mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-27 05:43:11 +00:00
Compare commits
56 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
822b3a439f | ||
|
cfb5048f85 | ||
|
|
43c1f396c3 | ||
|
cbdbeb790b | ||
|
|
d61a01321f | ||
|
3afe1df555 | ||
|
b18d59f118 | ||
|
1d72a97ac8 | ||
|
|
a8d2831b1c | ||
|
213c1bebc4 | ||
|
ca6666d271 | ||
|
56d1966397 | ||
|
|
fcc09673cc | ||
|
|
b1655479d2 | ||
|
|
a5e29aefec | ||
|
4d20079cfe | ||
|
645f3a7cf8 | ||
|
b65457a056 | ||
|
72bf56946f | ||
|
|
a62487b58b | ||
|
aa78813d73 | ||
|
|
a08c9104a9 | ||
|
5da4b697f1 | ||
|
f99a83c137 | ||
|
|
721d6814ca | ||
|
866acb3d9c | ||
|
|
94dc52d224 | ||
|
|
c0cd78899a | ||
|
|
3b54fa8675 | ||
|
|
4a869998d1 | ||
|
|
bc044431ab | ||
|
|
4fe482b77b | ||
|
194340688d | ||
|
b517b0a2a6 | ||
|
|
1dc56803e8 | ||
|
|
85da1aa1f3 | ||
|
|
6378836706 | ||
|
|
e829dafbd2 | ||
|
|
1023718b87 | ||
|
|
4a5141933c | ||
|
|
084841f549 | ||
|
76ab4a8342 | ||
|
2d6aa5815f | ||
|
d69b57c014 | ||
|
562a171de6 | ||
|
2118c6f49c | ||
|
|
9c759bfe88 | ||
|
|
d0205f4e5e | ||
|
d914edf3e0 | ||
|
|
be4fd1364c | ||
|
|
599b1e387d | ||
|
|
732ff9c02c | ||
|
|
d0e30a6878 | ||
|
|
a213b60008 | ||
|
768327ea3b | ||
|
4908ecfd5d |
2
.github/workflows/ci.yaml
vendored
2
.github/workflows/ci.yaml
vendored
@@ -14,7 +14,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
name: molecule
|
||||
env:
|
||||
DOCKER_API_VERSION: "1.38"
|
||||
DOCKER_API_VERSION: "1.41"
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
|
||||
2
.github/workflows/feature.yml
vendored
2
.github/workflows/feature.yml
vendored
@@ -8,7 +8,7 @@ on:
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
name: Push devel image
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
8
.github/workflows/promote.yaml
vendored
8
.github/workflows/promote.yaml
vendored
@@ -12,11 +12,6 @@ jobs:
|
||||
with:
|
||||
depth: 0
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
ref: gh-pages
|
||||
path: gh-pages
|
||||
|
||||
- name: Log in to GHCR
|
||||
run: |
|
||||
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
|
||||
@@ -40,4 +35,5 @@ jobs:
|
||||
-e chart_owner=${{ github.repository_owner }} \
|
||||
-e tag=${{ github.event.release.tag_name }} \
|
||||
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
|
||||
-e gh_user=${{ github.actor }}
|
||||
-e gh_user=${{ github.actor }} \
|
||||
-e repo_type=https
|
||||
|
||||
26
.github/workflows/publish-helm.yml
vendored
Normal file
26
.github/workflows/publish-helm.yml
vendored
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
name: Re-publish helm chart
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
tag:
|
||||
description: 'Release tag'
|
||||
required: true
|
||||
type: string
|
||||
jobs:
|
||||
promote:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
depth: 0
|
||||
|
||||
- name: Release Helm chart
|
||||
run: |
|
||||
ansible-playbook ansible/helm-release.yml -v \
|
||||
-e operator_image=quay.io/${{ github.repository }} \
|
||||
-e chart_owner=${{ github.repository_owner }} \
|
||||
-e tag=${{ inputs.tag }} \
|
||||
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
|
||||
-e gh_user=${{ github.actor }} \
|
||||
-e repo_type=https
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -9,3 +9,4 @@ gh-pages/
|
||||
/.cr-release-packages
|
||||
.vscode/
|
||||
__pycache__
|
||||
/site
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
AWX:
|
||||
AWX:
|
||||
# enable use of awx-deploy template
|
||||
enabled: false
|
||||
name: awx
|
||||
|
||||
@@ -7,6 +7,7 @@ ignore: |
|
||||
awx-operator.clusterserviceversion.yaml
|
||||
bundle
|
||||
.helm/starter
|
||||
hacking/
|
||||
|
||||
rules:
|
||||
truthy: disable
|
||||
|
||||
@@ -31,7 +31,7 @@ Have questions about this document or anything not covered here? Please file a n
|
||||
```
|
||||
2. Make your changes.
|
||||
3. Test your changes according described on the Testing section.
|
||||
4. If everylooks looks correct, commit your changes.
|
||||
4. If everything looks correct, commit your changes.
|
||||
```sh
|
||||
#> git add <FILES>
|
||||
#> git commit -m "My message here"
|
||||
@@ -56,14 +56,17 @@ Running `molecule test` sets up a clean environment, builds the operator, runs a
|
||||
|
||||
If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
|
||||
|
||||
#### Testing in Docker
|
||||
#### Testing in Kind
|
||||
|
||||
Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
|
||||
* https://kind.sigs.k8s.io/docs/user/quick-start/
|
||||
|
||||
To run the tests, from the root of your checkout, run the following command:
|
||||
|
||||
```sh
|
||||
#> molecule test -s test-local
|
||||
#> molecule test -s kind
|
||||
```
|
||||
|
||||
This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
|
||||
|
||||
#### Testing in Minikube
|
||||
|
||||
```sh
|
||||
@@ -137,4 +140,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t
|
||||
|
||||
## Reporting Issues
|
||||
|
||||
We welcome your feedback, and encourage you to file an issue when you run into a problem.
|
||||
We welcome your feedback, and encourage you to file an issue when you run into a problem.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM quay.io/operator-framework/ansible-operator:v1.26.0
|
||||
FROM quay.io/operator-framework/ansible-operator:v1.28.1
|
||||
|
||||
USER 0
|
||||
|
||||
|
||||
11
Makefile
11
Makefile
@@ -65,6 +65,7 @@ CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
|
||||
CHART_OWNER ?= $(GH_REPO_OWNER)
|
||||
CHART_REPO ?= awx-operator
|
||||
CHART_BRANCH ?= gh-pages
|
||||
CHART_DIR ?= gh-pages
|
||||
CHART_INDEX ?= index.yaml
|
||||
|
||||
.PHONY: all
|
||||
@@ -140,7 +141,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
|
||||
@{ \
|
||||
set -e ;\
|
||||
mkdir -p $(dir $(KUSTOMIZE)) ;\
|
||||
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCHA).tar.gz | \
|
||||
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
|
||||
tar xzf - -C bin/ ;\
|
||||
}
|
||||
else
|
||||
@@ -227,7 +228,7 @@ ifeq (,$(shell which kubectl-slice 2>/dev/null))
|
||||
@{ \
|
||||
set -e ;\
|
||||
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
|
||||
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
|
||||
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \
|
||||
tar xzf - -C bin/ kubectl-slice ;\
|
||||
}
|
||||
else
|
||||
@@ -364,7 +365,7 @@ TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/
|
||||
# that is contained within a larger repo, where a tag may not require a new chart version
|
||||
.PHONY: helm-index
|
||||
helm-index:
|
||||
# when running in CI this gh-pages are already checked out with github action to 'gh-pages' directory
|
||||
# when running in CI the gh-pages branch is checked out by the ansible playbook
|
||||
# TODO: test if gh-pages directory exists and if not exist
|
||||
|
||||
@echo "== GENERATE INDEX FILE =="
|
||||
@@ -392,6 +393,6 @@ helm-index:
|
||||
# generate the index file in the root of the gh-pages branch
|
||||
# --merge will leave any values in index.yaml that don't get generated by this command, but
|
||||
# it is likely that all values are overridden
|
||||
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge gh-pages/index.yaml
|
||||
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml
|
||||
|
||||
mv .cr-release-packages/index.yaml gh-pages/index.yaml
|
||||
mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml
|
||||
|
||||
79
README.md
79
README.md
@@ -131,7 +131,7 @@ $ alias kubectl="minikube kubectl --"
|
||||
|
||||
### Basic Install
|
||||
|
||||
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/
|
||||
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/ )
|
||||
|
||||
First, create a file called `kustomization.yaml` with the following content:
|
||||
|
||||
@@ -156,7 +156,7 @@ namespace: awx
|
||||
Install the manifests by running this:
|
||||
|
||||
```
|
||||
$ kustomize build . | kubectl apply -f -
|
||||
$ kubectl apply -k .
