From bc34758c91495a72261dae21a8af82dfffd8ad92 Mon Sep 17 00:00:00 2001 From: Marcelo Moreira de Mello Date: Wed, 21 Apr 2021 17:18:02 -0400 Subject: [PATCH 1/3] Split container image and version in 2 variables --- README.md | 30 +++++++++++-------- ansible/templates/crd.yml.j2 | 9 ++++++ deploy/awx-operator.yaml | 9 ++++++ deploy/crds/awx_v1beta1_crd.yaml | 9 ++++++ .../awx-operator.clusterserviceversion.yaml | 15 ++++++++++ .../manifests/awx.ansible.com_awxs_crd.yaml | 9 ++++++ roles/installer/defaults/main.yml | 10 ++++--- roles/installer/tasks/main.yml | 4 --- .../templates/tower_deployment.yaml.j2 | 6 ++-- .../templates/tower_postgres.yaml.j2 | 2 +- 10 files changed, 79 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 5f2d675f..6dc6c6fd 100644 --- a/README.md +++ b/README.md @@ -255,12 +255,15 @@ spec: There are a few variables that are customizable for awx the image management. -| Name | Description | -| ----------------------- | -------------------------- | -| tower_image | Path of the image to pull | -| tower_image_pull_policy | The pull policy to adopt | -| tower_image_pull_secret | The pull secret to use | -| tower_ee_images | A list of EEs to register | +| Name | Description | Default | +| --------------------------| -------------------------- |------------------------------| +| tower_image | Path of the image to pull | quay.io/ansible/awx | +| tower_image_version | Image version to pull | 19 | +| tower_image_pull_policy | The pull policy to adopt | IfNotPresent | +| tower_image_pull_secret | The pull secret to use | '' | +| tower_ee_images | A list of EEs to register | quay.io/ansible/awx-ee:0.1.1 | +| tower_redis_image | Path of the image to pull | docker.io/redis | +| tower_redis_image_version | Image version to pull | latest | Example of customization could be: @@ -269,6 +272,7 @@ Example of customization could be: spec: ... tower_image: myorg/my-custom-awx + tower_image_version: latest tower_image_pull_policy: Always tower_image_pull_secret: pull_secret_name tower_ee_images: @@ -334,12 +338,14 @@ the AWX pods to run only on the nodes that match all the specified key/value pai pods to be scheduled onto nodes with matching taints. -| Name | Description | Default | -| -------------------------- | --------------------------- | ------- | -| tower_node_selector | AWX pods' nodeSelector | '' | -| tower_tolerations | AWX pods' tolerations | '' | -| tower_postgres_selector | Postgres pods' nodeSelector | '' | -| tower_postgres_tolerations | Postgres pods' tolerations | '' | +| Name | Description | Default | +| -------------------------------| --------------------------- | ------- | +| tower_postgres_image | Path of the image to pull | 12 | +| tower_postgres_image_version | Image version to pull | 12 | +| tower_node_selector | AWX pods' nodeSelector | '' | +| tower_tolerations | AWX pods' tolerations | '' | +| tower_postgres_selector | Postgres pods' nodeSelector | '' | +| tower_postgres_tolerations | Postgres pods' tolerations | '' | Example of customization could be: diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 index 17f07c18..50f035a1 100644 --- a/ansible/templates/crd.yml.j2 +++ b/ansible/templates/crd.yml.j2 @@ -113,6 +113,9 @@ spec: tower_image: description: Registry path to the application container to use type: string + tower_image_version: + description: Application container image version to use + type: string tower_ee_images: description: Registry path to the Execution Environment container to use type: array @@ -226,9 +229,15 @@ spec: tower_redis_image: description: Registry path to the redis container to use type: string + tower_redis_image_version: + description: Redis container image version to use + type: string tower_postgres_image: description: Registry path to the PostgreSQL container to use type: string + tower_postgres_image_version: + description: PostgreSQL container image version to use + type: string tower_postgres_selector: description: nodeSelector for the Postgres pods type: string diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index d3d1c250..3a90b30b 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -115,6 +115,9 @@ spec: tower_image: description: Registry path to the application container to use type: string + tower_image_version: + description: Application container image version to use + type: string tower_ee_images: description: Registry path to the Execution Environment container to use type: array @@ -223,9 +226,15 @@ spec: tower_redis_image: description: Registry path to the redis container to use type: string + tower_redis_image_version: + description: Redis container image version to use + type: string tower_postgres_image: description: Registry path to the PostgreSQL container to use type: string + tower_postgres_image_version: + description: PostgreSQL container image version to use + type: string tower_postgres_selector: description: nodeSelector for the Postgres pods type: string diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml index f91d7e48..c598499d 100644 --- a/deploy/crds/awx_v1beta1_crd.yaml +++ b/deploy/crds/awx_v1beta1_crd.yaml @@ -113,6 +113,9 @@ spec: tower_image: description: Registry path to the application container to use type: string + tower_image_version: + description: Application container image version to use + type: string tower_ee_images: description: Registry path to the Execution Environment container to use type: array @@ -221,9 +224,15 @@ spec: tower_redis_image: description: Registry path to the redis container to use type: string + tower_redis_image_version: + description: Redis container image version to use + type: string tower_postgres_image: description: Registry path to the PostgreSQL container to use type: string + tower_postgres_image_version: + description: PostgreSQL container image version to use + type: string tower_postgres_selector: description: nodeSelector for the Postgres pods type: string diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 960d8987..c76964db 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -204,16 +204,31 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Tower Image Version + path: tower_image_version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Redis Image path: tower_redis_image x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: Redis Image Version + path: tower_redis_image_version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: PostgreSQL Image path: tower_postgres_image x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden + - displayName: PostgreSQL Image Version + path: tower_postgres_image_version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - urn:alm:descriptor:com.tectonic.ui:hidden - displayName: Tower Postgres Selector path: tower_postgres_selector x-descriptors: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index e628463e..c7b54009 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -73,6 +73,9 @@ spec: tower_image: description: Registry path to the application container to use type: string + tower_image_version: + description: Application container image version to use + type: string tower_image_pull_policy: default: IfNotPresent description: The image pull policy @@ -134,6 +137,9 @@ spec: tower_postgres_image: description: Registry path to the PostgreSQL container to use type: string + tower_postgres_image_version: + description: PostgreSQL container image version to use + type: string tower_postgres_selector: description: nodeSelector for the Postgres pods type: string @@ -193,6 +199,9 @@ spec: tower_redis_image: description: Registry path to the redis container to use type: string + tower_redis_image_version: + description: Redis container image version to use + type: string tower_replicas: default: 1 description: Number of instance replicas diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index d86880cf..b34570da 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -81,7 +81,12 @@ tower_extra_volumes: '' # Use these image versions for Ansible AWX. -tower_image: quay.io/ansible/awx:19.0.0 +tower_image: quay.io/ansible/awx +tower_image_version: 19.0.0 +tower_redis_image: docker.io/redis +tower_redis_image_version: latest +tower_postgres_image: postgres +tower_postgres_image_version: 12 tower_image_pull_policy: IfNotPresent tower_image_pull_secret: '' @@ -127,9 +132,6 @@ tower_web_extra_env: '' tower_task_extra_volume_mounts: '' tower_web_extra_volume_mounts: '' tower_ee_extra_volume_mounts: '' -tower_redis_image: redis:latest - -tower_postgres_image: postgres:12 # Add a nodeSelector for the Postgres pods. # It must match a node's labels for the pod to be scheduled on that node. diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index 1d2bc7c5..27fb7690 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -16,10 +16,6 @@ app.kubernetes.io/managed-by: awx-operator app.kubernetes.io/component: awx -- name: Get current version - set_fact: - tower_image_version: "{{ tower_image.split(':')[1] }}" - - name: Include secret key configuration tasks include_tasks: secret_key_configuration.yml diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2 index 42c334ec..9dd6f46f 100644 --- a/roles/installer/templates/tower_deployment.yaml.j2 +++ b/roles/installer/templates/tower_deployment.yaml.j2 @@ -33,7 +33,7 @@ spec: - name: {{ tower_image_pull_secret }} {% endif %} containers: - - image: '{{ tower_redis_image }}' + - image: '{{ tower_redis_image }}:{{ tower_redis_image_version }}' name: redis args: ["redis-server", "/etc/redis.conf"] volumeMounts: @@ -45,7 +45,7 @@ spec: mountPath: "/var/run/redis" - name: "{{ meta.name }}-redis-data" mountPath: "/data" - - image: '{{ tower_image }}' + - image: '{{ tower_image }}:{{ tower_image_version }}' name: '{{ meta.name }}-web' {% if tower_web_command %} command: {{ tower_web_command }} @@ -123,7 +123,7 @@ spec: {{ tower_web_extra_env | indent(width=12, indentfirst=True) }} {% endif %} resources: {{ tower_web_resource_requirements }} - - image: '{{ tower_image }}' + - image: '{{ tower_image }}:{{ tower_image_version }}' name: '{{ meta.name }}-task' imagePullPolicy: '{{ tower_image_pull_policy }}' {% if tower_task_privileged == true %} diff --git a/roles/installer/templates/tower_postgres.yaml.j2 b/roles/installer/templates/tower_postgres.yaml.j2 index 18d2ae96..6bbab1ca 100644 --- a/roles/installer/templates/tower_postgres.yaml.j2 +++ b/roles/installer/templates/tower_postgres.yaml.j2 @@ -29,7 +29,7 @@ spec: app.kubernetes.io/component: database spec: containers: - - image: '{{ tower_postgres_image }}' + - image: '{{ tower_postgres_image }}:{{ tower_postgres_image_version }}' name: postgres env: - name: POSTGRES_DB From 051500fff1423575a703974af8fdbe3f4997d30d Mon Sep 17 00:00:00 2001 From: Marcelo Moreira de Mello Date: Wed, 21 Apr 2021 17:51:35 -0400 Subject: [PATCH 2/3] updated documentation --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6dc6c6fd..3f6478ab 100644 --- a/README.md +++ b/README.md @@ -258,7 +258,7 @@ There are a few variables that are customizable for awx the image management. | Name | Description | Default | | --------------------------| -------------------------- |------------------------------| | tower_image | Path of the image to pull | quay.io/ansible/awx | -| tower_image_version | Image version to pull | 19 | +| tower_image_version | Image version to pull | 19.0.0 | | tower_image_pull_policy | The pull policy to adopt | IfNotPresent | | tower_image_pull_secret | The pull secret to use | '' | | tower_ee_images | A list of EEs to register | quay.io/ansible/awx-ee:0.1.1 | @@ -280,6 +280,15 @@ spec: image: myorg/my-custom-awx-ee ``` +**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. + + +| Operator Version | Suppported AWX version | +| -------------------| -------------------------- | +| 0.0.7 and older | >= 17.0.0 | +| 0.0.8 and later | >= 18.0.0 | + + #### Privileged Tasks Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource: From 52768c9a65b5d2a977e59c91a551b83bc20a2906 Mon Sep 17 00:00:00 2001 From: Marcelo Moreira de Mello Date: Thu, 22 Apr 2021 10:18:46 -0400 Subject: [PATCH 3/3] updated coumentation --- README.md | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 3f6478ab..8d0140a7 100644 --- a/README.md +++ b/README.md @@ -255,15 +255,15 @@ spec: There are a few variables that are customizable for awx the image management. -| Name | Description | Default | -| --------------------------| -------------------------- |------------------------------| -| tower_image | Path of the image to pull | quay.io/ansible/awx | -| tower_image_version | Image version to pull | 19.0.0 | -| tower_image_pull_policy | The pull policy to adopt | IfNotPresent | -| tower_image_pull_secret | The pull secret to use | '' | -| tower_ee_images | A list of EEs to register | quay.io/ansible/awx-ee:0.1.1 | -| tower_redis_image | Path of the image to pull | docker.io/redis | -| tower_redis_image_version | Image version to pull | latest | +| Name | Description | +| --------------------------| -------------------------- | +| tower_image | Path of the image to pull | +| tower_image_version | Image version to pull | +| tower_image_pull_policy | The pull policy to adopt | +| tower_image_pull_secret | The pull secret to use | +| tower_ee_images | A list of EEs to register | +| tower_redis_image | Path of the image to pull | +| tower_redis_image_version | Image version to pull | Example of customization could be: @@ -280,14 +280,7 @@ spec: image: myorg/my-custom-awx-ee ``` -**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. - - -| Operator Version | Suppported AWX version | -| -------------------| -------------------------- | -| 0.0.7 and older | >= 17.0.0 | -| 0.0.8 and later | >= 18.0.0 | - +**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file. #### Privileged Tasks