internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade to Operator SDK v1.22.2 (#1001)

Browse Source 
* Upgrade to Operator SDK 1.16.0

* Upgrade Operator SDK to v1.22.2 & bump base image version
This commit is contained in:
Christian Adams
2022-08-22 18:54:56 -04:00
committed by GitHub
parent 5d0ebd0121
commit 7d2d1b3c5e
50 changed files with 1250 additions and 994 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.yamllint
View File

@@ -12,3 +12,8 @@ rules:
truthy: disable
line-length:
max: 170
document-start: disable
comments-indentation: disable
indentation:
level: warning
indent-sequences: consistent

7
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM quay.io/operator-framework/ansible-operator:v1.12.0
FROM quay.io/operator-framework/ansible-operator:v1.22.2
ARG DEFAULT_AWX_VERSION
ARG OPERATOR_VERSION
@@ -12,3 +12,8 @@ RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
COPY watches.yaml ${HOME}/watches.yaml
COPY roles/ ${HOME}/roles/
COPY playbooks/ ${HOME}/playbooks/
ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
"--watches-file=./watches.yaml", \
"--reconcile-period=0s" \
]

25
Makefile
View File

@@ -44,6 +44,17 @@ IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
# You can enable this value if you would like to use SHA Based Digests
# To enable set flag to true
USE_IMAGE_DIGESTS ?= false
ifeq ($(USE_IMAGE_DIGESTS), true)
BUNDLE_GEN_FLAGS += --use-image-digests
endif
# Image URL to use all building/pushing image targets
IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
NAMESPACE ?= awx
@@ -56,6 +67,7 @@ CHART_REPO ?= awx-operator
CHART_BRANCH ?= gh-pages
CHART_INDEX ?= index.yaml
.PHONY: all
all: docker-build
##@ General
@@ -71,38 +83,47 @@ all: docker-build
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php
.PHONY: help
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Build
.PHONY: run
run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
.PHONY: docker-build
docker-build: ## Build docker image with the manager.
${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
.PHONY: docker-push
docker-push: ## Push docker image with the manager.
${CONTAINER_CMD} push ${IMG}
##@ Deployment
.PHONY: install
install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f -
.PHONY: uninstall
uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl delete -f -
.PHONY: gen-resources
gen-resources: kustomize ## Generate resources for controller and print to stdout
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default
.PHONY: deploy
deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default | kubectl apply -f -
.PHONY: undeploy
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
$(KUSTOMIZE) build config/default | kubectl delete -f -
@@ -135,7 +156,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCHA) ;\
curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.22.2/ansible-operator_$(OS)_$(ARCHA) ;\
chmod +x $(ANSIBLE_OPERATOR) ;\
}
else
@@ -166,7 +187,7 @@ ifeq (,$(shell which opm 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(OPM)) ;\
curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCHA)-opm ;\
curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCHA)-opm ;\
chmod +x $(OPM) ;\
}
else

14
PROJECT
View File

@@ -13,4 +13,18 @@ resources:
group: awx
kind: AWX
version: v1beta1
- api:
crdVersion: v1
namespaced: true
domain: ansible.com
group: awx
kind: AWXBackup
version: v1beta1
- api:
crdVersion: v1
namespaced: true
domain: ansible.com
group: awx
kind: AWXRestore
version: v1beta1
version: "3"

102
config/crd/bases/awx.ansible.com_awxbackups.yaml Normal file
View File

@@ -0,0 +1,102 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
description: Schema validation for the AWXBackup CRD
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the backup PVC
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
clean_backup_on_delete:
description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
type: boolean
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string

101
config/crd/bases/awx.ansible.com_awxrestores.yaml Normal file
View File

@@ -0,0 +1,101 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
description: Schema validation for the AWXRestore CRD
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the restored deployment. This should be different from the original deployment name
if the original deployment still exists.
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean

1076
config/crd/bases/awx.ansible.com_awxs.yaml
View File

File diff suppressed because it is too large Load Diff

87
config/crd/bases/awxbackup.ansible.com_awxbackups.yaml
View File

@@ -1,87 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXBackup CRD
properties:
spec:
type: object
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the backup PVC
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
clean_backup_on_delete:
description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
type: boolean
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string

