48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
# services/keycloak/vault-oidc-secret-ensure-job.yaml
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: vault-oidc-secret-ensure-1
|
|
namespace: sso
|
|
spec:
|
|
backoffLimit: 0
|
|
ttlSecondsAfterFinished: 3600
|
|
template:
|
|
spec:
|
|
serviceAccountName: mas-secrets-ensure
|
|
restartPolicy: Never
|
|
volumes:
|
|
- name: vault-oidc-secret-ensure-script
|
|
configMap:
|
|
name: vault-oidc-secret-ensure-script
|
|
defaultMode: 0555
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/arch
|
|
operator: In
|
|
values: ["arm64"]
|
|
- key: node-role.kubernetes.io/worker
|
|
operator: Exists
|
|
containers:
|
|
- name: apply
|
|
image: alpine:3.20
|
|
command: ["/scripts/vault_oidc_secret_ensure.sh"]
|
|
env:
|
|
- name: KEYCLOAK_ADMIN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-admin
|
|
key: username
|
|
- name: KEYCLOAK_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: keycloak-admin
|
|
key: password
|
|
volumeMounts:
|
|
- name: vault-oidc-secret-ensure-script
|
|
mountPath: /scripts
|
|
readOnly: true
|