apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubectl-rolloutrestart
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubectl-rolloutrestart
  namespace: default
rules:
  - apiGroups: ["apps", "extensions"]
    resources: ["deployments"]
#    verbs: ["get", "patch", "list", "watch"]
    verbs: ["get", "list", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubectl-rolloutrestart
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubectl-rolloutrestart
subjects:
  - kind: ServiceAccount
    name: kubectl-rolloutrestart
    namespace: default
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: kubectl-rolloutrestart
  namespace: default
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 1
  successfulJobsHistoryLimit: 1
  schedule: '30 2 * * *'
  jobTemplate:
    spec:
      backoffLimit: 2
      activeDeadlineSeconds: 600
      template:
        spec:
          serviceAccountName: kubectl-rolloutrestart
          restartPolicy: Never
          containers:
            - name: kubectl
              image: registry.spamasaurus.com/proxy/bitnami/kubectl
              command:
                - 'bash'
                - '-c'
                - 'for deploy in `kubectl get deployments | cut -d " " -f 1`; do kubectl rollout restart deployment $deploy; done'