internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not prepend variables name with tower_

Browse Source
This commit is contained in:
Yanis Guenane
2021-05-21 13:45:48 +02:00
parent d0a74edd34
commit 75458d0678
40 changed files with 697 additions and 696 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
README.md
View File

@@ -89,14 +89,14 @@ There are three variables that are customizable for the admin user account creat
| Name | Description | Default | | Name | Description | Default |
| --------------------------- | -------------------------------------------- | ---------------- | | --------------------------- | -------------------------------------------- | ---------------- |
| tower_admin_user | Name of the admin user | admin | | admin_user | Name of the admin user | admin |
| tower_admin_email | Email of the admin user | test@example.com | | admin_email | Email of the admin user | test@example.com |
| tower_admin_password_secret | Secret that contains the admin user password | Empty string | | admin_password_secret | Secret that contains the admin user password | Empty string |
> :warning: **tower_admin_password_secret must be a Kubernetes secret and not your text clear password**. > :warning: **admin_password_secret must be a Kubernetes secret and not your text clear password**.
If `tower_admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`. If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode` To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
@@ -118,7 +118,7 @@ stringData:
#### Ingress Type #### Ingress Type
By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `tower_ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created. By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created.
The AWX operator provides support for four kinds of `Ingress` to access AWX: `Ingress`, `Route`, `LoadBalancer` and `NodePort`, To toggle between these options, you can add the following to your AWX CR: The AWX operator provides support for four kinds of `Ingress` to access AWX: `Ingress`, `Route`, `LoadBalancer` and `NodePort`, To toggle between these options, you can add the following to your AWX CR:
@@ -128,7 +128,7 @@ The AWX operator provides support for four kinds of `Ingress` to access AWX: `In
--- ---
spec: spec:
... ...
tower_ingress_type: Route ingress_type: Route
``` ```
* Ingress * Ingress
@@ -137,8 +137,8 @@ spec:
--- ---
spec: spec:
... ...
tower_ingress_type: Ingress ingress_type: Ingress
tower_hostname: awx.mycompany.com hostname: awx.mycompany.com
``` ```
* LoadBalancer * LoadBalancer
@@ -147,8 +147,8 @@ spec:
--- ---
spec: spec:
... ...
tower_ingress_type: LoadBalancer ingress_type: LoadBalancer
tower_loadbalancer_protocol: http loadbalancer_protocol: http
``` ```
* NodePort * NodePort
@@ -157,12 +157,12 @@ spec:
--- ---
spec: spec:
... ...
tower_ingress_type: NodePort ingress_type: NodePort
``` ```
The AWX `Service` that gets created will have a `type` set based on the `tower_ingress_type` being used: The AWX `Service` that gets created will have a `type` set based on the `ingress_type` being used:
| Ingress Type `tower_ingress_type` | Service Type | | Ingress Type `ingress_type` | Service Type |
| ------------------------------------- | -------------- | | ------------------------------------- | -------------- |
| `LoadBalancer` | `LoadBalancer` | | `LoadBalancer` | `LoadBalancer` |
| `NodePort` | `NodePort` | | `NodePort` | `NodePort` |
@@ -176,9 +176,9 @@ The following variables are customizable to specify the TLS termination procedur
| Name | Description | Default | | Name | Description | Default |
| ------------------------------------- | --------------------------------------------- | --------------------------------- | | ------------------------------------- | --------------------------------------------- | --------------------------------- |
| tower_route_host | Common name the route answers for | Empty string | | route_host | Common name the route answers for | Empty string |
| tower_route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge | | route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge |
| tower_route_tls_secret | Secret that contains the TLS information | Empty string | | route_tls_secret | Secret that contains the TLS information | Empty string |
* Ingress * Ingress
@@ -186,8 +186,8 @@ The following variables are customizable to specify the TLS termination procedur
| Name | Description | Default | | Name | Description | Default |
| -------------------------- | ---------------------------------------- | ------------- | | -------------------------- | ---------------------------------------- | ------------- |
| tower_ingress_annotations | Ingress annotations | Empty string | | ingress_annotations | Ingress annotations | Empty string |
| tower_ingress_tls_secret | Secret that contains the TLS information | Empty string | | ingress_tls_secret | Secret that contains the TLS information | Empty string |
* LoadBalancer * LoadBalancer
@@ -195,11 +195,11 @@ The following variables are customizable to specify the TLS termination procedur
| Name | Description | Default | | Name | Description | Default |
| ------------------------------ | ---------------------------------------- | ------------- | | ------------------------------ | ---------------------------------------- | ------------- |
| tower_loadbalancer_annotations | LoadBalancer annotations | Empty string | | loadbalancer_annotations | LoadBalancer annotations | Empty string |
| tower_loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | | loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http |
| tower_loadbalancer_port | Port used for Loadbalancer ingress | 80 | | loadbalancer_port | Port used for Loadbalancer ingress | 80 |
When setting up a Load Balancer for HTTPS you will be required to set the `tower_loadbalancer_port` to move the port away from `80`. When setting up a Load Balancer for HTTPS you will be required to set the `loadbalancer_port` to move the port away from `80`.
The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP. The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.
@@ -207,7 +207,7 @@ The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and
#### External PostgreSQL Service #### External PostgreSQL Service
In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `tower_postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-postgres-configuration`. In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-postgres-configuration`.
The secret should be formatted as follows: The secret should be formatted as follows:
@@ -246,11 +246,11 @@ The following variables are customizable for the managed PostgreSQL service
| Name | Description | Default | | Name | Description | Default |
| ------------------------------------ | ------------------------------------------ | --------------------------------- | | ------------------------------------ | ------------------------------------------ | --------------------------------- |
| tower_postgres_image | Path of the image to pull | postgres:12 | | postgres_image | Path of the image to pull | postgres:12 |
| tower_postgres_resource_requirements | PostgreSQL container resource requirements | Empty object | | postgres_resource_requirements | PostgreSQL container resource requirements | Empty object |
| tower_postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} | | postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| tower_postgres_storage_class | PostgreSQL PV storage class | Empty string | | postgres_storage_class | PostgreSQL PV storage class | Empty string |
| tower_postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` | | postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` |
Example of customization could be: Example of customization could be:
@@ -258,22 +258,22 @@ Example of customization could be:
--- ---
spec: spec:
... ...
tower_postgres_resource_requirements: postgres_resource_requirements:
requests: requests:
cpu: 500m cpu: 500m
memory: 2Gi memory: 2Gi
limits: limits:
cpu: 1 cpu: 1
memory: 4Gi memory: 4Gi
tower_postgres_storage_requirements: postgres_storage_requirements:
requests: requests:
storage: 8Gi storage: 8Gi
limits: limits:
storage: 50Gi storage: 50Gi
tower_postgres_storage_class: fast-ssd postgres_storage_class: fast-ssd
``` ```
**Note**: If `tower_postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster. **Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
### Advanced Configuration ### Advanced Configuration
@@ -283,13 +283,13 @@ There are a few variables that are customizable for awx the image management.
| Name | Description | | Name | Description |
| --------------------------| -------------------------- | | --------------------------| -------------------------- |
| tower_image | Path of the image to pull | | image | Path of the image to pull |
| tower_image_version | Image version to pull | | image_version | Image version to pull |
| tower_image_pull_policy | The pull policy to adopt | | image_pull_policy | The pull policy to adopt |
| tower_image_pull_secret | The pull secret to use | | image_pull_secret | The pull secret to use |
| tower_ee_images | A list of EEs to register | | ee_images | A list of EEs to register |
| tower_redis_image | Path of the image to pull | | redis_image | Path of the image to pull |
| tower_redis_image_version | Image version to pull | | redis_image_version | Image version to pull |
Example of customization could be: Example of customization could be:
@@ -297,16 +297,16 @@ Example of customization could be:
--- ---
spec: spec:
... ...
tower_image: myorg/my-custom-awx image: myorg/my-custom-awx
tower_image_version: latest image_version: latest
tower_image_pull_policy: Always image_pull_policy: Always
tower_image_pull_secret: pull_secret_name image_pull_secret: pull_secret_name
tower_ee_images: ee_images:
- name: my-custom-awx-ee - name: my-custom-awx-ee
image: myorg/my-custom-awx-ee image: myorg/my-custom-awx-ee
``` ```
**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file. **Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
#### Privileged Tasks #### Privileged Tasks
@@ -316,7 +316,7 @@ Depending on the type of tasks that you'll be running, you may find that you nee
--- ---
spec: spec:
... ...
tower_task_privileged: true task_privileged: true
``` ```
If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with: If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with:
@@ -334,8 +334,8 @@ The resource requirements for both, the task and the web containers are configur
| Name | Description | Default | | Name | Description | Default |
| -------------------------------- | ------------------------------------ | ----------------------------------- | | -------------------------------- | ------------------------------------ | ----------------------------------- |
| tower_web_resource_requirements | Web container resource requirements | requests: {cpu: 1000m, memory: 2Gi} | | web_resource_requirements | Web container resource requirements | requests: {cpu: 1000m, memory: 2Gi} |
| tower_task_resource_requirements | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi} | | task_resource_requirements | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi} |
Example of customization could be: Example of customization could be:
@@ -343,14 +343,14 @@ Example of customization could be:
--- ---
spec: spec:
... ...
tower_web_resource_requirements: web_resource_requirements:
requests: requests:
cpu: 1000m cpu: 1000m
memory: 2Gi memory: 2Gi
limits: limits:
cpu: 2000m cpu: 2000m
memory: 4Gi memory: 4Gi
tower_task_resource_requirements: task_resource_requirements:
requests: requests:
cpu: 500m cpu: 500m
memory: 1Gi memory: 1Gi
@@ -361,19 +361,19 @@ spec:
#### Assigning AWX pods to specific nodes #### Assigning AWX pods to specific nodes
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `tower_node_selector` and `tower_postgres_selector` constrains You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
the AWX pods to run only on the nodes that match all the specified key/value pairs. `tower_tolerations` and `tower_postgres_tolerations` allow the AWX the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
pods to be scheduled onto nodes with matching taints. pods to be scheduled onto nodes with matching taints.
| Name | Description | Default | | Name | Description | Default |
| -------------------------------| --------------------------- | ------- | | -------------------------------| --------------------------- | ------- |
| tower_postgres_image | Path of the image to pull | 12 | | postgres_image | Path of the image to pull | 12 |
| tower_postgres_image_version | Image version to pull | 12 | | postgres_image_version | Image version to pull | 12 |
| tower_node_selector | AWX pods' nodeSelector | '' | | node_selector | AWX pods' nodeSelector | '' |
| tower_tolerations | AWX pods' tolerations | '' | | tolerations | AWX pods' tolerations | '' |
| tower_postgres_selector | Postgres pods' nodeSelector | '' | | postgres_selector | Postgres pods' nodeSelector | '' |
| tower_postgres_tolerations | Postgres pods' tolerations | '' | | postgres_tolerations | Postgres pods' tolerations | '' |
Example of customization could be: Example of customization could be:
@@ -381,20 +381,20 @@ Example of customization could be:
--- ---
spec: spec:
... ...
tower_node_selector: | node_selector: |
disktype: ssd disktype: ssd
kubernetes.io/arch: amd64 kubernetes.io/arch: amd64
kubernetes.io/os: linux kubernetes.io/os: linux
tower_tolerations: | tolerations: |
- key: "dedicated" - key: "dedicated"
operator: "Equal" operator: "Equal"
value: "AWX" value: "AWX"
effect: "NoSchedule" effect: "NoSchedule"
tower_postgres_selector: | postgres_selector: |
disktype: ssd disktype: ssd
kubernetes.io/arch: amd64 kubernetes.io/arch: amd64
kubernetes.io/os: linux kubernetes.io/os: linux
tower_postgres_tolerations: | postgres_tolerations: |
- key: "dedicated" - key: "dedicated"
operator: "Equal" operator: "Equal"
value: "AWX" value: "AWX"
@@ -431,11 +431,11 @@ In cases which you want to persist the `/var/lib/projects` directory, there are
| Name | Description | Default | | Name | Description | Default |
| -----------------------------------| ---------------------------------------------------------------------------------------------------- | ---------------| | -----------------------------------| ---------------------------------------------------------------------------------------------------- | ---------------|
| tower_projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false | | projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false |
| tower_projects_storage_class | Define the PersistentVolume storage class | '' | | projects_storage_class | Define the PersistentVolume storage class | '' |
| tower_projects_storage_size | Define the PersistentVolume size | 8Gi | | projects_storage_size | Define the PersistentVolume size | 8Gi |
| tower_projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany | | projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany |
| tower_projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `tower_projects_storage_*`) | '' | | projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `projects_storage_*`) | '' |
Example of customization when the `awx-operator` automatically handles the persistent volume could be: Example of customization when the `awx-operator` automatically handles the persistent volume could be:
@@ -443,9 +443,9 @@ Example of customization when the `awx-operator` automatically handles the persi
--- ---
spec: spec:
... ...
tower_projects_persistence: true projects_persistence: true
tower_projects_storage_class: rook-ceph projects_storage_class: rook-ceph
tower_projects_storage_size: 20Gi projects_storage_size: 20Gi
``` ```
#### Custom Volume and Volume Mount Options #### Custom Volume and Volume Mount Options
@@ -454,10 +454,10 @@ In a scenario where custom volumes and volume mounts are required to either over
| Name | Description | Default | | Name | Description | Default |
| ------------------------------ | -------------------------------------------------------- | ------- | | ------------------------------ | -------------------------------------------------------- | ------- |
| tower_extra_volumes | Specify extra volumes to add to the application pod | '' | | extra_volumes | Specify extra volumes to add to the application pod | '' |
| tower_web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | | web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | | task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| tower_ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' | | ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
Example configuration for ConfigMap Example configuration for ConfigMap
@@ -484,17 +484,17 @@ Example spec file for volumes and volume mounts
--- ---
spec: spec:
... ...
tower_ee_extra_volume_mounts: | ee_extra_volume_mounts: |
- name: ansible-cfg - name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg subPath: ansible.cfg
tower_task_extra_volume_mounts: | task_extra_volume_mounts: |
- name: custom-py - name: custom-py
mountPath: /etc/tower/conf.d/custom.py mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py subPath: custom.py
tower_extra_volumes: | extra_volumes: |
- name: ansible-cfg - name: ansible-cfg
configMap: configMap:
defaultMode: 420 defaultMode: 420
@@ -520,24 +520,24 @@ If you need to export custom environment variables to your containers.
| Name | Description | Default | | Name | Description | Default |
| ----------------------------- | -------------------------------------------------------- | ------- | | ----------------------------- | -------------------------------------------------------- | ------- |
| tower_task_extra_env | Environment variables to be added to Task container | '' | | task_extra_env | Environment variables to be added to Task container | '' |
| tower_web_extra_env | Environment variables to be added to Web container | '' | | web_extra_env | Environment variables to be added to Web container | '' |
Example configuration of environment variables Example configuration of environment variables
```yaml ```yaml
spec: spec:
tower_task_extra_env: | task_extra_env: |
- name: MYCUSTOMVAR - name: MYCUSTOMVAR
value: foo value: foo
tower_web_extra_env: | web_extra_env: |
- name: MYCUSTOMVAR - name: MYCUSTOMVAR
value: foo value: foo
``` ```
### Upgrading ### Upgrading
To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `tower_image_version` variable in `roles/installer/defaults/main.yml` for that particular release. To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment. Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment.

