internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 05:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:0.25.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:shanemcd-patch-1
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

1 Commits
0.25.0 ... shanemcd-p

Author SHA1 Message Date
Shane McDonald
b7c67e75a4 TEST - DNM 2021-06-23 16:11:33 -04:00
183 changed files with 3854 additions and 4054 deletions
Expand all files Collapse all files

3
.github/CODE_OF_CONDUCT.md vendored
View File

@@ -1,3 +0,0 @@
# Community Code of Conduct
Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).

39
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,39 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
##### ISSUE TYPE
- Bug Report
##### SUMMARY
<!-- Briefly describe the problem. -->
##### ENVIRONMENT
* AWX version: X.Y.Z
* Operator version: X.Y.Z
* Kubernetes version:
* AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
##### STEPS TO REPRODUCE
<!-- Please describe exactly how to reproduce the problem. -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
##### ACTUAL RESULTS
<!-- What actually happened? -->
##### ADDITIONAL INFORMATION
<!-- Include any links to sosreport, database dumps, screenshots or other
information. -->
##### AWX-OPERATOR LOGS

125
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View File

@@ -1,125 +0,0 @@
---
name: Bug Report
description: "🐞 Create a report to help us improve"
body:
- type: markdown
attributes:
value: |
Bug Report issues are for **concrete, actionable bugs** only.
For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
- type: checkboxes
id: terms
attributes:
label: Please confirm the following
options:
- label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
required: true
- label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
required: true
- label: I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.
required: true
- type: textarea
id: summary
attributes:
label: Bug Summary
description: Briefly describe the problem.
validations:
required: false
- type: input
id: awx-operator-version
attributes:
label: AWX Operator version
description: What version of the AWX Operator are you running?
validations:
required: true
- type: input
id: awx-version
attributes:
label: AWX version
description: What version of AWX are you running?
validations:
required: true
- type: dropdown
id: platform
attributes:
label: Kubernetes platform
description: What platform did you install the Operator in?
multiple: false
options:
- kubernetes
- minikube
- openshift
- minishift
- docker development environment
- other (please specify in additional information)
validations:
required: true
- type: input
id: kube-version
attributes:
label: Kubernetes/Platform version
description: What version of your platform/kuberneties are you using?
validations:
required: true
- type: dropdown
id: modified-architecture
attributes:
label: Modifications
description: >-
Have you modified the installation, deployment topology, or container images in any way? If yes, please
explain in the "additional information" field at the bottom of the form.
multiple: false
options:
- "no"
- "yes"
validations:
required: true
- type: textarea
id: steps-to-reproduce
attributes:
label: Steps to reproduce
description: >-
Starting from a new installation of the system, describe exactly how a developer or quality engineer can reproduce the bug
on infrastructure that isn't yours. Include any and all resources created, input values, test users, roles assigned, playbooks used, etc.
validations:
required: true
- type: textarea
id: expected-results
attributes:
label: Expected results
description: What did you expect to happpen when running the steps above?
validations:
required: true
- type: textarea
id: actual-results
attributes:
label: Actual results
description: What actually happened?
validations:
required: true
- type: textarea
id: additional-information
attributes:
label: Additional information
description: Include any relevant log output, links to sosreport, database dumps, screenshots, AWX spec yaml, or other information.
validations:
required: false
- type: textarea
id: operator-logs
attributes:
label: Operator Logs
description: Include any relevant logs generated by the operator.
validations:
required: false

12
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,12 +0,0 @@
---
blank_issues_enabled: false
contact_links:
- name: For debugging help or technical support
url: https://github.com/ansible/awx-operator#get-involved
about: For general debugging or technical support please see the Get Involved section of our readme.
- name: 📝 Ansible Code of Conduct
url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
about: AWX uses the Ansible Code of Conduct; ❤ Be nice to other members of the community. ☮ Behave.
- name: 💼 For Enterprise
url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser
about: Red Hat offers support for the Ansible Automation Platform

29
.github/ISSUE_TEMPLATE/feature_request.yml vendored
View File

@@ -1,29 +0,0 @@
---
name: ✨ Feature request
description: Suggest an idea for this project
body:
- type: markdown
attributes:
value: |
Feature Request issues are for **feature requests** only.
For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
- type: checkboxes
id: terms
attributes:
label: Please confirm the following
options:
- label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
required: true
- label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
required: true
- label: I understand that AWX Operator is open source software provided for free and that I might not receive a timely response.
required: true
- type: textarea
id: summary
attributes:
label: Feature Summary
description: Briefly describe the desired enhancement.
validations:
required: true

3
.github/issue_labeler.yml vendored
View File

@@ -1,3 +0,0 @@
---
needs_triage:
- '.*'

71
.github/workflows/ci.yaml vendored
View File

@@ -10,9 +10,9 @@ on:
branches: [devel]
jobs:
molecule:
pull_request:
runs-on: ubuntu-18.04
name: molecule
name: pull_request
env:
DOCKER_API_VERSION: "1.38"
steps:
@@ -24,61 +24,28 @@ jobs:
- name: Install Dependencies
run: |
pip install -r molecule/requirements.txt
pip install \
molecule \
molecule-docker \
yamllint \
ansible-lint \
openshift \
jmespath \
ansible-core
- name: Install Collections
run: |
ansible-galaxy collection install -r molecule/requirements.yml
ansible-galaxy collection install community.general kubernetes.core:1.2.1 operator_sdk.util
- name: Setup Minikube
uses: manusa/actions-setup-minikube@v2.4.2
with:
minikube version: 'v1.16.0'
kubernetes version: 'v1.19.2'
github token: ${{ secrets.GITHUB_TOKEN }}
- name: Run Molecule
env:
MOLECULE_VERBOSITY: 3
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
run: |
sudo rm -f $(which kustomize)
make kustomize
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
helm:
runs-on: ubuntu-18.04
name: helm
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1.2.0
- name: Build operator image and load into kind
run: |
IMG=awx-operator-ci make docker-build
kind load docker-image --name chart-testing awx-operator-ci
- name: Patch pull policy for tests
run: |
kustomize edit add patch --path ../testing/pull_policy/Never.yaml
working-directory: config/default
- name: Build and lint helm chart
run: |
IMG=awx-operator-ci make helm-chart
helm lint ./charts/awx-operator
- name: Install kubeval
run: |
mkdir tmp && cd tmp
wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
tar xf kubeval-linux-amd64.tar.gz
sudo cp kubeval /usr/local/bin
working-directory: ./charts
- name: Run kubeval
run: |
helm template -n awx awx-operator > tmp/test.yaml
kubeval --strict --force-color --ignore-missing-schemas tmp/test.yaml
working-directory: ./charts
- name: Install helm chart
run: |
helm install --wait my-awx-operator --namespace awx --create-namespace ./charts/awx-operator
molecule test -s test-minikube

11
.github/workflows/devel.yaml vendored
View File

@@ -13,9 +13,16 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Install Operator-SDK
run: |
mkdir -p $GITHUB_WORKSPACE/bin
wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: Build Image
run: |
IMG=awx-operator:devel make docker-build
operator-sdk build awx-operator:devel
- name: Push To Quay
uses: redhat-actions/push-to-registry@v2.1.1
@@ -23,5 +30,5 @@ jobs:
image: awx-operator
tags: devel
registry: quay.io/ansible/
username: ${{ secrets.QUAY_USER }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

40
.github/workflows/promote.yaml vendored
View File

@@ -1,40 +0,0 @@
---
name: Promote AWX Operator image
on:
release:
types: [published]
jobs:
promote:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Log in to GHCR
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Log in to Quay
run: |
echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
- name: Re-tag and promote awx-operator image
run: |
docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
docker push quay.io/${{ github.repository }}:latest
- name: Configure git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Release Helm chart
run: |
ansible-playbook ansible/helm-release.yml -v \
-e operator_image=quay.io/${{ github.repository }} \
-e chart_owner=${{ github.repository_owner }} \
-e tag=${{ github.event.release.tag_name }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }}

35
.github/workflows/release.yaml vendored Normal file
View File

@@ -0,0 +1,35 @@
---
name: Release
on:
release:
types:
- created
jobs:
release:
runs-on: ubuntu-18.04
name: Push tagged image to Quay
steps:
- uses: actions/checkout@v2
- name: Install Operator-SDK
run: |
mkdir -p $GITHUB_WORKSPACE/bin
wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
- name: Build Image
run: |
operator-sdk build awx-operator:${{ github.event.release.tag_name }}
- name: Push To Quay
uses: redhat-actions/push-to-registry@v2.1.1
with:
image: awx-operator
tags: ${{ github.event.release.tag_name }}
registry: quay.io/ansible/
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}

