internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 05:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:0.11.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:0.17.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

244 Commits
0.11.0 ... 0.17.0

Author SHA1 Message Date
Shane McDonald
c02e05925e Merge pull request #797 from kdelee/sky-is-the-limit 
only set mem/cpu setting if limit is set
 2022-02-15 15:41:52 -05:00
Elijah DeLee
479c009716 only set mem/cpu setting if limit is set 
Otherwise, we get the too-low setting of the request, which
will be a rough experience for folks who have been using the operator
and are used to the experience of having entire underlying node capacity

Users can still set the setting via extra_settings to get the experience
of having each pod with a individualized capacity, or set a limit.
 2022-02-15 15:35:36 -05:00
Shane McDonald
7807bc516e Merge pull request #791 from kdelee/set_controlpod_mem_cpu 
set memory setting based on resource settings
 2022-02-15 14:12:41 -05:00
Elijah DeLee
3afcd7fd89 set memory and cpu setting based on resource settings 
This way we can start using this setting in AWX again to help fix
https://github.com/ansible/awx/issues/11640
 2022-02-15 14:09:21 -05:00
Shane McDonald
7002131dda Merge pull request #793 from kurokobo/readme 
Update TOC in README.md
 2022-02-12 13:04:17 -05:00
kurokobo
877943cc27 fix: update TOC in README.md 2022-02-12 16:49:17 +09:00
Shane McDonald
b59a0c5b80 Merge pull request #766 from nodje/Makefile-aarch64-patch 
Take into account `aarch64` architecture return from uname
 2022-02-11 17:36:10 -05:00
Shane McDonald
26b1eb6c87 Merge pull request #776 from arrase/feature/service_annotations 
Allow service annotations not only for LoadBalancer type
 2022-02-11 17:30:56 -05:00
Matthias R. Wiora
39437da72b feat(readme): add k8s cluster setup instructions (#592) 
Add instructions for using with existing kubernetes cluster
 2022-02-11 17:25:37 -05:00
Shane McDonald
e1645a2f8d Merge pull request #593 from kurokobo/upgrading 
Add steps to upgrade to 0.14.0
 2022-02-11 17:24:10 -05:00
Shane McDonald
224dde769a Merge pull request #536 from siju-vasudevan/patch-1 
LDAPSearch Module is missing
 2022-02-11 17:20:56 -05:00
Shane McDonald
eac2328bd3 Merge pull request #721 from longns1/update-makefile-undeploy 
update Makefile undeploy
 2022-02-10 10:19:10 -05:00
Shane McDonald
3be986c96c Merge pull request #783 from AlanCoding/loop_control 
Add some loop control for ansible warnings
 2022-02-10 10:18:26 -05:00
Shane McDonald
768bc2f857 Merge pull request #652 from shanemcd/url-prefix-support 
Support running AWX at non-root path
 2022-02-09 10:37:07 -05:00
Alan Rominger
f05faaaaa0 Add some loop control for ansible warnings 2022-02-04 16:12:28 -05:00
Shane McDonald
957566993b Merge pull request #782 from AlanCoding/not_that_one 
Avoid broken openshift package
 2022-02-04 15:36:33 -05:00
Alan Rominger
c95f3299b0 Avoid broken openshift package 2022-02-04 15:24:49 -05:00
Christian Adams
1a0e3cf410 Merge pull request #772 from rooftopcellist/always-run-pg-initContainer 
Always run database-check initContainer
 2022-02-02 16:16:34 -05:00
Christian Adams
9368b43614 Merge pull request #775 from rooftopcellist/pg-args-advanced 
Add OLM params for postgres_extra_vars
 2022-02-01 17:02:42 -05:00
Juan Ezquerro LLanes
108addc06e Allow service annotations not only for LoadBalancer 2022-02-01 20:49:37 +01:00
Shane McDonald
3a3260ffb7 Merge pull request #770 from john-westcott-iv/github_meta_changes 
Adding triage label to any new issue
 2022-02-01 13:15:18 -05:00
Christian M. Adams
960d1f8a32 Fix volume mount syntax error 
* conditionally run database-check init container only for managed db
    deployments
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2022-02-01 10:50:48 -05:00
Christian M. Adams
4d8f84eb74 Add OLM params for postgres_extra_vars 
* follow-up for https://github.com/ansible/awx-operator/pull/753
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2022-02-01 08:17:11 -05:00
John Westcott IV
1320c9d175 Fixing linting issues 2022-01-31 12:19:31 -05:00
Christian M. Adams
fab71e054e Always run database-check initContainer 2022-01-31 09:40:19 -05:00
John Westcott IV
3eede3c922 Adding triage label to any new issue 2022-01-30 13:59:22 -05:00
Christian Adams
d27ce3c34d Merge pull request #755 from rooftopcellist/mv-data-subPath 
Use an Init Container to move the pg data subPath in the pvc
 2022-01-27 19:55:48 -05:00
Shane McDonald
18d17f2485 Merge pull request #763 from sooslaca/devel 
Fix issue #762
 2022-01-27 08:16:33 -05:00
nodje
47d3ef57f2 Take into account aarch64 architecture return from uname 2022-01-26 09:32:16 +01:00
sooslaca
8f8336b25a Fix issue #762 
Fix https://github.com/ansible/awx-operator/issues/762
 2022-01-23 16:17:24 +01:00
Shane McDonald
4aeeb8db82 Merge pull request #698 from mhrivnak/remove-warning 
removes obsolete and confusing warning about project status
 2022-01-19 18:21:30 -05:00
Christian M. Adams
5b636bb8ea Use an Init Container to move the pg data subPath in the pvc 2022-01-13 23:17:33 -05:00
Christian Adams
83939ec007 Merge pull request #726 from Skaopap/feature_topology_constraints 
Add topology constraints to AWX CRD
 2022-01-13 21:16:23 -05:00
bthominet
608478e249 add topolgy_spread_constraints 2022-01-13 09:50:12 +01:00
Christian Adams
cb9e44fd4f Merge pull request #753 from rooftopcellist/pg-extra-config 
Add ability to configure extra args for postgres
 2022-01-11 14:38:55 -05:00
Christian M. Adams
cbd7da9dcf Add default for postgres_extra_args variable 2022-01-11 14:18:34 -05:00
chris93111
0f07a475b5 Add ability to configure extra args for postgres 
* add default extra args postgres

* add postgres_extra_args option to readme
 2022-01-11 12:44:18 -05:00
Christian Adams
a2222a9176 Merge pull request #717 from rooftopcellist/scale-down-app 
Scale down app pod when database is unavailable
 2022-01-07 14:33:58 -05:00
longns1
79152d2417 update to make undeploy in Makefile works correctly when namespace is not awx 2022-01-07 15:57:27 +07:00
Christian M. Adams
fdbe607189 Scale down app pod when database is unavailable 2022-01-04 17:07:39 -05:00
Christian Adams
4a43de5101 Merge pull request #702 from rooftopcellist/truncate-version-label 
Truncate image version label so that it avoids the 63 char k8s limit
 2021-12-20 21:41:40 -05:00
Christian M. Adams
345738cba3 Truncate image version label so that it avoids the 63 char k8s limit 
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-12-16 15:18:22 -05:00
Michael Hrivnak
f4995afb39 removes obsolete and confusing warning about project status 
This warning originated [two years
ago](6e6cd37ce6 (diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R18)).
The API is now at `v1beta1`, so it's probably not accurate to call it
"alpha" anymore.

Since AWX and awx-operator are both OSS upstream projects, there is
implicitly no vendor support from Red Hat. The warning about support can
lead to confusion, and potentially imply that some other part of AWX is
supported, as demonstrated in a recent [twitter
thread](https://twitter.com/vwbusguy/status/1470902780311212035). When
this warning was written, the operator was self-described as an
"installation method for Ansible Tower or AWX". Since then, it appears
that the operator is focused only on upstream AWX, so that presumably
removes any need to clarify vendor support status.
 2021-12-15 17:34:03 -05:00
Christian Adams
35062157e0 Merge pull request #690 from rooftopcellist/wait-for-postgres-2 
Do not try to wait for Postgres on external db deployments
 2021-12-10 15:03:50 -05:00
Christian M. Adams
3150d55af6 Do not try to wait for Postgres on external db deployments 
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-12-09 19:31:37 -05:00
Christian Adams
4c51ee28f5 Merge pull request #688 from rooftopcellist/wait-for-postgres 
Wait for Postgres to initialize before starting containers
 2021-12-08 14:56:48 -05:00
Christian M. Adams
fbd5803f10 Wait for Postgres to initialize before starting containers 2021-12-07 17:42:55 -05:00
Christian Adams
8972cae1cc Merge pull request #686 from rooftopcellist/fix-deploy-target-dev 
Fix deploy target for the devel branch
 2021-12-07 14:36:52 -05:00
Christian M. Adams
1d8b3d9b4c Fix deploy target for the devel branch 
* piping a make target within another target causes issues

Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-12-07 10:57:33 -05:00
Paul Belanger
57aa585a2e Merge pull request #663 from pabelanger/temp/catalog 2021-11-19 15:03:18 -05:00
Paul Belanger
752813c23e Add CONTAINER_CMD to Makefile 
This allows people to use podman if they want.

Signed-off-by: Paul Belanger <pabelanger@redhat.com>
 2021-11-19 14:32:21 -05:00
Christian Adams
48ee59e80f Merge pull request #662 from rooftopcellist/restore-vars 
Add in ansible debug logs env var
 2021-11-19 13:25:45 -05:00
Christian M. Adams
78fc099c75 Add in ansible debug logs env var 
* This will be added to the CSV automatically when make bundle is run

Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-11-19 10:03:04 -05:00
Shane McDonald
5b577603c8 Merge pull request #627 from steinbrueckri/add-make-task 
Add make task to create resources without applying to the cluster
 2021-11-19 21:08:27 +08:00
Shane McDonald
e5cfac2ba0 Merge pull request #660 from shanemcd/stage-operator 
Allow for independently staging awx-operator
 2021-11-19 16:29:31 +08:00
Shane McDonald
5ca536313a Add test for DEFAULT_AWX_VERSION 2021-11-19 08:17:16 +00:00
Shane McDonald
eaaf55e7f0 Drive-by lint fix, actually enforce line length 2021-11-19 08:16:34 +00:00
Shane McDonald
5d934ff2b5 Allow for independently staging awx-operator 2021-11-19 06:34:16 +00:00
Shane McDonald
84ab70f779 Fix secret name 2021-11-19 13:22:36 +08:00
Shane McDonald
d74b5baf45 Delete RELATED_ variables from upstream deployment 
I ran into a bug with this when releasing the latest version of AWX. RELATED_IMAGE_AWX always clobbers the version and does not respect `DEFAULT_AWX_VERSION`
 2021-11-19 13:16:24 +08:00
Shane McDonald
246bd829ec Merge pull request #658 from shanemcd/promote-releases 
Move to promotion-based release process
 2021-11-19 12:22:17 +08:00
Shane McDonald
c28e4729e6 Move to promotion-based release process 2021-11-19 02:29:16 +00:00
Christian Adams
da63fe4653 Merge pull request #656 from rooftopcellist/align-descriptions-2 
Add back CSV descriptions that got lost
 2021-11-18 09:43:19 -05:00
Christian M. Adams
7e2d726b26 Add more descriptions that got lost 2021-11-17 14:46:23 -05:00
Christian Adams
fd38c33f14 Merge pull request #654 from rooftopcellist/security-context-olm-params 
Add security_context_settings param to olm-params
 2021-11-17 14:35:07 -05:00
Christian M. Adams
a16e05d2f6 Add security_context_settings param to olm-params 
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-11-17 09:47:43 -05:00
Shane McDonald
1ad5c9e981 Merge pull request #653 from rooftopcellist/align-descriptions 
Minor description update
 2021-11-17 21:40:39 +08:00
Christian M. Adams
79ee798df7 Align upstream and downstream descriptions 2021-11-16 15:22:27 -05:00
Shane McDonald
c843194cbd Support running AWX at non-root path 2021-11-14 04:26:24 +00:00
Shane McDonald
d1d6785b7d Merge pull request #645 from shanemcd/pod-security-context 
Add support for arbitrary pod-level securityContext settings
 2021-11-11 06:16:56 +08:00
Shane McDonald
138964f7ab Add support for arbitrary pod-level securityContext settings 
This allows for doing stuff like this on the custom resource:

```
security_context_settings:
  runAsUser: 1000
  runAsGroup: 0
```

I added `snakeCaseParameters: False` because without it, variables like `runAsUser` become `run_as_user`... and that doesnt work.
 2021-11-10 21:36:42 +08:00
Yanis Guenane
b2479c8014 Merge pull request #632 from Spredzy/fix_control_image 
control_plane_ee: Honor proper ordering
 2021-11-02 11:02:51 +01:00
Yanis Guenane
277b772c46 control_plane_ee: Honor proper ordering 2021-11-02 10:45:11 +01:00
Yanis Guenane
7d20335cff Merge pull request #630 from Spredzy/fix_handshake 
Set default images, but use them as a last resort
 2021-11-02 10:13:16 +01:00
Yanis Guenane
fc713e7b73 Properly apply default when env lookup returns empty 2021-11-02 09:57:04 +01:00
Yanis Guenane
26856d528d Merge pull request #629 from Spredzy/hidemoreunhidden 
OLM: Mark as advanced more fields
 2021-11-01 15:02:18 +01:00
Christian M. Adams
7eb6d0e0f5 Set default images, but use them as a last resort 
* Only use them if user did not set an image, or RELATED_IMAGES_ var
    is not set

Signed-off-by: Christian M. Adams <chadams@redhat.com>
(cherry picked from commit bb957be9e6)
 2021-11-01 14:58:24 +01:00
Yanis Guenane
fd03731a72 OLM: Mark as advanced more fields 2021-11-01 14:12:14 +01:00
kurokobo
b0824acc48 Add steps to upgrade to 0.14.0 2021-10-29 22:01:10 -04:00
Richard Steinbrück
782f97c42c Add make task to create resources without applying to the cluster 2021-10-29 11:24:14 +02:00
Shane McDonald
09088b5b18 Merge pull request #620 from rooftopcellist/rename-image-vars 
Rename related image vars to be distinct across operators
 2021-10-27 12:59:02 -04:00
Christian M. Adams
29879f7064 Rename related image vars to be distinct across operators 2021-10-27 11:26:51 -04:00
Christian Adams
b866d682ef Merge pull request #616 from rooftopcellist/disconnected 
Use relatedImages to make disconnected deployments possible
 2021-10-26 08:37:20 -04:00
Christian M. Adams
8aee279634 Use relatedImages to make disconnected deployments possible 
* Add ability to pass images in from the CSV for disconnected installs

Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-10-26 00:26:16 -04:00
Yanis Guenane
071b67a814 Merge pull request #617 from rooftopcellist/unique-operator-image 
Rename operator image name to make it unique from resource & pulp
 2021-10-25 21:15:12 +02:00
Christian M. Adams
894b0ffa5f Rename operator image name to make it unique from resource & pulp operators 2021-10-25 14:02:59 -04:00
Shane McDonald
670b1f7d40 Merge pull request #612 from shanemcd/allow-awx-version-override 
Allow for overriding default AWX version as env var
 2021-10-20 17:13:25 -04:00
Shane McDonald
7b59c36263 Allow for overriding default AWX version as env var 2021-10-20 17:01:23 -04:00
Shane McDonald
c8d4ae16bb Merge pull request #613 from shanemcd/obtain-version-from-git 
Obtain version from git
 2021-10-18 17:56:01 -04:00
Shane McDonald
2e74c63c9e Obtain version from git tags 
If you `git checkout <some-released-tag>` this should just work. If you run this from the HEAD of devel, you will need to run `make docker-build docker-push` and override the appropriate image versions.
 2021-10-18 17:37:26 -04:00
Shane McDonald
706dc80f17 Revert "Lookup version from git when building bundle / catalog" 
This reverts commit 7fd4d46f6e.
 2021-10-18 17:37:26 -04:00
Shane McDonald
3d6094a5b0 Merge pull request #606 from rooftopcellist/generate-csv 
Inject OLM parameters when generating bundle
 2021-10-15 14:04:40 -04:00
Christian M. Adams
37470a0943 Inject OLM parameters when generating bundle 
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-10-14 01:18:27 -04:00
Shane McDonald
b65ba92b08 Merge pull request #605 from shanemcd/get-scm-version-for-bundle 
Get version from tags when building bundle / catalog
 2021-10-13 15:10:25 -04:00
Shane McDonald
7fd4d46f6e Lookup version from git when building bundle / catalog 
VERSION = "latest" breaks `make bundle` and `make catalog`.
 2021-10-13 14:59:32 -04:00
Shane McDonald
eaff6898a4 Ignore files generated by bundle / catalog Make targets 2021-10-13 14:54:55 -04:00
Shane McDonald
38c64a504d Merge pull request #559 from oliverf1/redis_capabilities 
Add an option to specify container capabilities for the redis container
 2021-10-13 14:24:23 -04:00
Shane McDonald
563bdd6360 Merge pull request #602 from shanemcd/kind-load-docker-image 
Copy awx image into kind cluster in molecule tests
 2021-10-11 18:25:02 -04:00
Shane McDonald
9eb0e35861 Copy awx image into kind cluster in molecule tests 
This only happens when overriding the AWX image used in tests.
 2021-10-11 18:14:57 -04:00
Shane McDonald
21fe2646b4 Merge pull request #598 from shanemcd/show-me-the-errors 
Surface any errors that happen while launching demo jt in tests
 2021-10-08 14:58:39 -04:00
Shane McDonald
ebbb87f9a6 Surface any errors that happen while launching demo jt in tests 2021-10-08 14:45:57 -04:00
Shane McDonald
ee2980b8bb Merge pull request #589 from shanemcd/override-awx-image-in-tests 
Allow for overridding awx image in tests
 2021-10-06 20:08:12 -04:00
Shane McDonald
2426956a0a Allow for overridding awx image in tests 2021-10-06 19:57:36 -04:00
Shane McDonald
391e0bb1b8 Merge pull request #587 from shanemcd/no-hardcoded-versions 
Introduce latest tag
 2021-10-05 21:31:08 -04:00
Shane McDonald
5e7fe9b05f Tag releases as "latest" 2021-10-05 21:20:10 -04:00
Shane McDonald
685c5efc94 Switch to latest tag 2021-10-05 21:20:02 -04:00
Shane McDonald
e3d5827951 Merge pull request #586 from shanemcd/no-hardcoded-versions 
Remove hardcoded versions from repo
 2021-10-05 21:11:32 -04:00
Shane McDonald
ebb4e76e1c Merge pull request #585 from shanemcd/fix-devel-workflow 
Fix devel workflow
 2021-10-05 20:58:59 -04:00
Shane McDonald
f62b66d4ae Remove hardcoded versions from repo 2021-10-05 20:56:29 -04:00
Shane McDonald
1f73e2ca32 Fix devel workflow 2021-10-05 20:51:56 -04:00
Shane McDonald
48f990f4a1 Merge pull request #579 from sdigit/devel 
Add Ingress path type option
 2021-10-04 17:58:14 -04:00
Sean Davis
b1dcf16fc8 Add Ingress path type option (#1) 
* make ingress_path_type an option

