diff --git a/.gitignore b/.gitignore index 017602a9..493c6418 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *~ .cache/ +/bin diff --git a/build/Dockerfile b/Dockerfile similarity index 64% rename from build/Dockerfile rename to Dockerfile index 71fe5210..af52815f 100644 --- a/build/Dockerfile +++ b/Dockerfile @@ -1,11 +1,9 @@ -FROM quay.io/operator-framework/ansible-operator:v0.19.4 +FROM quay.io/operator-framework/ansible-operator:v1.12.0 -# Install Ansible requirements. COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ && chmod -R ug+rwx ${HOME}/.ansible COPY watches.yaml ${HOME}/watches.yaml - -COPY main.yml ${HOME}/main.yml COPY roles/ ${HOME}/roles/ +COPY playbooks/ ${HOME}/playbooks/ diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..b540a44e --- /dev/null +++ b/Makefile @@ -0,0 +1,173 @@ +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 0.14.0 + +# CHANNELS define the bundle channels used in the bundle. +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") +# To re-generate a bundle for other specific channels without changing the standard setup, you can: +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif + +# DEFAULT_CHANNEL defines the default channel used in the bundle. +# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") +# To re-generate a bundle for any other default channel without changing the default setup, you can: +# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) +# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. +# This variable is used to construct full image tags for bundle and catalog images. +# +# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both +# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator + +# BUNDLE_IMG defines the image:tag used for the bundle. +# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) + +# Image URL to use all building/pushing image targets +IMG ?= $(IMAGE_TAG_BASE):$(VERSION) + +all: docker-build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build + +run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config + ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run + +docker-build: ## Build docker image with the manager. + docker build -t ${IMG} . + +docker-push: ## Push docker image with the manager. + docker push ${IMG} + +##@ Deployment + +install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/default | kubectl delete -f - + +OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/') + +.PHONY: kustomize +KUSTOMIZE = $(shell pwd)/bin/kustomize +kustomize: ## Download kustomize locally if necessary. +ifeq (,$(wildcard $(KUSTOMIZE))) +ifeq (,$(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUSTOMIZE)) ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ ;\ + } +else +KUSTOMIZE = $(shell which kustomize) +endif +endif + +.PHONY: ansible-operator +ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator +ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. +ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) +ifeq (,$(shell which ansible-operator 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\ + chmod +x $(ANSIBLE_OPERATOR) ;\ + } +else +ANSIBLE_OPERATOR = $(shell which ansible-operator) +endif +endif + +.PHONY: bundle +bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files. + operator-sdk generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + operator-sdk bundle validate ./bundle + +.PHONY: bundle-build +bundle-build: ## Build the bundle image. + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +.PHONY: bundle-push +bundle-push: ## Push the bundle image. + $(MAKE) docker-push IMG=$(BUNDLE_IMG) + +.PHONY: opm +OPM = ./bin/opm +opm: ## Download opm locally if necessary. +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ + chmod +x $(OPM) ;\ + } +else +OPM = $(shell which opm) +endif +endif + +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). +# These images MUST exist in a registry and be pull-able. +BUNDLE_IMGS ?= $(BUNDLE_IMG) + +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) + +# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. +ifneq ($(origin CATALOG_BASE_IMG), undefined) +FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) +endif + +# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. +# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: +# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator +.PHONY: catalog-build +catalog-build: opm ## Build a catalog image. + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) + +# Push the catalog image. +.PHONY: catalog-push +catalog-push: ## Push a catalog image. + $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/PROJECT b/PROJECT new file mode 100644 index 00000000..1407704d --- /dev/null +++ b/PROJECT @@ -0,0 +1,16 @@ +domain: ansible.com +layout: +- ansible.sdk.operatorframework.io/v1 +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} +projectName: awx-operator +resources: +- api: + crdVersion: v1 + namespaced: true + domain: ansible.com + group: awx + kind: AWX + version: v1beta1 +version: "3" diff --git a/build/test-framework/Dockerfile b/build/test-framework/Dockerfile deleted file mode 100644 index 9738dc97..00000000 --- a/build/test-framework/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -ARG BASEIMAGE -FROM ${BASEIMAGE} -USER 0 - -RUN yum install -y python-devel gcc libffi-devel -RUN pip install molecule==3.0.6 jmespath - -ARG NAMESPACEDMAN -ADD $NAMESPACEDMAN /namespaced.yaml -ADD build/test-framework/ansible-test.sh /ansible-test.sh -RUN chmod +x /ansible-test.sh -USER 1001 -ADD . /opt/ansible/project diff --git a/build/test-framework/ansible-test.sh b/build/test-framework/ansible-test.sh deleted file mode 100644 index e562ec5b..00000000 --- a/build/test-framework/ansible-test.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -export WATCH_NAMESPACE=${TEST_NAMESPACE} -(/usr/local/bin/entrypoint)& -trap "kill $!" SIGINT SIGTERM EXIT - -cd ${HOME}/project -exec molecule test -s test-minikube diff --git a/bundle.Dockerfile b/bundle.Dockerfile deleted file mode 100644 index f78084ba..00000000 --- a/bundle.Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM scratch - -LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 -LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ -LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ -LABEL operators.operatorframework.io.bundle.package.v1=awx-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha -LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4 -LABEL operators.operatorframework.io.metrics.project_layout=ansible - -COPY deploy/olm-catalog/awx-operator/manifests /manifests/ -COPY deploy/olm-catalog/awx-operator/metadata /metadata/ diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml similarity index 100% rename from deploy/crds/awx_v1beta1_crd.yaml rename to config/crd/bases/awx.ansible.com_awxs.yaml diff --git a/deploy/crds/awxbackup_v1beta1_crd.yaml b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml similarity index 100% rename from deploy/crds/awxbackup_v1beta1_crd.yaml rename to config/crd/bases/awxbackup.ansible.com_awxbackups.yaml diff --git a/deploy/crds/awxrestore_v1beta1_crd.yaml b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml similarity index 100% rename from deploy/crds/awxrestore_v1beta1_crd.yaml rename to config/crd/bases/awxrestore.ansible.com_awxrestores.