apiVersion: v1 kind: Namespace metadata: name: segment-bridge --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/name: segment-bridge name: segment-bridge namespace: segment-bridge --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: segment-bridge name: segment-bridge rules: - apiGroups: - "" resourceNames: - kube-system resources: - namespaces verbs: - get - apiGroups: - "" resources: - namespaces verbs: - list - apiGroups: - appstudio.redhat.com resources: - components verbs: - list - apiGroups: - config.openshift.io resources: - clusterversions verbs: - get - list - apiGroups: - results.tekton.dev resources: - results - records verbs: - get - list - apiGroups: - konflux.konflux-ci.dev resources: - konfluxes verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: segment-bridge name: segment-bridge roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: segment-bridge subjects: - kind: ServiceAccount name: segment-bridge namespace: segment-bridge --- apiVersion: batch/v1 kind: CronJob metadata: labels: app.kubernetes.io/name: segment-bridge name: segment-bridge namespace: segment-bridge spec: concurrencyPolicy: Forbid jobTemplate: spec: template: spec: containers: - envFrom: - secretRef: name: segment-bridge-config optional: true image: quay.io/konflux-ci/segment-bridge:c032ca6189a27fccaa84c878f1896d6ff1a6ec2d8666ea95618d573dd96fb093 imagePullPolicy: IfNotPresent name: segment-bridge resources: limits: cpu: 200m memory: 256Mi requests: cpu: 50m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: tmp restartPolicy: OnFailure securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccountName: segment-bridge volumes: - emptyDir: {} name: tmp schedule: 0 * * * *