* add to spec
 2021-10-04 10:31:56 -05:00
Shane McDonald
9e9457cf99 Fix release workflow 2021-10-03 10:19:07 -04:00
Shane McDonald
b59205ce69 Fix release workflow 2021-10-03 10:12:23 -04:00
Olivier
f0c5d1b4e3 Add an option to specify container capabilities for the redis container 
With some kubernetes clusters and settings, you might need to specify
some capabilities so the container can start. For example, the CHOWN,
SETUID and SETGID capabilties.
Setting the redis_capabilities option will add the capabilities in
the deployment.
 2021-10-02 18:43:37 -04:00
Shane McDonald
d6eafcd85b Merge pull request #577 from shanemcd/awx-19.4.0 
Bump AWX version
 2021-10-02 16:16:07 -04:00
Shane McDonald
eb0d3cdebf Merge pull request #576 from jamesmarshall24/pr-issue-565 
Note for wrapping pg password in quotes
 2021-10-02 15:32:46 -04:00
Shane McDonald
ad2b49ab29 Update release workflow 
To work with newer versions of operator-sdk
 2021-10-02 15:27:41 -04:00
Shane McDonald
1095bc0518 Use AWX 19.4.0 2021-10-02 15:23:55 -04:00
jamesmarshall24
133dfc5138 Note for wrapping pg password in quotes 
- Add a note suggesting the password for postgres stringData be wrapped in quotes especially for passwords with special characters.
 2021-10-01 16:00:07 -07:00
Shane McDonald
7e4923864f Merge pull request #567 from craph/devel 
Fix: Enhance migration documentation
 2021-10-01 14:00:30 -04:00
Shane McDonald
ebe5d1e2f4 Merge pull request #569 from shanemcd/sdk-1.x 
Migrate project to operator-sdk 1.x
 2021-10-01 10:44:38 -04:00
Shane McDonald
8b64670146 Work around bug in k8s module with the "template" attribute 2021-09-29 20:24:00 -04:00
Shane McDonald
86e0cf884f Add smoke test that verifies that basic jobs work 2021-09-29 18:39:27 -04:00
Shane McDonald
eaa4d33aea Move test requirements out of github action workflow 2021-09-29 18:39:27 -04:00
Shane McDonald
ccff76dec5 Do not set default hostname for ingress 2021-09-29 18:39:27 -04:00
Shane McDonald
91d17eabef Delete scripts/ directory 2021-09-29 18:39:27 -04:00
Shane McDonald
ca72423ca4 Update release process docs 2021-09-29 18:39:27 -04:00
Shane McDonald
12361d6ff1 Delete files no longer necessary 2021-09-29 18:39:26 -04:00
Shane McDonald
e9ade56842 Add note about upgrading to 0.14.0 2021-09-29 18:39:26 -04:00
Shane McDonald
cf22f9ba52 Fix link to upgrade docs 2021-09-29 18:39:26 -04:00
Shane McDonald
d4c8fd67f3 Update readme 2021-09-29 18:39:26 -04:00
Shane McDonald
d9fbda5e15 Add ability to override namespace when running make deploy 2021-09-29 18:39:26 -04:00
Shane McDonald
aa969e2a93 yamllint: ignore files managed by kustomize 2021-09-29 18:39:26 -04:00
Shane McDonald
d27bb69b96 Lower resource requirements to get CI passing 2021-09-29 18:39:25 -04:00
Shane McDonald
85f3c23788 Whitespace fixes 2021-09-29 18:39:25 -04:00
Shane McDonald
965647f933 Update tests to use kubernetes.core 2021-09-29 18:39:25 -04:00
Shane McDonald
88dd0e648e Force install of correct kustomize version in GHA 2021-09-29 18:39:25 -04:00
Shane McDonald
59efcb7be8 Install community.docker in tests 2021-09-29 18:39:25 -04:00
Shane McDonald
48ab801c8c Adopt the new molecule/ directory structure from the operator-sdk 1.x scaffolding 2021-09-29 18:39:25 -04:00
Shane McDonald
65b89ea7bd Fix ansible-lint 2021-09-29 18:39:24 -04:00
Shane McDonald
69203723ef Update scaffolding to pass yamllint 2021-09-29 18:39:24 -04:00
Shane McDonald
e97def4429 meta -> ansible_operator_meta 2021-09-29 18:39:24 -04:00
Shane McDonald
316d08ccb4 Begin to migrate towards operator-sdk 1.x project structure 2021-09-29 18:39:22 -04:00
Raphaël COMBEAU
26fb620a40 Fix: Enhance migration documentation refs: https://github.com/ansible/awx-operator/issues/557 2021-09-28 16:29:42 +02:00
Yanis Guenane
302957e509 Merge pull request #541 from rooftopcellist/restrict-sa 
Move to namespace-scoped operator for better security & isolation
 2021-09-21 09:30:47 +02:00
Christian M. Adams
8bd6cffd7b Add namespace-scoped upgrade docs & changelog entry 2021-09-20 17:21:42 -04:00
Christian M. Adams
58c3ebf4b0 Move to a per-namespace deployment approach 
* This increases security, the awx-operator SA has less cluster-wide
    access
  * This means one operator can only deploy to a single namespace
  * If AWX deployments are needed in multiple namespaces, multiple
    awx-operators can be deployed to accomplish this.

Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-09-20 09:15:10 -04:00
Christian M. Adams
fcbf8b5715 Reduce awx-operator service account permissions 2021-09-20 09:15:09 -04:00
Yanis Guenane
1165492185 Merge pull request #552 from fao89/color 
Pinning molecule
 2021-09-20 10:04:27 +02:00
Fabricio Aguiar
47c32d3e18 Pinning molecule 
- temporarily pin molecule
- add color to molecule run
 2021-09-17 17:20:02 -03:00
siju-vasudevan
38ec4a3b00 LDAPSearch Module is missing 
Since LDAPSearch Module is missing LDAP authentication is not working if you configure the LDAP configuration via extra_settings.
 2021-09-09 10:04:30 +05:30
Christian Adams
c235c6d7e8 Merge pull request #523 from eoq/eoq-patch-1 
Add Uninstall section
 2021-09-08 22:36:37 -04:00
eoq
054d5eb93f Update README.md 
added some quotes
 2021-09-08 22:14:08 -04:00
eoq
b684a5de35 Update README.md 
one more tweak to uinstall comments
 2021-09-08 16:03:18 -04:00
eoq
e6d7f88a33 Update README.md 
modified uninstall section based on PR review feedback
 2021-09-08 16:01:48 -04:00
Christian Adams
c24f191ec6 Merge pull request #534 from rooftopcellist/mount-receptor-config-followup 
Make receptor.conf path consistent between containers
 2021-09-08 09:46:54 -04:00
Christian M. Adams
fc9cd6bdb1 Make receptor.conf path consistent between containers 2021-09-08 09:11:37 -04:00
Christian Adams
e3b746f1c5 Merge pull request #529 from rooftopcellist/mount-receptor-config 
Mount receptor config in awx-task container
 2021-09-08 08:57:43 -04:00
Christian M. Adams
eb4b5b9b90 Mount receptor config in awx-task container 2021-09-07 18:49:26 -04:00
Christian Adams
f3cdf57f0d Merge pull request #501 from BongoEADGC6/devel 
Added nodeport port properties
 2021-09-07 09:09:10 -04:00
eoq
cd9bbc3a0e Add Uninstall section 
Just a quick instruction on how to remove an AWX deployment from a new user who struggled with it for a bit.
 2021-09-05 07:38:16 -04:00
Marcelo Moreira de Mello
4519dbdff7 Merge pull request #512 from thorian93/patch-1 
Add clarification for inexperienced users
 2021-09-02 12:32:18 -04:00
Christian Adams
549b8ca4c2 Merge pull request #508 from rooftopcellist/selective-v1-shift 
Use v1 extensions because v1beta1 is being removed
 2021-08-27 16:56:57 -04:00
Christian M. Adams
1df3df11ce Use v1 extensions because v1beta1 is being removed 
Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2021-08-27 13:28:07 -04:00
Thorian93
12e38b7f69 Add clarification for inexperienced users 
We hit that issue ourselves and it took us weeks until someone pointed out our error.
As it feels like this could hit other users inexperienced with kubernetes too, I propose this note.
 2021-08-27 09:40:11 +02:00
Cliff Hults
fa410ae882 Fixing nodeport_port table default 2021-08-16 13:46:04 -04:00
Cliff Hults
9b072aa549 Added nodeport properties 2021-08-14 19:50:29 -04:00
Shane McDonald
0da8f41a86 Merge pull request #500 from shanemcd/0.13.0 
Bump versions / OLM metadata
 2021-08-12 23:22:31 -04:00
Shane McDonald
8ac0de159a Bump versions / OLM metadata 2021-08-12 23:12:22 -04:00
Shane McDonald
dcc32aa052 Merge pull request #499 from rooftopcellist/revert-fs-perm 
Revert initContainer change to address FS permissions issues
 2021-08-12 17:51:17 -04:00
Christian M. Adams
8952d8fd64 Revert "pgsql uses initContainer to address FS permissions" 
This reverts commit 99d77dff99.
 2021-08-12 15:51:15 -04:00
Christian M. Adams
ebaa407444 Revert "Added fsGroup" 
This reverts commit 649f0cc3fb.
 2021-08-12 15:50:42 -04:00
Christian Adams
47cec1f28d Merge pull request #485 from tchellomello/fsGroup-pgsql 
pgsql uses initContainer to address FS permissions
 2021-08-12 15:36:46 -04:00
Christian Adams
e636363e9e Merge pull request #495 from ansible/awx-ee-latest 
use awx-ee:latest
 2021-08-11 16:26:59 -04:00
Elijah DeLee
91d299926a update name of ee as well as the image 2021-08-11 14:54:24 -04:00
Elijah DeLee
01fe816fe8 use awx-ee:latest 
We are updating the requirements in awx to get the latest receptor and runner in the task container,
we should also have the latest in the EE