85
.github/workflows/stage.yml vendored
View File

@@ -1,85 +0,0 @@
---
name: Stage Release
on:
workflow_dispatch:
inputs:
version:
description: 'Version to stage'
required: true
default_awx_version:
description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
required: true
confirm:
description: 'Are you sure? Set this to yes.'
required: true
default: 'no'
jobs:
stage:
runs-on: ubuntu-latest
permissions:
packages: write
contents: write
steps:
- name: Verify inputs
run: |
set -e
if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
>&2 echo "Confirm must be 'yes'"
exit 1
fi
if [[ ${{ github.event.inputs.version }} == "" ]]; then
>&2 echo "Set version to continue."
exit 1
fi
exit 0
- name: Checkout awx
uses: actions/checkout@v2
with:
repository: ${{ github.repository_owner }}/awx
path: awx
- name: Checkout awx-operator
uses: actions/checkout@v2
with:
repository: ${{ github.repository_owner }}/awx-operator
path: awx-operator
- name: Install playbook dependencies
run: |
python3 -m pip install docker
- name: Log in to GHCR
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and stage awx-operator
working-directory: awx-operator
run: |
BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }} \
--build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
VERSION=${{ github.event.inputs.version }} make docker-build docker-push
- name: Run test deployment
working-directory: awx-operator
run: |
python3 -m pip install -r molecule/requirements.txt
ansible-galaxy collection install -r molecule/requirements.yml
sudo rm -f $(which kustomize)
make kustomize
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
env:
AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
- name: Create draft release
working-directory: awx
run: |
ansible-playbook tools/ansible/stage.yml \
-e version=${{ github.event.inputs.version }} \
-e repo=${{ github.repository_owner }}/awx-operator \
-e github_token=${{ secrets.GITHUB_TOKEN }}

22
.github/workflows/triage_new.yml vendored
View File

@@ -1,22 +0,0 @@
---
name: Triage
on:
issues:
types:
- opened
jobs:
triage:
runs-on: ubuntu-latest
name: Label
steps:
- name: Label issues
uses: github/issue-labeler@v2.4.1
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
not-before: 2021-12-07T07:00:00Z
configuration-path: .github/issue_labeler.yml
enable-versioned-regex: 0
if: github.event_name == 'issues'

7
.gitignore vendored
View File

@@ -1,9 +1,2 @@
*~
.cache/
/bin
/bundle
/bundle_tmp*
/bundle.Dockerfile
/charts
/.cr-release-packages
.vscode/

23
.helm/starter/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

7
.helm/starter/Chart.yaml
View File

@@ -1,7 +0,0 @@
---
apiVersion: v2
appVersion: 0.1.0
description: A Helm chart for Kubernetes
name: starter
type: application
version: 0.1.0

56
.helm/starter/README.md
View File

@@ -1,56 +0,0 @@
# AWX Operator Helm Chart
This chart installs the AWX Operator resources configured in [this](https://github.com/ansible/awx-operator) repository.
## Getting Started
To configure your AWX resource using this chart, create your own `yaml` values file. The name is up to personal preference since it will explicitly be passed into the helm chart. Helm will merge whatever values you specify in your file with the default `values.yaml`, overriding any settings you've changed while allowing you to fall back on defaults. Because of this functionality, `values.yaml` should not be edited directly.
In your values config, enable `AWX.enable` and add `AWX.spec` values based on the awx operator's [documentation](https://github.com/ansible/awx-operator/blob/devel/README.md). Consult the docs below for additional functionality.
### Installing
The operator's [helm install](https://github.com/ansible/awx-operator/blob/devel/README.md#helm-install-on-existing-cluster) guide provides key installation instructions.
Example:
```
helm install my-awx-operator awx-operator/awx-operator -n awx --create-namespace -f myvalues.yaml
```
Argument breakdown:
* `-f` passes in the file with your custom values
* `-n` sets the namespace to be installed in
* This value is accessed by `{{ $.Release.Namespace }}` in the templates
* Acts as the default namespace for all unspecified resources
* `--create-namespace` specifies that helm should create the namespace before installing
To update an existing installation, use `helm upgrade` instead of `install`. The rest of the syntax remains the same.
## Configuration
The goal of adding helm configurations is to abstract out and simplify the creation of multi-resource configs. The `AWX.spec` field maps directly to the spec configs of the `AWX` resource that the operator provides, which are detailed in the [main README](https://github.com/ansible/awx-operator/blob/devel/README.md). Other sub-config can be added with the goal of simplifying more involved setups that require additional resources to be specified.
These sub-headers aim to be a more intuitive entrypoint into customizing your deployment, and are easier to manage in the long-term. By design, the helm templates will defer to the manually defined specs to avoid configuration conflicts. For example, if `AWX.spec.postgres_configuration_secret` is being used, the `AWX.postgres` settings will not be applied, even if enabled.
### External Postgres
The `AWX.postgres` section simplifies the creation of the external postgres secret. If enabled, the configs provided will automatically be placed in a `postgres-config` secret and linked to the `AWX` resource. For proper secret management, the `AWX.postgres.password` value, and any other sensitive values, can be passed in at the command line rather than specified in code. Use the `--set` argument with `helm install`.
## Values Summary
### AWX
| Value | Description | Default |
|---|---|---|
| `AWX.enabled` | Enable this AWX resource configuration | `false` |
| `AWX.name` | The name of the AWX resource and default prefix for other resources | `"awx"` |
| `AWX.spec` | specs to directly configure the AWX resource | `{}` |
| `AWX.postgres` | configurations for the external postgres secret | - |
# Contributing
## Adding abstracted sections
Where possible, defer to `AWX.spec` configs before applying the abstracted configs to avoid collision. This can be facilitated by the `(hasKey .spec what_i_will_abstract)` check.
## Building and Testing
This chart is built using the Makefile in the [awx-operator repo](https://github.com/ansible/awx-operator). Clone the repo and run `make helm-chart`. This will create the awx-operator chart in the `charts/awx-operator` directory. In this process, the contents of the `.helm/starter` directory will be added to the chart.
## Future Goals
All values under the `AWX` header are focused on configurations that use the operator. Configurations that relate to the Operator itself could be placed under an `Operator` heading, but that may add a layer of complication over current development.

6
.helm/starter/templates/_helpers.tpl
View File

@@ -1,6 +0,0 @@
{{/*
Generate the name of the postgres secret, expects AWX context passed in
*/}}
{{- define "postgres.secretName" -}}
{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }}
{{- end }}

24
.helm/starter/templates/awx-deploy.yaml
View File

@@ -1,24 +0,0 @@
{{- if $.Values.AWX.enabled }}
{{- with .Values.AWX }}
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
spec:
{{- /* Include raw map from the values file spec */}}
{{ .spec | toYaml | indent 2 }}
{{- /* Provide security context defaults */}}
{{- if not (hasKey .spec "security_context_settings") }}
security_context_settings:
runAsGroup: 0
runAsUser: 0
fsGroup: 0
fsGroupChangePolicy: OnRootMismatch
{{- end }}
{{- /* Postgres configs if enabled and not already present */}}
{{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }}
postgres_configuration_secret: {{ include "postgres.secretName" $ }}
{{- end }}
{{- end }}
{{- end }}

18
.helm/starter/templates/postgres-config.yaml
View File

@@ -1,18 +0,0 @@
{{- if and $.Values.AWX.enabled $.Values.AWX.postgres.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "postgres.secretName" . }}
namespace: {{ $.Release.Namespace }}
{{- with $.Values.AWX.postgres }}
stringData:
host: {{ .host }}
port: {{ .port }}
database: {{ .dbName }}
username: {{ .username }}
password: {{ .password }}
sslmode: {{ .sslmode }}
type: {{ .type }}
type: Opaque
{{- end }}
{{- end }}

19
.helm/starter/values.yaml
View File

@@ -1,19 +0,0 @@
AWX:
# enable use of awx-deploy template
enabled: false
name: awx
spec:
admin_user: admin
# configurations for external postgres instance
postgres:
enabled: false
host: Unset
port: 5678
dbName: Unset
username: admin
# for secret management, pass in the password independently of this file
# at the command line, use --set AWX.postgres.password
password: Unset
sslmode: prefer
type: unmanaged

6
.yamllint
View File

@@ -3,12 +3,10 @@ extends: default
ignore: |
.cache/
kustomization.yaml
awx-operator.clusterserviceversion.yaml
bundle
.helm/starter
deploy/olm-catalog
rules:
truthy: disable
line-length:
max: 170
level: warning

