From 316d08ccb4804c1ce2a3bb4e4e4d5a5f8cc4e411 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:16 -0400 Subject: [PATCH 01/22] Begin to migrate towards operator-sdk 1.x project structure --- .gitignore | 1 + build/Dockerfile => Dockerfile | 6 +- Makefile | 173 ++++ PROJECT | 16 + build/test-framework/Dockerfile | 13 - build/test-framework/ansible-test.sh | 7 - bundle.Dockerfile | 14 - .../crd/bases/awx.ansible.com_awxs.yaml | 0 .../awxbackup.ansible.com_awxbackups.yaml | 0 .../awxrestore.ansible.com_awxrestores.yaml | 0 config/crd/kustomization.yaml | 8 + config/default/kustomization.yaml | 30 + config/default/manager_auth_proxy_patch.yaml | 28 + config/default/manager_config_patch.yaml | 20 + config/manager/controller_manager_config.yaml | 10 + config/manager/kustomization.yaml | 16 + config/manager/manager.yaml | 55 ++ .../awx-operator.clusterserviceversion.yaml | 40 + config/manifests/kustomization.yaml | 7 + config/prometheus/kustomization.yaml | 2 + config/prometheus/monitor.yaml | 20 + .../rbac/auth_proxy_client_clusterrole.yaml | 9 + config/rbac/auth_proxy_role.yaml | 17 + config/rbac/auth_proxy_role_binding.yaml | 12 + config/rbac/auth_proxy_service.yaml | 15 + config/rbac/awx_editor_role.yaml | 24 + config/rbac/awx_viewer_role.yaml | 20 + config/rbac/kustomization.yaml | 18 + config/rbac/leader_election_role.yaml | 37 + config/rbac/leader_election_role_binding.yaml | 12 + config/rbac/role.yaml | 106 +++ config/rbac/role_binding.yaml | 11 + config/rbac/service_account.yaml | 5 + config/samples/awx_v1alpha1_awx.yaml | 7 + config/samples/kustomization.yaml | 4 + config/scorecard/bases/config.yaml | 7 + config/scorecard/kustomization.yaml | 16 + config/scorecard/patches/basic.config.yaml | 10 + config/scorecard/patches/olm.config.yaml | 50 ++ config/testing/debug_logs_patch.yaml | 14 + config/testing/kustomization.yaml | 23 + config/testing/manager_image.yaml | 12 + config/testing/pull_policy/Always.yaml | 12 + config/testing/pull_policy/IfNotPresent.yaml | 12 + config/testing/pull_policy/Never.yaml | 12 + deploy/awx-operator.yaml | 786 ------------------ deploy/crds/awx_v1beta1_molecule.yaml | 23 - deploy/kustomization.yaml | 5 - .../awx-operator.clusterserviceversion.yaml | 777 ----------------- .../awx.ansible.com_awxbackups_crd.yaml | 85 -- .../awx.ansible.com_awxrestores_crd.yaml | 88 -- .../manifests/awx.ansible.com_awxs_crd.yaml | 463 ----------- .../awx-operator/metadata/annotations.yaml | 10 - main.yml | 5 - playbooks/.gitkeep | 0 projects/.gitkeep | 0 requirements.yml | 4 +- watches.yaml | 4 +- 58 files changed, 898 insertions(+), 2283 deletions(-) rename build/Dockerfile => Dockerfile (64%) create mode 100644 Makefile create mode 100644 PROJECT delete mode 100644 build/test-framework/Dockerfile delete mode 100644 build/test-framework/ansible-test.sh delete mode 100644 bundle.Dockerfile rename deploy/crds/awx_v1beta1_crd.yaml => config/crd/bases/awx.ansible.com_awxs.yaml (100%) rename deploy/crds/awxbackup_v1beta1_crd.yaml => config/crd/bases/awxbackup.ansible.com_awxbackups.yaml (100%) rename deploy/crds/awxrestore_v1beta1_crd.yaml => config/crd/bases/awxrestore.ansible.com_awxrestores.yaml (100%) create mode 100644 config/crd/kustomization.yaml create mode 100644 config/default/kustomization.yaml create mode 100644 config/default/manager_auth_proxy_patch.yaml create mode 100644 config/default/manager_config_patch.yaml create mode 100644 config/manager/controller_manager_config.yaml create mode 100644 config/manager/kustomization.yaml create mode 100644 config/manager/manager.yaml create mode 100644 config/manifests/bases/awx-operator.clusterserviceversion.yaml create mode 100644 config/manifests/kustomization.yaml create mode 100644 config/prometheus/kustomization.yaml create mode 100644 config/prometheus/monitor.yaml create mode 100644 config/rbac/auth_proxy_client_clusterrole.yaml create mode 100644 config/rbac/auth_proxy_role.yaml create mode 100644 config/rbac/auth_proxy_role_binding.yaml create mode 100644 config/rbac/auth_proxy_service.yaml create mode 100644 config/rbac/awx_editor_role.yaml create mode 100644 config/rbac/awx_viewer_role.yaml create mode 100644 config/rbac/kustomization.yaml create mode 100644 config/rbac/leader_election_role.yaml create mode 100644 config/rbac/leader_election_role_binding.yaml create mode 100644 config/rbac/role.yaml create mode 100644 config/rbac/role_binding.yaml create mode 100644 config/rbac/service_account.yaml create mode 100644 config/samples/awx_v1alpha1_awx.yaml create mode 100644 config/samples/kustomization.yaml create mode 100644 config/scorecard/bases/config.yaml create mode 100644 config/scorecard/kustomization.yaml create mode 100644 config/scorecard/patches/basic.config.yaml create mode 100644 config/scorecard/patches/olm.config.yaml create mode 100644 config/testing/debug_logs_patch.yaml create mode 100644 config/testing/kustomization.yaml create mode 100644 config/testing/manager_image.yaml create mode 100644 config/testing/pull_policy/Always.yaml create mode 100644 config/testing/pull_policy/IfNotPresent.yaml create mode 100644 config/testing/pull_policy/Never.yaml delete mode 100644 deploy/awx-operator.yaml delete mode 100644 deploy/crds/awx_v1beta1_molecule.yaml delete mode 100644 deploy/kustomization.yaml delete mode 100644 deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml delete mode 100644 deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml delete mode 100644 deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml delete mode 100644 deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml delete mode 100644 deploy/olm-catalog/awx-operator/metadata/annotations.yaml delete mode 100644 main.yml create mode 100644 playbooks/.gitkeep create mode 100644 projects/.gitkeep diff --git a/.gitignore b/.gitignore index 017602a9..493c6418 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *~ .cache/ +/bin diff --git a/build/Dockerfile b/Dockerfile similarity index 64% rename from build/Dockerfile rename to Dockerfile index 71fe5210..af52815f 100644 --- a/build/Dockerfile +++ b/Dockerfile @@ -1,11 +1,9 @@ -FROM quay.io/operator-framework/ansible-operator:v0.19.4 +FROM quay.io/operator-framework/ansible-operator:v1.12.0 -# Install Ansible requirements. COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ && chmod -R ug+rwx ${HOME}/.ansible COPY watches.yaml ${HOME}/watches.yaml - -COPY main.yml ${HOME}/main.yml COPY roles/ ${HOME}/roles/ +COPY playbooks/ ${HOME}/playbooks/ diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..b540a44e --- /dev/null +++ b/Makefile @@ -0,0 +1,173 @@ +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 0.14.0 + +# CHANNELS define the bundle channels used in the bundle. +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") +# To re-generate a bundle for other specific channels without changing the standard setup, you can: +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif + +# DEFAULT_CHANNEL defines the default channel used in the bundle. +# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") +# To re-generate a bundle for any other default channel without changing the default setup, you can: +# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) +# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. +# This variable is used to construct full image tags for bundle and catalog images. +# +# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both +# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator + +# BUNDLE_IMG defines the image:tag used for the bundle. +# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) + +# Image URL to use all building/pushing image targets +IMG ?= $(IMAGE_TAG_BASE):$(VERSION) + +all: docker-build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build + +run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config + ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run + +docker-build: ## Build docker image with the manager. + docker build -t ${IMG} . + +docker-push: ## Push docker image with the manager. + docker push ${IMG} + +##@ Deployment + +install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/default | kubectl delete -f - + +OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/') + +.PHONY: kustomize +KUSTOMIZE = $(shell pwd)/bin/kustomize +kustomize: ## Download kustomize locally if necessary. +ifeq (,$(wildcard $(KUSTOMIZE))) +ifeq (,$(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUSTOMIZE)) ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ ;\ + } +else +KUSTOMIZE = $(shell which kustomize) +endif +endif + +.PHONY: ansible-operator +ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator +ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. +ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) +ifeq (,$(shell which ansible-operator 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\ + chmod +x $(ANSIBLE_OPERATOR) ;\ + } +else +ANSIBLE_OPERATOR = $(shell which ansible-operator) +endif +endif + +.PHONY: bundle +bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files. + operator-sdk generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + operator-sdk bundle validate ./bundle + +.PHONY: bundle-build +bundle-build: ## Build the bundle image. + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +.PHONY: bundle-push +bundle-push: ## Push the bundle image. + $(MAKE) docker-push IMG=$(BUNDLE_IMG) + +.PHONY: opm +OPM = ./bin/opm +opm: ## Download opm locally if necessary. +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ + chmod +x $(OPM) ;\ + } +else +OPM = $(shell which opm) +endif +endif + +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). +# These images MUST exist in a registry and be pull-able. +BUNDLE_IMGS ?= $(BUNDLE_IMG) + +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) + +# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. +ifneq ($(origin CATALOG_BASE_IMG), undefined) +FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) +endif + +# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. +# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: +# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator +.PHONY: catalog-build +catalog-build: opm ## Build a catalog image. + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) + +# Push the catalog image. +.PHONY: catalog-push +catalog-push: ## Push a catalog image. + $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/PROJECT b/PROJECT new file mode 100644 index 00000000..1407704d --- /dev/null +++ b/PROJECT @@ -0,0 +1,16 @@ +domain: ansible.com +layout: +- ansible.sdk.operatorframework.io/v1 +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} +projectName: awx-operator +resources: +- api: + crdVersion: v1 + namespaced: true + domain: ansible.com + group: awx + kind: AWX + version: v1beta1 +version: "3" diff --git a/build/test-framework/Dockerfile b/build/test-framework/Dockerfile deleted file mode 100644 index 9738dc97..00000000 --- a/build/test-framework/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -ARG BASEIMAGE -FROM ${BASEIMAGE} -USER 0 - -RUN yum install -y python-devel gcc libffi-devel -RUN pip install molecule==3.0.6 jmespath - -ARG NAMESPACEDMAN -ADD $NAMESPACEDMAN /namespaced.yaml -ADD build/test-framework/ansible-test.sh /ansible-test.sh -RUN chmod +x /ansible-test.sh -USER 1001 -ADD . /opt/ansible/project diff --git a/build/test-framework/ansible-test.sh b/build/test-framework/ansible-test.sh deleted file mode 100644 index e562ec5b..00000000 --- a/build/test-framework/ansible-test.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -export WATCH_NAMESPACE=${TEST_NAMESPACE} -(/usr/local/bin/entrypoint)& -trap "kill $!" SIGINT SIGTERM EXIT - -cd ${HOME}/project -exec molecule test -s test-minikube diff --git a/bundle.Dockerfile b/bundle.Dockerfile deleted file mode 100644 index f78084ba..00000000 --- a/bundle.Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM scratch - -LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 -LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ -LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ -LABEL operators.operatorframework.io.bundle.package.v1=awx-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha -LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4 -LABEL operators.operatorframework.io.metrics.project_layout=ansible - -COPY deploy/olm-catalog/awx-operator/manifests /manifests/ -COPY deploy/olm-catalog/awx-operator/metadata /metadata/ diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/config/crd/bases/awx.ansible.com_awxs.yaml similarity index 100% rename from deploy/crds/awx_v1beta1_crd.yaml rename to config/crd/bases/awx.ansible.com_awxs.yaml diff --git a/deploy/crds/awxbackup_v1beta1_crd.yaml b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml similarity index 100% rename from deploy/crds/awxbackup_v1beta1_crd.yaml rename to config/crd/bases/awxbackup.ansible.com_awxbackups.yaml diff --git a/deploy/crds/awxrestore_v1beta1_crd.yaml b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml similarity index 100% rename from deploy/crds/awxrestore_v1beta1_crd.yaml rename to config/crd/bases/awxrestore.ansible.com_awxrestores.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 00000000..915ffe4a --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,8 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/awx.ansible.com_awxs.yaml +- bases/awxbackup.ansible.com_awxbackups.yaml +- bases/awxrestore.ansible.com_awxrestores.yaml +#+kubebuilder:scaffold:crdkustomizeresource diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 00000000..f5755b16 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,30 @@ +# Adds namespace to all resources. +namespace: awx-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: awx-operator- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml + +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 00000000..81354ddc --- /dev/null +++ b/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,28 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + protocol: TCP + name: https + - name: manager + args: + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--leader-election-id=awx-operator" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml new file mode 100644 index 00000000..6c400155 --- /dev/null +++ b/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml new file mode 100644 index 00000000..a36c5de2 --- /dev/null +++ b/config/manager/controller_manager_config.yaml @@ -0,0 +1,10 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1beta1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :6789 +metrics: + bindAddress: 127.0.0.1:8080 + +leaderElection: + leaderElect: true + resourceName: 811c9dc5.ansible.com diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 00000000..f1d239a4 --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_manager_config.yaml + name: manager-config +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: quay.io/shanemcd/awx-operator + newTag: 0.0.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml new file mode 100644 index 00000000..3cb7cd95 --- /dev/null +++ b/config/manager/manager.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + securityContext: + runAsNonRoot: true + containers: + - args: + - --leader-elect + - --leader-election-id=awx-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml new file mode 100644 index 00000000..1de383a4 --- /dev/null +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -0,0 +1,40 @@ +apiVersion: operators.coreos.com/v1beta1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Basic Install + name: awx-operator.v0.0.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: {} + description: An operator for the AWX Project + displayName: AWX + icon: + - base64data: "" + mediatype: "" + install: + spec: + deployments: null + strategy: "" + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - automation + - ansible + links: + - name: Awx Operator + url: https://awx-operator.domain + maturity: alpha + provider: + name: Ansible + url: github.com/ansible/awx-operator + version: 0.0.0 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml new file mode 100644 index 00000000..b484d72d --- /dev/null +++ b/config/manifests/kustomization.yaml @@ -0,0 +1,7 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/awx-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml new file mode 100644 index 00000000..ed137168 --- /dev/null +++ b/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml new file mode 100644 index 00000000..d19136ae --- /dev/null +++ b/config/prometheus/monitor.yaml @@ -0,0 +1,20 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 00000000..51a75db4 --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml new file mode 100644 index 00000000..80e1857c --- /dev/null +++ b/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 00000000..ec7acc0a --- /dev/null +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml new file mode 100644 index 00000000..71f17972 --- /dev/null +++ b/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/config/rbac/awx_editor_role.yaml b/config/rbac/awx_editor_role.yaml new file mode 100644 index 00000000..908ba1f2 --- /dev/null +++ b/config/rbac/awx_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit awxs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awx-editor-role +rules: +- apiGroups: + - awx.ansible.com + resources: + - awxs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - awx.ansible.com + resources: + - awxs/status + verbs: + - get diff --git a/config/rbac/awx_viewer_role.yaml b/config/rbac/awx_viewer_role.yaml new file mode 100644 index 00000000..925b5175 --- /dev/null +++ b/config/rbac/awx_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view awxs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awx-viewer-role +rules: +- apiGroups: + - awx.ansible.com + resources: + - awxs + verbs: + - get + - list + - watch +- apiGroups: + - awx.ansible.com + resources: + - awxs/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 00000000..731832a6 --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,18 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml new file mode 100644 index 00000000..4190ec80 --- /dev/null +++ b/config/rbac/leader_election_role.yaml @@ -0,0 +1,37 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 00000000..1d1321ed --- /dev/null +++ b/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 00000000..d3e57ac7 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: manager-role +rules: + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - create + - delete + - patch + - update + - watch + - apiGroups: + - "" + - "rbac.authorization.k8s.io" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - roles + - rolebindings + verbs: + - get + - list + - create + - delete + - patch + - update + - watch + - apiGroups: + - apps + - networking.k8s.io + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + - ingresses + verbs: + - get + - list + - create + - delete + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + - statefulsets/scale + verbs: + - patch + - apiGroups: + - "" + resources: + - pods/exec + - pods/attach + - pods/log # log & attach rules needed to be able to grant them to AWX service account + verbs: + - create + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - create + - apiGroups: + - awx.ansible.com + resources: + - '*' + - awxbackups + - awxrestores + verbs: + - '*' diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml new file mode 100644 index 00000000..5e11a2f3 --- /dev/null +++ b/config/rbac/role_binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 00000000..7cd6025b --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/config/samples/awx_v1alpha1_awx.yaml b/config/samples/awx_v1alpha1_awx.yaml new file mode 100644 index 00000000..903182b9 --- /dev/null +++ b/config/samples/awx_v1alpha1_awx.yaml @@ -0,0 +1,7 @@ +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: awx-sample +spec: + # Add fields here + foo: bar diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 00000000..3df795eb --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,4 @@ +## Append samples you want in your CSV to this file as resources ## +resources: +- awx_v1beta1_awx.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml new file mode 100644 index 00000000..c7704784 --- /dev/null +++ b/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml new file mode 100644 index 00000000..50cd2d08 --- /dev/null +++ b/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +#+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml new file mode 100644 index 00000000..c04db317 --- /dev/null +++ b/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: basic + test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml new file mode 100644 index 00000000..122f7031 --- /dev/null +++ b/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.12.0 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/config/testing/debug_logs_patch.yaml b/config/testing/debug_logs_patch.yaml new file mode 100644 index 00000000..3fb3d559 --- /dev/null +++ b/config/testing/debug_logs_patch.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/config/testing/kustomization.yaml b/config/testing/kustomization.yaml new file mode 100644 index 00000000..41091623 --- /dev/null +++ b/config/testing/kustomization.yaml @@ -0,0 +1,23 @@ +# Adds namespace to all resources. +namespace: osdk-test + +namePrefix: osdk- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +patchesStrategicMerge: +- manager_image.yaml +- debug_logs_patch.yaml +- ../default/manager_auth_proxy_patch.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager +images: +- name: testing + newName: testing-operator diff --git a/config/testing/manager_image.yaml b/config/testing/manager_image.yaml new file mode 100644 index 00000000..e44f542d --- /dev/null +++ b/config/testing/manager_image.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + image: testing diff --git a/config/testing/pull_policy/Always.yaml b/config/testing/pull_policy/Always.yaml new file mode 100644 index 00000000..6b0a8e2a --- /dev/null +++ b/config/testing/pull_policy/Always.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/config/testing/pull_policy/IfNotPresent.yaml b/config/testing/pull_policy/IfNotPresent.yaml new file mode 100644 index 00000000..2f52f496 --- /dev/null +++ b/config/testing/pull_policy/IfNotPresent.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent diff --git a/config/testing/pull_policy/Never.yaml b/config/testing/pull_policy/Never.yaml new file mode 100644 index 00000000..86f13d81 --- /dev/null +++ b/config/testing/pull_policy/Never.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Never diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml deleted file mode 100644 index c56cd8b3..00000000 --- a/deploy/awx-operator.yaml +++ /dev/null @@ -1,786 +0,0 @@ -# This file is generated by Ansible. Changes will be lost. -# Update templates under ansible/templates/ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Schema validation for the AWX CRD - properties: - spec: - properties: - deployment_type: - description: Name of the deployment type - type: string - kind: - description: Kind of the deployment type - type: string - api_version: - description: apiVersion of the deployment type - type: string - task_privileged: - description: If a privileged security context should be enabled - type: boolean - default: false - admin_user: - description: Username to use for the admin account - type: string - default: admin - hostname: - description: The hostname of the instance - type: string - admin_email: - description: The admin user email - type: string - admin_password_secret: - description: Secret where the admin password can be found - type: string - postgres_configuration_secret: - description: Secret where the database configuration can be found - type: string - old_postgres_configuration_secret: - description: Secret where the old database configuration can be found for data migration - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for data migration - type: string - secret_key_secret: - description: Secret where the secret key can be found - type: string - broadcast_websocket_secret: - description: Secret where the broadcast websocket secret can be found - type: string - extra_volumes: - description: Specify extra volumes to add to the application pod - type: string - service_type: - description: The service type to be used on the deployed instance - type: string - enum: - - LoadBalancer - - loadbalancer - - ClusterIP - - clusterip - - NodePort - - nodeport - ingress_type: - description: The ingress type to use to reach the deployed instance - type: string - enum: - - none - - Ingress - - ingress - - Route - - route - ingress_path: - description: The ingress path used to reach the deployed service - type: string - ingress_annotations: - description: Annotations to add to the Ingress Controller - type: string - ingress_tls_secret: - description: Secret where the Ingress TLS secret can be found - type: string - loadbalancer_annotations: - description: Annotations to add to the loadbalancer - type: string - loadbalancer_protocol: - description: Protocol to use for the loadbalancer - type: string - default: http - enum: - - http - - https - loadbalancer_port: - description: Port to use for the loadbalancer - type: integer - default: 80 - route_host: - description: The DNS to use to points to the instance - type: string - route_tls_termination_mechanism: - description: The secure TLS termination mechanism to use - type: string - default: Edge - enum: - - Edge - - edge - - Passthrough - - passthrough - route_tls_secret: - description: Secret where the TLS related credentials are stored - type: string - nodeport_port: - description: Port to use for the nodeport - type: integer - default: 30080 - node_selector: - description: nodeSelector for the pods - type: string - service_labels: - description: Additional labels to apply to the service - type: string - tolerations: - description: node tolerations for the pods - type: string - image: - description: Registry path to the application container to use - type: string - image_version: - description: Application container image version to use - type: string - ee_images: - description: Registry path to the Execution Environment container to use - type: array - items: - type: object - properties: - name: - type: string - image: - type: string - control_plane_ee_image: - description: Registry path to the Execution Environment container image to use on control plane pods - type: string - ee_pull_credentials_secret: - description: Secret where pull credentials for registered ees can be found - type: string - image_pull_policy: - description: The image pull policy - type: string - default: IfNotPresent - enum: - - Always - - always - - Never - - never - - IfNotPresent - - ifnotpresent - image_pull_secret: - description: The image pull secret - type: string - task_resource_requirements: - description: Resource requirements for the task container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - web_resource_requirements: - description: Resource requirements for the web container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - ee_resource_requirements: - description: Resource requirements for the ee container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - service_account_annotations: - description: ServiceAccount annotations - type: string - replicas: - description: Number of instance replicas - type: integer - default: 1 - format: int32 - garbage_collect_secrets: - description: Whether or not to remove secrets upon instance removal - default: false - type: boolean - create_preload_data: - description: Whether or not to preload data upon instance creation - default: true - type: boolean - task_args: - type: array - items: - type: string - task_command: - type: array - items: - type: string - web_args: - type: array - items: - type: string - web_command: - type: array - items: - type: string - task_extra_env: - type: string - web_extra_env: - type: string - ee_extra_env: - type: string - ee_extra_volume_mounts: - description: Specify volume mounts to be added to Execution container - type: string - task_extra_volume_mounts: - description: Specify volume mounts to be added to Task container - type: string - web_extra_volume_mounts: - description: Specify volume mounts to be added to the Web container - type: string - redis_image: - description: Registry path to the redis container to use - type: string - redis_image_version: - description: Redis container image version to use - type: string - init_container_image: - description: Registry path to the init container to use - type: string - init_container_image_version: - description: Init container image version to use - type: string - init_container_extra_commands: - description: Extra commands for the init container - type: string - init_container_extra_volume_mounts: - description: Specify volume mounts to be added to the init container - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_selector: - description: nodeSelector for the Postgres pods - type: string - postgres_tolerations: - description: node tolerations for the Postgres pods - type: string - postgres_storage_requirements: - description: Storage requirements for the PostgreSQL container - properties: - requests: - properties: - storage: - type: string - type: object - limits: - properties: - storage: - type: string - type: object - type: object - postgres_resource_requirements: - description: Resource requirements for the PostgreSQL container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - type: object - type: object - postgres_storage_class: - description: Storage class to use for the PostgreSQL PVC - type: string - postgres_data_path: - description: Path where the PostgreSQL data are located - type: string - ca_trust_bundle: - description: Path where the trusted CA bundle is available - type: string - development_mode: - description: If the deployment should be done in development mode - type: boolean - ldap_cacert_secret: - description: Secret where can be found the LDAP trusted Certificate Authority Bundle - type: string - bundle_cacert_secret: - description: Secret where can be found the trusted Certificate Authority Bundle - type: string - projects_persistence: - description: Whether or not the /var/lib/projects directory will be persistent - default: false - type: boolean - projects_use_existing_claim: - description: Using existing PersistentVolumeClaim - type: string - enum: - - _Yes_ - - _No_ - projects_existing_claim: - description: PersistentVolumeClaim to mount /var/lib/projects directory - type: string - projects_storage_class: - description: Storage class for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_size: - description: Size for the /var/lib/projects PersistentVolumeClaim - default: 8Gi - type: string - projects_storage_access_mode: - description: AccessMode for the /var/lib/projects PersistentVolumeClaim - default: ReadWriteMany - type: string - extra_settings: - description: Extra settings to specify for the API - items: - properties: - setting: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - type: object - status: - properties: - URL: - description: URL to access the deployed instance - type: string - adminUser: - description: Admin user of the deployed instance - type: string - adminPasswordSecret: - description: Admin password secret name of the deployed instance - type: string - postgresConfigurationSecret: - description: Postgres Configuration secret name of the deployed instance - type: string - broadcastWebsocketSecret: - description: Broadcast websocket secret name of the deployed instance - type: string - secretKeySecret: - description: Secret key secret name of the deployed instance - type: string - migratedFromSecret: - description: The secret used for migrating an old instance. - type: string - version: - description: Version of the deployed instance - type: string - image: - description: URL of the image used for the deployed instance - type: string - conditions: - description: The resulting conditions when a Service Telemetry is instantiated - items: - properties: - status: - type: string - type: - type: string - reason: - type: string - lastTransitionTime: - type: string - type: object - type: array - type: object - type: object - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxbackups.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXBackup - listKind: AWXBackupList - plural: awxbackups - singular: awxbackup - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - description: Schema validation for the AWXBackup CRD - properties: - spec: - type: object - required: - - deployment_name - properties: - deployment_name: - description: Name of the deployment to be backed up - type: string - backup_pvc: - description: Name of the PVC to be used for storing the backup - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_storage_requirements: - description: Storage requirements for the PostgreSQL container - type: string - backup_storage_class: - description: Storage class to use when creating PVC for backup - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing up data - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - status: - type: object - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - backupDirectory: - description: Backup directory name on the specified pvc - type: string - backupClaim: - description: Backup persistent volume claim - type: string - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxrestores.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXRestore - listKind: AWXRestoreList - plural: awxrestores - singular: awxrestore - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - description: Schema validation for the AWXRestore CRD - properties: - spec: - type: object - properties: - backup_source: - description: Backup source - type: string - enum: - - CR - - PVC - deployment_name: - description: Name of the deployment to be restored to - type: string - backup_name: - description: AWXBackup object name - type: string - backup_pvc: - description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim) - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_dir: - description: Backup directory name, set as a status found on the awxbackup object (backupDirectory) - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing up data - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - status: - type: object - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - restoreComplete: - description: Restore process complete - type: boolean - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: awx-operator -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - "" - - "rbac.authorization.k8s.io" - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - apps - - networking.k8s.io - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - - statefulsets/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - - pods/attach - - pods/log # log & attach rules needed to be able to grant them to AWX service account - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - create - - apiGroups: - - awx.ansible.com - resources: - - '*' - - awxbackups - - awxrestores - verbs: - - '*' - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: awx-operator -subjects: - - kind: ServiceAccount - name: awx-operator -roleRef: - kind: Role - name: awx-operator - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awx-operator - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: awx-operator -spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - template: - metadata: - labels: - name: awx-operator - spec: - serviceAccountName: awx-operator - containers: - - name: awx-operator - image: "quay.io/ansible/awx-operator:0.13.0" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - # Watch one namespace (namespace-scoped). - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - - name: OPERATOR_VERSION - value: "0.13.0" - - name: ANSIBLE_DEBUG_LOGS - value: "false" - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - volumes: - - name: runner - emptyDir: {} diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml deleted file mode 100644 index 133c4814..00000000 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: awx.ansible.com/v1beta1 -kind: AWX -metadata: - name: example-awx - namespace: example-awx -spec: - service_account_annotations: | - foo: bar - deployment_type: awx - ingress_type: ingress - web_resource_requirements: - requests: - cpu: 500m - memory: 128M - task_resource_requirements: - requests: - cpu: 500m - memory: 128M - ee_resource_requirements: - requests: - cpu: 200m - memory: 64M diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml deleted file mode 100644 index f4e51a52..00000000 --- a/deploy/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./awx-operator.yaml diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml deleted file mode 100644 index 9708fe98..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,777 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: |- - [ - { - "apiVersion": "awx.ansible.com/v1beta1", - "kind": "AWX", - "metadata": { - "name": "example-awx", - "namespace": "example-awx" - }, - "spec": { - "deployment_type": "awx", - "ee_resource_requirements": { - "requests": { - "cpu": "200m", - "memory": "64M" - } - }, - "ingress_type": "ingress", - "service_account_annotations": "foo: bar\n", - "task_resource_requirements": { - "requests": { - "cpu": "500m", - "memory": "128M" - } - }, - "web_resource_requirements": { - "requests": { - "cpu": "500m", - "memory": "128M" - } - } - } - } - ] - capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v0.19.4 - operators.operatorframework.io/project_layout: ansible - name: awx-operator.v0.13.0 - namespace: placeholder -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - displayName: AWX Backup - kind: AWXBackup - name: awxbackups.awx.ansible.com - specDescriptors: - - displayName: Deployment name - path: deployment_name - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Backup persistent volume claim - path: backup_pvc - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Backup persistent volume claim namespace - path: backup_pvc_namespace - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Backup PVC storage requirements - path: backup_storage_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Backup PVC storage class - path: backup_storage_class - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:advanced - - displayName: Database backup label selector - path: postgres_label_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image - path: postgres_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image Version - path: postgres_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - statusDescriptors: - - description: The persistent volume claim name used during backup - displayName: Backup claim - path: backupClaim - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - description: The directory data is backed up to on the PVC - displayName: Backup directory - path: backupDirectory - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - version: v1beta1 - - displayName: AWX Restore - kind: AWXRestore - name: awxrestores.awx.ansible.com - specDescriptors: - - displayName: Backup source to restore ? - path: backup_source - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:select:CR - - urn:alm:descriptor:com.tectonic.ui:select:PVC - - displayName: Backup name - path: backup_name - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR - - displayName: Name of newly restored deployment - path: deployment_name - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Backup persistent volume claim - path: backup_pvc - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC - - displayName: Backup namespace - path: backup_pvc_namespace - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Backup directory in the persistent volume claim - path: backup_dir - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC - - displayName: Database restore label selector - path: postgres_label_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image - path: postgres_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image Version - path: postgres_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - statusDescriptors: - - description: The state of the restore - displayName: Restore status - path: restoreComplete - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - version: v1beta1 - - description: A AWX Instance - displayName: AWX - kind: AWX - name: awxs.awx.ansible.com - specDescriptors: - - displayName: Hostname - path: hostname - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Admin account username - path: admin_user - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Admin email address - path: admin_email - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Admin password secret - path: admin_password_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Database configuration secret - path: postgres_configuration_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Old Database configuration secret - path: old_postgres_configuration_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Secret key secret - path: secret_key_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Broadcast Websocket Secret - path: broadcast_websocket_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Service Account Annotations - path: service_account_annotations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Tower Service Type - path: service_type - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:ClusterIP - - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer - - urn:alm:descriptor:com.tectonic.ui:select:NodePort - - displayName: Tower Ingress Type - path: ingress_type - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:none - - urn:alm:descriptor:com.tectonic.ui:select:Ingress - - urn:alm:descriptor:com.tectonic.ui:select:Route - - displayName: Tower Ingress Annotations - path: ingress_annotations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress - - displayName: Tower Ingress TLS Secret - path: ingress_tls_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress - - displayName: Tower LoadBalancer Annotations - path: loadbalancer_annotations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - - displayName: Tower LoadBalancer Protocol - path: loadbalancer_protocol - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:http - - urn:alm:descriptor:com.tectonic.ui:select:https - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - - displayName: Tower LoadBalancer Port - path: loadbalancer_port - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:number - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - - displayName: Tower NodePort Port - path: nodeport_port - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:number - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:NodePort - - displayName: Route DNS host - path: route_host - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - - displayName: Route TLS termination mechanism - path: route_tls_termination_mechanism - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:Edge - - urn:alm:descriptor:com.tectonic.ui:select:Passthrough - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - - displayName: Route TLS credential secret - path: route_tls_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route - - displayName: Image Pull Policy - path: image_pull_policy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - displayName: Image Pull Secret - path: image_pull_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Web container resource requirements - path: web_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: Task container resource requirements - path: task_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: EE Control Plane container resource requirements - path: ee_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: PostgreSQL container resource requirements (when using a managed - instance) - path: postgres_resource_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: PostgreSQL container storage requirements (when using a managed - instance) - path: postgres_storage_requirements - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:resourceRequirements - - displayName: Replicas - path: replicas - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:number - - displayName: Remove used secrets on instance removal ? - path: garbage_collect_secrets - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - displayName: Preload instance with data upon creation ? - path: create_preload_data - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - displayName: Deploy the instance in development mode ? - path: development_mode - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Should the task container deployed with privileged level ? - path: task_privileged - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Deployment Type - path: deployment_type - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Deployment Kind - path: kind - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Deployment apiVersion - path: api_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Image - path: image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Image Version - path: image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Redis Image - path: redis_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Redis Image Version - path: redis_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image - path: postgres_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: PostgreSQL Image Version - path: postgres_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Selector - path: postgres_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Label Selector - path: postgres_label_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Tolerations - path: postgres_tolerations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Storage Class - path: postgres_storage_class - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Postgres Datapath - path: postgres_data_path - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Certificate Authorirty Trust Bundle - path: ca_trust_bundle - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: LDAP Certificate Authority Trust Bundle - path: ldap_cacert_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - displayName: Task Args - path: task_args - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Enable persistence for /var/lib/projects directory? - path: projects_persistence - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - - displayName: Use existing Persistent Claim? - path: projects_use_existing_claim - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:select:_Yes_ - - urn:alm:descriptor:com.tectonic.ui:select:_No_ - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true - - displayName: Projects Existing Persistent Claim - path: projects_existing_claim - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_ - - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim - - description: Projects Storage Class Name. If not present, the default storage - class will be used. - displayName: Projects Storage Class Name - path: projects_storage_class - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - - urn:alm:descriptor:com.tectonic.ui:text - - description: Projects Storage Size - displayName: Projects Storage Size - path: projects_storage_size - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - - urn:alm:descriptor:com.tectonic.ui:text - - description: Projects Storage Access Mode - displayName: Projects Storage Access Mode - path: projects_storage_access_mode - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Task Command - path: task_command - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Environment variables to be added to Task container - displayName: Task Extra Env - path: task_extra_env - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify volume mounts to be added to Execution container - displayName: EE Extra Volume Mounts - path: ee_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Registry path to the Execution Environment container to use - displayName: EE Images - path: ee_images - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Environment variables to be added to EE container - displayName: EE Extra Env - path: ee_extra_env - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Registry path to the Execution Environment container to use on - control plane pods - displayName: Control Plane EE Image - path: control_plane_ee_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: EE Images Pull Credentials Secret - displayName: EE Images Pull Credentials Secret - path: ee_pull_credentials_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - - description: Specify volume mounts to be added to Task container - displayName: Task Extra Volume Mounts - path: task_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Web Args - path: web_args - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Web Command - path: web_command - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Environment variables to be added to Web container - displayName: Web Extra Env - path: web_extra_env - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify volume mounts to be added to Web container - displayName: Web Extra Volume Mounts - path: web_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify extra volumes to add to the application pod - displayName: Extra Volumes - path: extra_volumes - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Node Selector - path: node_selector - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Service Labels - path: service_labels - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:text - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: Tolerations - path: tolerations - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - displayName: API Extra Settings - path: extra_settings - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Registry path to the init container to use - displayName: Init Container Image - path: init_container_image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Init container image version to use - displayName: Init Container Image Version - path: init_container_image_version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify Extra commands for the Init container - displayName: Init Container Extra Commands - path: init_container_extra_commands - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Specify volume mounts to be added to Init container - displayName: Init Container Extra Volume Mounts - path: init_container_extra_volume_mounts - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:com.tectonic.ui:hidden - - description: Secret where can be found the trusted Certificate Authority Bundle - path: bundle_cacert_secret - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:advanced - - urn:alm:descriptor:io.kubernetes:Secret - statusDescriptors: - - description: Route to access the instance deployed - displayName: URL - path: URL - x-descriptors: - - urn:alm:descriptor:org.w3:link - - description: Admin user for the instance deployed - displayName: Admin User - path: adminUser - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - description: Admin password for the instance deployed - displayName: Admin Password - path: adminPasswordSecret - x-descriptors: - - urn:alm:descriptor:io.kubernetes:Secret - - description: Version of the instance deployed - displayName: Version - path: version - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - - description: Image of the instance deployed - displayName: Image - path: image - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:text - version: v1beta1 - description: AWX operator - displayName: AWX - icon: - - base64data: "" - mediatype: "" - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - '*' - - apiGroups: - - "" - - rbac.authorization.k8s.io - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - '*' - - apiGroups: - - apps - - networking.k8s.io - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - - statefulsets/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - apiGroups: - - awx.ansible.com - resources: - - '*' - - awxbackups - - awxrestores - verbs: - - '*' - serviceAccountName: awx-operator - deployments: - - name: awx-operator - spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - strategy: {} - template: - metadata: - labels: - name: awx-operator - spec: - containers: - - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.annotations['olm.targetNamespaces'] - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - - name: OPERATOR_VERSION - value: 0.13.0 - - name: ANSIBLE_DEBUG_LOGS - value: "false" - image: quay.io/ansible/awx-operator:0.13.0 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - name: awx-operator - resources: {} - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - serviceAccountName: awx-operator - volumes: - - emptyDir: {} - name: runner - strategy: deployment - installModes: - - supported: true - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: false - type: AllNamespaces - keywords: - - awx - links: - - name: Awx Operator - url: https://github.com/ansible/awx-operator - maintainers: - - email: yguenane@redhat.com - name: Yanis Guenane - maturity: alpha - provider: - name: AWX Community - url: https://github.com/ansible/awx-operator - replaces: awx-operator.v0.12.0 - version: 0.13.0 diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml deleted file mode 100644 index 182e5532..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: awxbackups.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXBackup - listKind: AWXBackupList - plural: awxbackups - singular: awxbackup - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Schema validation for the AWXBackup CRD - properties: - spec: - properties: - backup_pvc: - description: Name of the PVC to be used for storing the backup - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_storage_class: - description: Storage class to use when creating PVC for backup - type: string - backup_storage_requirements: - description: Storage requirements for the PostgreSQL container - type: string - deployment_name: - description: Name of the deployment to be backed up - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing - up data - type: string - required: - - deployment_name - type: object - status: - properties: - backupClaim: - description: Backup persistent volume claim - type: string - backupDirectory: - description: Backup directory name on the specified pvc - type: string - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml deleted file mode 100644 index 9023d6d8..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: awxrestores.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXRestore - listKind: AWXRestoreList - plural: awxrestores - singular: awxrestore - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Schema validation for the AWXRestore CRD - properties: - spec: - properties: - backup_dir: - description: Backup directory name, set as a status found on the awxbackup - object (backupDirectory) - type: string - backup_name: - description: AWXBackup object name - type: string - backup_pvc: - description: Name of the PVC to be restored from, set as a status - found on the awxbackup object (backupClaim) - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_source: - description: Backup source - enum: - - CR - - PVC - type: string - deployment_name: - description: Name of the deployment to be restored to - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing - up data - type: string - type: object - status: - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - restoreComplete: - description: Restore process complete - type: boolean - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml deleted file mode 100644 index c1f1f58e..00000000 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ /dev/null @@ -1,463 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: Schema validation for the AWX CRD - properties: - spec: - properties: - admin_email: - description: The admin user email - type: string - admin_password_secret: - description: Secret where the admin password can be found - type: string - admin_user: - default: admin - description: Username to use for the admin account - type: string - api_version: - description: apiVersion of the deployment type - type: string - broadcast_websocket_secret: - description: Secret where the broadcast websocket secret can be found - type: string - bundle_cacert_secret: - description: Secret where can be found the trusted Certificate Authority - Bundle - type: string - ca_trust_bundle: - description: Path where the trusted CA bundle is available - type: string - control_plane_ee_image: - description: Registry path to the Execution Environment container - image to use on control plane pods - type: string - create_preload_data: - default: true - description: Whether or not to preload data upon instance creation - type: boolean - deployment_type: - description: Name of the deployment type - type: string - development_mode: - description: If the deployment should be done in development mode - type: boolean - ee_extra_env: - type: string - ee_extra_volume_mounts: - description: Specify volume mounts to be added to Execution container - type: string - ee_images: - description: Registry path to the Execution Environment container - to use - items: - properties: - image: - type: string - name: - type: string - type: object - type: array - ee_pull_credentials_secret: - description: Secret where pull credentials for registered ees can - be found - type: string - ee_resource_requirements: - description: Resource requirements for the ee container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - extra_settings: - description: Extra settings to specify for the API - items: - properties: - setting: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - extra_volumes: - description: Specify extra volumes to add to the application pod - type: string - garbage_collect_secrets: - default: false - description: Whether or not to remove secrets upon instance removal - type: boolean - hostname: - description: The hostname of the instance - type: string - image: - description: Registry path to the application container to use - type: string - image_pull_policy: - default: IfNotPresent - description: The image pull policy - enum: - - Always - - always - - Never - - never - - IfNotPresent - - ifnotpresent - type: string - image_pull_secret: - description: The image pull secret - type: string - image_version: - description: Application container image version to use - type: string - ingress_annotations: - description: Annotations to add to the Ingress Controller - type: string - ingress_path: - description: The ingress path used to reach the deployed service - type: string - ingress_tls_secret: - description: Secret where the Ingress TLS secret can be found - type: string - ingress_type: - description: The ingress type to use to reach the deployed instance - enum: - - none - - Ingress - - ingress - - Route - - route - type: string - init_container_extra_commands: - description: Extra commands for the init container - type: string - init_container_extra_volume_mounts: - description: Specify volume mounts to be added to the init container - type: string - init_container_image: - description: Registry path to the init container to use - type: string - init_container_image_version: - description: Init container image version to use - type: string - kind: - description: Kind of the deployment type - type: string - ldap_cacert_secret: - description: Secret where can be found the LDAP trusted Certificate - Authority Bundle - type: string - loadbalancer_annotations: - description: Annotations to add to the loadbalancer - type: string - loadbalancer_port: - default: 80 - description: Port to use for the loadbalancer - type: integer - loadbalancer_protocol: - default: http - description: Protocol to use for the loadbalancer - enum: - - http - - https - type: string - nodeport_port: - default: 30080 - description: Port to use for the nodeport - type: integer - node_selector: - description: nodeSelector for the pods - type: string - old_postgres_configuration_secret: - description: Secret where the old database configuration can be found - for data migration - type: string - postgres_configuration_secret: - description: Secret where the database configuration can be found - type: string - postgres_data_path: - description: Path where the PostgreSQL data are located - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for data - migration - type: string - postgres_resource_requirements: - description: Resource requirements for the PostgreSQL container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - type: object - type: object - postgres_selector: - description: nodeSelector for the Postgres pods - type: string - postgres_storage_class: - description: Storage class to use for the PostgreSQL PVC - type: string - postgres_storage_requirements: - description: Storage requirements for the PostgreSQL container - properties: - limits: - properties: - storage: - type: string - type: object - requests: - properties: - storage: - type: string - type: object - type: object - postgres_tolerations: - description: node tolerations for the Postgres pods - type: string - projects_existing_claim: - description: PersistentVolumeClaim to mount /var/lib/projects directory - type: string - projects_persistence: - default: false - description: Whether or not the /var/lib/projects directory will be - persistent - type: boolean - projects_storage_access_mode: - default: ReadWriteMany - description: AccessMode for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_class: - description: Storage class for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_size: - default: 8Gi - description: Size for the /var/lib/projects PersistentVolumeClaim - type: string - projects_use_existing_claim: - description: Using existing PersistentVolumeClaim - enum: - - _Yes_ - - _No_ - type: string - redis_image: - description: Registry path to the redis container to use - type: string - redis_image_version: - description: Redis container image version to use - type: string - replicas: - default: 1 - description: Number of instance replicas - format: int32 - type: integer - route_host: - description: The DNS to use to points to the instance - type: string - route_tls_secret: - description: Secret where the TLS related credentials are stored - type: string - route_tls_termination_mechanism: - default: Edge - description: The secure TLS termination mechanism to use - enum: - - Edge - - edge - - Passthrough - - passthrough - type: string - secret_key_secret: - description: Secret where the secret key can be found - type: string - service_account_annotations: - description: ServiceAccount annotations - type: string - service_labels: - description: Additional labels to apply to the service - type: string - service_type: - description: The service type to be used on the deployed instance - enum: - - LoadBalancer - - loadbalancer - - ClusterIP - - clusterip - - NodePort - - nodeport - type: string - task_args: - items: - type: string - type: array - task_command: - items: - type: string - type: array - task_extra_env: - type: string - task_extra_volume_mounts: - description: Specify volume mounts to be added to Task container - type: string - task_privileged: - default: false - description: If a privileged security context should be enabled - type: boolean - task_resource_requirements: - description: Resource requirements for the task container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - tolerations: - description: node tolerations for the pods - type: string - web_args: - items: - type: string - type: array - web_command: - items: - type: string - type: array - web_extra_env: - type: string - web_extra_volume_mounts: - description: Specify volume mounts to be added to the Web container - type: string - web_resource_requirements: - description: Resource requirements for the web container - properties: - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - type: object - status: - properties: - URL: - description: URL to access the deployed instance - type: string - adminPasswordSecret: - description: Admin password secret name of the deployed instance - type: string - adminUser: - description: Admin user of the deployed instance - type: string - broadcastWebsocketSecret: - description: Broadcast websocket secret name of the deployed instance - type: string - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - image: - description: URL of the image used for the deployed instance - type: string - migratedFromSecret: - description: The secret used for migrating an old instance. - type: string - postgresConfigurationSecret: - description: Postgres Configuration secret name of the deployed instance - type: string - secretKeySecret: - description: Secret key secret name of the deployed instance - type: string - version: - description: Version of the deployed instance - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/deploy/olm-catalog/awx-operator/metadata/annotations.yaml b/deploy/olm-catalog/awx-operator/metadata/annotations.yaml deleted file mode 100644 index 8322db21..00000000 --- a/deploy/olm-catalog/awx-operator/metadata/annotations.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - operators.operatorframework.io.bundle.channel.default.v1: alpha - operators.operatorframework.io.bundle.channels.v1: alpha - operators.operatorframework.io.bundle.manifests.v1: manifests/ - operators.operatorframework.io.bundle.mediatype.v1: registry+v1 - operators.operatorframework.io.bundle.metadata.v1: metadata/ - operators.operatorframework.io.bundle.package.v1: awx-operator - operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4 - operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 - operators.operatorframework.io.metrics.project_layout: ansible diff --git a/main.yml b/main.yml deleted file mode 100644 index 10af8495..00000000 --- a/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - gather_facts: no - roles: - - installer diff --git a/playbooks/.gitkeep b/playbooks/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/projects/.gitkeep b/projects/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/requirements.yml b/requirements.yml index 05dc4128..54173725 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,6 +1,6 @@ --- collections: - name: kubernetes.core - version: '==1.1.1' + version: '==1.2.1' - name: operator_sdk.util - version: '==0.1.0' + version: "0.2.0" diff --git a/watches.yaml b/watches.yaml index edb90f99..43a0a5c0 100644 --- a/watches.yaml +++ b/watches.yaml @@ -1,8 +1,9 @@ --- +# Use the 'create api' subcommand to add watches to this file. - version: v1beta1 group: awx.ansible.com kind: AWX - playbook: /opt/ansible/main.yml + role: installer - version: v1beta1 group: awx.ansible.com @@ -13,3 +14,4 @@ group: awx.ansible.com kind: AWXRestore role: restore +#+kubebuilder:scaffold:watch From e97def44296aec7f1fd29e3e228e0671b946b34f Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:16 -0400 Subject: [PATCH 02/22] meta -> ansible_operator_meta --- roles/backup/defaults/main.yml | 2 +- roles/backup/tasks/awx-cro.yml | 4 +- roles/backup/tasks/cleanup.yml | 2 +- roles/backup/tasks/dump_generated_secret.yml | 2 +- roles/backup/tasks/dump_secret.yml | 2 +- roles/backup/tasks/error_handling.yml | 2 +- roles/backup/tasks/init.yml | 6 +- roles/backup/tasks/main.yml | 16 +-- roles/backup/tasks/postgres.yml | 14 +-- roles/backup/tasks/secrets.yml | 2 +- roles/backup/tasks/update_status.yml | 4 +- roles/backup/templates/backup_pvc.yml.j2 | 4 +- roles/backup/templates/event.yml.j2 | 6 +- roles/backup/templates/management-pod.yml.j2 | 12 +- roles/installer/defaults/main.yml | 2 +- .../tasks/admin_password_configuration.yml | 10 +- .../broadcast_websocket_configuration.yml | 10 +- roles/installer/tasks/cleanup.yml | 10 +- .../tasks/database_configuration.yml | 28 ++--- roles/installer/tasks/initialize_django.yml | 34 +++--- .../tasks/load_bundle_cacert_secret.yml | 2 +- .../tasks/load_ldap_cacert_secret.yml | 2 +- .../installer/tasks/load_route_tls_secret.yml | 2 +- roles/installer/tasks/main.yml | 20 ++-- roles/installer/tasks/migrate_data.yml | 8 +- .../tasks/resources_configuration.yml | 12 +- .../installer/tasks/scale_down_deployment.yml | 8 +- .../tasks/secret_key_configuration.yml | 10 +- roles/installer/tasks/update_status.yml | 44 +++---- .../templates/admin_password_secret.yaml.j2 | 8 +- .../templates/app_credentials.yaml.j2 | 8 +- .../broadcast_websocket_secret.yaml.j2 | 8 +- roles/installer/templates/config.yaml.j2 | 8 +- roles/installer/templates/deployment.yaml.j2 | 108 +++++++++--------- roles/installer/templates/ingress.yaml.j2 | 20 ++-- roles/installer/templates/persistent.yaml.j2 | 8 +- roles/installer/templates/postgres.yaml.j2 | 28 ++--- .../templates/postgres_secret.yaml.j2 | 10 +- roles/installer/templates/secret_key.yaml.j2 | 8 +- roles/installer/templates/service.yaml.j2 | 18 ++- .../templates/service_account.yaml.j2 | 20 ++-- roles/restore/defaults/main.yml | 2 +- roles/restore/tasks/cleanup.yml | 4 +- roles/restore/tasks/deploy_awx.yml | 6 +- roles/restore/tasks/error_handling.yml | 2 +- roles/restore/tasks/init.yml | 6 +- roles/restore/tasks/main.yml | 16 +-- roles/restore/tasks/postgres.yml | 12 +- roles/restore/tasks/secrets.yml | 6 +- roles/restore/tasks/update_status.yml | 4 +- roles/restore/templates/awx_object.yml.j2 | 2 +- roles/restore/templates/event.yml.j2 | 6 +- roles/restore/templates/management-pod.yml.j2 | 12 +- roles/restore/templates/secrets.yml.j2 | 6 +- 54 files changed, 306 insertions(+), 310 deletions(-) diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index 3ad4c53a..8a609fd2 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -6,7 +6,7 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1' # Specify a pre-created PVC (name) to backup to backup_pvc: '' -backup_pvc_namespace: "{{ meta.namespace }}" +backup_pvc_namespace: "{{ ansible_operator_meta.namespace }}" # Size of backup PVC if created dynamically backup_storage_requirements: '' diff --git a/roles/backup/tasks/awx-cro.yml b/roles/backup/tasks/awx-cro.yml index d93838cc..cd9b9e03 100644 --- a/roles/backup/tasks/awx-cro.yml +++ b/roles/backup/tasks/awx-cro.yml @@ -4,7 +4,7 @@ k8s_info: version: v1beta1 kind: AWX - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ deployment_name }}' register: _awx_cro @@ -29,6 +29,6 @@ - name: Write awx object to pvc k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- bash -c 'echo "$0" > {{ backup_dir }}/awx_object' {{ awx_spec | to_yaml | quote }} diff --git a/roles/backup/tasks/cleanup.yml b/roles/backup/tasks/cleanup.yml index f91c8e6c..77172a54 100644 --- a/roles/backup/tasks/cleanup.yml +++ b/roles/backup/tasks/cleanup.yml @@ -2,7 +2,7 @@ - name: Delete any existing management pod k8s: - name: "{{ meta.name }}-db-management" + name: "{{ ansible_operator_meta.name }}-db-management" kind: Pod namespace: "{{ backup_pvc_namespace }}" state: absent diff --git a/roles/backup/tasks/dump_generated_secret.yml b/roles/backup/tasks/dump_generated_secret.yml index 6d262af1..71b3a425 100644 --- a/roles/backup/tasks/dump_generated_secret.yml +++ b/roles/backup/tasks/dump_generated_secret.yml @@ -22,7 +22,7 @@ k8s_info: version: v1 kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: "{{ _name }}" register: _secret no_log: true diff --git a/roles/backup/tasks/dump_secret.yml b/roles/backup/tasks/dump_secret.yml index 76f845d1..e927cac8 100644 --- a/roles/backup/tasks/dump_secret.yml +++ b/roles/backup/tasks/dump_secret.yml @@ -10,7 +10,7 @@ k8s_info: version: v1 kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: "{{ _name }}" register: _secret no_log: true diff --git a/roles/backup/tasks/error_handling.yml b/roles/backup/tasks/error_handling.yml index 1d41721d..679f1cea 100644 --- a/roles/backup/tasks/error_handling.yml +++ b/roles/backup/tasks/error_handling.yml @@ -7,5 +7,5 @@ - name: Emit ocp event with error k8s: kind: Event - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" template: "event.yml.j2" diff --git a/roles/backup/tasks/init.yml b/roles/backup/tasks/init.yml index 08d69451..2806a401 100644 --- a/roles/backup/tasks/init.yml +++ b/roles/backup/tasks/init.yml @@ -2,7 +2,7 @@ - name: Delete any existing management pod k8s: - name: "{{ meta.name }}-db-management" + name: "{{ ansible_operator_meta.name }}-db-management" kind: Pod namespace: "{{ backup_pvc_namespace }}" state: absent @@ -65,7 +65,7 @@ - name: Create management pod from templated deployment config k8s: - name: "{{ meta.name }}-db-management" + name: "{{ ansible_operator_meta.name }}-db-management" kind: Deployment state: present template: "management-pod.yml.j2" @@ -76,5 +76,5 @@ api_version: "{{ api_version }}" kind: "AWX" name: "{{ deployment_name }}" - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" register: this_awx diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index 502450e3..b2573929 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -5,14 +5,14 @@ definition: apiVersion: '{{ api_version }}' kind: '{{ kind }}' - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -21,8 +21,8 @@ k8s_info: api_version: "{{ api_version }}" kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" register: this_backup - block: diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml index 28dac9b6..9cfbff96 100644 --- a/roles/backup/tasks/postgres.yml +++ b/roles/backup/tasks/postgres.yml @@ -3,7 +3,7 @@ - name: Get PostgreSQL configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: "{{ this_awx['resources'][0]['status']['postgresConfigurationSecret'] }}" register: pg_config no_log: true @@ -32,7 +32,7 @@ - name: Get the postgres pod information k8s_info: kind: Pod - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' label_selectors: - "{{ postgres_label_selector }}" register: postgres_pod @@ -58,27 +58,27 @@ - name: Create directory for backup k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- mkdir -p {{ backup_dir }} - name: Precreate file for database dump k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- touch {{ backup_dir }}/tower.db - name: Set permissions on file for database dump k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- bash -c "chmod 0600 {{ backup_dir }}/tower.db && chown postgres:root {{ backup_dir }}/tower.db" - name: Set full resolvable host name for postgres pod set_fact: - resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # noqa 204 + resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # noqa 204 no_log: true - name: Set pg_dump command @@ -95,7 +95,7 @@ - name: Write pg_dump to backup on PVC k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: | bash -c """ set -e -o pipefail diff --git a/roles/backup/tasks/secrets.yml b/roles/backup/tasks/secrets.yml index e45d1ef8..e17083ca 100644 --- a/roles/backup/tasks/secrets.yml +++ b/roles/backup/tasks/secrets.yml @@ -32,7 +32,7 @@ - name: Write postgres configuration to pvc k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml" no_log: true diff --git a/roles/backup/tasks/update_status.yml b/roles/backup/tasks/update_status.yml index d134e95a..8130a85d 100644 --- a/roles/backup/tasks/update_status.yml +++ b/roles/backup/tasks/update_status.yml @@ -5,8 +5,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: backupDirectory: "{{ backup_dir }}" backupClaim: "{{ backup_claim }}" diff --git a/roles/backup/templates/backup_pvc.yml.j2 b/roles/backup/templates/backup_pvc.yml.j2 index bc3e9298..f5960f05 100644 --- a/roles/backup/templates/backup_pvc.yml.j2 +++ b/roles/backup/templates/backup_pvc.yml.j2 @@ -6,8 +6,8 @@ metadata: namespace: {{ backup_pvc_namespace }} ownerReferences: null labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/backup/templates/event.yml.j2 b/roles/backup/templates/event.yml.j2 index ead6aea4..5c6fd599 100644 --- a/roles/backup/templates/event.yml.j2 +++ b/roles/backup/templates/event.yml.j2 @@ -3,12 +3,12 @@ apiVersion: v1 kind: Event metadata: name: backup-error.{{ now }} - namespace: {{ meta.namespace }} + namespace: {{ ansible_operator_meta.namespace }} involvedObject: apiVersion: awx.ansible.com/v1beta1 kind: {{ kind }} - name: {{ meta.name }} - namespace: {{ meta.namespace }} + name: {{ ansible_operator_meta.name }} + namespace: {{ ansible_operator_meta.namespace }} message: {{ error_msg }} reason: BackupFailed type: Warning diff --git a/roles/backup/templates/management-pod.yml.j2 b/roles/backup/templates/management-pod.yml.j2 index 17711a84..b79fe8f4 100644 --- a/roles/backup/templates/management-pod.yml.j2 +++ b/roles/backup/templates/management-pod.yml.j2 @@ -2,26 +2,26 @@ apiVersion: v1 kind: Pod metadata: - name: {{ meta.name }}-db-management + name: {{ ansible_operator_meta.name }}-db-management namespace: {{ backup_pvc_namespace }} labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' spec: containers: - - name: {{ meta.name }}-db-management + - name: {{ ansible_operator_meta.name }}-db-management image: "{{ postgres_image }}:{{ postgres_image_version }}" imagePullPolicy: Always command: ["sleep", "infinity"] volumeMounts: - - name: {{ meta.name }}-backup + - name: {{ ansible_operator_meta.name }}-backup mountPath: /backups readOnly: false volumes: - - name: {{ meta.name }}-backup + - name: {{ ansible_operator_meta.name }}-backup persistentVolumeClaim: claimName: {{ backup_claim }} readOnly: false diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index a87ed186..337145d1 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -53,7 +53,7 @@ route_tls_secret: '' # route_host: '' -hostname: '{{ meta.name }}.example.com' +hostname: '{{ ansible_operator_meta.name }}.example.com' # Add a nodeSelector for the AWX pods. It must match a node's labels for the pod # to be scheduled on that node. Specify as literal block. E.g.: diff --git a/roles/installer/tasks/admin_password_configuration.yml b/roles/installer/tasks/admin_password_configuration.yml index c38300a2..551f68f3 100644 --- a/roles/installer/tasks/admin_password_configuration.yml +++ b/roles/installer/tasks/admin_password_configuration.yml @@ -2,7 +2,7 @@ - name: Check for specified admin password configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ admin_password_secret }}' register: _custom_admin_password no_log: true @@ -11,8 +11,8 @@ - name: Check for default admin password configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-admin-password' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-admin-password' register: _default_admin_password no_log: true @@ -31,8 +31,8 @@ - name: Read admin password secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-admin-password' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-admin-password' register: _generated_admin_password no_log: true diff --git a/roles/installer/tasks/broadcast_websocket_configuration.yml b/roles/installer/tasks/broadcast_websocket_configuration.yml index d40f1cc5..b417aed0 100644 --- a/roles/installer/tasks/broadcast_websocket_configuration.yml +++ b/roles/installer/tasks/broadcast_websocket_configuration.yml @@ -2,7 +2,7 @@ - name: Check for specified broadcast websocket secret configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ broadcast_websocket_secret }}' register: _custom_broadcast_websocket no_log: true @@ -11,8 +11,8 @@ - name: Check for default broadcast websocket secret configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-broadcast-websocket' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-broadcast-websocket' register: _default_broadcast_websocket no_log: true @@ -32,8 +32,8 @@ - name: Read broadcast websocket secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-broadcast-websocket' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-broadcast-websocket' register: _generated_broadcast_websocket no_log: true diff --git a/roles/installer/tasks/cleanup.yml b/roles/installer/tasks/cleanup.yml index 7fb5084a..2efaf8ea 100644 --- a/roles/installer/tasks/cleanup.yml +++ b/roles/installer/tasks/cleanup.yml @@ -2,12 +2,12 @@ - block: - name: Define secrets name set_fact: - _admin_password: '{{ admin_password_secret | length | ternary(admin_password_secret, meta.name + "-admin-password") }}' - _secret_key: '{{ secret_key_secret | length | ternary(secret_key_secret, meta.name + "-secret-key") }}' + _admin_password: '{{ admin_password_secret | length | ternary(admin_password_secret, ansible_operator_meta.name + "-admin-password") }}' + _secret_key: '{{ secret_key_secret | length | ternary(secret_key_secret, ansible_operator_meta.name + "-secret-key") }}' # yamllint disable-line rule:line-length - _broadcast_websocket_secret: '{{ broadcast_websocket_secret | length | ternary(broadcast_websocket_secret, meta.name + "-broadcast-websocket") }}' # noqa 204 + _broadcast_websocket_secret: '{{ broadcast_websocket_secret | length | ternary(broadcast_websocket_secret, ansible_operator_meta.name + "-broadcast-websocket") }}' # noqa 204 # yamllint disable-line rule:line-length - _postgres_configuration: '{{ postgres_configuration_secret | length | ternary(postgres_configuration_secret, meta.name + "-postgres-configuration") }}' # noqa 204 + _postgres_configuration: '{{ postgres_configuration_secret | length | ternary(postgres_configuration_secret, ansible_operator_meta.name + "-postgres-configuration") }}' # noqa 204 - name: Remove ownerReferences reference k8s: @@ -16,7 +16,7 @@ kind: Secret metadata: name: '{{ item }}' - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' ownerReferences: null loop: - '{{ _admin_password }}' diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml index 2e99be55..0e4abac9 100644 --- a/roles/installer/tasks/database_configuration.yml +++ b/roles/installer/tasks/database_configuration.yml @@ -2,7 +2,7 @@ - name: Check for specified PostgreSQL configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ postgres_configuration_secret }}' register: _custom_pg_config_resources when: postgres_configuration_secret | length @@ -11,15 +11,15 @@ - name: Check for default PostgreSQL configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-postgres-configuration' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-postgres-configuration' register: _default_pg_config_resources no_log: true - name: Check for specified old PostgreSQL configuration secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ old_postgres_configuration_secret }}' register: _custom_old_pg_config_resources when: old_postgres_configuration_secret | length @@ -28,8 +28,8 @@ - name: Check for default old PostgreSQL configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-old-postgres-configuration' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-old-postgres-configuration' register: _default_old_pg_config_resources no_log: true @@ -62,8 +62,8 @@ - name: Read Database Configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-postgres-configuration' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-postgres-configuration' register: _generated_pg_config_resources no_log: true when: not _pg_config['resources'] | default([]) | length @@ -92,8 +92,8 @@ kubernetes.core.k8s_scale: api_version: apps/v1 kind: StatefulSet - name: "{{ meta.name }}-postgres" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}-postgres" + namespace: "{{ ansible_operator_meta.namespace }}" replicas: 0 wait: yes @@ -102,8 +102,8 @@ state: absent api_version: apps/v1 kind: StatefulSet - name: "{{ meta.name }}-postgres" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}-postgres" + namespace: "{{ ansible_operator_meta.namespace }}" wait: yes when: create_statefulset_result.error == 422 @@ -127,8 +127,8 @@ k8s_info: api_version: "{{ api_version }}" kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" register: this_awx - name: Migrate data from old Openshift instance diff --git a/roles/installer/tasks/initialize_django.yml b/roles/installer/tasks/initialize_django.yml index 924e77b0..2de9ffa0 100644 --- a/roles/installer/tasks/initialize_django.yml +++ b/roles/installer/tasks/initialize_django.yml @@ -1,9 +1,9 @@ --- - name: Check if there are any super users defined. k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count(); @@ -15,9 +15,9 @@ - name: Update super user password via Django if it does exist (same password is a noop) k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage update_password --username '{{ admin_user }}' --password '{{ admin_password }}'" register: update_pw_result @@ -27,9 +27,9 @@ - name: Create super user via Django if it doesn't exist. k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "echo \"from django.contrib.auth.models import User; User.objects.create_superuser('{{ admin_user }}', '{{ admin_email }}', '{{ admin_password }}')\" @@ -39,9 +39,9 @@ - name: Create preload data if necessary. # noqa 305 k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage create_preload_data" register: cdo @@ -50,9 +50,9 @@ - name: Check if legacy queue is present k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'" register: legacy_queue @@ -60,9 +60,9 @@ - name: Unregister legacy queue k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage unregister_queue --queuename=tower" when: "'[tower capacity=' in legacy_queue.stdout" @@ -70,7 +70,7 @@ - name: Check for specified default execution environment pull credentials k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ ee_pull_credentials_secret }}' register: _custom_execution_environments_pull_credentials when: ee_pull_credentials_secret | length @@ -84,9 +84,9 @@ - name: Register default execution environments (without authentication) k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage register_default_execution_environments" register: ree @@ -105,9 +105,9 @@ - name: Register default execution environments (with authentication) k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage register_default_execution_environments --registry-username='{{ default_execution_environment_pull_credentials_user }}' diff --git a/roles/installer/tasks/load_bundle_cacert_secret.yml b/roles/installer/tasks/load_bundle_cacert_secret.yml index d1803d00..96d46f2d 100644 --- a/roles/installer/tasks/load_bundle_cacert_secret.yml +++ b/roles/installer/tasks/load_bundle_cacert_secret.yml @@ -2,7 +2,7 @@ - name: Retrieve bundle Certificate Authority Secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ bundle_cacert_secret }}' register: bundle_cacert no_log: true diff --git a/roles/installer/tasks/load_ldap_cacert_secret.yml b/roles/installer/tasks/load_ldap_cacert_secret.yml index c1ff67c3..a384cfd6 100644 --- a/roles/installer/tasks/load_ldap_cacert_secret.yml +++ b/roles/installer/tasks/load_ldap_cacert_secret.yml @@ -2,7 +2,7 @@ - name: Retrieve LDAP CA Certificate Secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ ldap_cacert_secret }}' register: ldap_cacert no_log: true diff --git a/roles/installer/tasks/load_route_tls_secret.yml b/roles/installer/tasks/load_route_tls_secret.yml index 0abc1371..912c12e6 100644 --- a/roles/installer/tasks/load_route_tls_secret.yml +++ b/roles/installer/tasks/load_route_tls_secret.yml @@ -2,7 +2,7 @@ - name: Retrieve Route TLS Secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ route_tls_secret }}' register: route_tls no_log: true diff --git a/roles/installer/tasks/main.yml b/roles/installer/tasks/main.yml index b072e255..3b2e3895 100644 --- a/roles/installer/tasks/main.yml +++ b/roles/installer/tasks/main.yml @@ -5,14 +5,14 @@ definition: apiVersion: '{{ api_version }}' kind: '{{ kind }}' - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -50,9 +50,9 @@ - name: Check for pending migrations k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l" changed_when: false @@ -60,9 +60,9 @@ - name: Migrate the database if the K8s resources were updated. # noqa 305 k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage migrate --noinput" register: migrate_result diff --git a/roles/installer/tasks/migrate_data.yml b/roles/installer/tasks/migrate_data.yml index 735002d0..d8db0fcd 100644 --- a/roles/installer/tasks/migrate_data.yml +++ b/roles/installer/tasks/migrate_data.yml @@ -15,14 +15,14 @@ - name: Default label selector to custom resource generated postgres set_fact: - postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ meta.name }}" + postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ ansible_operator_meta.name }}" when: postgres_label_selector is not defined - name: Get the postgres pod information k8s_info: kind: Pod - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-postgres-0' # using name to keep compatibility + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-postgres-0' # using name to keep compatibility field_selectors: - status.phase=Running register: postgres_pod @@ -60,7 +60,7 @@ - name: Stream backup from pg_dump to the new postgresql container k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ postgres_pod_name }}" command: | bash -c """ diff --git a/roles/installer/tasks/resources_configuration.yml b/roles/installer/tasks/resources_configuration.yml index 778646ed..a578b5ef 100644 --- a/roles/installer/tasks/resources_configuration.yml +++ b/roles/installer/tasks/resources_configuration.yml @@ -4,9 +4,9 @@ k8s_info: api_version: v1 kind: Pod - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' label_selectors: - - "app.kubernetes.io/name={{ meta.name }}" + - "app.kubernetes.io/name={{ ansible_operator_meta.name }}" - "app.kubernetes.io/managed-by={{ deployment_type }}-operator" - "app.kubernetes.io/component={{ deployment_type }}" field_selectors: @@ -30,7 +30,7 @@ - 'persistent' - 'service' - 'ingress' - no_log: true + # no_log: true - name: Apply deployment resources k8s: @@ -45,7 +45,7 @@ api_version: v1 state: absent kind: Pod - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ tower_pod_name }}' wait: yes when: @@ -55,9 +55,9 @@ - name: Get the new resource pod information after updating resource. k8s_info: kind: Pod - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' label_selectors: - - "app.kubernetes.io/name={{ meta.name }}" + - "app.kubernetes.io/name={{ ansible_operator_meta.name }}" - "app.kubernetes.io/managed-by={{ deployment_type }}-operator" - "app.kubernetes.io/component={{ deployment_type }}" field_selectors: diff --git a/roles/installer/tasks/scale_down_deployment.yml b/roles/installer/tasks/scale_down_deployment.yml index 83a3a304..91182610 100644 --- a/roles/installer/tasks/scale_down_deployment.yml +++ b/roles/installer/tasks/scale_down_deployment.yml @@ -4,16 +4,16 @@ k8s_info: api_version: v1 kind: Deployment - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" register: tower_deployment - name: Scale down Deployment for migration kubernetes.core.k8s_scale: api_version: v1 kind: Deployment - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" replicas: 0 wait: yes when: tower_deployment['resources'] | length diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml index 593f3a21..96a6fa37 100644 --- a/roles/installer/tasks/secret_key_configuration.yml +++ b/roles/installer/tasks/secret_key_configuration.yml @@ -2,7 +2,7 @@ - name: Check for specified secret key configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ secret_key_secret }}' register: _custom_secret_key no_log: true @@ -11,8 +11,8 @@ - name: Check for default secret key configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-secret-key' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-secret-key' register: _default_secret_key no_log: true @@ -31,8 +31,8 @@ - name: Read secret key secret k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}-secret-key' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-secret-key' register: _generated_secret_key no_log: true diff --git a/roles/installer/tasks/update_status.yml b/roles/installer/tasks/update_status.yml index fd6f3cdc..92d7f953 100644 --- a/roles/installer/tasks/update_status.yml +++ b/roles/installer/tasks/update_status.yml @@ -3,8 +3,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: adminPasswordSecret: "{{ __admin_password_secret['resources'][0]['metadata']['name'] }}" @@ -12,8 +12,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: adminUser: "{{ admin_user }}" @@ -21,8 +21,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: postgresConfigurationSecret: "{{ pg_config['resources'][0]['metadata']['name'] }}" @@ -30,8 +30,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: broadcastWebsocketSecret: "{{ __broadcast_websocket_secret['resources'][0]['metadata']['name'] }}" @@ -39,16 +39,16 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: secretKeySecret: "{{ secret_key_secret_name }}" - name: Retrieve instance version k8s_exec: - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" pod: "{{ tower_pod_name }}" - container: "{{ meta.name }}-task" + container: "{{ ansible_operator_meta.name }}-task" command: >- bash -c "awx-manage --version" register: instance_version @@ -58,8 +58,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: version: "{{ instance_version.stdout | trim }}" @@ -67,8 +67,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: image: "{{ image }}" @@ -77,16 +77,16 @@ k8s_info: api_version: 'route.openshift.io/v1' kind: Route - namespace: '{{ meta.namespace }}' - name: '{{ meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' register: route_url - name: Update URL status operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: URL: "https://{{ route_url['resources'][0]['status']['ingress'][0]['host'] }}" @@ -96,8 +96,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: migratedFromSecret: "{{ tower_migrated_from_secret }}" when: tower_migrated_from_secret is defined diff --git a/roles/installer/templates/admin_password_secret.yaml.j2 b/roles/installer/templates/admin_password_secret.yaml.j2 index 2b93390d..693c5d22 100644 --- a/roles/installer/templates/admin_password_secret.yaml.j2 +++ b/roles/installer/templates/admin_password_secret.yaml.j2 @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-admin-password' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-admin-password' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/installer/templates/app_credentials.yaml.j2 b/roles/installer/templates/app_credentials.yaml.j2 index 56052173..9776b879 100644 --- a/roles/installer/templates/app_credentials.yaml.j2 +++ b/roles/installer/templates/app_credentials.yaml.j2 @@ -3,11 +3,11 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-app-credentials' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-app-credentials' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/installer/templates/broadcast_websocket_secret.yaml.j2 b/roles/installer/templates/broadcast_websocket_secret.yaml.j2 index 852f8cb8..724f6f75 100644 --- a/roles/installer/templates/broadcast_websocket_secret.yaml.j2 +++ b/roles/installer/templates/broadcast_websocket_secret.yaml.j2 @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-broadcast-websocket' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-broadcast-websocket' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/installer/templates/config.yaml.j2 b/roles/installer/templates/config.yaml.j2 index fb493311..903994d1 100644 --- a/roles/installer/templates/config.yaml.j2 +++ b/roles/installer/templates/config.yaml.j2 @@ -3,11 +3,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: '{{ meta.name }}-{{ deployment_type }}-configmap' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/installer/templates/deployment.yaml.j2 b/roles/installer/templates/deployment.yaml.j2 index 3c27418a..667c6e40 100644 --- a/roles/installer/templates/deployment.yaml.j2 +++ b/roles/installer/templates/deployment.yaml.j2 @@ -3,12 +3,12 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' app.kubernetes.io/version: '{{ image_version }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -16,19 +16,19 @@ spec: replicas: {{ replicas }} selector: matchLabels: - app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' template: metadata: labels: - app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' app.kubernetes.io/version: '{{ image_version }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' spec: - serviceAccountName: '{{ meta.name }}' + serviceAccountName: '{{ ansible_operator_meta.name }}' {% if image_pull_secret %} imagePullSecrets: - name: {{ image_pull_secret }} @@ -57,13 +57,13 @@ spec: {% if bundle_ca_crt %} - name: "ca-trust-extracted" mountPath: "/etc/pki/ca-trust/extracted" - - name: "{{ meta.name }}-bundle-cacert" + - name: "{{ ansible_operator_meta.name }}-bundle-cacert" mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt subPath: bundle-ca.crt readOnly: true {% endif %} {% if projects_persistence|bool %} - - name: "{{ meta.name }}-projects" + - name: "{{ ansible_operator_meta.name }}-projects" mountPath: "/var/lib/awx/projects" {% endif %} {% if init_container_extra_volume_mounts -%} @@ -76,16 +76,16 @@ spec: name: redis args: ["redis-server", "/etc/redis.conf"] volumeMounts: - - name: {{ meta.name }}-redis-config + - name: {{ ansible_operator_meta.name }}-redis-config mountPath: "/etc/redis.conf" subPath: redis.conf readOnly: true - - name: {{ meta.name }}-redis-socket + - name: {{ ansible_operator_meta.name }}-redis-socket mountPath: "/var/run/redis" - - name: "{{ meta.name }}-redis-data" + - name: "{{ ansible_operator_meta.name }}-redis-data" mountPath: "/data" - image: '{{ image }}:{{ image_version }}' - name: '{{ meta.name }}-web' + name: '{{ ansible_operator_meta.name }}-web' {% if web_command %} command: {{ web_command }} {% endif %} @@ -102,30 +102,30 @@ spec: {% if bundle_ca_crt %} - name: "ca-trust-extracted" mountPath: "/etc/pki/ca-trust/extracted" - - name: "{{ meta.name }}-bundle-cacert" + - name: "{{ ansible_operator_meta.name }}-bundle-cacert" mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt subPath: bundle-ca.crt readOnly: true {% endif %} - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" mountPath: "/etc/tower/conf.d/execution_environments.py" subPath: execution_environments.py readOnly: true - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" mountPath: "/etc/tower/conf.d/credentials.py" subPath: credentials.py readOnly: true - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" mountPath: "/etc/tower/conf.d/ldap.py" subPath: ldap.py readOnly: true {% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %} - - name: "{{ meta.name }}-nginx-certs" + - name: "{{ ansible_operator_meta.name }}-nginx-certs" mountPath: "/etc/nginx/pki" readOnly: true {% endif %} {% if ldap_cacert_ca_crt %} - - name: "{{ meta.name }}-ldap-cacert" + - name: "{{ ansible_operator_meta.name }}-ldap-cacert" mountPath: /etc/openldap/certs/ldap-ca.crt subPath: ldap-ca.crt readOnly: true @@ -134,15 +134,15 @@ spec: mountPath: /etc/tower/SECRET_KEY subPath: SECRET_KEY readOnly: true - - name: {{ meta.name }}-settings + - name: {{ ansible_operator_meta.name }}-settings mountPath: /etc/tower/settings.py subPath: settings.py readOnly: true - - name: {{ meta.name }}-nginx-conf + - name: {{ ansible_operator_meta.name }}-nginx-conf mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true - - name: {{ meta.name }}-redis-socket + - name: {{ ansible_operator_meta.name }}-redis-socket mountPath: "/var/run/redis" - name: supervisor-socket mountPath: "/var/run/supervisor" @@ -150,7 +150,7 @@ spec: mountPath: "/var/run/awx-rsyslog" - name: rsyslog-dir mountPath: "/var/lib/awx/rsyslog" - - name: "{{ meta.name }}-projects" + - name: "{{ ansible_operator_meta.name }}-projects" mountPath: "/var/lib/awx/projects" {% if development_mode | bool %} - name: awx-devel @@ -173,7 +173,7 @@ spec: {% endif %} resources: {{ web_resource_requirements }} - image: '{{ image }}:{{ image_version }}' - name: '{{ meta.name }}-task' + name: '{{ ansible_operator_meta.name }}-task' imagePullPolicy: '{{ image_pull_policy }}' {% if task_privileged == true %} securityContext: @@ -189,20 +189,20 @@ spec: {% if bundle_ca_crt %} - name: "ca-trust-extracted" mountPath: "/etc/pki/ca-trust/extracted" - - name: "{{ meta.name }}-bundle-cacert" + - name: "{{ ansible_operator_meta.name }}-bundle-cacert" mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt subPath: bundle-ca.crt readOnly: true {% endif %} - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" mountPath: "/etc/tower/conf.d/execution_environments.py" subPath: execution_environments.py readOnly: true - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" mountPath: "/etc/tower/conf.d/credentials.py" subPath: credentials.py readOnly: true - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" mountPath: "/etc/tower/conf.d/ldap.py" subPath: ldap.py readOnly: true @@ -210,11 +210,11 @@ spec: mountPath: /etc/tower/SECRET_KEY subPath: SECRET_KEY readOnly: true - - name: {{ meta.name }}-settings + - name: {{ ansible_operator_meta.name }}-settings mountPath: /etc/tower/settings.py subPath: settings.py readOnly: true - - name: {{ meta.name }}-redis-socket + - name: {{ ansible_operator_meta.name }}-redis-socket mountPath: "/var/run/redis" - name: supervisor-socket mountPath: "/var/run/supervisor" @@ -222,13 +222,13 @@ spec: mountPath: "/var/run/awx-rsyslog" - name: rsyslog-dir mountPath: "/var/lib/awx/rsyslog" - - name: "{{ meta.name }}-receptor-config" + - name: "{{ ansible_operator_meta.name }}-receptor-config" mountPath: "/etc/receptor/receptor.conf" subPath: receptor.conf readOnly: true - name: receptor-socket mountPath: "/var/run/receptor" - - name: "{{ meta.name }}-projects" + - name: "{{ ansible_operator_meta.name }}-projects" mountPath: "/var/lib/awx/projects" {% if development_mode | bool %} - name: awx-devel @@ -263,7 +263,7 @@ spec: {% endif %} resources: {{ task_resource_requirements }} - image: '{{ control_plane_ee_image }}' - name: '{{ meta.name }}-ee' + name: '{{ ansible_operator_meta.name }}-ee' imagePullPolicy: '{{ image_pull_policy }}' resources: {{ ee_resource_requirements }} args: ['receptor', '--config', '/etc/receptor/receptor.conf'] @@ -271,18 +271,18 @@ spec: {% if bundle_ca_crt %} - name: "ca-trust-extracted" mountPath: "/etc/pki/ca-trust/extracted" - - name: "{{ meta.name }}-bundle-cacert" + - name: "{{ ansible_operator_meta.name }}-bundle-cacert" mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt subPath: bundle-ca.crt readOnly: true {% endif %} - - name: "{{ meta.name }}-receptor-config" + - name: "{{ ansible_operator_meta.name }}-receptor-config" mountPath: "/etc/receptor/receptor.conf" subPath: receptor.conf readOnly: true - name: receptor-socket mountPath: "/var/run/receptor" - - name: "{{ meta.name }}-projects" + - name: "{{ ansible_operator_meta.name }}-projects" mountPath: "/var/lib/awx/projects" {% if ee_extra_volume_mounts -%} {{ ee_extra_volume_mounts | indent(width=12, indentfirst=True) }} @@ -313,7 +313,7 @@ spec: {% if bundle_ca_crt %} - name: "ca-trust-extracted" emptyDir: {} - - name: "{{ meta.name }}-bundle-cacert" + - name: "{{ ansible_operator_meta.name }}-bundle-cacert" secret: secretName: "{{ bundle_cacert_secret }}" items: @@ -321,7 +321,7 @@ spec: path: 'bundle-ca.crt' {% endif %} {% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %} - - name: "{{ meta.name }}-nginx-certs" + - name: "{{ ansible_operator_meta.name }}-nginx-certs" secret: secretName: "{{ route_tls_secret }}" items: @@ -331,16 +331,16 @@ spec: path: 'web.crt' {% endif %} {% if ldap_cacert_ca_crt %} - - name: "{{ meta.name }}-ldap-cacert" + - name: "{{ ansible_operator_meta.name }}-ldap-cacert" secret: secretName: "{{ ldap_cacert_secret }}" items: - key: ldap-ca.crt path: 'ldap-ca.crt' {% endif %} - - name: "{{ meta.name }}-application-credentials" + - name: "{{ ansible_operator_meta.name }}-application-credentials" secret: - secretName: "{{ meta.name }}-app-credentials" + secretName: "{{ ansible_operator_meta.name }}-app-credentials" items: - key: credentials.py path: 'credentials.py' @@ -354,27 +354,27 @@ spec: items: - key: secret_key path: SECRET_KEY - - name: {{ meta.name }}-settings + - name: {{ ansible_operator_meta.name }}-settings configMap: - name: '{{ meta.name }}-{{ deployment_type }}-configmap' + name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' items: - key: settings path: settings.py - - name: {{ meta.name }}-nginx-conf + - name: {{ ansible_operator_meta.name }}-nginx-conf configMap: - name: '{{ meta.name }}-{{ deployment_type }}-configmap' + name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' items: - key: nginx_conf path: nginx.conf - - name: {{ meta.name }}-redis-config + - name: {{ ansible_operator_meta.name }}-redis-config configMap: - name: {{ meta.name }}-{{ deployment_type }}-configmap + name: {{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap items: - key: redis_conf path: redis.conf - - name: {{ meta.name }}-redis-socket + - name: {{ ansible_operator_meta.name }}-redis-socket emptyDir: {} - - name: {{ meta.name }}-redis-data + - name: {{ ansible_operator_meta.name }}-redis-data emptyDir: {} - name: supervisor-socket emptyDir: {} @@ -384,19 +384,19 @@ spec: emptyDir: {} - name: rsyslog-dir emptyDir: {} - - name: {{ meta.name }}-receptor-config + - name: {{ ansible_operator_meta.name }}-receptor-config configMap: - name: '{{ meta.name }}-{{ deployment_type }}-configmap' + name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap' items: - key: receptor_conf path: receptor.conf - - name: "{{ meta.name }}-projects" + - name: "{{ ansible_operator_meta.name }}-projects" {% if projects_persistence|bool %} persistentVolumeClaim: {% if projects_existing_claim %} claimName: {{ projects_existing_claim }} {% else %} - claimName: '{{ meta.name }}-projects-claim' + claimName: '{{ ansible_operator_meta.name }}-projects-claim' {% endif %} {% else %} emptyDir: {} diff --git a/roles/installer/templates/ingress.yaml.j2 b/roles/installer/templates/ingress.yaml.j2 index f4f8ee93..f03b2af4 100644 --- a/roles/installer/templates/ingress.yaml.j2 +++ b/roles/installer/templates/ingress.yaml.j2 @@ -3,11 +3,11 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: '{{ meta.name }}-ingress' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-ingress' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -24,7 +24,7 @@ spec: pathType: Prefix backend: service: - name: '{{ meta.name }}-service' + name: '{{ ansible_operator_meta.name }}-service' port: number: 80 {% if ingress_tls_secret %} @@ -40,11 +40,11 @@ spec: apiVersion: route.openshift.io/v1 kind: Route metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -69,7 +69,7 @@ spec: {% endif %} to: kind: Service - name: {{ meta.name }}-service + name: {{ ansible_operator_meta.name }}-service weight: 100 wildcardPolicy: None {% endif %} diff --git a/roles/installer/templates/persistent.yaml.j2 b/roles/installer/templates/persistent.yaml.j2 index c24efc6f..b1ad19df 100644 --- a/roles/installer/templates/persistent.yaml.j2 +++ b/roles/installer/templates/persistent.yaml.j2 @@ -2,11 +2,11 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: '{{ meta.name }}-projects-claim' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-projects-claim' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/installer/templates/postgres.yaml.j2 b/roles/installer/templates/postgres.yaml.j2 index d17ee12a..f9d67fba 100644 --- a/roles/installer/templates/postgres.yaml.j2 +++ b/roles/installer/templates/postgres.yaml.j2 @@ -3,13 +3,13 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: '{{ meta.name }}-postgres' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-postgres' + namespace: '{{ ansible_operator_meta.namespace }}' labels: app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ meta.name }}' + app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/component: database @@ -17,10 +17,10 @@ spec: selector: matchLabels: app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ meta.name }}' + app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' - serviceName: '{{ meta.name }}' + serviceName: '{{ ansible_operator_meta.name }}' replicas: 1 updateStrategy: type: RollingUpdate @@ -28,9 +28,9 @@ spec: metadata: labels: app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ meta.name }}' + app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' spec: {% if image_pull_secret %} @@ -113,13 +113,13 @@ spec: apiVersion: v1 kind: Service metadata: - name: '{{ meta.name }}-postgres' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-postgres' + namespace: '{{ ansible_operator_meta.namespace }}' labels: app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ meta.name }}' + app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/component: database @@ -129,7 +129,7 @@ spec: clusterIP: None selector: app.kubernetes.io/name: 'postgres' - app.kubernetes.io/instance: 'postgres-{{ meta.name }}' + app.kubernetes.io/instance: 'postgres-{{ ansible_operator_meta.name }}' app.kubernetes.io/component: 'database' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' diff --git a/roles/installer/templates/postgres_secret.yaml.j2 b/roles/installer/templates/postgres_secret.yaml.j2 index 5e803c16..7175f391 100644 --- a/roles/installer/templates/postgres_secret.yaml.j2 +++ b/roles/installer/templates/postgres_secret.yaml.j2 @@ -3,11 +3,11 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-postgres-configuration' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-postgres-configuration' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -16,5 +16,5 @@ stringData: username: '{{ database_username }}' database: '{{ database_name }}' port: '5432' - host: {{ meta.name }}-postgres + host: {{ ansible_operator_meta.name }}-postgres type: 'managed' diff --git a/roles/installer/templates/secret_key.yaml.j2 b/roles/installer/templates/secret_key.yaml.j2 index 015be735..c274d035 100644 --- a/roles/installer/templates/secret_key.yaml.j2 +++ b/roles/installer/templates/secret_key.yaml.j2 @@ -2,11 +2,11 @@ apiVersion: v1 kind: Secret metadata: - name: '{{ meta.name }}-secret-key' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-secret-key' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' diff --git a/roles/installer/templates/service.yaml.j2 b/roles/installer/templates/service.yaml.j2 index 6faa0a6e..5eac078f 100644 --- a/roles/installer/templates/service.yaml.j2 +++ b/roles/installer/templates/service.yaml.j2 @@ -2,11 +2,11 @@ apiVersion: v1 kind: Service metadata: - name: '{{ meta.name }}-service' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}-service' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -39,19 +39,15 @@ spec: protocol: TCP targetPort: 8052 name: http -{% elif service_type | lower == "nodeport" %} - - port: {{ nodeport_port }} - protocol: TCP - targetPort: 8052 - name: http - type: NodePort {% endif %} selector: - app.kubernetes.io/name: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' {% if service_type | lower == "loadbalancer" %} type: LoadBalancer +{% elif service_type | lower == "nodeport" %} + type: NodePort {% else %} type: ClusterIP {% endif %} diff --git a/roles/installer/templates/service_account.yaml.j2 b/roles/installer/templates/service_account.yaml.j2 index 5119864b..55c3a86a 100644 --- a/roles/installer/templates/service_account.yaml.j2 +++ b/roles/installer/templates/service_account.yaml.j2 @@ -2,11 +2,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -18,8 +18,8 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] @@ -38,12 +38,12 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' subjects: - kind: ServiceAccount - name: '{{ meta.name }}' + name: '{{ ansible_operator_meta.name }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: '{{ meta.name }}' + name: '{{ ansible_operator_meta.name }}' diff --git a/roles/restore/defaults/main.yml b/roles/restore/defaults/main.yml index ee06115d..4b425835 100644 --- a/roles/restore/defaults/main.yml +++ b/roles/restore/defaults/main.yml @@ -6,7 +6,7 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1' # Required: specify a pre-created PVC (name) to restore from backup_pvc: '' -backup_pvc_namespace: '{{ meta.namespace }}' +backup_pvc_namespace: '{{ ansible_operator_meta.namespace }}' # Required: backup name, found on the awxbackup object backup_dir: '' diff --git a/roles/restore/tasks/cleanup.yml b/roles/restore/tasks/cleanup.yml index 8d7345d6..aceefd05 100644 --- a/roles/restore/tasks/cleanup.yml +++ b/roles/restore/tasks/cleanup.yml @@ -2,7 +2,7 @@ - name: Delete any existing management pod k8s: - name: "{{ meta.name }}-db-management" + name: "{{ ansible_operator_meta.name }}-db-management" kind: Pod namespace: "{{ backup_pvc_namespace }}" state: absent @@ -15,7 +15,7 @@ kind: Secret metadata: name: '{{ item }}' - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' ownerReferences: null loop: - '{{ secret_key_secret }}' diff --git a/roles/restore/tasks/deploy_awx.yml b/roles/restore/tasks/deploy_awx.yml index 71bc96cd..a61e3d5e 100644 --- a/roles/restore/tasks/deploy_awx.yml +++ b/roles/restore/tasks/deploy_awx.yml @@ -3,7 +3,7 @@ - name: Get AWX object definition from pvc k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- bash -c "cat '{{ backup_dir }}/awx_object'" register: awx_object @@ -25,7 +25,7 @@ - name: Deploy AWX k8s: state: "{{ state | default('present') }}" - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" apply: yes definition: "{{ lookup('template', 'awx_object.yml.j2') }}" wait: true @@ -40,5 +40,5 @@ kind: AWX metadata: name: '{{ deployment_name }}' - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' ownerReferences: null diff --git a/roles/restore/tasks/error_handling.yml b/roles/restore/tasks/error_handling.yml index 1d41721d..679f1cea 100644 --- a/roles/restore/tasks/error_handling.yml +++ b/roles/restore/tasks/error_handling.yml @@ -7,5 +7,5 @@ - name: Emit ocp event with error k8s: kind: Event - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" template: "event.yml.j2" diff --git a/roles/restore/tasks/init.yml b/roles/restore/tasks/init.yml index ad406699..be5bc387 100644 --- a/roles/restore/tasks/init.yml +++ b/roles/restore/tasks/init.yml @@ -64,7 +64,7 @@ - name: Delete any existing management pod k8s: - name: "{{ meta.name }}-db-management" + name: "{{ ansible_operator_meta.name }}-db-management" kind: Pod namespace: "{{ backup_pvc_namespace }}" state: absent @@ -73,7 +73,7 @@ - name: Create management pod from templated deployment config k8s: - name: "{{ meta.name }}-db-management" + name: "{{ ansible_operator_meta.name }}-db-management" kind: Deployment state: present template: "management-pod.yml.j2" @@ -82,7 +82,7 @@ - name: Check to make sure backup directory exists on PVC k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- bash -c "stat {{ backup_dir }}" register: stat_backup_dir diff --git a/roles/restore/tasks/main.yml b/roles/restore/tasks/main.yml index d11b365f..44fabe9f 100644 --- a/roles/restore/tasks/main.yml +++ b/roles/restore/tasks/main.yml @@ -5,14 +5,14 @@ definition: apiVersion: '{{ api_version }}' kind: '{{ kind }}' - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' metadata: - name: '{{ meta.name }}' - namespace: '{{ meta.namespace }}' + name: '{{ ansible_operator_meta.name }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' @@ -21,8 +21,8 @@ k8s_info: api_version: "{{ api_version }}" kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" register: this_restore - block: diff --git a/roles/restore/tasks/postgres.yml b/roles/restore/tasks/postgres.yml index a9c17fda..c4a7927b 100644 --- a/roles/restore/tasks/postgres.yml +++ b/roles/restore/tasks/postgres.yml @@ -7,7 +7,7 @@ - name: Check for specified PostgreSQL configuration k8s_info: kind: Secret - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' name: '{{ postgres_configuration_secret }}' register: pg_config no_log: true @@ -30,7 +30,7 @@ - name: Get the postgres pod information k8s_info: kind: Pod - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' label_selectors: - "{{ postgres_label_selector }}" register: postgres_pod @@ -49,7 +49,7 @@ api_version: v1 kind: Deployment name: "{{ deployment_name }}" - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" register: this_deployment - name: Scale down Deployment for migration @@ -57,14 +57,14 @@ api_version: v1 kind: Deployment name: "{{ deployment_name }}" - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" replicas: 0 wait: yes when: this_deployment['resources'] | length - name: Set full resolvable host name for postgres pod set_fact: - resolvable_db_host: "{{ awx_postgres_host }}.{{ meta.namespace }}.svc.cluster.local" + resolvable_db_host: "{{ awx_postgres_host }}.{{ ansible_operator_meta.namespace }}.svc.cluster.local" no_log: true when: awx_postgres_type == 'managed' @@ -82,7 +82,7 @@ - name: Restore database dump to the new postgresql container k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: | bash -c """ set -e -o pipefail diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml index 644aea28..b1de1648 100644 --- a/roles/restore/tasks/secrets.yml +++ b/roles/restore/tasks/secrets.yml @@ -3,7 +3,7 @@ - name: Get secret definition from pvc k8s_exec: namespace: "{{ backup_pvc_namespace }}" - pod: "{{ meta.name }}-db-management" + pod: "{{ ansible_operator_meta.name }}-db-management" command: >- bash -c "cat '{{ backup_dir }}/secrets.yml'" register: _secrets @@ -57,7 +57,7 @@ - name: Apply secret k8s: state: present - namespace: "{{ meta.namespace }}" + namespace: "{{ ansible_operator_meta.namespace }}" apply: yes wait: yes template: "secrets.yml.j2" @@ -70,7 +70,7 @@ kind: Secret metadata: name: "{{ item.value.name }}" - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' ownerReferences: null loop: "{{ secrets | dict2items }}" no_log: true diff --git a/roles/restore/tasks/update_status.yml b/roles/restore/tasks/update_status.yml index 08ae27cb..53f3213a 100644 --- a/roles/restore/tasks/update_status.yml +++ b/roles/restore/tasks/update_status.yml @@ -4,8 +4,8 @@ operator_sdk.util.k8s_status: api_version: '{{ api_version }}' kind: "{{ kind }}" - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: restoreComplete: true when: tower_restore_complete is defined diff --git a/roles/restore/templates/awx_object.yml.j2 b/roles/restore/templates/awx_object.yml.j2 index e2e434a9..14563dfa 100644 --- a/roles/restore/templates/awx_object.yml.j2 +++ b/roles/restore/templates/awx_object.yml.j2 @@ -3,6 +3,6 @@ apiVersion: '{{ api_version }}' kind: AWX metadata: name: '{{ deployment_name }}' - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' spec: {{ spec | to_yaml | indent(2) }} diff --git a/roles/restore/templates/event.yml.j2 b/roles/restore/templates/event.yml.j2 index 3670cba3..8e4f9649 100644 --- a/roles/restore/templates/event.yml.j2 +++ b/roles/restore/templates/event.yml.j2 @@ -3,12 +3,12 @@ apiVersion: v1 kind: Event metadata: name: restore-error.{{ now }} - namespace: {{ meta.namespace }} + namespace: {{ ansible_operator_meta.namespace }} involvedObject: apiVersion: awx.ansible.com/v1beta1 kind: {{ kind }} - name: {{ meta.name }} - namespace: {{ meta.namespace }} + name: {{ ansible_operator_meta.name }} + namespace: {{ ansible_operator_meta.namespace }} message: {{ error_msg }} reason: RestoreFailed type: Warning diff --git a/roles/restore/templates/management-pod.yml.j2 b/roles/restore/templates/management-pod.yml.j2 index 1430efee..5ed3fb6c 100644 --- a/roles/restore/templates/management-pod.yml.j2 +++ b/roles/restore/templates/management-pod.yml.j2 @@ -2,26 +2,26 @@ apiVersion: v1 kind: Pod metadata: - name: {{ meta.name }}-db-management + name: {{ ansible_operator_meta.name }}-db-management namespace: {{ backup_pvc_namespace }} labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' spec: containers: - - name: {{ meta.name }}-db-management + - name: {{ ansible_operator_meta.name }}-db-management image: "{{ postgres_image }}:{{ postgres_image_version }}" imagePullPolicy: Always command: ["sleep", "infinity"] volumeMounts: - - name: {{ meta.name }}-backup + - name: {{ ansible_operator_meta.name }}-backup mountPath: /backups readOnly: false volumes: - - name: {{ meta.name }}-backup + - name: {{ ansible_operator_meta.name }}-backup persistentVolumeClaim: claimName: {{ backup_pvc }} readOnly: false diff --git a/roles/restore/templates/secrets.yml.j2 b/roles/restore/templates/secrets.yml.j2 index ec01eadb..fd0b7373 100644 --- a/roles/restore/templates/secrets.yml.j2 +++ b/roles/restore/templates/secrets.yml.j2 @@ -4,10 +4,10 @@ apiVersion: v1 kind: Secret metadata: name: '{{ secrets[secret]['name'] }}' - namespace: '{{ meta.namespace }}' + namespace: '{{ ansible_operator_meta.namespace }}' labels: - app.kubernetes.io/name: '{{ meta.name }}' - app.kubernetes.io/part-of: '{{ meta.name }}' + app.kubernetes.io/name: '{{ ansible_operator_meta.name }}' + app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' From 69203723ef3c6db66185f0a668318ab4504a0a96 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:17 -0400 Subject: [PATCH 03/22] Update scaffolding to pass yamllint --- .../awxbackup.ansible.com_awxbackups.yaml | 3 +- .../awxrestore.ansible.com_awxrestores.yaml | 3 +- config/crd/kustomization.yaml | 9 +-- config/default/kustomization.yaml | 29 ++++----- config/default/manager_auth_proxy_patch.yaml | 35 ++++++----- config/default/manager_config_patch.yaml | 21 ++++--- config/manager/controller_manager_config.yaml | 2 +- config/manager/kustomization.yaml | 17 +++-- config/manager/manager.yaml | 1 + .../awx-operator.clusterserviceversion.yaml | 29 ++++----- config/manifests/kustomization.yaml | 9 +-- config/prometheus/kustomization.yaml | 3 +- config/prometheus/monitor.yaml | 2 +- .../rbac/auth_proxy_client_clusterrole.yaml | 9 +-- config/rbac/auth_proxy_role.yaml | 25 ++++---- config/rbac/auth_proxy_role_binding.yaml | 7 ++- config/rbac/auth_proxy_service.yaml | 9 +-- config/rbac/awx_editor_role.yaml | 37 +++++------ config/rbac/awx_viewer_role.yaml | 29 ++++----- config/rbac/kustomization.yaml | 35 ++++++----- config/rbac/leader_election_role.yaml | 63 ++++++++++--------- config/rbac/leader_election_role_binding.yaml | 7 ++- config/rbac/role_binding.yaml | 5 +- config/rbac/service_account.yaml | 1 + config/samples/awx_v1alpha1_awx.yaml | 1 + config/samples/kustomization.yaml | 5 +- config/scorecard/bases/config.yaml | 5 +- config/scorecard/kustomization.yaml | 29 ++++----- config/scorecard/patches/basic.config.yaml | 5 +- config/scorecard/patches/olm.config.yaml | 21 ++++--- config/testing/debug_logs_patch.yaml | 4 +- config/testing/kustomization.yaml | 25 ++++---- roles/backup/tasks/postgres.yml | 2 +- .../tasks/resources_configuration.yml | 2 +- watches.yaml | 2 +- 35 files changed, 253 insertions(+), 238 deletions(-) diff --git a/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml index cbf9ae37..607ec245 100644 --- a/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml +++ b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml @@ -56,8 +56,7 @@ spec: type: object properties: conditions: - description: The resulting conditions when a Service Telemetry is - instantiated + description: The resulting conditions when a Service Telemetry is instantiated items: properties: lastTransitionTime: diff --git a/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml index a8f88759..67caefff 100644 --- a/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml +++ b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml @@ -60,8 +60,7 @@ spec: type: object properties: conditions: - description: The resulting conditions when a Service Telemetry is - instantiated + description: The resulting conditions when a Service Telemetry is instantiated items: properties: lastTransitionTime: diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 915ffe4a..4a700296 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -1,8 +1,9 @@ +--- # This kustomization.yaml is not intended to be run by itself, # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/awx.ansible.com_awxs.yaml -- bases/awxbackup.ansible.com_awxbackups.yaml -- bases/awxrestore.ansible.com_awxrestores.yaml -#+kubebuilder:scaffold:crdkustomizeresource + - bases/awx.ansible.com_awxs.yaml + - bases/awxbackup.ansible.com_awxbackups.yaml + - bases/awxrestore.ansible.com_awxrestores.yaml +# +kubebuilder:scaffold:crdkustomizeresource diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index f5755b16..ab3a8b43 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,30 +1,27 @@ +--- # Adds namespace to all resources. namespace: awx-operator-system - # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. namePrefix: awx-operator- - # Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - +# commonLabels: +# someName: someValue bases: -- ../crd -- ../rbac -- ../manager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - + - ../crd + - ../rbac + - ../manager + # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. + # - ../prometheus patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. + - manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type -#- manager_config_patch.yaml +# - manager_config_patch.yaml diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 81354ddc..999ea20b 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -1,3 +1,4 @@ +--- # This patch inject a sidecar container which is a HTTP proxy for the # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 @@ -9,20 +10,20 @@ spec: template: spec: containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - protocol: TCP - name: https - - name: manager - args: - - "--health-probe-bind-address=:6789" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id=awx-operator" + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + protocol: TCP + name: https + - name: manager + args: + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--leader-election-id=awx-operator" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155..d1e952e9 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -7,14 +8,14 @@ spec: template: spec: containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml volumes: - - name: manager-config - configMap: - name: manager-config + - name: manager-config + configMap: + name: manager-config diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index a36c5de2..a261f45a 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -1,10 +1,10 @@ +--- apiVersion: controller-runtime.sigs.k8s.io/v1beta1 kind: ControllerManagerConfig health: healthProbeBindAddress: :6789 metrics: bindAddress: 127.0.0.1:8080 - leaderElection: leaderElect: true resourceName: 811c9dc5.ansible.com diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index f1d239a4..897ae638 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,16 +1,15 @@ +--- resources: -- manager.yaml - + - manager.yaml generatorOptions: disableNameSuffixHash: true - configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config + - files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: -- name: controller - newName: quay.io/shanemcd/awx-operator - newTag: 0.0.1 + - name: controller + newName: quay.io/shanemcd/awx-operator + newTag: 0.0.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 3cb7cd95..5f96629c 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index 1de383a4..f4514972 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -1,3 +1,4 @@ +--- apiVersion: operators.coreos.com/v1beta1 kind: ClusterServiceVersion metadata: @@ -12,27 +13,27 @@ spec: description: An operator for the AWX Project displayName: AWX icon: - - base64data: "" - mediatype: "" + - base64data: "" + mediatype: "" install: spec: deployments: null strategy: "" installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - automation - - ansible + - automation + - ansible links: - - name: Awx Operator - url: https://awx-operator.domain + - name: Awx Operator + url: https://awx-operator.domain maturity: alpha provider: name: Ansible diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index b484d72d..777156ba 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,7 +1,8 @@ +--- # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- bases/awx-operator.clusterserviceversion.yaml -- ../default -- ../samples -- ../scorecard + - bases/awx-operator.clusterserviceversion.yaml + - ../default + - ../samples + - ../scorecard diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..c4aaaee0 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,3 @@ +--- resources: -- monitor.yaml + - monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..a5bd8b17 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,4 +1,4 @@ - +--- # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 51a75db4..8e6154f3 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -1,9 +1,10 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 80e1857c..449cb4bf 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -1,17 +1,18 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index ec7acc0a..08cb903f 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -7,6 +8,6 @@ roleRef: kind: ClusterRole name: proxy-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 71f17972..bb2ed2cf 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: @@ -7,9 +8,9 @@ metadata: namespace: system spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager diff --git a/config/rbac/awx_editor_role.yaml b/config/rbac/awx_editor_role.yaml index 908ba1f2..8994f52f 100644 --- a/config/rbac/awx_editor_role.yaml +++ b/config/rbac/awx_editor_role.yaml @@ -1,24 +1,25 @@ +--- # permissions for end users to edit awxs. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: awx-editor-role rules: -- apiGroups: - - awx.ansible.com - resources: - - awxs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - awx.ansible.com - resources: - - awxs/status - verbs: - - get + - apiGroups: + - awx.ansible.com + resources: + - awxs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - awx.ansible.com + resources: + - awxs/status + verbs: + - get diff --git a/config/rbac/awx_viewer_role.yaml b/config/rbac/awx_viewer_role.yaml index 925b5175..d5e31a6b 100644 --- a/config/rbac/awx_viewer_role.yaml +++ b/config/rbac/awx_viewer_role.yaml @@ -1,20 +1,21 @@ +--- # permissions for end users to view awxs. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: awx-viewer-role rules: -- apiGroups: - - awx.ansible.com - resources: - - awxs - verbs: - - get - - list - - watch -- apiGroups: - - awx.ansible.com - resources: - - awxs/status - verbs: - - get + - apiGroups: + - awx.ansible.com + resources: + - awxs + verbs: + - get + - list + - watch + - apiGroups: + - awx.ansible.com + resources: + - awxs/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6..f4afe7a4 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,18 +1,19 @@ +--- resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml + # All RBAC will be applied under this service account in + # the deployment namespace. You may comment out this resource + # if your manager will use a service account that exists at + # runtime. Be sure to update RoleBinding and ClusterRoleBinding + # subjects if changing service account names. + - service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec80..19d17762 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -1,37 +1,38 @@ +--- # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 1d1321ed..c536feb4 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -7,6 +8,6 @@ roleRef: kind: Role name: leader-election-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 5e11a2f3..9e6d6a45 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -7,5 +8,5 @@ roleRef: kind: Role name: manager-role subjects: -- kind: ServiceAccount - name: controller-manager + - kind: ServiceAccount + name: controller-manager diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 7cd6025b..a1ae812d 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/config/samples/awx_v1alpha1_awx.yaml b/config/samples/awx_v1alpha1_awx.yaml index 903182b9..b757761a 100644 --- a/config/samples/awx_v1alpha1_awx.yaml +++ b/config/samples/awx_v1alpha1_awx.yaml @@ -1,3 +1,4 @@ +--- apiVersion: awx.ansible.com/v1beta1 kind: AWX metadata: diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 3df795eb..d4af7e2a 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -1,4 +1,5 @@ +--- ## Append samples you want in your CSV to this file as resources ## resources: -- awx_v1beta1_awx.yaml -#+kubebuilder:scaffold:manifestskustomizesamples + - awx_v1beta1_awx.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml index c7704784..0907f0f7 100644 --- a/config/scorecard/bases/config.yaml +++ b/config/scorecard/bases/config.yaml @@ -1,7 +1,8 @@ +--- apiVersion: scorecard.operatorframework.io/v1alpha3 kind: Configuration metadata: name: config stages: -- parallel: true - tests: [] + - parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d08..8f683c0d 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,17 @@ +--- resources: -- bases/config.yaml + - bases/config.yaml patchesJson6902: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -#+kubebuilder:scaffold:patchesJson6902 + - path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config + - path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +# +kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index c04db317..9e486c80 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -1,9 +1,10 @@ +--- - op: add path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - basic-check-spec + - scorecard-test + - basic-check-spec image: quay.io/operator-framework/scorecard-test:v1.12.0 labels: suite: basic diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index 122f7031..ae9921ee 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -1,9 +1,10 @@ +--- - op: add path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-bundle-validation + - scorecard-test + - olm-bundle-validation image: quay.io/operator-framework/scorecard-test:v1.12.0 labels: suite: olm @@ -12,8 +13,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-validation + - scorecard-test + - olm-crds-have-validation image: quay.io/operator-framework/scorecard-test:v1.12.0 labels: suite: olm @@ -22,8 +23,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-resources + - scorecard-test + - olm-crds-have-resources image: quay.io/operator-framework/scorecard-test:v1.12.0 labels: suite: olm @@ -32,8 +33,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-spec-descriptors + - scorecard-test + - olm-spec-descriptors image: quay.io/operator-framework/scorecard-test:v1.12.0 labels: suite: olm @@ -42,8 +43,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-status-descriptors + - scorecard-test + - olm-status-descriptors image: quay.io/operator-framework/scorecard-test:v1.12.0 labels: suite: olm diff --git a/config/testing/debug_logs_patch.yaml b/config/testing/debug_logs_patch.yaml index 3fb3d559..3e31e2fb 100644 --- a/config/testing/debug_logs_patch.yaml +++ b/config/testing/debug_logs_patch.yaml @@ -10,5 +10,5 @@ spec: containers: - name: manager env: - - name: ANSIBLE_DEBUG_LOGS - value: "TRUE" + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/config/testing/kustomization.yaml b/config/testing/kustomization.yaml index 41091623..4bb58082 100644 --- a/config/testing/kustomization.yaml +++ b/config/testing/kustomization.yaml @@ -1,23 +1,20 @@ +--- # Adds namespace to all resources. namespace: osdk-test - namePrefix: osdk- - # Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - +# commonLabels: +# someName: someValue patchesStrategicMerge: -- manager_image.yaml -- debug_logs_patch.yaml -- ../default/manager_auth_proxy_patch.yaml - + - manager_image.yaml + - debug_logs_patch.yaml + - ../default/manager_auth_proxy_patch.