apiVersion: batch/v1
kind: CronJob
metadata:
  name: generate-secrets
  namespace: {{ .Release.Namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "3" # TODO init and unseal in previous waves for production usage
spec:
  schedule: '*/5 * * * *'
  jobTemplate:
    spec:
      backoffLimit: 3
      template:
        spec:
          restartPolicy: Never
          containers:
            - name: apply
              image: golang:1.17-alpine
              env:
                - name: VAULT_ADDR
                  value: http://vault:8200
                - name: VAULT_TOKEN
                  valueFrom:
                    secretKeyRef:
                      name: vault-unseal-keys
                      key: vault-root
              workingDir: /go/src/generate-secrets
              command:
                - sh
                - -c
              args:
                - |
                  go get .
                  go run .
              volumeMounts:
                - name: source
                  mountPath: /go/src/generate-secrets
          volumes:
            - name: source
              configMap:
                name: generate-secrets-source