internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 13:53:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:2.11.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:test-python-module-fix
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

120 Commits
2.11.0 ... test-pytho

Author SHA1 Message Date
Christian M. Adams
12febf501b Make CI use this branch when running label PR check 2024-10-16 12:12:33 -04:00
Christian M. Adams
b567678cc1 Fix Label PR check by using python venv for requests library 2024-10-16 11:51:28 -04:00
Alan Rominger
d4de2d3c44 Disable reverse sync for management commands (#1970) 2024-10-09 16:26:24 -04:00
Djebran Lezzoum
848cf17d0b Deprecate LDAP auth (#1969) 
deprecate external auth related configuration

issue: https://issues.redhat.com/browse/AAP-29476
 2024-10-08 12:25:23 -04:00
Djebran Lezzoum
ae86cb3d13 Skip django_auth_ldap import if missing (#1955) 2024-10-02 09:36:00 -04:00
mihirlele
70ec7a5304 Add ability to exclude postgres data during migration to Openshift AAP operator (#1954) 2024-09-20 03:23:39 +00:00
aknochow
532be386fc fix postgres user permissions for upgrades (#1959) 2024-09-18 13:24:18 -04:00
Andrew Klychkov
0367516203 Docs: remove IRC/ML/google.gropus remnants (#1956) 2024-09-16 09:32:16 +01:00
Andrew Klychkov
8bad25cbc7 Docs: update communication section (#1945) 2024-09-05 09:11:13 +01:00
Elijah DeLee
f50c029408 add graceful harakiri 
now there is way for uwsgi to send signal for graceful harakiri to try and handle it nice way before sending signal 9

pairs with https://github.com/ansible/awx/pull/15447/files
 2024-09-04 15:40:59 -04:00
Don Naro
4f87143719 mention helm docs in readme (#1951) 
* mention helm docs in readme

* point to gh pages instead of rtd
 2024-09-03 13:13:27 +01:00
Don Naro
f0a518baf6 Remove Helm chart code (#1938) 
* rm Helm chart starter directory

* rm Helm release playbook

* rm Helm install from docs

* rm Helm chart workflows

* rm Helm starter from yamllint

* rm Helm targets from Makefile

* Revert "rm Helm targets from Makefile"

This reverts commit da38360168.

* remove helm from Makefile

* rm kubectl-slice and yp from Makefile
 2024-08-08 13:39:33 -04:00
Imed
8224b0b354 Adding postgres annotations support (#1829) 
* Adding postgres annotations support

Authored-by: Imed Aouidene <imaouide@imaouide-thinkpadt14sgen2i.cdg.csb>
 2024-07-24 18:45:06 +00:00
Guillaume Lefevre
d42737993f Change ansible k8s_info tasks api_version for Job kind to batch/v1 (#1833) 
Co-authored-by: Guillaume Lefevre <guillaume.lefevre@agoda.com>
 2024-07-24 18:38:04 +00:00
dependabot[bot]
a95815561a Bump docker/login-action from 3.2.0 to 3.3.0 in the dependencies group (#1924) 
Bumps the dependencies group with 1 update: [docker/login-action](https://github.com/docker/login-action).


Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-24 14:09:04 -04:00
kurokobo
2b0221bbc6 docs: overall minor renovations (#1874) 
* docs: simplify README.md and make index.md to refer to it
* docs: change order for pages in navigation and add missing pages
* docs: fix headings to improve navigation, transform notes to admonition, fix indentation, linting issues and minor issues
* docs: merge docs for using images from private registries
* docs: add example to integrate LDAP configuration via extra_settings_files
* Apply suggestions from code review
docs: apply suggested changes

Co-authored-by: Don Naro <dnaro@redhat.com>

* docs: update the doc site url as same as the url in https://www.ansible.com/ecosystem/
* docs: minor fixes for hpa page
* docs: expand note block
* docs: apply #1904 to README.md

---------

Co-authored-by: Don Naro <dnaro@redhat.com>
 2024-07-20 18:34:21 -04:00
Dimitri Savineau
36cf9c23ea web: Add volume to handle debug logs (#1921) 
When enabling debug web requests, the /var/log/tower directory needs
to exist.
Rather than just creating that directory in the container image then
create an emptyDir volume.

Closes: #1485

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
 2024-07-16 11:58:27 -04:00
Christian Adams
041270ffbe Use task_resource_requirements for migration k8s job (#1912) 2024-07-10 15:51:47 -04:00
dependabot[bot]
9f917231a0 Bump the dependencies group with 6 updates (#1909) 
Bumps the dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `4` |
| [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `2` | `4` |
| [helm/kind-action](https://github.com/helm/kind-action) | `1.8.0` | `1.10.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.0.0` | `3.2.0` |
| [github/issue-labeler](https://github.com/github/issue-labeler) | `2.4.1` | `3.4` |


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Updates `actions/setup-python` from 4 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

Updates `actions/upload-artifact` from 2 to 4
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v4)

Updates `helm/kind-action` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.8.0...v1.10.0)

Updates `docker/login-action` from 3.0.0 to 3.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](343f7c4344...0d4c9c5ea7)

Updates `github/issue-labeler` from 2.4.1 to 3.4
- [Release notes](https://github.com/github/issue-labeler/releases)
- [Commits](https://github.com/github/issue-labeler/compare/v2.4.1...v3.4)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-10 14:30:29 -04:00
Chi Cuong HA
cdab3dd538 fix: Make basic install without operator works (#1875) 
- Update role name for README.md
  - Avoid the this_awx['resources'][0] is undefined in database_configuration.yml
  - Add update_status variable to include or not the update_status.yml
  - metrics_utility_enabled exists in CRD but not as variable

Co-authored-by: Christian Adams <chadams@redhat.com>
 2024-07-03 19:12:47 +00:00
Stéphane Bilqué
0444ae31db Allow to scale up the operator pods by using the Helm Chart (#1881) 
* Allow to scale up the operator pods by using the Helm Chart
* Add support for horizontal pod autoscaling (#1676)
* fix: spec.replicas
 2024-07-03 18:46:47 +00:00
MeganerdDev
e5a24b8918 Update Dockerfile ansible-operator to v1.34.2, operator-sdk to v1.34.2 (#1883) 
* Updates operator-framework/ansible-operator tag from v1.34.0 to v1.34.2

* Update operator-sdk release to v1.34.2

---------

Co-authored-by: meganerd <meganerd@meganerd.org>
Co-authored-by: jessicamack <jmack@redhat.com>
 2024-07-03 14:42:52 -04:00
Stéphane Bilqué
f9792d486e Fix: Enable the creation of a helm chart with a name other than awx-operator (#1884) 
Enable the proper creation of a helm chart with a name other than awx-operator

Co-authored-by: Christian Adams <chadams@redhat.com>
 2024-07-03 18:37:34 +00:00
llussy
dd37ebd440 Update index.md (#1904) 
* Update docs/installation/index.md

---------

Co-authored-by: Christian Adams <rooftopcellist@gmail.com>
 2024-06-26 20:17:22 +00:00
JagannathS
4a1e3c1075 Update kind-install.md (#1903) 
the kind install command had reference to oc (openshift cli). removed that and made it to kubectl
 2024-06-26 20:15:37 +00:00
Don Naro
4b6eb8df05 Add github-actions package manager (#1900) 
add github-actions package manager

This change adds github-actions package manager to the dependabot config
file to bump action versions.
 2024-06-26 15:52:28 -04:00
aknochow
9fc3738b53 Split metrics utility cronjobs for crc and local report (#1906) 
* fixing metrics-utility variables and conditionals

* separating metrics-utility for console into separate tasks and conditionals
 2024-06-26 10:52:58 -04:00
Seth Foster
e3c2720681 Wait for instance ready in molecule test (#1901) 
Sometimes a job is launched through the web api
before the instance is in a ready state. This throws
a 500 internal server error, causing CI to fail.

Adds a task to query the instances endpoint
and check that at least one control node is
in a ready state.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-06-18 23:11:04 -04:00
Christian Adams
23a3266b4a Fix nox test failure (#1899) 
Fix nox test failure by bumping nox action to wntrblm/nox@2024.04.15
 2024-06-13 20:23:03 -04:00
Stéphane Bilqué
e271515385 Ability to add custom labels to the DB migration pods (#1878) 
add the labels from the 'additional_labels' parameter in the awx-migration pods

Co-authored-by: Stéphane BILQUÉ <Stephane.Bilque@caissedesdepots.fr>
 2024-06-12 14:42:28 -04:00
David Hageman
13abaab1b3 Add scheduling controls to Mesh Ingress (#1892) 2024-06-12 11:33:03 -04:00
Ricardo Carrillo Cruz
01bde2cebb Cast manage_replicas to bool (#1893) 2024-06-06 14:43:20 +02:00
Joel
c696eda50a Fix custom CA certificates for task/web/migration (#1846) 
* Fix bundle_ca_crt for task/web/migration

- added a new init container init-bundle-ca-trust
- added volume ca-trust-extracted to the migration job
- added volume ca-trust-extracted to the init container init-database
- removed volume bundle-ca from all follow-up containers
 2024-06-05 22:56:52 -04:00
Hao Liu
a260ab6873 Fix migrating from devel version to devel version (#1890) 
upgrading from devel version to devel version currently don't run migration because we chopped off the git sha
 2024-06-05 14:10:51 -04:00
Hao Liu
9fa46bea43 Enable readiness probe for task pod in CI (#1891) 
Avoid race condition where job launch before task container is ready
 2024-06-05 14:07:08 -04:00
David Hageman
8ead140541 Add support for horizontal pod autoscaling (#1676) 2024-06-03 15:59:48 -04:00
Hao Liu
6820981dd5 Use check_instance_ready for task pod readiness (#1885) 2024-05-31 09:33:29 -04:00
kurokobo
56df3279a6 feat: implement extra_settings_files (#1836) 
* feat: implement extra_settings_files
* fix: reduce duplicated code blocks by templates
* docs: update docs for extra settings
* docs: simplify the commands
* docs: add notes for duplicated keys in setting files
 2024-05-23 13:40:51 -04:00
aknochow
64fb262830 fixing metrics-utility variables and conditionals (#1872) 2024-05-22 15:29:26 -04:00
Hao Liu
5d99553fa6 Improve logging in CI (#1868) 
- Set AWX log level to DEBUG
- Fix failure to collect awx API output
 2024-05-22 13:56:49 +00:00
aknochow
cecf812382 moving metrics_utility defaults to vars/main.yaml and setting default… (#1869) 
moving metrics_utility defaults to vars/main.yaml and setting default secret undefined to fix conditional
 2024-05-21 18:16:14 -04:00
Hao Liu
3f0fd7f965 Fix CI failure (#1863) 
Unpin collection in molecule

Fix CI failure
 2024-05-20 18:36:27 -04:00
dependabot[bot]
f27d7b28b8 Bump mkdocs-ansible from 24.3.0 to 24.3.1 in /docs in the dependencies group (#1856) 
Bump mkdocs-ansible in /docs in the dependencies group

Bumps the dependencies group in /docs with 1 update: [mkdocs-ansible](https://github.com/ansible/mkdocs-ansible).


Updates `mkdocs-ansible` from 24.3.0 to 24.3.1
- [Release notes](https://github.com/ansible/mkdocs-ansible/releases)
- [Commits](https://github.com/ansible/mkdocs-ansible/compare/v24.3.0...v24.3.1)

---
updated-dependencies:
- dependency-name: mkdocs-ansible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-20 15:05:09 -04:00
Christian Adams
a8da7f9398 Add support for spec overrides when restoring AWX (#1862) 2024-05-17 15:47:26 -04:00
fluzzykitten
4720d29fda Update k8s_exec and k8s_cp to include container name (#1858) 
Update secrets.yml

We need to specify a container in environments that use sidecar injection, like in the case of istio service mesh. If the container is not specified, and a side car is injected so there are multiple containers running in the pod, this task will fail because a container was not specified in a pod with multiple containers.
 2024-05-16 16:32:38 -04:00
Christian Adams
64e4279d96 Fix innocuous but confusing typo in db management pod task (#1859) 2024-05-16 15:17:39 -04:00
David Hageman
cf61205f49 Create _metrics_utility_secret for metrics utility (#1857) 2024-05-16 13:29:04 -04:00
larsux
e98c913f86 Add postgresql option target_session_attrs (#1847) 
Signed-off-by: Lars Wildemann <lars.wildemann@plusserver.com>
 2024-05-15 18:47:33 +00:00
jamesmarshall24
b49d68ca92 Expose websockets on api prefix v2 (#1842) 
Expose websockets on controller v2
 2024-05-01 15:47:23 -04:00
YaronL16
9638a2b284 Added custom logos by volume mounts documentation (#1840) 2024-05-01 19:34:50 +00:00
Ranvit Bommineni
4fc20de72e add tolerations/nodeselector to migration job template (fixes #1774) (#1804) 
Enable fallback to global settings for db-migration job scheduling (#1804)

Modified the db-migration job template to use `task_*` settings with a fallback to global AWX configurations if not specified.
 2024-05-01 15:10:29 -04:00
Tom Siewert
6fff7cb485 installer: nginx: add missing locales location required by ui_next (#1822) 
The new UI depends on the locales available via ingress/locales which
is being served as static file and not via Django.

A change in the nginx.conf was already done for the dev environment
in commit ec4f10d86881389af12371f90cb75af03417d109 (AWX), but not
here.

Signed-off-by: Tom Siewert <tom.siewert@hetzner.com>
 2024-05-01 15:05:43 -04:00
David Hageman
6baf3a174d Add database secret to metric jobs (#1843) 2024-04-30 16:12:31 -04:00
Dimitri Savineau
ed72dc12b2 Add explicit list filter after rejectattr (#1845) 
With ansible 2.9.27 (operator-sdk v1.27.0) then the rejectattr filter
returns a generator so we need to cast it to list.
The behavior doesn't exist when using a more recent operator-sdk
version like v1.34.0 (ansible-core 2.15.8) but using the list
filter on that version works too (even if not needed)

"<generator object select_or_reject at 0x7fbbf0443728>"

This is a similar issue as 80a9e8c.

TASK [Get the new resource pod information after updating resource.]
********************************
FAILED! => {"msg": "The conditional check '_new_pod['resources'] | rejectattr('metadata.deletionTimestamp', 'defined') | length' failed.
The error was: Unexpected templating type error occurred on ({% if _new_pod['resources'] | rejectattr('metadata.deletionTimestamp', 'defined') | length %} True {% else %} False {% endif %}): object of type 'generator' has no len()

This also removes the unneeded quotes on the when conditions.

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
 2024-04-29 23:35:37 -04:00
Dimitri Savineau
3fa60853a2 backup: Remove default parameter from jinja map (#1839) 
The default paramater from the jinja map filter has been added in the
2.11.0 release.
However, the downstream ansible operator is still using ansible 2.9
with jinja 2.10.x so using the default parameter leads to the
following error:

TASK [Dump ingress tls secret names from awx spec and data into file]
********************************
The error was: jinja2.exceptions.FilterArgumentError: Unexpected
keyword argument 'default'
fatal: [localhost]: FAILED! => {
  "msg": "Unexpected failure during module execution.",
  "stdout": ""
}

Rather than using the default parameter with the map filter then add the
selectattr filter to get only the items with tls_secret defined and then
get the tls_secret attribute with the map filter.

This also gets rid of the when statement since we always get an empty
list when no tls_secret are present in ingress_hosts so the loop statement
will be skipped on the empty list.

Finally this changes the default value from the ingress_hosts field because
it's a list rather than a string.

https://jinja.palletsprojects.com/en/latest/templates/#jinja-filters.map

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
 2024-04-23 10:36:42 -04:00
Florian Sey
f8bbe9f55a Format Markdown list properly in upgrading.md (#1825) 
Ensures the list is properly rendered in readthedocs website.
Improves the documentation to build and serve the docs locally.

Co-authored-by: Florian Sey <florian.sey@neofacto.com>
 2024-04-17 19:15:03 +00:00
dependabot[bot]
c7c7171110 Bump the dependencies group in /docs with 1 update (#1802) 
Bumps the dependencies group in /docs with 1 update: [mkdocs-ansible](https://github.com/ansible/mkdocs-ansible).

Updates `mkdocs-ansible` from 24.2.1 to 24.3.0
- [Release notes](https://github.com/ansible/mkdocs-ansible/releases)
- [Commits](https://github.com/ansible/mkdocs-ansible/compare/v24.2.1...v24.3.0)

---
updated-dependencies:
- dependency-name: mkdocs-ansible
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-17 14:36:32 -04:00
kurokobo
b7370d0e48 docs: add a tip to add extra settings through configmaps or secrets and improve an example for that (#1824) 
* docs: add a tip to add extra settings through configmaps or secrets and improve an example for that
 2024-04-17 14:33:43 -04:00
Hao Liu
0b37f76225 Output debug resource to file in molecule test (#1823) 
- output all relevant k8s resource to file on failure
- output awx job list and job details to file on failure
- output all pod logs to file on failure
- added STORE_DEBUG_OUTPUT to enable debug output gathering
- added DEBUG_OUTPUT_DIR to control where the debug output files will be stored
- when molecule test fail in CI trigger artifact gathering
 2024-04-12 13:52:48 -04:00
aknochow
e6e1025206 adding new variables for redhat hybrid cloud console to metrics-utility (#1816) 
adding new variables for redhat hybrid cloud console shipping
simplifying configmap and secret setup
making pvc creation conditional on ship_target type being directory
 2024-04-11 19:30:39 -04:00
Hao Liu
a5d5028dae Add AWX_EE_TEST_IMAGE option to molecule test (#1819) 2024-04-10 17:43:08 +00:00
kurokobo
413b7003a2 docs: fix incorrect command for getting ingressroutetcp resources (#1778) 2024-04-05 23:07:46 -04:00
Christian Adams
7b02b5df04 Set default for -iness probe parameters and add docs (#1808) 2024-04-03 14:26:41 -04:00
Christian Adams
a5211fe511 Add postgres init container to resolve permissions for some k3s deployments (#1805) 
Add postgres init container if
postgres_data_volume_init is true

This is aimed to solve the issue where users may
need to chmod or chown the postgres
data volume for user 26, which is the user
that is running postgres in the sclorg image.

For example, one can now set the follow on the AWX spec:
spec:
  postgres_init_container_commands: |
    chown 26:0 /var/lib/pgsql/data
    chmod 700 /var/lib/pgsql/data

Deprecate postgres_init_container_resource_requirements param in favor
of postgres_resource_requirements param.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: craph <14820052+craph@users.noreply.github.com>
Co-authored-by: kurokobo <kuro664@gmail.com>
Co-authored-by: Christian M. Adams <chadams@redhat.com>
 2024-04-03 13:19:57 -04:00
Hao Liu
fcbf394272 Fix "external_hostname" should not be required while using Route ingress (#1807) 
Fix "external_hostname" required on OCP
 2024-04-03 16:16:16 +00:00
Christian Adams
7bf49c207a Remove the ability to customize the postgres_data_dir (#1798) 
* in the sclorg Postgresql 15 image, the PGDATA directory is hardcoded
* if users were to modify this directory, they would only change the
  directory the pvc is mounted to, not the directory PostgreSQL uses.
  This would result in loss of data.
* switch from /var/lib/pgsql/data/pgdata to /var/lib/pgsql/data/userdata
 2024-03-31 21:58:33 -04:00
aknochow
3c70598704 setting Metrics-Utility Image to only display when enabled (#1796) 2024-03-27 21:39:11 +00:00
Dimitri Savineau
80a9e8c156 postgresql: Cast sorted_old_postgres_pods as list (#1791) 
With ansible 2.9.27 (operator-sdk v1.27.0) then the reverse filter
returns an iterator so we need to cast it to list.
The behavior doesn't exist when using a more recent operator-sdk
version like v1.34.0 (ansible-core 2.15.8) but using the list
filter on that version works too (even if not needed)

"sorted_old_postgres_pods": "<list_reverseiterator object at 0x7f539eaa5610>"

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
 2024-03-27 14:31:53 -04:00
Don Naro
dc0e86b823 Add noxfile and workflow to test docsite PRs (#1794) 
* add noxfile with mkdocs build session

* add nox build check

* include reusable nox in ci workflow
 2024-03-27 14:29:38 -04:00
kurokobo
07b8120788 fix: add retries to find running web pod (#1787) 2024-03-27 14:25:10 -04:00
kurokobo
a6e7a1bec3 fix: correct readinessProbe for web pod (#1786) 
fix: correct readinesProbe for web pod
 2024-03-27 14:21:23 -04:00
zaki-lknr
809491bce0 docs: add description of init container image definition (#1779) 
* docs: add description of init container image definition

Co-authored-by: kurokobo <kuro664@gmail.com>
 2024-03-27 14:19:48 -04:00
Dimitri Savineau
5e66b6aeb0 csv: Fix metrics utility fields (#1783) 
The metrics utility fields were configured under the statusDescriptors
section rather than specDescriptors so displaying those fields in the
UI wasn't done correctly (not under the Advanced section nor using the
correct field type).

This also changes the `metrics_utility_configmap` descriptor from
`urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap` to
`urn:alm:descriptor:io.kubernetes:ConfigMap` because the first value
doesn't work.

Finally, all metrics utility fields are only displayed (in the Advanced
section) when `metrics_utility_enabled` is enabled (not default).

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
 2024-03-26 09:16:27 -04:00
aknochow
c6fe038fe4 Adding support for ansible metrics-utility (#1754) 
- Adding metadata, storage_class, and pullsecret for metrics-utility
- Updating crd, csv and defaults
- Adding metrics-utility cronjob
 2024-03-20 11:05:13 -04:00
kurokobo
49d7a566b2 docs: add tips about traefik api groups (#1757) 2024-03-14 16:25:44 +00:00
Don Naro
3cf912c998 Add dependabot config to bump doc dependencies (#1758) 2024-03-14 12:13:18 -04:00
Hao Liu
0dbf3ddff8 Add ServiceAccount and ImagePullSecet to migration job (#1763) 
Add ServiceAccount and ImagePullSecet to migration pod
 2024-03-13 20:56:56 +00:00
aknochow
af16e9e73f Updating image pull policy for awx-operator to IfNotPresent (#1761) 2024-03-13 16:51:06 -04:00
Seth Foster
154b801cfc Change default value for postgres_data_path (#1766) 
* Change default value for postgres_data_path

/var/lib/postgresql/data/pgdata
to
/var/lib/pgsql/data/pgdata

postgres 15 uses a different location for
postgres data directory.

Fixes issue were database was not being written
to the mounted in volume, and if the postgres
container restarted, data would be lost.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
---------

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
 2024-03-13 16:17:49 -04:00
Hao Liu
a8acae4af5 Don't delete old postgres 13 volume automatically (#1767) 
Leave old postgres-13 volume alone in case of unforseen upgrade failure for restore purposes

User can manually delete old PVC after verifying upgrade is completed
 2024-03-13 15:23:10 -04:00
Hao Liu
6e31feaa20 Add command when specifying args for postgres (#1765) 
When using args the container defaults to the entrypoint instead of command

causing postgres to be in a crashloop
 2024-03-13 15:16:05 -04:00
Hao Liu
a53a10ad33 Whitelist test and enforce test order (#1762) 
also reduce replica count during test to save CPU/memory
 2024-03-13 13:50:33 -04:00
Christian Adams
d5a3cb7519 Revert change to cast settings values to strings as they could be nested (#1756) 
- We cast the settings value to a string so that it would display
  properly in the Openshift UI. Unfortunately, the k8s validator will no
  longer allow arrays for settings values.
 2024-03-12 11:58:00 -04:00
Christian Adams
ed6ac1a11a Create a new postgres configuration secret when restoring a new instance (#1733) 
- This will avoid the operator changing the host value of the original
  deployments postgres_configuration_secret. As it was, restores broke
  the original deployment if it was still around before this change.

Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2024-03-11 16:34:43 -04:00
Hao Liu
b5d81b8e5d Fix awx_kube_devel (#1759) 
* Fix awx_kube_devel
* Sanitize version name for kube_dev

When in development mode, awx version may look
like 23.9.1.dev18+gee9eac15dc.d20240311

k8s job to the migration can only have
a name with alphanumeric, and '.', '-'

so we can just drop off the +

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

---------

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Seth Foster <fosterbseth@gmail.com>
 2024-03-11 19:01:00 +00:00
bartowl
3abeec518a Bind EE images version with DEFAULT_AWX_VERSION (#1740) 
* bind ee_images, control_plane_ee_image and init_container_image with DEFAULT_AWX_VERSION instead of "latest"

* fix when condition on init_container_image_version check

* Use DEFAULT_AWX_VERSION for AWXMeshIngress

* Add back AWX EE latest for backward compatibility

---------

Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
 2024-03-11 14:12:10 -04:00
Christian Adams
d2c4b9c8a4 The pg service label_selector now uses the deployment_type variable (#1755) 2024-03-08 09:02:31 -05:00
Christian Adams
2ad1d25120 Update PostgreSQL docs about finding default version (#1747) 2024-03-07 21:47:18 -05:00
Hao Liu
26e72b4e1d Fix undefined external_hostname when using Route (#1753) 2024-03-07 22:53:48 +00:00
Hao Liu
3434cbef96 AWXMeshIngress route respect external_hostname (#1752) 
* AwxMeshIngress route respect external_hostname
* Set host in AWXMeshIngress route if external_hostname is defined
 2024-03-07 15:43:06 -05:00
David Hageman
256d84a42a Add imagePullSecrets option to Mesh Ingress (#1750) 2024-03-07 13:17:39 -05:00
kurokobo
03cfe14c07 fix: extend expiration date for the certs for receptor nodes to 10 years (#1744) 2024-03-06 19:52:04 +00:00
Tyler Muir
82c7dd2f44 add support for defining loadbalancer class (#1746) 2024-03-06 14:35:16 -05:00
Erez Samimi
818b3682fa Fix table format in container-probes.md (#1748) 2024-03-06 19:28:46 +00:00
David Hageman
ffba1b4712 Add -ness checks and refactor migrations (#1674) 2024-03-05 19:54:22 -05:00
kurokobo
dba934daa0 fix: revert type of status.upgradedPostgresVersion to string (#1745) 2024-03-04 15:55:16 -05:00
aknochow
d0827ba426 Fixing postgres upgrade conditional (#1741) 2024-03-01 17:09:15 -05:00
kurokobo
16b2f2a34f fix: correct unsafe conditional (#1737) 2024-03-01 20:54:40 +00:00
John Westcott IV
607a7ca58c Upgrading to PostgreSQL 15 and moving to sclorg images (#1486) 
* Upgrading to postgres:15
* Changing image from postgres to sclorg
* Handle scenario where upgrade status is not defined & correct pg tag
* Rework the upgrade logic to be more resiliant for multiple upgrades

---------

Co-authored-by: john-westcott-iv <john-westcott-iv@users.noreply.github.com>
Co-authored-by: Christian M. Adams <chadams@redhat.com>
 2024-02-29 17:02:11 -05:00
kurokobo
d11d66e81d docs: enable search feature (#1725) 2024-02-28 19:46:04 +00:00
Christian Adams
7a937b0932 Expose extra_settings in OLM UI form (#1732) 
Expose extra_settings in olm UI form

Signed-off-by: Christian M. Adams <chadams@redhat.com>
 2024-02-28 14:35:05 -05:00
Don Naro
e1c0e33b4f Use pip tools to generate the full dependency tree (#1727) 
* add venv to gitignore

* use pip compiled docs requirements
 2024-02-28 14:33:29 -05:00
Neev Geffen
cf905ca5d0 CSV Change Descriptor of StorageClass From Text to StorageClass (#1729) 
Update awx-operator.clusterserviceversion.yaml:
Some Descriptors for StorageClasses were set as text and not Storage Class
 2024-02-28 19:19:24 +00:00
Hao Liu
630a5ee1f3 Fix bug where uppercase Route fails (#1731) 2024-02-26 17:17:37 +00:00
Matt Miller
3d78e90ab1 Update Dockerfile operator-framework/ansible-operator to v1.34.0 (#1714) 
Update Dockerfile base image

* Vulnerability scans against this image when deployed shows: CVE-2023-4911
* https://quay.io/repository/operator-framework/ansible-operator/manifest/sha256:f08f675976f42dc3a8ebbb8482acea153a8f57232e2ee48940e3d40ca40d24d9?tab=vulnerabilities
* It appears if 5f3d9ed96f/Dockerfile (L1C14-L1C49) is updated to `v1.34.0` this vulnerability is mitigated.
 2024-02-21 14:50:08 -05:00
kurokobo
3981e6ba5e fix: correct indentation for annotations for awxmeshingress (#1723) 
fix: correct indentation for annotations
 2024-02-21 19:46:34 +00:00
kurokobo
ac682a9c05 docs: improve documentation for awxmeshingress (#1724) 
* add descriptions and examples for awxmeshingress
* convert list to table
* add note for image
* correct minor wording issues
* apply suggested changes from code review for docs/user-guide/advanced-configuration/mesh-ingress.md

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
 2024-02-21 14:36:50 -05:00
kurokobo
7bdf48ffc0 docs: add description for --force-conflicts option to upgrade crds (#1717) 2024-02-21 14:31:32 -05:00
Seth Foster
fc11db4ece Fix syntax error in mesh ingress docs (#1720) 
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-02-16 17:16:28 +00:00
TVo
148309325e Separate out the custom receptor CA section to its own section. (#1707) 2024-02-16 10:06:05 -07:00
Hao Liu
82756ebfe7 Add new doc for AWXMeshIngress (#1706) 
* Add new doc for AWXMeshIngress

* Update docs/user-guide/advanced-configuration/mesh-ingress.md

Co-authored-by: TVo <thavo@redhat.com>

* Update docs/user-guide/advanced-configuration/mesh-ingress.md

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

* Update docs/user-guide/advanced-configuration/mesh-ingress.md

Co-authored-by: TVo <thavo@redhat.com>

* Update docs/user-guide/advanced-configuration/mesh-ingress.md

Co-authored-by: TVo <thavo@redhat.com>

* Update mesh-ingress.md

* Update mesh-ingress.md

* Grammar on line 48

---------

Co-authored-by: TVo <thavo@redhat.com>
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
 2024-02-15 13:07:35 -07:00
kurokobo
a9cee5f4da fix: revert removal trim symbol before endif (#1715) 2024-02-15 17:02:48 +00:00
Chris Meyers
5f3d9ed96f More locked down websocket path 
* Previously, the nginx location would match on /foo/websocket... or
  /foo/api/websocket... Now, we require these two paths to start at the
  root i.e. <host>/websocket/... /api/websocket/...
* Note: We now also require an ending / and do NOT support
  <host>/websocket_foobar but DO support <host>/websocket/foobar. This
  was always the intended behavior. We want to keep
  <host>/api/websocket/... "open" and routing to daphne in case we want
  to add more websocket urls in the future.
 2024-02-13 15:53:34 -05:00
Chris Meyers
1eb8501430 Allow connecting to websockets via api/websocket/ 
* Before, we just allowed websockets on <host>/websocket/. With this
  change, they can now come from <host>/api/websocket/
 2024-02-13 10:20:50 -05:00
Christian Adams
ecbb16960f Remove empty statusDescriptor because it fails validation (#1708) 2024-02-09 23:22:56 -05:00
Stéphane Bilqué
368f786244 add 'customSecrets' and 'customVolumes' values to Helm Chart to simplifies the creation of ressources for PoC (#1690) 2024-02-07 15:10:21 -05:00
Hao Liu
e4fe1ee214 Update helm-chart README (#1704) 
- fix link to doc
- add Caveats on upgrading existing installation
 2024-02-07 14:32:19 -05:00
Hao Liu
0d1fa239a5 Fix api version in awxmeshingress-demo.yml (#1700) 
Update awxmeshingress-demo.yml
 2024-02-02 11:50:09 -05:00
Hao Liu
8a51fe9285 Add AWXMeshIngress description to CSV (#1703) 2024-02-02 10:58:57 -05:00
Hao Liu
33c64d5695 Add support annotation to CSV (#1702) 2024-02-01 15:01:15 -05:00
146 changed files with 3483 additions and 1645 deletions
Expand all files Collapse all files

23
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,23 @@
version: 2
updates:
- package-ecosystem: "pip"
directory: "/docs"
groups:
dependencies:
patterns:
- "*"
schedule:
interval: "weekly"
labels:
- "component:docs"
- "dependencies"
- package-ecosystem: "github-actions"
directory: "/"
groups:
dependencies:
patterns:
- "*"
schedule:
interval: "weekly"
labels:
- "dependencies"

58
.github/workflows/ci.yaml vendored
View File

@@ -17,10 +17,11 @@ jobs:
- -t replicas - -t replicas
env: env:
DOCKER_API_VERSION: "1.41" DOCKER_API_VERSION: "1.41"
DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- uses: actions/setup-python@v4 - uses: actions/setup-python@v5
with: with:
python-version: "3.8" python-version: "3.8"
@@ -37,58 +38,23 @@ jobs:
MOLECULE_VERBOSITY: 3 MOLECULE_VERBOSITY: 3
PY_COLORS: '1' PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1' ANSIBLE_FORCE_COLOR: '1'
STORE_DEBUG_OUTPUT: true
run: | run: |
sudo rm -f $(which kustomize) sudo rm -f $(which kustomize)
make kustomize make kustomize
KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind -- ${{ matrix.ansible_args }} KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind -- ${{ matrix.ansible_args }}
helm:
runs-on: ubuntu-latest - name: Upload artifacts for failed tests if Run Molecule fails
name: helm if: failure()
steps: uses: actions/upload-artifact@v4
- uses: actions/checkout@v3
with: with:
fetch-depth: 0 name: awx_operator_molecule_test
path: ${{ env.DEBUG_OUTPUT_DIR }}
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1.8.0
- name: Build operator image and load into kind
run: |
IMG=awx-operator-ci make docker-build
kind load docker-image --name chart-testing awx-operator-ci
- name: Patch pull policy for tests
run: |
kustomize edit add patch --path ../testing/pull_policy/Never.yaml
working-directory: config/default
- name: Build and lint helm chart
run: |
IMG=awx-operator-ci make helm-chart
helm lint ./charts/awx-operator
- name: Install kubeval
run: |
mkdir tmp && cd tmp
wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
tar xf kubeval-linux-amd64.tar.gz
sudo cp kubeval /usr/local/bin
working-directory: ./charts
- name: Run kubeval
run: |
helm template -n awx awx-operator > tmp/test.yaml
kubeval --strict --force-color --ignore-missing-schemas tmp/test.yaml
working-directory: ./charts
- name: Install helm chart
run: |
helm install --wait my-awx-operator --namespace awx --create-namespace ./charts/awx-operator
no-log: no-log:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout sources - name: Checkout sources
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Check no_log statements - name: Check no_log statements
run: | run: |
@@ -99,3 +65,5 @@ jobs:
echo "${no_log}" echo "${no_log}"
exit 1 exit 1
fi fi
nox-sessions:
uses: ./.github/workflows/reusable-nox.yml

6
.github/workflows/devel.yaml vendored
View File

@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Push devel image name: Push devel image
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Fail if QUAY_REGISTRY not set - name: Fail if QUAY_REGISTRY not set
run: | run: |
@@ -21,7 +21,7 @@ jobs:
fi fi
- name: Log into registry ghcr.io - name: Log into registry ghcr.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -29,7 +29,7 @@ jobs:
- name: Log into registry quay.io - name: Log into registry quay.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
registry: ${{ vars.QUAY_REGISTRY }} registry: ${{ vars.QUAY_REGISTRY }}
username: ${{ secrets.QUAY_USER }} username: ${{ secrets.QUAY_USER }}

2
.github/workflows/feature.yml vendored
View File

@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Push devel image name: Push devel image
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 # needed so that git describe --tag works fetch-depth: 0 # needed so that git describe --tag works

6
.github/workflows/label_issue.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
steps: steps:
- name: Label Issue - Needs Triage - name: Label Issue - Needs Triage
uses: github/issue-labeler@v2.4.1 uses: github/issue-labeler@v3.4
with: with:
repo-token: "${{ secrets.GITHUB_TOKEN }}" repo-token: "${{ secrets.GITHUB_TOKEN }}"
not-before: 2021-12-07T07:00:00Z not-before: 2021-12-07T07:00:00Z
@@ -26,8 +26,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Label Issue - Community name: Label Issue - Community
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- uses: actions/setup-python@v4 - uses: actions/setup-python@v5
- name: Install python requests - name: Install python requests
run: pip install requests run: pip install requests
- name: Check if user is a member of Ansible org - name: Check if user is a member of Ansible org

19
.github/workflows/label_pr.yml vendored
View File

@@ -12,10 +12,20 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Label PR - Community name: Label PR - Community
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- uses: actions/setup-python@v4 with:
- name: Install python requests ref: test-python-module-fix
run: pip install requests
- uses: actions/setup-python@v5
- name: Create a virtual environment
run: python3 -m venv venv
- name: Activate virtual environment and install dependencies
run: |
source venv/bin/activate
pip3 install requests
- name: Check if user is a member of Ansible org - name: Check if user is a member of Ansible org
uses: jannekem/run-python-script-action@v1 uses: jannekem/run-python-script-action@v1
id: check_user id: check_user
@@ -32,6 +42,7 @@ jobs:
print("User is member") print("User is member")
else: else:
print("User is community") print("User is community")
- name: Add community label if not a member - name: Add community label if not a member
if: contains(steps.check_user.outputs.stdout, 'community') if: contains(steps.check_user.outputs.stdout, 'community')
uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90

17
.github/workflows/promote.yaml vendored
View File

@@ -37,13 +37,13 @@ jobs:
exit 1 exit 1
fi fi
- uses: actions/checkout@v3 - uses: actions/checkout@v4
with: with:
depth: 0 depth: 0
- name: Log into registry ghcr.io - name: Log into registry ghcr.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -51,7 +51,7 @@ jobs:
- name: Log into registry quay.io - name: Log into registry quay.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
registry: ${{ env.QUAY_REGISTRY }} registry: ${{ env.QUAY_REGISTRY }}
username: ${{ secrets.QUAY_USER }} username: ${{ secrets.QUAY_USER }}
@@ -70,14 +70,3 @@ jobs:
docker buildx imagetools create \ docker buildx imagetools create \
ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \ ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
--tag ${{ env.QUAY_REGISTRY }}/awx-operator:latest --tag ${{ env.QUAY_REGISTRY }}/awx-operator:latest
- name: Release Helm chart
run: |
ansible-playbook ansible/helm-release.yml -v \
-e operator_image=${{ env.QUAY_REGISTRY }}/awx-operator \
-e chart_owner=${{ github.repository_owner }} \
-e tag=${{ env.TAG_NAME }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
-e gh_user=${{ github.actor }} \
-e repo_type=https

26
.github/workflows/publish-helm.yml vendored
View File

@@ -1,26 +0,0 @@
---
name: Re-publish helm chart
on:
workflow_dispatch:
inputs:
tag:
description: 'Release tag'
required: true
type: string
jobs:
promote:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
depth: 0
- name: Release Helm chart
run: |
ansible-playbook ansible/helm-release.yml -v \
-e operator_image=quay.io/${{ github.repository }} \
-e chart_owner=${{ github.repository_owner }} \
-e tag=${{ inputs.tag }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
-e gh_user=${{ github.actor }} \
-e repo_type=https

26
.github/workflows/reusable-nox.yml vendored Normal file
View File

@@ -0,0 +1,26 @@
---
name: nox
"on":
workflow_call:
jobs:
nox:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- session: build
python-versions: "3.11"
name: "Run nox ${{ matrix.session }} session"
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Setup nox
uses: wntrblm/nox@2024.04.15
with:
python-versions: "${{ matrix.python-versions }}"
- name: "Run nox -s ${{ matrix.session }}"
run: |
nox -s "${{ matrix.session }}"

4
.github/workflows/stage.yml vendored
View File

@@ -38,7 +38,7 @@ jobs:
exit 0 exit 0
- name: Checkout awx-operator - name: Checkout awx-operator
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
repository: ${{ github.repository_owner }}/awx-operator repository: ${{ github.repository_owner }}/awx-operator
path: awx-operator path: awx-operator
@@ -48,7 +48,7 @@ jobs:
python3 -m pip install docker python3 -m pip install docker
- name: Log into registry ghcr.io - name: Log into registry ghcr.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}

1
.gitignore vendored
View File

@@ -10,3 +10,4 @@ gh-pages/
.vscode/ .vscode/
__pycache__ __pycache__
/site /site
venv/*

23
.helm/starter/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

7
.helm/starter/Chart.yaml
View File

@@ -1,7 +0,0 @@
---
apiVersion: v2
appVersion: 0.1.0
description: A Helm chart for Kubernetes
name: starter
type: application
version: 0.1.0

126
.helm/starter/README.md
View File

@@ -1,126 +0,0 @@
# AWX Operator Helm Chart
This chart installs the AWX Operator resources configured in [this](https://github.com/ansible/awx-operator) repository.
## Getting Started
To configure your AWX resource using this chart, create your own `yaml` values file. The name is up to personal preference since it will explicitly be passed into the helm chart. Helm will merge whatever values you specify in your file with the default `values.yaml`, overriding any settings you've changed while allowing you to fall back on defaults. Because of this functionality, `values.yaml` should not be edited directly.
In your values config, enable `AWX.enabled` and add `AWX.spec` values based on the awx operator's [documentation](https://github.com/ansible/awx-operator/blob/devel/README.md). Consult the docs below for additional functionality.
### Installing
The operator's [helm install](https://github.com/ansible/awx-operator/blob/devel/README.md#helm-install-on-existing-cluster) guide provides key installation instructions.
Example:
```
helm install my-awx-operator awx-operator/awx-operator -n awx --create-namespace -f myvalues.yaml
```
Argument breakdown:
* `-f` passes in the file with your custom values
* `-n` sets the namespace to be installed in
* This value is accessed by `{{ $.Release.Namespace }}` in the templates
* Acts as the default namespace for all unspecified resources
* `--create-namespace` specifies that helm should create the namespace before installing
To update an existing installation, use `helm upgrade` instead of `install`. The rest of the syntax remains the same.
## Configuration
The goal of adding helm configurations is to abstract out and simplify the creation of multi-resource configs. The `AWX.spec` field maps directly to the spec configs of the `AWX` resource that the operator provides, which are detailed in the [main README](https://github.com/ansible/awx-operator/blob/devel/README.md). Other sub-config can be added with the goal of simplifying more involved setups that require additional resources to be specified.
These sub-headers aim to be a more intuitive entrypoint into customizing your deployment, and are easier to manage in the long-term. By design, the helm templates will defer to the manually defined specs to avoid configuration conflicts. For example, if `AWX.spec.postgres_configuration_secret` is being used, the `AWX.postgres` settings will not be applied, even if enabled.
### External Postgres
The `AWX.postgres` section simplifies the creation of the external postgres secret. If enabled, the configs provided will automatically be placed in a `postgres-config` secret and linked to the `AWX` resource. For proper secret management, the `AWX.postgres.password` value, and any other sensitive values, can be passed in at the command line rather than specified in code. Use the `--set` argument with `helm install`. Supplying the password this way is not recommended for production use, but may be helpful for initial PoC.
### Additional Kubernetes Resources
The `AWX.extraDeploy` section allows the creation of additional Kubernetes resources. This simplifies setups requiring additional objects that are used by AWX, e.g. using `ExternalSecrets` to create Kubernetes secrets.
Resources are passed as an array, either as YAML or strings (literal "|"). The resources are passed through `tpl`, so templating is possible. Example:
```yaml
AWX:
# enable use of awx-deploy template
...
# configurations for external postgres instance
postgres:
enabled: false
...
extraDeploy:
- |
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: {{ .Release.Name }}-postgres-secret-string-example
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Release.Name }}
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
refreshInterval: "1h"
target:
name: postgres-configuration-secret-string-example
creationPolicy: "Owner"
deletionPolicy: "Delete"
dataFrom:
- extract:
key: awx/postgres-configuration-secret
- apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "{{ .Release.Name }}-postgres-secret-yaml-example"
namespace: "{{ .Release.Namespace }}"
labels:
app: "{{ .Release.Name }}"
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
refreshInterval: "1h"
target:
name: postgres-configuration-secret-yaml-example
creationPolicy: "Owner"
deletionPolicy: "Delete"
dataFrom:
- extract:
key: awx/postgres-configuration-secret
```
## Values Summary
### AWX
| Value | Description | Default |
|---|---|---|
| `AWX.enabled` | Enable this AWX resource configuration | `false` |
| `AWX.name` | The name of the AWX resource and default prefix for other resources | `"awx"` |
| `AWX.spec` | specs to directly configure the AWX resource | `{}` |
| `AWX.postgres` | configurations for the external postgres secret | - |
### extraDeploy
| Value | Description | Default |
|---|---|---|
| `extraDeploy` | array of additional resources to be deployed (supports YAML or literal "\|") | - |
# Contributing
## Adding abstracted sections
Where possible, defer to `AWX.spec` configs before applying the abstracted configs to avoid collision. This can be facilitated by the `(hasKey .spec what_i_will_abstract)` check.
## Building and Testing
This chart is built using the Makefile in the [awx-operator repo](https://github.com/ansible/awx-operator). Clone the repo and run `make helm-chart`. This will create the awx-operator chart in the `charts/awx-operator` directory. In this process, the contents of the `.helm/starter` directory will be added to the chart.
## Future Goals
All values under the `AWX` header are focused on configurations that use the operator. Configurations that relate to the Operator itself could be placed under an `Operator` heading, but that may add a layer of complication over current development.
# Chart Publishing
The chart is currently hosted on the gh-pages branch of the repo. During the release pipeline, the `index.yaml` stored in that branch is generated with helm chart entries from all valid tags. We are currently unable to use the `chart-releaser` pipeline due to the fact that the complete helm chart is not committed to the repo and is instead built during the release process. Therefore, the cr action is unable to compare against previous versions.
Instead of CR, we use `helm repo index` to generate an index from all locally pulled chart versions. Since we build from scratch every time, the timestamps of all entries will be updated. This could be improved by using yq or something similar to detect which tags are already in the index.yaml file, and only merge in tags that are not present.
Not using CR could be addressed in the future by keeping the chart built as a part of releases, as long as CR compares the chart to previous release packages rather than previous commits. If the latter is the case, then we would not have the necessary history for comparison.

