# services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml apiVersion: batch/v1 kind: CronJob metadata: name: vaultwarden-cred-sync namespace: bstein-dev-home spec: schedule: "*/15 * * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 3 jobTemplate: spec: backoffLimit: 0 template: spec: serviceAccountName: bstein-dev-home restartPolicy: Never nodeSelector: kubernetes.io/arch: arm64 node-role.kubernetes.io/worker: "true" imagePullSecrets: - name: harbor-bstein-robot containers: - name: sync image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-92 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"} imagePullPolicy: Always command: ["/bin/sh", "-c"] args: - >- . /vault/scripts/bstein_dev_home_vault_env.sh && exec python /scripts/vaultwarden_cred_sync.py env: - name: PYTHONPATH value: /app - name: KEYCLOAK_ENABLED value: "true" - name: KEYCLOAK_REALM value: atlas - name: KEYCLOAK_ADMIN_URL value: http://keycloak.sso.svc.cluster.local - name: KEYCLOAK_ADMIN_REALM value: atlas - name: KEYCLOAK_ADMIN_CLIENT_ID value: bstein-dev-home-admin - name: HTTP_CHECK_TIMEOUT_SEC value: "20" volumeMounts: - name: vaultwarden-cred-sync-script mountPath: /scripts readOnly: true - name: vault-secrets mountPath: /vault/secrets readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true volumes: - name: vaultwarden-cred-sync-script configMap: name: vaultwarden-cred-sync-script defaultMode: 0555 - name: vault-secrets csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: bstein-dev-home-vault - name: vault-scripts configMap: name: bstein-dev-home-vault-env defaultMode: 0555