diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 2cd87de5..f87b157d 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -1,5 +1,155 @@ # This file is generated by Ansible. Changes will be lost. # Update templates under ansible/templates/ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: awx-operator +rules: + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - "" + - "rbac.authorization.k8s.io" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - apps + - extensions + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + - ingresses + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - awx.ansible.com + resources: + - '*' + - backups + verbs: + - '*' + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: awx-operator +subjects: + - kind: ServiceAccount + name: awx-operator + namespace: default +roleRef: + kind: ClusterRole + name: awx-operator + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: awx-operator + namespace: default + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: awx-operator +spec: + replicas: 1 + selector: + matchLabels: + name: awx-operator + template: + metadata: + labels: + name: awx-operator + spec: + serviceAccountName: awx-operator + containers: + - name: awx-operator + image: "quay.io/ansible/awx-operator:0.7.0" + imagePullPolicy: "Always" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + # Watch all namespaces (cluster-scoped). + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: awx-operator + - name: ANSIBLE_GATHERING + value: explicit + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + volumes: + - name: runner + emptyDir: {} + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/deploy/crds/awx.ansible.com_backups_crd.yaml b/deploy/crds/awx.ansible.com_backups_crd.yaml new file mode 100644 index 00000000..03063186 --- /dev/null +++ b/deploy/crds/awx.ansible.com_backups_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: backups.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/deploy/crds/awx.ansible.com_v1beta1_backup_cr.yaml b/deploy/crds/awx.ansible.com_v1beta1_backup_cr.yaml new file mode 100644 index 00000000..505c0c9d --- /dev/null +++ b/deploy/crds/awx.ansible.com_v1beta1_backup_cr.yaml @@ -0,0 +1,10 @@ +apiVersion: awx.ansible.com/v1beta1 +kind: Backup +metadata: + name: example-awx + namespace: example-awx +spec: + tower_backup_pvc: '' + tower_backup_size: '' + tower_postgres_storage_class: '' + tower_postgres_configuration_secret: '' diff --git a/roles/backup/README.md b/roles/backup/README.md new file mode 100644 index 00000000..e3f35116 --- /dev/null +++ b/roles/backup/README.md @@ -0,0 +1,81 @@ +Role Name +========= + +The purpose of this role is to create a backup of your AWX deployment. This includes: + - backup of the postgresql database + - secret_key + - custom user config files + - manual projects + + +Requirements +------------ + +This role assumes you are authenticated with an Openshift or Kubernetes cluster which: + - The awx-operator has been deployed to + - AWX is deployed to via the operator + + +Usage +---------------- + +Then create a file named `backup-awx.yml` with the following contents: + +```yaml +--- +apiVersion: awx.ansible.com/v1beta1 +kind: Backup +metadata: + name: awx + namespace: my-namespace +``` + +Finally, use `kubectl` to create the awx instance in your cluster: + +```bash +#> kubectl apply -f backup-awx.yml +``` + + + +Role Variables +-------------- + +A custom, pre-created pvc can be used by setting the following variables. + +``` +tower_backup_pvc: 'awx-backup-volume-claim' +``` + +This role will automatically create a pvc using a Storage Class if provided: + +``` +tower_postgres_storage_class: 'standard' +tower_backup_size: '20Gi' +``` + +If a custom postgres configuration secret was used when deploying AWX, it must be set: + +``` +tower_postgres_configuration_secret: 'awx-postgres-configuration' +``` + + +Testing +---------------- + +You can test this role directly by creating and running the following playbook with the appropriate variables: + +``` +--- +- name: Backup Tower + hosts: localhost + gather_facts: false + roles: + - backup +``` + +License +------- + +MIT diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index 92ad117c..a0809604 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -1,18 +1,3 @@ --- deployment_type: "{{ meta.name | default('awx', true)}}" - -# Secret to lookup that provide the secret key -# -tower_secret_key_secret: '' - -tower_postgres_storage_class: '' -tower_postgres_data_path: '/var/lib/postgresql/data/pgdata' - -# Secret to lookup that provide the PostgreSQL configuration -# -tower_postgres_configuration_secret: '' -tower_old_postgres_configuration_secret: '' - tower_postgres_image: postgres:12 -tower_backup_pvc: '' -tower_backup_size: '' diff --git a/roles/backup/meta/main.yml b/roles/backup/meta/main.yml new file mode 100644 index 00000000..c48a9cf2 --- /dev/null +++ b/roles/backup/meta/main.yml @@ -0,0 +1,30 @@ +--- +galaxy_info: + author: Ansible + description: AWX role for AWX Operator for Kubernetes. + company: Red Hat, Inc. + + license: MIT + + min_ansible_version: 2.8 + + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + + galaxy_tags: + - tower + - awx + - ansible + - backup + - automation + +dependencies: [] + +collections: + - community.kubernetes + - operator_sdk.util diff --git a/roles/backup/templates/backup_pvc.yml.j2 b/roles/backup/templates/backup_pvc.yml.j2 index 14891d28..ca1411f0 100644 --- a/roles/backup/templates/backup_pvc.yml.j2 +++ b/roles/backup/templates/backup_pvc.yml.j2 @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: standard + storageClassName: {{ tower_postgres_storage_class }} resources: requests: storage: {{ tower_backup_size | default('5Gi', true) }} diff --git a/roles/backup/vars/main.yml b/roles/backup/vars/main.yml new file mode 100644 index 00000000..5f653505 --- /dev/null +++ b/roles/backup/vars/main.yml @@ -0,0 +1,13 @@ +--- + +# Specify a pre-created PVC (name) to backup to +tower_backup_pvc: '' + +# Size of backup PVC if created dynamically +tower_backup_size: '' + +# Specify storage class to determine how to dynamically create PVC's with +tower_postgres_storage_class: '' + +# Secret to lookup that provide the PostgreSQL configuration +tower_postgres_configuration_secret: '' diff --git a/watches.yaml b/watches.yaml index 824c161f..3b7034f5 100644 --- a/watches.yaml +++ b/watches.yaml @@ -7,8 +7,13 @@ name: finalizer.awx.ansible.com role: finalizer +# - version: v1beta1 +# group: awx.ansible.com +# kind: Backup +# role: /opt/ansible/roles/backup +# reconcilePeriod: 360m + - version: v1beta1 group: awx.ansible.com - kind: AWXBackup - role: /opt/ansible/roles/backup - reconcilePeriod: 360m + kind: Backup + role: backup