1Password · rishiy15 · Feb 20, 2026 · Feb 17, 2026 · Feb 17, 2026 · Feb 20, 2026
diff --git a/charts/connect/README.md b/charts/connect/README.md
@@ -188,6 +188,14 @@ To disable this, you can run `helm install` with the [`--skip-crds` flag](https:
 | operator.podSecurityContext | object | `{"fsGroup":65532,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Pod securityContext to be added to the Operator pods. |
 | operator.pollingInterval | int | `600` | How often the 1Password Operator will poll for secrets updates. |
 | operator.priorityClassName | string | `""` | [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) to apply to the Operator pods. |
+| operator.probes.liveness.create | bool | `true` | Denotes whether the 1Password Operator will be continually checked by Kubernetes for liveness and restarted if the pod becomes unresponsive |
+| operator.probes.liveness.failureThreshold | int | `3` | Number of consecutive failures before Kubernetes restarts the container |
+| operator.probes.liveness.initialDelaySeconds | int | `15` | Number of seconds to wait before starting liveness probes |
+| operator.probes.liveness.periodSeconds | int | `20` | Number of seconds between liveness probe checks |
+| operator.probes.port | int | `8081` | The port the health probe endpoints are served on for the Operator pod |
+| operator.probes.readiness.create | bool | `true` | Denotes whether the 1Password Operator readiness probe will operate and ensure the pod is ready before serving traffic |
+| operator.probes.readiness.initialDelaySeconds | int | `5` | Number of seconds to wait before starting readiness probes |
+| operator.probes.readiness.periodSeconds | int | `10` | Number of seconds between readiness probe checks |
 | operator.replicas | int | `1` | The number of replicas to run the 1Password Operator deployment |
 | operator.resources | object | `{}` | The resources requests/limits for the 1Password Operator pod |
 | operator.roleBinding.create | string | `"{{ .Values.operator.create }}"` | Denotes whether or not a role binding will be created for each Namespace for the 1Password Operator Service Account |

diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml
@@ -67,6 +67,7 @@ spec:
           command: [ "/manager" ]
           args:
             - --zap-log-level={{ .Values.operator.logLevel }}
+            - --health-probe-bind-address=:{{ .Values.operator.probes.port }}
             {{- if .Values.operator.enableAnnotations }}
             - --enable-annotations
             {{- end }}
@@ -112,6 +113,23 @@ spec:
             {{- end }}
           resources:
             {{- toYaml .Values.operator.resources | nindent 12 }}
+          {{- if .Values.operator.probes.readiness.create }}
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: {{ .Values.operator.probes.port }}
+            initialDelaySeconds: {{ .Values.operator.probes.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.operator.probes.readiness.periodSeconds }}
+          {{- end }}
+          {{- if .Values.operator.probes.liveness.create }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.operator.probes.port }}
+            failureThreshold: {{ .Values.operator.probes.liveness.failureThreshold }}
+            periodSeconds: {{ .Values.operator.probes.liveness.periodSeconds }}
+            initialDelaySeconds: {{ .Values.operator.probes.liveness.initialDelaySeconds }}
+          {{- end }}
           volumeMounts:
             {{- if .Values.operator.tls.trust.secret }}
             - mountPath: /tls/trust

diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml
@@ -369,6 +369,27 @@ operator:
   # -- The resources requests/limits for the 1Password Operator pod
   resources: {}
 
+  # 1Password Operator Health Probes
+  probes:
+    # -- The port the health probe endpoints are served on for the Operator pod
+    port: 8081
+    liveness:
+      # -- Denotes whether the 1Password Operator will be continually checked by Kubernetes for liveness and restarted if the pod becomes unresponsive
+      create: true
+      # -- Number of consecutive failures before Kubernetes restarts the container
+      failureThreshold: 3
+      # -- Number of seconds between liveness probe checks
+      periodSeconds: 20
+      # -- Number of seconds to wait before starting liveness probes
+      initialDelaySeconds: 15
+    readiness:
+      # -- Denotes whether the 1Password Operator readiness probe will operate and ensure the pod is ready before serving traffic
+      create: true
+      # -- Number of seconds to wait before starting readiness probes
+      initialDelaySeconds: 5
+      # -- Number of seconds between readiness probe checks
+      periodSeconds: 10
+
   # 1Password Operator Connect Token Configuration
   token:
     # -- The name of Kubernetes Secret containing the 1Password Connect API token