Added release manifests

Makefile

@@ -47,7 +47,7 @@ ci:
 
 .PHONY: release # Release the latest version of the application
 release:
-	@echo "⚠️ 'release' unimplemented"
+	@cd manifests && kustomize edit set image kube-1password-secrets=$(IMAGE) && kustomize build | kubectl apply -f -
 
 .PHONY: help # Show this list of commands
 help:

manifests/deployment.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-1password-secrets
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-1password-secrets
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: kube-1password-secrets
+    spec:
+      containers:
+      - image: kube-1password-secrets
+        name: kube-1password-secrets
+        env:
+        - name: OP_DOMAIN
+          valueFrom:
+            secretKeyRef:
+              name: kube-1password-secrets
+              key: OP_DOMAIN
+        - name: OP_EMAIL
+          valueFrom:
+            secretKeyRef:
+              name: kube-1password-secrets
+              key: OP_EMAIL
+        - name: OP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: kube-1password-secrets
+              key: OP_PASSWORD
+        - name: OP_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: kube-1password-secrets
+              key: OP_SECRET_KEY
+        volumeMounts:
+        - mountPath: "/root/.op"
+          name: op
+      serviceAccountName: kube-1password-secrets
+      restartPolicy: Always
+      volumes:
+      - name: op
+        persistentVolumeClaim:
+          claimName: kube-1password-secrets

manifests/example.env

@@ -0,0 +1,4 @@
+OP_DOMAIN=
+OP_EMAIL=
+OP_PASSWORD=
+OP_SECRET_KEY=

manifests/kustomization.yaml

@@ -0,0 +1,21 @@
+commonLabels:
+  app.kubernetes.io/name: kube-1password-secrets
+
+namespace: kube-system
+
+secretGenerator:
+- envs:
+  - .env
+  name: kube-1password-secrets
+
+images:
+- name: kube-1password-secrets
+  newName: docker.cloud.cluster.fun/averagemarcus/kube-1password-secrets
+  newTag: latest
+
+resources:
+- rbac.yaml
+- pvc.yaml
+- deployment.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization

manifests/pvc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kube-1password-secrets
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Mi

manifests/rbac.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-1password-secrets
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kube-1password-secrets
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "update"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-1password-secrets
+subjects:
+- kind: ServiceAccount
+  name: kube-1password-secrets
+roleRef:
+  kind: ClusterRole
+  name: kube-1password-secrets
+  apiGroup: rbac.authorization.k8s.io