init backup CR files

deploy/awx-operator.yaml

@@ -1,5 +1,155 @@
 # This file is generated by Ansible. Changes will be lost.
 # Update templates under ansible/templates/
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: awx-operator
+rules:
+  - apiGroups:
+      - route.openshift.io
+    resources:
+      - routes
+      - routes/custom-host
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+      - "rbac.authorization.k8s.io"
+    resources:
+      - pods
+      - services
+      - services/finalizers
+      - serviceaccounts
+      - endpoints
+      - persistentvolumeclaims
+      - events
+      - configmaps
+      - secrets
+      - roles
+      - rolebindings
+    verbs:
+      - '*'
+  - apiGroups:
+      - apps
+      - extensions
+    resources:
+      - deployments
+      - daemonsets
+      - replicasets
+      - statefulsets
+      - ingresses
+    verbs:
+      - '*'
+  - apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+    verbs:
+      - get
+      - create
+  - apiGroups:
+      - apps
+    resourceNames:
+      - awx-operator
+    resources:
+      - deployments/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - apps
+    resources:
+      - deployments/scale
+    verbs:
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods/exec
+    verbs:
+      - create
+      - get
+  - apiGroups:
+      - apps
+    resources:
+      - replicasets
+    verbs:
+      - get
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - '*'
+      - backups
+    verbs:
+      - '*'
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: awx-operator
+subjects:
+  - kind: ServiceAccount
+    name: awx-operator
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: awx-operator
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: awx-operator
+  namespace: default
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: awx-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: awx-operator
+  template:
+    metadata:
+      labels:
+        name: awx-operator
+    spec:
+      serviceAccountName: awx-operator
+      containers:
+        - name: awx-operator
+          image: "quay.io/ansible/awx-operator:0.7.0"
+          imagePullPolicy: "Always"
+          volumeMounts:
+            - mountPath: /tmp/ansible-operator/runner
+              name: runner
+          env:
+            # Watch all namespaces (cluster-scoped).
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: awx-operator
+            - name: ANSIBLE_GATHERING
+              value: explicit
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 6789
+            initialDelaySeconds: 15
+            periodSeconds: 20
+      volumes:
+        - name: runner
+          emptyDir: {}
+
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

deploy/crds/awx.ansible.com_backups_crd.yaml

@@ -0,0 +1,22 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: backups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: Backup
+    listKind: BackupList
+    plural: backups
+    singular: backup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}

deploy/crds/awx.ansible.com_v1beta1_backup_cr.yaml

@@ -0,0 +1,10 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: Backup
+metadata:
+  name: example-awx
+  namespace: example-awx
+spec:
+  tower_backup_pvc: ''
+  tower_backup_size: ''
+  tower_postgres_storage_class: ''
+  tower_postgres_configuration_secret: ''

roles/backup/README.md

@@ -0,0 +1,81 @@
+Role Name
+=========
+
+The purpose of this role is to create a backup of your AWX deployment.  This includes:
+  - backup of the postgresql database
+  - secret_key
+  - custom user config files
+  - manual projects
+
+
+Requirements
+------------
+
+This role assumes you are authenticated with an Openshift or Kubernetes cluster which:
+  - The awx-operator has been deployed to
+  - AWX is deployed to via the operator
+
+
+Usage
+----------------
+
+Then create a file named `backup-awx.yml` with the following contents:
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: Backup
+metadata:
+  name: awx
+  namespace: my-namespace
+```
+
+Finally, use `kubectl` to create the awx instance in your cluster:
+
+```bash
+#> kubectl apply -f backup-awx.yml
+```
+
+
+
+Role Variables
+--------------
+
+A custom, pre-created pvc can be used by setting the following variables.  
+
+```
+tower_backup_pvc: 'awx-backup-volume-claim'
+```
+
+This role will automatically create a pvc using a Storage Class if provided:
+
+```
+tower_postgres_storage_class: 'standard'
+tower_backup_size: '20Gi'
+```
+
+If a custom postgres configuration secret was used when deploying AWX, it must be set:
+
+```
+tower_postgres_configuration_secret: 'awx-postgres-configuration'
+```
+
+
+Testing
+----------------
+
+You can test this role directly by creating and running the following playbook with the appropriate variables:
+
+```
+---
+- name: Backup Tower
+  hosts: localhost
+  gather_facts: false
+  roles:
+    - backup
+```
+
+License
+-------
+
+MIT

roles/backup/defaults/main.yml

@@ -1,18 +1,3 @@
 ---
 deployment_type: "{{ meta.name | default('awx', true)}}"
-
-# Secret to lookup that provide the secret key
-#
-tower_secret_key_secret: ''
-
-tower_postgres_storage_class: ''
-tower_postgres_data_path: '/var/lib/postgresql/data/pgdata'
-
-# Secret to lookup that provide the PostgreSQL configuration
-#
-tower_postgres_configuration_secret: ''
-tower_old_postgres_configuration_secret: ''
-
 tower_postgres_image: postgres:12
-tower_backup_pvc: ''
-tower_backup_size: ''

roles/backup/meta/main.yml

@@ -0,0 +1,30 @@
+---
+galaxy_info:
+  author: Ansible
+  description: AWX role for AWX Operator for Kubernetes.
+  company: Red Hat, Inc.
+
+  license: MIT
+
+  min_ansible_version: 2.8
+
+  platforms:
+    - name: EL
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+
+  galaxy_tags:
+    - tower
+    - awx
+    - ansible
+    - backup
+    - automation
+
+dependencies: []
+
+collections:
+  - community.kubernetes
+  - operator_sdk.util

roles/backup/templates/backup_pvc.yml.j2

@@ -7,7 +7,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: standard
+  storageClassName: {{ tower_postgres_storage_class }}
   resources:
     requests:
       storage: {{ tower_backup_size | default('5Gi', true) }}

roles/backup/vars/main.yml

@@ -0,0 +1,13 @@
+---
+
+# Specify a pre-created PVC (name) to backup to
+tower_backup_pvc: ''
+
+# Size of backup PVC if created dynamically
+tower_backup_size: ''
+
+# Specify storage class to determine how to dynamically create PVC's with
+tower_postgres_storage_class: ''
+
+# Secret to lookup that provide the PostgreSQL configuration
+tower_postgres_configuration_secret: ''

watches.yaml

@@ -7,8 +7,13 @@
     name: finalizer.awx.ansible.com
     role: finalizer
 
+# - version: v1beta1
+#   group: awx.ansible.com
+#   kind: Backup
+#   role: /opt/ansible/roles/backup
+#   reconcilePeriod: 360m
+
 - version: v1beta1
   group: awx.ansible.com
-  kind: AWXBackup
-  role: /opt/ansible/roles/backup
-  reconcilePeriod: 360m
+  kind: Backup
+  role: backup