Autogenerate database configuration and secret key if not provided

This also persists those after removal, so the database PV is still functional

roles/awx/defaults/main.yml

@@ -3,7 +3,6 @@ tower_task_privileged: false
 tower_ingress_type: none
 
 tower_hostname: example-awx.test
-tower_secret_key: aabbcc
 
 tower_admin_user: test
 tower_admin_email: test@example.com

roles/awx/tasks/main.yml

@@ -2,6 +2,27 @@
 - name: Include deployment type vars
   include_vars: "{{ deployment_type }}.yml"
 
+- name: Check for existing secret key
+  k8s_info:
+    kind: Secret
+    namespace: '{{ meta.namespace }}'
+    name: '{{ meta.name }}-secret-key'
+  register: secret_key_resources
+
+- name: Check for existing postgres configuration
+  k8s_info:
+    kind: Secret
+    namespace: '{{ meta.namespace }}'
+    name: '{{meta.name }}-postgres-configuration'
+  register: postgres_config_resources
+
+- name: Create Database configuration if it doesn't already exist
+  k8s:
+    apply: yes
+    definition: "{{ lookup('template', 'tower_postgres_secret.yaml.j2') }}"
+  register: k8s_postgres_config_result
+  when: postgres_config_resources['resources'] | length < 1 and not external_database | default(False) | bool
+
 - name: Create Database if External Database not selected
   k8s:
     apply: yes
@@ -24,6 +45,14 @@
     awx_postgres_port: "{{ postgres_configuration['resources'][0]['data']['port'] | b64decode }}"
     awx_postgres_host: "{{ postgres_configuration['resources'][0]['data']['host'] | b64decode }}"
 
+- name: Deploy Tower Secret Key if needed
+  k8s:
+    apply: yes
+    definition: "{{ lookup('template', 'tower_secret.yaml.j2') }}"
+  register: k8s_tower_secret_result
+  when: secret_key_resources['resources'] | length < 1
+  
+
 - name: Ensure configured AWX resources exist in the cluster.
   k8s:
     apply: yes
@@ -33,7 +62,12 @@
     - tower_config.yaml.j2
     - launch_awx.yaml.j2
     - supervisor.yaml.j2
-    - tower.yaml.j2
+
+- name: Apply Tower Deployment Configuration
+  k8s:
+    apply: yes
+    definition: "{{ lookup('template', 'tower.yaml.j2') }}"
+  register: tower_deployment_result
 
 - name: Get the AWX pod information.
   k8s_info:

roles/awx/templates/tower.yaml.j2

@@ -1,14 +1,13 @@
-# AWX Secret.
+# AWX Secret Configurations
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: '{{ meta.name }}-secrets'
-  namespace: '{{ meta.namespace }}'
-data:
-  secret_key: '{{ tower_secret_key | b64encode }}'
-  credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
-  environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}"
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: '{{ meta.name }}-secrets'
+    namespace: '{{ meta.namespace }}'
+  data:
+    credentials_py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
+    environment_sh: "{{ lookup('template', 'environment.sh.j2') | b64encode }}"
 
 # AWX Deployment.
 ---
@@ -167,7 +166,7 @@ spec:
                 path: 'environment.sh'
         - name: {{ meta.name }}-secret-key
           secret:
-            secretName: '{{ meta.name }}-secrets'
+            secretName: '{{ meta.name }}-secret-key'
             items:
               - key: secret_key
                 path: SECRET_KEY

roles/awx/templates/tower_postgres.yaml.j2

@@ -1,18 +1,3 @@
-# Postgres Secret.
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: '{{ meta.name }}-postgres-configuration'
-  namespace: '{{ meta.namespace }}'
-stringData:
-  password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}'
-  username: 'awx'
-  database: 'awx'
-  port: '5432'
-  host: {{ meta.name }}-postgres
-
-
 # Postgres StatefulSet.
 ---
 apiVersion: v1

roles/awx/templates/tower_postgres_secret.yaml.j2

@@ -0,0 +1,13 @@
+# Postgres Secret.
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: '{{ meta.name }}-postgres-configuration'
+  namespace: '{{ meta.namespace }}'
+stringData:
+  password: '{{ lookup('password', 'p' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}'
+  username: 'awx'
+  database: 'awx'
+  port: '5432'
+  host: {{ meta.name }}-postgres

roles/awx/templates/tower_secret.yaml.j2

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: '{{ meta.name }}-secret-key'
+  namespace: '{{ meta.namespace }}'
+stringData:
+  secret_key: '{{ lookup('password', 'ts' + meta.name + 'pg length=32 chars=ascii_letters,digits') }}'

roles/awx_remove/tasks/main.yml

@@ -0,0 +1,37 @@
+
+
+- name: Check for existing secret key
+  k8s_info:
+    kind: Secret
+    namespace: '{{ meta.namespace }}'
+    name: '{{ meta.name }}-secret-key'
+  register: secret_key_resources
+
+- name: Check for existing postgres configuration
+  k8s_info:
+    kind: Secret
+    namespace: '{{ meta.namespace }}'
+    name: '{{meta.name }}-postgres-configuration'
+  register: postgres_config_resources
+
+- name: Remove ownerReferences from PG configuration if it exists
+  k8s:
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: '{{ meta.name }}-postgres-configuration'
+        namespace: '{{ meta.namespace }}'
+        ownerReferences: null
+  when: postgres_config_resources['resources'] | length > 0
+
+- name: Remove ownerReferences from Tower Secret if it exists
+  k8s:
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: '{{ meta.name }}-secret-key'
+        namespace: '{{ meta.namespace }}'
+        ownerReferences: null
+  when: secret_key_resources['resources'] | length > 0