github.com/projectcontour/contour@v1.28.2/site/content/examples/authdemo/02-certsjob.yaml (about) 1 --- 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: contour-certgen 6 namespace: projectcontour-auth 7 --- 8 apiVersion: rbac.authorization.k8s.io/v1beta1 9 kind: RoleBinding 10 metadata: 11 name: contour 12 namespace: projectcontour-auth 13 roleRef: 14 apiGroup: rbac.authorization.k8s.io 15 kind: Role 16 name: contour-certgen 17 subjects: 18 - kind: ServiceAccount 19 name: contour-certgen 20 namespace: projectcontour-auth 21 --- 22 apiVersion: rbac.authorization.k8s.io/v1beta1 23 kind: Role 24 metadata: 25 name: contour-certgen 26 namespace: projectcontour-auth 27 rules: 28 - apiGroups: 29 - "" 30 resources: 31 - secrets 32 verbs: 33 - create 34 - update 35 --- 36 apiVersion: batch/v1 37 kind: Job 38 metadata: 39 name: contour-certgen-main 40 namespace: projectcontour-auth 41 spec: 42 ttlSecondsAfterFinished: 0 43 template: 44 metadata: 45 labels: 46 app: "contour-certgen" 47 spec: 48 containers: 49 - name: contour 50 image: ghcr.io/projectcontour/contour:main 51 imagePullPolicy: Always 52 command: 53 - contour 54 - certgen 55 - --kube 56 - --incluster 57 - --overwrite 58 - --secrets-format=compact 59 - --namespace=$(CONTOUR_NAMESPACE) 60 env: 61 - name: CONTOUR_NAMESPACE 62 valueFrom: 63 fieldRef: 64 fieldPath: metadata.namespace 65 restartPolicy: Never 66 serviceAccountName: contour-certgen 67 securityContext: 68 runAsNonRoot: true 69 runAsUser: 65534 70 runAsGroup: 65534 71 parallelism: 1 72 completions: 1 73 backoffLimit: 1