see https://github.com/ansible/awx/pull/10861 and https://github.com/ansible/awx/pull/10858
 2021-08-11 11:41:12 -04:00
Marcelo Moreira de Mello
649f0cc3fb Added fsGroup 2021-07-31 00:56:20 -04:00
Marcelo Moreira de Mello
99d77dff99 pgsql uses initContainer to address FS permissions 2021-07-31 00:50:30 -04:00
Christian Adams
f0b439c125 Merge pull request #464 from js-rwwa/devel 
Define ingress path as variable for deployments
 2021-07-26 09:54:13 -04:00
Marcelo Moreira de Mello
4651216cc0 Merge pull request #413 from tchellomello/fsGroup 
Use fsGroup and handles NFS shares
 2021-07-21 12:06:29 -04:00
Marcelo Moreira de Mello
24916c6fa1 Using fsGroup and extends propers via InitContainer (NFS) 2021-07-21 10:36:55 -04:00
tabjer
e36b1a3b2c Reset for some changes, updated crd and regenerated files 2021-07-15 08:44:30 +08:00
tabjer
cc6cb4b990 Updated awx-operator, crds for ingress_path 2021-07-12 12:23:11 +08:00
tabjer
0cd6d722af Updated ingress documentation 2021-07-12 09:20:52 +08:00
tabjer
3a330e4943 Added default ingress_path, made it an overridable var 2021-07-12 09:09:01 +08:00
Marcelo Moreira de Mello
6e59e24c40 Merge pull request #463 from bluikko/patch-1 
Typo in README.md
 2021-07-10 01:23:30 -04:00
bluikko
5c8897554a Typo in README.md 
"from-file" mistyped as "from-fle"
 2021-07-10 11:46:53 +07:00
Christian Adams
a8881c4de3 Merge pull request #460 from rooftopcellist/no_log_creds 
Set no_log on all tasks that could leak secrets in logs
 2021-07-08 09:11:25 -04:00
Christian M. Adams
68b00efe5e Set no_log on all tasks that could leak secrets in logs 2021-07-07 18:19:31 -04:00
Shane McDonald
3fd13f58f1 Merge pull request #456 from nntrn/patch-1 
Update README.md
 2021-07-06 12:54:13 -04:00
Shane McDonald
c43da3c1d1 Merge pull request #453 from EagleIJoe/fix_route_status 
added openshift api version
 2021-07-06 12:50:51 -04:00
annie tran
f8d5595032 Update README.md 
Add demonstration for running kubectl inside minikube and add step to create alias
 2021-07-06 10:30:48 -05:00
Martin Adler
c9ec522956 added openshift api version 2021-07-05 11:12:34 +02:00
Yanis Guenane
adbdf82aa3 Merge pull request #450 from Zokormazo/secrets 
Backup and restore secret type
 2021-07-02 14:05:17 +02:00
Yanis Guenane
3f75d9a782 Merge pull request #448 from Zokormazo/disown-restored-secrets 
Remove ownerReference on restored secrets
 2021-07-02 14:02:55 +02:00
Julen Landa Alustiza
663c009cf4 Backup and restore secret type 
Signed-off-by: Julen Landa Alustiza <jlanda@redhat.com>
 2021-07-02 13:07:44 +02:00
Julen Landa Alustiza
c1b29505d9 Remove ownerReference on restored secrets 
Signed-off-by: Julen Landa Alustiza <jlanda@redhat.com>
 2021-07-02 11:44:12 +02:00
Christian Adams
328c92ffe6 Merge pull request #446 from rooftopcellist/missing-secrets 
Do not check for default ee-pull-cred secret
 2021-07-01 15:17:12 -04:00
Christian M. Adams
cf2cd14154 Do not check for default ee-pull-cred secret 
* fix nested var ref for awx_spec.spec
 2021-07-01 15:05:18 -04:00
Yanis Guenane
e86799e05f Merge pull request #447 from rooftopcellist/namespace-not-required 
Namespace not required
 2021-07-01 21:01:58 +02:00
Christian M. Adams
1c74472b49 Namespace option always available in catalog for restores 2021-07-01 12:45:22 -04:00
Christian M. Adams
b79ab92714 Use restore namespace as default if none provided 2021-07-01 11:26:53 -04:00
Yanis Guenane
c0ff27a8e6 Merge pull request #444 from Spredzy/hide_postgres 
Backup and Restore: Hide postgres_image overide
 2021-07-01 15:16:46 +02:00
Yanis Guenane
a214264083 Backup and Restore: Hide postgres_image overide 2021-07-01 14:17:07 +02:00
Shane McDonald
869e7e3ef0 Merge pull request #442 from shiinro/devel 
add image_pull_secret to postgres install
 2021-06-30 15:33:27 -04:00
h-dev.inns-tools.ext
1ddbef6105 add image_pull_secret to postgres install 2021-06-30 20:43:33 +02:00
Shane McDonald
80001a192a Merge pull request #441 from rooftopcellist/add-gen-secrets 
Fix var so that generated secret names are added to spec backup
 2021-06-30 12:52:22 -04:00
Christian M. Adams
8b2bfa7380 Fix var so that generated secret names are added to spec backup 2021-06-30 10:57:42 -04:00
Yanis Guenane
8f43d8fe51 Merge pull request #438 from Spredzy/fix_incorrect_type 
olm-catalog: Update incorrect type for image_pull_secret
 2021-06-29 13:53:50 +02:00
Yanis Guenane
920db19f52 olm-catalog: Update incorrect type for impage_pull_secret 2021-06-29 11:49:52 +02:00
Yanis Guenane
60e9d254d5 Merge pull request #437 from Spredzy/fix_init_container_typo 
olm-catalog: Setup accurate path var for init_container_image_version
 2021-06-29 11:25:16 +02:00
Yanis Guenane
f218feb580 olm-catalog: Setup accurate path var for init_container_image_version 2021-06-29 10:46:23 +02:00
Shane McDonald
555dc8516a Merge pull request #436 from shanemcd/bump-0.12.0 
Bump versions for next release
 2021-06-28 18:31:19 -04:00
Shane McDonald
34958282d2 Merge pull request #435 from rooftopcellist/keep-spec-newlines 
Preserve newlines in AWX spec
 2021-06-28 17:50:54 -04:00
Christian M. Adams
6b01ada12b preserve newlines in AWX spec 2021-06-28 17:39:01 -04:00
Shane McDonald
e28d114d78 Bump versions for next release 2021-06-28 17:26:06 -04:00
Julen Landa Alustiza
cd312c6d70 Merge pull request #431 from Zokormazo/ca-fields-to-advanced 
olm-catalog: Add missing custom trusted CA related fields
 2021-06-28 11:02:20 +02:00
Shane McDonald
82422b8510 Merge pull request #412 from tchellomello/enhanhce_docs_ee 
Enhances ee* documentation
 2021-06-25 13:19:07 -04:00
Christian Adams
c7c97da68e Merge pull request #430 from rooftopcellist/backup-ee-pull-secret 
Backup ingress, bundle & ee pull secrets
 2021-06-25 12:00:12 -04:00
Shane McDonald
657b5b67db Merge pull request #432 from shanemcd/fix-extra-settings 
Allow for types other than strings to be passed to extra_settings
 2021-06-25 09:56:50 -04:00
Shane McDonald
b664b920dc Allow for types other than strings to be passed to extra_settings 
This feature was not working as intended
 2021-06-25 09:47:08 -04:00
Julen Landa Alustiza
7ea60efe3e olm-catalog: Add missing custom trusted CA related fields 
Signed-off-by: Julen Landa Alustiza <jlanda@redhat.com>
 2021-06-25 11:36:36 +02:00
Christian M. Adams
f5c8b33b40 Backup ingress, bundle & ee pull secrets 2021-06-24 13:50:49 -04:00
Julen Landa Alustiza
a28a744f00 Merge pull request #429 from Zokormazo/explicitly-nullify-ownerreference 
Explicitly nullify ownerReference on operator created backup pvc
 2021-06-24 15:39:47 +02:00
Julen Landa Alustiza
68aaf1db79 Explicitly nullify ownerReference on operator created backup pvc 
Signed-off-by: Julen Landa Alustiza <jlanda@redhat.com>
 2021-06-24 14:58:18 +02:00
Shane McDonald
b8d6dcfbf2 Merge pull request #427 from shanemcd/fix-secrets-with-newlines 
Preserve newlines when restored secrets contain newlines
 2021-06-23 20:09:08 -04:00
Shane McDonald
0ea9a04028 Preserve newlines when restored secrets contain newlines 2021-06-23 19:57:44 -04:00
Shane McDonald
e448d0ec8e Merge pull request #425 from rooftopcellist/downgrade-kubernetes-module 
Downgrade kubernetes module to 1.1.1 because of template bug
 2021-06-23 17:20:40 -04:00
Shane McDonald
cb14c9a1fc Pin to different version of kubernetes.core for CI usage 
Bugs everywhere!
 2021-06-23 17:07:27 -04:00
Shane McDonald
ca52b6c1c7 Merge pull request #423 from dolgovas/devel 
Update README.md
 2021-06-23 16:09:49 -04:00
Christian M. Adams
d3cfc55944 Downgrade kubernetes module to 1.1.1 because of template bug 2021-06-23 14:38:48 -04:00
dolgovas
00fd08e731 Update README.md 
Add additional information about `image_pull_secret`
 2021-06-23 20:06:41 +03:00
Yanis Guenane
e0c865a9f7 Merge pull request #419 from Spredzy/update_vendored 
vendor: update dir with kubernetes.core
 2021-06-23 00:49:50 +02:00
Yanis Guenane
53ffc8fdae vendor: update dir with kubernetes.core 2021-06-23 00:37:37 +02:00
Shane McDonald
6c1f251558 Merge pull request #417 from shanemcd/fix-uuid 
Fix SYSTEM_UUID
 2021-06-22 15:02:06 -04:00
Shane McDonald
7310b43a5c Use kubernetes.core 2021-06-22 14:52:54 -04:00
Shane McDonald
9a54ae2937 Delete test-local, run test-minikube in CI 
bsycorp/kind is broken. See https://github.com/bsycorp/kind/issues/44
 2021-06-22 14:35:39 -04:00
Shane McDonald
64c55c8824 Fix SYSTEM_UUID 2021-06-21 09:49:36 -04:00
Marcelo Moreira de Mello
9cc8aeeb4b Enhance ee documentation 2021-06-18 13:53:22 -04:00
Marcelo Moreira de Mello
d6d39889c4 Merge pull request #401 from tchellomello/custom-ca 
Added ability to trust a custom bundle CA
 2021-06-18 12:07:51 -04:00
Yanis Guenane
68a6a55cfc Merge pull request #411 from Spredzy/remove_extra_space 
awx-cro.yml: Remove extra space
 2021-06-18 10:23:58 +02:00
Yanis Guenane
ad036c2e65 awx-cro.yml: Remove extra space 
Fixes: https://github.com/ansible/awx-operator/issues/410
 2021-06-18 09:54:49 +02:00
Marcelo Moreira de Mello
f2e43db37c Added ability to trust a custom bundle CA 2021-06-18 01:48:50 -04:00
171 changed files with 3263 additions and 4306 deletions
Expand all files Collapse all files

3
.github/issue_labeler.yml vendored Normal file
View File

@@ -0,0 +1,3 @@
---
needs_triage:
- '.*'

17
.github/workflows/ci.yaml vendored
View File

@@ -24,21 +24,18 @@ jobs:
- name: Install Dependencies
run: |
pip install \
molecule \
molecule-docker \
yamllint \
ansible-lint \
openshift \
jmespath \
ansible
pip install -r molecule/requirements.txt
- name: Install Collections
run: |
ansible-galaxy collection install community.kubernetes operator_sdk.util
ansible-galaxy collection install -r molecule/requirements.yml
- name: Run Molecule
env:
MOLECULE_VERBOSITY: 3
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
run: |
molecule test -s test-local
sudo rm -f $(which kustomize)
make kustomize
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind

11
.github/workflows/devel.yaml vendored
View File

@@ -13,16 +13,9 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Install Operator-SDK
run: |
mkdir -p $GITHUB_WORKSPACE/bin
wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: Build Image
run: |
operator-sdk build awx-operator:devel
IMG=awx-operator:devel make docker-build
- name: Push To Quay
uses: redhat-actions/push-to-registry@v2.1.1
@@ -30,5 +23,5 @@ jobs:
image: awx-operator
tags: devel
registry: quay.io/ansible/
username: ${{ secrets.QUAY_USERNAME }}
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}

25
.github/workflows/promote.yaml vendored Normal file
View File

@@ -0,0 +1,25 @@
---
name: Promote AWX Operator image
on:
release:
types: [published]
jobs:
promote:
runs-on: ubuntu-latest
steps:
- name: Log in to GHCR
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Log in to Quay
run: |
echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
- name: Re-tag and promote awx-operator image
run: |
docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
docker push quay.io/${{ github.repository }}:latest

35
.github/workflows/release.yaml vendored
View File

@@ -1,35 +0,0 @@
---
name: Release
on:
release:
types:
- created
jobs:
release:
runs-on: ubuntu-18.04
name: Push tagged image to Quay
steps:
- uses: actions/checkout@v2
- name: Install Operator-SDK
run: |
mkdir -p $GITHUB_WORKSPACE/bin
wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: Build Image
run: |
operator-sdk build awx-operator:${{ github.event.release.tag_name }}
- name: Push To Quay
uses: redhat-actions/push-to-registry@v2.1.1
with:
image: awx-operator
tags: ${{ github.event.release.tag_name }}
registry: quay.io/ansible/
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

84
.github/workflows/stage.yml vendored Normal file
View File

@@ -0,0 +1,84 @@
---
name: Stage Release
on:
workflow_dispatch:
inputs:
version:
description: 'Version to stage'
required: true
default_awx_version:
description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
required: true
confirm:
description: 'Are you sure? Set this to yes.'
required: true
default: 'no'
jobs:
stage:
runs-on: ubuntu-latest
permissions:
packages: write
contents: write
steps:
- name: Verify inputs
run: |
set -e
if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
>&2 echo "Confirm must be 'yes'"
exit 1
fi
if [[ ${{ github.event.inputs.version }} == "" ]]; then
>&2 echo "Set version to continue."
exit 1
fi
exit 0
- name: Checkout awx
uses: actions/checkout@v2
with:
repository: ${{ github.repository_owner }}/awx
path: awx
- name: Checkout awx-operator
uses: actions/checkout@v2
with:
repository: ${{ github.repository_owner }}/awx-operator
path: awx-operator
- name: Install playbook dependencies
run: |
python3 -m pip install docker
- name: Log in to GHCR
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and stage awx-operator
working-directory: awx-operator
run: |
BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }}" \
IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
VERSION=${{ github.event.inputs.version }} make docker-build docker-push
- name: Run test deployment
working-directory: awx-operator
run: |
python3 -m pip install -r molecule/requirements.txt
ansible-galaxy collection install -r molecule/requirements.yml
sudo rm -f $(which kustomize)
make kustomize
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
env:
AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
- name: Create draft release
working-directory: awx
run: |
ansible-playbook tools/ansible/stage.yml \
-e version=${{ github.event.inputs.version }} \
-e repo=${{ github.repository_owner }}/awx-operator \
-e github_token=${{ secrets.GITHUB_TOKEN }}

22
.github/workflows/triage_new.yml vendored Normal file
View File

@@ -0,0 +1,22 @@
---
name: Triage
on:
issues:
types:
- opened
jobs:
triage:
runs-on: ubuntu-latest
name: Label
steps:
- name: Label issues
uses: github/issue-labeler@v2.4.1
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
not-before: 2021-12-07T07:00:00Z
configuration-path: .github/issue_labeler.yml
enable-versioned-regex: 0
if: github.event_name == 'issues'

4
.gitignore vendored
View File

@@ -1,2 +1,6 @@
*~
.cache/
/bin
/bundle
/bundle_tmp*
/bundle.Dockerfile

5
.yamllint
View File

@@ -3,10 +3,11 @@ extends: default
ignore: |
.cache/
deploy/olm-catalog
kustomization.yaml
awx-operator.clusterserviceversion.yaml
bundle
rules:
truthy: disable
line-length:
max: 170
level: warning

32
CHANGELOG.md
View File

@@ -2,6 +2,12 @@
This is a list of high-level changes for each release of `awx-operator`. A full list of commits can be found at `https://github.com/ansible/awx-operator/releases/tag/<version>`.
# 0.14.0 (TBA)
- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x.
- To avoid a headache, you probably want to delete your existing operator Deployment and follow the README.
- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change)
# 0.10.0 (Jun 1, 2021)
- Make tower_ingress_type to respect ClusterIP definition (Marcelo Moreira de Mello) - e37c091 (breaking_change)
@@ -21,17 +27,17 @@ This is a list of high-level changes for each release of `awx-operator`. A full
# 0.9.0 (May 1, 2021)
- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
- Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change)
- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
- Add tower_ingress_type NodePort (stal) - 1b87616
- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c
- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
- Add tower_ingress_type NodePort (stal) - 1b87616
- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c

9
build/Dockerfile → Dockerfile
View File

@@ -1,11 +1,12 @@
FROM quay.io/operator-framework/ansible-operator:v0.19.4
FROM quay.io/operator-framework/ansible-operator:v1.12.0
ARG DEFAULT_AWX_VERSION
ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
# Install Ansible requirements.
COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
&& chmod -R ug+rwx ${HOME}/.ansible
COPY watches.yaml ${HOME}/watches.yaml
COPY main.yml ${HOME}/main.yml
COPY roles/ ${HOME}/roles/
COPY playbooks/ ${HOME}/playbooks/

184
Makefile Normal file
View File

@@ -0,0 +1,184 @@
# VERSION defines the project version for the bundle.
# Update this value when you upgrade the version of your project.
# To re-generate a bundle for another specific version without changing the standard setup, you can:
# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
VERSION ?= $(shell git describe --tags)
CONTAINER_CMD ?= docker
# CHANNELS define the bundle channels used in the bundle.
# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
# To re-generate a bundle for other specific channels without changing the standard setup, you can:
# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
ifneq ($(origin CHANNELS), undefined)
BUNDLE_CHANNELS := --channels=$(CHANNELS)
endif
# DEFAULT_CHANNEL defines the default channel used in the bundle.
# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable")
# To re-generate a bundle for any other default channel without changing the default setup, you can:
# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
ifneq ($(origin DEFAULT_CHANNEL), undefined)
BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
endif
BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images.
# This variable is used to construct full image tags for bundle and catalog images.
#
# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION.
IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
# BUNDLE_IMG defines the image:tag used for the bundle.
# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
# Image URL to use all building/pushing image targets
IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
NAMESPACE ?= awx
all: docker-build
##@ General
# The help target prints out all targets with their descriptions organized
# beneath their categories. The categories are represented by '##@' and the
# target descriptions by '##'. The awk commands is responsible for reading the
# entire set of makefiles included in this invocation, looking for lines of the
# file as xyz: ## something, and then pretty-format the target and help. Then,
# if there's a line with ##@ something, that gets pretty-printed as a category.
# More info on the usage of ANSI control characters for terminal formatting:
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Build
run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
docker-build: ## Build docker image with the manager.
${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
docker-push: ## Push docker image with the manager.
${CONTAINER_CMD} push ${IMG}
##@ Deployment
install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f -
uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl delete -f -
gen-resources: kustomize ## Generate resources for controller and print to stdout
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default
deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default | kubectl apply -f -
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
$(KUSTOMIZE) build config/default | kubectl delete -f -
OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
ARCH := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
.PHONY: kustomize
KUSTOMIZE = $(shell pwd)/bin/kustomize
kustomize: ## Download kustomize locally if necessary.
ifeq (,$(wildcard $(KUSTOMIZE)))
ifeq (,$(shell which kustomize 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(KUSTOMIZE)) ;\
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \
tar xzf - -C bin/ ;\
}
else
KUSTOMIZE = $(shell which kustomize)
endif
endif
.PHONY: ansible-operator
ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
ifeq (,$(shell which ansible-operator 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\
chmod +x $(ANSIBLE_OPERATOR) ;\
}
else
ANSIBLE_OPERATOR = $(shell which ansible-operator)
endif
endif
.PHONY: bundle
bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
operator-sdk generate kustomize manifests -q
cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
cd config/manifests/bases && python inject-csv-config.py
operator-sdk bundle validate ./bundle
.PHONY: bundle-build
bundle-build: ## Build the bundle image.
${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
.PHONY: bundle-push
bundle-push: ## Push the bundle image.
$(MAKE) docker-push IMG=$(BUNDLE_IMG)
.PHONY: opm
OPM = ./bin/opm
opm: ## Download opm locally if necessary.
ifeq (,$(wildcard $(OPM)))
ifeq (,$(shell which opm 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(OPM)) ;\
curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\
chmod +x $(OPM) ;\
}
else
OPM = $(shell which opm)
endif
endif
# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
# These images MUST exist in a registry and be pull-able.
BUNDLE_IMGS ?= $(BUNDLE_IMG)
# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
ifneq ($(origin CATALOG_BASE_IMG), undefined)
FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
endif
# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
.PHONY: catalog-build
catalog-build: opm ## Build a catalog image.
$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
# Push the catalog image.
.PHONY: catalog-push
catalog-push: ## Push a catalog image.
$(MAKE) docker-push IMG=$(CATALOG_IMG)

16
PROJECT Normal file
View File

@@ -0,0 +1,16 @@
domain: ansible.com
layout:
- ansible.sdk.operatorframework.io/v1
plugins:
manifests.sdk.operatorframework.io/v2: {}
scorecard.sdk.operatorframework.io/v2: {}
projectName: awx-operator
resources:
- api:
crdVersion: v1
namespaced: true
domain: ansible.com
group: awx
kind: AWX
version: v1beta1
version: "3"

