- Create a user for the pods that will call the OpenShift API
oc create sa rest-api-user
- Assign the user privileges. Note: This is an example, a lesser set of permissions should be used where possible
oc policy add-role-to-user admin -z rest-api-edit
- Launch the controller job
cat <<EOF | oc create -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller
labels:
app: controller
spec:
replicas: 1
selector:
matchLabels:
app: controller
template:
metadata:
labels:
app: controller
spec:
securityContext: {}
serviceAccount: rest-api-user
serviceAccountName: rest-api-user
containers:
- image: quay.io/danclark/oc-cli:4.9.17
imagePullPolicy: Always
name: controller
command:
- 'sleep'
args:
- 'infinity'
EOF
- Inside the controller container, call the OpenShift API using the service account user's token:
cat <<EOF | oc create -f
---
kind: Job
metadata:
name: pi
spec:
parallelism: 1
completions: 1
activeDeadlineSeconds: 1800
backoffLimit: 6
template:
metadata:
name: pi
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: OnFailure
EOF