eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/argocd/manifests
History
Erich Blume c7e5af6d51 Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) (#326) 
## Summary

- Renders manifests from `connect-helm-charts v2.4.1` as plain kustomize (deployment + service)
- Bumps 1Password Connect from 1.8.1 → 1.8.2
- Completes the no-helm-policy migration — all services now use kustomize
- Retains all production hardening from the Helm chart (securityContext, runAsNonRoot, drop ALL, seccomp, resource limits)

## Changes

- **New:** `deployment.yaml`, `service.yaml`, `kustomization.yaml` in `argocd/manifests/1password-connect/`
- **Rewritten:** Both ArgoCD app definitions (indri + ringtail) — single source kustomize instead of multi-source Helm
- **Deleted:** `values.yaml` (Helm values no longer needed)
- **Updated:** `no-helm-policy.md`, `service-versions.yaml`, `README.md`

## Deployment plan

1. Sync `apps` app to pick up the new app definitions
2. `argocd app set 1password-connect --revision 1password-connect-kustomize`
3. `argocd app sync 1password-connect` — verify on indri
4. Repeat for ringtail
5. After merge: reset revision to main, re-sync both

## Test plan

- [ ] `kubectl kustomize` renders cleanly (verified locally)
- [ ] ArgoCD diff shows expected changes (Helm labels removed, images bumped)
- [ ] Pods come up healthy on indri
- [ ] External Secrets still resolves 1Password items
- [ ] Repeat on ringtail

Reviewed-on: #326
2026-04-06 07:31:40 -07:00
..
1password-connect Migrate 1Password Connect from Helm to kustomize (1.8.1 → 1.8.2) (#326) 2026-04-06 07:31:40 -07:00
alloy-k8s
alloy-ringtail Deploy Tor Snowflake proxy on ringtail (#311) 2026-03-24 20:51:40 -07:00
alloy-tracing-ringtail
argocd
authentik
cloudnative-pg
cv Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
databases Add borgmatic backups for authentik and immich databases (#314) 2026-03-27 16:59:58 -07:00
devpi Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
docs Update docs release to v1.15.3 2026-04-05 21:24:25 -07:00
external-secrets Upgrade External Secrets Operator v2.2.0 + migrate Helm to kustomize (#312) 2026-03-25 15:56:41 -07:00
forgejo-runner Upgrade forgejo-runner 12.7.0 → 12.7.3, add service card 2026-03-30 16:31:06 -07:00
frigate Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
grafana Upgrade Grafana 12.3.3 → 12.4.2 (#322) 2026-04-02 11:33:19 -07:00
grafana-config Add offsite backup for immich photo library to BorgBase (#315) 2026-03-27 19:43:05 -07:00
homepage Deploy Homepage v1.11.0-e375859 2026-03-26 10:25:07 -07:00
immich Fix Homepage pod-selector for Immich (Helm labels → kustomize labels) 2026-04-04 12:12:48 -07:00
kingfisher Add compensating controls framework and date-based report dirs (#320) 2026-03-30 17:44:11 -07:00
kiwix Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
kube-state-metrics Add Prowler mutelist and fix kube-state-metrics seccomp (#319) 2026-03-30 17:22:31 -07:00
kube-state-metrics-ringtail
loki Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
mealie Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
miniflux Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
navidrome Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
ntfy Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
nvidia-device-plugin Upgrade nvidia-device-plugin v0.18.2 → v0.19.0 and add reference card 2026-03-27 07:19:24 -07:00
ollama Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
prometheus Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
prowler Document upstream fix for Prowler --registry bug (pending release) 2026-04-02 20:21:19 -07:00
tailscale-operator
tailscale-operator-base
tailscale-operator-ringtail
tempo Point Tempo at main-built container v2.10.3-75f9ba4 2026-04-02 13:45:57 -07:00
teslamate Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
torrent Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00
unpoller Add RuntimeDefault seccomp profiles to all managed workloads 2026-03-24 16:19:40 -07:00