From 8d65b84b89f33c77f95c79d5734f159dcb10c7a7 Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Wed, 14 Apr 2021 14:16:04 -0400 Subject: [PATCH 1/5] expose settings to use custom volumes and volume mounts --- README.md | 60 +++++++++++++++++++ ansible/templates/crd.yml.j2 | 2 + .../awx-operator.clusterserviceversion.yaml | 7 ++- .../manifests/awx.ansible.com_awxs_crd.yaml | 2 + 4 files changed, 69 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1be5b2e9..c28460d7 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Containers Resource Requirements](#containers-resource-requirements) * [LDAP Certificate Authority](#ldap-certificate-authority) * [Persisting Projects Directory](#persisting-projects-directory) + * [Custom Volume and Volume Mount Options](#custom-volume-volumemount-options) * [Development](#development) * [Testing](#testing) * [Testing in Docker](#testing-in-docker) @@ -410,6 +411,65 @@ spec: tower_projects_storage_size: 20Gi ``` +#### Custom Volume and Volume Mount Options + +In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files. + +| Name | Description | Default | +| ------------------------------ | -------------------------------------------------------- | ------- | +| tower_extra_volumes | Specify extra volumes to add to the application pod | '' | +| tower_web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | +| tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | + +Example configuration for ConfigMap + +```yaml +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: -extra-config + namespace: +data: + ansible.cfg: | + [defaults] + remote_tmp = /tmp + [ssh_connection] + ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s + custom.py: | + INSIGHTS_URL_BASE = "example.org" + AWX_CLEANUP_PATHS = True +``` +Example spec file for volumes and volume mounts + +```yaml +--- + tower_task_extra_volume_mounts: | + - name: ansible_cfg + mountPath: /etc/ansible/ansible.cfg + subPath: ansible.cfg + - name: custom_py + mountPath: /etc/tower/conf.d/custom.py + subPath: custom.py + + tower_extra_volumes: | + - name: ansible_cfg + configMap: + defaultMode: 420 + items: + - key: ansible.cfg + path: ansible.cfg + name: -extra-config + - name: custom_py + configMap: + defaultMode: 420 + items: + - key: custom.py + path: custom.py + name: -extra-config + +``` + ## Development ### Testing diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index f91d7e48..b9e1fe46 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -215,8 +215,10 @@ spec: tower_web_extra_env: type: string tower_task_extra_volume_mounts: + description: Specify volume mounts to be added to Task container type: string tower_web_extra_volume_mounts: + description: Specify volume mounts to be added to the Web container type: string tower_redis_image: description: Registry path to the redis container to use diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 1e2d12a9..5868be56 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -300,10 +300,11 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Task Extra Volume Mounts + description: Specify volume mounts to be added to Task container path: tower_task_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden + - urn:alm:descriptor:com.tectonic.ui:text - displayName: Tower Web Args path: tower_web_args x-descriptors: @@ -320,11 +321,13 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Web Extra Volume Mounts + description: Specify volume mounts to be added to Web container path: tower_web_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden + - urn:alm:descriptor:com.tectonic.ui:text - displayName: Tower Extra Volumes + description: Specify extra volumes to add to the application pod path: tower_extra_volumes x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index d33dc3cf..9124d98b 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -227,6 +227,7 @@ spec: tower_task_extra_env: type: string tower_task_extra_volume_mounts: + description: Specify volume mounts to be added to Task container type: string tower_task_privileged: default: false @@ -268,6 +269,7 @@ spec: tower_web_extra_env: type: string tower_web_extra_volume_mounts: + description: Specify volume mounts to be added to web container type: string tower_web_resource_requirements: description: Resource requirements for the web container From 6c476a994e24754c0271b5229a6080320c3ead62 Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Wed, 14 Apr 2021 15:58:52 -0400 Subject: [PATCH 2/5] added ability to mount conf.d and fixed underscore api issue --- README.md | 10 ++++----- .../templates/tower_deployment.yaml.j2 | 22 +++++++++++++++++-- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c28460d7..1cf7b33c 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Containers Resource Requirements](#containers-resource-requirements) * [LDAP Certificate Authority](#ldap-certificate-authority) * [Persisting Projects Directory](#persisting-projects-directory) - * [Custom Volume and Volume Mount Options](#custom-volume-volumemount-options) + * [Custom Volume and Volume Mount Options](#custom-volume-volume-mount-options) * [Development](#development) * [Testing](#testing) * [Testing in Docker](#testing-in-docker) @@ -445,22 +445,22 @@ Example spec file for volumes and volume mounts ```yaml --- tower_task_extra_volume_mounts: | - - name: ansible_cfg + - name: ansible-cfg mountPath: /etc/ansible/ansible.cfg subPath: ansible.cfg - - name: custom_py + - name: custom-py mountPath: /etc/tower/conf.d/custom.py subPath: custom.py tower_extra_volumes: | - - name: ansible_cfg + - name: ansible-cfg configMap: defaultMode: 420 items: - key: ansible.cfg path: ansible.cfg name: -extra-config - - name: custom_py + - name: custom-py configMap: defaultMode: 420 items: diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index 68b4aa3c..75373deb 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -61,7 +61,16 @@ spec: {% endif %} volumeMounts: - name: "{{ meta.name }}-application-credentials" - mountPath: "/etc/tower/conf.d/" + mountPath: "/etc/tower/conf.d/execution_environments.py" + subPath: execution_environments.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/credentials.py" + subPath: credentials.