|
||||
namespace/awx created
|
||||
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
|
||||
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
|
||||
@@ -229,10 +229,10 @@ resources:
|
||||
...
|
||||
```
|
||||
|
||||
Finally, run `kustomize` again to create the AWX instance in your cluster:
|
||||
Finally, apply the changes to create the AWX instance in your cluster:
|
||||
|
||||
```
|
||||
kustomize build . | kubectl apply -f -
|
||||
kubectl apply -k .
|
||||
```
|
||||
|
||||
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
|
||||
@@ -676,6 +676,25 @@ $ oc adm policy add-scc-to-user privileged -z awx
|
||||
|
||||
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
|
||||
|
||||
#### Containers HostAliases Requirements
|
||||
|
||||
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
|
||||
|
||||
| Name | Description | Default |
|
||||
| ------------ | --------------------- | ------- |
|
||||
| host_aliases | A list of HostAliases | None |
|
||||
|
||||
Example of customization could be:
|
||||
|
||||
```yaml
|
||||
---
|
||||
spec:
|
||||
...
|
||||
host_aliases:
|
||||
- ip: <name-of-your-ip>
|
||||
hostnames:
|
||||
- <name-of-your-domain>
|
||||
```
|
||||
|
||||
#### Containers Resource Requirements
|
||||
|
||||
@@ -697,23 +716,29 @@ spec:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 2Gi
|
||||
ephemeral-storage: 100M
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 4Gi
|
||||
ephemeral-storage: 500M
|
||||
task_resource_requirements:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 1Gi
|
||||
ephemeral-storage: 100M
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 2Gi
|
||||
ephemeral-storage: 500M
|
||||
ee_resource_requirements:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 100Mi
|
||||
ephemeral-storage: 100M
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 2Gi
|
||||
ephemeral-storage: 500M
|
||||
```
|
||||
|
||||
#### Priority Classes
|
||||
@@ -911,7 +936,7 @@ A sample of extra settings can be found as below. All possible options can be fo
|
||||
value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
|
||||
|
||||
- setting: AUTH_LDAP_GROUP_TYPE
|
||||
value: 'GroupOfNamesType'
|
||||
value: 'GroupOfNamesType()'
|
||||
|
||||
- setting: AUTH_LDAP_USER_ATTR_MAP
|
||||
value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'
|
||||
@@ -979,6 +1004,7 @@ In a scenario where custom volumes and volume mounts are required to either over
|
||||
| extra_volumes | Specify extra volumes to add to the application pod | '' |
|
||||
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
|
||||
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
|
||||
| rsyslog_extra_volume_mounts | Specify volume mounts to be added to Rsyslog container | '' |
|
||||
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
|
||||
| init_container_extra_volume_mounts | Specify volume mounts to be added to Init container | '' |
|
||||
| init_container_extra_commands | Specify additional commands for Init container | '' |
|
||||
@@ -1064,6 +1090,33 @@ Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it i
|
||||
|
||||
The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
|
||||
|
||||
##### Custom Favicon
|
||||
|
||||
You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
|
||||
|
||||
First, Create the configmap from a local favicon.ico file.
|
||||
|
||||
```bash
|
||||
$ oc create configmap favicon-configmap --from-file favicon.ico
|
||||
```
|
||||
|
||||
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
|
||||
|
||||
```yaml
|
||||
spec:
|
||||
extra_volumes: |
|
||||
- name: favicon
|
||||
configMap:
|
||||
defaultMode: 420
|
||||
items:
|
||||
- key: favicon.ico
|
||||
path: favicon.ico
|
||||
name: favicon-configmap
|
||||
web_extra_volume_mounts: |
|
||||
- name: favicon
|
||||
mountPath: /var/lib/awx/public/static/media/favicon.ico
|
||||
subPath: favicon.ico
|
||||
```
|
||||
|
||||
#### Default execution environments from private registries
|
||||
|
||||
@@ -1113,11 +1166,12 @@ type: kubernetes.io/dockerconfigjson
|
||||
|
||||
If you need to export custom environment variables to your containers.
|
||||
|
||||
| Name | Description | Default |
|
||||
| -------------- | --------------------------------------------------- | ------- |
|
||||
| task_extra_env | Environment variables to be added to Task container | '' |
|
||||
| web_extra_env | Environment variables to be added to Web container | '' |
|
||||
| ee_extra_env | Environment variables to be added to EE container | '' |
|
||||
| Name | Description | Default |
|
||||
| ----------------- | ------------------------------------------------------ | ------- |
|
||||
| task_extra_env | Environment variables to be added to Task container | '' |
|
||||
| web_extra_env | Environment variables to be added to Web container | '' |
|
||||
| rsyslog_extra_env | Environment variables to be added to Rsyslog container | '' |
|
||||
| ee_extra_env | Environment variables to be added to EE container | '' |
|
||||
|
||||
> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
|
||||
|
||||
@@ -1131,6 +1185,9 @@ Example configuration of environment variables
|
||||
web_extra_env: |
|
||||
- name: MYCUSTOMVAR
|
||||
value: foo
|
||||
rsyslog_extra_env: |
|
||||
- name: MYCUSTOMVAR
|
||||
value: foo
|
||||
ee_extra_env: |
|
||||
- name: MYCUSTOMVAR
|
||||
value: foo
|
||||
@@ -1174,6 +1231,8 @@ With`extra_settings`, you can pass multiple custom settings via the `awx-operato
|
||||
| -------------- | -------------- | ------- |
|
||||
| extra_settings | Extra settings | '' |
|
||||
|
||||
**Note:** Parameters configured in `extra_settings` are set as read-only settings in AWX. As a result, they cannot be changed in the UI after deployment. If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec.
|
||||
|
||||
Example configuration of `extra_settings` parameter
|
||||
|
||||
```yaml
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
- hosts: localhost
|
||||
vars:
|
||||
chart_repo: awx-operator
|
||||
environment:
|
||||
CHART_OWNER: "{{ chart_owner }}"
|
||||
tasks:
|
||||
- name: Look up release
|
||||
uri:
|
||||
@@ -43,7 +45,7 @@
|
||||
- name: Upload helm chart
|
||||
uri:
|
||||
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
|
||||
src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
|
||||
src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz"
|
||||
headers:
|
||||
Authorization: "token {{ gh_token }}"
|
||||
Content-Type: "application/octet-stream"
|
||||
@@ -66,26 +68,55 @@
|
||||
|
||||
- when: commits_for_release.stdout == ''
|
||||
block:
|
||||
- name: Configure git config
|
||||
shell: |
|
||||
git config user.name {{ gh_user }}
|
||||
git config user.email {{ gh_user }}@users.noreply.github.com
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/../gh-pages"
|
||||
- name: Make a temp dir
|
||||
tempfile:
|
||||
state: directory
|
||||
register: temp_dir
|
||||
|
||||
- name: Clone the gh-pages branch from {{ chart_owner }}
|
||||
git:
|
||||
repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}"
|
||||
dest: "{{ temp_dir.path }}"
|
||||
single_branch: yes
|
||||
version: gh-pages
|
||||
vars:
|
||||
http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}"
|
||||
ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git"
|
||||
|
||||
- name: Publish helm index
|
||||
command: |
|
||||
make helm-index
|
||||
ansible.builtin.command:
|
||||
cmd: make helm-index
|
||||
environment:
|
||||
CHART_OWNER: "{{ chart_owner }}"
|
||||
CR_TOKEN: "{{ gh_token }}"
|
||||
CHART_DIR: "{{ temp_dir.path }}"
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/../"
|
||||
chdir: "{{ playbook_dir }}/.."
