mirror of
https://github.com/ansible/awx-operator.git
synced 2026-04-27 17:06:45 +00:00
Compare commits
55 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
721d6814ca | ||
|
866acb3d9c | ||
|
94dc52d224 | ||
|
c0cd78899a | ||
|
|
3b54fa8675 | ||
|
|
4a869998d1 | ||
|
|
bc044431ab | ||
|
|
4fe482b77b | ||
|
194340688d | ||
|
b517b0a2a6 | ||
|
1dc56803e8 | ||
|
|
85da1aa1f3 | ||
|
|
6378836706 | ||
|
|
e829dafbd2 | ||
|
|
1023718b87 | ||
|
|
4a5141933c | ||
|
084841f549 | ||
|
76ab4a8342 | ||
|
2d6aa5815f | ||
|
d69b57c014 | ||
|
562a171de6 | ||
|
2118c6f49c | ||
|
|
9c759bfe88 | ||
|
|
d0205f4e5e | ||
|
d914edf3e0 | ||
|
be4fd1364c | ||
|
|
599b1e387d | ||
|
732ff9c02c | ||
|
|
d0e30a6878 | ||
|
|
a213b60008 | ||
|
768327ea3b | ||
|
4908ecfd5d | ||
|
e1e97a1bbf | ||
|
e54215863c | ||
|
|
0c2f45569c | ||
|
cde24806cf | ||
|
|
5a3b2179bc | ||
|
|
faf51c8b24 | ||
|
|
9bdbf4bacb | ||
|
|
d4015546db | ||
|
|
10df62ff7b | ||
|
a2a35d0a40 | ||
|
|
4589e2849d | ||
|
|
1456d24ff5 | ||
|
|
b5e630d0b5 | ||
|
4104e7d912 | ||
|
|
2f7297f5f5 | ||
|
|
073e6cff0a | ||
|
|
910f1eeb36 | ||
|
|
bba532e2e5 | ||
|
|
fee2289753 | ||
|
|
c5520d4c61 | ||
|
|
25e7f5a8f2 | ||
|
ef10b06be5 | ||
|
ce48812921 |
2
.github/workflows/feature.yml
vendored
2
.github/workflows/feature.yml
vendored
@@ -8,7 +8,7 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-latest
|
||||||
name: Push devel image
|
name: Push devel image
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|||||||
8
.github/workflows/promote.yaml
vendored
8
.github/workflows/promote.yaml
vendored
@@ -12,11 +12,6 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
depth: 0
|
depth: 0
|
||||||
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
ref: gh-pages
|
|
||||||
path: gh-pages
|
|
||||||
|
|
||||||
- name: Log in to GHCR
|
- name: Log in to GHCR
|
||||||
run: |
|
run: |
|
||||||
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
|
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
|
||||||
@@ -40,4 +35,5 @@ jobs:
|
|||||||
-e chart_owner=${{ github.repository_owner }} \
|
-e chart_owner=${{ github.repository_owner }} \
|
||||||
-e tag=${{ github.event.release.tag_name }} \
|
-e tag=${{ github.event.release.tag_name }} \
|
||||||
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
|
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
|
||||||
-e gh_user=${{ github.actor }}
|
-e gh_user=${{ github.actor }} \
|
||||||
|
-e repo_type=https
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
AWX:
|
AWX:
|
||||||
# enable use of awx-deploy template
|
# enable use of awx-deploy template
|
||||||
enabled: false
|
enabled: false
|
||||||
name: awx
|
name: awx
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ ignore: |
|
|||||||
awx-operator.clusterserviceversion.yaml
|
awx-operator.clusterserviceversion.yaml
|
||||||
bundle
|
bundle
|
||||||
.helm/starter
|
.helm/starter
|
||||||
|
hacking/
|
||||||
|
|
||||||
rules:
|
rules:
|
||||||
truthy: disable
|
truthy: disable
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ Have questions about this document or anything not covered here? Please file a n
|
|||||||
```
|
```
|
||||||
2. Make your changes.
|
2. Make your changes.
|
||||||
3. Test your changes according described on the Testing section.
|
3. Test your changes according described on the Testing section.
|
||||||
4. If everylooks looks correct, commit your changes.
|
4. If everything looks correct, commit your changes.
|
||||||
```sh
|
```sh
|
||||||
#> git add <FILES>
|
#> git add <FILES>
|
||||||
#> git commit -m "My message here"
|
#> git commit -m "My message here"
|
||||||
@@ -56,14 +56,17 @@ Running `molecule test` sets up a clean environment, builds the operator, runs a
|
|||||||
|
|
||||||
If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
|
If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
|
||||||
|
|
||||||
#### Testing in Docker
|
#### Testing in Kind
|
||||||
|
|
||||||
|
Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
|
||||||
|
* https://kind.sigs.k8s.io/docs/user/quick-start/
|
||||||
|
|
||||||
|
To run the tests, from the root of your checkout, run the following command:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
#> molecule test -s test-local
|
#> molecule test -s kind
|
||||||
```
|
```
|
||||||
|
|
||||||
This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
|
|
||||||
|
|
||||||
#### Testing in Minikube
|
#### Testing in Minikube
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
@@ -137,4 +140,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t
|
|||||||
|
|
||||||
## Reporting Issues
|
## Reporting Issues
|
||||||
|
|
||||||
We welcome your feedback, and encourage you to file an issue when you run into a problem.
|
We welcome your feedback, and encourage you to file an issue when you run into a problem.
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
FROM quay.io/operator-framework/ansible-operator:v1.26.0
|
FROM quay.io/operator-framework/ansible-operator:v1.28.1
|
||||||
|
|
||||||
USER 0
|
USER 0
|
||||||
|
|
||||||
|
|||||||
13
Makefile
13
Makefile
@@ -65,6 +65,7 @@ CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
|
|||||||
CHART_OWNER ?= $(GH_REPO_OWNER)
|
CHART_OWNER ?= $(GH_REPO_OWNER)
|
||||||
CHART_REPO ?= awx-operator
|
CHART_REPO ?= awx-operator
|
||||||
CHART_BRANCH ?= gh-pages
|
CHART_BRANCH ?= gh-pages
|
||||||
|
CHART_DIR ?= gh-pages
|
||||||
CHART_INDEX ?= index.yaml
|
CHART_INDEX ?= index.yaml
|
||||||
|
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
@@ -140,7 +141,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
|
|||||||
@{ \
|
@{ \
|
||||||
set -e ;\
|
set -e ;\
|
||||||
mkdir -p $(dir $(KUSTOMIZE)) ;\
|
mkdir -p $(dir $(KUSTOMIZE)) ;\
|
||||||
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCHA).tar.gz | \
|
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
|
||||||
tar xzf - -C bin/ ;\
|
tar xzf - -C bin/ ;\
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@@ -227,7 +228,7 @@ ifeq (,$(shell which kubectl-slice 2>/dev/null))
|
|||||||
@{ \
|
@{ \
|
||||||
set -e ;\
|
set -e ;\
|
||||||
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
|
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
|
||||||
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
|
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \
|
||||||
tar xzf - -C bin/ kubectl-slice ;\
|
tar xzf - -C bin/ kubectl-slice ;\
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@@ -354,7 +355,7 @@ helm-package: helm-chart
|
|||||||
@echo "== Package Current Chart Version =="
|
@echo "== Package Current Chart Version =="
|
||||||
mkdir -p .cr-release-packages
|
mkdir -p .cr-release-packages
|
||||||
# package the chart and put it in .cr-release-packages dir
|
# package the chart and put it in .cr-release-packages dir
|
||||||
$(HELM) package ./charts/awx-operator -d .cr-release-packages
|
$(HELM) package ./charts/awx-operator -d .cr-release-packages/$(VERSION)