6
.helm/starter/templates/_helpers.tpl
View File

@@ -1,6 +0,0 @@
{{/*
Generate the name of the postgres secret, expects AWX context passed in
*/}}
{{- define "postgres.secretName" -}}
{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }}
{{- end }}

24
.helm/starter/templates/awx-deploy.yaml
View File

@@ -1,24 +0,0 @@
{{- if $.Values.AWX.enabled }}
{{- with .Values.AWX }}
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
spec:
{{- /* Include raw map from the values file spec */}}
{{ .spec | toYaml | indent 2 }}
{{- /* Provide security context defaults */}}
{{- if not (hasKey .spec "security_context_settings") }}
security_context_settings:
runAsGroup: 0
runAsUser: 0
fsGroup: 0
fsGroupChangePolicy: OnRootMismatch
{{- end }}
{{- /* Postgres configs if enabled and not already present */}}
{{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }}
postgres_configuration_secret: {{ include "postgres.secretName" $ }}
{{- end }}
{{- end }}
{{- end }}

8
.helm/starter/templates/extra-list.yaml
View File

@@ -1,8 +0,0 @@
{{- range .Values.extraDeploy }}
---
{{- if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (. | toYaml | nindent 0) $ }}
{{- end }}
{{- end }}

18
.helm/starter/templates/postgres-config.yaml
View File

@@ -1,18 +0,0 @@
{{- if and $.Values.AWX.enabled $.Values.AWX.postgres.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "postgres.secretName" . }}
namespace: {{ $.Release.Namespace }}
{{- with $.Values.AWX.postgres }}
stringData:
host: {{ .host }}
port: {{ .port | quote }}
database: {{ .dbName }}
username: {{ .username }}
password: {{ .password }}
sslmode: {{ .sslmode }}
type: {{ .type }}
type: Opaque
{{- end }}
{{- end }}

19
.helm/starter/values.yaml
View File

@@ -1,19 +0,0 @@
AWX:
# enable use of awx-deploy template
enabled: false
name: awx
spec:
admin_user: admin
# configurations for external postgres instance
postgres:
enabled: false
host: Unset
port: 5678
dbName: Unset
username: admin
# for secret management, pass in the password independently of this file
# at the command line, use --set AWX.postgres.password
password: Unset
sslmode: prefer
type: unmanaged

1
.yamllint
View File

@@ -6,7 +6,6 @@ ignore: |
kustomization.yaml kustomization.yaml
awx-operator.clusterserviceversion.yaml awx-operator.clusterserviceversion.yaml
bundle bundle
.helm/starter
hacking/ hacking/
rules: rules:

20
CONTRIBUTING.md
View File

@@ -6,13 +6,15 @@ Have questions about this document or anything not covered here? Please file a n
## Table of contents ## Table of contents
* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code) - [AWX-Operator Contributing Guidelines](#awx-operator-contributing-guidelines)
* [Submmiting your Work](#submitting-your-work) - [Table of contents](#table-of-contents)
* [Testing](#testing) - [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
* [Testing in Docker](#testing-in-docker) - [Submmiting your work](#submmiting-your-work)
* [Testing in Minikube](#testing-in-minikube) - [Testing](#testing)
* [Generating a bundle](#generating-a-bundle) - [Testing in Kind](#testing-in-kind)
* [Reporting Issues](#reporting-issues) - [Testing in Minikube](#testing-in-minikube)
- [Generating a bundle](#generating-a-bundle)
- [Reporting Issues](#reporting-issues)
## Things to know prior to submitting code ## Things to know prior to submitting code
@@ -44,12 +46,12 @@ Have questions about this document or anything not covered here? Please file a n
## Testing ## Testing
This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube). This Operator includes a [Molecule](https://ansible.readthedocs.io/projects/molecule/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
You need to make sure you have Molecule installed before running the following commands. You can install Molecule with: You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:
```sh ```sh
#> pip install 'molecule[docker]' #> python -m pip install molecule-plugins[docker]
``` ```
Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker). Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM quay.io/operator-framework/ansible-operator:v1.32.0 FROM quay.io/operator-framework/ansible-operator:v1.34.2
USER root USER root
RUN dnf update --security --bugfix -y && \ RUN dnf update --security --bugfix -y && \

203
Makefile
View File

@@ -8,13 +8,6 @@ PREV_VERSION ?= $(shell git describe --abbrev=0 --tags $(shell git rev-list --ta
CONTAINER_CMD ?= docker CONTAINER_CMD ?= docker
# GNU vs BSD in-place sed
ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
SED_I := sed -i
else
SED_I := sed -i ''
endif
# CHANNELS define the bundle channels used in the bundle. # CHANNELS define the bundle channels used in the bundle.
# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
# To re-generate a bundle for other specific channels without changing the standard setup, you can: # To re-generate a bundle for other specific channels without changing the standard setup, you can:
@@ -60,15 +53,6 @@ endif
IMG ?= $(IMAGE_TAG_BASE):$(VERSION) IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
NAMESPACE ?= awx NAMESPACE ?= awx
# Helm variables
CHART_NAME ?= awx-operator
CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
CHART_OWNER ?= $(GH_REPO_OWNER)
CHART_REPO ?= awx-operator
CHART_BRANCH ?= gh-pages
CHART_DIR ?= gh-pages
CHART_INDEX ?= index.yaml
.PHONY: all .PHONY: all
all: docker-build all: docker-build
@@ -177,7 +161,7 @@ ifeq (,$(shell which operator-sdk 2>/dev/null))
@{ \ @{ \
set -e ;\ set -e ;\
mkdir -p $(dir $(OPERATOR_SDK)) ;\ mkdir -p $(dir $(OPERATOR_SDK)) ;\
curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.33.0/operator-sdk_$(OS)_$(ARCHA) ;\ curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.34.2/operator-sdk_$(OS)_$(ARCHA) ;\
chmod +x $(OPERATOR_SDK) ;\ chmod +x $(OPERATOR_SDK) ;\
} }
else else
@@ -255,188 +239,3 @@ catalog-build: opm ## Build a catalog image.
.PHONY: catalog-push .PHONY: catalog-push
catalog-push: ## Push a catalog image. catalog-push: ## Push a catalog image.
$(MAKE) docker-push IMG=$(CATALOG_IMG) $(MAKE) docker-push IMG=$(CATALOG_IMG)
.PHONY: kubectl-slice
KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice
kubectl-slice: ## Download kubectl-slice locally if necessary.
ifeq (,$(wildcard $(KUBECTL_SLICE)))
ifeq (,$(shell which kubectl-slice 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \
tar xzf - -C bin/ kubectl-slice ;\
}
else
KUBECTL_SLICE = $(shell which kubectl-slice)
endif
endif
.PHONY: helm
HELM = $(shell pwd)/bin/helm
helm: ## Download helm locally if necessary.
ifeq (,$(wildcard $(HELM)))
ifeq (,$(shell which helm 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(HELM)) ;\
curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \
tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\
mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\
rmdir bin/$(OS)-$(ARCHA) ;\
}
else
HELM = $(shell which helm)
endif
endif
.PHONY: yq
YQ = $(shell pwd)/bin/yq
yq: ## Download yq locally if necessary.
ifeq (,$(wildcard $(YQ)))
ifeq (,$(shell which yq 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(HELM)) ;\
curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ ;\
mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\
}
else
YQ = $(shell which yq)
endif
endif
PHONY: cr
CR = $(shell pwd)/bin/cr
cr: ## Download cr locally if necessary.
ifeq (,$(wildcard $(CR)))
ifeq (,$(shell which cr 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(CR)) ;\
curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ cr ;\
}
else
CR = $(shell which cr)
endif
endif
charts:
mkdir -p $@
.PHONY: helm-chart
helm-chart: helm-chart-generate
.PHONY: helm-chart-generate
helm-chart-generate: kustomize helm kubectl-slice yq charts
@echo "== KUSTOMIZE: Set image and chart label =="
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
cd config/manager && $(KUSTOMIZE) edit set label helm.sh/chart:$(CHART_NAME)
cd config/default && $(KUSTOMIZE) edit set label helm.sh/chart:$(CHART_NAME)
@echo "== Gather Helm Chart Metadata =="
# remove the existing chart if it exists
rm -rf charts/$(CHART_NAME)
# create new chart metadata in Chart.yaml
cd charts && \
$(HELM) create awx-operator --starter $(shell pwd)/.helm/starter ;\
$(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\
$(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\
$(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\
@echo "Generated chart metadata:"
@cat charts/$(CHART_NAME)/Chart.yaml
@echo "== KUSTOMIZE: Generate resources and slice into templates =="
# place in raw-files directory so they can be modified while they are valid yaml - as soon as they are in templates/,
# wild cards pick up the actual templates, which are not real yaml and can't have yq run on them.
$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \
$(KUBECTL_SLICE) --input-file=- \
--output-dir=charts/$(CHART_NAME)/raw-files \
--sort-by-kind
@echo "== GIT: Reset kustomize configs =="
# reset kustomize configs following kustomize build
git checkout -f config/.
@echo "== Build Templates and CRDS =="
# Delete metadata.namespace, release namespace will be automatically inserted by helm
for file in charts/$(CHART_NAME)/raw-files/*; do\
$(YQ) -i 'del(.metadata.namespace)' $${file};\
done
# Correct namespace for rolebinding to be release namespace, this must be explicit
for file in charts/$(CHART_NAME)/raw-files/*rolebinding*; do\
$(YQ) -i '.subjects[0].namespace = "{{ .Release.Namespace }}"' $${file};\
done
# Correct .metadata.name for cluster scoped resources
cluster_scoped_files="charts/$(CHART_NAME)/raw-files/clusterrolebinding-awx-operator-proxy-rolebinding.yaml charts/$(CHART_NAME)/raw-files/clusterrole-awx-operator-metrics-reader.yaml charts/$(CHART_NAME)/raw-files/clusterrole-awx-operator-proxy-role.yaml";\
for file in $${cluster_scoped_files}; do\
$(YQ) -i '.metadata.name += "-{{ .Release.Name }}"' $${file};\
done
# Correct the reference for the clusterrolebinding
$(YQ) -i '.roleRef.name += "-{{ .Release.Name }}"' 'charts/$(CHART_NAME)/raw-files/clusterrolebinding-awx-operator-proxy-rolebinding.yaml'
# move all custom resource definitions to crds folder
mkdir charts/$(CHART_NAME)/crds
mv charts/$(CHART_NAME)/raw-files/customresourcedefinition*.yaml charts/$(CHART_NAME)/crds/.
# remove any namespace definitions
rm -f charts/$(CHART_NAME)/raw-files/namespace*.yaml
# move remaining resources to helm templates
mv charts/$(CHART_NAME)/raw-files/* charts/$(CHART_NAME)/templates/.
# remove the raw-files folder
rm -rf charts/$(CHART_NAME)/raw-files
# create and populate NOTES.txt
@echo "AWX Operator installed with Helm Chart version $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt
@echo "Helm chart successfully configured for $(CHART_NAME) version $(VERSION)"
.PHONY: helm-package
helm-package: helm-chart
@echo "== Package Current Chart Version =="
mkdir -p .cr-release-packages
# package the chart and put it in .cr-release-packages dir
$(HELM) package ./charts/awx-operator -d .cr-release-packages/$(VERSION)
# List all tags oldest to newest.
TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3)
# The actual release happens in ansible/helm-release.yml, which calls this targer
# until https://github.com/helm/chart-releaser/issues/122 happens, chart-releaser is not ideal for a chart
# that is contained within a larger repo, where a tag may not require a new chart version
.PHONY: helm-index
helm-index:
# when running in CI the gh-pages branch is checked out by the ansible playbook
# TODO: test if gh-pages directory exists and if not exist
@echo "== GENERATE INDEX FILE =="
# This step to workaround issues with old releases being dropped.
# Until https://github.com/helm/chart-releaser/issues/133 happens
@echo "== CHART FETCH previous releases =="
# Download all old releases
mkdir -p .cr-release-packages
for tag in $(TAGS); do\
dl_url="https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/$${tag}/$(CHART_REPO)-$${tag}.tgz";\
echo "Downloading $${tag} from $${dl_url}";\
curl -RLOs -z "$(CHART_REPO)-$${tag}.tgz" --fail $${dl_url};\
result=$$?;\
if [ $${result} -eq 0 ]; then\
echo "Downloaded $${dl_url}";\
mkdir -p .cr-release-packages/$${tag};\
mv ./$(CHART_REPO)-$${tag}.tgz .cr-release-packages/$${tag};\
else\
echo "Skipping release $${tag}; No helm chart present";\
rm -rf "$(CHART_REPO)-$${tag}.tgz";\
fi;\
done;\
# generate the index file in the root of the gh-pages branch
# --merge will leave any values in index.yaml that don't get generated by this command, but
# it is likely that all values are overridden
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml
mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml

47
README.md
View File

@@ -3,35 +3,22 @@
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions) [![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions)
[![Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-yellow.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) [![Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-yellow.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
[![AWX Mailing List](https://img.shields.io/badge/mailing%20list-AWX-orange.svg)](https://groups.google.com/g/awx-project)
[![IRC Chat - #ansible-awx](https://img.shields.io/badge/IRC-%23ansible--awx-blueviolet.svg)](https://libera.chat)
An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible. An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible.
<!-- Regenerate this table of contents using https://github.com/ekalinin/github-markdown-toc --> The AWX Operator is meant to be deployed in your Kubernetes cluster(s) and can be used to install and manage the lifecycle of an AWX instance in the same namespace.
<!-- gh-md-toc --insert README.md -->
<!--ts-->
# AWX Operator Documentation ## Documentation
The AWX Operator documentation is now available at https://awx-operator.readthedocs.io/ The AWX Operator documentation is available at <https://ansible.readthedocs.io/projects/awx-operator/>
For docs changes, create PRs on the appropriate files in the /docs folder. > Helm chart documentation is available at <https://ansible-community.github.io/awx-operator-helm/>
## Contributing ## Contributing
Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md). Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).
## Release Process For docs changes, create PRs on the appropriate files in the `/docs` folder.
The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you don't need to do it as a separate step.
If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually.
After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, which will:
- Publish image to Quay
- Release Helm chart
## Author ## Author
@@ -43,7 +30,25 @@ We ask all of our community members and contributors to adhere to the [Ansible c
## Get Involved ## Get Involved
We welcome your feedback and ideas. The AWX operator uses the same mailing list and IRC channel as AWX itself. Here's how to reach us with feedback and questions: We welcome your feedback, questions and ideas. Here's how to reach the community.
- Join the [Ansible AWX channel on Matrix](https://matrix.to/#/#awx:ansible.com) ### Forum
- Join the [Ansible Community Forum](https://forum.ansible.com)
Join the [Ansible Forum](https://forum.ansible.com) as a single starting point and our default communication platform for questions and help, development discussions, events, and much more. [Register](https://forum.ansible.com/signup?) to join the community. Search by categories and tags to find interesting topics or start a new one; subscribe only to topics you need!
* [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example `awx-operator` and `documentation`.
* [Posts tagged with 'awx-operator'](https://forum.ansible.com/tag/awx-operator): subscribe to participate in project-related conversations.
* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn) used to announce releases and important changes.
* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
For more information on the forum navigation, see [Navigating the Ansible forum](https://forum.ansible.com/t/navigating-the-ansible-forum-tags-categories-and-concepts/39) post.
### Matrix
For real-time interactions, conversations in the community happen over the Matrix protocol in the following channels:
* [#awx:ansible.com](https://matrix.to/#/#awx:ansible.com): AWX and AWX-Operator project-related discussions.
* [#docs:ansible.im](https://matrix.to/#/#docs:ansible.im): Ansible, AWX and AWX-Operator documentation-related discussions.
For more information, see the community-hosted [Matrix FAQ](https://hackmd.io/@ansible-community/community-matrix-faq).

122
ansible/helm-release.yml
View File

@@ -1,122 +0,0 @@
---
- hosts: localhost
vars:
chart_repo: awx-operator
environment:
CHART_OWNER: "{{ chart_owner }}"
tasks:
- name: Look up release
uri:
url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}"
register: release
ignore_errors: yes
- fail:
msg: |
Release must exist before running this playbook
when: release is not success
- name: Set helm filename and commit message
set_fact:
asset_already_attached: False
helm_file_name: "awx-operator-{{ tag }}.tgz"
commit_message: "Updated index.yaml for release {{ release.json.tag_name }}"
- name: See if file is already attached
set_fact:
asset_already_attached: True
loop: "{{ release.json.get('assets', []) }}"
loop_control:
label: "{{ item.name }}"
when: item.name == helm_file_name
- when: not asset_already_attached
block:
- name: Build and package helm chart
command: |
make helm-package
environment:
VERSION: "{{ tag }}"
IMAGE_TAG_BASE: "{{ operator_image }}"
args:
chdir: "{{ playbook_dir }}/../"
# Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
- name: Upload helm chart
uri:
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz"
headers:
Authorization: "token {{ gh_token }}"
Content-Type: "application/octet-stream"
status_code:
- 200
- 201
register: asset_upload
changed_when: asset_upload.json.state == "uploaded"
- name: Ensure gh-pages exists
file:
state: directory
path: "{{ playbook_dir }}/../gh-pages"
- name: Check if we have published the release
command:
cmd: "git log --grep='{{ commit_message }}'"
chdir: "{{ playbook_dir }}/../gh-pages"
register: commits_for_release
- when: commits_for_release.stdout == ''
block:
- name: Make a temp dir
tempfile:
state: directory
register: temp_dir
- name: Clone the gh-pages branch from {{ chart_owner }}
git:
repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}"
dest: "{{ temp_dir.path }}"
single_branch: yes
version: gh-pages
vars:
http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}"
ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git"
- name: Publish helm index
ansible.builtin.command:
cmd: make helm-index
environment:
CHART_OWNER: "{{ chart_owner }}"
CR_TOKEN: "{{ gh_token }}"
CHART_DIR: "{{ temp_dir.path }}"
args:
chdir: "{{ playbook_dir }}/.."
- name: Set url base swap in gitconfig
command:
cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
args:
chdir: "{{ temp_dir.path }}/"
no_log: true
- name: Stage and Push commit to gh-pages branch
command:
cmd: "{{ item }}"
loop:
- git add index.yaml
- git commit -m "{{ commit_message }}"
- git push
args:
chdir: "{{ temp_dir.path }}/"
environment:
GIT_AUTHOR_NAME: "{{ gh_user }}"
GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com"
GIT_COMMITTER_NAME: "{{ gh_user }}"
GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com"
always:
- name: Remove temp dir
file:
path: "{{ temp_dir.path }}"
state: absent

4
awxmeshingress-demo.yml
View File

@@ -1,7 +1,7 @@
--- ---
apiVersion: awx.ansible.com/v1beta1 apiVersion: awx.ansible.com/v1alpha1
kind: AWXMeshIngress kind: AWXMeshIngress
metadata: metadata:
name: awx-demo name: awx-mesh-ingress-demo
spec: spec:
deployment_name: awx-demo deployment_name: awx-demo

380
config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
View File

@@ -41,6 +41,11 @@ spec:
deployment_name: deployment_name:
description: Name of the AWX deployment to create the Mesh Ingress for. description: Name of the AWX deployment to create the Mesh Ingress for.
type: string type: string
image_pull_secrets:
description: Image pull secrets for Mesh Ingress containers.
type: array
items:
type: string
external_hostname: external_hostname:
description: External hostname to use for the Mesh Ingress. description: External hostname to use for the Mesh Ingress.
type: string type: string
@@ -70,6 +75,381 @@ spec:
ingress_controller: ingress_controller:
description: Special configuration for specific Ingress Controllers description: Special configuration for specific Ingress Controllers
type: string type: string
node_selector:
description: Assign the Mesh Ingress Pod to the specified node.
type: string
tolerations:
description: Scheduling tolerations for the Mesh Ingress instance.
type: string
topology_spread_constraints:
description: Topology spread constraints for the Mesh Ingress instance.
type: string
affinity:
description: Scheduling constraints to apply to the Pod definition
properties:
nodeAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
preference:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
properties:
nodeSelectorTerms:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
status: status:
description: Status defines the observed state of AWXMeshIngress description: Status defines the observed state of AWXMeshIngress
type: object type: object

5
config/crd/bases/awx.ansible.com_awxrestores.yaml
View File

@@ -94,6 +94,11 @@ spec:
postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
spec_overrides:
description: Overrides for the AWX spec
# type: string
type: object
x-kubernetes-preserve-unknown-fields: true
image_pull_policy: image_pull_policy:
description: The image pull policy description: The image pull policy
type: string type: string

