forked from openshift/openshift-ansible
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathscheduled-certcheck-upload.yaml
50 lines (49 loc) · 1.61 KB
/
scheduled-certcheck-upload.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# An example CronJob to run a regular check of OpenShift's internal
# certificate status.
#
# Each job will upload new reports to a directory in the master hosts
#
# The Job specification is the same as 'certificate-check-upload.yaml'
# and the expected pre-configuration is equivalent.
# See that Job example and examples/README.md for more details.
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: certificate-check
labels:
app: certcheck
spec:
schedule: "0 0 1 * *" # every 1st day of the month at midnight
jobTemplate:
metadata:
labels:
app: certcheck
spec:
template:
spec:
containers:
- name: openshift-ansible
image: docker.io/openshift/origin-ansible
env:
- name: PLAYBOOK_FILE
value: playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml
- name: INVENTORY_FILE
value: /tmp/inventory/hosts # from configmap vol below
- name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below
value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
- name: CERT_EXPIRY_WARN_DAYS
value: "45" # must be a string, don't forget the quotes
volumeMounts:
- name: sshkey
mountPath: /opt/app-root/src/.ssh/id_rsa
- name: inventory
mountPath: /tmp/inventory
volumes:
- name: sshkey
secret:
secretName: sshkey
- name: inventory
configMap:
name: inventory
restartPolicy: Never