Merge pull request #1231 from rooftopcellist/auto-assign-nodeport

Auto-assign NodePort port by default rather than hardcoding a default value
- previously, there was no way to auto-assign a port by default which led to conflicts with other deployments at times - nodeport_port param can still be used to specify a port if desired
2026-03-27 05:43:11 +00:00 · 2023-02-09 20:27:26 -05:00 · 2023-02-09 19:49:46 -05:00 · 2023-01-31 10:50:12 -05:00 · 2023-01-31 00:05:37 +00:00 · 2023-01-30 18:51:08 -05:00
41 changed files with 247 additions and 127 deletions
--- a/.github/workflows/pr_body_check.yml
+++ b/.github/workflows/pr_body_check.yml
@@ -17,9 +17,9 @@ jobs:
        env:
          PR_BODY: ${{ github.event.pull_request.body }}
        run: |
-          echo $PR_BODY | grep "Bug, Docs Fix or other nominal change" > Z
-          echo $PR_BODY | grep "New or Enhanced Feature" > Y
-          echo $PR_BODY | grep "Breaking Change" > X
+          echo "$PR_BODY" | grep "Bug, Docs Fix or other nominal change" > Z
+          echo "$PR_BODY" | grep "New or Enhanced Feature" > Y
+          echo "$PR_BODY" | grep "Breaking Change" > X
          exit 0
        # We exit 0 and set the shell to prevent the returns from the greps from failing this step
        # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
--- a/8
+++ b/8
@@ -377,20 +377,22 @@ helm-index:
 	for tag in $(TAGS); do\
 		dl_url="https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/$${tag}/$(CHART_REPO)-$${tag}.tgz";\
 		echo "Downloading $${tag} from $${dl_url}";\
-		curl -RLOs -z ".cr-release-packages/$(CHART_REPO)-$${tag}.tgz" --fail $${dl_url};\
+		curl -RLOs -z "$(CHART_REPO)-$${tag}.tgz" --fail $${dl_url};\
 		result=$$?;\
 		if [ $${result} -eq 0 ]; then\
 			echo "Downloaded $${dl_url}";\
+			mkdir -p .cr-release-packages/$${tag};\
+			mv ./$(CHART_REPO)-$${tag}.tgz .cr-release-packages/$${tag};\
 		else\
 			echo "Skipping release $${tag}; No helm chart present";\
-			rm -rf ".cr-release-packages/$(CHART_REPO)-$${tag}.tgz";\
+			rm -rf "$(CHART_REPO)-$${tag}.tgz";\
 		fi;\
 	done;\

 	# generate the index file in the root of the gh-pages branch
 	# --merge will leave any values in index.yaml that don't get generated by this command, but
 	# it is likely that all values are overridden
-	$(HELM) repo index .cr-release-packages --url https://$(CHART_OWNER).github.io/awx-operator/ --merge gh-pages/index.yaml
+	$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge gh-pages/index.yaml

 	mv .cr-release-packages/index.yaml gh-pages/index.yaml

--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
         * [Auto Upgrade](#auto-upgrade)
            * [Upgrade of instances without auto upgrade](#upgrade-of-instances-without-auto-upgrade)
         * [Service Account](#service-account)
+         * [Labeling operator managed objects](#labeling-operator-managed-objects)
      * [Uninstall](#uninstall)
      * [Upgrading](#upgrading)
         * [Backup](#backup)
@@ -55,6 +56,7 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
            * [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations)
            * [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project)
            * [Steps to upgrade](#steps-to-upgrade)
+      * [Disable IPV6](#disable-ipv6)
      * [Add Execution Nodes](#adding-execution-nodes)
          * [Custom Receptor CA](#custom-receptor-ca)
   * [Contributing](#contributing)
@@ -197,8 +199,6 @@ metadata:
  name: awx-demo
 spec:
  service_type: nodeport
-  # default nodeport_port is 30080
-  nodeport_port: <nodeport_port>
 ```

 > It may make sense to create and specify your own secret key for your deployment so that if the k8s secret gets deleted, it can be re-created if needed.  If it is not provided, one will be auto-generated, but cannot be recovered if lost. Read more [here](#secret-key-configuration).
@@ -462,6 +462,7 @@ The following variables are customizable when `ingress_type=ingress`. The `ingre
 | hostname            | Define the FQDN                          | {{ meta.name }}.example.com |
 | ingress_path        | Define the ingress path to the service   | /                           |
 | ingress_path_type   | Define the type of the path (for LBs)    | Prefix                      |
+| ingress_api_version | Define the Ingress resource apiVersion   | 'networking.k8s.io/v1'      |

