infra/k8s/forgejo/forgejo-secret-sync.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  name: forgejo-secret-sync
spec:
  schedule: "0 0 * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: secret-sync
              image: library/python:3
              command:
                - bash
                - -c
                - pip install requests && python /code/forgejo-secret-sync.py
              env:
                - name: REPO_MAPPINGS
                  value: |
                    [
                      {"k8s_name": "infra-deployer", "owner": "JankySolutions", "repo": "infra"}
                    ]
              envFrom:
                - secretRef:
                    name: forgejo-secret-sync
              volumeMounts:
                - name: code
                  mountPath: /code
                - name: host-tls
                  mountPath: /var/lib/rancher/k3s/server/tls
          restartPolicy: OnFailure
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: node-role.kubernetes.io/control-plane
                        operator: In
                        values: ["true"]
          volumes:
            - name: code
              configMap:
                name: forgejo-secret-sync
            - name: host-tls
              hostPath:
                path: /var/lib/rancher/k3s/server/tls
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: forgejo-secret-sync
spec:
  secretStoreRef:
    kind: SecretStore
    name: openbao
  target:
    name: forgejo-secret-sync
    creationPolicy: Owner
  dataFrom:
    - extract:
        key: forgejo/default/secret-sync
begin work on autodeployer 2024-10-30 06:16:00 +00:00			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: forgejo-secret-sync`
			`spec:`
			`schedule: "0 0 * * *"`
			`jobTemplate:`
			`spec:`
			`template:`
			`spec:`
			`containers:`
			`- name: secret-sync`
			`image: library/python:3`
			`command:`
			`- bash`
			`- -c`
			`- pip install requests && python /code/forgejo-secret-sync.py`
			`env:`
			`- name: REPO_MAPPINGS`
			`value: \|`
			`[`
			`{"k8s_name": "infra-deployer", "owner": "JankySolutions", "repo": "infra"}`
			`]`
			`envFrom:`
			`- secretRef:`
			`name: forgejo-secret-sync`
			`volumeMounts:`
			`- name: code`
			`mountPath: /code`
			`- name: host-tls`
			`mountPath: /var/lib/rancher/k3s/server/tls`
			`restartPolicy: OnFailure`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: node-role.kubernetes.io/control-plane`
			`operator: In`
			`values: ["true"]`
			`volumes:`
			`- name: code`
			`configMap:`
			`name: forgejo-secret-sync`
			`- name: host-tls`
			`hostPath:`
			`path: /var/lib/rancher/k3s/server/tls`
			`---`
			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: forgejo-secret-sync`
			`spec:`
			`secretStoreRef:`
			`kind: SecretStore`
			`name: openbao`
			`target:`
			`name: forgejo-secret-sync`
			`creationPolicy: Owner`
			`dataFrom:`
			`- extract:`
			`key: forgejo/default/secret-sync`