apiVersion: batch/v1
kind: CronJob
metadata:
  creationTimestamp: "2026-04-02T14:00:32Z"
  generation: 1
  name: keystone-cron
  namespace: openstack
  ownerReferences:
  - apiVersion: keystone.openstack.org/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: KeystoneAPI
    name: keystone
    uid: dd7afedb-8582-471b-9fd7-cddf9f140916
  resourceVersion: "45862"
  uid: 383e2a51-a293-4cf7-9e41-c016b369dbfe
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 1
  jobTemplate:
    metadata:
      annotations:
        k8s.v1.cni.cncf.io/networks: '[]'
      creationTimestamp: null
      labels:
        owner: keystone
        service: keystone
    spec:
      completions: 1
      parallelism: 1
      template:
        metadata:
          creationTimestamp: null
        spec:
          containers:
          - args:
            - -c
            - keystone-manage trust_flush
            command:
            - /bin/bash
            env:
            - name: KOLLA_CONFIG_STRATEGY
              value: COPY_ALWAYS
            image: quay.io/podified-antelope-centos9/openstack-keystone:current-podified
            imagePullPolicy: IfNotPresent
            name: keystone-cron
            resources: {}
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                - ALL
              runAsGroup: 42425
              runAsNonRoot: true
              runAsUser: 42425
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: File
            volumeMounts:
            - mountPath: /etc/keystone/keystone.conf
              name: config-data
              readOnly: true
              subPath: keystone.conf
            - mountPath: /etc/my.cnf
              name: config-data
              readOnly: true
              subPath: my.cnf
            - mountPath: /etc/keystone/fernet-keys
              name: fernet-keys
              readOnly: true
            - mountPath: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
              name: combined-ca-bundle
              readOnly: true
              subPath: tls-ca-bundle.pem
          dnsPolicy: ClusterFirst
          restartPolicy: Never
          schedulerName: default-scheduler
          securityContext:
            fsGroup: 42425
          serviceAccount: keystone-keystone
          serviceAccountName: keystone-keystone
          terminationGracePeriodSeconds: 30
          volumes:
          - name: scripts
            secret:
              defaultMode: 493
              secretName: keystone-scripts
          - name: config-data
            secret:
              defaultMode: 420
              secretName: keystone-config-data
          - name: fernet-keys
            secret:
              defaultMode: 420
              items:
              - key: FernetKeys0
                path: "0"
              - key: FernetKeys1
                path: "1"
              - key: FernetKeys2
                path: "2"
              - key: FernetKeys3
                path: "3"
              - key: FernetKeys4
                path: "4"
              secretName: keystone
          - name: credential-keys
            secret:
              defaultMode: 420
              items:
              - key: CredentialKeys0
                path: "0"
              - key: CredentialKeys1
                path: "1"
              secretName: keystone
          - name: combined-ca-bundle
            secret:
              defaultMode: 292
              secretName: combined-ca-bundle
  schedule: 1 * * * *
  successfulJobsHistoryLimit: 3
  suspend: false
status:
  lastScheduleTime: "2026-04-02T14:01:00Z"
  lastSuccessfulTime: "2026-04-02T14:01:06Z"