14
ansible/instantiate-awx-deployment.yml
View File

@@ -18,13 +18,13 @@
metadata: metadata:
name: awx name: awx
spec: spec:
tower_admin_user: admin admin_user: admin
tower_admin_email: admin@localhost admin_email: admin@localhost
tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer ingress_type: "{{ ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer
tower_image: "{{ tower_image | default(omit) }}" image: "{{ image | default(omit) }}"
tower_image_version: "{{ tower_image_version | default(omit) }}" image_version: "{{ image_version | default(omit) }}"
development_mode: "{{ development_mode | default(omit) | bool }}" development_mode: "{{ development_mode | default(omit) | bool }}"
tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}" image_pull_policy: "{{ image_pull_policy | default(omit) }}"
# tower_ee_images: # ee_images:
# - name: test-ee # - name: test-ee
# image: quay.io/<user>/awx-ee # image: quay.io/<user>/awx-ee

134
ansible/templates/crd.yml.j2
View File

@@ -35,42 +35,42 @@ spec:
description: apiVersion of the deployment type description: apiVersion of the deployment type
type: string type: string
default: awx.ansible.com/v1beta1 default: awx.ansible.com/v1beta1
tower_task_privileged: task_privileged:
description: If a privileged security context should be enabled description: If a privileged security context should be enabled
type: boolean type: boolean
default: false default: false
tower_admin_user: admin_user:
description: Username to use for the admin account description: Username to use for the admin account
type: string type: string
default: admin default: admin
tower_hostname: hostname:
description: The hostname of the instance description: The hostname of the instance
type: string type: string
tower_admin_email: admin_email:
description: The admin user email description: The admin user email
type: string type: string
tower_admin_password_secret: admin_password_secret:
description: Secret where the admin password can be found description: Secret where the admin password can be found
type: string type: string
tower_postgres_configuration_secret: postgres_configuration_secret:
description: Secret where the database configuration can be found description: Secret where the database configuration can be found
type: string type: string
tower_old_postgres_configuration_secret: old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration description: Secret where the old database configuration can be found for data migration
type: string type: string
postgres_label_selector: postgres_label_selector:
description: Label selector used to identify postgres pod for data migration description: Label selector used to identify postgres pod for data migration
type: string type: string
tower_secret_key_secret: secret_key_secret:
description: Secret where the secret key can be found description: Secret where the secret key can be found
type: string type: string
tower_broadcast_websocket_secret: broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found description: Secret where the broadcast websocket secret can be found
type: string type: string
tower_extra_volumes: extra_volumes:
description: Specify extra volumes to add to the application pod description: Specify extra volumes to add to the application pod
type: string type: string
tower_ingress_type: ingress_type:
description: The ingress type to use to reach the deployed instance description: The ingress type to use to reach the deployed instance
type: string type: string
enum: enum:
@@ -83,30 +83,30 @@ spec:
- loadbalancer - loadbalancer
- NodePort - NodePort
- nodeport - nodeport
tower_ingress_annotations: ingress_annotations:
description: Annotations to add to the ingress description: Annotations to add to the ingress
type: string type: string
tower_ingress_tls_secret: ingress_tls_secret:
description: Secret where the ingress TLS secret can be found description: Secret where the ingress TLS secret can be found
type: string type: string
tower_loadbalancer_annotations: loadbalancer_annotations:
description: Annotations to add to the loadbalancer description: Annotations to add to the loadbalancer
type: string type: string
tower_loadbalancer_protocol: loadbalancer_protocol:
description: Protocol to use for the loadbalancer description: Protocol to use for the loadbalancer
type: string type: string
default: http default: http
enum: enum:
- http - http
- https - https
tower_loadbalancer_port: loadbalancer_port:
description: Port to use for the loadbalancer description: Port to use for the loadbalancer
type: integer type: integer
default: 80 default: 80
tower_route_host: route_host:
description: The DNS to use to points to the instance description: The DNS to use to points to the instance
type: string type: string
tower_route_tls_termination_mechanism: route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use description: The secure TLS termination mechanism to use
type: string type: string
default: Edge default: Edge
@@ -115,25 +115,25 @@ spec:
- edge - edge
- Passthrough - Passthrough
- passthrough - passthrough
tower_route_tls_secret: route_tls_secret:
description: Secret where the TLS related credentials are stored description: Secret where the TLS related credentials are stored
type: string type: string
tower_node_selector: node_selector:
description: nodeSelector for the AWX pods description: nodeSelector for the pods
type: string type: string
tower_service_labels: service_labels:
description: Additional labels to apply to the service description: Additional labels to apply to the service
type: string type: string
tower_tolerations: tolerations:
description: node tolerations for the AWX pods description: node tolerations for the pods
type: string type: string
tower_image: image:
description: Registry path to the application container to use description: Registry path to the application container to use
type: string type: string
tower_image_version: image_version:
description: Application container image version to use description: Application container image version to use
type: string type: string
tower_ee_images: ee_images:
description: Registry path to the Execution Environment container to use description: Registry path to the Execution Environment container to use
type: array type: array
items: items:
@@ -143,7 +143,7 @@ spec:
type: string type: string
image: image:
type: string type: string
tower_image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string
default: IfNotPresent default: IfNotPresent
@@ -154,10 +154,10 @@ spec:
- never - never
- IfNotPresent - IfNotPresent
- ifnotpresent - ifnotpresent
tower_image_pull_secret: image_pull_secret:
description: The image pull secret description: The image pull secret
type: string type: string
tower_task_resource_requirements: task_resource_requirements:
description: Resource requirements for the task container description: Resource requirements for the task container
properties: properties:
requests: requests:
@@ -179,7 +179,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_web_resource_requirements: web_resource_requirements:
description: Resource requirements for the web container description: Resource requirements for the web container
properties: properties:
requests: requests:
@@ -201,67 +201,67 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_replicas: replicas:
description: Number of instance replicas description: Number of instance replicas
type: integer type: integer
default: 1 default: 1
format: int32 format: int32
tower_garbage_collect_secrets: garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal description: Whether or not to remove secrets upon instance removal
default: false default: false
type: boolean type: boolean
tower_create_preload_data: create_preload_data:
description: Whether or not to preload data upon Tower instance creation description: Whether or not to preload data upon instance creation
default: true default: true
type: boolean type: boolean
tower_task_args: task_args:
type: array type: array
items: items:
type: string type: string
tower_task_command: task_command:
type: array type: array
items: items:
type: string type: string
tower_web_args: web_args:
type: array type: array
items: items:
type: string type: string
tower_web_command: web_command:
type: array type: array
items: items:
type: string type: string
tower_task_extra_env: task_extra_env:
type: string type: string
tower_web_extra_env: web_extra_env:
type: string type: string
tower_ee_extra_volume_mounts: ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container description: Specify volume mounts to be added to Execution container
type: string type: string
tower_task_extra_volume_mounts: task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container description: Specify volume mounts to be added to Task container
type: string type: string
tower_web_extra_volume_mounts: web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container description: Specify volume mounts to be added to the Web container
type: string type: string
tower_redis_image: redis_image:
description: Registry path to the redis container to use description: Registry path to the redis container to use
type: string type: string
tower_redis_image_version: redis_image_version:
description: Redis container image version to use description: Redis container image version to use
type: string type: string
tower_postgres_image: postgres_image:
description: Registry path to the PostgreSQL container to use description: Registry path to the PostgreSQL container to use
type: string type: string
tower_postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
tower_postgres_selector: postgres_selector:
description: nodeSelector for the Postgres pods description: nodeSelector for the Postgres pods
type: string type: string
tower_postgres_tolerations: postgres_tolerations:
description: node tolerations for the Postgres pods description: node tolerations for the Postgres pods
type: string type: string
tower_postgres_storage_requirements: postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container description: Storage requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -275,7 +275,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_resource_requirements: postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container description: Resource requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -293,10 +293,10 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_storage_class: postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC description: Storage class to use for the PostgreSQL PVC
type: string type: string
tower_postgres_data_path: postgres_data_path:
description: Path where the PostgreSQL data are located description: Path where the PostgreSQL data are located
type: string type: string
ca_trust_bundle: ca_trust_bundle:
@@ -308,27 +308,27 @@ spec:
ldap_cacert_secret: ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string type: string
tower_projects_persistence: projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent description: Whether or not the /var/lib/projects directory will be persistent
default: false default: false
type: boolean type: boolean
tower_projects_use_existing_claim: projects_use_existing_claim:
description: Using existing PersistentVolumeClaim description: Using existing PersistentVolumeClaim
type: string type: string
enum: enum:
- _Yes_ - _Yes_
- _No_ - _No_
tower_projects_existing_claim: projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string type: string
tower_projects_storage_class: projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string type: string
tower_projects_storage_size: projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi default: 8Gi
type: string type: string
tower_projects_storage_access_mode: projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany default: ReadWriteMany
type: string type: string
@@ -345,13 +345,13 @@ spec:
type: object type: object
status: status:
properties: properties:
towerURL: URL:
description: URL to access the deployed instance description: URL to access the deployed instance
type: string type: string
towerAdminUser: adminUser:
description: Admin user of the deployed instance description: Admin user of the deployed instance
type: string type: string
towerAdminPasswordSecret: adminPasswordSecret:
description: Admin password secret name of the deployed instance description: Admin password secret name of the deployed instance
type: string type: string
postgresConfigurationSecret: postgresConfigurationSecret:
@@ -363,13 +363,13 @@ spec:
secretKeySecret: secretKeySecret:
description: Secret key secret name of the deployed instance description: Secret key secret name of the deployed instance
type: string type: string
towerMigratedFromSecret: migratedFromSecret:
description: The secret used for migrating an old Tower. description: The secret used for migrating an old instance.
type: string type: string
towerVersion: version:
description: Version of the deployed instance description: Version of the deployed instance
type: string type: string
towerImage: image:
description: URL of the image used for the deployed instance description: URL of the image used for the deployed instance
type: string type: string
conditions: conditions:

