Make the kubeflow-m2m-oidc-configurator a CronJob

Signed-off-by: Krzysztof Romanowski <krzysztof.romanowski.kr3@roche.com>
kubeflow · Apr 11, 2024 · 65932a6 · 65932a6
1 parent 9fa11e0
commit 65932a6
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 42 deletions.
diff --git a/.../configure-self-signed-kubernetes-oidc-issuer/cronjob.kubeflow-m2m-oidc-configurator.yaml b/.../configure-self-signed-kubernetes-oidc-issuer/cronjob.kubeflow-m2m-oidc-configurator.yaml
@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kubeflow-m2m-oidc-configurator
+  namespace: istio-system
+spec:
+  schedule: '* * * * *'
+  jobTemplate:
+    spec:
+      ttlSecondsAfterFinished: 60
+      template:
+        metadata:
+          labels: {}
+        spec:
+          restartPolicy: OnFailure
+          serviceAccountName: kubeflow-m2m-oidc-configurator
+          containers:
+            - image: curlimages/curl
+              name: kubeflow-m2m-oidc-configurator
+              command:
+                - /script.sh
+              envFrom:
+                - configMapRef:
+                    name: kubeflow-m2m-oidc-configurator-envs
+              volumeMounts:
+                - mountPath: /script.sh
+                  name: script
+                  subPath: script.sh
+              resources: {}
+          volumes:
+            - name: script
+              configMap:
+                name: kubeflow-m2m-oidc-configurator-script
+                defaultMode: 0777
+                items:
+                  - key: script.sh
+                    path: script.sh
diff --git a/...netes-oidc-issuer/job.configure-kubernetes-oidc-issuer-jwks-in-requestauthentication.yaml b/...netes-oidc-issuer/job.configure-kubernetes-oidc-issuer-jwks-in-requestauthentication.yaml
diff --git a/...t/oauth2-proxy/components/configure-self-signed-kubernetes-oidc-issuer/kustomization.yaml b/...t/oauth2-proxy/components/configure-self-signed-kubernetes-oidc-issuer/kustomization.yaml
@@ -2,16 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 
 resources:
-- job.configure-kubernetes-oidc-issuer-jwks-in-requestauthentication.yaml
+- cronjob.kubeflow-m2m-oidc-configurator.yaml
 - rbac.yaml
 
 configMapGenerator:
-- name: configure-self-signed-kubernetes-oidc-issuer-script
+- name: kubeflow-m2m-oidc-configurator-script
   namespace: istio-system
   files:
   - script.sh=script.sh
 
-- name: configure-self-signed-kubernetes-oidc-issuer-envs
+- name: kubeflow-m2m-oidc-configurator-envs
   namespace: istio-system
   literals:
   - ISTIO_ROOT_NAMESPACE=istio-system

diff --git a/...idc-client/oauth2-proxy/components/configure-self-signed-kubernetes-oidc-issuer/rbac.yaml b/...idc-client/oauth2-proxy/components/configure-self-signed-kubernetes-oidc-issuer/rbac.yaml
@@ -1,14 +1,14 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: self-signed-kubernetes-oidc-issuer-configurator
+  name: kubeflow-m2m-oidc-configurator
   namespace: istio-system
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: self-signed-kubernetes-oidc-issuer-configurator
+  name: kubeflow-m2m-oidc-configurator
   namespace: istio-system
 rules:
   - apiGroups:
@@ -23,13 +23,13 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: self-signed-kubernetes-oidc-issuer-configurator
+  name: kubeflow-m2m-oidc-configurator
   namespace: istio-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: self-signed-kubernetes-oidc-issuer-configurator
+  name: kubeflow-m2m-oidc-configurator
 subjects:
   - kind: ServiceAccount
-    name: self-signed-kubernetes-oidc-issuer-configurator
+    name: kubeflow-m2m-oidc-configurator
     namespace: istio-system