diff options
| author | Pep TurrĂ³ Mauri <pep@redhat.com> | 2017-03-23 17:31:20 +0100 |
|---|---|---|
| committer | Pep TurrĂ³ Mauri <pep@redhat.com> | 2017-04-06 17:58:06 +0200 |
| commit | 9dbc6d42ec99f902a9cef786009cee4953bbbde4 (patch) | |
| tree | 19c4730022b529b4476786c6e75df322c7ef96f9 /examples/scheduled-certcheck-volume.yaml | |
| parent | 0bac74c346bb5c620bdf1941b40c29ff3083e2b0 (diff) | |
| download | openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.tar.gz openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.tar.bz2 openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.tar.xz openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.zip | |
Add example scheduled certificate check
Additional certificate expiration check playbooks:
- one that that uploads the generated reports to a location in the masters
- one that uses custom report paths with timestamps
OpenShift Job and ScheduledJob examples that use these playbooks
run from a container to check cluster certificates from within
the cluster itself.
Diffstat (limited to 'examples/scheduled-certcheck-volume.yaml')
| -rw-r--r-- | examples/scheduled-certcheck-volume.yaml | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/examples/scheduled-certcheck-volume.yaml b/examples/scheduled-certcheck-volume.yaml new file mode 100644 index 000000000..74cdc9e7f --- /dev/null +++ b/examples/scheduled-certcheck-volume.yaml @@ -0,0 +1,58 @@ +# An example ScheduledJob to run a regular check of OpenShift's internal +# certificate status. +# +# Each job will add a new pair of reports to the configured Persistent Volume +# +# The Job specification is the same as 'certificate-check-volume.yaml' +# and the expected pre-configuration is equivalent. +# See that Job example and examples/README.md for more details. +# +# NOTE: ScheduledJob has been renamed to CronJob in upstream k8s recently. At +# some point (OpenShift 3.6+) this will have to be renamed to "kind: CronJob" +# and once the API stabilizes the apiVersion will have to be updated too. +--- +apiVersion: batch/v2alpha1 +kind: ScheduledJob +metadata: + name: certificate-check + labels: + app: certcheck +spec: + schedule: "0 0 1 * *" # every 1st day of the month at midnight + jobTemplate: + metadata: + labels: + app: certcheck + spec: + template: + spec: + containers: + - name: openshift-ansible + image: openshift/openshift-ansible + env: + - name: PLAYBOOK_FILE + value: playbooks/certificate_expiry/html_and_json_timestamp.yaml + - name: INVENTORY_FILE + value: /tmp/inventory/hosts # from configmap vol below + - name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below + value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey + - name: CERT_EXPIRY_WARN_DAYS + value: "45" # must be a string, don't forget the quotes + volumeMounts: + - name: sshkey + mountPath: /opt/app-root/src/.ssh/id_rsa + - name: inventory + mountPath: /tmp/inventory + - name: reports + mountPath: /var/lib/certcheck + volumes: + - name: sshkey + secret: + secretName: sshkey + - name: inventory + configMap: + name: inventory + - name: reports + persistentVolumeClaim: + claimName: certcheck-reports + restartPolicy: Never |