134
deploy/awx-operator.yaml
View File

@@ -37,42 +37,42 @@ spec:
description: apiVersion of the deployment type description: apiVersion of the deployment type
type: string type: string
default: awx.ansible.com/v1beta1 default: awx.ansible.com/v1beta1
tower_task_privileged: task_privileged:
description: If a privileged security context should be enabled description: If a privileged security context should be enabled
type: boolean type: boolean
default: false default: false
tower_admin_user: admin_user:
description: Username to use for the admin account description: Username to use for the admin account
type: string type: string
default: admin default: admin
tower_hostname: hostname:
description: The hostname of the instance description: The hostname of the instance
type: string type: string
tower_admin_email: admin_email:
description: The admin user email description: The admin user email
type: string type: string
tower_admin_password_secret: admin_password_secret:
description: Secret where the admin password can be found description: Secret where the admin password can be found
type: string type: string
tower_postgres_configuration_secret: postgres_configuration_secret:
description: Secret where the database configuration can be found description: Secret where the database configuration can be found
type: string type: string
tower_old_postgres_configuration_secret: old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration description: Secret where the old database configuration can be found for data migration
type: string type: string
postgres_label_selector: postgres_label_selector:
description: Label selector used to identify postgres pod for data migration description: Label selector used to identify postgres pod for data migration
type: string type: string
tower_secret_key_secret: secret_key_secret:
description: Secret where the secret key can be found description: Secret where the secret key can be found
type: string type: string
tower_broadcast_websocket_secret: broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found description: Secret where the broadcast websocket secret can be found
type: string type: string
tower_extra_volumes: extra_volumes:
description: Specify extra volumes to add to the application pod description: Specify extra volumes to add to the application pod
type: string type: string
tower_ingress_type: ingress_type:
description: The ingress type to use to reach the deployed instance description: The ingress type to use to reach the deployed instance
type: string type: string
enum: enum:
@@ -85,30 +85,30 @@ spec:
- loadbalancer - loadbalancer
- NodePort - NodePort
- nodeport - nodeport
tower_ingress_annotations: ingress_annotations:
description: Annotations to add to the ingress description: Annotations to add to the ingress
type: string type: string
tower_ingress_tls_secret: ingress_tls_secret:
description: Secret where the ingress TLS secret can be found description: Secret where the ingress TLS secret can be found
type: string type: string
tower_loadbalancer_annotations: loadbalancer_annotations:
description: Annotations to add to the loadbalancer description: Annotations to add to the loadbalancer
type: string type: string
tower_loadbalancer_protocol: loadbalancer_protocol:
description: Protocol to use for the loadbalancer description: Protocol to use for the loadbalancer
type: string type: string
default: http default: http
enum: enum:
- http - http
- https - https
tower_loadbalancer_port: loadbalancer_port:
description: Port to use for the loadbalancer description: Port to use for the loadbalancer
type: integer type: integer
default: 80 default: 80
tower_route_host: route_host:
description: The DNS to use to points to the instance description: The DNS to use to points to the instance
type: string type: string
tower_route_tls_termination_mechanism: route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use description: The secure TLS termination mechanism to use
type: string type: string
default: Edge default: Edge
@@ -117,25 +117,25 @@ spec:
- edge - edge
- Passthrough - Passthrough
- passthrough - passthrough
tower_route_tls_secret: route_tls_secret:
description: Secret where the TLS related credentials are stored description: Secret where the TLS related credentials are stored
type: string type: string
tower_node_selector: node_selector:
description: nodeSelector for the AWX pods description: nodeSelector for the pods
type: string type: string
tower_service_labels: service_labels:
description: Additional labels to apply to the service description: Additional labels to apply to the service
type: string type: string
tower_tolerations: tolerations:
description: node tolerations for the AWX pods description: node tolerations for the pods
type: string type: string
tower_image: image:
description: Registry path to the application container to use description: Registry path to the application container to use
type: string type: string
tower_image_version: image_version:
description: Application container image version to use description: Application container image version to use
type: string type: string
tower_ee_images: ee_images:
description: Registry path to the Execution Environment container to use description: Registry path to the Execution Environment container to use
type: array type: array
items: items:
@@ -145,7 +145,7 @@ spec:
type: string type: string
image: image:
type: string type: string
tower_image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string
default: IfNotPresent default: IfNotPresent
@@ -156,10 +156,10 @@ spec:
- never - never
- IfNotPresent - IfNotPresent
- ifnotpresent - ifnotpresent
tower_image_pull_secret: image_pull_secret:
description: The image pull secret description: The image pull secret
type: string type: string
tower_task_resource_requirements: task_resource_requirements:
description: Resource requirements for the task container description: Resource requirements for the task container
properties: properties:
requests: requests:
@@ -181,7 +181,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_web_resource_requirements: web_resource_requirements:
description: Resource requirements for the web container description: Resource requirements for the web container
properties: properties:
requests: requests:
@@ -203,67 +203,67 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_replicas: replicas:
description: Number of instance replicas description: Number of instance replicas
type: integer type: integer
default: 1 default: 1
format: int32 format: int32
tower_garbage_collect_secrets: garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal description: Whether or not to remove secrets upon instance removal
default: false default: false
type: boolean type: boolean
tower_create_preload_data: create_preload_data:
description: Whether or not to preload data upon Tower instance creation description: Whether or not to preload data upon instance creation
default: true default: true
type: boolean type: boolean
tower_task_args: task_args:
type: array type: array
items: items:
type: string type: string
tower_task_command: task_command:
type: array type: array
items: items:
type: string type: string
tower_web_args: web_args:
type: array type: array
items: items:
type: string type: string
tower_web_command: web_command:
type: array type: array
items: items:
type: string type: string
tower_task_extra_env: task_extra_env:
type: string type: string
tower_web_extra_env: web_extra_env:
type: string type: string
tower_ee_extra_volume_mounts: ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container description: Specify volume mounts to be added to Execution container
type: string type: string
tower_task_extra_volume_mounts: task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container description: Specify volume mounts to be added to Task container
type: string type: string
tower_web_extra_volume_mounts: web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container description: Specify volume mounts to be added to the Web container
type: string type: string
tower_redis_image: redis_image:
description: Registry path to the redis container to use description: Registry path to the redis container to use
type: string type: string
tower_redis_image_version: redis_image_version:
description: Redis container image version to use description: Redis container image version to use
type: string type: string
tower_postgres_image: postgres_image:
description: Registry path to the PostgreSQL container to use description: Registry path to the PostgreSQL container to use
type: string type: string
tower_postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
tower_postgres_selector: postgres_selector:
description: nodeSelector for the Postgres pods description: nodeSelector for the Postgres pods
type: string type: string
tower_postgres_tolerations: postgres_tolerations:
description: node tolerations for the Postgres pods description: node tolerations for the Postgres pods
type: string type: string
tower_postgres_storage_requirements: postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container description: Storage requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -277,7 +277,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_resource_requirements: postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container description: Resource requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -295,10 +295,10 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_storage_class: postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC description: Storage class to use for the PostgreSQL PVC
type: string type: string
tower_postgres_data_path: postgres_data_path:
description: Path where the PostgreSQL data are located description: Path where the PostgreSQL data are located
type: string type: string
ca_trust_bundle: ca_trust_bundle:
@@ -310,27 +310,27 @@ spec:
ldap_cacert_secret: ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string type: string
tower_projects_persistence: projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent description: Whether or not the /var/lib/projects directory will be persistent
default: false default: false
type: boolean type: boolean
tower_projects_use_existing_claim: projects_use_existing_claim:
description: Using existing PersistentVolumeClaim description: Using existing PersistentVolumeClaim
type: string type: string
enum: enum:
- _Yes_ - _Yes_
- _No_ - _No_
tower_projects_existing_claim: projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string type: string
tower_projects_storage_class: projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string type: string
tower_projects_storage_size: projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi default: 8Gi
type: string type: string
tower_projects_storage_access_mode: projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany default: ReadWriteMany
type: string type: string
@@ -347,13 +347,13 @@ spec:
type: object type: object
status: status:
properties: properties:
towerURL: URL:
description: URL to access the deployed instance description: URL to access the deployed instance
type: string type: string
towerAdminUser: adminUser:
description: Admin user of the deployed instance description: Admin user of the deployed instance
type: string type: string
towerAdminPasswordSecret: adminPasswordSecret:
description: Admin password secret name of the deployed instance description: Admin password secret name of the deployed instance
type: string type: string
postgresConfigurationSecret: postgresConfigurationSecret:
@@ -365,13 +365,13 @@ spec:
secretKeySecret: secretKeySecret:
description: Secret key secret name of the deployed instance description: Secret key secret name of the deployed instance
type: string type: string
towerMigratedFromSecret: migratedFromSecret:
description: The secret used for migrating an old Tower. description: The secret used for migrating an old instance.
type: string type: string
towerVersion: version:
description: Version of the deployed instance description: Version of the deployed instance
type: string type: string
towerImage: image:
description: URL of the image used for the deployed instance description: URL of the image used for the deployed instance
type: string type: string
conditions: conditions:

134
deploy/crds/awx_v1beta1_crd.yaml
View File

@@ -35,42 +35,42 @@ spec:
description: apiVersion of the deployment type description: apiVersion of the deployment type
type: string type: string
default: awx.ansible.com/v1beta1 default: awx.ansible.com/v1beta1
tower_task_privileged: task_privileged:
description: If a privileged security context should be enabled description: If a privileged security context should be enabled
type: boolean type: boolean
default: false default: false
tower_admin_user: admin_user:
description: Username to use for the admin account description: Username to use for the admin account
type: string type: string
default: admin default: admin
tower_hostname: hostname:
description: The hostname of the instance description: The hostname of the instance
type: string type: string
tower_admin_email: admin_email:
description: The admin user email description: The admin user email
type: string type: string
tower_admin_password_secret: admin_password_secret:
description: Secret where the admin password can be found description: Secret where the admin password can be found
type: string type: string
tower_postgres_configuration_secret: postgres_configuration_secret:
description: Secret where the database configuration can be found description: Secret where the database configuration can be found
type: string type: string
tower_old_postgres_configuration_secret: old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration description: Secret where the old database configuration can be found for data migration
type: string type: string
postgres_label_selector: postgres_label_selector:
description: Label selector used to identify postgres pod for data migration description: Label selector used to identify postgres pod for data migration
type: string type: string
tower_secret_key_secret: secret_key_secret:
description: Secret where the secret key can be found description: Secret where the secret key can be found
type: string type: string
tower_broadcast_websocket_secret: broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found description: Secret where the broadcast websocket secret can be found
type: string type: string
tower_extra_volumes: extra_volumes:
description: Specify extra volumes to add to the application pod description: Specify extra volumes to add to the application pod
type: string type: string
tower_ingress_type: ingress_type:
description: The ingress type to use to reach the deployed instance description: The ingress type to use to reach the deployed instance
type: string type: string
enum: enum:
@@ -83,30 +83,30 @@ spec:
- loadbalancer - loadbalancer
- NodePort - NodePort
- nodeport - nodeport
tower_ingress_annotations: ingress_annotations:
description: Annotations to add to the ingress description: Annotations to add to the ingress
type: string type: string
tower_ingress_tls_secret: ingress_tls_secret:
description: Secret where the ingress TLS secret can be found description: Secret where the ingress TLS secret can be found
type: string type: string
tower_loadbalancer_annotations: loadbalancer_annotations:
description: Annotations to add to the loadbalancer description: Annotations to add to the loadbalancer
type: string type: string
tower_loadbalancer_protocol: loadbalancer_protocol:
description: Protocol to use for the loadbalancer description: Protocol to use for the loadbalancer
type: string type: string
default: http default: http
enum: enum:
- http - http
- https - https
tower_loadbalancer_port: loadbalancer_port:
description: Port to use for the loadbalancer description: Port to use for the loadbalancer
type: integer type: integer
default: 80 default: 80
tower_route_host: route_host:
description: The DNS to use to points to the instance description: The DNS to use to points to the instance
type: string type: string
tower_route_tls_termination_mechanism: route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use description: The secure TLS termination mechanism to use
type: string type: string
default: Edge default: Edge
@@ -115,25 +115,25 @@ spec:
- edge - edge
- Passthrough - Passthrough
- passthrough - passthrough
tower_route_tls_secret: route_tls_secret:
description: Secret where the TLS related credentials are stored description: Secret where the TLS related credentials are stored
type: string type: string
tower_node_selector: node_selector:
description: nodeSelector for the AWX pods description: nodeSelector for the pods
type: string type: string
tower_service_labels: service_labels:
description: Additional labels to apply to the service description: Additional labels to apply to the service
type: string type: string
tower_tolerations: tolerations:
description: node tolerations for the AWX pods description: node tolerations for the pods
type: string type: string
tower_image: image:
description: Registry path to the application container to use description: Registry path to the application container to use
type: string type: string
tower_image_version: image_version:
description: Application container image version to use description: Application container image version to use
type: string type: string
tower_ee_images: ee_images:
description: Registry path to the Execution Environment container to use description: Registry path to the Execution Environment container to use
type: array type: array
items: items:
@@ -143,7 +143,7 @@ spec:
type: string type: string
image: image:
type: string type: string
tower_image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string
default: IfNotPresent default: IfNotPresent
@@ -154,10 +154,10 @@ spec:
- never - never
- IfNotPresent - IfNotPresent
- ifnotpresent - ifnotpresent
tower_image_pull_secret: image_pull_secret:
description: The image pull secret description: The image pull secret
type: string type: string
tower_task_resource_requirements: task_resource_requirements:
description: Resource requirements for the task container description: Resource requirements for the task container
properties: properties:
requests: requests:
@@ -179,7 +179,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_web_resource_requirements: web_resource_requirements:
description: Resource requirements for the web container description: Resource requirements for the web container
properties: properties:
requests: requests:
@@ -201,67 +201,67 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_replicas: replicas:
description: Number of instance replicas description: Number of instance replicas
type: integer type: integer
default: 1 default: 1
format: int32 format: int32
tower_garbage_collect_secrets: garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal description: Whether or not to remove secrets upon instance removal
default: false default: false
type: boolean type: boolean
tower_create_preload_data: create_preload_data:
description: Whether or not to preload data upon Tower instance creation description: Whether or not to preload data upon instance creation
default: true default: true
type: boolean type: boolean
tower_task_args: task_args:
type: array type: array
items: items:
type: string type: string
tower_task_command: task_command:
type: array type: array
items: items:
type: string type: string
tower_web_args: web_args:
type: array type: array
items: items:
type: string type: string
tower_web_command: web_command:
type: array type: array
items: items:
type: string type: string
tower_task_extra_env: task_extra_env:
type: string type: string
tower_web_extra_env: web_extra_env:
type: string type: string
tower_ee_extra_volume_mounts: ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container description: Specify volume mounts to be added to Execution container
type: string type: string
tower_task_extra_volume_mounts: task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container description: Specify volume mounts to be added to Task container
type: string type: string
tower_web_extra_volume_mounts: web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container description: Specify volume mounts to be added to the Web container
type: string type: string
tower_redis_image: redis_image:
description: Registry path to the redis container to use description: Registry path to the redis container to use
type: string type: string
tower_redis_image_version: redis_image_version:
description: Redis container image version to use description: Redis container image version to use
type: string type: string
tower_postgres_image: postgres_image:
description: Registry path to the PostgreSQL container to use description: Registry path to the PostgreSQL container to use
type: string type: string
tower_postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
tower_postgres_selector: postgres_selector:
description: nodeSelector for the Postgres pods description: nodeSelector for the Postgres pods
type: string type: string
tower_postgres_tolerations: postgres_tolerations:
description: node tolerations for the Postgres pods description: node tolerations for the Postgres pods
type: string type: string
tower_postgres_storage_requirements: postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container description: Storage requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -275,7 +275,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_resource_requirements: postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container description: Resource requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -293,10 +293,10 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_storage_class: postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC description: Storage class to use for the PostgreSQL PVC
type: string type: string
tower_postgres_data_path: postgres_data_path:
description: Path where the PostgreSQL data are located description: Path where the PostgreSQL data are located
type: string type: string
ca_trust_bundle: ca_trust_bundle:
@@ -308,27 +308,27 @@ spec:
ldap_cacert_secret: ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string type: string
tower_projects_persistence: projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent description: Whether or not the /var/lib/projects directory will be persistent
default: false default: false
type: boolean type: boolean
tower_projects_use_existing_claim: projects_use_existing_claim:
description: Using existing PersistentVolumeClaim description: Using existing PersistentVolumeClaim
type: string type: string
enum: enum:
- _Yes_ - _Yes_
- _No_ - _No_
tower_projects_existing_claim: projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string type: string
tower_projects_storage_class: projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string type: string
tower_projects_storage_size: projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi default: 8Gi
type: string type: string
tower_projects_storage_access_mode: projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany default: ReadWriteMany
type: string type: string
@@ -345,13 +345,13 @@ spec:
type: object type: object
status: status:
properties: properties:
towerURL: URL:
description: URL to access the deployed instance description: URL to access the deployed instance
type: string type: string
towerAdminUser: adminUser:
description: Admin user of the deployed instance description: Admin user of the deployed instance
type: string type: string
towerAdminPasswordSecret: adminPasswordSecret:
description: Admin password secret name of the deployed instance description: Admin password secret name of the deployed instance
type: string type: string
postgresConfigurationSecret: postgresConfigurationSecret:
@@ -363,13 +363,13 @@ spec:
secretKeySecret: secretKeySecret:
description: Secret key secret name of the deployed instance description: Secret key secret name of the deployed instance
type: string type: string
towerMigratedFromSecret: migratedFromSecret:
description: The secret used for migrating an old Tower. description: The secret used for migrating an old instance.
type: string type: string
towerVersion: version:
description: Version of the deployed instance description: Version of the deployed instance
type: string type: string
towerImage: image:
description: URL of the image used for the deployed instance description: URL of the image used for the deployed instance
type: string type: string
conditions: conditions:

