internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not prepend variables name with tower_

Browse Source
This commit is contained in:
Yanis Guenane
2021-05-21 13:45:48 +02:00
parent d0a74edd34
commit 75458d0678
40 changed files with 697 additions and 696 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
README.md
View File

@@ -89,14 +89,14 @@ There are three variables that are customizable for the admin user account creat
| Name | Description | Default |
| --------------------------- | -------------------------------------------- | ---------------- |
| tower_admin_user | Name of the admin user | admin |
| tower_admin_email | Email of the admin user | test@example.com |
| tower_admin_password_secret | Secret that contains the admin user password | Empty string |
| admin_user | Name of the admin user | admin |
| admin_email | Email of the admin user | test@example.com |
| admin_password_secret | Secret that contains the admin user password | Empty string |
> :warning: **tower_admin_password_secret must be a Kubernetes secret and not your text clear password**.
> :warning: **admin_password_secret must be a Kubernetes secret and not your text clear password**.
If `tower_admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
@@ -118,7 +118,7 @@ stringData:
#### Ingress Type
By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `tower_ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created.
By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created.
The AWX operator provides support for four kinds of `Ingress` to access AWX: `Ingress`, `Route`, `LoadBalancer` and `NodePort`, To toggle between these options, you can add the following to your AWX CR:
@@ -128,7 +128,7 @@ The AWX operator provides support for four kinds of `Ingress` to access AWX: `In
---
spec:
...
tower_ingress_type: Route
ingress_type: Route
```
* Ingress
@@ -137,8 +137,8 @@ spec:
---
spec:
...
tower_ingress_type: Ingress
tower_hostname: awx.mycompany.com
ingress_type: Ingress
hostname: awx.mycompany.com
```
* LoadBalancer
@@ -147,8 +147,8 @@ spec:
---
spec:
...
tower_ingress_type: LoadBalancer
tower_loadbalancer_protocol: http
ingress_type: LoadBalancer
loadbalancer_protocol: http
```
* NodePort
@@ -157,12 +157,12 @@ spec:
---
spec:
...
tower_ingress_type: NodePort
ingress_type: NodePort
```
The AWX `Service` that gets created will have a `type` set based on the `tower_ingress_type` being used:
The AWX `Service` that gets created will have a `type` set based on the `ingress_type` being used:
| Ingress Type `tower_ingress_type` | Service Type |
| Ingress Type `ingress_type` | Service Type |
| ------------------------------------- | -------------- |
| `LoadBalancer` | `LoadBalancer` |
| `NodePort` | `NodePort` |
@@ -176,9 +176,9 @@ The following variables are customizable to specify the TLS termination procedur
| Name | Description | Default |
| ------------------------------------- | --------------------------------------------- | --------------------------------- |
| tower_route_host | Common name the route answers for | Empty string |
| tower_route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge |
| tower_route_tls_secret | Secret that contains the TLS information | Empty string |
| route_host | Common name the route answers for | Empty string |
| route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge |
| route_tls_secret | Secret that contains the TLS information | Empty string |
* Ingress
@@ -186,8 +186,8 @@ The following variables are customizable to specify the TLS termination procedur
| Name | Description | Default |
| -------------------------- | ---------------------------------------- | ------------- |
| tower_ingress_annotations | Ingress annotations | Empty string |
| tower_ingress_tls_secret | Secret that contains the TLS information | Empty string |
| ingress_annotations | Ingress annotations | Empty string |
| ingress_tls_secret | Secret that contains the TLS information | Empty string |
* LoadBalancer
@@ -195,11 +195,11 @@ The following variables are customizable to specify the TLS termination procedur
| Name | Description | Default |
| ------------------------------ | ---------------------------------------- | ------------- |
| tower_loadbalancer_annotations | LoadBalancer annotations | Empty string |
| tower_loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http |
| tower_loadbalancer_port | Port used for Loadbalancer ingress | 80 |
| loadbalancer_annotations | LoadBalancer annotations | Empty string |
| loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http |
| loadbalancer_port | Port used for Loadbalancer ingress | 80 |
When setting up a Load Balancer for HTTPS you will be required to set the `tower_loadbalancer_port` to move the port away from `80`.
When setting up a Load Balancer for HTTPS you will be required to set the `loadbalancer_port` to move the port away from `80`.
The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.
@@ -207,7 +207,7 @@ The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and
#### External PostgreSQL Service
In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `tower_postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-postgres-configuration`.
In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-postgres-configuration`.
The secret should be formatted as follows:
@@ -246,11 +246,11 @@ The following variables are customizable for the managed PostgreSQL service
| Name | Description | Default |
| ------------------------------------ | ------------------------------------------ | --------------------------------- |
| tower_postgres_image | Path of the image to pull | postgres:12 |
| tower_postgres_resource_requirements | PostgreSQL container resource requirements | Empty object |
| tower_postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| tower_postgres_storage_class | PostgreSQL PV storage class | Empty string |
| tower_postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` |
| postgres_image | Path of the image to pull | postgres:12 |
| postgres_resource_requirements | PostgreSQL container resource requirements | Empty object |
| postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| postgres_storage_class | PostgreSQL PV storage class | Empty string |
| postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` |
Example of customization could be:
@@ -258,22 +258,22 @@ Example of customization could be:
---
spec:
...
tower_postgres_resource_requirements:
postgres_resource_requirements:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1
memory: 4Gi
tower_postgres_storage_requirements:
postgres_storage_requirements:
requests:
storage: 8Gi
limits:
storage: 50Gi
tower_postgres_storage_class: fast-ssd
postgres_storage_class: fast-ssd
```
**Note**: If `tower_postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
**Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
### Advanced Configuration
@@ -283,13 +283,13 @@ There are a few variables that are customizable for awx the image management.
| Name | Description |
| --------------------------| -------------------------- |
| tower_image | Path of the image to pull |
| tower_image_version | Image version to pull |
| tower_image_pull_policy | The pull policy to adopt |
| tower_image_pull_secret | The pull secret to use |
| tower_ee_images | A list of EEs to register |
| tower_redis_image | Path of the image to pull |
| tower_redis_image_version | Image version to pull |
| image | Path of the image to pull |
| image_version | Image version to pull |
| image_pull_policy | The pull policy to adopt |
| image_pull_secret | The pull secret to use |
| ee_images | A list of EEs to register |
| redis_image | Path of the image to pull |
| redis_image_version | Image version to pull |
Example of customization could be:
@@ -297,16 +297,16 @@ Example of customization could be:
---
spec:
...
tower_image: myorg/my-custom-awx
tower_image_version: latest
tower_image_pull_policy: Always
tower_image_pull_secret: pull_secret_name
tower_ee_images:
image: myorg/my-custom-awx
image_version: latest
image_pull_policy: Always
image_pull_secret: pull_secret_name
ee_images:
- name: my-custom-awx-ee
image: myorg/my-custom-awx-ee
```
**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
**Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
#### Privileged Tasks
@@ -316,7 +316,7 @@ Depending on the type of tasks that you'll be running, you may find that you nee
---
spec:
...
tower_task_privileged: true
task_privileged: true
```
If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with:
@@ -334,8 +334,8 @@ The resource requirements for both, the task and the web containers are configur
| Name | Description | Default |
| -------------------------------- | ------------------------------------ | ----------------------------------- |
| tower_web_resource_requirements | Web container resource requirements | requests: {cpu: 1000m, memory: 2Gi} |
| tower_task_resource_requirements | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi} |
| web_resource_requirements | Web container resource requirements | requests: {cpu: 1000m, memory: 2Gi} |
| task_resource_requirements | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi} |
Example of customization could be:
@@ -343,14 +343,14 @@ Example of customization could be:
---
spec:
...
tower_web_resource_requirements:
web_resource_requirements:
requests:
cpu: 1000m
memory: 2Gi
limits:
cpu: 2000m
memory: 4Gi
tower_task_resource_requirements:
task_resource_requirements:
requests:
cpu: 500m
memory: 1Gi
@@ -361,19 +361,19 @@ spec:
#### Assigning AWX pods to specific nodes
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `tower_node_selector` and `tower_postgres_selector` constrains
the AWX pods to run only on the nodes that match all the specified key/value pairs. `tower_tolerations` and `tower_postgres_tolerations` allow the AWX
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
pods to be scheduled onto nodes with matching taints.
| Name | Description | Default |
| -------------------------------| --------------------------- | ------- |
| tower_postgres_image | Path of the image to pull | 12 |
| tower_postgres_image_version | Image version to pull | 12 |
| tower_node_selector | AWX pods' nodeSelector | '' |
| tower_tolerations | AWX pods' tolerations | '' |
| tower_postgres_selector | Postgres pods' nodeSelector | '' |
| tower_postgres_tolerations | Postgres pods' tolerations | '' |
| postgres_image | Path of the image to pull | 12 |
| postgres_image_version | Image version to pull | 12 |
| node_selector | AWX pods' nodeSelector | '' |
| tolerations | AWX pods' tolerations | '' |
| postgres_selector | Postgres pods' nodeSelector | '' |
| postgres_tolerations | Postgres pods' tolerations | '' |
Example of customization could be:
@@ -381,20 +381,20 @@ Example of customization could be:
---
spec:
...
tower_node_selector: |
node_selector: |
disktype: ssd
kubernetes.io/arch: amd64
kubernetes.io/os: linux
tower_tolerations: |
tolerations: |
- key: "dedicated"
operator: "Equal"
value: "AWX"
effect: "NoSchedule"
tower_postgres_selector: |
postgres_selector: |
disktype: ssd
kubernetes.io/arch: amd64
kubernetes.io/os: linux
tower_postgres_tolerations: |
postgres_tolerations: |
- key: "dedicated"
operator: "Equal"
value: "AWX"
@@ -431,11 +431,11 @@ In cases which you want to persist the `/var/lib/projects` directory, there are
| Name | Description | Default |
| -----------------------------------| ---------------------------------------------------------------------------------------------------- | ---------------|
| tower_projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false |
| tower_projects_storage_class | Define the PersistentVolume storage class | '' |
| tower_projects_storage_size | Define the PersistentVolume size | 8Gi |
| tower_projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany |
| tower_projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `tower_projects_storage_*`) | '' |
| projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false |
| projects_storage_class | Define the PersistentVolume storage class | '' |
| projects_storage_size | Define the PersistentVolume size | 8Gi |
| projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany |
| projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `projects_storage_*`) | '' |
Example of customization when the `awx-operator` automatically handles the persistent volume could be:
@@ -443,9 +443,9 @@ Example of customization when the `awx-operator` automatically handles the persi
---
spec:
...
tower_projects_persistence: true
tower_projects_storage_class: rook-ceph
tower_projects_storage_size: 20Gi
projects_persistence: true
projects_storage_class: rook-ceph
projects_storage_size: 20Gi
```
#### Custom Volume and Volume Mount Options
@@ -454,10 +454,10 @@ In a scenario where custom volumes and volume mounts are required to either over
| Name | Description | Default |
| ------------------------------ | -------------------------------------------------------- | ------- |
| tower_extra_volumes | Specify extra volumes to add to the application pod | '' |
| tower_web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| tower_ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
| extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
Example configuration for ConfigMap
@@ -484,17 +484,17 @@ Example spec file for volumes and volume mounts
---
spec:
...
tower_ee_extra_volume_mounts: |
ee_extra_volume_mounts: |
- name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg
tower_task_extra_volume_mounts: |
task_extra_volume_mounts: |
- name: custom-py
mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py
tower_extra_volumes: |
extra_volumes: |
- name: ansible-cfg
configMap:
defaultMode: 420
@@ -520,24 +520,24 @@ If you need to export custom environment variables to your containers.
| Name | Description | Default |
| ----------------------------- | -------------------------------------------------------- | ------- |
| tower_task_extra_env | Environment variables to be added to Task container | '' |
| tower_web_extra_env | Environment variables to be added to Web container | '' |
| task_extra_env | Environment variables to be added to Task container | '' |
| web_extra_env | Environment variables to be added to Web container | '' |
Example configuration of environment variables
```yaml
spec:
tower_task_extra_env: |
task_extra_env: |
- name: MYCUSTOMVAR
value: foo
tower_web_extra_env: |
web_extra_env: |
- name: MYCUSTOMVAR
value: foo
```
### Upgrading
To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `tower_image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment.

