eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) (#326)

Browse source 
## Summary

- Renders manifests from `connect-helm-charts v2.4.1` as plain kustomize (deployment + service)
- Bumps 1Password Connect from 1.8.1 → 1.8.2
- Completes the no-helm-policy migration — all services now use kustomize
- Retains all production hardening from the Helm chart (securityContext, runAsNonRoot, drop ALL, seccomp, resource limits)

## Changes

- **New:** `deployment.yaml`, `service.yaml`, `kustomization.yaml` in `argocd/manifests/1password-connect/`
- **Rewritten:** Both ArgoCD app definitions (indri + ringtail) — single source kustomize instead of multi-source Helm
- **Deleted:** `values.yaml` (Helm values no longer needed)
- **Updated:** `no-helm-policy.md`, `service-versions.yaml`, `README.md`

## Deployment plan

1. Sync `apps` app to pick up the new app definitions
2. `argocd app set 1password-connect --revision 1password-connect-kustomize`
3. `argocd app sync 1password-connect` — verify on indri
4. Repeat for ringtail
5. After merge: reset revision to main, re-sync both

## Test plan

- [ ] `kubectl kustomize` renders cleanly (verified locally)
- [ ] ArgoCD diff shows expected changes (Helm labels removed, images bumped)
- [ ] Pods come up healthy on indri
- [ ] External Secrets still resolves 1Password items
- [ ] Repeat on ringtail

Reviewed-on: #326
This commit is contained in:
Erich Blume 2026-04-06 07:31:40 -07:00
commit c7e5af6d51
10 changed files with 190 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/explanation/no-helm-policy.md
View file

@ -1,6 +1,6 @@
---
title: No Helm Policy
modified: 2026-04-04
modified: 2026-04-06
tags:
- explanation
- kubernetes
@ -20,9 +20,7 @@ Kustomize overlays preserve the readability of plain YAML while providing the co
## Current State
All services in blumeops use kustomize manifests except:
- **1Password Connect** — still deployed via Helm chart (`connect-helm-charts v2.3.0`). Migration is a future goal.
All services in blumeops use kustomize manifests. The last Helm dependency (1Password Connect) was migrated in 2026-04.
## Migration History
@ -35,6 +33,7 @@ Services previously deployed via Helm that have been migrated to kustomize:
| External Secrets | 2026-03 | Static manifests rendered from chart |
| Homepage | 2026-02 | Replaced chart with plain manifests |
| Immich | 2026-04 | Converted during v2.6.3 upgrade |
| 1Password Connect | 2026-04 | Rendered from chart v2.4.1, bumped to 1.8.2 |
## Guidelines