64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
# services/finance/finance-secrets-ensure-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: finance-secrets-ensure-4
|
|
namespace: finance
|
|
spec:
|
|
backoffLimit: 1
|
|
ttlSecondsAfterFinished: 3600
|
|
template:
|
|
spec:
|
|
serviceAccountName: finance-secrets-ensure
|
|
restartPolicy: Never
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
preference:
|
|
matchExpressions:
|
|
- key: hardware
|
|
operator: In
|
|
values: ["rpi5"]
|
|
- weight: 70
|
|
preference:
|
|
matchExpressions:
|
|
- key: hardware
|
|
operator: In
|
|
values: ["rpi4"]
|
|
nodeSelector:
|
|
kubernetes.io/arch: arm64
|
|
node-role.kubernetes.io/worker: "true"
|
|
containers:
|
|
- name: ensure
|
|
image: python:3.11-alpine
|
|
command: ["/bin/sh", "-c"]
|
|
args:
|
|
- |
|
|
set -e
|
|
exec python /scripts/finance_secrets_ensure.py
|
|
env:
|
|
- name: VAULT_ROLE
|
|
value: finance-secrets
|
|
volumeMounts:
|
|
- name: finance-secrets-ensure-script
|
|
mountPath: /scripts
|
|
readOnly: true
|
|
- name: firefly-db
|
|
mountPath: /secrets/firefly-db
|
|
readOnly: true
|
|
- name: actualbudget-db
|
|
mountPath: /secrets/actualbudget-db
|
|
readOnly: true
|
|
volumes:
|
|
- name: finance-secrets-ensure-script
|
|
configMap:
|
|
name: finance-secrets-ensure-script
|
|
defaultMode: 0555
|
|
- name: firefly-db
|
|
secret:
|
|
secretName: firefly-db
|
|
- name: actualbudget-db
|
|
secret:
|
|
secretName: actualbudget-db
|