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../crd -- ../rbac -- ../manager + - ../crd + - ../rbac + - ../manager images: -- name: testing - newName: testing-operator + - name: testing + newName: testing-operator diff --git a/roles/backup/tasks/postgres.yml b/roles/backup/tasks/postgres.yml index 9cfbff96..b8136303 100644 --- a/roles/backup/tasks/postgres.yml +++ b/roles/backup/tasks/postgres.yml @@ -78,7 +78,7 @@ - name: Set full resolvable host name for postgres pod set_fact: - resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # noqa 204 + resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc.cluster.local", awx_postgres_host) }}' # yamllint disable-line rule:line-length no_log: true - name: Set pg_dump command diff --git a/roles/installer/tasks/resources_configuration.yml b/roles/installer/tasks/resources_configuration.yml index a578b5ef..43ef5e7a 100644 --- a/roles/installer/tasks/resources_configuration.yml +++ b/roles/installer/tasks/resources_configuration.yml @@ -30,7 +30,7 @@ - 'persistent' - 'service' - 'ingress' - # no_log: true + no_log: true - name: Apply deployment resources k8s: diff --git a/watches.yaml b/watches.yaml index 43a0a5c0..7a3341a4 100644 --- a/watches.yaml +++ b/watches.yaml @@ -14,4 +14,4 @@ group: awx.ansible.com kind: AWXRestore role: restore -#+kubebuilder:scaffold:watch +# +kubebuilder:scaffold:watch From 65b89ea7bd1fbdb95930e73e24e018e072319e09 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:17 -0400 Subject: [PATCH 04/22] Fix ansible-lint --- molecule/test-minikube/converge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/test-minikube/converge.yml b/molecule/test-minikube/converge.yml index a44d8cda..8127b7e2 100644 --- a/molecule/test-minikube/converge.yml +++ b/molecule/test-minikube/converge.yml @@ -97,7 +97,7 @@ rescue: - name: debug cr - ignore_errors: yes + ignore_errors: yes # noqa ignore-errors failed_when: false debug: var: debug_cr @@ -110,7 +110,7 @@ }}' - name: debug awx deployment - ignore_errors: yes + ignore_errors: yes # noqa ignore-errors failed_when: false debug: var: deploy From 48ab801c8c924491d1578361685cba5ca0f478ae Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:17 -0400 Subject: [PATCH 05/22] Adopt the new molecule/ directory structure from the operator-sdk 1.x scaffolding --- .github/workflows/ci.yaml | 10 +- .yamllint | 1 + config/samples/awx_v1alpha1_awx.yaml | 8 -- config/samples/awx_v1beta1_awx.yaml | 22 +++++ config/testing/kustomization.yaml | 19 ++-- molecule/default/asserts.yml | 39 -------- molecule/default/converge.yml | 18 +++- molecule/default/create.yml | 6 ++ molecule/default/destroy.yml | 24 +++++ molecule/default/kustomize.yml | 15 +++ molecule/default/molecule.yml | 35 ++++--- molecule/default/prepare.yml | 51 ++++------ molecule/default/tasks/awx_test.yml | 19 ++++ molecule/default/verify.yml | 57 +++++++++++ molecule/kind/converge.yml | 24 +++++ molecule/kind/create.yml | 8 ++ molecule/kind/destroy.yml | 16 +++ molecule/kind/molecule.yml | 42 ++++++++ molecule/test-minikube/converge.yml | 140 --------------------------- molecule/test-minikube/molecule.yml | 34 ------- molecule/test-minikube/prepare.yml | 2 - 21 files changed, 300 insertions(+), 290 deletions(-) delete mode 100644 config/samples/awx_v1alpha1_awx.yaml create mode 100644 config/samples/awx_v1beta1_awx.yaml delete mode 100644 molecule/default/asserts.yml create mode 100644 molecule/default/create.yml create mode 100644 molecule/default/destroy.yml create mode 100644 molecule/default/kustomize.yml create mode 100644 molecule/default/tasks/awx_test.yml create mode 100644 molecule/default/verify.yml create mode 100644 molecule/kind/converge.yml create mode 100644 molecule/kind/create.yml create mode 100644 molecule/kind/destroy.yml create mode 100644 molecule/kind/molecule.yml delete mode 100644 molecule/test-minikube/converge.yml delete mode 100644 molecule/test-minikube/molecule.yml delete mode 100644 molecule/test-minikube/prepare.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 59aaa757..38200930 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -37,17 +37,11 @@ jobs: run: | ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util - - name: Setup Minikube - uses: manusa/actions-setup-minikube@v2.4.2 - with: - minikube version: 'v1.16.0' - kubernetes version: 'v1.19.2' - github token: ${{ secrets.GITHUB_TOKEN }} - - name: Run Molecule env: MOLECULE_VERBOSITY: 3 PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' run: | - molecule test -s test-minikube + make kustomize + KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind diff --git a/.yamllint b/.yamllint index 01becb8a..e79e4dd6 100644 --- a/.yamllint +++ b/.yamllint @@ -4,6 +4,7 @@ extends: default ignore: | .cache/ deploy/olm-catalog + config/testing/kustomization.yaml rules: truthy: disable diff --git a/config/samples/awx_v1alpha1_awx.yaml b/config/samples/awx_v1alpha1_awx.yaml deleted file mode 100644 index b757761a..00000000 --- a/config/samples/awx_v1alpha1_awx.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: awx.ansible.com/v1beta1 -kind: AWX -metadata: - name: awx-sample -spec: - # Add fields here - foo: bar diff --git a/config/samples/awx_v1beta1_awx.yaml b/config/samples/awx_v1beta1_awx.yaml new file mode 100644 index 00000000..1e7b1d8c --- /dev/null +++ b/config/samples/awx_v1beta1_awx.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: example-awx +spec: + service_account_annotations: | + foo: bar + deployment_type: awx + ingress_type: ingress + web_resource_requirements: + requests: + cpu: 500m + memory: 128M + task_resource_requirements: + requests: + cpu: 500m + memory: 128M + ee_resource_requirements: + requests: + cpu: 200m + memory: 64M diff --git a/config/testing/kustomization.yaml b/config/testing/kustomization.yaml index 4bb58082..b6b45328 100644 --- a/config/testing/kustomization.yaml +++ b/config/testing/kustomization.yaml @@ -1,4 +1,3 @@ ---- # Adds namespace to all resources. namespace: osdk-test namePrefix: osdk- @@ -6,15 +5,17 @@ namePrefix: osdk- # commonLabels: # someName: someValue patchesStrategicMerge: - - manager_image.yaml - - debug_logs_patch.yaml - - ../default/manager_auth_proxy_patch.yaml +- manager_image.yaml +- debug_logs_patch.yaml +- ../default/manager_auth_proxy_patch.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../crd - - ../rbac - - ../manager +- ../crd +- ../rbac +- ../manager images: - - name: testing - newName: testing-operator +- name: testing + newName: testing-operator +patches: +- path: pull_policy/Never.yaml diff --git a/molecule/default/asserts.yml b/molecule/default/asserts.yml deleted file mode 100644 index b2cf31a8..00000000 --- a/molecule/default/asserts.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Verify cluster resources - hosts: localhost - connection: local - - vars: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - - tasks: - - name: Get AWX Kind data - k8s_info: - api_version: awx.ansible.com/v1beta1 - kind: AWX - namespace: example-awx - label_selectors: - - "app.kubernetes.io/name=example-awx" - - "app.kubernetes.io/part-of=example-awx" - - "app.kubernetes.io/managed-by=awx-operator" - - "app.kubernetes.io/component=awx" - register: awx_kind - - - name: Verify there is one AWX kind - assert: - that: '{{ (awx_kind.resources | length) == 1 }}' - - - name: Get AWX Pod data - k8s_info: - kind: Pod - namespace: example-awx - label_selectors: - - "app.kubernetes.io/name=example-awx" - - "app.kubernetes.io/part-of=example-awx" - - "app.kubernetes.io/managed-by=awx-operator" - - "app.kubernetes.io/component=awx" - register: tower_pods - - - name: Verify there is one AWX pod - assert: - that: '{{ (tower_pods.resources | length) == 1 }}' diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 4a8b251e..0633db98 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,9 +2,17 @@ - name: Converge hosts: localhost connection: local - vars: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - roles: - - installer + gather_facts: no + collections: + - community.kubernetes -- import_playbook: '{{ playbook_dir }}/asserts.yml' + tasks: + - name: Create Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + + - import_tasks: kustomize.yml + vars: + state: present diff --git a/molecule/default/create.yml b/molecule/default/create.yml new file mode 100644 index 00000000..1eeaf922 --- /dev/null +++ b/molecule/default/create.yml @@ -0,0 +1,6 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: [] diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml new file mode 100644 index 00000000..af55e4f1 --- /dev/null +++ b/molecule/default/destroy.yml @@ -0,0 +1,24 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - community.kubernetes + + tasks: + - import_tasks: kustomize.yml + vars: + state: absent + + - name: Destroy Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + state: absent + + - name: Unset pull policy + command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' diff --git a/molecule/default/kustomize.yml b/molecule/default/kustomize.yml new file mode 100644 index 00000000..f3d888c2 --- /dev/null +++ b/molecule/default/kustomize.yml @@ -0,0 +1,15 @@ +--- +- name: Build kustomize testing overlay + # load_restrictor must be set to none so we can load patch files from the default overlay + command: '{{ kustomize }} build --load_restrictor none .' + args: + chdir: '{{ config_dir }}/testing' + register: resources + changed_when: false + +- name: Set resources to {{ state }} + k8s: + definition: '{{ item }}' + state: '{{ state }}' + wait: yes + loop: '{{ resources.stdout | from_yaml_all | list }}' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index c110f12a..09621b73 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,28 +2,35 @@ dependency: name: galaxy driver: - name: docker + name: delegated lint: | set -e yamllint . - ansible-lint platforms: - - name: kind-default + - name: cluster groups: - k8s - image: bsycorp/kind:latest-1.14 - privileged: True - override_command: no - exposed_ports: - - 8443/tcp - - 10080/tcp - published_ports: - - 0.0.0.0:${TEST_CLUSTER_PORT:-9443}:8443/tcp - pre_build_image: yes provisioner: name: ansible - log: True + lint: | + set -e + ansible-lint inventory: group_vars: all: - operator_namespace: ${TEST_NAMESPACE:-example-awx} + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples + operator_image: ${OPERATOR_IMAGE:-""} + operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + kustomize: ${KUSTOMIZE_PATH:-kustomize} + env: + K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} +verifier: + name: ansible + lint: | + set -e + ansible-lint diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 118388ea..ed40370c 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,39 +1,28 @@ --- -- name: Prepare operator resources +- name: Prepare hosts: localhost connection: local - - vars: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" - templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates" - vars_files: - - "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/group_vars/all" + gather_facts: false tasks: - - name: Create AWX Custom Resource Definition - k8s: - definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_crd.yaml'])) }}" + - name: Ensure operator image is set + fail: + msg: | + You must specify the OPERATOR_IMAGE environment variable in order to run the + 'default' scenario + when: not operator_image - - name: Create AWXBackup Custom Resource Definition - k8s: - definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxbackup_v1beta1_crd.yaml'])) }}" + - name: Set testing image + command: '{{ kustomize }} edit set image testing={{ operator_image }}' + args: + chdir: '{{ config_dir }}/testing' - - name: Create AWXRestore Custom Resource Definition - k8s: - definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxrestore_v1beta1_crd.yaml'])) }}" + - name: Set pull policy + command: '{{ kustomize }} edit add patch --path pull_policy/{{ operator_pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' - - name: Ensure specified namespace is present - k8s: - api_version: v1 - kind: Namespace - name: '{{ operator_namespace }}' - - - name: Create RBAC resources - k8s: - definition: "{{ lookup('template', '/'.join([templates_dir, item])) }}" - namespace: '{{ operator_namespace }}' - with_items: - - role.yml.j2 - - role_binding.yml.j2 - - service_account.yml.j2 + - name: Set testing namespace + command: '{{ kustomize }} edit set namespace {{ namespace }}' + args: + chdir: '{{ config_dir }}/testing' diff --git a/molecule/default/tasks/awx_test.yml b/molecule/default/tasks/awx_test.yml new file mode 100644 index 00000000..66cef064 --- /dev/null +++ b/molecule/default/tasks/awx_test.yml @@ -0,0 +1,19 @@ +--- +- name: Create the awx.ansible.com/v1alpha1.AWX + k8s: + state: present + namespace: '{{ namespace }}' + definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" + wait: yes + wait_timeout: 900 + wait_condition: + type: Running + reason: Successful + status: "True" + vars: + cr_file: 'awx_v1beta1_awx.yaml' + +# - name: Add assertions here +# assert: +# that: false +# fail_msg: FIXME Add real assertions for your operator diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 00000000..cc28aacf --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,57 @@ +--- +- name: Verify + hosts: localhost + connection: local + gather_facts: no + collections: + - community.kubernetes + + vars: + ctrl_label: control-plane=controller-manager + + tasks: + - block: + - name: Import all test files from tasks/ + include_tasks: '{{ item }}' + with_fileglob: + - tasks/*_test.yml + rescue: + - name: Retrieve relevant resources + k8s_info: + api_version: '{{ item.api_version }}' + kind: '{{ item.kind }}' + namespace: '{{ namespace }}' + loop: + - api_version: v1 + kind: Pod + - api_version: apps/v1 + kind: Deployment + - api_version: v1 + kind: Secret + - api_version: v1 + kind: ConfigMap + register: debug_resources + + - name: Retrieve Pod logs + k8s_log: + name: '{{ item.metadata.name }}' + namespace: '{{ namespace }}' + container: manager + loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}" + register: debug_logs + + - name: Output gathered resources + debug: + var: debug_resources + + - name: Output gathered logs + debug: + var: item.log_lines + loop: '{{ debug_logs.results }}' + + - name: Re-emit failure + vars: + failed_task: + result: '{{ ansible_failed_result }}' + fail: + msg: '{{ failed_task }}' diff --git a/molecule/kind/converge.yml b/molecule/kind/converge.yml new file mode 100644 index 00000000..8bd5700f --- /dev/null +++ b/molecule/kind/converge.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + + tasks: + - name: Build operator image + docker_image: + build: + path: '{{ project_dir }}' + pull: no + name: '{{ operator_image }}' + tag: latest + push: no + source: build + force_source: yes + + - name: Load image into kind cluster + command: kind load docker-image --name osdk-test '{{ operator_image }}' + register: result + changed_when: '"not yet present" in result.stdout' + +- import_playbook: ../default/converge.yml diff --git a/molecule/kind/create.yml b/molecule/kind/create.yml new file mode 100644 index 00000000..66a84a14 --- /dev/null +++ b/molecule/kind/create.yml @@ -0,0 +1,8 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Create test kind cluster + command: kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} diff --git a/molecule/kind/destroy.yml b/molecule/kind/destroy.yml new file mode 100644 index 00000000..a1c3eac9 --- /dev/null +++ b/molecule/kind/destroy.yml @@ -0,0 +1,16 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - community.kubernetes + + tasks: + - name: Destroy test kind cluster + command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }} + + - name: Unset pull policy + command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' diff --git a/molecule/kind/molecule.yml b/molecule/kind/molecule.yml new file mode 100644 index 00000000..80a18d39 --- /dev/null +++ b/molecule/kind/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +lint: | + set -e + yamllint . +platforms: + - name: cluster + groups: + - k8s +provisioner: + name: ansible + playbooks: + prepare: ../default/prepare.yml + verify: ../default/verify.yml + lint: | + set -e + ansible-lint + inventory: + group_vars: + all: + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples + project_dir: ${MOLECULE_PROJECT_DIRECTORY} + operator_image: testing-operator + operator_pull_policy: "Never" + kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" + kustomize: ${KUSTOMIZE_PATH:-kustomize} + env: + K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig + KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig +verifier: + name: ansible + lint: | + set -e + ansible-lint diff --git a/molecule/test-minikube/converge.yml b/molecule/test-minikube/converge.yml deleted file mode 100644 index 8127b7e2..00000000 --- a/molecule/test-minikube/converge.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- -# TODO: For some reason prepare is not run after a destroy in the Minikube env. -- import_playbook: ../default/prepare.yml - -- name: Build Operator in Minikube - hosts: localhost - connection: local - - vars: - image_name: awx.ansible.com/awx-operator:testing - - tasks: - # Use raw Docker commands inside Minikube to avoid extra Python dependencies. - - name: Get existing image hash - shell: | - eval $(minikube docker-env) - docker images -q {{ image_name }} - register: prev_hash - changed_when: false - - - name: Build Operator Image - shell: | - eval $(minikube docker-env) - docker build -f ../../build/Dockerfile -t {{ image_name }} ../.. - register: build_cmd - changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:])) - -- name: Converge - hosts: localhost - connection: local - - vars: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" - templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates" - pull_policy: Never - operator_image: awx.ansible.com/awx-operator - operator_version: testing - ansible_debug_logs: "true" - # Change this to _awx to test AWX, _tower to test Tower. - custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}" - - tasks: - - block: - - name: Delete the Operator Deployment - k8s: - state: absent - namespace: '{{ operator_namespace }}' - definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}" - register: delete_deployment - when: build_cmd.changed - - - name: Wait 30s for Operator Deployment to terminate - k8s_info: - api_version: '{{ definition.apiVersion }}' - kind: '{{ definition.kind }}' - namespace: '{{ operator_namespace }}' - name: '{{ definition.metadata.name }}' - vars: - definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}" - register: deployment - until: not deployment.resources - delay: 3 - retries: 10 - when: delete_deployment.changed - - - name: Create the Operator Deployment - k8s: - namespace: '{{ operator_namespace }}' - definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}" - - - name: Ensure the AWX custom_resource namespace exists - k8s: - state: present - name: '{{ custom_resource.metadata.namespace }}' - kind: Namespace - api_version: v1 - - - name: Create the AWX Custom Resource - k8s: - state: present - namespace: '{{ custom_resource.metadata.namespace }}' - definition: '{{ custom_resource }}' - - - name: Wait 15m for reconciliation to run - k8s_info: - api_version: '{{ custom_resource.apiVersion }}' - kind: '{{ custom_resource.kind }}' - namespace: '{{ custom_resource.metadata.namespace }}' - name: '{{ custom_resource.metadata.name }}' - register: cr - until: - - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))" - delay: 6 - retries: 150 - - rescue: - - - name: debug cr - ignore_errors: yes # noqa ignore-errors - failed_when: false - debug: - var: debug_cr - vars: - debug_cr: '{{ lookup("k8s", - kind=custom_resource.kind, - api_version=custom_resource.apiVersion, - namespace=custom_resource.metadata.namespace, - resource_name=custom_resource.metadata.name) - }}' - - - name: debug awx deployment - ignore_errors: yes # noqa ignore-errors - failed_when: false - debug: - var: deploy - vars: - deploy: '{{ lookup("k8s", - kind="Deployment", - api_version="apps/v1", - namespace=custom_resource.metadata.namespace, - label_selector="app.kubernetes.io/name=example-awx") - }}' - - - name: get operator logs - ignore_errors: yes - failed_when: false - command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }} -c operator - vars: - definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}" - register: log - - - name: print debug output - debug: var=log.stdout_lines - - - name: fail if converge didn't succeed - fail: - msg: "Failed on action: converge" - -- import_playbook: '{{ playbook_dir }}/../default/asserts.yml' diff --git a/molecule/test-minikube/molecule.yml b/molecule/test-minikube/molecule.yml deleted file mode 100644 index bde1c276..00000000 --- a/molecule/test-minikube/molecule.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: delegated - options: - managed: False - ansible_connection_options: {} -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: test-minikube - groups: - - k8s -provisioner: - name: ansible - inventory: - group_vars: - all: - operator_namespace: ${TEST_NAMESPACE:-example-awx} - env: - ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles -scenario: - test_sequence: - - lint - - destroy - - dependency - - syntax - - create - - prepare - - converge - - destroy diff --git a/molecule/test-minikube/prepare.yml b/molecule/test-minikube/prepare.yml deleted file mode 100644 index 8ca82682..00000000 --- a/molecule/test-minikube/prepare.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_playbook: ../default/prepare.yml From 59efcb7be8cb8762fd6befdaf561fe4dcbc0130d Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:17 -0400 Subject: [PATCH 06/22] Install community.docker in tests --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 38200930..27ead7b3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -35,7 +35,7 @@ jobs: - name: Install Collections run: | - ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util + ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util community.docker - name: Run Molecule env: From 88dd0e648e96f9b6dfeab818ab518ff80b6ae2d4 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:18 -0400 Subject: [PATCH 07/22] Force install of correct kustomize version in GHA --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 27ead7b3..5765f904 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -43,5 +43,6 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' run: | + sudo rm -f $(which kustomize) make kustomize KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind From 965647f9338d58f490d22a0e972a1d5e0599883b Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:18 -0400 Subject: [PATCH 08/22] Update tests to use kubernetes.core --- molecule/default/converge.yml | 2 +- molecule/default/destroy.yml | 2 +- molecule/default/verify.yml | 2 +- molecule/kind/destroy.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 0633db98..9e65e378 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,7 +4,7 @@ connection: local gather_facts: no collections: - - community.kubernetes + - kubernetes.core tasks: - name: Create Namespace diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml index af55e4f1..9a41e7de 100644 --- a/molecule/default/destroy.yml +++ b/molecule/default/destroy.yml @@ -4,7 +4,7 @@ connection: local gather_facts: false collections: - - community.kubernetes + - kubernetes.core tasks: - import_tasks: kustomize.yml diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index cc28aacf..15f3674d 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -4,7 +4,7 @@ connection: local gather_facts: no collections: - - community.kubernetes + - kubernetes.core vars: ctrl_label: control-plane=controller-manager diff --git a/molecule/kind/destroy.yml b/molecule/kind/destroy.yml index a1c3eac9..304cca21 100644 --- a/molecule/kind/destroy.yml +++ b/molecule/kind/destroy.yml @@ -4,7 +4,7 @@ connection: local gather_facts: false collections: - - community.kubernetes + - kubernetes.core tasks: - name: Destroy test kind cluster From 85f3c2378885ee052eb0782fe9ec36aa11ff0ecd Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:18 -0400 Subject: [PATCH 09/22] Whitespace fixes --- .github/workflows/ci.yaml | 2 +- CHANGELOG.md | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5765f904..6b5a0c63 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -35,7 +35,7 @@ jobs: - name: Install Collections run: | - ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util community.docker + ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util community.docker - name: Run Molecule env: diff --git a/CHANGELOG.md b/CHANGELOG.md index ef5e35c4..35d4b222 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,17 +25,17 @@ This is a list of high-level changes for each release of `awx-operator`. A full # 0.9.0 (May 1, 2021) -- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039 -- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d -- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc -- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90 -- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9 -- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f -- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f +- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039 +- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d +- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc +- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90 +- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9 +- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f +- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f - Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change) -- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f -- Add tower_ingress_type NodePort (stal) - 1b87616 -- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84 -- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1 -- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11 -- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c +- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f +- Add tower_ingress_type NodePort (stal) - 1b87616 +- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84 +- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1 +- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11 +- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c From d27bb69b96da58a9cda62a15e8ecf9ec738568d3 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:19 -0400 Subject: [PATCH 10/22] Lower resource requirements to get CI passing --- config/samples/awx_v1beta1_awx.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/samples/awx_v1beta1_awx.yaml b/config/samples/awx_v1beta1_awx.yaml index 1e7b1d8c..746072ba 100644 --- a/config/samples/awx_v1beta1_awx.yaml +++ b/config/samples/awx_v1beta1_awx.yaml @@ -10,11 +10,11 @@ spec: ingress_type: ingress web_resource_requirements: requests: - cpu: 500m + cpu: 250m memory: 128M task_resource_requirements: requests: - cpu: 500m + cpu: 250m memory: 128M ee_resource_requirements: requests: From aa969e2a93006fbff8999cfa7f1c8f977d9c1199 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:19 -0400 Subject: [PATCH 11/22] yamllint: ignore files managed by kustomize --- .yamllint | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.yamllint b/.yamllint index e79e4dd6..5155cedf 100644 --- a/.yamllint +++ b/.yamllint @@ -3,8 +3,9 @@ extends: default ignore: | .cache/ - deploy/olm-catalog - config/testing/kustomization.yaml + kustomization.yaml + awx-operator.clusterserviceversion.yaml + bundle rules: truthy: disable From d9fbda5e15519c6349a28d36067bb101cfdeb57a Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:19 -0400 Subject: [PATCH 12/22] Add ability to override namespace when running make deploy --- Makefile | 2 ++ config/default/kustomization.yaml | 21 ++++++-------- config/manager/kustomization.yaml | 15 +++++----- .../awx-operator.clusterserviceversion.yaml | 29 +++++++++---------- 4 files changed, 32 insertions(+), 35 deletions(-) diff --git a/Makefile b/Makefile index b540a44e..50a72839 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) # Image URL to use all building/pushing image targets IMG ?