Skip to content

Instantly share code, notes, and snippets.

@infamousjoeg

infamousjoeg/k8s-secrets-crontjob.yaml

Last active March 7, 2022 22:13
Show Gist options
  • Save infamousjoeg/15e8c445982d1dab4e2b6fd719414bdd to your computer and use it in GitHub Desktop.
Save infamousjoeg/15e8c445982d1dab4e2b6fd719414bdd to your computer and use it in GitHub Desktop.
Download ZIP
CyberArk Conjur Kubernetes Secrets Provider as a CronJob
Raw
k8s-secrets-crontjob.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: k8s-secrets-provider-account
namespace: conjur
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: secrets-access
namespace: conjur
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: [ "get", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: conjur
name: secrets-access-binding
subjects:
- kind: ServiceAccount
namespace: conjur
name: k8s-secrets-provider-account
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: secrets-access
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: k8s-secrets-app2
namespace: conjur
spec:
schedule: "* * * * *"
jobTemplate:
spec:
template:
spec:
serviceAccountName: k8s-secrets-provider-account
containers:
- name: k8s-secrets-provider-namespace
image: cyberark/secrets-provider-for-k8s:latest
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: conjur-connect
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CONJUR_AUTHN_LOGIN
value: "host/cd/kubernetes/dev-team-1/k8s-secrets-app2"
- name: SECRETS_DESTINATION
value: k8s_secrets
- name: K8S_SECRETS
value: synched-secrets
restartPolicy: OnFailure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment