diff --git a/README.md b/README.md index 1be5b2e9..f9fd0624 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Containers Resource Requirements](#containers-resource-requirements) * [LDAP Certificate Authority](#ldap-certificate-authority) * [Persisting Projects Directory](#persisting-projects-directory) + * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) * [Development](#development) * [Testing](#testing) * [Testing in Docker](#testing-in-docker) @@ -410,6 +411,72 @@ spec: tower_projects_storage_size: 20Gi ``` +#### Custom Volume and Volume Mount Options + +In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files. + +| Name | Description | Default | +| ------------------------------ | -------------------------------------------------------- | ------- | +| tower_extra_volumes | Specify extra volumes to add to the application pod | '' | +| tower_web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | +| tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | +| tower_ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' | + +Example configuration for ConfigMap + +```yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: -extra-config + namespace: +data: + ansible.cfg: | + [defaults] + remote_tmp = /tmp + [ssh_connection] + ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s + custom.py: | + INSIGHTS_URL_BASE = "example.org" + AWX_CLEANUP_PATHS = True +``` +Example spec file for volumes and volume mounts + +```yaml +--- + spec: + ... + tower_ee_extra_volume_mounts: | + - name: ansible-cfg + mountPath: /etc/ansible/ansible.cfg + subPath: ansible.cfg + + tower_task_extra_volume_mounts: | + - name: custom-py + mountPath: /etc/tower/conf.d/custom.py + subPath: custom.py + + tower_extra_volumes: | + - name: ansible-cfg + configMap: + defaultMode: 420 + items: + - key: ansible.cfg + path: ansible.cfg + name: -extra-config + - name: custom-py + configMap: + defaultMode: 420 + items: + - key: custom.py + path: custom.py + name: -extra-config + +``` + +> :warning: **Volume and VolumeMount names cannot contain underscores(_)** + ## Development ### Testing diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index f91d7e48..17f07c18 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -214,9 +214,14 @@ spec: type: string tower_web_extra_env: type: string + tower_ee_extra_volume_mounts: + description: Specify volume mounts to be added to Execution container + type: string tower_task_extra_volume_mounts: + description: Specify volume mounts to be added to Task container type: string tower_web_extra_volume_mounts: + description: Specify volume mounts to be added to the Web container type: string tower_redis_image: description: Registry path to the redis container to use diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 1e2d12a9..0fea86e0 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -299,7 +299,14 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: + path: tower_ee_extra_volume_mounts + description: Specify volume mounts to be added to Execution container + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Task Extra Volume Mounts + description: Specify volume mounts to be added to Task container path: tower_task_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced @@ -320,11 +327,13 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Web Extra Volume Mounts + description: Specify volume mounts to be added to Web container path: tower_web_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Extra Volumes + description: Specify extra volumes to add to the application pod path: tower_extra_volumes x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index d33dc3cf..1d684484 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -226,7 +226,11 @@ spec: type: array tower_task_extra_env: type: string + tower_ee_extra_volume_mounts: + description: Specify volume mounts to be added to Execution container + type: string tower_task_extra_volume_mounts: + description: Specify volume mounts to be added to Task container type: string tower_task_privileged: default: false @@ -268,6 +272,7 @@ spec: tower_web_extra_env: type: string tower_web_extra_volume_mounts: + description: Specify volume mounts to be added to web container type: string tower_web_resource_requirements: description: Resource requirements for the web container diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 1335a559..d86880cf 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -126,7 +126,7 @@ tower_web_extra_env: '' # mountPath: /some/path tower_task_extra_volume_mounts: '' tower_web_extra_volume_mounts: '' - +tower_ee_extra_volume_mounts: '' tower_redis_image: redis:latest tower_postgres_image: postgres:12 diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index 68b4aa3c..42c334ec 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -61,7 +61,16 @@ spec: {% endif %} volumeMounts: - name: "{{ meta.name }}-application-credentials" - mountPath: "/etc/tower/conf.d/" + mountPath: "/etc/tower/conf.d/execution_environments.py" + subPath: execution_environments.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/credentials.py" + subPath: credentials.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/ldap.py" + subPath: ldap.py readOnly: true {% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} - name: "{{ meta.name }}-nginx-certs" @@ -129,7 +138,16 @@ spec: {% endif %} volumeMounts: - name: "{{ meta.name }}-application-credentials" - mountPath: "/etc/tower/conf.d/" + mountPath: "/etc/tower/conf.d/execution_environments.py" + subPath: execution_environments.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/credentials.py" + subPath: credentials.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/ldap.py" + subPath: ldap.py readOnly: true - name: "{{ secret_key_secret_name }}" mountPath: /etc/tower/SECRET_KEY @@ -196,6 +214,9 @@ spec: mountPath: "/var/run/receptor" - name: "{{ meta.name }}-projects" mountPath: "/var/lib/awx/projects" +{% if tower_ee_extra_volume_mounts -%} + {{ tower_ee_extra_volume_mounts | indent(width=12, indentfirst=True) }} +{% endif %} {% if development_mode | bool %} env: - name: SDB_NOTIFY_HOST