520
README.md
View File

@@ -11,7 +11,8 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
* [Table of Contents](#table-of-contents)
* [Purpose](#purpose)
* [Usage](#usage)
* [Basic Install](#basic-install)
* [Basic Install on minikube (beginner or testing)](#basic-install-on-minikube-beginner-or-testing)
* [Basic Install on existing cluster](#basic-install-on-existing-cluster)
* [Admin user account configuration](#admin-user-account-configuration)
* [Network and TLS Configuration](#network-and-tls-configuration)
* [Service Type](#service-type)
@@ -22,20 +23,22 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
* [Managed PostgreSQL Service](#managed-postgresql-service)
* [Advanced Configuration](#advanced-configuration)
* [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx)
* [Redis container capabilities](#redis-container-capabilities)
* [Privileged Tasks](#privileged-tasks)
* [Containers Resource Requirements](#containers-resource-requirements)
* [LDAP Certificate Authority](#ldap-certificate-authority)
* [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes)
* [Trusting a Custom Certificate Authority](#trusting-a-custom-certificate-authority)
* [Persisting Projects Directory](#persisting-projects-directory)
* [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options)
* [Default execution environments from private registries](#default-execution-environments-from-private-registries)
* [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers)
* [Extra Settings](#extra-settings)
* [Service Account](#service-account)
* [Upgrading](#upgrading)
* [Uninstall](#uninstall)
* [Upgrading](#upgrading)
* [v0.14.0](#v0140)
* [Contributing](#contributing)
* [Release Process](#release-process)
* [Verifiy Functionality](#verify-functionality)
* [Update Version](#update-version)
* [Commit / Create Release](#commit--create-release)
* [Author](#author)
<!--te-->
@@ -43,33 +46,27 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
This operator is meant to provide a more Kubernetes-native installation method for AWX via an AWX Custom Resource Definition (CRD).
> :warning: The operator is not supported by Red Hat, and is in **alpha** status. For now, use it at your own risk!
## Usage
### Basic Install
### Basic Install on minikube (beginner or testing)
This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can manage one or more AWX instances in any namespace.
For testing purposes, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.
```bash
$ minikube start --addons=ingress --cpus=4 --cni=flannel --install-addons=true \
--kubernetes-version=stable --memory=6g
😄 minikube v1.20.0 on Fedora 34
✨ Using the kvm2 driver based on user configuration
```
$ minikube start --cpus=4 --memory=6g --addons=ingress
😄 minikube v1.23.2 on Fedora 34
Using the docker driver based on existing profile
👍 Starting control plane node minikube in cluster minikube
🔥 Creating kvm2 VM (CPUs=4, Memory=6144MB, Disk=20000MB) ...
🐳 Preparing Kubernetes v1.20.2 on Docker 20.10.6 ...
▪ Generating certificates and keys ...
▪ Booting up control plane ...
▪ Configuring RBAC rules ...
🔗 Configuring Flannel (Container Networking Interface) ...
🚜 Pulling base image ...
🏃 Updating the running docker "minikube" container ...
🐳 Preparing Kubernetes v1.22.2 on Docker 20.10.8 ...
🔎 Verifying Kubernetes components...
▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1
▪ Using image k8s.gcr.io/ingress-nginx/controller:v0.44.0
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1
▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.3
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
🔎 Verifying ingress addon...
🌟 Enabled addons: storage-provisioner, default-storageclass, ingress
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
@@ -77,48 +74,74 @@ $ minikube start --addons=ingress --cpus=4 --cni=flannel --install-addons=true \
Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
```bash
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready control-plane,master 6m28s v1.20.2
```
$ minikube kubectl -- get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready control-plane,master 113s v1.22.2
$ kubectl get pods -A
$ minikube kubectl -- get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx ingress-nginx-admission-create-tjk94 0/1 Completed 0 6m4s
ingress-nginx ingress-nginx-admission-patch-r4pl6 0/1 Completed 0 6m4s
ingress-nginx ingress-nginx-controller-5d88495688-sbtp9 1/1 Running 0 6m4s
kube-system coredns-74ff55c5b-2wz6n 1/1 Running 0 6m4s
kube-system etcd-minikube 1/1 Running 0 6m13s
kube-system kube-apiserver-minikube 1/1 Running 0 6m13s
kube-system kube-controller-manager-minikube 1/1 Running 0 6m13s
kube-system kube-flannel-ds-amd64-lw7lv 1/1 Running 0 6m3s
kube-system kube-proxy-lcxx7 1/1 Running 0 6m3s
kube-system kube-scheduler-minikube 1/1 Running 0 6m13s
kube-system storage-provisioner 1/1 Running 1 6m17s
ingress-nginx ingress-nginx-admission-create--1-kk67h 0/1 Completed 0 2m1s
ingress-nginx ingress-nginx-admission-patch--1-7mp2r 0/1 Completed 1 2m1s
ingress-nginx ingress-nginx-controller-69bdbc4d57-bmwg8 1/1 Running 0 2m
kube-system coredns-78fcd69978-q7nmx 1/1 Running 0 2m
kube-system etcd-minikube 1/1 Running 0 2m12s
kube-system kube-apiserver-minikube 1/1 Running 0 2m16s
kube-system kube-controller-manager-minikube 1/1 Running 0 2m12s
kube-system kube-proxy-5mmnw 1/1 Running 0 2m1s
kube-system kube-scheduler-minikube 1/1 Running 0 2m15s
kube-system storage-provisioner 1/1 Running 0 2m11s
```
Now you need to deploy AWX Operator into your cluster. Start by going to https://github.com/ansible/awx-operator/releases and making note of the latest release. Replace `<TAG>` in the URL `https://raw.githubusercontent.com/ansible/awx-operator/<TAG>/deploy/awx-operator.yaml` with the version you are deploying.
It is not required for `kubectl` to be separately installed since it comes already wrapped inside minikube. As demonstrated above, simply prefix `minikube kubectl --` before kubectl command, i.e. `kubectl get nodes` would become `minikube kubectl -- get nodes`
```bash
$ kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/<TAG>/deploy/awx-operator.yaml
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
Let's create an alias for easier usage:
```
$ alias kubectl="minikube kubectl --"
```
Now you need to deploy AWX Operator into your cluster. Clone this repo and `git checkout` the latest version from https://github.com/ansible/awx-operator/releases, and then run the following command:
```
$ export NAMESPACE=my-namespace
$ make deploy
cd config/manager && /home/user/awx-operator/bin/kustomize edit set image controller=quay.io/ansible/awx-operator:0.14.0
/home/user/awx-operator/bin/kustomize build config/default | kubectl apply -f -
namespace/my-namespace created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
clusterrole.rbac.authorization.k8s.io/awx-operator created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator created
serviceaccount/awx-operator created
deployment.apps/awx-operator created
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
serviceaccount/awx-operator-controller-manager created
role.rbac.authorization.k8s.io/awx-operator-leader-election-role created
role.rbac.authorization.k8s.io/awx-operator-manager-role created
clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created
rolebinding.rbac.authorization.k8s.io/awx-operator-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created
configmap/awx-operator-manager-config created
service/awx-operator-controller-manager-metrics-service created
deployment.apps/awx-operator-controller-manager created
```
Wait a few minutes and you should have the `awx-operator` running.
Wait a bit and you should have the `awx-operator` running:
```bash
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
awx-operator-7dbf9db9d7-z9hqx 1/1 Running 0 50s
```
$ kubectl get pods -n $NAMESPACE
NAME READY STATUS RESTARTS AGE
awx-operator-controller-manager-66ccd8f997-rhd4z 2/2 Running 0 11s
```
Then create a file named `awx-demo.yml` with the suggested content. The `metadata.name` you provide, will be the name of the resulting AWX deployment. If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
So we don't have to keep repeating `-n $NAMESPACE`, let's set the current namespace for `kubectl`:
```
$ kubectl config set-context --current --namespace=$NAMESPACE
```
Next, create a file named `awx-demo.yml` with the suggested content below. The `metadata.name` you provide, will be the name of the resulting AWX deployment.
**Note:** If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
```yaml
---
@@ -128,20 +151,24 @@ metadata:
name: awx-demo
spec:
service_type: nodeport
ingress_type: none
hostname: awx-demo.example.com
```
Finally, use `kubectl` to create the awx instance in your cluster:
```bash
```
$ kubectl apply -f awx-demo.yml
awx.awx.ansible.com/awx-demo created
```
After a few minutes, the new AWX instance will be deployed. One can look at the operator pod logs in order to know where the installation process is at. This can be done by running the following command: `kubectl logs -f deployments/awx-operator`.
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
```bash
```
$ kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
```
After a few seconds, you should see the operator begin to create new resources:
```
$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
NAME READY STATUS RESTARTS AGE
awx-demo-77d96f88d5-pnhr8 4/4 Running 0 3m24s
@@ -153,16 +180,40 @@ awx-demo-postgres ClusterIP None <none> 5432/TCP 4m4s
awx-demo-service NodePort 10.109.40.38 <none> 80:31006/TCP 3m56s
```
Once deployed, the AWX instance will be accessible by the command `minikube service awx-demo-service --url`.
Once deployed, the AWX instance will be accessible by running:
By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
```
$ minikube service awx-demo-service --url -n $NAMESPACE
```
You just completed the most basic install of an AWX instance via this operator. Congratulations!!!!
By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run:
```
$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode
yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR
```
You just completed the most basic install of an AWX instance via this operator. Congratulations!!!
For an example using the Nginx Controller in Minukube, don't miss our [demo video](https://asciinema.org/a/416946).
[![asciicast](https://raw.githubusercontent.com/ansible/awx-operator/devel/docs/awx-demo.svg)](https://asciinema.org/a/416946)
### Basic Install on existing cluster
For those running a whole K8S Cluster the steps to set up the awx-operator are:
```
$ Prepare required files
git clone https://github.com/ansible/awx-operator.git
cd awx-operator
git checkout {{ latest_released_version }} # replace variable by latest version number in releases
$ Deploy new AWX Operator
export NAMESPACE=<Name of the namespace where your AWX instanse exists>
make deploy
```
### Admin user account configuration
There are three variables that are customizable for the admin user account creation.
@@ -207,12 +258,15 @@ The following variables are customizable for any `service_type`
| Name | Description | Default |
| ------------------------------------- | --------------------------------------------- | --------------------------------- |
| service_labels | Add custom labels | Empty string |
| service_annotations | Add service annotations | Empty string |
```yaml
---
spec:
...
service_type: ClusterIP
service_annotations: |
environment: testing
service_labels: |
environment: testing
```
@@ -223,7 +277,6 @@ The following variables are customizable only when `service_type=LoadBalancer`
| Name | Description | Default |
| ------------------------------ | ---------------------------------------- | ------------- |
| loadbalancer_annotations | LoadBalancer annotations | Empty string |
| loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http |
| loadbalancer_port | Port used for Loadbalancer ingress | 80 |
@@ -234,7 +287,7 @@ spec:
service_type: LoadBalancer
loadbalancer_protocol: https
loadbalancer_port: 443
loadbalancer_annotations: |
service_annotations: |
environment: testing
service_labels: |
environment: testing
@@ -244,6 +297,21 @@ When setting up a Load Balancer for HTTPS you will be required to set the `loadb
The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.
* NodePort
The following variables are customizable only when `service_type=NodePort`
| Name | Description | Default |
| ------------------------------ | ---------------------------------------- | ------------- |
| nodeport_port | Port used for NodePort | 30080 |
```yaml
---
spec:
...
service_type: NodePort
nodeport_port: 30080
```
#### Ingress Type
By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, when the `ingress_type` is not specified, it will default to `none` and nothing ingress-wise will be created.
@@ -268,6 +336,8 @@ The following variables are customizable when `ingress_type=ingress`. The `ingre
| ingress_annotations | Ingress annotations | Empty string |
| ingress_tls_secret | Secret that contains the TLS information | Empty string |
| hostname | Define the FQDN | {{ meta.name }}.example.com |
| ingress_path | Define the ingress path to the service | / |
| ingress_path_type | Define the type of the path (for LBs) | Prefix |
```yaml
---
@@ -326,7 +396,9 @@ stringData:
type: Opaque
```
> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.
> Please ensure that the value for the variable "password" is wrapped in quotes if the password contains any special characters.
> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.
**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.
@@ -367,6 +439,9 @@ spec:
limits:
storage: 50Gi
postgres_storage_class: fast-ssd
postgres_extra_args:
- '-c'
- 'max_connections=1000'
```
**Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
@@ -404,6 +479,20 @@ spec:
**Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
#### Redis container capabilities
Depending on your kubernetes cluster and settings you might need to grant some capabilities to the redis container so it can start. Set the `redis_capabilities` option so the capabilities are added in the deployment.
```yaml
---
spec:
...
redis_capabilities:
- CHOWN
- SETUID
- SETGID
```
#### Privileged Tasks
Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource:
@@ -417,8 +506,8 @@ spec:
If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with:
```sh
#> oc adm policy add-scc-to-user privileged -z awx
```
$ oc adm policy add-scc-to-user privileged -z awx
```
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
@@ -468,16 +557,18 @@ spec:
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
pods to be scheduled onto nodes with matching taints.
The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints`
| Name | Description | Default |
| -------------------------------| --------------------------- | ------- |
| postgres_image | Path of the image to pull | 12 |
| postgres_image_version | Image version to pull | 12 |
| node_selector | AWX pods' nodeSelector | '' |
| tolerations | AWX pods' tolerations | '' |
| postgres_selector | Postgres pods' nodeSelector | '' |
| postgres_tolerations | Postgres pods' tolerations | '' |
| Name | Description | Default |
| -------------------------------| ---------------------------------------- | ------- |
| postgres_image | Path of the image to pull | 12 |
| postgres_image_version | Image version to pull | 12 |
| node_selector | AWX pods' nodeSelector | '' |
| topology_spread_constraints | AWX pods' topologySpreadConstraints | '' |
| tolerations | AWX pods' tolerations | '' |
| postgres_selector | Postgres pods' nodeSelector | '' |
| postgres_tolerations | Postgres pods' tolerations | '' |
Example of customization could be:
@@ -489,6 +580,13 @@ spec:
disktype: ssd
kubernetes.io/arch: amd64
kubernetes.io/os: linux
topology_spread_constraints: |
- maxSkew: 100
topologyKey: "topology.kubernetes.io/zone"
whenUnsatisfiable: "ScheduleAnyway"
labelSelector:
matchLabels:
app.kubernetes.io/name: "<resourcename>"
tolerations: |
- key: "dedicated"
operator: "Equal"
@@ -505,28 +603,36 @@ spec:
effect: "NoSchedule"
```
#### LDAP Certificate Authority
#### Trusting a Custom Certificate Authority
If the variable `ldap_cacert_secret` is provided, the operator will look for a the data field `ldap-ca.crt` in the specified secret.
In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the `awx-operator`.
| Name | Description | Default |
| -------------------------------- | --------------------------------------- | --------|
| ldap_cacert_secret | LDAP Certificate Authority secret name | '' |
Trusting a custom Certificate Authority allows the AWX to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. It is common for these scenarios, experiencing the error [unable to verify the first certificate](https://github.com/ansible/awx-operator/issues/376).
| Name | Description | Default |
| -------------------------------- | ---------------------------------------- | --------|
| ldap_cacert_secret | LDAP Certificate Authority secret name | '' |
| bundle_cacert_secret | Certificate Authority secret name | '' |
Please note the `awx-operator` will look for the data field `ldap-ca.crt` in the specified secret when using the `ldap_cacert_secret`, whereas the data field `bundle-ca.crt` is required for `bundle_cacert_secret` parameter.
Example of customization could be:
```yaml
---
spec:
...
ldap_cacert_secret: <resourcename>-ldap-ca-cert
ldap_cacert_secret: <resourcename>-custom-certs
bundle_cacert_secret: <resourcename>-custom-certs
```
To create the secret, you can use the command below:
```sh
# kubectl create secret generic <resourcename>-ldap-ca-cert --from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
```
# kubectl create secret generic <resourcename>-custom-certs \
--from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> \
--from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
```
#### Persisting Projects Directory
@@ -556,15 +662,86 @@ spec:
In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files.
| Name | Description | Default |
| ------------------------------ | -------------------------------------------------------- | ------- |
| extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
| Name | Description | Default |
| --------------------------------- | -------------------------------------------------------- | ------- |
| extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
| init_container_extra_volume_mounts| Specify volume mounts to be added to Init container | '' |
| init_container_extra_commands | Specify additional commands for Init container | '' |
> :warning: The `ee_extra_volume_mounts` and `extra_volumes` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
Example configuration for ConfigMap
```yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: <resourcename>-extra-config
namespace: <target namespace>
data:
ansible.cfg: |
[defaults]
remote_tmp = /tmp
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
custom.py: |
INSIGHTS_URL_BASE = "example.org"
AWX_CLEANUP_PATHS = True
```
Example spec file for volumes and volume mounts
```yaml
---
spec:
...
extra_volumes: |
- name: ansible-cfg
configMap:
defaultMode: 420
items:
- key: ansible.cfg
path: ansible.cfg
name: <resourcename>-extra-config
- name: custom-py
configMap:
defaultMode: 420
items:
- key: custom.py
path: custom.py
name: <resourcename>-extra-config
- name: shared-volume
persistentVolumeClaim:
claimName: my-external-volume-claim
init_container_extra_volume_mounts: |
- name: shared-volume
mountPath: /shared
init_container_extra_commands: |
# set proper permissions (rwx) for the awx user
chmod 775 /shared
chgrp 1000 /shared
ee_extra_volume_mounts: |
- name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg
task_extra_volume_mounts: |
- name: custom-py
mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py
- name: shared-volume
mountPath: /shared
```
> :warning: **Volume and VolumeMount names cannot contain underscores(_)**
#### Default execution environments from private registries
In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
@@ -589,58 +766,25 @@ type: Opaque
##### Control plane ee from private registry
The images listed in "ee_images" will be added as globally available Execution Environments. The "control_plane_ee_image" will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secret` to provide a k8s pull secret to access it. Currently the same secret is used for any of these images supplied at install time.
You can create `image_pull_secret`
```
kubectl create secret <resoucename>-cp-pull-credentials regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
If you need more control (for example, to set a namespace or a label on the new secret) then you can customise the Secret before storing it
Example spec file extra-config
```yaml
---
apiVersion: v1
kind: ConfigMap
kind: Secret
metadata:
name: <resourcename>-extra-config
name: <resoucename>-cp-pull-credentials
namespace: <target namespace>
data:
ansible.cfg: |
[defaults]
remote_tmp = /tmp
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
custom.py: |
INSIGHTS_URL_BASE = "example.org"
AWX_CLEANUP_PATHS = True
.dockerconfigjson: <base64 docker config>
type: kubernetes.io/dockerconfigjson
```
Example spec file for volumes and volume mounts
```yaml
---
spec:
...
ee_extra_volume_mounts: |
- name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg
task_extra_volume_mounts: |
- name: custom-py
mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py
extra_volumes: |
- name: ansible-cfg
configMap:
defaultMode: 420
items:
- key: ansible.cfg
path: ansible.cfg
name: <resourcename>-extra-config
- name: custom-py
configMap:
defaultMode: 420
items:
- key: custom.py
path: custom.py
name: <resourcename>-extra-config
```
> :warning: **Volume and VolumeMount names cannot contain underscores(_)**
#### Exporting Environment Variables to Containers
@@ -652,6 +796,8 @@ If you need to export custom environment variables to your containers.
| web_extra_env | Environment variables to be added to Web container | '' |
| ee_extra_env | Environment variables to be added to EE container | '' |
> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
Example configuration of environment variables
```yaml
@@ -703,12 +849,49 @@ Example configuration of environment variables
eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
```
### Uninstall ###
To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do:
```
$ kubectl delete awx awx-demo
awx.awx.ansible.com "awx-demo" deleted
```
Deleting an AWX instance will remove all related deployments and statefulsets, however, persistent volumes and secrets will remain. To enforce secrets also getting removed, you can use `garbage_collect_secrets: true`.
### Upgrading
To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment.
#### v0.14.0
##### Cluster-scope to Namespace-scope considerations
Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to
delete your existing `awx-operator` service account, role and role binding.
##### Project is now based on v1.x of the operator-sdk project
Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. You may need to manually delete your old operator Deployment to avoid issues.
##### Steps to upgrade
Delete your old AWX Operator and existing `awx-operator` service account, role and role binding in `default` namespace first:
```
$ kubectl -n default delete deployment awx-operator
$ kubectl -n default delete serviceaccount awx-operator
$ kubectl -n default delete clusterrolebinding awx-operator
$ kubectl -n default delete clusterrole awx-operator
```
Then install the new AWX Operator by following the instructions in [Basic Install](#basic-install-on-existing-cluster). The `NAMESPACE` environment variable have to be the name of the namespace in which your old AWX instance resides.
Once the new AWX Operator is up and running, your AWX deployment will also be upgraded.
## Contributing
@@ -717,76 +900,11 @@ Please visit [our contributing guidelines](https://github.com/ansible/awx-operat
## Release Process
There are a few moving parts to this project:
The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you dont need to do it as a separate step.
* The `awx-operator` container image which powers AWX Operator
* The `awx-operator.yaml` file, which initially deploys the Operator
* The ClusterServiceVersion (CSV), which is generated as part of the bundle and needed for the olm-catalog
If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually.
Each of these must be appropriately built in preparation for a new tag:
### Update version and files
Update the awx-operator version:
- `ansible/group_vars/all`
Once the version has been updated, run from the root of the repo:
```sh
#> ansible-playbook ansible/chain-operator-files.yml
```
Generate the olm-catalog bundle.
```bash
$ operator-sdk generate bundle --operator-name awx-operator --version <new_tag>
```
> This should be done with operator-sdk v0.19.4.
> It is a good idea to use the [build script](./build.sh) at this point to build the catalog and test out installing it in Operator Hub.
### Verify Functionality
Run the following command inside this directory:
```sh
#> operator-sdk build quay.io/<user>/awx-operator:<new-version>
```
Then push the generated image to Docker Hub:
```sh
#> docker push quay.io/<user>/awx-operator:<new-version>
```
After it is built, test it on a local cluster:
```sh
#> minikube start --memory 6g --cpus 4
#> minikube addons enable ingress
#> ansible-playbook ansible/deploy-operator.yml -e operator_image=quay.io/<user>/awx-operator -e operator_version=<new-version> -e pull_policy=Always
#> kubectl create namespace example-awx
#> ansible-playbook ansible/instantiate-awx-deployment.yml -e namespace=example-awx -e image=quay.io/<user>/awx -e service_type=nodeport
#> # Verify that the awx-task and awx-web containers are launched
#> # with the right version of the awx image
#> minikube delete
```
### Update changelog
Generate a list of commits between the versions and add it to the [changelog](./CHANGELOG.md).
```sh
#> git log --no-merges --pretty="- %s (%an) - %h " <old_tag>..<new_tag>
```
### Commit / Create Release
If everything works, commit the updated version, then [publish a new release](https://github.com/ansible/awx-operator/releases/new) using the same version you used in `ansible/group_vars/all`.
After creating the release, [this GitHub Workflow](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/release.yaml) will run and publish the new image to quay.io.
After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, publishing the image to Quay.
## Author

