diff --git a/README.md b/README.md index 560b326b..dacb4c47 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ stringData: By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `tower_ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created. -The AWX operator provides support for two kind of `Ingress` to access AWX: `Ingress` and `Route`, To toggle between these two options, you can add the following to your AWX CR: +The AWX operator provides support for three kinds of `Ingress` to access AWX: `Ingress`, `Route` and `LoadBalancer`, To toggle between these options, you can add the following to your AWX CR: * Route @@ -132,6 +132,16 @@ spec: tower_hostname: awx.mycompany.com ``` + * LoadBalancer + +```yaml +--- +spec: + ... + tower_ingress_type: LoadBalancer + tower_ingress_protocol: http +``` + #### TLS Termination * Route @@ -153,6 +163,16 @@ The following variables are customizable to specify the TLS termination procedur | tower_ingress_annotations | Ingress annotations | Empty string | | tower_ingress_tls_secret | Secret that contains the TLS information | Empty string | + * LoadBalancer + +The following variables are customizable to specify the TLS termination procedure when `LoadBalancer` is picked as an Ingress + +| Name | Description | Default | +| ------------------------------ | ---------------------------------------- | ------------- | +| tower_loadbalancer_annotations | LoadBalancer annotations | Empty string | +| tower_loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | +| tower_loadbalancer_port | Port used for Loadbalancer ingress | 80 | + ### Database Configuration diff --git a/ansible/instantiate-awx-deployment.yml b/ansible/instantiate-awx-deployment.yml index c157e092..651a9423 100644 --- a/ansible/instantiate-awx-deployment.yml +++ b/ansible/instantiate-awx-deployment.yml @@ -20,7 +20,7 @@ spec: tower_admin_user: test tower_admin_email: test@example.com - tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route or Ingress + tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer tower_image: "{{ tower_image | default(omit) }}" development_mode: "{{ development_mode | default(omit) }}" tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}" diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 70544f83..33241d98 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -65,12 +65,28 @@ spec: - ingress - Route - route + - LoadBalancer + - loadbalancer tower_ingress_annotations: description: Annotations to add to the ingress type: string tower_ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: int32 + default: 80 tower_route_host: description: The DNS to use to points to the instance type: string diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index dfe6bb6f..62ebba5d 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -216,12 +216,28 @@ spec: - ingress - Route - route + - LoadBalancer + - loadbalancer tower_ingress_annotations: description: Annotations to add to the ingress type: string tower_ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: number + default: 80 tower_route_host: description: The DNS to use to points to the instance type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 70544f83..1d1bbc9c 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -65,12 +65,28 @@ spec: - ingress - Route - route + - LoadBalancer + - loadbalancer tower_ingress_annotations: description: Annotations to add to the ingress type: string tower_ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: number + default: 80 tower_route_host: description: The DNS to use to points to the instance type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 07468d5d..bb2edd98 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -120,6 +120,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:none - urn:alm:descriptor:com.tectonic.ui:select:Ingress - urn:alm:descriptor:com.tectonic.ui:select:Route + - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer - displayName: Tower Ingress Annotations path: tower_ingress_annotations x-descriptors: @@ -132,6 +133,25 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress + - displayName: Tower LoadBalancer Annotations + path: tower_loadbalancer_annotations + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer + - displayName: Tower LoadBalancer Protocol + path: tower_loadbalancer_protocol + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:select:http + - urn:alm:descriptor:com.tectonic.ui:select:https + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer + - displayName: Tower LoadBalancer Port + path: tower_loadbalancer_port + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:number + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer - displayName: Route DNS host path: tower_route_host x-descriptors: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 3f4d706a..667e0ce3 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -82,7 +82,23 @@ spec: - ingress - Route - route + - LoadBalancer + - loadbalancer type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: number + default: 80 tower_postgres_configuration_secret: description: Secret where the database configuration can be found type: string diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index a529c3b3..4e6c1786 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -18,6 +18,9 @@ tower_ingress_annotations: '' # certificate and key. tower_ingress_tls_secret: '' +tower_loadbalancer_protocol: 'http' +tower_loadbalancer_port: '80' + # The TLS termination mechanism to use to access # the services. Supported mechanism are: edge, passthrough # diff --git a/roles/installer/templates/tower_service.yaml.j2 b/roles/installer/templates/tower_service.yaml.j2 index 0b31f267..8d5d7cc0 100644 --- a/roles/installer/templates/tower_service.yaml.j2 +++ b/roles/installer/templates/tower_service.yaml.j2 @@ -6,20 +6,34 @@ metadata: namespace: '{{ meta.namespace }}' labels: app: '{{ deployment_type }}' +{% if tower_ingress_type | lower == 'loadbalancer' %} + annotations: + {{ tower_loadbalancer_annotations | indent(width=4) }} +{% endif %} spec: ports: +{% if tower_ingress_type | lower != 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %} - port: 80 protocol: TCP targetPort: 8052 name: http +{% endif %} {% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} - port: 443 protocol: TCP targetPort: 8053 name: https +{% endif %} +{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower == 'https' %} + - port: 443 + protocol: TCP + targetPort: 8052 + name: https {% endif %} selector: app: '{{ deployment_type }}' -{% if tower_ingress_type != "none" %} +{% if tower_ingress_type | lower == "loadbalancer" %} + type: LoadBalancer +{% elif tower_ingress_type != "none" %} type: NodePort {% endif %}