Comparison
Both the Kubernetes Injector and the Kubernetes Operator work by allowing you to inject secrets from 1Password into a Kubernetes environment. However, they vary slightly based on your intended use case and their requirements. The 1Password Helm charts allow you to more easily deploy a Connect server, the Kubernetes Operator, or the Kubernetes Injector. Refer to the following table to learn the differences between the integrations.| Feature | Kubernetes Injector | Kubernetes Operator |
|---|---|---|
| Supports service accounts | Yes | Yes |
| Supports Connect servers | Yes | Yes |
| Allows for granular selection of secrets | Yes | No |
| Uses Kubernetes Secrets | No | Yes |
| Injects 1Password items directly into Kubernetes pods | Yes | No |
| Works with multiple credentials simultaneously | Yes | No |
| Supports automatic redeployment when 1Password items change | No | Yes |
| Requires a Connect token to deploy | No | Yes |
Kubernetes Injector
The 1Password Kubernetes Secrets Injector implements a mutating webhook that allows you to inject 1Password secrets as environment variables into a Kubernetes pod or deployment. You can use the Kubernetes Injector with Connect servers or service accounts. Get started with the Kubernetes InjectorKubernetes Operator
The 1Password Connect Kubernetes Operator integrates Kubernetes Secrets with 1Password with one or more Connect servers or service accounts. It allows you to:- Create Kubernetes Secrets from 1Password items and load them into Kubernetes deployments.
- Automatically restart deployments when 1Password items update.