|
||||||
|
|
||||||
# List all tags oldest to newest.
|
# List all tags oldest to newest.
|
||||||
TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3)
|
TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3)
|
||||||
@@ -364,7 +365,7 @@ TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/
|
|||||||
# that is contained within a larger repo, where a tag may not require a new chart version
|
# that is contained within a larger repo, where a tag may not require a new chart version
|
||||||
.PHONY: helm-index
|
.PHONY: helm-index
|
||||||
helm-index:
|
helm-index:
|
||||||
# when running in CI this gh-pages are already checked out with github action to 'gh-pages' directory
|
# when running in CI the gh-pages branch is checked out by the ansible playbook
|
||||||
# TODO: test if gh-pages directory exists and if not exist
|
# TODO: test if gh-pages directory exists and if not exist
|
||||||
|
|
||||||
@echo "== GENERATE INDEX FILE =="
|
@echo "== GENERATE INDEX FILE =="
|
||||||
@@ -392,6 +393,6 @@ helm-index:
|
|||||||
# generate the index file in the root of the gh-pages branch
|
# generate the index file in the root of the gh-pages branch
|
||||||
# --merge will leave any values in index.yaml that don't get generated by this command, but
|
# --merge will leave any values in index.yaml that don't get generated by this command, but
|
||||||
# it is likely that all values are overridden
|
# it is likely that all values are overridden
|
||||||
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge gh-pages/index.yaml
|
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml
|
||||||
|
|
||||||
mv .cr-release-packages/index.yaml gh-pages/index.yaml
|
mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml
|
||||||
|
|||||||
73
README.md
73
README.md
@@ -131,7 +131,7 @@ $ alias kubectl="minikube kubectl --"
|
|||||||
|
|
||||||
### Basic Install
|
### Basic Install
|
||||||
|
|
||||||
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/
|
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/ )
|
||||||
|
|
||||||
First, create a file called `kustomization.yaml` with the following content:
|
First, create a file called `kustomization.yaml` with the following content:
|
||||||
|
|
||||||
@@ -156,7 +156,7 @@ namespace: awx
|
|||||||
Install the manifests by running this:
|
Install the manifests by running this:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ kustomize build . | kubectl apply -f -
|
$ kubectl apply -k .
|
||||||
namespace/awx created
|
namespace/awx created
|
||||||
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
|
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
|
||||||
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
|
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
|
||||||
@@ -229,10 +229,10 @@ resources:
|
|||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
Finally, run `kustomize` again to create the AWX instance in your cluster:
|
Finally, apply the changes to create the AWX instance in your cluster:
|
||||||
|
|
||||||
```
|
```
|
||||||
kustomize build . | kubectl apply -f -
|
kubectl apply -k .
|
||||||
```
|
```
|
||||||
|
|
||||||
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
|
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
|
||||||
@@ -477,6 +477,23 @@ spec:
|
|||||||
environment: testing
|
environment: testing
|
||||||
```
|
```
|
||||||
|
|
||||||
|
##### Specialized Ingress Controller configuration
|
||||||
|
|
||||||
|
Some Ingress Controllers need a special configuration to fully support AWX, add the following value with the `ingress_controller` variable, if you are using one of these:
|
||||||
|
|
||||||
|
| Ingress Controller name | value |
|
||||||
|
| ------------------------------------- | ------- |
|
||||||
|
| [Contour](https://projectcontour.io/) | contour |
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
spec:
|
||||||
|
...
|
||||||
|
ingress_type: ingress
|
||||||
|
hostname: awx-demo.example.com
|
||||||
|
ingress_controller: contour
|
||||||
|
```
|
||||||
|
|
||||||
* Route
|
* Route
|
||||||
|
|
||||||
The following variables are customizable when `ingress_type=route`
|
The following variables are customizable when `ingress_type=route`
|
||||||
@@ -659,6 +676,25 @@ $ oc adm policy add-scc-to-user privileged -z awx
|
|||||||
|
|
||||||
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
|
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
|
||||||
|
|
||||||
|
#### Containers HostAliases Requirements
|
||||||
|
|
||||||
|
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
|
||||||
|
|
||||||
|
| Name | Description | Default |
|
||||||
|
| ------------ | --------------------- | ------- |
|
||||||
|
| host_aliases | A list of HostAliases | None |
|
||||||
|
|
||||||
|
Example of customization could be:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
spec:
|
||||||
|
...
|
||||||
|
host_aliases:
|
||||||
|
- ip: <name-of-your-ip>
|
||||||
|
hostnames:
|
||||||
|
- <name-of-your-domain>
|
||||||
|
```
|
||||||
|
|
||||||
#### Containers Resource Requirements
|
#### Containers Resource Requirements
|
||||||
|
|
||||||
@@ -894,7 +930,7 @@ A sample of extra settings can be found as below. All possible options can be fo
|
|||||||
value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
|
value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
|
||||||
|
|
||||||
- setting: AUTH_LDAP_GROUP_TYPE
|
- setting: AUTH_LDAP_GROUP_TYPE
|
||||||
value: 'GroupOfNamesType'
|
value: 'GroupOfNamesType()'
|
||||||
|
|
||||||
- setting: AUTH_LDAP_USER_ATTR_MAP
|
- setting: AUTH_LDAP_USER_ATTR_MAP
|
||||||
value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'
|
value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'
|
||||||
@@ -1047,6 +1083,33 @@ Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it i
|
|||||||
|
|
||||||
The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
|
The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
|
||||||
|
|
||||||
|
##### Custom Favicon
|
||||||
|
|
||||||
|
You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
|
||||||
|
|
||||||
|
First, Create the configmap from a local favicon.ico file.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ oc create configmap favicon-configmap --from-file favicon.ico
|
||||||
|
```
|
||||||
|
|
||||||
|
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
spec:
|
||||||
|
extra_volumes: |
|
||||||
|
- name: favicon
|
||||||
|
configMap:
|
||||||
|
defaultMode: 420
|
||||||
|
items:
|
||||||
|
- key: favicon.ico
|
||||||
|
path: favicon.ico
|
||||||
|
name: favicon-configmap
|
||||||
|
web_extra_volume_mounts: |
|
||||||
|
- name: favicon
|
||||||
|
mountPath: /var/lib/awx/public/static/media/favicon.ico
|
||||||
|
subPath: favicon.ico
|
||||||
|
```
|
||||||
|
|
||||||
#### Default execution environments from private registries
|
#### Default execution environments from private registries
|
||||||
|
|
||||||
|
|||||||
@@ -2,6 +2,8 @@
|
|||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
vars:
|
vars:
|
||||||
chart_repo: awx-operator
|
chart_repo: awx-operator
|
||||||
|
environment:
|
||||||
|
CHART_OWNER: "{{ chart_owner }}"
|
||||||
tasks:
|
tasks:
|
||||||
- name: Look up release
|
- name: Look up release
|
||||||
uri:
|
uri:
|
||||||
@@ -43,7 +45,7 @@
|
|||||||
- name: Upload helm chart
|
- name: Upload helm chart
|
||||||
uri:
|
uri:
|
||||||
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
|
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
|
||||||
src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
|
src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz"
|
||||||
headers:
|
headers:
|
||||||
Authorization: "token {{ gh_token }}"
|
Authorization: "token {{ gh_token }}"
|
||||||
Content-Type: "application/octet-stream"
|
Content-Type: "application/octet-stream"
|
||||||
@@ -66,26 +68,48 @@
|
|||||||
|
|
||||||
- when: commits_for_release.stdout == ''
|
- when: commits_for_release.stdout == ''
|
||||||
block:
|
block:
|
||||||
- name: Configure git config
|
- name: Make a temp dir
|
||||||
shell: |
|
tempfile:
|
||||||
git config user.name {{ gh_user }}
|
state: directory
|
||||||
git config user.email {{ gh_user }}@users.noreply.github.com
|
register: temp_dir
|
||||||
args:
|
|
||||||
chdir: "{{ playbook_dir }}/../gh-pages"
|
- name: Clone the gh-pages branch from {{ chart_owner }}
|
||||||
|
git:
|
||||||
|
repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}"
|
||||||
|
dest: "{{ temp_dir.path }}"
|
||||||
|
single_branch: yes
|
||||||
|
version: gh-pages
|
||||||
|
vars:
|
||||||
|
http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}"
|
||||||
|
ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git"
|
||||||
|
|
||||||
- name: Publish helm index
|
- name: Publish helm index
|
||||||
command: |
|
ansible.builtin.command:
|
||||||
make helm-index
|
cmd: make helm-index
|
||||||
environment:
|
environment:
|
||||||
CHART_OWNER: "{{ chart_owner }}"
|
CHART_OWNER: "{{ chart_owner }}"
|
||||||
CR_TOKEN: "{{ gh_token }}"
|
CR_TOKEN: "{{ gh_token }}"
|
||||||
|
CHART_DIR: "{{ temp_dir.path }}"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ playbook_dir }}/../"
|
chdir: "{{ playbook_dir }}/.."