6
deploy/crds/awx_v1beta1_molecule.yaml
View File

@@ -6,12 +6,12 @@ metadata:
namespace: example-awx namespace: example-awx
spec: spec:
deployment_type: awx deployment_type: awx
tower_ingress_type: ingress ingress_type: ingress
tower_web_resource_requirements: web_resource_requirements:
requests: requests:
cpu: 500m cpu: 500m
memory: 128M memory: 128M
tower_task_resource_requirements: task_resource_requirements:
requests: requests:
cpu: 500m cpu: 500m
memory: 128M memory: 128M

224
deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
View File

@@ -13,14 +13,14 @@ metadata:
}, },
"spec": { "spec": {
"deployment_type": "awx", "deployment_type": "awx",
"tower_ingress_type": "ingress", "ingress_type": "ingress",
"tower_task_resource_requirements": { "task_resource_requirements": {
"requests": { "requests": {
"cpu": "500m", "cpu": "500m",
"memory": "128M" "memory": "128M"
} }
}, },
"tower_web_resource_requirements": { "web_resource_requirements": {
"requests": { "requests": {
"cpu": "500m", "cpu": "500m",
"memory": "128M" "memory": "128M"
@@ -125,7 +125,7 @@ spec:
statusDescriptors: statusDescriptors:
- displayName: Restore status - displayName: Restore status
description: The state of the restore description: The state of the restore
path: towerRestoreComplete path: restoreComplete
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- description: A AWX Instance - description: A AWX Instance
@@ -134,47 +134,47 @@ spec:
name: awxs.awx.ansible.com name: awxs.awx.ansible.com
specDescriptors: specDescriptors:
- displayName: Hostname - displayName: Hostname
path: tower_hostname path: hostname
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin account username - displayName: Admin account username
path: tower_admin_user path: admin_user
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin email address - displayName: Admin email address
path: tower_admin_email path: admin_email
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin password secret - displayName: Admin password secret
path: tower_admin_password_secret path: admin_password_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: Database configuration secret - displayName: Database configuration secret
path: tower_postgres_configuration_secret path: postgres_configuration_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: Old Database configuration secret - displayName: Old Database configuration secret
path: tower_old_postgres_configuration_secret path: old_postgres_configuration_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: Secret key secret - displayName: Secret key secret
path: tower_secret_key_secret path: secret_key_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: Broadcast Websocket Secret - displayName: Broadcast Websocket Secret
path: tower_broadcast_websocket_secret path: broadcast_websocket_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: Ingress Type - displayName: Ingress Type
path: tower_ingress_type path: ingress_type
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:none - urn:alm:descriptor:com.tectonic.ui:select:none
@@ -182,98 +182,98 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:select:Route - urn:alm:descriptor:com.tectonic.ui:select:Route
- urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
- urn:alm:descriptor:com.tectonic.ui:select:NodePort - urn:alm:descriptor:com.tectonic.ui:select:NodePort
- displayName: Tower Ingress Annotations - displayName: Ingress Annotations
path: tower_ingress_annotations path: ingress_annotations
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower Ingress TLS Secret - displayName: Ingress TLS Secret
path: tower_ingress_tls_secret path: ingress_tls_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower LoadBalancer Annotations - displayName: LoadBalancer Annotations
path: tower_loadbalancer_annotations path: loadbalancer_annotations
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer
- displayName: Tower LoadBalancer Protocol - displayName: LoadBalancer Protocol
path: tower_loadbalancer_protocol path: loadbalancer_protocol
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:http - urn:alm:descriptor:com.tectonic.ui:select:http
- urn:alm:descriptor:com.tectonic.ui:select:https - urn:alm:descriptor:com.tectonic.ui:select:https
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer
- displayName: Tower LoadBalancer Port - displayName: LoadBalancer Port
path: tower_loadbalancer_port path: loadbalancer_port
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number - urn:alm:descriptor:com.tectonic.ui:number
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer
- displayName: Route DNS host - displayName: Route DNS host
path: tower_route_host path: route_host
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS termination mechanism - displayName: Route TLS termination mechanism
path: tower_route_tls_termination_mechanism path: route_tls_termination_mechanism
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:Edge - urn:alm:descriptor:com.tectonic.ui:select:Edge
- urn:alm:descriptor:com.tectonic.ui:select:Passthrough - urn:alm:descriptor:com.tectonic.ui:select:Passthrough
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS credential secret - displayName: Route TLS credential secret
path: tower_route_tls_secret path: route_tls_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Image Pull Policy - displayName: Image Pull Policy
path: tower_image_pull_policy path: image_pull_policy
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: Image Pull Secret - displayName: Image Pull Secret
path: tower_image_pull_secret path: image_pull_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullSecret - urn:alm:descriptor:com.tectonic.ui:imagePullSecret
- displayName: Web container resource requirements - displayName: Web container resource requirements
path: tower_web_resource_requirements path: web_resource_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Task container resource requirements - displayName: Task container resource requirements
path: tower_task_resource_requirements path: task_resource_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container resource requirements (when using a managed instance) - displayName: PostgreSQL container resource requirements (when using a managed instance)
path: tower_postgres_resource_requirements path: postgres_resource_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container storage requirements (when using a managed instance) - displayName: PostgreSQL container storage requirements (when using a managed instance)
path: tower_postgres_storage_requirements path: postgres_storage_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas - displayName: Replicas
path: tower_replicas path: replicas
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number - urn:alm:descriptor:com.tectonic.ui:number
- displayName: Remove used secrets on instance removal ? - displayName: Remove used secrets on instance removal ?
path: tower_garbage_collect_secrets path: garbage_collect_secrets
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Preload instance with data upon creation ? - displayName: Preload instance with data upon creation ?
path: tower_create_preload_data path: create_preload_data
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
@@ -283,8 +283,8 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Should Tower Task container deployed with privileged level ? - displayName: Should the task container deployed with privileged level ?
path: tower_task_privileged path: task_privileged
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
@@ -304,53 +304,53 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Image - displayName: Image
path: tower_image path: image
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Image Version - displayName: Image Version
path: tower_image_version path: image_version
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image - displayName: Redis Image
path: tower_redis_image path: redis_image
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image Version - displayName: Redis Image Version
path: tower_redis_image_version path: redis_image_version
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image - displayName: PostgreSQL Image
path: tower_postgres_image path: postgres_image
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version - displayName: PostgreSQL Image Version
path: tower_postgres_image_version path: postgres_image_version
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Selector - displayName: Postgres Selector
path: tower_postgres_selector path: postgres_selector
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Tolerations - displayName: Postgres Tolerations
path: tower_postgres_tolerations path: postgres_tolerations
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Storage Class - displayName: Postgres Storage Class
path: tower_postgres_storage_class path: postgres_storage_class
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Postgres Datapath - displayName: Postgres Datapath
path: tower_postgres_data_path path: postgres_data_path
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
@@ -364,121 +364,121 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: Tower Task Args - displayName: Task Args
path: tower_task_args path: task_args
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Enable persistence for /var/lib/projects directory? - displayName: Enable persistence for /var/lib/projects directory?
path: tower_projects_persistence path: projects_persistence
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Use existing Persistent Claim? - displayName: Use existing Persistent Claim?
path: tower_projects_use_existing_claim path: projects_use_existing_claim
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:_Yes_ - urn:alm:descriptor:com.tectonic.ui:select:_Yes_
- urn:alm:descriptor:com.tectonic.ui:select:_No_ - urn:alm:descriptor:com.tectonic.ui:select:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_persistence:true - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
- displayName: Tower Projects Existing Persistent Claim - displayName: Projects Existing Persistent Claim
path: tower_projects_existing_claim path: projects_existing_claim
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_ - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
- urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
- description: Tower Projects Storage Class Name. If not present, the default - description: Projects Storage Class Name. If not present, the default
storage class will be used. storage class will be used.
displayName: Tower Projects Storage Class Name displayName: Projects Storage Class Name
path: tower_projects_storage_class path: projects_storage_class
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- description: Tower Projects Storage Size - description: Projects Storage Size
displayName: Tower Projects Storage Size displayName: Projects Storage Size
path: tower_projects_storage_size path: projects_storage_size
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- description: Tower Projects Storage Access Mode - description: Projects Storage Access Mode
displayName: Tower Projects Storage Access Mode displayName: Projects Storage Access Mode
path: tower_projects_storage_access_mode path: projects_storage_access_mode
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- displayName: Tower Task Command - displayName: Task Command
path: tower_task_command path: task_command
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Task Extra Env - displayName: Task Extra Env
description: Environment variables to be added to Task container description: Environment variables to be added to Task container
path: tower_task_extra_env path: task_extra_env
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: - displayName: EE Extra Volume Mounts
path: tower_ee_extra_volume_mounts path: ee_extra_volume_mounts
description: Specify volume mounts to be added to Execution container description: Specify volume mounts to be added to Execution container
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower EE Images - displayName: EE Images
description: Registry path to the Execution Environment container to use description: Registry path to the Execution Environment container to use
path: tower_ee_images path: ee_images
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Task Extra Volume Mounts - displayName: Task Extra Volume Mounts
description: Specify volume mounts to be added to Task container description: Specify volume mounts to be added to Task container
path: tower_task_extra_volume_mounts path: task_extra_volume_mounts
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Args - displayName: Web Args
path: tower_web_args path: web_args
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Command - displayName: Web Command
path: tower_web_command path: web_command
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Extra Env - displayName: Web Extra Env
description: Environment variables to be added to Web container description: Environment variables to be added to Web container
path: tower_web_extra_env path: web_extra_env
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Web Extra Volume Mounts - displayName: Web Extra Volume Mounts
description: Specify volume mounts to be added to Web container description: Specify volume mounts to be added to Web container
path: tower_web_extra_volume_mounts path: web_extra_volume_mounts
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Extra Volumes - displayName: Extra Volumes
description: Specify extra volumes to add to the application pod description: Specify extra volumes to add to the application pod
path: tower_extra_volumes path: extra_volumes
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Node Selector - displayName: Node Selector
path: tower_node_selector path: node_selector
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Service Labels - displayName: Service Labels
path: tower_service_labels path: service_labels
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tower Tolerations - displayName: Tolerations
path: tower_tolerations path: tolerations
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
@@ -490,27 +490,27 @@ spec:
statusDescriptors: statusDescriptors:
- description: Route to access the instance deployed - description: Route to access the instance deployed
displayName: URL displayName: URL
path: towerURL path: URL
x-descriptors: x-descriptors:
- urn:alm:descriptor:org.w3:link - urn:alm:descriptor:org.w3:link
- description: Admin user for the instance deployed - description: Admin user for the instance deployed
displayName: Admin User displayName: Admin User
path: towerAdminUser path: adminUser
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- description: Admin password for the instance deployed - description: Admin password for the instance deployed
displayName: Admin Password displayName: Admin Password
path: towerAdminPasswordSecret path: adminPasswordSecret
x-descriptors: x-descriptors:
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- description: Version of the instance deployed - description: Version of the instance deployed
displayName: Version displayName: Version
path: towerVersion path: version
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
- description: Image of the instance deployed - description: Image of the instance deployed
displayName: Image displayName: Image
path: towerImage path: image
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1 version: v1beta1

