apiVersion: batch/v1 kind: CronJob metadata: name: tls-sync namespace: {{ .Release.Namespace }} spec: schedule: {{ .Values.tlsSync.schedule | quote }} concurrencyPolicy: {{ .Values.tlsSync.concurrencyPolicy }} successfulJobsHistoryLimit: {{ .Values.tlsSync.successfulJobsHistoryLimit }} failedJobsHistoryLimit: {{ .Values.tlsSync.failedJobsHistoryLimit }} jobTemplate: spec: activeDeadlineSeconds: {{ .Values.tlsSync.jobTimeout }} backoffLimit: 2 template: metadata: labels: app: tls-sync spec: serviceAccountName: tls-sync restartPolicy: OnFailure containers: - name: sync image: {{ .Values.tlsSync.image.repository }}:{{ .Values.tlsSync.image.tag }} imagePullPolicy: {{ .Values.tlsSync.image.pullPolicy }} command: - /bin/bash - -c - | # Installer jq si nécessaire (l'image bitnami/kubectl ne contient pas jq) if ! command -v jq &> /dev/null; then echo "Installation de jq..." apk add --no-cache jq 2>/dev/null || \ (apt-get update && apt-get install -y jq 2>/dev/null) || \ (yum install -y jq 2>/dev/null) || \ (echo "⚠️ Impossible d'installer jq" && exit 1) fi # Exécuter le script de synchronisation /scripts/sync-all-certificates.sh env: - name: SOURCE_NS value: {{ .Values.tlsSync.sourceNamespace | quote }} volumeMounts: - name: sync-script mountPath: /scripts readOnly: true - name: kubeconfig mountPath: /root/.kube readOnly: true resources: {{- toYaml .Values.tlsSync.resources | nindent 14 }} volumes: - name: sync-script configMap: name: tls-sync-script defaultMode: 0755 - name: kubeconfig secret: secretName: tls-sync-kubeconfig optional: true