73 lines
2.5 KiB
YAML
73 lines
2.5 KiB
YAML
# services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: vaultwarden-cred-sync
|
|
namespace: bstein-dev-home
|
|
spec:
|
|
schedule: "*/15 * * * *"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 1
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
backoffLimit: 0
|
|
template:
|
|
spec:
|
|
serviceAccountName: bstein-dev-home
|
|
restartPolicy: Never
|
|
nodeSelector:
|
|
kubernetes.io/arch: arm64
|
|
node-role.kubernetes.io/worker: "true"
|
|
imagePullSecrets:
|
|
- name: harbor-regcred
|
|
containers:
|
|
- name: sync
|
|
image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-92 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}
|
|
imagePullPolicy: Always
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- >-
|
|
. /vault/scripts/bstein_dev_home_vault_env.sh
|
|
&& exec python /scripts/vaultwarden_cred_sync.py
|
|
env:
|
|
- name: PYTHONPATH
|
|
value: /app
|
|
- name: KEYCLOAK_ENABLED
|
|
value: "true"
|
|
- name: KEYCLOAK_REALM
|
|
value: atlas
|
|
- name: KEYCLOAK_ADMIN_URL
|
|
value: http://keycloak.sso.svc.cluster.local
|
|
- name: KEYCLOAK_ADMIN_REALM
|
|
value: atlas
|
|
- name: KEYCLOAK_ADMIN_CLIENT_ID
|
|
value: bstein-dev-home-admin
|
|
- name: HTTP_CHECK_TIMEOUT_SEC
|
|
value: "20"
|
|
volumeMounts:
|
|
- name: vaultwarden-cred-sync-script
|
|
mountPath: /scripts
|
|
readOnly: true
|
|
- name: vault-secrets
|
|
mountPath: /vault/secrets
|
|
readOnly: true
|
|
- name: vault-scripts
|
|
mountPath: /vault/scripts
|
|
readOnly: true
|
|
volumes:
|
|
- name: vaultwarden-cred-sync-script
|
|
configMap:
|
|
name: vaultwarden-cred-sync-script
|
|
defaultMode: 0555
|
|
- name: vault-secrets
|
|
csi:
|
|
driver: secrets-store.csi.k8s.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
secretProviderClass: bstein-dev-home-vault
|
|
- name: vault-scripts
|
|
configMap:
|
|
name: bstein-dev-home-vault-env
|
|
defaultMode: 0555
|