 ```yaml
 ---
@@ -482,6 +483,7 @@ The following variables are customizable when `ingress_type=route`
 | route_host                      | Common name the route answers for             | `<instance-name>-<namespace>-<routerCanonicalHostname>` |
 | route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge                                                    |
 | route_tls_secret                | Secret that contains the TLS information      | Empty string                                            |
+| route_api_version               | Define the Route resource apiVersion          | 'route.openshift.io/v1'                                 |

 ```yaml
 ---
@@ -1215,6 +1217,34 @@ Example configuration of environment variables
      eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
 ```

+#### Labeling operator managed objects
+
+In certain situations labeling of Kubernetes objects managed by the operator
+might be desired (e.g. for owner identification purposes). For that
+`additional_labels` parameter could be used
+
+| Name                        | Description                                                                              | Default |
+| --------------------------- | ---------------------------------------------------------------------------------------- | ------- |
+| additional_labels           | Additional labels defined on the resource, which should be propagated to child resources | []      |
+
+Example configuration where only `my/team` and `my/service` labels will be
+propagated to child objects (`Deployment`, `Secret`s, `ServiceAccount`, etc):
+
+```yaml
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+  labels:
+    my/team: "foo"
+    my/service: "bar"
+    my/do-not-inherit: "yes"
+spec:
+  additional_labels:
+  - my/team
+  - my/service
+...
+```

 ### Uninstall ###

@@ -1285,6 +1315,25 @@ Then install the new AWX Operator by following the instructions in [Basic Instal

 Once the new AWX Operator is up and running, your AWX deployment will also be upgraded.

+### Disable IPV6
+Starting with AWX Operator release 0.24.0,[IPV6 was enabled in ngnix configuration](https://github.com/ansible/awx-operator/pull/950) which causes
+upgrades and installs to fail in environments where IPv6 is not allowed. Starting in 1.1.1 release, you can set the `ipv6_disabled` flag on the AWX
+spec. If you need to use an AWX operator version between 0.24.0 and 1.1.1 in an IPv6 disabled environment, it is suggested to enabled ipv6 on worker
+nodes.
+
+In order to disable ipv6 on ngnix configuration (awx-web container), add following to the AWX spec.
+
+The following variables are customizable 
+
+| Name          | Description            | Default |
+| ------------- | ---------------------- | ------- |
+| ipv6_disabled | Flag to disable ipv6   | false   |
+
+```yaml
+spec:
+  ipv6_disabled: true
+```
+
 ### Adding Execution Nodes
 Starting with AWX Operator v0.30.0 and AWX v21.7.0, standalone execution nodes can be added to your deployments.
 See [AWX execution nodes docs](https://github.com/ansible/awx/blob/devel/docs/execution_nodes.md) for information about this feature.
--- a/config/crd/bases/awx.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml
@@ -94,6 +94,11 @@ spec:
                description: Configure no_log for no_log tasks
                type: boolean
                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
              set_self_labels:
                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml
@@ -96,6 +96,11 @@ spec:
                description: Configure no_log for no_log tasks
                type: boolean
                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
              set_self_labels:
                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
@@ -153,7 +153,6 @@ spec:
              nodeport_port:
                description: Port to use for the nodeport
                type: integer
-                default: 30080
              node_selector:
                description: nodeSelector for the pods
                type: string
@@ -890,6 +889,11 @@ spec:
                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
                type: boolean
                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
              ipv6_disabled:
                description: Disable web container's nginx ipv6 listener
                type: boolean
--- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
@@ -151,7 +151,7 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:text
      version: v1beta1
-    - description: Deploy a new instance of AWX
+    - description: Deploy a new instance of AWX. A standardized way to define, operate and scale automation with Ansible.
      displayName: AWX
      kind: AWX
      name: awxs.awx.ansible.com
@@ -707,6 +707,12 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - displayName: Additional labels defined on the resource, which should be
+          propagated to child resources
+        path: additional_labels
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
      - displayName: Disable IPv6 listener?
        path: ipv6_disabled
        x-descriptors:
--- a/molecule/default/tasks/awx_test.yml
+++ b/molecule/default/tasks/awx_test.yml
@@ -28,7 +28,7 @@
      register: awx_pod
      when: not awx_version