188
config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -73,6 +73,9 @@ spec:
type: string type: string
maxLength: 255 maxLength: 255
pattern: '^[a-zA-Z0-9][-a-zA-Z0-9]{0,253}[a-zA-Z0-9]$' pattern: '^[a-zA-Z0-9][-a-zA-Z0-9]{0,253}[a-zA-Z0-9]$'
pg_dump_suffix:
description: Additional parameters for the pg_dump command during a migration
type: string
postgres_label_selector: postgres_label_selector:
description: Label selector used to identify postgres pod for data migration description: Label selector used to identify postgres pod for data migration
type: string type: string
@@ -144,6 +147,9 @@ spec:
ingress_controller: ingress_controller:
description: Special configuration for specific Ingress Controllers description: Special configuration for specific Ingress Controllers
type: string type: string
api_urlpattern_prefix:
description: An optional configuration to add a prefix in the API URL path
type: string
loadbalancer_protocol: loadbalancer_protocol:
description: Protocol to use for the loadbalancer description: Protocol to use for the loadbalancer
type: string type: string
@@ -159,6 +165,10 @@ spec:
description: Assign LoadBalancer IP address description: Assign LoadBalancer IP address
type: string type: string
default: '' default: ''
loadbalancer_class:
description: Class of LoadBalancer to use
type: string
default: ''
route_host: route_host:
description: The DNS to use to points to the instance description: The DNS to use to points to the instance
type: string type: string
@@ -214,6 +224,9 @@ spec:
web_annotations: web_annotations:
description: Web deployment annotations. This will override the general annotations parameter for the Web deployment. description: Web deployment annotations. This will override the general annotations parameter for the Web deployment.
type: string type: string
postgres_annotations:
description: Annotations to add to the Postgres deployment.
type: string
tolerations: tolerations:
description: node tolerations for the pods description: node tolerations for the pods
type: string type: string
@@ -1456,7 +1469,7 @@ spec:
type: object type: object
type: object type: object
postgres_init_container_resource_requirements: postgres_init_container_resource_requirements:
description: Resource requirements for the postgres init container description: (Deprecated, use postgres_resource_requirements parameter) Resource requirements for the postgres init container
properties: properties:
requests: requests:
properties: properties:
@@ -1567,10 +1580,98 @@ spec:
description: Number of web instance replicas description: Number of web instance replicas
type: integer type: integer
format: int32 format: int32
web_manage_replicas:
description: Enables operator control of replicas count for the web deployment when set to 'true'
type: boolean
default: true
task_replicas: task_replicas:
description: Number of task instance replicas description: Number of task instance replicas
type: integer type: integer
format: int32 format: int32
task_manage_replicas:
description: Enables operator control of replicas count for the task deployment when set to 'true'
type: boolean
default: true
web_liveness_initial_delay:
description: Initial delay before starting liveness checks on web pod
type: integer
default: 5
format: int32
task_liveness_initial_delay:
description: Initial delay before starting liveness checks on task pod
type: integer
default: 5
format: int32
web_liveness_period:
description: Time period in seconds between each liveness check for the web pod
type: integer
default: 0
format: int32
task_liveness_period:
description: Time period in seconds between each liveness check for the task pod
type: integer
default: 0
format: int32
web_liveness_failure_threshold:
description: Number of consecutive failure events to identify failure of web pod
type: integer
default: 3
format: int32
task_liveness_failure_threshold:
description: Number of consecutive failure events to identify failure of task pod
type: integer
default: 3
format: int32
web_liveness_timeout:
description: Number of seconds to wait for a probe response from web pod
type: integer
default: 1
format: int32
task_liveness_timeout:
description: Number of seconds to wait for a probe response from task pod
type: integer
default: 1
format: int32
web_readiness_initial_delay:
description: Initial delay before starting readiness checks on web pod
type: integer
default: 20
format: int32
task_readiness_initial_delay:
description: Initial delay before starting readiness checks on task pod
type: integer
default: 20
format: int32
web_readiness_period:
description: Time period in seconds between each readiness check for the web pod
type: integer
default: 0
format: int32
task_readiness_period:
description: Time period in seconds between each readiness check for the task pod
type: integer
default: 0
format: int32
web_readiness_failure_threshold:
description: Number of consecutive failure events to identify failure of web pod
type: integer
default: 3
format: int32
task_readiness_failure_threshold:
description: Number of consecutive failure events to identify failure of task pod
type: integer
default: 3
format: int32
web_readiness_timeout:
description: Number of seconds to wait for a probe response from web pod
type: integer
default: 1
format: int32
task_readiness_timeout:
description: Number of seconds to wait for a probe response from task pod
type: integer
default: 1
format: int32
garbage_collect_secrets: garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal description: Whether or not to remove secrets upon instance removal
default: false default: false
@@ -1723,13 +1824,16 @@ spec:
postgres_priority_class: postgres_priority_class:
description: Assign a preexisting priority class to the postgres pod description: Assign a preexisting priority class to the postgres pod
type: string type: string
postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
postgres_extra_args: postgres_extra_args:
type: array type: array
items: items:
type: string type: string
postgres_data_volume_init:
description: Sets permissions on the /var/lib/pgdata/data for postgres container using an init container (not Openshift)
type: boolean
postgres_init_container_commands:
description: Customize the postgres init container commands (Non Openshift)
type: string
postgres_extra_volumes: postgres_extra_volumes:
description: Specify extra volumes to add to the application pod description: Specify extra volumes to add to the application pod
type: string type: string
@@ -1758,11 +1862,11 @@ spec:
development_mode: development_mode:
description: If the deployment should be done in development mode description: If the deployment should be done in development mode
type: boolean type: boolean
ldap_cacert_secret: ldap_cacert_secret: # deprecated
description: Secret where can be found the LDAP trusted Certificate Authority Bundle description: (Deprecated) Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string type: string
ldap_password_secret: ldap_password_secret: # deprecated
description: Secret where can be found the LDAP bind password description: (Deprecated) Secret where can be found the LDAP bind password
type: string type: string
bundle_cacert_secret: bundle_cacert_secret:
description: Secret where can be found the trusted Certificate Authority Bundle description: Secret where can be found the trusted Certificate Authority Bundle
@@ -1805,7 +1909,7 @@ spec:
description: Set log level of receptor service description: Set log level of receptor service
type: string type: string
extra_settings: extra_settings:
description: Extra settings to specify for the API description: Extra settings to specify for AWX
items: items:
properties: properties:
setting: setting:
@@ -1814,6 +1918,28 @@ spec:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
type: object type: object
type: array type: array
extra_settings_files:
description: Extra ConfigMaps or Secrets of settings files to specify for AWX
properties:
configmaps:
items:
properties:
name:
type: string
key:
type: string
type: object
type: array
secrets:
items:
properties:
name:
type: string
key:
type: string
type: object
type: array
type: object
no_log: no_log:
description: Configure no_log for no_log tasks description: Configure no_log for no_log tasks
type: boolean type: boolean
@@ -1839,6 +1965,50 @@ spec:
description: Disable web container's nginx ipv6 listener description: Disable web container's nginx ipv6 listener
type: boolean type: boolean
default: false default: false
metrics_utility_enabled:
description: Enable metrics utility
type: boolean
default: false
metrics_utility_image:
description: Metrics-Utility Image
type: string
metrics_utility_image_version:
description: Metrics-Utility Image Version
type: string
metrics_utility_image_pull_policy:
description: Metrics-Utility Image PullPolicy
type: string
metrics_utility_configmap:
description: Metrics-Utility ConfigMap
type: string
metrics_utility_secret:
description: Metrics-Utility Secret
type: string
metrics_utility_cronjob_gather_schedule:
description: Metrics-Utility Gather Data CronJob Schedule
type: string
default: '@hourly'
metrics_utility_cronjob_report_schedule:
description: Metrics-Utility Report CronJob Schedule
type: string
default: '@monthly'
metrics_utility_ship_target:
description: Metrics-Utility Ship Target
type: string
metrics_utility_pvc_claim:
description: Metrics-Utility PVC Claim
type: string
metrics_utility_pvc_claim_size:
description: Metrics-Utility PVC Claim Size
type: string
default: 5Gi
metrics_utility_pvc_claim_storage_class:
description: Metrics-Utility PVC Claim Storage Class
type: string
metrics_utility_console_enabled:
description: Enable metrics utility shipping to Red Hat Hybrid Cloud Console
type: boolean
default: false
type: object type: object
status: status:
properties: properties:

4
config/manager/kustomization.yaml
View File

@@ -5,9 +5,9 @@ generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true
configMapGenerator: configMapGenerator:
- name: awx-manager-config - files:
files:
- controller_manager_config.yaml - controller_manager_config.yaml
name: awx-manager-config
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization

2
config/manager/manager.yaml
View File

@@ -39,7 +39,7 @@ spec:
- --leader-elect - --leader-elect
- --leader-election-id=awx-operator - --leader-election-id=awx-operator
image: controller:latest image: controller:latest
imagePullPolicy: Always imagePullPolicy: IfNotPresent
name: awx-manager name: awx-manager
env: env:
- name: ANSIBLE_GATHERING - name: ANSIBLE_GATHERING

209
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -10,12 +10,85 @@ metadata:
description: AWX provides a web-based user interface, REST API, and task engine description: AWX provides a web-based user interface, REST API, and task engine
built on top of Ansible. built on top of Ansible.
repository: https://github.com/ansible/awx-operator repository: https://github.com/ansible/awx-operator
support: forum.ansible.com
name: awx-operator.v0.0.0 name: awx-operator.v0.0.0
namespace: placeholder namespace: placeholder
spec: spec:
apiservicedefinitions: {} apiservicedefinitions: {}
customresourcedefinitions: customresourcedefinitions:
owned: owned:
- description: Deploy a instance of AWX Mesh ingress to allow inbound connection
to the AWX Receptor Mesh.
displayName: AWX Mesh Ingress
kind: AWXMeshIngress
name: awxmeshingresses.awx.ansible.com
specDescriptors:
- displayName: Deployment Name
path: deployment_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: External Hostname
path: external_hostname
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: External IP Address
path: external_ipaddress
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Ingress Type
path: ingress_type
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:select:none
- urn:alm:descriptor:com.tectonic.ui:select:Ingress
- urn:alm:descriptor:com.tectonic.ui:select:IngressRouteTCP
- urn:alm:descriptor:com.tectonic.ui:select:Route
- displayName: Ingress API Version
path: ingress_api_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Ingress Annotations
path: ingress_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Ingress Class Name
path: ingress_class_name
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Ingress Controller
path: ingress_controller
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Node Selector
path: node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tolerations
path: tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Topology Spread Constraints
path: topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Affinity
path: affinity
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Optional API URLPATTERN Prefix
path: api_urlpattern_prefix
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Image Pull Secrets
path: image_pull_secrets
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
version: v1alpha1
- description: Back up a deployment of the awx, including jobs, inventories, and - description: Back up a deployment of the awx, including jobs, inventories, and
credentials credentials
displayName: AWX Backup displayName: AWX Backup
@@ -48,7 +121,7 @@ spec:
- displayName: Backup PVC Storage Class - displayName: Backup PVC Storage Class
path: backup_storage_class path: backup_storage_class
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:io.kubernetes:StorageClass
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Precreate Partition Hours - displayName: Precreate Partition Hours
path: precreate_partition_hours path: precreate_partition_hours
@@ -165,6 +238,10 @@ spec:
path: postgres_image_version path: postgres_image_version
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: AWX Spec Overrides
path: spec_overrides
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Image Pull Policy - displayName: Image Pull Policy
path: image_pull_policy path: image_pull_policy
x-descriptors: x-descriptors:
@@ -242,6 +319,11 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- description: PostgreSQL dump additional parameters to exclude tables during migration to openshift
displayname: PostgreSQL Extra Arguments for Migration to Openshift
path: pg_dump_suffix
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Name of the k8s secret the symmetric encryption key is stored - description: Name of the k8s secret the symmetric encryption key is stored
in. in.
displayName: Secret Key displayName: Secret Key
@@ -344,6 +426,12 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:string - urn:alm:descriptor:com.tectonic.ui:string
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: LoadBalancer Class
path: loadbalancer_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:string
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Route API Version - displayName: Route API Version
path: route_api_version path: route_api_version
x-descriptors: x-descriptors:
@@ -402,12 +490,21 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL init container is not used when an external DB - description: Sets permissions on the /var/lib/pgsql/data for postgres container using an init container (not Openshift)
is configured displayName: PostgreSQL initialize data volume
path: postgres_data_volume_init
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Customize the postgres init container commands (Non Openshift)
displayName: PostgreSQL Init Container Commands
path: postgres_init_container_commands
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: (Deprecated, use postgres_resource_requirements parameter instead)
displayName: PostgreSQL Init Container Resource Requirements displayName: PostgreSQL Init Container Resource Requirements
path: postgres_init_container_resource_requirements path: postgres_init_container_resource_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:hidden
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Redis Container Resource Requirements - displayName: Redis Container Resource Requirements
path: redis_resource_requirements path: redis_resource_requirements
@@ -583,18 +680,13 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:io.kubernetes:StorageClass - urn:alm:descriptor:io.kubernetes:StorageClass
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- displayName: Postgres Datapath
path: postgres_data_path
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Extra Arguments - displayName: Postgres Extra Arguments
path: postgres_extra_args path: postgres_extra_args
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Extra Volumes - description: Specify extra volumes to add to the postgres pod
description: Specify extra volumes to add to the postgres pod displayName: Postgres Extra Volumes
path: postgres_extra_volumes path: postgres_extra_volumes
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -630,12 +722,12 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: LDAP Certificate Authority Trust Bundle - displayName: LDAP Certificate Authority Trust Bundle (Deprecated)
path: ldap_cacert_secret path: ldap_cacert_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- displayName: LDAP Password Secret - displayName: LDAP Password Secret (Deprecated)
path: ldap_password_secret path: ldap_password_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -670,7 +762,7 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:io.kubernetes:StorageClass
- description: Projects Storage Size - description: Projects Storage Size
displayName: Projects Storage Size displayName: Projects Storage Size
path: projects_storage_size path: projects_storage_size
@@ -864,6 +956,11 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Annotations
path: postgres_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tolerations - displayName: Tolerations
path: tolerations path: tolerations
x-descriptors: x-descriptors:
@@ -894,11 +991,16 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: API Extra Settings - displayName: Extra Settings
path: extra_settings path: extra_settings
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Extra Settings Files
path: extra_settings_files
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: No Log Configuration - displayName: No Log Configuration
path: no_log path: no_log
x-descriptors: x-descriptors:
@@ -970,6 +1072,83 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Metrics-Utility Enabled
path: metrics_utility_enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Metrics-Utility Image
path: metrics_utility_image
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Image Version
path: metrics_utility_image_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Image PullPolicy
path: metrics_utility_image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility ConfigMap
path: metrics_utility_configmap
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:ConfigMap
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Secret
path: metrics_utility_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Gather Data CronJob Schedule
path: metrics_utility_cronjob_gather_schedule
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Report CronJob Schedule
path: metrics_utility_cronjob_report_schedule
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Ship Target
path: metrics_utility_ship_target
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility PVC Claim
path: metrics_utility_pvc_claim
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility PVC Claim Size
path: metrics_utility_pvc_claim_size
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility PVC Claim Storage Class
path: metrics_utility_pvc_claim_storage_class
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:StorageClass
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
- displayName: Metrics-Utility Enabled Shipping to Red Hat Hybrid Cloud Console
path: metrics_utility_console_enabled
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
statusDescriptors: statusDescriptors:
- description: Route to access the instance deployed - description: Route to access the instance deployed
displayName: URL displayName: URL

12
config/rbac/role.yaml
View File

@@ -78,6 +78,18 @@ rules:
- patch - patch
- update - update
- watch - watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- create
- patch
- update
- watch
- apiGroups: - apiGroups:
- monitoring.coreos.com - monitoring.coreos.com
resources: resources:

7
config/samples/awx_v1beta1_awx_resource_limits.yaml
View File

@@ -46,10 +46,3 @@ spec:
limits: limits:
cpu: 1000m cpu: 1000m
memory: 2Gi memory: 2Gi
postgres_init_container_resource_requirements:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 1000m
memory: 2Gi

14
docs/README.md
View File

@@ -3,8 +3,14 @@
To build the AWX Operator docs locally: To build the AWX Operator docs locally:
1. Clone the AWX operator repository. 1. Clone the AWX operator repository.
2. From the root directory: 1. Preferrably, create a virtual environment for installing the dependencies.
a. pip install --user -r docs/requirements.txt a. `python3 -m venv venv`
b. mkdocs build b. `source venv/bin/activate`
1. From the root directory:
a. `pip install -r docs/requirements.txt`
b. `mkdocs build`
1. View the docs in your browser:
a. `mkdocs serve`
b. Open your browser and navigate to `http://127.0.0.1:8000/`
This will create a new directory called `site/` in the root of your clone containing the index.html and static files. To view the docs in your browser, navigate there in your file explorer and double-click on the `index.html` file. This should open the docs site in your browser. This will create a new directory called `site/` in the root of your clone containing the index.html and static files.

1
docs/awx-demo.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 825 KiB

2
docs/contributors-guide/author.md
View File

@@ -1,3 +1,3 @@
## Author # Author
This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team

2
docs/contributors-guide/code-of-conduct.md
View File

@@ -1,3 +1,3 @@
## Code of Conduct # Code of Conduct
We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com) We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)

4
docs/contributors-guide/contributing.md
View File

@@ -1,3 +1,5 @@
## Contributing # Contributing
Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md). Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).
For docs changes, create PRs on the appropriate files in the `/docs` folder.

26
docs/contributors-guide/get-involved.md
View File

@@ -1,6 +1,24 @@
## Get Involved # Get Involved
We welcome your feedback and ideas. The AWX operator uses the same mailing list and IRC channel as AWX itself. Here's how to reach us with feedback and questions: We welcome your feedback, questions and ideas. Here's how to reach the community.
- Join the `#ansible-awx` channel on irc.libera.chat ## Forum
- Join the [mailing list](https://groups.google.com/forum/#!forum/awx-project)
Join the [Ansible Forum](https://forum.ansible.com) as a single starting point and our default communication platform for questions and help, development discussions, events, and much more. [Register](https://forum.ansible.com/signup?) to join the community. Search by categories and tags to find interesting topics or start a new one; subscribe only to topics you need!
* [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example `awx-operator` and `documentation`.
* [Posts tagged with 'awx-operator'](https://forum.ansible.com/tag/awx-operator): subscribe to participate in project-related conversations.
* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn) used to announce releases and important changes.
* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
For more information on the forum navigation, see [Navigating the Ansible forum](https://forum.ansible.com/t/navigating-the-ansible-forum-tags-categories-and-concepts/39) post.
## Matrix
For real-time interactions, conversations in the community happen over the Matrix protocol in the following channels:
* [#awx:ansible.com](https://matrix.to/#/#awx:ansible.com): AWX and AWX-Operator project-related discussions.
* [#docs:ansible.im](https://matrix.to/#/#docs:ansible.im): Ansible, AWX and AWX-Operator documentation-related discussions.
For more information, see the community-hosted [Matrix FAQ](https://hackmd.io/@ansible-community/community-matrix-faq).

20
docs/contributors-guide/release-process.md
View File

@@ -1,4 +1,4 @@
## Release Process # Release Process
The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you don't need to do it as a separate step. The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you don't need to do it as a separate step.
@@ -10,16 +10,18 @@ After the draft release is created, publish it and the [Promote AWX Operator ima
- Release Helm chart - Release Helm chart
After the GHA is complete, the final step is to run the [publish-to-operator-hub.sh](https://github.com/ansible/awx-operator/blob/devel/hack/publish-to-operator-hub.sh) script, which will create a PR in the following repos to add the new awx-operator bundle version to OperatorHub: After the GHA is complete, the final step is to run the [publish-to-operator-hub.sh](https://github.com/ansible/awx-operator/blob/devel/hack/publish-to-operator-hub.sh) script, which will create a PR in the following repos to add the new awx-operator bundle version to OperatorHub:
* https://github.com/k8s-operatorhub/community-operators (community operator index)
* https://github.com/redhat-openshift-ecosystem/community-operators-prod (operator index shipped with Openshift)
The usage is documented in the script itself, but here is an example of how you would use the script to publish the 2.5.3 awx-opeator bundle to OperatorHub. - <https://github.com/k8s-operatorhub/community-operators> (community operator index)
Note that you need to specify the version being released, as well as the previous version. This is because the bundle has a pointer to the previous version that is it being upgrade from. This is used by OLM to create a dependency graph. - <https://github.com/redhat-openshift-ecosystem/community-operators-prod> (operator index shipped with Openshift)
```bash !!! note
$ VERSION=2.5.3 PREV_VERSION=2.5.2 ./publish-operator.sh The usage is documented in the script itself, but here is an example of how you would use the script to publish the 2.5.3 awx-opeator bundle to OperatorHub.
``` Note that you need to specify the version being released, as well as the previous version. This is because the bundle has a pointer to the previous version that is it being upgrade from. This is used by OLM to create a dependency graph.
> Note: There are some quirks with running this on OS X that still need to be fixed, but the script runs smoothly on linux. ```bash
VERSION=2.5.3 PREV_VERSION=2.5.2 ./hack/publish-to-operator-hub.sh
```
There are some quirks with running this on OS X that still need to be fixed, but the script runs smoothly on linux.
As soon as CI completes successfully, the PR's will be auto-merged. Please remember to monitor those PR's to make sure that CI passes, sometimes it needs a retry. As soon as CI completes successfully, the PR's will be auto-merged. Please remember to monitor those PR's to make sure that CI passes, sometimes it needs a retry.

2
docs/index.md
View File

@@ -1,2 +0,0 @@
The AWX operator is meant to provide a more Kubernetes-native installation method for AWX via an AWX Custom Resource Definition (CRD).

1
docs/index.md Symbolic link
View File

@@ -0,0 +1 @@
../README.md

59
docs/installation/basic-install.md
View File

@@ -1,6 +1,7 @@
### Basic Install # Basic Install
After cloning this repository, you must choose the tag to run: After cloning this repository, you must choose the tag to run:
```sh ```sh
git clone git@github.com:ansible/awx-operator.git git clone git@github.com:ansible/awx-operator.git
cd awx-operator cd awx-operator
@@ -20,17 +21,23 @@ export VERSION=<tag>
export VERSION=2.7.2 export VERSION=2.7.2
``` ```
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/ ) Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: <https://kubectl.docs.kubernetes.io/installation/kustomize/>)
> Some things may need to be configured slightly differently for different Kubernetes flavors for the networking aspects. When installing on Kind, see the [kind install docs](./kind-install.md) for more details. !!! tip
If you don't have a Kubernetes cluster, you can use [Minikube](https://minikube.sigs.k8s.io/docs/) for testing purposes. See the [Minikube install docs](./creating-a-minikube-cluster-for-testing.md) for more details.
!!! note
Some things may need to be configured slightly differently for different Kubernetes flavors for the networking aspects. When installing on Kind, see the [kind install docs](./kind-install.md) for more details.
There is a make target you can run: There is a make target you can run:
```
```sh
make deploy make deploy
``` ```
If you have a custom operator image you have built, you can specify it with: If you have a custom operator image you have built, you can specify it with:
```
```sh
IMG=quay.io/$YOURNAMESPACE/awx-operator:$YOURTAG make deploy IMG=quay.io/$YOURNAMESPACE/awx-operator:$YOURTAG make deploy
``` ```
@@ -52,11 +59,12 @@ images:
namespace: awx namespace: awx
``` ```
> **TIP:** If you need to change any of the default settings for the operator (such as resources.limits), you can add [patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) at the bottom of your kustomization.yaml file. !!! tip
If you need to change any of the default settings for the operator (such as resources.limits), you can add [patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) at the bottom of your kustomization.yaml file.
Install the manifests by running this: Install the manifests by running this:
``` ```sh
$ kubectl apply -k . $ kubectl apply -k .
namespace/awx created namespace/awx created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
@@ -77,7 +85,7 @@ deployment.apps/awx-operator-controller-manager created
Wait a bit and you should have the `awx-operator` running: Wait a bit and you should have the `awx-operator` running:
``` ```sh
$ kubectl get pods -n awx $ kubectl get pods -n awx
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
awx-operator-controller-manager-66ccd8f997-rhd4z 2/2 Running 0 11s awx-operator-controller-manager-66ccd8f997-rhd4z 2/2 Running 0 11s
@@ -85,13 +93,14 @@ awx-operator-controller-manager-66ccd8f997-rhd4z 2/2 Running 0
So we don't have to keep repeating `-n awx`, let's set the current namespace for `kubectl`: So we don't have to keep repeating `-n awx`, let's set the current namespace for `kubectl`:
``` ```sh
$ kubectl config set-context --current --namespace=awx kubectl config set-context --current --namespace=awx
``` ```
Next, create a file named `awx-demo.yml` in the same folder with the suggested content below. The `metadata.name` you provide will be the name of the resulting AWX deployment. Next, create a file named `awx-demo.yml` in the same folder with the suggested content below. The `metadata.name` you provide will be the name of the resulting AWX deployment.
**Note:** If you deploy more than one AWX instance to the same namespace, be sure to use unique names. !!! note
If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
```yaml ```yaml
--- ---
@@ -103,7 +112,8 @@ spec:
service_type: nodeport service_type: nodeport
``` ```
> It may make sense to create and specify your own secret key for your deployment so that if the k8s secret gets deleted, it can be re-created if needed. If it is not provided, one will be auto-generated, but cannot be recovered if lost. Read more [here](../user-guide/admin-user-account-configuration.md#secret-key-configuration). !!! tip
It may make sense to create and specify your own secret key for your deployment so that if the k8s secret gets deleted, it can be re-created if needed. If it is not provided, one will be auto-generated, but cannot be recovered if lost. Read more [here](../user-guide/admin-user-account-configuration.md#secret-key-configuration).
If you are on Openshift, you can take advantage of Routes by specifying the following your spec. This will automatically create a Route for you with a custom hostname. This can be found on the Route section of the Openshift Console. If you are on Openshift, you can take advantage of Routes by specifying the following your spec. This will automatically create a Route for you with a custom hostname. This can be found on the Route section of the Openshift Console.
@@ -118,8 +128,7 @@ spec:
ingress_type: Route ingress_type: Route
``` ```
Make sure to add this new file to the list of `resources` in your `kustomization.yaml` file:
Make sure to add this new file to the list of "resources" in your `kustomization.yaml` file:
```yaml ```yaml
... ...
@@ -132,19 +141,13 @@ resources:
Finally, apply the changes to create the AWX instance in your cluster: Finally, apply the changes to create the AWX instance in your cluster:
``` ```sh
kubectl apply -k . kubectl apply -k .
``` ```
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
```
$ kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
```
After a few seconds, you should see the operator begin to create new resources: After a few seconds, you should see the operator begin to create new resources:
``` ```sh
$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator" $ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
awx-demo-77d96f88d5-pnhr8 4/4 Running 0 3m24s awx-demo-77d96f88d5-pnhr8 4/4 Running 0 3m24s
@@ -156,19 +159,19 @@ awx-demo-postgres ClusterIP None <none> 5432/TCP 4m4s
awx-demo-service NodePort 10.109.40.38 <none> 80:31006/TCP 3m56s awx-demo-service NodePort 10.109.40.38 <none> 80:31006/TCP 3m56s
``` ```
Once deployed, the AWX instance will be accessible by running: After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
```sh
kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
``` ```
$ minikube service -n awx awx-demo-service --url
``` Once deployed, your AWX instance should now be reachable at `http://localhost:<assigned-nodeport>/` (in this case, `http://localhost:31006/`).
By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run: By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run:
``` ```sh
$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo $ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo
yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR
``` ```
You just completed the most basic install of an AWX instance via this operator. Congratulations!!! You just completed the most basic install of an AWX instance via this operator. Congratulations!!!
For an example using the Nginx Ingress Controller in Minikube, don't miss our [demo video](https://asciinema.org/a/416946).

21
docs/installation/creating-a-minikube-cluster-for-testing.md
View File

@@ -1,8 +1,8 @@
### Creating a minikube cluster for testing # Creating a minikube cluster for testing
If you do not have an existing cluster, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster for testing purposes. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information. If you do not have an existing cluster, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster for testing purposes. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.
``` ```sh
$ minikube start --cpus=4 --memory=6g --addons=ingress $ minikube start --cpus=4 --memory=6g --addons=ingress
😄 minikube v1.23.2 on Fedora 34 😄 minikube v1.23.2 on Fedora 34
✨ Using the docker driver based on existing profile ✨ Using the docker driver based on existing profile
@@ -22,7 +22,7 @@ $ minikube start --cpus=4 --memory=6g --addons=ingress
Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected. Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
``` ```sh
$ minikube kubectl -- get nodes $ minikube kubectl -- get nodes
NAME STATUS ROLES AGE VERSION NAME STATUS ROLES AGE VERSION
minikube Ready control-plane,master 113s v1.22.2 minikube Ready control-plane,master 113s v1.22.2
@@ -45,6 +45,17 @@ It is not required for `kubectl` to be separately installed since it comes alrea
Let's create an alias for easier usage: Let's create an alias for easier usage:
```sh
alias kubectl="minikube kubectl --"
``` ```
$ alias kubectl="minikube kubectl --"
``` Now, you can proceed with the installation of the AWX Operator and AWX. Please refer to the [Basic Install](basic-install.md) for further instructions.
!!! tip
Once your AWX has been deployed, the AWX instance will be accessible by running:
```sh
minikube service -n awx awx-demo-service --url
```
For an example using the Nginx Ingress Controller in Minikube, don't miss our [demo video](https://asciinema.org/a/416946).