86
config/crd/bases/awxrestore.ansible.com_awxrestores.yaml
View File

@@ -1,86 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXRestore CRD
properties:
spec:
type: object
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the restored deployment. This should be different from the original deployment name
if the original deployment still exists.
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean

9
config/crd/kustomization.yaml
View File

@@ -1,9 +1,8 @@
---
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/awx.ansible.com_awxs.yaml
- bases/awxbackup.ansible.com_awxbackups.yaml
- bases/awxrestore.ansible.com_awxrestores.yaml
# +kubebuilder:scaffold:crdkustomizeresource
- bases/awx.ansible.com_awxs.yaml
- bases/awx.ansible.com_awxbackups.yaml
- bases/awx.ansible.com_awxrestores.yaml
#+kubebuilder:scaffold:crdkustomizeresource

30
config/default/kustomization.yaml
View File

@@ -1,24 +1,30 @@
# Adds namespace to all resources.
namespace: awx
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: awx-operator-
# Labels to add to all resources and selectors.
# commonLabels:
# someName: someValue
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
# - ../prometheus
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
patchesStrategicMerge:
- manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
#commonLabels:
# someName: someValue
bases:
- ../crd
- ../rbac
- ../manager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
# Mount the controller config file for loading manager configurations
# through a ComponentConfig type
#- manager_config_patch.yaml

48
config/default/manager_auth_proxy_patch.yaml
View File

@@ -1,4 +1,3 @@
---
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
@@ -10,20 +9,33 @@ spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
protocol: TCP
name: https
- name: awx-manager
args:
- "--health-probe-bind-address=:6789"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--leader-election-id=awx-operator"
- name: kube-rbac-proxy
securityContext:
allowPrivilegeEscalation: false
# TODO(user): uncomment for common cases that do not require escalating privileges
# capabilities:
# drop:
# - "ALL"
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=0"
ports:
- containerPort: 8443
protocol: TCP
name: https
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
- name: awx-manager
args:
- "--health-probe-bind-address=:6789"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--leader-election-id=awx-operator"

21
config/default/manager_config_patch.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -8,14 +7,14 @@ spec:
template:
spec:
containers:
- name: awx-manager
args:
- "--config=controller_manager_config.yaml"
volumeMounts:
- name: awx-manager-config
mountPath: /controller_manager_config.yaml
subPath: controller_manager_config.yaml
volumes:
- name: awx-manager
args:
- "--config=controller_manager_config.yaml"
volumeMounts:
- name: awx-manager-config
configMap:
name: awx-manager-config
mountPath: /controller_manager_config.yaml
subPath: controller_manager_config.yaml
volumes:
- name: awx-manager-config
configMap:
name: awx-manager-config

14
config/manager/controller_manager_config.yaml
View File

@@ -1,10 +1,20 @@
---
apiVersion: controller-runtime.sigs.k8s.io/v1beta1
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :6789
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: 811c9dc5.ansible.com
# leaderElectionReleaseOnCancel defines if the leader should step down volume
# when the Manager ends. This requires the binary to immediately end when the
# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
# speeds up voluntary leader transitions as the new leader don't have to wait
# LeaseDuration time first.
# In the default scaffold provided, the program ends immediately after
# the manager stops, so would be fine to enable this option. However,
# if you are doing or is intended to do any operation such as perform cleanups
# after the manager stops then its usage might be unsafe.
# leaderElectionReleaseOnCancel: true

7
config/manager/kustomization.yaml
View File

@@ -1,11 +1,14 @@
resources:
- manager.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- files:
- name: awx-manager-config
files:
- controller_manager_config.yaml
name: awx-manager-config
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:

86
config/manager/manager.yaml
View File

@@ -20,48 +20,62 @@ spec:
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
spec:
securityContext:
runAsNonRoot: true
# For common cases that do not require escalating privileges
# it is recommended to ensure that all your Pods/Containers are restrictive.
# More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
# Please uncomment the following code if your project does NOT have to work on old Kubernetes
# versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers:
- args:
- --leader-elect
- --leader-election-id=awx-operator
image: controller:latest
name: awx-manager
env:
- name: ANSIBLE_GATHERING
value: explicit
- name: ANSIBLE_DEBUG_LOGS
value: 'false'
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "4096Mi"
cpu: "2000m"
- args:
- --leader-elect
- --leader-election-id=awx-operator
image: controller:latest
name: awx-manager
env:
- name: ANSIBLE_GATHERING
value: explicit
- name: ANSIBLE_DEBUG_LOGS
value: 'false'
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
# TODO(user): uncomment for common cases that do not require escalating privileges
capabilities:
drop:
- "ALL"
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "4096Mi"
cpu: "2000m"
serviceAccountName: controller-manager
imagePullSecrets:
- name: redhat-operators-pull-secret
- name: redhat-operators-pull-secret
terminationGracePeriodSeconds: 10

9
config/manifests/kustomization.yaml
View File

@@ -1,8 +1,7 @@
---
# These resources constitute the fully configured set of manifests
# used to generate the 'manifests/' directory in a bundle.
resources:
- bases/awx-operator.clusterserviceversion.yaml
- ../default
- ../samples
- ../scorecard
- bases/awx-operator.clusterserviceversion.yaml
- ../default
- ../samples
- ../scorecard

3
config/prometheus/kustomization.yaml
View File

@@ -1,3 +1,2 @@
---
resources:
- monitor.yaml
- monitor.yaml

1
config/prometheus/monitor.yaml
View File

@@ -1,4 +1,3 @@
---
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor

9
config/rbac/auth_proxy_client_clusterrole.yaml
View File

@@ -1,10 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get
- nonResourceURLs:
- "/metrics"
verbs:
- get

25
config/rbac/auth_proxy_role.yaml
View File

@@ -1,18 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

7
config/rbac/auth_proxy_role_binding.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -8,6 +7,6 @@ roleRef:
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system
- kind: ServiceAccount
name: controller-manager
namespace: system

9
config/rbac/auth_proxy_service.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: v1
kind: Service
metadata:
@@ -8,9 +7,9 @@ metadata:
namespace: system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: controller-manager

37
config/rbac/awx_editor_role.yaml
View File

@@ -1,25 +1,24 @@
---
# permissions for end users to edit awxs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awx-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get

29
config/rbac/awx_viewer_role.yaml
View File

@@ -1,21 +1,20 @@
---
# permissions for end users to view awxs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awx-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get

24
config/rbac/awxbackup_editor_role.yaml Normal file
View File

@@ -0,0 +1,24 @@
# permissions for end users to edit awxbackups.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxbackup-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxbackups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxbackups/status
verbs:
- get

20
config/rbac/awxbackup_viewer_role.yaml Normal file
View File

@@ -0,0 +1,20 @@
# permissions for end users to view awxbackups.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxbackup-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxbackups
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxbackups/status
verbs:
- get

24
config/rbac/awxrestore_editor_role.yaml Normal file
View File

@@ -0,0 +1,24 @@
# permissions for end users to edit awxrestores.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxrestore-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxrestores/status
verbs:
- get

20
config/rbac/awxrestore_viewer_role.yaml Normal file
View File

@@ -0,0 +1,20 @@
# permissions for end users to view awxrestores.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxrestore-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxrestores
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxrestores/status
verbs:
- get

35
config/rbac/kustomization.yaml
View File

@@ -1,19 +1,18 @@
---
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml

63
config/rbac/leader_election_role.yaml
View File

@@ -1,38 +1,37 @@
---
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

7
config/rbac/leader_election_role_binding.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@@ -8,6 +7,6 @@ roleRef:
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system
- kind: ServiceAccount
name: controller-manager
namespace: system

1
config/rbac/service_account.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:

6
config/samples/awx_v1beta1_awxbackup.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: awx.ansible.com/v1beta1
kind: AWXBackup
metadata:
name: example-awx-backup
spec:
deployment_name: example-awx

7
config/samples/awx_v1beta1_awxrestore.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: awx.ansible.com/v1beta1
kind: AWXRestore
metadata:
name: awxrestore-sample
spec:
deployment_name: example-awx-2
backup_name: example-awx-backup