-    - name: Exract tags from images
+    - name: Extract tags from images
      set_fact:
        image_tags: |
          {{ awx_pod.resources[0].spec.containers |
@@ -83,3 +83,61 @@
          result: '{{ ansible_failed_result }}'
      fail:
        msg: '{{ failed_task }}'
+
+- block:
+    - name: Look up details for this deployment
+      k8s_info:
+        namespace: "{{ namespace }}"
+        api_version: "awx.ansible.com/v1beta1"
+        kind: AWX
+        name: example-awx
+      register: this_awx
+
+    - name: Get pod details
+      k8s_info:
+        namespace: '{{ namespace }}'
+        kind: Pod
+        label_selectors:
+          - app.kubernetes.io/name = example-awx
+      register: awx_pod
+
+    - name: Extract additional_labels from AWX spec
+      set_fact:
+        awx_additional_labels: >-
+          {{ this_awx.resources[0].metadata.labels
+             | dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
+             | list
+          }}
+
+    - name: Extract additional_labels from AWX Pod
+      set_fact:
+        pod_additional_labels: >-
+          {{ awx_pod.resources[0].metadata.labels
+             | dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
+             | list
+          }}
+
+    - name: AWX Pod contains additional_labels
+      ansible.builtin.assert:
+        that:
+          - pod_additional_labels == awx_additional_labels
+
+    - name: Extract Pod labels which shouldn't have been propagated to it from AWX
+      set_fact:
+        pod_extra_labels: >-
+          {{ awx_pod.resources[0].metadata.labels
+             | dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
+             | list
+          }}
+
+    - name: AWX Pod doesn't contain AWX labels not in additional_labels
+      ansible.builtin.assert:
+        that:
+          - pod_extra_labels == []
+  rescue:
+    - name: Re-emit failure
+      vars:
+        failed_task:
+          result: '{{ ansible_failed_result }}'
+      fail:
+        msg: '{{ failed_task }}'
--- a/molecule/default/templates/awx_cr_molecule.yml.j2
+++ b/molecule/default/templates/awx_cr_molecule.yml.j2
@@ -3,6 +3,10 @@ apiVersion: awx.ansible.com/v1beta1
 kind: AWX
 metadata:
  name: example-awx
+  labels:
+    my/team: "foo"
+    my/service: "bar"
+    my/do-not-inherit: "yes"
 spec:
 {% if awx_image %}
  image: {{ awx_image }}
@@ -30,3 +34,6 @@ spec:
  postgres_resource_requirements: {}
  postgres_init_container_resource_requirements: {}
  redis_resource_requirements: {}
+  additional_labels:
+  - my/team
+  - my/service
--- a/roles/backup/defaults/main.yml
+++ b/roles/backup/defaults/main.yml
@@ -31,6 +31,9 @@ backup_resource_requirements:
 # Allow additional parameters to be added to the pg_dump backup command
 pg_dump_suffix: ''

+# Labels defined on the resource, which should be propagated to child resources
+additional_labels: []
+
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true
 ...
--- a/roles/backup/meta/main.yml
+++ b/roles/backup/meta/main.yml
@@ -24,7 +24,8 @@ galaxy_info:
    - backup
    - automation