14
ansible/instantiate-awx-deployment.yml
View File

@@ -18,13 +18,13 @@
metadata:
name: awx
spec:
tower_admin_user: admin
tower_admin_email: admin@localhost
tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer
tower_image: "{{ tower_image | default(omit) }}"
tower_image_version: "{{ tower_image_version | default(omit) }}"
admin_user: admin
admin_email: admin@localhost
ingress_type: "{{ ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer
image: "{{ image | default(omit) }}"
image_version: "{{ image_version | default(omit) }}"
development_mode: "{{ development_mode | default(omit) | bool }}"
tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}"
# tower_ee_images:
image_pull_policy: "{{ image_pull_policy | default(omit) }}"
# ee_images:
# - name: test-ee
# image: quay.io/<user>/awx-ee

134
ansible/templates/crd.yml.j2
View File

@@ -35,42 +35,42 @@ spec:
description: apiVersion of the deployment type
type: string
default: awx.ansible.com/v1beta1
tower_task_privileged:
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
tower_admin_user:
admin_user:
description: Username to use for the admin account
type: string
default: admin
tower_hostname:
hostname:
description: The hostname of the instance
type: string
tower_admin_email:
admin_email:
description: The admin user email
type: string
tower_admin_password_secret:
admin_password_secret:
description: Secret where the admin password can be found
type: string
tower_postgres_configuration_secret:
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
tower_old_postgres_configuration_secret:
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
tower_secret_key_secret:
secret_key_secret:
description: Secret where the secret key can be found
type: string
tower_broadcast_websocket_secret:
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
tower_extra_volumes:
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
tower_ingress_type:
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
@@ -83,30 +83,30 @@ spec:
- loadbalancer
- NodePort
- nodeport
tower_ingress_annotations:
ingress_annotations:
description: Annotations to add to the ingress
type: string
tower_ingress_tls_secret:
ingress_tls_secret:
description: Secret where the ingress TLS secret can be found
type: string
tower_loadbalancer_annotations:
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
tower_loadbalancer_protocol:
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
tower_loadbalancer_port:
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
tower_route_host:
route_host:
description: The DNS to use to points to the instance
type: string
tower_route_tls_termination_mechanism:
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
@@ -115,25 +115,25 @@ spec:
- edge
- Passthrough
- passthrough
tower_route_tls_secret:
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
tower_node_selector:
description: nodeSelector for the AWX pods
node_selector:
description: nodeSelector for the pods
type: string
tower_service_labels:
service_labels:
description: Additional labels to apply to the service
type: string
tower_tolerations:
description: node tolerations for the AWX pods
tolerations:
description: node tolerations for the pods
type: string
tower_image:
image:
description: Registry path to the application container to use
type: string
tower_image_version:
image_version:
description: Application container image version to use
type: string
tower_ee_images:
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
@@ -143,7 +143,7 @@ spec:
type: string
image:
type: string
tower_image_pull_policy:
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
@@ -154,10 +154,10 @@ spec:
- never
- IfNotPresent
- ifnotpresent
tower_image_pull_secret:
image_pull_secret:
description: The image pull secret
type: string
tower_task_resource_requirements:
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
@@ -179,7 +179,7 @@ spec:
type: string
type: object
type: object
tower_web_resource_requirements:
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
@@ -201,67 +201,67 @@ spec:
type: string
type: object
type: object
tower_replicas:
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
tower_garbage_collect_secrets:
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
tower_create_preload_data:
description: Whether or not to preload data upon Tower instance creation
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
tower_task_args:
task_args:
type: array
items:
type: string
tower_task_command:
task_command:
type: array
items:
type: string
tower_web_args:
web_args:
type: array
items:
type: string
tower_web_command:
web_command:
type: array
items:
type: string
tower_task_extra_env:
task_extra_env:
type: string
tower_web_extra_env:
web_extra_env:
type: string
tower_ee_extra_volume_mounts:
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
tower_task_extra_volume_mounts:
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
tower_web_extra_volume_mounts:
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
tower_redis_image:
redis_image:
description: Registry path to the redis container to use
type: string
tower_redis_image_version:
redis_image_version:
description: Redis container image version to use
type: string
tower_postgres_image:
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
tower_postgres_image_version:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
tower_postgres_selector:
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
tower_postgres_tolerations:
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
tower_postgres_storage_requirements:
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
@@ -275,7 +275,7 @@ spec:
type: string
type: object
type: object
tower_postgres_resource_requirements:
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
@@ -293,10 +293,10 @@ spec:
type: string
type: object
type: object
tower_postgres_storage_class:
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
tower_postgres_data_path:
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
@@ -308,27 +308,27 @@ spec:
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
tower_projects_persistence:
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
tower_projects_use_existing_claim:
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
tower_projects_existing_claim:
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
tower_projects_storage_class:
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_storage_size:
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
tower_projects_storage_access_mode:
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
@@ -345,13 +345,13 @@ spec:
type: object
status:
properties:
towerURL:
URL:
description: URL to access the deployed instance
type: string
towerAdminUser:
adminUser:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
@@ -363,13 +363,13 @@ spec:
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
towerVersion:
version:
description: Version of the deployed instance
type: string
towerImage:
image:
description: URL of the image used for the deployed instance
type: string
conditions:

