Update README.md (#1147)

Use awx namespace whent getting AWX instance URL

Dockerfile

@@ -1,4 +1,4 @@
-FROM quay.io/operator-framework/ansible-operator:v1.23.0
+FROM quay.io/operator-framework/ansible-operator:v1.25.3
 
 USER 0
 

Makefile

@@ -140,7 +140,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(KUSTOMIZE)) ;\
-	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.5/kustomize_v4.5.5_$(OS)_$(ARCHA).tar.gz | \
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCHA).tar.gz | \
 	tar xzf - -C bin/ ;\
 	}
 else
@@ -156,7 +156,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
-	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.23.0/ansible-operator_$(OS)_$(ARCHA) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.25.3/ansible-operator_$(OS)_$(ARCHA) ;\
 	chmod +x $(ANSIBLE_OPERATOR) ;\
 	}
 else
@@ -187,7 +187,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCHA)-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.25.3/$(OS)-$(ARCHA)-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else

README.md

@@ -203,6 +203,20 @@ spec:
 
 > It may make sense to create and specify your own secret key for your deployment so that if the k8s secret gets deleted, it can be re-created if needed.  If it is not provided, one will be auto-generated, but cannot be recovered if lost. Read more [here](#secret-key-configuration).
 
+If you are on Openshift, you can take advantage of Routes by specifying the following your spec. This will automatically create a Route for you with a custom hostname. This can be found on the Route section of the Openshift Console.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: clusterip
+  ingress_type: Route
+```
+
+
 Make sure to add this new file to the list of "resources" in your `kustomization.yaml` file:
 
 ```yaml
@@ -243,13 +257,13 @@ awx-demo-service    NodePort    10.109.40.38   <none>        80:31006/TCP   3m56
 Once deployed, the AWX instance will be accessible by running:
 
 ```
-$ minikube service awx-demo-service --url
+$ minikube service -n awx awx-demo-service --url
 ```
 
 By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run:
 
 ```
-$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode
+$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo
 yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR
 ```
 
@@ -303,7 +317,7 @@ There are three variables that are customizable for the admin user account creat
 
 If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
 
-To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
+To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo`
 
 The secret that is expected to be passed should be formatted as follow:
 

config/crd/bases/awx.ansible.com_awxrestores.yaml

@@ -50,6 +50,9 @@ spec:
                 description: Name of the restored deployment. This should be different from the original deployment name
                   if the original deployment still exists.
                 type: string
+              cluster_name:
+                description: Cluster name
+                type: string
               backup_name:
                 description: AWXBackup object name
                 type: string

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -524,6 +524,10 @@ spec:
                 description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
                 type: boolean
                 default: true
+              ipv6_disabled:
+                description: Disable web container's nginx ipv6 listener
+                type: boolean
+                default: false
             type: object
           status:
             properties:

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -702,6 +702,11 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - displayName: Disable IPv6 listener?
+        path: ipv6_disabled
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       statusDescriptors:
       - description: Route to access the instance deployed
         displayName: URL

config/scorecard/patches/basic.config.yaml

@@ -4,7 +4,7 @@
     entrypoint:
     - scorecard-test
     - basic-check-spec
-    image: quay.io/operator-framework/scorecard-test:v1.23.0
+    image: quay.io/operator-framework/scorecard-test:v1.25.3
     labels:
       suite: basic
       test: basic-check-spec-test

config/scorecard/patches/olm.config.yaml

@@ -4,7 +4,7 @@
     entrypoint:
     - scorecard-test
     - olm-bundle-validation
-    image: quay.io/operator-framework/scorecard-test:v1.23.0
+    image: quay.io/operator-framework/scorecard-test:v1.25.3
     labels:
       suite: olm
       test: olm-bundle-validation-test
@@ -14,7 +14,7 @@
     entrypoint:
     - scorecard-test
     - olm-crds-have-validation
-    image: quay.io/operator-framework/scorecard-test:v1.23.0
+    image: quay.io/operator-framework/scorecard-test:v1.25.3
     labels:
       suite: olm
       test: olm-crds-have-validation-test
@@ -24,7 +24,7 @@
     entrypoint:
     - scorecard-test
     - olm-crds-have-resources
-    image: quay.io/operator-framework/scorecard-test:v1.23.0
+    image: quay.io/operator-framework/scorecard-test:v1.25.3
     labels:
       suite: olm
       test: olm-crds-have-resources-test
@@ -34,7 +34,7 @@
     entrypoint:
     - scorecard-test
     - olm-spec-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.23.0
+    image: quay.io/operator-framework/scorecard-test:v1.25.3
     labels:
       suite: olm
       test: olm-spec-descriptors-test
@@ -44,7 +44,7 @@
     entrypoint:
     - scorecard-test
     - olm-status-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.23.0
+    image: quay.io/operator-framework/scorecard-test:v1.25.3
     labels:
       suite: olm
       test: olm-status-descriptors-test

roles/installer/defaults/main.yml

@@ -303,3 +303,6 @@ auto_upgrade: true
 
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true
+
+# Disable web container's nginx ipv6 listener
+ipv6_disabled: false

roles/installer/templates/configmaps/config.yaml.j2

@@ -132,7 +132,9 @@ data:
         {% if route_tls_termination_mechanism | lower == 'passthrough' %}
         server {
             listen 8052 default_server;
+            {% if not ipv6_disabled %}
             listen [::]:8052 default_server;
+            {% endif %}
             server_name _;
 
             # Redirect all HTTP links to the matching HTTPS page
@@ -143,7 +145,9 @@ data:
         server {
         {% if route_tls_termination_mechanism | lower == 'passthrough' %}
             listen 8053 ssl;
+            {% if not ipv6_disabled %}
             listen [::]:8053 ssl;
+            {% endif %}
 
             ssl_certificate /etc/nginx/pki/web.crt;
             ssl_certificate_key /etc/nginx/pki/web.key;
@@ -154,7 +158,9 @@ data:
             ssl_prefer_server_ciphers on;
         {% else %}
             listen 8052 default_server;
+            {% if not ipv6_disabled %}
             listen [::]:8052 default_server;
+            {% endif %}
         {% endif %}
 
             # If you have a domain name, this is where to add it

roles/restore/defaults/main.yml

@@ -11,6 +11,9 @@ backup_pvc_namespace: '{{ ansible_operator_meta.namespace }}'
 # Required: backup name, found on the awxbackup object
 backup_dir: ''
 
+# Default cluster name
+cluster_name: 'cluster.local'
+
 # Set no_log settings on certain tasks
 no_log: true
 

roles/restore/tasks/postgres.yml

@@ -66,7 +66,7 @@
 
 - name: Set full resolvable host name for postgres pod
   set_fact:
-    resolvable_db_host: "{{ awx_postgres_host }}.{{ ansible_operator_meta.namespace }}.svc.cluster.local"
+    resolvable_db_host: "{{ awx_postgres_host }}.{{ ansible_operator_meta.namespace }}.svc.{{ cluster_name }}"
   no_log: "{{ no_log }}"
   when: awx_postgres_type == 'managed'
 
@@ -76,7 +76,6 @@
       pg_restore --clean --if-exists
       -U {{ awx_postgres_user }}
       -h {{ resolvable_db_host }}
-      -U {{ awx_postgres_user }}
       -d {{ awx_postgres_database }}
       -p {{ awx_postgres_port }}
   no_log: "{{ no_log }}"