Show file tree

Hide file tree

Showing 10 changed files with 276 additions and 113 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,59 @@
+# Contributing
+
+Thank you for your interest in contributing to the 1Password `connect-helm-chart` project 👋! We sincerely appreciate the time and effort you put into improving our Helm Charts. Before you start, please take a moment to read through this guide to understand our contribution process.
+
+## Getting Started
+
+To start contributing, get the latest [Helm release](https://github.com/helm/helm#install).
+
+## Testing
+
+NOTE: This only applies to changes made in `./charts/connect`.
+
+Run the following command to test changes made to the Connect Helm chart:
+
+```
+helm test connect
+```
+
+## Debugging
+
+- Running `helm lint` in the applicable subdirectory will verify that your chart follows best practices.
+
+- To run `helm template --debug`:
+
+  1. navigate to the root of the repository
+  2. `cd..`
+  3. `helm template connect-helm-charts/charts/secrets-injector --debug` for **secrets-injector** OR `helm template connect-helm-charts/charts/connect --debug` for **connect**.
+
+For more debugging templates, feel free to consult the [docs](https://helm.sh/docs/chart_template_guide/debugging/).
+
+## Documentation Updates
+
+If adding a new configuration, update documentation for the tables in the [Connect README](./charts/connect/README.md) or in the [Secrets Injector README](./charts/secrets-injector/README.md)
+
+## Sign your commits
+
+To get your PR merged, we require you to sign your commits.
+
+### Sign commits with 1Password
+
+You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.
+
+Learn how to use [1Password to sign your commits](https://developer.1password.com/docs/ssh/git-commit-signing/).
+
+### Sign commits with ssh-agent
+
+Follow the steps below to set up commit signing with `ssh-agent`:
+
+1. [Generate an SSH key and add it to ssh-agent](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
+2. [Add the SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account)
+3. [Configure git to use your SSH key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key)
+
+### Sign commits with gpg
+
+Follow the steps below to set up commit signing with `gpg`:
+
+1. [Generate a GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
+2. [Add the GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
+3. [Configure git to use your GPG key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key)
diff --git a/charts/connect/CHANGELOG.md b/charts/connect/CHANGELOG.md
@@ -3,6 +3,7 @@
 
 ## Features
 * A user-friendly description of a new feature. {issue-number}
+* Add priorityClassName values to operator and connect. {#201}
 
 ## Fixes
 * A user-friendly description of a fix. {issue-number}
@@ -12,6 +13,32 @@
 
 ---
 
+[//]: # (START/v1.15.0)
+# v1.15.1
+
+## Features
+* Bump Connect version to v1.7.3
+
+---
+
+[//]: # (START/v1.15.0)
+# v1.15.0
+
+## Features
+* Proxy Support or custom env. {#152}
+* Bump operator to v1.8.1
+
+---
+
+[//]: # (START/v1.14.0)
+# v1.14.0
+
+## Features
+* The default Operator version is updated to v1.8.0. Credits to @mmorejon for the contribution. {#168}
+* The default Connect version is updated to v1.7.2.
+
+---
+
 [//]: # (START/v1.13.0)
 # v1.13.0
 

diff --git a/charts/connect/Chart.yaml b/charts/connect/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: connect
-version: 1.13.0
+version: 1.15.1
 description: A Helm chart for deploying 1Password Connect and the 1Password Connect Kubernetes Operator
 keywords:
   - "1Password"
@@ -11,4 +11,4 @@ maintainers:
   - name: 1Password Secrets Integrations Team
     email: support+business@1password.com
 icon: https://avatars.githubusercontent.com/u/38230737
-appVersion: "1.7.1"
+appVersion: "1.7.3"
diff --git a/charts/connect/README.md b/charts/connect/README.md
diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml
@@ -37,6 +37,9 @@ spec:
       nodeSelector:
       {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.connect.priorityClassName }}
+      priorityClassName: {{ .Values.connect.priorityClassName }}
+      {{- end }}
       {{- with .Values.connect.affinity }}
       affinity:
       {{- toYaml . | nindent 8 }}
@@ -88,6 +91,10 @@ spec:
             - name: OP_LOG_LEVEL
               value: "{{ .Values.connect.api.logLevel }}"
             {{- include "onepassword-connect.profilerConfig" . | indent 12 -}}
+            {{- range .Values.connect.customEnvVars}}
+            - name: {{ .name }}
+              value: {{ .value }}
+            {{- end }}
           {{- if .Values.connect.probes.readiness }}
           readinessProbe:
             httpGet:

diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml
@@ -36,6 +36,9 @@ spec:
       nodeSelector:
       {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.operator.priorityClassName }}
+      priorityClassName: {{ .Values.operator.priorityClassName }}
+      {{- end }}
       {{- with .Values.operator.affinity }}
       affinity:
       {{- toYaml . | nindent 8 }}
@@ -76,6 +79,10 @@ spec:
                   key: {{ .Values.operator.token.key }}
             - name: AUTO_RESTART
               value: "{{ .Values.operator.autoRestart }}"
+            {{- range .Values.operator.customEnvVars}}
+            - name: {{ .name }}
+              value: {{ .value }}
+            {{- end }}
           resources:
             {{- toYaml .Values.operator.resources | nindent 12 }}
 {{- end }}
diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml
@@ -138,6 +138,9 @@ connect:
     # by Kubernetes for liveness and restarted if the pod becomes unresponsive
     readiness: true
 