39
CHANGELOG.md
View File

@@ -2,19 +2,6 @@
This is a list of high-level changes for each release of `awx-operator`. A full list of commits can be found at `https://github.com/ansible/awx-operator/releases/tag/<version>`.
# 0.19.0 (Mar 23, 2022)
- Fix corrupted spec for the service with nodeport type (kurokobo) - dbaf64e
- Add ability to deploy with OLM & added logo (Christian Adams) - 86c31a4
- Fix backup & restore issues with special characters in the postgres password (kurokobo) - 589a375
- Use centos:stream8 container where applicable (Shane McDonald)- 12a58d7
# 0.14.0 (Oct 03, 2021)
- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x.
- To avoid a headache, you probably want to delete your existing operator Deployment and follow the README.
- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change)
# 0.10.0 (Jun 1, 2021)
- Make tower_ingress_type to respect ClusterIP definition (Marcelo Moreira de Mello) - e37c091 (breaking_change)
@@ -34,17 +21,17 @@ This is a list of high-level changes for each release of `awx-operator`. A full
# 0.9.0 (May 1, 2021)
- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
- Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change)
- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
- Add tower_ingress_type NodePort (stal) - 1b87616
- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c
- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
- Add tower_ingress_type NodePort (stal) - 1b87616
- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c

14
Dockerfile
View File

@@ -1,14 +0,0 @@
FROM quay.io/operator-framework/ansible-operator:v1.12.0
ARG DEFAULT_AWX_VERSION
ARG OPERATOR_VERSION
ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
ENV OPERATOR_VERSION=${OPERATOR_VERSION}
COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
&& chmod -R ug+rwx ${HOME}/.ansible
COPY watches.yaml ${HOME}/watches.yaml
COPY roles/ ${HOME}/roles/
COPY playbooks/ ${HOME}/playbooks/

323
Makefile
View File

@@ -1,323 +0,0 @@
# VERSION defines the project version for the bundle.
# Update this value when you upgrade the version of your project.
# To re-generate a bundle for another specific version without changing the standard setup, you can:
# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
VERSION ?= $(shell git describe --tags)
CONTAINER_CMD ?= docker
# GNU vs BSD in-place sed
ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
SED_I := sed -i
else
SED_I := sed -i ''
endif
# CHANNELS define the bundle channels used in the bundle.
# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
# To re-generate a bundle for other specific channels without changing the standard setup, you can:
# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
ifneq ($(origin CHANNELS), undefined)
BUNDLE_CHANNELS := --channels=$(CHANNELS)
endif
# DEFAULT_CHANNEL defines the default channel used in the bundle.
# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable")
# To re-generate a bundle for any other default channel without changing the default setup, you can:
# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
ifneq ($(origin DEFAULT_CHANNEL), undefined)
BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
endif
BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images.
# This variable is used to construct full image tags for bundle and catalog images.
#
# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION.
IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
# BUNDLE_IMG defines the image:tag used for the bundle.
# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
# Image URL to use all building/pushing image targets
IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
NAMESPACE ?= awx
# Helm variables
CHART_NAME ?= awx-operator
CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
CHART_OWNER ?= $(GH_REPO_OWNER)
CHART_REPO ?= awx-operator
CHART_BRANCH ?= gh-pages
CHART_INDEX ?= index.yaml
all: docker-build
##@ General
# The help target prints out all targets with their descriptions organized
# beneath their categories. The categories are represented by '##@' and the
# target descriptions by '##'. The awk commands is responsible for reading the
# entire set of makefiles included in this invocation, looking for lines of the
# file as xyz: ## something, and then pretty-format the target and help. Then,
# if there's a line with ##@ something, that gets pretty-printed as a category.
# More info on the usage of ANSI control characters for terminal formatting:
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
##@ Build
run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
docker-build: ## Build docker image with the manager.
${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
docker-push: ## Push docker image with the manager.
${CONTAINER_CMD} push ${IMG}
##@ Deployment
install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f -
uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl delete -f -
gen-resources: kustomize ## Generate resources for controller and print to stdout
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default
deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
@$(KUSTOMIZE) build config/default | kubectl apply -f -
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
$(KUSTOMIZE) build config/default | kubectl delete -f -
OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
ARCHA := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
ARCHX := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/')
.PHONY: kustomize
KUSTOMIZE = $(shell pwd)/bin/kustomize
kustomize: ## Download kustomize locally if necessary.
ifeq (,$(wildcard $(KUSTOMIZE)))
ifeq (,$(shell which kustomize 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(KUSTOMIZE)) ;\
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ ;\
}
else
KUSTOMIZE = $(shell which kustomize)
endif
endif
.PHONY: ansible-operator
ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
ifeq (,$(shell which ansible-operator 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCHA) ;\
chmod +x $(ANSIBLE_OPERATOR) ;\
}
else
ANSIBLE_OPERATOR = $(shell which ansible-operator)
endif
endif
.PHONY: bundle
bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
operator-sdk generate kustomize manifests -q
cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
operator-sdk bundle validate ./bundle
.PHONY: bundle-build
bundle-build: ## Build the bundle image.
${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
.PHONY: bundle-push
bundle-push: ## Push the bundle image.
$(MAKE) docker-push IMG=$(BUNDLE_IMG)
.PHONY: opm
OPM = ./bin/opm
opm: ## Download opm locally if necessary.
ifeq (,$(wildcard $(OPM)))
ifeq (,$(shell which opm 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(OPM)) ;\
curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCHA)-opm ;\
chmod +x $(OPM) ;\
}
else
OPM = $(shell which opm)
endif
endif
# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
# These images MUST exist in a registry and be pull-able.
BUNDLE_IMGS ?= $(BUNDLE_IMG)
# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
ifneq ($(origin CATALOG_BASE_IMG), undefined)
FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
endif
# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
.PHONY: catalog-build
catalog-build: opm ## Build a catalog image.
$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
# Push the catalog image.
.PHONY: catalog-push
catalog-push: ## Push a catalog image.
$(MAKE) docker-push IMG=$(CATALOG_IMG)
.PHONY: kubectl-slice
KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice
kubectl-slice: ## Download kubectl-slice locally if necessary.
ifeq (,$(wildcard $(KUBECTL_SLICE)))
ifeq (,$(shell which kubectl-slice 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
tar xzf - -C bin/ kubectl-slice ;\
}
else
KUBECTL_SLICE = $(shell which kubectl-slice)
endif
endif
.PHONY: helm
HELM = $(shell pwd)/bin/helm
helm: ## Download helm locally if necessary.
ifeq (,$(wildcard $(HELM)))
ifeq (,$(shell which helm 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(HELM)) ;\
curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \
tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\
mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\
rmdir bin/$(OS)-$(ARCHA) ;\
}
else
HELM = $(shell which helm)
endif
endif
.PHONY: yq
YQ = $(shell pwd)/bin/yq
yq: ## Download yq locally if necessary.
ifeq (,$(wildcard $(YQ)))
ifeq (,$(shell which yq 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(HELM)) ;\
curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ ;\
mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\
}
else
YQ = $(shell which yq)
endif
endif
PHONY: cr
CR = $(shell pwd)/bin/cr
cr: ## Download cr locally if necessary.
ifeq (,$(wildcard $(CR)))
ifeq (,$(shell which cr 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(CR)) ;\
curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ cr ;\
}
else
CR = $(shell which cr)
endif
endif
charts:
mkdir -p $@
.PHONY: helm-chart
helm-chart: kustomize helm kubectl-slice yq charts
@echo "== KUSTOMIZE (image and namespace) =="
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
@echo "== HELM =="
cd charts && \
$(HELM) create awx-operator --starter $(shell pwd)/.helm/starter ;\
$(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\
$(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\
$(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\
@cat charts/$(CHART_NAME)/Chart.yaml
@echo "== KUSTOMIZE (annotation) =="
cd config/manager && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION)
cd config/default && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION)
@echo "== SLICE =="
$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \
$(KUBECTL_SLICE) --input-file=- \
--output-dir=charts/$(CHART_NAME)/templates \
--sort-by-kind
@echo "AWX Operator installed with Helm Chart version $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt
$(foreach file, $(wildcard charts/$(CHART_NAME)/templates/*),$(YQ) -i 'del(.. | select(has("namespace")).namespace)' $(file);)
$(foreach file, $(wildcard charts/$(CHART_NAME)/templates/*rolebinding*),$(YQ) -i '.subjects[0].namespace = "{{ .Release.Namespace }}"' $(file);)
rm -f charts/$(CHART_NAME)/templates/namespace*.yaml
.PHONY: helm-package
helm-package: cr helm-chart
@echo "== CHART RELEASER (package) =="
$(CR) package ./charts/awx-operator
# The actual release happens in ansible/helm-release.yml
# until https://github.com/helm/chart-releaser/issues/122 happens
.PHONY: helm-index
helm-index: cr helm-chart
@echo "== CHART RELEASER (httpsorigin) =="
git remote add httpsorigin "https://github.com/$(CHART_OWNER)/$(CHART_REPO).git"
git fetch httpsorigin
@echo "== CHART RELEASER (index) =="
$(CR) index \
--owner "$(CHART_OWNER)" \
--git-repo "$(CHART_REPO)" \
--token "$(CR_TOKEN)" \
--pages-branch "$(CHART_BRANCH)" \
--index-path "./charts/$(CHART_INDEX)" \
--charts-repo "https://$(CHART_OWNER).github.io/$(CHART_REPO)/$(CHART_INDEX)" \
--remote httpsorigin \
--release-name-template="{{ .Version }}" \
--push