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 00000000..915ffe4a --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,8 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/awx.ansible.com_awxs.yaml +- bases/awxbackup.ansible.com_awxbackups.yaml +- bases/awxrestore.ansible.com_awxrestores.yaml +#+kubebuilder:scaffold:crdkustomizeresource diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 00000000..f5755b16 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,30 @@ +# Adds namespace to all resources. +namespace: awx-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: awx-operator- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml + +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 00000000..81354ddc --- /dev/null +++ b/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,28 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + protocol: TCP + name: https + - name: manager + args: + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--leader-election-id=awx-operator" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml new file mode 100644 index 00000000..6c400155 --- /dev/null +++ b/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml new file mode 100644 index 00000000..a36c5de2 --- /dev/null +++ b/config/manager/controller_manager_config.yaml @@ -0,0 +1,10 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1beta1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :6789 +metrics: + bindAddress: 127.0.0.1:8080 + +leaderElection: + leaderElect: true + resourceName: 811c9dc5.ansible.com diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 00000000..f1d239a4 --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_manager_config.yaml + name: manager-config +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: quay.io/shanemcd/awx-operator + newTag: 0.0.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml new file mode 100644 index 00000000..3cb7cd95 --- /dev/null +++ b/config/manager/manager.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + securityContext: + runAsNonRoot: true + containers: + - args: + - --leader-elect + - --leader-election-id=awx-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml new file mode 100644 index 00000000..1de383a4 --- /dev/null +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -0,0 +1,40 @@ +apiVersion: operators.coreos.com/v1beta1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Basic Install + name: awx-operator.v0.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: {} + description: An operator for the AWX Project + displayName: AWX + icon: + - base64data: "" + mediatype: "" + install: + spec: + deployments: null + strategy: "" + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - automation + - ansible + links: + - name: Awx Operator + url: https://awx-operator.domain + maturity: alpha + provider: + name: Ansible + url: github.com/ansible/awx-operator + version: 0.0.0 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml new file mode 100644 index 00000000..b484d72d --- /dev/null +++ b/config/manifests/kustomization.yaml @@ -0,0 +1,7 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/awx-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml new file mode 100644 index 00000000..ed137168 --- /dev/null +++ b/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml new file mode 100644 index 00000000..d19136ae --- /dev/null +++ b/config/prometheus/monitor.yaml @@ -0,0 +1,20 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 00000000..51a75db4 --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml new file mode 100644 index 00000000..80e1857c --- /dev/null +++ b/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 00000000..ec7acc0a --- /dev/null +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml new file mode 100644 index 00000000..71f17972 --- /dev/null +++ b/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/config/rbac/awx_editor_role.yaml b/config/rbac/awx_editor_role.yaml new file mode 100644 index 00000000..908ba1f2 --- /dev/null +++ b/config/rbac/awx_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit awxs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awx-editor-role +rules: +- apiGroups: + - awx.ansible.com + resources: + - awxs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - awx.ansible.com + resources: + - awxs/status + verbs: + - get diff --git a/config/rbac/awx_viewer_role.yaml b/config/rbac/awx_viewer_role.yaml new file mode 100644 index 00000000..925b5175 --- /dev/null +++ b/config/rbac/awx_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view awxs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awx-viewer-role +rules: +- apiGroups: + - awx.ansible.com + resources: + - awxs + verbs: + - get + - list + - watch +- apiGroups: + - awx.ansible.com + resources: + - awxs/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 00000000..731832a6 --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,18 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml new file mode 100644 index 00000000..4190ec80 --- /dev/null +++ b/config/rbac/leader_election_role.yaml @@ -0,0 +1,37 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 00000000..1d1321ed --- /dev/null +++ b/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 00000000..d3e57ac7 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: manager-role +rules: + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - create + - delete + - patch + - update + - watch + - apiGroups: + - "" + - "rbac.authorization.k8s.io" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - roles + - rolebindings + verbs: + - get + - list + - create + - delete + - patch + - update + - watch + - apiGroups: + - apps + - networking.k8s.io + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + - ingresses + verbs: + - get + - list + - create + - delete + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + - statefulsets/scale + verbs: + - patch + - apiGroups: + - "" + resources: + - pods/exec + - pods/attach + - pods/log # log & attach rules needed to be able to grant them to AWX service account + verbs: + - create + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - create + - apiGroups: + - awx.ansible.com + resources: + - '*' + - awxbackups + - awxrestores + verbs: + - '*' diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml new file mode 100644 index 00000000..5e11a2f3 --- /dev/null +++ b/config/rbac/role_binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 00000000..7cd6025b --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/config/samples/awx_v1alpha1_awx.yaml b/config/samples/awx_v1alpha1_awx.yaml new file mode 100644 index 00000000..903182b9 --- /dev/null +++ b/config/samples/awx_v1alpha1_awx.yaml @@ -0,0 +1,7 @@ +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: awx-sample +spec: + # Add fields here + foo: bar diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 00000000..3df795eb --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,4 @@ +## Append samples you want in your CSV to this file as resources ## +resources: +- awx_v1beta1_awx.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml new file mode 100644 index 00000000..c7704784 --- /dev/null +++ b/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml new file mode 100644 index 00000000..50cd2d08 --- /dev/null +++ b/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +#+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml new file mode 100644 index 00000000..c04db317 --- /dev/null +++ b/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: basic + test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml new file mode 100644 index 00000000..122f7031 --- /dev/null +++ b/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/config/testing/debug_logs_patch.yaml b/config/testing/debug_logs_patch.yaml new file mode 100644 index 00000000..3fb3d559 --- /dev/null +++ b/config/testing/debug_logs_patch.