134
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
View File

@@ -41,24 +41,24 @@ spec:
description: Secret where can be found the LDAP trusted Certificate description: Secret where can be found the LDAP trusted Certificate
Authority Bundle Authority Bundle
type: string type: string
tower_admin_email: admin_email:
description: The admin user email description: The admin user email
type: string type: string
tower_admin_password_secret: admin_password_secret:
description: Secret where the admin password can be found description: Secret where the admin password can be found
type: string type: string
tower_admin_user: admin_user:
default: admin default: admin
description: Username to use for the admin account description: Username to use for the admin account
type: string type: string
tower_broadcast_websocket_secret: broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found description: Secret where the broadcast websocket secret can be found
type: string type: string
tower_create_preload_data: create_preload_data:
default: true default: true
description: Whether or not to preload data upon Tower instance creation description: Whether or not to preload data upon instance creation
type: boolean type: boolean
tower_ee_images: ee_images:
description: Registry path to the Execution Environment container description: Registry path to the Execution Environment container
to use to use
items: items:
@@ -69,23 +69,23 @@ spec:
type: string type: string
type: object type: object
type: array type: array
tower_extra_volumes: extra_volumes:
description: Specify extra volumes to add to the application pod description: Specify extra volumes to add to the application pod
type: string type: string
tower_garbage_collect_secrets: garbage_collect_secrets:
default: false default: false
description: Whether or not to remove secrets upon instance removal description: Whether or not to remove secrets upon instance removal
type: boolean type: boolean
tower_hostname: hostname:
description: The hostname of the instance description: The hostname of the instance
type: string type: string
tower_image: image:
description: Registry path to the application container to use description: Registry path to the application container to use
type: string type: string
tower_image_version: image_version:
description: Application container image version to use description: Application container image version to use
type: string type: string
tower_image_pull_policy: image_pull_policy:
default: IfNotPresent default: IfNotPresent
description: The image pull policy description: The image pull policy
enum: enum:
@@ -96,16 +96,16 @@ spec:
- IfNotPresent - IfNotPresent
- ifnotpresent - ifnotpresent
type: string type: string
tower_image_pull_secret: image_pull_secret:
description: The image pull secret description: The image pull secret
type: string type: string
tower_ingress_annotations: ingress_annotations:
description: Annotations to add to the ingress description: Annotations to add to the ingress
type: string type: string
tower_ingress_tls_secret: ingress_tls_secret:
description: Secret where the ingress TLS secret can be found description: Secret where the ingress TLS secret can be found
type: string type: string
tower_ingress_type: ingress_type:
description: The ingress type to use to reach the deployed instance description: The ingress type to use to reach the deployed instance
enum: enum:
- none - none
@@ -118,49 +118,49 @@ spec:
- NodePort - NodePort
- nodeport - nodeport
type: string type: string
tower_loadbalancer_annotations: loadbalancer_annotations:
description: Annotations to add to the loadbalancer description: Annotations to add to the loadbalancer
type: string type: string
tower_loadbalancer_port: loadbalancer_port:
default: 80 default: 80
description: Port to use for the loadbalancer description: Port to use for the loadbalancer
type: integer type: integer
tower_loadbalancer_protocol: loadbalancer_protocol:
default: http default: http
description: Protocol to use for the loadbalancer description: Protocol to use for the loadbalancer
enum: enum:
- http - http
- https - https
type: string type: string
tower_node_selector: node_selector:
description: nodeSelector for the AWX pods description: nodeSelector for the pods
type: string type: string
tower_service_labels: service_labels:
description: Additional labels to apply to the service description: Additional labels to apply to the service
type: string type: string
tower_old_postgres_configuration_secret: old_postgres_configuration_secret:
description: Secret where the old database configuration can be found description: Secret where the old database configuration can be found
for data migration for data migration
type: string type: string
tower_postgres_configuration_secret: postgres_configuration_secret:
description: Secret where the database configuration can be found description: Secret where the database configuration can be found
type: string type: string
tower_postgres_data_path: postgres_data_path:
description: Path where the PostgreSQL data are located description: Path where the PostgreSQL data are located
type: string type: string
tower_postgres_image: postgres_image:
description: Registry path to the PostgreSQL container to use description: Registry path to the PostgreSQL container to use
type: string type: string
tower_postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
tower_postgres_selector: postgres_selector:
description: nodeSelector for the Postgres pods description: nodeSelector for the Postgres pods
type: string type: string
tower_postgres_tolerations: postgres_tolerations:
description: node tolerations for the Postgres pods description: node tolerations for the Postgres pods
type: string type: string
tower_postgres_storage_requirements: postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container description: Storage requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -174,7 +174,7 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_resource_requirements: postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container description: Resource requirements for the PostgreSQL container
properties: properties:
requests: requests:
@@ -192,52 +192,52 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_postgres_storage_class: postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC description: Storage class to use for the PostgreSQL PVC
type: string type: string
tower_projects_existing_claim: projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string type: string
tower_projects_persistence: projects_persistence:
default: false default: false
description: Whether or not the /var/lib/projects directory will be description: Whether or not the /var/lib/projects directory will be
persistent persistent
type: boolean type: boolean
tower_projects_storage_access_mode: projects_storage_access_mode:
default: ReadWriteMany default: ReadWriteMany
description: AccessMode for the /var/lib/projects PersistentVolumeClaim description: AccessMode for the /var/lib/projects PersistentVolumeClaim
type: string type: string
tower_projects_storage_class: projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string type: string
tower_projects_storage_size: projects_storage_size:
default: 8Gi default: 8Gi
description: Size for the /var/lib/projects PersistentVolumeClaim description: Size for the /var/lib/projects PersistentVolumeClaim
type: string type: string
tower_projects_use_existing_claim: projects_use_existing_claim:
description: Using existing PersistentVolumeClaim description: Using existing PersistentVolumeClaim
enum: enum:
- _Yes_ - _Yes_
- _No_ - _No_
type: string type: string
tower_redis_image: redis_image:
description: Registry path to the redis container to use description: Registry path to the redis container to use
type: string type: string
tower_redis_image_version: redis_image_version:
description: Redis container image version to use description: Redis container image version to use
type: string type: string
tower_replicas: replicas:
default: 1 default: 1
description: Number of instance replicas description: Number of instance replicas
format: int32 format: int32
type: integer type: integer
tower_route_host: route_host:
description: The DNS to use to points to the instance description: The DNS to use to points to the instance
type: string type: string
tower_route_tls_secret: route_tls_secret:
description: Secret where the TLS related credentials are stored description: Secret where the TLS related credentials are stored
type: string type: string
tower_route_tls_termination_mechanism: route_tls_termination_mechanism:
default: Edge default: Edge
description: The secure TLS termination mechanism to use description: The secure TLS termination mechanism to use
enum: enum:
@@ -246,31 +246,31 @@ spec:
- Passthrough - Passthrough
- passthrough - passthrough
type: string type: string
tower_secret_key_secret: secret_key_secret:
description: Secret where the secret key can be found description: Secret where the secret key can be found
type: string type: string
tower_task_args: task_args:
items: items:
type: string type: string
type: array type: array
tower_task_command: task_command:
items: items:
type: string type: string
type: array type: array
tower_task_extra_env: task_extra_env:
description: Environment variables to be added to Task container description: Environment variables to be added to Task container
type: string type: string
tower_ee_extra_volume_mounts: ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container description: Specify volume mounts to be added to Execution container
type: string type: string
tower_task_extra_volume_mounts: task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container description: Specify volume mounts to be added to Task container
type: string type: string
tower_task_privileged: task_privileged:
default: false default: false
description: If a privileged security context should be enabled description: If a privileged security context should be enabled
type: boolean type: boolean
tower_task_resource_requirements: task_resource_requirements:
description: Resource requirements for the task container description: Resource requirements for the task container
properties: properties:
limits: limits:
@@ -292,24 +292,24 @@ spec:
type: string type: string
type: object type: object
type: object type: object
tower_tolerations: tolerations:
description: node tolerations for the AWX pods description: node tolerations for the pods
type: string type: string
tower_web_args: web_args:
items: items:
type: string type: string
type: array type: array
tower_web_command: web_command:
items: items:
type: string type: string
type: array type: array
tower_web_extra_env: web_extra_env:
description: Environment variables to be added to Web container description: Environment variables to be added to Web container
type: string type: string
tower_web_extra_volume_mounts: web_extra_volume_mounts:
description: Specify volume mounts to be added to web container description: Specify volume mounts to be added to web container
type: string type: string
tower_web_resource_requirements: web_resource_requirements:
description: Resource requirements for the web container description: Resource requirements for the web container
properties: properties:
limits: limits:
@@ -359,22 +359,22 @@ spec:
type: string type: string
type: object type: object
type: array type: array
towerAdminPasswordSecret: adminPasswordSecret:
description: Admin password of the deployed instance description: Admin password of the deployed instance
type: string type: string
towerAdminUser: adminUser:
description: Admin user of the deployed instance description: Admin user of the deployed instance
type: string type: string
towerImage: image:
description: URL of the image used for the deployed instance description: URL of the image used for the deployed instance
type: string type: string
towerMigratedFromSecret: migratedFromSecret:
description: The secret used for migrating an old Tower. description: The secret used for migrating an old instance.
type: string type: string
towerURL: URL:
description: URL to access the deployed instance description: URL to access the deployed instance
type: string type: string
towerVersion: version:
description: Version of the deployed instance description: Version of the deployed instance
type: string type: string
type: object type: object

