A Helm chart for deploying 1Password Connect and the 1Password Connect Kubernetes Operator
⚠️ Breaking changes
- Default Connect service type changed to ClusterIP. (#194)
Previously, the Connect service was exposed externally by default using NodePort. In this release, the default service type has been changed to ClusterIP, meaning Connect is now only accessible from within the cluster unless explicitly configured otherwise.
While exposing Connect via NodePort is not inherently insecure—since Connect requires a valid bearer token for all API access—this change aligns with the principle of least privilege and reduces unnecessary external surface area by default.
If you require external access to Connect, you can still set connect.serviceType to NodePort or LoadBalancer in your Helm values.
Features
- Add support for configuring the operator to use a 1Password Service Account. {#226}