mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-27 13:53:12 +00:00
Compare commits
38 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
72bf56946f | ||
|
a62487b58b | ||
|
aa78813d73 | ||
|
|
a08c9104a9 | ||
|
5da4b697f1 | ||
|
f99a83c137 | ||
|
721d6814ca | ||
|
866acb3d9c | ||
|
94dc52d224 | ||
|
|
c0cd78899a | ||
|
|
3b54fa8675 | ||
|
|
4a869998d1 | ||
|
|
bc044431ab | ||
|
|
4fe482b77b | ||
|
194340688d | ||
|
b517b0a2a6 | ||
|
|
1dc56803e8 | ||
|
|
85da1aa1f3 | ||
|
|
6378836706 | ||
|
|
e829dafbd2 | ||
|
|
1023718b87 | ||
|
|
4a5141933c | ||
|
|
084841f549 | ||
|
76ab4a8342 | ||
|
2d6aa5815f | ||
|
d69b57c014 | ||
|
562a171de6 | ||
|
2118c6f49c | ||
|
|
9c759bfe88 | ||
|
|
d0205f4e5e | ||
|
d914edf3e0 | ||
|
be4fd1364c | ||
|
|
599b1e387d | ||
|
732ff9c02c | ||
|
|
d0e30a6878 | ||
|
|
a213b60008 | ||
|
768327ea3b | ||
|
4908ecfd5d |
2
.github/workflows/feature.yml
vendored
2
.github/workflows/feature.yml
vendored
@@ -8,7 +8,7 @@ on:
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-latest
|
||||
name: Push devel image
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
8
.github/workflows/promote.yaml
vendored
8
.github/workflows/promote.yaml
vendored
@@ -12,11 +12,6 @@ jobs:
|
||||
with:
|
||||
depth: 0
|
||||
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
ref: gh-pages
|
||||
path: gh-pages
|
||||
|
||||
- name: Log in to GHCR
|
||||
run: |
|
||||
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
|
||||
@@ -40,4 +35,5 @@ jobs:
|
||||
-e chart_owner=${{ github.repository_owner }} \
|
||||
-e tag=${{ github.event.release.tag_name }} \
|
||||
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
|
||||
-e gh_user=${{ github.actor }}
|
||||
-e gh_user=${{ github.actor }} \
|
||||
-e repo_type=https
|
||||
|
||||
26
.github/workflows/publish-helm.yml
vendored
Normal file
26
.github/workflows/publish-helm.yml
vendored
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
name: Re-publish helm chart
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
tag:
|
||||
description: 'Release tag'
|
||||
required: true
|
||||
type: string
|
||||
jobs:
|
||||
promote:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
depth: 0
|
||||
|
||||
- name: Release Helm chart
|
||||
run: |
|
||||
ansible-playbook ansible/helm-release.yml -v \
|
||||
-e operator_image=quay.io/${{ github.repository }} \
|
||||
-e chart_owner=${{ github.repository_owner }} \
|
||||
-e tag=${{ inputs.tag }} \
|
||||
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
|
||||
-e gh_user=${{ github.actor }} \
|
||||
-e repo_type=https
|
||||
@@ -1,4 +1,4 @@
|
||||
AWX:
|
||||
AWX:
|
||||
# enable use of awx-deploy template
|
||||
enabled: false
|
||||
name: awx
|
||||
|
||||
@@ -7,6 +7,7 @@ ignore: |
|
||||
awx-operator.clusterserviceversion.yaml
|
||||
bundle
|
||||
.helm/starter
|
||||
hacking/
|
||||
|
||||
rules:
|
||||
truthy: disable
|
||||
|
||||
@@ -31,7 +31,7 @@ Have questions about this document or anything not covered here? Please file a n
|
||||
```
|
||||
2. Make your changes.
|
||||
3. Test your changes according described on the Testing section.
|
||||
4. If everylooks looks correct, commit your changes.
|
||||
4. If everything looks correct, commit your changes.
|
||||
```sh
|
||||
#> git add <FILES>
|
||||
#> git commit -m "My message here"
|
||||
@@ -56,14 +56,17 @@ Running `molecule test` sets up a clean environment, builds the operator, runs a
|
||||
|
||||
If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
|
||||
|
||||
#### Testing in Docker
|
||||
#### Testing in Kind
|
||||
|
||||
Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
|
||||
* https://kind.sigs.k8s.io/docs/user/quick-start/
|
||||
|
||||
To run the tests, from the root of your checkout, run the following command:
|
||||
|
||||
```sh
|
||||
#> molecule test -s test-local
|
||||
#> molecule test -s kind
|
||||
```
|
||||
|
||||
This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
|
||||
|
||||
#### Testing in Minikube
|
||||
|
||||
```sh
|
||||
@@ -137,4 +140,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t
|
||||
|
||||
## Reporting Issues
|
||||
|
||||
We welcome your feedback, and encourage you to file an issue when you run into a problem.