134
deploy/awx-operator.yaml
View File

@@ -37,42 +37,42 @@ spec:
description: apiVersion of the deployment type
type: string
default: awx.ansible.com/v1beta1
tower_task_privileged:
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
tower_admin_user:
admin_user:
description: Username to use for the admin account
type: string
default: admin
tower_hostname:
hostname:
description: The hostname of the instance
type: string
tower_admin_email:
admin_email:
description: The admin user email
type: string
tower_admin_password_secret:
admin_password_secret:
description: Secret where the admin password can be found
type: string
tower_postgres_configuration_secret:
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
tower_old_postgres_configuration_secret:
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
tower_secret_key_secret:
secret_key_secret:
description: Secret where the secret key can be found
type: string
tower_broadcast_websocket_secret:
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
tower_extra_volumes:
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
tower_ingress_type:
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
@@ -85,30 +85,30 @@ spec:
- loadbalancer
- NodePort
- nodeport
tower_ingress_annotations:
ingress_annotations:
description: Annotations to add to the ingress
type: string
tower_ingress_tls_secret:
ingress_tls_secret:
description: Secret where the ingress TLS secret can be found
type: string
tower_loadbalancer_annotations:
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
tower_loadbalancer_protocol:
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
tower_loadbalancer_port:
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
tower_route_host:
route_host:
description: The DNS to use to points to the instance
type: string
tower_route_tls_termination_mechanism:
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
@@ -117,25 +117,25 @@ spec:
- edge
- Passthrough
- passthrough
tower_route_tls_secret:
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
tower_node_selector:
description: nodeSelector for the AWX pods
node_selector:
description: nodeSelector for the pods
type: string
tower_service_labels:
service_labels:
description: Additional labels to apply to the service
type: string
tower_tolerations:
description: node tolerations for the AWX pods
tolerations:
description: node tolerations for the pods
type: string
tower_image:
image:
description: Registry path to the application container to use
type: string
tower_image_version:
image_version:
description: Application container image version to use
type: string
tower_ee_images:
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
@@ -145,7 +145,7 @@ spec:
type: string
image:
type: string
tower_image_pull_policy:
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
@@ -156,10 +156,10 @@ spec:
- never
- IfNotPresent
- ifnotpresent
tower_image_pull_secret:
image_pull_secret:
description: The image pull secret
type: string
tower_task_resource_requirements:
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
@@ -181,7 +181,7 @@ spec:
type: string
type: object
type: object
tower_web_resource_requirements:
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
@@ -203,67 +203,67 @@ spec:
type: string
type: object
type: object
tower_replicas:
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
tower_garbage_collect_secrets:
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
tower_create_preload_data:
description: Whether or not to preload data upon Tower instance creation
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
tower_task_args:
task_args:
type: array
items:
type: string
tower_task_command:
task_command:
type: array
items:
type: string
tower_web_args:
web_args:
type: array
items:
type: string
tower_web_command:
web_command:
type: array
items:
type: string
tower_task_extra_env:
task_extra_env:
type: string
tower_web_extra_env:
web_extra_env:
type: string
tower_ee_extra_volume_mounts:
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
tower_task_extra_volume_mounts:
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
tower_web_extra_volume_mounts:
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
tower_redis_image:
redis_image:
description: Registry path to the redis container to use
type: string
tower_redis_image_version:
redis_image_version:
description: Redis container image version to use
type: string
tower_postgres_image:
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
tower_postgres_image_version:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
tower_postgres_selector:
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
tower_postgres_tolerations:
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
tower_postgres_storage_requirements:
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
@@ -277,7 +277,7 @@ spec:
type: string
type: object
type: object
tower_postgres_resource_requirements:
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
@@ -295,10 +295,10 @@ spec:
type: string
type: object
type: object
tower_postgres_storage_class:
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
tower_postgres_data_path:
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
@@ -310,27 +310,27 @@ spec:
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
tower_projects_persistence:
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
tower_projects_use_existing_claim:
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
tower_projects_existing_claim:
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
tower_projects_storage_class:
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_storage_size:
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
tower_projects_storage_access_mode:
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
@@ -347,13 +347,13 @@ spec:
type: object
status:
properties:
towerURL:
URL:
description: URL to access the deployed instance
type: string
towerAdminUser:
adminUser:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
@@ -365,13 +365,13 @@ spec:
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
towerVersion:
version:
description: Version of the deployed instance
type: string
towerImage:
image:
description: URL of the image used for the deployed instance
type: string
conditions:

134
deploy/crds/awx_v1beta1_crd.yaml
View File

@@ -35,42 +35,42 @@ spec:
description: apiVersion of the deployment type
type: string
default: awx.ansible.com/v1beta1
tower_task_privileged:
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
tower_admin_user:
admin_user:
description: Username to use for the admin account
type: string
default: admin
tower_hostname:
hostname:
description: The hostname of the instance
type: string
tower_admin_email:
admin_email:
description: The admin user email
type: string
tower_admin_password_secret:
admin_password_secret:
description: Secret where the admin password can be found
type: string
tower_postgres_configuration_secret:
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
tower_old_postgres_configuration_secret:
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
tower_secret_key_secret:
secret_key_secret:
description: Secret where the secret key can be found
type: string
tower_broadcast_websocket_secret:
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
tower_extra_volumes:
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
tower_ingress_type:
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
@@ -83,30 +83,30 @@ spec:
- loadbalancer
- NodePort
- nodeport
tower_ingress_annotations:
ingress_annotations:
description: Annotations to add to the ingress
type: string
tower_ingress_tls_secret:
ingress_tls_secret:
description: Secret where the ingress TLS secret can be found
type: string
tower_loadbalancer_annotations:
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
tower_loadbalancer_protocol:
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
tower_loadbalancer_port:
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
tower_route_host:
route_host:
description: The DNS to use to points to the instance
type: string
tower_route_tls_termination_mechanism:
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
@@ -115,25 +115,25 @@ spec:
- edge
- Passthrough
- passthrough
tower_route_tls_secret:
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
tower_node_selector:
description: nodeSelector for the AWX pods
node_selector:
description: nodeSelector for the pods
type: string
tower_service_labels:
service_labels:
description: Additional labels to apply to the service
type: string
tower_tolerations:
description: node tolerations for the AWX pods
tolerations:
description: node tolerations for the pods
type: string
tower_image:
image:
description: Registry path to the application container to use
type: string
tower_image_version:
image_version:
description: Application container image version to use
type: string
tower_ee_images:
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
@@ -143,7 +143,7 @@ spec:
type: string
image:
type: string
tower_image_pull_policy:
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
@@ -154,10 +154,10 @@ spec:
- never
- IfNotPresent
- ifnotpresent
tower_image_pull_secret:
image_pull_secret:
description: The image pull secret
type: string
tower_task_resource_requirements:
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
@@ -179,7 +179,7 @@ spec:
type: string
type: object
type: object
tower_web_resource_requirements:
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
@@ -201,67 +201,67 @@ spec:
type: string
type: object
type: object
tower_replicas:
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
tower_garbage_collect_secrets:
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
tower_create_preload_data:
description: Whether or not to preload data upon Tower instance creation
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
tower_task_args:
task_args:
type: array
items:
type: string
tower_task_command:
task_command:
type: array
items:
type: string
tower_web_args:
web_args:
type: array
items:
type: string
tower_web_command:
web_command:
type: array
items:
type: string
tower_task_extra_env:
task_extra_env:
type: string
tower_web_extra_env:
web_extra_env:
type: string
tower_ee_extra_volume_mounts:
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
tower_task_extra_volume_mounts:
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
tower_web_extra_volume_mounts:
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
tower_redis_image:
redis_image:
description: Registry path to the redis container to use
type: string
tower_redis_image_version:
redis_image_version:
description: Redis container image version to use
type: string
tower_postgres_image:
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
tower_postgres_image_version:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
tower_postgres_selector:
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
tower_postgres_tolerations:
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
tower_postgres_storage_requirements:
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
@@ -275,7 +275,7 @@ spec:
type: string
type: object
type: object
tower_postgres_resource_requirements:
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
@@ -293,10 +293,10 @@ spec:
type: string
type: object
type: object
tower_postgres_storage_class:
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
tower_postgres_data_path:
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
@@ -308,27 +308,27 @@ spec:
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
tower_projects_persistence:
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
tower_projects_use_existing_claim:
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
tower_projects_existing_claim:
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
tower_projects_storage_class:
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_storage_size:
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
tower_projects_storage_access_mode:
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
@@ -345,13 +345,13 @@ spec:
type: object
status:
properties:
towerURL:
URL:
description: URL to access the deployed instance
type: string
towerAdminUser:
adminUser:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
@@ -363,13 +363,13 @@ spec:
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
towerVersion:
version:
description: Version of the deployed instance
type: string
towerImage:
image:
description: URL of the image used for the deployed instance
type: string
conditions:

6
deploy/crds/awx_v1beta1_molecule.yaml
View File

@@ -6,12 +6,12 @@ metadata:
namespace: example-awx
spec:
deployment_type: awx
tower_ingress_type: ingress
tower_web_resource_requirements:
ingress_type: ingress
web_resource_requirements:
requests:
cpu: 500m
memory: 128M
tower_task_resource_requirements:
task_resource_requirements:
requests:
cpu: 500m
memory: 128M

