internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade to Operator SDK v1.22.2 (#1001)

Browse Source 
* Upgrade to Operator SDK 1.16.0

* Upgrade Operator SDK to v1.22.2 & bump base image version
This commit is contained in:
Christian Adams
2022-08-22 18:54:56 -04:00
committed by GitHub
parent 5d0ebd0121
commit 7d2d1b3c5e
50 changed files with 1250 additions and 994 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.yamllint
View File

@@ -12,3 +12,8 @@ rules:
truthy: disable truthy: disable
line-length: line-length:
max: 170 max: 170
document-start: disable
comments-indentation: disable
indentation:
level: warning
indent-sequences: consistent

7
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM quay.io/operator-framework/ansible-operator:v1.12.0 FROM quay.io/operator-framework/ansible-operator:v1.22.2
ARG DEFAULT_AWX_VERSION ARG DEFAULT_AWX_VERSION
ARG OPERATOR_VERSION ARG OPERATOR_VERSION
@@ -12,3 +12,8 @@ RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
COPY watches.yaml ${HOME}/watches.yaml COPY watches.yaml ${HOME}/watches.yaml
COPY roles/ ${HOME}/roles/ COPY roles/ ${HOME}/roles/
COPY playbooks/ ${HOME}/playbooks/ COPY playbooks/ ${HOME}/playbooks/
ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
"--watches-file=./watches.yaml", \
"--reconcile-period=0s" \
]

25
Makefile
View File

@@ -44,6 +44,17 @@ IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>) # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
# You can enable this value if you would like to use SHA Based Digests
# To enable set flag to true
USE_IMAGE_DIGESTS ?= false
ifeq ($(USE_IMAGE_DIGESTS), true)
BUNDLE_GEN_FLAGS += --use-image-digests
endif
# Image URL to use all building/pushing image targets # Image URL to use all building/pushing image targets
IMG ?= $(IMAGE_TAG_BASE):$(VERSION) IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
NAMESPACE ?= awx NAMESPACE ?= awx
@@ -56,6 +67,7 @@ CHART_REPO ?= awx-operator
CHART_BRANCH ?= gh-pages CHART_BRANCH ?= gh-pages
CHART_INDEX ?= index.yaml CHART_INDEX ?= index.yaml
.PHONY: all
all: docker-build all: docker-build
##@ General ##@ General
@@ -71,38 +83,47 @@ all: docker-build
# More info on the awk command: # More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php # http://linuxcommand.org/lc3_adv_awk.php
.PHONY: help
help: ## Display this help. help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Build ##@ Build
.PHONY: run
run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
.PHONY: docker-build
docker-build: ## Build docker image with the manager. docker-build: ## Build docker image with the manager.
${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} . ${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
.PHONY: docker-push
docker-push: ## Push docker image with the manager. docker-push: ## Push docker image with the manager.
${CONTAINER_CMD} push ${IMG} ${CONTAINER_CMD} push ${IMG}
##@ Deployment ##@ Deployment
.PHONY: install
install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f - $(KUSTOMIZE) build config/crd | kubectl apply -f -
.PHONY: uninstall
uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl delete -f - $(KUSTOMIZE) build config/crd | kubectl delete -f -
.PHONY: gen-resources
gen-resources: kustomize ## Generate resources for controller and print to stdout gen-resources: kustomize ## Generate resources for controller and print to stdout
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} @cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} @cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default @$(KUSTOMIZE) build config/default
.PHONY: deploy
deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} @cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} @cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default | kubectl apply -f - @$(KUSTOMIZE) build config/default | kubectl apply -f -
.PHONY: undeploy
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} @cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
$(KUSTOMIZE) build config/default | kubectl delete -f - $(KUSTOMIZE) build config/default | kubectl delete -f -
@@ -135,7 +156,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null))
@{ \ @{ \
set -e ;\ set -e ;\
mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCHA) ;\ curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.22.2/ansible-operator_$(OS)_$(ARCHA) ;\
chmod +x $(ANSIBLE_OPERATOR) ;\ chmod +x $(ANSIBLE_OPERATOR) ;\
} }
else else
@@ -166,7 +187,7 @@ ifeq (,$(shell which opm 2>/dev/null))
@{ \ @{ \
set -e ;\ set -e ;\
mkdir -p $(dir $(OPM)) ;\ mkdir -p $(dir $(OPM)) ;\
curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCHA)-opm ;\ curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCHA)-opm ;\
chmod +x $(OPM) ;\ chmod +x $(OPM) ;\
} }
else else