29
docs/installation/helm-install-on-existing-cluster.md
View File

@@ -1,29 +0,0 @@
### Helm Install on existing cluster
For those that wish to use [Helm](https://helm.sh/) to install the awx-operator to an existing K8s cluster:
The helm chart is generated from the `helm-chart` Makefile section using the starter files in `.helm/starter`. Consult [the documentation](https://github.com/ansible/awx-operator/blob/devel/.helm/starter/README.md) on how to customize the AWX resource with your own values.
```bash
$ helm repo add awx-operator https://ansible.github.io/awx-operator/
"awx-operator" has been added to your repositories
$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "awx-operator" chart repository
Update Complete. ⎈Happy Helming!⎈
$ helm search repo awx-operator
NAME CHART VERSION APP VERSION DESCRIPTION
awx-operator/awx-operator 0.17.1 0.17.1 A Helm chart for the AWX Operator
$ helm install -n awx --create-namespace my-awx-operator awx-operator/awx-operator
NAME: my-awx-operator
LAST DEPLOYED: Thu Feb 17 22:09:05 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Helm Chart 0.17.1
```

2
docs/installation/index.md
View File

@@ -1,2 +0,0 @@
This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can be used to install and manage the lifecycle of an AWX instance in the same namespace.

38
docs/installation/kind-install.md
View File

@@ -2,9 +2,9 @@
## Kind Install ## Kind Install
Install Kind by running the following Install Kind by running the following. Refer to the [official Kind documentation](https://kind.sigs.k8s.io/docs/user/quick-start/) for more information.
``` ```sh
# For Intel Macs # For Intel Macs
[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-darwin-amd64 [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-darwin-amd64
# For M1 / ARM Macs # For M1 / ARM Macs
@@ -13,9 +13,6 @@ chmod +x ./kind
mv ./kind /some-dir-in-your-PATH/kind mv ./kind /some-dir-in-your-PATH/kind
``` ```
> https://kind.sigs.k8s.io/docs/user/quick-start/
### Create the Kind cluster ### Create the Kind cluster
Create a file called `kind.config` Create a file called `kind.config`
@@ -35,40 +32,39 @@ nodes:
Then create a cluster using that config Then create a cluster using that config
``` ```sh
kind create cluster --config=kind.config kind create cluster --config=kind.config
``` ```
Set cluster context for kubectl Set cluster context for kubectl
``` ```sh
kubectl cluster-info --context kind-kind kubectl cluster-info --context kind-kind
``` ```
Install NGINX Ingress Controller Install NGINX Ingress Controller
``` ```sh
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
``` ```
## AWX ## AWX
Set the namespace context Set the namespace context
``` ```sh
kubectl config set-context --current --namespace=awx kubectl config set-context --current --namespace=awx
``` ```
Checkout the tag you want to install from Checkout the tag you want to install from
``` ```sh
git checkout 2.7.2 git checkout 2.7.2
``` ```
Create a file named `kustomization.yaml` in the root of your local awx-operator clone. Include the following: Create a file named `kustomization.yaml` in the root of your local awx-operator clone. Include the following:
``` ```sh
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
@@ -86,14 +82,13 @@ namespace: awx
Run the following to apply the yaml Run the following to apply the yaml
``` ```sh
kubectl apply -k . kubectl apply -k .
``` ```
Create a file called `awx-cr.yaml` with the following contents and any configuration changes you may wish to add. Create a file called `awx-cr.yaml` with the following contents and any configuration changes you may wish to add.
``` ```yaml
--- ---
apiVersion: awx.ansible.com/v1beta1 apiVersion: awx.ansible.com/v1beta1
kind: AWX kind: AWX
@@ -106,20 +101,19 @@ spec:
Create your AWX CR Create your AWX CR
``` ```sh
oc create -f awx-cr.yaml kubectl create -f awx-cr.yaml
``` ```
Your AWX instance should now be reacheable at http://localhost:32000/ Your AWX instance should now be reachable at <http://localhost:32000/>
> If you configured a custom nodeport_port, you can find it by running `kubectl -n awx get svc awx-demo-service`
!!! note
If you configured a custom `nodeport_port`, you can find it by running `kubectl -n awx get svc awx-demo-service`
## Cleanup ## Cleanup
When you are done, you can delete all of this by running When you are done, you can delete all of this by running
``` ```sh
kind delete cluster kind delete cluster
``` ```

27
docs/migration/migration.md
View File

@@ -19,7 +19,8 @@ stringData:
type: Opaque type: Opaque
``` ```
**Note**: `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`. !!! note
`<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.
### Old Database Credentials ### Old Database Credentials
@@ -41,16 +42,14 @@ stringData:
type: Opaque type: Opaque
``` ```
> For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.<cluster domain>`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from, and `<cluster domain>` is filled in with the internal kubernretes cluster domain (In most cases it's `cluster.local`). !!! note
For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.<cluster domain>`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from, and `<cluster domain>` is filled in with the internal kubernetes cluster domain (In most cases it's `cluster.local`).
If your AWX deployment is already using an external database server or its database is otherwise not managed If your AWX deployment is already using an external database server or its database is otherwise not managed by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`. In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_` from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing database and apply any pending migrations.
In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_` It is strongly recommended to backup your database beforehand.
from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
The postgresql pod for the old deployment is used when streaming data to the new postgresql pod. If your postgresql pod has a custom label, The postgresql pod for the old deployment is used when streaming data to the new postgresql pod. If your postgresql pod has a custom label, you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
## Deploy AWX ## Deploy AWX
@@ -66,7 +65,16 @@ spec:
secret_key_secret: <resourcename>-secret-key secret_key_secret: <resourcename>-secret-key
... ...
``` ```
### Exclude postgreSQL tables during migration (optional)
Use the `pg_dump_suffix` parameter under `AWX.spec` to customize the pg_dump command that will execute during migration. This variable will append your provided pg_dump parameters to the end of the 'standard' command. For example, to exclude the data from 'main_jobevent' and 'main_job' to decrease the size of the backup use:
```
pg_dump_suffix: "--exclude-table-data 'main_jobevent*' --exclude-table-data 'main_job'"
```
## Important Note ## Important Note
If you intend to put all the above in one file, make sure to separate each block with three dashes like so: If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
```yaml ```yaml
@@ -79,4 +87,5 @@ If you intend to put all the above in one file, make sure to separate each block
--- ---
# AWX Config # AWX Config
``` ```
Failing to do so will lead to an inoperable setup. Failing to do so will lead to an inoperable setup.

3
docs/requirements.in Normal file
View File

@@ -0,0 +1,3 @@
# This requirements file is used for AWX Operator latest doc builds.
mkdocs-ansible

197
docs/requirements.txt
View File

@@ -1,12 +1,193 @@
#
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --allow-unsafe --output-file=docs/requirements.txt --strip-extras docs/requirements.in
#
babel==2.14.0
# via mkdocs-material
beautifulsoup4==4.12.3
# via
# linkchecker
# mkdocs-htmlproofer-plugin
# readtime
cairocffi==1.6.1
# via cairosvg
cairosvg==2.7.0 cairosvg==2.7.0
markdown-exec>=1.6.0 # via mkdocs-ansible
mkdocs-ansible>=0.1.6 certifi==2024.2.2
mkdocs-gen-files>=0.4.0 # via requests
mkdocs-material-extensions>=1.1.1 cffi==1.16.0
mkdocs-material>=9.1.18 # via cairocffi
mkdocs charset-normalizer==3.3.2
mkdocstrings-python>=1.1.0 # via requests
mkdocstrings>=0.22.0 click==8.1.7
# via
# mkdocs
# mkdocstrings
colorama==0.4.6
# via
# griffe
# mkdocs-material
csscompressor==0.9.5
# via mkdocs-minify-plugin
cssselect==1.2.0
# via pyquery
cssselect2==0.7.0
# via cairosvg
defusedxml==0.7.1
# via cairosvg
dnspython==2.6.1
# via linkchecker
ghp-import==2.1.0
# via mkdocs
griffe==0.40.1
# via mkdocstrings-python
htmlmin2==0.1.13
# via mkdocs-minify-plugin
idna==3.6
# via requests
jinja2==3.1.3
# via
# mkdocs
# mkdocs-macros-plugin
# mkdocs-material
# mkdocstrings
jsmin==3.0.1
# via mkdocs-minify-plugin
linkchecker==10.4.0
# via mkdocs-ansible
lxml==5.1.0
# via
# mkdocs-material
# pyquery
markdown==3.5.2
# via
# markdown-include
# mkdocs
# mkdocs-autorefs
# mkdocs-htmlproofer-plugin
# mkdocs-material
# mkdocstrings
# pymdown-extensions
markdown-exec==1.8.0
# via mkdocs-ansible
markdown-include==0.8.1
# via mkdocs-ansible
markdown2==2.4.12
# via readtime
markupsafe==2.1.5
# via
# jinja2
# mkdocs
# mkdocstrings
mergedeep==1.3.4
# via mkdocs
mkdocs==1.5.3
# via
# mkdocs-ansible
# mkdocs-autorefs
# mkdocs-gen-files
# mkdocs-htmlproofer-plugin
# mkdocs-macros-plugin
# mkdocs-material
# mkdocs-minify-plugin
# mkdocs-monorepo-plugin
# mkdocstrings
mkdocs-ansible==24.3.1
# via -r requirements.in
mkdocs-autorefs==0.5.0
# via mkdocstrings
mkdocs-gen-files==0.5.0
# via mkdocs-ansible
mkdocs-htmlproofer-plugin==1.0.0
# via mkdocs-ansible
mkdocs-macros-plugin==1.0.5
# via mkdocs-ansible
mkdocs-material==9.2.6
# via mkdocs-ansible
mkdocs-material-extensions==1.3.1
# via
# mkdocs-ansible
# mkdocs-material
mkdocs-minify-plugin==0.8.0
# via mkdocs-ansible
mkdocs-monorepo-plugin==1.1.0
# via mkdocs-ansible
mkdocstrings==0.24.0
# via
# mkdocs-ansible
# mkdocstrings-python
mkdocstrings-python==1.8.0
# via mkdocs-ansible
packaging==23.2
# via mkdocs
paginate==0.5.6
# via mkdocs-material
pathspec==0.12.1
# via mkdocs
pillow==10.0.1 pillow==10.0.1
# via
# cairosvg
# mkdocs-ansible
pipdeptree==2.7.1 pipdeptree==2.7.1
# via mkdocs-ansible
platformdirs==4.2.0
# via
# mkdocs
# mkdocstrings
pycparser==2.21
# via cffi
pygments==2.17.2
# via mkdocs-material
pymdown-extensions==10.0.1 pymdown-extensions==10.0.1
# via
# markdown-exec
# mkdocs-ansible
# mkdocs-material
# mkdocstrings
pyquery==2.0.0
# via readtime
python-dateutil==2.8.2
# via
# ghp-import
# mkdocs-macros-plugin
python-slugify==8.0.4
# via mkdocs-monorepo-plugin
pyyaml==6.0.1
# via
# mkdocs
# mkdocs-macros-plugin
# pymdown-extensions
# pyyaml-env-tag
pyyaml-env-tag==0.1
# via mkdocs
readtime==3.0.0
# via mkdocs-material
regex==2023.12.25
# via mkdocs-material
requests==2.31.0
# via
# linkchecker
# mkdocs-htmlproofer-plugin
# mkdocs-material
six==1.16.0
# via python-dateutil
soupsieve==2.5
# via beautifulsoup4
termcolor==2.4.0
# via mkdocs-macros-plugin
text-unidecode==1.3
# via python-slugify
tinycss2==1.2.1
# via
# cairosvg
# cssselect2
urllib3==2.2.1
# via requests
watchdog==4.0.0
# via mkdocs
webencodings==0.5.1
# via
# cssselect2
# tinycss2

35
docs/troubleshooting/debugging.md
View File

@@ -4,13 +4,14 @@
When the operator is deploying AWX, it is running the `installer` role inside the operator container. If the AWX CR's status is `Failed`, it is often useful to look at the awx-operator container logs, which shows the output of the installer role. To see these logs, run: When the operator is deploying AWX, it is running the `installer` role inside the operator container. If the AWX CR's status is `Failed`, it is often useful to look at the awx-operator container logs, which shows the output of the installer role. To see these logs, run:
``` ```sh
kubectl logs deployments/awx-operator-controller-manager -c awx-manager -f kubectl logs deployments/awx-operator-controller-manager -c awx-manager -f
``` ```
### Inspect k8s Resources ### Inspect k8s Resources
Past that, it is often useful to inspect various resources the AWX Operator manages like: Past that, it is often useful to inspect various resources the AWX Operator manages like:
* awx * awx
* awxbackup * awxbackup
* awxrestore * awxrestore
@@ -24,6 +25,7 @@ Past that, it is often useful to inspect various resources the AWX Operator mana
* serviceaccount * serviceaccount
And if installing via OperatorHub and OLM: And if installing via OperatorHub and OLM:
* subscription * subscription
* csv * csv
* installPlan * installPlan
@@ -31,7 +33,7 @@ And if installing via OperatorHub and OLM:
To inspect these resources you can use these commands To inspect these resources you can use these commands
``` ```sh
# Inspecting k8s resources # Inspecting k8s resources
kubectl describe -n <namespace> <resource> <resource-name> kubectl describe -n <namespace> <resource> <resource-name>
kubectl get -n <namespace> <resource> <resource-name> -o yaml kubectl get -n <namespace> <resource> <resource-name> -o yaml
@@ -41,7 +43,6 @@ kubectl logs -n <namespace> <resource> <resource-name>
kubectl exec -it -n <namespace> <pod> <pod-name> kubectl exec -it -n <namespace> <pod> <pod-name>
``` ```
### Configure No Log ### Configure No Log
It is possible to show task output for debugging by setting no_log to false on the AWX CR spec. It is possible to show task output for debugging by setting no_log to false on the AWX CR spec.
@@ -49,7 +50,7 @@ This will show output in the awx-operator logs for any failed tasks where no_log
For example: For example:
``` ```sh
--- ---
apiVersion: awx.ansible.com/v1beta1 apiVersion: awx.ansible.com/v1beta1
kind: AWX kind: AWX
@@ -63,19 +64,19 @@ spec:
## Iterating on the installer without deploying the operator ## Iterating on the installer without deploying the operator
Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps. Go through the [normal basic install](../installation/basic-install.md) steps.
Install some dependencies: Install some dependencies:
``` ```sh
$ ansible-galaxy collection install -r molecule/requirements.yml ansible-galaxy collection install -r molecule/requirements.yml
$ pip install -r molecule/requirements.txt pip install -r molecule/requirements.txt
``` ```
To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator: To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator:
``` ```sh
$ kubectl scale deployment awx-operator-controller-manager --replicas=0 kubectl scale deployment awx-operator-controller-manager --replicas=0
``` ```
Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature): Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature):
@@ -96,8 +97,11 @@ Create a vars file:
ansible_operator_meta: ansible_operator_meta:
name: awx name: awx
namespace: awx namespace: awx
set_self_labels: false
update_status: false
service_type: nodeport service_type: nodeport
``` ```
The vars file will replace the awx resource so any value that you wish to over ride using the awx resource, put in the vars file. For example, if you wish to use your own image, version and pull policy, you can specify it like below: The vars file will replace the awx resource so any value that you wish to over ride using the awx resource, put in the vars file. For example, if you wish to use your own image, version and pull policy, you can specify it like below:
```yaml ```yaml
@@ -106,6 +110,8 @@ The vars file will replace the awx resource so any value that you wish to over r
ansible_operator_meta: ansible_operator_meta:
name: awx name: awx
namespace: awx namespace: awx
set_self_labels: false
update_status: false
service_type: nodeport service_type: nodeport
image: $DEV_DOCKER_TAG_BASE/awx_kube_devel image: $DEV_DOCKER_TAG_BASE/awx_kube_devel
image_pull_policy: Always image_pull_policy: Always
@@ -114,14 +120,13 @@ image_version: $COMPOSE_TAG
Run the installer: Run the installer:
``` ```sh
$ ansible-playbook run.yml -e @vars.yml -v ansible-playbook run.yml -e @vars.yml -v
``` ```
Grab the URL and admin password: Grab the URL and admin password:
``` ```sh
$ minikube service awx-service --url -n awx $ kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode ; echo
$ minikube kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode
LU6lTfvnkjUvDwL240kXKy1sNhjakZmT LU6lTfvnkjUvDwL240kXKy1sNhjakZmT
``` ```

7
docs/uninstall/uninstall.md
View File

@@ -1,12 +1,13 @@
### Uninstall ### # Uninstall
To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do: To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do:
``` ```sh
$ kubectl delete awx awx-demo $ kubectl delete awx awx-demo
awx.awx.ansible.com "awx-demo" deleted awx.awx.ansible.com "awx-demo" deleted
``` ```
Deleting an AWX instance will remove all related deployments and statefulsets, however, persistent volumes and secrets will remain. To enforce secrets also getting removed, you can use `garbage_collect_secrets: true`. Deleting an AWX instance will remove all related deployments and statefulsets, however, persistent volumes and secrets will remain. To enforce secrets also getting removed, you can use `garbage_collect_secrets: true`.
**Note**: If you ever intend to recover an AWX from an existing database you will need a copy of the secrets in order to perform a successful recovery. !!! note
If you ever intend to recover an AWX from an existing database you will need a copy of the secrets in order to perform a successful recovery.

47
docs/upgrade/upgrading.md
View File

@@ -1,59 +1,56 @@
### Upgrading # Upgrading
To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `DEFAULT_AWX_VERSION` variable for that particular release. You can do so by running the following command To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `DEFAULT_AWX_VERSION` variable for that particular release. You can do so by running the following command
```shell ```shell
AWX_OPERATOR_VERSION=2.8.0 AWX_OPERATOR_VERSION=2.8.0
docker run --entrypoint="" quay.io/ansible/awx-operator:$AWX_OPERATOR_VERSION bash -c "env | grep DEFAULT_AWX_VERSION" docker run --entrypoint="" quay.io/ansible/awx-operator:$AWX_OPERATOR_VERSION bash -c "env | grep DEFAULT_AWX_VERSION"
``` ```
Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment. Make sure you have a backup before upgrading, then upgrade operator by invoking `make deploy` on the desired tag or by applying the `kustomization.yaml` that contains desired version of the operator, and in turn also upgrade your AWX deployment.
#### Backup ## Backup
The first part of any upgrade should be a backup. Note, there are secrets in the pod which work in conjunction with the database. Having just a database backup without the required secrets will not be sufficient for recovering from an issue when upgrading to a new version. See the [backup role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for information on how to backup your database and secrets. The first part of any upgrade should be a backup. Note, there are secrets in the pod which work in conjunction with the database. Having just a database backup without the required secrets will not be sufficient for recovering from an issue when upgrading to a new version. See the [backup role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for information on how to backup your database and secrets.
In the event you need to recover the backup see the [restore role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/restore). *Before Restoring from a backup*, be sure to: In the event you need to recover the backup see the [restore role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/restore). _Before Restoring from a backup_, be sure to:
* delete the old existing AWX CR
* delete the persistent volume claim (PVC) for the database from the old deployment, which has a name like `postgres-13-<deployment-name>-postgres-13-0` - delete the old existing AWX CR
- delete the persistent volume claim (PVC) for the database from the old deployment, which has a name like `postgres-15-<deployment-name>-postgres-15-0`
**Note**: Do not delete the namespace/project, as that will delete the backup and the backup's PVC as well. **Note**: Do not delete the namespace/project, as that will delete the backup and the backup's PVC as well.
## PostgreSQL Upgrade Considerations
#### PostgreSQL Upgrade Considerations
If there is a PostgreSQL major version upgrade, after the data directory on the PVC is migrated to the new version, the old PVC is kept by default. If there is a PostgreSQL major version upgrade, after the data directory on the PVC is migrated to the new version, the old PVC is kept by default.
This provides the ability to roll back if needed, but can take up extra storage space in your cluster unnecessarily. You can configure it to be deleted automatically This provides the ability to roll back if needed, but can take up extra storage space in your cluster unnecessarily. You can configure it to be deleted automatically after a successful upgrade by setting the following variable on the AWX spec.
after a successful upgrade by setting the following variable on the AWX spec.
```yaml ```yaml
spec: spec:
postgres_keep_pvc_after_upgrade: False postgres_keep_pvc_after_upgrade: False
``` ```
## Caveats for upgrading to v0.14.0
#### v0.14.0 ### Cluster-scope to Namespace-scope considerations
##### Cluster-scope to Namespace-scope considerations Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to delete your existing `awx-operator` service account, role and role binding.
Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to ### Project is now based on v1.x of the operator-sdk project
delete your existing `awx-operator` service account, role and role binding.
##### Project is now based on v1.x of the operator-sdk project
Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. You may need to manually delete your old operator Deployment to avoid issues. Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. You may need to manually delete your old operator Deployment to avoid issues.
##### Steps to upgrade ### Steps to upgrade to v0.14.0
Delete your old AWX Operator and existing `awx-operator` service account, role and role binding in `default` namespace first: Delete your old AWX Operator and existing `awx-operator` service account, role and role binding in `default` namespace first:
``` ```sh
$ kubectl -n default delete deployment awx-operator kubectl -n default delete deployment awx-operator
$ kubectl -n default delete serviceaccount awx-operator kubectl -n default delete serviceaccount awx-operator
$ kubectl -n default delete clusterrolebinding awx-operator kubectl -n default delete clusterrolebinding awx-operator
$ kubectl -n default delete clusterrole awx-operator kubectl -n default delete clusterrole awx-operator
``` ```
Then install the new AWX Operator by following the instructions in [Basic Install](#basic-install-on-existing-cluster). The `NAMESPACE` environment variable have to be the name of the namespace in which your old AWX instance resides. Then install the new AWX Operator by following the instructions in [Basic Install](../installation/basic-install.md). The `NAMESPACE` environment variable have to be the name of the namespace in which your old AWX instance resides.
Once the new AWX Operator is up and running, your AWX deployment will also be upgraded. Once the new AWX Operator is up and running, your AWX deployment will also be upgraded.