|
||||
We welcome your feedback, and encourage you to file an issue when you run into a problem.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM quay.io/operator-framework/ansible-operator:v1.26.0
|
||||
FROM quay.io/operator-framework/ansible-operator:v1.28.1
|
||||
|
||||
USER 0
|
||||
|
||||
|
||||
11
Makefile
11
Makefile
@@ -65,6 +65,7 @@ CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
|
||||
CHART_OWNER ?= $(GH_REPO_OWNER)
|
||||
CHART_REPO ?= awx-operator
|
||||
CHART_BRANCH ?= gh-pages
|
||||
CHART_DIR ?= gh-pages
|
||||
CHART_INDEX ?= index.yaml
|
||||
|
||||
.PHONY: all
|
||||
@@ -140,7 +141,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
|
||||
@{ \
|
||||
set -e ;\
|
||||
mkdir -p $(dir $(KUSTOMIZE)) ;\
|
||||
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCHA).tar.gz | \
|
||||
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
|
||||
tar xzf - -C bin/ ;\
|
||||
}
|
||||
else
|
||||
@@ -227,7 +228,7 @@ ifeq (,$(shell which kubectl-slice 2>/dev/null))
|
||||
@{ \
|
||||
set -e ;\
|
||||
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
|
||||
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
|
||||
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \
|
||||
tar xzf - -C bin/ kubectl-slice ;\
|
||||
}
|
||||
else
|
||||
@@ -364,7 +365,7 @@ TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/
|
||||
# that is contained within a larger repo, where a tag may not require a new chart version
|
||||
.PHONY: helm-index
|
||||
helm-index:
|
||||
# when running in CI this gh-pages are already checked out with github action to 'gh-pages' directory
|
||||
# when running in CI the gh-pages branch is checked out by the ansible playbook
|
||||
# TODO: test if gh-pages directory exists and if not exist
|
||||
|
||||
@echo "== GENERATE INDEX FILE =="
|
||||
@@ -392,6 +393,6 @@ helm-index:
|
||||
# generate the index file in the root of the gh-pages branch
|
||||
# --merge will leave any values in index.yaml that don't get generated by this command, but
|
||||
# it is likely that all values are overridden
|
||||
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge gh-pages/index.yaml
|
||||
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml
|
||||
|
||||
mv .cr-release-packages/index.yaml gh-pages/index.yaml
|
||||
mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml
|
||||
|
||||
56
README.md
56
README.md
@@ -131,7 +131,7 @@ $ alias kubectl="minikube kubectl --"
|
||||
|
||||
### Basic Install
|
||||
|
||||
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/
|
||||
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/ )
|
||||
|
||||
First, create a file called `kustomization.yaml` with the following content:
|
||||
|
||||
@@ -156,7 +156,7 @@ namespace: awx
|
||||
Install the manifests by running this:
|
||||
|
||||
```
|
||||
$ kustomize build . | kubectl apply -f -
|
||||
$ kubectl apply -k .
|
||||
namespace/awx created
|
||||
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
|
||||
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
|
||||
@@ -229,10 +229,10 @@ resources:
|
||||
...
|
||||
```
|
||||
|
||||
Finally, run `kustomize` again to create the AWX instance in your cluster:
|
||||
Finally, apply the changes to create the AWX instance in your cluster:
|
||||
|
||||
```
|
||||
kustomize build . | kubectl apply -f -
|
||||
kubectl apply -k .
|
||||
```
|
||||
|
||||
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
|
||||
@@ -676,6 +676,25 @@ $ oc adm policy add-scc-to-user privileged -z awx
|
||||
|
||||
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
|
||||
|
||||
#### Containers HostAliases Requirements
|
||||
|
||||
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
|
||||
|
||||
| Name | Description | Default |
|
||||
| ------------ | --------------------- | ------- |
|
||||
| host_aliases | A list of HostAliases | None |
|
||||
|
||||
Example of customization could be:
|
||||
|
||||
```yaml
|
||||
---
|
||||
spec:
|
||||
...
|
||||
host_aliases:
|
||||
- ip: <name-of-your-ip>
|
||||
hostnames:
|
||||
- <name-of-your-domain>
|
||||
```
|
||||
|
||||
#### Containers Resource Requirements
|
||||
|
||||
@@ -911,7 +930,7 @@ A sample of extra settings can be found as below. All possible options can be fo
|
||||
value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
|
||||
|
||||
- setting: AUTH_LDAP_GROUP_TYPE
|
||||
value: 'GroupOfNamesType'
|
||||
value: 'GroupOfNamesType()'
|
||||
|
||||
- setting: AUTH_LDAP_USER_ATTR_MAP
|
||||
value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'
|
||||
@@ -1064,6 +1083,33 @@ Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it i
|
||||
|
||||
The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
|
||||
|
||||
##### Custom Favicon
|
||||
|
||||
You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
|
||||
|
||||
First, Create the configmap from a local favicon.ico file.
