cluster-deployments/manifests/ara-server-cronjob.yml

68 lines
1.7 KiB
YAML
Raw Permalink Normal View History

2023-07-29 13:37:44 +00:00
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cronjob-serviceaccount
namespace: ara
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-patch-role
namespace: ara
rules:
- apiGroups: ["", "extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-patch-rolebinding
namespace: ara
subjects:
- kind: ServiceAccount
name: cronjob-serviceaccount
namespace: ara
roleRef:
kind: Role
name: ingress-patch-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: update-ingress-whitelist
namespace: ara
spec:
schedule: '@hourly'
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
serviceAccountName: cronjob-serviceaccount
restartPolicy: Never
containers:
- name: update-ingress-whitelist
image: portainer/kubectl-shell
command:
- /bin/bash
- -c
- |
date
DOMAIN=smark.ddns.net
while true; do
IP=$(nslookup $DOMAIN | grep -A1 $DOMAIN | awk 'END {print $NF}')
[[ -n "$IP" ]] && break
sleep 10
done
set -x
kubectl -n ara patch ingress ara-ara-server-ingress --type='json' --patch='[
{
"op": "replace",
"path": "/metadata/annotations/nginx.ingress.kubernetes.io~1whitelist-source-range",
"value":"'$IP'"
}
]'