16
PROJECT
View File

@@ -1,16 +0,0 @@
domain: ansible.com
layout:
- ansible.sdk.operatorframework.io/v1
plugins:
manifests.sdk.operatorframework.io/v2: {}
scorecard.sdk.operatorframework.io/v2: {}
projectName: awx-operator
resources:
- api:
crdVersion: v1
namespaced: true
domain: ansible.com
group: awx
kind: AWX
version: v1beta1
version: "3"

941
README.md
View File

File diff suppressed because it is too large Load Diff

3
SECURITY.md
View File

@@ -1,3 +0,0 @@
For all security related bugs, email security@ansible.com instead of using this issue tracker and you will receive a prompt response.
For more information on the Ansible community's practices regarding responsible disclosure, see https://www.ansible.com/security

17
ansible/build-and-push.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Build and Deploy the AWX Operator
hosts: localhost
collections:
- community.docker
tasks:
- name: Build and (optionally) push operator image
docker_image:
name: "{{ operator_image }}:{{ operator_version }}"
source: "build"
push: "{{ push_image }}"
build:
dockerfile: "build/Dockerfile"
path: "../"
force_source: "yes"

31
ansible/chain-operator-files.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# To run: `ansible-playbook chain-operator-files.yml`
- name: Chain operator files together for easy deployment.
hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Template AWX CRD
template:
src: crd.yml.j2
dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml"
mode: '0644'
- name: Template AWXBackup CRD
template:
src: awxbackup_crd.yml.j2
dest: "{{ playbook_dir }}/../deploy/crds/awxbackup_v1beta1_crd.yaml"
mode: '0644'
- name: Template AWXRestore CRD
template:
src: awxrestore_crd.yml.j2
dest: "{{ playbook_dir }}/../deploy/crds/awxrestore_v1beta1_crd.yaml"
mode: '0644'
- name: Template awx-operator.yaml
template:
src: awx-operator.yaml.j2
dest: ../deploy/awx-operator.yaml
mode: '0644'

29
ansible/deploy-operator.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Reconstruct awx-operator.yaml
import_playbook: chain-operator-files.yml
- name: Deploy Operator
hosts: localhost
vars:
k8s_namespace: "default"
obliterate: no
collections:
- kubernetes.core
tasks:
- name: Obliterate Operator
k8s:
state: absent
namespace: "{{ k8s_namespace }}"
src: "../deploy/awx-operator.yaml"
wait: yes
when: obliterate | bool
- name: Deploy Operator
k8s:
state: present
namespace: "{{ k8s_namespace }}"
apply: yes
wait: yes
src: "../deploy/awx-operator.yaml"

4
ansible/group_vars/all Normal file
View File

@@ -0,0 +1,4 @@
operator_image: quay.io/ansible/awx-operator
operator_version: 0.11.0
pull_policy: Always
ansible_debug_logs: "false"

47
ansible/helm-release.yml
View File

@@ -1,47 +0,0 @@
---
- hosts: localhost
vars:
chart_repo: awx-operator
tasks:
- name: Look up release
uri:
url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}"
register: release
ignore_errors: yes
- fail:
msg: |
Release must exist before running this playbook
when: release is not success
- name: Build and package helm chart
command: |
make helm-chart helm-package
environment:
VERSION: "{{ tag }}"
IMAGE_TAG_BASE: "{{ operator_image }}"
args:
chdir: "{{ playbook_dir }}/../"
# Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
- name: Upload helm chart
uri:
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz"
src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
headers:
Authorization: "token {{ gh_token }}"
Content-Type: "application/octet-stream"
status_code:
- 200
- 201
register: asset_upload
changed_when: asset_upload.json.state == "uploaded"
- name: Publish helm index
command: |
make helm-index
environment:
CHART_OWNER: "{{ chart_owner }}"
CR_TOKEN: "{{ gh_token }}"
args:
chdir: "{{ playbook_dir }}/../"

16
ansible/templates/awx-operator.yaml.j2 Normal file
View File

@@ -0,0 +1,16 @@
#jinja2: trim_blocks:False
# This file is generated by Ansible. Changes will be lost.
# Update templates under ansible/templates/
{% include 'crd.yml.j2' %}
{% include 'awxbackup_crd.yml.j2' %}
{% include 'awxrestore_crd.yml.j2' %}
{% include 'role.yml.j2' %}
{% include 'role_binding.yml.j2' %}
{% include 'service_account.yml.j2' %}
{% include 'operator.yml.j2' %}

9
config/crd/bases/awxbackup.ansible.com_awxbackups.yaml → ansible/templates/awxbackup_crd.yml.j2
View File

@@ -43,9 +43,6 @@ spec:
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
clean_backup_on_delete:
description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
type: boolean
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
@@ -55,14 +52,12 @@ spec:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:

6
config/crd/bases/awxrestore.ansible.com_awxrestores.yaml → ansible/templates/awxrestore_crd.yml.j2
View File

@@ -56,14 +56,12 @@ spec:
postgres_image_version:
description: PostgreSQL container image version to use
type: string
no_log:
description: Configure no_log for no_log tasks
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:

118
config/crd/bases/awx.ansible.com_awxs.yaml → ansible/templates/crd.yml.j2
View File

@@ -67,9 +67,6 @@ spec:
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
service_annotations:
description: Annotations to add to the service
type: string
service_type:
description: The service type to be used on the deployed instance
type: string
@@ -89,18 +86,15 @@ spec:
- ingress
- Route
- route
ingress_path:
description: The ingress path used to reach the deployed service
type: string
ingress_path_type:
description: The ingress path type for the deployed service
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
@@ -127,22 +121,12 @@ spec:
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
nodeport_port:
description: Port to use for the nodeport
type: integer
default: 30080
node_selector:
description: nodeSelector for the pods
type: string
topology_spread_constraints:
description: topology rule(s) for the pods
type: string
service_labels:
description: Additional labels to apply to the service
type: string
annotations:
description: annotations for the pods
type: string
tolerations:
description: node tolerations for the pods
type: string
@@ -165,9 +149,6 @@ spec:
control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods
type: string
control_plane_priority_class:
description: Assign a preexisting priority class to the control plane pods
type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
@@ -182,13 +163,8 @@ spec:
- never
- IfNotPresent
- ifnotpresent
image_pull_secrets:
description: Image pull secrets for app and database containers
type: array
items:
type: string
image_pull_secret: # deprecated
description: (Deprecated) Image pull secret for app and database containers
image_pull_secret:
description: The image pull secret
type: string
task_resource_requirements:
description: Resource requirements for the task container
@@ -256,50 +232,6 @@ spec:
type: string
type: object
type: object
postgres_init_container_resource_requirements:
description: Resource requirements for the postgres init container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
redis_resource_requirements:
description: Resource requirements for the redis container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
service_account_annotations:
description: ServiceAccount annotations
type: string
@@ -353,23 +285,12 @@ spec:
redis_image_version:
description: Redis container image version to use
type: string
redis_capabilities:
description: Redis container capabilities
type: array
items:
type: string
init_container_image:
description: Registry path to the init container to use
type: string
init_container_image_version:
description: Init container image version to use
type: string
init_container_extra_commands:
description: Extra commands for the init container
type: string
init_container_extra_volume_mounts:
description: Specify volume mounts to be added to the init container
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
@@ -417,16 +338,9 @@ spec:
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_priority_class:
description: Assign a preexisting priority class to the postgres pod
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
postgres_extra_args:
type: array
items:
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
@@ -436,9 +350,6 @@ spec:
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
ldap_password_secret:
description: Secret where can be found the LDAP bind password
type: string
bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority Bundle
type: string
@@ -466,12 +377,6 @@ spec:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
csrf_cookie_secure:
description: Set csrf cookie secure mode for web
type: string
session_cookie_secure:
description: Set session cookie secure mode for web
type: string
extra_settings:
description: Extra settings to specify for the API
items:
@@ -479,20 +384,9 @@ spec:
setting:
type: string
value:
x-kubernetes-preserve-unknown-fields: true
type: string
type: object
type: array
no_log:
description: Configure no_log for no_log tasks
type: string
security_context_settings:
description: Key/values that will be set under the pod-level securityContext field
type: object
x-kubernetes-preserve-unknown-fields: true
auto_upgrade:
description: Should AWX instances be automatically upgraded when operator gets upgraded
type: boolean
default: true
type: object
status:
properties:

48
ansible/templates/operator.yml.j2 Normal file
View File

@@ -0,0 +1,48 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "{{ operator_image }}:{{ operator_version }}"
imagePullPolicy: "{{ pull_policy|default('Always') }}"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: "{{ operator_version }}"
- name: ANSIBLE_DEBUG_LOGS
value: "{{ ansible_debug_logs|lower | default('false'|lower) }}"
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}