4
docs/migration.md
View File

@@ -45,7 +45,7 @@ type: Opaque
If your AWX deployment is already using an external database server or its database is otherwise not managed If your AWX deployment is already using an external database server or its database is otherwise not managed
by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`. by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
In the next section pass it in through `tower_postgres_configuration_secret` instead, omitting the `_old_` In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
database and apply any pending migrations. It is strongly recommended to backup your database beforehand. database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
@@ -62,6 +62,6 @@ kind: AWX
metadata: metadata:
name: awx name: awx
spec: spec:
tower_old_postgres_configuration_secret: <resourcename>-old-postgres-configuration old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
... ...
``` ```

2
roles/backup/tasks/secrets.yml
View File

@@ -15,7 +15,7 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: "{{ this_awx['resources'][0]['status']['towerAdminPasswordSecret'] }}" name: "{{ this_awx['resources'][0]['status']['adminPasswordSecret'] }}"
register: _admin_password register: _admin_password
- name: Set admin_password - name: Set admin_password

2
roles/backup/tasks/update_status.yml
View File

@@ -1,7 +1,7 @@
--- ---
# The backup directory in this status can be referenced when restoring # The backup directory in this status can be referenced when restoring
- name: Update Tower Backup status - name: Update CR Backup status
operator_sdk.util.k8s_status: operator_sdk.util.k8s_status:
api_version: '{{ api_version }}' api_version: '{{ api_version }}'
kind: "{{ kind }}" kind: "{{ kind }}"

127
roles/installer/defaults/main.yml
View File

@@ -6,180 +6,181 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1'
database_name: "{{ deployment_type }}" database_name: "{{ deployment_type }}"
database_username: "{{ deployment_type }}" database_username: "{{ deployment_type }}"
tower_task_privileged: false task_privileged: false
tower_ingress_type: none ingress_type: none
# Custom labels for the tower service. Specify as literal block. E.g.: # Custom labels for the tower service. Specify as literal block. E.g.:
# tower_service_labels: | # service_labels: |
# environment: non-production # environment: non-production
# zone: internal # zone: internal
tower_service_labels: '' service_labels: ''
# Add annotations to the ingress. Specify as literal block. E.g.: # Add annotations to the ingress. Specify as literal block. E.g.:
# tower_ingress_annotations: | # ingress_annotations: |
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s # nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
tower_ingress_annotations: '' ingress_annotations: ''
# TLS secret for the ingress. The secret either has to exist before hand with # TLS secret for the ingress. The secret either has to exist before hand with
# the corresponding cert and key or just be an indicator for where an automated # the corresponding cert and key or just be an indicator for where an automated
# process like cert-manager (enabled via annotations) will store the TLS # process like cert-manager (enabled via annotations) will store the TLS
# certificate and key. # certificate and key.
tower_ingress_tls_secret: '' ingress_tls_secret: ''
tower_loadbalancer_protocol: 'http' loadbalancer_protocol: 'http'
tower_loadbalancer_port: '80' loadbalancer_port: '80'
tower_loadbalancer_annotations: '' loadbalancer_annotations: ''
# The TLS termination mechanism to use to access # The TLS termination mechanism to use to access
# the services. Supported mechanism are: edge, passthrough # the services. Supported mechanism are: edge, passthrough
# #
tower_route_tls_termination_mechanism: edge route_tls_termination_mechanism: edge
# Secret to lookup that provide the TLS specific # Secret to lookup that provide the TLS specific
# credentials to deploy # credentials to deploy
# #
tower_route_tls_secret: '' route_tls_secret: ''
# Host to create the root with. # Host to create the root with.
# If not specific will default to <instance-name>-<namespace>-<routerCanonicalHostname> # If not specific will default to <instance-name>-<namespace>-<routerCanonicalHostname>
# #
tower_route_host: '' route_host: ''
tower_hostname: '{{ deployment_type }}.example.com' hostname: '{{ deployment_type }}.example.com'
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod # Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.: # to be scheduled on that node. Specify as literal block. E.g.:
# tower_node_selector: | # node_selector: |
# disktype: ssd # disktype: ssd
# kubernetes.io/arch: amd64 # kubernetes.io/arch: amd64
# kubernetes.io/os: linux # kubernetes.io/os: linux
tower_node_selector: '' node_selector: ''
# Add node tolerations for the AWX pods. Specify as literal block. E.g.: # Add node tolerations for the AWX pods. Specify as literal block. E.g.:
# tower_tolerations: | # tolerations: |
# - key: "dedicated" # - key: "dedicated"
# operator: "Equal" # operator: "Equal"
# value: "AWX" # value: "AWX"
# effect: "NoSchedule" # effect: "NoSchedule"
tower_tolerations: '' tolerations: ''
tower_admin_user: admin admin_user: admin
tower_admin_email: test@example.com admin_email: test@example.com
# Secret to lookup that provide the admin password # Secret to lookup that provide the admin password
# #
tower_admin_password_secret: '' admin_password_secret: ''
# Secret to lookup that provide the broadcast websocket key # Secret to lookup that provide the broadcast websocket key
# #
tower_broadcast_websocket_secret: '' broadcast_websocket_secret: ''
# Secret to lookup that provide the secret key # Secret to lookup that provide the secret key
# #
tower_secret_key_secret: '' secret_key_secret: ''
# Secret to lookup that provide the PostgreSQL configuration # Secret to lookup that provide the PostgreSQL configuration
# #
tower_postgres_configuration_secret: '' postgres_configuration_secret: ''
# Secret to lookup that provides old database credentials (for migration) # Secret to lookup that provides old database credentials (for migration)
tower_old_postgres_configuration_secret: '' old_postgres_configuration_secret: ''
# Add extra volumes to the AWX pod. Specify as literal block. E.g.: # Add extra volumes to the AWX pod. Specify as literal block. E.g.:
# tower_extra_volumes: | # extra_volumes: |
# - name: my-volume # - name: my-volume
# emptyDir: {} # emptyDir: {}
tower_extra_volumes: '' extra_volumes: ''
# Use these image versions for Ansible AWX. # Use these image versions for Ansible AWX.
tower_image: quay.io/ansible/awx image: quay.io/ansible/awx
tower_image_version: 19.1.0 image_version: 19.1.0
tower_redis_image: docker.io/redis redis_image: docker.io/redis
tower_redis_image_version: latest redis_image_version: latest
tower_postgres_image: postgres postgres_image: postgres
tower_postgres_image_version: 12 postgres_image_version: 12
tower_image_pull_policy: IfNotPresent image_pull_policy: IfNotPresent
tower_image_pull_secret: '' image_pull_secret: ''
tower_ee_images: ee_images:
- name: AWX EE 0.2.0 - name: AWX EE 0.2.0
image: quay.io/ansible/awx-ee:0.2.0 image: quay.io/ansible/awx-ee:0.2.0
tower_create_preload_data: true create_preload_data: true
tower_replicas: "1" replicas: "1"
tower_task_args: task_args:
- /usr/bin/launch_awx_task.sh - /usr/bin/launch_awx_task.sh
tower_task_command: [] task_command: []
tower_web_args: [] web_args: []
tower_web_command: [] web_command: []
tower_task_resource_requirements: task_resource_requirements:
requests: requests:
cpu: 500m cpu: 500m
memory: 1Gi memory: 1Gi
tower_web_resource_requirements: web_resource_requirements:
requests: requests:
cpu: 1000m cpu: 1000m
memory: 2Gi memory: 2Gi
# Add extra environment variables to the AWX task/web containers. Specify as # Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.: # literal block. E.g.:
# tower_task_extra_env: | # task_extra_env: |
# - name: FOO # - name: FOO
# value: bar # value: bar
# - name: BAZ # - name: BAZ
# value: bing # value: bing
tower_task_extra_env: '' task_extra_env: ''
tower_web_extra_env: '' web_extra_env: ''
# Mount extra volumes on the AWX task/web containers. Specify as literal block. # Mount extra volumes on the AWX task/web containers. Specify as literal block.
# E.g.: # E.g.:
# tower_task_extra_volume_mounts: '' # task_extra_volume_mounts: ''
# - name: my-volume # - name: my-volume
# mountPath: /some/path # mountPath: /some/path
tower_task_extra_volume_mounts: '' task_extra_volume_mounts: ''
tower_web_extra_volume_mounts: '' web_extra_volume_mounts: ''
tower_ee_extra_volume_mounts: '' ee_extra_volume_mounts: ''
# Add a nodeSelector for the Postgres pods. # Add a nodeSelector for the Postgres pods.
# It must match a node's labels for the pod to be scheduled on that node. # It must match a node's labels for the pod to be scheduled on that node.
# Specify as literal block. E.g.: # Specify as literal block. E.g.:
# tower_postgres_selector: | # postgres_selector: |
# disktype: ssd # disktype: ssd
# kubernetes.io/arch: amd64 # kubernetes.io/arch: amd64
# kubernetes.io/os: linux # kubernetes.io/os: linux
tower_postgres_selector: '' postgres_selector: ''
# Add node tolerations for the Postgres pods. # Add node tolerations for the Postgres pods.
# Specify as literal block. E.g.: # Specify as literal block. E.g.:
# tower_postgres_tolerations: | # postgres_tolerations: |
# - key: "dedicated" # - key: "dedicated"
# operator: "Equal" # operator: "Equal"
# value: "AWX" # value: "AWX"
# effect: "NoSchedule" # effect: "NoSchedule"
tower_postgres_tolerations: '' postgres_tolerations: ''
tower_postgres_storage_requirements: postgres_storage_requirements:
requests: requests:
storage: 8Gi storage: 8Gi
tower_postgres_resource_requirements: {} postgres_resource_requirements: {}
tower_postgres_data_path: '/var/lib/postgresql/data/pgdata' postgres_data_path: '/var/lib/postgresql/data/pgdata'
# Persistence to the AWX project data folder # Persistence to the AWX project data folder
# Whether or not the /var/lib/projects directory will be persistent # Whether or not the /var/lib/projects directory will be persistent
tower_projects_persistence: false projects_persistence: false
# #
# Define an existing PersistentVolumeClaim to use # Define an existing PersistentVolumeClaim to use
tower_projects_existing_claim: '' projects_existing_claim: ''
# #
# Define the storage_class, size and access_mode # Define the storage_class, size and access_mode
# when not using an existing claim # when not using an existing claim
tower_projects_storage_size: 8Gi projects_storage_size: 8Gi
tower_projects_storage_access_mode: ReadWriteMany projects_storage_access_mode: ReadWriteMany
ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt" ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"
@@ -190,6 +191,6 @@ ldap_cacert_secret: ''
# Whether secrets should be garbage collected # Whether secrets should be garbage collected
# on teardown # on teardown
# #
tower_garbage_collect_secrets: false garbage_collect_secrets: false
development_mode: false development_mode: false

8
roles/installer/tasks/admin_password_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: '{{ tower_admin_password_secret }}' name: '{{ admin_password_secret }}'
register: _custom_admin_password register: _custom_admin_password
when: tower_admin_password_secret | length when: admin_password_secret | length
- name: Check for default admin password configuration - name: Check for default admin password configuration
k8s_info: k8s_info:
@@ -22,7 +22,7 @@
- name: Create admin password secret - name: Create admin password secret
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'tower_admin_password_secret.yaml.j2') }}" definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}"
- name: Read admin password secret - name: Read admin password secret
k8s_info: k8s_info:
@@ -39,4 +39,4 @@
- name: Store admin password - name: Store admin password
set_fact: set_fact:
tower_admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}" admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}"

6
roles/installer/tasks/broadcast_websocket_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: '{{ tower_broadcast_websocket_secret }}' name: '{{ broadcast_websocket_secret }}'
register: _custom_broadcast_websocket register: _custom_broadcast_websocket
when: tower_broadcast_websocket_secret | length when: broadcast_websocket_secret | length
- name: Check for default broadcast websocket secret configuration - name: Check for default broadcast websocket secret configuration
k8s_info: k8s_info:
@@ -23,7 +23,7 @@
- name: Create broadcast websocket secret - name: Create broadcast websocket secret
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'tower_broadcast_websocket_secret.yaml.j2') }}" definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}"
- name: Read broadcast websocket secret - name: Read broadcast websocket secret
k8s_info: k8s_info:

10
roles/installer/tasks/cleanup.yml
View File

@@ -2,12 +2,12 @@
- block: - block:
- name: Define secrets name - name: Define secrets name
set_fact: set_fact:
_admin_password: '{{ tower_admin_password_secret | length | ternary(tower_admin_password_secret, meta.name + "-admin-password") }}' _admin_password: '{{ admin_password_secret | length | ternary(admin_password_secret, meta.name + "-admin-password") }}'
_secret_key: '{{ tower_secret_key_secret | length | ternary(tower_secret_key_secret, meta.name + "-secret-key") }}' _secret_key: '{{ secret_key_secret | length | ternary(secret_key_secret, meta.name + "-secret-key") }}'
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
_broadcast_websocket_secret: '{{ tower_broadcast_websocket_secret | length | ternary(tower_broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204 _broadcast_websocket_secret: '{{ broadcast_websocket_secret | length | ternary(broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
_postgres_configuration: '{{ tower_postgres_configuration_secret | length | ternary(tower_postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204 _postgres_configuration: '{{ postgres_configuration_secret | length | ternary(postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204
- name: Remove ownerReferences reference - name: Remove ownerReferences reference
k8s: k8s:
@@ -24,4 +24,4 @@
- '{{ _postgres_configuration }}' - '{{ _postgres_configuration }}'
- '{{ _broadcast_websocket_secret }}' - '{{ _broadcast_websocket_secret }}'
when: not tower_garbage_collect_secrets | bool when: not garbage_collect_secrets | bool

16
roles/installer/tasks/database_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: '{{ tower_postgres_configuration_secret }}' name: '{{ postgres_configuration_secret }}'
register: _custom_pg_config_resources register: _custom_pg_config_resources
when: tower_postgres_configuration_secret | length when: postgres_configuration_secret | length
- name: Check for default PostgreSQL configuration - name: Check for default PostgreSQL configuration
k8s_info: k8s_info:
@@ -18,9 +18,9 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: '{{ tower_old_postgres_configuration_secret }}' name: '{{ old_postgres_configuration_secret }}'
register: _custom_old_pg_config_resources register: _custom_old_pg_config_resources
