2026-01-14 01:07:47 -03:00
|
|
|
# services/keycloak/harbor-oidc-secret-ensure-job.yaml
|
|
|
|
|
apiVersion: batch/v1
|
|
|
|
|
kind: Job
|
|
|
|
|
metadata:
|
2026-01-14 13:42:08 -03:00
|
|
|
name: harbor-oidc-secret-ensure-6
|
2026-01-14 01:07:47 -03:00
|
|
|
namespace: sso
|
|
|
|
|
spec:
|
|
|
|
|
backoffLimit: 0
|
|
|
|
|
ttlSecondsAfterFinished: 3600
|
|
|
|
|
template:
|
2026-01-14 13:20:57 -03:00
|
|
|
metadata:
|
|
|
|
|
annotations:
|
|
|
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
|
|
|
vault.hashicorp.com/role: "sso-secrets"
|
|
|
|
|
vault.hashicorp.com/agent-inject-secret-keycloak-admin-env.sh: "kv/data/atlas/shared/keycloak-admin"
|
|
|
|
|
vault.hashicorp.com/agent-inject-template-keycloak-admin-env.sh: |
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ with secret "kv/data/atlas/shared/keycloak-admin" }}
|
2026-01-14 13:20:57 -03:00
|
|
|
export KEYCLOAK_ADMIN="{{ .Data.data.username }}"
|
|
|
|
|
export KEYCLOAK_ADMIN_USER="{{ .Data.data.username }}"
|
|
|
|
|
export KEYCLOAK_ADMIN_PASSWORD="{{ .Data.data.password }}"
|
2026-01-14 13:40:29 -03:00
|
|
|
{{ end }}
|
2026-01-14 01:07:47 -03:00
|
|
|
spec:
|
|
|
|
|
serviceAccountName: mas-secrets-ensure
|
|
|
|
|
restartPolicy: Never
|
2026-01-14 01:21:08 -03:00
|
|
|
volumes:
|
|
|
|
|
- name: harbor-oidc-secret-ensure-script
|
|
|
|
|
configMap:
|
|
|
|
|
name: harbor-oidc-secret-ensure-script
|
|
|
|
|
defaultMode: 0555
|
2026-01-14 01:07:47 -03:00
|
|
|
affinity:
|
|
|
|
|
nodeAffinity:
|
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
nodeSelectorTerms:
|
|
|
|
|
- matchExpressions:
|
|
|
|
|
- key: kubernetes.io/arch
|
|
|
|
|
operator: In
|
|
|
|
|
values: ["arm64"]
|
|
|
|
|
- key: node-role.kubernetes.io/worker
|
|
|
|
|
operator: Exists
|
|
|
|
|
containers:
|
|
|
|
|
- name: apply
|
|
|
|
|
image: alpine:3.20
|
2026-01-14 01:21:08 -03:00
|
|
|
command: ["/scripts/harbor_oidc_secret_ensure.sh"]
|
|
|
|
|
volumeMounts:
|
|
|
|
|
- name: harbor-oidc-secret-ensure-script
|
|
|
|
|
mountPath: /scripts
|
|
|
|
|
readOnly: true
|
