From 75458d0678572377a74ffa84081953c061448826 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Fri, 21 May 2021 13:45:48 +0200 Subject: [PATCH 1/2] Do not prepend variables name with tower_ --- README.md | 166 ++++++------- ansible/instantiate-awx-deployment.yml | 14 +- ansible/templates/crd.yml.j2 | 134 +++++------ deploy/awx-operator.yaml | 134 +++++------ deploy/crds/awx_v1beta1_crd.yaml | 134 +++++------ deploy/crds/awx_v1beta1_molecule.yaml | 6 +- .../awx-operator.clusterserviceversion.yaml | 224 +++++++++--------- .../manifests/awx.ansible.com_awxs_crd.yaml | 134 +++++------ docs/migration.md | 4 +- roles/backup/tasks/secrets.yml | 2 +- roles/backup/tasks/update_status.yml | 2 +- roles/installer/defaults/main.yml | 127 +++++----- .../tasks/admin_password_configuration.yml | 8 +- .../broadcast_websocket_configuration.yml | 6 +- roles/installer/tasks/cleanup.yml | 10 +- .../tasks/database_configuration.yml | 16 +- roles/installer/tasks/initialize_django.yml | 8 +- .../installer/tasks/load_route_tls_secret.yml | 8 +- roles/installer/tasks/main.yml | 4 +- .../tasks/resources_configuration.yml | 14 +- .../tasks/secret_key_configuration.yml | 6 +- roles/installer/tasks/update_status.yml | 16 +- ....yaml.j2 => admin_password_secret.yaml.j2} | 0 ...ntials.yaml.j2 => app_credentials.yaml.j2} | 0 ....j2 => broadcast_websocket_secret.yaml.j2} | 0 .../{tower_config.yaml.j2 => config.yaml.j2} | 4 +- ..._deployment.yaml.j2 => deployment.yaml.j2} | 94 ++++---- .../templates/execution_environments.py.j2 | 2 +- ...{tower_ingress.yaml.j2 => ingress.yaml.j2} | 34 +-- ..._persistent.yaml.j2 => persistent.yaml.j2} | 10 +- ...ower_postgres.yaml.j2 => postgres.yaml.j2} | 30 +-- ...secret.yaml.j2 => postgres_secret.yaml.j2} | 0 ..._secret_key.yaml.j2 => secret_key.yaml.j2} | 0 ...{tower_service.yaml.j2 => service.yaml.j2} | 22 +- ...ccount.yaml.j2 => service_account.yaml.j2} | 0 roles/installer/vars/main.yml | 2 +- roles/restore/README.md | 4 +- roles/restore/tasks/deploy_awx.yml | 8 +- roles/restore/tasks/main.yml | 2 +- roles/restore/tasks/update_status.yml | 4 +- 40 files changed, 697 insertions(+), 696 deletions(-) rename roles/installer/templates/{tower_admin_password_secret.yaml.j2 => admin_password_secret.yaml.j2} (100%) rename roles/installer/templates/{tower_app_credentials.yaml.j2 => app_credentials.yaml.j2} (100%) rename roles/installer/templates/{tower_broadcast_websocket_secret.yaml.j2 => broadcast_websocket_secret.yaml.j2} (100%) rename roles/installer/templates/{tower_config.yaml.j2 => config.yaml.j2} (98%) rename roles/installer/templates/{tower_deployment.yaml.j2 => deployment.yaml.j2} (79%) rename roles/installer/templates/{tower_ingress.yaml.j2 => ingress.yaml.j2} (60%) rename roles/installer/templates/{tower_persistent.yaml.j2 => persistent.yaml.j2} (64%) rename roles/installer/templates/{tower_postgres.yaml.j2 => postgres.yaml.j2} (81%) rename roles/installer/templates/{tower_postgres_secret.yaml.j2 => postgres_secret.yaml.j2} (100%) rename roles/installer/templates/{tower_secret_key.yaml.j2 => secret_key.yaml.j2} (100%) rename roles/installer/templates/{tower_service.yaml.j2 => service.yaml.j2} (56%) rename roles/installer/templates/{tower_service_account.yaml.j2 => service_account.yaml.j2} (100%) diff --git a/README.md b/README.md index 84099005..b6420c30 100644 --- a/README.md +++ b/README.md @@ -89,14 +89,14 @@ There are three variables that are customizable for the admin user account creat | Name | Description | Default | | --------------------------- | -------------------------------------------- | ---------------- | -| tower_admin_user | Name of the admin user | admin | -| tower_admin_email | Email of the admin user | test@example.com | -| tower_admin_password_secret | Secret that contains the admin user password | Empty string | +| admin_user | Name of the admin user | admin | +| admin_email | Email of the admin user | test@example.com | +| admin_password_secret | Secret that contains the admin user password | Empty string | -> :warning: **tower_admin_password_secret must be a Kubernetes secret and not your text clear password**. +> :warning: **admin_password_secret must be a Kubernetes secret and not your text clear password**. -If `tower_admin_password_secret` is not provided, the operator will look for a secret named `-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `-admin-password`. +If `admin_password_secret` is not provided, the operator will look for a secret named `-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `-admin-password`. To retrieve the admin password, run `kubectl get secret -admin-password -o jsonpath="{.data.password}" | base64 --decode` @@ -118,7 +118,7 @@ stringData: #### Ingress Type -By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `tower_ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created. +By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created. The AWX operator provides support for four kinds of `Ingress` to access AWX: `Ingress`, `Route`, `LoadBalancer` and `NodePort`, To toggle between these options, you can add the following to your AWX CR: @@ -128,7 +128,7 @@ The AWX operator provides support for four kinds of `Ingress` to access AWX: `In --- spec: ... - tower_ingress_type: Route + ingress_type: Route ``` * Ingress @@ -137,8 +137,8 @@ spec: --- spec: ... - tower_ingress_type: Ingress - tower_hostname: awx.mycompany.com + ingress_type: Ingress + hostname: awx.mycompany.com ``` * LoadBalancer @@ -147,8 +147,8 @@ spec: --- spec: ... - tower_ingress_type: LoadBalancer - tower_loadbalancer_protocol: http + ingress_type: LoadBalancer + loadbalancer_protocol: http ``` * NodePort @@ -157,12 +157,12 @@ spec: --- spec: ... - tower_ingress_type: NodePort + ingress_type: NodePort ``` -The AWX `Service` that gets created will have a `type` set based on the `tower_ingress_type` being used: +The AWX `Service` that gets created will have a `type` set based on the `ingress_type` being used: -| Ingress Type `tower_ingress_type` | Service Type | +| Ingress Type `ingress_type` | Service Type | | ------------------------------------- | -------------- | | `LoadBalancer` | `LoadBalancer` | | `NodePort` | `NodePort` | @@ -176,9 +176,9 @@ The following variables are customizable to specify the TLS termination procedur | Name | Description | Default | | ------------------------------------- | --------------------------------------------- | --------------------------------- | -| tower_route_host | Common name the route answers for | Empty string | -| tower_route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge | -| tower_route_tls_secret | Secret that contains the TLS information | Empty string | +| route_host | Common name the route answers for | Empty string | +| route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge | +| route_tls_secret | Secret that contains the TLS information | Empty string | * Ingress @@ -186,8 +186,8 @@ The following variables are customizable to specify the TLS termination procedur | Name | Description | Default | | -------------------------- | ---------------------------------------- | ------------- | -| tower_ingress_annotations | Ingress annotations | Empty string | -| tower_ingress_tls_secret | Secret that contains the TLS information | Empty string | +| ingress_annotations | Ingress annotations | Empty string | +| ingress_tls_secret | Secret that contains the TLS information | Empty string | * LoadBalancer @@ -195,11 +195,11 @@ The following variables are customizable to specify the TLS termination procedur | Name | Description | Default | | ------------------------------ | ---------------------------------------- | ------------- | -| tower_loadbalancer_annotations | LoadBalancer annotations | Empty string | -| tower_loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | -| tower_loadbalancer_port | Port used for Loadbalancer ingress | 80 | +| loadbalancer_annotations | LoadBalancer annotations | Empty string | +| loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | +| loadbalancer_port | Port used for Loadbalancer ingress | 80 | -When setting up a Load Balancer for HTTPS you will be required to set the `tower_loadbalancer_port` to move the port away from `80`. +When setting up a Load Balancer for HTTPS you will be required to set the `loadbalancer_port` to move the port away from `80`. The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP. @@ -207,7 +207,7 @@ The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and #### External PostgreSQL Service -In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `tower_postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `-postgres-configuration`. +In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `-postgres-configuration`. The secret should be formatted as follows: @@ -246,11 +246,11 @@ The following variables are customizable for the managed PostgreSQL service | Name | Description | Default | | ------------------------------------ | ------------------------------------------ | --------------------------------- | -| tower_postgres_image | Path of the image to pull | postgres:12 | -| tower_postgres_resource_requirements | PostgreSQL container resource requirements | Empty object | -| tower_postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} | -| tower_postgres_storage_class | PostgreSQL PV storage class | Empty string | -| tower_postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` | +| postgres_image | Path of the image to pull | postgres:12 | +| postgres_resource_requirements | PostgreSQL container resource requirements | Empty object | +| postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} | +| postgres_storage_class | PostgreSQL PV storage class | Empty string | +| postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` | Example of customization could be: @@ -258,22 +258,22 @@ Example of customization could be: --- spec: ... - tower_postgres_resource_requirements: + postgres_resource_requirements: requests: cpu: 500m memory: 2Gi limits: cpu: 1 memory: 4Gi - tower_postgres_storage_requirements: + postgres_storage_requirements: requests: storage: 8Gi limits: storage: 50Gi - tower_postgres_storage_class: fast-ssd + postgres_storage_class: fast-ssd ``` -**Note**: If `tower_postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster. +**Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster. ### Advanced Configuration @@ -283,13 +283,13 @@ There are a few variables that are customizable for awx the image management. | Name | Description | | --------------------------| -------------------------- | -| tower_image | Path of the image to pull | -| tower_image_version | Image version to pull | -| tower_image_pull_policy | The pull policy to adopt | -| tower_image_pull_secret | The pull secret to use | -| tower_ee_images | A list of EEs to register | -| tower_redis_image | Path of the image to pull | -| tower_redis_image_version | Image version to pull | +| image | Path of the image to pull | +| image_version | Image version to pull | +| image_pull_policy | The pull policy to adopt | +| image_pull_secret | The pull secret to use | +| ee_images | A list of EEs to register | +| redis_image | Path of the image to pull | +| redis_image_version | Image version to pull | Example of customization could be: @@ -297,16 +297,16 @@ Example of customization could be: --- spec: ... - tower_image: myorg/my-custom-awx - tower_image_version: latest - tower_image_pull_policy: Always - tower_image_pull_secret: pull_secret_name - tower_ee_images: + image: myorg/my-custom-awx + image_version: latest + image_pull_policy: Always + image_pull_secret: pull_secret_name + ee_images: - name: my-custom-awx-ee image: myorg/my-custom-awx-ee ``` -**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file. +**Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file. #### Privileged Tasks @@ -316,7 +316,7 @@ Depending on the type of tasks that you'll be running, you may find that you nee --- spec: ... - tower_task_privileged: true + task_privileged: true ``` If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with: @@ -334,8 +334,8 @@ The resource requirements for both, the task and the web containers are configur | Name | Description | Default | | -------------------------------- | ------------------------------------ | ----------------------------------- | -| tower_web_resource_requirements | Web container resource requirements | requests: {cpu: 1000m, memory: 2Gi} | -| tower_task_resource_requirements | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi} | +| web_resource_requirements | Web container resource requirements | requests: {cpu: 1000m, memory: 2Gi} | +| task_resource_requirements | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi} | Example of customization could be: @@ -343,14 +343,14 @@ Example of customization could be: --- spec: ... - tower_web_resource_requirements: + web_resource_requirements: requests: cpu: 1000m memory: 2Gi limits: cpu: 2000m memory: 4Gi - tower_task_resource_requirements: + task_resource_requirements: requests: cpu: 500m memory: 1Gi @@ -361,19 +361,19 @@ spec: #### Assigning AWX pods to specific nodes -You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `tower_node_selector` and `tower_postgres_selector` constrains -the AWX pods to run only on the nodes that match all the specified key/value pairs. `tower_tolerations` and `tower_postgres_tolerations` allow the AWX +You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains +the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX pods to be scheduled onto nodes with matching taints. | Name | Description | Default | | -------------------------------| --------------------------- | ------- | -| tower_postgres_image | Path of the image to pull | 12 | -| tower_postgres_image_version | Image version to pull | 12 | -| tower_node_selector | AWX pods' nodeSelector | '' | -| tower_tolerations | AWX pods' tolerations | '' | -| tower_postgres_selector | Postgres pods' nodeSelector | '' | -| tower_postgres_tolerations | Postgres pods' tolerations | '' | +| postgres_image | Path of the image to pull | 12 | +| postgres_image_version | Image version to pull | 12 | +| node_selector | AWX pods' nodeSelector | '' | +| tolerations | AWX pods' tolerations | '' | +| postgres_selector | Postgres pods' nodeSelector | '' | +| postgres_tolerations | Postgres pods' tolerations | '' | Example of customization could be: @@ -381,20 +381,20 @@ Example of customization could be: --- spec: ... - tower_node_selector: | + node_selector: | disktype: ssd kubernetes.io/arch: amd64 kubernetes.io/os: linux - tower_tolerations: | + tolerations: | - key: "dedicated" operator: "Equal" value: "AWX" effect: "NoSchedule" - tower_postgres_selector: | + postgres_selector: | disktype: ssd kubernetes.io/arch: amd64 kubernetes.io/os: linux - tower_postgres_tolerations: | + postgres_tolerations: | - key: "dedicated" operator: "Equal" value: "AWX" @@ -431,11 +431,11 @@ In cases which you want to persist the `/var/lib/projects` directory, there are | Name | Description | Default | | -----------------------------------| ---------------------------------------------------------------------------------------------------- | ---------------| -| tower_projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false | -| tower_projects_storage_class | Define the PersistentVolume storage class | '' | -| tower_projects_storage_size | Define the PersistentVolume size | 8Gi | -| tower_projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany | -| tower_projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `tower_projects_storage_*`) | '' | +| projects_persistence | Whether or not the /var/lib/projects directory will be persistent | false | +| projects_storage_class | Define the PersistentVolume storage class | '' | +| projects_storage_size | Define the PersistentVolume size | 8Gi | +| projects_storage_access_mode | Define the PersistentVolume access mode | ReadWriteMany | +| projects_existing_claim | Define an existing PersistentVolumeClaim to use (cannot be combined with `projects_storage_*`) | '' | Example of customization when the `awx-operator` automatically handles the persistent volume could be: @@ -443,9 +443,9 @@ Example of customization when the `awx-operator` automatically handles the persi --- spec: ... - tower_projects_persistence: true - tower_projects_storage_class: rook-ceph - tower_projects_storage_size: 20Gi + projects_persistence: true + projects_storage_class: rook-ceph + projects_storage_size: 20Gi ``` #### Custom Volume and Volume Mount Options @@ -454,10 +454,10 @@ In a scenario where custom volumes and volume mounts are required to either over | Name | Description | Default | | ------------------------------ | -------------------------------------------------------- | ------- | -| tower_extra_volumes | Specify extra volumes to add to the application pod | '' | -| tower_web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | -| tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | -| tower_ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' | +| extra_volumes | Specify extra volumes to add to the application pod | '' | +| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | +| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | +| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' | Example configuration for ConfigMap @@ -484,17 +484,17 @@ Example spec file for volumes and volume mounts --- spec: ... - tower_ee_extra_volume_mounts: | + ee_extra_volume_mounts: | - name: ansible-cfg mountPath: /etc/ansible/ansible.cfg subPath: ansible.cfg - tower_task_extra_volume_mounts: | + task_extra_volume_mounts: | - name: custom-py mountPath: /etc/tower/conf.d/custom.py subPath: custom.py - tower_extra_volumes: | + extra_volumes: | - name: ansible-cfg configMap: defaultMode: 420 @@ -520,24 +520,24 @@ If you need to export custom environment variables to your containers. | Name | Description | Default | | ----------------------------- | -------------------------------------------------------- | ------- | -| tower_task_extra_env | Environment variables to be added to Task container | '' | -| tower_web_extra_env | Environment variables to be added to Web container | '' | +| task_extra_env | Environment variables to be added to Task container | '' | +| web_extra_env | Environment variables to be added to Web container | '' | Example configuration of environment variables ```yaml spec: - tower_task_extra_env: | + task_extra_env: | - name: MYCUSTOMVAR value: foo - tower_web_extra_env: | + web_extra_env: | - name: MYCUSTOMVAR value: foo ``` ### Upgrading -To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `tower_image_version` variable in `roles/installer/defaults/main.yml` for that particular release. +To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release. Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment. diff --git a/ansible/instantiate-awx-deployment.yml b/ansible/instantiate-awx-deployment.yml index 3a0c4175..036ae89c 100644 --- a/ansible/instantiate-awx-deployment.yml +++ b/ansible/instantiate-awx-deployment.yml @@ -18,13 +18,13 @@ metadata: name: awx spec: - tower_admin_user: admin - tower_admin_email: admin@localhost - tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer - tower_image: "{{ tower_image | default(omit) }}" - tower_image_version: "{{ tower_image_version | default(omit) }}" + admin_user: admin + admin_email: admin@localhost + ingress_type: "{{ ingress_type | default(omit) }}" # Either Route, Ingress or LoadBalancer + image: "{{ image | default(omit) }}" + image_version: "{{ image_version | default(omit) }}" development_mode: "{{ development_mode | default(omit) | bool }}" - tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}" - # tower_ee_images: + image_pull_policy: "{{ image_pull_policy | default(omit) }}" + # ee_images: # - name: test-ee # image: quay.io//awx-ee diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 32b370ed..41c40023 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -35,42 +35,42 @@ spec: description: apiVersion of the deployment type type: string default: awx.ansible.com/v1beta1 - tower_task_privileged: + task_privileged: description: If a privileged security context should be enabled type: boolean default: false - tower_admin_user: + admin_user: description: Username to use for the admin account type: string default: admin - tower_hostname: + hostname: description: The hostname of the instance type: string - tower_admin_email: + admin_email: description: The admin user email type: string - tower_admin_password_secret: + admin_password_secret: description: Secret where the admin password can be found type: string - tower_postgres_configuration_secret: + postgres_configuration_secret: description: Secret where the database configuration can be found type: string - tower_old_postgres_configuration_secret: + old_postgres_configuration_secret: description: Secret where the old database configuration can be found for data migration type: string postgres_label_selector: description: Label selector used to identify postgres pod for data migration type: string - tower_secret_key_secret: + secret_key_secret: description: Secret where the secret key can be found type: string - tower_broadcast_websocket_secret: + broadcast_websocket_secret: description: Secret where the broadcast websocket secret can be found type: string - tower_extra_volumes: + extra_volumes: description: Specify extra volumes to add to the application pod type: string - tower_ingress_type: + ingress_type: description: The ingress type to use to reach the deployed instance type: string enum: @@ -83,30 +83,30 @@ spec: - loadbalancer - NodePort - nodeport - tower_ingress_annotations: + ingress_annotations: description: Annotations to add to the ingress type: string - tower_ingress_tls_secret: + ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string - tower_loadbalancer_annotations: + loadbalancer_annotations: description: Annotations to add to the loadbalancer type: string - tower_loadbalancer_protocol: + loadbalancer_protocol: description: Protocol to use for the loadbalancer type: string default: http enum: - http - https - tower_loadbalancer_port: + loadbalancer_port: description: Port to use for the loadbalancer type: integer default: 80 - tower_route_host: + route_host: description: The DNS to use to points to the instance type: string - tower_route_tls_termination_mechanism: + route_tls_termination_mechanism: description: The secure TLS termination mechanism to use type: string default: Edge @@ -115,25 +115,25 @@ spec: - edge - Passthrough - passthrough - tower_route_tls_secret: + route_tls_secret: description: Secret where the TLS related credentials are stored type: string - tower_node_selector: - description: nodeSelector for the AWX pods + node_selector: + description: nodeSelector for the pods type: string - tower_service_labels: + service_labels: description: Additional labels to apply to the service type: string - tower_tolerations: - description: node tolerations for the AWX pods + tolerations: + description: node tolerations for the pods type: string - tower_image: + image: description: Registry path to the application container to use type: string - tower_image_version: + image_version: description: Application container image version to use type: string - tower_ee_images: + ee_images: description: Registry path to the Execution Environment container to use type: array items: @@ -143,7 +143,7 @@ spec: type: string image: type: string - tower_image_pull_policy: + image_pull_policy: description: The image pull policy type: string default: IfNotPresent @@ -154,10 +154,10 @@ spec: - never - IfNotPresent - ifnotpresent - tower_image_pull_secret: + image_pull_secret: description: The image pull secret type: string - tower_task_resource_requirements: + task_resource_requirements: description: Resource requirements for the task container properties: requests: @@ -179,7 +179,7 @@ spec: type: string type: object type: object - tower_web_resource_requirements: + web_resource_requirements: description: Resource requirements for the web container properties: requests: @@ -201,67 +201,67 @@ spec: type: string type: object type: object - tower_replicas: + replicas: description: Number of instance replicas type: integer default: 1 format: int32 - tower_garbage_collect_secrets: + garbage_collect_secrets: description: Whether or not to remove secrets upon instance removal default: false type: boolean - tower_create_preload_data: - description: Whether or not to preload data upon Tower instance creation + create_preload_data: + description: Whether or not to preload data upon instance creation default: true type: boolean - tower_task_args: + task_args: type: array items: type: string - tower_task_command: + task_command: type: array items: type: string - tower_web_args: + web_args: type: array items: type: string - tower_web_command: + web_command: type: array items: type: string - tower_task_extra_env: + task_extra_env: type: string - tower_web_extra_env: + web_extra_env: type: string - tower_ee_extra_volume_mounts: + ee_extra_volume_mounts: description: Specify volume mounts to be added to Execution container type: string - tower_task_extra_volume_mounts: + task_extra_volume_mounts: description: Specify volume mounts to be added to Task container type: string - tower_web_extra_volume_mounts: + web_extra_volume_mounts: description: Specify volume mounts to be added to the Web container type: string - tower_redis_image: + redis_image: description: Registry path to the redis container to use type: string - tower_redis_image_version: + redis_image_version: description: Redis container image version to use type: string - tower_postgres_image: + postgres_image: description: Registry path to the PostgreSQL container to use type: string - tower_postgres_image_version: + postgres_image_version: description: PostgreSQL container image version to use type: string - tower_postgres_selector: + postgres_selector: description: nodeSelector for the Postgres pods type: string - tower_postgres_tolerations: + postgres_tolerations: description: node tolerations for the Postgres pods type: string - tower_postgres_storage_requirements: + postgres_storage_requirements: description: Storage requirements for the PostgreSQL container properties: requests: @@ -275,7 +275,7 @@ spec: type: string type: object type: object - tower_postgres_resource_requirements: + postgres_resource_requirements: description: Resource requirements for the PostgreSQL container properties: requests: @@ -293,10 +293,10 @@ spec: type: string type: object type: object - tower_postgres_storage_class: + postgres_storage_class: description: Storage class to use for the PostgreSQL PVC type: string - tower_postgres_data_path: + postgres_data_path: description: Path where the PostgreSQL data are located type: string ca_trust_bundle: @@ -308,27 +308,27 @@ spec: ldap_cacert_secret: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string - tower_projects_persistence: + projects_persistence: description: Whether or not the /var/lib/projects directory will be persistent default: false type: boolean - tower_projects_use_existing_claim: + projects_use_existing_claim: description: Using existing PersistentVolumeClaim type: string enum: - _Yes_ - _No_ - tower_projects_existing_claim: + projects_existing_claim: description: PersistentVolumeClaim to mount /var/lib/projects directory type: string - tower_projects_storage_class: + projects_storage_class: description: Storage class for the /var/lib/projects PersistentVolumeClaim type: string - tower_projects_storage_size: + projects_storage_size: description: Size for the /var/lib/projects PersistentVolumeClaim default: 8Gi type: string - tower_projects_storage_access_mode: + projects_storage_access_mode: description: AccessMode for the /var/lib/projects PersistentVolumeClaim default: ReadWriteMany type: string @@ -345,13 +345,13 @@ spec: type: object status: properties: - towerURL: + URL: description: URL to access the deployed instance type: string - towerAdminUser: + adminUser: description: Admin user of the deployed instance type: string - towerAdminPasswordSecret: + adminPasswordSecret: description: Admin password secret name of the deployed instance type: string postgresConfigurationSecret: @@ -363,13 +363,13 @@ spec: secretKeySecret: description: Secret key secret name of the deployed instance type: string - towerMigratedFromSecret: - description: The secret used for migrating an old Tower. + migratedFromSecret: + description: The secret used for migrating an old instance. type: string - towerVersion: + version: description: Version of the deployed instance type: string - towerImage: + image: description: URL of the image used for the deployed instance type: string conditions: diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index e682d082..a7e3fc59 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -37,42 +37,42 @@ spec: description: apiVersion of the deployment type type: string default: awx.ansible.com/v1beta1 - tower_task_privileged: + task_privileged: description: If a privileged security context should be enabled type: boolean default: false - tower_admin_user: + admin_user: description: Username to use for the admin account type: string default: admin - tower_hostname: + hostname: description: The hostname of the instance type: string - tower_admin_email: + admin_email: description: The admin user email type: string - tower_admin_password_secret: + admin_password_secret: description: Secret where the admin password can be found type: string - tower_postgres_configuration_secret: + postgres_configuration_secret: description: Secret where the database configuration can be found type: string - tower_old_postgres_configuration_secret: + old_postgres_configuration_secret: description: Secret where the old database configuration can be found for data migration type: string postgres_label_selector: description: Label selector used to identify postgres pod for data migration type: string - tower_secret_key_secret: + secret_key_secret: description: Secret where the secret key can be found type: string - tower_broadcast_websocket_secret: + broadcast_websocket_secret: description: Secret where the broadcast websocket secret can be found type: string - tower_extra_volumes: + extra_volumes: description: Specify extra volumes to add to the application pod type: string - tower_ingress_type: + ingress_type: description: The ingress type to use to reach the deployed instance type: string enum: @@ -85,30 +85,30 @@ spec: - loadbalancer - NodePort - nodeport - tower_ingress_annotations: + ingress_annotations: description: Annotations to add to the ingress type: string - tower_ingress_tls_secret: + ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string - tower_loadbalancer_annotations: + loadbalancer_annotations: description: Annotations to add to the loadbalancer type: string - tower_loadbalancer_protocol: + loadbalancer_protocol: description: Protocol to use for the loadbalancer type: string default: http enum: - http - https - tower_loadbalancer_port: + loadbalancer_port: description: Port to use for the loadbalancer type: integer default: 80 - tower_route_host: + route_host: description: The DNS to use to points to the instance type: string - tower_route_tls_termination_mechanism: + route_tls_termination_mechanism: description: The secure TLS termination mechanism to use type: string default: Edge @@ -117,25 +117,25 @@ spec: - edge - Passthrough - passthrough - tower_route_tls_secret: + route_tls_secret: description: Secret where the TLS related credentials are stored type: string - tower_node_selector: - description: nodeSelector for the AWX pods + node_selector: + description: nodeSelector for the pods type: string - tower_service_labels: + service_labels: description: Additional labels to apply to the service type: string - tower_tolerations: - description: node tolerations for the AWX pods + tolerations: + description: node tolerations for the pods type: string - tower_image: + image: description: Registry path to the application container to use type: string - tower_image_version: + image_version: description: Application container image version to use type: string - tower_ee_images: + ee_images: description: Registry path to the Execution Environment container to use type: array items: @@ -145,7 +145,7 @@ spec: type: string image: type: string - tower_image_pull_policy: + image_pull_policy: description: The image pull policy type: string default: IfNotPresent @@ -156,10 +156,10 @@ spec: - never - IfNotPresent - ifnotpresent - tower_image_pull_secret: + image_pull_secret: description: The image pull secret type: string - tower_task_resource_requirements: + task_resource_requirements: description: Resource requirements for the task container properties: requests: @@ -181,7 +181,7 @@ spec: type: string type: object type: object - tower_web_resource_requirements: + web_resource_requirements: description: Resource requirements for the web container properties: requests: @@ -203,67 +203,67 @@ spec: type: string type: object type: object - tower_replicas: + replicas: description: Number of instance replicas type: integer default: 1 format: int32 - tower_garbage_collect_secrets: + garbage_collect_secrets: description: Whether or not to remove secrets upon instance removal default: false type: boolean - tower_create_preload_data: - description: Whether or not to preload data upon Tower instance creation + create_preload_data: + description: Whether or not to preload data upon instance creation default: true type: boolean - tower_task_args: + task_args: type: array items: type: string - tower_task_command: + task_command: type: array items: type: string - tower_web_args: + web_args: type: array items: type: string - tower_web_command: + web_command: type: array items: type: string - tower_task_extra_env: + task_extra_env: type: string - tower_web_extra_env: + web_extra_env: type: string - tower_ee_extra_volume_mounts: + ee_extra_volume_mounts: description: Specify volume mounts to be added to Execution container type: string - tower_task_extra_volume_mounts: + task_extra_volume_mounts: description: Specify volume mounts to be added to Task container type: string - tower_web_extra_volume_mounts: + web_extra_volume_mounts: description: Specify volume mounts to be added to the Web container type: string - tower_redis_image: + redis_image: description: Registry path to the redis container to use type: string - tower_redis_image_version: + redis_image_version: description: Redis container image version to use type: string - tower_postgres_image: + postgres_image: description: Registry path to the PostgreSQL container to use type: string - tower_postgres_image_version: + postgres_image_version: description: PostgreSQL container image version to use type: string - tower_postgres_selector: + postgres_selector: description: nodeSelector for the Postgres pods type: string - tower_postgres_tolerations: + postgres_tolerations: description: node tolerations for the Postgres pods type: string - tower_postgres_storage_requirements: + postgres_storage_requirements: description: Storage requirements for the PostgreSQL container properties: requests: @@ -277,7 +277,7 @@ spec: type: string type: object type: object - tower_postgres_resource_requirements: + postgres_resource_requirements: description: Resource requirements for the PostgreSQL container properties: requests: @@ -295,10 +295,10 @@ spec: type: string type: object type: object - tower_postgres_storage_class: + postgres_storage_class: description: Storage class to use for the PostgreSQL PVC type: string - tower_postgres_data_path: + postgres_data_path: description: Path where the PostgreSQL data are located type: string ca_trust_bundle: @@ -310,27 +310,27 @@ spec: ldap_cacert_secret: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string - tower_projects_persistence: + projects_persistence: description: Whether or not the /var/lib/projects directory will be persistent default: false type: boolean - tower_projects_use_existing_claim: + projects_use_existing_claim: description: Using existing PersistentVolumeClaim type: string enum: - _Yes_ - _No_ - tower_projects_existing_claim: + projects_existing_claim: description: PersistentVolumeClaim to mount /var/lib/projects directory type: string - tower_projects_storage_class: + projects_storage_class: description: Storage class for the /var/lib/projects PersistentVolumeClaim type: string - tower_projects_storage_size: + projects_storage_size: description: Size for the /var/lib/projects PersistentVolumeClaim default: 8Gi type: string - tower_projects_storage_access_mode: + projects_storage_access_mode: description: AccessMode for the /var/lib/projects PersistentVolumeClaim default: ReadWriteMany type: string @@ -347,13 +347,13 @@ spec: type: object status: properties: - towerURL: + URL: description: URL to access the deployed instance type: string - towerAdminUser: + adminUser: description: Admin user of the deployed instance type: string - towerAdminPasswordSecret: + adminPasswordSecret: description: Admin password secret name of the deployed instance type: string postgresConfigurationSecret: @@ -365,13 +365,13 @@ spec: secretKeySecret: description: Secret key secret name of the deployed instance type: string - towerMigratedFromSecret: - description: The secret used for migrating an old Tower. + migratedFromSecret: + description: The secret used for migrating an old instance. type: string - towerVersion: + version: description: Version of the deployed instance type: string - towerImage: + image: description: URL of the image used for the deployed instance type: string conditions: diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 32b370ed..41c40023 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -35,42 +35,42 @@ spec: description: apiVersion of the deployment type type: string default: awx.ansible.com/v1beta1 - tower_task_privileged: + task_privileged: description: If a privileged security context should be enabled type: boolean default: false - tower_admin_user: + admin_user: description: Username to use for the admin account type: string default: admin - tower_hostname: + hostname: description: The hostname of the instance type: string - tower_admin_email: + admin_email: description: The admin user email type: string - tower_admin_password_secret: + admin_password_secret: description: Secret where the admin password can be found type: string - tower_postgres_configuration_secret: + postgres_configuration_secret: description: Secret where the database configuration can be found type: string - tower_old_postgres_configuration_secret: + old_postgres_configuration_secret: description: Secret where the old database configuration can be found for data migration type: string postgres_label_selector: description: Label selector used to identify postgres pod for data migration type: string - tower_secret_key_secret: + secret_key_secret: description: Secret where the secret key can be found type: string - tower_broadcast_websocket_secret: + broadcast_websocket_secret: description: Secret where the broadcast websocket secret can be found type: string - tower_extra_volumes: + extra_volumes: description: Specify extra volumes to add to the application pod type: string - tower_ingress_type: + ingress_type: description: The ingress type to use to reach the deployed instance type: string enum: @@ -83,30 +83,30 @@ spec: - loadbalancer - NodePort - nodeport - tower_ingress_annotations: + ingress_annotations: description: Annotations to add to the ingress type: string - tower_ingress_tls_secret: + ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string - tower_loadbalancer_annotations: + loadbalancer_annotations: description: Annotations to add to the loadbalancer type: string - tower_loadbalancer_protocol: + loadbalancer_protocol: description: Protocol to use for the loadbalancer type: string default: http enum: - http - https - tower_loadbalancer_port: + loadbalancer_port: description: Port to use for the loadbalancer type: integer default: 80 - tower_route_host: + route_host: description: The DNS to use to points to the instance type: string - tower_route_tls_termination_mechanism: + route_tls_termination_mechanism: description: The secure TLS termination mechanism to use type: string default: Edge @@ -115,25 +115,25 @@ spec: - edge - Passthrough - passthrough - tower_route_tls_secret: + route_tls_secret: description: Secret where the TLS related credentials are stored type: string - tower_node_selector: - description: nodeSelector for the AWX pods + node_selector: + description: nodeSelector for the pods type: string - tower_service_labels: + service_labels: description: Additional labels to apply to the service type: string - tower_tolerations: - description: node tolerations for the AWX pods + tolerations: + description: node tolerations for the pods type: string - tower_image: + image: description: Registry path to the application container to use type: string - tower_image_version: + image_version: description: Application container image version to use type: string - tower_ee_images: + ee_images: description: Registry path to the Execution Environment container to use type: array items: @@ -143,7 +143,7 @@ spec: type: string image: type: string - tower_image_pull_policy: + image_pull_policy: description: The image pull policy type: string default: IfNotPresent @@ -154,10 +154,10 @@ spec: - never - IfNotPresent - ifnotpresent - tower_image_pull_secret: + image_pull_secret: description: The image pull secret type: string - tower_task_resource_requirements: + task_resource_requirements: description: Resource requirements for the task container properties: requests: @@ -179,7 +179,7 @@ spec: type: string type: object type: object - tower_web_resource_requirements: + web_resource_requirements: description: Resource requirements for the web container properties: requests: @@ -201,67 +201,67 @@ spec: type: string type: object type: object - tower_replicas: + replicas: description: Number of instance replicas type: integer default: 1 format: int32 - tower_garbage_collect_secrets: + garbage_collect_secrets: description: Whether or not to remove secrets upon instance removal default: false type: boolean - tower_create_preload_data: - description: Whether or not to preload data upon Tower instance creation + create_preload_data: + description: Whether or not to preload data upon instance creation default: true type: boolean - tower_task_args: + task_args: type: array items: type: string - tower_task_command: + task_command: type: array items: type: string - tower_web_args: + web_args: type: array items: type: string - tower_web_command: + web_command: type: array items: type: string - tower_task_extra_env: + task_extra_env: type: string - tower_web_extra_env: + web_extra_env: type: string - tower_ee_extra_volume_mounts: + ee_extra_volume_mounts: description: Specify volume mounts to be added to Execution container type: string - tower_task_extra_volume_mounts: + task_extra_volume_mounts: description: Specify volume mounts to be added to Task container type: string - tower_web_extra_volume_mounts: + web_extra_volume_mounts: description: Specify volume mounts to be added to the Web container type: string - tower_redis_image: + redis_image: description: Registry path to the redis container