when: tower_old_postgres_configuration_secret | length when: old_postgres_configuration_secret | length
- name: Check for default old PostgreSQL configuration - name: Check for default old PostgreSQL configuration
k8s_info: k8s_info:
@@ -50,7 +50,7 @@
- name: Create Database configuration - name: Create Database configuration
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}" definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}"
- name: Read Database Configuration - name: Read Database Configuration
k8s_info: k8s_info:
@@ -72,7 +72,7 @@
- name: Create Database if no database is specified - name: Create Database if no database is specified
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" definition: "{{ lookup('template', 'postgres.yaml.j2') }}"
register: create_statefulset_result register: create_statefulset_result
rescue: rescue:
@@ -101,7 +101,7 @@
- name: Recreate PostgreSQL statefulset with updated values - name: Recreate PostgreSQL statefulset with updated values
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" definition: "{{ lookup('template', 'postgres.yaml.j2') }}"
when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
- name: Store Database Configuration - name: Store Database Configuration
@@ -126,4 +126,4 @@
when: when:
- old_pg_config['resources'] is defined - old_pg_config['resources'] is defined
- old_pg_config['resources'] | length - old_pg_config['resources'] | length
- this_awx['resources'][0]['status']['towerMigratedFromSecret'] is not defined - this_awx['resources'][0]['status']['migratedFromSecret'] is not defined

8
roles/installer/tasks/initialize_django.yml
View File

@@ -6,7 +6,7 @@
container: "{{ meta.name }}-task" container: "{{ meta.name }}-task"
command: >- command: >-
bash -c "echo 'from django.contrib.auth.models import User; bash -c "echo 'from django.contrib.auth.models import User;
nsu = User.objects.filter(is_superuser=True, username='{{ tower_admin_user }}').count(); nsu = User.objects.filter(is_superuser=True, username='{{ admin_user }}').count();
exit(0 if nsu > 0 else 1)' exit(0 if nsu > 0 else 1)'
| awx-manage shell" | awx-manage shell"
ignore_errors: true ignore_errors: true
@@ -19,7 +19,7 @@
pod: "{{ tower_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ meta.name }}-task" container: "{{ meta.name }}-task"
command: >- command: >-
bash -c "awx-manage update_password --username '{{ tower_admin_user }}' --password '{{ tower_admin_password }}'" bash -c "awx-manage update_password --username '{{ admin_user }}' --password '{{ admin_password }}'"
register: update_pw_result register: update_pw_result
changed_when: users_result.stdout == 'Password not updated' changed_when: users_result.stdout == 'Password not updated'
when: users_result.return_code == 0 when: users_result.return_code == 0
@@ -31,7 +31,7 @@
container: "{{ meta.name }}-task" container: "{{ meta.name }}-task"
command: >- command: >-
bash -c "echo \"from django.contrib.auth.models import User; bash -c "echo \"from django.contrib.auth.models import User;
User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\" User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\"
| awx-manage shell" | awx-manage shell"
when: users_result.return_code > 0 when: users_result.return_code > 0
@@ -44,4 +44,4 @@
bash -c "awx-manage create_preload_data" bash -c "awx-manage create_preload_data"
register: cdo register: cdo
changed_when: "'added' in cdo.stdout" changed_when: "'added' in cdo.stdout"
when: tower_create_preload_data | bool when: create_preload_data | bool

8
roles/installer/tasks/load_route_tls_secret.yml
View File

@@ -3,15 +3,15 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: '{{ tower_route_tls_secret }}' name: '{{ route_tls_secret }}'
register: route_tls register: route_tls
- name: Load Route TLS Secret content - name: Load Route TLS Secret content
set_fact: set_fact:
tower_route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}' route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}'
tower_route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}' route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}'
- name: Load Route TLS Secret content - name: Load Route TLS Secret content
set_fact: set_fact:
tower_route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}' route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}'
when: '"ca.crt" in route_tls["resources"][0]["data"]' when: '"ca.crt" in route_tls["resources"][0]["data"]'

4
roles/installer/tasks/main.yml
View File

@@ -37,8 +37,8 @@
- name: Load Route TLS certificate - name: Load Route TLS certificate
include_tasks: load_route_tls_secret.yml include_tasks: load_route_tls_secret.yml
when: when:
- tower_ingress_type | lower == 'route' - ingress_type | lower == 'route'
- tower_route_tls_secret != '' - route_tls_secret != ''
- name: Include resources configuration tasks - name: Include resources configuration tasks
include_tasks: resources_configuration.yml include_tasks: resources_configuration.yml

14
roles/installer/tasks/resources_configuration.yml
View File

@@ -24,17 +24,17 @@
wait: yes wait: yes
register: tower_resources_result register: tower_resources_result
loop: loop:
- 'tower_config' - 'config'
- 'tower_app_credentials' - 'app_credentials'
- 'tower_service_account' - 'service_account'
- 'tower_persistent' - 'persistent'
- 'tower_service' - 'service'
- 'tower_ingress' - 'ingress'
- name: Apply deployment resources - name: Apply deployment resources
k8s: k8s:
apply: yes apply: yes
definition: "{{ lookup('template', 'tower_deployment.yaml.j2') }}" definition: "{{ lookup('template', 'deployment.yaml.j2') }}"
wait: yes wait: yes
register: tower_deployment_result register: tower_deployment_result

6
roles/installer/tasks/secret_key_configuration.yml
View File

@@ -3,9 +3,9 @@
k8s_info: k8s_info:
kind: Secret kind: Secret
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
name: '{{ tower_secret_key_secret }}' name: '{{ secret_key_secret }}'
register: _custom_secret_key register: _custom_secret_key
when: tower_secret_key_secret | length when: secret_key_secret | length
- name: Check for default secret key configuration - name: Check for default secret key configuration
k8s_info: k8s_info:
@@ -22,7 +22,7 @@
- name: Create secret key secret - name: Create secret key secret
k8s: k8s:
apply: true apply: true
definition: "{{ lookup('template', 'tower_secret_key.yaml.j2') }}" definition: "{{ lookup('template', 'secret_key.yaml.j2') }}"
- name: Read secret key secret - name: Read secret key secret
k8s_info: k8s_info:

16
roles/installer/tasks/update_status.yml
View File

@@ -6,7 +6,7 @@
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerAdminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}" adminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}"
- name: Update admin user status - name: Update admin user status
operator_sdk.util.k8s_status: operator_sdk.util.k8s_status:
@@ -15,7 +15,7 @@
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerAdminUser: "{{ tower_admin_user }}" adminUser: "{{ admin_user }}"
- name: Update postgres configuration status - name: Update postgres configuration status
operator_sdk.util.k8s_status: operator_sdk.util.k8s_status:
@@ -61,7 +61,7 @@
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerVersion: "{{ instance_version.stdout | trim }}" version: "{{ instance_version.stdout | trim }}"
- name: Update image status - name: Update image status
operator_sdk.util.k8s_status: operator_sdk.util.k8s_status:
@@ -70,7 +70,7 @@
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerImage: "{{ tower_image }}" image: "{{ image }}"
- block: - block:
- name: Retrieve route URL - name: Retrieve route URL
@@ -87,16 +87,16 @@
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerURL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}" URL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}"
when: tower_ingress_type | lower == 'route' when: ingress_type | lower == 'route'
- name: Update towerMigratedFromSecret status - name: Update migratedFromSecret status
operator_sdk.util.k8s_status: operator_sdk.util.k8s_status:
api_version: '{{ api_version }}' api_version: '{{ api_version }}'
kind: "{{ kind }}" kind: "{{ kind }}"
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerMigratedFromSecret: "{{ tower_migrated_from_secret }}" migratedFromSecret: "{{ tower_migrated_from_secret }}"
when: tower_migrated_from_secret is defined when: tower_migrated_from_secret is defined

0
roles/installer/templates/tower_admin_password_secret.yaml.j2 → roles/installer/templates/admin_password_secret.yaml.j2
View File

0
roles/installer/templates/tower_app_credentials.yaml.j2 → roles/installer/templates/app_credentials.yaml.j2
View File

0
roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 → roles/installer/templates/broadcast_websocket_secret.yaml.j2
View File

4
roles/installer/templates/tower_config.yaml.j2 → roles/installer/templates/config.yaml.j2
View File

@@ -130,7 +130,7 @@ data:
} }
{% if tower_route_tls_termination_mechanism | lower == 'passthrough' %} {% if route_tls_termination_mechanism | lower == 'passthrough' %}
server { server {
listen 8052 default_server; listen 8052 default_server;
server_name _; server_name _;
@@ -141,7 +141,7 @@ data:
{% endif %} {% endif %}
server { server {
{% if tower_route_tls_termination_mechanism | lower == 'passthrough' %} {% if route_tls_termination_mechanism | lower == 'passthrough' %}
listen 8053 ssl; listen 8053 ssl;
ssl_certificate /etc/nginx/pki/web.crt; ssl_certificate /etc/nginx/pki/web.crt;

94
roles/installer/templates/tower_deployment.yaml.j2 → roles/installer/templates/deployment.yaml.j2
View File

@@ -7,13 +7,13 @@ metadata:
namespace: '{{ meta.namespace }}' namespace: '{{ meta.namespace }}'
labels: labels:
app.kubernetes.io/name: '{{ meta.name }}' app.kubernetes.io/name: '{{ meta.name }}'
app.kubernetes.io/version: '{{ tower_image_version }}' app.kubernetes.io/version: '{{ image_version }}'
app.kubernetes.io/part-of: '{{ meta.name }}' app.kubernetes.io/part-of: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
spec: spec:
replicas: {{ tower_replicas }} replicas: {{ replicas }}
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: '{{ meta.name }}' app.kubernetes.io/name: '{{ meta.name }}'
@@ -23,19 +23,19 @@ spec:
metadata: metadata:
labels: labels:
app.kubernetes.io/name: '{{ meta.name }}' app.kubernetes.io/name: '{{ meta.name }}'
app.kubernetes.io/version: '{{ tower_image_version }}' app.kubernetes.io/version: '{{ image_version }}'
app.kubernetes.io/part-of: '{{ meta.name }}' app.kubernetes.io/part-of: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
spec: spec:
serviceAccountName: '{{ meta.name }}' serviceAccountName: '{{ meta.name }}'
{% if tower_image_pull_secret %} {% if image_pull_secret %}
imagePullSecrets: imagePullSecrets:
- name: {{ tower_image_pull_secret }} - name: {{ image_pull_secret }}
{% endif %} {% endif %}
containers: containers:
- image: '{{ tower_redis_image }}:{{ tower_redis_image_version }}' - image: '{{ redis_image }}:{{ redis_image_version }}'
imagePullPolicy: '{{ tower_image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
name: redis name: redis
args: ["redis-server", "/etc/redis.conf"] args: ["redis-server", "/etc/redis.conf"]
volumeMounts: volumeMounts:
@@ -47,18 +47,18 @@ spec:
mountPath: "/var/run/redis" mountPath: "/var/run/redis"
- name: "{{ meta.name }}-redis-data" - name: "{{ meta.name }}-redis-data"
mountPath: "/data" mountPath: "/data"
- image: '{{ tower_image }}:{{ tower_image_version }}' - image: '{{ image }}:{{ image_version }}'
name: '{{ meta.name }}-web' name: '{{ meta.name }}-web'
{% if tower_web_command %} {% if web_command %}
command: {{ tower_web_command }} command: {{ web_command }}
{% endif %} {% endif %}
{% if tower_web_args %} {% if web_args %}
args: {{ tower_web_args }} args: {{ web_args }}
{% endif %} {% endif %}
imagePullPolicy: '{{ tower_image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
ports: ports:
- containerPort: 8052 - containerPort: 8052
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} {% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- containerPort: 8053 - containerPort: 8053
{% endif %} {% endif %}
volumeMounts: volumeMounts:
@@ -74,7 +74,7 @@ spec:
mountPath: "/etc/tower/conf.d/ldap.py" mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py subPath: ldap.py
readOnly: true readOnly: true
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} {% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ meta.name }}-nginx-certs" - name: "{{ meta.name }}-nginx-certs"
mountPath: "/etc/nginx/pki" mountPath: "/etc/nginx/pki"
readOnly: true readOnly: true
@@ -111,8 +111,8 @@ spec:
- name: awx-devel - name: awx-devel
mountPath: "/awx_devel" mountPath: "/awx_devel"
{% endif %} {% endif %}
{% if tower_web_extra_volume_mounts -%} {% if web_extra_volume_mounts -%}
{{ tower_web_extra_volume_mounts | indent(width=12, indentfirst=True) }} {{ web_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %} {% endif %}
env: env:
- name: MY_POD_NAMESPACE - name: MY_POD_NAMESPACE
@@ -123,22 +123,22 @@ spec:
- name: AWX_KUBE_DEVEL - name: AWX_KUBE_DEVEL
value: "1" value: "1"
{% endif %} {% endif %}
{% if tower_web_extra_env -%} {% if web_extra_env -%}
{{ tower_web_extra_env | indent(width=12, indentfirst=True) }} {{ web_extra_env | indent(width=12, indentfirst=True) }}
{% endif %} {% endif %}
resources: {{ tower_web_resource_requirements }} resources: {{ web_resource_requirements }}
- image: '{{ tower_image }}:{{ tower_image_version }}' - image: '{{ image }}:{{ image_version }}'
name: '{{ meta.name }}-task' name: '{{ meta.name }}-task'
imagePullPolicy: '{{ tower_image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
{% if tower_task_privileged == true %} {% if task_privileged == true %}
securityContext: securityContext:
privileged: true privileged: true
{% endif %} {% endif %}
{% if tower_task_command %} {% if task_command %}
command: {{ tower_task_command }} command: {{ task_command }}
{% endif %} {% endif %}
{% if tower_task_args %} {% if task_args %}
args: {{ tower_task_args }} args: {{ task_args }}
{% endif %} {% endif %}
volumeMounts: volumeMounts:
- name: "{{ meta.name }}-application-credentials" - name: "{{ meta.name }}-application-credentials"
@@ -177,8 +177,8 @@ spec:
- name: awx-devel - name: awx-devel
mountPath: "/awx_devel" mountPath: "/awx_devel"
{% endif %} {% endif %}
{% if tower_task_extra_volume_mounts -%} {% if task_extra_volume_mounts -%}
{{ tower_task_extra_volume_mounts | indent(width=12, indentfirst=True) }} {{ task_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %} {% endif %}
env: env:
- name: SUPERVISOR_WEB_CONFIG_PATH - name: SUPERVISOR_WEB_CONFIG_PATH
@@ -201,13 +201,13 @@ spec:
- name: AWX_KUBE_DEVEL - name: AWX_KUBE_DEVEL
value: "1" value: "1"
{% endif %} {% endif %}
{% if tower_task_extra_env -%} {% if task_extra_env -%}
{{ tower_task_extra_env | indent(width=12, indentfirst=True) }} {{ task_extra_env | indent(width=12, indentfirst=True) }}
{% endif %} {% endif %}
resources: {{ tower_task_resource_requirements }} resources: {{ task_resource_requirements }}
- image: '{{ tower_ee_images[0].image }}' - image: '{{ ee_images[0].image }}'
name: '{{ meta.name }}-ee' name: '{{ meta.name }}-ee'
imagePullPolicy: '{{ tower_image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
