# An example Job to run a certificate check of OpenShift's internal # certificate status from within OpenShift. # # The generated reports are stored in a Persistent Volume using # the playbook 'html_and_json_timestamp.yaml'. # # This example uses the openshift/origin-ansible container image. # (see README_CONTAINER_IMAGE.md in the top level dir for more details). # # The following objects are expected to be configured before the creation # of this Job: # - A ConfigMap named 'inventory' with a key named 'hosts' that # contains the the Ansible inventory file # - A Secret named 'sshkey' with a key named 'ssh-privatekey # that contains the ssh key to connect to the hosts # - A PersistentVolumeClaim named 'certcheck-reports' where the # generated reports are going to be stored # (see examples/README.md for more details) --- apiVersion: batch/v1 kind: Job metadata: name: certificate-check spec: parallelism: 1 completions: 1 template: metadata: name: certificate-check spec: containers: - name: openshift-ansible image: openshift/origin-ansible env: - name: PLAYBOOK_FILE value: playbooks/certificate_expiry/html_and_json_timestamp.yaml - name: INVENTORY_FILE value: /tmp/inventory/hosts # from configmap vol below - name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey - name: CERT_EXPIRY_WARN_DAYS value: "45" # must be a string, don't forget the quotes volumeMounts: - name: sshkey mountPath: /opt/app-root/src/.ssh/id_rsa - name: inventory mountPath: /tmp/inventory - name: reports mountPath: /var/lib/certcheck volumes: - name: sshkey secret: secretName: sshkey - name: inventory configMap: name: inventory - name: reports persistentVolumeClaim: claimName: certcheck-reports restartPolicy: Never