-dependencies: []
+dependencies:
+  - role: common

 collections:
  - kubernetes.core
--- a/roles/backup/tasks/awx-cro.yml
+++ b/roles/backup/tasks/awx-cro.yml
@@ -28,8 +28,8 @@
      previous_deployment_name: "{{ this_awx['resources'][0]['metadata']['name'] }}"

 - name: Write awx object to pvc
-  k8s_exec:
+  k8s_cp:
    namespace: "{{ backup_pvc_namespace }}"
    pod: "{{ ansible_operator_meta.name }}-db-management"
-    command: >-
-      bash -c 'echo "$0" > {{ backup_dir  }}/awx_object' {{ awx_spec | to_yaml | quote  }}
+    remote_path: "{{ backup_dir  }}/awx_object"
+    content: "{{ awx_spec | to_yaml }}"
--- a/roles/backup/tasks/creation.yml
+++ b/roles/backup/tasks/creation.yml
@@ -10,12 +10,7 @@
      metadata:
        name: "{{ ansible_operator_meta.name }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
-        labels:
-          app.kubernetes.io/name: "{{ ansible_operator_meta.name }}"
-          app.kubernetes.io/part-of: "{{ ansible_operator_meta.name }}"
-          app.kubernetes.io/managed-by: "{{ deployment_type }}-operator"
-          app.kubernetes.io/component: "{{ deployment_type }}"
-          app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+        labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}'
  when: set_self_labels | bool

 - name: Look up details for this backup object
@@ -26,6 +21,16 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_backup

+- name: Build `additional_labels_items` labels from `additional_labels`
+  set_fact:
+    additional_labels_items: >-
+      {{ this_backup['resources'][0]['metadata']['labels']
+         | dict2items | selectattr('key', 'in', additional_labels)
+      }}
+  when:
+  - additional_labels | length
+  - this_backup['resources'][0]['metadata']['labels']
+
 - block:
    - include_tasks: init.yml

--- a/roles/backup/tasks/secrets.yml
+++ b/roles/backup/tasks/secrets.yml
@@ -42,9 +42,9 @@
  no_log: "{{ no_log }}"

 - name: Write postgres configuration to pvc
-  k8s_exec:
+  k8s_cp:
    namespace: "{{ backup_pvc_namespace }}"
    pod: "{{ ansible_operator_meta.name }}-db-management"
-    command: >-
-      bash -c "echo '{{ secrets | to_yaml }}' > {{ backup_dir }}/secrets.yml"
+    remote_path: "{{ backup_dir }}/secrets.yml"
+    content: "{{ secrets | to_yaml }}"
  no_log: "{{ no_log }}"
--- a/roles/backup/templates/backup_pvc.yml.j2
+++ b/roles/backup/templates/backup_pvc.yml.j2
@@ -6,11 +6,7 @@ metadata:
  namespace: {{ backup_pvc_namespace }}
  ownerReferences: null
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  accessModes:
    - ReadWriteOnce
--- a/roles/backup/templates/management-pod.yml.j2
+++ b/roles/backup/templates/management-pod.yml.j2
@@ -5,11 +5,7 @@ metadata:
  name: {{ ansible_operator_meta.name }}-db-management
  namespace: {{ backup_pvc_namespace }}
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  containers:
  - name: {{ ansible_operator_meta.name }}-db-management
--- a/roles/common/templates/labels/additional_labels.yaml.j2
+++ b/roles/common/templates/labels/additional_labels.yaml.j2
@@ -0,0 +1,3 @@
+{% for item in additional_labels_items | default([]) %}
+{{ item.key }}: '{{ item.value }}'
+{% endfor %}
--- a/roles/installer/templates/labels/common.yaml.j2
+++ b/roles/installer/templates/labels/common.yaml.j2
@@ -4,3 +4,4 @@ app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
 app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
 app.kubernetes.io/component: '{{ deployment_type }}'
 app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+{{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") }}
--- a/roles/installer/templates/labels/version.yaml.j2
+++ b/roles/installer/templates/labels/version.yaml.j2
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -40,7 +40,9 @@ loadbalancer_protocol: 'http'
 loadbalancer_port: '80'
 service_annotations: ''

