Add var for ingress type; Add var to enable/disable bubblewrap

2026-05-06 13:22:50 +00:00 · 2020-03-23 00:59:11 -04:00
parent 688a16ea66
commit 47a6a519d2
6 changed files with 45 additions and 1 deletions
--- a/deploy/role.yaml
+++ b/deploy/role.yaml
@@ -5,6 +5,14 @@ metadata:
  creationTimestamp: null
  name: tower-operator
 rules:
+  - apiGroups:
+      - route.openshift.io
+    resources:
+      - routes
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
  - apiGroups:
      - ""
    resources:
--- a/deploy/tower-operator.yaml
+++ b/deploy/tower-operator.yaml
@@ -5,6 +5,12 @@ metadata:
  creationTimestamp: null
  name: tower-operator
 rules:
+  - apiGroups:
+      - route.openshift.io
+    resources:
+      - routes
+    verbs:
+      - '*'
  - apiGroups:
      - ""
    resources:
--- a/roles/tower/defaults/main.yml
+++ b/roles/tower/defaults/main.yml
@@ -1,4 +1,7 @@
 ---
+tower_multitenant: false
+tower_ingress_type: ingress
+
 tower_hostname: example-tower.test
 tower_secret_key: aabbcc

--- a/roles/tower/templates/tower_config.yaml.j2
+++ b/roles/tower/templates/tower_config.yaml.j2
@@ -40,7 +40,11 @@ data:
    INTERNAL_API_URL = 'http://127.0.0.1:8052'
    
    # Container environments don't like chroots
+{% if tower_multitenant == true %}
+    AWX_PROOT_ENABLED = True
+{% else %}
    AWX_PROOT_ENABLED = False
+{% endif %}
    
    # Automatically deprovision pods that go offline
    AWX_AUTO_DEPROVISION_INSTANCES = True
--- a/roles/tower/templates/tower_task.yaml.j2
+++ b/roles/tower/templates/tower_task.yaml.j2
@@ -20,8 +20,10 @@ spec:
      containers:
      - image: '{{ tower_task_image }}'
        name: tower-task
+{% if tower_multitenant == true %}
        securityContext:
          privileged: true
+{% endif %}
        command:
          - /usr/bin/launch_awx_task.sh
        envFrom:
--- a/roles/tower/templates/tower_web.yaml.j2
+++ b/roles/tower/templates/tower_web.yaml.j2
@@ -94,11 +94,12 @@ spec:
  - port: 80
    protocol: TCP
    targetPort: 8052
+    name: http
  selector:
    app: tower

 # Tower Ingress.
-{% if tower_hostname != '' %}
+{% if 'ingress' == tower_ingress_type %}
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
@@ -115,3 +116,23 @@ spec:
          serviceName: '{{ meta.name }}-service'
          servicePort: 80
 {% endif %}
+
+{% if 'route' == tower_ingress_type %}
+---
+apiVersion: v1
+kind: Route
+metadata:
+  name: '{{ meta.name }}'
+  namespace: '{{ meta.namespace }}'
+spec:
+  port:
+    targetPort: http
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ meta.name }}-service
+    weight: 100
+  wildcardPolicy: None
+{% endif %}