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/config/testing/kustomization.yaml b/config/testing/kustomization.yaml new file mode 100644 index 00000000..41091623 --- /dev/null +++ b/config/testing/kustomization.yaml @@ -0,0 +1,23 @@ +# Adds namespace to all resources. +namespace: osdk-test + +namePrefix: osdk- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +patchesStrategicMerge: +- manager_image.yaml +- debug_logs_patch.yaml +- ../default/manager_auth_proxy_patch.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager +images: +- name: testing + newName: testing-operator diff --git a/config/testing/manager_image.yaml b/config/testing/manager_image.yaml new file mode 100644 index 00000000..e44f542d --- /dev/null +++ b/config/testing/manager_image.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + image: testing diff --git a/config/testing/pull_policy/Always.yaml b/config/testing/pull_policy/Always.yaml new file mode 100644 index 00000000..6b0a8e2a --- /dev/null +++ b/config/testing/pull_policy/Always.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/config/testing/pull_policy/IfNotPresent.yaml b/config/testing/pull_policy/IfNotPresent.yaml new file mode 100644 index 00000000..2f52f496 --- /dev/null +++ b/config/testing/pull_policy/IfNotPresent.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent diff --git a/config/testing/pull_policy/Never.yaml b/config/testing/pull_policy/Never.yaml new file mode 100644 index 00000000..86f13d81 --- /dev/null +++ b/config/testing/pull_policy/Never.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Never diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml deleted file mode 100644 index c56cd8b3..00000000 --- a/deploy/awx-operator.yaml +++ /dev/null @@ -1,786 +0,0 @@ -# This file is generated by Ansible. Changes will be lost. -# Update templates under ansible/templates/ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Schema validation for the AWX CRD - properties: - spec: - properties: - deployment_type: - description: Name of the deployment type - type: string - kind: - description: Kind of the deployment type - type: string - api_version: - description: apiVersion of the deployment type - type: string - task_privileged: - description: If a privileged security context should be enabled - type: boolean - default: false - admin_user: - description: Username to use for the admin account - type: string - default: admin - hostname: - description: The hostname of the instance - type: string - admin_email: - description: The admin user email - type: string - admin_password_secret: - description: Secret where the admin password can be found - type: string - postgres_configuration_secret: - description: Secret where the database configuration can be found - type: string - old_postgres_configuration_secret: - description: Secret where the old database configuration can be found for data migration - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for data migration - type: string - secret_key_secret: - description: Secret where the secret key can be found - type: string - broadcast_websocket_secret: - description: Secret where the broadcast websocket secret can be found - type: string - extra_volumes: - description: Specify extra volumes to add to the application pod - type: string - service_type: - description: The service type to be used on the deployed instance - type: string - enum: - - LoadBalancer - - loadbalancer - - ClusterIP - - clusterip - - NodePort - - nodeport - ingress_type: - description: The ingress type to use to reach the deployed instance - type: string - enum: - - none - - Ingress - - ingress - - Route - - route - ingress_path: - description: The ingress path used to reach the deployed service - type: string - ingress_annotations: - description: Annotations to add to the Ingress Controller - type: string - ingress_tls_secret: - description: Secret where the Ingress TLS secret can be found - type: string - loadbalancer_annotations: - description: Annotations to add to the loadbalancer - type: string - loadbalancer_protocol: - description: Protocol to use for the loadbalancer - type: string - default: http - enum: - - http - - https - loadbalancer_port: - description: Port to use for the loadbalancer - type: integer - default: 80 - route_host: - description: The DNS to use to points to the instance - type: string - route_tls_termination_mechanism: - description: The secure TLS termination mechanism to use - type: string - default: Edge - enum: - - Edge - - edge - - Passthrough - - passthrough - route_tls_secret: - description: Secret where the TLS related credentials are stored - type: string - nodeport_port: - description: Port to use for the nodeport - type: integer - default: 30080 - node_selector: - description: nodeSelector for the pods - type: string - service_labels: - description: Additional labels to apply to the service - type: string - tolerations: - description: node tolerations for the pods - type: string - image: - description: Registry path to the application container to use - type: string - image_version: - description: Application container image version to use - type: string - ee_images: - description: Registry path to the Execution Environment container to use - type: array - items: - type: object - properties: - name: - type: string - image: - type: string - control_plane_ee_image: - description: Registry path to the Execution Environment container image to use on control plane pods - type: string - ee_pull_credentials_secret: - description: Secret where pull credentials for registered ees can be found - type: string - image_pull_policy: - description: The image pull policy - type: string - default: IfNotPresent - enum: - - Always - - always - - Never - - never - - IfNotPresent - - ifnotpresent - image_pull_secret: - description: The image pull secret - type: string - task_resource_requirements: - description: Resource requirements for the task container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - web_resource_requirements: - description: Resource requirements for the web container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - ee_resource_requirements: - description: Resource requirements for the ee container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - service_account_annotations: - description: ServiceAccount annotations - type: string - replicas: - description: Number of instance replicas - type: integer - default: 1 - format: int32 - garbage_collect_secrets: - description: Whether or not to remove secrets upon instance removal - default: false - type: boolean - create_preload_data: - description: Whether or not to preload data upon instance creation - default: true - type: boolean - task_args: - type: array - items: - type: string - task_command: - type: array - items: - type: string - web_args: - type: array - items: - type: string - web_command: - type: array - items: - type: string - task_extra_env: - type: string - web_extra_env: - type: string - ee_extra_env: - type: string - ee_extra_volume_mounts: - description: Specify volume mounts to be added to Execution container - type: string - task_extra_volume_mounts: - description: Specify volume mounts to be added to Task container - type: string - web_extra_volume_mounts: - description: Specify volume mounts to be added to the Web container - type: string - redis_image: - description: Registry path to the redis container to use - type: string - redis_image_version: - description: Redis container image version to use - type: string - init_container_image: - description: Registry path to the init container to use - type: string - init_container_image_version: - description: Init container image version to use - type: string - init_container_extra_commands: - description: Extra commands for the init container - type: string - init_container_extra_volume_mounts: - description: Specify volume mounts to be added to the init container - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_selector: - description: nodeSelector for the Postgres pods - type: string - postgres_tolerations: - description: node tolerations for the Postgres pods - type: string - postgres_storage_requirements: - description: Storage requirements for the PostgreSQL container - properties: - requests: - properties: - storage: - type: string - type: object - limits: - properties: - storage: - type: string - type: object - type: object - postgres_resource_requirements: - description: Resource requirements for the PostgreSQL container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - type: object - type: object - postgres_storage_class: - description: Storage class to use for the PostgreSQL PVC - type: string - postgres_data_path: - description: Path where the PostgreSQL data are located - type: string - ca_trust_bundle: - description: Path where the trusted CA bundle is available - type: string - development_mode: - description: If the deployment should be done in development mode - type: boolean - ldap_cacert_secret: - description: Secret where can be found the LDAP trusted Certificate Authority Bundle - type: string - bundle_cacert_secret: - description: Secret where can be found the trusted Certificate Authority Bundle - type: string - projects_persistence: - description: Whether or not the /var/lib/projects directory will be persistent - default: false - type: boolean - projects_use_existing_claim: - description: Using existing PersistentVolumeClaim - type: string - enum: - - _Yes_ - - _No_ - projects_existing_claim: - description: PersistentVolumeClaim to mount /var/lib/projects directory - type: string - projects_storage_class: - description: Storage class for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_size: - description: Size for the /var/lib/projects PersistentVolumeClaim - default: 8Gi - type: string - projects_storage_access_mode: - description: AccessMode for the /var/lib/projects PersistentVolumeClaim - default: ReadWriteMany - type: string - extra_settings: - description: Extra settings to specify for the API - items: - properties: - setting: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - type: object - status: - properties: - URL: - description: URL to access the deployed instance - type: string - adminUser: - description: Admin user of the deployed instance - type: string - adminPasswordSecret: - description: Admin password secret name of the deployed instance - type: string - postgresConfigurationSecret: - description: Postgres Configuration secret name of the deployed instance - type: string - broadcastWebsocketSecret: - description: Broadcast websocket secret name of the deployed instance - type: string - secretKeySecret: - description: Secret key secret name of the deployed instance - type: string - migratedFromSecret: - description: The secret used for migrating an old instance. - type: string - version: - description: Version of the deployed instance - type: string - image: - description: URL of the image used for the deployed instance - type: string - conditions: - description: The resulting conditions when a Service Telemetry is instantiated - items: - properties: - status: - type: string - type: - type: string - reason: - type: string - lastTransitionTime: - type: string - type: object - type: array - type: object - type: object - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxbackups.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXBackup - listKind: AWXBackupList - plural: awxbackups - singular: awxbackup - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - description: Schema validation for the AWXBackup CRD - properties: - spec: - type: object - required: - - deployment_name - properties: - deployment_name: - description: Name of the deployment to be backed up - type: string - backup_pvc: - description: Name of the PVC to be used for storing the backup - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_storage_requirements: - description: Storage requirements for the PostgreSQL container - type: string - backup_storage_class: - description: Storage class to use when creating PVC for backup - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing up data - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - status: - type: object - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - backupDirectory: - description: Backup directory name on the specified pvc - type: string - backupClaim: - description: Backup persistent volume claim - type: string - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxrestores.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXRestore - listKind: AWXRestoreList - plural: awxrestores - singular: awxrestore - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - description: Schema validation for the AWXRestore CRD - properties: - spec: - type: object - properties: - backup_source: - description: Backup source - type: string - enum: - - CR - - PVC - deployment_name: - description: Name of the deployment to be restored to - type: string - backup_name: - description: AWXBackup object name - type: string - backup_pvc: - description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim) - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_dir: - description: Backup directory name, set as a status found on the awxbackup object (backupDirectory) - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing up data - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - status: - type: object - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - restoreComplete: - description: Restore process complete - type: boolean - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: awx-operator -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - "" - - "rbac.authorization.k8s.io" - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - apps - - networking.k8s.io - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - - statefulsets/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - - pods/attach - - pods/log # log & attach rules needed to be able to grant them to AWX service account - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - create - - apiGroups: - - awx.ansible.com - resources: - - '*' - - awxbackups - - awxrestores - verbs: - - '*' - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: awx-operator -subjects: - - kind: ServiceAccount - name: awx-operator -roleRef: - kind: Role - name: awx-operator - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awx-operator - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: awx-operator -spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - template: - metadata: - labels: - name: awx-operator - spec: - serviceAccountName: awx-operator - containers: - - name: awx-operator - image: "quay.io/ansible/awx-operator:0.13.0" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - # Watch one namespace (namespace-scoped). - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - - name: OPERATOR_VERSION - value: "0.13.0" - - name: ANSIBLE_DEBUG_LOGS - value: "false" - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - volumes: - - name: runner - emptyDir: {} diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml deleted file mode 100644 index 133c4814..00000000 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: awx.ansible.com/v1beta1 -kind: AWX -metadata: - name: example-awx - namespace: example-awx -spec: - service_account_annotations: | - foo: bar - deployment_type: awx - ingress_type: ingress - web_resource_requirements: - requests: - cpu: 500m - memory: 128M - task_resource_requirements: - requests: - cpu: 500m - memory: 128M - ee_resource_requirements: - requests: - cpu: 200m - memory: 64M diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml deleted file mode 100644 index f4e51a52..00000000 --- a/deploy/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./awx-operator.yaml diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml deleted file mode 100644 index 9708fe98..