|
||||
|
||||
- name: Set url base swap in gitconfig
|
||||
command:
|
||||
cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
|
||||
args:
|
||||
chdir: "{{ temp_dir.path }}/"
|
||||
no_log: true
|
||||
|
||||
- name: Stage and Push commit to gh-pages branch
|
||||
shell: |
|
||||
git add index.yaml
|
||||
git commit -m "{{ commit_message }}"
|
||||
git push
|
||||
command:
|
||||
cmd: "{{ item }}"
|
||||
loop:
|
||||
- git add index.yaml
|
||||
- git commit -m "{{ commit_message }}"
|
||||
- git push
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/../gh-pages"
|
||||
chdir: "{{ temp_dir.path }}/"
|
||||
environment:
|
||||
GIT_AUTHOR_NAME: "{{ gh_user }}"
|
||||
GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com"
|
||||
GIT_COMMITTER_NAME: "{{ gh_user }}"
|
||||
GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com"
|
||||
|
||||
always:
|
||||
- name: Remove temp dir
|
||||
file:
|
||||
path: "{{ temp_dir.path }}"
|
||||
state: absent
|
||||
|
||||
@@ -90,6 +90,20 @@ spec:
|
||||
postgres_image_version:
|
||||
description: PostgreSQL container image version to use
|
||||
type: string
|
||||
image_pull_policy:
|
||||
description: The image pull policy
|
||||
type: string
|
||||
default: IfNotPresent
|
||||
enum:
|
||||
- Always
|
||||
- always
|
||||
- Never
|
||||
- never
|
||||
- IfNotPresent
|
||||
- ifnotpresent
|
||||
db_management_pod_node_selector:
|
||||
description: nodeSelector for the Postgres pods to backup
|
||||
type: string
|
||||
no_log:
|
||||
description: Configure no_log for no_log tasks
|
||||
type: boolean
|
||||
|
||||
@@ -94,6 +94,20 @@ spec:
|
||||
postgres_image_version:
|
||||
description: PostgreSQL container image version to use
|
||||
type: string
|
||||
image_pull_policy:
|
||||
description: The image pull policy
|
||||
type: string
|
||||
default: IfNotPresent
|
||||
enum:
|
||||
- Always
|
||||
- always
|
||||
- Never
|
||||
- never
|
||||
- IfNotPresent
|
||||
- ifnotpresent
|
||||
db_management_pod_node_selector:
|
||||
description: nodeSelector for the Postgres pods to backup
|
||||
type: string
|
||||
no_log:
|
||||
description: Configure no_log for no_log tasks
|
||||
type: boolean
|
||||
|
||||
@@ -1345,6 +1345,18 @@ spec:
|
||||
image_pull_secret: # deprecated
|
||||
description: (Deprecated) Image pull secret for app and database containers
|
||||
type: string
|
||||
host_aliases:
|
||||
description: HostAliases for app containers
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
ip:
|
||||
type: string
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
task_resource_requirements:
|
||||
description: Resource requirements for the task container
|
||||
properties:
|
||||
@@ -1356,6 +1368,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
@@ -1365,6 +1379,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
web_resource_requirements:
|
||||
@@ -1378,6 +1394,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
@@ -1387,6 +1405,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
ee_resource_requirements:
|
||||
@@ -1400,6 +1420,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
@@ -1409,6 +1431,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
postgres_init_container_resource_requirements:
|
||||
@@ -1444,6 +1468,8 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
@@ -1453,6 +1479,60 @@ spec:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
rsyslog_resource_requirements:
|
||||
description: Resource requirements for the rsyslog container
|
||||
properties:
|
||||
requests:
|
||||
properties:
|
||||
cpu:
|
||||
type: string
|
||||
memory:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
cpu:
|
||||
type: string
|
||||
memory:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
init_container_resource_requirements:
|
||||
description: Resource requirements for the init container
|
||||
properties:
|
||||
requests:
|
||||
properties:
|
||||
cpu:
|
||||
type: string
|
||||
memory:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
cpu:
|
||||
type: string
|
||||
memory:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
ephemeral-storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
service_account_annotations:
|
||||
@@ -1495,10 +1575,20 @@ spec:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
rsyslog_args:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
rsyslog_command:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
task_extra_env:
|
||||
type: string
|
||||
web_extra_env:
|
||||
type: string
|
||||
rsyslog_extra_env:
|
||||
type: string
|
||||
ee_extra_env:
|
||||
type: string
|
||||
ee_extra_volume_mounts:
|
||||
@@ -1510,6 +1600,9 @@ spec:
|
||||
web_extra_volume_mounts:
|
||||
description: Specify volume mounts to be added to the Web container
|
||||
type: string
|
||||
rsyslog_extra_volume_mounts:
|
||||
description: Specify volume mounts to be added to the Rsyslog container
|
||||
type: string
|
||||
redis_image:
|
||||
description: Registry path to the redis container to use
|
||||
type: string
|
||||
@@ -1596,6 +1689,25 @@ spec:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
postgres_keepalives:
|
||||
description: Controls whether client-side TCP keepalives are used for Postgres connections.
|
||||
default: true
|
||||
type: boolean
|
||||
postgres_keepalives_count:
|
||||
description: Controls the number of TCP keepalives that can be lost before the client's connection to the server is considered dead.
|
||||
type: integer
|
||||
default: 5
|
||||
format: int32
|
||||
postgres_keepalives_idle:
|
||||
description: Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server.
|
||||
type: integer
|
||||
default: 5
|
||||
format: int32
|
||||
postgres_keepalives_interval:
|
||||
description: Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.
|
||||
type: integer
|
||||
default: 5
|
||||
format: int32
|
||||
ca_trust_bundle:
|
||||
description: Path where the trusted CA bundle is available
|
||||
type: string
|
||||
@@ -1641,6 +1753,9 @@ spec:
|
||||
session_cookie_secure:
|
||||
description: Set session cookie secure mode for web
|
||||
type: string
|
||||
receptor_log_level:
|
||||
description: Set log level of receptor service
|
||||
type: string
|
||||
extra_settings:
|
||||
description: Extra settings to specify for the API
|
||||
items:
|
||||
|
||||
@@ -21,12 +21,10 @@ resources:
|
||||
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
|
||||
#- ../prometheus
|
||||
|
||||
patchesStrategicMerge:
|
||||
# Protect the /metrics endpoint by putting it behind auth.
|
||||
# If you want your controller-manager to expose the /metrics
|
||||
# endpoint w/o any authn/z, please comment the following line.
|
||||
- manager_auth_proxy_patch.yaml
|
||||
|
||||
# Mount the controller config file for loading manager configurations
|
||||
# through a ComponentConfig type
|
||||
#- manager_config_patch.yaml
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
patches:
|
||||
- path: manager_auth_proxy_patch.yaml
|
||||
|
||||
@@ -14,8 +14,8 @@ spec:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
|
||||
- "ALL"
|
||||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
|
||||
args:
|
||||
- "--secure-listen-address=0.0.0.0:8443"
|
||||
- "--upstream=http://127.0.0.1:8080/"
|
||||
|
||||
@@ -65,6 +65,11 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Image Pull Policy
|
||||
path: image_pull_policy
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
|
||||
- displayName: No Log Configuration
|
||||
path: no_log
|
||||
x-descriptors:
|
||||
@@ -88,10 +93,10 @@ spec:
|
||||
kind: AWXRestore
|
||||
name: awxrestores.awx.ansible.com
|
||||
specDescriptors:
|
||||
- displayName: Backup Source to restore from
|
||||
description: Select what type of backup to specify. Backup CR, allows you to specify
|
||||
the name of an AWXBackup object (recommended approach). The PVC option allows you to
|
||||
specify a custom PVC and directory to backup from.
