okd/roles/openshift_certificate_expiry/README.md

OpenShift Certificate Expiration Checker

OpenShift certificate expiration checking. Be warned of certificates expiring within a configurable window of days, and notified of certificates which have already expired. Certificates examined include:

• Master/Node Service Certificates
• Router/Registry Service Certificates from etcd secrets
• Master/Node/Router/Registry/Admin kubeconfigs
• Etcd certificates

Requirements

• None

Role Variables

From this role:

Name	Default value	Description
config_base	/etc/origin	Base openshift config directory
warning_days	30	Flag certificates which will expire in this many days from now
show_all	False	Include healthy (non-expired and non-warning) certificates in results
generate_report	False	Generate an HTML report of the expiry check results
save_json_results	False	Save expiry check results as a json file
result_dir	/tmp	Directory in which to put check results and generated reports

Dependencies

• None

Example Playbook

- name: Check cert expirys
  hosts: all
  become: yes
  gather_facts: no
  roles:
  - role: openshift_certificate_expiry

License

Apache License, Version 2.0

Author Information

Tim Bielawa (tbielawa@redhat.com)