|
||||
|
||||
```bash
|
||||
$ oc create configmap favicon-configmap --from-file favicon.ico
|
||||
```
|
||||
|
||||
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
|
||||
|
||||
```yaml
|
||||
spec:
|
||||
extra_volumes: |
|
||||
- name: favicon
|
||||
configMap:
|
||||
defaultMode: 420
|
||||
items:
|
||||
- key: favicon.ico
|
||||
path: favicon.ico
|
||||
name: favicon-configmap
|
||||
web_extra_volume_mounts: |
|
||||
- name: favicon
|
||||
mountPath: /var/lib/awx/public/static/media/favicon.ico
|
||||
subPath: favicon.ico
|
||||
```
|
||||
|
||||
#### Default execution environments from private registries
|
||||
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
- hosts: localhost
|
||||
vars:
|
||||
chart_repo: awx-operator
|
||||
environment:
|
||||
CHART_OWNER: "{{ chart_owner }}"
|
||||
tasks:
|
||||
- name: Look up release
|
||||
uri:
|
||||
@@ -43,7 +45,7 @@
|
||||
- name: Upload helm chart
|
||||
uri:
|
||||
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
|
||||
src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
|
||||
src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz"
|
||||
headers:
|
||||
Authorization: "token {{ gh_token }}"
|
||||
Content-Type: "application/octet-stream"
|
||||
@@ -66,26 +68,55 @@
|
||||
|
||||
- when: commits_for_release.stdout == ''
|
||||
block:
|
||||
- name: Configure git config
|
||||
shell: |
|
||||
git config user.name {{ gh_user }}
|
||||
git config user.email {{ gh_user }}@users.noreply.github.com
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/../gh-pages"
|
||||
- name: Make a temp dir
|
||||
tempfile:
|
||||
state: directory
|
||||
register: temp_dir
|
||||
|
||||
- name: Clone the gh-pages branch from {{ chart_owner }}
|
||||
git:
|
||||
repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}"
|
||||
dest: "{{ temp_dir.path }}"
|
||||
single_branch: yes
|
||||
version: gh-pages
|
||||
vars:
|
||||
http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}"
|
||||
ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git"
|
||||
|
||||
- name: Publish helm index
|
||||
command: |
|
||||
make helm-index
|
||||
ansible.builtin.command:
|
||||
cmd: make helm-index
|
||||
environment:
|
||||
CHART_OWNER: "{{ chart_owner }}"
|
||||
CR_TOKEN: "{{ gh_token }}"
|
||||
CHART_DIR: "{{ temp_dir.path }}"
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/../"
|
||||
chdir: "{{ playbook_dir }}/.."
|
||||
|
||||
- name: Set url base swap in gitconfig
|
||||
command:
|
||||
cmd: "git config --global url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
|
||||
args:
|
||||
chdir: "{{ temp_dir.path }}/"
|
||||
no_log: true
|
||||
|
||||
- name: Stage and Push commit to gh-pages branch
|
||||
shell: |
|
||||
git add index.yaml
|
||||
git commit -m "{{ commit_message }}"
|
||||
git push
|
||||
command:
|
||||
cmd: "{{ item }}"
|
||||
loop:
|
||||
- git add index.yaml
|
||||
- git commit -m "{{ commit_message }}"
|
||||
- git push
|
||||
args:
|
||||
chdir: "{{ playbook_dir }}/../gh-pages"
|
||||
chdir: "{{ temp_dir.path }}/"
|
||||
environment:
|
||||
GIT_AUTHOR_NAME: "{{ gh_user }}"
|
||||
GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com"
|
||||
GIT_COMMITTER_NAME: "{{ gh_user }}"
|
||||
GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com"
|
||||
|
||||
always:
|
||||
- name: Remove temp dir
|
||||
file:
|
||||
path: "{{ temp_dir.path }}"
|
||||
state: absent
|
||||
|
||||
@@ -1345,6 +1345,18 @@ spec:
|
||||
image_pull_secret: # deprecated
|
||||
description: (Deprecated) Image pull secret for app and database containers
|
||||
type: string
|
||||
host_aliases:
|
||||
description: HostAliases for app containers
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
ip:
|
||||
type: string
|
||||
hostnames:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
task_resource_requirements:
|
||||
description: Resource requirements for the task container
|
||||
properties:
|
||||
@@ -1455,6 +1467,28 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
rsyslog_resource_requirements:
|
||||
description: Resource requirements for the rsyslog container
|
||||
properties:
|
||||
requests:
|
||||
properties:
|
||||
cpu:
|
||||
type: string
|
||||
memory:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
type: object
|
||||
limits:
|
||||
properties:
|
||||
cpu:
|
||||
type: string
|
||||
memory:
|
||||
type: string
|
||||
storage:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
service_account_annotations:
|
||||
description: ServiceAccount annotations
|
||||
type: string
|
||||
@@ -1596,6 +1630,25 @@ spec:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
postgres_keepalives:
|
||||
description: Controls whether client-side TCP keepalives are used for Postgres connections.