|
||||||
|
|
||||||
- name: Stage and Push commit to gh-pages branch
|
- name: Stage and Push commit to gh-pages branch
|
||||||
shell: |
|
command:
|
||||||
git add index.yaml
|
cmd: "{{ item }}"
|
||||||
git commit -m "{{ commit_message }}"
|
loop:
|
||||||
git push
|
- git add index.yaml
|
||||||
|
- git commit -m "{{ commit_message }}"
|
||||||
|
- git push
|
||||||
args:
|
args:
|
||||||
chdir: "{{ playbook_dir }}/../gh-pages"
|
chdir: "{{ temp_dir.path }}/"
|
||||||
|
environment:
|
||||||
|
GIT_AUTHOR_NAME: "{{ gh_user }}"
|
||||||
|
GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com"
|
||||||
|
GIT_COMMITTER_NAME: "{{ gh_user }}"
|
||||||
|
GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com"
|
||||||
|
|
||||||
|
always:
|
||||||
|
- name: Remove temp dir
|
||||||
|
file:
|
||||||
|
path: "{{ temp_dir.path }}"
|
||||||
|
state: absent
|
||||||
|
|||||||
@@ -121,6 +121,9 @@ spec:
|
|||||||
ingress_class_name:
|
ingress_class_name:
|
||||||
description: The name of ingress class to use instead of the cluster default.
|
description: The name of ingress class to use instead of the cluster default.
|
||||||
type: string
|
type: string
|
||||||
|
ingress_controller:
|
||||||
|
description: Special configuration for specific Ingress Controllers
|
||||||
|
type: string
|
||||||
loadbalancer_protocol:
|
loadbalancer_protocol:
|
||||||
description: Protocol to use for the loadbalancer
|
description: Protocol to use for the loadbalancer
|
||||||
type: string
|
type: string
|
||||||
@@ -183,7 +186,13 @@ spec:
|
|||||||
description: Additional labels to apply to the service
|
description: Additional labels to apply to the service
|
||||||
type: string
|
type: string
|
||||||
annotations:
|
annotations:
|
||||||
description: annotations for the pods
|
description: Common annotations for both Web and Task deployments.
|
||||||
|
type: string
|
||||||
|
task_annotations:
|
||||||
|
description: Task deployment annotations. This will override the general annotations parameter for the Task deployment.
|
||||||
|
type: string
|
||||||
|
web_annotations:
|
||||||
|
description: Web deployment annotations. This will override the general annotations parameter for the Web deployment.
|
||||||
type: string
|
type: string
|
||||||
tolerations:
|
tolerations:
|
||||||
description: node tolerations for the pods
|
description: node tolerations for the pods
|
||||||
@@ -1336,6 +1345,18 @@ spec:
|
|||||||
image_pull_secret: # deprecated
|
image_pull_secret: # deprecated
|
||||||
description: (Deprecated) Image pull secret for app and database containers
|
description: (Deprecated) Image pull secret for app and database containers
|
||||||
type: string
|
type: string
|
||||||
|
host_aliases:
|
||||||
|
description: HostAliases for app containers
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
ip:
|
||||||
|
type: string
|
||||||
|
hostnames:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
task_resource_requirements:
|
task_resource_requirements:
|
||||||
description: Resource requirements for the task container
|
description: Resource requirements for the task container
|
||||||
properties:
|
properties:
|
||||||
@@ -1446,6 +1467,28 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
rsyslog_resource_requirements:
|
||||||
|
description: Resource requirements for the rsyslog container
|
||||||
|
properties:
|
||||||
|
requests:
|
||||||
|
properties:
|
||||||
|
cpu:
|
||||||
|
type: string
|
||||||
|
memory:
|
||||||
|
type: string
|
||||||
|
storage:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
limits:
|
||||||
|
properties:
|
||||||
|
cpu:
|
||||||
|
type: string
|
||||||
|
memory:
|
||||||
|
type: string
|
||||||
|
storage:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
service_account_annotations:
|
service_account_annotations:
|
||||||
description: ServiceAccount annotations
|
description: ServiceAccount annotations
|
||||||
type: string
|
type: string
|
||||||
@@ -1587,6 +1630,25 @@ spec:
|
|||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
postgres_keepalives:
|
||||||
|
description: Controls whether client-side TCP keepalives are used for Postgres connections.
|
||||||
|
default: true
|
||||||
|
type: boolean
|
||||||
|
postgres_keepalives_count:
|
||||||
|
description: Controls the number of TCP keepalives that can be lost before the client's connection to the server is considered dead.
|
||||||
|
type: integer
|
||||||
|
default: 5
|
||||||
|
format: int32
|
||||||
|
postgres_keepalives_idle:
|
||||||
|
description: Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server.
|
||||||
|
type: integer
|
||||||
|
default: 5
|
||||||
|
format: int32
|
||||||
|
postgres_keepalives_interval:
|
||||||
|
description: Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.
|
||||||
|
type: integer
|
||||||
|
default: 5
|
||||||
|
format: int32
|
||||||
ca_trust_bundle:
|
ca_trust_bundle:
|
||||||
description: Path where the trusted CA bundle is available
|
description: Path where the trusted CA bundle is available
|
||||||
type: string
|
type: string
|
||||||
|
|||||||
@@ -21,12 +21,10 @@ resources:
|
|||||||
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
|
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
|
||||||
#- ../prometheus
|
#- ../prometheus
|
||||||
|
|
||||||
patchesStrategicMerge:
|
|
||||||
# Protect the /metrics endpoint by putting it behind auth.
|
# Protect the /metrics endpoint by putting it behind auth.
|
||||||
# If you want your controller-manager to expose the /metrics
|
# If you want your controller-manager to expose the /metrics
|
||||||
# endpoint w/o any authn/z, please comment the following line.
|
# endpoint w/o any authn/z, please comment the following line.
|
||||||
- manager_auth_proxy_patch.yaml
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
# Mount the controller config file for loading manager configurations
|
patches:
|
||||||
# through a ComponentConfig type
|
- path: manager_auth_proxy_patch.yaml
|
||||||
#- manager_config_patch.yaml
|
|
||||||
|
|||||||
@@ -12,10 +12,9 @@ spec:
|
|||||||
- name: kube-rbac-proxy
|
- name: kube-rbac-proxy
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
# TODO(user): uncomment for common cases that do not require escalating privileges
|
capabilities:
|
||||||
# capabilities:
|
drop:
|
||||||
# drop:
|
- "ALL"
|
||||||
# - "ALL"
|
|
||||||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
|
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
|
||||||
args:
|
args:
|
||||||
- "--secure-listen-address=0.0.0.0:8443"
|
- "--secure-listen-address=0.0.0.0:8443"
|
||||||
|
|||||||
@@ -51,7 +51,6 @@ spec:
|
|||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
# TODO(user): uncomment for common cases that do not require escalating privileges
|
|
||||||
capabilities:
|
capabilities:
|
||||||
drop:
|
drop:
|
||||||
- "ALL"
|
- "ALL"
|
||||||
|
|||||||
@@ -88,10 +88,10 @@ spec:
|
|||||||
kind: AWXRestore
|
kind: AWXRestore
|
||||||
name: awxrestores.awx.ansible.com
|
name: awxrestores.awx.ansible.com
|
||||||
specDescriptors:
|
specDescriptors:
|
||||||
- displayName: Backup Source to restore from
|
- description: Select what type of backup to specify. Backup CR, allows you
|
||||||
description: Select what type of backup to specify. Backup CR, allows you to specify
|
to specify the name of an AWXBackup object (recommended approach). The
|
||||||
the name of an AWXBackup object (recommended approach). The PVC option allows you to
|
PVC option allows you to specify a custom PVC and directory to backup from.
|
||||||
specify a custom PVC and directory to backup from.
|
displayName: Backup Source to restore from
|
||||||
path: backup_source
|
path: backup_source
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:select:Backup CR
|
- urn:alm:descriptor:com.tectonic.ui:select:Backup CR
|
||||||
@@ -115,8 +115,9 @@ spec:
|
|||||||
path: backup_pvc_namespace
|
path: backup_pvc_namespace
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
- displayName: Backup Directory
|
- description: This is the directory inside the PVC that your backup is stored
|
||||||
description: This is the directory inside the PVC that your backup is stored in.
|
in.
|
||||||
|
displayName: Backup Directory
|
||||||
path: backup_dir
|
path: backup_dir
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:text
|
- urn:alm:descriptor:com.tectonic.ui:text
|
||||||
@@ -151,7 +152,8 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:text
|
- urn:alm:descriptor:com.tectonic.ui:text
|
||||||
version: v1beta1
|
version: v1beta1
|
||||||
- description: Deploy a new instance of AWX. A standardized way to define, operate and scale automation with Ansible.
|
- description: Deploy a new instance of AWX. A standardized way to define, operate
|
||||||
|
and scale automation with Ansible.
