apiVersion: batch/v1 kind: CronJob metadata: name: updatebot-home-assistant labels: &labels app.kubernetes.io/name: updatebot-home-assistant spec: schedule: 32 6 * * 1 timeZone: America/Chicago concurrencyPolicy: Forbid jobTemplate: spec: template: metadata: labels: *labels spec: restartPolicy: Never containers: - name: updatebot image: git.pyrocufflink.net/infra/updatebot args: - --branch-name - updatebot/home-assistant securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/ssh/ssh_known_hosts name: ssh-known-hosts readOnly: true subPath: ssh_known_hosts - mountPath: /home/bot/.config/updatebot/config.toml name: updatebot-config readOnly: true subPath: home-assistant.toml - mountPath: /home/bot/.ssh name: updatebot-ssh readOnly: true - mountPath: /run/secrets/updatebot name: updatebot-secrets readOnly: true - mountPath: /tmp name: tmp subPath: tmp nodeSelector: kubernetes.io/arch: amd64 securityContext: runAsNonRoot: true fsGroup: 25167 volumes: - name: ssh-known-hosts configMap: name: ssh-known-hosts - name: tmp emptyDir: medium: Memory - name: updatebot-config configMap: name: updatebot-projects - name: updatebot-secrets secret: secretName: updatebot defaultMode: 0640 - name: updatebot-ssh secret: secretName: updatebot-ssh defaultMode: 0640 --- apiVersion: batch/v1 kind: CronJob metadata: name: updatebot-firefly-iii labels: &labels app.kubernetes.io/name: updatebot-firefly-iii spec: schedule: 33 6 * * 1 timeZone: America/Chicago concurrencyPolicy: Forbid jobTemplate: spec: template: metadata: labels: *labels spec: restartPolicy: Never containers: - name: updatebot image: git.pyrocufflink.net/infra/updatebot args: - --branch-name - updatebot/firefly-iii securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/ssh/ssh_known_hosts name: ssh-known-hosts readOnly: true subPath: ssh_known_hosts - mountPath: /home/bot/.config/updatebot/config.toml name: updatebot-config readOnly: true subPath: firefly-iii.toml - mountPath: /home/bot/.ssh name: updatebot-ssh readOnly: true - mountPath: /run/secrets/updatebot name: updatebot-secrets readOnly: true - mountPath: /tmp name: tmp subPath: tmp nodeSelector: kubernetes.io/arch: amd64 securityContext: runAsNonRoot: true fsGroup: 25167 volumes: - name: ssh-known-hosts configMap: name: ssh-known-hosts - name: tmp emptyDir: medium: Memory - name: updatebot-config configMap: name: updatebot-projects - name: updatebot-secrets secret: secretName: updatebot defaultMode: 0640 - name: updatebot-ssh secret: secretName: updatebot-ssh defaultMode: 0640 --- apiVersion: batch/v1 kind: CronJob metadata: name: updatebot-paperless-ngx labels: &labels app.kubernetes.io/name: updatebot-paperless-ngx spec: schedule: 34 6 * * 1 timeZone: America/Chicago concurrencyPolicy: Forbid jobTemplate: spec: template: metadata: labels: *labels spec: restartPolicy: Never containers: - name: updatebot image: git.pyrocufflink.net/infra/updatebot args: - --branch-name - updatebot/paperless-ngx securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/ssh/ssh_known_hosts name: ssh-known-hosts readOnly: true subPath: ssh_known_hosts - mountPath: /home/bot/.config/updatebot/config.toml name: updatebot-config readOnly: true subPath: paperless-ngx.toml - mountPath: /home/bot/.ssh name: updatebot-ssh readOnly: true - mountPath: /run/secrets/updatebot name: updatebot-secrets readOnly: true - mountPath: /tmp name: tmp subPath: tmp nodeSelector: kubernetes.io/arch: amd64 securityContext: runAsNonRoot: true fsGroup: 25167 volumes: - name: ssh-known-hosts configMap: name: ssh-known-hosts - name: tmp emptyDir: medium: Memory - name: updatebot-config configMap: name: updatebot-projects - name: updatebot-secrets secret: secretName: updatebot defaultMode: 0640 - name: updatebot-ssh secret: secretName: updatebot-ssh defaultMode: 0640