|
||||
default: true
|
||||
type: boolean
|
||||
postgres_keepalives_count:
|
||||
description: Controls the number of TCP keepalives that can be lost before the client's connection to the server is considered dead.
|
||||
type: integer
|
||||
default: 5
|
||||
format: int32
|
||||
postgres_keepalives_idle:
|
||||
description: Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server.
|
||||
type: integer
|
||||
default: 5
|
||||
format: int32
|
||||
postgres_keepalives_interval:
|
||||
description: Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.
|
||||
type: integer
|
||||
default: 5
|
||||
format: int32
|
||||
ca_trust_bundle:
|
||||
description: Path where the trusted CA bundle is available
|
||||
type: string
|
||||
|
||||
@@ -21,12 +21,10 @@ resources:
|
||||
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
|
||||
#- ../prometheus
|
||||
|
||||
patchesStrategicMerge:
|
||||
# Protect the /metrics endpoint by putting it behind auth.
|
||||
# If you want your controller-manager to expose the /metrics
|
||||
# endpoint w/o any authn/z, please comment the following line.
|
||||
- manager_auth_proxy_patch.yaml
|
||||
|
||||
# Mount the controller config file for loading manager configurations
|
||||
# through a ComponentConfig type
|
||||
#- manager_config_patch.yaml
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
patches:
|
||||
- path: manager_auth_proxy_patch.yaml
|
||||
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
- "ALL"
|
||||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
|
||||
args:
|
||||
- "--secure-listen-address=0.0.0.0:8443"
|
||||
|
||||
@@ -88,10 +88,10 @@ spec:
|
||||
kind: AWXRestore
|
||||
name: awxrestores.awx.ansible.com
|
||||
specDescriptors:
|
||||
- displayName: Backup Source to restore from
|
||||
description: Select what type of backup to specify. Backup CR, allows you to specify
|
||||
the name of an AWXBackup object (recommended approach). The PVC option allows you to
|
||||
specify a custom PVC and directory to backup from.
|
||||
- description: Select what type of backup to specify. Backup CR, allows you
|
||||
to specify the name of an AWXBackup object (recommended approach). The
|
||||
PVC option allows you to specify a custom PVC and directory to backup from.
|
||||
displayName: Backup Source to restore from
|
||||
path: backup_source
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:select:Backup CR
|
||||
@@ -115,8 +115,9 @@ spec:
|
||||
path: backup_pvc_namespace
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Backup Directory
|
||||
description: This is the directory inside the PVC that your backup is stored in.
|
||||
- description: This is the directory inside the PVC that your backup is stored
|
||||
in.
|
||||
displayName: Backup Directory
|
||||
path: backup_dir
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
@@ -151,7 +152,8 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
version: v1beta1
|
||||
- description: Deploy a new instance of AWX. A standardized way to define, operate and scale automation with Ansible.
|
||||
- description: Deploy a new instance of AWX. A standardized way to define, operate
|
||||
and scale automation with Ansible.
|
||||
displayName: AWX
|
||||
kind: AWX
|
||||
name: awxs.awx.ansible.com
|
||||
@@ -186,8 +188,9 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:io.kubernetes:Secret
|
||||
- displayName: Secret Key
|
||||
description: Name of the k8s secret the symmetric encryption key is stored in.
|
||||
- description: Name of the k8s secret the symmetric encryption key is stored
|
||||
in.
