From 781d3e0ec7087066b169d167d5f20025476259b0 Mon Sep 17 00:00:00 2001 From: "cbillett83@outlook.com" Date: Wed, 17 Mar 2021 11:59:57 +0000 Subject: [PATCH] Provided service type LoadBalancer --- README.md | 22 ++++++++++++++++++- ansible/instantiate-awx-deployment.yml | 2 +- ansible/templates/crd.yml.j2 | 16 ++++++++++++++ deploy/awx-operator.yaml | 16 ++++++++++++++ deploy/crds/awx_v1beta1_crd.yaml | 16 ++++++++++++++ .../awx-operator.clusterserviceversion.yaml | 18 +++++++++++++++ .../manifests/awx.ansible.com_awxs_crd.yaml | 16 ++++++++++++++ roles/installer/defaults/main.yml | 3 +++ .../installer/templates/tower_service.yaml.j2 | 16 +++++++++++++- 9 files changed, 122 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d4e88c9c..700559c5 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ stringData: By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `tower_ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created. -The AWX operator provides support for two kind of `Ingress` to access AWX: `Ingress` and `Route`, To toggle between these two options, you can add the following to your AWX CR: +The AWX operator provides support for three kinds of `Ingress` to access AWX: `Ingress`, `Route` and `LoadBalancer`, To toggle between these options, you can add the following to your AWX CR: * Route @@ -129,6 +129,16 @@ spec: tower_hostname: awx.mycompany.com ``` + * LoadBalancer + +```yaml +--- +spec: + ... + tower_ingress_type: Loadbalancer + tower_ingress_protocal: http +``` + #### TLS Termination * Route @@ -150,6 +160,16 @@ The following variables are customizable to specify the TLS termination procedur | tower_ingress_annotations | Ingress annotations | Empty string | | tower_ingress_tls_secret | Secret that contains the TLS information | Empty string | + * LoadBalancer + +The following variables are customizable to specify the TLS termination procedure when `LoadBalancer` is picked as an Ingress + +| Name | Description | Default | +| ------------------------------ | ---------------------------------------- | ------------- | +| tower_loadbalancer_annotations | LoadBalancer annotations | Empty string | +| tower_loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | +| tower_loadbalancer_port | Port used for Loadbalancer ingress | 80 | + ### Database Configuration diff --git a/ansible/instantiate-awx-deployment.yml b/ansible/instantiate-awx-deployment.yml index a94c9d0d..0b7f6b9d 100644 --- a/ansible/instantiate-awx-deployment.yml +++ b/ansible/instantiate-awx-deployment.yml @@ -20,7 +20,7 @@ spec: tower_admin_user: test tower_admin_email: test@example.com - tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route or Ingress + tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route, Ingress or Loadbalancer tower_image: "{{ tower_image | default(omit) }}" development_mode: "{{ development_mode | default(omit) }}" tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}" diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 72cb649c..13770ac1 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -62,12 +62,28 @@ spec: - ingress - Route - route + - Loadbalancer + - loadbalancer tower_ingress_annotations: description: Annotations to add to the ingress type: string tower_ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: int32 + default: 80 tower_route_host: description: The DNS to use to points to the instance type: string diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index e7c195ae..c2c825eb 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -207,12 +207,28 @@ spec: - ingress - Route - route + - Loadbalancer + - loadbalancer tower_ingress_annotations: description: Annotations to add to the ingress type: string tower_ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: number + default: 80 tower_route_host: description: The DNS to use to points to the instance type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 72cb649c..9955e787 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -62,12 +62,28 @@ spec: - ingress - Route - route + - Loadbalancer + - loadbalancer tower_ingress_annotations: description: Annotations to add to the ingress type: string tower_ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: number + default: 80 tower_route_host: description: The DNS to use to points to the instance type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index f4ff94d9..3b3c1967 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -115,6 +115,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:none - urn:alm:descriptor:com.tectonic.ui:select:Ingress - urn:alm:descriptor:com.tectonic.ui:select:Route + - urn:alm:descriptor:com.tectonic.ui:select:Loadbalancer - displayName: Tower Ingress Annotations path: tower_ingress_annotations x-descriptors: @@ -127,6 +128,23 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress + - displayName: Tower LoadBalancer Annotations + path: tower_loadbalancer_annotations + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Loadbalancer + - displayName: Tower LoadBalancer Protocol + path: tower_loadbalancer_protocol + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:select:http + - urn:alm:descriptor:com.tectonic.ui:select:https + - displayName: Tower LoadBalancer Port + path: tower_loadbalancer_port + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:number - displayName: Route DNS host path: tower_route_host x-descriptors: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index 52ffaf57..b419fe00 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -82,7 +82,23 @@ spec: - ingress - Route - route + - Loadbalancer + - loadbalancer type: string + tower_loadbalancer_annotations: + description: Annotations to add to the loadbalancer + type: string + tower_loadbalancer_protocol: + description: Protocol to use for the loadbalancer + type: string + default: http + enum: + - http + - https + tower_loadbalancer_port: + description: Port to use for the loadbalancer + type: number + default: 80 tower_postgres_configuration_secret: description: Secret where the database configuration can be found type: string diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index f92a19e2..439d296c 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -15,6 +15,9 @@ tower_ingress_annotations: '' # certificate and key. tower_ingress_tls_secret: '' +tower_loadbalancer_protocol: 'http' +tower_loadbalancer_port: '80' + # The TLS termination mechanism to use to access # the services. Supported mechanism are: edge, passthrough # diff --git a/roles/installer/templates/tower_service.yaml.j2 b/roles/installer/templates/tower_service.yaml.j2 index 0b31f267..5c1d1e93 100644 --- a/roles/installer/templates/tower_service.yaml.j2 +++ b/roles/installer/templates/tower_service.yaml.j2 @@ -6,20 +6,34 @@ metadata: namespace: '{{ meta.namespace }}' labels: app: '{{ deployment_type }}' +{% if tower_ingress_type | lower == 'loadbalancer' %} + annotations: + {{ tower_loadbalancer_annotations | indent(width=4) }} +{% endif %} spec: ports: +{% if tower_ingress_type | lower != 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %} - port: 80 protocol: TCP targetPort: 8052 name: http +{% endif %} {% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} - port: 443 protocol: TCP targetPort: 8053 name: https +{% endif %} +{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower == 'https' %} + - port: 443 + protocol: TCP + targetPort: 8052 + name: https {% endif %} selector: app: '{{ deployment_type }}' -{% if tower_ingress_type != "none" %} +{% if tower_ingress_type == "loadbalancer" %} + type: LoadBalancer +{% elif tower_ingress_type != "none" %} type: NodePort {% endif %}