79 lines
2.2 KiB
YAML
79 lines
2.2 KiB
YAML
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: updatebot
|
|
labels: &labels
|
|
app.kubernetes.io/name: updatebot
|
|
spec:
|
|
schedule: 32 6 * * 6
|
|
timeZone: America/Chicago
|
|
concurrencyPolicy: Forbid
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels: *labels
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: updatebot
|
|
image: git.pyrocufflink.net/infra/updatebot
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- mountPath: /etc/ssh/ssh_known_hosts
|
|
name: ssh-known-hosts
|
|
readOnly: true
|
|
subPath: ssh_known_hosts
|
|
- mountPath: /home/bot/.config/updatebot
|
|
name: updatebot-config
|
|
readOnly: true
|
|
- mountPath: /home/bot/.ssh
|
|
name: updatebot-ssh
|
|
readOnly: true
|
|
- mountPath: /run/secrets/updatebot
|
|
name: updatebot-secrets
|
|
readOnly: true
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
subPath: tmp
|
|
- mountPath: /usr/bin/diff
|
|
name: diff
|
|
readOnly: true
|
|
- mountPath: /usr/bin/kubectl
|
|
name: kubectl
|
|
readOnly: true
|
|
nodeSelector:
|
|
kubernetes.io/arch: amd64
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
fsGroup: 25167
|
|
serviceAccountName: updatebot
|
|
volumes:
|
|
- name: diff
|
|
hostPath:
|
|
path: /usr/bin/diff
|
|
type: File
|
|
- name: kubectl
|
|
hostPath:
|
|
path: /usr/bin/kubectl
|
|
type: File
|
|
- name: ssh-known-hosts
|
|
configMap:
|
|
name: ssh-known-hosts
|
|
- name: tmp
|
|
emptyDir:
|
|
medium: Memory
|
|
- name: updatebot-config
|
|
configMap:
|
|
name: updatebot-projects
|
|
- name: updatebot-secrets
|
|
secret:
|
|
secretName: updatebot
|
|
defaultMode: 0640
|
|
- name: updatebot-ssh
|
|
secret:
|
|
secretName: updatebot-ssh
|
|
defaultMode: 0640
|