|
||||||
displayName: AWX
|
displayName: AWX
|
||||||
kind: AWX
|
kind: AWX
|
||||||
name: awxs.awx.ansible.com
|
name: awxs.awx.ansible.com
|
||||||
@@ -186,8 +188,9 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:io.kubernetes:Secret
|
- urn:alm:descriptor:io.kubernetes:Secret
|
||||||
- displayName: Secret Key
|
- description: Name of the k8s secret the symmetric encryption key is stored
|
||||||
description: Name of the k8s secret the symmetric encryption key is stored in.
|
in.
|
||||||
|
displayName: Secret Key
|
||||||
path: secret_key_secret
|
path: secret_key_secret
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
@@ -226,7 +229,7 @@ spec:
|
|||||||
path: ingress_api_version
|
path: ingress_api_version
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:text
|
- urn:alm:descriptor:com.tectonic.ui:text
|
||||||
- displayName: Ingress Path
|
- displayName: Ingress Path
|
||||||
path: ingress_path
|
path: ingress_path
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -251,6 +254,12 @@ spec:
|
|||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:io.kubernetes:Secret
|
- urn:alm:descriptor:io.kubernetes:Secret
|
||||||
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
|
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
|
||||||
|
- displayName: Ingress Controller
|
||||||
|
path: ingress_controller
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:text
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
|
||||||
- displayName: LoadBalancer Annotations
|
- displayName: LoadBalancer Annotations
|
||||||
path: service_annotations
|
path: service_annotations
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -314,6 +323,11 @@ spec:
|
|||||||
path: image_pull_secret
|
path: image_pull_secret
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: HostAliases for app containers
|
||||||
|
path: host_aliases
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:text
|
||||||
- displayName: Web Container Resource Requirements
|
- displayName: Web Container Resource Requirements
|
||||||
path: web_resource_requirements
|
path: web_resource_requirements
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -329,9 +343,9 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||||
- displayName: PostgreSQL Init Container Resource Requirements
|
- description: The PostgreSQL init container is not used when an external DB
|
||||||
description: The PostgreSQL init container is not used when an external DB
|
|
||||||
is configured
|
is configured
|
||||||
|
displayName: PostgreSQL Init Container Resource Requirements
|
||||||
path: postgres_init_container_resource_requirements
|
path: postgres_init_container_resource_requirements
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
@@ -341,20 +355,22 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||||
- displayName: PostgreSQL Container Resource Requirements
|
- displayName: Rsyslog Container Resource Requirements
|
||||||
description: The PostgreSQL container is not used when an external DB
|
path: rsyslog_resource_requirements
|
||||||
is configured
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||||
|
- description: The PostgreSQL container is not used when an external DB is configured
|
||||||
|
displayName: PostgreSQL Container Resource Requirements
|
||||||
path: postgres_resource_requirements
|
path: postgres_resource_requirements
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||||
- displayName: PostgreSQL Container Storage Requirements
|
- description: The PostgreSQL container is not used when an external DB is configured
|
||||||
description: The PostgreSQL container is not used when an external DB
|
displayName: PostgreSQL Container Storage Requirements
|
||||||
is configured
|
|
||||||
path: postgres_storage_requirements
|
path: postgres_storage_requirements
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
|
||||||
- displayName: Replicas
|
- displayName: Replicas
|
||||||
path: replicas
|
path: replicas
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -465,8 +481,8 @@ spec:
|
|||||||
- displayName: Postgres Storage Class
|
- displayName: Postgres Storage Class
|
||||||
path: postgres_storage_class
|
path: postgres_storage_class
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:io.kubernetes:StorageClass
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
|
||||||
- displayName: Postgres Datapath
|
- displayName: Postgres Datapath
|
||||||
path: postgres_data_path
|
path: postgres_data_path
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -477,6 +493,26 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: Enable Postgres Keepalives
|
||||||
|
path: postgres_keepalives
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: Postgres Keepalives Count
|
||||||
|
path: postgres_keepalives_count
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: Postgres Keepalives Idle
|
||||||
|
path: postgres_keepalives_idle
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: Postgres Keepalives Interval
|
||||||
|
path: postgres_keepalives_interval
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
- displayName: Certificate Authorirty Trust Bundle
|
- displayName: Certificate Authorirty Trust Bundle
|
||||||
path: ca_trust_bundle
|
path: ca_trust_bundle
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -684,6 +720,16 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: Task Annotations
|
||||||
|
path: task_annotations
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
|
- displayName: Web Annotations
|
||||||
|
path: web_annotations
|
||||||
|
x-descriptors:
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
|
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||||
- displayName: Tolerations
|
- displayName: Tolerations
|
||||||
path: tolerations
|
path: tolerations
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
@@ -774,8 +820,8 @@ spec:
|
|||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
|
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
|
||||||
- displayName: Additional labels defined on the resource, which should be
|
- displayName: Additional labels defined on the resource, which should be propagated
|
||||||
propagated to child resources
|
to child resources
|
||||||
path: additional_labels
|
path: additional_labels
|
||||||
x-descriptors:
|
x-descriptors:
|
||||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||||
@@ -860,7 +906,7 @@ spec:
|
|||||||
- email: awx-project@googlegroups.com
|
- email: awx-project@googlegroups.com
|
||||||
name: AWX Team
|
name: AWX Team
|
||||||
maturity: alpha
|
maturity: alpha
|
||||||
MinKubeVersion: 1.22.15
|
minKubeVersion: 1.22.15
|
||||||
provider:
|
provider:
|
||||||
name: Ansible
|
name: Ansible
|
||||||
url: github.com/ansible/awx-operator
|
url: github.com/ansible/awx-operator
|
||||||
|
|||||||
@@ -7,10 +7,6 @@ namePrefix: osdk-
|
|||||||
#commonLabels:
|
#commonLabels:
|
||||||
# someName: someValue
|
# someName: someValue
|
||||||
|
|
||||||
patchesStrategicMerge:
|
|
||||||
- manager_image.yaml
|
|
||||||
- debug_logs_patch.yaml
|
|
||||||
- ../default/manager_auth_proxy_patch.yaml
|
|
||||||
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
@@ -21,3 +17,7 @@ resources:
|
|||||||
images:
|
images:
|
||||||
- name: testing
|
- name: testing
|
||||||
newName: testing-operator
|
newName: testing-operator
|
||||||
|
patches:
|
||||||
|
- path: manager_image.yaml
|
||||||
|
- path: debug_logs_patch.yaml
|
||||||
|
- path: ../default/manager_auth_proxy_patch.yaml
|
||||||
|
|||||||
29
docs/doc-proposal.md
Normal file
29
docs/doc-proposal.md
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
# Docs Breakdown for AWX Operator
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
This table below is aimed at breaking down the ReadME documentation for Ansible AWX Operator and structure it in the way it can be moved to the Read The Docs module.
|
||||||
|
|
||||||
|
From the ReadMe file, the documentation can be classified into six distinct segments which are:
|
||||||
|
|
||||||
|
|
||||||
|
- Introduction/Getting Started
|
||||||
|
- Installation
|
||||||
|
- User Guide
|
||||||
|
- Upgrade
|
||||||
|
- Uninstall
|
||||||
|
- Contributors Guide
|
||||||
|
|
||||||
|
Using these listed segments, we can do a proper breakdown of all the topics in the ReadMe and place each one in the segment they fall into. This table is open to any form of refactoring or modifications.