33
config/rbac/role.yaml → ansible/templates/role.yml.j2
View File

@@ -1,9 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
kind: ClusterRole
metadata:
creationTimestamp: null
name: awx-manager-role
name: awx-operator
rules:
- apiGroups:
- route.openshift.io
@@ -11,13 +11,7 @@ rules:
- routes
- routes/custom-host
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- '*'
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
@@ -34,16 +28,10 @@ rules:
- roles
- rolebindings
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- '*'
- apiGroups:
- apps
- networking.k8s.io
- extensions
resources:
- deployments
- daemonsets
@@ -51,13 +39,7 @@ rules:
- statefulsets
- ingresses
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
@@ -84,8 +66,6 @@ rules:
- ""
resources:
- pods/exec
- pods/attach
- pods/log # log & attach rules needed to be able to grant them to AWX service account
verbs:
- create
- get
@@ -95,7 +75,6 @@ rules:
- replicasets
verbs:
- get
- create
- apiGroups:
- awx.ansible.com
resources:

16
config/rbac/auth_proxy_role_binding.yaml → ansible/templates/role_binding.yml.j2
View File

@@ -1,13 +1,13 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
name: awx-operator
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system
name: awx-operator
namespace: default
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io

4
config/rbac/service_account.yaml → ansible/templates/service_account.yml.j2
View File

@@ -2,5 +2,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: controller-manager
namespace: system
name: awx-operator
namespace: default

7
awx-demo.yml
View File

@@ -1,7 +0,0 @@
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-demo
spec:
service_type: nodeport

11
build/Dockerfile Normal file
View File

@@ -0,0 +1,11 @@
FROM quay.io/operator-framework/ansible-operator:v0.19.4
# Install Ansible requirements.
COPY requirements.yml ${HOME}/requirements.yml
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
&& chmod -R ug+rwx ${HOME}/.ansible
COPY watches.yaml ${HOME}/watches.yaml
COPY main.yml ${HOME}/main.yml
COPY roles/ ${HOME}/roles/

13
build/test-framework/Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
ARG BASEIMAGE
FROM ${BASEIMAGE}
USER 0
RUN yum install -y python-devel gcc libffi-devel
RUN pip install molecule==3.0.6 jmespath
ARG NAMESPACEDMAN
ADD $NAMESPACEDMAN /namespaced.yaml
ADD build/test-framework/ansible-test.sh /ansible-test.sh
RUN chmod +x /ansible-test.sh
USER 1001
ADD . /opt/ansible/project

7
build/test-framework/ansible-test.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
export WATCH_NAMESPACE=${TEST_NAMESPACE}
(/usr/local/bin/entrypoint)&
trap "kill $!" SIGINT SIGTERM EXIT
cd ${HOME}/project
exec molecule test -s test-minikube

14
bundle.Dockerfile Normal file
View File

@@ -0,0 +1,14 @@
FROM scratch
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=awx-operator
LABEL operators.operatorframework.io.bundle.channels.v1=alpha
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4
LABEL operators.operatorframework.io.metrics.project_layout=ansible
COPY deploy/olm-catalog/awx-operator/manifests /manifests/
COPY deploy/olm-catalog/awx-operator/metadata /metadata/

9
config/crd/kustomization.yaml
View File

@@ -1,9 +0,0 @@
---
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/awx.ansible.com_awxs.yaml
- bases/awxbackup.ansible.com_awxbackups.yaml
- bases/awxrestore.ansible.com_awxrestores.yaml
# +kubebuilder:scaffold:crdkustomizeresource

24
config/default/kustomization.yaml
View File

@@ -1,24 +0,0 @@
# Adds namespace to all resources.
namespace: awx
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: awx-operator-
# Labels to add to all resources and selectors.
# commonLabels:
# someName: someValue
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
# - ../prometheus
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
patchesStrategicMerge:
- manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../crd
- ../rbac
- ../manager

29
config/default/manager_auth_proxy_patch.yaml
View File

@@ -1,29 +0,0 @@
---
# This patch inject a sidecar container which is a HTTP proxy for the
# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
protocol: TCP
name: https
- name: awx-manager
args:
- "--health-probe-bind-address=:6789"
- "--metrics-bind-address=127.0.0.1:8080"
- "--leader-elect"
- "--leader-election-id=awx-operator"

21
config/default/manager_config_patch.yaml
View File

@@ -1,21 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
args:
- "--config=controller_manager_config.yaml"
volumeMounts:
- name: awx-manager-config
mountPath: /controller_manager_config.yaml
subPath: controller_manager_config.yaml
volumes:
- name: awx-manager-config
configMap:
name: awx-manager-config

10
config/manager/controller_manager_config.yaml
View File

@@ -1,10 +0,0 @@
---
apiVersion: controller-runtime.sigs.k8s.io/v1beta1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :6789
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: 811c9dc5.ansible.com

14
config/manager/kustomization.yaml
View File

@@ -1,14 +0,0 @@
resources:
- manager.yaml
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- files:
- controller_manager_config.yaml
name: awx-manager-config
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: quay.io/ansible/awx-operator
newTag: latest

67
config/manager/manager.yaml
View File

@@ -1,67 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
labels:
control-plane: controller-manager
spec:
securityContext:
runAsNonRoot: true
containers:
- args:
- --leader-elect
- --leader-election-id=awx-operator
image: controller:latest
name: awx-manager
env:
- name: ANSIBLE_GATHERING
value: explicit
- name: ANSIBLE_DEBUG_LOGS
value: 'false'
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "4096Mi"
cpu: "2000m"
serviceAccountName: controller-manager
imagePullSecrets:
- name: redhat-operators-pull-secret
terminationGracePeriodSeconds: 10

8
config/manifests/kustomization.yaml
View File

@@ -1,8 +0,0 @@
---
# These resources constitute the fully configured set of manifests
# used to generate the 'manifests/' directory in a bundle.
resources:
- bases/awx-operator.clusterserviceversion.yaml
- ../default
- ../samples
- ../scorecard

3
config/prometheus/kustomization.yaml
View File

@@ -1,3 +0,0 @@
---
resources:
- monitor.yaml

20
config/prometheus/monitor.yaml
View File

@@ -1,20 +0,0 @@
---
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-monitor
namespace: system
spec:
endpoints:
- path: /metrics
port: https
scheme: https
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig:
insecureSkipVerify: true
selector:
matchLabels:
control-plane: controller-manager

10
config/rbac/auth_proxy_client_clusterrole.yaml
View File

@@ -1,10 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get

18
config/rbac/auth_proxy_role.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

16
config/rbac/auth_proxy_service.yaml
View File

@@ -1,16 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: controller-manager

25
config/rbac/awx_editor_role.yaml
View File

@@ -1,25 +0,0 @@
---
# permissions for end users to edit awxs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awx-editor-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get

21
config/rbac/awx_viewer_role.yaml
View File

@@ -1,21 +0,0 @@
---
# permissions for end users to view awxs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awx-viewer-role
rules:
- apiGroups:
- awx.ansible.com
resources:
- awxs
verbs:
- get
- list
- watch
- apiGroups:
- awx.ansible.com
resources:
- awxs/status
verbs:
- get

19
config/rbac/kustomization.yaml
View File

@@ -1,19 +0,0 @@
---
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 4 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml

38
config/rbac/leader_election_role.yaml
View File

@@ -1,38 +0,0 @@
---
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

13
config/rbac/leader_election_role_binding.yaml
View File

@@ -1,13 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system

12
config/rbac/role_binding.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: awx-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: awx-manager-role
subjects:
- kind: ServiceAccount
name: controller-manager

5
config/samples/kustomization.yaml
View File

@@ -1,5 +0,0 @@
---
## Append samples you want in your CSV to this file as resources ##
resources:
- awx_v1beta1_awx.yaml
# +kubebuilder:scaffold:manifestskustomizesamples

8
config/scorecard/bases/config.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: scorecard.operatorframework.io/v1alpha3
kind: Configuration
metadata:
name: config
stages:
- parallel: true
tests: []

17
config/scorecard/kustomization.yaml
View File

@@ -1,17 +0,0 @@
---
resources:
- bases/config.yaml
patchesJson6902:
- path: patches/basic.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
- path: patches/olm.config.yaml
target:
group: scorecard.operatorframework.io
version: v1alpha3
kind: Configuration
name: config
# +kubebuilder:scaffold:patchesJson6902

11
config/scorecard/patches/basic.config.yaml
View File

@@ -1,11 +0,0 @@
---
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- basic-check-spec
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: basic
test: basic-check-spec-test

51
config/scorecard/patches/olm.config.yaml
View File

@@ -1,51 +0,0 @@
---
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-bundle-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-bundle-validation-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-crds-have-validation
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-crds-have-validation-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-crds-have-resources
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-crds-have-resources-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-spec-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-spec-descriptors-test
- op: add
path: /stages/0/tests/-
value:
entrypoint:
- scorecard-test
- olm-status-descriptors
image: quay.io/operator-framework/scorecard-test:v1.12.0
labels:
suite: olm
test: olm-status-descriptors-test

