60 lines
2.0 KiB
YAML
60 lines
2.0 KiB
YAML
# services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: vaultwarden-cred-sync
|
|
namespace: bstein-dev-home
|
|
spec:
|
|
schedule: "*/15 * * * *"
|
|
concurrencyPolicy: Forbid
|
|
successfulJobsHistoryLimit: 1
|
|
failedJobsHistoryLimit: 3
|
|
jobTemplate:
|
|
spec:
|
|
backoffLimit: 0
|
|
template:
|
|
spec:
|
|
serviceAccountName: bstein-dev-home
|
|
restartPolicy: Never
|
|
nodeSelector:
|
|
kubernetes.io/arch: arm64
|
|
node-role.kubernetes.io/worker: "true"
|
|
imagePullSecrets:
|
|
- name: harbor-bstein-robot
|
|
containers:
|
|
- name: sync
|
|
image: registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-72 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}
|
|
imagePullPolicy: Always
|
|
command:
|
|
- python
|
|
- /scripts/vaultwarden_cred_sync.py
|
|
env:
|
|
- name: PYTHONPATH
|
|
value: /app
|
|
- name: KEYCLOAK_ENABLED
|
|
value: "true"
|
|
- name: KEYCLOAK_REALM
|
|
value: atlas
|
|
- name: KEYCLOAK_ADMIN_URL
|
|
value: http://keycloak.sso.svc.cluster.local
|
|
- name: KEYCLOAK_ADMIN_REALM
|
|
value: atlas
|
|
- name: KEYCLOAK_ADMIN_CLIENT_ID
|
|
value: bstein-dev-home-admin
|
|
- name: KEYCLOAK_ADMIN_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bstein-dev-home-keycloak-admin
|
|
key: client_secret
|
|
- name: HTTP_CHECK_TIMEOUT_SEC
|
|
value: "20"
|
|
volumeMounts:
|
|
- name: vaultwarden-cred-sync-script
|
|
mountPath: /scripts
|
|
readOnly: true
|
|
volumes:
|
|
- name: vaultwarden-cred-sync-script
|
|
configMap:
|
|
name: vaultwarden-cred-sync-script
|
|
defaultMode: 0555
|