ai-workspace-infra/artifacts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eb7f01e0ac
artifacts/oci/charts/infra/platform/k3s/templates/shared-tls-secret-sync.yaml

84 lines
2.2 KiB
YAML
Raw Blame History

{{- with .Values.components.sharedTlsSecretSync }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .name }}
namespace: {{ $.Values.namespaces.platform }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .name }}-source
namespace: {{ .sourceNamespace }}
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["{{ .sourceSecretName }}"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .name }}-target
namespace: {{ .targetNamespace }}
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["{{ .targetSecretName }}"]
verbs: ["get", "create", "update", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .name }}-source
namespace: {{ .sourceNamespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .name }}-source
subjects:
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ $.Values.namespaces.platform }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .name }}-target
namespace: {{ .targetNamespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .name }}-target
subjects:
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ $.Values.namespaces.platform }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ .name }}
namespace: {{ $.Values.namespaces.platform }}
spec:
schedule: {{ .refreshSchedule | quote }}
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
serviceAccountName: {{ .name }}
restartPolicy: OnFailure
containers:
- name: sync
image: bitnami/kubectl:latest
command:
- /bin/sh
- -ec
- |
tmp=$(mktemp)
kubectl -n {{ .sourceNamespace }} get secret {{ .sourceSecretName }} -o yaml \
| sed '/^ resourceVersion:/d;/^ uid:/d;/^ creationTimestamp:/d;/^ managedFields:/d;/^ annotations:/d;/^ ownerReferences:/d;/^ namespace:/d;/^ selfLink:/d' \
| kubectl -n {{ .targetNamespace }} apply -f -
{{- end }}
Reference in New Issue View Git Blame Copy Permalink