18
docs/user-guide/admin-user-account-configuration.md
View File

@@ -1,15 +1,15 @@
### Admin user account configuration # Admin user account configuration
There are three variables that are customizable for the admin user account creation. There are three variables that are customizable for the admin user account creation.
| Name | Description | Default | | Name | Description | Default |
| --------------------- | -------------------------------------------- | ---------------- | | --------------------- | -------------------------------------------- | ------------------ |
| admin_user | Name of the admin user | admin | | admin_user | Name of the admin user | `admin` |
| admin_email | Email of the admin user | test@example.com | | admin_email | Email of the admin user | `test@example.com` |
| admin_password_secret | Secret that contains the admin user password | Empty string | | admin_password_secret | Secret that contains the admin user password | Empty string |
!!! warning
> :warning: **admin_password_secret must be a Kubernetes secret and not your text clear password**. `admin_password_secret` must be a Kubernetes secret and not your text clear password.
If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`. If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
@@ -28,7 +28,7 @@ stringData:
password: mysuperlongpassword password: mysuperlongpassword
``` ```
### Secret Key Configuration ## Secret Key Configuration
This key is used to encrypt sensitive data in the database. This key is used to encrypt sensitive data in the database.
@@ -36,8 +36,8 @@ This key is used to encrypt sensitive data in the database.
| ----------------- | ----------------------------------------------------- | ---------------- | | ----------------- | ----------------------------------------------------- | ---------------- |
| secret_key_secret | Secret that contains the symmetric key for encryption | Generated | | secret_key_secret | Secret that contains the symmetric key for encryption | Generated |
!!! warning
> :warning: **secret_key_secret must be a Kubernetes secret and not your text clear secret value**. `secret_key_secret` must be a Kubernetes secret and not your text clear secret value.
If `secret_key_secret` is not provided, the operator will look for a secret named `<resourcename>-secret-key` for the secret key. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-secret-key`. It is important to not delete this secret as it will be needed for upgrades and if the pods get scaled down at any point. If you are using a GitOps flow, you will want to pass a secret key secret. If `secret_key_secret` is not provided, the operator will look for a secret named `<resourcename>-secret-key` for the secret key. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-secret-key`. It is important to not delete this secret as it will be needed for upgrades and if the pods get scaled down at any point. If you are using a GitOps flow, you will want to pass a secret key secret.

15
docs/user-guide/advanced-configuration/assigning-awx-pods-to-specific-nodes.md
View File

@@ -1,4 +1,4 @@
#### Assigning AWX pods to specific nodes # Assigning AWX pods to specific nodes
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
@@ -6,13 +6,13 @@ pods to be scheduled onto nodes with matching taints.
The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints` The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints`
If you want to use affinity rules for your AWX pod you can use the `affinity` option. If you want to use affinity rules for your AWX pod you can use the `affinity` option.
If you want to constrain the web and task pods individually, you can do so by specificying the deployment type before the specific setting. For If you want to constrain the web and task pods individually, you can do so by specifying the deployment type before the specific setting. For
example, specifying `task_tolerations` will allow the AWX task pod to be scheduled onto nodes with matching taints. example, specifying `task_tolerations` will allow the AWX task pod to be scheduled onto nodes with matching taints.
| Name | Description | Default | | Name | Description | Default |
| -------------------------------- | ---------------------------------------- | ------- | | -------------------------------- | ---------------------------------------- | -------------------------------- |
| postgres_image | Path of the image to pull | postgres | | postgres_image | Path of the image to pull | quay.io/sclorg/postgresql-15-c9s |
| postgres_image_version | Image version to pull | 13 | | postgres_image_version | Image version to pull | latest |
| node_selector | AWX pods' nodeSelector | '' | | node_selector | AWX pods' nodeSelector | '' |
| web_node_selector | AWX web pods' nodeSelector | '' | | web_node_selector | AWX web pods' nodeSelector | '' |
| task_node_selector | AWX task pods' nodeSelector | '' | | task_node_selector | AWX task pods' nodeSelector | '' |
@@ -88,3 +88,8 @@ spec:
- S2 - S2
topologyKey: topology.kubernetes.io/zone topologyKey: topology.kubernetes.io/zone
``` ```
## Special Note on DB-Migration Job Scheduling
For the **db-migration job**, which applies database migrations at cluster startup, you can specify scheduling settings using the `task_*` configurations such as `task_node_selector`, `task_tolerations`, etc.
If these task-specific settings are not defined, the job will automatically use the global AWX configurations like `node_selector` and `tolerations`.

16
docs/user-guide/advanced-configuration/auto-upgrade.md
View File

@@ -1,10 +1,10 @@
#### Auto upgrade # Auto upgrade
With this parameter you can influence the behavior during an operator upgrade. With this parameter you can influence the behavior during an operator upgrade.
If set to `true`, the operator will upgrade the specific instance directly. If set to `true`, the operator will upgrade the specific instance directly.
When the value is set to `false`, and we have a running deployment, the operator will not update the AWX instance. When the value is set to `false`, and we have a running deployment, the operator will not update the AWX instance.
This can be useful when you have multiple AWX instances which you want to upgrade step by step instead of all at once. This can be useful when you have multiple AWX instances which you want to upgrade step by step instead of all at once.
| Name | Description | Default | | Name | Description | Default |
| -------------| ---------------------------------- | ------- | | -------------| ---------------------------------- | ------- |
| auto_upgrade | Automatic upgrade of AWX instances | true | | auto_upgrade | Automatic upgrade of AWX instances | true |
@@ -12,11 +12,11 @@ This can be useful when you have multiple AWX instances which you want to upgrad
Example configuration of `auto_upgrade` parameter Example configuration of `auto_upgrade` parameter
```yaml ```yaml
spec: spec:
auto_upgrade: true auto_upgrade: true
``` ```
##### Upgrade of instances without auto upgrade ## Upgrade of instances without auto upgrade
There are two ways to upgrade instances which are marked with the 'auto_upgrade: false' flag. There are two ways to upgrade instances which are marked with the 'auto_upgrade: false' flag.
@@ -29,7 +29,9 @@ Changing flags:
Delete the deployment: Delete the deployment:
- delete the deployment object of your AWX instance - delete the deployment object of your AWX instance
```
$ kubectl -n awx delete deployment <yourInstanceName> ```sh
``` kubectl -n awx delete deployment <yourInstanceName>
```
- wait until the instance gets redeployed - wait until the instance gets redeployed

53
docs/user-guide/advanced-configuration/container-probes.md Normal file
View File

@@ -0,0 +1,53 @@
# Container Probes
These parameters control the usage of liveness and readiness container probes for
the web and task containers.
!!! tip
All of probes are disabled by default for now, to enable it, set the `*_period` parameters. For example:
```yaml
spec:
web_liveness_period: 15
web_readiness_period: 15
task_liveness_period: 15
task_readiness_period: 15
```
## Web / Task Container Liveness Check
The liveness probe queries the status of the supervisor daemon of the container. The probe will fail if it
detects one of the services in a state other than "RUNNING".
| Name | Description | Default |
| -------------| -----------------------------------|---------|
| web_liveness_period | Time period in seconds between each probe check. The value of 0 disables the probe. | 0 |
| web_liveness_initial_delay | Initial delay before starting probes in seconds | 5 |
| web_liveness_failure_threshold| Number of consecutive failure events to identify failure of container | 3 |
| web_liveness_timeout | Number of seconds to wait for a probe response from container | 1 |
| task_liveness_period | Time period in seconds between each probe check. The value of 0 disables the probe. | 0 |
| task_liveness_initial_delay | Initial delay before starting probes in seconds | 5 |
| task_liveness_failure_threshold| Number of consecutive failure events to identify failure of container | 3 |
| task_liveness_timeout | Number of seconds to wait for a probe response from container | 1 |
## Web Container Readiness Check
This is an HTTP check against the status endpoint to confirm the system is still able to respond to web requests.
| Name | Description | Default |
| -------------| ---------------------------------- | ------- |
| web_readiness_period | Time period in seconds between each probe check. The value of 0 disables the probe. | 0 |
| web_readiness_initial_delay | Initial delay before starting probes in seconds | 5 |
| web_readiness_failure_threshold| Number of consecutive failure events to identify failure of container | 3 |
| web_readiness_timeout | Number of seconds to wait for a probe response from container | 1 |
## Task Container Readiness Check
This is a command probe using the builtin check command of the awx-manage utility.
| Name | Description | Default |
| -------------| ---------------------------------- | ------- |
| task_readiness_period | Time period in seconds between each probe check. The value of 0 disables the probe. | 0 |
| task_readiness_initial_delay | Initial delay before starting probes in seconds | 5 |
| task_readiness_failure_threshold| Number of consecutive failure events to identify failure of container | 3 |
| task_readiness_timeout | Number of seconds to wait for a probe response from container | 1 |

38
docs/user-guide/advanced-configuration/containers-resource-requirements.md
View File

@@ -1,38 +1,16 @@
#### Containers HostAliases Requirements # Containers Resource Requirements
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
| Name | Description | Default |
| ------------ | --------------------- | ------- |
| host_aliases | A list of HostAliases | None |
Example of customization could be:
```yaml
---
spec:
...
host_aliases:
- ip: <name-of-your-ip>
hostnames:
- <name-of-your-domain>
```
#### Containers Resource Requirements
The resource requirements for both, the task and the web containers are configurable - both the lower end (requests) and the upper end (limits). The resource requirements for both, the task and the web containers are configurable - both the lower end (requests) and the upper end (limits).
| Name | Description | Default | | Name | Description | Default |
| -------------------------- | ------------------------------------------------ | ------------------------------------ | | ------------------------------------ | ------------------------------------------------------------ | ------------------------------------ |
| web_resource_requirements | Web container resource requirements | requests: {cpu: 100m, memory: 128Mi} | | web_resource_requirements | Web container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| task_resource_requirements | Task container resource requirements | requests: {cpu: 100m, memory: 128Mi} | | task_resource_requirements | Task container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| ee_resource_requirements | EE control plane container resource requirements | requests: {cpu: 50m, memory: 64Mi} | | ee_resource_requirements | EE control plane container resource requirements | requests: {cpu: 50m, memory: 64Mi} |
| redis_resource_requirements | Redis container resource requirements | requests: {cpu: 100m, memory: 128Mi} | | redis_resource_requirements | Redis container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| postgres_resource_requirements | Postgres container resource requirements | requests: {cpu: 10m, memory: 64Mi} | | postgres_resource_requirements | Postgres container (and initContainer) resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| rsyslog_resource_requirements | Rsyslog container resource requirements | requests: {cpu: 100m, memory: 128Mi} | | rsyslog_resource_requirements | Rsyslog container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| init_container_resource_requirements | Init Container resource requirements | requests: {cpu: 100m, memory: 128Mi} | | init_container_resource_requirements | Init Container resource requirements | requests: {cpu: 100m, memory: 128Mi} |
| postgres_init_container_resource_requirements | Postgres Init Container resource requirements | requests: {cpu: 10m, memory: 64Mi} |
Example of customization could be: Example of customization could be:
@@ -85,17 +63,9 @@ spec:
limits: limits:
cpu: 1000m cpu: 1000m
memory: 2Gi memory: 2Gi
postgres_init_container_resource_requirements:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 1000m
memory: 2Gi
``` ```
## Limits and ResourceQuotas
#### Limits and ResourceQuotas
If the cluster you are deploying in has a ResoruceQuota, you will need to configure resource limits for all of the pods deployed in that cluster. This can be done for AWX pods on the AWX spec in the manner shown above. If the cluster you are deploying in has a ResoruceQuota, you will need to configure resource limits for all of the pods deployed in that cluster. This can be done for AWX pods on the AWX spec in the manner shown above.

4
docs/user-guide/advanced-configuration/csrf-cookie-secure-setting.md
View File

@@ -1,4 +1,4 @@
#### CSRF Cookie Secure Setting # CSRF Cookie Secure Setting
With `csrf_cookie_secure`, you can pass the value for `CSRF_COOKIE_SECURE` to `/etc/tower/settings.py` With `csrf_cookie_secure`, you can pass the value for `CSRF_COOKIE_SECURE` to `/etc/tower/settings.py`
@@ -9,6 +9,6 @@ With `csrf_cookie_secure`, you can pass the value for `CSRF_COOKIE_SECURE` to `/
Example configuration of the `csrf_cookie_secure` setting: Example configuration of the `csrf_cookie_secure` setting:
```yaml ```yaml
spec: spec:
csrf_cookie_secure: 'False' csrf_cookie_secure: 'False'
``` ```

8
docs/user-guide/advanced-configuration/adding-execution-nodes.md → docs/user-guide/advanced-configuration/custom-receptor-certs.md
View File

@@ -1,8 +1,5 @@
### Adding Execution Nodes # Custom Receptor CA
Starting with AWX Operator v0.30.0 and AWX v21.7.0, standalone execution nodes can be added to your deployments.
See [AWX execution nodes docs](https://github.com/ansible/awx/blob/devel/docs/execution_nodes.md) for information about this feature.
#### Custom Receptor CA
The control nodes on the K8S cluster will communicate with execution nodes via mutual TLS TCP connections, running via Receptor. The control nodes on the K8S cluster will communicate with execution nodes via mutual TLS TCP connections, running via Receptor.
Execution nodes will verify incoming connections by ensuring the x509 certificate was issued by a trusted Certificate Authority (CA). Execution nodes will verify incoming connections by ensuring the x509 certificate was issued by a trusted Certificate Authority (CA).
@@ -23,4 +20,5 @@ If this secret is created after AWX is deployed, run the following to restart th
kubectl rollout restart deployment awx-demo kubectl rollout restart deployment awx-demo
``` ```
**Important Note**, changing the receptor CA will break connections to any existing execution nodes. These nodes will enter an `unavailable` state, and jobs will not be able to run on them. Users will need to download and re-run the install bundle for each execution node. This will replace the TLS certificate files with those signed by the new CA. The execution nodes should then appear in a `ready` state after a few minutes. !!! warning
Changing the receptor CA will break connections to any existing execution nodes. These nodes will enter an `unavailable` state, and jobs will not be able to run on them. Users will need to download and re-run the install bundle for each execution node. This will replace the TLS certificate files with those signed by the new CA. The execution nodes should then appear in a `ready` state after a few minutes.

92
docs/user-guide/advanced-configuration/custom-volume-and-volume-mount-options.md
View File

@@ -1,4 +1,4 @@
#### Custom Volume and Volume Mount Options # Custom Volume and Volume Mount Options
In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files. In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files.
@@ -12,8 +12,8 @@ In a scenario where custom volumes and volume mounts are required to either over
| init_container_extra_volume_mounts | Specify volume mounts to be added to Init container | '' | | init_container_extra_volume_mounts | Specify volume mounts to be added to Init container | '' |
| init_container_extra_commands | Specify additional commands for Init container | '' | | init_container_extra_commands | Specify additional commands for Init container | '' |
!!! warning
> :warning: The `ee_extra_volume_mounts` and `extra_volumes` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec). The `ee_extra_volume_mounts` and `extra_volumes` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
Example configuration for ConfigMap Example configuration for ConfigMap
@@ -30,15 +30,13 @@ data:
remote_tmp = /tmp remote_tmp = /tmp
[ssh_connection] [ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
custom.py: |
INSIGHTS_URL_BASE = "example.org"
AWX_CLEANUP_PATHS = True
``` ```
Example spec file for volumes and volume mounts Example spec file for volumes and volume mounts
```yaml ```yaml
--- ---
spec: spec:
... ...
extra_volumes: | extra_volumes: |
- name: ansible-cfg - name: ansible-cfg
@@ -48,13 +46,6 @@ Example spec file for volumes and volume mounts
- key: ansible.cfg - key: ansible.cfg
path: ansible.cfg path: ansible.cfg
name: <resourcename>-extra-config name: <resourcename>-extra-config
- name: custom-py
configMap:
defaultMode: 420
items:
- key: custom.py
path: custom.py
name: <resourcename>-extra-config
- name: shared-volume - name: shared-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: my-external-volume-claim claimName: my-external-volume-claim
@@ -72,18 +63,13 @@ Example spec file for volumes and volume mounts
- name: ansible-cfg - name: ansible-cfg
mountPath: /etc/ansible/ansible.cfg mountPath: /etc/ansible/ansible.cfg
subPath: ansible.cfg subPath: ansible.cfg
task_extra_volume_mounts: |
- name: custom-py
mountPath: /etc/tower/conf.d/custom.py
subPath: custom.py
- name: shared-volume
mountPath: /shared
``` ```
> :warning: **Volume and VolumeMount names cannot contain underscores(_)** !!! warning
**Volume and VolumeMount names cannot contain underscores(_)**
## Custom UWSGI Configuration
##### Custom UWSGI Configuration
We allow the customization of two UWSGI parameters: We allow the customization of two UWSGI parameters:
* [processes](https://uwsgi-docs.readthedocs.io/en/latest/Options.html#processes) with `uwsgi_processes` (default 5) * [processes](https://uwsgi-docs.readthedocs.io/en/latest/Options.html#processes) with `uwsgi_processes` (default 5)
@@ -103,7 +89,7 @@ requests (more than 128) tend to come in a short period of time, but can all be
handled before any other time outs may apply. Also see related nginx handled before any other time outs may apply. Also see related nginx
configuration. configuration.
##### Custom Nginx Configuration ## Custom Nginx Configuration
Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it is possible to extend the nginx.conf. Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it is possible to extend the nginx.conf.
@@ -124,26 +110,70 @@ may allow the web pods to handle more "bursty" request patterns if many
requests (more than 128) tend to come in a short period of time, but can all be requests (more than 128) tend to come in a short period of time, but can all be
handled before any other time outs may apply. Also see related uwsgi handled before any other time outs may apply. Also see related uwsgi
configuration. configuration.
* [worker_processes](http://nginx.org/en/docs/ngx_core_module.html#worker_processes) with `nginx_worker_processes` (default of 1) * [worker_processes](http://nginx.org/en/docs/ngx_core_module.html#worker_processes) with `nginx_worker_processes` (default of 1)
* [worker_cpu_affinity](http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity) with `nginx_worker_cpu_affinity` (default "auto") * [worker_cpu_affinity](http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity) with `nginx_worker_cpu_affinity` (default "auto")
* [worker_connections](http://nginx.org/en/docs/ngx_core_module.html#worker_connections) with `nginx_worker_connections` (minimum of 1024) * [worker_connections](http://nginx.org/en/docs/ngx_core_module.html#worker_connections) with `nginx_worker_connections` (minimum of 1024)
* [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) with `nginx_listen_queue_size` (default same as uwsgi listen queue size) * [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) with `nginx_listen_queue_size` (default same as uwsgi listen queue size)
## Custom Logos
##### Custom Favicon You can use custom volume mounts to mount in your own logos to be displayed instead of the AWX logo.
There are two different logos, one to be displayed on page headers, and one for the login screen.
You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab. First, create configmaps for the logos from local `logo-login.svg` and `logo-header.svg` files.
First, Create the configmap from a local favicon.ico file.
```bash ```bash
$ oc create configmap favicon-configmap --from-file favicon.ico kubectl create configmap logo-login-configmap --from-file logo-login.svg
kubectl create configmap logo-header-configmap --from-file logo-header.svg
``` ```
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
```yaml ```yaml
---
spec: spec:
...
extra_volumes: |
- name: logo-login
configMap:
defaultMode: 420
items:
- key: logo-login.svg
path: logo-login.svg
name: logo-login-configmap
- name: logo-header
configMap:
defaultMode: 420
items:
- key: logo-header.svg
path: logo-header.svg
name: logo-header-configmap
web_extra_volume_mounts: |
- name: logo-login
mountPath: /var/lib/awx/public/static/media/logo-login.svg
subPath: logo-login.svg
- name: logo-header
mountPath: /var/lib/awx/public/static/media/logo-header.svg
subPath: logo-header.svg
```
## Custom Favicon
You can also use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
First, create the configmap from a local `favicon.ico` file.
```bash
kubectl create configmap favicon-configmap --from-file favicon.ico
```
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
```yaml
---
spec:
...
extra_volumes: | extra_volumes: |
- name: favicon - name: favicon
configMap: configMap:
@@ -157,3 +187,7 @@ spec:
mountPath: /var/lib/awx/public/static/media/favicon.ico mountPath: /var/lib/awx/public/static/media/favicon.ico
subPath: favicon.ico subPath: favicon.ico
``` ```
## Custom AWX Configuration
Refer to the [Extra Settings](./extra-settings.md) documentation for customizing the AWX configuration.

