64 lines
2.0 KiB
YAML
64 lines
2.0 KiB
YAML
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: openbao
|
|
app.kubernetes.io/instance: openbao
|
|
app.kubernetes.io/managed-by: Helm
|
|
name: openbao-snapshot
|
|
namespace: openbao
|
|
spec:
|
|
schedule: "0 4 * * *"
|
|
jobTemplate:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: openbao
|
|
app.kubernetes.io/instance: openbao
|
|
component: snapshot-agent
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: openbao
|
|
app.kubernetes.io/instance: openbao
|
|
component: snapshot-agent
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
serviceAccountName: openbao-snapshot
|
|
securityContext:
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
runAsNonRoot: true
|
|
runAsGroup: 1000
|
|
runAsUser: 100
|
|
fsGroup: 1000
|
|
containers:
|
|
- name: bao-snapshot
|
|
envFrom:
|
|
- configMapRef:
|
|
name: openbao-snapshot
|
|
env:
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
name: openbao-snapshot-secret
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: AWS_ACCESS_KEY_ID
|
|
name: openbao-snapshot-secret
|
|
image: ghcr.io/openbao/openbao-snapshot-agent:0.3.0@sha256:d7a8ca9d26b12cf226ce093b9051f243c53aefbb8a419b3dc0b554e7575c931c
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
volumeMounts:
|
|
- name: snapshot-dir
|
|
mountPath: /bao-snapshots
|
|
imagePullPolicy: IfNotPresent
|
|
volumes:
|
|
- name: snapshot-dir
|
|
emptyDir: {}
|