-nodeport_port: '30080'
+# Port to be used for NodePort configuration, default is to auto-assign a port between 30000-32768
+#nodeport_port: '30080'
+
 # The TLS termination mechanism to use to access
 # the services. Supported mechanism are: edge, passthrough
 #
@@ -303,6 +305,9 @@ no_log: true
 #
 auto_upgrade: true

+# Labels defined on the resource, which should be propagated to child resources
+additional_labels: []
+
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true

--- a/roles/installer/tasks/install.yml
+++ b/roles/installer/tasks/install.yml
@@ -10,9 +10,29 @@
      metadata:
        name: '{{ ansible_operator_meta.name }}'
        namespace: '{{ ansible_operator_meta.namespace }}'
-        labels: '{{ lookup("template", "labels/common.yaml.j2") | from_yaml }}'
+        labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}'
  when: set_self_labels | bool

+- name: Build `additional_labels_items` labels from `additional_labels`
+  block:
+  - name: Look up details for this deployment
+    k8s_info:
+      api_version: "{{ api_version }}"
+      kind: "{{ kind }}"
+      name: "{{ ansible_operator_meta.name }}"
+      namespace: "{{ ansible_operator_meta.namespace }}"
+    register: this_awx
+
+  - name: Select resource labels which are in `additional_labels`
+    set_fact:
+      additional_labels_items: >-
+        {{ this_awx['resources'][0]['metadata']['labels']
+           | dict2items | selectattr('key', 'in', additional_labels)
+           | list
+        }}
+    when: this_awx['resources'][0]['metadata']['labels']
+  when: additional_labels | length
+
 - name: Include secret key configuration tasks
  include_tasks: secret_key_configuration.yml