43
docs/user-guide/advanced-configuration/default-execution-environments-from-private-registries.md
View File

@@ -1,43 +0,0 @@
#### Default execution environments from private registries
In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
The secret should be formatted as follows:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-ee-pull-credentials
namespace: <target namespace>
stringData:
url: <registry url. i.e. quay.io>
username: <username to connect as>
password: <password to connect with>
ssl_verify: <Optional attribute. Whether verify ssl connection or not. Accepted values "True" (default), "False" >
type: Opaque
```
##### Control plane ee from private registry
The images listed in "ee_images" will be added as globally available Execution Environments. The "control_plane_ee_image" will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secrets` to provide a list of k8s pull secrets to access it. Currently the same secret is used for any of these images supplied at install time.
You can create `image_pull_secret`
```
kubectl create secret <resoucename>-cp-pull-credentials regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
If you need more control (for example, to set a namespace or a label on the new secret) then you can customize the Secret before storing it
Example spec file extra-config
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resoucename>-cp-pull-credentials
namespace: <target namespace>
data:
.dockerconfigjson: <base64 docker config>
type: kubernetes.io/dockerconfigjson
```

69
docs/user-guide/advanced-configuration/deploying-a-specific-version-of-awx.md
View File

@@ -1,16 +1,23 @@
#### Deploying a specific version of AWX # Using images from private registries
There are a few variables that are customizable for awx the image management. ## Available variables to use images from private registries
There are variables that are customizable for awx the image management.
| Name | Description | Default | | Name | Description | Default |
| ------------------- | ------------------------- | -------------------------------------- | | ----------------------------- | ----------------------------- | ------------------------------------------ |
| image | Path of the image to pull | quay.io/ansible/awx | | image | Path of the image to pull | quay.io/ansible/awx |
| image_version | Image version to pull | value of DEFAULT_AWX_VERSION or latest | | image_version | Image version to pull | value of DEFAULT_AWX_VERSION or latest |
| image_pull_policy | The pull policy to adopt | IfNotPresent | | image_pull_policy | The pull policy to adopt | IfNotPresent |
| image_pull_secrets | The pull secrets to use | None | | image_pull_secrets | The pull secrets to use | None |
| ee_images | A list of EEs to register | quay.io/ansible/awx-ee:latest | | ee_images | A list of EEs to register | quay.io/ansible/awx-ee:DEFAULT_AWX_VERSION |
| ee_pull_credentials_secret | The pull secret for ee_images | None |
| redis_image | Path of the image to pull | docker.io/redis | | redis_image | Path of the image to pull | docker.io/redis |
| redis_image_version | Image version to pull | latest | | redis_image_version | Image version to pull | latest |
| control_plane_ee_image | Image version to pull | quay.io/ansible/awx-ee:DEFAULT_AWX_VERSION |
| init_container_image | Path of the image to pull | quay.io/ansible/awx-ee |
| init_container_image_version | Image version to pull | value of DEFAULT_AWX_VERSION or latest |
| init_projects_container_image | Image version to pull | quay.io/centos/centos:stream9 |
Example of customization could be: Example of customization could be:
@@ -26,6 +33,58 @@ spec:
ee_images: ee_images:
- name: my-custom-awx-ee - name: my-custom-awx-ee
image: myorg/my-custom-awx-ee image: myorg/my-custom-awx-ee
control_plane_ee_image: myorg/my-custom-awx-ee:latest
init_container_image: myorg/my-custom-awx-ee
init_container_image_version: latest
init_projects_container_image: myorg/my-mirrored-centos:stream9
``` ```
**Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file. !!! warning
The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
## Default execution environments from private registries
In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
The secret should be formatted as follows:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resourcename>-ee-pull-credentials
namespace: <target namespace>
stringData:
url: <registry url. i.e. quay.io>
username: <username to connect as>
password: <password to connect with>
ssl_verify: <Optional attribute. Whether verify ssl connection or not. Accepted values "True" (default), "False" >
type: Opaque
```
## Control plane ee from private registry
The images listed in `ee_images` will be added as globally available Execution Environments. The `control_plane_ee_image` will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secrets` to provide a list of k8s pull secrets to access it. Currently the same secret is used for any of these images supplied at install time.
You can create `image_pull_secret`
```sh
kubectl create secret <resoucename>-cp-pull-credentials regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
If you need more control (for example, to set a namespace or a label on the new secret) then you can customize the Secret before storing it
Example spec file extra-config
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: <resoucename>-cp-pull-credentials
namespace: <target namespace>
data:
.dockerconfigjson: <base64 docker config>
type: kubernetes.io/dockerconfigjson
```

7
docs/user-guide/advanced-configuration/disable-ipv6.md
View File

@@ -1,12 +1,13 @@
### Disable IPV6 # Disable IPv6
Starting with AWX Operator release 0.24.0,[IPV6 was enabled in ngnix configuration](https://github.com/ansible/awx-operator/pull/950) which causes
Starting with AWX Operator release 0.24.0, [IPv6 was enabled in ngnix configuration](https://github.com/ansible/awx-operator/pull/950) which causes
upgrades and installs to fail in environments where IPv6 is not allowed. Starting in 1.1.1 release, you can set the `ipv6_disabled` flag on the AWX upgrades and installs to fail in environments where IPv6 is not allowed. Starting in 1.1.1 release, you can set the `ipv6_disabled` flag on the AWX
spec. If you need to use an AWX operator version between 0.24.0 and 1.1.1 in an IPv6 disabled environment, it is suggested to enabled ipv6 on worker spec. If you need to use an AWX operator version between 0.24.0 and 1.1.1 in an IPv6 disabled environment, it is suggested to enabled ipv6 on worker
nodes. nodes.
In order to disable ipv6 on ngnix configuration (awx-web container), add following to the AWX spec. In order to disable ipv6 on ngnix configuration (awx-web container), add following to the AWX spec.
The following variables are customizable The following variables are customizable:
| Name | Description | Default | | Name | Description | Default |
| ------------- | ---------------------- | ------- | | ------------- | ---------------------- | ------- |

94
docs/user-guide/advanced-configuration/enabling-ldap-integration-at-awx-bootstrap.md
View File

@@ -1,10 +1,97 @@
#### Enabling LDAP Integration at AWX bootstrap # Enabling LDAP Integration at AWX bootstrap (Deprecated)
A sample of extra settings can be found as below. All possible options can be found here: https://django-auth-ldap.readthedocs.io/en/latest/reference.html#settings A sample of extra settings can be found as below. All possible options can be found here: <https://django-auth-ldap.readthedocs.io/en/latest/reference.html#settings>
> **NOTE:** These values are inserted into a Python file, so pay close attention to which values need quotes and which do not. Refer to the [Extra Settings](./extra-settings.md) page for more information on how to configure extra settings.
!!! tip
To trust a custom Certificate Authority for your LDAP server, or to specify password LDAP bind DN, refer to the [Trusting a Custom Certificate Authority](./trusting-a-custom-certificate-authority.md) page.
## Configure LDAP integration via `extra_settings_files`
Create a Python file with arbitrary name, e.g. `custom_ldap_settings.py`, and add the following content for example:
```python title="custom_ldap_settings.py"
AUTH_LDAP_SERVER_URI = "ldaps://ad01.abc.com:636 ldaps://ad02.abc.com:636"
AUTH_LDAP_BIND_DN = "CN=LDAP User,OU=Service Accounts,DC=abc,DC=com"
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"DC=abc,DC=com",
ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)",
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"OU=Groups,DC=abc,DC=com",
ldap.SCOPE_SUBTREE,
"(objectClass=group)",
)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail",
}
AUTH_LDAP_REQUIRE_GROUP = "CN=operators,OU=Groups,DC=abc,DC=com"
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_superuser": ["CN=admin,OU=Groups,DC=abc,DC=com"],
}
AUTH_LDAP_ORGANIZATION_MAP = {
"abc": {
"admins": "CN=admin,OU=Groups,DC=abc,DC=com",
"remove_admins": False,
"remove_users": False,
"users": True,
}
}
AUTH_LDAP_TEAM_MAP = {
"admin": {
"organization": "abc",
"remove": True,
"users": "CN=admin,OU=Groups,DC=abc,DC=com",
}
}
```
Create a ConfigMap with the content of the above Python file.
```bash
kubectl create configmap custom-ldap-settings \
--from-file /PATH/TO/YOUR/custom_ldap_settings.py
```
Then specify this ConfigMap to the `extra_settings_files` parameter.
```yaml ```yaml
spec:
extra_settings_files:
configmaps:
- name: custom-ldap-settings
key: custom_ldap_settings.py
```
!!! note
If you have embedded some sensitive information like passwords in the Python file, you can create and pass a Secret instead of a ConfigMap.
```bash
kubectl create secret generic custom-ldap-settings \
--from-file /PATH/TO/YOUR/custom_ldap_settings.py
```
```yaml
spec:
extra_settings_files:
secrets:
- name: custom-ldap-settings
key: custom_ldap_settings.py
```
## Configure LDAP integration via `extra_settings`
!!! note
These values are inserted into a Python file, so pay close attention to which values need quotes and which do not.
```yaml
spec:
extra_settings:
- setting: AUTH_LDAP_SERVER_URI - setting: AUTH_LDAP_SERVER_URI
value: >- value: >-
"ldaps://ad01.abc.com:636 ldaps://ad02.abc.com:636" "ldaps://ad01.abc.com:636 ldaps://ad02.abc.com:636"
@@ -35,7 +122,6 @@ A sample of extra settings can be found as below. All possible options can be fo
] ]
} }
- setting: AUTH_LDAP_ORGANIZATION_MAP - setting: AUTH_LDAP_ORGANIZATION_MAP
value: { value: {
"abc": { "abc": {

5
docs/user-guide/advanced-configuration/exporting-environment-variables-to-containers.md
View File

@@ -1,4 +1,4 @@
#### Exporting Environment Variables to Containers # Exporting Environment Variables to Containers
If you need to export custom environment variables to your containers. If you need to export custom environment variables to your containers.
@@ -9,7 +9,8 @@ If you need to export custom environment variables to your containers.
| rsyslog_extra_env | Environment variables to be added to Rsyslog container | '' | | rsyslog_extra_env | Environment variables to be added to Rsyslog container | '' |
| ee_extra_env | Environment variables to be added to EE container | '' | | ee_extra_env | Environment variables to be added to EE container | '' |
> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec). !!! warning
The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
Example configuration of environment variables Example configuration of environment variables

108
docs/user-guide/advanced-configuration/extra-settings.md
View File

@@ -1,21 +1,34 @@
#### Extra Settings # Extra Settings
With`extra_settings`, you can pass multiple custom settings via the `awx-operator`. The parameter `extra_settings` will be appended to the `/etc/tower/settings.py` and can be an alternative to the `extra_volumes` parameter. With `extra_settings` and `extra_settings_files`, you can pass multiple custom settings to AWX via the AWX Operator.
!!! note
Parameters configured in `extra_settings` or `extra_settings_files` are set as read-only settings in AWX. As a result, they cannot be changed in the UI after deployment.
If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec (for `extra_settings`) or corresponding ConfigMap or Secret (for `extra_settings_files`). After updating ConfigMap or Secret, you need to restart the AWX pods to apply the changes.
!!! note
If the same setting is set in both `extra_settings` and `extra_settings_files`, the setting in `extra_settings_files` will take precedence.
## Add extra settings with `extra_settings`
You can pass extra settings by specifying the pair of the setting name and value as the `extra_settings` parameter.
The settings passed via `extra_settings` will be appended to the `/etc/tower/settings.py`.
| Name | Description | Default | | Name | Description | Default |
| -------------- | -------------- | ------- | | -------------- | -------------- | --------- |
| extra_settings | Extra settings | '' | | extra_settings | Extra settings | `[]` |
**Note:** Parameters configured in `extra_settings` are set as read-only settings in AWX. As a result, they cannot be changed in the UI after deployment. If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec.
Example configuration of `extra_settings` parameter Example configuration of `extra_settings` parameter
```yaml ```yaml
spec: spec:
extra_settings: extra_settings:
- setting: MAX_PAGE_SIZE - setting: MAX_PAGE_SIZE
value: "500" value: "500"
# LDAP is deprecated
- setting: AUTH_LDAP_BIND_DN - setting: AUTH_LDAP_BIND_DN
value: "cn=admin,dc=example,dc=com" value: "cn=admin,dc=example,dc=com"
@@ -24,3 +37,84 @@ Example configuration of `extra_settings` parameter
``` ```
Note for some settings, such as `LOG_AGGREGATOR_LEVEL`, the value may need double quotes. Note for some settings, such as `LOG_AGGREGATOR_LEVEL`, the value may need double quotes.
## Add extra settings with `extra_settings_files`
You can pass extra settings by specifying the additional settings files in the ConfigMaps or Secrets as the `extra_settings_files` parameter.
The settings files passed via `extra_settings_files` will be mounted as the files under the `/etc/tower/conf.d`.
| Name | Description | Default |
| -------------------- | -------------------- | --------- |
| extra_settings_files | Extra settings files | `{}` |
!!! note
If the same setting is set in multiple files in `extra_settings_files`, it would be difficult to predict which would be adopted since these files are loaded in arbitrary order that [`glob`](https://docs.python.org/3/library/glob.html) returns. For a reliable setting, do not include the same key in more than one file.
Create ConfigMaps or Secrets that contain custom settings files (`*.py`).
```python title="custom_job_settings.py"
AWX_TASK_ENV = {
"HTTPS_PROXY": "http://proxy.example.com:3128",
"HTTP_PROXY": "http://proxy.example.com:3128",
"NO_PROXY": "127.0.0.1,localhost,.example.com"
}
GALAXY_TASK_ENV = {
"ANSIBLE_FORCE_COLOR": "false",
"GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no",
}
```
```python title="custom_system_settings.py"
REMOTE_HOST_HEADERS = [
"HTTP_X_FORWARDED_FOR",
"REMOTE_ADDR",
"REMOTE_HOST",
]
```
```python title="custom_passwords.py"
SUBSCRIPTIONS_PASSWORD = "my-super-secure-subscription-password123!"
REDHAT_PASSWORD = "my-super-secure-redhat-password123!"
```
```bash title="Create ConfigMap and Secret"
# Create ConfigMap
kubectl create configmap my-custom-settings \
--from-file /PATH/TO/YOUR/custom_job_settings.py \
--from-file /PATH/TO/YOUR/custom_system_settings.py
# Create Secret
kubectl create secret generic my-custom-passwords \
--from-file /PATH/TO/YOUR/custom_passwords.py
```
Then specify them in the AWX CR spec. Here is an example configuration of `extra_settings_files` parameter.
```yaml
spec:
extra_settings_files:
configmaps:
- name: my-custom-settings # The name of the ConfigMap
key: custom_job_settings.py # The key in the ConfigMap, which means the file name
- name: my-custom-settings
key: custom_system_settings.py
secrets:
- name: my-custom-passwords # The name of the Secret
key: custom_passwords.py # The key in the Secret, which means the file name
```
!!! Warning "Restriction"
There are some restrictions on the ConfigMaps or Secrets used in `extra_settings_files`.
- The keys in ConfigMaps or Secrets MUST be the name of python files and MUST end with `.py`
- The keys in ConfigMaps or Secrets MUST consists of alphanumeric characters, `-`, `_` or `.`
- The keys in ConfigMaps or Secrets are converted to the following strings, which MUST not exceed 63 characters
- Keys in ConfigMaps: `<instance name>-<KEY>-configmap`
- Keys in Secrets: `<instance name>-<KEY>-secret`
- Following keys are reserved and MUST NOT be used in ConfigMaps or Secrets
- `credentials.py`
- `execution_environments.py`
- `ldap.py`
Refer to the Kubernetes documentations ([[1]](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1/), [[2]](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/), [[3]](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/volume/), [[4]](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/)) for more information about character types and length restrictions.

24
docs/user-guide/advanced-configuration/horizontal-pod-autoscaler.md Normal file
View File

@@ -0,0 +1,24 @@
# Horizontal Pod Autoscaler (HPA)
Horizontal Pod Autoscaler allows Kubernetes to scale the number of replicas of
deployments in response to configured metrics.
This feature conflicts with the operators ability to manage the number of static
replicas to create for each deployment.
The use of the settings below will tell the operator to not manage the replicas
field on the identified deployments even if a replicas count has been set for those
properties in the operator resource.
| Name | Description | Default |
| ---------------------- | ----------------------------------------------------------------------------- | ------- |
| web_manage_replicas | Indicates operator should control the replicas count for the web deployment. | true |
| task_manage_replicas | Indicates operator should control the replicas count for the task deployment. | true |
## Recommended Settings for HPA
Please see the Kubernetes documentation on how to configure the horizontal pod
autoscaler.
The values for optimal HPA are cluster and need specific so general guidelines
are not available at this time.

19
docs/user-guide/advanced-configuration/host-aliases.md Normal file
View File

@@ -0,0 +1,19 @@
# HostAliases
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
| Name | Description | Default |
| ------------ | --------------------- | ------- |
| host_aliases | A list of HostAliases | None |
Example of customization could be:
```yaml
---
spec:
...
host_aliases:
- ip: <name-of-your-ip>
hostnames:
- <name-of-your-domain>
```

BIN
docs/user-guide/advanced-configuration/images/mesh-ingress-instance-listener-address-on-awx-ui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/user-guide/advanced-configuration/images/mesh-ingress-instance-on-awx-ui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

BIN
docs/user-guide/advanced-configuration/images/peering-to-mesh-ingress-on-awx-ui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 205 KiB

10
docs/user-guide/advanced-configuration/labeling-operator-managed-objects.md
View File

@@ -1,15 +1,13 @@
#### Labeling operator managed objects # Labeling operator managed objects
In certain situations labeling of Kubernetes objects managed by the operator In certain situations labeling of Kubernetes objects managed by the operator might be desired (e.g. for owner identification purposes).
might be desired (e.g. for owner identification purposes). For that For that `additional_labels` parameter could be used:
`additional_labels` parameter could be used
| Name | Description | Default | | Name | Description | Default |
| --------------------------- | ---------------------------------------------------------------------------------------- | ------- | | --------------------------- | ---------------------------------------------------------------------------------------- | ------- |
| additional_labels | Additional labels defined on the resource, which should be propagated to child resources | [] | | additional_labels | Additional labels defined on the resource, which should be propagated to child resources | [] |
Example configuration where only `my/team` and `my/service` labels will be Example configuration where only `my/team` and `my/service` labels will be propagated to child objects (`Deployment`, `Secret`s, `ServiceAccount`, etc):
propagated to child objects (`Deployment`, `Secret`s, `ServiceAccount`, etc):
```yaml ```yaml
apiVersion: awx.ansible.com/v1beta1 apiVersion: awx.ansible.com/v1beta1

229
docs/user-guide/advanced-configuration/mesh-ingress.md Normal file
View File

@@ -0,0 +1,229 @@
# Mesh Ingress
The mesh ingress allows users to peer external execution and hop nodes into the AWX control plane.
This guide focuses on how to enable and configure the mesh ingress.
For more information about remote execution and hop nodes and how to create them, refer to the [Managing Capacity With Instances](https://ansible.readthedocs.io/projects/awx/en/latest/administration/instances.html) chapter of the AWX Administration Guide.
## Prerequisites
- AWX operator version > 2.11.0
- AWX > 23.8.0
## Deploy and configure AWXMeshIngress
!!! note
The mesh ingress uses the `control_plane_ee_image` and `image_pull_policy` fields of the AWX instance to determine image and policy to be adopted.
Defaulted to `quay.io/ansible/awx-ee:latest` and `Always`.
Currently there are no dedicated parameters to specify the image and policy.
### On Red Hat OpenShift with Operator managed Route
To deploy a mesh ingress on OpenShift, create the AWXMeshIngress resource on the namespace where your AWX instance is running on.
Example:
```yaml
---
apiVersion: awx.ansible.com/v1alpha1
kind: AWXMeshIngress
metadata:
name: <mesh ingress name>
spec:
deployment_name: <awx instance name>
```
### On Kubernetes with Operator managed Ingress (NGINX)
To deploy a mesh ingress on Kubernetes cluster which has [NGINX Ingress Controller](https://www.nginx.com/products/nginx-ingress-controller/), create the AWXMeshIngress resource on the namespace where your AWX instance is running on.
Note that AWXMeshIngress requires [SSL Passthrough](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) enabled which is disabled by default. Ensure it is enabled on your NGINX Ingress Controller.
By specifying `ingress_controller` as `nginx`, AWX Operator will generate Ingress resource that has `nginx.ingress.kubernetes.io/ssl-passthrough` annotation set to `"true"`.
Example:
```yaml
---
apiVersion: awx.ansible.com/v1alpha1
kind: AWXMeshIngress
metadata:
name: <mesh ingress name>
spec:
deployment_name: <awx instance name>
ingress_type: Ingress
ingress_controller: nginx
ingress_class_name: nginx
external_hostname: <fqdn for mesh ingress>
```
### On Kubernetes with Operator managed Ingress (Traefik)
To deploy a mesh ingress on Kubernetes cluster which has [Traefik Kubernetes Ingress provider](https://doc.traefik.io/traefik/providers/kubernetes-ingress/), create the AWXMeshIngress resource on the namespace where your AWX instance is running on.
Note that by deploying following AWXMeshIngress, AWX Operator will generate IngressRouteTCP resource that has `websecure` as an `entryPoints`. If this does not satisfy your requirement, refer to [User managed Ingress section](#on-kubernetes-with-user-managed-ingress) and create an IngressRouteTCP resource manually.
Example:
```yaml
---
apiVersion: awx.ansible.com/v1alpha1
kind: AWXMeshIngress
metadata:
name: <mesh ingress name>
spec:
deployment_name: <awx instance name>
ingress_type: IngressRouteTCP
ingress_controller: traefik
ingress_class_name: traefik
ingress_api_version: traefik.io/v1alpha1
external_hostname: <fqdn for mesh ingress>
```
!!! tip
AWX Operator supports both API groups `traefik.io` and `traefik.containo.us` in `ingress_api_version` for Traefik, but it is recommended to use `traefik.io` since `traefik.containo.us` is deprecated in Traefik v2.10 and is removed in Traefik v3. Refer to [Traefik documentation](https://doc.traefik.io/traefik/migration/v2/#v210) for more information about deprecation.
If you can't see any IngressRouteTCP resources by `kubectl` command after deploying mesh ingress, you should fully qualify the resource name with API group, `kubectl get ingressroutetcp.traefik.io` or `kubectl get ingressroutetcp.traefik.containo.us` for example.
### On Kubernetes with User managed Ingress
To deploy a mesh ingress on Kubernetes cluster, create the AWXMeshIngress resource on the namespace where your AWX instance is running on.
Alternatively, if you wish to create your own Ingress resource, you can deploy a mesh ingress with `ingress_type` set to `none` and then manually create an Ingress resource with any configuration.
In this case, the `external_hostname` is still required as it is used to generate the certificate that will be used by Receptor.
Example:
```yaml
---
apiVersion: awx.ansible.com/v1alpha1
kind: AWXMeshIngress
metadata:
name: <mesh ingress name>
spec:
deployment_name: <awx instance name>
ingress_type: none # This line can be omitted since this is the default value
external_hostname: <fqdn for mesh ingress>
```
The requirements for user managed Ingress resource are as follows:
- Supports WebSocket
- SSL/TLS Passthrough enabled
- Accessible over port `443`
- Having the same hostname as `external_hostname` in the AWXMeshIngress resource
- Routing the traffic to port `27199` of the Service of the same name as the AWXMeshIngress resource
These are example Ingress resources for NGINX and Traefik.
```yaml
# Ingress for NGINX Ingress Controller
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: <mesh ingress name>
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
ingressClassName: nginx
rules:
- host: <fqdn for mesh ingress>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: <mesh ingress name>
port:
number: 27199
```
```yaml
# Ingress for Traefik Kubernetes Ingress provider
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: <mesh ingress name>
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`<fqdn for mesh ingress>`)
services:
- name: <mesh ingress name>
port: 27199
tls:
passthrough: true
```
## Validating setup of Mesh Ingress
After AWXMeshIngress has been successfully created, a new Instance with the same name will be registered to AWX and will be visible on the Instance UI page
![mesh ingress instance on AWX UI](./images/mesh-ingress-instance-on-awx-ui.png)
The Instance should have at least 2 listener addresses.
In this example, the mesh ingress has two listener addresses:
- one for internal, that is used for peering to by all control nodes (top)
- one for external, that is exposed to a route so external execution nodes can peer into it (bottom))
![mesh ingress instance listener address on awx ui](./images/mesh-ingress-instance-listener-address-on-awx-ui.png)
When selecting peer for new instance the mesh ingress instance should now be present as a option.
![peering to mesh ingress on awx ui](./images/peering-to-mesh-ingress-on-awx-ui.png)
For more information about how to create external remote execution and hop nodes and configuring the mesh, see AWX Documentation on [Add a instance](https://ansible.readthedocs.io/projects/awx/en/latest/administration/instances.html#add-an-instance).
## Custom Resource Definitions
### AWXMeshIngress
AWXMeshIngress controls the deployment and configuration of mesh ingress on AWX
| Name | Description |
| ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **`apiVersion`** | awx.ansible.com/v1alpha1 |
| **`kind`** | AWXMeshIngress |
| **`metadata`** ([ObjectMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/#ObjectMeta)) | Standard object's metadata. [More info](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata) |
| **`spec`** ([AWXMeshIngressSpec](#awxmeshingressspec)) | Spec is the desired state of the AWXMeshIngress. [More info](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status) |
| **`status`** ([AWXMeshIngressStatus](#awxmeshingressstatus)) | Status is the current state of the AWXMeshIngress. [More info](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status) |
#### AWXMeshIngressSpec
AWXMeshIngressSpec is the description of the configuration for AWXMeshIngress.
| Name | Description | Default |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- |
| **`deployment_name`** (string), required | Name of the AWX deployment to create the Mesh Ingress for. | `awx` |
| **`ingress_type`** (string) | Ingress type for ingress managed by the operator. Options: `none`, `Ingress`, `IngressRouteTCP`, `Route` | `Route` (on OpenShift), `none` (on Kubernetes) |
| **`external_hostname`** (string) | External hostname is an optional field used for specifying the external hostname defined in an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/). This parameter is automatically generated on OpenShift | N/A |
| **`external_ipaddress`** (string) | External IP Address is an optional field used for specifying the external IP address defined in an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) | N/A |
| **`ingress_api_version`** (string) | API Version for ingress managed by the operator. This parameter is ignored when `ingress_type` is `Route` | `networking.k8s.io/v1` |
| **`ingress_annotations`** (string) | Additional annotation on the ingress managed by the operator. This parameter is ignored when `ingress_type` is `Route` | `""` |
| **`ingress_controller`** (string) | Special configuration for specific Ingress Controllers. This parameter is ignored when `ingress_type` is `Route` | `""` |
| **`ingress_class_name`** (string) | The name of ingress class to use instead of the cluster default. see [IngressSpec](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec). This parameter is ignored when `ingress_type` is `Route` | `""` |
#### AWXMeshIngressStatus
AWXMeshIngressStatus describe the current state of the AWXMeshIngress.
### AWXMeshIngressList
AWXMeshIngressList is a collection of AWXMeshIngress.
| Name | Description |
| ----------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **`items`** ([AWXMeshIngress](#awxmeshingress)) | items is the list of Ingress. |
| **`apiVersion`** (string) | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. [More info](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources) |
| **`kind`** (string) | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. [More info](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds) |
| **`metadata`** ([ListMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/list-meta/#ListMeta)) | Standard object's metadata. [More info](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata) |

5
docs/user-guide/advanced-configuration/no-log.md
View File

@@ -1,4 +1,5 @@
#### No Log # No Log
Configure no_log for tasks with no_log Configure no_log for tasks with no_log
| Name | Description | Default | | Name | Description | Default |
@@ -8,6 +9,6 @@ Configure no_log for tasks with no_log
Example configuration of `no_log` parameter Example configuration of `no_log` parameter
```yaml ```yaml
spec: spec:
no_log: true no_log: true
``` ```

2
docs/user-guide/advanced-configuration/persisting-projects-directory.md
View File

@@ -1,4 +1,4 @@
#### Persisting Projects Directory # Persisting Projects Directory
In cases which you want to persist the `/var/lib/projects` directory, there are few variables that are customizable for the `awx-operator`. In cases which you want to persist the `/var/lib/projects` directory, there are few variables that are customizable for the `awx-operator`.

41
docs/user-guide/advanced-configuration/pods-termination-grace-period.md
View File

@@ -1,38 +1,17 @@
#### Pods termination grace period # Pods termination grace period
During deployment restarts or new rollouts, when old ReplicaSet Pods are being During deployment restarts or new rollouts, when old ReplicaSet Pods are being terminated, the corresponding jobs which are managed (executed or controlled) by old AWX Pods may end up in `Error` state as there is no mechanism to transfer them to the newly spawned AWX Pods.
terminated, the corresponding jobs which are managed (executed or controlled) To work around the problem one could set `termination_grace_period_seconds` in AWX spec, which does the following:
by old AWX Pods may end up in `Error` state as there is no mechanism to
transfer them to the newly spawned AWX Pods. To work around the problem one
could set `termination_grace_period_seconds` in AWX spec, which does the
following:
* It sets the corresponding - It sets the corresponding [`terminationGracePeriodSeconds`](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) Pod spec of the AWX Deployment to the value provided
[`terminationGracePeriodSeconds`](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) - The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal
Pod spec of the AWX Deployment to the value provided
> The grace period is the duration in seconds after the processes running in - It adds a [`PreStop`](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution) hook script, which will keep AWX Pods in terminating state until it finished, up to `terminationGracePeriodSeconds`.
> the pod are sent a termination signal and the time when the processes are - This grace period applies to the total time it takes for both the PreStop hook to execute and for the Container to stop normally
> forcibly halted with a kill signal - While the hook script just waits until the corresponding AWX Pod (instance) no longer has any managed jobs, in which case it finishes with success and hands over the overall Pod termination process to normal AWX processes.
* It adds a
[`PreStop`](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution)
hook script, which will keep AWX Pods in terminating state until it finished,
up to `terminationGracePeriodSeconds`.
> This grace period applies to the total time it takes for both the PreStop
> hook to execute and for the Container to stop normally
While the hook script just waits until the corresponding AWX Pod (instance)
no longer has any managed jobs, in which case it finishes with success and
hands over the overall Pod termination process to normal AWX processes.
One may want to set this value to the maximum duration they accept to wait for
the affected Jobs to finish. Keeping in mind that such finishing jobs may
increase Pods termination time in such situations as `kubectl rollout restart`,
AWX upgrade by the operator, or Kubernetes [API-initiated
evictions](https://kubernetes.io/docs/concepts/scheduling-eviction/api-eviction/).
One may want to set this value to the maximum duration they accept to wait for the affected Jobs to finish.
Keeping in mind that such finishing jobs may increase Pods termination time in such situations as `kubectl rollout restart`, AWX upgrade by the operator, or Kubernetes [API-initiatedevictions](https://kubernetes.io/docs/concepts/scheduling-eviction/api-eviction/).
| Name | Description | Default | | Name | Description | Default |
| -------------------------------- | --------------------------------------------------------------- | ------- | | -------------------------------- | --------------------------------------------------------------- | ------- |

7
docs/user-guide/advanced-configuration/priority-classes.md
View File

@@ -1,15 +1,10 @@
#### Priority Classes # Priority Classes
The AWX and Postgres pods can be assigned a custom PriorityClass to rank their importance compared to other pods in your cluster, which determines which pods get evicted first if resources are running low. The AWX and Postgres pods can be assigned a custom PriorityClass to rank their importance compared to other pods in your cluster, which determines which pods get evicted first if resources are running low.
First, [create your PriorityClass](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) if needed. First, [create your PriorityClass](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) if needed.
Then set the name of your priority class to the control plane and postgres pods as shown below. Then set the name of your priority class to the control plane and postgres pods as shown below.
```yaml ```yaml
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-demo
spec: spec:
... ...
control_plane_priority_class: awx-demo-high-priority control_plane_priority_class: awx-demo-high-priority

