From 7c18a9bfdb3ae48abfe66e1619b58fb70e4d9625 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Mon, 22 Apr 2024 12:40:52 +0200 Subject: [PATCH] feat: add cronjob to sync asp.net sso keys --- .../redis-sso-sync-cronjob.yaml | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 resources/oceanbox-cluster/redis-sso-sync-cronjob.yaml diff --git a/resources/oceanbox-cluster/redis-sso-sync-cronjob.yaml b/resources/oceanbox-cluster/redis-sso-sync-cronjob.yaml new file mode 100644 index 00000000..3b327a82 --- /dev/null +++ b/resources/oceanbox-cluster/redis-sso-sync-cronjob.yaml @@ -0,0 +1,63 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: sync-dataprotection-keys + namespace: redis +spec: + schedule: "0 12 14 * *" # at noon the 14th of every month + jobTemplate: + spec: + template: + spec: + containers: + - name: sync + image: redis + command: [ "/bin/sh", "/script/sync.sh" ] + env: + - name: PROD_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: prod-redis + key: redis-password + - name: STAGING_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: staging-redis + key: redis-password + volumeMounts: + - name: script + mountPath: /script + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + volumes: + - name: script + configMap: + name: sync-dataprotection-keys-script + defaultMode: 0500 + restartPolicy: Never + backoffLimit: 4 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sync-dataprotection-keys-script + namespace: redis +data: + sync.sh: |- + #!/bin/sh + redis-cli -h prod-redis-master -a $PROD_REDIS_PASSWORD -D "" --raw dump DataProtection-Keys |\ + redis-cli -h staging-redis-master -a $STAGING_REDIS_PASSWORD -X keys restore DataProtection-Keys 0 keys replace + +