diff --git a/ansible/templates/awx-operator.yaml.j2 b/ansible/templates/awx-operator.yaml.j2 index 18ab6893..6d1364ba 100644 --- a/ansible/templates/awx-operator.yaml.j2 +++ b/ansible/templates/awx-operator.yaml.j2 @@ -1,6 +1,8 @@ #jinja2: trim_blocks:False # This file is generated by Ansible. Changes will be lost. # Update templates under ansible/templates/ +{% include 'crd.yml.j2' %} + {% include 'role.yml.j2' %} {% include 'role_binding.yml.j2' %} @@ -8,5 +10,3 @@ {% include 'service_account.yml.j2' %} {% include 'operator.yml.j2' %} - -{% include 'crd.yml.j2' %} diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 63f17140..d07913c0 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -1,154 +1,5 @@ # This file is generated by Ansible. Changes will be lost. # Update templates under ansible/templates/ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: awx-operator -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - '*' - - apiGroups: - - "" - - "rbac.authorization.k8s.io" - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - '*' - - apiGroups: - - apps - - extensions - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - apiGroups: - - awx.ansible.com - resources: - - '*' - verbs: - - '*' - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: awx-operator -subjects: - - kind: ServiceAccount - name: awx-operator - namespace: default -roleRef: - kind: ClusterRole - name: awx-operator - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awx-operator - namespace: default - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: awx-operator -spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - template: - metadata: - labels: - name: awx-operator - spec: - serviceAccountName: awx-operator - containers: - - name: awx-operator - image: "quay.io/ansible/awx-operator:0.7.0" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - # Watch all namespaces (cluster-scoped). - - name: WATCH_NAMESPACE - value: "" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - volumes: - - name: runner - emptyDir: {} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -473,3 +324,152 @@ spec: type: array type: object type: object + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: awx-operator +rules: + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - "" + - "rbac.authorization.k8s.io" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - apps + - extensions + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + - ingresses + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - awx.ansible.com + resources: + - '*' + verbs: + - '*' + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: awx-operator +subjects: + - kind: ServiceAccount + name: awx-operator + namespace: default +roleRef: + kind: ClusterRole + name: awx-operator + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: awx-operator + namespace: default + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: awx-operator +spec: + replicas: 1 + selector: + matchLabels: + name: awx-operator + template: + metadata: + labels: + name: awx-operator + spec: + serviceAccountName: awx-operator + containers: + - name: awx-operator + image: "quay.io/shanemcd/awx-operator:0.7.1" + imagePullPolicy: "Always" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + # Watch all namespaces (cluster-scoped). + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: awx-operator + - name: ANSIBLE_GATHERING + value: explicit + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + volumes: + - name: runner + emptyDir: {}