80 lines
1.8 KiB
YAML
80 lines
1.8 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: cert-exporter
|
|
namespace: cert-manager
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: cert-exporter
|
|
rules:
|
|
- apiGroups:
|
|
- ''
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
resourceNames:
|
|
- pyrocufflink-cert
|
|
- dustinhatchname-cert
|
|
- dustinandtabitha-cert
|
|
- hlc-cert
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: cert-exporter
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: cert-exporter
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: cert-exporter
|
|
namespace: cert-manager
|
|
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: cert-exporter
|
|
namespace: cert-manager
|
|
spec:
|
|
timeZone: America/Chicago
|
|
schedule: '27 9,20 * * *'
|
|
jobTemplate: &jobtemplate
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- image: git.pyrocufflink.net/containerimages/cert-exporter
|
|
name: cert-exporter
|
|
volumeMounts:
|
|
- mountPath: /etc/cert-exporter/config.yml
|
|
name: config
|
|
subPath: config.yml
|
|
readOnly: true
|
|
- mountPath: /home/cert-exporter/.ssh/id_ed25519
|
|
name: sshkeys
|
|
subPath: cert-exporter.pem
|
|
readOnly: true
|
|
- mountPath: /etc/ssh/ssh_known_hosts
|
|
name: sshkeys
|
|
subPath: ssh_known_hosts
|
|
readOnly: true
|
|
securityContext:
|
|
fsGroup: 1000
|
|
serviceAccount: cert-exporter
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: cert-exporter
|
|
- name: sshkeys
|
|
secret:
|
|
secretName: cert-exporter-sshkey
|
|
defaultMode: 00440
|
|
restartPolicy: Never
|