diff options
Diffstat (limited to 'examples/certificate-check-volume.yaml')
| -rw-r--r-- | examples/certificate-check-volume.yaml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/examples/certificate-check-volume.yaml b/examples/certificate-check-volume.yaml new file mode 100644 index 000000000..c19dc1f88 --- /dev/null +++ b/examples/certificate-check-volume.yaml @@ -0,0 +1,54 @@ +# An example Job to run a certificate check of OpenShift's internal +# certificate status from within OpenShift. +# +# The generated reports are stored in a Persistent Volume using +# the playbook 'html_and_json_timestamp.yaml'. +# +# This example uses the openshift/openshift-ansible container image. +# (see README_CONTAINER_IMAGE.md in the top level dir for more details). +# +# The following objects are xpected to be configured before the creation +# of this Job: +# - A ConfigMap named 'inventory' with a key named 'hosts' that +# contains the the Ansible inventory file +# - A Secret named 'sshkey' with a key named 'ssh-privatekey +# that contains the ssh key to connect to the hosts +# - A PersistentVolumeClaim named 'certcheck-reports' where the +# generated reports are going to be stored +# (see examples/README.md for more details) +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: certificate-check +spec: + containers: + - name: openshift-ansible + image: openshift/openshift-ansible + env: + - name: PLAYBOOK_FILE + value: playbooks/certificate_expiry/html_and_json_timestamp.yaml + - name: INVENTORY_FILE + value: /tmp/inventory/hosts # from configmap vol below + - name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below + value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey + - name: CERT_EXPIRY_WARN_DAYS + value: "45" # must be a string, don't forget the quotes + volumeMounts: + - name: sshkey + mountPath: /opt/app-root/src/.ssh/id_rsa + - name: inventory + mountPath: /tmp/inventory + - name: reports + mountPath: /var/lib/certcheck + volumes: + - name: sshkey + secret: + secretName: sshkey + - name: inventory + configMap: + name: inventory + - name: reports + persistentVolumeClaim: + claimName: certcheck-reports + restartPolicy: Never |