|
||||
displayName: Secret Key
|
||||
path: secret_key_secret
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
@@ -226,7 +229,7 @@ spec:
|
||||
path: ingress_api_version
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
- displayName: Ingress Path
|
||||
path: ingress_path
|
||||
x-descriptors:
|
||||
@@ -320,6 +323,11 @@ spec:
|
||||
path: image_pull_secret
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: HostAliases for app containers
|
||||
path: host_aliases
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:text
|
||||
- displayName: Web Container Resource Requirements
|
||||
path: web_resource_requirements
|
||||
x-descriptors:
|
||||
@@ -335,9 +343,9 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: PostgreSQL Init Container Resource Requirements
|
||||
description: The PostgreSQL init container is not used when an external DB
|
||||
- description: The PostgreSQL init container is not used when an external DB
|
||||
is configured
|
||||
displayName: PostgreSQL Init Container Resource Requirements
|
||||
path: postgres_init_container_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
@@ -347,20 +355,22 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: PostgreSQL Container Resource Requirements
|
||||
description: The PostgreSQL container is not used when an external DB
|
||||
is configured
|
||||
- displayName: Rsyslog Container Resource Requirements
|
||||
path: rsyslog_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- description: The PostgreSQL container is not used when an external DB is configured
|
||||
displayName: PostgreSQL Container Resource Requirements
|
||||
path: postgres_resource_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: PostgreSQL Container Storage Requirements
|
||||
description: The PostgreSQL container is not used when an external DB
|
||||
is configured
|
||||
- description: The PostgreSQL container is not used when an external DB is configured
|
||||
displayName: PostgreSQL Container Storage Requirements
|
||||
path: postgres_storage_requirements
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
|
||||
- displayName: Replicas
|
||||
path: replicas
|
||||
x-descriptors:
|
||||
@@ -471,8 +481,8 @@ spec:
|
||||
- displayName: Postgres Storage Class
|
||||
path: postgres_storage_class
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:io.kubernetes:StorageClass
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Datapath
|
||||
path: postgres_data_path
|
||||
x-descriptors:
|
||||
@@ -483,6 +493,26 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Enable Postgres Keepalives
|
||||
path: postgres_keepalives
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Keepalives Count
|
||||
path: postgres_keepalives_count
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Keepalives Idle
|
||||
path: postgres_keepalives_idle
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Postgres Keepalives Interval
|
||||
path: postgres_keepalives_interval
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:hidden
|
||||
- displayName: Certificate Authorirty Trust Bundle
|
||||
path: ca_trust_bundle
|
||||
x-descriptors:
|
||||
@@ -790,8 +820,8 @@ spec:
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
|
||||
- displayName: Additional labels defined on the resource, which should be
|
||||
propagated to child resources
|
||||
- displayName: Additional labels defined on the resource, which should be propagated
|
||||
to child resources
|
||||
path: additional_labels
|
||||
x-descriptors:
|
||||
- urn:alm:descriptor:com.tectonic.ui:advanced
|
||||
@@ -876,7 +906,7 @@ spec:
|
||||
- email: awx-project@googlegroups.com
|
||||
name: AWX Team
|
||||
maturity: alpha
|
||||
MinKubeVersion: 1.22.15
|
||||
minKubeVersion: 1.22.15
|
||||
provider:
|
||||
name: Ansible
|
||||
url: github.com/ansible/awx-operator
|
||||
|
||||
@@ -7,10 +7,6 @@ namePrefix: osdk-
|
||||
#commonLabels:
|
||||
# someName: someValue
|
||||
|
||||
patchesStrategicMerge:
|
||||
- manager_image.yaml
|
||||
- debug_logs_patch.yaml
|
||||
- ../default/manager_auth_proxy_patch.yaml
|
||||
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
@@ -21,3 +17,7 @@ resources:
|
||||
images:
|
||||
- name: testing
|
||||
newName: testing-operator
|
||||
patches:
|
||||
- path: manager_image.yaml
|
||||
- path: debug_logs_patch.yaml
|
||||
- path: ../default/manager_auth_proxy_patch.yaml
|
||||
|
||||
29
docs/doc-proposal.md
Normal file
29
docs/doc-proposal.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Docs Breakdown for AWX Operator
|
||||
|
||||
## Introduction
|
||||
|
||||
This table below is aimed at breaking down the ReadME documentation for Ansible AWX Operator and structure it in the way it can be moved to the Read The Docs module.
|
||||
|
||||
From the ReadMe file, the documentation can be classified into six distinct segments which are:
|
||||
|
||||
|
||||
- Introduction/Getting Started
|
||||
- Installation
|
||||
- User Guide
|
||||
- Upgrade
|
||||
- Uninstall
|
||||
- Contributors Guide
|
||||
|
||||
Using these listed segments, we can do a proper breakdown of all the topics in the ReadMe and place each one in the segment they fall into. This table is open to any form of refactoring or modifications.
