Adding new cronjob for fixing certificates issues.

docker/fetch-crl/Dockerfile

@@ -0,0 +1,9 @@
+FROM registry.cern.ch/cmsweb/pypi/alma-base:alma9-20240305
+RUN dnf -y update && dnf -y install epel-release \
+    dnf -y install fetch-crl ca-certificates
+
+COPY update-crl.sh /usr/local/bin/update-crl.sh
+RUN chmod +x /usr/local/bin/update-crl.sh
+
+CMD ["update-crl.sh"]
+

docker/fetch-crl/update-crl.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Run fetch-crl to update CRLs
+/usr/sbin/fetch-crl
+
+# Copy updated CRLs to the appropriate directory
+cp /etc/grid-security/*.pem /host/etc/grid-security/
+

kubernetes/cmsweb/crons/cron-fetch-crl.yaml

@@ -0,0 +1,44 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: fetch-crl-cronjob
+  namespace: auth
+  labels:
+    jobgroup: parallel
+spec:
+  schedule: "0 0 * * *"  # Runs daily at midnight
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      parallelism: 1  # Ensures one pod runs at a time
+      completions: 1  # Ensures each job runs to completion
+      template:
+        metadata:
+          labels:
+            jobgroup: parallel
+        spec:
+          containers:
+          - name: fetch-crl
+            image: registry.cern.ch/cmsweb/fetch-crl:latest
+            imagePullPolicy: Always
+            command: ["/usr/local/bin/update-crl.sh"]
+            volumeMounts:
+            - name: etc-grid-security
+              mountPath: /host/etc/grid-security
+          restartPolicy: OnFailure
+          terminationGracePeriodSeconds: 30
+          topologySpreadConstraints:
+          - maxSkew: 1
+            topologyKey: kubernetes.io/hostname
+            whenUnsatisfiable: DoNotSchedule
+            labelSelector:
+              matchLabels:
+                jobgroup: parallel
+          volumes:
+          - name: etc-grid-security
+            hostPath:
+              path: /etc/grid-security
+              type: Directory
+  concurrencyPolicy: Allow
+