to use type: string - tower_redis_image_version: + redis_image_version: description: Redis container image version to use type: string - tower_postgres_image: + postgres_image: description: Registry path to the PostgreSQL container to use type: string - tower_postgres_image_version: + postgres_image_version: description: PostgreSQL container image version to use type: string - tower_postgres_selector: + postgres_selector: description: nodeSelector for the Postgres pods type: string - tower_postgres_tolerations: + postgres_tolerations: description: node tolerations for the Postgres pods type: string - tower_postgres_storage_requirements: + postgres_storage_requirements: description: Storage requirements for the PostgreSQL container properties: requests: @@ -275,7 +275,7 @@ spec: type: string type: object type: object - tower_postgres_resource_requirements: + postgres_resource_requirements: description: Resource requirements for the PostgreSQL container properties: requests: @@ -293,10 +293,10 @@ spec: type: string type: object type: object - tower_postgres_storage_class: + postgres_storage_class: description: Storage class to use for the PostgreSQL PVC type: string - tower_postgres_data_path: + postgres_data_path: description: Path where the PostgreSQL data are located type: string ca_trust_bundle: @@ -308,27 +308,27 @@ spec: ldap_cacert_secret: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string - tower_projects_persistence: + projects_persistence: description: Whether or not the /var/lib/projects directory will be persistent default: false type: boolean - tower_projects_use_existing_claim: + projects_use_existing_claim: description: Using existing PersistentVolumeClaim type: string enum: - _Yes_ - _No_ - tower_projects_existing_claim: + projects_existing_claim: description: PersistentVolumeClaim to mount /var/lib/projects directory type: string - tower_projects_storage_class: + projects_storage_class: description: Storage class for the /var/lib/projects PersistentVolumeClaim type: string - tower_projects_storage_size: + projects_storage_size: description: Size for the /var/lib/projects PersistentVolumeClaim default: 8Gi type: string - tower_projects_storage_access_mode: + projects_storage_access_mode: description: AccessMode for the /var/lib/projects PersistentVolumeClaim default: ReadWriteMany type: string @@ -345,13 +345,13 @@ spec: type: object status: properties: - towerURL: + URL: description: URL to access the deployed instance type: string - towerAdminUser: + adminUser: description: Admin user of the deployed instance type: string - towerAdminPasswordSecret: + adminPasswordSecret: description: Admin password secret name of the deployed instance type: string postgresConfigurationSecret: @@ -363,13 +363,13 @@ spec: secretKeySecret: description: Secret key secret name of the deployed instance type: string - towerMigratedFromSecret: - description: The secret used for migrating an old Tower. + migratedFromSecret: + description: The secret used for migrating an old instance. type: string - towerVersion: + version: description: Version of the deployed instance type: string - towerImage: + image: description: URL of the image used for the deployed instance type: string conditions: diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml index f81db42b..bd1452d2 100644 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ b/deploy/crds/awx_v1beta1_molecule.yaml @@ -6,12 +6,12 @@ metadata: namespace: example-awx spec: deployment_type: awx - tower_ingress_type: ingress - tower_web_resource_requirements: + ingress_type: ingress + web_resource_requirements: requests: cpu: 500m memory: 128M - tower_task_resource_requirements: + task_resource_requirements: requests: cpu: 500m memory: 128M diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 2e9f2b71..e7953b41 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -13,14 +13,14 @@ metadata: }, "spec": { "deployment_type": "awx", - "tower_ingress_type": "ingress", - "tower_task_resource_requirements": { + "ingress_type": "ingress", + "task_resource_requirements": { "requests": { "cpu": "500m", "memory": "128M" } }, - "tower_web_resource_requirements": { + "web_resource_requirements": { "requests": { "cpu": "500m", "memory": "128M" @@ -125,7 +125,7 @@ spec: statusDescriptors: - displayName: Restore status description: The state of the restore - path: towerRestoreComplete + path: restoreComplete x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text - description: A AWX Instance @@ -134,47 +134,47 @@ spec: name: awxs.awx.ansible.com specDescriptors: - displayName: Hostname - path: tower_hostname + path: hostname x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - displayName: Admin account username - path: tower_admin_user + path: admin_user x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - displayName: Admin email address - path: tower_admin_email + path: admin_email x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - displayName: Admin password secret - path: tower_admin_password_secret + path: admin_password_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - displayName: Database configuration secret - path: tower_postgres_configuration_secret + path: postgres_configuration_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - displayName: Old Database configuration secret - path: tower_old_postgres_configuration_secret + path: old_postgres_configuration_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - displayName: Secret key secret - path: tower_secret_key_secret + path: secret_key_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - displayName: Broadcast Websocket Secret - path: tower_broadcast_websocket_secret + path: broadcast_websocket_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - displayName: Ingress Type - path: tower_ingress_type + path: ingress_type x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:select:none @@ -182,98 +182,98 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:Route - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:select:NodePort - - displayName: Tower Ingress Annotations - path: tower_ingress_annotations + - displayName: Ingress Annotations + path: ingress_annotations x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress - - displayName: Tower Ingress TLS Secret - path: tower_ingress_tls_secret + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress + - displayName: Ingress TLS Secret + path: ingress_tls_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress - - displayName: Tower LoadBalancer Annotations - path: tower_loadbalancer_annotations + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress + - displayName: LoadBalancer Annotations + path: loadbalancer_annotations x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer - - displayName: Tower LoadBalancer Protocol - path: tower_loadbalancer_protocol + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer + - displayName: LoadBalancer Protocol + path: loadbalancer_protocol x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:select:http - urn:alm:descriptor:com.tectonic.ui:select:https - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer - - displayName: Tower LoadBalancer Port - path: tower_loadbalancer_port + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer + - displayName: LoadBalancer Port + path: loadbalancer_port x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:number - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:LoadBalancer - displayName: Route DNS host - path: tower_route_host + path: route_host x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - displayName: Route TLS termination mechanism - path: tower_route_tls_termination_mechanism + path: route_tls_termination_mechanism x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:select:Edge - urn:alm:descriptor:com.tectonic.ui:select:Passthrough - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - displayName: Route TLS credential secret - path: tower_route_tls_secret + path: route_tls_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - displayName: Image Pull Policy - path: tower_image_pull_policy + path: image_pull_policy x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - displayName: Image Pull Secret - path: tower_image_pull_secret + path: image_pull_secret x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:imagePullSecret - displayName: Web container resource requirements - path: tower_web_resource_requirements + path: web_resource_requirements x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - displayName: Task container resource requirements - path: tower_task_resource_requirements + path: task_resource_requirements x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - displayName: PostgreSQL container resource requirements (when using a managed instance) - path: tower_postgres_resource_requirements + path: postgres_resource_requirements x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - displayName: PostgreSQL container storage requirements (when using a managed instance) - path: tower_postgres_storage_requirements + path: postgres_storage_requirements x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - displayName: Replicas - path: tower_replicas + path: replicas x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:number - displayName: Remove used secrets on instance removal ? - path: tower_garbage_collect_secrets + path: garbage_collect_secrets x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - displayName: Preload instance with data upon creation ? - path: tower_create_preload_data + path: create_preload_data x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch @@ -283,8 +283,8 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Should Tower Task container deployed with privileged level ? - path: tower_task_privileged + - displayName: Should the task container deployed with privileged level ? + path: task_privileged x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch @@ -304,53 +304,53 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Image - path: tower_image + - displayName: Image + path: image x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Image Version - path: tower_image_version + - displayName: Image Version + path: image_version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Redis Image - path: tower_redis_image + path: redis_image x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Redis Image Version - path: tower_redis_image_version + path: redis_image_version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: PostgreSQL Image - path: tower_postgres_image + path: postgres_image x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: PostgreSQL Image Version - path: tower_postgres_image_version + path: postgres_image_version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Postgres Selector - path: tower_postgres_selector + - displayName: Postgres Selector + path: postgres_selector x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Postgres Tolerations - path: tower_postgres_tolerations + - displayName: Postgres Tolerations + path: postgres_tolerations x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Postgres Storage Class - path: tower_postgres_storage_class + - displayName: Postgres Storage Class + path: postgres_storage_class x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Postgres Datapath - path: tower_postgres_data_path + - displayName: Postgres Datapath + path: postgres_data_path x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden @@ -364,121 +364,121 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Tower Task Args - path: tower_task_args + - displayName: Task Args + path: task_args x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Enable persistence for /var/lib/projects directory? - path: tower_projects_persistence + path: projects_persistence x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - displayName: Use existing Persistent Claim? - path: tower_projects_use_existing_claim + path: projects_use_existing_claim x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:select:_Yes_ - urn:alm:descriptor:com.tectonic.ui:select:_No_ - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_persistence:true - - displayName: Tower Projects Existing Persistent Claim - path: tower_projects_existing_claim + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true + - displayName: Projects Existing Persistent Claim + path: projects_existing_claim x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_ + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_ - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim - - description: Tower Projects Storage Class Name. If not present, the default + - description: Projects Storage Class Name. If not present, the default storage class will be used. - displayName: Tower Projects Storage Class Name - path: tower_projects_storage_class + displayName: Projects Storage Class Name + path: projects_storage_class x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:text - - description: Tower Projects Storage Size - displayName: Tower Projects Storage Size - path: tower_projects_storage_size + - description: Projects Storage Size + displayName: Projects Storage Size + path: projects_storage_size x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:text - - description: Tower Projects Storage Access Mode - displayName: Tower Projects Storage Access Mode - path: tower_projects_storage_access_mode + - description: Projects Storage Access Mode + displayName: Projects Storage Access Mode + path: projects_storage_access_mode x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Tower Task Command - path: tower_task_command + - displayName: Task Command + path: task_command x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Task Extra Env + - displayName: Task Extra Env description: Environment variables to be added to Task container - path: tower_task_extra_env + path: task_extra_env x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: - path: tower_ee_extra_volume_mounts + - displayName: EE Extra Volume Mounts + path: ee_extra_volume_mounts description: Specify volume mounts to be added to Execution container x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower EE Images + - displayName: EE Images description: Registry path to the Execution Environment container to use - path: tower_ee_images + path: ee_images x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Task Extra