diff --git a/README.md b/README.md index b6420c30..3ba71556 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w * [Persisting Projects Directory](#persisting-projects-directory) * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers) + * [Service Account](#service-account) * [Upgrading](#upgrading) * [Contributing](#contributing) * [Release Process](#release-process) @@ -535,6 +536,22 @@ Example configuration of environment variables value: foo ``` +#### Service Account + +If you need to modify some `ServiceAccount` proprieties + +| Name | Description | Default | +| ----------------------------- | -------------------------------------------------------- | ------- | +| service_account_annotations | Annotations to the ServiceAccount | '' | + +Example configuration of environment variables + +```yaml + spec: + service_account_annotations: | + eks.amazonaws.com/role-arn: arn:aws:iam:::role/ +``` + ### Upgrading To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release. diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 41c40023..d61729d0 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -201,6 +201,9 @@ spec: type: string type: object type: object + service_account_annotations: + description: ServiceAccount annotations + type: string replicas: description: Number of instance replicas type: integer diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index a7e3fc59..cebbd4c7 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -203,6 +203,9 @@ spec: type: string type: object type: object + service_account_annotations: + description: ServiceAccount annotations + type: string replicas: description: Number of instance replicas type: integer diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index 41c40023..d61729d0 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -201,6 +201,9 @@ spec: type: string type: object type: object + service_account_annotations: + description: ServiceAccount annotations + type: string replicas: description: Number of instance replicas type: integer diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml index bd1452d2..73baaf1e 100644 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ b/deploy/crds/awx_v1beta1_molecule.yaml @@ -5,6 +5,8 @@ metadata: name: example-awx namespace: example-awx spec: + service_account_annotations: | + foo: bar deployment_type: awx ingress_type: ingress web_resource_requirements: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index e7953b41..953c30db 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -173,6 +173,11 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:io.kubernetes:Secret + - displayName: Service Account Annotations + path: service_account_annotations + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:text - displayName: Ingress Type path: ingress_type x-descriptors: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index e527614d..575af6fe 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -226,6 +226,9 @@ spec: redis_image_version: description: Redis container image version to use type: string + service_account_annotations: + description: ServiceAccount annotations + type: string replicas: default: 1 description: Number of instance replicas diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 60c8538f..da585001 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -9,6 +9,11 @@ database_username: "{{ deployment_type }}" task_privileged: false ingress_type: none +# Add annotations to the service account. Specify as literal block. E.g.: +# service_account_annotations: | +# eks.amazonaws.com/role-arn: arn:aws:iam:::role/ +service_account_annotations: '' + # Custom labels for the tower service. Specify as literal block. E.g.: # service_labels: | # environment: non-production diff --git a/roles/installer/templates/service_account.yaml.j2 b/roles/installer/templates/service_account.yaml.j2 index c0fedadb..3786c6d6 100644 --- a/roles/installer/templates/service_account.yaml.j2 +++ b/roles/installer/templates/service_account.yaml.j2 @@ -10,6 +10,10 @@ metadata: app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' +{% if service_account_annotations %} + annotations: + {{ service_account_annotations | indent(width=4) }} +{% endif %} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role