feat: add cronjob to sync asp.net sso keys

resources/oceanbox-cluster/redis-sso-sync-cronjob.yaml

@@ -0,0 +1,63 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: sync-dataprotection-keys
+  namespace: redis
+spec:
+  schedule: "0 12 14 * *" # at noon the 14th of every month
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: sync
+            image: redis
+            command: [ "/bin/sh", "/script/sync.sh" ]
+            env:
+            - name: PROD_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: prod-redis
+                  key: redis-password
+            - name: STAGING_REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: staging-redis
+                  key: redis-password
+            volumeMounts:
+            - name: script
+              mountPath: /script
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: false
+              runAsGroup: 0
+              runAsNonRoot: true
+              runAsUser: 1001
+              seccompProfile:
+                type: RuntimeDefault
+          securityContext:
+            fsGroup: 1001
+            fsGroupChangePolicy: Always
+          volumes:
+            - name: script
+              configMap:
+                name: sync-dataprotection-keys-script
+                defaultMode: 0500
+          restartPolicy: Never
+      backoffLimit: 4
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sync-dataprotection-keys-script
+  namespace: redis
+data:
+  sync.sh: |-
+    #!/bin/sh
+    redis-cli -h prod-redis-master -a $PROD_REDIS_PASSWORD -D "" --raw dump DataProtection-Keys |\
+    redis-cli -h staging-redis-master -a $STAGING_REDIS_PASSWORD -X keys restore DataProtection-Keys 0 keys replace
+
+