|
||||
|
||||
| Segments | Topics |
|
||||
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Introduction | - [Purpose](https://github.com/ansible/awx-operator#purpose) |
|
||||
| Installation | - [Creating a minikube cluster for testing](https://github.com/ansible/awx-operator#creating-a-minikube-cluster-for-testing)<br>- [Basic Install](https://github.com/ansible/awx-operator#basic-install)<br>- [Helm Install on existing cluster](https://github.com/ansible/awx-operator#helm-install-on-existing-cluster) |
|
||||
| User Guide | - [Admin user account configuration](https://github.com/ansible/awx-operator#admin-user-account-configuration)<br>- [Network and TLS Configuration](https://github.com/ansible/awx-operator#network-and-tls-configuration)<br> * [Service Type](https://github.com/ansible/awx-operator#service-type)<br> * [Ingress Type](https://github.com/ansible/awx-operator#ingress-type)<br>- [Database Configuration](https://github.com/ansible/awx-operator#database-configuration)<br> * [External PostgreSQL Service](https://github.com/ansible/awx-operator#external-postgresql-service)<br> * [Migrating data from an old AWX instance](https://github.com/ansible/awx-operator#migrating-data-from-an-old-awx-instance)<br> * [Managed PostgreSQL Service](https://github.com/ansible/awx-operator#managed-postgresql-service)<br>- [Advanced Configuration](https://github.com/ansible/awx-operator#advanced-configuration)<br> * [Deploying a specific version of AWX](https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx)<br> * [Redis container capabilities](https://github.com/ansible/awx-operator#redis-container-capabilities)<br> * [Privileged Tasks](https://github.com/ansible/awx-operator#privileged-tasks)<br> * [Containers Resource Requirements](https://github.com/ansible/awx-operator#containers-resource-requirements)<br> * [Priority Classes](https://github.com/ansible/awx-operator#priority-classes)<br> * [Assigning AWX pods to specific nodes](https://github.com/ansible/awx-operator#assigning-awx-pods-to-specific-nodes)<br> * [Trusting a Custom Certificate Authority](https://github.com/ansible/awx-operator#trusting-a-custom-certificate-authority)<br> * [Enabling LDAP Integration at AWX bootstrap](https://github.com/ansible/awx-operator#enabling-ldap-integration-at-awx-bootstrap)<br> * [Persisting Projects Directory](https://github.com/ansible/awx-operator#persisting-projects-directory)<br> * [Custom Volume and Volume Mount Options](https://github.com/ansible/awx-operator#custom-volume-and-volume-mount-options)<br> * [Default execution environments from private registries](https://github.com/ansible/awx-operator#default-execution-environments-from-private-registries)<br> * * [Control plane ee from private registry](https://github.com/ansible/awx-operator#control-plane-ee-from-private-registry)<br> * [Exporting Environment Variables to Containers](https://github.com/ansible/awx-operator#exporting-environment-variables-to-containers)<br> * [CSRF Cookie Secure Setting](https://github.com/ansible/awx-operator#csrf-cookie-secure-setting)<br> * [Session Cookie Secure Setting](https://github.com/ansible/awx-operator#session-cookie-secure-setting)<br> * [Extra Settings](https://github.com/ansible/awx-operator#extra-settings)<br> * [Configure no_log](https://github.com/ansible/awx-operator#no-log)<br> * [Auto Upgrade](https://github.com/ansible/awx-operator#auto-upgrade)<br> ** [Upgrade of instances without auto upgrade](https://github.com/ansible/awx-operator#upgrade-of-instances-without-auto-upgrade)<br> * [Service Account](https://github.com/ansible/awx-operator#service-account)<br> * [Labeling operator managed objects](https://github.com/ansible/awx-operator#labeling-operator-managed-objects)<br> * [Pods termination grace period](https://github.com/ansible/awx-operator#pods-termination-grace-period)<br> * [Disable IPV6](https://github.com/ansible/awx-operator#disable-ipv6)<br> * [Add Execution Nodes](https://github.com/ansible/awx-operator#adding-execution-nodes)<br> ** [Custom Receptor CA](https://github.com/ansible/awx-operator#custom-receptor-ca)<br> * [Debugging](https://github.com/ansible/awx-operator/blob/devel/docs/debugging.md)<br> * [Migration](https://github.com/ansible/awx-operator/blob/devel/docs/migration.md) |
|
||||
| Upgrade | - [Upgrading](https://github.com/ansible/awx-operator#upgrading)<br> * [Backup](https://github.com/ansible/awx-operator#backup)<br> * [v0.14.0](https://github.com/ansible/awx-operator#v0140)<br> ** [Cluster-scope to Namespace-scope considerations](https://github.com/ansible/awx-operator#cluster-scope-to-namespace-scope-considerations)<br> ** [Project is now based on v1.x of the operator-sdk project](https://github.com/ansible/awx-operator#project-is-now-based-on-v1x-of-the-operator-sdk-project)<br> ** [Steps to upgrade](https://github.com/ansible/awx-operator#steps-to-upgrade) |
|
||||
| Uninstall | - [Uninstall](https://github.com/ansible/awx-operator#uninstall) |
|
||||
| Contributors Guide | - [Contributing](https://github.com/ansible/awx-operator#contributing)<br>- [Release Process](https://github.com/ansible/awx-operator#release-process)<br>- [Author](https://github.com/ansible/awx-operator#author)<br>- [Code of Conduct](https://github.com/ansible/awx-operator#code-of-conduct)<br>- [Get Involved](https://github.com/ansible/awx-operator#get-involved) |
|
||||
|
||||
|
||||
Note: I could not get the multi-level bullet point list to work in the table so I used single asterisk `*` for one level down and double asterisk `**` for two level down.
