| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- # An example Job to run a certificate check of OpenShift's internal
- # certificate status from within OpenShift.
- #
- # The generated reports are stored in a Persistent Volume using
- # the playbook 'html_and_json_timestamp.yaml'.
- #
- # This example uses the openshift/origin-ansible container image.
- # (see README_CONTAINER_IMAGE.md in the top level dir for more details).
- #
- # The following objects are expected to be configured before the creation
- # of this Job:
- # - A ConfigMap named 'inventory' with a key named 'hosts' that
- # contains the the Ansible inventory file
- # - A Secret named 'sshkey' with a key named 'ssh-privatekey
- # that contains the ssh key to connect to the hosts
- # - A PersistentVolumeClaim named 'certcheck-reports' where the
- # generated reports are going to be stored
- # (see examples/README.md for more details)
- ---
- apiVersion: batch/v1
- kind: Job
- metadata:
- name: certificate-check
- spec:
- parallelism: 1
- completions: 1
- template:
- metadata:
- name: certificate-check
- spec:
- containers:
- - name: openshift-ansible
- image: docker.io/openshift/origin-ansible
- env:
- - name: PLAYBOOK_FILE
- value: playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml
- - name: INVENTORY_FILE
- value: /tmp/inventory/hosts # from configmap vol below
- - name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below
- value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
- - name: CERT_EXPIRY_WARN_DAYS
- value: "45" # must be a string, don't forget the quotes
- volumeMounts:
- - name: sshkey
- mountPath: /opt/app-root/src/.ssh/id_rsa
- - name: inventory
- mountPath: /tmp/inventory
- - name: reports
- mountPath: /var/lib/certcheck
- volumes:
- - name: sshkey
- secret:
- secretName: sshkey
- - name: inventory
- configMap:
- name: inventory
- - name: reports
- persistentVolumeClaim:
- claimName: certcheck-reports
- restartPolicy: Never
|