14
PROJECT
View File

@@ -13,4 +13,18 @@ resources:
group: awx group: awx
kind: AWX kind: AWX
version: v1beta1 version: v1beta1
- api:
crdVersion: v1
namespaced: true
domain: ansible.com
group: awx
kind: AWXBackup
version: v1beta1
- api:
crdVersion: v1
namespaced: true
domain: ansible.com
group: awx
kind: AWXRestore
version: v1beta1
version: "3" version: "3"

102
config/crd/bases/awx.ansible.com_awxbackups.yaml Normal file
View File

@@ -0,0 +1,102 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
description: Schema validation for the AWXBackup CRD
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the backup PVC
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
clean_backup_on_delete:
description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
type: boolean
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string

101
config/crd/bases/awx.ansible.com_awxrestores.yaml Normal file
View File

@@ -0,0 +1,101 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
description: Schema validation for the AWXRestore CRD
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the restored deployment. This should be different from the original deployment name
if the original deployment still exists.
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean

1076
config/crd/bases/awx.ansible.com_awxs.yaml
View File

File diff suppressed because it is too large Load Diff

87
config/crd/bases/awxbackup.ansible.com_awxbackups.yaml
View File

@@ -1,87 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXBackup CRD
properties:
spec:
type: object
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the backup PVC
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
clean_backup_on_delete:
description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
type: boolean
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string

86
config/crd/bases/awxrestore.ansible.com_awxrestores.yaml
View File

@@ -1,86 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXRestore CRD
properties:
spec:
type: object
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the restored deployment. This should be different from the original deployment name
if the original deployment still exists.
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: (Deprecated) Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
set_self_labels:
description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
type: boolean
default: true
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean

9
config/crd/kustomization.yaml
View File

@@ -1,9 +1,8 @@
---
# This kustomization.yaml is not intended to be run by itself, # This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package. # since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default # It should be run by config/default
resources: resources:
- bases/awx.ansible.com_awxs.yaml - bases/awx.ansible.com_awxs.yaml
- bases/awxbackup.ansible.com_awxbackups.yaml - bases/awx.ansible.com_awxbackups.yaml
- bases/awxrestore.ansible.com_awxrestores.yaml - bases/awx.ansible.com_awxrestores.yaml
# +kubebuilder:scaffold:crdkustomizeresource #+kubebuilder:scaffold:crdkustomizeresource

30
config/default/kustomization.yaml
View File

@@ -1,24 +1,30 @@
# Adds namespace to all resources. # Adds namespace to all resources.
namespace: awx namespace: awx
# Value of this field is prepended to the # Value of this field is prepended to the
# names of all resources, e.g. a deployment named # names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress". # "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace # Note that it should also match with the prefix (text before '-') of the namespace
# field above. # field above.
namePrefix: awx-operator- namePrefix: awx-operator-
# Labels to add to all resources and selectors. # Labels to add to all resources and selectors.
# commonLabels: #commonLabels:
# someName: someValue # someName: someValue
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
# - ../prometheus bases:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
patchesStrategicMerge:
- manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../crd - ../crd
- ../rbac - ../rbac
- ../manager - ../manager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
# Mount the controller config file for loading manager configurations
# through a ComponentConfig type
#- manager_config_patch.yaml

48
config/default/manager_auth_proxy_patch.yaml
View File

@@ -1,4 +1,3 @@
---
# This patch inject a sidecar container which is a HTTP proxy for the # This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1 apiVersion: apps/v1
@@ -10,20 +9,33 @@ spec:
template: template:
spec: spec:
containers: containers:
- name: kube-rbac-proxy - name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 securityContext:
args: allowPrivilegeEscalation: false
- "--secure-listen-address=0.0.0.0:8443" # TODO(user): uncomment for common cases that do not require escalating privileges
- "--upstream=http://127.0.0.1:8080/" # capabilities:
- "--logtostderr=true" # drop:
- "--v=10" # - "ALL"
ports: image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
- containerPort: 8443 args:
protocol: TCP - "--secure-listen-address=0.0.0.0:8443"
name: https - "--upstream=http://127.0.0.1:8080/"
- name: awx-manager - "--logtostderr=true"
args: - "--v=0"
- "--health-probe-bind-address=:6789" ports:
- "--metrics-bind-address=127.0.0.1:8080" - containerPort: 8443
- "--leader-elect" protocol: TCP
- "--leader-election-id=awx-operator" name: https
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
- name: awx-manager
args:
- "--health-probe-bind-address=:6789"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--leader-election-id=awx-operator"