17
ansible/build-and-push.yml
View File

@@ -1,17 +0,0 @@
---
- name: Build and Deploy the AWX Operator
hosts: localhost
collections:
- community.docker
tasks:
- name: Build and (optionally) push operator image
docker_image:
name: "{{ operator_image }}:{{ operator_version }}"
source: "build"
push: "{{ push_image }}"
build:
dockerfile: "build/Dockerfile"
path: "../"
force_source: "yes"

31
ansible/chain-operator-files.yml
View File

@@ -1,31 +0,0 @@
---
# To run: `ansible-playbook chain-operator-files.yml`
- name: Chain operator files together for easy deployment.
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Template AWX CRD
template:
src: crd.yml.j2
dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml"
mode: '0644'
- name: Template AWXBackup CRD
template:
src: awxbackup_crd.yml.j2
dest: "{{ playbook_dir }}/../deploy/crds/awxbackup_v1beta1_crd.yaml"
mode: '0644'
- name: Template AWXRestore CRD
template:
src: awxrestore_crd.yml.j2
dest: "{{ playbook_dir }}/../deploy/crds/awxrestore_v1beta1_crd.yaml"
mode: '0644'
- name: Template awx-operator.yaml
template:
src: awx-operator.yaml.j2
dest: ../deploy/awx-operator.yaml
mode: '0644'

29
ansible/deploy-operator.yml
View File

@@ -1,29 +0,0 @@
---
- name: Reconstruct awx-operator.yaml
import_playbook: chain-operator-files.yml
- name: Deploy Operator
hosts: localhost
vars:
k8s_namespace: "default"
obliterate: no
collections:
- community.kubernetes
tasks:
- name: Obliterate Operator
k8s:
state: absent
namespace: "{{ k8s_namespace }}"
src: "../deploy/awx-operator.yaml"
wait: yes
when: obliterate | bool
- name: Deploy Operator
k8s:
state: present
namespace: "{{ k8s_namespace }}"
apply: yes
wait: yes
src: "../deploy/awx-operator.yaml"

4
ansible/group_vars/all
View File

@@ -1,4 +0,0 @@
operator_image: quay.io/ansible/awx-operator
operator_version: 0.11.0
pull_policy: Always
ansible_debug_logs: "false"

2
ansible/instantiate-awx-deployment.yml
View File

@@ -3,7 +3,7 @@
hosts: localhost
collections:
- community.kubernetes
- kubernetes.core
tasks:
- name: Deploy AWX

16
ansible/templates/awx-operator.yaml.j2
View File

@@ -1,16 +0,0 @@
#jinja2: trim_blocks:False
# This file is generated by Ansible. Changes will be lost.
# Update templates under ansible/templates/
{% include 'crd.yml.j2' %}
{% include 'awxbackup_crd.yml.j2' %}
{% include 'awxrestore_crd.yml.j2' %}
{% include 'role.yml.j2' %}
{% include 'role_binding.yml.j2' %}
{% include 'service_account.yml.j2' %}
{% include 'operator.yml.j2' %}

48
ansible/templates/operator.yml.j2
View File

@@ -1,48 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "{{ operator_image }}:{{ operator_version }}"
imagePullPolicy: "{{ pull_policy|default('Always') }}"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: "{{ operator_version }}"
- name: ANSIBLE_DEBUG_LOGS
value: "{{ ansible_debug_logs|lower | default('false'|lower) }}"
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}

7
awx-demo.yml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-demo
spec:
service_type: nodeport

13
build/test-framework/Dockerfile
View File

@@ -1,13 +0,0 @@
ARG BASEIMAGE
FROM ${BASEIMAGE}
USER 0
RUN yum install -y python-devel gcc libffi-devel
RUN pip install molecule==3.0.6 jmespath
ARG NAMESPACEDMAN
ADD $NAMESPACEDMAN /namespaced.yaml
ADD build/test-framework/ansible-test.sh /ansible-test.sh
RUN chmod +x /ansible-test.sh
USER 1001
ADD . /opt/ansible/project

7
build/test-framework/ansible-test.sh
View File

@@ -1,7 +0,0 @@
#!/bin/sh
export WATCH_NAMESPACE=${TEST_NAMESPACE}
(/usr/local/bin/entrypoint)&
trap "kill $!" SIGINT SIGTERM EXIT
cd ${HOME}/project
exec molecule test -s test-minikube

14
bundle.Dockerfile
View File

@@ -1,14 +0,0 @@
FROM scratch
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=awx-operator
LABEL operators.operatorframework.io.bundle.channels.v1=alpha
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4
LABEL operators.operatorframework.io.metrics.project_layout=ansible
COPY deploy/olm-catalog/awx-operator/manifests /manifests/
COPY deploy/olm-catalog/awx-operator/metadata /metadata/

49
ansible/templates/crd.yml.j2 → config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -67,6 +67,9 @@ spec:
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
service_annotations:
description: Annotations to add to the service
type: string
service_type:
description: The service type to be used on the deployed instance
type: string
@@ -86,15 +89,18 @@ spec:
- ingress
- Route
- route
ingress_path:
description: The ingress path used to reach the deployed service
type: string
ingress_path_type:
description: The ingress path type for the deployed service
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
@@ -121,9 +127,16 @@ spec:
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
nodeport_port:
description: Port to use for the nodeport
type: integer
default: 30080
node_selector:
description: nodeSelector for the pods
type: string
topology_spread_constraints:
description: topology rule(s) for the pods
type: string
service_labels:
description: Additional labels to apply to the service
type: string
@@ -285,6 +298,23 @@ spec:
redis_image_version:
description: Redis container image version to use
type: string
redis_capabilities:
description: Redis container capabilities
type: array
items:
type: string
init_container_image:
description: Registry path to the init container to use
type: string
init_container_image_version:
description: Init container image version to use
type: string
init_container_extra_commands:
description: Extra commands for the init container
type: string
init_container_extra_volume_mounts:
description: Specify volume mounts to be added to the init container
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
@@ -335,6 +365,10 @@ spec:
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
postgres_extra_args:
type: array
items:
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
@@ -344,6 +378,9 @@ spec:
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority Bundle
type: string
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
@@ -375,9 +412,13 @@ spec:
setting:
type: string
value:
type: string
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
security_context_settings:
description: Key/values that will be set under the pod-level securityContext field
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
status:
properties:

3
ansible/templates/awxbackup_crd.yml.j2 → config/crd/bases/awxbackup.ansible.com_awxbackups.yaml
View File

@@ -56,8 +56,7 @@ spec:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:

3
ansible/templates/awxrestore_crd.yml.j2 → config/crd/bases/awxrestore.ansible.com_awxrestores.yaml
View File

@@ -60,8 +60,7 @@ spec:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
lastTransitionTime:

9
config/crd/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/awx.ansible.com_awxs.yaml
- bases/awxbackup.ansible.com_awxbackups.yaml
- bases/awxrestore.ansible.com_awxrestores.yaml
# +kubebuilder:scaffold:crdkustomizeresource

24
config/default/kustomization.yaml Normal file
View File

@@ -0,0 +1,24 @@
# Adds namespace to all resources.
namespace: awx
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: awx-operator-
# Labels to add to all resources and selectors.
# commonLabels:
# someName: someValue
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
# - ../prometheus
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
patchesStrategicMerge:
- manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../crd
- ../rbac
- ../manager

29
config/default/manager_auth_proxy_patch.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
protocol: TCP
name: https
- name: awx-manager
args:
- "--health-probe-bind-address=:6789"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--leader-election-id=awx-operator"

21
config/default/manager_config_patch.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
args:
- "--config=controller_manager_config.yaml"
volumeMounts:
- name: awx-manager-config
mountPath: /controller_manager_config.yaml
subPath: controller_manager_config.yaml
volumes:
- name: awx-manager-config
configMap:
name: awx-manager-config

10
config/manager/controller_manager_config.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: controller-runtime.sigs.k8s.io/v1beta1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :6789
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: 811c9dc5.ansible.com

14
config/manager/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
resources:
- manager.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- files:
- controller_manager_config.yaml
name: awx-manager-config
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: quay.io/ansible/awx-operator
newTag: latest

58
config/manager/manager.yaml Normal file
View File

@@ -0,0 +1,58 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: controller-manager
spec:
securityContext:
runAsNonRoot: true
containers:
- args:
- --leader-elect
- --leader-election-id=awx-operator
image: controller:latest
name: awx-manager
env:
- name: ANSIBLE_GATHERING
value: explicit
- name: ANSIBLE_DEBUG_LOGS
value: 'false'
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10

40
config/manifests/bases/awx-operator.clusterserviceversion.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: operators.coreos.com/v1beta1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: '[]'
capabilities: Basic Install
name: awx-operator.v0.0.0
namespace: placeholder
spec:
apiservicedefinitions: {}
customresourcedefinitions: {}
description: An operator for the AWX Project
displayName: AWX
icon:
- base64data: ""
mediatype: ""
install:
spec:
deployments: null
strategy: ""
installModes:
- supported: true
type: OwnNamespace
- supported: true
type: SingleNamespace
- supported: true
type: MultiNamespace
- supported: false
type: AllNamespaces
keywords:
- automation
- ansible
links:
- name: Awx Operator
url: https://awx-operator.domain
maturity: alpha
provider:
name: Ansible
url: github.com/ansible/awx-operator
version: 0.0.0

24
config/manifests/bases/inject-csv-config.py Normal file
View File

@@ -0,0 +1,24 @@
'''
After generating the CSV file, inject custom configuration such as
OLM parameters, relatedImages, etc.
'''
import yaml
csv_path = "../../../bundle/manifests/awx-operator.clusterserviceversion.yaml"
existing_csv = open(csv_path, 'r')
csv = yaml.safe_load(existing_csv)
raw_olm_params = open("olm-parameters.yaml")
olm_params = yaml.safe_load(raw_olm_params)
# Inject OLM parameters for Customer Resource Objects
csv['spec']['customresourcedefinitions']['owned'] = olm_params
csv['metadata']['annotations']['alm-examples'] = ''
file_content = yaml.safe_dump(csv, default_flow_style=False, explicit_start=True)
with open(csv_path, 'w') as f:
f.write(file_content)

