| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- # An example CronJob to run a regular check of OpenShift's internal
- # certificate status.
- #
- # Each job will add a new pair of reports to the configured Persistent Volume
- #
- # The Job specification is the same as 'certificate-check-volume.yaml'
- # and the expected pre-configuration is equivalent.
- # See that Job example and examples/README.md for more details.
- ---
- apiVersion: batch/v1beta1
- kind: CronJob
- metadata:
- name: certificate-check
- labels:
- app: certcheck
- spec:
- schedule: "0 0 1 * *" # every 1st day of the month at midnight
- jobTemplate:
- metadata:
- labels:
- app: certcheck
- spec:
- template:
- spec:
- containers:
- - name: openshift-ansible
- image: docker.io/openshift/origin-ansible
- env:
- - name: PLAYBOOK_FILE
- value: playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml
- - name: INVENTORY_FILE
- value: /tmp/inventory/hosts # from configmap vol below
- - name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below
- value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
- - name: CERT_EXPIRY_WARN_DAYS
- value: "45" # must be a string, don't forget the quotes
- volumeMounts:
- - name: sshkey
- mountPath: /opt/app-root/src/.ssh/id_rsa
- - name: inventory
- mountPath: /tmp/inventory
- - name: reports
- mountPath: /var/lib/certcheck
- volumes:
- - name: sshkey
- secret:
- secretName: sshkey
- - name: inventory
- configMap:
- name: inventory
- - name: reports
- persistentVolumeClaim:
- claimName: certcheck-reports
- restartPolicy: Never
|
