# An example ScheduledJob to run a regular check of OpenShift's internal # certificate status. # # Each job will add a new pair of reports to the configured Persistent Volume # # The Job specification is the same as 'certificate-check-volume.yaml' # and the expected pre-configuration is equivalent. # See that Job example and examples/README.md for more details. # # NOTE: ScheduledJob has been renamed to CronJob in upstream k8s recently. At # some point (OpenShift 3.6+) this will have to be renamed to "kind: CronJob" # and once the API stabilizes the apiVersion will have to be updated too. --- apiVersion: batch/v2alpha1 kind: ScheduledJob metadata: name: certificate-check labels: app: certcheck spec: schedule: "0 0 1 * *" # every 1st day of the month at midnight jobTemplate: metadata: labels: app: certcheck spec: template: spec: containers: - name: openshift-ansible image: openshift/origin-ansible env: - name: PLAYBOOK_FILE value: playbooks/certificate_expiry/html_and_json_timestamp.yaml - name: INVENTORY_FILE value: /tmp/inventory/hosts # from configmap vol below - name: ANSIBLE_PRIVATE_KEY_FILE # from secret vol below value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey - name: CERT_EXPIRY_WARN_DAYS value: "45" # must be a string, don't forget the quotes volumeMounts: - name: sshkey mountPath: /opt/app-root/src/.ssh/id_rsa - name: inventory mountPath: /tmp/inventory - name: reports mountPath: /var/lib/certcheck volumes: - name: sshkey secret: secretName: sshkey - name: inventory configMap: name: inventory - name: reports persistentVolumeClaim: claimName: certcheck-reports restartPolicy: Never