604
config/manifests/bases/olm-parameters.yaml Normal file
View File

@@ -0,0 +1,604 @@
---
- displayName: AWX Backup
description: Back up a deployment of the awx, including jobs, inventories, and credentials
kind: AWXBackup
name: awxbackups.awx.ansible.com
version: v1beta1
specDescriptors:
- displayName: Deployment name
path: deployment_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Backup persistent volume claim
path: backup_pvc
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup persistent volume claim namespace
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup PVC storage requirements
path: backup_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup PVC storage class
path: backup_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Database backup label selector
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: The persistent volume claim name used during backup
displayName: Backup claim
path: backupClaim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: The directory data is backed up to on the PVC
displayName: Backup directory
path: backupDirectory
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: AWX Restore
description: Restore a previous awx deployment into the namespace
kind: AWXRestore
name: awxrestores.awx.ansible.com
version: v1beta1
specDescriptors:
- displayName: Backup source to restore ?
path: backup_source
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:select:CR
- urn:alm:descriptor:com.tectonic.ui:select:PVC
- displayName: Backup name
path: backup_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR
- displayName: Name of newly restored deployment
path: deployment_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Backup persistent volume claim
path: backup_pvc
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup namespace
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Backup directory in the persistent volume claim
path: backup_dir
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Database restore label selector
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: The state of the restore
displayName: Restore status
path: restoreComplete
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Deploy a new instance of AWX
displayName: AWX
kind: AWX
name: awxs.awx.ansible.com
version: v1beta1
specDescriptors:
- displayName: Hostname
path: hostname
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin account username
path: admin_user
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin email address
path: admin_email
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin password secret
path: admin_password_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Database configuration secret
path: postgres_configuration_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Old Database configuration secret
path: old_postgres_configuration_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Secret key secret
path: secret_key_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Broadcast Websocket Secret
path: broadcast_websocket_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Service Account Annotations
path: service_account_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Tower Service Type
path: service_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:ClusterIP
- urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
- urn:alm:descriptor:com.tectonic.ui:select:NodePort
- displayName: Tower Ingress Type
path: ingress_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:none
- urn:alm:descriptor:com.tectonic.ui:select:Ingress
- urn:alm:descriptor:com.tectonic.ui:select:Route
- displayName: Ingress Path
path: ingress_path
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Ingress Path Type
path: ingress_path_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower Ingress Annotations
path: ingress_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower Ingress TLS Secret
path: ingress_tls_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower LoadBalancer Annotations
path: service_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Tower LoadBalancer Protocol
path: loadbalancer_protocol
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:http
- urn:alm:descriptor:com.tectonic.ui:select:https
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Tower LoadBalancer Port
path: loadbalancer_port
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Route DNS host
path: route_host
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS termination mechanism
path: route_tls_termination_mechanism
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:Edge
- urn:alm:descriptor:com.tectonic.ui:select:Passthrough
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS credential secret
path: route_tls_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Image Pull Policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: Image Pull Secret
path: image_pull_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Web container resource requirements
path: web_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Task container resource requirements
path: task_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: EE Control Plane container resource requirements
path: ee_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container resource requirements (when using a managed
instance)
path: postgres_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container storage requirements (when using a managed
instance)
path: postgres_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas
path: replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Remove used secrets on instance removal ?
path: garbage_collect_secrets
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Preload instance with data upon creation ?
path: create_preload_data
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Deploy the instance in development mode ?
path: development_mode
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Should the task container deployed with privileged level ?
path: task_privileged
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Deployment Type
path: deployment_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Deployment Kind
path: kind
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Deployment apiVersion
path: api_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image Version
path: image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image
path: redis_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image Version
path: redis_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Capabilities
path: redis_capabilities
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Selector
path: postgres_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Label Selector
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Tolerations
path: postgres_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Storage Class
path: postgres_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Datapath
path: postgres_data_path
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Extra Arguments
path: postgres_extra_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Certificate Authorirty Trust Bundle
path: ca_trust_bundle
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: LDAP Certificate Authority Trust Bundle
path: ldap_cacert_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Task Args
path: task_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Enable persistence for /var/lib/projects directory?
path: projects_persistence
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Use existing Persistent Claim?
path: projects_use_existing_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:_Yes_
- urn:alm:descriptor:com.tectonic.ui:select:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
- displayName: Projects Existing Persistent Claim
path: projects_existing_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
- urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
- description: Projects Storage Class Name. If not present, the default storage
class will be used.
displayName: Projects Storage Class Name
path: projects_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- description: Projects Storage Size
displayName: Projects Storage Size
path: projects_storage_size
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- description: Projects Storage Access Mode
displayName: Projects Storage Access Mode
path: projects_storage_access_mode
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Task Command
path: task_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to Task container
displayName: Task Extra Env
path: task_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Execution container
displayName: EE Extra Volume Mounts
path: ee_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Registry path to the Execution Environment container to use
displayName: EE Images
path: ee_images
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to EE container
displayName: EE Extra Env
path: ee_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Registry path to the Execution Environment container to use on
control plane pods
displayName: Control Plane EE Image
path: control_plane_ee_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: EE Images Pull Credentials Secret
displayName: EE Images Pull Credentials Secret
path: ee_pull_credentials_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- description: Specify volume mounts to be added to Task container
displayName: Task Extra Volume Mounts
path: task_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Args
path: web_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Command
path: web_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to Web container
displayName: Web Extra Env
path: web_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Web container
displayName: Web Extra Volume Mounts
path: web_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify extra volumes to add to the application pod
displayName: Extra Volumes
path: extra_volumes
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Node Selector
path: node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Topology Spread Constraints
path: topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Service Labels
path: service_labels
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tolerations
path: tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: API Extra Settings
path: extra_settings
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Security Context Settings
path: security_context_settings
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Registry path to the init container to use
displayName: Init Container Image
path: init_container_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Init container image version to use
displayName: Init Container Image Version
path: init_container_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify Extra commands for the Init container
displayName: Init Container Extra Commands
path: init_container_extra_commands
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Init container
displayName: Init Container Extra Volume Mounts
path: init_container_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Secret where can be found the trusted Certificate Authority Bundle
path: bundle_cacert_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Nodeport Port
path: nodeport_port
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: Route to access the instance deployed
displayName: URL
path: URL
x-descriptors:
- urn:alm:descriptor:org.w3:link
- description: Admin user for the instance deployed
displayName: Admin User
path: adminUser
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Admin password for the instance deployed
displayName: Admin Password
path: adminPasswordSecret
x-descriptors:
- urn:alm:descriptor:io.kubernetes:Secret
- description: Version of the instance deployed
displayName: Version
path: version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Image of the instance deployed
displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text

8
config/manifests/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
# These resources constitute the fully configured set of manifests
# used to generate the 'manifests/' directory in a bundle.
resources:
- bases/awx-operator.clusterserviceversion.yaml
- ../default
- ../samples
- ../scorecard

3
config/prometheus/kustomization.yaml Normal file
View File

@@ -0,0 +1,3 @@
---
resources:
- monitor.yaml

20
config/prometheus/monitor.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-monitor
namespace: system
spec:
endpoints:
- path: /metrics
port: https
scheme: https
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig:
insecureSkipVerify: true
selector:
matchLabels:
control-plane: controller-manager

10
config/rbac/auth_proxy_client_clusterrole.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get

18
config/rbac/auth_proxy_role.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

16
ansible/templates/role_binding.yml.j2 → config/rbac/auth_proxy_role_binding.yaml
View File

@@ -1,13 +1,13 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: awx-operator
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: awx-operator
namespace: default
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io
name: controller-manager
namespace: system

16
config/rbac/auth_proxy_service.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: controller-manager

25
config/rbac/awx_editor_role.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
# permissions for end users to edit awxs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awx-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get

21
config/rbac/awx_viewer_role.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
# permissions for end users to view awxs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awx-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get

19
config/rbac/kustomization.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml

38
config/rbac/leader_election_role.yaml Normal file
View File

@@ -0,0 +1,38 @@
---
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

13
config/rbac/leader_election_role_binding.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system

33
ansible/templates/role.yml.j2 → config/rbac/role.yaml
View File

@@ -1,9 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
kind: Role
metadata:
creationTimestamp: null
name: awx-operator
name: awx-manager-role
rules:
- apiGroups:
- route.openshift.io
@@ -11,7 +11,13 @@ rules:
- routes
- routes/custom-host
verbs:
- '*'
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
@@ -28,10 +34,16 @@ rules:
- roles
- rolebindings
verbs:
- '*'
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- apps
- extensions
- networking.k8s.io
resources:
- deployments
- daemonsets
@@ -39,7 +51,13 @@ rules:
- statefulsets
- ingresses
verbs:
- '*'
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
@@ -66,6 +84,8 @@ rules:
- ""
resources:
- pods/exec
- pods/attach
- pods/log # log & attach rules needed to be able to grant them to AWX service account
verbs:
- create
- get
@@ -75,6 +95,7 @@ rules:
- replicasets
verbs:
- get
- create
- apiGroups:
- awx.ansible.com
resources:

12
config/rbac/role_binding.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: awx-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: awx-manager-role
subjects:
- kind: ServiceAccount
name: controller-manager

4
ansible/templates/service_account.yml.j2 → config/rbac/service_account.yaml
View File

@@ -2,5 +2,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-operator
namespace: default
name: controller-manager
namespace: system

9
deploy/crds/awx_v1beta1_molecule.yaml → config/samples/awx_v1beta1_awx.yaml
View File

@@ -3,19 +3,14 @@ apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: example-awx
namespace: example-awx
spec:
service_account_annotations: |
foo: bar
deployment_type: awx
ingress_type: ingress
web_resource_requirements:
requests:
cpu: 500m
cpu: 250m
memory: 128M
task_resource_requirements:
requests:
cpu: 500m
cpu: 250m
memory: 128M
ee_resource_requirements:
requests:

5
config/samples/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
## Append samples you want in your CSV to this file as resources ##
resources:
- awx_v1beta1_awx.yaml
# +kubebuilder:scaffold:manifestskustomizesamples

8
config/scorecard/bases/config.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: scorecard.operatorframework.io/v1alpha3
kind: Configuration
metadata:
name: config
stages:
- parallel: true
tests: []

17
config/scorecard/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
resources:
- bases/config.yaml
patchesJson6902:
- path: patches/basic.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
- path: patches/olm.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
# +kubebuilder:scaffold:patchesJson6902

11
config/scorecard/patches/basic.config.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- basic-check-spec
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: basic
test: basic-check-spec-test

51
config/scorecard/patches/olm.config.yaml Normal file
View File

@@ -0,0 +1,51 @@
---
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-bundle-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-bundle-validation-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-crds-have-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-crds-have-validation-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-crds-have-resources
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-crds-have-resources-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-spec-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-spec-descriptors-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-status-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-status-descriptors-test

14
config/testing/debug_logs_patch.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
env:
- name: ANSIBLE_DEBUG_LOGS
value: "TRUE"

21
config/testing/kustomization.yaml Normal file
View File

@@ -0,0 +1,21 @@
# Adds namespace to all resources.
namespace: osdk-test
namePrefix: osdk-
# Labels to add to all resources and selectors.
# commonLabels:
# someName: someValue
patchesStrategicMerge:
- manager_image.yaml
- debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../crd
- ../rbac
- ../manager
images:
- name: testing
newName: testing-operator
patches:
- path: pull_policy/Never.yaml

12
config/testing/manager_image.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
image: testing

12
config/testing/pull_policy/Always.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
imagePullPolicy: Always

12
config/testing/pull_policy/IfNotPresent.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
imagePullPolicy: IfNotPresent

12
config/testing/pull_policy/Never.yaml Normal file
View File

@@ -0,0 +1,12 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
imagePullPolicy: Never

743
deploy/awx-operator.yaml
View File

@@ -1,743 +0,0 @@
# This file is generated by Ansible. Changes will be lost.
# Update templates under ansible/templates/
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxs.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
deployment_type:
description: Name of the deployment type
type: string
kind:
description: Kind of the deployment type
type: string
api_version:
description: apiVersion of the deployment type
type: string
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
admin_user:
description: Username to use for the admin account
type: string
default: admin
hostname:
description: The hostname of the instance
type: string
admin_email:
description: The admin user email
type: string
admin_password_secret:
description: Secret where the admin password can be found
type: string
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
secret_key_secret:
description: Secret where the secret key can be found
type: string
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
service_type:
description: The service type to be used on the deployed instance
type: string
enum:
- LoadBalancer
- loadbalancer
- ClusterIP
- clusterip
- NodePort
- nodeport
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
- none
- Ingress
- ingress
- Route
- route
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
route_host:
description: The DNS to use to points to the instance
type: string
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
enum:
- Edge
- edge
- Passthrough
- passthrough
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
node_selector:
description: nodeSelector for the pods
type: string
service_labels:
description: Additional labels to apply to the service
type: string
tolerations:
description: node tolerations for the pods
type: string
image:
description: Registry path to the application container to use
type: string
image_version:
description: Application container image version to use
type: string
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
type: object
properties:
name:
type: string
image:
type: string
control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods
type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
image_pull_secret:
description: The image pull secret
type: string
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
ee_resource_requirements:
description: Resource requirements for the ee container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
service_account_annotations:
description: ServiceAccount annotations
type: string
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
task_args:
type: array
items:
type: string
task_command:
type: array
items:
type: string
web_args:
type: array
items:
type: string
web_command:
type: array
items:
type: string
task_extra_env:
type: string
web_extra_env:
type: string
ee_extra_env:
type: string
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
redis_image:
description: Registry path to the redis container to use
type: string
redis_image_version:
description: Redis container image version to use
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
properties:
storage:
type: string
type: object
limits:
properties:
storage:
type: string
type: object
type: object
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
type: object
status:
properties:
URL:
description: URL to access the deployed instance
type: string
adminUser:
description: Admin user of the deployed instance
type: string
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
broadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
version:
description: Version of the deployed instance
type: string
image:
description: URL of the image used for the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
status:
type: string
type:
type: string
reason:
type: string
lastTransitionTime:
type: string
type: object
type: array
type: object
type: object
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXBackup CRD
properties:
spec:
type: object
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for the PostgreSQL container
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXRestore CRD
properties:
spec:
type: object
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the deployment to be restored to
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: awx-operator
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
- statefulsets/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- '*'
- awxbackups
- awxrestores
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: awx-operator
subjects:
- kind: ServiceAccount
name: awx-operator
namespace: default
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-operator
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/ansible/awx-operator:0.11.0"
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: "0.11.0"
- name: ANSIBLE_DEBUG_LOGS
value: "false"
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}

426
deploy/crds/awx_v1beta1_crd.yaml
View File

@@ -1,426 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxs.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
deployment_type:
description: Name of the deployment type
type: string
kind:
description: Kind of the deployment type
type: string
api_version:
description: apiVersion of the deployment type
type: string
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
admin_user:
description: Username to use for the admin account
type: string
default: admin
hostname:
description: The hostname of the instance
type: string
admin_email:
description: The admin user email
type: string
admin_password_secret:
description: Secret where the admin password can be found
type: string
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
secret_key_secret:
description: Secret where the secret key can be found
type: string
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
service_type:
description: The service type to be used on the deployed instance
type: string
enum:
- LoadBalancer
- loadbalancer
- ClusterIP
- clusterip
- NodePort
- nodeport
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
- none
- Ingress
- ingress
- Route
- route
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
route_host:
description: The DNS to use to points to the instance
type: string
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
enum:
- Edge
- edge
- Passthrough
- passthrough
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
node_selector:
description: nodeSelector for the pods
type: string
service_labels:
description: Additional labels to apply to the service
type: string
tolerations:
description: node tolerations for the pods
type: string
image:
description: Registry path to the application container to use
type: string
image_version:
description: Application container image version to use
type: string
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
type: object
properties:
name:
type: string
image:
type: string
control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods
type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
image_pull_secret:
description: The image pull secret
type: string
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
ee_resource_requirements:
description: Resource requirements for the ee container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
service_account_annotations:
description: ServiceAccount annotations
type: string
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
task_args:
type: array
items:
type: string
task_command:
type: array
items:
type: string
web_args:
type: array
items:
type: string
web_command:
type: array
items:
type: string
task_extra_env:
type: string
web_extra_env:
type: string
ee_extra_env:
type: string
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
redis_image:
description: Registry path to the redis container to use
type: string
redis_image_version:
description: Redis container image version to use
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
properties:
storage:
type: string
type: object
limits:
properties:
storage:
type: string
type: object
type: object
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
type: object
status:
properties:
URL:
description: URL to access the deployed instance
type: string
adminUser:
description: Admin user of the deployed instance
type: string
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
broadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
version:
description: Version of the deployed instance
type: string
image:
description: URL of the image used for the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
status:
type: string
type:
type: string
reason:
type: string
lastTransitionTime:
type: string
type: object
type: array
type: object
type: object

78
deploy/crds/awxbackup_v1beta1_crd.yaml
View File

@@ -1,78 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXBackup CRD
properties:
spec:
type: object
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for the PostgreSQL container
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string

79
deploy/crds/awxrestore_v1beta1_crd.yaml
View File

@@ -1,79 +0,0 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXRestore CRD
properties:
spec:
type: object
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the deployment to be restored to
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean

5
deploy/kustomization.yaml
View File

@@ -1,5 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./awx-operator.yaml

724
deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
View File

@@ -1,724 +0,0 @@
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: |-
[
{
"apiVersion": "awx.ansible.com/v1beta1",
"kind": "AWX",
"metadata": {
"name": "example-awx",
"namespace": "example-awx"
},
"spec": {
"deployment_type": "awx",
"ee_resource_requirements": {
"requests": {
"cpu": "200m",
"memory": "64M"
}
},
"ingress_type": "ingress",
"service_account_annotations": "foo: bar\n",
"task_resource_requirements": {
"requests": {
"cpu": "500m",
"memory": "128M"
}
},
"web_resource_requirements": {
"requests": {
"cpu": "500m",
"memory": "128M"
}
}
}
}
]
capabilities: Basic Install
operators.operatorframework.io/builder: operator-sdk-v0.19.4
operators.operatorframework.io/project_layout: ansible
name: awx-operator.v0.11.0
namespace: placeholder
spec:
apiservicedefinitions: {}
customresourcedefinitions:
owned:
- displayName: AWX Backup
kind: AWXBackup
name: awxbackups.awx.ansible.com
specDescriptors:
- displayName: Deployment name
path: deployment_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Backup persistent volume claim
path: backup_pvc
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup persistent volume claim namespace
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup PVC storage requirements
path: backup_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Backup PVC storage class
path: backup_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Database backup label selector
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: The persistent volume claim name used during backup
displayName: Backup claim
path: backupClaim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: The directory data is backed up to on the PVC
displayName: Backup directory
path: backupDirectory
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1
- displayName: AWX Restore
kind: AWXRestore
name: awxrestores.awx.ansible.com
specDescriptors:
- displayName: Backup source to restore ?
path: backup_source
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:select:CR
- urn:alm:descriptor:com.tectonic.ui:select:PVC
- displayName: Backup name
path: backup_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR
- displayName: Deployment name
path: deployment_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup persistent volume claim
path: backup_pvc
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup persistent volume claim namespace
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Backup directory in the persistent volume claim
path: backup_dir
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
- displayName: Database restore label selector
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: The state of the restore
displayName: Restore status
path: restoreComplete
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1
- description: A AWX Instance
displayName: AWX
kind: AWX
name: awxs.awx.ansible.com
specDescriptors:
- displayName: Hostname
path: hostname
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin account username
path: admin_user
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin email address
path: admin_email
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Admin password secret
path: admin_password_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Database configuration secret
path: postgres_configuration_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Old Database configuration secret
path: old_postgres_configuration_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Secret key secret
path: secret_key_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Broadcast Websocket Secret
path: broadcast_websocket_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Service Account Annotations
path: service_account_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Tower Service Type
path: service_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:ClusterIP
- urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
- urn:alm:descriptor:com.tectonic.ui:select:NodePort
- displayName: Tower Ingress Type
path: ingress_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:none
- urn:alm:descriptor:com.tectonic.ui:select:Ingress
- urn:alm:descriptor:com.tectonic.ui:select:Route
- displayName: Tower Ingress Annotations
path: ingress_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower Ingress TLS Secret
path: ingress_tls_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Tower LoadBalancer Annotations
path: loadbalancer_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Tower LoadBalancer Protocol
path: loadbalancer_protocol
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:http
- urn:alm:descriptor:com.tectonic.ui:select:https
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Tower LoadBalancer Port
path: loadbalancer_port
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Route DNS host
path: route_host
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS termination mechanism
path: route_tls_termination_mechanism
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:Edge
- urn:alm:descriptor:com.tectonic.ui:select:Passthrough
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Route TLS credential secret
path: route_tls_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
- displayName: Image Pull Policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: Image Pull Secret
path: image_pull_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullSecret
- displayName: Web container resource requirements
path: web_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Task container resource requirements
path: task_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: EE Control Plane container resource requirements
path: ee_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container resource requirements (when using a managed
instance)
path: postgres_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: PostgreSQL container storage requirements (when using a managed
instance)
path: postgres_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas
path: replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Remove used secrets on instance removal ?
path: garbage_collect_secrets
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Preload instance with data upon creation ?
path: create_preload_data
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Deploy the instance in development mode ?
path: development_mode
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Should the task container deployed with privileged level ?
path: task_privileged
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Deployment Type
path: deployment_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Deployment Kind
path: kind
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Deployment apiVersion
path: api_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image Version
path: image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image
path: redis_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Redis Image Version
path: redis_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image
path: postgres_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: PostgreSQL Image Version
path: postgres_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Selector
path: postgres_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Label Selector
path: postgres_label_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Tolerations
path: postgres_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Storage Class
path: postgres_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Datapath
path: postgres_data_path
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Certificate Authorirty Trust Bundle
path: ca_trust_bundle
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: LDAP Certificate Authority Trust Bundle
path: ldap_cacert_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- displayName: Task Args
path: task_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Enable persistence for /var/lib/projects directory?
path: projects_persistence
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Use existing Persistent Claim?
path: projects_use_existing_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:select:_Yes_
- urn:alm:descriptor:com.tectonic.ui:select:_No_
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
- displayName: Projects Existing Persistent Claim
path: projects_existing_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
- urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
- description: Projects Storage Class Name. If not present, the default storage
class will be used.
displayName: Projects Storage Class Name
path: projects_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- description: Projects Storage Size
displayName: Projects Storage Size
path: projects_storage_size
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- description: Projects Storage Access Mode
displayName: Projects Storage Access Mode
path: projects_storage_access_mode
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Task Command
path: task_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to Task container
displayName: Task Extra Env
path: task_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Execution container
displayName: EE Extra Volume Mounts
path: ee_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Registry path to the Execution Environment container to use
displayName: EE Images
path: ee_images
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to EE container
displayName: EE Extra Env
path: ee_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Registry path to the Execution Environment container to use on
control plane pods
displayName: Control Plane EE Image
path: control_plane_ee_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: EE Images Pull Credentials Secret
displayName: EE Images Pull Credentials Secret
path: ee_pull_credentials_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- description: Specify volume mounts to be added to Task container
displayName: Task Extra Volume Mounts
path: task_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Args
path: web_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Command
path: web_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to Web container
displayName: Web Extra Env
path: web_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Web container
displayName: Web Extra Volume Mounts
path: web_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify extra volumes to add to the application pod
displayName: Extra Volumes
path: extra_volumes
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Node Selector
path: node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Service Labels
path: service_labels
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tolerations
path: tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: API Extra Settings
path: extra_settings
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
statusDescriptors:
- description: Route to access the instance deployed
displayName: URL
path: URL
x-descriptors:
- urn:alm:descriptor:org.w3:link
- description: Admin user for the instance deployed
displayName: Admin User
path: adminUser
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Admin password for the instance deployed
displayName: Admin Password
path: adminPasswordSecret
x-descriptors:
- urn:alm:descriptor:io.kubernetes:Secret
- description: Version of the instance deployed
displayName: Version
path: version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- description: Image of the instance deployed
displayName: Image
path: image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1
description: AWX operator
displayName: AWX
icon:
- base64data: ""
mediatype: ""
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- ""
- rbac.authorization.k8s.io
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
- statefulsets/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- '*'
- awxbackups
- awxrestores
verbs:
- '*'
serviceAccountName: awx-operator
deployments:
- name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
strategy: {}
template:
metadata:
labels:
name: awx-operator
spec:
containers:
- env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: 0.11.0
- name: ANSIBLE_DEBUG_LOGS
value: "false"
image: quay.io/ansible/awx-operator:0.11.0
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
name: awx-operator
resources: {}
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
serviceAccountName: awx-operator
volumes:
- emptyDir: {}
name: runner
strategy: deployment
installModes:
- supported: true
type: OwnNamespace
- supported: true
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: true
type: AllNamespaces
keywords:
- awx
links:
- name: Awx Operator
url: https://github.com/ansible/awx-operator
maintainers:
- email: yguenane@redhat.com
name: Yanis Guenane
maturity: alpha
provider:
name: AWX Community
url: https://github.com/ansible/awx-operator
replaces: awx-operator.v0.10.0
version: 0.11.0

85
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml
View File

@@ -1,85 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Schema validation for the AWXBackup CRD
properties:
spec:
properties:
backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
backup_storage_requirements:
description: Storage requirements for the PostgreSQL container
type: string
deployment_name:
description: Name of the deployment to be backed up
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing
up data
type: string
required:
- deployment_name
type: object
status:
properties:
backupClaim:
description: Backup persistent volume claim
type: string
backupDirectory:
description: Backup directory name on the specified pvc
type: string
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

88
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Schema validation for the AWXRestore CRD
properties:
spec:
properties:
backup_dir:
description: Backup directory name, set as a status found on the awxbackup
object (backupDirectory)
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status
found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_source:
description: Backup source
enum:
- CR
- PVC
type: string
deployment_name:
description: Name of the deployment to be restored to
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing
up data
type: string
type: object
status:
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

440
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
View File

@@ -1,440 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: awxs.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
admin_email:
description: The admin user email
type: string
admin_password_secret:
description: Secret where the admin password can be found
type: string
admin_user:
default: admin
description: Username to use for the admin account
type: string
api_version:
description: apiVersion of the deployment type
type: string
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
control_plane_ee_image:
description: Registry path to the Execution Environment container
image to use on control plane pods
type: string
create_preload_data:
default: true
description: Whether or not to preload data upon instance creation
type: boolean
deployment_type:
description: Name of the deployment type
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ee_extra_env:
type: string
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
ee_images:
description: Registry path to the Execution Environment container
to use
items:
properties:
image:
type: string
name:
type: string
type: object
type: array
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can
be found
type: string
ee_resource_requirements:
description: Resource requirements for the ee container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
garbage_collect_secrets:
default: false
description: Whether or not to remove secrets upon instance removal
type: boolean
hostname:
description: The hostname of the instance
type: string
image:
description: Registry path to the application container to use
type: string
image_pull_policy:
default: IfNotPresent
description: The image pull policy
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
type: string
image_pull_secret:
description: The image pull secret
type: string
image_version:
description: Application container image version to use
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
ingress_type:
description: The ingress type to use to reach the deployed instance
enum:
- none
- Ingress
- ingress
- Route
- route
type: string
kind:
description: Kind of the deployment type
type: string
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate
Authority Bundle
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_port:
default: 80
description: Port to use for the loadbalancer
type: integer
loadbalancer_protocol:
default: http
description: Protocol to use for the loadbalancer
enum:
- http
- https
type: string
node_selector:
description: nodeSelector for the pods
type: string
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found
for data migration
type: string
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data
migration
type: string
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
limits:
properties:
storage:
type: string
type: object
requests:
properties:
storage:
type: string
type: object
type: object
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
projects_persistence:
default: false
description: Whether or not the /var/lib/projects directory will be
persistent
type: boolean
projects_storage_access_mode:
default: ReadWriteMany
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_size:
default: 8Gi
description: Size for the /var/lib/projects PersistentVolumeClaim
type: string
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
enum:
- _Yes_
- _No_
type: string
redis_image:
description: Registry path to the redis container to use
type: string
redis_image_version:
description: Redis container image version to use
type: string
replicas:
default: 1
description: Number of instance replicas
format: int32
type: integer
route_host:
description: The DNS to use to points to the instance
type: string
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
route_tls_termination_mechanism:
default: Edge
description: The secure TLS termination mechanism to use
enum:
- Edge
- edge
- Passthrough
- passthrough
type: string
secret_key_secret:
description: Secret where the secret key can be found
type: string
service_account_annotations:
description: ServiceAccount annotations
type: string
service_labels:
description: Additional labels to apply to the service
type: string
service_type:
description: The service type to be used on the deployed instance
enum:
- LoadBalancer
- loadbalancer
- ClusterIP
- clusterip
- NodePort
- nodeport
type: string
task_args:
items:
type: string
type: array
task_command:
items:
type: string
type: array
task_extra_env:
type: string
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
task_privileged:
default: false
description: If a privileged security context should be enabled
type: boolean
task_resource_requirements:
description: Resource requirements for the task container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
tolerations:
description: node tolerations for the pods
type: string
web_args:
items:
type: string
type: array
web_command:
items:
type: string
type: array
web_extra_env:
type: string
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
web_resource_requirements:
description: Resource requirements for the web container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
type: object
status:
properties:
URL:
description: URL to access the deployed instance
type: string
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
adminUser:
description: Admin user of the deployed instance
type: string
broadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
image:
description: URL of the image used for the deployed instance
type: string
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
postgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
version:
description: Version of the deployed instance
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

10
deploy/olm-catalog/awx-operator/metadata/annotations.yaml
View File

@@ -1,10 +0,0 @@
annotations:
operators.operatorframework.io.bundle.channel.default.v1: alpha
operators.operatorframework.io.bundle.channels.v1: alpha
operators.operatorframework.io.bundle.manifests.v1: manifests/
operators.operatorframework.io.bundle.mediatype.v1: registry+v1
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: awx-operator
operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: ansible