21
config/default/manager_config_patch.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -8,14 +7,14 @@ spec:
template: template:
spec: spec:
containers: containers:
- name: awx-manager - name: awx-manager
args: args:
- "--config=controller_manager_config.yaml" - "--config=controller_manager_config.yaml"
volumeMounts: volumeMounts:
- name: awx-manager-config
mountPath: /controller_manager_config.yaml
subPath: controller_manager_config.yaml
volumes:
- name: awx-manager-config - name: awx-manager-config
configMap: mountPath: /controller_manager_config.yaml
name: awx-manager-config subPath: controller_manager_config.yaml
volumes:
- name: awx-manager-config
configMap:
name: awx-manager-config

14
config/manager/controller_manager_config.yaml
View File

@@ -1,10 +1,20 @@
--- apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
apiVersion: controller-runtime.sigs.k8s.io/v1beta1
kind: ControllerManagerConfig kind: ControllerManagerConfig
health: health:
healthProbeBindAddress: :6789 healthProbeBindAddress: :6789
metrics: metrics:
bindAddress: 127.0.0.1:8080 bindAddress: 127.0.0.1:8080
leaderElection: leaderElection:
leaderElect: true leaderElect: true
resourceName: 811c9dc5.ansible.com resourceName: 811c9dc5.ansible.com
# leaderElectionReleaseOnCancel defines if the leader should step down volume
# when the Manager ends. This requires the binary to immediately end when the
# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
# speeds up voluntary leader transitions as the new leader don't have to wait
# LeaseDuration time first.
# In the default scaffold provided, the program ends immediately after
# the manager stops, so would be fine to enable this option. However,
# if you are doing or is intended to do any operation such as perform cleanups
# after the manager stops then its usage might be unsafe.
# leaderElectionReleaseOnCancel: true

7
config/manager/kustomization.yaml
View File

@@ -1,11 +1,14 @@
resources: resources:
- manager.yaml - manager.yaml
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true
configMapGenerator: configMapGenerator:
- files: - name: awx-manager-config
files:
- controller_manager_config.yaml - controller_manager_config.yaml
name: awx-manager-config
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
images: images:

86
config/manager/manager.yaml
View File

@@ -20,48 +20,62 @@ spec:
replicas: 1 replicas: 1
template: template:
metadata: metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels: labels:
control-plane: controller-manager control-plane: controller-manager
spec: spec:
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
# For common cases that do not require escalating privileges
# it is recommended to ensure that all your Pods/Containers are restrictive.
# More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
# Please uncomment the following code if your project does NOT have to work on old Kubernetes
# versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
containers: containers:
- args: - args:
- --leader-elect - --leader-elect
- --leader-election-id=awx-operator - --leader-election-id=awx-operator
image: controller:latest image: controller:latest
name: awx-manager name: awx-manager
env: env:
- name: ANSIBLE_GATHERING - name: ANSIBLE_GATHERING
value: explicit value: explicit
- name: ANSIBLE_DEBUG_LOGS - name: ANSIBLE_DEBUG_LOGS
value: 'false' value: 'false'
- name: WATCH_NAMESPACE - name: WATCH_NAMESPACE
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
livenessProbe: # TODO(user): uncomment for common cases that do not require escalating privileges
httpGet: capabilities:
path: /healthz drop:
port: 6789 - "ALL"
initialDelaySeconds: 15 livenessProbe:
periodSeconds: 20 httpGet:
readinessProbe: path: /healthz
httpGet: port: 6789
path: /readyz initialDelaySeconds: 15
port: 6789 periodSeconds: 20
initialDelaySeconds: 5 readinessProbe:
periodSeconds: 10 httpGet:
resources: path: /readyz
requests: port: 6789
memory: "32Mi" initialDelaySeconds: 5
cpu: "50m" periodSeconds: 10
limits: # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
memory: "4096Mi" resources:
cpu: "2000m" requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "4096Mi"
cpu: "2000m"
serviceAccountName: controller-manager serviceAccountName: controller-manager
imagePullSecrets: imagePullSecrets:
- name: redhat-operators-pull-secret - name: redhat-operators-pull-secret
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10