224
deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
View File

@@ -13,14 +13,14 @@ metadata:
},
"spec": {
"deployment_type": "awx",
"tower_ingress_type": "ingress",
"tower_task_resource_requirements": {
"ingress_type": "ingress",
"task_resource_requirements": {
"requests": {
"cpu": "500m",
"memory": "128M"
}
},
"tower_web_resource_requirements": {
"web_resource_requirements": {
"requests": {
"cpu": "500m",
"memory": "128M"
@@ -125,7 +125,7 @@ spec:
statusDescriptors:
- displayName: Restore status
description: The state of the restore
path: towerRestoreComplete
path: restoreComplete
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: A AWX Instance
@@ -134,47 +134,47 @@ spec:
name: awxs.awx.ansible.com
specDescriptors:
- displayName: Hostname
path: tower_hostname
path: hostname
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin account username
path: tower_admin_user
path: admin_user
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin email address
path: tower_admin_email
path: admin_email
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin password secret
path: tower_admin_password_secret
path: admin_password_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Database configuration secret
path: tower_postgres_configuration_secret
path: postgres_configuration_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Old Database configuration secret
path: tower_old_postgres_configuration_secret
path: old_postgres_configuration_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Secret key secret
path: tower_secret_key_secret
path: secret_key_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Broadcast Websocket Secret
path: tower_broadcast_websocket_secret
path: broadcast_websocket_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Ingress Type
path: tower_ingress_type
path: ingress_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:none
@@ -182,98 +182,98 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:select:Route
- urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
- urn:alm:descriptor:com.tectonic.ui:select:NodePort
- displayName: Tower Ingress Annotations
path: tower_ingress_annotations
- displayName: Ingress Annotations
path: ingress_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress
- displayName: Tower Ingress TLS Secret
path: tower_ingress_tls_secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Ingress TLS Secret
path: ingress_tls_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress
- displayName: Tower LoadBalancer Annotations
path: tower_loadbalancer_annotations
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: LoadBalancer Annotations
path: loadbalancer_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
- displayName: Tower LoadBalancer Protocol
path: tower_loadbalancer_protocol
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer
- displayName: LoadBalancer Protocol
path: loadbalancer_protocol
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:http
- urn:alm:descriptor:com.tectonic.ui:select:https
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
- displayName: Tower LoadBalancer Port
path: tower_loadbalancer_port
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer
- displayName: LoadBalancer Port
path: loadbalancer_port
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer
- displayName: Route DNS host
path: tower_route_host
path: route_host
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS termination mechanism
path: tower_route_tls_termination_mechanism
path: route_tls_termination_mechanism
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:Edge
- urn:alm:descriptor:com.tectonic.ui:select:Passthrough
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS credential secret
path: tower_route_tls_secret
path: route_tls_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Image Pull Policy
path: tower_image_pull_policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: Image Pull Secret
path: tower_image_pull_secret
path: image_pull_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullSecret
- displayName: Web container resource requirements
path: tower_web_resource_requirements
path: web_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Task container resource requirements
path: tower_task_resource_requirements
path: task_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container resource requirements (when using a managed instance)
path: tower_postgres_resource_requirements
path: postgres_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container storage requirements (when using a managed instance)
path: tower_postgres_storage_requirements
path: postgres_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas
path: tower_replicas
path: replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Remove used secrets on instance removal ?
path: tower_garbage_collect_secrets
path: garbage_collect_secrets
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Preload instance with data upon creation ?
path: tower_create_preload_data
path: create_preload_data
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
@@ -283,8 +283,8 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Should Tower Task container deployed with privileged level ?
path: tower_task_privileged
- displayName: Should the task container deployed with privileged level ?
path: task_privileged
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
@@ -304,53 +304,53 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Image
path: tower_image
- displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Image Version
path: tower_image_version
- displayName: Image Version
path: image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image
path: tower_redis_image
path: redis_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image Version
path: tower_redis_image_version
path: redis_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: tower_postgres_image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: tower_postgres_image_version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Selector
path: tower_postgres_selector
- displayName: Postgres Selector
path: postgres_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Tolerations
path: tower_postgres_tolerations
- displayName: Postgres Tolerations
path: postgres_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Storage Class
path: tower_postgres_storage_class
- displayName: Postgres Storage Class
path: postgres_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Datapath
path: tower_postgres_data_path
- displayName: Postgres Datapath
path: postgres_data_path
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
@@ -364,121 +364,121 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Tower Task Args
path: tower_task_args
- displayName: Task Args
path: task_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Enable persistence for /var/lib/projects directory?
path: tower_projects_persistence
path: projects_persistence
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Use existing Persistent Claim?
path: tower_projects_use_existing_claim
path: projects_use_existing_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:_Yes_
- urn:alm:descriptor:com.tectonic.ui:select:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_persistence:true
- displayName: Tower Projects Existing Persistent Claim
path: tower_projects_existing_claim
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
- displayName: Projects Existing Persistent Claim
path: projects_existing_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
- urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
- description: Tower Projects Storage Class Name. If not present, the default
- description: Projects Storage Class Name. If not present, the default
storage class will be used.
displayName: Tower Projects Storage Class Name
path: tower_projects_storage_class
displayName: Projects Storage Class Name
path: projects_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- description: Tower Projects Storage Size
displayName: Tower Projects Storage Size
path: tower_projects_storage_size
- description: Projects Storage Size
displayName: Projects Storage Size
path: projects_storage_size
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- description: Tower Projects Storage Access Mode
displayName: Tower Projects Storage Access Mode
path: tower_projects_storage_access_mode
- description: Projects Storage Access Mode
displayName: Projects Storage Access Mode
path: projects_storage_access_mode
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Tower Task Command
path: tower_task_command
- displayName: Task Command
path: task_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Task Extra Env
- displayName: Task Extra Env
description: Environment variables to be added to Task container
path: tower_task_extra_env
path: task_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName:
path: tower_ee_extra_volume_mounts
- displayName: EE Extra Volume Mounts
path: ee_extra_volume_mounts
description: Specify volume mounts to be added to Execution container
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower EE Images
- displayName: EE Images
description: Registry path to the Execution Environment container to use
path: tower_ee_images
path: ee_images
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Task Extra Volume Mounts
- displayName: Task Extra Volume Mounts
description: Specify volume mounts to be added to Task container
path: tower_task_extra_volume_mounts
path: task_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Args
path: tower_web_args
- displayName: Web Args
path: web_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Command
path: tower_web_command
- displayName: Web Command
path: web_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Extra Env
- displayName: Web Extra Env
description: Environment variables to be added to Web container
path: tower_web_extra_env
path: web_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Extra Volume Mounts
- displayName: Web Extra Volume Mounts
description: Specify volume mounts to be added to Web container
path: tower_web_extra_volume_mounts
path: web_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Extra Volumes
- displayName: Extra Volumes
description: Specify extra volumes to add to the application pod
path: tower_extra_volumes
path: extra_volumes
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Node Selector
path: tower_node_selector
- displayName: Node Selector
path: node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Service Labels
path: tower_service_labels
- displayName: Service Labels
path: service_labels
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Tolerations
path: tower_tolerations
- displayName: Tolerations
path: tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
@@ -490,27 +490,27 @@ spec:
statusDescriptors:
- description: Route to access the instance deployed
displayName: URL
path: towerURL
path: URL
x-descriptors:
- urn:alm:descriptor:org.w3:link
- description: Admin user for the instance deployed
displayName: Admin User
path: towerAdminUser
path: adminUser
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Admin password for the instance deployed
displayName: Admin Password
path: towerAdminPasswordSecret
path: adminPasswordSecret
x-descriptors:
- urn:alm:descriptor:io.kubernetes:Secret
- description: Version of the instance deployed
displayName: Version
path: towerVersion
path: version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Image of the instance deployed
displayName: Image
path: towerImage
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1

134
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
View File

@@ -41,24 +41,24 @@ spec:
description: Secret where can be found the LDAP trusted Certificate
Authority Bundle
type: string
tower_admin_email:
admin_email:
description: The admin user email
type: string
tower_admin_password_secret:
admin_password_secret:
description: Secret where the admin password can be found
type: string
tower_admin_user:
admin_user:
default: admin
description: Username to use for the admin account
type: string
tower_broadcast_websocket_secret:
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
tower_create_preload_data:
create_preload_data:
default: true
description: Whether or not to preload data upon Tower instance creation
description: Whether or not to preload data upon instance creation
type: boolean
tower_ee_images:
ee_images:
description: Registry path to the Execution Environment container
to use
items:
@@ -69,23 +69,23 @@ spec:
type: string
type: object
type: array
tower_extra_volumes:
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
tower_garbage_collect_secrets:
garbage_collect_secrets:
default: false
description: Whether or not to remove secrets upon instance removal
type: boolean
tower_hostname:
hostname:
description: The hostname of the instance
type: string
tower_image:
image:
description: Registry path to the application container to use
type: string
tower_image_version:
image_version:
description: Application container image version to use
type: string
tower_image_pull_policy:
image_pull_policy:
default: IfNotPresent
description: The image pull policy
enum:
@@ -96,16 +96,16 @@ spec:
- IfNotPresent
- ifnotpresent
type: string
tower_image_pull_secret:
image_pull_secret:
description: The image pull secret
type: string
tower_ingress_annotations:
ingress_annotations:
description: Annotations to add to the ingress
type: string
tower_ingress_tls_secret:
ingress_tls_secret:
description: Secret where the ingress TLS secret can be found
type: string
tower_ingress_type:
ingress_type:
description: The ingress type to use to reach the deployed instance
enum:
- none
@@ -118,49 +118,49 @@ spec:
- NodePort
- nodeport
type: string
tower_loadbalancer_annotations:
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
tower_loadbalancer_port:
loadbalancer_port:
default: 80
description: Port to use for the loadbalancer
type: integer
tower_loadbalancer_protocol:
loadbalancer_protocol:
default: http
description: Protocol to use for the loadbalancer
enum:
- http
- https
type: string
tower_node_selector:
description: nodeSelector for the AWX pods
node_selector:
description: nodeSelector for the pods
type: string
tower_service_labels:
service_labels:
description: Additional labels to apply to the service
type: string
tower_old_postgres_configuration_secret:
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found
for data migration
type: string
tower_postgres_configuration_secret:
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
tower_postgres_data_path:
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
tower_postgres_image:
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
tower_postgres_image_version:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
tower_postgres_selector:
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
tower_postgres_tolerations:
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
tower_postgres_storage_requirements:
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
@@ -174,7 +174,7 @@ spec:
type: string
type: object
type: object
tower_postgres_resource_requirements:
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
@@ -192,52 +192,52 @@ spec:
type: string
type: object
type: object
tower_postgres_storage_class:
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
tower_projects_existing_claim:
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
tower_projects_persistence:
projects_persistence:
default: false
description: Whether or not the /var/lib/projects directory will be
persistent
type: boolean
tower_projects_storage_access_mode:
projects_storage_access_mode:
default: ReadWriteMany
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_storage_class:
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_storage_size:
projects_storage_size:
default: 8Gi
description: Size for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_use_existing_claim:
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
enum:
- _Yes_
- _No_
type: string
tower_redis_image:
redis_image:
description: Registry path to the redis container to use
type: string
tower_redis_image_version:
redis_image_version:
description: Redis container image version to use
type: string
tower_replicas:
replicas:
default: 1
description: Number of instance replicas
format: int32
type: integer
tower_route_host:
route_host:
description: The DNS to use to points to the instance
type: string
tower_route_tls_secret:
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
tower_route_tls_termination_mechanism:
route_tls_termination_mechanism:
default: Edge
description: The secure TLS termination mechanism to use
enum:
@@ -246,31 +246,31 @@ spec:
- Passthrough
- passthrough
type: string
tower_secret_key_secret:
secret_key_secret:
description: Secret where the secret key can be found
type: string
tower_task_args:
task_args:
items:
type: string
type: array
tower_task_command:
task_command:
items:
type: string
type: array
tower_task_extra_env:
task_extra_env:
description: Environment variables to be added to Task container
type: string
tower_ee_extra_volume_mounts:
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
tower_task_extra_volume_mounts:
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
tower_task_privileged:
task_privileged:
default: false
description: If a privileged security context should be enabled
type: boolean
tower_task_resource_requirements:
task_resource_requirements:
description: Resource requirements for the task container
properties:
limits:
@@ -292,24 +292,24 @@ spec:
type: string
type: object
type: object
tower_tolerations:
description: node tolerations for the AWX pods
tolerations:
description: node tolerations for the pods
type: string
tower_web_args:
web_args:
items:
type: string
type: array
tower_web_command:
web_command:
items:
type: string
type: array
tower_web_extra_env:
web_extra_env:
description: Environment variables to be added to Web container
type: string
tower_web_extra_volume_mounts:
web_extra_volume_mounts:
description: Specify volume mounts to be added to web container
type: string
tower_web_resource_requirements:
web_resource_requirements:
description: Resource requirements for the web container
properties:
limits:
@@ -359,22 +359,22 @@ spec:
type: string
type: object
type: array
towerAdminPasswordSecret:
adminPasswordSecret:
description: Admin password of the deployed instance
type: string
towerAdminUser:
adminUser:
description: Admin user of the deployed instance
type: string
towerImage:
image:
description: URL of the image used for the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
towerURL:
URL:
description: URL to access the deployed instance
type: string
towerVersion:
version:
description: Version of the deployed instance
type: string
type: object

