# An example Job to run a certificate check of OpenShift's internal
# certificate status from within OpenShift.
#
# The generated reports are uploaded to a location in the master
# hosts, using the playbook 'easy-mode-upload.yaml'.
#
# This example uses the openshift/openshift-ansible container image.
# (see README_CONTAINER_IMAGE.md in the top level dir for more details).
#
# The following objects are xpected to be configured before the creation
# of this Job:
#   - A ConfigMap named 'inventory' with a key named 'hosts' that
#     contains the the Ansible inventory file
#   - A Secret named 'sshkey' with a key named 'ssh-privatekey
#     that contains the ssh key to connect to the hosts
# (see examples/README.md for more details)
---
apiVersion: batch/v1
kind: Job
metadata:
  name: certificate-check
spec:
  containers:
  - name: openshift-ansible
    image: openshift/openshift-ansible
    env:
    - name: PLAYBOOK_FILE
      value: playbooks/certificate_expiry/easy-mode-upload.yaml
    - name: INVENTORY_FILE
      value: /tmp/inventory/hosts       # from configmap vol below
    - name: ANSIBLE_PRIVATE_KEY_FILE    # from secret vol below
      value: /opt/app-root/src/.ssh/id_rsa/ssh-privatekey
    - name: CERT_EXPIRY_WARN_DAYS
      value: "45"      # must be a string, don't forget the quotes
    volumeMounts:
    - name: sshkey
      mountPath: /opt/app-root/src/.ssh/id_rsa
    - name: inventory
      mountPath: /tmp/inventory
  volumes:
  - name: sshkey
    secret:
      secretName: sshkey
  - name: inventory
    configMap:
      name: inventory
  restartPolicy: Never