9
config/manifests/kustomization.yaml
View File

@@ -1,8 +1,7 @@
---
# These resources constitute the fully configured set of manifests # These resources constitute the fully configured set of manifests
# used to generate the 'manifests/' directory in a bundle. # used to generate the 'manifests/' directory in a bundle.
resources: resources:
- bases/awx-operator.clusterserviceversion.yaml - bases/awx-operator.clusterserviceversion.yaml
- ../default - ../default
- ../samples - ../samples
- ../scorecard - ../scorecard

3
config/prometheus/kustomization.yaml
View File

@@ -1,3 +1,2 @@
---
resources: resources:
- monitor.yaml - monitor.yaml

1
config/prometheus/monitor.yaml
View File

@@ -1,4 +1,3 @@
---
# Prometheus Monitor Service (Metrics) # Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor

9
config/rbac/auth_proxy_client_clusterrole.yaml
View File

@@ -1,10 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: metrics-reader name: metrics-reader
rules: rules:
- nonResourceURLs: - nonResourceURLs:
- "/metrics" - "/metrics"
verbs: verbs:
- get - get

25
config/rbac/auth_proxy_role.yaml
View File

@@ -1,18 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: proxy-role name: proxy-role
rules: rules:
- apiGroups: - apiGroups:
- authentication.k8s.io - authentication.k8s.io
resources: resources:
- tokenreviews - tokenreviews
verbs: verbs:
- create - create
- apiGroups: - apiGroups:
- authorization.k8s.io - authorization.k8s.io
resources: resources:
- subjectaccessreviews - subjectaccessreviews
verbs: verbs:
- create - create

7
config/rbac/auth_proxy_role_binding.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@@ -8,6 +7,6 @@ roleRef:
kind: ClusterRole kind: ClusterRole
name: proxy-role name: proxy-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: controller-manager name: controller-manager
namespace: system namespace: system

9
config/rbac/auth_proxy_service.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@@ -8,9 +7,9 @@ metadata:
namespace: system namespace: system
spec: spec:
ports: ports:
- name: https - name: https
port: 8443 port: 8443
protocol: TCP protocol: TCP
targetPort: https targetPort: https
selector: selector:
control-plane: controller-manager control-plane: controller-manager

37
config/rbac/awx_editor_role.yaml
View File

@@ -1,25 +1,24 @@
---
# permissions for end users to edit awxs. # permissions for end users to edit awxs.
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: awx-editor-role name: awx-editor-role
rules: rules:
- apiGroups: - apiGroups:
- awx.ansible.com - awx.ansible.com
resources: resources:
- awxs - awxs
verbs: verbs:
- create - create
- delete - delete
- get - get
- list - list
- patch - patch
- update - update
- watch - watch
- apiGroups: - apiGroups:
- awx.ansible.com - awx.ansible.com
resources: resources:
- awxs/status - awxs/status
verbs: verbs:
- get - get

29
config/rbac/awx_viewer_role.yaml
View File

@@ -1,21 +1,20 @@
---
# permissions for end users to view awxs. # permissions for end users to view awxs.
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: awx-viewer-role name: awx-viewer-role
rules: rules:
- apiGroups: - apiGroups:
- awx.ansible.com - awx.ansible.com
resources: resources:
- awxs - awxs
verbs: verbs:
- get - get
- list - list
- watch - watch
- apiGroups: - apiGroups:
- awx.ansible.com - awx.ansible.com
resources: resources:
- awxs/status - awxs/status
verbs: verbs:
- get - get

24
config/rbac/awxbackup_editor_role.yaml Normal file
View File

@@ -0,0 +1,24 @@
# permissions for end users to edit awxbackups.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxbackup-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxbackups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxbackups/status
verbs:
- get

20
config/rbac/awxbackup_viewer_role.yaml Normal file
View File

@@ -0,0 +1,20 @@
# permissions for end users to view awxbackups.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxbackup-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxbackups
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxbackups/status
verbs:
- get

24
config/rbac/awxrestore_editor_role.yaml Normal file
View File

@@ -0,0 +1,24 @@
# permissions for end users to edit awxrestores.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxrestore-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxrestores/status
verbs:
- get