7
config/samples/kustomization.yaml
View File

@@ -1,5 +1,6 @@
---
## Append samples you want in your CSV to this file as resources ##
resources:
- awx_v1beta1_awx.yaml
# +kubebuilder:scaffold:manifestskustomizesamples
- awx_v1beta1_awx.yaml
- awx_v1beta1_awxbackup.yaml
- awx_v1beta1_awxrestore.yaml
#+kubebuilder:scaffold:manifestskustomizesamples

5
config/scorecard/bases/config.yaml
View File

@@ -1,8 +1,7 @@
---
apiVersion: scorecard.operatorframework.io/v1alpha3
kind: Configuration
metadata:
name: config
stages:
- parallel: true
tests: []
- parallel: true
tests: []

29
config/scorecard/kustomization.yaml
View File

@@ -1,17 +1,16 @@
---
resources:
- bases/config.yaml
- bases/config.yaml
patchesJson6902:
- path: patches/basic.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
- path: patches/olm.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
# +kubebuilder:scaffold:patchesJson6902
- path: patches/basic.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
- path: patches/olm.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
#+kubebuilder:scaffold:patchesJson6902

7
config/scorecard/patches/basic.config.yaml
View File

@@ -1,11 +1,10 @@
---
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- basic-check-spec
image: quay.io/operator-framework/scorecard-test:v1.12.0
- scorecard-test
- basic-check-spec
image: quay.io/operator-framework/scorecard-test:v1.22.2
labels:
suite: basic
test: basic-check-spec-test

31
config/scorecard/patches/olm.config.yaml
View File

@@ -1,11 +1,10 @@
---
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-bundle-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0
- scorecard-test
- olm-bundle-validation
image: quay.io/operator-framework/scorecard-test:v1.22.2
labels:
suite: olm
test: olm-bundle-validation-test
@@ -13,9 +12,9 @@
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-crds-have-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0
- scorecard-test
- olm-crds-have-validation
image: quay.io/operator-framework/scorecard-test:v1.22.2
labels:
suite: olm
test: olm-crds-have-validation-test
@@ -23,9 +22,9 @@
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-crds-have-resources
image: quay.io/operator-framework/scorecard-test:v1.12.0
- scorecard-test
- olm-crds-have-resources
image: quay.io/operator-framework/scorecard-test:v1.22.2
labels:
suite: olm
test: olm-crds-have-resources-test
@@ -33,9 +32,9 @@
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-spec-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0
- scorecard-test
- olm-spec-descriptors
image: quay.io/operator-framework/scorecard-test:v1.22.2
labels:
suite: olm
test: olm-spec-descriptors-test
@@ -43,9 +42,9 @@
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-status-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0
- scorecard-test
- olm-status-descriptors
image: quay.io/operator-framework/scorecard-test:v1.22.2
labels:
suite: olm
test: olm-status-descriptors-test

10
config/testing/kustomization.yaml
View File

@@ -1,13 +1,17 @@
# Adds namespace to all resources.
namespace: osdk-test
namePrefix: osdk-
# Labels to add to all resources and selectors.
# commonLabels:
# someName: someValue
#commonLabels:
# someName: someValue
patchesStrategicMerge:
- manager_image.yaml
- debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
@@ -17,5 +21,3 @@ resources:
images:
- name: testing
newName: testing-operator
patches:
- path: pull_policy/Never.yaml

2
molecule/default/destroy.yml
View File

@@ -19,6 +19,6 @@
state: absent
- name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
command: '{{ kustomize }} edit remove patch --path pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'

2
molecule/default/kustomize.yml
View File

@@ -1,6 +1,6 @@
---
- name: Build kustomize testing overlay
# load_restrictor must be set to none so we can load patch files from the default overlay
# load-restrictor must be set to none so we can load patch files from the default overlay
command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone .'
args:
chdir: '{{ config_dir }}/testing'

