diff --git a/README.md b/README.md index d82c1d64..7631924f 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Auto Upgrade](#auto-upgrade) * [Upgrade of instances without auto upgrade](#upgrade-of-instances-without-auto-upgrade) * [Service Account](#service-account) + * [Labeling operator managed objects](#labeling-operator-managed-objects) * [Uninstall](#uninstall) * [Upgrading](#upgrading) * [Backup](#backup) @@ -1218,6 +1219,34 @@ Example configuration of environment variables eks.amazonaws.com/role-arn: arn:aws:iam:::role/ ``` +#### Labeling operator managed objects + +In certain situations labeling of Kubernetes objects managed by the operator +might be desired (e.g. for owner identification purposes). For that +`additional_labels` parameter could be used + +| Name | Description | Default | +| --------------------------- | ---------------------------------------------------------------------------------------- | ------- | +| additional_labels | Additional labels defined on the resource, which should be propagated to child resources | [] | + +Example configuration where only `my/team` and `my/service` labels will be +propagated to child objects (`Deployment`, `Secret`s, `ServiceAccount`, etc): + +```yaml +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: awx-demo + labels: + my/team: "foo" + my/service: "bar" + my/do-not-inherit: "yes" +spec: + additional_labels: + - my/team + - my/service +... +``` ### Uninstall ### diff --git a/config/crd/bases/awx.ansible.com_awxbackups.yaml b/config/crd/bases/awx.ansible.com_awxbackups.yaml index a7c88ff4..6d132d10 100644 --- a/config/crd/bases/awx.ansible.com_awxbackups.yaml +++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml @@ -94,6 +94,11 @@ spec: description: Configure no_log for no_log tasks type: boolean default: true + additional_labels: + description: Additional labels defined on the resource, which should be propagated to child resources + type: array + items: + type: string set_self_labels: description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) type: boolean diff --git a/config/crd/bases/awx.ansible.com_awxrestores.yaml b/config/crd/bases/awx.ansible.com_awxrestores.yaml index d74b031e..87d92c88 100644 --- a/config/crd/bases/awx.ansible.com_awxrestores.yaml +++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml @@ -96,6 +96,11 @@ spec: description: Configure no_log for no_log tasks type: boolean default: true + additional_labels: + description: Additional labels defined on the resource, which should be propagated to child resources + type: array + items: + type: string set_self_labels: description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) type: boolean diff --git a/config/crd/bases/awx.ansible.com_awxs.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml index 782beb14..0d645191 100644 --- a/config/crd/bases/awx.ansible.com_awxs.yaml +++ b/config/crd/bases/awx.ansible.com_awxs.yaml @@ -890,6 +890,11 @@ spec: description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) type: boolean default: true + additional_labels: + description: Additional labels defined on the resource, which should be propagated to child resources + type: array + items: + type: string ipv6_disabled: description: Disable web container's nginx ipv6 listener type: boolean diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index 4a7466d8..2db57437 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -707,6 +707,12 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Additional labels defined on the resource, which should be + propagated to child resources + path: additional_labels + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Disable IPv6 listener? path: ipv6_disabled x-descriptors: diff --git a/molecule/default/tasks/awx_test.yml b/molecule/default/tasks/awx_test.yml index 97e6c39a..1495f11d 100644 --- a/molecule/default/tasks/awx_test.yml +++ b/molecule/default/tasks/awx_test.yml @@ -83,3 +83,61 @@ result: '{{ ansible_failed_result }}' fail: msg: '{{ failed_task }}' + +- block: + - name: Look up details for this deployment + k8s_info: + namespace: "{{ namespace }}" + api_version: "awx.ansible.com/v1beta1" + kind: AWX + name: example-awx + register: this_awx + + - name: Get pod details + k8s_info: + namespace: '{{ namespace }}' + kind: Pod + label_selectors: + - app.kubernetes.io/name = example-awx + register: awx_pod + + - name: Exract additional_labels from AWX spec + set_fact: + awx_additional_labels: >- + {{ this_awx.resources[0].metadata.labels + | dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels) + | list + }} + + - name: Exract additional_labels from AWX Pod + set_fact: + pod_additional_labels: >- + {{ awx_pod.resources[0].metadata.labels + | dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels) + | list + }} + + - name: AWX Pod contains additional_labels + ansible.builtin.assert: + that: + - pod_additional_labels == awx_additional_labels + + - name: Exract Pod labels which shouldn't have been propagated to it from AWX + set_fact: + pod_extra_labels: >- + {{ awx_pod.resources[0].metadata.labels + | dict2items | selectattr('key', 'in', ["my/do-not-inherit"]) + | list + }} + + - name: AWX Pod doesn't contain AWX labels not in additional_labels + ansible.builtin.assert: + that: + - pod_extra_labels == [] + rescue: + - name: Re-emit failure + vars: + failed_task: + result: '{{ ansible_failed_result }}' + fail: + msg: '{{ failed_task }}' diff --git a/molecule/default/templates/awx_cr_molecule.yml.j2 b/molecule/default/templates/awx_cr_molecule.yml.j2 index 4fa810d4..df510aa3 100644 --- a/molecule/default/templates/awx_cr_molecule.yml.j2 +++ b/molecule/default/templates/awx_cr_molecule.yml.j2 @@ -3,6 +3,10 @@ apiVersion: awx.ansible.com/v1beta1 kind: AWX metadata: name: example-awx + labels: + my/team: "foo" + my/service: "bar" + my/do-not-inherit: "yes" spec: {% if awx_image %} image: {{ awx_image }} @@ -30,3 +34,6 @@ spec: postgres_resource_requirements: {} postgres_init_container_resource_requirements: {} redis_resource_requirements: {} + additional_labels: + - my/team + - my/service diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index dfe53581..ee801377 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -31,6 +31,9 @@ backup_resource_requirements: # Allow additional parameters to be added to the pg_dump backup command pg_dump_suffix: '' +# Labels defined on the resource, which should be propagated to child resources +additional_labels: [] + # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) set_self_labels: true ... diff --git a/roles/backup/meta/main.yml b/roles/backup/meta/main.yml index 0f4df6a5..1f223420 100644 --- a/roles/backup/meta/main.yml +++ b/roles/backup/meta/main.yml @@ -24,7 +24,8 @@ galaxy_info: - backup - automation -dependencies: [] +dependencies: + - role: common collections: - kubernetes.core diff --git a/roles/backup/tasks/creation.yml b/roles/backup/tasks/creation.yml index 1b3d90e2..06122e86 100644 --- a/roles/backup/tasks/creation.yml +++ b/roles/backup/tasks/creation.yml @@ -10,12 +10,7 @@ metadata: name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" - labels: - app.kubernetes.io/name: "{{ ansible_operator_meta.name }}" - app.kubernetes.io/part-of: "{{ ansible_operator_meta.name }}" - app.kubernetes.io/managed-by: "{{ deployment_type }}-operator" - app.kubernetes.io/component: "{{ deployment_type }}" - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}' when: set_self_labels | bool - name: Look up details for this backup object @@ -26,6 +21,16 @@ namespace: "{{ ansible_operator_meta.namespace }}" register: this_backup +- name: Build `additional_labels_items` labels from `additional_labels` + set_fact: + additional_labels_items: >- + {{ this_backup['resources'][0]['metadata']['labels'] + | dict2items | selectattr('key', 'in', additional_labels) + }} + when: + - additional_labels | length + - this_backup['resources'][0]['metadata']['labels'] + - block: - include_tasks: init.yml diff --git a/roles/backup/templates/backup_pvc.yml.j2 b/roles/backup/templates/backup_pvc.yml.j2 index f5960f05..453f82f7 100644 --- a/roles/backup/templates/backup_pvc.yml.j2 +++ b/roles/backup/templates/backup_pvc.yml.j2 @@ -6,11 +6,7 @@ metadata: namespace: {{ backup_pvc_namespace }} ownerReferences: null labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} spec: accessModes: - ReadWriteOnce diff --git a/roles/backup/templates/management-pod.yml.j2 b/roles/backup/templates/management-pod.yml.j2 index e2e81449..1a6c3100 100644 --- a/roles/backup/templates/management-pod.yml.j2 +++ b/roles/backup/templates/management-pod.yml.j2 @@ -5,11 +5,7 @@ metadata: name: {{ ansible_operator_meta.name }}-db-management namespace: {{ backup_pvc_namespace }} labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} spec: containers: - name: {{ ansible_operator_meta.name }}-db-management diff --git a/roles/common/templates/labels/additional_labels.yaml.j2 b/roles/common/templates/labels/additional_labels.yaml.j2 new file mode 100644 index 00000000..731687a1 --- /dev/null +++ b/roles/common/templates/labels/additional_labels.yaml.j2 @@ -0,0 +1,3 @@ +{% for item in additional_labels_items | default([]) %} +{{ item.key }}: '{{ item.value }}' +{% endfor %} diff --git a/roles/installer/templates/labels/common.yaml.j2 b/roles/common/templates/labels/common.yaml.j2 similarity index 83% rename from roles/installer/templates/labels/common.yaml.j2 rename to roles/common/templates/labels/common.yaml.j2 index 0ecf8305..4e133e87 100644 --- a/roles/installer/templates/labels/common.yaml.j2 +++ b/roles/common/templates/labels/common.yaml.j2 @@ -4,3 +4,4 @@ app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' +{{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") }} diff --git a/roles/installer/templates/labels/version.yaml.j2 b/roles/common/templates/labels/version.yaml.j2 similarity index 100% rename from roles/installer/templates/labels/version.yaml.j2 rename to roles/common/templates/labels/version.yaml.j2 diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 193ddcaf..6f6f4064 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -303,6 +303,9 @@ no_log: true # auto_upgrade: true +# Labels defined on the resource, which should be propagated to child resources +additional_labels: [] + # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) set_self_labels: true diff --git a/roles/installer/tasks/install.yml b/roles/installer/tasks/install.yml index 3327028a..4a37ed86 100644 --- a/roles/installer/tasks/install.yml +++ b/roles/installer/tasks/install.yml @@ -10,9 +10,29 @@ metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' - labels: '{{ lookup("template", "labels/common.yaml.j2") | from_yaml }}' + labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}' when: set_self_labels | bool +- name: Build `additional_labels_items` labels from `additional_labels` + block: + - name: Look up details for this deployment + k8s_info: + api_version: "{{ api_version }}" + kind: "{{ kind }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + register: this_awx + + - name: Select resource labels which are in `additional_labels` + set_fact: + additional_labels_items: >- + {{ this_awx['resources'][0]['metadata']['labels'] + | dict2items | selectattr('key', 'in', additional_labels) + | list + }} + when: this_awx['resources'][0]['metadata']['labels'] + when: additional_labels | length + - name: Include secret key configuration tasks include_tasks: secret_key_configuration.yml diff --git a/roles/installer/templates/configmaps/config.yaml.j2 b/roles/installer/templates/configmaps/config.yaml.j2 index 1969a2bd..7257ee80 100644 --- a/roles/installer/templates/configmaps/config.yaml.j2 +++ b/roles/installer/templates/configmaps/config.yaml.j2 @@ -6,11 +6,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} data: environment: | AWX_SKIP_MIGRATIONS=true diff --git a/roles/installer/templates/deployments/deployment.yaml.j2 b/roles/installer/templates/deployments/deployment.yaml.j2 index 20fdf0ce..5135b713 100644 --- a/roles/installer/templates/deployments/deployment.yaml.j2 +++ b/roles/installer/templates/deployments/deployment.yaml.j2 @@ -6,8 +6,8 @@ metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: - {{ lookup("template", "labels/common.yaml.j2") | indent(width=4) | trim }} - {{ lookup("template", "labels/version.yaml.j2") | indent(width=4) | trim }} + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} + {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }} spec: replicas: {{ replicas }} selector: @@ -18,8 +18,8 @@ spec: template: metadata: labels: - {{ lookup("template", "labels/common.yaml.j2") | indent(width=8) | trim }} - {{ lookup("template", "labels/version.yaml.j2") | indent(width=8) | trim }} + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }} + {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }} {% if annotations %} annotations: {{ annotations | indent(width=8) }} diff --git a/roles/installer/templates/networking/ingress.yaml.j2 b/roles/installer/templates/networking/ingress.yaml.j2 index 2009caae..cd4356b5 100644 --- a/roles/installer/templates/networking/ingress.yaml.j2 +++ b/roles/installer/templates/networking/ingress.yaml.j2 @@ -8,11 +8,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-ingress' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} {% if ingress_annotations %} annotations: {{ ingress_annotations | indent(width=4) }} @@ -52,11 +48,7 @@ metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} spec: {% if route_host != '' %} host: {{ route_host }} diff --git a/roles/installer/templates/networking/service.yaml.j2 b/roles/installer/templates/networking/service.yaml.j2 index 3408a312..93b18ba6 100644 --- a/roles/installer/templates/networking/service.yaml.j2 +++ b/roles/installer/templates/networking/service.yaml.j2 @@ -5,11 +5,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-service' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} {{ service_labels | indent(width=4) }} {% if service_annotations %} annotations: diff --git a/roles/installer/templates/rbac/service_account.yaml.j2 b/roles/installer/templates/rbac/service_account.yaml.j2 index 55c3a86a..deb9e064 100644 --- a/roles/installer/templates/rbac/service_account.yaml.j2 +++ b/roles/installer/templates/rbac/service_account.yaml.j2 @@ -5,11 +5,7 @@ metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} {% if service_account_annotations %} annotations: {{ service_account_annotations | indent(width=4) }} @@ -20,6 +16,8 @@ kind: Role metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' + labels: + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] @@ -40,6 +38,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' + labels: + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} subjects: - kind: ServiceAccount name: '{{ ansible_operator_meta.name }}' diff --git a/roles/installer/templates/secrets/admin_password_secret.yaml.j2 b/roles/installer/templates/secrets/admin_password_secret.yaml.j2 index 693c5d22..a33a3d76 100644 --- a/roles/installer/templates/secrets/admin_password_secret.yaml.j2 +++ b/roles/installer/templates/secrets/admin_password_secret.yaml.j2 @@ -5,10 +5,6 @@ metadata: name: '{{ ansible_operator_meta.name }}-admin-password' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} stringData: password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' diff --git a/roles/installer/templates/secrets/app_credentials.yaml.j2 b/roles/installer/templates/secrets/app_credentials.yaml.j2 index 47438d11..51d4f591 100644 --- a/roles/installer/templates/secrets/app_credentials.yaml.j2 +++ b/roles/installer/templates/secrets/app_credentials.yaml.j2 @@ -6,11 +6,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-app-credentials' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} data: credentials.py: "{{ lookup('template', 'settings/credentials.py.j2') | b64encode }}" ldap.py: "{{ lookup('template', 'settings/ldap.py.j2') | b64encode }}" diff --git a/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2 b/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2 index 724f6f75..7ecbd8a9 100644 --- a/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2 +++ b/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2 @@ -5,10 +5,6 @@ metadata: name: '{{ ansible_operator_meta.name }}-broadcast-websocket' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} stringData: secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' diff --git a/roles/installer/templates/secrets/postgres_secret.yaml.j2 b/roles/installer/templates/secrets/postgres_secret.yaml.j2 index 2af45b9a..10c24165 100644 --- a/roles/installer/templates/secrets/postgres_secret.yaml.j2 +++ b/roles/installer/templates/secrets/postgres_secret.yaml.j2 @@ -6,11 +6,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-postgres-configuration' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} stringData: password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' username: '{{ database_username }}' diff --git a/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2 b/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2 index 2f49792a..a01a0f49 100644 --- a/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2 +++ b/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2 @@ -6,11 +6,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-postgres-configuration' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} stringData: password: '{{ awx_postgres_pass }}' username: '{{ awx_postgres_user }}' diff --git a/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2 b/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2 index 84ef1602..d4060f0d 100644 --- a/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2 +++ b/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2 @@ -5,11 +5,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-receptor-ca' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} type: kubernetes.io/tls data: tls.crt: '{{ lookup('file', '{{ _receptor_ca_crt_file.path }}') | b64encode }}' diff --git a/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2 b/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2 index 1b0acac4..eac4ad4b 100644 --- a/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2 +++ b/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2 @@ -5,11 +5,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-receptor-work-signing' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} data: work-private-key.pem: '{{ lookup('file', '{{ _receptor_work_signing_private_key_file.path }}') | b64encode }}' work-public-key.pem: '{{ lookup('file', '{{ _receptor_work_signing_public_key_file.path }}') | b64encode }}' diff --git a/roles/installer/templates/secrets/secret_key.yaml.j2 b/roles/installer/templates/secrets/secret_key.yaml.j2 index c274d035..dbde98bf 100644 --- a/roles/installer/templates/secrets/secret_key.yaml.j2 +++ b/roles/installer/templates/secrets/secret_key.yaml.j2 @@ -5,10 +5,6 @@ metadata: name: '{{ ansible_operator_meta.name }}-secret-key' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} stringData: secret_key: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}' diff --git a/roles/installer/templates/statefulsets/postgres.yaml.j2 b/roles/installer/templates/statefulsets/postgres.yaml.j2 index 399c6ee0..89aa30d9 100644 --- a/roles/installer/templates/statefulsets/postgres.yaml.j2 +++ b/roles/installer/templates/statefulsets/postgres.yaml.j2 @@ -6,6 +6,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: + {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=4) | trim }} app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' @@ -27,6 +28,7 @@ spec: template: metadata: labels: + {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=8) | trim }} app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' @@ -127,6 +129,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: + {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=4) | trim }} app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}' app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' diff --git a/roles/installer/templates/storage/persistent.yaml.j2 b/roles/installer/templates/storage/persistent.yaml.j2 index b1ad19df..a8a3c7e8 100644 --- a/roles/installer/templates/storage/persistent.yaml.j2 +++ b/roles/installer/templates/storage/persistent.yaml.j2 @@ -5,11 +5,7 @@ metadata: name: '{{ ansible_operator_meta.name }}-projects-claim' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} spec: accessModes: - {{ projects_storage_access_mode }} diff --git a/roles/restore/defaults/main.yml b/roles/restore/defaults/main.yml index 346bb851..09430f10 100644 --- a/roles/restore/defaults/main.yml +++ b/roles/restore/defaults/main.yml @@ -26,6 +26,9 @@ restore_resource_requirements: cpu: "25m" memory: "32Mi" +# Labels defined on the resource, which should be propagated to child resources +additional_labels: [] + # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) set_self_labels: true ... diff --git a/roles/restore/meta/main.yml b/roles/restore/meta/main.yml index cf2415f0..22401fb3 100644 --- a/roles/restore/meta/main.yml +++ b/roles/restore/meta/main.yml @@ -24,7 +24,8 @@ galaxy_info: - restore - automation -dependencies: [] +dependencies: + - role: common collections: - kubernetes.core diff --git a/roles/restore/tasks/main.yml b/roles/restore/tasks/main.yml index 4eee3573..42c36997 100644 --- a/roles/restore/tasks/main.yml +++ b/roles/restore/tasks/main.yml @@ -10,12 +10,7 @@ metadata: name: '{{ ansible_operator_meta.name }}' namespace: '{{ ansible_operator_meta.namespace }}' - labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}' when: set_self_labels | bool - name: Look up details for this restore object @@ -26,6 +21,16 @@ namespace: "{{ ansible_operator_meta.namespace }}" register: this_restore +- name: Build `additional_labels_items` labels from `additional_labels` + set_fact: + additional_labels_items: >- + {{ this_restore['resources'][0]['metadata']['labels'] + | dict2items | selectattr('key', 'in', additional_labels) + }} + when: + - additional_labels | length + - this_restore['resources'][0]['metadata']['labels'] + - block: - include_tasks: init.yml diff --git a/roles/restore/templates/management-pod.yml.j2 b/roles/restore/templates/management-pod.yml.j2 index 06369bfd..6cec51b2 100644 --- a/roles/restore/templates/management-pod.yml.j2 +++ b/roles/restore/templates/management-pod.yml.j2 @@ -5,11 +5,7 @@ metadata: name: {{ ansible_operator_meta.name }}-db-management namespace: {{ backup_pvc_namespace }} labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} spec: containers: - name: {{ ansible_operator_meta.name }}-db-management diff --git a/roles/restore/templates/secrets.yml.j2 b/roles/restore/templates/secrets.yml.j2 index fd0b7373..d78a2006 100644 --- a/roles/restore/templates/secrets.yml.j2 +++ b/roles/restore/templates/secrets.yml.j2 @@ -6,11 +6,7 @@ metadata: name: '{{ secrets[secret]['name'] }}' namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' - app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - app.kubernetes.io/component: '{{ deployment_type }}' - app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' + {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} type: '{{ secrets[secret]['type'] }}' stringData: {% for key, value in secrets[secret]['data'].items() %}