|
||||
@@ -5,8 +5,20 @@
|
||||
gather_facts: no
|
||||
|
||||
tasks:
|
||||
# Remove after this if fixed: https://github.com/ansible-collections/community.docker/issues/611
|
||||
- name: Install docker
|
||||
become: yes
|
||||
pip:
|
||||
name:
|
||||
- websocket-client==0.59.0
|
||||
- requests==2.28.2
|
||||
- urllib3==1.26.15
|
||||
- docker
|
||||
- docker-compose
|
||||
state: present
|
||||
|
||||
- name: Build operator image
|
||||
docker_image:
|
||||
community.docker.docker_image:
|
||||
build:
|
||||
path: '{{ project_dir }}'
|
||||
pull: no
|
||||
|
||||
@@ -5,3 +5,4 @@ ansible-lint
|
||||
openshift!=0.13.0
|
||||
jmespath
|
||||
ansible-core
|
||||
ansible-compat<4 # https://github.com/ansible-community/molecule/issues/3903
|
||||
|
||||
@@ -5,4 +5,5 @@ collections:
|
||||
version: 2.3.2
|
||||
- name: operator_sdk.util
|
||||
- name: community.docker
|
||||
version: 3.4.4
|
||||
- name: awx.awx
|
||||
|
||||
@@ -283,7 +283,7 @@ task_command: []
|
||||
web_args:
|
||||
- /usr/bin/launch_awx_web.sh
|
||||
web_command: []
|
||||
ryslog_args:
|
||||
rsyslog_args:
|
||||
- /usr/bin/launch_awx_rsyslog.sh
|
||||
rsyslog_command: []
|
||||
|
||||
@@ -303,10 +303,6 @@ ee_resource_requirements:
|
||||
memory: 64Mi
|
||||
|
||||
# TODO: validate default resource requirements
|
||||
rsyslog_resource_requirements:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
# Customize CSRF options
|
||||
csrf_cookie_secure: False
|
||||
@@ -319,6 +315,12 @@ redis_resource_requirements:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
|
||||
rsyslog_resource_requirements:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
|
||||
# Add extra environment variables to the AWX task/web containers. Specify as
|
||||
# literal block. E.g.:
|
||||
# task_extra_env: |
|
||||
@@ -384,6 +386,12 @@ projects_existing_claim: ''
|
||||
# Define postgres configuration arguments to use
|
||||
postgres_extra_args: ''
|
||||
|
||||
# Configure postgres connection keepalive
|
||||
postgres_keepalives: true
|
||||
postgres_keepalives_idle: 5
|
||||
postgres_keepalives_interval: 5
|
||||
postgres_keepalives_count: 5
|
||||
|
||||
# Define the storage_class, size and access_mode
|
||||
# when not using an existing claim
|
||||
projects_storage_size: 8Gi
|
||||
@@ -425,3 +433,10 @@ set_self_labels: true
|
||||
|
||||
# Disable web container's nginx ipv6 listener
|
||||
ipv6_disabled: false
|
||||
|
||||
# Set hostAliases on deployments
|
||||
# hostAliases:
|
||||
# - ip: 10.10.0.10
|
||||
# hostnames:
|
||||
# - hostname
|
||||
host_aliases: ''
|
||||
|
||||
@@ -236,7 +236,7 @@ data:
|
||||
bind 127.0.0.1
|
||||
receptor_conf: |
|
||||
---
|
||||
- log-level: debug
|
||||
- log-level: info
|
||||
- local-only: null
|
||||
- node:
|
||||
firewallrules:
|
||||
|
||||
@@ -59,6 +59,16 @@ spec:
|
||||
- name: {{ secret }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if host_aliases is defined and host_aliases | length > 0 %}
|
||||
hostAliases:
|
||||
{% for item in host_aliases %}
|
||||
- ip: {{ item.ip }}
|
||||
hostnames:
|
||||
{% for hostname in item.hostnames %}
|
||||
- {{ hostname }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if control_plane_priority_class is defined %}
|
||||
priorityClassName: '{{ control_plane_priority_class }}'
|
||||
{% endif %}
|
||||
@@ -112,6 +122,7 @@ spec:
|
||||
- name: init-projects
|
||||
image: '{{ _init_projects_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ task_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@@ -332,13 +343,14 @@ spec:
|
||||
{% if ee_extra_env -%}
|
||||
{{ ee_extra_env | indent(width=12, first=True) }}
|
||||
{% endif %}
|
||||
resources: {{ rsyslog_resource_requirements }}
|
||||
- image: '{{ _image }}'
|
||||
name: '{{ ansible_operator_meta.name }}-rsyslog'
|
||||
{% if rsyslog_command %}
|
||||
command: {{ rsyslog_command }}
|
||||
{% endif %}
|
||||
{% if ryslog_args %}
|
||||
args: {{ ryslog_args }}
|
||||
{% if rsyslog_args %}
|
||||
args: {{ rsyslog_args }}
|
||||
{% endif %}
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
volumeMounts:
|
||||
