titan-iac/services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml

# services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml
# One-off job for maintenance/k3s-traefik-cleanup-2.
# Purpose: k3s traefik cleanup 2 (see container args/env in this file).
# Run by setting spec.suspend to false, reconcile, then set it back to true.
# Safe to delete the finished Job/pod; it should not run continuously.
apiVersion: batch/v1
kind: Job
metadata:
  name: k3s-traefik-cleanup-2
  namespace: maintenance
spec:
  suspend: true
  backoffLimit: 1
  template:
    spec:
      serviceAccountName: k3s-traefik-cleanup
      restartPolicy: Never
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/worker
                    operator: Exists
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              preference:
                matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values: ["arm64"]
      containers:
        - name: cleanup
          image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
          command: ["/usr/bin/env", "bash"]
          args: ["/scripts/k3s_traefik_cleanup.sh"]
          volumeMounts:
            - name: script
              mountPath: /scripts
              readOnly: true
      volumes:
        - name: script
          configMap:
            name: k3s-traefik-cleanup-script
            defaultMode: 0555