Update secrets.yml
We need to specify a container in environments that use sidecar injection, like in the case of istio service mesh. If the container is not specified, and a side car is injected so there are multiple containers running in the pod, this task will fail because a container was not specified in a pod with multiple containers.
The default paramater from the jinja map filter has been added in the
2.11.0 release.
However, the downstream ansible operator is still using ansible 2.9
with jinja 2.10.x so using the default parameter leads to the
following error:
TASK [Dump ingress tls secret names from awx spec and data into file]
********************************
The error was: jinja2.exceptions.FilterArgumentError: Unexpected
keyword argument 'default'
fatal: [localhost]: FAILED! => {
"msg": "Unexpected failure during module execution.",
"stdout": ""
}
Rather than using the default parameter with the map filter then add the
selectattr filter to get only the items with tls_secret defined and then
get the tls_secret attribute with the map filter.
This also gets rid of the when statement since we always get an empty
list when no tls_secret are present in ingress_hosts so the loop statement
will be skipped on the empty list.
Finally this changes the default value from the ingress_hosts field because
it's a list rather than a string.
https://jinja.palletsprojects.com/en/latest/templates/#jinja-filters.map
Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
* Replace api version for deployment kind to apps/v1
* Add new multiple ingress spec and deprecate hostname and ingress_tls_secret
* Manage new ingress_hosts.tls_secret backup separately
* Fix ci molecule lint warnings and error
* Fix documentation
* Fix ingress_hosts tls_secret key being optional
* Remove fieldDependency:ingress_type:Ingress for Ingress Hosts
* Fix scenario when neither hostname or ingress_hosts is defined
---------
Co-authored-by: Guillaume Lefevre <guillaume.lefevre@agoda.com>
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Christian Adams <chadams@redhat.com>
When there are e.g. multiple authenticated container registries used
we need to be able to add multiple imagePullSecrets to the k8s resource
Co-authored-by: Maximilian Meister <maximilian.meister@pm.me>
- This prevents us from overwriting vars unintentionally at restore time
- This will make it easier to add secrets to be backed up in the future
- Add generated secret names to awx spec backup
- Fail early if secret status doesn't exist
- Skip if secret is not in spec for non-generated secrets
- Secret values must be b64 decoded before secret is created
- Cleanup temp files
- renamed some more variables to be consistent with the pulp-operator
- removed unneeded vars from backup & restore crds
- added a way to parse spec at restore time by including vars to
get around the issue of triply nested quotes when using to_json
- set migrate data status even if custom name for old postgres config is not used
- Allow users to change pg name, pw & db name for a managed postgres
- set default value for postgres-configuration type as unmanaged if secret is created
- Make pg port configurable for managed deployments