|
||||||
|
|
||||||
|
| Segments | Topics |
|
||||||
|
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||||
|
| Introduction | - [Purpose](https://github.com/ansible/awx-operator#purpose) |
|
||||||
|
| Installation | - [Creating a minikube cluster for testing](https://github.com/ansible/awx-operator#creating-a-minikube-cluster-for-testing)<br>- [Basic Install](https://github.com/ansible/awx-operator#basic-install)<br>- [Helm Install on existing cluster](https://github.com/ansible/awx-operator#helm-install-on-existing-cluster) |
|
||||||
|
| User Guide | - [Admin user account configuration](https://github.com/ansible/awx-operator#admin-user-account-configuration)<br>- [Network and TLS Configuration](https://github.com/ansible/awx-operator#network-and-tls-configuration)<br> * [Service Type](https://github.com/ansible/awx-operator#service-type)<br> * [Ingress Type](https://github.com/ansible/awx-operator#ingress-type)<br>- [Database Configuration](https://github.com/ansible/awx-operator#database-configuration)<br> * [External PostgreSQL Service](https://github.com/ansible/awx-operator#external-postgresql-service)<br> * [Migrating data from an old AWX instance](https://github.com/ansible/awx-operator#migrating-data-from-an-old-awx-instance)<br> * [Managed PostgreSQL Service](https://github.com/ansible/awx-operator#managed-postgresql-service)<br>- [Advanced Configuration](https://github.com/ansible/awx-operator#advanced-configuration)<br> * [Deploying a specific version of AWX](https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx)<br> * [Redis container capabilities](https://github.com/ansible/awx-operator#redis-container-capabilities)<br> * [Privileged Tasks](https://github.com/ansible/awx-operator#privileged-tasks)<br> * [Containers Resource Requirements](https://github.com/ansible/awx-operator#containers-resource-requirements)<br> * [Priority Classes](https://github.com/ansible/awx-operator#priority-classes)<br> * [Assigning AWX pods to specific nodes](https://github.com/ansible/awx-operator#assigning-awx-pods-to-specific-nodes)<br> * [Trusting a Custom Certificate Authority](https://github.com/ansible/awx-operator#trusting-a-custom-certificate-authority)<br> * [Enabling LDAP Integration at AWX bootstrap](https://github.com/ansible/awx-operator#enabling-ldap-integration-at-awx-bootstrap)<br> * [Persisting Projects Directory](https://github.com/ansible/awx-operator#persisting-projects-directory)<br> * [Custom Volume and Volume Mount Options](https://github.com/ansible/awx-operator#custom-volume-and-volume-mount-options)<br> * [Default execution environments from private registries](https://github.com/ansible/awx-operator#default-execution-environments-from-private-registries)<br> * * [Control plane ee from private registry](https://github.com/ansible/awx-operator#control-plane-ee-from-private-registry)<br> * [Exporting Environment Variables to Containers](https://github.com/ansible/awx-operator#exporting-environment-variables-to-containers)<br> * [CSRF Cookie Secure Setting](https://github.com/ansible/awx-operator#csrf-cookie-secure-setting)<br> * [Session Cookie Secure Setting](https://github.com/ansible/awx-operator#session-cookie-secure-setting)<br> * [Extra Settings](https://github.com/ansible/awx-operator#extra-settings)<br> * [Configure no_log](https://github.com/ansible/awx-operator#no-log)<br> * [Auto Upgrade](https://github.com/ansible/awx-operator#auto-upgrade)<br> ** [Upgrade of instances without auto upgrade](https://github.com/ansible/awx-operator#upgrade-of-instances-without-auto-upgrade)<br> * [Service Account](https://github.com/ansible/awx-operator#service-account)<br> * [Labeling operator managed objects](https://github.com/ansible/awx-operator#labeling-operator-managed-objects)<br> * [Pods termination grace period](https://github.com/ansible/awx-operator#pods-termination-grace-period)<br> * [Disable IPV6](https://github.com/ansible/awx-operator#disable-ipv6)<br> * [Add Execution Nodes](https://github.com/ansible/awx-operator#adding-execution-nodes)<br> ** [Custom Receptor CA](https://github.com/ansible/awx-operator#custom-receptor-ca)<br> * [Debugging](https://github.com/ansible/awx-operator/blob/devel/docs/debugging.md)<br> * [Migration](https://github.com/ansible/awx-operator/blob/devel/docs/migration.md) |
|
||||||
|
| Upgrade | - [Upgrading](https://github.com/ansible/awx-operator#upgrading)<br> * [Backup](https://github.com/ansible/awx-operator#backup)<br> * [v0.14.0](https://github.com/ansible/awx-operator#v0140)<br> ** [Cluster-scope to Namespace-scope considerations](https://github.com/ansible/awx-operator#cluster-scope-to-namespace-scope-considerations)<br> ** [Project is now based on v1.x of the operator-sdk project](https://github.com/ansible/awx-operator#project-is-now-based-on-v1x-of-the-operator-sdk-project)<br> ** [Steps to upgrade](https://github.com/ansible/awx-operator#steps-to-upgrade) |
|
||||||
|
| Uninstall | - [Uninstall](https://github.com/ansible/awx-operator#uninstall) |
|
||||||
|
| Contributors Guide | - [Contributing](https://github.com/ansible/awx-operator#contributing)<br>- [Release Process](https://github.com/ansible/awx-operator#release-process)<br>- [Author](https://github.com/ansible/awx-operator#author)<br>- [Code of Conduct](https://github.com/ansible/awx-operator#code-of-conduct)<br>- [Get Involved](https://github.com/ansible/awx-operator#get-involved) |
|
||||||
|
|
||||||
|
|
||||||
|
Note: I could not get the multi-level bullet point list to work in the table so I used single asterisk `*` for one level down and double asterisk `**` for two level down.
|
||||||
@@ -19,19 +19,36 @@
|
|||||||
register: admin_pw_secret
|
register: admin_pw_secret
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Get pod details
|
- name: Get web pod details
|
||||||
k8s_info:
|
k8s_info:
|
||||||
namespace: '{{ namespace }}'
|
namespace: '{{ namespace }}'
|
||||||
kind: Pod
|
kind: Pod
|
||||||
label_selectors:
|
label_selectors:
|
||||||
- app.kubernetes.io/name = example-awx-web
|
- app.kubernetes.io/name = example-awx-web
|
||||||
register: awx_pod
|
register: awx_web_pod
|
||||||
when: not awx_version
|
when: not awx_version
|
||||||
|
|
||||||
- name: Extract tags from images
|
- name: Get task pod details
|
||||||
|
k8s_info:
|
||||||
|
namespace: '{{ namespace }}'
|
||||||
|
kind: Pod
|
||||||
|
label_selectors:
|
||||||
|
- app.kubernetes.io/name = example-awx-task
|
||||||
|
register: awx_task_pod
|
||||||
|
when: not awx_version
|
||||||
|
|
||||||
|
- name: Extract tags from images from web pod
|
||||||
set_fact:
|
set_fact:
|
||||||
image_tags: |
|
web_image_tags: |
|
||||||
{{ awx_pod.resources[0].spec.containers |
|
{{ awx_web_pod.resources[0].spec.containers |
|
||||||
|
map(attribute='image') |
|
||||||
|
map('regex_search', default_awx_version) }}
|
||||||
|
when: not awx_version
|
||||||
|
|
||||||
|
- name: Extract tags from images from task pod
|
||||||
|
set_fact:
|
||||||
|
task_image_tags: |
|
||||||
|
{{ awx_task_pod.resources[0].spec.containers |
|
||||||
map(attribute='image') |
|
map(attribute='image') |
|
||||||
map('regex_search', default_awx_version) }}
|
map('regex_search', default_awx_version) }}
|
||||||
when: not awx_version
|
when: not awx_version
|
||||||
@@ -42,7 +59,8 @@
|
|||||||
This is an environment variable that is set via build arg when releasing awx-operator.
|
This is an environment variable that is set via build arg when releasing awx-operator.