--- a/roles/installer/templates/configmaps/config.yaml.j2
+++ b/roles/installer/templates/configmaps/config.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  environment: |
    AWX_SKIP_MIGRATIONS=true
--- a/roles/installer/templates/deployments/deployment.yaml.j2
+++ b/roles/installer/templates/deployments/deployment.yaml.j2
@@ -6,8 +6,8 @@ metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    {{ lookup("template", "labels/common.yaml.j2")  | indent(width=4) | trim }}
-    {{ lookup("template", "labels/version.yaml.j2") | indent(width=4) | trim }}
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=4) | trim }}
+    {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
 spec:
  replicas: {{ replicas }}
  selector:
@@ -18,8 +18,8 @@ spec:
  template:
    metadata:
      labels:
-        {{ lookup("template", "labels/common.yaml.j2")  | indent(width=8) | trim }}
-        {{ lookup("template", "labels/version.yaml.j2") | indent(width=8) | trim }}
+        {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=8) | trim }}
+        {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
 {% if annotations %}
      annotations:
        {{ annotations | indent(width=8) }}
--- a/roles/installer/templates/networking/ingress.yaml.j2
+++ b/roles/installer/templates/networking/ingress.yaml.j2
@@ -8,11 +8,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-ingress'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 {% if ingress_annotations %}
  annotations:
    {{ ingress_annotations | indent(width=4) }}
@@ -52,11 +48,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
 {% if route_host != '' %}
  host: {{ route_host }}
--- a/roles/installer/templates/networking/service.yaml.j2
+++ b/roles/installer/templates/networking/service.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-service'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
    {{ service_labels | indent(width=4) }}
 {% if service_annotations %}
  annotations:
@@ -23,7 +19,9 @@ spec:
      protocol: TCP
      targetPort: 8052
      name: http
+{% if nodeport_port is defined %}
      nodePort: {{ nodeport_port }}
+{% endif %}
 {% elif service_type | lower != 'loadbalancer' and loadbalancer_protocol | lower != 'https' %}
    - port: 80
      protocol: TCP
--- a/roles/installer/templates/rbac/service_account.yaml.j2
+++ b/roles/installer/templates/rbac/service_account.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 {% if service_account_annotations %}
  annotations:
    {{ service_account_annotations | indent(width=4) }}
@@ -20,6 +16,8 @@ kind: Role
 metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
+  labels:
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 rules:
 - apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
@@ -40,6 +38,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: '{{ ansible_operator_meta.name }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
+  labels:
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 subjects:
 - kind: ServiceAccount
  name: '{{ ansible_operator_meta.name }}'
--- a/roles/installer/templates/secrets/admin_password_secret.yaml.j2
+++ b/roles/installer/templates/secrets/admin_password_secret.yaml.j2
@@ -5,10 +5,6 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-admin-password'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
--- a/roles/installer/templates/secrets/app_credentials.yaml.j2
+++ b/roles/installer/templates/secrets/app_credentials.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-app-credentials'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  credentials.py: "{{ lookup('template', 'settings/credentials.py.j2') | b64encode }}"
  ldap.py: "{{ lookup('template', 'settings/ldap.py.j2') | b64encode }}"
--- a/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2
+++ b/roles/installer/templates/secrets/broadcast_websocket_secret.yaml.j2
@@ -5,10 +5,6 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-broadcast-websocket'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
--- a/roles/installer/templates/secrets/postgres_secret.yaml.j2
+++ b/roles/installer/templates/secrets/postgres_secret.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-configuration'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
  username: '{{ database_username }}'
--- a/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2
+++ b/roles/installer/templates/secrets/postgres_upgrade_secret.yaml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-configuration'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  password: '{{ awx_postgres_pass }}'
  username: '{{ awx_postgres_user }}'
--- a/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2
+++ b/roles/installer/templates/secrets/receptor_ca_secret.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-receptor-ca'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 type: kubernetes.io/tls
 data:
  tls.crt: '{{ lookup('file', '{{ _receptor_ca_crt_file.path }}') | b64encode }}'
--- a/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2
+++ b/roles/installer/templates/secrets/receptor_work_signing_secret.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-receptor-work-signing'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  work-private-key.pem: '{{ lookup('file', '{{ _receptor_work_signing_private_key_file.path }}') | b64encode }}'
  work-public-key.pem: '{{ lookup('file', '{{ _receptor_work_signing_public_key_file.path }}') | b64encode }}'
--- a/roles/installer/templates/secrets/secret_key.yaml.j2
+++ b/roles/installer/templates/secrets/secret_key.yaml.j2
@@ -5,10 +5,6 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-secret-key'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 stringData:
  secret_key: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
--- a/roles/installer/templates/statefulsets/postgres.yaml.j2
+++ b/roles/installer/templates/statefulsets/postgres.yaml.j2
@@ -6,6 +6,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
+    {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=4) | trim }}
    app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}'
    app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}'
    app.kubernetes.io/component: 'database'
@@ -27,6 +28,7 @@ spec:
  template:
    metadata:
      labels:
+        {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=8) | trim }}
        app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}'
        app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}'
        app.kubernetes.io/component: 'database'
@@ -127,6 +129,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
+    {{ lookup("template", "../common/templates/labels/additional_labels.yaml.j2") | indent(width=4) | trim }}
    app.kubernetes.io/name: 'postgres-{{ supported_pg_version }}'
    app.kubernetes.io/instance: 'postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}'
    app.kubernetes.io/component: 'database'
--- a/roles/installer/templates/storage/persistent.yaml.j2
+++ b/roles/installer/templates/storage/persistent.yaml.j2
@@ -5,11 +5,7 @@ metadata:
  name: '{{ ansible_operator_meta.name }}-projects-claim'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  accessModes:
    - {{ projects_storage_access_mode }}
--- a/roles/restore/defaults/main.yml
+++ b/roles/restore/defaults/main.yml
@@ -26,6 +26,9 @@ restore_resource_requirements:
    cpu: "25m"
    memory: "32Mi"

+# Labels defined on the resource, which should be propagated to child resources
+additional_labels: []
+
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true
 ...
--- a/roles/restore/meta/main.yml
+++ b/roles/restore/meta/main.yml
@@ -24,7 +24,8 @@ galaxy_info:
    - restore
    - automation

