diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 85e8a87a..727b1678 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -22,11 +22,16 @@ with_items: - tower_config.yaml.j2 -- name: Apply Resource Deployment Configuration +- name: Apply Resources k8s: apply: yes - definition: "{{ lookup('template', 'tower.yaml.j2') }}" + definition: "{{ lookup('template', item + '.yaml.j2') }}" register: tower_deployment_result + loop: + - 'tower_app_credentials' + - 'tower_deployment' + - 'tower_service' + - 'tower_ingress' - name: Get the resource pod information. k8s_info: diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index 2188068c..2769126c 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -22,7 +22,7 @@ - name: Create secret key secret k8s: apply: true - definition: "{{ lookup('template', 'tower_secret.yaml.j2') }}" + definition: "{{ lookup('template', 'tower_secret_key.yaml.j2') }}" - name: Read secret key secret k8s_info: diff --git a/roles/installer/templates/tower_app_credentials.yaml.j2 b/roles/installer/templates/tower_app_credentials.yaml.j2 new file mode 100644 index 00000000..fcbb4994 --- /dev/null +++ b/roles/installer/templates/tower_app_credentials.yaml.j2 @@ -0,0 +1,10 @@ +# AWX Secret Configurations +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ meta.name }}-app-credentials' + namespace: '{{ meta.namespace }}' +data: + credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" + environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" diff --git a/roles/installer/templates/tower.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 similarity index 73% rename from roles/installer/templates/tower.yaml.j2 rename to roles/installer/templates/tower_deployment.yaml.j2 index ddbaf937..5b8caa62 100644 --- a/roles/installer/templates/tower.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -1,14 +1,3 @@ -# AWX Secret Configurations ---- -apiVersion: v1 -kind: Secret -metadata: - name: '{{ meta.name }}-secrets' - namespace: '{{ meta.namespace }}' -data: - credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}" - environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}" - # AWX Deployment. --- apiVersion: apps/v1 @@ -174,7 +163,7 @@ spec: {% endif %} - name: "{{ meta.name }}-application-credentials" secret: - secretName: "{{ meta.name }}-secrets" + secretName: "{{ meta.name }}-app-credentials" items: - key: credentials_py path: 'credentials.py' @@ -220,92 +209,3 @@ spec: {% if tower_extra_volumes -%} {{ tower_extra_volumes | indent(width=8, indentfirst=True) }} {% endif %} - -# AWX Service. ---- -apiVersion: v1 -kind: Service -metadata: - name: '{{ meta.name }}-service' - namespace: '{{ meta.namespace }}' - labels: - app: '{{ deployment_type }}' -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8052 - name: http -{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} - - port: 443 - protocol: TCP - targetPort: 8053 - name: https -{% endif %} - selector: - app: '{{ deployment_type }}' -{% if tower_ingress_type != "none" %} - type: NodePort -{% endif %} - -# AWX Ingress. -{% if 'ingress' == tower_ingress_type|lower %} ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: '{{ meta.name }}-ingress' - namespace: '{{ meta.namespace }}' -{% if tower_ingress_annotations %} - annotations: - {{ tower_ingress_annotations | indent(width=4) }} -{% endif %} -spec: - rules: - - host: '{{ tower_hostname }}' - http: - paths: - - path: / - backend: - serviceName: '{{ meta.name }}-service' - servicePort: 80 -{% if tower_ingress_tls_secret %} - tls: - - hosts: - - {{ tower_hostname }} - secretName: {{ tower_ingress_tls_secret }} -{% endif %} -{% endif %} - -{% if 'route' == tower_ingress_type|lower %} ---- -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' -spec: -{% if tower_route_host != '' %} - host: {{ tower_route_host }} -{% endif %} - port: - targetPort: '{{ (tower_route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}' - tls: - insecureEdgeTerminationPolicy: Redirect - termination: {{ tower_route_tls_termination_mechanism | lower }} -{% if tower_route_tls_termination_mechanism | lower == 'edge' and tower_route_tls_secret != '' %} - key: |- -{{ tower_route_tls_key | indent(width=6, indentfirst=True) }} - certificate: |- -{{ tower_route_tls_crt | indent(width=6, indentfirst=True) }} -{% if tower_route_ca_crt is defined %} - caCertificate: |- -{{ tower_route_ca_crt | indent(width=6, indentfirst=True) }} -{% endif %} -{% endif %} - to: - kind: Service - name: {{ meta.name }}-service - weight: 100 - wildcardPolicy: None -{% endif %} diff --git a/roles/installer/templates/tower_ingress.yaml.j2 b/roles/installer/templates/tower_ingress.yaml.j2 new file mode 100644 index 00000000..1f44c01e --- /dev/null +++ b/roles/installer/templates/tower_ingress.yaml.j2 @@ -0,0 +1,60 @@ +{% if 'ingress' == tower_ingress_type|lower %} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: '{{ meta.name }}-ingress' + namespace: '{{ meta.namespace }}' +{% if tower_ingress_annotations %} + annotations: + {{ tower_ingress_annotations | indent(width=4) }} +{% endif %} +spec: + rules: + - host: '{{ tower_hostname }}' + http: + paths: + - path: / + backend: + serviceName: '{{ meta.name }}-service' + servicePort: 80 +{% if tower_ingress_tls_secret %} + tls: + - hosts: + - {{ tower_hostname }} + secretName: {{ tower_ingress_tls_secret }} +{% endif %} +{% endif %} + +{% if 'route' == tower_ingress_type|lower %} +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: '{{ meta.name }}' + namespace: '{{ meta.namespace }}' +spec: +{% if tower_route_host != '' %} + host: {{ tower_route_host }} +{% endif %} + port: + targetPort: '{{ (tower_route_tls_termination_mechanism | lower == "passthrough") | ternary("https", "http") }}' + tls: + insecureEdgeTerminationPolicy: Redirect + termination: {{ tower_route_tls_termination_mechanism | lower }} +{% if tower_route_tls_termination_mechanism | lower == 'edge' and tower_route_tls_secret != '' %} + key: |- +{{ tower_route_tls_key | indent(width=6, indentfirst=True) }} + certificate: |- +{{ tower_route_tls_crt | indent(width=6, indentfirst=True) }} +{% if tower_route_ca_crt is defined %} + caCertificate: |- +{{ tower_route_ca_crt | indent(width=6, indentfirst=True) }} +{% endif %} +{% endif %} + to: + kind: Service + name: {{ meta.name }}-service + weight: 100 + wildcardPolicy: None +{% endif %} diff --git a/roles/installer/templates/tower_secret.yaml.j2 b/roles/installer/templates/tower_secret_key.yaml.j2 similarity index 100% rename from roles/installer/templates/tower_secret.yaml.j2 rename to roles/installer/templates/tower_secret_key.yaml.j2 diff --git a/roles/installer/templates/tower_service.yaml.j2 b/roles/installer/templates/tower_service.yaml.j2 new file mode 100644 index 00000000..0b31f267 --- /dev/null +++ b/roles/installer/templates/tower_service.yaml.j2 @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: '{{ meta.name }}-service' + namespace: '{{ meta.namespace }}' + labels: + app: '{{ deployment_type }}' +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8052 + name: http +{% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %} + - port: 443 + protocol: TCP + targetPort: 8053 + name: https +{% endif %} + selector: + app: '{{ deployment_type }}' +{% if tower_ingress_type != "none" %} + type: NodePort +{% endif %}