4
docs/migration.md
View File

@@ -45,7 +45,7 @@ type: Opaque
If your AWX deployment is already using an external database server or its database is otherwise not managed
by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
In the next section pass it in through `tower_postgres_configuration_secret` instead, omitting the `_old_`
In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
@@ -62,6 +62,6 @@ kind: AWX
metadata:
name: awx
spec:
tower_old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
...
```

2
roles/backup/tasks/secrets.yml
View File

@@ -15,7 +15,7 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: "{{ this_awx['resources'][0]['status']['towerAdminPasswordSecret'] }}"
name: "{{ this_awx['resources'][0]['status']['adminPasswordSecret'] }}"
register: _admin_password
- name: Set admin_password

2
roles/backup/tasks/update_status.yml
View File

@@ -1,7 +1,7 @@
---
# The backup directory in this status can be referenced when restoring
- name: Update Tower Backup status
- name: Update CR Backup status
operator_sdk.util.k8s_status:
api_version: '{{ api_version }}'
kind: "{{ kind }}"

127
roles/installer/defaults/main.yml
View File

@@ -6,180 +6,181 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1'
database_name: "{{ deployment_type }}"
database_username: "{{ deployment_type }}"
tower_task_privileged: false
tower_ingress_type: none
task_privileged: false
ingress_type: none
# Custom labels for the tower service. Specify as literal block. E.g.:
# tower_service_labels: |
# service_labels: |
# environment: non-production
# zone: internal
tower_service_labels: ''
service_labels: ''
# Add annotations to the ingress. Specify as literal block. E.g.:
# tower_ingress_annotations: |
# ingress_annotations: |
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
tower_ingress_annotations: ''
ingress_annotations: ''
# TLS secret for the ingress. The secret either has to exist before hand with
# the corresponding cert and key or just be an indicator for where an automated
# process like cert-manager (enabled via annotations) will store the TLS
# certificate and key.
tower_ingress_tls_secret: ''
ingress_tls_secret: ''
tower_loadbalancer_protocol: 'http'
tower_loadbalancer_port: '80'
tower_loadbalancer_annotations: ''
loadbalancer_protocol: 'http'
loadbalancer_port: '80'
loadbalancer_annotations: ''
# The TLS termination mechanism to use to access
# the services. Supported mechanism are: edge, passthrough
#
tower_route_tls_termination_mechanism: edge
route_tls_termination_mechanism: edge
# Secret to lookup that provide the TLS specific
# credentials to deploy
#
tower_route_tls_secret: ''
route_tls_secret: ''
# Host to create the root with.
# If not specific will default to <instance-name>-<namespace>-<routerCanonicalHostname>
#
tower_route_host: ''
route_host: ''
tower_hostname: '{{ deployment_type }}.example.com'
hostname: '{{ deployment_type }}.example.com'
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# tower_node_selector: |
# node_selector: |
# disktype: ssd
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
tower_node_selector: ''
node_selector: ''
# Add node tolerations for the AWX pods. Specify as literal block. E.g.:
# tower_tolerations: |
# tolerations: |
# - key: "dedicated"
# operator: "Equal"
# value: "AWX"
# effect: "NoSchedule"
tower_tolerations: ''
tolerations: ''
tower_admin_user: admin
tower_admin_email: test@example.com
admin_user: admin
admin_email: test@example.com
# Secret to lookup that provide the admin password
#
tower_admin_password_secret: ''
admin_password_secret: ''
# Secret to lookup that provide the broadcast websocket key
#
tower_broadcast_websocket_secret: ''
broadcast_websocket_secret: ''
# Secret to lookup that provide the secret key
#
tower_secret_key_secret: ''
secret_key_secret: ''
# Secret to lookup that provide the PostgreSQL configuration
#
tower_postgres_configuration_secret: ''
postgres_configuration_secret: ''
# Secret to lookup that provides old database credentials (for migration)
tower_old_postgres_configuration_secret: ''
old_postgres_configuration_secret: ''
# Add extra volumes to the AWX pod. Specify as literal block. E.g.:
# tower_extra_volumes: |
# extra_volumes: |
# - name: my-volume
# emptyDir: {}
tower_extra_volumes: ''
extra_volumes: ''
# Use these image versions for Ansible AWX.
tower_image: quay.io/ansible/awx
tower_image_version: 19.1.0
tower_redis_image: docker.io/redis
tower_redis_image_version: latest
tower_postgres_image: postgres
tower_postgres_image_version: 12
tower_image_pull_policy: IfNotPresent
tower_image_pull_secret: ''
image: quay.io/ansible/awx
image_version: 19.1.0
redis_image: docker.io/redis
redis_image_version: latest
postgres_image: postgres
postgres_image_version: 12
image_pull_policy: IfNotPresent
image_pull_secret: ''
tower_ee_images:
ee_images:
- name: AWX EE 0.2.0
image: quay.io/ansible/awx-ee:0.2.0
tower_create_preload_data: true
create_preload_data: true
tower_replicas: "1"
replicas: "1"
tower_task_args:
task_args:
- /usr/bin/launch_awx_task.sh
tower_task_command: []
tower_web_args: []
tower_web_command: []
task_command: []
web_args: []
web_command: []
tower_task_resource_requirements:
task_resource_requirements:
requests:
cpu: 500m
memory: 1Gi
tower_web_resource_requirements:
web_resource_requirements:
requests:
cpu: 1000m
memory: 2Gi
# Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.:
# tower_task_extra_env: |
# task_extra_env: |
# - name: FOO
# value: bar
# - name: BAZ
# value: bing
tower_task_extra_env: ''
tower_web_extra_env: ''
task_extra_env: ''
web_extra_env: ''
# Mount extra volumes on the AWX task/web containers. Specify as literal block.
# E.g.:
# tower_task_extra_volume_mounts: ''
# task_extra_volume_mounts: ''
# - name: my-volume
# mountPath: /some/path
tower_task_extra_volume_mounts: ''
tower_web_extra_volume_mounts: ''
tower_ee_extra_volume_mounts: ''
task_extra_volume_mounts: ''
web_extra_volume_mounts: ''
ee_extra_volume_mounts: ''
# Add a nodeSelector for the Postgres pods.
# It must match a node's labels for the pod to be scheduled on that node.
# Specify as literal block. E.g.:
# tower_postgres_selector: |
# postgres_selector: |
# disktype: ssd
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
tower_postgres_selector: ''
postgres_selector: ''
# Add node tolerations for the Postgres pods.
# Specify as literal block. E.g.:
# tower_postgres_tolerations: |
# postgres_tolerations: |
# - key: "dedicated"
# operator: "Equal"
# value: "AWX"
# effect: "NoSchedule"
tower_postgres_tolerations: ''
tower_postgres_storage_requirements:
postgres_tolerations: ''
postgres_storage_requirements:
requests:
storage: 8Gi
tower_postgres_resource_requirements: {}
tower_postgres_data_path: '/var/lib/postgresql/data/pgdata'
postgres_resource_requirements: {}
postgres_data_path: '/var/lib/postgresql/data/pgdata'
# Persistence to the AWX project data folder
# Whether or not the /var/lib/projects directory will be persistent
tower_projects_persistence: false
projects_persistence: false
#
# Define an existing PersistentVolumeClaim to use
tower_projects_existing_claim: ''
projects_existing_claim: ''
#
# Define the storage_class, size and access_mode
# when not using an existing claim
tower_projects_storage_size: 8Gi
tower_projects_storage_access_mode: ReadWriteMany
projects_storage_size: 8Gi
projects_storage_access_mode: ReadWriteMany
ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"
@@ -190,6 +191,6 @@ ldap_cacert_secret: ''
# Whether secrets should be garbage collected
# on teardown
#
tower_garbage_collect_secrets: false
garbage_collect_secrets: false
development_mode: false

8
roles/installer/tasks/admin_password_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_admin_password_secret }}'
name: '{{ admin_password_secret }}'
register: _custom_admin_password
when: tower_admin_password_secret | length
when: admin_password_secret | length
- name: Check for default admin password configuration
k8s_info:
@@ -22,7 +22,7 @@
- name: Create admin password secret
k8s:
apply: true
definition: "{{ lookup('template', 'tower_admin_password_secret.yaml.j2') }}"
definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}"
- name: Read admin password secret
k8s_info:
@@ -39,4 +39,4 @@
- name: Store admin password
set_fact:
tower_admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}"
admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}"

6
roles/installer/tasks/broadcast_websocket_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_broadcast_websocket_secret }}'
name: '{{ broadcast_websocket_secret }}'
register: _custom_broadcast_websocket
when: tower_broadcast_websocket_secret | length
when: broadcast_websocket_secret | length
- name: Check for default broadcast websocket secret configuration
k8s_info:
@@ -23,7 +23,7 @@
- name: Create broadcast websocket secret
