# An example Job to run a certificate check of OpenShift's internal
# certificate status from within OpenShift.
#
# The generated reports are uploaded to a location in the master
# hosts, using the playbook 'easy-mode-upload.yaml'.
#
# This example uses the openshift/origin-ansible container image.
# (see README_CONTAINER_IMAGE.md in the top level dir for more details).
#
# The following objects are expected to be configured before the creation
# of this Job:
#   - A ConfigMap named 'inventory' with a key named 'hosts' that
#     contains the the Ansible inventory file
#   - A Secret named 'sshkey' with a key named 'ssh-privatekey
#     that contains the ssh key to connect to the hosts
# (see examples/README.md for more details)
---
apiVersion: batch/v1
kind: Job
metadata:
  name: certificate-check
spec:
  parallelism: 1
  completions: 1
  template:
    metadata:
      name: certificate-check
    spec:
      containers:
      - name: openshift-ansible
        image: openshift/origin-ansible
        env:
        - name: PLAYBOOK_FILE
          value: playbooks/certificate_expiry/easy-mode-upload.yaml
        - name: INVENTORY_FILE
          value: /tmp/inventory/hosts       # from configmap vol below
        - name: ANSIBLE_PRIVATE_KEY_FILE    # from secret vol below
          value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
        - name: CERT_EXPIRY_WARN_DAYS
          value: "45"      # must be a string, don't forget the quotes
        volumeMounts:
        - name: sshkey
          mountPath: /opt/app-root/src/.ssh/id_rsa
        - name: inventory
          mountPath: /tmp/inventory
      volumes:
      - name: sshkey
        secret:
          secretName: sshkey
      - name: inventory
        configMap:
          name: inventory
      restartPolicy: Never