|
||||
@@ -7,7 +7,7 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
|
||||
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels//version.yaml.j2") | indent(width=4) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
|
||||
spec:
|
||||
{% if web_replicas %}
|
||||
replicas: {{ web_replicas }}
|
||||
@@ -24,7 +24,7 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
|
||||
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels//version.yaml.j2") | indent(width=8) | trim }}
|
||||
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
|
||||
annotations:
|
||||
{% for template in [
|
||||
"configmaps/config",
|
||||
@@ -32,7 +32,7 @@ spec:
|
||||
"secrets/app_credentials",
|
||||
"storage/persistent",
|
||||
] %}
|
||||
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | md5 }}"
|
||||
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
|
||||
{% endfor %}
|
||||
{% for secret in [
|
||||
"bundle_cacert",
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
"receptor_ca",
|
||||
"receptor_work_signing",
|
||||
] %}
|
||||
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | md5 }}"
|
||||
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
|
||||
{% endfor %}
|
||||
{% if web_annotations %}
|
||||
{{ web_annotations | indent(width=8) }}
|
||||
@@ -60,6 +60,16 @@ spec:
|
||||
- name: {{ secret }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if host_aliases is defined and host_aliases | length > 0 %}
|
||||
hostAliases:
|
||||
{% for item in host_aliases %}
|
||||
- ip: {{ item.ip }}
|
||||
hostnames:
|
||||
{% for hostname in item.hostnames %}
|
||||
- {{ hostname }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if control_plane_priority_class is defined %}
|
||||
priorityClassName: '{{ control_plane_priority_class }}'
|
||||
{% endif %}
|
||||
@@ -68,6 +78,7 @@ spec:
|
||||
- name: init
|
||||
image: '{{ _init_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ web_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@@ -96,6 +107,7 @@ spec:
|
||||
- name: init-projects
|
||||
image: '{{ _init_projects_container_image }}'
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
resources: {{ web_resource_requirements }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
@@ -244,8 +256,8 @@ spec:
|
||||
{% if rsyslog_command %}
|
||||
command: {{ rsyslog_command }}
|
||||
{% endif %}
|
||||
{% if ryslog_args %}
|
||||
args: {{ ryslog_args }}
|
||||
{% if rsyslog_args %}
|
||||
args: {{ rsyslog_args }}
|
||||
{% endif %}
|
||||
imagePullPolicy: '{{ image_pull_policy }}'
|
||||
volumeMounts:
|
||||
@@ -284,6 +296,7 @@ spec:
|
||||
- name: AWX_KUBE_DEVEL
|
||||
value: "1"
|
||||
{% endif %}
|
||||
resources: {{ rsyslog_resource_requirements }}
|
||||
{% if web_node_selector %}
|
||||
nodeSelector:
|
||||
{{ web_node_selector | indent(width=8) }}
|
||||
|
||||
@@ -34,7 +34,7 @@ spec:
|
||||
port:
|
||||
number: 80
|
||||
{% if ingress_controller|lower == "contour" %}
|
||||
- path: '{{ ingress_path }}/websocket'
|
||||
- path: '{{ ingress_path.rstrip("/") }}/websocket'
|
||||
pathType: '{{ ingress_path_type }}'
|
||||
backend:
|
||||
service:
|
||||
|
||||
@@ -52,7 +52,7 @@ spec:
|
||||
type: NodePort
|
||||
{% elif service_type | lower == "loadbalancer" %}
|
||||
type: LoadBalancer
|
||||
{% if variable is defined and variable|length %}
|
||||
{% if loadbalancer_ip is defined and loadbalancer_ip|length %}
|
||||
loadbalancerip: '{{ loadbalancer_ip }}'
|
||||
{% endif %}
|
||||
{% else %}
|
||||
|
||||
@@ -10,6 +10,14 @@ DATABASES = {
|
||||
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
|
||||
{% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
|
||||
'sslrootcert': '{{ ca_trust_bundle }}',
|
||||
{% endif %}
|
||||
{% if postgres_keepalives %}
|
||||
'keepalives': 1,
|
||||
'keepalives_idle': {{ postgres_keepalives_idle }},
|
||||
'keepalives_interval': {{ postgres_keepalives_interval }},
|
||||
'keepalives_count': {{ postgres_keepalives_count }},
|
||||
{% else %}
|
||||
'keepalives': 0,
|
||||
{% endif %}
|
||||
},
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user