feat(helm): update chart connect ( 2.2.1 → 2.4.1 ) by renovate[bot] · Pull Request #3184 · rogerrum/k8s-gitops

renovate · 2026-02-21T19:27:17Z

This PR contains the following updates:

Package	Update	Change
connect (source)	minor	`2.2.1` → `2.4.1`

Release Notes

1Password/connect-helm-charts (connect)

`v2.4.1`

Compare Source

A Helm chart for deploying 1Password Connect and the 1Password Connect Kubernetes Operator

`v2.4.0`

Compare Source

A Helm chart for deploying 1Password Connect and the 1Password Connect Kubernetes Operator

What's Changed

Features

Bump Connect version to v1.8.2
Add configurable liveness and readiness probes for the Operator. (#275)

Full Changelog: 1Password/connect-helm-charts@secrets-injector-1.2.0...connect-2.4.0

`v2.3.0`

Compare Source

A Helm chart for deploying 1Password Connect and the 1Password Connect Kubernetes Operator

⚠️ Credentials (2.3.0):

If you were using the double base64–encoding workaround for the credentials secret (1password-credentials.json), that no longer works as this issue has been resolved. Credentials are now mounted as a file and work with the standard single base64 encoding that Kubernetes applies to Secret data. If you were double encoding the credentials you will need to update the secret.

Change for reference:

Fix credential secret when set from values with correct encoding and mount credentials as a file with OP_SESSION pointing to the path. (#196)

Features

Connect Helm chart supports operator.allowEmptyValues value to configure the Operator's --allow-empty-values flag. Empty secret field values are skipped by default. (#264)
Connect Helm chart supports configurable securityContext and is Pod Security Standards (Restricted) compliant, so it can run in restricted namespaces without Pod Security Admission warnings. (#192, #210, #223)
README values tables are now auto-generated from values.yaml for consistency. (#268)
Connect Helm chart supports operator trust for self-signed or internal CA certificates via operator.tls.trust.secret. (#171, #200)

Fixes

Connect Helm chart now uses operator.serviceAccountToken.key for the operator’s service account token instead of operator.token.key. (#266)
Connect Helm chart supports a custom ServiceAccount for the Connect deployment, allowing a dedicated or pre-existing service account to be specified. (#249)
Fix expired dev Slack link in README. {#265}
Hide the credentials warning when connect.credentials_base64 is set, since credentials are already provided. (#84)
Fix credential secret when set from values with correct encoding and mount credentials as a file with OP_SESSION pointing to the path. (#196)
1Password Operator image is updated to v1.11.0 to brings fixes for the operator.

New Contributors

@grhawk made their first contribution in #196
@rishiy15 made their first contribution in #265
@at-platform24 made their first contribution in #248
@3deep5me made their first contribution in #223
@applejag made their first contribution in #210
@colstrom made their first contribution in #184
@jeremyj made their first contribution in #175
@craigmiller160 made their first contribution in #200

Full Changelog: 1Password/connect-helm-charts@connect-2.2.1...connect-2.3.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2026-02-21T19:28:04Z