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,777 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: |- - [ - { - "apiVersion": "awx.ansible.com/v1beta1", - "kind": "AWX", - "metadata": { - "name": "example-awx", - "namespace": "example-awx" - }, - "spec": { - "deployment_type": "awx", - "ee_resource_requirements": { - "requests": { - "cpu": "200m", - "memory": "64M" - } - }, - "ingress_type": "ingress", - "service_account_annotations": "foo: bar\n", - "task_resource_requirements": { - "requests": { - "cpu": "500m", - "memory": "128M" - } - }, - "web_resource_requirements": { - "requests": { - "cpu": "500m", - "memory": "128M" - } - } - } - } - ] - capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v0.19.4 - operators.operatorframework.io/project_layout: ansible - name: awx-operator.v0.13.0 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - displayName: AWX Backup - kind: AWXBackup - name: awxbackups.awx.ansible.com - specDescriptors: - - displayName: Deployment name - path: deployment_name - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Backup persistent volume claim - path: backup_pvc - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Backup persistent volume claim namespace - path: backup_pvc_namespace - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Backup PVC storage requirements - path: backup_storage_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Backup PVC storage class - path: backup_storage_class - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Database backup label selector - path: postgres_label_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image - path: postgres_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image Version - path: postgres_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - statusDescriptors: - - description: The persistent volume claim name used during backup - displayName: Backup claim - path: backupClaim - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - description: The directory data is backed up to on the PVC - displayName: Backup directory - path: backupDirectory - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - version: v1beta1 - - displayName: AWX Restore - kind: AWXRestore - name: awxrestores.awx.ansible.com - specDescriptors: - - displayName: Backup source to restore ? - path: backup_source - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:select:CR - - urn:alm:descriptor:com.tectonic.ui:select:PVC - - displayName: Backup name - path: backup_name - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR - - displayName: Name of newly restored deployment - path: deployment_name - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Backup persistent volume claim - path: backup_pvc - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC - - displayName: Backup namespace - path: backup_pvc_namespace - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Backup directory in the persistent volume claim - path: backup_dir - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC - - displayName: Database restore label selector - path: postgres_label_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image - path: postgres_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image Version - path: postgres_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - statusDescriptors: - - description: The state of the restore - displayName: Restore status - path: restoreComplete - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - version: v1beta1 - - description: A AWX Instance - displayName: AWX - kind: AWX - name: awxs.awx.ansible.com - specDescriptors: - - displayName: Hostname - path: hostname - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Admin account username - path: admin_user - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Admin email address - path: admin_email - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Admin password secret - path: admin_password_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Database configuration secret - path: postgres_configuration_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Old Database configuration secret - path: old_postgres_configuration_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Secret key secret - path: secret_key_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Broadcast Websocket Secret - path: broadcast_websocket_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Service Account Annotations - path: service_account_annotations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Tower Service Type - path: service_type - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:ClusterIP - - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer - - urn:alm:descriptor:com.tectonic.ui:select:NodePort - - displayName: Tower Ingress Type - path: ingress_type - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:none - - urn:alm:descriptor:com.tectonic.ui:select:Ingress - - urn:alm:descriptor:com.tectonic.ui:select:Route - - displayName: Tower Ingress Annotations - path: ingress_annotations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress - - displayName: Tower Ingress TLS Secret - path: ingress_tls_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress - - displayName: Tower LoadBalancer Annotations - path: loadbalancer_annotations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - - displayName: Tower LoadBalancer Protocol - path: loadbalancer_protocol - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:http - - urn:alm:descriptor:com.tectonic.ui:select:https - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - - displayName: Tower LoadBalancer Port - path: loadbalancer_port - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:number - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - - displayName: Tower NodePort Port - path: nodeport_port - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:number - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:NodePort - - displayName: Route DNS host - path: route_host - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - - displayName: Route TLS termination mechanism - path: route_tls_termination_mechanism - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:Edge - - urn:alm:descriptor:com.tectonic.ui:select:Passthrough - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - - displayName: Route TLS credential secret - path: route_tls_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - - displayName: Image Pull Policy - path: image_pull_policy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - displayName: Image Pull Secret - path: image_pull_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Web container resource requirements - path: web_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: Task container resource requirements - path: task_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: EE Control Plane container resource requirements - path: ee_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: PostgreSQL container resource requirements (when using a managed - instance) - path: postgres_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: PostgreSQL container storage requirements (when using a managed - instance) - path: postgres_storage_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: Replicas - path: replicas - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:number - - displayName: Remove used secrets on instance removal ? - path: garbage_collect_secrets - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - displayName: Preload instance with data upon creation ? - path: create_preload_data - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - displayName: Deploy the instance in development mode ? - path: development_mode - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Should the task container deployed with privileged level ? - path: task_privileged - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Deployment Type - path: deployment_type - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Deployment Kind - path: kind - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Deployment apiVersion - path: api_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Image - path: image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Image Version - path: image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Redis Image - path: redis_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Redis Image Version - path: redis_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image - path: postgres_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image Version - path: postgres_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Selector - path: postgres_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Label Selector - path: postgres_label_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Tolerations - path: postgres_tolerations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Storage Class - path: postgres_storage_class - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Datapath - path: postgres_data_path - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Certificate Authorirty Trust Bundle - path: ca_trust_bundle - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: LDAP Certificate Authority Trust Bundle - path: ldap_cacert_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Task Args - path: task_args - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Enable persistence for /var/lib/projects directory? - path: projects_persistence - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - displayName: Use existing Persistent Claim? - path: projects_use_existing_claim - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:_Yes_ - - urn:alm:descriptor:com.tectonic.ui:select:_No_ - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true - - displayName: Projects Existing Persistent Claim - path: projects_existing_claim - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_ - - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim - - description: Projects Storage Class Name. If not present, the default storage - class will be used. - displayName: Projects Storage Class Name - path: projects_storage_class - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - - urn:alm:descriptor:com.tectonic.ui:text - - description: Projects Storage Size - displayName: Projects Storage Size - path: projects_storage_size - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - - urn:alm:descriptor:com.tectonic.ui:text - - description: Projects Storage Access Mode - displayName: Projects Storage Access Mode - path: projects_storage_access_mode - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Task Command - path: task_command - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Environment variables to be added to Task container - displayName: Task Extra Env - path: task_extra_env - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify volume mounts to be added to Execution container - displayName: EE Extra Volume Mounts - path: ee_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Registry path to the Execution Environment container to use - displayName: EE Images - path: ee_images - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Environment variables to be added to EE container - displayName: EE Extra Env - path: ee_extra_env - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Registry path to the Execution Environment container to use on - control plane pods - displayName: Control Plane EE Image - path: control_plane_ee_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: EE Images Pull Credentials Secret - displayName: EE Images Pull Credentials Secret - path: ee_pull_credentials_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - description: Specify volume mounts to be added to Task container - displayName: Task Extra Volume Mounts - path: task_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Web Args - path: web_args - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Web Command - path: web_command - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Environment variables to be added to Web container - displayName: Web Extra Env - path: web_extra_env - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify volume mounts to be added to Web container - displayName: Web Extra Volume Mounts - path: web_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify extra volumes to add to the application pod - displayName: Extra Volumes - path: extra_volumes - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Node Selector - path: node_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Service Labels - path: service_labels - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tolerations - path: tolerations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: API Extra Settings - path: extra_settings - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Registry path to the init container to use - displayName: Init Container Image - path: init_container_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Init container image version to use - displayName: Init Container Image Version - path: init_container_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify Extra commands for the Init container - displayName: Init Container Extra Commands - path: init_container_extra_commands - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify volume mounts to be added to Init container - displayName: Init Container Extra Volume Mounts - path: init_container_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Secret where can be found the trusted Certificate Authority Bundle - path: bundle_cacert_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - statusDescriptors: - - description: Route to access the instance deployed - displayName: URL - path: URL - x-descriptors: - - urn:alm:descriptor:org.w3:link - - description: Admin user for the instance deployed - displayName: Admin User - path: adminUser - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - description: Admin password for the instance deployed - displayName: Admin Password - path: adminPasswordSecret - x-descriptors: - - urn:alm:descriptor:io.kubernetes:Secret - - description: Version of the instance deployed - displayName: Version - path: version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - description: Image of the instance deployed - displayName: Image - path: image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - version: v1beta1 - description: AWX operator - displayName: AWX - icon: - - base64data: "" - mediatype: "" - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - '*' - - apiGroups: - - "" - - rbac.authorization.k8s.io - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - '*' - - apiGroups: - - apps - - networking.k8s.io - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - - statefulsets/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - apiGroups: - - awx.ansible.com - resources: - - '*' - - awxbackups - - awxrestores - verbs: - - '*' - serviceAccountName: awx-operator - deployments: - - name: awx-operator - spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - strategy: {} - template: - metadata: - labels: - name: awx-operator - spec: - containers: - - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.annotations['olm.targetNamespaces'] - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - - name: OPERATOR_VERSION - value: 0.13.0 - - name: ANSIBLE_DEBUG_LOGS - value: "false" - image: quay.io/ansible/awx-operator:0.13.0 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - name: awx-operator - resources: {} - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - serviceAccountName: awx-operator - volumes: - - emptyDir: {} - name: runner - strategy: deployment - installModes: - - supported: true - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: false - type: AllNamespaces - keywords: - - awx - links: - - name: Awx Operator - url: https://github.com/ansible/awx-operator - maintainers: - - email: yguenane@redhat.com - name: Yanis Guenane - maturity: alpha - provider: - name: AWX Community - url: https://github.com/ansible/awx-operator - replaces: awx-operator.v0.12.0 - version: 0.13.0 diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml deleted file mode 100644 index 182e5532..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: awxbackups.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXBackup - listKind: AWXBackupList - plural: awxbackups - singular: awxbackup - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Schema validation for the AWXBackup CRD - properties: - spec: - properties: - backup_pvc: - description: Name of the PVC to be used for storing the backup - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_storage_class: - description: Storage class to use when creating PVC for backup - type: string - backup_storage_requirements: - description: Storage requirements for the PostgreSQL container - type: string - deployment_name: - description: Name of the deployment to be backed up - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing - up data - type: string - required: - - deployment_name - type: object - status: - properties: - backupClaim: - description: Backup persistent volume claim - type: string - backupDirectory: - description: Backup directory name on the specified pvc - type: string - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml deleted file mode 100644 index 9023d6d8..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: awxrestores.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXRestore - listKind: AWXRestoreList - plural: awxrestores - singular: awxrestore - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Schema validation for the AWXRestore CRD - properties: - spec: - properties: - backup_dir: - description: Backup directory name, set as a status found on the awxbackup - object (backupDirectory) - type: string - backup_name: - description: AWXBackup object name - type: string - backup_pvc: - description: Name of the PVC to be restored from, set as a status - found on the awxbackup object (backupClaim) - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_source: - description: Backup source - enum: - - CR - - PVC - type: string - deployment_name: - description: Name of the deployment to be restored to - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing - up data - type: string - type: object - status: - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - restoreComplete: - description: Restore process complete - type: boolean - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml deleted file mode 100644 index c1f1f58e..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ /dev/null @@ -1,463 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Schema validation for the AWX CRD - properties: - spec: - properties: - admin_email: - description: The admin user email - type: string - admin_password_secret: - description: Secret where the admin password can be found - type: string - admin_user: - default: admin - description: Username to use for the admin account - type: string - api_version: - description: apiVersion of the deployment type - type: string - broadcast_websocket_secret: - description: Secret where the broadcast websocket secret can be found - type: string - bundle_cacert_secret: - description: Secret where can be found the trusted Certificate Authority - Bundle - type: string - ca_trust_bundle: - description: Path where the trusted CA bundle is available - type: string - control_plane_ee_image: - description: Registry path to the Execution Environment container - image to use on control plane pods - type: string - create_preload_data: - default: true - description: Whether or not to preload data upon instance creation - type: boolean - deployment_type: - description: Name of the deployment type - type: string - development_mode: - description: If the deployment should be done in development mode - type: boolean - ee_extra_env: - type: string - ee_extra_volume_mounts: - description: Specify volume mounts to be added to Execution container - type: string - ee_images: - description: Registry path to the Execution Environment container - to use - items: - properties: - image: - type: string - name: - type: string - type: object - type: array - ee_pull_credentials_secret: - description: Secret where pull credentials for registered ees can - be found - type: string - ee_resource_requirements: - description: Resource requirements for the ee container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - extra_settings: - description: Extra settings to specify for the API - items: - properties: - setting: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - extra_volumes: - description: Specify extra volumes to add to the application pod - type: string - garbage_collect_secrets: - default: false - description: Whether or not to remove secrets upon instance removal - type: boolean - hostname: - description: The hostname of the instance - type: string - image: - description: Registry path to the application container to use - type: string - image_pull_policy: - default: IfNotPresent - description: The image pull policy - enum: - - Always - - always - - Never - - never - - IfNotPresent - - ifnotpresent - type: string - image_pull_secret: - description: The image pull secret - type: string - image_version: - description: Application container image version to use - type: string - ingress_annotations: - description: Annotations to add to the Ingress Controller - type: string - ingress_path: - description: The ingress path used to reach the deployed service - type: string - ingress_tls_secret: - description: Secret where the Ingress TLS secret can be found - type: string - ingress_type: - description: The ingress type to use to reach the deployed instance - enum: - - none - - Ingress - - ingress - - Route - - route - type: string - init_container_extra_commands: - description: Extra commands for the init container - type: string - init_container_extra_volume_mounts: - description: Specify volume mounts to be added to the init container - type: string - init_container_image: - description: Registry path to the init container