k8s:
apply: true
definition: "{{ lookup('template', 'tower_broadcast_websocket_secret.yaml.j2') }}"
definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}"
- name: Read broadcast websocket secret
k8s_info:

10
roles/installer/tasks/cleanup.yml
View File

@@ -2,12 +2,12 @@
- block:
- name: Define secrets name
set_fact:
_admin_password: '{{ tower_admin_password_secret | length | ternary(tower_admin_password_secret, meta.name + "-admin-password") }}'
_secret_key: '{{ tower_secret_key_secret | length | ternary(tower_secret_key_secret, meta.name + "-secret-key") }}'
_admin_password: '{{ admin_password_secret | length | ternary(admin_password_secret, meta.name + "-admin-password") }}'
_secret_key: '{{ secret_key_secret | length | ternary(secret_key_secret, meta.name + "-secret-key") }}'
# yamllint disable-line rule:line-length
_broadcast_websocket_secret: '{{ tower_broadcast_websocket_secret | length | ternary(tower_broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204
_broadcast_websocket_secret: '{{ broadcast_websocket_secret | length | ternary(broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204
# yamllint disable-line rule:line-length
_postgres_configuration: '{{ tower_postgres_configuration_secret | length | ternary(tower_postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204
_postgres_configuration: '{{ postgres_configuration_secret | length | ternary(postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204
- name: Remove ownerReferences reference
k8s:
@@ -24,4 +24,4 @@
- '{{ _postgres_configuration }}'
- '{{ _broadcast_websocket_secret }}'
when: not tower_garbage_collect_secrets | bool
when: not garbage_collect_secrets | bool

16
roles/installer/tasks/database_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_postgres_configuration_secret }}'
name: '{{ postgres_configuration_secret }}'
register: _custom_pg_config_resources
when: tower_postgres_configuration_secret | length
when: postgres_configuration_secret | length
- name: Check for default PostgreSQL configuration
k8s_info:
@@ -18,9 +18,9 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_old_postgres_configuration_secret }}'
name: '{{ old_postgres_configuration_secret }}'
register: _custom_old_pg_config_resources
when: tower_old_postgres_configuration_secret | length
when: old_postgres_configuration_secret | length
- name: Check for default old PostgreSQL configuration
k8s_info:
@@ -50,7 +50,7 @@
- name: Create Database configuration
k8s:
apply: true
definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}"
definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}"
- name: Read Database Configuration
k8s_info:
@@ -72,7 +72,7 @@
- name: Create Database if no database is specified
k8s:
apply: true
definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
definition: "{{ lookup('template', 'postgres.yaml.j2') }}"
register: create_statefulset_result
rescue:
@@ -101,7 +101,7 @@
- name: Recreate PostgreSQL statefulset with updated values
k8s:
apply: true
definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
definition: "{{ lookup('template', 'postgres.yaml.j2') }}"
when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
- name: Store Database Configuration
@@ -126,4 +126,4 @@
when:
- old_pg_config['resources'] is defined
- old_pg_config['resources'] | length
- this_awx['resources'][0]['status']['towerMigratedFromSecret'] is not defined
- this_awx['resources'][0]['status']['migratedFromSecret'] is not defined

8
roles/installer/tasks/initialize_django.yml
View File

@@ -6,7 +6,7 @@
container: "{{ meta.name }}-task"
command: >-
bash -c "echo 'from django.contrib.auth.models import User;
nsu = User.objects.filter(is_superuser=True, username='{{ tower_admin_user }}').count();
nsu = User.objects.filter(is_superuser=True, username='{{ admin_user }}').count();
exit(0 if nsu > 0 else 1)'
| awx-manage shell"
ignore_errors: true
@@ -19,7 +19,7 @@
pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task"
command: >-
bash -c "awx-manage update_password --username '{{ tower_admin_user }}' --password '{{ tower_admin_password }}'"
bash -c "awx-manage update_password --username '{{ admin_user }}' --password '{{ admin_password }}'"
register: update_pw_result
changed_when: users_result.stdout == 'Password not updated'
when: users_result.return_code == 0
@@ -31,7 +31,7 @@
container: "{{ meta.name }}-task"
command: >-
bash -c "echo \"from django.contrib.auth.models import User;
User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\"
User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\"
| awx-manage shell"
when: users_result.return_code > 0
@@ -44,4 +44,4 @@
bash -c "awx-manage create_preload_data"
register: cdo
changed_when: "'added' in cdo.stdout"
when: tower_create_preload_data | bool
when: create_preload_data | bool

8
roles/installer/tasks/load_route_tls_secret.yml
View File

@@ -3,15 +3,15 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_route_tls_secret }}'
name: '{{ route_tls_secret }}'
register: route_tls
- name: Load Route TLS Secret content
set_fact:
tower_route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}'
tower_route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}'
route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}'
route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}'
- name: Load Route TLS Secret content
set_fact:
tower_route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}'
route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}'
when: '"ca.crt" in route_tls["resources"][0]["data"]'

4
roles/installer/tasks/main.yml
View File

@@ -37,8 +37,8 @@
- name: Load Route TLS certificate
include_tasks: load_route_tls_secret.yml
when:
- tower_ingress_type | lower == 'route'
- tower_route_tls_secret != ''
- ingress_type | lower == 'route'
- route_tls_secret != ''
- name: Include resources configuration tasks
include_tasks: resources_configuration.yml

14
roles/installer/tasks/resources_configuration.yml
View File

@@ -24,17 +24,17 @@
wait: yes
register: tower_resources_result
loop:
- 'tower_config'
- 'tower_app_credentials'
- 'tower_service_account'
- 'tower_persistent'
- 'tower_service'
- 'tower_ingress'
- 'config'
- 'app_credentials'
- 'service_account'
- 'persistent'
- 'service'
- 'ingress'
- name: Apply deployment resources
k8s:
apply: yes
definition: "{{ lookup('template', 'tower_deployment.yaml.j2') }}"
definition: "{{ lookup('template', 'deployment.yaml.j2') }}"
wait: yes
register: tower_deployment_result

6
roles/installer/tasks/secret_key_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info:
kind: Secret
namespace: '{{ meta.namespace }}'
name: '{{ tower_secret_key_secret }}'
name: '{{ secret_key_secret }}'
register: _custom_secret_key
when: tower_secret_key_secret | length
when: secret_key_secret | length
- name: Check for default secret key configuration
k8s_info:
@@ -22,7 +22,7 @@
- name: Create secret key secret
k8s:
apply: true
definition: "{{ lookup('template', 'tower_secret_key.yaml.j2') }}"
definition: "{{ lookup('template', 'secret_key.yaml.j2') }}"
- name: Read secret key secret
k8s_info:

16
roles/installer/tasks/update_status.yml
View File

@@ -6,7 +6,7 @@
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerAdminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}"
adminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}"
- name: Update admin user status
operator_sdk.util.k8s_status:
@@ -15,7 +15,7 @@
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerAdminUser: "{{ tower_admin_user }}"
adminUser: "{{ admin_user }}"
- name: Update postgres configuration status
operator_sdk.util.k8s_status:
@@ -61,7 +61,7 @@
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerVersion: "{{ instance_version.stdout | trim }}"
version: "{{ instance_version.stdout | trim }}"
- name: Update image status
operator_sdk.util.k8s_status:
@@ -70,7 +70,7 @@
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerImage: "{{ tower_image }}"
image: "{{ image }}"
- block:
- name: Retrieve route URL
@@ -87,16 +87,16 @@
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerURL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}"
URL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}"
when: tower_ingress_type | lower == 'route'
when: ingress_type | lower == 'route'
- name: Update towerMigratedFromSecret status
- name: Update migratedFromSecret status
operator_sdk.util.k8s_status:
api_version: '{{ api_version }}'
kind: "{{ kind }}"
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerMigratedFromSecret: "{{ tower_migrated_from_secret }}"
migratedFromSecret: "{{ tower_migrated_from_secret }}"
when: tower_migrated_from_secret is defined

0
roles/installer/templates/tower_admin_password_secret.yaml.j2 → roles/installer/templates/admin_password_secret.yaml.j2
View File

0