14
config/testing/debug_logs_patch.yaml
View File

@@ -1,14 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
env:
- name: ANSIBLE_DEBUG_LOGS
value: "TRUE"

21
config/testing/kustomization.yaml
View File

@@ -1,21 +0,0 @@
# Adds namespace to all resources.
namespace: osdk-test
namePrefix: osdk-
# Labels to add to all resources and selectors.
# commonLabels:
# someName: someValue
patchesStrategicMerge:
- manager_image.yaml
- debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../crd
- ../rbac
- ../manager
images:
- name: testing
newName: testing-operator
patches:
- path: pull_policy/Never.yaml

12
config/testing/manager_image.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
image: testing

12
config/testing/pull_policy/Always.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
imagePullPolicy: Always

12
config/testing/pull_policy/IfNotPresent.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
imagePullPolicy: IfNotPresent

12
config/testing/pull_policy/Never.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: awx-manager
imagePullPolicy: Never

752
deploy/awx-operator.yaml Normal file
View File

@@ -0,0 +1,752 @@
# This file is generated by Ansible. Changes will be lost.
# Update templates under ansible/templates/
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxs.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
deployment_type:
description: Name of the deployment type
type: string
kind:
description: Kind of the deployment type
type: string
api_version:
description: apiVersion of the deployment type
type: string
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
admin_user:
description: Username to use for the admin account
type: string
default: admin
hostname:
description: The hostname of the instance
type: string
admin_email:
description: The admin user email
type: string
admin_password_secret:
description: Secret where the admin password can be found
type: string
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
secret_key_secret:
description: Secret where the secret key can be found
type: string
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
service_type:
description: The service type to be used on the deployed instance
type: string
enum:
- LoadBalancer
- loadbalancer
- ClusterIP
- clusterip
- NodePort
- nodeport
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
- none
- Ingress
- ingress
- Route
- route
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
route_host:
description: The DNS to use to points to the instance
type: string
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
enum:
- Edge
- edge
- Passthrough
- passthrough
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
node_selector:
description: nodeSelector for the pods
type: string
service_labels:
description: Additional labels to apply to the service
type: string
tolerations:
description: node tolerations for the pods
type: string
image:
description: Registry path to the application container to use
type: string
image_version:
description: Application container image version to use
type: string
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
type: object
properties:
name:
type: string
image:
type: string
control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods
type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
image_pull_secret:
description: The image pull secret
type: string
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
ee_resource_requirements:
description: Resource requirements for the ee container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
service_account_annotations:
description: ServiceAccount annotations
type: string
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
task_args:
type: array
items:
type: string
task_command:
type: array
items:
type: string
web_args:
type: array
items:
type: string
web_command:
type: array
items:
type: string
task_extra_env:
type: string
web_extra_env:
type: string
ee_extra_env:
type: string
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
redis_image:
description: Registry path to the redis container to use
type: string
redis_image_version:
description: Redis container image version to use
type: string
init_container_image:
description: Registry path to the init container to use
type: string
init_container_image_version:
description: Init container image version to use
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
properties:
storage:
type: string
type: object
limits:
properties:
storage:
type: string
type: object
type: object
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority Bundle
type: string
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
type: object
status:
properties:
URL:
description: URL to access the deployed instance
type: string
adminUser:
description: Admin user of the deployed instance
type: string
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
broadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
version:
description: Version of the deployed instance
type: string
image:
description: URL of the image used for the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
status:
type: string
type:
type: string
reason:
type: string
lastTransitionTime:
type: string
type: object
type: array
type: object
type: object
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXBackup CRD
properties:
spec:
type: object
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for the PostgreSQL container
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXRestore CRD
properties:
spec:
type: object
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the deployment to be restored to
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: awx-operator
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
- statefulsets/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- '*'
- awxbackups
- awxrestores
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: awx-operator
subjects:
- kind: ServiceAccount
name: awx-operator
namespace: default
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-operator
namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/ansible/awx-operator:0.11.0"
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
- name: OPERATOR_VERSION
value: "0.11.0"
- name: ANSIBLE_DEBUG_LOGS
value: "false"
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}

435
deploy/crds/awx_v1beta1_crd.yaml Normal file
View File

@@ -0,0 +1,435 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxs.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
deployment_type:
description: Name of the deployment type
type: string
kind:
description: Kind of the deployment type
type: string
api_version:
description: apiVersion of the deployment type
type: string
task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
admin_user:
description: Username to use for the admin account
type: string
default: admin
hostname:
description: The hostname of the instance
type: string
admin_email:
description: The admin user email
type: string
admin_password_secret:
description: Secret where the admin password can be found
type: string
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data migration
type: string
secret_key_secret:
description: Secret where the secret key can be found
type: string
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
service_type:
description: The service type to be used on the deployed instance
type: string
enum:
- LoadBalancer
- loadbalancer
- ClusterIP
- clusterip
- NodePort
- nodeport
ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
- none
- Ingress
- ingress
- Route
- route
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
route_host:
description: The DNS to use to points to the instance
type: string
route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
enum:
- Edge
- edge
- Passthrough
- passthrough
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
node_selector:
description: nodeSelector for the pods
type: string
service_labels:
description: Additional labels to apply to the service
type: string
tolerations:
description: node tolerations for the pods
type: string
image:
description: Registry path to the application container to use
type: string
image_version:
description: Application container image version to use
type: string
ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
type: object
properties:
name:
type: string
image:
type: string
control_plane_ee_image:
description: Registry path to the Execution Environment container image to use on control plane pods
type: string
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can be found
type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
image_pull_secret:
description: The image pull secret
type: string
task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
ee_resource_requirements:
description: Resource requirements for the ee container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
service_account_annotations:
description: ServiceAccount annotations
type: string
replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
create_preload_data:
description: Whether or not to preload data upon instance creation
default: true
type: boolean
task_args:
type: array
items:
type: string
task_command:
type: array
items:
type: string
web_args:
type: array
items:
type: string
web_command:
type: array
items:
type: string
task_extra_env:
type: string
web_extra_env:
type: string
ee_extra_env:
type: string
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
redis_image:
description: Registry path to the redis container to use
type: string
redis_image_version:
description: Redis container image version to use
type: string
init_container_image:
description: Registry path to the init container to use
type: string
init_container_image_version:
description: Init container image version to use
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
properties:
storage:
type: string
type: object
limits:
properties:
storage:
type: string
type: object
type: object
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority Bundle
type: string
projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
type: object
status:
properties:
URL:
description: URL to access the deployed instance
type: string
adminUser:
description: Admin user of the deployed instance
type: string
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
postgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
broadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
version:
description: Version of the deployed instance
type: string
image:
description: URL of the image used for the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
status:
type: string
type:
type: string
reason:
type: string
lastTransitionTime:
type: string
type: object
type: array
type: object
type: object

11
config/samples/awx_v1beta1_awx.yaml → deploy/crds/awx_v1beta1_molecule.yaml
View File

@@ -3,16 +3,21 @@ apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: example-awx
namespace: example-awx
spec:
service_account_annotations: |
foo: bar
deployment_type: awx
ingress_type: ingress
web_resource_requirements:
requests:
cpu: 50m
cpu: 500m
memory: 128M
task_resource_requirements:
requests:
cpu: 50m
cpu: 500m
memory: 128M
ee_resource_requirements:
requests:
cpu: 50m
cpu: 200m
memory: 64M

78
deploy/crds/awxbackup_v1beta1_crd.yaml Normal file
View File

@@ -0,0 +1,78 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXBackup CRD
properties:
spec:
type: object
required:
- deployment_name
properties:
deployment_name:
description: Name of the deployment to be backed up
type: string
backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_storage_requirements:
description: Storage requirements for the PostgreSQL container
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
backupDirectory:
description: Backup directory name on the specified pvc
type: string
backupClaim:
description: Backup persistent volume claim
type: string

79
deploy/crds/awxrestore_v1beta1_crd.yaml Normal file
View File

@@ -0,0 +1,79 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
description: Schema validation for the AWXRestore CRD
properties:
spec:
type: object
properties:
backup_source:
description: Backup source
type: string
enum:
- CR
- PVC
deployment_name:
description: Name of the deployment to be restored to
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_dir:
description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing up data
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
status:
type: object
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean

5
deploy/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./awx-operator.yaml

338
config/manifests/bases/awx-operator.clusterserviceversion.yaml → deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
View File

File diff suppressed because one or more lines are too long

85
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxbackups_crd.yaml Normal file
View File