to use - type: string - init_container_image_version: - description: Init container image version to use - type: string - kind: - description: Kind of the deployment type - type: string - ldap_cacert_secret: - description: Secret where can be found the LDAP trusted Certificate - Authority Bundle - type: string - loadbalancer_annotations: - description: Annotations to add to the loadbalancer - type: string - loadbalancer_port: - default: 80 - description: Port to use for the loadbalancer - type: integer - loadbalancer_protocol: - default: http - description: Protocol to use for the loadbalancer - enum: - - http - - https - type: string - nodeport_port: - default: 30080 - description: Port to use for the nodeport - type: integer - node_selector: - description: nodeSelector for the pods - type: string - old_postgres_configuration_secret: - description: Secret where the old database configuration can be found - for data migration - type: string - postgres_configuration_secret: - description: Secret where the database configuration can be found - type: string - postgres_data_path: - description: Path where the PostgreSQL data are located - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for data - migration - type: string - postgres_resource_requirements: - description: Resource requirements for the PostgreSQL container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - type: object - type: object - postgres_selector: - description: nodeSelector for the Postgres pods - type: string - postgres_storage_class: - description: Storage class to use for the PostgreSQL PVC - type: string - postgres_storage_requirements: - description: Storage requirements for the PostgreSQL container - properties: - limits: - properties: - storage: - type: string - type: object - requests: - properties: - storage: - type: string - type: object - type: object - postgres_tolerations: - description: node tolerations for the Postgres pods - type: string - projects_existing_claim: - description: PersistentVolumeClaim to mount /var/lib/projects directory - type: string - projects_persistence: - default: false - description: Whether or not the /var/lib/projects directory will be - persistent - type: boolean - projects_storage_access_mode: - default: ReadWriteMany - description: AccessMode for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_class: - description: Storage class for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_size: - default: 8Gi - description: Size for the /var/lib/projects PersistentVolumeClaim - type: string - projects_use_existing_claim: - description: Using existing PersistentVolumeClaim - enum: - - _Yes_ - - _No_ - type: string - redis_image: - description: Registry path to the redis container to use - type: string - redis_image_version: - description: Redis container image version to use - type: string - replicas: - default: 1 - description: Number of instance replicas - format: int32 - type: integer - route_host: - description: The DNS to use to points to the instance - type: string - route_tls_secret: - description: Secret where the TLS related credentials are stored - type: string - route_tls_termination_mechanism: - default: Edge - description: The secure TLS termination mechanism to use - enum: - - Edge - - edge - - Passthrough - - passthrough - type: string - secret_key_secret: - description: Secret where the secret key can be found - type: string - service_account_annotations: - description: ServiceAccount annotations - type: string - service_labels: - description: Additional labels to apply to the service - type: string - service_type: - description: The service type to be used on the deployed instance - enum: - - LoadBalancer - - loadbalancer - - ClusterIP - - clusterip - - NodePort - - nodeport - type: string - task_args: - items: - type: string - type: array - task_command: - items: - type: string - type: array - task_extra_env: - type: string - task_extra_volume_mounts: - description: Specify volume mounts to be added to Task container - type: string - task_privileged: - default: false - description: If a privileged security context should be enabled - type: boolean - task_resource_requirements: - description: Resource requirements for the task container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - tolerations: - description: node tolerations for the pods - type: string - web_args: - items: - type: string - type: array - web_command: - items: - type: string - type: array - web_extra_env: - type: string - web_extra_volume_mounts: - description: Specify volume mounts to be added to the Web container - type: string - web_resource_requirements: - description: Resource requirements for the web container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - type: object - status: - properties: - URL: - description: URL to access the deployed instance - type: string - adminPasswordSecret: - description: Admin password secret name of the deployed instance - type: string - adminUser: - description: Admin user of the deployed instance - type: string - broadcastWebsocketSecret: - description: Broadcast websocket secret name of the deployed instance - type: string - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - image: - description: URL of the image used for the deployed instance - type: string - migratedFromSecret: - description: The secret used for migrating an old instance. - type: string - postgresConfigurationSecret: - description: Postgres Configuration secret name of the deployed instance - type: string - secretKeySecret: - description: Secret key secret name of the deployed instance - type: string - version: - description: Version of the deployed instance - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/deploy/olm-catalog/awx-operator/metadata/annotations.yaml b/deploy/olm-catalog/awx-operator/metadata/annotations.yaml deleted file mode 100644 index 8322db21..00000000 --- a/deploy/olm-catalog/awx-operator/metadata/annotations.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - operators.operatorframework.io.bundle.channel.default.v1: alpha - operators.operatorframework.io.bundle.channels.v1: alpha - operators.operatorframework.io.bundle.manifests.v1: manifests/ - operators.operatorframework.io.bundle.mediatype.v1: registry+v1 - operators.operatorframework.io.bundle.metadata.v1: metadata/ - operators.operatorframework.io.bundle.package.v1: awx-operator - operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4 - operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 - operators.operatorframework.io.metrics.project_layout: ansible diff --git a/main.yml b/main.yml deleted file mode 100644 index 10af8495..00000000 --- a/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - installer diff --git a/playbooks/.gitkeep b/playbooks/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/projects/.gitkeep b/projects/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/requirements.yml b/requirements.yml index 05dc4128..54173725 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,6 +1,6 @@ --- collections: - name: kubernetes.core - version: '==1.1.1' + version: '==1.2.1' - name: operator_sdk.util - version: '==0.1.0' + version: "0.2.0" diff --git a/watches.yaml b/watches.yaml index edb90f99..43a0a5c0 100644 --- a/watches.yaml +++ b/watches.yaml @@ -1,8 +1,9 @@ --- +# Use the 'create api' subcommand to add watches to this file. - version: v1beta1 group: awx.ansible.com kind: AWX - playbook: /opt/ansible/main.yml + role: installer - version: v1beta1 group: awx.ansible.com @@ -13,3 +14,4 @@ group: awx.ansible.com kind: AWXRestore role: restore +#+kubebuilder:scaffold:watch