-
Notifications
You must be signed in to change notification settings - Fork 0
/
cronjob.yaml
89 lines (89 loc) · 2.86 KB
/
cronjob.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: pi-cleaner
spec:
schedule: "0 5 * * *" # every night at midnight
jobTemplate:
spec:
template:
spec:
containers:
- name: pi-cleaner
image: icr.io/git-defenders/detect-secrets-stream:latest
imagePullPolicy: IfNotPresent
command: ["python"]
args: ["-m", "detect_secrets_stream.pi_cleaner.pi_cleaner"]
env:
- name: GD_PRI_KEY_FILENAME
value: "/gd-pri-key/encryption.key"
- name: GD_PUB_KEY_FILENAME
value: "/gd-pub-key/encryption.key.pub"
- name: GD_DC_IV_FILENAME
value: "/gd-dc-secret/dc_iv_file"
- name: GD_DC_KEY_FILENAME
value: "/gd-dc-secret/dc_key_file"
- name: GD_DB_CONF
value: "/gd-db-conf/gd_db.conf"
- name: GD_IAM_CONF_FILENAME
value: "/gd-secret/iam.conf"
- name: GD_HMAC_KEY_FILENAME
value: "/gd-secret/hmac.key"
- name: GD_VAULT_CONF
value: "/gd-secret/vault.prod.conf"
- name: DAYS_SINCE_REMEDIATION_TO_DELETE
value: "7"
volumeMounts:
- name: gd-pri-key
mountPath: "/gd-pri-key"
readOnly: true
- name: gd-pub-key
mountPath: "/gd-pub-key"
readOnly: true
- name: gd-dc-secret
mountPath: "/gd-dc-secret"
readOnly: true
- name: gd-db-conf
mountPath: "/gd-db-conf"
readOnly: true
- name: gd-secret
mountPath: "/gd-secret"
readOnly: true
volumes:
- name: gd-pri-key
secret:
secretName: gd-pri-key
items:
- key: encryption.key
path: encryption.key
- name: gd-pub-key
secret:
secretName: gd-pub-key
items:
- key: encryption.key.pub
path: encryption.key.pub
- name: gd-dc-secret
secret:
secretName: gd-dc-secret
items:
- key: dc_iv_file
path: dc_iv_file
- key: dc_key_file
path: dc_key_file
- name: gd-db-conf
secret:
secretName: gd-db-conf
items:
- key: gd_db.conf
path: gd_db.conf
- name: gd-secret
secret:
secretName: gd-secret-1.0.0
items:
- key: hmac_key
path: hmac.key
- key: iam_conf
path: iam.conf
- key: vault_prod_conf
path: vault.prod.conf
restartPolicy: OnFailure