@@ -0,0 +1,85 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: awxbackups.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXBackup
listKind: AWXBackupList
plural: awxbackups
singular: awxbackup
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Schema validation for the AWXBackup CRD
properties:
spec:
properties:
backup_pvc:
description: Name of the PVC to be used for storing the backup
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_storage_class:
description: Storage class to use when creating PVC for backup
type: string
backup_storage_requirements:
description: Storage requirements for the PostgreSQL container
type: string
deployment_name:
description: Name of the deployment to be backed up
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing
up data
type: string
required:
- deployment_name
type: object
status:
properties:
backupClaim:
description: Backup persistent volume claim
type: string
backupDirectory:
description: Backup directory name on the specified pvc
type: string
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

88
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxrestores_crd.yaml Normal file
View File

@@ -0,0 +1,88 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: awxrestores.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWXRestore
listKind: AWXRestoreList
plural: awxrestores
singular: awxrestore
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Schema validation for the AWXRestore CRD
properties:
spec:
properties:
backup_dir:
description: Backup directory name, set as a status found on the awxbackup
object (backupDirectory)
type: string
backup_name:
description: AWXBackup object name
type: string
backup_pvc:
description: Name of the PVC to be restored from, set as a status
found on the awxbackup object (backupClaim)
type: string
backup_pvc_namespace:
description: Namespace the PVC is in
type: string
backup_source:
description: Backup source
enum:
- CR
- PVC
type: string
deployment_name:
description: Name of the deployment to be restored to
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for backing
up data
type: string
type: object
status:
properties:
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
restoreComplete:
description: Restore process complete
type: boolean
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

449
deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml Normal file
View File

@@ -0,0 +1,449 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: awxs.awx.ansible.com
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
admin_email:
description: The admin user email
type: string
admin_password_secret:
description: Secret where the admin password can be found
type: string
admin_user:
default: admin
description: Username to use for the admin account
type: string
api_version:
description: apiVersion of the deployment type
type: string
broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority Bundle
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
control_plane_ee_image:
description: Registry path to the Execution Environment container
image to use on control plane pods
type: string
create_preload_data:
default: true
description: Whether or not to preload data upon instance creation
type: boolean
deployment_type:
description: Name of the deployment type
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ee_extra_env:
type: string
ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
ee_images:
description: Registry path to the Execution Environment container
to use
items:
properties:
image:
type: string
name:
type: string
type: object
type: array
ee_pull_credentials_secret:
description: Secret where pull credentials for registered ees can
be found
type: string
ee_resource_requirements:
description: Resource requirements for the ee container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
garbage_collect_secrets:
default: false
description: Whether or not to remove secrets upon instance removal
type: boolean
hostname:
description: The hostname of the instance
type: string
image:
description: Registry path to the application container to use
type: string
image_pull_policy:
default: IfNotPresent
description: The image pull policy
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
type: string
image_pull_secret:
description: The image pull secret
type: string
image_version:
description: Application container image version to use
type: string
ingress_annotations:
description: Annotations to add to the Ingress Controller
type: string
ingress_tls_secret:
description: Secret where the Ingress TLS secret can be found
type: string
ingress_type:
description: The ingress type to use to reach the deployed instance
enum:
- none
- Ingress
- ingress
- Route
- route
type: string
init_container_image:
description: Registry path to the init container to use
type: string
init_container_image_version:
description: Initcontainer image version to use
type: string
kind:
description: Kind of the deployment type
type: string
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate
Authority Bundle
type: string
loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
loadbalancer_port:
default: 80
description: Port to use for the loadbalancer
type: integer
loadbalancer_protocol:
default: http
description: Protocol to use for the loadbalancer
enum:
- http
- https
type: string
node_selector:
description: nodeSelector for the pods
type: string
old_postgres_configuration_secret:
description: Secret where the old database configuration can be found
for data migration
type: string
postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
postgres_image_version:
description: PostgreSQL container image version to use
type: string
postgres_label_selector:
description: Label selector used to identify postgres pod for data
migration
type: string
postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
postgres_selector:
description: nodeSelector for the Postgres pods
type: string
postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
limits:
properties:
storage:
type: string
type: object
requests:
properties:
storage:
type: string
type: object
type: object
postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
projects_persistence:
default: false
description: Whether or not the /var/lib/projects directory will be
persistent
type: boolean
projects_storage_access_mode:
default: ReadWriteMany
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
projects_storage_size:
default: 8Gi
description: Size for the /var/lib/projects PersistentVolumeClaim
type: string
projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
enum:
- _Yes_
- _No_
type: string
redis_image:
description: Registry path to the redis container to use
type: string
redis_image_version:
description: Redis container image version to use
type: string
replicas:
default: 1
description: Number of instance replicas
format: int32
type: integer
route_host:
description: The DNS to use to points to the instance
type: string
route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
route_tls_termination_mechanism:
default: Edge
description: The secure TLS termination mechanism to use
enum:
- Edge
- edge
- Passthrough
- passthrough
type: string
secret_key_secret:
description: Secret where the secret key can be found
type: string
service_account_annotations:
description: ServiceAccount annotations
type: string
service_labels:
description: Additional labels to apply to the service
type: string
service_type:
description: The service type to be used on the deployed instance
enum:
- LoadBalancer
- loadbalancer
- ClusterIP
- clusterip
- NodePort
- nodeport
type: string
task_args:
items:
type: string
type: array
task_command:
items:
type: string
type: array
task_extra_env:
type: string
task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
task_privileged:
default: false
description: If a privileged security context should be enabled
type: boolean
task_resource_requirements:
description: Resource requirements for the task container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
tolerations:
description: node tolerations for the pods
type: string
web_args:
items:
type: string
type: array
web_command:
items:
type: string
type: array
web_extra_env:
type: string
web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
web_resource_requirements:
description: Resource requirements for the web container
properties:
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
type: object
status:
properties:
URL:
description: URL to access the deployed instance
type: string
adminPasswordSecret:
description: Admin password secret name of the deployed instance
type: string
adminUser:
description: Admin user of the deployed instance
type: string
broadcastWebsocketSecret:
description: Broadcast websocket secret name of the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is
instantiated
items:
properties:
lastTransitionTime:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
image:
description: URL of the image used for the deployed instance
type: string
migratedFromSecret:
description: The secret used for migrating an old instance.
type: string
postgresConfigurationSecret:
description: Postgres Configuration secret name of the deployed instance
type: string
secretKeySecret:
description: Secret key secret name of the deployed instance
type: string
version:
description: Version of the deployed instance
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null

10
deploy/olm-catalog/awx-operator/metadata/annotations.yaml Normal file
View File

@@ -0,0 +1,10 @@
annotations:
operators.operatorframework.io.bundle.channel.default.v1: alpha
operators.operatorframework.io.bundle.channels.v1: alpha
operators.operatorframework.io.bundle.manifests.v1: manifests/
operators.operatorframework.io.bundle.mediatype.v1: registry+v1
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: awx-operator
operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: ansible

51
docs/debugging.md
View File

@@ -1,51 +0,0 @@
# Iterating on the installer without deploying the operator
Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps.
Install some dependencies:
```
$ ansible-galaxy collection install -r molecule/requirements.yml
$ pip install -r molecule/requirements.txt
```
To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator:
```
$ kubectl scale deployment awx-operator-controller-manager --replicas=0
```
Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature):
```yaml
# run.yml
---
- hosts: localhost
roles:
- installer
```
Create a vars file:
```yaml
# vars.yml
---
ansible_operator_meta:
name: awx
namespace: awx
service_type: nodeport
```
Run the installer:
```
$ ansible-playbook run.yml -e @vars.yml -v
```
Grab the URL and admin password:
```
$ minikube service awx-service --url -n awx
$ minikube kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode
LU6lTfvnkjUvDwL240kXKy1sNhjakZmT
```