|
||||||
when:
|
when:
|
||||||
- not awx_version
|
- not awx_version
|
||||||
- default_awx_version not in image_tags
|
- default_awx_version not in web_image_tags
|
||||||
|
- default_awx_version not in task_image_tags
|
||||||
|
|
||||||
- name: Launch Demo Job Template
|
- name: Launch Demo Job Template
|
||||||
awx.awx.job_launch:
|
awx.awx.job_launch:
|
||||||
@@ -93,13 +111,21 @@
|
|||||||
name: example-awx
|
name: example-awx
|
||||||
register: this_awx
|
register: this_awx
|
||||||
|
|
||||||
- name: Get pod details
|
- name: Get web pod details
|
||||||
k8s_info:
|
k8s_info:
|
||||||
namespace: '{{ namespace }}'
|
namespace: '{{ namespace }}'
|
||||||
kind: Pod
|
kind: Pod
|
||||||
label_selectors:
|
label_selectors:
|
||||||
- app.kubernetes.io/name = example-awx-web
|
- app.kubernetes.io/name = example-awx-web
|
||||||
register: awx_pod
|
register: awx_web_pod
|
||||||
|
|
||||||
|
- name: Get task pod details
|
||||||
|
k8s_info:
|
||||||
|
namespace: '{{ namespace }}'
|
||||||
|
kind: Pod
|
||||||
|
label_selectors:
|
||||||
|
- app.kubernetes.io/name = example-awx-task
|
||||||
|
register: awx_task_pod
|
||||||
|
|
||||||
- name: Extract additional_labels from AWX spec
|
- name: Extract additional_labels from AWX spec
|
||||||
set_fact:
|
set_fact:
|
||||||
@@ -109,31 +135,58 @@
|
|||||||
| list
|
| list
|
||||||
}}
|
}}
|
||||||
|
|
||||||
- name: Extract additional_labels from AWX Pod
|
- name: Extract additional_labels from AWX web Pod
|
||||||
set_fact:
|
set_fact:
|
||||||
pod_additional_labels: >-
|
awx_web_pod_additional_labels: >-
|
||||||
{{ awx_pod.resources[0].metadata.labels
|
{{ awx_web_pod.resources[0].metadata.labels
|
||||||
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
|
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
|
||||||
| list
|
| list
|
||||||
}}
|
}}
|
||||||
|
|
||||||
- name: AWX Pod contains additional_labels
|
- name: Extract additional_labels from AWX task Pod
|
||||||
|
set_fact:
|
||||||
|
awx_task_pod_additional_labels: >-
|
||||||
|
{{ awx_task_pod.resources[0].metadata.labels
|
||||||
|
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
|
||||||
|
| list
|
||||||
|
}}
|
||||||
|
|
||||||
|
- name: Assert AWX web Pod contains additional_labels
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- pod_additional_labels == awx_additional_labels
|
- awx_web_pod_additional_labels == awx_additional_labels
|
||||||
|
|
||||||
- name: Extract Pod labels which shouldn't have been propagated to it from AWX
|
- name: Assert AWX task Pod contains additional_labels
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- awx_task_pod_additional_labels == awx_additional_labels
|
||||||
|
|
||||||
|
- name: Extract web Pod labels which shouldn't have been propagated to it from AWX
|
||||||
set_fact:
|
set_fact:
|
||||||
pod_extra_labels: >-
|
awx_web_pod_extra_labels: >-
|
||||||
{{ awx_pod.resources[0].metadata.labels
|
{{ awx_web_pod.resources[0].metadata.labels
|
||||||
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
|
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
|
||||||
| list
|
| list
|
||||||
}}
|
}}
|
||||||
|
|
||||||
- name: AWX Pod doesn't contain AWX labels not in additional_labels
|
- name: AWX web Pod doesn't contain AWX labels not in additional_labels
|
||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- pod_extra_labels == []
|
- awx_web_pod_extra_labels == []
|
||||||
|
|
||||||
|
- name: Extract task Pod labels which shouldn't have been propagated to it from AWX
|
||||||
|
set_fact:
|
||||||
|
awx_task_pod_extra_labels: >-
|
||||||
|
{{ awx_task_pod.resources[0].metadata.labels
|
||||||
|
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
|
||||||
|
| list
|
||||||
|
}}
|
||||||
|
|
||||||
|
- name: AWX task Pod doesn't contain AWX labels not in additional_labels
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- awx_task_pod_extra_labels == []
|
||||||
|
|
||||||
rescue:
|
rescue:
|
||||||
- name: Re-emit failure
|
- name: Re-emit failure
|
||||||
vars:
|
vars:
|
||||||
|
|||||||
@@ -5,8 +5,20 @@
|
|||||||
gather_facts: no
|
gather_facts: no
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
# Remove after this if fixed: https://github.com/ansible-collections/community.docker/issues/611
|
||||||
|
- name: Install docker
|
||||||
|
become: yes
|
||||||
|
pip:
|
||||||
|
name:
|
||||||
|
- websocket-client==0.59.0
|
||||||
|
- requests==2.28.2
|
||||||
|
- urllib3==1.26.15
|
||||||
|
- docker
|
||||||
|
- docker-compose
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Build operator image
|
- name: Build operator image
|
||||||
docker_image:
|
community.docker.docker_image:
|
||||||
build:
|
build:
|
||||||
path: '{{ project_dir }}'
|
path: '{{ project_dir }}'
|
||||||
pull: no
|
pull: no
|
||||||
|
|||||||
@@ -5,3 +5,4 @@ ansible-lint
|
|||||||
openshift!=0.13.0
|
openshift!=0.13.0
|
||||||
jmespath
|
jmespath
|
||||||
ansible-core
|
ansible-core
|
||||||
|
ansible-compat<4 # https://github.com/ansible-community/molecule/issues/3903
|
||||||
|
|||||||
@@ -5,4 +5,5 @@ collections:
|
|||||||
version: 2.3.2
|
version: 2.3.2
|
||||||
- name: operator_sdk.util
|
- name: operator_sdk.util
|
||||||
- name: community.docker
|
- name: community.docker
|
||||||
|
version: 3.4.4
|
||||||
- name: awx.awx
|
- name: awx.awx
|
||||||
|
|||||||
@@ -36,12 +36,16 @@ ingress_annotations: ''
|
|||||||
# certificate and key.
|
# certificate and key.
|
||||||
ingress_tls_secret: ''
|
ingress_tls_secret: ''
|
||||||
|
|
||||||
|
# Special configuration for specific Ingress Controllers. E.g.:
|
||||||
|
# ingress_controller: contour
|
||||||
|
ingress_controller: ''
|
||||||
|
|
||||||
loadbalancer_protocol: 'http'
|
loadbalancer_protocol: 'http'
|
||||||
loadbalancer_port: '80'
|
loadbalancer_port: '80'
|
||||||
service_annotations: ''
|
service_annotations: ''
|
||||||
|
|
||||||
# Port to be used for NodePort configuration, default is to auto-assign a port between 30000-32768
|
# Port to be used for NodePort configuration, default is to auto-assign a port between 30000-32768
|
||||||
#nodeport_port: '30080'
|
# nodeport_port: '30080'
|
||||||
|
|
||||||
# The TLS termination mechanism to use to access
|
# The TLS termination mechanism to use to access
|
||||||
# the services. Supported mechanism are: edge, passthrough
|
# the services. Supported mechanism are: edge, passthrough
|
||||||
@@ -184,6 +188,18 @@ web_affinity: {}
|
|||||||
# my.annotation/2: value2
|
# my.annotation/2: value2
|
||||||
annotations: ''
|
annotations: ''
|
||||||
|
|
||||||
|
# Override annotations to awx task pods. Specify as literal block. E.g.:
|
||||||
|
# task_annotations: |
|
||||||
|
# my.task-annotation/1: value
|
||||||
|
# my.task-annotation/2: value2
|
||||||
|
task_annotations: ''
|
||||||
|
|
||||||
|
# Override annotations to awx web pods. Specify as literal block. E.g.:
|
||||||
|
# web_annotations: |
|
||||||
|
# my.web-annotation/1: value
|
||||||
|
# my.web-annotation/2: value2
|
||||||
|
web_annotations: ''
|
||||||
|
|
||||||
admin_user: admin
|
admin_user: admin
|
||||||
admin_email: test@example.com
|
admin_email: test@example.com
|
||||||
|
|
||||||
@@ -267,7 +283,7 @@ task_command: []
|
|||||||
web_args:
|
web_args:
|
||||||
- /usr/bin/launch_awx_web.sh
|
- /usr/bin/launch_awx_web.sh
|
||||||
web_command: []
|
web_command: []
|
||||||
ryslog_args:
|
rsyslog_args:
|
||||||
- /usr/bin/launch_awx_rsyslog.sh
|
- /usr/bin/launch_awx_rsyslog.sh
|
||||||
rsyslog_command: []
|
rsyslog_command: []
|
||||||
|
|
||||||
@@ -287,10 +303,6 @@ ee_resource_requirements:
|
|||||||
memory: 64Mi
|
memory: 64Mi
|
||||||
|
|
||||||
# TODO: validate default resource requirements
|
# TODO: validate default resource requirements
|
||||||
rsyslog_resource_requirements:
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 128Mi
|
|
||||||
|
|
||||||
# Customize CSRF options
|
# Customize CSRF options
|
||||||
csrf_cookie_secure: False
|
csrf_cookie_secure: False
|
||||||
@@ -303,6 +315,12 @@ redis_resource_requirements:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 50m
