apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubectl-rolloutrestart
  namespace: pvr
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubectl-rolloutrestart
  namespace: pvr
rules:
  - apiGroups: ["apps", "extensions"]
    resources: ["deployments", "statefulsets"]
    verbs: ["get", "list", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubectl-rolloutrestart-pvr
  namespace: pvr
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubectl-rolloutrestart
subjects:
  - kind: ServiceAccount
    name: kubectl-rolloutrestart
    namespace: pvr
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: kubectl-rolloutrestart
  namespace: pvr
spec:
  concurrencyPolicy: Forbid
  failedJobsHistoryLimit: 1
  successfulJobsHistoryLimit: 1
  schedule: '30 2 * * *'
  jobTemplate:
    spec:
      backoffLimit: 2
      activeDeadlineSeconds: 600
      template:
        spec:
          serviceAccountName: kubectl-rolloutrestart
          restartPolicy: Never
          containers:
            - name: kubectl
              image: bitnami/kubectl
              command:
                - '/bin/bash'
                - '-c'
              args:
                - for workload in `kubectl get deployments -n pvr --no-headers | cut -d " " -f 1`; do kubectl rollout restart deployment -n pvr $workload; done;
                  for workload in `kubectl get statefulsets -n pvr --no-headers | cut -d " " -f 1`; do kubectl rollout restart statefulsets -n pvr $workload; done;