18
molecule/default/tasks/awxbackup_test.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# - name: Create the awx.ansible.com/v1beta1.AWXBackup
# k8s:
# state: present
# namespace: '{{ namespace }}'
# definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}"
# wait: yes
# wait_timeout: 300
# wait_condition:
# type: Successful
# status: "True"
# vars:
# cr_file: 'awx_v1beta1_awxbackup.yaml'
#
# - name: Add assertions here
# assert:
# that: false
# fail_msg: FIXME Add real assertions for your operator

18
molecule/default/tasks/awxrestore_test.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# - name: Create the awx.ansible.com/v1beta1.AWXRestore
# k8s:
# state: present
# namespace: '{{ namespace }}'
# definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}"
# wait: yes
# wait_timeout: 300
# wait_condition:
# type: Successful
# status: "True"
# vars:
# cr_file: 'awx_v1beta1_awxrestore.yaml'
#
# - name: Add assertions here
# assert:
# that: false
# fail_msg: FIXME Add real assertions for your operator

2
molecule/kind/destroy.yml
View File

@@ -11,6 +11,6 @@
command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }}
- name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
command: '{{ kustomize }} edit remove patch --path pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'

2
molecule/requirements.yml
View File

@@ -2,7 +2,7 @@
collections:
- name: community.general
- name: kubernetes.core
version: 1.2.1
version: 2.3.2
- name: operator_sdk.util
- name: community.docker
- name: awx.awx

2
requirements.yml
View File

@@ -1,6 +1,6 @@
---
collections:
- name: kubernetes.core
version: '==1.2.1'
version: '>=2.3.2'
- name: operator_sdk.util
version: "0.2.0"

1
roles/installer/tasks/initialize_django.yml
View File

@@ -34,6 +34,7 @@
bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'"
register: legacy_queue
changed_when: false
ignore_errors: true
- name: Unregister legacy queue
k8s_exec:

54
roles/restore/tasks/init.yml
View File

@@ -2,37 +2,37 @@
- name: Set variables from awxbackup object statuses if provided
block:
- name: Look up details for the backup
k8s_info:
api_version: "{{ backup_api_version }}"
kind: "{{ backup_kind }}"
name: "{{ backup_name }}"
namespace: "{{ backup_pvc_namespace }}"
register: this_backup
- name: Look up details for the backup
k8s_info:
api_version: "{{ backup_api_version }}"
kind: "{{ backup_kind }}"
name: "{{ backup_name }}"
namespace: "{{ backup_pvc_namespace }}"
register: this_backup
- name: Surface error to user
block:
- name: Set error message
set_fact:
error_msg: "Cannot read the backup status variables for {{ backup_kind }} {{ backup_name }}."
- name: Surface error to user
block:
- name: Set error message
set_fact:
error_msg: "Cannot read the backup status variables for {{ backup_kind }} {{ backup_name }}."
- name: Handle error
import_tasks: error_handling.yml
- name: Handle error
import_tasks: error_handling.yml
- name: Fail early if pvc is defined but does not exist
fail:
msg: "{{ error_msg }}"
when:
- this_backup['resources'] | length == 0
- this_backup['resources'][0] is not defined
- this_backup['resources'][0]['status'] is not defined
- this_backup['resources'][0]['status']['backupClaim'] is not defined
- this_backup['resources'][0]['status']['backupDirectory'] is not defined
- name: Fail early if pvc is defined but does not exist
fail:
msg: "{{ error_msg }}"
when:
- this_backup['resources'] | length == 0
- this_backup['resources'][0] is not defined
- this_backup['resources'][0]['status'] is not defined
- this_backup['resources'][0]['status']['backupClaim'] is not defined
- this_backup['resources'][0]['status']['backupDirectory'] is not defined
- name: Set backup facts
set_fact:
backup_pvc: "{{ this_backup['resources'][0]['status']['backupClaim'] }}"
backup_dir: "{{ this_backup['resources'][0]['status']['backupDirectory'] }}"
- name: Set backup facts
set_fact:
backup_pvc: "{{ this_backup['resources'][0]['status']['backupClaim'] }}"
backup_dir: "{{ this_backup['resources'][0]['status']['backupDirectory'] }}"
when:
- backup_name != '' or backup_name is defined