You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Step 3: Deploy a Connect server: helm install connect 1password/connect --set connect.ingress.enabled=True --set connect.serviceType=LoadBalancer --set-file connect.credentials=/path/to/credentials.json --namespace <namespace>
Step 4: Deploy injector: helm install --generate-name 1password/secrets-injector --namespace <namespace>
Step 5: Label the namespace: kubectl label namespace <namespace> secrets-injection=enabled
Step 6: Deploy a test pod by saving the below config to a .yaml file and applying it with kubectl apply -f /path/to/file.yaml --namespace <namespace>.
Note that you will need to set your own valid secret references.
Step 7: Check the app-example pod logs to see if secrets were subbed in - they should say <Concealed by 1Password>: kubectl logs app-example-podname --namespace <namespace>
If the secrets were subbed in successfully, then verify the contents of the Mounts section of the pod: kubectl describe pod <pod-name> --namespace <namespace>.
You should note that the spec'd redis volume has been dropped and replaced with /op/bin, which is the bug behavior.
The text was updated successfully, but these errors were encountered:
Your environment
Secret Injector Version: v1.0.0
1Password CLI Version: 2
Connect Server Version: 1.5.7
Kubernetes Version: 1.26
What happened?
When enabling the injector on a pod, the process writes over the existing volumeMounts stipulated in the deployment, and replaces them with
/op/bin
What did you expect to happen?
Desired behavior is to append
/op/bin
to the list of volumeMounts as opposed to replacing them.Steps to reproduce
Deploy Connect and functioning Injector
Step 1: Create a new namespace to test in using kubectl:
kubectl create namespace <namespace>
.Step 2: Create a K8s secret from your 1Password connect token:
Step 3: Deploy a Connect server:
helm install connect 1password/connect --set connect.ingress.enabled=True --set connect.serviceType=LoadBalancer --set-file connect.credentials=/path/to/credentials.json --namespace <namespace>
Step 4: Deploy injector:
helm install --generate-name 1password/secrets-injector --namespace <namespace>
Step 5: Label the namespace:
kubectl label namespace <namespace> secrets-injection=enabled
Step 6: Deploy a test pod by saving the below config to a .yaml file and applying it with
kubectl apply -f /path/to/file.yaml --namespace <namespace>
.
Note that you will need to set your own valid secret references.
Step 7: Check the app-example pod logs to see if secrets were subbed in - they should say <Concealed by 1Password>:
kubectl logs app-example-podname --namespace <namespace>
If the secrets were subbed in successfully, then verify the contents of the Mounts section of the pod:
kubectl describe pod <pod-name> --namespace <namespace>
.You should note that the spec'd redis volume has been dropped and replaced with /op/bin, which is the bug behavior.
The text was updated successfully, but these errors were encountered: