apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: crls
  namespace: atat
spec:
  schedule: "0 * * * *"
  concurrencyPolicy: Replace
  successfulJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        metadata:
          labels:
            app: atst
            role: crl-sync
            aadpodidbinding: atat-kv-id-binding
        spec:
          restartPolicy: OnFailure
          containers:
          - name: crls
            image: $CONTAINER_IMAGE
            command: [
              "/bin/sh", "-c"
            ]
            args: [
              "/opt/atat/atst/script/sync-crls",
            ]
            envFrom:
            - configMapRef:
                name: atst-envvars
            - configMapRef:
                name: atst-worker-envvars
            volumeMounts:
              - name: crls-vol
                mountPath: "/opt/atat/atst/crls"
              - name: flask-secret
                mountPath: "/config"
          volumes:
            - name: crls-vol
              persistentVolumeClaim:
                claimName: crls-vol-claim
            - name: flask-secret
              flexVolume:
                driver: "azure/kv"
                options:
                  usepodidentity: "true"
                  keyvaultname: "atat-vault-test"
                  keyvaultobjectnames: "master-AZURE-STORAGE-KEY;master-MAIL-PASSWORD;master-PGPASSWORD;master-REDIS-PASSWORD;master-SECRET-KEY"
                  keyvaultobjectaliases: "AZURE_STORAGE_KEY;MAIL_PASSWORD;PGPASSWORD;REDIS_PASSWORD;SECRET_KEY"
                  keyvaultobjecttypes: "secret;secret;secret;secret;key"
                  tenantid: $TENANT_ID