roles/installer/templates/tower_app_credentials.yaml.j2 → roles/installer/templates/app_credentials.yaml.j2
View File

0
roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 → roles/installer/templates/broadcast_websocket_secret.yaml.j2
View File

4
roles/installer/templates/tower_config.yaml.j2 → roles/installer/templates/config.yaml.j2
View File

@@ -130,7 +130,7 @@ data:
}
{% if tower_route_tls_termination_mechanism | lower == 'passthrough' %}
{% if route_tls_termination_mechanism | lower == 'passthrough' %}
server {
listen 8052 default_server;
server_name _;
@@ -141,7 +141,7 @@ data:
{% endif %}
server {
{% if tower_route_tls_termination_mechanism | lower == 'passthrough' %}
{% if route_tls_termination_mechanism | lower == 'passthrough' %}
listen 8053 ssl;
ssl_certificate /etc/nginx/pki/web.crt;

94
roles/installer/templates/tower_deployment.yaml.j2 → roles/installer/templates/deployment.yaml.j2
View File

@@ -7,13 +7,13 @@ metadata:
namespace: '{{ meta.namespace }}'
labels:
app.kubernetes.io/name: '{{ meta.name }}'
app.kubernetes.io/version: '{{ tower_image_version }}'
app.kubernetes.io/version: '{{ image_version }}'
app.kubernetes.io/part-of: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
spec:
replicas: {{ tower_replicas }}
replicas: {{ replicas }}
selector:
matchLabels:
app.kubernetes.io/name: '{{ meta.name }}'
@@ -23,19 +23,19 @@ spec:
metadata:
labels:
app.kubernetes.io/name: '{{ meta.name }}'
app.kubernetes.io/version: '{{ tower_image_version }}'
app.kubernetes.io/version: '{{ image_version }}'
app.kubernetes.io/part-of: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
spec:
serviceAccountName: '{{ meta.name }}'
{% if tower_image_pull_secret %}
{% if image_pull_secret %}
imagePullSecrets:
- name: {{ tower_image_pull_secret }}
- name: {{ image_pull_secret }}
{% endif %}
containers:
- image: '{{ tower_redis_image }}:{{ tower_redis_image_version }}'
imagePullPolicy: '{{ tower_image_pull_policy }}'
- image: '{{ redis_image }}:{{ redis_image_version }}'
imagePullPolicy: '{{ image_pull_policy }}'
name: redis
args: ["redis-server", "/etc/redis.conf"]
volumeMounts:
@@ -47,18 +47,18 @@ spec:
mountPath: "/var/run/redis"
- name: "{{ meta.name }}-redis-data"
mountPath: "/data"
- image: '{{ tower_image }}:{{ tower_image_version }}'
- image: '{{ image }}:{{ image_version }}'
name: '{{ meta.name }}-web'
{% if tower_web_command %}
command: {{ tower_web_command }}
{% if web_command %}
command: {{ web_command }}
{% endif %}
{% if tower_web_args %}
args: {{ tower_web_args }}
{% if web_args %}
args: {{ web_args }}
{% endif %}
imagePullPolicy: '{{ tower_image_pull_policy }}'
imagePullPolicy: '{{ image_pull_policy }}'
ports:
- containerPort: 8052
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %}
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- containerPort: 8053
{% endif %}
volumeMounts:
@@ -74,7 +74,7 @@ spec:
mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py
readOnly: true
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %}
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ meta.name }}-nginx-certs"
mountPath: "/etc/nginx/pki"
readOnly: true
@@ -111,8 +111,8 @@ spec:
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if tower_web_extra_volume_mounts -%}
{{ tower_web_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% if web_extra_volume_mounts -%}
{{ web_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %}
env:
- name: MY_POD_NAMESPACE
@@ -123,22 +123,22 @@ spec:
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if tower_web_extra_env -%}
{{ tower_web_extra_env | indent(width=12, indentfirst=True) }}
{% if web_extra_env -%}
{{ web_extra_env | indent(width=12, indentfirst=True) }}
{% endif %}
resources: {{ tower_web_resource_requirements }}
- image: '{{ tower_image }}:{{ tower_image_version }}'
resources: {{ web_resource_requirements }}
- image: '{{ image }}:{{ image_version }}'
name: '{{ meta.name }}-task'
imagePullPolicy: '{{ tower_image_pull_policy }}'
{% if tower_task_privileged == true %}
imagePullPolicy: '{{ image_pull_policy }}'
{% if task_privileged == true %}
securityContext:
privileged: true
{% endif %}
{% if tower_task_command %}
command: {{ tower_task_command }}
{% if task_command %}
command: {{ task_command }}
{% endif %}
{% if tower_task_args %}
args: {{ tower_task_args }}
{% if task_args %}
args: {{ task_args }}
{% endif %}
volumeMounts:
- name: "{{ meta.name }}-application-credentials"
@@ -177,8 +177,8 @@ spec:
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if tower_task_extra_volume_mounts -%}
{{ tower_task_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% if task_extra_volume_mounts -%}
{{ task_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %}
env:
- name: SUPERVISOR_WEB_CONFIG_PATH
@@ -201,13 +201,13 @@ spec:
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if tower_task_extra_env -%}
{{ tower_task_extra_env | indent(width=12, indentfirst=True) }}
{% if task_extra_env -%}
{{ task_extra_env | indent(width=12, indentfirst=True) }}
{% endif %}
resources: {{ tower_task_resource_requirements }}
- image: '{{ tower_ee_images[0].image }}'
resources: {{ task_resource_requirements }}
- image: '{{ ee_images[0].image }}'
name: '{{ meta.name }}-ee'
imagePullPolicy: '{{ tower_image_pull_policy }}'
imagePullPolicy: '{{ image_pull_policy }}'
args: ['receptor', '--config', '/etc/receptor.conf']
volumeMounts:
- name: "{{ meta.name }}-receptor-config"
@@ -218,8 +218,8 @@ spec:
mountPath: "/var/run/receptor"
- name: "{{ meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
{% if tower_ee_extra_volume_mounts -%}
{{ tower_ee_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% if ee_extra_volume_mounts -%}
{{ ee_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %}
{% if development_mode | bool %}
env:
@@ -228,19 +228,19 @@ spec:
fieldRef:
fieldPath: status.podIP
{% endif %}
{% if tower_node_selector %}
{% if node_selector %}
nodeSelector:
{{ tower_node_selector | indent(width=8) }}
{{ node_selector | indent(width=8) }}
{% endif %}
{% if tower_tolerations %}
{% if tolerations %}
tolerations:
{{ tower_tolerations | indent(width=8) }}
{{ tolerations | indent(width=8) }}
{% endif %}
volumes:
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %}
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ meta.name }}-nginx-certs"
secret:
secretName: "{{ tower_route_tls_secret }}"
secretName: "{{ route_tls_secret }}"
items:
- key: tls.key
path: 'web.key'
@@ -308,10 +308,10 @@ spec:
- key: receptor_conf
path: receptor.conf
- name: "{{ meta.name }}-projects"
{% if tower_projects_persistence|bool %}
{% if projects_persistence|bool %}
persistentVolumeClaim:
{% if tower_projects_existing_claim %}
claimName: {{ tower_projects_existing_claim }}
{% if projects_existing_claim %}
claimName: {{ projects_existing_claim }}
{% else %}
claimName: '{{ meta.name }}-projects-claim'
{% endif %}
@@ -323,6 +323,6 @@ spec:
hostPath:
path: /awx_devel
{% endif %}
{% if tower_extra_volumes -%}
{{ tower_extra_volumes | indent(width=8, indentfirst=True) }}
{% if extra_volumes -%}
{{ extra_volumes | indent(width=8, indentfirst=True) }}
{% endif %}

2
roles/installer/templates/execution_environments.py.j2
View File

@@ -1,5 +1,5 @@
DEFAULT_EXECUTION_ENVIRONMENTS = [
{% for item in tower_ee_images %}
{% for item in ee_images %}
{'name': '{{ item.name }}' , 'image': '{{ item.image }}'},
{% endfor %}
]

34
roles/installer/templates/tower_ingress.yaml.j2 → roles/installer/templates/ingress.yaml.j2
View File

@@ -1,4 +1,4 @@
{% if 'ingress' == tower_ingress_type|lower %}
{% if 'ingress' == ingress_type|lower %}
---
apiVersion: extensions/v1beta1
kind: Ingress
@@ -11,28 +11,28 @@ metadata:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
{% if tower_ingress_annotations %}
{% if ingress_annotations %}
annotations:
{{ tower_ingress_annotations | indent(width=4) }}
{{ ingress_annotations | indent(width=4) }}
{% endif %}
spec:
rules:
- host: '{{ tower_hostname }}'
- host: '{{ hostname }}'
http:
paths:
- path: /
backend:
serviceName: '{{ meta.name }}-service'
servicePort: 80
{% if tower_ingress_tls_secret %}
{% if ingress_tls_secret %}
tls:
- hosts:
- {{ tower_hostname }}
secretName: {{ tower_ingress_tls_secret }}
- {{ hostname }}
secretName: {{ ingress_tls_secret }}
{% endif %}
{% endif %}
{% if 'route' == tower_ingress_type|lower %}
{% if 'route' == ingress_type|lower %}
---
apiVersion: route.openshift.io/v1
kind: Route
@@ -46,22 +46,22 @@ metadata:
app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
spec:
{% if tower_route_host != '' %}
host: {{ tower_route_host }}
{% if route_host != '' %}
host: {{ route_host }}
{% endif %}
port:
targetPort: '{{ (tower_route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}'
targetPort: '{{ (route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}'
tls:
insecureEdgeTerminationPolicy: Redirect
