titan-iac/services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml

# services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
  name: vaultwarden-cred-sync
  namespace: bstein-dev-home
spec:
  schedule: "*/15 * * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 1
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      backoffLimit: 0
      template:
        spec:
          serviceAccountName: bstein-dev-home
          restartPolicy: Never
          nodeSelector:
            kubernetes.io/arch: arm64
            node-role.kubernetes.io/worker: "true"
          imagePullSecrets:
            - name: harbor-regcred
          containers:
            - name: sync
              image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-92 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}
              imagePullPolicy: Always
              command: ["/bin/sh", "-c"]
              args:
                - >-
                  . /vault/scripts/bstein_dev_home_vault_env.sh
                  && exec python /scripts/vaultwarden_cred_sync.py
              env:
                - name: PYTHONPATH
                  value: /app
                - name: KEYCLOAK_ENABLED
                  value: "true"
                - name: KEYCLOAK_REALM
                  value: atlas
                - name: KEYCLOAK_ADMIN_URL
                  value: http://keycloak.sso.svc.cluster.local
                - name: KEYCLOAK_ADMIN_REALM
                  value: atlas
                - name: KEYCLOAK_ADMIN_CLIENT_ID
                  value: bstein-dev-home-admin
                - name: HTTP_CHECK_TIMEOUT_SEC
                  value: "20"
              volumeMounts:
                - name: vaultwarden-cred-sync-script
                  mountPath: /scripts
                  readOnly: true
                - name: vault-secrets
                  mountPath: /vault/secrets
                  readOnly: true
                - name: vault-scripts
                  mountPath: /vault/scripts
                  readOnly: true
          volumes:
            - name: vaultwarden-cred-sync-script
              configMap:
                name: vaultwarden-cred-sync-script
                defaultMode: 0555
            - name: vault-secrets
              csi:
                driver: secrets-store.csi.k8s.io
                readOnly: true
                volumeAttributes:
                  secretProviderClass: bstein-dev-home-vault
            - name: vault-scripts
              configMap:
                name: bstein-dev-home-vault-env
                defaultMode: 0555
sso: provision vaultwarden users 2026-01-02 21:03:44 -03:00			`# services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml`
			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: vaultwarden-cred-sync`
			`namespace: bstein-dev-home`
			`spec:`
			`schedule: "/15 * * *"`
			`concurrencyPolicy: Forbid`
			`successfulJobsHistoryLimit: 1`
			`failedJobsHistoryLimit: 3`
			`jobTemplate:`
			`spec:`
			`backoffLimit: 0`
			`template:`
			`spec:`
			`serviceAccountName: bstein-dev-home`
			`restartPolicy: Never`
			`nodeSelector:`
			`kubernetes.io/arch: arm64`
			`node-role.kubernetes.io/worker: "true"`
			`imagePullSecrets:`
vault: sync harbor pulls 2026-01-14 10:07:31 -03:00			`- name: harbor-regcred`
sso: provision vaultwarden users 2026-01-02 21:03:44 -03:00			`containers:`
			`- name: sync`
chore(bstein-dev-home): automated image update 2026-01-13 12:48:56 +00:00			`image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-92 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}`
sso: provision vaultwarden users 2026-01-02 21:03:44 -03:00			`imagePullPolicy: Always`
vault: wire more services to CSI 2026-01-14 02:54:59 -03:00			`command: ["/bin/sh", "-c"]`
			`args:`
			`- >-`
			`. /vault/scripts/bstein_dev_home_vault_env.sh`
			`&& exec python /scripts/vaultwarden_cred_sync.py`
sso: provision vaultwarden users 2026-01-02 21:03:44 -03:00			`env:`
portal: fix vaultwarden sync job env 2026-01-02 21:11:21 -03:00			`- name: PYTHONPATH`
			`value: /app`
sso: provision vaultwarden users 2026-01-02 21:03:44 -03:00			`- name: KEYCLOAK_ENABLED`
			`value: "true"`
			`- name: KEYCLOAK_REALM`
			`value: atlas`
			`- name: KEYCLOAK_ADMIN_URL`
			`value: http://keycloak.sso.svc.cluster.local`
			`- name: KEYCLOAK_ADMIN_REALM`
			`value: atlas`
			`- name: KEYCLOAK_ADMIN_CLIENT_ID`
			`value: bstein-dev-home-admin`
			`- name: HTTP_CHECK_TIMEOUT_SEC`
			`value: "20"`
			`volumeMounts:`
			`- name: vaultwarden-cred-sync-script`
			`mountPath: /scripts`
			`readOnly: true`
vault: wire more services to CSI 2026-01-14 02:54:59 -03:00			`- name: vault-secrets`
			`mountPath: /vault/secrets`
			`readOnly: true`
			`- name: vault-scripts`
			`mountPath: /vault/scripts`
			`readOnly: true`
sso: provision vaultwarden users 2026-01-02 21:03:44 -03:00			`volumes:`
			`- name: vaultwarden-cred-sync-script`
			`configMap:`
			`name: vaultwarden-cred-sync-script`
			`defaultMode: 0555`
vault: wire more services to CSI 2026-01-14 02:54:59 -03:00			`- name: vault-secrets`
			`csi:`
			`driver: secrets-store.csi.k8s.io`
			`readOnly: true`
			`volumeAttributes:`
			`secretProviderClass: bstein-dev-home-vault`
			`- name: vault-scripts`
			`configMap:`
			`name: bstein-dev-home-vault-env`
			`defaultMode: 0555`