-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
-
2
-
False
-
-
False
-
-
-
DFG Security: UC Sprint 100, DFG Security: UC Sprint 101
-
2
Before implementing it in the keystone operator, let's create a cron job definition for testing purposes, this might be the starting point:
---
kind: CronJob
apiVersion: batch/v1beta1
metadata:
annotations:
name: <fernet-key-rotation-job-name>
namespace: <namespace>
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 1
jobTemplate:
metadata:
creationTimestamp: null
spec:
template:
metadata:
creationTimestamp: null
spec:
serviceAccountName: <service-account>
containers:
- command:
- /bin/sh
- -c
- |-
kubectl delete secret -n {{ namespace }} --ignore-not-found $SECRET_NAME
kubectl create secret -n {{ namespace }} <type> $SECRET_NAME
echo "Secret $SECRET_NAME created."
kubectl patch secret ...
echo "All done."
env:
- name: SECRET_NAME
value: '<fernet-token-secret>'
image: <kubectl + keystone-manage image>
imagePullPolicy: IfNotPresent
name: <pod-name>
resources: {}
securityContext:
capabilities: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: Default
hostNetwork: true
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
schedule: < cron schedule >
successfulJobsHistoryLimit: 3
suspend: false
- is depended on by
-
-
- Closed
-
