search

1Password / onepassword-operator

The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.
https://developer.1password.com/docs/connect/
MIT License
541 stars 59 forks source link

Improve Documentation for those not familiar with 1password Connect #150

Open dejanzelic opened 1 year ago

dejanzelic commented 1 year ago

Summary

I had a difficult time getting the operator set up in Kubernetes. A lot of it stemmed from my lack knowledge of 1password connect. This repo was my first time hearing about 1password's connect server. So when the documentation was pointing me to different repo for a different project (the connect helmchart) I was confused.

The credentials situation was also confusing to me since connect needs the json file, but the operator needs a token. However, it wasn't clear how to get the token nor if the token was different then the connect credentials. The current Readme.md also has the wrong op command to get the token:

op create connect token <server> op-k8s-operator --vault <vault>

This command gives me the following error:

❯ op create
[ERROR] 2023/01/19 18:14:51 unknown command "create" for "op"

Finally, I wanted to use kustomize to download the helmchart and I didn't want the credentials json file in git. So I had to read the helm template to understand that as long as I set op-credenitlas to the base64 contents of the credentials json, I won't need to include the credentials in git.

Use cases

Better documentation would significantly improve user experience.

Proposed solution

I would suggest working with someone who does not have experience with 1password connect set up the operator and share the questions and issues that they had.

Is there a workaround to accomplish this today?

These are the steps I took to get it working in my environment:

1) Create the server in onepassword

op connect server create --vaults k8s-home k8s-home

2) Add the 1password-credentials.json as a secret

kubectl create secret generic op-credentials --from-literal=1password-credentials.json=$(cat 1password-credentials.json | base64)

3) Create a token in the 1password web ui under the integrations.

4) Add the token created in step 2 to kubectl (if you add a space before you run the command it won't save in your git history)

 kubectl create secret generic onepassword-token --from-literal=token=<TOKEN>

3) Apply the kustomize config kustomize build ./ --enable-helm | kubectl apply -f -

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

helmCharts:
- name: connect
  includeCRDs: true
  valuesInline:
    operator:
      create: True
  releaseName: connect
  version: 1.10.0
  repo: https://1password.github.io/connect-helm-charts
edif2008 commented 1 year ago

Hey there.

Thank you so much for the feedback regarding the documentation on this repo. It is a bit unfortunate that some of the documentation seems to be out of sync and not smooth enough to make the setup process easy.

I've raised this with my team and we will work on making an improvement on them. When we will make a PR with the enhanced documentation, would you like to review it as well and let us know if we're going in the right direction?

Thanks 😄

dejanzelic commented 1 year ago

Sure! Thank you!