|
cpu: 50m
|
||||||
memory: 64Mi
|
memory: 64Mi
|
||||||
|
|
||||||
|
rsyslog_resource_requirements:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
||||||
|
|
||||||
# Add extra environment variables to the AWX task/web containers. Specify as
|
# Add extra environment variables to the AWX task/web containers. Specify as
|
||||||
# literal block. E.g.:
|
# literal block. E.g.:
|
||||||
# task_extra_env: |
|
# task_extra_env: |
|
||||||
@@ -368,6 +386,12 @@ projects_existing_claim: ''
|
|||||||
# Define postgres configuration arguments to use
|
# Define postgres configuration arguments to use
|
||||||
postgres_extra_args: ''
|
postgres_extra_args: ''
|
||||||
|
|
||||||
|
# Configure postgres connection keepalive
|
||||||
|
postgres_keepalives: true
|
||||||
|
postgres_keepalives_idle: 5
|
||||||
|
postgres_keepalives_interval: 5
|
||||||
|
postgres_keepalives_count: 5
|
||||||
|
|
||||||
# Define the storage_class, size and access_mode
|
# Define the storage_class, size and access_mode
|
||||||
# when not using an existing claim
|
# when not using an existing claim
|
||||||
projects_storage_size: 8Gi
|
projects_storage_size: 8Gi
|
||||||
@@ -409,3 +433,10 @@ set_self_labels: true
|
|||||||
|
|
||||||
# Disable web container's nginx ipv6 listener
|
# Disable web container's nginx ipv6 listener
|
||||||
ipv6_disabled: false
|
ipv6_disabled: false
|
||||||
|
|
||||||
|
# Set hostAliases on deployments
|
||||||
|
# hostAliases:
|
||||||
|
# - ip: 10.10.0.10
|
||||||
|
# hostnames:
|
||||||
|
# - hostname
|
||||||
|
host_aliases: ''
|
||||||
|
|||||||
@@ -236,7 +236,7 @@ data:
|
|||||||
bind 127.0.0.1
|
bind 127.0.0.1
|
||||||
receptor_conf: |
|
receptor_conf: |
|
||||||
---
|
---
|
||||||
- log-level: debug
|
- log-level: info
|
||||||
- local-only: null
|
- local-only: null
|
||||||
- node:
|
- node:
|
||||||
firewallrules:
|
firewallrules:
|
||||||
|
|||||||
@@ -43,7 +43,9 @@ spec:
|
|||||||
] %}
|
] %}
|
||||||
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
|
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if annotations %}
|
{% if task_annotations %}
|
||||||
|
{{ task_annotations | indent(width=8) }}
|
||||||
|
{% elif annotations %}
|
||||||
{{ annotations | indent(width=8) }}
|
{{ annotations | indent(width=8) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
spec:
|
spec:
|
||||||
@@ -57,6 +59,16 @@ spec:
|
|||||||
- name: {{ secret }}
|
- name: {{ secret }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if host_aliases is defined and host_aliases | length > 0 %}
|
||||||
|
hostAliases:
|
||||||
|
{% for item in host_aliases %}
|
||||||
|
- ip: {{ item.ip }}
|
||||||
|
hostnames:
|
||||||
|
{% for hostname in item.hostnames %}
|
||||||
|
- {{ hostname }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if control_plane_priority_class is defined %}
|
{% if control_plane_priority_class is defined %}
|
||||||
priorityClassName: '{{ control_plane_priority_class }}'
|
priorityClassName: '{{ control_plane_priority_class }}'
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@@ -110,6 +122,7 @@ spec:
|
|||||||
- name: init-projects
|
- name: init-projects
|
||||||
image: '{{ _init_projects_container_image }}'
|
image: '{{ _init_projects_container_image }}'
|
||||||
imagePullPolicy: '{{ image_pull_policy }}'
|
imagePullPolicy: '{{ image_pull_policy }}'
|
||||||
|
resources: {{ task_resource_requirements }}
|
||||||
command:
|
command:
|
||||||
- /bin/sh
|
- /bin/sh
|
||||||
- -c
|
- -c
|
||||||
@@ -330,13 +343,14 @@ spec:
|
|||||||
{% if ee_extra_env -%}
|
{% if ee_extra_env -%}
|
||||||
{{ ee_extra_env | indent(width=12, first=True) }}
|
{{ ee_extra_env | indent(width=12, first=True) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
resources: {{ rsyslog_resource_requirements }}
|
||||||
- image: '{{ _image }}'
|
- image: '{{ _image }}'
|
||||||
name: '{{ ansible_operator_meta.name }}-rsyslog'
|
name: '{{ ansible_operator_meta.name }}-rsyslog'
|
||||||
{% if rsyslog_command %}
|
{% if rsyslog_command %}
|
||||||
command: {{ rsyslog_command }}
|
command: {{ rsyslog_command }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if ryslog_args %}
|
{% if rsyslog_args %}
|
||||||
args: {{ ryslog_args }}
|
args: {{ rsyslog_args }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
imagePullPolicy: '{{ image_pull_policy }}'
|
imagePullPolicy: '{{ image_pull_policy }}'
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@@ -356,13 +370,21 @@ spec:
|
|||||||
mountPath: "/var/run/redis"
|
mountPath: "/var/run/redis"
|
||||||
- name: rsyslog-socket
|
- name: rsyslog-socket
|
||||||
mountPath: "/var/run/awx-rsyslog"
|
mountPath: "/var/run/awx-rsyslog"
|
||||||
|
{% if bundle_ca_crt %}
|
||||||
|
- name: "ca-trust-extracted"
|
||||||
|
mountPath: "/etc/pki/ca-trust/extracted"
|
||||||
|
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
|
||||||
|
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
|
||||||
|
subPath: bundle-ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{% endif %}
|
||||||
{% if development_mode | bool %}
|
{% if development_mode | bool %}
|
||||||
- name: awx-devel
|
- name: awx-devel
|
||||||
mountPath: "/awx_devel"
|
mountPath: "/awx_devel"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
env:
|
env:
|
||||||
- name: SUPERVISOR_CONFIG_PATH
|
- name: SUPERVISOR_CONFIG_PATH
|
||||||
value: "/etc/supervisor_rsyslog.conf"
|
value: "/etc/supervisord_rsyslog.conf"
|
||||||
{% if development_mode | bool %}
|
{% if development_mode | bool %}
|
||||||
- name: AWX_KUBE_DEVEL
|
- name: AWX_KUBE_DEVEL
|
||||||
value: "1"
|
value: "1"
|
||||||
@@ -383,10 +405,10 @@ spec:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% if task_tolerations %}
|
{% if task_tolerations %}
|
||||||
tolerations:
|
tolerations:
|
||||||
{{ task_tolerations | to_nice_yaml | indent(width=8) }}
|
{{ task_tolerations | indent(width=8) }}
|
||||||
{% elif tolerations %}
|
{% elif tolerations %}
|
||||||
tolerations:
|
tolerations:
|
||||||
{{ tolerations | to_nice_yaml | indent(width=8) }}
|
{{ tolerations | indent(width=8) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if task_affinity %}
|
{% if task_affinity %}
|
||||||
affinity:
|
affinity:
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ spec:
|
|||||||
"secrets/app_credentials",
|
"secrets/app_credentials",
|
||||||
"storage/persistent",
|
"storage/persistent",
|
||||||
] %}
|
] %}
|
||||||
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | md5 }}"
|
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for secret in [
|
{% for secret in [
|
||||||
"bundle_cacert",
|
"bundle_cacert",
|
||||||
@@ -42,9 +42,11 @@ spec:
|
|||||||
"receptor_ca",
|
"receptor_ca",
|
||||||
"receptor_work_signing",
|
"receptor_work_signing",
|
||||||
] %}
|
] %}
|
||||||
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | md5 }}"
|
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if annotations %}
|
{% if web_annotations %}
|
||||||
|
{{ web_annotations | indent(width=8) }}
|
||||||
|
{% elif annotations %}
|
||||||
{{ annotations | indent(width=8) }}
|
{{ annotations | indent(width=8) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
spec:
|
spec:
|
||||||
@@ -58,14 +60,25 @@ spec:
|
|||||||
- name: {{ secret }}
|
- name: {{ secret }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if host_aliases is defined and host_aliases | length > 0 %}
|
||||||
|
hostAliases:
|
||||||
|
{% for item in host_aliases %}
|
||||||
|
- ip: {{ item.ip }}
|
||||||
|
hostnames:
|
||||||
|
{% for hostname in item.hostnames %}
|
||||||
|
- {{ hostname }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if control_plane_priority_class is defined %}
|
{% if control_plane_priority_class is defined %}
|
||||||
priorityClassName: '{{ control_plane_priority_class }}'
|
priorityClassName: '{{ control_plane_priority_class }}'
|
||||||
{% endif %}
|
{% endif %}
|
||||||
initContainers:
|
initContainers:
|
||||||
{% if bundle_ca_crt or init_container_extra_commands %}
|
{% if bundle_ca_crt or projects_persistence|bool or init_container_extra_commands %}