|
||||
- description: Select what type of backup to specify. Backup CR, allows you
|
||||
to specify the name of an AWXBackup object (recommended approach). The
|
||||
PVC option allows you to specify a custom PVC and directory to backup from.
|
||||
displayName: Backup Source to restore from
|
||||
path: backup_source
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:select:Backup CR
|
||||
@@ -115,8 +120,9 @@ spec:
|
||||
path: backup_pvc_namespace
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Backup Directory
|
||||
description: This is the directory inside the PVC that your backup is stored in.
|
||||
- description: This is the directory inside the PVC that your backup is stored
|
||||
in.
|
||||
displayName: Backup Directory
|
||||
path: backup_dir
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
@@ -134,6 +140,11 @@ spec:
|
||||
path: postgres_image_version
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Image Pull Policy
|
||||
path: image_pull_policy
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
|
||||
- displayName: Restore Management Pod Resource Requirements
|
||||
path: restore_resource_requirements
|
||||
x-descriptors:
|
||||
@@ -151,7 +162,8 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
version: v1beta1
|
||||
- description: Deploy a new instance of AWX. A standardized way to define, operate and scale automation with Ansible.
|
||||
- description: Deploy a new instance of AWX. A standardized way to define, operate
|
||||
and scale automation with Ansible.
|
||||
displayName: AWX
|
||||
kind: AWX
|
||||
name: awxs.awx.ansible.com
|
||||
@@ -186,8 +198,9 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:io.kubernetes:Secret
|
||||
- displayName: Secret Key
|
||||
description: Name of the k8s secret the symmetric encryption key is stored in.
|
||||
- description: Name of the k8s secret the symmetric encryption key is stored
|
||||
in.
|
||||
displayName: Secret Key
|
||||
path: secret_key_secret
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
@@ -226,7 +239,7 @@ spec:
|
||||
path: ingress_api_version
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
- displayName: Ingress Path
|
||||
path: ingress_path
|
||||
x-descriptors:
|
||||
@@ -320,6 +333,11 @@ spec:
|
||||
path: image_pull_secret
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: HostAliases for app containers
|
||||
path: host_aliases
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
- displayName: Web Container Resource Requirements
|
||||
path: web_resource_requirements
|
||||
x-descriptors:
|
||||
@@ -335,9 +353,9 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: PostgreSQL Init Container Resource Requirements
|
||||
description: The PostgreSQL init container is not used when an external DB
|
||||
- description: The PostgreSQL init container is not used when an external DB
|
||||
is configured
|
||||
displayName: PostgreSQL Init Container Resource Requirements
|
||||
path: postgres_init_container_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
@@ -347,19 +365,26 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: PostgreSQL Container Resource Requirements
|
||||
description: The PostgreSQL container is not used when an external DB
|
||||
is configured
|
||||
- displayName: Rsyslog Container Resource Requirements
|
||||
path: rsyslog_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- description: The PostgreSQL container is not used when an external DB is configured
|
||||
displayName: PostgreSQL Container Resource Requirements
|
||||
path: postgres_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: PostgreSQL Container Storage Requirements
|
||||
description: The PostgreSQL container is not used when an external DB
|
||||
is configured
|
||||
- description: The PostgreSQL container is not used when an external DB is configured
|
||||
displayName: PostgreSQL Container Storage Requirements
|
||||
path: postgres_storage_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- description: Init Container resource requirements
|
||||
path: init_container_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: Replicas
|
||||
path: replicas
|
||||
@@ -471,8 +496,8 @@ spec:
|
||||
- displayName: Postgres Storage Class
|
||||
path: postgres_storage_class
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:io.kubernetes:StorageClass
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Datapath
|
||||
path: postgres_data_path
|
||||
x-descriptors:
|
||||
@@ -483,6 +508,26 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Enable Postgres Keepalives
|
||||
path: postgres_keepalives
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Keepalives Count
|
||||
path: postgres_keepalives_count
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Keepalives Idle
|
||||
path: postgres_keepalives_idle
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Keepalives Interval
|
||||
path: postgres_keepalives_interval
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Certificate Authorirty Trust Bundle
|
||||
path: ca_trust_bundle
|
||||
x-descriptors:
|
||||
@@ -613,6 +658,28 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Rsyslog Args
|
||||
path: rsyslog_args
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Rsyslog Command
|
||||
path: rsyslog_command
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- description: Environment variables to be added to Rsyslog container
|
||||
displayName: Rsyslog Extra Env
|
||||
path: rsyslog_extra_env
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- description: Specify volume mounts to be added to Rsyslog container
|
||||
displayName: Rsyslog Extra Volume Mounts
|
||||
path: rsyslog_extra_volume_mounts
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- description: Specify extra volumes to add to the application pod
|
||||
displayName: Extra Volumes
|
||||
path: extra_volumes
|
||||
@@ -725,6 +792,11 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Receptor Log Level
|
||||
path: receptor_log_level
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: API Extra Settings
|
||||
path: extra_settings
|
||||
x-descriptors:
|
||||
@@ -790,8 +862,8 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
|
||||
- displayName: Additional labels defined on the resource, which should be
|
||||
propagated to child resources
|
||||
- displayName: Additional labels defined on the resource, which should be propagated
|
||||
to child resources
|
||||
path: additional_labels
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
@@ -876,7 +948,7 @@ spec:
|
||||
- email: awx-project@googlegroups.com
|
||||
name: AWX Team
|
||||
maturity: alpha
|
||||
MinKubeVersion: 1.22.15
|
||||
minKubeVersion: 1.22.15
|
||||
provider:
|
||||
name: Ansible
|
||||
url: github.com/ansible/awx-operator
|
||||
|
||||
@@ -7,10 +7,6 @@ namePrefix: osdk-
|
||||
#commonLabels:
|
||||
# someName: someValue
|
||||
|
||||
patchesStrategicMerge:
|
||||
- manager_image.yaml
|
||||
- debug_logs_patch.yaml
|
||||
- ../default/manager_auth_proxy_patch.yaml
|
||||
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
@@ -21,3 +17,7 @@ resources:
|
||||
images:
|
||||
- name: testing
|
||||
newName: testing-operator
|
||||
patches:
|
||||
- path: manager_image.yaml
|
||||
- path: debug_logs_patch.yaml
|
||||
- path: ../default/manager_auth_proxy_patch.yaml
|
||||
|
||||
29
docs/doc-proposal.md
Normal file
29
docs/doc-proposal.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Docs Breakdown for AWX Operator
|
||||
|
||||
## Introduction
|
||||
|
||||
This table below is aimed at breaking down the ReadME documentation for Ansible AWX Operator and structure it in the way it can be moved to the Read The Docs module.
|
||||
|
||||
From the ReadMe file, the documentation can be classified into six distinct segments which are:
|
||||
|
||||
|
||||
- Introduction/Getting Started
|
||||
- Installation
|
||||
- User Guide
|
||||
- Upgrade
|
||||
- Uninstall
|
||||
- Contributors Guide
|
||||
|
||||
Using these listed segments, we can do a proper breakdown of all the topics in the ReadMe and place each one in the segment they fall into. This table is open to any form of refactoring or modifications.