-dependencies: []
+dependencies:
+  - role: common

 collections:
  - kubernetes.core
--- a/roles/restore/tasks/main.yml
+++ b/roles/restore/tasks/main.yml
@@ -10,12 +10,7 @@
      metadata:
        name: '{{ ansible_operator_meta.name }}'
        namespace: '{{ ansible_operator_meta.namespace }}'
-        labels:
-          app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-          app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-          app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-          app.kubernetes.io/component: '{{ deployment_type }}'
-          app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+        labels: '{{ lookup("template", "../common/templates/labels/common.yaml.j2") | from_yaml }}'
  when: set_self_labels | bool

 - name: Look up details for this restore object
@@ -26,6 +21,16 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_restore

+- name: Build `additional_labels_items` labels from `additional_labels`
+  set_fact:
+    additional_labels_items: >-
+      {{ this_restore['resources'][0]['metadata']['labels']
+         | dict2items | selectattr('key', 'in', additional_labels)
+      }}
+  when:
+  - additional_labels | length
+  - this_restore['resources'][0]['metadata']['labels']
+
 - block:
    - include_tasks: init.yml

--- a/roles/restore/templates/management-pod.yml.j2
+++ b/roles/restore/templates/management-pod.yml.j2
@@ -5,11 +5,7 @@ metadata:
  name: {{ ansible_operator_meta.name }}-db-management
  namespace: {{ backup_pvc_namespace }}
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
  containers:
  - name: {{ ansible_operator_meta.name }}-db-management
--- a/roles/restore/templates/secrets.yml.j2
+++ b/roles/restore/templates/secrets.yml.j2
@@ -6,11 +6,7 @@ metadata:
  name: '{{ secrets[secret]['name'] }}'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
-    app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
-    app.kubernetes.io/component: '{{ deployment_type }}'
-    app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
+    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 type: '{{ secrets[secret]['type'] }}'
 stringData:
 {% for key, value in secrets[secret]['data'].items() %}
Author	SHA1	Message	Date
Shane McDonald	6b10a8141c	Merge pull request #1231 from rooftopcellist/auto-assign-nodeport	2023-02-09 20:27:26 -05:00
Christian M. Adams	1ef1f00b3d	Auto-assign NodePort port by default rather than hardcoding a default value - previously, there was no way to auto-assign a port by default which led to conflicts with other deployments at times - nodeport_port param can still be used to specify a port if desired	2023-02-09 19:49:46 -05:00
Christian Adams	234a10d185	Add a more descriptive AWX CRD description (#1208 )	2023-01-31 10:50:12 -05:00
Christian Adams	e0fa1610ca	Fix minor typos in test task names (#1209 )	2023-01-31 00:05:37 +00:00
Stanislav Zaprudskiy	5a856eeba8	Add `additional_labels` parameter (#1160 ) * Move label templates into `common` role So that there is single source of labels management, and labels are unified across the other roles * Introduce `additional_labels` * Fix paths for labels templates * Return `additional_labels_items` as list * Add molecule tests	2023-01-30 18:51:08 -05:00
Christian Adams	d26a6bf641	Fix minor helm make target syntax error (#1206 )	2023-01-27 09:56:40 -05:00
janorn	8d6db0934f	Fix helm chart URLs (#1204 )	2023-01-27 09:32:46 -05:00
John Westcott IV	c1b2e73123	Merge pull request #1202 from john-westcott-iv/security_requested_change Nominal change to the pr body check	2023-01-25 17:29:50 -05:00
John Westcott IV	6ac8668ead	Nominal change to the pr body check	2023-01-25 17:12:08 -05:00
Christian Adams	ac5a2538bc	Fix helm index.yaml generation error (#1199 )	2023-01-24 21:40:42 -05:00
Christian Adams	2bdc87d0a8	Add docs for ingress resource apiVersion configuration (#1198 )	2023-01-24 22:42:02 +00:00
Joel	ab566c2530	backup role use k8s_cp module to write files (#1111 )	2023-01-24 17:02:05 -05:00
rakesh561	6a7c3ca2de	Add docs for disabling IPv6 * Added procedure to disable ipv6 for AWX deployments when needed.	2023-01-24 04:26:25 +00:00