|
||||||
- name: init
|
- name: init
|
||||||
image: '{{ _init_container_image }}'
|
image: '{{ _init_container_image }}'
|
||||||
imagePullPolicy: '{{ image_pull_policy }}'
|
imagePullPolicy: '{{ image_pull_policy }}'
|
||||||
|
resources: {{ web_resource_requirements }}
|
||||||
command:
|
command:
|
||||||
- /bin/sh
|
- /bin/sh
|
||||||
- -c
|
- -c
|
||||||
@@ -89,6 +102,26 @@ spec:
|
|||||||
{% if init_container_extra_volume_mounts -%}
|
{% if init_container_extra_volume_mounts -%}
|
||||||
{{ init_container_extra_volume_mounts | indent(width=12, first=True) }}
|
{{ init_container_extra_volume_mounts | indent(width=12, first=True) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if projects_persistence|bool and is_k8s|bool %}
|
||||||
|
- name: init-projects
|
||||||
|
image: '{{ _init_projects_container_image }}'
|
||||||
|
imagePullPolicy: '{{ image_pull_policy }}'
|
||||||
|
resources: {{ web_resource_requirements }}
|
||||||
|
command:
|
||||||
|
- /bin/sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
chmod 775 /var/lib/awx/projects
|
||||||
|
chgrp 1000 /var/lib/awx/projects
|
||||||
|
env:
|
||||||
|
- name: MY_POD_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
volumeMounts:
|
||||||
|
- name: "{{ ansible_operator_meta.name }}-projects"
|
||||||
|
mountPath: "/var/lib/awx/projects"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
containers:
|
containers:
|
||||||
- image: '{{ _redis_image }}'
|
- image: '{{ _redis_image }}'
|
||||||
@@ -172,6 +205,10 @@ spec:
|
|||||||
mountPath: "/var/run/redis"
|
mountPath: "/var/run/redis"
|
||||||
- name: rsyslog-socket
|
- name: rsyslog-socket
|
||||||
mountPath: "/var/run/awx-rsyslog"
|
mountPath: "/var/run/awx-rsyslog"
|
||||||
|
{% if projects_persistence|bool %}
|
||||||
|
- name: "{{ ansible_operator_meta.name }}-projects"
|
||||||
|
mountPath: "/var/lib/awx/projects"
|
||||||
|
{% endif %}
|
||||||
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
||||||
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
|
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
|
||||||
subPath: "tls.crt"
|
subPath: "tls.crt"
|
||||||
@@ -195,7 +232,7 @@ spec:
|
|||||||
- name: AWX_COMPONENT
|
- name: AWX_COMPONENT
|
||||||
value: "web"
|
value: "web"
|
||||||
- name: SUPERVISOR_CONFIG_PATH
|
- name: SUPERVISOR_CONFIG_PATH
|
||||||
value: "/etc/supervisor_web.conf"
|
value: "/etc/supervisord_web.conf"
|
||||||
- name: MY_POD_NAMESPACE
|
- name: MY_POD_NAMESPACE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
@@ -219,8 +256,8 @@ spec:
|
|||||||
{% if rsyslog_command %}
|
{% if rsyslog_command %}
|
||||||
command: {{ rsyslog_command }}
|
command: {{ rsyslog_command }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if ryslog_args %}
|
{% if rsyslog_args %}
|
||||||
args: {{ ryslog_args }}
|
args: {{ rsyslog_args }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
imagePullPolicy: '{{ image_pull_policy }}'
|
imagePullPolicy: '{{ image_pull_policy }}'
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@@ -240,13 +277,22 @@ spec:
|
|||||||
mountPath: "/var/run/redis"
|
mountPath: "/var/run/redis"
|
||||||
- name: rsyslog-socket
|
- name: rsyslog-socket
|
||||||
mountPath: "/var/run/awx-rsyslog"
|
mountPath: "/var/run/awx-rsyslog"
|
||||||
|
resources: {{ rsyslog_resource_requirements }}
|
||||||
|
{% if bundle_ca_crt %}
|
||||||
|
- name: "ca-trust-extracted"
|
||||||
|
mountPath: "/etc/pki/ca-trust/extracted"
|
||||||
|
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
|
||||||
|
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
|
||||||
|
subPath: bundle-ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{% endif %}
|
||||||
{% if development_mode | bool %}
|
{% if development_mode | bool %}
|
||||||
- name: awx-devel
|
- name: awx-devel
|
||||||
mountPath: "/awx_devel"
|
mountPath: "/awx_devel"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
env:
|
env:
|
||||||
- name: SUPERVISOR_CONFIG_PATH
|
- name: SUPERVISOR_CONFIG_PATH
|
||||||
value: "/etc/supervisor_rsyslog.conf"
|
value: "/etc/supervisord_rsyslog.conf"
|
||||||
{% if development_mode | bool %}
|
{% if development_mode | bool %}
|
||||||
- name: AWX_KUBE_DEVEL
|
- name: AWX_KUBE_DEVEL
|
||||||
value: "1"
|
value: "1"
|
||||||
@@ -362,6 +408,15 @@ spec:
|
|||||||
items:
|
items:
|
||||||
- key: receptor_conf
|
- key: receptor_conf
|
||||||
path: receptor.conf
|
path: receptor.conf
|
||||||
|
{% if projects_persistence|bool %}
|
||||||
|
- name: "{{ ansible_operator_meta.name }}-projects"
|
||||||
|
persistentVolumeClaim:
|
||||||
|
{% if projects_existing_claim %}
|
||||||
|
claimName: {{ projects_existing_claim }}
|
||||||
|
{% else %}
|
||||||
|
claimName: '{{ ansible_operator_meta.name }}-projects-claim'
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
{% if development_mode | bool %}
|
{% if development_mode | bool %}
|
||||||
- name: awx-devel
|
- name: awx-devel
|
||||||
hostPath:
|
hostPath:
|
||||||
|
|||||||
@@ -9,10 +9,16 @@ metadata:
|
|||||||
namespace: '{{ ansible_operator_meta.namespace }}'
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
||||||
labels:
|
labels:
|
||||||
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
|
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
|
||||||
{% if ingress_annotations %}
|
{% if ingress_annotations or ingress_controller|lower == "contour" %}
|
||||||
annotations:
|
annotations:
|
||||||
|
{% if ingress_annotations %}
|
||||||
{{ ingress_annotations | indent(width=4) }}
|
{{ ingress_annotations | indent(width=4) }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if ingress_controller|lower == "contour" %}
|
||||||
|
projectcontour.io/websocket-routes: "/websocket"
|
||||||
|
kubernetes.io/ingress.class: contour
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
spec:
|
spec:
|
||||||
{% if ingress_class_name %}
|
{% if ingress_class_name %}
|
||||||
ingressClassName: '{{ ingress_class_name }}'
|
ingressClassName: '{{ ingress_class_name }}'
|
||||||
@@ -27,6 +33,15 @@ spec:
|
|||||||
name: '{{ ansible_operator_meta.name }}-service'
|
name: '{{ ansible_operator_meta.name }}-service'
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
{% if ingress_controller|lower == "contour" %}
|
||||||
|
- path: '{{ ingress_path.rstrip("/") }}/websocket'
|
||||||
|
pathType: '{{ ingress_path_type }}'
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: '{{ ansible_operator_meta.name }}-service'
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
{% endif %}
|
||||||
{% if hostname %}
|
{% if hostname %}
|
||||||
host: {{ hostname }}
|
host: {{ hostname }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ spec:
|
|||||||
type: NodePort
|
type: NodePort
|
||||||
{% elif service_type | lower == "loadbalancer" %}
|
{% elif service_type | lower == "loadbalancer" %}
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
{% if variable is defined and variable|length %}
|
{% if loadbalancer_ip is defined and loadbalancer_ip|length %}
|
||||||
loadbalancerip: '{{ loadbalancer_ip }}'
|
loadbalancerip: '{{ loadbalancer_ip }}'
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|||||||
@@ -8,7 +8,17 @@ DATABASES = {
|
|||||||
'HOST': '{{ awx_postgres_host }}',
|
'HOST': '{{ awx_postgres_host }}',
|
||||||
'PORT': "{{ awx_postgres_port }}",
|
'PORT': "{{ awx_postgres_port }}",
|
||||||
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
|
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
|
||||||
|
{% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
|
||||||
'sslrootcert': '{{ ca_trust_bundle }}',
|
'sslrootcert': '{{ ca_trust_bundle }}',
|
||||||
|
{% endif %}
|
||||||
|
{% if postgres_keepalives %}
|
||||||
|
'keepalives': 1,
|
||||||
|
'keepalives_idle': {{ postgres_keepalives_idle }},
|
||||||
|
'keepalives_interval': {{ postgres_keepalives_interval }},
|
||||||
|
'keepalives_count': {{ postgres_keepalives_count }},
|
||||||
|
{% else %}
|
||||||
|
'keepalives': 0,
|
||||||
|
{% endif %}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user