|
||||
|
||||
| Segments | Topics |
|
||||
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Introduction | - [Purpose](https://github.com/ansible/awx-operator#purpose) |
|
||||
| Installation | - [Creating a minikube cluster for testing](https://github.com/ansible/awx-operator#creating-a-minikube-cluster-for-testing)<br>- [Basic Install](https://github.com/ansible/awx-operator#basic-install)<br>- [Helm Install on existing cluster](https://github.com/ansible/awx-operator#helm-install-on-existing-cluster) |
|
||||
| User Guide | - [Admin user account configuration](https://github.com/ansible/awx-operator#admin-user-account-configuration)<br>- [Network and TLS Configuration](https://github.com/ansible/awx-operator#network-and-tls-configuration)<br> * [Service Type](https://github.com/ansible/awx-operator#service-type)<br> * [Ingress Type](https://github.com/ansible/awx-operator#ingress-type)<br>- [Database Configuration](https://github.com/ansible/awx-operator#database-configuration)<br> * [External PostgreSQL Service](https://github.com/ansible/awx-operator#external-postgresql-service)<br> * [Migrating data from an old AWX instance](https://github.com/ansible/awx-operator#migrating-data-from-an-old-awx-instance)<br> * [Managed PostgreSQL Service](https://github.com/ansible/awx-operator#managed-postgresql-service)<br>- [Advanced Configuration](https://github.com/ansible/awx-operator#advanced-configuration)<br> * [Deploying a specific version of AWX](https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx)<br> * [Redis container capabilities](https://github.com/ansible/awx-operator#redis-container-capabilities)<br> * [Privileged Tasks](https://github.com/ansible/awx-operator#privileged-tasks)<br> * [Containers Resource Requirements](https://github.com/ansible/awx-operator#containers-resource-requirements)<br> * [Priority Classes](https://github.com/ansible/awx-operator#priority-classes)<br> * [Assigning AWX pods to specific nodes](https://github.com/ansible/awx-operator#assigning-awx-pods-to-specific-nodes)<br> * [Trusting a Custom Certificate Authority](https://github.com/ansible/awx-operator#trusting-a-custom-certificate-authority)<br> * [Enabling LDAP Integration at AWX bootstrap](https://github.com/ansible/awx-operator#enabling-ldap-integration-at-awx-bootstrap)<br> * [Persisting Projects Directory](https://github.com/ansible/awx-operator#persisting-projects-directory)<br> * [Custom Volume and Volume Mount Options](https://github.com/ansible/awx-operator#custom-volume-and-volume-mount-options)<br> * [Default execution environments from private registries](https://github.com/ansible/awx-operator#default-execution-environments-from-private-registries)<br> * * [Control plane ee from private registry](https://github.com/ansible/awx-operator#control-plane-ee-from-private-registry)<br> * [Exporting Environment Variables to Containers](https://github.com/ansible/awx-operator#exporting-environment-variables-to-containers)<br> * [CSRF Cookie Secure Setting](https://github.com/ansible/awx-operator#csrf-cookie-secure-setting)<br> * [Session Cookie Secure Setting](https://github.com/ansible/awx-operator#session-cookie-secure-setting)<br> * [Extra Settings](https://github.com/ansible/awx-operator#extra-settings)<br> * [Configure no_log](https://github.com/ansible/awx-operator#no-log)<br> * [Auto Upgrade](https://github.com/ansible/awx-operator#auto-upgrade)<br> ** [Upgrade of instances without auto upgrade](https://github.com/ansible/awx-operator#upgrade-of-instances-without-auto-upgrade)<br> * [Service Account](https://github.com/ansible/awx-operator#service-account)<br> * [Labeling operator managed objects](https://github.com/ansible/awx-operator#labeling-operator-managed-objects)<br> * [Pods termination grace period](https://github.com/ansible/awx-operator#pods-termination-grace-period)<br> * [Disable IPV6](https://github.com/ansible/awx-operator#disable-ipv6)<br> * [Add Execution Nodes](https://github.com/ansible/awx-operator#adding-execution-nodes)<br> ** [Custom Receptor CA](https://github.com/ansible/awx-operator#custom-receptor-ca)<br> * [Debugging](https://github.com/ansible/awx-operator/blob/devel/docs/debugging.md)<br> * [Migration](https://github.com/ansible/awx-operator/blob/devel/docs/migration.md) |
|
||||
| Upgrade | - [Upgrading](https://github.com/ansible/awx-operator#upgrading)<br> * [Backup](https://github.com/ansible/awx-operator#backup)<br> * [v0.14.0](https://github.com/ansible/awx-operator#v0140)<br> ** [Cluster-scope to Namespace-scope considerations](https://github.com/ansible/awx-operator#cluster-scope-to-namespace-scope-considerations)<br> ** [Project is now based on v1.x of the operator-sdk project](https://github.com/ansible/awx-operator#project-is-now-based-on-v1x-of-the-operator-sdk-project)<br> ** [Steps to upgrade](https://github.com/ansible/awx-operator#steps-to-upgrade) |
|
||||
| Uninstall | - [Uninstall](https://github.com/ansible/awx-operator#uninstall) |
|
||||
| Contributors Guide | - [Contributing](https://github.com/ansible/awx-operator#contributing)<br>- [Release Process](https://github.com/ansible/awx-operator#release-process)<br>- [Author](https://github.com/ansible/awx-operator#author)<br>- [Code of Conduct](https://github.com/ansible/awx-operator#code-of-conduct)<br>- [Get Involved](https://github.com/ansible/awx-operator#get-involved) |
|
||||
|
||||
|
||||
Note: I could not get the multi-level bullet point list to work in the table so I used single asterisk `*` for one level down and double asterisk `**` for two level down.
|
||||
1
docs/index.md
Normal file
1
docs/index.md
Normal file
@@ -0,0 +1 @@
|
||||
# Welcome to the documentation of ansible awx-operator
|
||||
12
docs/requirements.txt
Normal file
12
docs/requirements.txt
Normal file
@@ -0,0 +1,12 @@
|
||||
cairosvg==2.7.0
|
||||
markdown-exec>=1.6.0
|
||||
mkdocs-ansible[lock]>=0.1.6
|
||||
mkdocs-gen-files>=0.4.0
|
||||
mkdocs-material-extensions>=1.1.1
|
||||
mkdocs-material>=9.1.15
|
||||
mkdocs==1.4.3
|
||||
mkdocstrings-python>=1.1.0
|
||||
mkdocstrings>=0.22.0
|
||||
pillow==9.5.0
|
||||
pipdeptree==2.7.1
|
||||
pymdown-extensions==10.0.1
|
||||
82
mkdocs.yml
Normal file
82
mkdocs.yml
Normal file
@@ -0,0 +1,82 @@
|
||||
---
|
||||
site_name: awx-operator
|
||||
site_url: https://awx-operator.readthedocs.io/
|
||||
repo_url: https://github.com/ansible/awx-operator
|
||||
edit_uri: blob/devel/docs/
|
||||
docs_dir: docs
|
||||
strict: true
|
||||
use_directory_urls: false
|
||||
|
||||
theme:
|
||||
name: "material"
|
||||
features:
|
||||
- content.code.copy
|
||||
- content.action.edit
|
||||
- navigation.expand
|
||||
- navigation.sections
|
||||
- navigation.instant
|
||||
- navigation.indexes
|
||||
- navigation.tracking
|
||||
- toc.integrate
|
||||
palette:
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
primary: teal
|
||||
accent: blue
|
||||
scheme: default
|
||||
toggle:
|
||||
icon: material/brightness-7
|
||||
name: Switch to dark mode
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
primary: teal
|
||||
accent: blue
|
||||
toggle:
|
||||
icon: material/brightness-4
|
||||
name: Switch to light mode
|
||||
|
||||
nav:
|
||||
- home: index.md
|
||||
- debugging.md
|
||||
- migration.md
|
||||
|
||||
plugins:
|
||||
- autorefs
|
||||
- markdown-exec
|
||||
- search
|
||||
- mkdocstrings:
|
||||
handlers:
|
||||
python:
|
||||
paths: [src]
|
||||
options:
|
||||
# Sphinx is for historical reasons, but we could consider switching if needed
|
||||
# https://mkdocstrings.github.io/griffe/docstrings/
|
||||
docstring_style: sphinx
|
||||
merge_init_into_class: yes
|
||||
show_submodules: yes
|
||||
import:
|
||||
- url: https://docs.ansible.com/ansible/latest/objects.inv
|
||||
domains: [py, std]
|
||||
|
||||
markdown_extensions:
|
||||
- admonition
|
||||
- def_list
|
||||
- footnotes
|
||||
- pymdownx.highlight:
|
||||
anchor_linenums: true
|
||||
- pymdownx.inlinehilite
|
||||
- pymdownx.snippets:
|
||||
check_paths: true
|
||||
- pymdownx.superfences
|
||||
- pymdownx.magiclink:
|
||||
repo_url_shortener: true
|
||||
repo_url_shorthand: true
|
||||
social_url_shorthand: true
|
||||
social_url_shortener: true
|
||||
user: facelessuser
|
||||
repo: pymdown-extensions
|
||||
normalize_issue_symbols: true
|
||||
- pymdownx.tabbed:
|
||||
alternate_style: true
|
||||
- toc:
|
||||
toc_depth: 2
|
||||
permalink: true
|
||||
@@ -5,8 +5,20 @@
|
||||
gather_facts: no
|
||||
|
||||
tasks:
|
||||
# Remove after this if fixed: https://github.com/ansible-collections/community.docker/issues/611
|
||||
- name: Install docker
|
||||
become: yes
|
||||
pip:
|
||||
name:
|
||||
- websocket-client==0.59.0
|
||||
- requests==2.28.2
|
||||
- urllib3==1.26.15
|
||||
- docker
|
||||
- docker-compose
|
||||
state: present
|
||||
|
||||
- name: Build operator image
|
||||
docker_image:
|
||||
community.docker.docker_image:
|
||||
build:
|
||||
path: '{{ project_dir }}'
|
||||
pull: no
|
||||
|
||||
@@ -5,3 +5,4 @@ ansible-lint
|
||||
openshift!=0.13.0
|
||||
jmespath
|
||||
ansible-core
|
||||
ansible-compat<4 # https://github.com/ansible-community/molecule/issues/3903
|
||||
|
||||
@@ -5,4 +5,5 @@ collections:
|
||||
version: 2.3.2
|
||||
- name: operator_sdk.util
|
||||
- name: community.docker
|
||||
version: 3.4.4
|
||||
- name: awx.awx
|
||||
|
||||
@@ -82,6 +82,12 @@ It is also possible to tie the lifetime of the backup files to that of the AWXBa
|
||||
clean_backup_on_delete: true
|
||||
```
|
||||
|
||||
Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
|
||||
|
||||
```
|
||||
image_pull_policy: 'IfNotPresent'
|
||||
```
|
||||
|
||||
Variable to define resources limits and request for backup CR.