15
docs/migration.md
View File

@@ -63,5 +63,20 @@ metadata:
name: awx
spec:
old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
secret_key_secret: <resourcename>-secret-key
...
```
## Important Note
If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
```yaml
---
# Secret key
---
# Database creds
---
# AWX Config
```
Failing to do so will lead to an inoperable setup.

5
main.yml
View File

@@ -1,5 +0,0 @@
---
- hosts: localhost
gather_facts: no
roles:
- installer

39
molecule/default/asserts.yml
View File

@@ -1,39 +0,0 @@
---
- name: Verify cluster resources
hosts: localhost
connection: local
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
tasks:
- name: Get AWX Kind data
k8s_info:
api_version: awx.ansible.com/v1beta1
kind: AWX
namespace: example-awx
label_selectors:
- "app.kubernetes.io/name=example-awx"
- "app.kubernetes.io/part-of=example-awx"
- "app.kubernetes.io/managed-by=awx-operator"
- "app.kubernetes.io/component=awx"
register: awx_kind
- name: Verify there is one AWX kind
assert:
that: '{{ (awx_kind.resources | length) == 1 }}'
- name: Get AWX Pod data
k8s_info:
kind: Pod
namespace: example-awx
label_selectors:
- "app.kubernetes.io/name=example-awx"
- "app.kubernetes.io/part-of=example-awx"
- "app.kubernetes.io/managed-by=awx-operator"
- "app.kubernetes.io/component=awx"
register: tower_pods
- name: Verify there is one AWX pod
assert:
that: '{{ (tower_pods.resources | length) == 1 }}'

18
molecule/default/converge.yml
View File

@@ -2,9 +2,17 @@
- name: Converge
hosts: localhost
connection: local
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
roles:
- installer
gather_facts: no
collections:
- kubernetes.core
- import_playbook: '{{ playbook_dir }}/asserts.yml'
tasks:
- name: Create Namespace
k8s:
api_version: v1
kind: Namespace
name: '{{ namespace }}'
- import_tasks: kustomize.yml
vars:
state: present

6
molecule/default/create.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Create
hosts: localhost
connection: local
gather_facts: false
tasks: []

24
molecule/default/destroy.yml Normal file
View File

@@ -0,0 +1,24 @@
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: false
collections:
- kubernetes.core
tasks:
- import_tasks: kustomize.yml
vars:
state: absent
- name: Destroy Namespace
k8s:
api_version: v1
kind: Namespace
name: '{{ namespace }}'
state: absent
- name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'

15
molecule/default/kustomize.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- name: Build kustomize testing overlay
# load_restrictor must be set to none so we can load patch files from the default overlay
command: '{{ kustomize }} build --load_restrictor none .'
args:
chdir: '{{ config_dir }}/testing'
register: resources
changed_when: false
- name: Set resources to {{ state }}
k8s:
definition: '{{ item }}'
state: '{{ state }}'
wait: yes
loop: '{{ resources.stdout | from_yaml_all | list }}'

41
molecule/default/molecule.yml
View File

@@ -2,33 +2,38 @@
dependency:
name: galaxy
driver:
name: docker
name: delegated
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: kind-default
- name: cluster
groups:
- k8s
image: bsycorp/kind:latest-1.14
privileged: True
override_command: no
exposed_ports:
- 8443/tcp
- 10080/tcp
published_ports:
- 0.0.0.0:${TEST_CLUSTER_PORT:-9443}:8443/tcp
pre_build_image: yes
provisioner:
name: ansible
log: True
lint: |
set -e
ansible-lint
inventory:
group_vars:
all:
operator_namespace: ${TEST_NAMESPACE:-default}
namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
host_vars:
localhost:
awx_image: ${AWX_TEST_IMAGE:-""}
awx_version: ${AWX_TEST_VERSION:-""}
default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
ansible_python_interpreter: '{{ ansible_playbook_python }}'
config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
operator_image: ${OPERATOR_IMAGE:-""}
operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"}
kustomize: ${KUSTOMIZE_PATH:-kustomize}
env:
K8S_AUTH_KUBECONFIG: /tmp/molecule/kind-default/kubeconfig
KUBECONFIG: /tmp/molecule/kind-default/kubeconfig
ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
KIND_PORT: '${TEST_CLUSTER_PORT:-9443}'
K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"}
verifier:
name: ansible
lint: |
set -e
ansible-lint

51
molecule/default/prepare.yml
View File

@@ -1,39 +1,28 @@
---
- name: Prepare operator resources
- name: Prepare
hosts: localhost
connection: local
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
vars_files:
- "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/group_vars/all"
gather_facts: false
tasks:
- name: Create AWX Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_crd.yaml'])) }}"
- name: Ensure operator image is set
fail:
msg: |
You must specify the OPERATOR_IMAGE environment variable in order to run the
'default' scenario
when: not operator_image
- name: Create AWXBackup Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxbackup_v1beta1_crd.yaml'])) }}"
- name: Set testing image
command: '{{ kustomize }} edit set image testing={{ operator_image }}'
args:
chdir: '{{ config_dir }}/testing'
- name: Create AWXRestore Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxrestore_v1beta1_crd.yaml'])) }}"
- name: Set pull policy
command: '{{ kustomize }} edit add patch --path pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'
- name: Ensure specified namespace is present
k8s:
api_version: v1
kind: Namespace
name: '{{ operator_namespace }}'
- name: Create RBAC resources
k8s:
definition: "{{ lookup('template', '/'.join([templates_dir, item])) }}"
namespace: '{{ operator_namespace }}'
with_items:
- role.yml.j2
- role_binding.yml.j2
- service_account.yml.j2
- name: Set testing namespace
command: '{{ kustomize }} edit set namespace {{ namespace }}'
args:
chdir: '{{ config_dir }}/testing'

85
molecule/default/tasks/awx_test.yml Normal file
View File

@@ -0,0 +1,85 @@
---
- name: Create the awx.ansible.com/v1alpha1.AWX
k8s:
state: present
namespace: '{{ namespace }}'
definition: "{{ lookup('template', 'awx_cr_molecule.yml.j2') | from_yaml }}"
wait: yes
wait_timeout: 900
wait_condition:
type: Running
reason: Successful
status: "True"
- name: Obtain generated admin password
k8s_info:
namespace: '{{ namespace }}'
kind: Secret
name: example-awx-admin-password
register: admin_pw_secret
- block:
- name: Get pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx
register: awx_pod
when: not awx_version
- name: Exract tags from images
set_fact:
image_tags: |
{{ awx_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
- fail:
msg: |
It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
This is an environment variable that is set via build arg when releasing awx-operator.
when:
- not awx_version
- default_awx_version not in image_tags
- name: Launch Demo Job Template
awx.awx.job_launch:
name: Demo Job Template
wait: yes
validate_certs: no
controller_host: localhost
controller_username: admin
controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
rescue:
- name: Get list of project updates and jobs
uri:
url: "http://localhost/api/v2/{{ resource }}/"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
register: job_lists
loop:
- project_updates
- jobs
loop_control:
loop_var: resource
- name: Get all job and project details
uri:
url: "http://localhost{{ endpoint }}"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
loop: |
{{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
loop_control:
loop_var: endpoint
- name: Re-emit failure
vars:
failed_task:
result: '{{ ansible_failed_result }}'
fail:
msg: '{{ failed_task }}'

27
molecule/default/templates/awx_cr_molecule.yml.j2 Normal file
View File

@@ -0,0 +1,27 @@
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: example-awx
spec:
{% if awx_image %}
image: {{ awx_image }}
{% endif %}
{% if awx_version %}
image_version: {{ awx_version }}
{% endif %}
ingress_type: ingress
ingress_annotations: |
kubernetes.io/ingress.class: nginx
web_resource_requirements:
requests:
cpu: 250m
memory: 128M
task_resource_requirements:
requests:
cpu: 250m
memory: 128M
ee_resource_requirements:
requests:
cpu: 200m
memory: 64M

57
molecule/default/verify.yml Normal file
View File

@@ -0,0 +1,57 @@
---
- name: Verify
hosts: localhost
connection: local
gather_facts: no
collections:
- kubernetes.core
vars:
ctrl_label: control-plane=controller-manager
tasks:
- block:
- name: Import all test files from tasks/
include_tasks: '{{ item }}'
with_fileglob:
- tasks/*_test.yml
rescue:
- name: Retrieve relevant resources
k8s_info:
api_version: '{{ item.api_version }}'
kind: '{{ item.kind }}'
namespace: '{{ namespace }}'
loop:
- api_version: v1
kind: Pod
- api_version: apps/v1
kind: Deployment
- api_version: v1
kind: Secret
- api_version: v1
kind: ConfigMap
register: debug_resources
- name: Retrieve Pod logs
k8s_log:
name: '{{ item.metadata.name }}'
namespace: '{{ namespace }}'
container: awx-manager
loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}"
register: debug_logs
- name: Output gathered resources
debug:
var: debug_resources
- name: Output gathered logs
debug:
var: item.log_lines
loop: '{{ debug_logs.results }}'
- name: Re-emit failure
vars:
failed_task:
result: '{{ ansible_failed_result }}'
fail:
msg: '{{ failed_task }}'

34
molecule/kind/converge.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: Converge
hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Build operator image
docker_image:
build:
path: '{{ project_dir }}'
pull: no
args:
DEFAULT_AWX_VERSION: '{{ default_awx_version }}'
name: '{{ operator_image }}'
tag: latest
push: no
source: build
force_source: yes
- name: Load operator image into kind cluster
command: kind load docker-image --name osdk-test '{{ operator_image }}'
register: result
changed_when: '"not yet present" in result.stdout'
- name: Load awx image into kind cluster
command: kind load docker-image --name osdk-test '{{ awx_image }}:{{ awx_version }}'
register: result
changed_when: '"not yet present" in result.stdout'
when:
- awx_image is defined
- awx_image != ''
- import_playbook: ../default/converge.yml

27
molecule/kind/create.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: Create
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Create test kind cluster
shell: |
cat <<EOF | kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
EOF

16
molecule/kind/destroy.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: false
collections:
- kubernetes.core
tasks:
- name: Destroy test kind cluster
command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }}
- name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'

44
molecule/kind/molecule.yml Normal file
View File

@@ -0,0 +1,44 @@
---
dependency:
name: galaxy
driver:
name: delegated
lint: |
set -e
yamllint .
platforms:
- name: cluster
groups:
- k8s
provisioner:
name: ansible
playbooks:
verify: ../default/verify.yml
lint: |
set -e
ansible-lint
inventory:
group_vars:
all:
namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
host_vars:
localhost:
awx_image: ${AWX_TEST_IMAGE:-""}
awx_version: ${AWX_TEST_VERSION:-""}
ansible_python_interpreter: '{{ ansible_playbook_python }}'
default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
project_dir: ${MOLECULE_PROJECT_DIRECTORY}
operator_image: testing-operator
operator_pull_policy: "Never"
kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
kustomize: ${KUSTOMIZE_PATH:-kustomize}
env:
K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
verifier:
name: ansible
lint: |
set -e
ansible-lint

29
molecule/kind/prepare.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Prepare
hosts: localhost
connection: local
gather_facts: false
collections:
- kubernetes.core
vars:
nginx_ingress_definition: 'https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml'
tasks:
- name: Install NGINX ingress
k8s:
definition: |
{{ lookup('url', nginx_ingress_definition, split_lines=False) | from_yaml_all }}
- name: Wait for NGINX ingress to become available
k8s_info:
kind: Pod
namespace: ingress-nginx
label_selectors:
- app.kubernetes.io/component=controller
wait: yes
wait_timeout: 30
wait_condition:
type: Ready
register: result # For some reason, this task always fails on the first try...
until: result is not failed
- import_playbook: ../default/prepare.yml

7
molecule/requirements.txt Normal file
View File

@@ -0,0 +1,7 @@
molecule
molecule-docker
yamllint
ansible-lint
openshift!=0.13.0
jmespath
ansible-core

8
molecule/requirements.yml Normal file
View File

@@ -0,0 +1,8 @@
---
collections:
- name: community.general
- name: kubernetes.core
version: 1.2.1
- name: operator_sdk.util
- name: community.docker
- name: awx.awx

2
molecule/test-local/ansible.cfg
View File

@@ -1,2 +0,0 @@
[defaults]
stdout_callback = yaml

133
molecule/test-local/converge.yml
View File

@@ -1,133 +0,0 @@
---
- name: Build Operator in Kind container
hosts: k8s
vars:
image_name: awx.ansible.com/awx-operator:testing
tasks:
# using command so we don't need to install any dependencies
- name: Get existing image hash
command: docker images -q {{ image_name }}
register: prev_hash
changed_when: false
- name: Build Operator Image
command: docker build -f /build/build/Dockerfile -t {{ image_name }} /build
register: build_cmd
changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:]))
- name: Converge
hosts: localhost
connection: local
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
pull_policy: Never
operator_image: awx.ansible.com/awx-operator
operator_version: testing
ansible_debug_logs: "true"
custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}"
tasks:
- block:
- name: Delete the Operator Deployment
k8s:
state: absent
namespace: '{{ operator_namespace }}'
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
register: delete_deployment
when: hostvars[groups.k8s.0].build_cmd.changed
- name: Wait 30s for Operator Deployment to terminate
k8s_info:
api_version: '{{ definition.apiVersion }}'
kind: '{{ definition.kind }}'
namespace: '{{ operator_namespace }}'
name: '{{ definition.metadata.name }}'
vars:
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
register: deployment
until: not deployment.resources
delay: 3
retries: 10
when: delete_deployment.changed
- name: Create the Operator Deployment
k8s:
namespace: '{{ operator_namespace }}'
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
- name: Ensure the AWX custom_resource namespace exists
k8s:
state: present
name: '{{ custom_resource.metadata.namespace }}'
kind: Namespace
api_version: v1
- name: Create the AWX Custom Resource
k8s:
state: present
namespace: '{{ custom_resource.metadata.namespace }}'
definition: '{{ custom_resource }}'
- name: Wait 15m for reconciliation to run
k8s_info:
api_version: '{{ custom_resource.apiVersion }}'
kind: '{{ custom_resource.kind }}'
namespace: '{{ custom_resource.metadata.namespace }}'
name: '{{ custom_resource.metadata.name }}'
register: cr
until:
- "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
delay: 6
retries: 150
rescue:
- name: debug cr
ignore_errors: yes
failed_when: false
debug:
var: debug_cr
vars:
debug_cr: '{{ lookup("k8s",
kind=custom_resource.kind,
api_version=custom_resource.apiVersion,
namespace=custom_resource.metadata.namespace,
resource_name=custom_resource.metadata.name)
}}'
- name: debug awx deployment
ignore_errors: yes
failed_when: false
debug:
var: deploy
vars:
deploy: '{{ lookup("k8s",
kind="Deployment",
api_version="apps/v1",
namespace=custom_resource.metadata.namespace,
label_selector="app.kubernetes.io/name=example-awx")
}}'
- name: get operator logs
ignore_errors: yes
failed_when: false
command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }}
environment:
KUBECONFIG: '{{ lookup("env", "KUBECONFIG") }}'
vars:
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
register: log
- name: print debug output
debug: var=log.stdout_lines
- name: fail if converge didn't succeed
fail:
msg: "Failed on action: converge"
- import_playbook: '{{ playbook_dir }}/../default/asserts.yml'

46
molecule/test-local/molecule.yml
View File

@@ -1,46 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: kind-test-local
groups:
- k8s
image: bsycorp/kind:v1.17.9
privileged: True
override_command: no
exposed_ports:
- 8443/tcp
- 10080/tcp
published_ports:
- 0.0.0.0:${TEST_CLUSTER_PORT:-10443}:8443/tcp
pre_build_image: yes
volumes:
- ${MOLECULE_PROJECT_DIRECTORY}:/build:Z
provisioner:
name: ansible
log: True
inventory:
group_vars:
all:
operator_namespace: ${TEST_NAMESPACE:-default}
env:
K8S_AUTH_KUBECONFIG: /tmp/molecule/kind-test-local/kubeconfig
KUBECONFIG: /tmp/molecule/kind-test-local/kubeconfig
ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
KIND_PORT: '${TEST_CLUSTER_PORT:-10443}'
scenario:
test_sequence:
- lint
- destroy
- dependency
- syntax
- create
- prepare
- converge
- destroy

38
molecule/test-local/prepare.yml
View File

@@ -1,38 +0,0 @@
---
- name: Prepare kubernetes environment
hosts: k8s
gather_facts: no
vars:
kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
tasks:
- name: delete the kubeconfig if present
file:
path: '{{ kubeconfig }}'
state: absent
delegate_to: localhost
- name: Fetch the kubeconfig
fetch:
dest: '{{ kubeconfig }}'
flat: yes
src: /root/.kube/config
- name: Change the kubeconfig port to the proper value
replace:
regexp: 8443
replace: "{{ lookup('env', 'KIND_PORT') }}"
path: '{{ kubeconfig }}'
mode: 0644
delegate_to: localhost
- name: Wait for the Kubernetes API to become available (this could take a minute)
uri:
url: "http://localhost:10080/kubernetes-ready"
status_code: 200
validate_certs: no
register: result
until: (result.status|default(-1)) == 200
retries: 60
delay: 5
- import_playbook: ../default/prepare.yml

142
molecule/test-minikube/converge.yml
View File

@@ -1,142 +0,0 @@
---
# TODO: For some reason prepare is not run after a destroy in the Minikube env.
- import_playbook: ../default/prepare.yml
- name: Build Operator in Minikube
hosts: localhost
connection: local
vars:
image_name: awx.ansible.com/awx-operator:testing
tasks:
# Use raw Docker commands inside Minikube to avoid extra Python dependencies.
- name: Get existing image hash
shell: |
eval $(minikube docker-env)
docker images -q {{ image_name }}
register: prev_hash
changed_when: false
- name: Build Operator Image
shell: |
eval $(minikube docker-env)
docker build -f ../../build/Dockerfile -t {{ image_name }} ../..
register: build_cmd
changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:]))
- name: Converge
hosts: localhost
connection: local
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
pull_policy: Never
operator_image: awx.ansible.com/awx-operator
operator_version: testing
ansible_debug_logs: "true"
# Change this to _awx to test AWX, _tower to test Tower.
custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}"
tasks:
- block:
- name: Delete the Operator Deployment
k8s:
state: absent
namespace: '{{ operator_namespace }}'
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
register: delete_deployment
when: build_cmd.changed
- name: Wait 30s for Operator Deployment to terminate
k8s_info:
api_version: '{{ definition.apiVersion }}'
kind: '{{ definition.kind }}'
namespace: '{{ operator_namespace }}'
name: '{{ definition.metadata.name }}'
vars:
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
register: deployment
until: not deployment.resources
delay: 3
retries: 10
when: delete_deployment.changed
- name: Create the Operator Deployment
k8s:
namespace: '{{ operator_namespace }}'
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
- name: Ensure the AWX custom_resource namespace exists
k8s:
state: present
name: '{{ custom_resource.metadata.namespace }}'
kind: Namespace
api_version: v1
- name: Create the AWX Custom Resource
k8s:
state: present
namespace: '{{ custom_resource.metadata.namespace }}'
definition: '{{ custom_resource }}'
- name: Wait 15m for reconciliation to run
k8s_info:
api_version: '{{ custom_resource.apiVersion }}'
kind: '{{ custom_resource.kind }}'
namespace: '{{ custom_resource.metadata.namespace }}'
name: '{{ custom_resource.metadata.name }}'
register: cr
until:
- "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
delay: 6
retries: 150
rescue:
- name: debug cr
ignore_errors: yes
failed_when: false
debug:
var: debug_cr
vars:
debug_cr: '{{ lookup("k8s",
kind=custom_resource.kind,
api_version=custom_resource.apiVersion,
namespace=custom_resource.metadata.namespace,
resource_name=custom_resource.metadata.name)
}}'
- name: debug awx deployment
ignore_errors: yes
failed_when: false
debug:
var: deploy
vars:
deploy: '{{ lookup("k8s",
kind="Deployment",
api_version="apps/v1",
namespace=custom_resource.metadata.namespace,
label_selector="app.kubernetes.io/name=example-awx")
}}'
- name: get operator logs
ignore_errors: yes
failed_when: false
command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }} -c operator
environment:
KUBECONFIG: '{{ lookup("env", "KUBECONFIG") }}'
vars:
definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
register: log
- name: print debug output
debug: var=log.stdout_lines
- name: fail if converge didn't succeed
fail:
msg: "Failed on action: converge"
- import_playbook: '{{ playbook_dir }}/../default/asserts.yml'

34
molecule/test-minikube/molecule.yml
View File

@@ -1,34 +0,0 @@
---
dependency:
name: galaxy
driver:
name: delegated
options:
managed: False
ansible_connection_options: {}
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: test-minikube
groups:
- k8s
provisioner:
name: ansible
inventory:
group_vars:
all:
operator_namespace: ${TEST_NAMESPACE:-default}
env:
ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
scenario:
test_sequence:
- lint
- destroy
- dependency
- syntax
- create
- prepare
- converge
- destroy

Some files were not shown because too many files have changed in this diff Show More