search

1Password / onepassword-operator

The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.
https://developer.1password.com/docs/connect/
MIT License
537 stars 59 forks source link

Operator no longer includes annotations within the created secret #144

Open tomjohnburton opened 1 year ago

tomjohnburton commented 1 year ago

Your environment

Operator Version: v1.6.0

Connect Server Version: 1.5.7

Kubernetes Version: 1.23.9

What happened?

In version 1.3.0 of the operator, any annotation I added to the operator would be propagated to the resulting secret. Now, none of my annotations are added.

What did you expect to happen?

I expected the resulting secret to have the annotations I set

Steps to reproduce

  1. Create a OnePasswordItem with annotations
  2. Deploy
  3. Validate the resulting secret doesn't have annotations
  4. Use v1.3.0 of the operator
  5. Do steps 1-3
  6. Validate annotations are there

Notes & Logs

kind: OnePasswordItem
metadata:
  annotations:
    argocd.argoproj.io/compare-options: IgnoreExtraneous
    kubed.appscode.com/sync: "true"
kind: Secret
metadata:
  annotations:
    operator.1password.io/item-path: vaults/***/items/***
    operator.1password.io/item-version: "3"
tomjohnburton commented 1 year ago

I see the commit where it was changed https://github.com/1Password/onepassword-operator/commit/afa076d321c017a9f94acb17781ef64c0beb5dd6

IMO, we should allow users to add extra annotations.

One option could be to add a template field to the spec. A common practise among the k8s community

kind: OnePasswordItem
metadata:
    name: xyz
spec:
    template:
          annotations:
             argocd.argoproj.io/compare-options: IgnoreExtraneous
             kubed.appscode.com/sync: "true"
edif2008 commented 1 year ago

Thank you for raising this with us. We will further investigate this on our side and come back to you.

vjm commented 1 year ago

Hi, any progress on this, or a workaround perhaps using kustomize?

tomjohnburton commented 1 year ago

I forked it and added the functionality back https://github.com/tomjohnburton/onepassword-operator

amaldonadomat commented 1 year ago

Any updates on this @edif2008 ? It's still happening on versions: Operator Version: 1.8.0 Connect Server Version: 1.7.2

Tipsmark commented 2 months ago

Still not fixed? Come on....

olivier-duchaine commented 2 weeks ago

Hi folks, is there a plan to implement this in the near future? As said by OP it used to work but was reverted on https://github.com/1Password/onepassword-operator/commit/afa076d321c017a9f94acb17781ef64c0beb5dd6.

Our use case is for argocd secrets, it uses labels to pick up the different types of secrets.

thanks