62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: forgejo-secret-sync
|
|
spec:
|
|
schedule: "0 0 * * *"
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: secret-sync
|
|
image: library/python:3
|
|
command:
|
|
- bash
|
|
- -c
|
|
- pip install requests && python /code/forgejo-secret-sync.py
|
|
env:
|
|
- name: REPO_MAPPINGS
|
|
value: |
|
|
[
|
|
{"k8s_name": "infra-deployer", "owner": "JankySolutions", "repo": "infra"}
|
|
]
|
|
envFrom:
|
|
- secretRef:
|
|
name: forgejo-secret-sync
|
|
volumeMounts:
|
|
- name: code
|
|
mountPath: /code
|
|
- name: host-tls
|
|
mountPath: /var/lib/rancher/k3s/server/tls
|
|
restartPolicy: OnFailure
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: In
|
|
values: ["true"]
|
|
volumes:
|
|
- name: code
|
|
configMap:
|
|
name: forgejo-secret-sync
|
|
- name: host-tls
|
|
hostPath:
|
|
path: /var/lib/rancher/k3s/server/tls
|
|
---
|
|
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: forgejo-secret-sync
|
|
spec:
|
|
secretStoreRef:
|
|
kind: SecretStore
|
|
name: openbao
|
|
target:
|
|
name: forgejo-secret-sync
|
|
creationPolicy: Owner
|
|
dataFrom:
|
|
- extract:
|
|
key: forgejo/default/secret-sync
|