20
config/rbac/awxrestore_viewer_role.yaml Normal file
View File

@@ -0,0 +1,20 @@
# permissions for end users to view awxrestores.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awxrestore-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxrestores
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxrestores/status
verbs:
- get

35
config/rbac/kustomization.yaml
View File

@@ -1,19 +1,18 @@
---
resources: resources:
# All RBAC will be applied under this service account in # All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource # the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at # if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding # runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names. # subjects if changing service account names.
- service_account.yaml - service_account.yaml
- role.yaml - role.yaml
- role_binding.yaml - role_binding.yaml
- leader_election_role.yaml - leader_election_role.yaml
- leader_election_role_binding.yaml - leader_election_role_binding.yaml
# Comment the following 4 lines if you want to disable # Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy) # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint. # which protects your /metrics endpoint.
- auth_proxy_service.yaml - auth_proxy_service.yaml
- auth_proxy_role.yaml - auth_proxy_role.yaml
- auth_proxy_role_binding.yaml - auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml - auth_proxy_client_clusterrole.yaml

63
config/rbac/leader_election_role.yaml
View File

@@ -1,38 +1,37 @@
---
# permissions to do leader election. # permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: leader-election-role name: leader-election-role
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- configmaps - configmaps
verbs: verbs:
- get - get
- list - list
- watch - watch
- create - create
- update - update
- patch - patch
- delete - delete
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resources: resources:
- leases - leases
verbs: verbs:
- get - get
- list - list
- watch - watch
- create - create
- update - update
- patch - patch
- delete - delete
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- events - events
verbs: verbs:
- create - create
- patch - patch

7
config/rbac/leader_election_role_binding.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
@@ -8,6 +7,6 @@ roleRef:
kind: Role kind: Role
name: leader-election-role name: leader-election-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: controller-manager name: controller-manager
namespace: system namespace: system

1
config/rbac/service_account.yaml
View File

@@ -1,4 +1,3 @@
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

6
config/samples/awx_v1beta1_awxbackup.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: awx.ansible.com/v1beta1
kind: AWXBackup
metadata:
name: example-awx-backup
spec:
deployment_name: example-awx

7
config/samples/awx_v1beta1_awxrestore.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: awx.ansible.com/v1beta1
kind: AWXRestore
metadata:
name: awxrestore-sample
spec:
deployment_name: example-awx-2
backup_name: example-awx-backup

7
config/samples/kustomization.yaml
View File

@@ -1,5 +1,6 @@
---
## Append samples you want in your CSV to this file as resources ## ## Append samples you want in your CSV to this file as resources ##
resources: resources:
- awx_v1beta1_awx.yaml - awx_v1beta1_awx.yaml
# +kubebuilder:scaffold:manifestskustomizesamples - awx_v1beta1_awxbackup.yaml
- awx_v1beta1_awxrestore.yaml
#+kubebuilder:scaffold:manifestskustomizesamples

5
config/scorecard/bases/config.yaml
View File

@@ -1,8 +1,7 @@
---
apiVersion: scorecard.operatorframework.io/v1alpha3 apiVersion: scorecard.operatorframework.io/v1alpha3
kind: Configuration kind: Configuration
metadata: metadata:
name: config name: config
stages: stages:
- parallel: true - parallel: true
tests: [] tests: []

29
config/scorecard/kustomization.yaml
View File

@@ -1,17 +1,16 @@
---
resources: resources:
- bases/config.yaml - bases/config.yaml
patchesJson6902: patchesJson6902:
- path: patches/basic.config.yaml - path: patches/basic.config.yaml
target: target:
group: scorecard.operatorframework.io group: scorecard.operatorframework.io
version: v1alpha3 version: v1alpha3
kind: Configuration kind: Configuration
name: config name: config
- path: patches/olm.config.yaml - path: patches/olm.config.yaml
target: target:
group: scorecard.operatorframework.io group: scorecard.operatorframework.io
version: v1alpha3 version: v1alpha3
kind: Configuration kind: Configuration
name: config name: config
# +kubebuilder:scaffold:patchesJson6902 #+kubebuilder:scaffold:patchesJson6902

7
config/scorecard/patches/basic.config.yaml
View File

@@ -1,11 +1,10 @@
---
- op: add - op: add
path: /stages/0/tests/- path: /stages/0/tests/-
value: value:
entrypoint: entrypoint:
- scorecard-test - scorecard-test
- basic-check-spec - basic-check-spec
image: quay.io/operator-framework/scorecard-test:v1.12.0 image: quay.io/operator-framework/scorecard-test:v1.22.2
labels: labels:
suite: basic suite: basic
test: basic-check-spec-test test: basic-check-spec-test

