From a90b10a1f755ecaec0653ec2914fcb73527b9377 Mon Sep 17 00:00:00 2001
From: Kelly <kelly@cannabrands.com>
Date: Tue, 16 Dec 2025 09:49:36 -0700
Subject: [PATCH] feat(k8s): Add daily registry sync cronjob for base images

---
 k8s/registry-sync-cronjob.yaml | 53 ++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 k8s/registry-sync-cronjob.yaml

diff --git a/k8s/registry-sync-cronjob.yaml b/k8s/registry-sync-cronjob.yaml
new file mode 100644
index 00000000..d61142da
--- /dev/null
+++ b/k8s/registry-sync-cronjob.yaml
@@ -0,0 +1,53 @@
+# Daily job to sync base images from Docker Hub to local registry
+# Runs at 3 AM daily to refresh the cache before rate limits reset
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: registry-sync
+  namespace: woodpecker
+spec:
+  schedule: "0 3 * * *"  # 3 AM daily
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - name: sync
+              image: gcr.io/go-containerregistry/crane:latest
+              command:
+                - /bin/sh
+                - -c
+                - |
+                  set -e
+                  echo "=== Registry Sync: $(date) ==="
+
+                  REGISTRY="10.100.9.70:5000"
+
+                  # Base images to cache
+                  IMAGES="
+                    library/node:20-slim
+                    library/node:22-slim
+                    library/node:22
+                    library/node:22-alpine
+                    library/node:20-alpine
+                    library/alpine:latest
+                    library/nginx:alpine
+                    bitnami/kubectl:latest
+                  "
+
+                  for img in $IMAGES; do
+                    echo "Syncing docker.io/$img -> $REGISTRY/$img"
+                    crane copy "docker.io/$img" "$REGISTRY/$img" --insecure || echo "WARN: Failed $img"
+                  done
+
+                  echo "=== Sync complete ==="
+              resources:
+                limits:
+                  memory: "256Mi"
+                  cpu: "200m"
+                requests:
+                  memory: "128Mi"
+                  cpu: "100m"