|
||||
```
|
||||
backup_resource_requirements:
|
||||
|
||||
@@ -17,6 +17,14 @@ no_log: true
|
||||
# Variable to set when you want backups to be cleaned up when the CRD object is deleted
|
||||
clean_backup_on_delete: false
|
||||
|
||||
|
||||
# Add a nodeSelector for the Postgres pods to backup.
|
||||
# Specify as literal block. E.g.:
|
||||
# db_management_pod_node_selector: |
|
||||
# kubernetes.io/arch: amd64
|
||||
# kubernetes.io/os: linux
|
||||
db_management_pod_node_selector: ''
|
||||
|
||||
# Variable to signal that this role is being run as a finalizer
|
||||
finalizer_run: false
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ spec:
|
||||
containers:
|
||||
- name: {{ ansible_operator_meta.name }}-db-management
|
||||
image: "{{ _postgres_image }}"
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: "{{ image_pull_policy }}"
|
||||
command: ["sleep", "infinity"]
|
||||
volumeMounts:
|
||||
- name: {{ ansible_operator_meta.name }}-backup
|
||||
@@ -20,6 +20,10 @@ spec:
|
||||
resources:
|
||||
{{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
|
||||
{%- endif %}
|
||||
{% if db_management_pod_node_selector %}
|
||||
nodeSelector:
|
||||
{{ db_management_pod_node_selector | indent(width=8) }}
|
||||
{% endif %}
|
||||
volumes:
|
||||
- name: {{ ansible_operator_meta.name }}-backup
|
||||
persistentVolumeClaim:
|
||||
|
||||
@@ -5,3 +5,4 @@ _postgres_image_version: 13
|
||||
backup_complete: false
|
||||
database_type: "unmanaged"
|
||||
supported_pg_version: 13
|
||||
image_pull_policy: IfNotPresent
|
||||
|
||||
@@ -283,7 +283,7 @@ task_command: []
|
||||
web_args:
|
||||
- /usr/bin/launch_awx_web.sh
|
||||
web_command: []
|
||||
ryslog_args:
|
||||
rsyslog_args:
|
||||
- /usr/bin/launch_awx_rsyslog.sh
|
||||
rsyslog_command: []
|
||||
|
||||
@@ -303,10 +303,6 @@ ee_resource_requirements:
|
||||
memory: 64Mi
|
||||
|
||||
# TODO: validate default resource requirements
|
||||
rsyslog_resource_requirements:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
# Customize CSRF options
|
||||
csrf_cookie_secure: False
|
||||
@@ -319,6 +315,17 @@ redis_resource_requirements:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
|
||||
rsyslog_resource_requirements:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
init_container_resource_requirements:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
# Add extra environment variables to the AWX task/web containers. Specify as
|
||||
# literal block. E.g.:
|
||||
# task_extra_env: |
|
||||
@@ -328,6 +335,7 @@ redis_resource_requirements:
|
||||
# value: bing
|
||||
task_extra_env: ''
|
||||
web_extra_env: ''
|
||||
rsyslog_extra_env: ''
|
||||
ee_extra_env: ''
|
||||
|
||||
# Mount extra volumes on the AWX task/web containers. Specify as literal block.
|
||||
@@ -337,6 +345,7 @@ ee_extra_env: ''
|
||||
# mountPath: /some/path
|
||||
task_extra_volume_mounts: ''
|
||||
web_extra_volume_mounts: ''
|
||||
rsyslog_extra_volume_mounts: ''
|
||||
ee_extra_volume_mounts: ''