Volume Mounts + - displayName: Task Extra Volume Mounts description: Specify volume mounts to be added to Task container - path: tower_task_extra_volume_mounts + path: task_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Web Args - path: tower_web_args + - displayName: Web Args + path: web_args x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Web Command - path: tower_web_command + - displayName: Web Command + path: web_command x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Web Extra Env + - displayName: Web Extra Env description: Environment variables to be added to Web container - path: tower_web_extra_env + path: web_extra_env x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Web Extra Volume Mounts + - displayName: Web Extra Volume Mounts description: Specify volume mounts to be added to Web container - path: tower_web_extra_volume_mounts + path: web_extra_volume_mounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Extra Volumes + - displayName: Extra Volumes description: Specify extra volumes to add to the application pod - path: tower_extra_volumes + path: extra_volumes x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Node Selector - path: tower_node_selector + - displayName: Node Selector + path: node_selector x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Service Labels - path: tower_service_labels + - displayName: Service Labels + path: service_labels x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tower Tolerations - path: tower_tolerations + - displayName: Tolerations + path: tolerations x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden @@ -490,27 +490,27 @@ spec: statusDescriptors: - description: Route to access the instance deployed displayName: URL - path: towerURL + path: URL x-descriptors: - urn:alm:descriptor:org.w3:link - description: Admin user for the instance deployed displayName: Admin User - path: towerAdminUser + path: adminUser x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text - description: Admin password for the instance deployed displayName: Admin Password - path: towerAdminPasswordSecret + path: adminPasswordSecret x-descriptors: - urn:alm:descriptor:io.kubernetes:Secret - description: Version of the instance deployed displayName: Version - path: towerVersion + path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text - description: Image of the instance deployed displayName: Image - path: towerImage + path: image x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text version: v1beta1 diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index c241a63f..e527614d 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -41,24 +41,24 @@ spec: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string - tower_admin_email: + admin_email: description: The admin user email type: string - tower_admin_password_secret: + admin_password_secret: description: Secret where the admin password can be found type: string - tower_admin_user: + admin_user: default: admin description: Username to use for the admin account type: string - tower_broadcast_websocket_secret: + broadcast_websocket_secret: description: Secret where the broadcast websocket secret can be found type: string - tower_create_preload_data: + create_preload_data: default: true - description: Whether or not to preload data upon Tower instance creation + description: Whether or not to preload data upon instance creation type: boolean - tower_ee_images: + ee_images: description: Registry path to the Execution Environment container to use items: @@ -69,23 +69,23 @@ spec: type: string type: object type: array - tower_extra_volumes: + extra_volumes: description: Specify extra volumes to add to the application pod type: string - tower_garbage_collect_secrets: + garbage_collect_secrets: default: false description: Whether or not to remove secrets upon instance removal type: boolean - tower_hostname: + hostname: description: The hostname of the instance type: string - tower_image: + image: description: Registry path to the application container to use type: string - tower_image_version: + image_version: description: Application container image version to use type: string - tower_image_pull_policy: + image_pull_policy: default: IfNotPresent description: The image pull policy enum: @@ -96,16 +96,16 @@ spec: - IfNotPresent - ifnotpresent type: string - tower_image_pull_secret: + image_pull_secret: description: The image pull secret type: string - tower_ingress_annotations: + ingress_annotations: description: Annotations to add to the ingress type: string - tower_ingress_tls_secret: + ingress_tls_secret: description: Secret where the ingress TLS secret can be found type: string - tower_ingress_type: + ingress_type: description: The ingress type to use to reach the deployed instance enum: - none @@ -118,49 +118,49 @@ spec: - NodePort - nodeport type: string - tower_loadbalancer_annotations: + loadbalancer_annotations: description: Annotations to add to the loadbalancer type: string - tower_loadbalancer_port: + loadbalancer_port: default: 80 description: Port to use for the loadbalancer type: integer - tower_loadbalancer_protocol: + loadbalancer_protocol: default: http description: Protocol to use for the loadbalancer enum: - http - https type: string - tower_node_selector: - description: nodeSelector for the AWX pods + node_selector: + description: nodeSelector for the pods type: string - tower_service_labels: + service_labels: description: Additional labels to apply to the service type: string - tower_old_postgres_configuration_secret: + old_postgres_configuration_secret: description: Secret where the old database configuration can be found for data migration type: string - tower_postgres_configuration_secret: + postgres_configuration_secret: description: Secret where the database configuration can be found type: string - tower_postgres_data_path: + postgres_data_path: description: Path where the PostgreSQL data are located type: string - tower_postgres_image: + postgres_image: description: Registry path to the PostgreSQL container to use type: string - tower_postgres_image_version: + postgres_image_version: description: PostgreSQL container image version to use type: string - tower_postgres_selector: + postgres_selector: description: nodeSelector for the Postgres pods type: string - tower_postgres_tolerations: + postgres_tolerations: description: node tolerations for the Postgres pods type: string - tower_postgres_storage_requirements: + postgres_storage_requirements: description: Storage requirements for the PostgreSQL container properties: requests: @@ -174,7 +174,7 @@ spec: type: string type: object type: object - tower_postgres_resource_requirements: + postgres_resource_requirements: description: Resource requirements for the PostgreSQL container properties: requests: @@ -192,52 +192,52 @@ spec: type: string type: object type: object - tower_postgres_storage_class: + postgres_storage_class: description: Storage class to use for the PostgreSQL PVC type: string - tower_projects_existing_claim: + projects_existing_claim: description: PersistentVolumeClaim to mount /var/lib/projects directory type: string - tower_projects_persistence: + projects_persistence: default: false description: Whether or not the /var/lib/projects directory will be persistent type: boolean - tower_projects_storage_access_mode: + projects_storage_access_mode: default: ReadWriteMany description: AccessMode for the /var/lib/projects PersistentVolumeClaim type: string - tower_projects_storage_class: + projects_storage_class: description: Storage class for the /var/lib/projects PersistentVolumeClaim type: string - tower_projects_storage_size: + projects_storage_size: default: 8Gi description: Size for the /var/lib/projects PersistentVolumeClaim type: string - tower_projects_use_existing_claim: + projects_use_existing_claim: description: Using existing PersistentVolumeClaim enum: - _Yes_ - _No_ type: string - tower_redis_image: + redis_image: description: Registry path to the redis container to use type: string - tower_redis_image_version: + redis_image_version: description: Redis container image version to use type: string - tower_replicas: + replicas: default: 1 description: Number of instance replicas format: int32 type: integer - tower_route_host: + route_host: description: The DNS to use to points to the instance type: string - tower_route_tls_secret: + route_tls_secret: description: Secret where the TLS related credentials are stored type: string - tower_route_tls_termination_mechanism: + route_tls_termination_mechanism: default: Edge description: The secure TLS termination mechanism to use enum: @@ -246,31 +246,31 @@ spec: - Passthrough - passthrough type: string - tower_secret_key_secret: + secret_key_secret: description: Secret where the secret key can be found type: string - tower_task_args: + task_args: items: type: string type: array - tower_task_command: + task_command: items: type: string type: array - tower_task_extra_env: + task_extra_env: description: Environment variables to be added to Task container type: string - tower_ee_extra_volume_mounts: + ee_extra_volume_mounts: description: Specify volume mounts to be added to Execution container type: string - tower_task_extra_volume_mounts: + task_extra_volume_mounts: description: Specify volume mounts to be added to Task container type: string - tower_task_privileged: + task_privileged: default: false description: If a privileged security context should be enabled type: boolean - tower_task_resource_requirements: + task_resource_requirements: description: Resource requirements for the task container properties: limits: @@ -292,24 +292,24 @@ spec: type: string type: object type: object - tower_tolerations: - description: node tolerations for the AWX pods + tolerations: + description: node tolerations for the pods type: string - tower_web_args: + web_args: items: type: string type: array - tower_web_command: + web_command: items: type: string type: array - tower_web_extra_env: + web_extra_env: description: Environment variables to be added to Web container type: string - tower_web_extra_volume_mounts: + web_extra_volume_mounts: description: Specify volume mounts to be added to web container type: string - tower_web_resource_requirements: + web_resource_requirements: description: Resource requirements for the web container properties: limits: @@ -359,22 +359,22 @@ spec: type: string type: object type: array - towerAdminPasswordSecret: + adminPasswordSecret: description: Admin password of the deployed instance type: string - towerAdminUser: + adminUser: description: Admin user of the deployed instance type: string - towerImage: + image: description: URL of the image used for the deployed instance type: string - towerMigratedFromSecret: - description: The secret used for migrating an old Tower. + migratedFromSecret: + description: The secret used for migrating an old instance. type: string - towerURL: + URL: description: URL to access the deployed instance type: string - towerVersion: + version: description: Version of the deployed instance type: string type: object diff --git a/docs/migration.md b/docs/migration.md index e83397e1..dba853cd 100644 --- a/docs/migration.md +++ b/docs/migration.md @@ -45,7 +45,7 @@ type: Opaque If your AWX deployment is already using an external database server or its database is otherwise not managed by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`. -In the next section pass it in through `tower_postgres_configuration_secret` instead, omitting the `_old_` +In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_` from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing database and apply any pending migrations. It is strongly recommended to backup your database beforehand. @@ -62,6 +62,6 @@ kind: AWX metadata: name: awx spec: - tower_old_postgres_configuration_secret: -old-postgres-configuration + old_postgres_configuration_secret: -old-postgres-configuration ... ``` diff --git a/roles/backup/tasks/secrets.yml b/roles/backup/tasks/secrets.yml index 07f84895..0b839f13 100644 --- a/roles/backup/tasks/secrets.yml +++ b/roles/backup/tasks/secrets.yml @@ -15,7 +15,7 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: "{{ this_awx['resources'][0]['status']['towerAdminPasswordSecret'] }}" + name: "{{ this_awx['resources'][0]['status']['adminPasswordSecret'] }}" register: _admin_password - name: Set admin_password diff --git a/roles/backup/tasks/update_status.yml b/roles/backup/tasks/update_status.yml index a497e86a..d134e95a 100644 --- a/roles/backup/tasks/update_status.yml +++ b/roles/backup/tasks/update_status.yml @@ -1,7 +1,7 @@ --- # The backup directory in this status can be referenced when restoring -- name: Update Tower Backup status +- name: Update CR Backup status operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 58bc8fdb..60c8538f 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -6,180 +6,181 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1' database_name: "{{ deployment_type }}" database_username: "{{ deployment_type }}" -tower_task_privileged: false -tower_ingress_type: none +task_privileged: false +ingress_type: none # Custom labels for the tower service. Specify as literal block. E.g.: -# tower_service_labels: | +# service_labels: | # environment: non-production # zone: internal -tower_service_labels: '' +service_labels: '' # Add annotations to the ingress. Specify as literal block. E.g.: -# tower_ingress_annotations: | +# ingress_annotations: | # kubernetes.io/ingress.class: nginx # nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s -tower_ingress_annotations: '' +ingress_annotations: '' + # TLS secret for the ingress. The secret either has to exist before hand with # the corresponding cert and key or just be an indicator for where an automated # process like cert-manager (enabled via annotations) will store the TLS # certificate and key. -tower_ingress_tls_secret: '' +ingress_tls_secret: '' -tower_loadbalancer_protocol: 'http' -tower_loadbalancer_port: '80' -tower_loadbalancer_annotations: '' +loadbalancer_protocol: 'http' +loadbalancer_port: '80' +loadbalancer_annotations: '' # The TLS termination mechanism to use to access # the services. Supported mechanism are: edge, passthrough # -tower_route_tls_termination_mechanism: edge +route_tls_termination_mechanism: edge # Secret to lookup that provide the TLS specific # credentials to deploy # -tower_route_tls_secret: '' +route_tls_secret: '' # Host to create