diff --git a/molecule/default/asserts.yml b/molecule/default/asserts.yml index de7bd450..9a9d7aee 100644 --- a/molecule/default/asserts.yml +++ b/molecule/default/asserts.yml @@ -12,7 +12,10 @@ kind: Pod namespace: example-awx label_selectors: - - app=awx + - "app.kubernetes.io/name=example-awx" + - "app.kubernetes.io/part-of=example-awx" + - "app.kubernetes.io/managed-by=awx-operator" + - "app.kubernetes.io/component=awx" register: tower_pods - name: Verify there is one AWX pod diff --git a/molecule/test-local/converge.yml b/molecule/test-local/converge.yml index 8959ae80..58790fe0 100644 --- a/molecule/test-local/converge.yml +++ b/molecule/test-local/converge.yml @@ -110,7 +110,7 @@ kind="Deployment", api_version="apps/v1", namespace=custom_resource.metadata.namespace, - label_selector="app=awx") + label_selector="app.kubernetes.io/name=example-awx") }}' - name: get operator logs diff --git a/molecule/test-minikube/converge.yml b/molecule/test-minikube/converge.yml index fe91e4b6..2f9ec440 100644 --- a/molecule/test-minikube/converge.yml +++ b/molecule/test-minikube/converge.yml @@ -118,7 +118,7 @@ kind="Deployment", api_version="apps/v1", namespace=custom_resource.metadata.namespace, - label_selector="app=awx") + label_selector="app.kubernetes.io/name=example-awx") }}' - name: get operator logs diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 80d6fb25..a2fa5892 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: Get current version + set_fact: + tower_image_version: "{{ tower_image.split(':')[1] }}" + - name: Include secret key configuration tasks include_tasks: secret_key_configuration.yml @@ -46,7 +50,9 @@ kind: Pod namespace: '{{ meta.namespace }}' label_selectors: - - "app={{ deployment_type }}" + - "app.kubernetes.io/name={{ meta.name }}" + - "app.kubernetes.io/managed-by=awx-operator" + - "app.kubernetes.io/component=awx" register: tower_pods until: "tower_pods['resources'][0]['status']['phase'] == 'Running'" delay: 5 diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 59b5c744..766bcc56 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -13,7 +13,7 @@ kind: Pod namespace: '{{ meta.namespace }}' label_selectors: - - "app={{ meta.name }}-{{ deployment_type }}-postgres" + - "app.kubernetes.io/name={{ meta.name }}-postgres" register: postgres_pod until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'" delay: 5 diff --git a/roles/installer/templates/tower_admin_password_secret.yaml.j2 b/roles/installer/templates/tower_admin_password_secret.yaml.j2 index 16a2d518..cafa1f74 100644 --- a/roles/installer/templates/tower_admin_password_secret.yaml.j2 +++ b/roles/installer/templates/tower_admin_password_secret.yaml.j2 @@ -4,5 +4,10 @@ kind: Secret metadata: name: '{{ meta.name }}-admin-password' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx stringData: password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' diff --git a/roles/installer/templates/tower_app_credentials.yaml.j2 b/roles/installer/templates/tower_app_credentials.yaml.j2 index 50eca503..4ce00637 100644 --- a/roles/installer/templates/tower_app_credentials.yaml.j2 +++ b/roles/installer/templates/tower_app_credentials.yaml.j2 @@ -5,6 +5,11 @@ kind: Secret metadata: name: '{{ meta.name }}-app-credentials' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx data: credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" ldap_py: "{{ lookup('template', 'ldap.py.j2') | b64encode }}" diff --git a/roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 b/roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 index fcf02835..29619021 100644 --- a/roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 +++ b/roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 @@ -4,5 +4,10 @@ kind: Secret metadata: name: '{{ meta.name }}-broadcast-websocket' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx stringData: secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' diff --git a/roles/installer/templates/tower_config.yaml.j2 b/roles/installer/templates/tower_config.yaml.j2 index 628d8881..c1676949 100644 --- a/roles/installer/templates/tower_config.yaml.j2 +++ b/roles/installer/templates/tower_config.yaml.j2 @@ -6,7 +6,10 @@ metadata: name: '{{ meta.name }}-{{ deployment_type }}-configmap' namespace: '{{ meta.namespace }}' labels: - app: '{{ deployment_type }}' + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx data: environment: | AWX_SKIP_MIGRATIONS=true diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index 4166bd78..1168f62f 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -6,16 +6,26 @@ metadata: name: '{{ meta.name }}' namespace: '{{ meta.namespace }}' labels: - app: '{{ deployment_type }}' + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/version: '{{ tower_image_version }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx spec: replicas: {{ tower_replicas }} selector: matchLabels: - app: '{{ deployment_type }}' + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx template: metadata: labels: - app: '{{ deployment_type }}' + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/version: '{{ tower_image_version }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx spec: serviceAccountName: '{{ meta.name }}' {% if tower_image_pull_secret %} diff --git a/roles/installer/templates/tower_ingress.yaml.j2 b/roles/installer/templates/tower_ingress.yaml.j2 index 1f44c01e..6db8dc8a 100644 --- a/roles/installer/templates/tower_ingress.yaml.j2 +++ b/roles/installer/templates/tower_ingress.yaml.j2 @@ -5,6 +5,11 @@ kind: Ingress metadata: name: '{{ meta.name }}-ingress' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx {% if tower_ingress_annotations %} annotations: {{ tower_ingress_annotations | indent(width=4) }} @@ -33,6 +38,11 @@ kind: Route metadata: name: '{{ meta.name }}' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx spec: {% if tower_route_host != '' %} host: {{ tower_route_host }} diff --git a/roles/installer/templates/tower_postgres.yaml.j2 b/roles/installer/templates/tower_postgres.yaml.j2 index c2629861..009f7b02 100644 --- a/roles/installer/templates/tower_postgres.yaml.j2 +++ b/roles/installer/templates/tower_postgres.yaml.j2 @@ -6,11 +6,16 @@ metadata: name: '{{ meta.name }}-postgres' namespace: '{{ meta.namespace }}' labels: - app: '{{ meta.name }}-{{ deployment_type }}-postgres' + app.kubernetes.io/name: '{{ meta.name }}-postgres' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: database spec: selector: matchLabels: - app: '{{ meta.name }}-{{ deployment_type }}-postgres' + app.kubernetes.io/name: '{{ meta.name }}-postgres' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: database serviceName: '{{ meta.name }}' replicas: 1 updateStrategy: @@ -18,7 +23,10 @@ spec: template: metadata: labels: - app: '{{ meta.name }}-{{ deployment_type }}-postgres' + app.kubernetes.io/name: '{{ meta.name }}-postgres' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: database spec: containers: - image: '{{ tower_postgres_image }}' @@ -71,10 +79,15 @@ metadata: name: '{{ meta.name }}-postgres' namespace: '{{ meta.namespace }}' labels: - app: '{{ meta.name }}-{{ deployment_type }}-postgres' + app.kubernetes.io/name: '{{ meta.name }}-postgres' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: database spec: ports: - port: 5432 clusterIP: None selector: - app: '{{ meta.name }}-{{ deployment_type }}-postgres' + app.kubernetes.io/name: '{{ meta.name }}-postgres' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: database diff --git a/roles/installer/templates/tower_postgres_secret.yaml.j2 b/roles/installer/templates/tower_postgres_secret.yaml.j2 index ed4ed037..cd563162 100644 --- a/roles/installer/templates/tower_postgres_secret.yaml.j2 +++ b/roles/installer/templates/tower_postgres_secret.yaml.j2 @@ -5,6 +5,11 @@ kind: Secret metadata: name: '{{ meta.name }}-postgres-configuration' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx stringData: password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' username: '{{ database_username }}' diff --git a/roles/installer/templates/tower_secret_key.yaml.j2 b/roles/installer/templates/tower_secret_key.yaml.j2 index b8c8adcf..76c0bfad 100644 --- a/roles/installer/templates/tower_secret_key.yaml.j2 +++ b/roles/installer/templates/tower_secret_key.yaml.j2 @@ -4,5 +4,10 @@ kind: Secret metadata: name: '{{ meta.name }}-secret-key' namespace: '{{ meta.namespace }}' + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx stringData: secret_key: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' diff --git a/roles/installer/templates/tower_service.yaml.j2 b/roles/installer/templates/tower_service.yaml.j2 index c3b4c585..7e2e8a1b 100644 --- a/roles/installer/templates/tower_service.yaml.j2 +++ b/roles/installer/templates/tower_service.yaml.j2 @@ -5,7 +5,10 @@ metadata: name: '{{ meta.name }}-service' namespace: '{{ meta.namespace }}' labels: - app: '{{ deployment_type }}' + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx {% if tower_ingress_type | lower == 'loadbalancer' %} annotations: {{ tower_loadbalancer_annotations | indent(width=4) }} @@ -36,7 +39,9 @@ spec: name: http {% endif %} selector: - app: '{{ deployment_type }}' + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx {% if tower_ingress_type | lower == "loadbalancer" %} type: LoadBalancer {% elif tower_ingress_type != "none" %} diff --git a/roles/installer/templates/tower_service_account.yaml.j2 b/roles/installer/templates/tower_service_account.yaml.j2 index 00cca78d..57624fb1 100644 --- a/roles/installer/templates/tower_service_account.yaml.j2 +++ b/roles/installer/templates/tower_service_account.yaml.j2 @@ -4,7 +4,11 @@ kind: ServiceAccount metadata: name: '{{ meta.name }}' namespace: '{{ meta.namespace }}' - + labels: + app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/managed-by: awx-operator + app.kubernetes.io/component: awx --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role