|
||||
|
||||
# Add a nodeSelector for the Postgres pods.
|
||||
@@ -384,6 +393,12 @@ projects_existing_claim: ''
|
||||
# Define postgres configuration arguments to use
|
||||
postgres_extra_args: ''
|
||||
|
||||
# Configure postgres connection keepalive
|
||||
postgres_keepalives: true
|
||||
postgres_keepalives_idle: 5
|
||||
postgres_keepalives_interval: 5
|
||||
postgres_keepalives_count: 5
|
||||
|
||||
# Define the storage_class, size and access_mode
|
||||
# when not using an existing claim
|
||||
projects_storage_size: 8Gi
|
||||
@@ -425,3 +440,12 @@ set_self_labels: true
|
||||
|
||||
# Disable web container's nginx ipv6 listener
|
||||
ipv6_disabled: false
|
||||
|
||||
# Set hostAliases on deployments
|
||||
# hostAliases:
|
||||
# - ip: 10.10.0.10
|
||||
# hostnames:
|
||||
# - hostname
|
||||
host_aliases: ''
|
||||
|
||||
receptor_log_level: info
|
||||
|
||||
@@ -16,11 +16,11 @@ data:
|
||||
import socket
|
||||
# Import all so that extra_settings works properly
|
||||
from django_auth_ldap.config import *
|
||||
|
||||
|
||||
def get_secret():
|
||||
if os.path.exists("/etc/tower/SECRET_KEY"):
|
||||
return open('/etc/tower/SECRET_KEY', 'rb').read().strip()
|
||||
|
||||
|
||||
ADMINS = ()
|
||||
STATIC_ROOT = '/var/lib/awx/public/static'
|
||||
STATIC_URL = '{{ (ingress_path + '/static/').replace('//', '/') }}'
|
||||
@@ -59,20 +59,20 @@ data:
|
||||
|
||||
# Container environments don't like chroots
|
||||
AWX_PROOT_ENABLED = False
|
||||
|
||||
|
||||
# Automatically deprovision pods that go offline
|
||||
AWX_AUTO_DEPROVISION_INSTANCES = True
|
||||
|
||||
|
||||
CLUSTER_HOST_ID = socket.gethostname()
|
||||
SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')
|
||||
|
||||
|
||||
CSRF_COOKIE_SECURE = {{ csrf_cookie_secure | bool }}
|
||||
SESSION_COOKIE_SECURE = {{ session_cookie_secure | bool }}
|
||||
|
||||
|
||||
SERVER_EMAIL = 'root@localhost'
|
||||
DEFAULT_FROM_EMAIL = 'webmaster@localhost'
|
||||
EMAIL_SUBJECT_PREFIX = '[AWX] '
|
||||
|
||||
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_PORT = 25
|
||||
EMAIL_HOST_USER = ''
|
||||
@@ -84,6 +84,9 @@ data:
|
||||
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
|
||||
|
||||
|
||||
RECEPTOR_LOG_LEVEL = '{{ receptor_log_level }}'
|
||||
|
||||
|
||||
{% for item in extra_settings | default([]) %}
|
||||
{{ item.setting }} = {{ item.value }}
|
||||
{% endfor %}
|
||||
@@ -101,30 +104,30 @@ data:
|
||||
default_type application/octet-stream;
|
||||
server_tokens off;
|
||||
client_max_body_size 5M;
|
||||
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
|
||||
access_log /dev/stdout main;
|
||||
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
#gzip on;
|
||||
|
||||
|
||||
upstream uwsgi {
|
||||
server 127.0.0.1:8050;
|
||||
}
|
||||
|
||||
|
||||
upstream daphne {
|
||||
server 127.0.0.1:8051;
|
||||
}
|
||||
|
||||
|
||||
|
||||
{% if route_tls_termination_mechanism | lower == 'passthrough' %}
|
||||
server {
|
||||
@@ -135,7 +138,7 @@ data:
|
||||
server_name _;
|
||||
|
||||
# Redirect all HTTP links to the matching HTTPS page
|
||||
return 301 https://$host$request_uri;
|
||||
return 301 https://$host:8053$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
@@ -163,30 +166,30 @@ data:
|
||||
# If you have a domain name, this is where to add it
|
||||
server_name _;
|
||||
keepalive_timeout 65;
|
||||
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
||||
add_header Strict-Transport-Security max-age=15768000;
|
||||
|
||||
|
||||
# Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
|
||||
add_header X-Frame-Options "DENY";
|
||||
# Protect against MIME content sniffing https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
|
||||
|
||||
location {{ (ingress_path + '/static').replace('//', '/') }} {
|
||||
alias /var/lib/awx/public/static/;
|
||||
}
|
||||
|
||||
|
||||
location {{ (ingress_path + '/favicon.ico').replace('//', '/') }} {
|
||||
alias /var/lib/awx/public/static/media/favicon.ico;
|
||||
}
|
||||
|
||||
|
||||
location {{ (ingress_path + '/websocket').replace('//', '/') }} {
|
||||
# Pass request to the upstream alias
|
||||
proxy_pass http://daphne;
|
||||
@@ -208,7 +211,7 @@ data:
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
}
|
||||
|
||||
|
||||
location {{ ingress_path }} {
|
||||
# Add trailing / if missing
|
||||
rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
|
||||
@@ -236,7 +239,7 @@ data:
|
||||
bind 127.0.0.1
|
||||
receptor_conf: |
|
||||
---
|
||||
- log-level: debug
|
||||
- log-level: {{ receptor_log_level }}
|
||||
- local-only: null
|
||||
- node:
|
||||
firewallrules:
|
||||
@@ -268,8 +271,8 @@ data:
|
||||
cert: /etc/receptor/tls/receptor.crt
|
||||
key: /etc/receptor/tls/receptor.key
|
||||
name: tlsclient
|
||||
rootcas: /etc/receptor/tls/ca/receptor-ca.crt
|
||||
rootcas: /etc/receptor/tls/ca/mesh-CA.crt
|
||||
mintls13: false
|
||||
- work-signing:
|
||||
privatekey: /etc/receptor/signing/work-private-key.pem
|
||||
privatekey: /etc/receptor/work_private_key.pem
|
||||
tokenexpiration: 1m
|
||||
|
||||
@@ -59,6 +59,16 @@ spec:
|
||||
- name: {{ secret }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if host_aliases is defined and host_aliases | length > 0 %}
|
||||
hostAliases:
|
||||
{% for item in host_aliases %}
|
||||
- ip: {{ item.ip }}
|
||||
hostnames:
|
||||
{% for hostname in item.hostnames %}
|
||||
- {{ hostname }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if control_plane_priority_class is defined %}
|
||||
priorityClassName: '{{ control_plane_priority_class }}'
|
||||
{% endif %}
|
||||
@@ -66,14 +76,14 @@ spec:
|
||||
- name: init
|
||||
image: '{{ _init_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ task_resource_requirements }}
|
||||
resources: {{ init_container_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
hostname=$MY_POD_NAME
|
||||
receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
|
||||
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
|
||||
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes
|
||||
{% if bundle_ca_crt %}
|
||||
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
|
||||
update-ca-trust
|
||||
@@ -88,11 +98,11 @@ spec:
|
||||
fieldPath: metadata.name
|
||||
volumeMounts:
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
||||
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
|
||||
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
|
||||
subPath: "tls.crt"
|
||||
readOnly: true
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
||||
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
|
||||
mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
|
||||
subPath: "tls.key"
|
||||
readOnly: true
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-tls"
|
||||
@@ -112,6 +122,7 @@ spec:
|
||||
- name: init-projects
|
||||
image: '{{ _init_projects_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ init_container_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@@ -213,7 +224,7 @@ spec:
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-config"
|
||||
mountPath: "/etc/receptor/"
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
|
||||
mountPath: "/etc/receptor/signing/work-private-key.pem"
|
||||
mountPath: "/etc/receptor/work_private_key.pem"
|
||||
subPath: "work-private-key.pem"
|
||||
readOnly: true
|
||||
- name: receptor-socket
|
||||
@@ -294,11 +305,11 @@ spec:
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-config"
|
||||
mountPath: "/etc/receptor/"
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
||||
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
|
||||
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
|
||||
subPath: "tls.crt"
|
||||
readOnly: true
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
|
||||
mountPath: "/etc/receptor/signing/work-private-key.pem"
|
||||
mountPath: "/etc/receptor/work_private_key.pem"
|
||||
subPath: "work-private-key.pem"
|
||||
readOnly: true
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-tls"
|
||||
@@ -337,10 +348,11 @@ spec:
|
||||
{% if rsyslog_command %}
|
||||
command: {{ rsyslog_command }}
|
||||
{% endif %}
|
||||
{% if ryslog_args %}
|
||||
args: {{ ryslog_args }}
|
||||
{% if rsyslog_args %}
|
||||
args: {{ rsyslog_args }}
|
||||
{% endif %}
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ rsyslog_resource_requirements }}
