apiVersion: batch/v1 kind: Job metadata: annotations: batch.kubernetes.io/cronjob-scheduled-timestamp: "2026-05-01T00:00:00Z" creationTimestamp: "2026-05-01T00:00:00Z" generation: 1 labels: application: keystone component: credential-rotate release_group: keystone name: keystone-credential-rotate-29626560 namespace: openstack ownerReferences: - apiVersion: batch/v1 blockOwnerDeletion: true controller: true kind: CronJob name: keystone-credential-rotate uid: a067ff0c-87e8-4865-8e6e-435dd0b817fc resourceVersion: "36560" uid: 726c734f-5af7-4455-9c41-ad0a6595e59e spec: backoffLimit: 6 completionMode: NonIndexed completions: 1 parallelism: 1 selector: matchLabels: batch.kubernetes.io/controller-uid: 726c734f-5af7-4455-9c41-ad0a6595e59e suspend: false template: metadata: creationTimestamp: null labels: application: keystone batch.kubernetes.io/controller-uid: 726c734f-5af7-4455-9c41-ad0a6595e59e batch.kubernetes.io/job-name: keystone-credential-rotate-29626560 component: credential-rotate controller-uid: 726c734f-5af7-4455-9c41-ad0a6595e59e job-name: keystone-credential-rotate-29626560 release_group: keystone spec: containers: - command: - python - /tmp/fernet-manage.py - credential_rotate env: - name: KEYSTONE_USER value: keystone - name: KEYSTONE_GROUP value: keystone - name: KUBERNETES_NAMESPACE value: openstack - name: KEYSTONE_KEYS_REPOSITORY value: /etc/keystone/credential-keys/ - name: KEYSTONE_CREDENTIAL_MIGRATE_WAIT value: "120" image: harbor.atmosphere.dev/ghcr.io/vexxhost/keystone:main@sha256:0a1e49e91f269136ee4d47e10a5048d7c835837bf846c94de8b08dfbd8040055 imagePullPolicy: IfNotPresent name: keystone-credential-rotate resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: pod-tmp - mountPath: /etc/keystone name: etckeystone - mountPath: /etc/keystone/keystone.conf name: keystone-etc readOnly: true subPath: keystone.conf - mountPath: /tmp/fernet-manage.py name: keystone-bin readOnly: true subPath: fernet-manage.py dnsPolicy: ClusterFirst initContainers: - command: - kubernetes-entrypoint env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INTERFACE_NAME value: eth0 - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ - name: DEPENDENCY_SERVICE - name: DEPENDENCY_JOBS value: keystone-credential-setup - name: DEPENDENCY_DAEMONSET - name: DEPENDENCY_CONTAINER - name: DEPENDENCY_POD_JSON - name: DEPENDENCY_CUSTOM_RESOURCE image: harbor.atmosphere.dev/ghcr.io/vexxhost/kubernetes-entrypoint:edge@sha256:8921b64b87af184a1421dd856b2703bcf3cff9f50863cd0d18371cf964a87bd3 imagePullPolicy: IfNotPresent name: init resources: {} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 65534 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File nodeSelector: openstack-control-plane: enabled restartPolicy: OnFailure schedulerName: default-scheduler securityContext: {} serviceAccount: keystone-credential-rotate serviceAccountName: keystone-credential-rotate terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: pod-tmp - emptyDir: {} name: etckeystone - name: keystone-etc secret: defaultMode: 292 secretName: keystone-etc - configMap: defaultMode: 365 name: keystone-bin name: keystone-bin status: completionTime: "2026-05-01T00:02:26Z" conditions: - lastProbeTime: "2026-05-01T00:02:26Z" lastTransitionTime: "2026-05-01T00:02:26Z" status: "True" type: Complete ready: 0 startTime: "2026-05-01T00:00:00Z" succeeded: 1 uncountedTerminatedPods: {}