31
config/scorecard/patches/olm.config.yaml
View File

@@ -1,11 +1,10 @@
---
- op: add - op: add
path: /stages/0/tests/- path: /stages/0/tests/-
value: value:
entrypoint: entrypoint:
- scorecard-test - scorecard-test
- olm-bundle-validation - olm-bundle-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0 image: quay.io/operator-framework/scorecard-test:v1.22.2
labels: labels:
suite: olm suite: olm
test: olm-bundle-validation-test test: olm-bundle-validation-test
@@ -13,9 +12,9 @@
path: /stages/0/tests/- path: /stages/0/tests/-
value: value:
entrypoint: entrypoint:
- scorecard-test - scorecard-test
- olm-crds-have-validation - olm-crds-have-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0 image: quay.io/operator-framework/scorecard-test:v1.22.2
labels: labels:
suite: olm suite: olm
test: olm-crds-have-validation-test test: olm-crds-have-validation-test
@@ -23,9 +22,9 @@
path: /stages/0/tests/- path: /stages/0/tests/-
value: value:
entrypoint: entrypoint:
- scorecard-test - scorecard-test
- olm-crds-have-resources - olm-crds-have-resources
image: quay.io/operator-framework/scorecard-test:v1.12.0 image: quay.io/operator-framework/scorecard-test:v1.22.2
labels: labels:
suite: olm suite: olm
test: olm-crds-have-resources-test test: olm-crds-have-resources-test
@@ -33,9 +32,9 @@
path: /stages/0/tests/- path: /stages/0/tests/-
value: value:
entrypoint: entrypoint:
- scorecard-test - scorecard-test
- olm-spec-descriptors - olm-spec-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0 image: quay.io/operator-framework/scorecard-test:v1.22.2
labels: labels:
suite: olm suite: olm
test: olm-spec-descriptors-test test: olm-spec-descriptors-test
@@ -43,9 +42,9 @@
path: /stages/0/tests/- path: /stages/0/tests/-
value: value:
entrypoint: entrypoint:
- scorecard-test - scorecard-test
- olm-status-descriptors - olm-status-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0 image: quay.io/operator-framework/scorecard-test:v1.22.2
labels: labels:
suite: olm suite: olm
test: olm-status-descriptors-test test: olm-status-descriptors-test

10
config/testing/kustomization.yaml
View File

@@ -1,13 +1,17 @@
# Adds namespace to all resources. # Adds namespace to all resources.
namespace: osdk-test namespace: osdk-test
namePrefix: osdk- namePrefix: osdk-
# Labels to add to all resources and selectors. # Labels to add to all resources and selectors.
# commonLabels: #commonLabels:
# someName: someValue # someName: someValue
patchesStrategicMerge: patchesStrategicMerge:
- manager_image.yaml - manager_image.yaml
- debug_logs_patch.yaml - debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml - ../default/manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
@@ -17,5 +21,3 @@ resources:
images: images:
- name: testing - name: testing
newName: testing-operator newName: testing-operator
patches:
- path: pull_policy/Never.yaml

2
molecule/default/destroy.yml
View File

@@ -19,6 +19,6 @@
state: absent state: absent
- name: Unset pull policy - name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' command: '{{ kustomize }} edit remove patch --path pull_policy/{{ operator_pull_policy }}.yaml'
args: args:
chdir: '{{ config_dir }}/testing' chdir: '{{ config_dir }}/testing'

2
molecule/default/kustomize.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Build kustomize testing overlay - name: Build kustomize testing overlay
# load_restrictor must be set to none so we can load patch files from the default overlay # load-restrictor must be set to none so we can load patch files from the default overlay
command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone .' command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone .'
args: args:
chdir: '{{ config_dir }}/testing' chdir: '{{ config_dir }}/testing'

18
molecule/default/tasks/awxbackup_test.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# - name: Create the awx.ansible.com/v1beta1.AWXBackup
# k8s:
# state: present
# namespace: '{{ namespace }}'
# definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}"
# wait: yes
# wait_timeout: 300
# wait_condition:
# type: Successful
# status: "True"
# vars:
# cr_file: 'awx_v1beta1_awxbackup.yaml'
#
# - name: Add assertions here
# assert:
# that: false
# fail_msg: FIXME Add real assertions for your operator

