Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) #326

Merged

eblume merged 1 commit from 1password-connect-kustomize into main 2026-04-06 07:31:41 -07:00

Conversation 0 Commits 1 Files changed 10 +190 -64

eblume commented 2026-04-06 07:16:30 -07:00

Owner

Copy link

Summary

• Renders manifests from connect-helm-charts v2.4.1 as plain kustomize (deployment + service)
• Bumps 1Password Connect from 1.8.1 → 1.8.2
• Completes the no-helm-policy migration — all services now use kustomize
• Retains all production hardening from the Helm chart (securityContext, runAsNonRoot, drop ALL, seccomp, resource limits)

Changes

• New: deployment.yaml, service.yaml, kustomization.yaml in argocd/manifests/1password-connect/
• Rewritten: Both ArgoCD app definitions (indri + ringtail) — single source kustomize instead of multi-source Helm
• Deleted: values.yaml (Helm values no longer needed)
• Updated: no-helm-policy.md, service-versions.yaml, README.md

Deployment plan

1. Sync apps app to pick up the new app definitions
2. argocd app set 1password-connect --revision 1password-connect-kustomize
3. argocd app sync 1password-connect — verify on indri
4. Repeat for ringtail
5. After merge: reset revision to main, re-sync both

Test plan

• kubectl kustomize renders cleanly (verified locally)
• ArgoCD diff shows expected changes (Helm labels removed, images bumped)
• Pods come up healthy on indri
• External Secrets still resolves 1Password items
• Repeat on ringtail

## Summary - Renders manifests from `connect-helm-charts v2.4.1` as plain kustomize (deployment + service) - Bumps 1Password Connect from 1.8.1 → 1.8.2 - Completes the no-helm-policy migration — all services now use kustomize - Retains all production hardening from the Helm chart (securityContext, runAsNonRoot, drop ALL, seccomp, resource limits) ## Changes - **New:** `deployment.yaml`, `service.yaml`, `kustomization.yaml` in `argocd/manifests/1password-connect/` - **Rewritten:** Both ArgoCD app definitions (indri + ringtail) — single source kustomize instead of multi-source Helm - **Deleted:** `values.yaml` (Helm values no longer needed) - **Updated:** `no-helm-policy.md`, `service-versions.yaml`, `README.md` ## Deployment plan 1. Sync `apps` app to pick up the new app definitions 2. `argocd app set 1password-connect --revision 1password-connect-kustomize` 3. `argocd app sync 1password-connect` — verify on indri 4. Repeat for ringtail 5. After merge: reset revision to main, re-sync both ## Test plan - [ ] `kubectl kustomize` renders cleanly (verified locally) - [ ] ArgoCD diff shows expected changes (Helm labels removed, images bumped) - [ ] Pods come up healthy on indri - [ ] External Secrets still resolves 1Password items - [ ] Repeat on ringtail

eblume added 1 commit 2026-04-06 07:16:31 -07:00

Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) ... aae7726ecc

Renders manifests from connect-helm-charts v2.4.1 as plain kustomize,
completing the no-helm-policy migration. All services now use kustomize.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

eblume merged commit c7e5af6d51 into main 2026-04-06 07:31:41 -07:00

eblume referenced this pull request from a commit 2026-04-06 07:31:43 -07:00

Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) (#326)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!326

No description provided.