Connect exposed as NodePort service by default

[bo0tzz]

Your environment

Chart Version: current

What happened?

The default configuration for the onepassword-connect service created by this chart is to expose it as a NodePort. In many environments this can result in the service being directly open to the internet. I don't know whether this causes any direct security problems (I think it still has authentication?), but it is at the very least a very concerning thing to unexpectedly discover.

What did you expect to happen?

For the default service type to be ClusterIP, internal to the cluster network.

Notes & Logs

#65 made the service type configurable, where before it was hardcoded as NodePort. A comment on that PR noted that the default should be ClusterIP, but this did not get picked up on at the time.

[nathanjrobertson]

I just tripped over this one myself. I can't see any reason why you'd want this to be anything other than a ClusterIP, or at least, not by default. The 1password Connect server should only be accessible by containers within the cluster, so ClusterIP is the right answer.