the root with. # If not specific will default to -- # -tower_route_host: '' +route_host: '' -tower_hostname: '{{ deployment_type }}.example.com' +hostname: '{{ deployment_type }}.example.com' # Add a nodeSelector for the AWX pods. It must match a node's labels for the pod # to be scheduled on that node. Specify as literal block. E.g.: -# tower_node_selector: | +# node_selector: | # disktype: ssd # kubernetes.io/arch: amd64 # kubernetes.io/os: linux -tower_node_selector: '' +node_selector: '' # Add node tolerations for the AWX pods. Specify as literal block. E.g.: -# tower_tolerations: | +# tolerations: | # - key: "dedicated" # operator: "Equal" # value: "AWX" # effect: "NoSchedule" -tower_tolerations: '' +tolerations: '' -tower_admin_user: admin -tower_admin_email: test@example.com +admin_user: admin +admin_email: test@example.com # Secret to lookup that provide the admin password # -tower_admin_password_secret: '' +admin_password_secret: '' # Secret to lookup that provide the broadcast websocket key # -tower_broadcast_websocket_secret: '' +broadcast_websocket_secret: '' # Secret to lookup that provide the secret key # -tower_secret_key_secret: '' +secret_key_secret: '' # Secret to lookup that provide the PostgreSQL configuration # -tower_postgres_configuration_secret: '' +postgres_configuration_secret: '' # Secret to lookup that provides old database credentials (for migration) -tower_old_postgres_configuration_secret: '' +old_postgres_configuration_secret: '' # Add extra volumes to the AWX pod. Specify as literal block. E.g.: -# tower_extra_volumes: | +# extra_volumes: | # - name: my-volume # emptyDir: {} -tower_extra_volumes: '' +extra_volumes: '' # Use these image versions for Ansible AWX. -tower_image: quay.io/ansible/awx -tower_image_version: 19.1.0 -tower_redis_image: docker.io/redis -tower_redis_image_version: latest -tower_postgres_image: postgres -tower_postgres_image_version: 12 -tower_image_pull_policy: IfNotPresent -tower_image_pull_secret: '' +image: quay.io/ansible/awx +image_version: 19.1.0 +redis_image: docker.io/redis +redis_image_version: latest +postgres_image: postgres +postgres_image_version: 12 +image_pull_policy: IfNotPresent +image_pull_secret: '' -tower_ee_images: +ee_images: - name: AWX EE 0.2.0 image: quay.io/ansible/awx-ee:0.2.0 -tower_create_preload_data: true +create_preload_data: true -tower_replicas: "1" +replicas: "1" -tower_task_args: +task_args: - /usr/bin/launch_awx_task.sh -tower_task_command: [] -tower_web_args: [] -tower_web_command: [] +task_command: [] +web_args: [] +web_command: [] -tower_task_resource_requirements: +task_resource_requirements: requests: cpu: 500m memory: 1Gi -tower_web_resource_requirements: +web_resource_requirements: requests: cpu: 1000m memory: 2Gi # Add extra environment variables to the AWX task/web containers. Specify as # literal block. E.g.: -# tower_task_extra_env: | +# task_extra_env: | # - name: FOO # value: bar # - name: BAZ # value: bing -tower_task_extra_env: '' -tower_web_extra_env: '' +task_extra_env: '' +web_extra_env: '' # Mount extra volumes on the AWX task/web containers. Specify as literal block. # E.g.: -# tower_task_extra_volume_mounts: '' +# task_extra_volume_mounts: '' # - name: my-volume # mountPath: /some/path -tower_task_extra_volume_mounts: '' -tower_web_extra_volume_mounts: '' -tower_ee_extra_volume_mounts: '' +task_extra_volume_mounts: '' +web_extra_volume_mounts: '' +ee_extra_volume_mounts: '' # Add a nodeSelector for the Postgres pods. # It must match a node's labels for the pod to be scheduled on that node. # Specify as literal block. E.g.: -# tower_postgres_selector: | +# postgres_selector: | # disktype: ssd # kubernetes.io/arch: amd64 # kubernetes.io/os: linux -tower_postgres_selector: '' +postgres_selector: '' # Add node tolerations for the Postgres pods. # Specify as literal block. E.g.: -# tower_postgres_tolerations: | +# postgres_tolerations: | # - key: "dedicated" # operator: "Equal" # value: "AWX" # effect: "NoSchedule" -tower_postgres_tolerations: '' -tower_postgres_storage_requirements: +postgres_tolerations: '' +postgres_storage_requirements: requests: storage: 8Gi -tower_postgres_resource_requirements: {} -tower_postgres_data_path: '/var/lib/postgresql/data/pgdata' +postgres_resource_requirements: {} +postgres_data_path: '/var/lib/postgresql/data/pgdata' # Persistence to the AWX project data folder # Whether or not the /var/lib/projects directory will be persistent -tower_projects_persistence: false +projects_persistence: false # # Define an existing PersistentVolumeClaim to use -tower_projects_existing_claim: '' +projects_existing_claim: '' # # Define the storage_class, size and access_mode # when not using an existing claim -tower_projects_storage_size: 8Gi -tower_projects_storage_access_mode: ReadWriteMany +projects_storage_size: 8Gi +projects_storage_access_mode: ReadWriteMany ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt" @@ -190,6 +191,6 @@ ldap_cacert_secret: '' # Whether secrets should be garbage collected # on teardown # -tower_garbage_collect_secrets: false +garbage_collect_secrets: false development_mode: false diff --git a/roles/installer/tasks/admin_password_configuration.yml b/roles/installer/tasks/admin_password_configuration.yml index 9f58e966..c32b91ba 100644 --- a/roles/installer/tasks/admin_password_configuration.yml +++ b/roles/installer/tasks/admin_password_configuration.yml @@ -3,9 +3,9 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_admin_password_secret }}' + name: '{{ admin_password_secret }}' register: _custom_admin_password - when: tower_admin_password_secret | length + when: admin_password_secret | length - name: Check for default admin password configuration k8s_info: @@ -22,7 +22,7 @@ - name: Create admin password secret k8s: apply: true - definition: "{{ lookup('template', 'tower_admin_password_secret.yaml.j2') }}" + definition: "{{ lookup('template', 'admin_password_secret.yaml.j2') }}" - name: Read admin password secret k8s_info: @@ -39,4 +39,4 @@ - name: Store admin password set_fact: - tower_admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}" + admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}" diff --git a/roles/installer/tasks/broadcast_websocket_configuration.yml b/roles/installer/tasks/broadcast_websocket_configuration.yml index e4b387ce..415affe4 100644 --- a/roles/installer/tasks/broadcast_websocket_configuration.yml +++ b/roles/installer/tasks/broadcast_websocket_configuration.yml @@ -3,9 +3,9 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_broadcast_websocket_secret }}' + name: '{{ broadcast_websocket_secret }}' register: _custom_broadcast_websocket - when: tower_broadcast_websocket_secret | length + when: broadcast_websocket_secret | length - name: Check for default broadcast websocket secret configuration k8s_info: @@ -23,7 +23,7 @@ - name: Create broadcast websocket secret k8s: apply: true - definition: "{{ lookup('template', 'tower_broadcast_websocket_secret.yaml.j2') }}" + definition: "{{ lookup('template', 'broadcast_websocket_secret.yaml.j2') }}" - name: Read broadcast websocket secret k8s_info: diff --git a/roles/installer/tasks/cleanup.yml b/roles/installer/tasks/cleanup.yml index 9f6fdc86..f4bffe37 100644 --- a/roles/installer/tasks/cleanup.yml +++ b/roles/installer/tasks/cleanup.yml @@ -2,12 +2,12 @@ - block: - name: Define secrets name set_fact: - _admin_password: '{{ tower_admin_password_secret | length | ternary(tower_admin_password_secret, meta.name + "-admin-password") }}' - _secret_key: '{{ tower_secret_key_secret | length | ternary(tower_secret_key_secret, meta.name + "-secret-key") }}' + _admin_password: '{{ admin_password_secret | length | ternary(admin_password_secret, meta.name + "-admin-password") }}' + _secret_key: '{{ secret_key_secret | length | ternary(secret_key_secret, meta.name + "-secret-key") }}' # yamllint disable-line rule:line-length - _broadcast_websocket_secret: '{{ tower_broadcast_websocket_secret | length | ternary(tower_broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204 + _broadcast_websocket_secret: '{{ broadcast_websocket_secret | length | ternary(broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204 # yamllint disable-line rule:line-length - _postgres_configuration: '{{ tower_postgres_configuration_secret | length | ternary(tower_postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204 + _postgres_configuration: '{{ postgres_configuration_secret | length | ternary(postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204 - name: Remove ownerReferences reference k8s: @@ -24,4 +24,4 @@ - '{{ _postgres_configuration }}' - '{{ _broadcast_websocket_secret }}' - when: not tower_garbage_collect_secrets | bool + when: not garbage_collect_secrets | bool diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index acf55554..667f1ae6 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -3,9 +3,9 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_postgres_configuration_secret }}' + name: '{{ postgres_configuration_secret }}' register: _custom_pg_config_resources - when: tower_postgres_configuration_secret | length + when: postgres_configuration_secret | length - name: Check for default PostgreSQL configuration k8s_info: @@ -18,9 +18,9 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_old_postgres_configuration_secret }}' + name: '{{ old_postgres_configuration_secret }}' register: _custom_old_pg_config_resources - when: tower_old_postgres_configuration_secret | length + when: old_postgres_configuration_secret | length - name: Check for default old PostgreSQL configuration k8s_info: @@ -50,7 +50,7 @@ - name: Create Database configuration k8s: apply: true - definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}" + definition: "{{ lookup('template', 'postgres_secret.yaml.j2') }}" - name: Read Database Configuration k8s_info: @@ -72,7 +72,7 @@ - name: Create Database if no database is specified k8s: apply: true - definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" + definition: "{{ lookup('template', 'postgres.yaml.j2') }}" register: create_statefulset_result rescue: @@ -101,7 +101,7 @@ - name: Recreate PostgreSQL statefulset with updated values k8s: apply: true - definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}" + definition: "{{ lookup('template', 'postgres.yaml.j2') }}" when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' - name: Store Database Configuration @@ -126,4 +126,4 @@ when: - old_pg_config['resources'] is defined - old_pg_config['resources'] | length - - this_awx['resources'][0]['status']['towerMigratedFromSecret'] is not defined + - this_awx['resources'][0]['status']['migratedFromSecret'] is not defined diff --git a/roles/installer/tasks/initialize_django.yml b/roles/installer/tasks/initialize_django.yml index 3e977e06..a5e790c5 100644 --- a/roles/installer/tasks/initialize_django.yml +++ b/roles/installer/tasks/initialize_django.yml @@ -6,7 +6,7 @@ container: "{{ meta.name }}-task" command: >- bash -c "echo 'from django.contrib.auth.models import User; - nsu = User.objects.filter(is_superuser=True, username='{{ tower_admin_user }}').count(); + nsu = User.objects.filter(is_superuser=True, username='{{ admin_user }}').count(); exit(0 if nsu > 0 else 1)' | awx-manage shell" ignore_errors: true @@ -19,7 +19,7 @@ pod: "{{ tower_pod_name }}" container: "{{ meta.name }}-task" command: >- - bash -c "awx-manage update_password --username '{{ tower_admin_user }}' --password '{{ tower_admin_password }}'" + bash -c "awx-manage update_password --username '{{ admin_user }}' --password '{{ admin_password }}'" register: update_pw_result changed_when: users_result.stdout == 'Password not updated' when: users_result.return_code == 0 @@ -31,7 +31,7 @@ container: "{{ meta.name }}-task" command: >- bash -c "echo \"from django.contrib.auth.models import User; - User.objects.create_superuser('{{ tower_admin_user }}', '{{ tower_admin_email }}', '{{ tower_admin_password }}')\" + User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\" | awx-manage shell" when: users_result.return_code > 0 @@ -44,4 +44,4 @@ bash -c "awx-manage create_preload_data" register: cdo changed_when: "'added' in cdo.stdout" - when: tower_create_preload_data | bool + when: create_preload_data | bool diff --git a/roles/installer/tasks/load_route_tls_secret.yml b/roles/installer/tasks/load_route_tls_secret.yml index 529e5851..07d54d9c 100644 --- a/roles/installer/tasks/load_route_tls_secret.yml +++ b/roles/installer/tasks/load_route_tls_secret.yml @@ -3,15 +3,15 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_route_tls_secret }}' + name: '{{ route_tls_secret }}' register: route_tls - name: Load Route TLS Secret content set_fact: - tower_route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}' - tower_route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}' + route_tls_key: '{{ route_tls["resources"][0]["data"]["tls.key"] | b64decode }}' + route_tls_crt: '{{ route_tls["resources"][0]["data"]["tls.crt"] | b64decode }}' - name: Load Route TLS Secret content set_fact: - tower_route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}' + route_ca_crt: '{{ route_tls["resources"][0]["data"]["ca.crt"] | b64decode }}' when: '"ca.crt" in route_tls["resources"][0]["data"]' diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index fe6d7189..1e50f7dc 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -37,8 +37,8 @@ - name: Load Route TLS certificate include_tasks: load_route_tls_secret.yml when: - - tower_ingress_type | lower == 'route' - - tower_route_tls_secret != '' + - ingress_type | lower == 'route' + - route_tls_secret != '' - name: Include resources configuration tasks include_tasks: resources_configuration.yml diff --git a/roles/installer/tasks/resources_configuration.yml b/roles/installer/tasks/resources_configuration.yml index d4b98995..f8e7294e 100644 --- a/roles/installer/tasks/resources_configuration.yml +++ b/roles/installer/tasks/resources_configuration.yml @@ -24,17 +24,17 @@ wait: yes register: tower_resources_result loop: - - 'tower_config' - - 'tower_app_credentials' - - 'tower_service_account' - - 'tower_persistent' - - 'tower_service' - - 'tower_ingress' + - 'config' + - 'app_credentials' + - 'service_account' + - 'persistent' + - 'service' + - 'ingress' - name: Apply deployment resources k8s: apply: yes - definition: "{{ lookup('template', 'tower_deployment.yaml.j2') }}" + definition: "{{ lookup('template', 'deployment.yaml.j2') }}" wait: yes register: tower_deployment_result diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index 2769126c..b517a56b 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -3,9 +3,9 @@ k8s_info: kind: Secret namespace: '{{ meta.namespace }}' - name: '{{ tower_secret_key_secret }}' + name: '{{ secret_key_secret }}' register: _custom_secret_key - when: tower_secret_key_secret | length + when: secret_key_secret | length - name: Check for default secret key configuration k8s_info: @@ -22,7 +22,7 @@ - name: Create secret key secret k8s: apply: true - definition: "{{ lookup('template', 'tower_secret_key.yaml.j2') }}" + definition: "{{ lookup('template', 'secret_key.yaml.j2') }}" - name: Read secret key secret k8s_info: diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index 22e1a937..4753fe21 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -6,7 +6,7 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerAdminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}" + adminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}" - name: Update admin user status operator_sdk.util.k8s_status: @@ -15,7 +15,7 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerAdminUser: "{{ tower_admin_user }}" + adminUser: "{{ admin_user }}" - name: Update postgres configuration status operator_sdk.util.k8s_status: @@ -61,7 +61,7 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerVersion: "{{ instance_version.stdout | trim }}" + version: "{{ instance_version.stdout | trim }}" - name: Update image status operator_sdk.util.k8s_status: @@ -70,7 +70,7 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerImage: "{{ tower_image }}" + image: "{{ image }}" - block: - name: Retrieve route URL @@ -87,16 +87,16 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerURL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}" + URL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}" - when: tower_ingress_type | lower == 'route' + when: ingress_type | lower == 'route' -- name: Update towerMigratedFromSecret status +- name: Update migratedFromSecret status operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerMigratedFromSecret: "{{ tower_migrated_from_secret }}" + migratedFromSecret: "{{ tower_migrated_from_secret }}" when: tower_migrated_from_secret is defined diff --git a/roles/installer/templates/tower_admin_password_secret.yaml.j2 b/roles/installer/templates/admin_password_secret.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_admin_password_secret.yaml.j2 rename to roles/installer/templates/admin_password_secret.yaml.j2 diff --git a/roles/installer/templates/tower_app_credentials.yaml.j2 b/roles/installer/templates/app_credentials.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_app_credentials.yaml.j2 rename to roles/installer/templates/app_credentials.yaml.j2 diff --git a/roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 b/roles/installer/templates/broadcast_websocket_secret.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2 rename to roles/installer/templates/broadcast_websocket_secret.yaml.j2 diff --git a/roles/installer/templates/tower_config.yaml.j2 b/roles/installer/templates/config.yaml.j2 similarity index 98% rename from roles/installer/templates/tower_config.yaml.j2 rename to roles/installer/templates/config.yaml.j2 index b885696b..7b5cf0fa 100644 --- a/roles/installer/templates/tower_config.yaml.j2 +++ b/roles/installer/templates/config.yaml.j2 @@ -130,7 +130,7 @@ data: } - {% if tower_route_tls_termination_mechanism | lower == 'passthrough' %} + {% if route_tls_termination_mechanism | lower == 'passthrough' %} server { listen 8052 default_server; server_name _; @@ -141,7 +141,7 @@ data: {% endif %} server { - {% if tower_route_tls_termination_mechanism | lower == 'passthrough' %} + {% if route_tls_termination_mechanism | lower == 'passthrough' %} listen 8053 ssl; ssl_certificate /etc/nginx/pki/web.crt; diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/deployment.yaml.j2 similarity index 79% rename from roles/installer/templates/tower_deployment.yaml.j2 rename to roles/installer/templates/deployment.yaml.j2 index c041ea0a..349960f0 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/deployment.yaml.j2 @@ -7,13 +7,13 @@ metadata: namespace: '{{ meta.namespace }}' labels: app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/version: '{{ tower_image_version }}' + app.kubernetes.io/version: '{{ image_version }}' app.kubernetes.io/part-of: '{{ meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' spec: - replicas: {{ tower_replicas }} + replicas: {{ replicas }} selector: matchLabels: app.kubernetes.io/name: '{{ meta.name }}' @@ -23,19 +23,19 @@ spec: metadata: labels: app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/version: '{{ tower_image_version }}' + app.kubernetes.io/version: '{{ image_version }}' app.kubernetes.io/part-of: '{{ meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' spec: serviceAccountName: '{{ meta.name }}' -{% if tower_image_pull_secret %} +{% if image_pull_secret %} imagePullSecrets: - - name: {{ tower_image_pull_secret }} + - name: {{ image_pull_secret }} {% endif %} containers: - - image: '{{ tower_redis_image }}:{{ tower_redis_image_version }}' - imagePullPolicy: '{{ tower_image_pull_policy }}' + - image: '{{ redis_image }}:{{ redis_image_version }}' + imagePullPolicy: '{{ image_pull_policy }}' name: redis args: ["redis-server", "/etc/redis.conf"] volumeMounts: @@ -47,18 +47,18 @@ spec: mountPath: "/var/run/redis" - name: "{{ meta.name }}-redis-data" mountPath: "/data" - - image: '{{ tower_image }}:{{ tower_image_version }}' + - image: '{{ image }}:{{ image_version }}' name: '{{ meta.name }}-web' -{% if tower_web_command %} - command: {{ tower_web_command }} +{% if web_command %} + command: {{ web_command }} {% endif %} -{% if tower_web_args %} - args: {{ tower_web_args }} +{% if web_args %} + args: {{ web_args }} {% endif %} - imagePullPolicy: '{{ tower_image_pull_policy }}' + imagePullPolicy: '{{ image_pull_policy }}' ports: - containerPort: 8052 -{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} +{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %} - containerPort: 8053 {% endif %} volumeMounts: @@ -74,7 +74,7 @@ spec: mountPath: "/etc/tower/conf.d/ldap.py" subPath: ldap.py readOnly: true -{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} +{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %} - name: "{{ meta.name }}-nginx-certs" mountPath: "/etc/nginx/pki" readOnly: true @@ -111,8 +111,8 @@ spec: - name: awx-devel mountPath: "/awx_devel" {% endif %} -{% if tower_web_extra_volume_mounts -%} - {{ tower_web_extra_volume_mounts | indent(width=12, indentfirst=True) }} +{% if web_extra_volume_mounts -%} + {{ web_extra_volume_mounts | indent(width=12, indentfirst=True) }} {% endif %} env: - name: MY_POD_NAMESPACE @@ -123,22 +123,22 @@ spec: - name: AWX_KUBE_DEVEL value: "1" {% endif %} -{% if tower_web_extra_env -%} - {{ tower_web_extra_env | indent(width=12, indentfirst=True) }} +{% if web_extra_env -%} + {{ web_extra_env | indent(width=12, indentfirst=True) }} {% endif %} - resources: {{ tower_web_resource_requirements }} - - image: '{{ tower_image }}:{{ tower_image_version }}' + resources: {{ web_resource_requirements }} + - image: '{{ image }}:{{ image_version }}' name: '{{ meta.name }}-task' - imagePullPolicy: '{{ tower_image_pull_policy }}' -{% if tower_task_privileged == true %} + imagePullPolicy: '{{ image_pull_policy }}' +{% if task_privileged == true %} securityContext: privileged: true {% endif %} -{% if tower_task_command %} - command: {{ tower_task_command }} +{% if task_command %} + command: {{ task_command }} {% endif %} -{% if tower_task_args %} - args: {{ tower_task_args }} +{% if task_args %} + args: {{ task_args }} {% endif %} volumeMounts: - name: "{{ meta.name }}-application-credentials" @@ -177,8 +177,8 @@ spec: - name: awx-devel mountPath: "/awx_devel" {% endif %} -{% if tower_task_extra_volume_mounts -%} - {{ tower_task_extra_volume_mounts | indent(width=12, indentfirst=True) }} +{% if task_extra_volume_mounts -%} + {{ task_extra_volume_mounts | indent(width=12, indentfirst=True) }} {% endif %} env: - name: SUPERVISOR_WEB_CONFIG_PATH @@ -201,13 +201,13 @@ spec: - name: AWX_KUBE_DEVEL value: "1" {% endif %} -{% if tower_task_extra_env -%} - {{ tower_task_extra_env | indent(width=12, indentfirst=True) }} +{% if task_extra_env -%} + {{ task_extra_env | indent(width=12, indentfirst=True) }} {% endif %} - resources: {{ tower_task_resource_requirements }} - - image: '{{ tower_ee_images[0].image }}' + resources: {{ task_resource_requirements }} + - image: '{{ ee_images[0].image }}' name: '{{ meta.name }}-ee' - imagePullPolicy: '{{ tower_image_pull_policy }}' + imagePullPolicy: '{{ image_pull_policy }}' args: ['receptor', '--config', '/etc/receptor.conf'] volumeMounts: - name: "{{ meta.name }}-receptor-config" @@ -218,8 +218,8 @@ spec: mountPath: "/var/run/receptor" - name: "{{ meta.name }}-projects" mountPath: "/var/lib/awx/projects" -{% if tower_ee_extra_volume_mounts -%} - {{ tower_ee_extra_volume_mounts | indent(width=12, indentfirst=True) }} +{% if ee_extra_volume_mounts -%} + {{ ee_extra_volume_mounts | indent(width=12, indentfirst=True) }} {% endif %} {% if development_mode | bool %} env: @@ -228,19 +228,19 @@ spec: fieldRef: fieldPath: status.podIP {% endif %} -{% if tower_node_selector %} +{% if node_selector %} nodeSelector: - {{ tower_node_selector | indent(width=8) }} + {{ node_selector | indent(width=8) }} {% endif %} -{% if tower_tolerations %} +{% if tolerations %} tolerations: - {{ tower_tolerations | indent(width=8) }} + {{ tolerations | indent(width=8) }} {% endif %} volumes: -{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} +{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %} - name: "{{ meta.name }}-nginx-certs" secret: - secretName: "{{ tower_route_tls_secret }}" + secretName: "{{ route_tls_secret }}" items: - key: tls.key path: 'web.key' @@ -308,10 +308,10 @@ spec: - key: receptor_conf path: receptor.conf - name: "{{ meta.name }}-projects" -{% if tower_projects_persistence|bool %} +{% if projects_persistence|bool %} persistentVolumeClaim: -{% if tower_projects_existing_claim %} - claimName: {{ tower_projects_existing_claim }} +{% if projects_existing_claim %} + claimName: {{ projects_existing_claim }} {% else %} claimName: '{{ meta.name }}-projects-claim' {% endif %} @@ -323,6 +323,6 @@ spec: hostPath: path: /awx_devel {% endif %} -{% if tower_extra_volumes -%} - {{ tower_extra_volumes | indent(width=8, indentfirst=True) }} +{% if extra_volumes -%} + {{ extra_volumes | indent(width=8, indentfirst=True) }} {% endif %} diff --git a/roles/installer/templates/execution_environments.py.j2 b/roles/installer/templates/execution_environments.py.j2 index b1a4d42f..bd98bea2 100644 --- a/roles/installer/templates/execution_environments.py.j2 +++ b/roles/installer/templates/execution_environments.py.j2 @@ -1,5 +1,5 @@ DEFAULT_EXECUTION_ENVIRONMENTS = [ -{% for item in tower_ee_images %} +{% for item in ee_images %} {'name': '{{ item.name }}' , 'image': '{{ item.image }}'}, {% endfor %} ] diff --git a/roles/installer/templates/tower_ingress.yaml.j2 b/roles/installer/templates/ingress.yaml.j2 similarity index 60% rename from roles/installer/templates/tower_ingress.yaml.j2 rename to roles/installer/templates/ingress.yaml.j2 index e78a7222..c8df3135 100644 --- a/roles/installer/templates/tower_ingress.yaml.j2 +++ b/roles/installer/templates/ingress.yaml.j2 @@ -1,4 +1,4 @@ -{% if 'ingress' == tower_ingress_type|lower %} +{% if 'ingress' == ingress_type|lower %} --- apiVersion: extensions/v1beta1 kind: Ingress @@ -11,28 +11,28 @@ metadata: app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' -{% if tower_ingress_annotations %} +{% if ingress_annotations %} annotations: - {{ tower_ingress_annotations | indent(width=4) }} + {{ ingress_annotations | indent(width=4) }} {% endif %} spec: rules: - - host: '{{ tower_hostname }}' + - host: '{{ hostname }}' http: paths: - path: / backend: serviceName: '{{ meta.name }}-service' servicePort: 80 -{% if tower_ingress_tls_secret %} +{% if ingress_tls_secret %} tls: - hosts: - - {{ tower_hostname }} - secretName: {{ tower_ingress_tls_secret }} + - {{ hostname }} + secretName: {{ ingress_tls_secret }} {% endif %} {% endif %} -{% if 'route' == tower_ingress_type|lower %} +{% if 'route' == ingress_type|lower %} --- apiVersion: route.openshift.io/v1 kind: Route @@ -46,22 +46,22 @@ metadata: app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' spec: -{% if tower_route_host != '' %} - host: {{ tower_route_host }} +{% if route_host != '' %} + host: {{ route_host }} {% endif %} port: - targetPort: '{{ (tower_route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}' + targetPort: '{{ (route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}' tls: insecureEdgeTerminationPolicy: Redirect - termination: {{ tower_route_tls_termination_mechanism | lower }} -{% if tower_route_tls_termination_mechanism | lower == 'edge' and tower_route_tls_secret != '' %} + termination: {{ route_tls_termination_mechanism | lower }} +{% if route_tls_termination_mechanism | lower == 'edge' and route_tls_secret != '' %} key: |- -{{ tower_route_tls_key | indent(width=6, indentfirst=True) }} +{{ route_tls_key | indent(width=6, indentfirst=True) }} certificate: |- -{{ tower_route_tls_crt | indent(width=6, indentfirst=True) }} -{% if tower_route_ca_crt is defined %} +{{ route_tls_crt | indent(width=6, indentfirst=True) }} +{% if route_ca_crt is defined %} caCertificate: |- -{{ tower_route_ca_crt | indent(width=6, indentfirst=True) }} +{{ route_ca_crt | indent(width=6, indentfirst=True) }} {% endif %} {% endif %} to: diff --git a/roles/installer/templates/tower_persistent.yaml.j2 b/roles/installer/templates/persistent.yaml.j2 similarity index 64% rename from roles/installer/templates/tower_persistent.yaml.j2 rename to roles/installer/templates/persistent.yaml.j2 index 002a9347..c24efc6f 100644 --- a/roles/installer/templates/tower_persistent.yaml.j2 +++ b/roles/installer/templates/persistent.yaml.j2 @@ -1,4 +1,4 @@ -{% if tower_projects_persistence|bool and tower_projects_existing_claim == '' %} +{% if projects_persistence|bool and projects_existing_claim == '' %} kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -12,11 +12,11 @@ metadata: app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' spec: accessModes: - - {{ tower_projects_storage_access_mode }} + - {{ projects_storage_access_mode }} resources: requests: - storage: {{ tower_projects_storage_size }} -{% if tower_projects_storage_class is defined %} - storageClassName: {{ tower_projects_storage_class }} + storage: {{ projects_storage_size }} +{% if projects_storage_class is defined %} + storageClassName: {{ projects_storage_class }} {% endif %} {% endif %} diff --git a/roles/installer/templates/tower_postgres.yaml.j2 b/roles/installer/templates/postgres.yaml.j2 similarity index 81% rename from roles/installer/templates/tower_postgres.yaml.j2 rename to roles/installer/templates/postgres.yaml.j2 index 96a2f97b..c5994b77 100644 --- a/roles/installer/templates/tower_postgres.yaml.j2 +++ b/roles/installer/templates/postgres.yaml.j2 @@ -34,11 +34,11 @@ spec: app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' spec: containers: - - image: '{{ tower_postgres_image }}:{{ tower_postgres_image_version }}' - imagePullPolicy: '{{ tower_image_pull_policy }}' + - image: '{{ postgres_image }}:{{ postgres_image_version }}' + imagePullPolicy: '{{ image_pull_policy }}' name: postgres env: - # For tower_postgres_image based on rhel8/postgresql-12 + # For postgres_image based on rhel8/postgresql-12 - name: POSTGRESQL_DATABASE valueFrom: secretKeyRef: @@ -55,7 +55,7 @@ spec: name: '{{ postgres_configuration_secret }}' key: password - # For tower_postgres_image based on postgres + # For postgres_image based on postgres - name: POSTGRES_DB valueFrom: secretKeyRef: @@ -72,7 +72,7 @@ spec: name: '{{ postgres_configuration_secret }}' key: password - name: PGDATA - value: '{{ tower_postgres_data_path }}' + value: '{{ postgres_data_path }}' - name: POSTGRES_INITDB_ARGS value: '{{ postgres_initdb_args }}' - name: POSTGRES_HOST_AUTH_METHOD @@ -82,16 +82,16 @@ spec: name: postgres volumeMounts: - name: postgres - mountPath: '{{ tower_postgres_data_path | dirname }}' - subPath: '{{ tower_postgres_data_path | dirname | basename }}' - resources: {{ tower_postgres_resource_requirements }} -{% if tower_postgres_selector %} + mountPath: '{{ postgres_data_path | dirname }}' + subPath: '{{ postgres_data_path | dirname | basename }}' + resources: {{ postgres_resource_requirements }} +{% if postgres_selector %} nodeSelector: - {{ tower_postgres_selector | indent(width=8) }} + {{ postgres_selector | indent(width=8) }} {% endif %} -{% if tower_postgres_tolerations %} +{% if postgres_tolerations %} tolerations: - {{ tower_postgres_tolerations | indent(width=8) }} + {{ postgres_tolerations | indent(width=8) }} {% endif %} volumeClaimTemplates: - metadata: @@ -99,10 +99,10 @@ spec: spec: accessModes: - ReadWriteOnce -{% if tower_postgres_storage_class is defined %} - storageClassName: '{{ tower_postgres_storage_class }}' +{% if postgres_storage_class is defined %} + storageClassName: '{{ postgres_storage_class }}' {% endif %} - resources: {{ tower_postgres_storage_requirements }} + resources: {{ postgres_storage_requirements }} # Postgres Service. --- diff --git a/roles/installer/templates/tower_postgres_secret.yaml.j2 b/roles/installer/templates/postgres_secret.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_postgres_secret.yaml.j2 rename to roles/installer/templates/postgres_secret.yaml.j2 diff --git a/roles/installer/templates/tower_secret_key.yaml.j2 b/roles/installer/templates/secret_key.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_secret_key.yaml.j2 rename to roles/installer/templates/secret_key.yaml.j2 diff --git a/roles/installer/templates/tower_service.yaml.j2 b/roles/installer/templates/service.yaml.j2 similarity index 56% rename from roles/installer/templates/tower_service.yaml.j2 rename to roles/installer/templates/service.yaml.j2 index b2af4c39..70a62aa5 100644 --- a/roles/installer/templates/tower_service.yaml.j2 +++ b/roles/installer/templates/service.yaml.j2 @@ -10,32 +10,32 @@ metadata: app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' - {{ tower_service_labels | indent(width=4) }} -{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_annotations %} + {{ service_labels | indent(width=4) }} +{% if ingress_type | lower == 'loadbalancer' and loadbalancer_annotations %} annotations: - {{ tower_loadbalancer_annotations | indent(width=4) }} + {{ loadbalancer_annotations | indent(width=4) }} {% endif %} spec: ports: -{% if tower_ingress_type | lower != 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %} +{% if ingress_type | lower != 'loadbalancer' and loadbalancer_protocol | lower != 'https' %} - port: 80 protocol: TCP targetPort: 8052 name: http {% endif %} -{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} +{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %} - port: 443 protocol: TCP targetPort: 8053 name: https {% endif %} -{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower == 'https' %} - - port: {{ tower_loadbalancer_port }} +{% if ingress_type | lower == 'loadbalancer' and loadbalancer_protocol | lower == 'https' %} + - port: {{ loadbalancer_port }} protocol: TCP targetPort: 8052 name: https -{% elif tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_protocol | lower != 'https' %} - - port: {{ tower_loadbalancer_port }} +{% elif ingress_type | lower == 'loadbalancer' and loadbalancer_protocol | lower != 'https' %} + - port: {{ loadbalancer_port }} protocol: TCP targetPort: 8052 name: http @@ -44,9 +44,9 @@ spec: app.kubernetes.io/name: '{{ meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' -{% if tower_ingress_type | lower == "loadbalancer" %} +{% if ingress_type | lower == "loadbalancer" %} type: LoadBalancer -{% elif tower_ingress_type != "none" %} +{% elif ingress_type != "none" %} type: NodePort {% else %} type: ClusterIP diff --git a/roles/installer/templates/tower_service_account.yaml.j2 b/roles/installer/templates/service_account.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_service_account.yaml.j2 rename to roles/installer/templates/service_account.yaml.j2 diff --git a/roles/installer/vars/main.yml b/roles/installer/vars/main.yml index b454ee74..fa8fd172 100644 --- a/roles/installer/vars/main.yml +++ b/roles/installer/vars/main.yml @@ -2,4 +2,4 @@ postgres_initdb_args: '--auth-host=scram-sha-256' postgres_host_auth_method: 'scram-sha-256' ldap_cacert_ca_crt: '' -tower_projects_existing_claim: '' +projects_existing_claim: '' diff --git a/roles/restore/README.md b/roles/restore/README.md index 161f6863..b628fd7b 100644 --- a/roles/restore/README.md +++ b/roles/restore/README.md @@ -52,7 +52,7 @@ $ kubectl apply -f restore-awx.yml This will create a new deployment and restore your backup to it. -> :warning: tower_admin_password_secret value will replace the password for the `tower_admin_user` user (by default, this is the `admin` user). +> :warning: admin_password_secret value will replace the password for the `admin_user` user (by default, this is the `admin` user). Role Variables @@ -90,7 +90,7 @@ backup_pvc_namespace: 'custom-namespace' If a custom postgres configuration secret was used when deploying AWX, it must be set: ``` -tower_postgres_configuration_secret: 'awx-postgres-configuration' +postgres_configuration_secret: 'awx-postgres-configuration' ``` If the awxbackup object no longer exists, it is still possible to restore from the backup it created by specifying the pvc name and the back directory. diff --git a/roles/restore/tasks/deploy_awx.yml b/roles/restore/tasks/deploy_awx.yml index a2f671ef..2cd1f81c 100644 --- a/roles/restore/tasks/deploy_awx.yml +++ b/roles/restore/tasks/deploy_awx.yml @@ -35,10 +35,10 @@ set_fact: awx_spec: "{{ awx_spec | combine ({ item.key : item.value }) }}" with_items: - - {'key': 'tower_secret_key_secret', 'value': '{{ secret_key_secret_name }}'} - - {'key': 'tower_admin_password_secret', 'value': '{{ admin_password_secret_name }}'} - - {'key': 'tower_broadcast_websocket_secret', 'value': '{{ broadcast_websocket_secret_name }}'} - - {'key': 'tower_postgres_configuration_secret', 'value': '{{ postgres_configuration_secret_name }}'} + - {'key': 'secret_key_secret', 'value': '{{ secret_key_secret_name }}'} + - {'key': 'admin_password_secret', 'value': '{{ admin_password_secret_name }}'} + - {'key': 'broadcast_websocket_secret', 'value': '{{ broadcast_websocket_secret_name }}'} + - {'key': 'postgres_configuration_secret', 'value': '{{ postgres_configuration_secret_name }}'} - name: Restore kind set_fact: diff --git a/roles/restore/tasks/main.yml b/roles/restore/tasks/main.yml index 98183eb4..d11b365f 100644 --- a/roles/restore/tasks/main.yml +++ b/roles/restore/tasks/main.yml @@ -41,7 +41,7 @@ - include_tasks: cleanup.yml when: - - this_restore['resources'][0]['status']['towerRestoreComplete'] is not defined + - this_restore['resources'][0]['status']['restoreComplete'] is not defined - name: Update status variables include_tasks: update_status.yml diff --git a/roles/restore/tasks/update_status.yml b/roles/restore/tasks/update_status.yml index 2b63a884..08ae27cb 100644 --- a/roles/restore/tasks/update_status.yml +++ b/roles/restore/tasks/update_status.yml @@ -1,11 +1,11 @@ --- -- name: Update Tower Restore status +- name: Update CR Restore status operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - towerRestoreComplete: true + restoreComplete: true when: tower_restore_complete is defined From 223fe988aa0c31f64dc6f2c67fbc4ce9e4bf7640 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Tue, 25 May 2021 15:25:03 +0200 Subject: [PATCH 2/2] Do not shadow other variables --- .../installer/tasks/admin_password_configuration.yml | 4 ++-- .../tasks/broadcast_websocket_configuration.yml | 4 ++-- roles/installer/tasks/database_configuration.yml | 2 +- roles/installer/tasks/secret_key_configuration.yml | 4 ++-- roles/installer/tasks/update_status.yml | 4 ++-- roles/installer/templates/postgres.yaml.j2 | 12 ++++++------ 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/roles/installer/tasks/admin_password_configuration.yml b/roles/installer/tasks/admin_password_configuration.yml index c32b91ba..7de3c0fa 100644 --- a/roles/installer/tasks/admin_password_configuration.yml +++ b/roles/installer/tasks/admin_password_configuration.yml @@ -35,8 +35,8 @@ - name: Set admin password secret set_fact: - admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}' + __admin_password_secret: '{{ _generated_admin_password["resources"] | default([]) | length | ternary(_generated_admin_password, _admin_password_secret) }}' - name: Store admin password set_fact: - admin_password: "{{ admin_password_secret['resources'][0]['data']['password'] | b64decode }}" + admin_password: "{{ __admin_password_secret['resources'][0]['data']['password'] | b64decode }}" diff --git a/roles/installer/tasks/broadcast_websocket_configuration.yml b/roles/installer/tasks/broadcast_websocket_configuration.yml index 415affe4..4060a382 100644 --- a/roles/installer/tasks/broadcast_websocket_configuration.yml +++ b/roles/installer/tasks/broadcast_websocket_configuration.yml @@ -37,8 +37,8 @@ - name: Set broadcast websocket secret set_fact: # yamllint disable-line rule:line-length - broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204 + __broadcast_websocket_secret: '{{ _generated_broadcast_websocket["resources"] | default([]) | length | ternary(_generated_broadcast_websocket, _broadcast_websocket_secret) }}' # noqa 204 - name: Store broadcast websocket secret name set_fact: - broadcast_websocket_secret_value: "{{ broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}" + broadcast_websocket_secret_value: "{{ __broadcast_websocket_secret['resources'][0]['data']['secret'] | b64decode }}" diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 667f1ae6..167d4589 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -66,7 +66,7 @@ - name: Set actual postgres configuration secret used set_fact: - postgres_configuration_secret: "{{ pg_config['resources'][0]['metadata']['name'] }}" + __postgres_configuration_secret: "{{ pg_config['resources'][0]['metadata']['name'] }}" - block: - name: Create Database if no database is specified diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index b517a56b..eeefa8eb 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -35,8 +35,8 @@ - name: Set secret key secret set_fact: - secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}' + __secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret) }}' - name: Store secret key secret name set_fact: - secret_key_secret_name: "{{ secret_key_secret['resources'][0]['metadata']['name'] }}" + secret_key_secret_name: "{{ __secret_key_secret['resources'][0]['metadata']['name'] }}" diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index 4753fe21..bb0a2d3f 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -6,7 +6,7 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - adminPasswordSecret: "{{ admin_password_secret['resources'][0]['metadata']['name'] }}" + adminPasswordSecret: "{{ __admin_password_secret['resources'][0]['metadata']['name'] }}" - name: Update admin user status operator_sdk.util.k8s_status: @@ -33,7 +33,7 @@ name: "{{ meta.name }}" namespace: "{{ meta.namespace }}" status: - broadcastWebsocketSecret: "{{ broadcast_websocket_secret['resources'][0]['metadata']['name'] }}" + broadcastWebsocketSecret: "{{ __broadcast_websocket_secret['resources'][0]['metadata']['name'] }}" - name: Update secret key status operator_sdk.util.k8s_status: diff --git a/roles/installer/templates/postgres.yaml.j2 b/roles/installer/templates/postgres.yaml.j2 index c5994b77..d5b5ee1c 100644 --- a/roles/installer/templates/postgres.yaml.j2 +++ b/roles/installer/templates/postgres.yaml.j2 @@ -42,34 +42,34 @@ spec: - name: POSTGRESQL_DATABASE valueFrom: secretKeyRef: - name: '{{ postgres_configuration_secret }}' + name: '{{ __postgres_configuration_secret }}' key: database - name: POSTGRESQL_USER valueFrom: secretKeyRef: - name: '{{ postgres_configuration_secret }}' + name: '{{ __postgres_configuration_secret }}' key: username - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: - name: '{{ postgres_configuration_secret }}' + name: '{{ __postgres_configuration_secret }}' key: password # For postgres_image based on postgres - name: POSTGRES_DB valueFrom: secretKeyRef: - name: '{{ postgres_configuration_secret }}' + name: '{{ __postgres_configuration_secret }}' key: database - name: POSTGRES_USER valueFrom: secretKeyRef: - name: '{{ postgres_configuration_secret }}' + name: '{{ __postgres_configuration_secret }}' key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: '{{ postgres_configuration_secret }}' + name: '{{ __postgres_configuration_secret }}' key: password - name: PGDATA value: '{{ postgres_data_path }}'