|
||||
volumeMounts:
|
||||
- name: "{{ ansible_operator_meta.name }}-application-credentials"
|
||||
mountPath: "/etc/tower/conf.d/credentials.py"
|
||||
@@ -369,6 +381,21 @@ spec:
|
||||
{% if development_mode | bool %}
|
||||
- name: awx-devel
|
||||
mountPath: "/awx_devel"
|
||||
{% endif %}
|
||||
{% if rsyslog_extra_volume_mounts -%}
|
||||
{{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
|
||||
{% endif %}
|
||||
{% if termination_grace_period_seconds is defined %}
|
||||
- name: pre-stop-data
|
||||
mountPath: /var/lib/pre-stop
|
||||
- name: pre-stop-scripts
|
||||
mountPath: /var/lib/pre-stop/scripts
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- /var/lib/pre-stop/scripts/termination-waiter
|
||||
{% endif %}
|
||||
env:
|
||||
- name: SUPERVISOR_CONFIG_PATH
|
||||
@@ -377,6 +404,9 @@ spec:
|
||||
- name: AWX_KUBE_DEVEL
|
||||
value: "1"
|
||||
{% endif %}
|
||||
{% if rsyslog_extra_env -%}
|
||||
{{ rsyslog_extra_env | indent(width=12, first=True) }}
|
||||
{% endif %}
|
||||
{% if task_node_selector %}
|
||||
nodeSelector:
|
||||
{{ task_node_selector | indent(width=8) }}
|
||||
|
||||
@@ -7,7 +7,7 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
|
||||
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels//version.yaml.j2") | indent(width=4) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
|
||||
spec:
|
||||
{% if web_replicas %}
|
||||
replicas: {{ web_replicas }}
|
||||
@@ -24,15 +24,14 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
|
||||
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels//version.yaml.j2") | indent(width=8) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
|
||||
annotations:
|
||||
{% for template in [
|
||||
"configmaps/config",
|
||||
"configmaps/pre_stop_scripts",
|
||||
"secrets/app_credentials",
|
||||
"storage/persistent",
|
||||
] %}
|
||||
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | md5 }}"
|
||||
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
|
||||
{% endfor %}
|
||||
{% for secret in [
|
||||
"bundle_cacert",
|
||||
@@ -42,7 +41,7 @@ spec:
|
||||
"receptor_ca",
|
||||
"receptor_work_signing",
|
||||
] %}
|
||||
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | md5 }}"
|
||||
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
|
||||
{% endfor %}
|
||||
{% if web_annotations %}
|
||||
{{ web_annotations | indent(width=8) }}
|
||||
@@ -60,6 +59,16 @@ spec:
|
||||
- name: {{ secret }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if host_aliases is defined and host_aliases | length > 0 %}
|
||||
hostAliases:
|
||||
{% for item in host_aliases %}
|
||||
- ip: {{ item.ip }}
|
||||
hostnames:
|
||||
{% for hostname in item.hostnames %}
|
||||
- {{ hostname }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if control_plane_priority_class is defined %}
|
||||
priorityClassName: '{{ control_plane_priority_class }}'
|
||||
{% endif %}
|
||||
@@ -68,6 +77,7 @@ spec:
|
||||
- name: init
|
||||
image: '{{ _init_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ init_container_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@@ -96,6 +106,7 @@ spec:
|
||||
- name: init-projects
|
||||
image: '{{ _init_projects_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ init_container_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@@ -198,15 +209,15 @@ spec:
|
||||
mountPath: "/var/lib/awx/projects"
|
||||
{% endif %}
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
||||
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
|
||||
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
|
||||
subPath: "tls.crt"
|
||||
readOnly: true
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
|
||||
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
|
||||
mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
|
||||
subPath: "tls.key"
|
||||
readOnly: true
|
||||
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
|
||||
mountPath: "/etc/receptor/signing/work-public-key.pem"
|
||||
mountPath: "/etc/receptor/work_public_key.pem"
|
||||
subPath: "work-public-key.pem"
|
||||
readOnly: true
|
||||
{% if development_mode | bool %}
|
||||
@@ -244,8 +255,8 @@ spec:
|
||||
{% if rsyslog_command %}
|
||||
command: {{ rsyslog_command }}
|
||||
{% endif %}
|
||||
{% if ryslog_args %}
|
||||
args: {{ ryslog_args }}
|
||||
{% if rsyslog_args %}
|
||||
args: {{ rsyslog_args }}
|
||||
{% endif %}
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
volumeMounts:
|
||||
@@ -276,6 +287,9 @@ spec:
|
||||
{% if development_mode | bool %}
|
||||
- name: awx-devel
|
||||
mountPath: "/awx_devel"
|
||||
{% endif %}
|
||||
{% if rsyslog_extra_volume_mounts -%}
|
||||
{{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
|
||||
{% endif %}
|
||||
env:
|
||||
- name: SUPERVISOR_CONFIG_PATH
|
||||
@@ -284,6 +298,10 @@ spec:
|
||||
- name: AWX_KUBE_DEVEL
|
||||
value: "1"
|
||||
{% endif %}
|
||||
{% if rsyslog_extra_env -%}
|
||||
{{ rsyslog_extra_env | indent(width=12, first=True) }}
|
||||
{% endif %}
|
||||
resources: {{ rsyslog_resource_requirements }}
|
||||
{% if web_node_selector %}
|
||||
nodeSelector:
|
||||
{{ web_node_selector | indent(width=8) }}
|
||||
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
port:
|
||||
number: 80
|
||||
{% if ingress_controller|lower == "contour" %}
|
||||
- path: '{{ ingress_path }}/websocket'
|
||||
- path: '{{ ingress_path.rstrip("/") }}/websocket'
|
||||
pathType: '{{ ingress_path_type }}'
|
||||
backend:
|
||||
service:
|
||||
|
||||
@@ -52,7 +52,7 @@ spec:
|
||||
type: NodePort
|
||||
{% elif service_type | lower == "loadbalancer" %}
|
||||
type: LoadBalancer
|
||||
{% if variable is defined and variable|length %}
|
||||
{% if loadbalancer_ip is defined and loadbalancer_ip|length %}
|
||||
loadbalancerip: '{{ loadbalancer_ip }}'
|
||||
{% endif %}
|
||||
{% else %}
|
||||
|
||||
@@ -10,6 +10,14 @@ DATABASES = {
|
||||
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
|
||||
{% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
|
||||
'sslrootcert': '{{ ca_trust_bundle }}',
|
||||
{% endif %}
|
||||
{% if postgres_keepalives %}
|
||||
'keepalives': 1,
|
||||
'keepalives_idle': {{ postgres_keepalives_idle }},
|
||||
'keepalives_interval': {{ postgres_keepalives_interval }},
|
||||
'keepalives_count': {{ postgres_keepalives_count }},
|
||||
{% else %}
|
||||
'keepalives': 0,
|
||||
{% endif %}
|
||||
},
|
||||
}
|
||||
|
||||
@@ -101,6 +101,12 @@ backup_pvc: myoldtower-backup-claim
|
||||
backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
|
||||
```
|
||||
|
||||
Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
|
||||
|
||||
```
|
||||
image_pull_policy: 'IfNotPresent'
|
||||
```
|
||||
|
||||
Variable to define resources limits and request for restore CR.
|
||||
|
||||
```
|
||||
|
||||
@@ -17,6 +17,14 @@ cluster_name: 'cluster.local'
|
||||
# Set no_log settings on certain tasks
|
||||
no_log: true
|
||||
|
||||
# Add a nodeSelector for the Postgres pods to backup.
|
||||
# Specify as literal block. E.g.:
|
||||
# db_management_pod_node_selector: |
|
||||
# kubernetes.io/arch: amd64
|
||||
# kubernetes.io/os: linux
|
||||
db_management_pod_node_selector: ''
|
||||
|
||||
|
||||
# Default resource requirements
|
||||
restore_resource_requirements:
|
||||
limits:
|
||||
|
||||
@@ -10,7 +10,7 @@ spec:
|
||||
containers:
|
||||
- name: {{ ansible_operator_meta.name }}-db-management
|
||||
image: "{{ _postgres_image }}"
|
||||
imagePullPolicy: Always
|
||||
imagePullPolicy: "{{ image_pull_policy }}"
|
||||
command: ["sleep", "infinity"]
|
||||
volumeMounts:
|
||||
- name: {{ ansible_operator_meta.name }}-backup
|
||||
@@ -20,6 +20,10 @@ spec:
|
||||
resources:
|
||||
{{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
|
||||
{%- endif %}
|
||||
{% if db_management_pod_node_selector %}
|
||||
nodeSelector:
|
||||
{{ db_management_pod_node_selector | indent(width=8) }}
|
||||
{% endif %}
|
||||
volumes:
|
||||
- name: {{ ansible_operator_meta.name }}-backup
|
||||
persistentVolumeClaim:
|
||||
|
||||
@@ -13,3 +13,4 @@ admin_password_secret: '{{ deployment_name }}-admin-password'
|
||||
broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket'
|
||||
postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration'
|
||||
supported_pg_version: 13
|
||||
image_pull_policy: IfNotPresent
|
||||
|
||||
Reference in New Issue
Block a user