Path: infrastructure/onepassword
Version: 2.2.1 -> 2.4.1

--- /tmp/tmp.St2mHizSOl	2026-03-24 18:00:21.421652808 +0000
+++ /tmp/tmp.uL8wf973pL	2026-03-24 18:00:21.688653663 +0000
@@ -30,21 +30,33 @@
   template:
     metadata: {}
     spec:
+      securityContext:
+        fsGroup: 999
+        runAsGroup: 999
+        runAsNonRoot: true
+        runAsUser: 999
+        seccompProfile:
+          type: RuntimeDefault
       volumes:
         - name: shared-data
           emptyDir: {}
         - name: credentials
           secret:
             secretName: op-credentials
+            items:
+              - key: 1password-credentials.json
+                path: 1password-credentials.json
       tolerations: []
       containers:
         - name: connect-api
-          image: 1password/connect-api:1.8.1
+          image: 1password/connect-api:1.8.2
           imagePullPolicy: IfNotPresent
           securityContext:
-            runAsUser: 999
-            runAsGroup: 999
             allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
           resources:
             limits:
               memory: 128Mi
@@ -52,10 +64,7 @@
               cpu: 0.2
           env:
             - name: OP_SESSION
-              valueFrom:
-                secretKeyRef:
-                  name: op-credentials
-                  key: 1password-credentials.json
+              value: /home/opuser/.op/1password-credentials.json
             - name: OP_BUS_PORT
               value: "11220"
             - name: OP_BUS_PEERS
@@ -83,22 +92,24 @@
           volumeMounts:
             - mountPath: /home/opuser/.op/data
               name: shared-data
+            - name: credentials
+              mountPath: /home/opuser/.op/1password-credentials.json
+              subPath: 1password-credentials.json
         - name: connect-sync
-          image: 1password/connect-sync:1.8.1
+          image: 1password/connect-sync:1.8.2
           imagePullPolicy: IfNotPresent
           securityContext:
-            runAsUser: 999
-            runAsGroup: 999
             allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
           resources: {}
           env:
             - name: OP_HTTP_PORT
               value: "8081"
             - name: OP_SESSION
-              valueFrom:
-                secretKeyRef:
-                  name: op-credentials
-                  key: 1password-credentials.json
+              value: /home/opuser/.op/1password-credentials.json
             - name: OP_BUS_PORT
               value: "11221"
             - name: OP_BUS_PEERS
@@ -123,6 +134,9 @@
           volumeMounts:
             - mountPath: /home/opuser/.op/data
               name: shared-data
+            - name: credentials
+              mountPath: /home/opuser/.op/1password-credentials.json
+              subPath: 1password-credentials.json
 
 ---
 # Source: onepassword/templates/clustersecretstore.yaml
@@ -156,8 +170,21 @@
     helm.sh/hook-weight: "1"
 spec:
   restartPolicy: Never
+  securityContext:
+    fsGroup: 65532
+    runAsGroup: 65532
+    runAsNonRoot: true
+    runAsUser: 65532
+    seccompProfile:
+      type: RuntimeDefault
   containers:
     - name: curl
       image: curlimages/curl:latest
 
       command: [ "curl", "http://onepassword-connect:8080/health" ]
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+        readOnlyRootFilesystem: true

| datasource | package | from | to | | ---------- | ------- | ----- | ----- | | helm | connect | 2.2.1 | 2.4.1 | Signed-off-by: Roger Rumao <rogerrum@users.noreply.github.com>

renovate bot added renovate/helm type/minor labels Feb 21, 2026

renovate bot changed the title ~~feat(helm): update chart connect ( 2.2.1 → 2.3.0 )~~ feat(helm): update chart connect ( 2.2.1 → 2.4.0 ) Mar 9, 2026

renovate bot force-pushed the renovate/connect-2.x branch 2 times, most recently from 441185b to 75f984c Compare March 13, 2026 15:01

feat(helm): update chart connect ( 2.2.1 → 2.4.1 )

822dec9

| datasource | package | from | to | | ---------- | ------- | ----- | ----- | | helm | connect | 2.2.1 | 2.4.1 | Signed-off-by: Roger Rumao <rogerrum@users.noreply.github.com>

renovate bot changed the title ~~feat(helm): update chart connect ( 2.2.1 → 2.4.0 )~~ feat(helm): update chart connect ( 2.2.1 → 2.4.1 ) Mar 24, 2026

renovate bot force-pushed the renovate/connect-2.x branch from 75f984c to 822dec9 Compare March 24, 2026 17:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(helm): update chart connect ( 2.2.1 → 2.4.1 )#3184

feat(helm): update chart connect ( 2.2.1 → 2.4.1 )#3184
renovate[bot] wants to merge 1 commit intomainfrom
renovate/connect-2.x

renovate bot commented Feb 21, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Feb 21, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Feb 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v2.4.1

v2.4.0

What's Changed

Features

v2.3.0

⚠️ Credentials (2.3.0):

Features

Fixes

New Contributors

Configuration

Uh oh!

github-actions bot commented Feb 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Feb 21, 2026 •

edited

Loading

`v2.4.1`

`v2.4.0`

`v2.3.0`

github-actions bot commented Feb 21, 2026 •

edited

Loading