15
docs/migration.md
View File

@@ -63,20 +63,5 @@ metadata:
name: awx
spec:
old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
secret_key_secret: <resourcename>-secret-key
...
```
## Important Note
If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
```yaml
---
# Secret key
---
# Database creds
---
# AWX Config
```
Failing to do so will lead to an inoperable setup.

5
main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
gather_facts: no
roles:
- installer

39
molecule/default/asserts.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: Verify cluster resources
hosts: localhost
connection: local
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
tasks:
- name: Get AWX Kind data
k8s_info:
api_version: awx.ansible.com/v1beta1
kind: AWX
namespace: example-awx
label_selectors:
- "app.kubernetes.io/name=example-awx"
- "app.kubernetes.io/part-of=example-awx"
- "app.kubernetes.io/managed-by=awx-operator"
- "app.kubernetes.io/component=awx"
register: awx_kind
- name: Verify there is one AWX kind
assert:
that: '{{ (awx_kind.resources | length) == 1 }}'
- name: Get AWX Pod data
k8s_info:
kind: Pod
namespace: example-awx
label_selectors:
- "app.kubernetes.io/name=example-awx"
- "app.kubernetes.io/part-of=example-awx"
- "app.kubernetes.io/managed-by=awx-operator"
- "app.kubernetes.io/component=awx"
register: tower_pods
- name: Verify there is one AWX pod
assert:
that: '{{ (tower_pods.resources | length) == 1 }}'

18
molecule/default/converge.yml
View File

@@ -2,17 +2,9 @@
- name: Converge
hosts: localhost
connection: local
gather_facts: no
collections:
- kubernetes.core
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
roles:
- installer
tasks:
- name: Create Namespace
k8s:
api_version: v1
kind: Namespace
name: '{{ namespace }}'
- import_tasks: kustomize.yml
vars:
state: present
- import_playbook: '{{ playbook_dir }}/asserts.yml'

6
molecule/default/create.yml
View File

@@ -1,6 +0,0 @@
---
- name: Create
hosts: localhost
connection: local
gather_facts: false
tasks: []

24
molecule/default/destroy.yml
View File

@@ -1,24 +0,0 @@
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: false
collections:
- kubernetes.core
tasks:
- import_tasks: kustomize.yml
vars:
state: absent
- name: Destroy Namespace
k8s:
api_version: v1
kind: Namespace
name: '{{ namespace }}'
state: absent
- name: Unset pull policy
command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'

15
molecule/default/kustomize.yml
View File

@@ -1,15 +0,0 @@
---
- name: Build kustomize testing overlay
# load_restrictor must be set to none so we can load patch files from the default overlay
command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone .'
args:
chdir: '{{ config_dir }}/testing'
register: resources
changed_when: false
- name: Set resources to {{ state }}
k8s:
definition: '{{ item }}'
state: '{{ state }}'
wait: yes
loop: '{{ resources.stdout | from_yaml_all | list }}'

38
molecule/default/molecule.yml
View File

@@ -2,38 +2,28 @@
dependency:
name: galaxy
driver:
name: delegated
name: docker
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: cluster
- name: kind-default
groups:
- k8s
image: bsycorp/kind:latest-1.14
privileged: True
override_command: no
exposed_ports:
- 8443/tcp
- 10080/tcp
published_ports:
- 0.0.0.0:${TEST_CLUSTER_PORT:-9443}:8443/tcp
pre_build_image: yes
provisioner:
name: ansible
lint: |
set -e
ansible-lint
log: True
inventory:
group_vars:
all:
namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
host_vars:
localhost:
awx_image: ${AWX_TEST_IMAGE:-""}
awx_version: ${AWX_TEST_VERSION:-""}
default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
ansible_python_interpreter: '{{ ansible_playbook_python }}'
config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
operator_image: ${OPERATOR_IMAGE:-""}
operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"}
kustomize: ${KUSTOMIZE_PATH:-kustomize}
env:
K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"}
verifier:
name: ansible
lint: |
set -e
ansible-lint
operator_namespace: ${TEST_NAMESPACE:-default}

51
molecule/default/prepare.yml
View File

@@ -1,28 +1,39 @@
---
- name: Prepare
- name: Prepare operator resources
hosts: localhost
connection: local
gather_facts: false
vars:
ansible_python_interpreter: '{{ ansible_playbook_python }}'
deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
vars_files:
- "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/group_vars/all"
tasks:
- name: Ensure operator image is set
fail:
msg: |
You must specify the OPERATOR_IMAGE environment variable in order to run the
'default' scenario
when: not operator_image
- name: Create AWX Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_crd.yaml'])) }}"
- name: Set testing image
command: '{{ kustomize }} edit set image testing={{ operator_image }}'
args:
chdir: '{{ config_dir }}/testing'
- name: Create AWXBackup Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxbackup_v1beta1_crd.yaml'])) }}"
- name: Set pull policy
command: '{{ kustomize }} edit add patch --path pull_policy/{{ operator_pull_policy }}.yaml'
args:
chdir: '{{ config_dir }}/testing'
- name: Create AWXRestore Custom Resource Definition
k8s:
definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awxrestore_v1beta1_crd.yaml'])) }}"
- name: Set testing namespace
command: '{{ kustomize }} edit set namespace {{ namespace }}'
args:
chdir: '{{ config_dir }}/testing'
- name: Ensure specified namespace is present
k8s:
api_version: v1
kind: Namespace
name: '{{ operator_namespace }}'
- name: Create RBAC resources
k8s:
definition: "{{ lookup('template', '/'.join([templates_dir, item])) }}"
namespace: '{{ operator_namespace }}'
with_items:
- role.yml.j2
- role_binding.yml.j2
- service_account.yml.j2

85
molecule/default/tasks/awx_test.yml
View File

@@ -1,85 +0,0 @@
---
- name: Create the awx.ansible.com/v1alpha1.AWX
k8s:
state: present
namespace: '{{ namespace }}'
definition: "{{ lookup('template', 'awx_cr_molecule.yml.j2') | from_yaml }}"
wait: yes
wait_timeout: 900
wait_condition:
type: Running
reason: Successful
status: "True"
- name: Obtain generated admin password
k8s_info:
namespace: '{{ namespace }}'
kind: Secret
name: example-awx-admin-password
register: admin_pw_secret
- block:
- name: Get pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx
register: awx_pod
when: not awx_version
- name: Exract tags from images
set_fact:
image_tags: |
{{ awx_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
- fail:
msg: |
It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
This is an environment variable that is set via build arg when releasing awx-operator.
when:
- not awx_version
- default_awx_version not in image_tags
- name: Launch Demo Job Template
awx.awx.job_launch:
name: Demo Job Template
wait: yes
validate_certs: no
controller_host: localhost/awx/
controller_username: admin
controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
rescue:
- name: Get list of project updates and jobs
uri:
url: "http://localhost/awx/api/v2/{{ resource }}/"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
register: job_lists
loop:
- project_updates
- jobs
loop_control:
loop_var: resource
- name: Get all job and project details
uri:
url: "http://localhost{{ endpoint }}"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
loop: |
{{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
loop_control:
loop_var: endpoint
- name: Re-emit failure
vars:
failed_task:
result: '{{ ansible_failed_result }}'
fail:
msg: '{{ failed_task }}'

31
molecule/default/templates/awx_cr_molecule.yml.j2
View File

@@ -1,31 +0,0 @@
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: example-awx
spec:
{% if awx_image %}
image: {{ awx_image }}
{% endif %}
{% if awx_version %}
image_version: {{ awx_version }}
{% endif %}
ingress_type: ingress
ingress_path: /awx
ingress_annotations: |
kubernetes.io/ingress.class: nginx
web_resource_requirements:
requests:
cpu: 50m
memory: 32M
task_resource_requirements:
requests:
cpu: 50m
memory: 32M
ee_resource_requirements:
requests:
cpu: 50m
memory: 16M
postgres_resource_requirements: {}
postgres_init_container_resource_requirements: {}
redis_resource_requirements: {}

57
molecule/default/verify.yml
View File

@@ -1,57 +0,0 @@
---
- name: Verify
hosts: localhost
connection: local
gather_facts: no
collections:
- kubernetes.core
vars:
ctrl_label: control-plane=controller-manager
tasks:
- block:
- name: Import all test files from tasks/
include_tasks: '{{ item }}'
with_fileglob:
- tasks/*_test.yml
rescue:
- name: Retrieve relevant resources
k8s_info:
api_version: '{{ item.api_version }}'
kind: '{{ item.kind }}'
namespace: '{{ namespace }}'
loop:
- api_version: v1
kind: Pod
- api_version: apps/v1
kind: Deployment
- api_version: v1
kind: Secret
- api_version: v1
kind: ConfigMap
register: debug_resources
- name: Retrieve Pod logs
k8s_log:
name: '{{ item.metadata.name }}'
namespace: '{{ namespace }}'
container: awx-manager
loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}"
register: debug_logs
- name: Output gathered resources
debug:
var: debug_resources
- name: Output gathered logs
debug:
var: item.log_lines
loop: '{{ debug_logs.results }}'
- name: Re-emit failure
vars:
failed_task:
result: '{{ ansible_failed_result }}'
fail:
msg: '{{ failed_task }}'

34
molecule/kind/converge.yml
View File

@@ -1,34 +0,0 @@
---
- name: Converge
hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Build operator image
docker_image:
build:
path: '{{ project_dir }}'
pull: no
args:
DEFAULT_AWX_VERSION: '{{ default_awx_version }}'
name: '{{ operator_image }}'
tag: latest
push: no
source: build
force_source: yes
- name: Load operator image into kind cluster
command: kind load docker-image --name osdk-test '{{ operator_image }}'
register: result
changed_when: '"not yet present" in result.stdout'
- name: Load awx image into kind cluster
command: kind load docker-image --name osdk-test '{{ awx_image }}:{{ awx_version }}'
register: result
changed_when: '"not yet present" in result.stdout'
when:
- awx_image is defined
- awx_image != ''
- import_playbook: ../default/converge.yml

Some files were not shown because too many files have changed in this diff Show More