18
molecule/default/tasks/awxrestore_test.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# - name: Create the awx.ansible.com/v1beta1.AWXRestore
# k8s:
# state: present
# namespace: '{{ namespace }}'
# definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}"
# wait: yes
# wait_timeout: 300
# wait_condition:
# type: Successful
# status: "True"
# vars:
# cr_file: 'awx_v1beta1_awxrestore.yaml'
#
# - name: Add assertions here
# assert:
# that: false
# fail_msg: FIXME Add real assertions for your operator

2
molecule/kind/destroy.yml
View File

@@ -11,6 +11,6 @@
command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }} command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }}
- name: Unset pull policy - name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' command: '{{ kustomize }} edit remove patch --path pull_policy/{{ operator_pull_policy }}.yaml'
args: args:
chdir: '{{ config_dir }}/testing' chdir: '{{ config_dir }}/testing'

2
molecule/requirements.yml
View File

@@ -2,7 +2,7 @@
collections: collections:
- name: community.general - name: community.general
- name: kubernetes.core - name: kubernetes.core
version: 1.2.1 version: 2.3.2
- name: operator_sdk.util - name: operator_sdk.util
- name: community.docker - name: community.docker
- name: awx.awx - name: awx.awx

2
requirements.yml
View File

@@ -1,6 +1,6 @@
--- ---
collections: collections:
- name: kubernetes.core - name: kubernetes.core
version: '==1.2.1' version: '>=2.3.2'
- name: operator_sdk.util - name: operator_sdk.util
version: "0.2.0" version: "0.2.0"

1
roles/installer/tasks/initialize_django.yml
View File

@@ -34,6 +34,7 @@
bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'" bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'"
register: legacy_queue register: legacy_queue
changed_when: false changed_when: false
ignore_errors: true
- name: Unregister legacy queue - name: Unregister legacy queue
k8s_exec: k8s_exec:

54
roles/restore/tasks/init.yml
View File

@@ -2,37 +2,37 @@
- name: Set variables from awxbackup object statuses if provided - name: Set variables from awxbackup object statuses if provided
block: block:
- name: Look up details for the backup - name: Look up details for the backup
k8s_info: k8s_info:
api_version: "{{ backup_api_version }}" api_version: "{{ backup_api_version }}"
kind: "{{ backup_kind }}" kind: "{{ backup_kind }}"
name: "{{ backup_name }}" name: "{{ backup_name }}"
namespace: "{{ backup_pvc_namespace }}" namespace: "{{ backup_pvc_namespace }}"
register: this_backup register: this_backup
- name: Surface error to user - name: Surface error to user
block: block:
- name: Set error message - name: Set error message
set_fact: set_fact:
error_msg: "Cannot read the backup status variables for {{ backup_kind }} {{ backup_name }}." error_msg: "Cannot read the backup status variables for {{ backup_kind }} {{ backup_name }}."
- name: Handle error - name: Handle error
import_tasks: error_handling.yml import_tasks: error_handling.yml
- name: Fail early if pvc is defined but does not exist - name: Fail early if pvc is defined but does not exist
fail: fail:
msg: "{{ error_msg }}" msg: "{{ error_msg }}"
when: when:
- this_backup['resources'] | length == 0 - this_backup['resources'] | length == 0
- this_backup['resources'][0] is not defined - this_backup['resources'][0] is not defined
- this_backup['resources'][0]['status'] is not defined - this_backup['resources'][0]['status'] is not defined
- this_backup['resources'][0]['status']['backupClaim'] is not defined - this_backup['resources'][0]['status']['backupClaim'] is not defined
- this_backup['resources'][0]['status']['backupDirectory'] is not defined - this_backup['resources'][0]['status']['backupDirectory'] is not defined
- name: Set backup facts - name: Set backup facts
set_fact: set_fact:
backup_pvc: "{{ this_backup['resources'][0]['status']['backupClaim'] }}" backup_pvc: "{{ this_backup['resources'][0]['status']['backupClaim'] }}"
backup_dir: "{{ this_backup['resources'][0]['status']['backupDirectory'] }}" backup_dir: "{{ this_backup['resources'][0]['status']['backupDirectory'] }}"
when: when:
- backup_name != '' or backup_name is defined - backup_name != '' or backup_name is defined