+  # priorityClassName to apply to the Connect API deployment resource.
+  priorityClassName: ''
+
   # Additional annotations to be added to the Connect API deployment resource.
   annotations: {}
 
@@ -220,6 +223,12 @@ connect:
     # Number of profiler snapshots to keep.
     keepLast: 12
 
+  # 1Password Connect Custom Container Environment Variables
+  # Must be written in the following format:
+  # - name: VARIABLE_NAME
+  #   value: VARIABLE_VALUE
+  customEnvVars: []
+
 # This section of values is for 1Password Operator Configuration
 operator:
   # Denotes whether the 1Password Operator will be deployed
@@ -244,7 +253,7 @@ operator:
   pollingInterval: 600
 
   # The 1Password Operator version to pull
-  version: "1.8.0"
+  version: "1.8.1"
 
   # Node selector stanza for the Operator pod
   # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
@@ -293,6 +302,9 @@ operator:
   # Additional labels to be added to the Operator pods.
   podLabels: {}
 
+  # priorityClassName to apply to the Operator pods.
+  priorityClassName: ''
+
   # List of tolerations to be added to the Operator pods.
   tolerations: []
 
@@ -351,6 +363,12 @@ operator:
   # 1Password Operator Log Level Configuration
   logLevel: info
 
+  # 1Password Operator Custom Container Environment Variables
+  # Must be written in the following format:
+  # - name: VARIABLE_NAME
+  #   value: VARIABLE_VALUE
+  customEnvVars: []
+
 # 1Password Acceptance Tests Functionality
 acceptanceTests:
   enabled: false

diff --git a/charts/secrets-injector/README.md b/charts/secrets-injector/README.md
@@ -1,35 +1,54 @@
 # 1Password Kubernetes Secrets Injector Helm chart
 
 ## Installation
+
 Installing the Helm Chart with default configurations will deploy 1Password Kubernetes Secrets Injector in your default Namespace.
+
 ```
 helm install --generate-name 1password/secrets-injector
 ```
 
 ## Configuration Values
+
 The 1Password Kubernetes Secrets Injector Helm chart offers many configuration options for deployment. Please refer to the list below for information on what configuration options are available as well as what the default configuration options are.
 
 [From the Official Helm Install Guide](https://helm.sh/docs/helm/helm_install/#helm-install):
 
->To override values in a chart, use either the '--values' flag and pass in a file or use the '--set' flag and pass configuration from the command line, to force a string value use '--set-string'. In case a value is large and therefore you want not to use neither '--values' nor '--set', use '--set-file' to read the single large value from file.
+> To override values in a chart, use either the '--values' flag and pass in a file or use the '--set' flag and pass configuration from the command line, to force a string value use '--set-string'. In case a value is large and therefore you want not to use neither '--values' nor '--set', use '--set-file' to read the single large value from file.
+
+For example:
 
-For example: 
 ```bash
 $ helm install -f myvalues.yaml injector ./secrets-injector
 ```
 
-or 
+or
 
 ```bash
 $ helm install --set injector.applicationName=injector injector ./secrets-injector
 ```
 
 ### Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
-| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
-| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
-| injector.port | string | `443` | The port the Secrets Injector exposes |
-| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
-| injector.version         | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
+
+| Key                      | Type    | Default                                   | Description                                                                                                                               |
+| ------------------------ | ------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| injector.applicationName | string  | `"secrets-injector"`                      | The name of 1Password Kubernetes Secrets Injector Application                                                                             |
+| injector.imagePullPolicy | string  | `"IfNotPresent"`                          | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
+| injector.imageRepository | string  | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository                                                                                    |
+| injector.port            | string  | `443`                                     | The port the Secrets Injector exposes                                                                                                     |
+| injector.targetPort      | integer | `8443`                                    | The port the Secrets Injector API sends requests to the pod                                                                               |
+| injector.version         | string  | `{{.Chart.AppVersion}}`                   | The 1Password Secrets Injector version to pull.                                                                                           |
+| injector.customEnvVars   | array   | `[]`                                      | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart.                      |
+
+#### Custom Environment Variables
+
+The injector container supports additional environment variables beyond those explicitly defined in the Helm chart. These can be defined using a key map for each custom variable. An example is shown below:
+
+```yaml
+injector:
+  customEnvVars:
+    - name: "CUSTOM_ENV_VAR1"
+      value: "customvar2"
+    - name: "CUSTOM_ENV_VAR2"
+      value: "customvar2"
+```
diff --git a/charts/secrets-injector/templates/deployment.yaml b/charts/secrets-injector/templates/deployment.yaml
@@ -32,6 +32,10 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          {{- range .Values.injector.customEnvVars}}
+          - name: {{ .name }}
+            value: {{ .value }}
+          {{- end }} 
           lifecycle:
             preStop:
               exec:

diff --git a/charts/secrets-injector/values.yaml b/charts/secrets-injector/values.yaml
@@ -5,3 +5,8 @@ injector:
   port: 443
   targetPort: 8443
   version: "{{ .Chart.AppVersion }}"
+  # 1Password Operator Custom Container Environment Variables
+  # Must be written in the following format:
+  # - name: VARIABLE_NAME
+  #   value: VARIABLE_VALUE
+  customEnvVars: []