termination: {{ tower_route_tls_termination_mechanism | lower }}
{% if tower_route_tls_termination_mechanism | lower == 'edge' and tower_route_tls_secret != '' %}
termination: {{ route_tls_termination_mechanism | lower }}
{% if route_tls_termination_mechanism | lower == 'edge' and route_tls_secret != '' %}
key: |-
{{ tower_route_tls_key | indent(width=6, indentfirst=True) }}
{{ route_tls_key | indent(width=6, indentfirst=True) }}
certificate: |-
{{ tower_route_tls_crt | indent(width=6, indentfirst=True) }}
{% if tower_route_ca_crt is defined %}
{{ route_tls_crt | indent(width=6, indentfirst=True) }}
{% if route_ca_crt is defined %}
caCertificate: |-
{{ tower_route_ca_crt | indent(width=6, indentfirst=True) }}
{{ route_ca_crt | indent(width=6, indentfirst=True) }}
{% endif %}
{% endif %}
to:

10
roles/installer/templates/tower_persistent.yaml.j2 → roles/installer/templates/persistent.yaml.j2
View File

@@ -1,4 +1,4 @@
{% if tower_projects_persistence|bool and tower_projects_existing_claim == '' %}
{% if projects_persistence|bool and projects_existing_claim == '' %}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
@@ -12,11 +12,11 @@ metadata:
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
spec:
accessModes:
- {{ tower_projects_storage_access_mode }}
- {{ projects_storage_access_mode }}
resources:
requests:
storage: {{ tower_projects_storage_size }}
{% if tower_projects_storage_class is defined %}
storageClassName: {{ tower_projects_storage_class }}
storage: {{ projects_storage_size }}
{% if projects_storage_class is defined %}
storageClassName: {{ projects_storage_class }}
{% endif %}
{% endif %}

30
roles/installer/templates/tower_postgres.yaml.j2 → roles/installer/templates/postgres.yaml.j2
View File

@@ -34,11 +34,11 @@ spec:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
spec:
containers:
- image: '{{ tower_postgres_image }}:{{ tower_postgres_image_version }}'
imagePullPolicy: '{{ tower_image_pull_policy }}'
- image: '{{ postgres_image }}:{{ postgres_image_version }}'
imagePullPolicy: '{{ image_pull_policy }}'
name: postgres
env:
# For tower_postgres_image based on rhel8/postgresql-12
# For postgres_image based on rhel8/postgresql-12
- name: POSTGRESQL_DATABASE
valueFrom:
secretKeyRef:
@@ -55,7 +55,7 @@ spec:
name: '{{ postgres_configuration_secret }}'
key: password
# For tower_postgres_image based on postgres
# For postgres_image based on postgres
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
@@ -72,7 +72,7 @@ spec:
name: '{{ postgres_configuration_secret }}'
key: password
- name: PGDATA
value: '{{ tower_postgres_data_path }}'
value: '{{ postgres_data_path }}'
- name: POSTGRES_INITDB_ARGS
value: '{{ postgres_initdb_args }}'
- name: POSTGRES_HOST_AUTH_METHOD
@@ -82,16 +82,16 @@ spec:
name: postgres
volumeMounts:
- name: postgres
mountPath: '{{ tower_postgres_data_path | dirname }}'
subPath: '{{ tower_postgres_data_path | dirname | basename }}'
resources: {{ tower_postgres_resource_requirements }}
{% if tower_postgres_selector %}
mountPath: '{{ postgres_data_path | dirname }}'
subPath: '{{ postgres_data_path | dirname | basename }}'
resources: {{ postgres_resource_requirements }}
{% if postgres_selector %}
nodeSelector:
{{ tower_postgres_selector | indent(width=8) }}
{{ postgres_selector | indent(width=8) }}
{% endif %}
{% if tower_postgres_tolerations %}
{% if postgres_tolerations %}
tolerations:
{{ tower_postgres_tolerations | indent(width=8) }}
{{ postgres_tolerations | indent(width=8) }}
{% endif %}
volumeClaimTemplates:
- metadata:
@@ -99,10 +99,10 @@ spec:
spec:
accessModes:
- ReadWriteOnce
{% if tower_postgres_storage_class is defined %}
storageClassName: '{{ tower_postgres_storage_class }}'
{% if postgres_storage_class is defined %}
storageClassName: '{{ postgres_storage_class }}'
{% endif %}
resources: {{ tower_postgres_storage_requirements }}
resources: {{ postgres_storage_requirements }}
# Postgres Service.
---

0
roles/installer/templates/tower_postgres_secret.yaml.j2 → roles/installer/templates/postgres_secret.yaml.j2
View File

0
roles/installer/templates/tower_secret_key.yaml.j2 → roles/installer/templates/secret_key.yaml.j2
View File

22
roles/installer/templates/tower_service.yaml.j2 → roles/installer/templates/service.yaml.j2
View File

@@ -10,32 +10,32 @@ metadata:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
{{ tower_service_labels | indent(width=4) }}
{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_annotations %}
{{ service_labels | indent(width=4) }}
{% if ingress_type | lower == 'loadbalancer' and loadbalancer_annotations %}
annotations:
{{ tower_loadbalancer_annotations | indent(width=4) }}
{{ loadbalancer_annotations | indent(width=4) }}
{% endif %}
spec:
ports:
{% if tower_ingress_type | lower != 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %}
{% if ingress_type | lower != 'loadbalancer' and loadbalancer_protocol | lower != 'https' %}
- port: 80
protocol: TCP
targetPort: 8052
name: http
{% endif %}
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %}
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- port: 443
protocol: TCP
targetPort: 8053
name: https
{% endif %}
{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower == 'https' %}
- port: {{ tower_loadbalancer_port }}
{% if ingress_type | lower == 'loadbalancer' and loadbalancer_protocol | lower == 'https' %}
- port: {{ loadbalancer_port }}
protocol: TCP
targetPort: 8052
name: https
{% elif tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %}
- port: {{ tower_loadbalancer_port }}
{% elif ingress_type | lower == 'loadbalancer' and loadbalancer_protocol | lower != 'https' %}
- port: {{ loadbalancer_port }}
protocol: TCP
targetPort: 8052
name: http
@@ -44,9 +44,9 @@ spec:
app.kubernetes.io/name: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
{% if tower_ingress_type | lower == "loadbalancer" %}
{% if ingress_type | lower == "loadbalancer" %}
type: LoadBalancer
{% elif tower_ingress_type != "none" %}
{% elif ingress_type != "none" %}
type: NodePort
{% else %}
type: ClusterIP

0
roles/installer/templates/tower_service_account.yaml.j2 → roles/installer/templates/service_account.yaml.j2
View File

2
roles/installer/vars/main.yml
View File

@@ -2,4 +2,4 @@
postgres_initdb_args: '--auth-host=scram-sha-256'
postgres_host_auth_method: 'scram-sha-256'
ldap_cacert_ca_crt: ''
tower_projects_existing_claim: ''
projects_existing_claim: ''

4
roles/restore/README.md
View File

@@ -52,7 +52,7 @@ $ kubectl apply -f restore-awx.yml
This will create a new deployment and restore your backup to it.
> :warning: tower_admin_password_secret value will replace the password for the `tower_admin_user` user (by default, this is the `admin` user).
> :warning: admin_password_secret value will replace the password for the `admin_user` user (by default, this is the `admin` user).
Role Variables
@@ -90,7 +90,7 @@ backup_pvc_namespace: 'custom-namespace'
If a custom postgres configuration secret was used when deploying AWX, it must be set:
```
tower_postgres_configuration_secret: 'awx-postgres-configuration'
postgres_configuration_secret: 'awx-postgres-configuration'
```
If the awxbackup object no longer exists, it is still possible to restore from the backup it created by specifying the pvc name and the back directory.

8
roles/restore/tasks/deploy_awx.yml
View File

@@ -35,10 +35,10 @@
set_fact:
awx_spec: "{{ awx_spec | combine ({ item.key : item.value }) }}"
with_items:
- {'key': 'tower_secret_key_secret', 'value': '{{ secret_key_secret_name }}'}
- {'key': 'tower_admin_password_secret', 'value': '{{ admin_password_secret_name }}'}
- {'key': 'tower_broadcast_websocket_secret', 'value': '{{ broadcast_websocket_secret_name }}'}
- {'key': 'tower_postgres_configuration_secret', 'value': '{{ postgres_configuration_secret_name }}'}
- {'key': 'secret_key_secret', 'value': '{{ secret_key_secret_name }}'}
- {'key': 'admin_password_secret', 'value': '{{ admin_password_secret_name }}'}
- {'key': 'broadcast_websocket_secret', 'value': '{{ broadcast_websocket_secret_name }}'}
- {'key': 'postgres_configuration_secret', 'value': '{{ postgres_configuration_secret_name }}'}
- name: Restore kind
set_fact:

2
roles/restore/tasks/main.yml
View File

@@ -41,7 +41,7 @@
- include_tasks: cleanup.yml
when:
- this_restore['resources'][0]['status']['towerRestoreComplete'] is not defined
- this_restore['resources'][0]['status']['restoreComplete'] is not defined
- name: Update status variables
include_tasks: update_status.yml

4
roles/restore/tasks/update_status.yml
View File

@@ -1,11 +1,11 @@
---
- name: Update Tower Restore status
- name: Update CR Restore status
operator_sdk.util.k8s_status:
api_version: '{{ api_version }}'
kind: "{{ kind }}"
name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}"
status:
towerRestoreComplete: true
restoreComplete: true
when: tower_restore_complete is defined