mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
Unset ownerRefs in the installer instead of the finalizer
This commit is contained in:
Christian M. Adams
@@ -1,21 +1 @@
|
|||||||
---
|
---
|
||||||
# Whether secrets should be garbage collected
|
|
||||||
# on teardown
|
|
||||||
#
|
|
||||||
tower_garbage_collect_secrets: false
|
|
||||||
|
|
||||||
# Secret to lookup that provide the admin password
|
|
||||||
#
|
|
||||||
tower_admin_password_secret: ''
|
|
||||||
|
|
||||||
# Secret to lookup that provide the secret key
|
|
||||||
#
|
|
||||||
tower_secret_key_secret: ''
|
|
||||||
|
|
||||||
# Secret to lookup that provide the PostgreSQL configuration
|
|
||||||
#
|
|
||||||
tower_postgres_configuration_secret: ''
|
|
||||||
|
|
||||||
# Secret to lookup that provide the broadcast websocket key
|
|
||||||
#
|
|
||||||
tower_broadcast_websocket_secret: ''
|
|
||||||
|
|||||||
@@ -1,27 +1 @@
|
|||||||
---
|
---
|
||||||
- block:
|
|
||||||
- name: Define secrets name
|
|
||||||
set_fact:
|
|
||||||
_admin_password: '{{ tower_admin_password_secret | length | ternary(tower_admin_password_secret, meta.name + "-admin-password") }}'
|
|
||||||
_secret_key: '{{ tower_secret_key_secret | length | ternary(tower_secret_key_secret, meta.name + "-secret-key") }}'
|
|
||||||
# yamllint disable-line rule:line-length
|
|
||||||
_broadcast_websocket_secret: '{{ tower_broadcast_websocket_secret | length | ternary(tower_broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204
|
|
||||||
# yamllint disable-line rule:line-length
|
|
||||||
_postgres_configuration: '{{ tower_postgres_configuration_secret | length | ternary(tower_postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204
|
|
||||||
|
|
||||||
- name: Remove ownerReferences reference
|
|
||||||
k8s:
|
|
||||||
definition:
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: '{{ item }}'
|
|
||||||
namespace: '{{ meta.namespace }}'
|
|
||||||
ownerReferences: null
|
|
||||||
loop:
|
|
||||||
- '{{ _admin_password }}'
|
|
||||||
- '{{ _secret_key }}'
|
|
||||||
- '{{ _postgres_configuration }}'
|
|
||||||
- '{{ _broadcast_websocket_secret }}'
|
|
||||||
|
|
||||||
when: not tower_garbage_collect_secrets | bool
|
|
||||||
|
|||||||
@@ -71,6 +71,10 @@ tower_broadcast_websocket_secret: ''
|
|||||||
#
|
#
|
||||||
tower_secret_key_secret: ''
|
tower_secret_key_secret: ''
|
||||||
|
|
||||||
|
# Secret to lookup that provide the PostgreSQL configuration
|
||||||
|
#
|
||||||
|
tower_postgres_configuration_secret: ''
|
||||||
|
|
||||||
# Secret to lookup that provides old database credentials (for migration)
|
# Secret to lookup that provides old database credentials (for migration)
|
||||||
|
|
||||||
tower_old_postgres_configuration_secret: ''
|
tower_old_postgres_configuration_secret: ''
|
||||||
@@ -172,14 +176,15 @@ tower_projects_storage_class: ''
|
|||||||
tower_projects_storage_size: 8Gi
|
tower_projects_storage_size: 8Gi
|
||||||
tower_projects_storage_access_mode: ReadWriteMany
|
tower_projects_storage_access_mode: ReadWriteMany
|
||||||
|
|
||||||
# Secret to lookup that provide the PostgreSQL configuration
|
|
||||||
#
|
|
||||||
tower_postgres_configuration_secret: ''
|
|
||||||
|
|
||||||
ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"
|
ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"
|
||||||
|
|
||||||
# Secret to lookup that provides the LDAP CACert trusted bundle
|
# Secret to lookup that provides the LDAP CACert trusted bundle
|
||||||
#
|
#
|
||||||
ldap_cacert_secret: ''
|
ldap_cacert_secret: ''
|
||||||
|
|
||||||
|
# Whether secrets should be garbage collected
|
||||||
|
# on teardown
|
||||||
|
#
|
||||||
|
tower_garbage_collect_secrets: false
|
||||||
|
|
||||||
development_mode: false
|
development_mode: false
|
||||||
|
|||||||
27
roles/installer/tasks/cleanup.yml
Normal file
27
roles/installer/tasks/cleanup.yml
Normal file
@@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Define secrets name
|
||||||
|
set_fact:
|
||||||
|
_admin_password: '{{ tower_admin_password_secret | length | ternary(tower_admin_password_secret, meta.name + "-admin-password") }}'
|
||||||
|
_secret_key: '{{ tower_secret_key_secret | length | ternary(tower_secret_key_secret, meta.name + "-secret-key") }}'
|
||||||
|
# yamllint disable-line rule:line-length
|
||||||
|
_broadcast_websocket_secret: '{{ tower_broadcast_websocket_secret | length | ternary(tower_broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204
|
||||||
|
# yamllint disable-line rule:line-length
|
||||||
|
_postgres_configuration: '{{ tower_postgres_configuration_secret | length | ternary(tower_postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204
|
||||||
|
|
||||||
|
- name: Remove ownerReferences reference
|
||||||
|
k8s:
|
||||||
|
definition:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: '{{ item }}'
|
||||||
|
namespace: '{{ meta.namespace }}'
|
||||||
|
ownerReferences: null
|
||||||
|
loop:
|
||||||
|
- '{{ _admin_password }}'
|
||||||
|
- '{{ _secret_key }}'
|
||||||
|
- '{{ _postgres_configuration }}'
|
||||||
|
- '{{ _broadcast_websocket_secret }}'
|
||||||
|
|
||||||
|
when: not tower_garbage_collect_secrets | bool
|
||||||
@@ -69,3 +69,6 @@
|
|||||||
|
|
||||||
- name: Update status variables
|
- name: Update status variables
|
||||||
include_tasks: update_status.yml
|
include_tasks: update_status.yml
|
||||||
|
|
||||||
|
- name: Cleanup & Set garbage collection refs
|
||||||
|
include_tasks: cleanup.yml
|
||||||
|
|||||||
Reference in New Issue
Block a user