summaryrefslogtreecommitdiffstats
path: root/examples/scheduled-certcheck-volume.yaml
blob: 2f26e88092f10f2d6dc84138fc726d479c18edc4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# An example ScheduledJob to run a regular check of OpenShift's internal
# certificate status.
#
# Each job will add a new pair of reports to the configured Persistent Volume
#
# The Job specification is the same as 'certificate-check-volume.yaml'
# and the expected pre-configuration is equivalent.
# See that Job example and examples/README.md for more details.
#
# NOTE: ScheduledJob has been renamed to CronJob in upstream k8s recently. At
# some point (OpenShift 3.6+) this will have to be renamed to "kind: CronJob"
# and once the API stabilizes the apiVersion will have to be updated too.
---
apiVersion: batch/v2alpha1
kind: ScheduledJob
metadata:
  name: certificate-check
  labels:
    app: certcheck
spec:
  schedule: "0 0 1 * *"      # every 1st day of the month at midnight
  jobTemplate:
    metadata:
      labels:
        app: certcheck
    spec:
      template:
        spec:
          containers:
          - name: openshift-ansible
            image: openshift/origin-ansible
            env:
            - name: PLAYBOOK_FILE
              value: playbooks/certificate_expiry/html_and_json_timestamp.yaml
            - name: INVENTORY_FILE
              value: /tmp/inventory/hosts       # from configmap vol below
            - name: ANSIBLE_PRIVATE_KEY_FILE    # from secret vol below
              value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
            - name: CERT_EXPIRY_WARN_DAYS
              value: "45"      # must be a string, don't forget the quotes
            volumeMounts:
            - name: sshkey
              mountPath: /opt/app-root/src/.ssh/id_rsa
            - name: inventory
              mountPath: /tmp/inventory
            - name: reports
              mountPath: /var/lib/certcheck
          volumes:
          - name: sshkey
            secret:
              secretName: sshkey
          - name: inventory
            configMap:
              name: inventory
          - name: reports
            persistentVolumeClaim:
              claimName: certcheck-reports
          restartPolicy: Never