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/ldap.py" + subPath: ldap.py readOnly: true {% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} - name: "{{ meta.name }}-nginx-certs" @@ -129,7 +138,16 @@ spec: {% endif %} volumeMounts: - name: "{{ meta.name }}-application-credentials" - mountPath: "/etc/tower/conf.d/" + mountPath: "/etc/tower/conf.d/execution_environments.py" + subPath: execution_environments.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/credentials.py" + subPath: credentials.py + readOnly: true + - name: "{{ meta.name }}-application-credentials" + mountPath: "/etc/tower/conf.d/ldap.py" + subPath: ldap.py readOnly: true - name: "{{ secret_key_secret_name }}" mountPath: /etc/tower/SECRET_KEY From 90f25ab20cef7a420338428b41dc0b61f71c59cb Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Thu, 15 Apr 2021 09:51:45 -0400 Subject: [PATCH 3/5] added ability to mount to Execution container with example --- README.md | 51 ++++++++++--------- ansible/templates/crd.yml.j2 | 3 ++ .../awx-operator.clusterserviceversion.yaml | 10 +++- .../manifests/awx.ansible.com_awxs_crd.yaml | 3 ++ .../templates/tower_deployment.yaml.j2 | 3 ++ 5 files changed, 45 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 1cf7b33c..068e6d86 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Containers Resource Requirements](#containers-resource-requirements) * [LDAP Certificate Authority](#ldap-certificate-authority) * [Persisting Projects Directory](#persisting-projects-directory) - * [Custom Volume and Volume Mount Options](#custom-volume-volume-mount-options) + * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) * [Development](#development) * [Testing](#testing) * [Testing in Docker](#testing-in-docker) @@ -420,6 +420,7 @@ In a scenario where custom volumes and volume mounts are required to either over | tower_extra_volumes | Specify extra volumes to add to the application pod | '' | | tower_web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | | tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | +| tower_ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' | Example configuration for ConfigMap @@ -444,29 +445,33 @@ Example spec file for volumes and volume mounts ```yaml --- - tower_task_extra_volume_mounts: | - - name: ansible-cfg - mountPath: /etc/ansible/ansible.cfg - subPath: ansible.cfg - - name: custom-py - mountPath: /etc/tower/conf.d/custom.py - subPath: custom.py + spec: + ... + tower_ee_extra_volume_mounts: | + - name: ansible-cfg + mountPath: /etc/ansible/ansible.cfg + subPath: ansible.cfg - tower_extra_volumes: | - - name: ansible-cfg - configMap: - defaultMode: 420 - items: - - key: ansible.cfg - path: ansible.cfg - name: -extra-config - - name: custom-py - configMap: - defaultMode: 420 - items: - - key: custom.py - path: custom.py - name: -extra-config + tower_task_extra_volume_mounts: | + - name: custom-py + mountPath: /etc/tower/conf.d/custom.py + subPath: custom.py + + tower_extra_volumes: | + - name: ansible-cfg + configMap: + defaultMode: 420 + items: + - key: ansible.cfg + path: ansible.cfg + name: -extra-config + - name: custom-py + configMap: + defaultMode: 420 + items: + - key: custom.py + path: custom.py + name: -extra-config ``` diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index b9e1fe46..17f07c18 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -214,6 +214,9 @@ spec: type: string tower_web_extra_env: type: string + tower_ee_extra_volume_mounts: + description: Specify volume mounts to be added to Execution container + type: string tower_task_extra_volume_mounts: description: Specify volume mounts to be added to Task container type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 5868be56..0fea86e0 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -299,12 +299,18 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: + path: tower_ee_extra_volume_mounts + description: Specify volume mounts to be added to Execution container + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Task Extra Volume Mounts description: Specify volume mounts to be added to Task container path: tower_task_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Web Args path: tower_web_args x-descriptors: @@ -325,7 +331,7 @@ spec: path: tower_web_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Extra Volumes description: Specify extra volumes to add to the application pod path: tower_extra_volumes diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 9124d98b..1d684484 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -226,6 +226,9 @@ spec: type: array tower_task_extra_env: type: string + tower_ee_extra_volume_mounts: + description: Specify volume mounts to be added to Execution container + type: string tower_task_extra_volume_mounts: description: Specify volume mounts to be added to Task container type: string diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index 75373deb..42c334ec 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -214,6 +214,9 @@ spec: mountPath: "/var/run/receptor" - name: "{{ meta.name }}-projects" mountPath: "/var/lib/awx/projects" +{% if tower_ee_extra_volume_mounts -%} + {{ tower_ee_extra_volume_mounts | indent(width=12, indentfirst=True) }} +{% endif %} {% if development_mode | bool %} env: - name: SDB_NOTIFY_HOST From 8922e9fe7d9c17ea30b87f07ab3fce9b8a7f3bba Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Thu, 15 Apr 2021 11:09:32 -0400 Subject: [PATCH 4/5] added warning about kubernetes api naming --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 068e6d86..f9fd0624 100644 --- a/README.md +++ b/README.md @@ -475,6 +475,8 @@ Example spec file for volumes and volume mounts ``` +> :warning: **Volume and VolumeMount names cannot contain underscores(_)** + ## Development ### Testing From 9de67ad89879b101dab52f92e2e3762d188628ba Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Thu, 15 Apr 2021 15:25:45 -0400 Subject: [PATCH 5/5] added default value for ee extra mounts --- roles/installer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 1335a559..d86880cf 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -126,7 +126,7 @@ tower_web_extra_env: '' # mountPath: /some/path tower_task_extra_volume_mounts: '' tower_web_extra_volume_mounts: '' - +tower_ee_extra_volume_mounts: '' tower_redis_image: redis:latest tower_postgres_image: postgres:12