titan-iac/services/vault/k8s-auth-config-cronjob.yaml

# services/vault/k8s-auth-config-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
  name: vault-k8s-auth-config
  namespace: vault
  labels:
    atlas.bstein.dev/glue: "true"
spec:
  schedule: "*/15 * * * *"
  suspend: false
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 1
      template:
        spec:
          serviceAccountName: vault-admin
          restartPolicy: Never
          nodeSelector:
            kubernetes.io/arch: arm64
            node-role.kubernetes.io/worker: "true"
          containers:
            - name: configure-k8s-auth
              image: hashicorp/vault:1.17.6
              imagePullPolicy: IfNotPresent
              command:
                - sh
                - /scripts/vault_k8s_auth_configure.sh
              env:
                - name: VAULT_ADDR
                  value: http://10.43.57.249:8200
                - name: VAULT_K8S_ROLE
                  value: vault-admin
                - name: VAULT_TOKEN
                  valueFrom:
                    secretKeyRef:
                      name: vault-init
                      key: root_token
                - name: VAULT_K8S_TOKEN_REVIEWER_JWT_FILE
                  value: /var/run/secrets/vault-token-reviewer/token
                - name: VAULT_K8S_ROLE_TTL
                  value: 1h
              volumeMounts:
                - name: k8s-auth-config-script
                  mountPath: /scripts
                  readOnly: true
                - name: token-reviewer
                  mountPath: /var/run/secrets/vault-token-reviewer
                  readOnly: true
          volumes:
            - name: k8s-auth-config-script
              configMap:
                name: vault-k8s-auth-config-script
                defaultMode: 0555
            - name: token-reviewer
              secret:
                secretName: vault-admin-token-reviewer
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`# services/vault/k8s-auth-config-cronjob.yaml`
			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: vault-k8s-auth-config`
			`namespace: vault`
monitoring: add glue dashboard and tag cronjobs 2026-01-18 02:50:07 -03:00			`labels:`
			`atlas.bstein.dev/glue: "true"`
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`spec:`
			`schedule: "/15 * * *"`
vault: unsuspend k8s auth config cronjob 2026-01-22 04:47:50 -03:00			`suspend: false`
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`concurrencyPolicy: Forbid`
			`successfulJobsHistoryLimit: 1`
			`failedJobsHistoryLimit: 3`
			`jobTemplate:`
			`spec:`
			`backoffLimit: 1`
			`template:`
			`spec:`
vault: add admin role for config jobs 2026-01-15 02:06:28 -03:00			`serviceAccountName: vault-admin`
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`restartPolicy: Never`
			`nodeSelector:`
			`kubernetes.io/arch: arm64`
			`node-role.kubernetes.io/worker: "true"`
			`containers:`
			`- name: configure-k8s-auth`
			`image: hashicorp/vault:1.17.6`
			`imagePullPolicy: IfNotPresent`
			`command:`
fix: run vault k8s auth config with sh 2026-01-14 01:35:06 -03:00			`- sh`
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`- /scripts/vault_k8s_auth_configure.sh`
			`env:`
			`- name: VAULT_ADDR`
vault: pin cronjobs to service IP 2026-01-17 03:17:36 -03:00			`value: http://10.43.57.249:8200`
vault: finalize sidecar migration 2026-01-15 01:52:24 -03:00			`- name: VAULT_K8S_ROLE`
vault: add admin role for config jobs 2026-01-15 02:06:28 -03:00			`value: vault-admin`
vault: bootstrap k8s auth config with root token 2026-01-27 01:04:38 -03:00			`- name: VAULT_TOKEN`
			`valueFrom:`
			`secretKeyRef:`
			`name: vault-init`
			`key: root_token`
vault: use static token reviewer 2026-01-15 02:14:08 -03:00			`- name: VAULT_K8S_TOKEN_REVIEWER_JWT_FILE`
			`value: /var/run/secrets/vault-token-reviewer/token`
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`- name: VAULT_K8S_ROLE_TTL`
			`value: 1h`
			`volumeMounts:`
			`- name: k8s-auth-config-script`
			`mountPath: /scripts`
			`readOnly: true`
vault: use static token reviewer 2026-01-15 02:14:08 -03:00			`- name: token-reviewer`
			`mountPath: /var/run/secrets/vault-token-reviewer`
			`readOnly: true`
feat: start vault consumption for outline and planka 2026-01-14 01:30:41 -03:00			`volumes:`
			`- name: k8s-auth-config-script`
			`configMap:`
			`name: vault-k8s-auth-config-script`
			`defaultMode: 0555`
vault: use static token reviewer 2026-01-15 02:14:08 -03:00			`- name: token-reviewer`
			`secret:`
			`secretName: vault-admin-token-reviewer`