args: ['receptor', '--config', '/etc/receptor.conf'] args: ['receptor', '--config', '/etc/receptor.conf']
volumeMounts: volumeMounts:
- name: "{{ meta.name }}-receptor-config" - name: "{{ meta.name }}-receptor-config"
@@ -218,8 +218,8 @@ spec:
mountPath: "/var/run/receptor" mountPath: "/var/run/receptor"
- name: "{{ meta.name }}-projects" - name: "{{ meta.name }}-projects"
mountPath: "/var/lib/awx/projects" mountPath: "/var/lib/awx/projects"
{% if tower_ee_extra_volume_mounts -%} {% if ee_extra_volume_mounts -%}
{{ tower_ee_extra_volume_mounts | indent(width=12, indentfirst=True) }} {{ ee_extra_volume_mounts | indent(width=12, indentfirst=True) }}
{% endif %} {% endif %}
{% if development_mode | bool %} {% if development_mode | bool %}
env: env:
@@ -228,19 +228,19 @@ spec:
fieldRef: fieldRef:
fieldPath: status.podIP fieldPath: status.podIP
{% endif %} {% endif %}
{% if tower_node_selector %} {% if node_selector %}
nodeSelector: nodeSelector:
{{ tower_node_selector | indent(width=8) }} {{ node_selector | indent(width=8) }}
{% endif %} {% endif %}
{% if tower_tolerations %} {% if tolerations %}
tolerations: tolerations:
{{ tower_tolerations | indent(width=8) }} {{ tolerations | indent(width=8) }}
{% endif %} {% endif %}
volumes: volumes:
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} {% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ meta.name }}-nginx-certs" - name: "{{ meta.name }}-nginx-certs"
secret: secret:
secretName: "{{ tower_route_tls_secret }}" secretName: "{{ route_tls_secret }}"
items: items:
- key: tls.key - key: tls.key
path: 'web.key' path: 'web.key'
@@ -308,10 +308,10 @@ spec:
- key: receptor_conf - key: receptor_conf
path: receptor.conf path: receptor.conf
- name: "{{ meta.name }}-projects" - name: "{{ meta.name }}-projects"
{% if tower_projects_persistence|bool %} {% if projects_persistence|bool %}
persistentVolumeClaim: persistentVolumeClaim:
{% if tower_projects_existing_claim %} {% if projects_existing_claim %}
claimName: {{ tower_projects_existing_claim }} claimName: {{ projects_existing_claim }}
{% else %} {% else %}
claimName: '{{ meta.name }}-projects-claim' claimName: '{{ meta.name }}-projects-claim'
{% endif %} {% endif %}
@@ -323,6 +323,6 @@ spec:
hostPath: hostPath:
path: /awx_devel path: /awx_devel
{% endif %} {% endif %}
{% if tower_extra_volumes -%} {% if extra_volumes -%}
{{ tower_extra_volumes | indent(width=8, indentfirst=True) }} {{ extra_volumes | indent(width=8, indentfirst=True) }}
{% endif %} {% endif %}

2
roles/installer/templates/execution_environments.py.j2
View File

@@ -1,5 +1,5 @@
DEFAULT_EXECUTION_ENVIRONMENTS = [ DEFAULT_EXECUTION_ENVIRONMENTS = [
{% for item in tower_ee_images %} {% for item in ee_images %}
{'name': '{{ item.name }}' , 'image': '{{ item.image }}'}, {'name': '{{ item.name }}' , 'image': '{{ item.image }}'},
{% endfor %} {% endfor %}
] ]

34
roles/installer/templates/tower_ingress.yaml.j2 → roles/installer/templates/ingress.yaml.j2
View File

@@ -1,4 +1,4 @@
{% if 'ingress' == tower_ingress_type|lower %} {% if 'ingress' == ingress_type|lower %}
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
@@ -11,28 +11,28 @@ metadata:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
{% if tower_ingress_annotations %} {% if ingress_annotations %}
annotations: annotations:
{{ tower_ingress_annotations | indent(width=4) }} {{ ingress_annotations | indent(width=4) }}
{% endif %} {% endif %}
spec: spec:
rules: rules:
- host: '{{ tower_hostname }}' - host: '{{ hostname }}'
http: http:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: '{{ meta.name }}-service' serviceName: '{{ meta.name }}-service'
servicePort: 80 servicePort: 80
{% if tower_ingress_tls_secret %} {% if ingress_tls_secret %}
tls: tls:
- hosts: - hosts:
- {{ tower_hostname }} - {{ hostname }}
secretName: {{ tower_ingress_tls_secret }} secretName: {{ ingress_tls_secret }}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if 'route' == tower_ingress_type|lower %} {% if 'route' == ingress_type|lower %}
--- ---
apiVersion: route.openshift.io/v1 apiVersion: route.openshift.io/v1
kind: Route kind: Route
@@ -46,22 +46,22 @@ metadata:
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
spec: spec:
{% if tower_route_host != '' %} {% if route_host != '' %}
host: {{ tower_route_host }} host: {{ route_host }}
{% endif %} {% endif %}
port: port:
targetPort: '{{ (tower_route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}' targetPort: '{{ (route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}'
tls: tls:
insecureEdgeTerminationPolicy: Redirect insecureEdgeTerminationPolicy: Redirect
termination: {{ tower_route_tls_termination_mechanism | lower }} termination: {{ route_tls_termination_mechanism | lower }}
{% if tower_route_tls_termination_mechanism | lower == 'edge' and tower_route_tls_secret != '' %} {% if route_tls_termination_mechanism | lower == 'edge' and route_tls_secret != '' %}
key: |- key: |-
{{ tower_route_tls_key | indent(width=6, indentfirst=True) }} {{ route_tls_key | indent(width=6, indentfirst=True) }}
certificate: |- certificate: |-
{{ tower_route_tls_crt | indent(width=6, indentfirst=True) }} {{ route_tls_crt | indent(width=6, indentfirst=True) }}
{% if tower_route_ca_crt is defined %} {% if route_ca_crt is defined %}
caCertificate: |- caCertificate: |-
{{ tower_route_ca_crt | indent(width=6, indentfirst=True) }} {{ route_ca_crt | indent(width=6, indentfirst=True) }}
{% endif %} {% endif %}
{% endif %} {% endif %}
to: to:

10
roles/installer/templates/tower_persistent.yaml.j2 → roles/installer/templates/persistent.yaml.j2
View File

@@ -1,4 +1,4 @@
{% if tower_projects_persistence|bool and tower_projects_existing_claim == '' %} {% if projects_persistence|bool and projects_existing_claim == '' %}
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
@@ -12,11 +12,11 @@ metadata:
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
spec: spec:
accessModes: accessModes:
- {{ tower_projects_storage_access_mode }} - {{ projects_storage_access_mode }}
resources: resources:
requests: requests:
storage: {{ tower_projects_storage_size }} storage: {{ projects_storage_size }}
{% if tower_projects_storage_class is defined %} {% if projects_storage_class is defined %}
storageClassName: {{ tower_projects_storage_class }} storageClassName: {{ projects_storage_class }}
{% endif %} {% endif %}
{% endif %} {% endif %}

30
roles/installer/templates/tower_postgres.yaml.j2 → roles/installer/templates/postgres.yaml.j2
View File

@@ -34,11 +34,11 @@ spec:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
spec: spec:
containers: containers:
- image: '{{ tower_postgres_image }}:{{ tower_postgres_image_version }}' - image: '{{ postgres_image }}:{{ postgres_image_version }}'
imagePullPolicy: '{{ tower_image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
name: postgres name: postgres
env: env:
# For tower_postgres_image based on rhel8/postgresql-12 # For postgres_image based on rhel8/postgresql-12
- name: POSTGRESQL_DATABASE - name: POSTGRESQL_DATABASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -55,7 +55,7 @@ spec:
name: '{{ postgres_configuration_secret }}' name: '{{ postgres_configuration_secret }}'
key: password key: password
# For tower_postgres_image based on postgres # For postgres_image based on postgres
- name: POSTGRES_DB - name: POSTGRES_DB
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -72,7 +72,7 @@ spec:
name: '{{ postgres_configuration_secret }}' name: '{{ postgres_configuration_secret }}'
key: password key: password
- name: PGDATA - name: PGDATA
value: '{{ tower_postgres_data_path }}' value: '{{ postgres_data_path }}'
- name: POSTGRES_INITDB_ARGS - name: POSTGRES_INITDB_ARGS
value: '{{ postgres_initdb_args }}' value: '{{ postgres_initdb_args }}'
- name: POSTGRES_HOST_AUTH_METHOD - name: POSTGRES_HOST_AUTH_METHOD
@@ -82,16 +82,16 @@ spec:
name: postgres name: postgres
volumeMounts: volumeMounts:
- name: postgres - name: postgres
mountPath: '{{ tower_postgres_data_path | dirname }}' mountPath: '{{ postgres_data_path | dirname }}'
subPath: '{{ tower_postgres_data_path | dirname | basename }}' subPath: '{{ postgres_data_path | dirname | basename }}'
resources: {{ tower_postgres_resource_requirements }} resources: {{ postgres_resource_requirements }}
{% if tower_postgres_selector %} {% if postgres_selector %}
nodeSelector: nodeSelector:
{{ tower_postgres_selector | indent(width=8) }} {{ postgres_selector | indent(width=8) }}
{% endif %} {% endif %}
{% if tower_postgres_tolerations %} {% if postgres_tolerations %}
tolerations: tolerations:
{{ tower_postgres_tolerations | indent(width=8) }} {{ postgres_tolerations | indent(width=8) }}
{% endif %} {% endif %}
volumeClaimTemplates: volumeClaimTemplates:
- metadata: - metadata:
@@ -99,10 +99,10 @@ spec:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
{% if tower_postgres_storage_class is defined %} {% if postgres_storage_class is defined %}
storageClassName: '{{ tower_postgres_storage_class }}' storageClassName: '{{ postgres_storage_class }}'
{% endif %} {% endif %}
resources: {{ tower_postgres_storage_requirements }} resources: {{ postgres_storage_requirements }}
# Postgres Service. # Postgres Service.
--- ---

0
roles/installer/templates/tower_postgres_secret.yaml.j2 → roles/installer/templates/postgres_secret.yaml.j2
View File

0
roles/installer/templates/tower_secret_key.yaml.j2 → roles/installer/templates/secret_key.yaml.j2
View File

22
roles/installer/templates/tower_service.yaml.j2 → roles/installer/templates/service.yaml.j2
View File

@@ -10,32 +10,32 @@ metadata:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
{{ tower_service_labels | indent(width=4) }} {{ service_labels | indent(width=4) }}
{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_annotations %} {% if ingress_type | lower == 'loadbalancer' and loadbalancer_annotations %}
annotations: annotations:
{{ tower_loadbalancer_annotations | indent(width=4) }} {{ loadbalancer_annotations | indent(width=4) }}
{% endif %} {% endif %}
spec: spec:
ports: ports:
{% if tower_ingress_type | lower != 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %} {% if ingress_type | lower != 'loadbalancer' and loadbalancer_protocol | lower != 'https' %}
- port: 80 - port: 80
protocol: TCP protocol: TCP
targetPort: 8052 targetPort: 8052
name: http name: http
{% endif %} {% endif %}
{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} {% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- port: 443 - port: 443
protocol: TCP protocol: TCP
targetPort: 8053 targetPort: 8053
name: https name: https
{% endif %} {% endif %}
{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower == 'https' %} {% if ingress_type | lower == 'loadbalancer' and loadbalancer_protocol | lower == 'https' %}
- port: {{ tower_loadbalancer_port }} - port: {{ loadbalancer_port }}
protocol: TCP protocol: TCP
targetPort: 8052 targetPort: 8052
name: https name: https
{% elif tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %} {% elif ingress_type | lower == 'loadbalancer' and loadbalancer_protocol | lower != 'https' %}
- port: {{ tower_loadbalancer_port }} - port: {{ loadbalancer_port }}
protocol: TCP protocol: TCP
targetPort: 8052 targetPort: 8052
name: http name: http
@@ -44,9 +44,9 @@ spec:
app.kubernetes.io/name: '{{ meta.name }}' app.kubernetes.io/name: '{{ meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
{% if tower_ingress_type | lower == "loadbalancer" %} {% if ingress_type | lower == "loadbalancer" %}
type: LoadBalancer type: LoadBalancer
{% elif tower_ingress_type != "none" %} {% elif ingress_type != "none" %}
type: NodePort type: NodePort
{% else %} {% else %}
type: ClusterIP type: ClusterIP

0
roles/installer/templates/tower_service_account.yaml.j2 → roles/installer/templates/service_account.yaml.j2
View File

2
roles/installer/vars/main.yml
View File

@@ -2,4 +2,4 @@
postgres_initdb_args: '--auth-host=scram-sha-256' postgres_initdb_args: '--auth-host=scram-sha-256'
postgres_host_auth_method: 'scram-sha-256' postgres_host_auth_method: 'scram-sha-256'
ldap_cacert_ca_crt: '' ldap_cacert_ca_crt: ''
tower_projects_existing_claim: '' projects_existing_claim: ''

4
roles/restore/README.md
View File

@@ -52,7 +52,7 @@ $ kubectl apply -f restore-awx.yml
This will create a new deployment and restore your backup to it. This will create a new deployment and restore your backup to it.
> :warning: tower_admin_password_secret value will replace the password for the `tower_admin_user` user (by default, this is the `admin` user). > :warning: admin_password_secret value will replace the password for the `admin_user` user (by default, this is the `admin` user).
Role Variables Role Variables
@@ -90,7 +90,7 @@ backup_pvc_namespace: 'custom-namespace'
If a custom postgres configuration secret was used when deploying AWX, it must be set: If a custom postgres configuration secret was used when deploying AWX, it must be set:
``` ```
tower_postgres_configuration_secret: 'awx-postgres-configuration' postgres_configuration_secret: 'awx-postgres-configuration'
``` ```
If the awxbackup object no longer exists, it is still possible to restore from the backup it created by specifying the pvc name and the back directory. If the awxbackup object no longer exists, it is still possible to restore from the backup it created by specifying the pvc name and the back directory.

8
roles/restore/tasks/deploy_awx.yml
View File

@@ -35,10 +35,10 @@
set_fact: set_fact:
awx_spec: "{{ awx_spec | combine ({ item.key : item.value }) }}" awx_spec: "{{ awx_spec | combine ({ item.key : item.value }) }}"
with_items: with_items:
- {'key': 'tower_secret_key_secret', 'value': '{{ secret_key_secret_name }}'} - {'key': 'secret_key_secret', 'value': '{{ secret_key_secret_name }}'}
- {'key': 'tower_admin_password_secret', 'value': '{{ admin_password_secret_name }}'} - {'key': 'admin_password_secret', 'value': '{{ admin_password_secret_name }}'}
- {'key': 'tower_broadcast_websocket_secret', 'value': '{{ broadcast_websocket_secret_name }}'} - {'key': 'broadcast_websocket_secret', 'value': '{{ broadcast_websocket_secret_name }}'}
- {'key': 'tower_postgres_configuration_secret', 'value': '{{ postgres_configuration_secret_name }}'} - {'key': 'postgres_configuration_secret', 'value': '{{ postgres_configuration_secret_name }}'}
- name: Restore kind - name: Restore kind
set_fact: set_fact:

2
roles/restore/tasks/main.yml
View File

@@ -41,7 +41,7 @@
- include_tasks: cleanup.yml - include_tasks: cleanup.yml
when: when:
- this_restore['resources'][0]['status']['towerRestoreComplete'] is not defined - this_restore['resources'][0]['status']['restoreComplete'] is not defined
- name: Update status variables - name: Update status variables
include_tasks: update_status.yml include_tasks: update_status.yml

4
roles/restore/tasks/update_status.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: Update Tower Restore status - name: Update CR Restore status
operator_sdk.util.k8s_status: operator_sdk.util.k8s_status:
api_version: '{{ api_version }}' api_version: '{{ api_version }}'
kind: "{{ kind }}" kind: "{{ kind }}"
name: "{{ meta.name }}" name: "{{ meta.name }}"
namespace: "{{ meta.namespace }}" namespace: "{{ meta.namespace }}"
status: status:
towerRestoreComplete: true restoreComplete: true
when: tower_restore_complete is defined when: tower_restore_complete is defined