blob: f6613bcd8f17f37f9a36a6e4055c24e21b34db13 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# An example Job to run a certificate check of OpenShift's internal
# certificate status from within OpenShift.
#
# The generated reports are stored in a Persistent Volume using
# the playbook 'html_and_json_timestamp.yaml'.
#
# This example uses the openshift/openshift-ansible container image.
# (see README_CONTAINER_IMAGE.md in the top level dir for more details).
#
# The following objects are xpected to be configured before the creation
# of this Job:
# - A ConfigMap named 'inventory' with a key named 'hosts' that
# contains the the Ansible inventory file
# - A Secret named 'sshkey' with a key named 'ssh-privatekey
# that contains the ssh key to connect to the hosts
# - A PersistentVolumeClaim named 'certcheck-reports' where the
# generated reports are going to be stored
# (see examples/README.md for more details)
---
apiVersion: batch/v1
kind: Job
metadata:
name: certificate-check
spec:
parallelism: 1
completions: 1
template:
metadata:
name: certificate-check
spec:
containers:
- name: openshift-ansible
image: openshift/openshift-ansible
env:
- name: PLAYBOOK_FILE
value: playbooks/certificate_expiry/html_and_json_timestamp.yaml
- name: INVENTORY_FILE
value: /tmp/inventory/hosts # from configmap vol below
- name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below
value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
- name: CERT_EXPIRY_WARN_DAYS
value: "45" # must be a string, don't forget the quotes
volumeMounts:
- name: sshkey
mountPath: /opt/app-root/src/.ssh/id_rsa
- name: inventory
mountPath: /tmp/inventory
- name: reports
mountPath: /var/lib/certcheck
volumes:
- name: sshkey
secret:
secretName: sshkey
- name: inventory
configMap:
name: inventory
- name: reports
persistentVolumeClaim:
claimName: certcheck-reports
restartPolicy: Never
|