= $(IMAGE_TAG_BASE):$(VERSION) +NAMESPACE ?= awx all: docker-build @@ -77,6 +78,7 @@ uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} $(KUSTOMIZE) build config/default | kubectl apply -f - undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index ab3a8b43..f5ebf777 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,6 +1,5 @@ ---- # Adds namespace to all resources. -namespace: awx-operator-system +namespace: awx # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". @@ -10,18 +9,16 @@ namePrefix: awx-operator- # Labels to add to all resources and selectors. # commonLabels: # someName: someValue -bases: - - ../crd - - ../rbac - - ../manager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. # - ../prometheus -patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. - - manager_auth_proxy_patch.yaml - -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -# - manager_config_patch.yaml +patchesStrategicMerge: +- manager_auth_proxy_patch.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 897ae638..8c7ae272 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,15 +1,14 @@ ---- resources: - - manager.yaml +- manager.yaml generatorOptions: disableNameSuffixHash: true configMapGenerator: - - files: - - controller_manager_config.yaml - name: manager-config +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - - name: controller - newName: quay.io/shanemcd/awx-operator - newTag: 0.0.1 +- name: controller + newName: quay.io/ansible/awx-operator + newTag: 0.14.0 diff --git a/config/manifests/bases/awx-operator.clusterserviceversion.yaml b/config/manifests/bases/awx-operator.clusterserviceversion.yaml index f4514972..f291cb70 100644 --- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml @@ -1,4 +1,3 @@ ---- apiVersion: operators.coreos.com/v1beta1 kind: ClusterServiceVersion metadata: @@ -13,27 +12,27 @@ spec: description: An operator for the AWX Project displayName: AWX icon: - - base64data: "" - mediatype: "" + - base64data: "" + mediatype: "" install: spec: deployments: null strategy: "" installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces keywords: - - automation - - ansible + - automation + - ansible links: - - name: Awx Operator - url: https://awx-operator.domain + - name: Awx Operator + url: https://awx-operator.domain maturity: alpha provider: name: Ansible From d4c8fd67f3a39b1a2c6f2166a3f2bc5958861c4b Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:20 -0400 Subject: [PATCH 13/22] Update readme --- README.md | 141 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 84 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index e84997ac..2bc38558 100644 --- a/README.md +++ b/README.md @@ -54,23 +54,19 @@ This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) a For testing purposes, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information. -```bash -$ minikube start --addons=ingress --cpus=4 --cni=flannel --install-addons=true \ - --kubernetes-version=stable --memory=6g -😄 minikube v1.20.0 on Fedora 34 -✨ Using the kvm2 driver based on user configuration +``` +$ minikube start --cpus=4 --memory=6g --addons=ingress +😄 minikube v1.23.2 on Fedora 34 +✨ Using the docker driver based on existing profile 👍 Starting control plane node minikube in cluster minikube -🔥 Creating kvm2 VM (CPUs=4, Memory=6144MB, Disk=20000MB) ... -🐳 Preparing Kubernetes v1.20.2 on Docker 20.10.6 ... - ▪ Generating certificates and keys ... - ▪ Booting up control plane ... - ▪ Configuring RBAC rules ... -🔗 Configuring Flannel (Container Networking Interface) ... +🚜 Pulling base image ... +🏃 Updating the running docker "minikube" container ... +🐳 Preparing Kubernetes v1.22.2 on Docker 20.10.8 ... 🔎 Verifying Kubernetes components... - ▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1 - ▪ Using image k8s.gcr.io/ingress-nginx/controller:v0.44.0 ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 - ▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1 + ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.3 + ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0 + ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0 🔎 Verifying ingress addon... 🌟 Enabled addons: storage-provisioner, default-storageclass, ingress 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default @@ -78,56 +74,74 @@ $ minikube start --addons=ingress --cpus=4 --cni=flannel --install-addons=true \ Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected. -```bash +``` $ minikube kubectl -- get nodes -NAME STATUS ROLES AGE VERSION -minikube Ready control-plane,master 6m28s v1.20.2 +NAME STATUS ROLES AGE VERSION +minikube Ready control-plane,master 113s v1.22.2 $ minikube kubectl -- get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE -ingress-nginx ingress-nginx-admission-create-tjk94 0/1 Completed 0 6m4s -ingress-nginx ingress-nginx-admission-patch-r4pl6 0/1 Completed 0 6m4s -ingress-nginx ingress-nginx-controller-5d88495688-sbtp9 1/1 Running 0 6m4s -kube-system coredns-74ff55c5b-2wz6n 1/1 Running 0 6m4s -kube-system etcd-minikube 1/1 Running 0 6m13s -kube-system kube-apiserver-minikube 1/1 Running 0 6m13s -kube-system kube-controller-manager-minikube 1/1 Running 0 6m13s -kube-system kube-flannel-ds-amd64-lw7lv 1/1 Running 0 6m3s -kube-system kube-proxy-lcxx7 1/1 Running 0 6m3s -kube-system kube-scheduler-minikube 1/1 Running 0 6m13s -kube-system storage-provisioner 1/1 Running 1 6m17s +ingress-nginx ingress-nginx-admission-create--1-kk67h 0/1 Completed 0 2m1s +ingress-nginx ingress-nginx-admission-patch--1-7mp2r 0/1 Completed 1 2m1s +ingress-nginx ingress-nginx-controller-69bdbc4d57-bmwg8 1/1 Running 0 2m +kube-system coredns-78fcd69978-q7nmx 1/1 Running 0 2m +kube-system etcd-minikube 1/1 Running 0 2m12s +kube-system kube-apiserver-minikube 1/1 Running 0 2m16s +kube-system kube-controller-manager-minikube 1/1 Running 0 2m12s +kube-system kube-proxy-5mmnw 1/1 Running 0 2m1s +kube-system kube-scheduler-minikube 1/1 Running 0 2m15s +kube-system storage-provisioner 1/1 Running 0 2m11s ``` It is not required for `kubectl` to be separately installed since it comes already wrapped inside minikube. As demonstrated above, simply prefix `minikube kubectl --` before kubectl command, i.e. `kubectl get nodes` would become `minikube kubectl -- get nodes` -Let's create an alias for easier usage: +Let's create an alias for easier usage: -```bash +``` $ alias kubectl="minikube kubectl --" ``` -Now you need to deploy AWX Operator into your cluster. Start by going to https://github.com/ansible/awx-operator/releases and making note of the latest release. Replace `` in the URL `https://raw.githubusercontent.com/ansible/awx-operator//deploy/awx-operator.yaml` with the version you are deploying. +Now you need to deploy AWX Operator into your cluster. Clone this repo and `git checkout` the latest version from https://github.com/ansible/awx-operator/releases, and then run the following command: -```bash -$ kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator//deploy/awx-operator.yaml -customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created +``` +$ export NAMESPACE=my-namespace +$ make deploy +cd config/manager && /home/user/awx-operator/bin/kustomize edit set image controller=quay.io/ansible/awx-operator:0.14.0 +/home/user/awx-operator/bin/kustomize build config/default | kubectl apply -f - +namespace/my-namespace created customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created -clusterrole.rbac.authorization.k8s.io/awx-operator created -clusterrolebinding.rbac.authorization.k8s.io/awx-operator created -serviceaccount/awx-operator created -deployment.apps/awx-operator created +customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created +serviceaccount/awx-operator-controller-manager created +role.rbac.authorization.k8s.io/awx-operator-leader-election-role created +role.rbac.authorization.k8s.io/awx-operator-manager-role created +clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created +clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created +rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created +rolebinding.rbac.authorization.k8s.io/awx-operator-manager-rolebinding created +clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created +configmap/awx-operator-manager-config created +service/awx-operator-controller-manager-metrics-service created +deployment.apps/awx-operator-controller-manager created ``` -Wait a few minutes and you should have the `awx-operator` running. +Wait a bit and you should have the `awx-operator` running: -```bash -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -awx-operator-7dbf9db9d7-z9hqx 1/1 Running 0 50s +``` +$ kubectl get pods -n $NAMESPACE +NAME READY STATUS RESTARTS AGE +awx-operator-controller-manager-66ccd8f997-rhd4z 2/2 Running 0 11s ``` -Then create a file named `awx-demo.yml` with the suggested content. The `metadata.name` you provide, will be the name of the resulting AWX deployment. If you deploy more than one AWX instance to the same namespace, be sure to use unique names. +So we don't have to keep repeating `-n $NAMESPACE`, let's set the current namespace for `kubectl`: + +``` +$ kubectl config set-context --current --namespace=$NAMESPACE +``` + +Next, create a file named `awx-demo.yml` with the suggested content below. The `metadata.name` you provide, will be the name of the resulting AWX deployment. + +**Note:** If you deploy more than one AWX instance to the same namespace, be sure to use unique names. ```yaml --- @@ -137,20 +151,24 @@ metadata: name: awx-demo spec: service_type: nodeport - ingress_type: none - hostname: awx-demo.example.com ``` Finally, use `kubectl` to create the awx instance in your cluster: -```bash +``` $ kubectl apply -f awx-demo.yml awx.awx.ansible.com/awx-demo created ``` -After a few minutes, the new AWX instance will be deployed. One can look at the operator pod logs in order to know where the installation process is at. This can be done by running the following command: `kubectl logs -f deployments/awx-operator`. +After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at: -```bash +``` +$ kubectl logs -f deployments/awx-operator-controller-manager -c manager +``` + +After a few seconds, you should see the operator begin to create new resources: + +``` $ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator" NAME READY STATUS RESTARTS AGE awx-demo-77d96f88d5-pnhr8 4/4 Running 0 3m24s @@ -162,11 +180,20 @@ awx-demo-postgres ClusterIP None 5432/TCP 4m4s awx-demo-service NodePort 10.109.40.38 80:31006/TCP 3m56s ``` -Once deployed, the AWX instance will be accessible by the command `minikube service awx-demo-service --url`. +Once deployed, the AWX instance will be accessible by running: -By default, the admin user is `admin` and the password is available in the `-admin-password` secret. To retrieve the admin password, run `kubectl get secret -admin-password -o jsonpath="{.data.password}" | base64 --decode` +``` +$ minikube service awx-demo-service --url -n $NAMESPACE +``` -You just completed the most basic install of an AWX instance via this operator. Congratulations!!!! +By default, the admin user is `admin` and the password is available in the `-admin-password` secret. To retrieve the admin password, run: + +``` +$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode +yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR +``` + +You just completed the most basic install of an AWX instance via this operator. Congratulations!!! For an example using the Nginx Controller in Minukube, don't miss our [demo video](https://asciinema.org/a/416946). @@ -351,7 +378,7 @@ stringData: type: Opaque ``` -> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added. +> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added. **Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`. @@ -781,7 +808,7 @@ Example configuration of environment variables To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do: -```bash +``` $ kubectl delete awx awx-demo awx.awx.ansible.com "awx-demo" deleted ``` @@ -797,7 +824,7 @@ Apply the awx-operator.yml for that release to upgrade the operator, and in turn **Cluster-scope to Namespace-scope considerations** -Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to +Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to delete your existing `awx-operator` service account, role and role binding. ## Contributing @@ -833,7 +860,7 @@ Generate the olm-catalog bundle. $ operator-sdk generate bundle --operator-name awx-operator --version ``` -> This should be done with operator-sdk v0.19.4. +> This should be done with operator-sdk v0.19.4. > It is a good idea to use the [build script](./build.sh) at this point to build the catalog and test out installing it in Operator Hub. @@ -860,7 +887,7 @@ After it is built, test it on a local cluster: #> ansible-playbook ansible/deploy-operator.yml -e operator_image=quay.io//awx-operator -e operator_version= -e pull_policy=Always #> kubectl create namespace example-awx #> ansible-playbook ansible/instantiate-awx-deployment.yml -e namespace=example-awx -e image=quay.io//awx -e service_type=nodeport -#> # Verify that the awx-task and awx-web containers are launched +#> # Verify that the awx-task and awx-web containers are launched #> # with the right version of the awx image #> minikube delete ``` From cf22f9ba525cdc523de30f674334c20dfe9e7eb7 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:20 -0400 Subject: [PATCH 14/22] Fix link to upgrade docs --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 35d4b222..d9fa3b56 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ This is a list of high-level changes for each release of `awx-operator`. A full # 0.14.0 (TBA) -- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change) +- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change) # 0.10.0 (Jun 1, 2021) From e9ade568423bcffa327cf9f272587bc538293862 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:20 -0400 Subject: [PATCH 15/22] Add note about upgrading to 0.14.0 --- CHANGELOG.md | 2 ++ README.md | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d9fa3b56..6d143b1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ This is a list of high-level changes for each release of `awx-operator`. A full # 0.14.0 (TBA) +- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. + - To avoid a headache, you probably want to delete your existing operator Deployment and follow the README. - Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change) # 0.10.0 (Jun 1, 2021) diff --git a/README.md b/README.md index 2bc38558..dc0c41b8 100644 --- a/README.md +++ b/README.md @@ -821,12 +821,17 @@ To upgrade AWX, it is recommended to upgrade the awx-operator to the version tha Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment. +#### v0.14.0 -**Cluster-scope to Namespace-scope considerations** +##### Cluster-scope to Namespace-scope considerations Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to delete your existing `awx-operator` service account, role and role binding. +##### Project is now based on v1.x of the operator-sdk project + +Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. You may need to manually delete your old operator Deployment to avoid issues. + ## Contributing Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md). From 12361d6ff15c47d8a27f8a8a2917e47d66820487 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:20 -0400 Subject: [PATCH 16/22] Delete files no longer necessary --- ansible/build-and-push.yml | 17 - ansible/chain-operator-files.yml | 31 -- ansible/deploy-operator.yml | 29 -- ansible/group_vars/all | 4 - ansible/templates/awx-operator.yaml.j2 | 16 - ansible/templates/awxbackup_crd.yml.j2 | 78 ---- ansible/templates/awxrestore_crd.yml.j2 | 79 ---- ansible/templates/crd.yml.j2 | 448 ----------------------- ansible/templates/operator.yml.j2 | 50 --- ansible/templates/role.yml.j2 | 106 ------ ansible/templates/role_binding.yml.j2 | 12 - ansible/templates/service_account.yml.j2 | 5 - 12 files changed, 875 deletions(-) delete mode 100644 ansible/build-and-push.yml delete mode 100644 ansible/chain-operator-files.yml delete mode 100644 ansible/deploy-operator.yml delete mode 100644 ansible/group_vars/all delete mode 100644 ansible/templates/awx-operator.yaml.j2 delete mode 100644 ansible/templates/awxbackup_crd.yml.j2 delete mode 100644 ansible/templates/awxrestore_crd.yml.j2 delete mode 100644 ansible/templates/crd.yml.j2 delete mode 100644 ansible/templates/operator.yml.j2 delete mode 100644 ansible/templates/role.yml.j2 delete mode 100644 ansible/templates/role_binding.yml.j2 delete mode 100644 ansible/templates/service_account.yml.j2 diff --git a/ansible/build-and-push.yml b/ansible/build-and-push.yml deleted file mode 100644 index aae813d8..00000000 --- a/ansible/build-and-push.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Build and Deploy the AWX Operator - hosts: localhost - - collections: - - community.docker - - tasks: - - name: Build and (optionally) push operator image - docker_image: - name: "{{ operator_image }}:{{ operator_version }}" - source: "build" - push: "{{ push_image }}" - build: - dockerfile: "build/Dockerfile" - path: "../" - force_source: "yes" diff --git a/ansible/chain-operator-files.yml b/ansible/chain-operator-files.yml deleted file mode 100644 index 23cfc05a..00000000 --- a/ansible/chain-operator-files.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# To run: `ansible-playbook chain-operator-files.yml` -- name: Chain operator files together for easy deployment. - hosts: localhost - connection: local - gather_facts: false - - tasks: - - name: Template AWX CRD - template: - src: crd.yml.j2 - dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml" - mode: '0644' - - - name: Template AWXBackup CRD - template: - src: awxbackup_crd.yml.j2 - dest: "{{ playbook_dir }}/../deploy/crds/awxbackup_v1beta1_crd.yaml" - mode: '0644' - - - name: Template AWXRestore CRD - template: - src: awxrestore_crd.yml.j2 - dest: "{{ playbook_dir }}/../deploy/crds/awxrestore_v1beta1_crd.yaml" - mode: '0644' - - - name: Template awx-operator.yaml - template: - src: awx-operator.yaml.j2 - dest: ../deploy/awx-operator.yaml - mode: '0644' diff --git a/ansible/deploy-operator.yml b/ansible/deploy-operator.yml deleted file mode 100644 index 6839af12..00000000 --- a/ansible/deploy-operator.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Reconstruct awx-operator.yaml - import_playbook: chain-operator-files.yml - -- name: Deploy Operator - hosts: localhost - vars: - k8s_namespace: "{{ namespace | default('default') }}" - obliterate: no - - collections: - - kubernetes.core - - tasks: - - name: Obliterate Operator - k8s: - state: absent - namespace: "{{ k8s_namespace }}" - src: "../deploy/awx-operator.yaml" - wait: yes - when: obliterate | bool - - - name: Deploy Operator - k8s: - state: present - namespace: "{{ k8s_namespace }}" - apply: yes - wait: yes - src: "../deploy/awx-operator.yaml" diff --git a/ansible/group_vars/all b/ansible/group_vars/all deleted file mode 100644 index 8782f9fe..00000000 --- a/ansible/group_vars/all +++ /dev/null @@ -1,4 +0,0 @@ -operator_image: quay.io/ansible/awx-operator -operator_version: 0.13.0 -pull_policy: Always -ansible_debug_logs: "false" diff --git a/ansible/templates/awx-operator.yaml.j2 b/ansible/templates/awx-operator.yaml.j2 deleted file mode 100644 index 21a74d67..00000000 --- a/ansible/templates/awx-operator.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -#jinja2: trim_blocks:False -# This file is generated by Ansible. Changes will be lost. -# Update templates under ansible/templates/ -{% include 'crd.yml.j2' %} - -{% include 'awxbackup_crd.yml.j2' %} - -{% include 'awxrestore_crd.yml.j2' %} - -{% include 'role.yml.j2' %} - -{% include 'role_binding.yml.j2' %} - -{% include 'service_account.yml.j2' %} - -{% include 'operator.yml.j2' %} diff --git a/ansible/templates/awxbackup_crd.yml.j2 b/ansible/templates/awxbackup_crd.yml.j2 deleted file mode 100644 index cbf9ae37..00000000 --- a/ansible/templates/awxbackup_crd.yml.j2 +++ /dev/null @@ -1,78 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxbackups.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXBackup - listKind: AWXBackupList - plural: awxbackups - singular: awxbackup - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - description: Schema validation for the AWXBackup CRD - properties: - spec: - type: object - required: - - deployment_name - properties: - deployment_name: - description: Name of the deployment to be backed up - type: string - backup_pvc: - description: Name of the PVC to be used for storing the backup - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_storage_requirements: - description: Storage requirements for the PostgreSQL container - type: string - backup_storage_class: - description: Storage class to use when creating PVC for backup - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing up data - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - status: - type: object - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - backupDirectory: - description: Backup directory name on the specified pvc - type: string - backupClaim: - description: Backup persistent volume claim - type: string diff --git a/ansible/templates/awxrestore_crd.yml.j2 b/ansible/templates/awxrestore_crd.yml.j2 deleted file mode 100644 index a8f88759..00000000 --- a/ansible/templates/awxrestore_crd.yml.j2 +++ /dev/null @@ -1,79 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxrestores.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWXRestore - listKind: AWXRestoreList - plural: awxrestores - singular: awxrestore - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - description: Schema validation for the AWXRestore CRD - properties: - spec: - type: object - properties: - backup_source: - description: Backup source - type: string - enum: - - CR - - PVC - deployment_name: - description: Name of the deployment to be restored to - type: string - backup_name: - description: AWXBackup object name - type: string - backup_pvc: - description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim) - type: string - backup_pvc_namespace: - description: Namespace the PVC is in - type: string - backup_dir: - description: Backup directory name, set as a status found on the awxbackup object (backupDirectory) - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for backing up data - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - status: - type: object - properties: - conditions: - description: The resulting conditions when a Service Telemetry is - instantiated - items: - properties: - lastTransitionTime: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - restoreComplete: - description: Restore process complete - type: boolean diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2 deleted file mode 100644 index 69d0b649..00000000 --- a/ansible/templates/crd.yml.j2 +++ /dev/null @@ -1,448 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: awxs.awx.ansible.com -spec: - group: awx.ansible.com - names: - kind: AWX - listKind: AWXList - plural: awxs - singular: awx - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Schema validation for the AWX CRD - properties: - spec: - properties: - deployment_type: - description: Name of the deployment type - type: string - kind: - description: Kind of the deployment type - type: string - api_version: - description: apiVersion of the deployment type - type: string - task_privileged: - description: If a privileged security context should be enabled - type: boolean - default: false - admin_user: - description: Username to use for the admin account - type: string - default: admin - hostname: - description: The hostname of the instance - type: string - admin_email: - description: The admin user email - type: string - admin_password_secret: - description: Secret where the admin password can be found - type: string - postgres_configuration_secret: - description: Secret where the database configuration can be found - type: string - old_postgres_configuration_secret: - description: Secret where the old database configuration can be found for data migration - type: string - postgres_label_selector: - description: Label selector used to identify postgres pod for data migration - type: string - secret_key_secret: - description: Secret where the secret key can be found - type: string - broadcast_websocket_secret: - description: Secret where the broadcast websocket secret can be found - type: string - extra_volumes: - description: Specify extra volumes to add to the application pod - type: string - service_type: - description: The service type to be used on the deployed instance - type: string - enum: - - LoadBalancer - - loadbalancer - - ClusterIP - - clusterip - - NodePort - - nodeport - ingress_type: - description: The ingress type to use to reach the deployed instance - type: string - enum: - - none - - Ingress - - ingress - - Route - - route - ingress_path: - description: The ingress path used to reach the deployed service - type: string - ingress_annotations: - description: Annotations to add to the Ingress Controller - type: string - ingress_tls_secret: - description: Secret where the Ingress TLS secret can be found - type: string - loadbalancer_annotations: - description: Annotations to add to the loadbalancer - type: string - loadbalancer_protocol: - description: Protocol to use for the loadbalancer - type: string - default: http - enum: - - http - - https - loadbalancer_port: - description: Port to use for the loadbalancer - type: integer - default: 80 - nodeport_port: - description: Port to use for the nodeport - type: integer - default: 30080 - route_host: - description: The DNS to use to points to the instance - type: string - route_tls_termination_mechanism: - description: The secure TLS termination mechanism to use - type: string - default: Edge - enum: - - Edge - - edge - - Passthrough - - passthrough - route_tls_secret: - description: Secret where the TLS related credentials are stored - type: string - node_selector: - description: nodeSelector for the pods - type: string - service_labels: - description: Additional labels to apply to the service - type: string - tolerations: - description: node tolerations for the pods - type: string - image: - description: Registry path to the application container to use - type: string - image_version: - description: Application container image version to use - type: string - ee_images: - description: Registry path to the Execution Environment container to use - type: array - items: - type: object - properties: - name: - type: string - image: - type: string - control_plane_ee_image: - description: Registry path to the Execution Environment container image to use on control plane pods - type: string - ee_pull_credentials_secret: - description: Secret where pull credentials for registered ees can be found - type: string - image_pull_policy: - description: The image pull policy - type: string - default: IfNotPresent - enum: - - Always - - always - - Never - - never - - IfNotPresent - - ifnotpresent - image_pull_secret: - description: The image pull secret - type: string - task_resource_requirements: - description: Resource requirements for the task container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - web_resource_requirements: - description: Resource requirements for the web container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - ee_resource_requirements: - description: Resource requirements for the ee container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - storage: - type: string - type: object - type: object - service_account_annotations: - description: ServiceAccount annotations - type: string - replicas: - description: Number of instance replicas - type: integer - default: 1 - format: int32 - garbage_collect_secrets: - description: Whether or not to remove secrets upon instance removal - default: false - type: boolean - create_preload_data: - description: Whether or not to preload data upon instance creation - default: true - type: boolean - task_args: - type: array - items: - type: string - task_command: - type: array - items: - type: string - web_args: - type: array - items: - type: string - web_command: - type: array - items: - type: string - task_extra_env: - type: string - web_extra_env: - type: string - ee_extra_env: - type: string - ee_extra_volume_mounts: - description: Specify volume mounts to be added to Execution container - type: string - task_extra_volume_mounts: - description: Specify volume mounts to be added to Task container - type: string - web_extra_volume_mounts: - description: Specify volume mounts to be added to the Web container - type: string - redis_image: - description: Registry path to the redis container to use - type: string - redis_image_version: - description: Redis container image version to use - type: string - init_container_image: - description: Registry path to the init container to use - type: string - init_container_image_version: - description: Init container image version to use - type: string - init_container_extra_commands: - description: Extra commands for the init container - type: string - init_container_extra_volume_mounts: - description: Specify volume mounts to be added to the init container - type: string - postgres_image: - description: Registry path to the PostgreSQL container to use - type: string - postgres_image_version: - description: PostgreSQL container image version to use - type: string - postgres_selector: - description: nodeSelector for the Postgres pods - type: string - postgres_tolerations: - description: node tolerations for the Postgres pods - type: string - postgres_storage_requirements: - description: Storage requirements for the PostgreSQL container - properties: - requests: - properties: - storage: - type: string - type: object - limits: - properties: - storage: - type: string - type: object - type: object - postgres_resource_requirements: - description: Resource requirements for the PostgreSQL container - properties: - requests: - properties: - cpu: - type: string - memory: - type: string - type: object - limits: - properties: - cpu: - type: string - memory: - type: string - type: object - type: object - postgres_storage_class: - description: Storage class to use for the PostgreSQL PVC - type: string - postgres_data_path: - description: Path where the PostgreSQL data are located - type: string - ca_trust_bundle: - description: Path where the trusted CA bundle is available - type: string - development_mode: - description: If the deployment should be done in development mode - type: boolean - ldap_cacert_secret: - description: Secret where can be found the LDAP trusted Certificate Authority Bundle - type: string - bundle_cacert_secret: - description: Secret where can be found the trusted Certificate Authority Bundle - type: string - projects_persistence: - description: Whether or not the /var/lib/projects directory will be persistent - default: false - type: boolean - projects_use_existing_claim: - description: Using existing PersistentVolumeClaim - type: string - enum: - - _Yes_ - - _No_ - projects_existing_claim: - description: PersistentVolumeClaim to mount /var/lib/projects directory - type: string - projects_storage_class: - description: Storage class for the /var/lib/projects PersistentVolumeClaim - type: string - projects_storage_size: - description: Size for the /var/lib/projects PersistentVolumeClaim - default: 8Gi - type: string - projects_storage_access_mode: - description: AccessMode for the /var/lib/projects PersistentVolumeClaim - default: ReadWriteMany - type: string - extra_settings: - description: Extra settings to specify for the API - items: - properties: - setting: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - type: object - status: - properties: - URL: - description: URL to access the deployed instance - type: string - adminUser: - description: Admin user of the deployed instance - type: string - adminPasswordSecret: - description: Admin password secret name of the deployed instance - type: string - postgresConfigurationSecret: - description: Postgres Configuration secret name of the deployed instance - type: string - broadcastWebsocketSecret: - description: Broadcast websocket secret name of the deployed instance - type: string - secretKeySecret: - description: Secret key secret name of the deployed instance - type: string - migratedFromSecret: - description: The secret used for migrating an old instance. - type: string - version: - description: Version of the deployed instance - type: string - image: - description: URL of the image used for the deployed instance - type: string - conditions: - description: The resulting conditions when a Service Telemetry is instantiated - items: - properties: - status: - type: string - type: - type: string - reason: - type: string - lastTransitionTime: - type: string - type: object - type: array - type: object - type: object diff --git a/ansible/templates/operator.yml.j2 b/ansible/templates/operator.yml.j2 deleted file mode 100644 index 680042a3..00000000 --- a/ansible/templates/operator.yml.j2 +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: awx-operator -spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - template: - metadata: - labels: - name: awx-operator - spec: - serviceAccountName: awx-operator - containers: - - name: awx-operator - image: "{{ operator_image }}:{{ operator_version }}" - imagePullPolicy: "{{ pull_policy|default('Always') }}" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - # Watch one namespace (namespace-scoped). - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - - name: OPERATOR_VERSION - value: "{{ operator_version }}" - - name: ANSIBLE_DEBUG_LOGS - value: "{{ ansible_debug_logs|lower | default('false'|lower) }}" - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - volumes: - - name: runner - emptyDir: {} diff --git a/ansible/templates/role.yml.j2 b/ansible/templates/role.yml.j2 deleted file mode 100644 index adf9828f..00000000 --- a/ansible/templates/role.yml.j2 +++ /dev/null @@ -1,106 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: awx-operator -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - "" - - "rbac.authorization.k8s.io" - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - apps - - networking.k8s.io - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - get - - list - - create - - delete - - patch - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - - statefulsets/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - - pods/attach - - pods/log # log & attach rules needed to be able to grant them to AWX service account - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - create - - apiGroups: - - awx.ansible.com - resources: - - '*' - - awxbackups - - awxrestores - verbs: - - '*' diff --git a/ansible/templates/role_binding.yml.j2 b/ansible/templates/role_binding.yml.j2 deleted file mode 100644 index e4e4ab9d..00000000 --- a/ansible/templates/role_binding.yml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: awx-operator -subjects: - - kind: ServiceAccount - name: awx-operator -roleRef: - kind: Role - name: awx-operator - apiGroup: rbac.authorization.k8s.io diff --git a/ansible/templates/service_account.yml.j2 b/ansible/templates/service_account.yml.j2 deleted file mode 100644 index c4d60043..00000000 --- a/ansible/templates/service_account.yml.j2 +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awx-operator From ca72423ca4d9e4bdc4fc173330ec26c73f83d2a1 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 15:31:21 -0400 Subject: [PATCH 17/22] Update release process docs --- README.md | 64 ++++++++++++++-------------------------------------- awx-demo.yml | 7 ++++++ 2 files changed, 24 insertions(+), 47 deletions(-) create mode 100644 awx-demo.yml diff --git a/README.md b/README.md index dc0c41b8..918fdff1 100644 --- a/README.md +++ b/README.md @@ -469,8 +469,8 @@ spec: If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with: -```sh -#> oc adm policy add-scc-to-user privileged -z awx +``` +$ oc adm policy add-scc-to-user privileged -z awx ``` Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action. @@ -583,7 +583,7 @@ spec: To create the secret, you can use the command below: -```sh +``` # kubectl create secret generic -custom-certs \ --from-file=ldap-ca.crt= \ --from-file=bundle-ca.crt= @@ -839,69 +839,39 @@ Please visit [our contributing guidelines](https://github.com/ansible/awx-operat ## Release Process -There are a few moving parts to this project: - - * The `awx-operator` container image which powers AWX Operator - * The `awx-operator.yaml` file, which initially deploys the Operator - * The ClusterServiceVersion (CSV), which is generated as part of the bundle and needed for the olm-catalog - -Each of these must be appropriately built in preparation for a new tag: - ### Update version and files Update the awx-operator version: - - `ansible/group_vars/all` - -Once the version has been updated, run from the root of the repo: - -```sh -#> ansible-playbook ansible/chain-operator-files.yml -``` - -Generate the olm-catalog bundle. - -```bash -$ operator-sdk generate bundle --operator-name awx-operator --version -``` - -> This should be done with operator-sdk v0.19.4. - -> It is a good idea to use the [build script](./build.sh) at this point to build the catalog and test out installing it in Operator Hub. + - `Makefile` ### Verify Functionality Run the following command inside this directory: -```sh -#> operator-sdk build quay.io//awx-operator: ``` - -Then push the generated image to Docker Hub: - -```sh -#> docker push quay.io//awx-operator: +$ IMAGE_TAG_BASE=quay.io//awx-operator make docker-build docker-push ``` After it is built, test it on a local cluster: - -```sh -#> minikube start --memory 6g --cpus 4 -#> minikube addons enable ingress -#> ansible-playbook ansible/deploy-operator.yml -e operator_image=quay.io//awx-operator -e operator_version= -e pull_policy=Always -#> kubectl create namespace example-awx -#> ansible-playbook ansible/instantiate-awx-deployment.yml -e namespace=example-awx -e image=quay.io//awx -e service_type=nodeport -#> # Verify that the awx-task and awx-web containers are launched -#> # with the right version of the awx image -#> minikube delete +``` +$ minikube start --memory 6g --cpus 4 +$ minikube addons enable ingress +$ export NAMESPACE=example-awx +$ make deploy +$ ansible-playbook ansible/instantiate-awx-deployment.yml -e namespace=$NAMESPACE -e image=quay.io//awx -e service_type=nodeport +$ # Verify that the awx-task and awx-web containers are launched +$ # with the right version of the awx image +$ # Launch a job at `minikube service awx-demo-service --url -n $NAMESPACE` +$ minikube delete ``` ### Update changelog Generate a list of commits between the versions and add it to the [changelog](./CHANGELOG.md). -```sh -#> git log --no-merges --pretty="- %s (%an) - %h " .. +``` +$ git log --no-merges --pretty="- %s (%an) - %h " .. ``` ### Commit / Create Release diff --git a/awx-demo.yml b/awx-demo.yml new file mode 100644 index 00000000..95053166 --- /dev/null +++ b/awx-demo.yml @@ -0,0 +1,7 @@ +--- +apiVersion: awx.ansible.com/v1beta1 +kind: AWX +metadata: + name: awx-demo +spec: + service_type: nodeport From 91d17eabef5b36fdd2d34858cfe09ef126d13cb9 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 16:02:29 -0400 Subject: [PATCH 18/22] Delete scripts/ directory --- scripts/build.sh | 119 -------------------------------------- scripts/generate-files.sh | 17 ------ scripts/okd-console.yaml | 115 ------------------------------------ 3 files changed, 251 deletions(-) delete mode 100755 scripts/build.sh delete mode 100755 scripts/generate-files.sh delete mode 100644 scripts/okd-console.yaml diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100755 index b90a4f2d..00000000 --- a/scripts/build.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -## This script will generate a bundle manifest, build 3 images awx-{operator,bundle,catalog} -## and push to the $REGISTRY specified. -## -## The goal is provide an quick way to build a test image. -## -## Example: -## -## git clone https://github.com/ansible/awx-operator.git -## cd awx-operator -## REGISTRY=registry.example.com/ansible TAG=mytag ANSIBLE_DEBUG_LOGS=true scripts/build.sh -## -## As a result, the $REGISTRY will be populated with 3 images -## registry.example.com/ansible/awx-operator:mytag -## registry.example.com/ansible/awx-operator-bundle:mytag -## registry.example.com/ansible/awx-operator-catalog:mytag - -OPERATOR_IMAGE=${OPERATOR_IMAGE:-awx-operator} -BUNDLE_IMAGE=${BUNDLE_IMAGE:-awx-operator-bundle} -CATALOG_IMAGE=${CATALOG_IMAGE:-awx-operator-catalog} - -verify_podman_binary() { - if hash podman 2>/dev/null; then - POD_MANAGER="podman" - else - POD_MANAGER="docker" - fi -} - -verify_operator_sdk_binary() { - if hash operator-sdk 2>/dev/null; then - OPERATOR_SDK="$(which operator-sdk)" - else - echo "operator-sdk binary not found." - echo "Please visit https://sdk.operatorframework.io/docs/building-operators/ansible/installation" - exit 1 - fi -} - -verify_opm_binary() { - if hash opm 2>/dev/null; then - OPM_BINARY="$(which opm)" - else - echo "opm binary not found." - echo "Please visit https://github.com/operator-framework/operator-registry/releases" - exit 1 - fi -} - -prepare_local_deploy() { - echo "operator_image: $REGISTRY/$OPERATOR_IMAGE" > ansible/group_vars/all - echo "operator_version: $TAG" >> ansible/group_vars/all - echo "pull_policy: Always" >> ansible/group_vars/all - echo "ansible_debug_logs: ${ANSIBLE_DEBUG_LOGS:-false}" >> ansible/group_vars/all - ansible-playbook ansible/chain-operator-files.yml -} - - -REGISTRY=${REGISTRY:-''} -if [[ -z "$REGISTRY" ]]; then - echo "Set your \$REGISTRY variable to your registry server." - echo "export REGISTRY=quay.io/ansible" - exit 1 -fi - -TAG=${TAG:-''} -if [[ -z "$TAG" ]]; then - echo "Set your \$TAG variable to your registry server." - echo "export TAG=mytag" - exit 1 -fi - -build_operator_image() { - echo "Building and pushing $OPERATOR_IMAGE image" - $POD_MANAGER build . -f build/Dockerfile -t $REGISTRY/$OPERATOR_IMAGE:$TAG - $POD_MANAGER push $REGISTRY/$OPERATOR_IMAGE:$TAG -} - -build_bundle_image() { - echo "Building and pushing $BUNDLE_IMAGE image" - operator-sdk generate bundle --operator-name awx-operator --version $TAG - $POD_MANAGER build . -f bundle.Dockerfile -t $REGISTRY/$BUNDLE_IMAGE:$TAG - $POD_MANAGER push $REGISTRY/$BUNDLE_IMAGE:$TAG -} - -build_catalog_image() { - echo "Building and pushing $CATALOG_IMAGE image" - $OPM_BINARY index add --bundles $REGISTRY/$BUNDLE_IMAGE:$TAG --tag $REGISTRY/$CATALOG_IMAGE:$TAG - $POD_MANAGER push $REGISTRY/$CATALOG_IMAGE:$TAG -} - -generate_catalogsource_yaml() { - echo "Creating CatalogSource YAML" - cat > catalogsource.yaml << EOF ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: awx-operator - namespace: operators -spec: - displayName: 'Ansible AWX Operator' - image: "$REGISTRY/$CATALOG_IMAGE:$TAG" - publisher: 'Ansible AWX Operator' - sourceType: grpc -EOF - - echo "Now run: 'kubectl apply -f catalogsource.yaml' to update the operator" - echo "Happy testing!" -} - -verify_podman_binary -verify_operator_sdk_binary -verify_opm_binary -prepare_local_deploy -build_operator_image -build_bundle_image -build_catalog_image -generate_catalogsource_yaml diff --git a/scripts/generate-files.sh b/scripts/generate-files.sh deleted file mode 100755 index 7dcf3c99..00000000 --- a/scripts/generate-files.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -## This script will auto-generate the templated files and bundle files -## after changes to CRD template files. Please use this instead of manually -## updating the managed yaml files. -## -## Example: -## TAG=0.10.0 ./generate-files.sh - -TAG=${TAG:-''} -if [[ -z "$TAG" ]]; then - echo "Set your \$TAG variable to your registry server." - echo "export TAG=mytag" - exit 1 -fi - -ansible-playbook ansible/chain-operator-files.yml -operator-sdk generate bundle --operator-name awx-operator --version $TAG diff --git a/scripts/okd-console.yaml b/scripts/okd-console.yaml deleted file mode 100644 index b7dd08b8..00000000 --- a/scripts/okd-console.yaml +++ /dev/null @@ -1,115 +0,0 @@ -### Don't run this deployment in production -### The current configuration will run the -### OKD console without any authentication!!!! -### -### A prerequisite is to install the OLM -### as instructed at https://olm.operatorframework.io/docs/getting-started/#install-released-olm -### -### i.e: -### $ export olm_release=0.15.1 -### $ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${olm_release}/crds.yaml -### $ kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${olm_release}/olm.yaml -### -### This deployment is intented to run locally -### and to troubleshoot OLM UI changes. -### -### To access the console, then execute: -### kubectl port-forward svc/okd-console -n okd-console 9000:9000 -### -### Then point your browser: -### http://localhost:9000 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: okd-console ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - k8s-app: okd-console - name: okd-console - namespace: okd-console ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: okd-console - labels: - k8s-app: okd-console -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: okd-console - namespace: okd-console ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: okd-console - namespace: okd-console - labels: - k8s-app: okd-console -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: okd-console - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - labels: - k8s-app: okd-console - spec: - serviceAccountName: okd-console - containers: - - name: okd-console - image: quay.io/openshift/origin-console:4.9.0 - imagePullPolicy: IfNotPresent - livenessProbe: - tcpSocket: - port: web - initialDelaySeconds: 2 - periodSeconds: 10 - failureThreshold: 60 - readinessProbe: - tcpSocket: - port: web - initialDelaySeconds: 2 - periodSeconds: 10 - failureThreshold: 60 - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "1024Mi" - cpu: "550m" - ports: - - name: web - containerPort: 9000 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: okd-console - namespace: okd-console - labels: - k8s-app: okd-console -spec: - ports: - - name: web - targetPort: 9000 - port: 9000 - protocol: TCP - selector: - k8s-app: okd-console From ccff76dec5107089f6852311e49792daf8e6a841 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 18:36:03 -0400 Subject: [PATCH 19/22] Do not set default hostname for ingress --- roles/installer/defaults/main.yml | 2 +- roles/installer/templates/ingress.yaml.j2 | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 337145d1..6caa7214 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -53,7 +53,7 @@ route_tls_secret: '' # route_host: '' -hostname: '{{ ansible_operator_meta.name }}.example.com' +hostname: '' # Add a nodeSelector for the AWX pods. It must match a node's labels for the pod # to be scheduled on that node. Specify as literal block. E.g.: diff --git a/roles/installer/templates/ingress.yaml.j2 b/roles/installer/templates/ingress.yaml.j2 index f03b2af4..fb2a6f5f 100644 --- a/roles/installer/templates/ingress.yaml.j2 +++ b/roles/installer/templates/ingress.yaml.j2 @@ -17,8 +17,7 @@ metadata: {% endif %} spec: rules: - - host: '{{ hostname }}' - http: + - http: paths: - path: '{{ ingress_path }}' pathType: Prefix @@ -27,6 +26,9 @@ spec: name: '{{ ansible_operator_meta.name }}-service' port: number: 80 +{% if hostname %} + host: {{ hostname }} +{% endif %} {% if ingress_tls_secret %} tls: - hosts: From eaa4d33aeaec3df0232f2c0745bf7282916b28d3 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 18:38:28 -0400 Subject: [PATCH 20/22] Move test requirements out of github action workflow --- .github/workflows/ci.yaml | 11 ++--------- molecule/requirements.txt | 7 +++++++ molecule/requirements.yml | 8 ++++++++ 3 files changed, 17 insertions(+), 9 deletions(-) create mode 100644 molecule/requirements.txt create mode 100644 molecule/requirements.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6b5a0c63..17c888e6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -24,18 +24,11 @@ jobs: - name: Install Dependencies run: | - pip install \ - "molecule<3.5" \ - molecule-docker \ - yamllint \ - ansible-lint \ - openshift \ - jmespath \ - ansible-core + pip install -r molecule/requirements.txt - name: Install Collections run: | - ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util community.docker + ansible-galaxy collection install -r molecule/requirements.yml - name: Run Molecule env: diff --git a/molecule/requirements.txt b/molecule/requirements.txt new file mode 100644 index 00000000..19c52a8b --- /dev/null +++ b/molecule/requirements.txt @@ -0,0 +1,7 @@ +molecule +molecule-docker +yamllint +ansible-lint +openshift +jmespath +ansible-core diff --git a/molecule/requirements.yml b/molecule/requirements.yml new file mode 100644 index 00000000..d1eb52a5 --- /dev/null +++ b/molecule/requirements.yml @@ -0,0 +1,8 @@ +--- +collections: + - name: community.general + - name: kubernetes.core + version: 1.2.1 + - name: operator_sdk.util + - name: community.docker + - name: awx.awx From 86e0cf884f0fe36b1650622125a723b5207caf7e Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 29 Sep 2021 18:38:48 -0400 Subject: [PATCH 21/22] Add smoke test that verifies that basic jobs work --- config/samples/awx_v1beta1_awx.yaml | 2 ++ molecule/default/tasks/awx_test.yml | 19 +++++++++++++++---- molecule/kind/create.yml | 21 ++++++++++++++++++++- molecule/kind/molecule.yml | 1 - molecule/kind/prepare.yml | 29 +++++++++++++++++++++++++++++ 5 files changed, 66 insertions(+), 6 deletions(-) create mode 100644 molecule/kind/prepare.yml diff --git a/config/samples/awx_v1beta1_awx.yaml b/config/samples/awx_v1beta1_awx.yaml index 746072ba..81210b37 100644 --- a/config/samples/awx_v1beta1_awx.yaml +++ b/config/samples/awx_v1beta1_awx.yaml @@ -8,6 +8,8 @@ spec: foo: bar deployment_type: awx ingress_type: ingress + ingress_annotations: | + kubernetes.io/ingress.class: nginx web_resource_requirements: requests: cpu: 250m diff --git a/molecule/default/tasks/awx_test.yml b/molecule/default/tasks/awx_test.yml index 66cef064..f0f2c7f0 100644 --- a/molecule/default/tasks/awx_test.yml +++ b/molecule/default/tasks/awx_test.yml @@ -13,7 +13,18 @@ vars: cr_file: 'awx_v1beta1_awx.yaml' -# - name: Add assertions here -# assert: -# that: false -# fail_msg: FIXME Add real assertions for your operator +- name: Obtain generated admin password + k8s_info: + namespace: '{{ namespace }}' + kind: Secret + name: example-awx-admin-password + register: admin_pw_secret + +- name: Launch Demo Job Template + awx.awx.job_launch: + name: Demo Job Template + wait: yes + validate_certs: no + controller_host: localhost + controller_username: admin + controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}" diff --git a/molecule/kind/create.yml b/molecule/kind/create.yml index 66a84a14..a85d3fc7 100644 --- a/molecule/kind/create.yml +++ b/molecule/kind/create.yml @@ -5,4 +5,23 @@ gather_facts: false tasks: - name: Create test kind cluster - command: kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} + shell: | + cat < Date: Wed, 29 Sep 2021 20:24:00 -0400 Subject: [PATCH 22/22] Work around bug in k8s module with the "template" attribute --- roles/backup/tasks/error_handling.yml | 2 +- roles/backup/tasks/init.yml | 4 ++-- roles/restore/tasks/error_handling.yml | 2 +- roles/restore/tasks/init.yml | 2 +- roles/restore/tasks/secrets.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/backup/tasks/error_handling.yml b/roles/backup/tasks/error_handling.yml index 679f1cea..bc881b45 100644 --- a/roles/backup/tasks/error_handling.yml +++ b/roles/backup/tasks/error_handling.yml @@ -8,4 +8,4 @@ k8s: kind: Event namespace: "{{ ansible_operator_meta.namespace }}" - template: "event.yml.j2" + definition: "{{ lookup('template', 'event.yml.j2') }}" diff --git a/roles/backup/tasks/init.yml b/roles/backup/tasks/init.yml index 2806a401..65e6e92f 100644 --- a/roles/backup/tasks/init.yml +++ b/roles/backup/tasks/init.yml @@ -49,7 +49,7 @@ - name: Create PVC for backup k8s: kind: PersistentVolumeClaim - template: "backup_pvc.yml.j2" + definition: "{{ lookup('template', 'backup_pvc.yml.j2') }}" - name: Remove PVC ownerReference k8s: @@ -68,7 +68,7 @@ name: "{{ ansible_operator_meta.name }}-db-management" kind: Deployment state: present - template: "management-pod.yml.j2" + definition: "{{ lookup('template', 'management-pod.yml.j2') }}" wait: true - name: Look up details for this deployment diff --git a/roles/restore/tasks/error_handling.yml b/roles/restore/tasks/error_handling.yml index 679f1cea..bc881b45 100644 --- a/roles/restore/tasks/error_handling.yml +++ b/roles/restore/tasks/error_handling.yml @@ -8,4 +8,4 @@ k8s: kind: Event namespace: "{{ ansible_operator_meta.namespace }}" - template: "event.yml.j2" + definition: "{{ lookup('template', 'event.yml.j2') }}" diff --git a/roles/restore/tasks/init.yml b/roles/restore/tasks/init.yml index be5bc387..146b2ea8 100644 --- a/roles/restore/tasks/init.yml +++ b/roles/restore/tasks/init.yml @@ -76,7 +76,7 @@ name: "{{ ansible_operator_meta.name }}-db-management" kind: Deployment state: present - template: "management-pod.yml.j2" + definition: "{{ lookup('template', 'management-pod.yml.j2') }}" wait: true - name: Check to make sure backup directory exists on PVC diff --git a/roles/restore/tasks/secrets.yml b/roles/restore/tasks/secrets.yml index b1de1648..942b8b6f 100644 --- a/roles/restore/tasks/secrets.yml +++ b/roles/restore/tasks/secrets.yml @@ -60,7 +60,7 @@ namespace: "{{ ansible_operator_meta.namespace }}" apply: yes wait: yes - template: "secrets.yml.j2" + definition: "{{ lookup('template', 'secrets.yml.j2') }}" no_log: true - name: Remove ownerReference on restored secrets