apiVersion: v1
kind: ServiceAccount
metadata:
  name: crontab-sa
  namespace: kube-public
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: crontab-role
  namespace: kube-public
rules:
- apiGroups: [""]
  resources: ["pods", "deployments"]
  verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["get", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: crontab-role-binding
  namespace: kube-public
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: crontab-role
subjects:
- kind: ServiceAccount
  name: crontab-sa
  namespace: kube-public
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: nextcloud-cron
  namespace: kube-public
spec:
  schedule: "*/5 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: crontab-sa
          containers:
          - name: nextcloud-cron
            image: harbor.uenpay.com/base/kubectl
            #image: bitnami/kubectl
            command: ["/bin/sh", "-c"]
            args:
            - kubectl -n kube-public exec  nextcloud-0 -- su -p www-data -s /bin/sh -c "/usr/local/bin/php -f /var/www/html/cron.php"
          restartPolicy: OnFailure