6
docs/user-guide/advanced-configuration/privileged-tasks.md
View File

@@ -1,4 +1,4 @@
#### Privileged Tasks # Privileged Tasks
Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource: Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource:
@@ -11,8 +11,8 @@ spec:
If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with: If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with:
``` ```sh
$ oc adm policy add-scc-to-user privileged -z awx oc adm policy add-scc-to-user privileged -z awx
``` ```
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action. Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.

2
docs/user-guide/advanced-configuration/redis-container-capabilities.md
View File

@@ -1,4 +1,4 @@
#### Redis container capabilities # Redis container capabilities
Depending on your kubernetes cluster and settings you might need to grant some capabilities to the redis container so it can start. Set the `redis_capabilities` option so the capabilities are added in the deployment. Depending on your kubernetes cluster and settings you might need to grant some capabilities to the redis container so it can start. Set the `redis_capabilities` option so the capabilities are added in the deployment.

7
docs/user-guide/advanced-configuration/scaling-the-web-and-task-pods-independently.md
View File

@@ -1,4 +1,4 @@
#### Scaling the Web and Task Pods independently # Scaling the Web and Task Pods independently
You can scale replicas up or down for each deployment by using the `web_replicas` or `task_replicas` respectively. You can scale all pods across both deployments by using `replicas` as well. The logic behind these CRD keys acts as such: You can scale replicas up or down for each deployment by using the `web_replicas` or `task_replicas` respectively. You can scale all pods across both deployments by using `replicas` as well. The logic behind these CRD keys acts as such:
@@ -6,3 +6,8 @@ You can scale replicas up or down for each deployment by using the `web_replicas
- If `web_replicas` or `task_replicas` is ever passed, it will override the existing `replicas` field on the specific deployment with the new key value. - If `web_replicas` or `task_replicas` is ever passed, it will override the existing `replicas` field on the specific deployment with the new key value.
These new replicas can be constrained in a similar manner to previous single deployments by appending the particular deployment name in front of the constraint used. More about those new constraints can be found in the [Assigning AWX pods to specific nodes](./assigning-awx-pods-to-specific-nodes.md) page. These new replicas can be constrained in a similar manner to previous single deployments by appending the particular deployment name in front of the constraint used. More about those new constraints can be found in the [Assigning AWX pods to specific nodes](./assigning-awx-pods-to-specific-nodes.md) page.
## Horizontal Pod Autoscaling
The operator is capable of working with Kubernetes' HPA capabilities. See [Horizontal Pod Autoscaler](./horizontal-pod-autoscaler.md)
documentation for more information.

10
docs/user-guide/advanced-configuration/security-context.md
View File

@@ -1,12 +1,11 @@
#### Service Account # Security Context
It is possible to modify some `SecurityContext` proprieties of the various deployments and stateful sets if needed. It is possible to modify some `SecurityContext` proprieties of the various deployments and stateful sets if needed.
| Name | Description | Default | | Name | Description | Default |
| ---------------------------------- | -------------------------------------------- | ------- | | ---------------------------------- | -------------------------------------------- | ------- |
| security_context_settings | SecurityContext for Task and Web deployments | {} | | security_context_settings | SecurityContext for Task and Web deployments | {} |
| postgres_security_context_settings | SecurityContext for Task and Web deployments | {} | | postgres_security_context_settings | SecurityContext for PostgreSQL container | {} |
Example configuration securityContext for the Task and Web deployments: Example configuration securityContext for the Task and Web deployments:
@@ -17,11 +16,6 @@ spec:
capabilities: capabilities:
drop: drop:
- ALL - ALL
```
```yaml
spec:
postgres_security_context_settings: postgres_security_context_settings:
runAsNonRoot: true runAsNonRoot: true
``` ```

4
docs/user-guide/advanced-configuration/service-account.md
View File

@@ -1,4 +1,4 @@
#### Service Account # Service Account
If you need to modify some `ServiceAccount` proprieties If you need to modify some `ServiceAccount` proprieties
@@ -9,7 +9,7 @@ If you need to modify some `ServiceAccount` proprieties
Example configuration of environment variables Example configuration of environment variables
```yaml ```yaml
spec: spec:
service_account_annotations: | service_account_annotations: |
eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME> eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
``` ```

2
docs/user-guide/advanced-configuration/session-cookie-secure-setting.md
View File

@@ -1,4 +1,4 @@
#### Session Cookie Secure Setting # Session Cookie Secure Setting
With `session_cookie_secure`, you can pass the value for `SESSION_COOKIE_SECURE` to `/etc/tower/settings.py` With `session_cookie_secure`, you can pass the value for `SESSION_COOKIE_SECURE` to `/etc/tower/settings.py`

26
docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md
View File

@@ -1,15 +1,15 @@
#### Trusting a Custom Certificate Authority # Trusting a Custom Certificate Authority
In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the `awx-operator`. In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the `awx-operator`.
Trusting a custom Certificate Authority allows the AWX to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. It is common for these scenarios, experiencing the error [unable to verify the first certificate](https://github.com/ansible/awx-operator/issues/376). Trusting a custom Certificate Authority allows the AWX to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. It is common for these scenarios, experiencing the error [unable to verify the first certificate](https://github.com/ansible/awx-operator/issues/376).
| Name | Description | Default | | Name | Description | Default |
| -------------------------------- | ---------------------------------------- | --------| |-------------------------------------| ---------------------------------------- |---------|
| ldap_cacert_secret | LDAP Certificate Authority secret name | '' | | ldap_cacert_secret _(deprecated)_ | LDAP Certificate Authority secret name | '' |
| ldap_password_secret | LDAP BIND DN Password secret name | '' | | ldap_password_secret _(deprecated)_ | LDAP BIND DN Password secret name | '' |
| bundle_cacert_secret | Certificate Authority secret name | '' | | bundle_cacert_secret | Certificate Authority secret name | '' |
Please note the `awx-operator` will look for the data field `ldap-ca.crt` in the specified secret when using the `ldap_cacert_secret`, whereas the data field `bundle-ca.crt` is required for `bundle_cacert_secret` parameter. Please note the `awx-operator` will look for the data field `ldap-ca.crt` in the specified secret when using the `ldap_cacert_secret`, whereas the data field `bundle-ca.crt` is required for `bundle_cacert_secret` parameter.
Example of customization could be: Example of customization could be:
@@ -26,15 +26,13 @@ spec:
Create the secret with `kustomization.yaml` file: Create the secret with `kustomization.yaml` file:
```yaml ```yaml
.... ...
secretGenerator: secretGenerator:
- name: <resourcename>-custom-certs - name: <resourcename>-custom-certs
files: files:
- bundle-ca.crt=<path+filename> - bundle-ca.crt=<path+filename>
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true
... ...
``` ```
@@ -42,15 +40,15 @@ Create the secret with CLI:
* Certificate Authority secret * Certificate Authority secret
``` ```sh
# kubectl create secret generic <resourcename>-custom-certs \ kubectl create secret generic <resourcename>-custom-certs \
--from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> \ --from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> \
--from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE> --from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
``` ```
* LDAP BIND DN Password secret * LDAP BIND DN Password secret
``` ```sh
# kubectl create secret generic <resourcename>-ldap-password \ kubectl create secret generic <resourcename>-ldap-password \
--from-literal=ldap-password=<your_ldap_dn_password> --from-literal=ldap-password=<your_ldap_dn_password>
``` ```

66
docs/user-guide/database-configuration.md
View File

@@ -1,16 +1,15 @@
### Database Configuration # Database Configuration
#### Postgres Version ## PostgreSQL Version
The default Postgres version for the version of AWX bundled with the latest version of the awx-operator is Postgres 13. You can find this default for a given version by at the default value for [_postgres_image_version](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml#L243). The default PostgreSQL version for the version of AWX bundled with the latest version of the awx-operator is PostgreSQL 15. You can find this default for a given version by at the default value for [supported_pg_version](https://github.com/ansible/awx-operator/blob/ffba1b4712a0b03f1faedfa70e3a9ef0d443e4a6/roles/installer/vars/main.yml#L7).
We only have coverage for the default version of Postgres. Newer versions of Postgres (14+) will likely work, but should only be configured as an external database. If your database is managed by the awx-operator (default if you don't specify a `postgres_configuration_secret`), then you should not override the default version as this may cause issues when awx-operator tries to upgrade your postgresql pod. We only have coverage for the default version of PostgreSQL. Newer versions of PostgreSQL will likely work, but should only be configured as an external database. If your database is managed by the awx-operator (default if you don't specify a `postgres_configuration_secret`), then you should not override the default version as this may cause issues when awx-operator tries to upgrade your postgresql pod.
#### External PostgreSQL Service ## External PostgreSQL Service
To configure AWX to use an external database, the Custom Resource needs to know about the connection details. To do this, create a k8s secret with those connection details and specify the name of the secret as `postgres_configuration_secret` at the CR spec level. To configure AWX to use an external database, the Custom Resource needs to know about the connection details. To do this, create a k8s secret with those connection details and specify the name of the secret as `postgres_configuration_secret` at the CR spec level.
The secret should be formatted as follows: The secret should be formatted as follows:
```yaml ```yaml
@@ -27,15 +26,21 @@ stringData:
username: <username to connect as> username: <username to connect as>
password: <password to connect with> password: <password to connect with>
sslmode: prefer sslmode: prefer
target_session_attrs: read-write
type: unmanaged type: unmanaged
type: Opaque type: Opaque
``` ```
> Please ensure that the value for the variable `password` should _not_ contain single or double quotes (`'`, `"`) or backslashes (`\`) to avoid any issues during deployment, [backup](https://github.com/ansible/awx-operator/tree/devel/roles/backup) or [restoration](https://github.com/ansible/awx-operator/tree/devel/roles/restore). !!! warning
Please ensure that the value for the variable `password` should _not_ contain single or double quotes (`'`, `"`) or backslashes (`\`) to avoid any issues during deployment, [backup](https://github.com/ansible/awx-operator/tree/devel/roles/backup) or [restoration](https://github.com/ansible/awx-operator/tree/devel/roles/restore).
> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added. !!! tip
It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.
**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`. !!! note
The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.
The variable `target_session_attrs` is only useful for `clustered external` databases. The allowed values are: `any` (default), `read-write`, `read-only`, `primary`, `standby` and `prefer-standby`, whereby only `read-write` and `primary` really make sense in AWX use, as you want to connect to a database node that offers write support.
Once the secret is created, you can specify it on your spec: Once the secret is created, you can specify it on your spec:
@@ -46,24 +51,23 @@ spec:
postgres_configuration_secret: <name-of-your-secret> postgres_configuration_secret: <name-of-your-secret>
``` ```
#### Migrating data from an old AWX instance ## Migrating data from an old AWX instance
For instructions on how to migrate from an older version of AWX, see [migration.md](../migration/migration.md). For instructions on how to migrate from an older version of AWX, see [migration.md](../migration/migration.md).
#### Managed PostgreSQL Service ## Managed PostgreSQL Service
If you don't have access to an external PostgreSQL service, the AWX operator can deploy one for you along side the AWX instance itself. If you don't have access to an external PostgreSQL service, the AWX operator can deploy one for you along side the AWX instance itself.
The following variables are customizable for the managed PostgreSQL service The following variables are customizable for the managed PostgreSQL service
| Name | Description | Default | | Name | Description | Default |
| --------------------------------------------- | --------------------------------------------- | ---------------------------------- | | --------------------------------------------- | --------------------------------------------------------------- | --------------------------------------- |
| postgres_image | Path of the image to pull | postgres:12 | | postgres_image | Path of the image to pull | quay.io/sclorg/postgresql-15-c9s |
| postgres_init_container_resource_requirements | Database init container resource requirements | requests: {cpu: 10m, memory: 64Mi} | | postgres_image_version | Image version to pull | latest |
| postgres_resource_requirements | PostgreSQL container resource requirements | requests: {cpu: 10m, memory: 64Mi} | | postgres_resource_requirements | PostgreSQL container (and initContainer) resource requirements | requests: {cpu: 10m, memory: 64Mi} |
| postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} | | postgres_storage_requirements | PostgreSQL container storage requirements | requests: {storage: 8Gi} |
| postgres_storage_class | PostgreSQL PV storage class | Empty string | | postgres_storage_class | PostgreSQL PV storage class | Empty string |
| postgres_data_path | PostgreSQL data path | `/var/lib/postgresql/data/pgdata` |
| postgres_priority_class | Priority class used for PostgreSQL pod | Empty string | | postgres_priority_class | Priority class used for PostgreSQL pod | Empty string |
Example of customization could be: Example of customization could be:
@@ -90,4 +94,32 @@ spec:
- 'max_connections=1000' - 'max_connections=1000'
``` ```
**Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster. !!! note
If `postgres_storage_class` is not defined, PostgreSQL will store it's data on a volume using the default storage class for your cluster.
## Note about overriding the postgres image
We recommend you use the default image sclorg image. If you are coming from a deployment using the old postgres image from dockerhub (postgres:13), upgrading from awx-operator version 2.12.2 and below to 2.15.0+ will handle migrating your data to the new postgresql image (postgresql-15-c9s).
You can no longer configure a custom `postgres_data_path` because it is hardcoded in the quay.io/sclorg/postgresql-15-c9s image.
If you override the postgres image to use a custom postgres image like postgres:15 for example, the default data directory path may be different. These images cannot be used interchangeably.
## Initialize Postgres data volume
When using a hostPath backed PVC and some other storage classes like longhorn storagfe, the postgres data directory needs to be accessible by the user in the postgres pod (UID 26).
To initialize this directory with the correct permissions, configure the following setting, which will use an init container to set the permissions in the postgres volume.
```yaml
spec:
postgres_data_volume_init: true
```
Should you need to modify the init container commands, there is an example below.
```yaml
postgres_init_container_commands: |
chown 26:0 /var/lib/pgsql/data
chmod 700 /var/lib/pgsql/data
```

19
docs/user-guide/network-and-tls-configuration.md
View File

@@ -1,6 +1,6 @@
### Network and TLS Configuration # Network and TLS Configuration
#### Service Type ## Service Type
If the `service_type` is not specified, the `ClusterIP` service will be used for your AWX Tower service. If the `service_type` is not specified, the `ClusterIP` service will be used for your AWX Tower service.
@@ -24,7 +24,7 @@ spec:
environment: testing environment: testing
``` ```
* LoadBalancer ### LoadBalancer
The following variables are customizable only when `service_type=LoadBalancer` The following variables are customizable only when `service_type=LoadBalancer`
@@ -33,6 +33,7 @@ The following variables are customizable only when `service_type=LoadBalancer`
| loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | | loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http |
| loadbalancer_port | Port used for Loadbalancer ingress | 80 | | loadbalancer_port | Port used for Loadbalancer ingress | 80 |
| loadbalancer_ip | Assign Loadbalancer IP | '' | | loadbalancer_ip | Assign Loadbalancer IP | '' |
| loadbalancer_class | LoadBalancer class to use | '' |
```yaml ```yaml
--- ---
@@ -42,6 +43,7 @@ spec:
loadbalancer_ip: '192.168.10.25' loadbalancer_ip: '192.168.10.25'
loadbalancer_protocol: https loadbalancer_protocol: https
loadbalancer_port: 443 loadbalancer_port: 443
loadbalancer_class: service.k8s.aws/nlb
service_annotations: | service_annotations: |
environment: testing environment: testing
service_labels: | service_labels: |
@@ -52,7 +54,7 @@ When setting up a Load Balancer for HTTPS you will be required to set the `loadb
The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP. The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.
* NodePort ### NodePort
The following variables are customizable only when `service_type=NodePort` The following variables are customizable only when `service_type=NodePort`
@@ -67,7 +69,8 @@ spec:
service_type: NodePort service_type: NodePort
nodeport_port: 30080 nodeport_port: 30080
``` ```
#### Ingress Type
## Ingress Type
By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, when the `ingress_type` is not specified, it will default to `none` and nothing ingress-wise will be created. By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, when the `ingress_type` is not specified, it will default to `none` and nothing ingress-wise will be created.
@@ -82,7 +85,7 @@ spec:
ingress_type: none ingress_type: none
``` ```
* Generic Ingress Controller ### Generic Ingress Controller
The following variables are customizable when `ingress_type=ingress`. The `ingress` type creates an Ingress resource as [documented](https://kubernetes.io/docs/concepts/services-networking/ingress/) which can be shared with many other Ingress Controllers as [listed](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). The following variables are customizable when `ingress_type=ingress`. The `ingress` type creates an Ingress resource as [documented](https://kubernetes.io/docs/concepts/services-networking/ingress/) which can be shared with many other Ingress Controllers as [listed](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
@@ -110,7 +113,7 @@ spec:
environment: testing environment: testing
``` ```
##### Specialized Ingress Controller configuration ### Specialized Ingress Controller configuration
Some Ingress Controllers need a special configuration to fully support AWX, add the following value with the `ingress_controller` variable, if you are using one of these: Some Ingress Controllers need a special configuration to fully support AWX, add the following value with the `ingress_controller` variable, if you are using one of these:
@@ -130,7 +133,7 @@ spec:
ingress_controller: contour ingress_controller: contour
``` ```
* Route ### Route
The following variables are customizable when `ingress_type=route` The following variables are customizable when `ingress_type=route`

35
mkdocs.yml
View File

@@ -18,6 +18,9 @@ theme:
- navigation.indexes - navigation.indexes
- navigation.tracking - navigation.tracking
- toc.integrate - toc.integrate
- search.highlight
- search.share
- search.suggest
palette: palette:
- media: "(prefers-color-scheme: light)" - media: "(prefers-color-scheme: light)"
primary: teal primary: teal
@@ -35,42 +38,36 @@ theme:
name: Switch to light mode name: Switch to light mode
nav: nav:
- index.md - Home: index.md
- Contributors Guide:
- contributors-guide/contributing.md
- contributors-guide/release-process.md
- contributors-guide/author.md
- contributors-guide/code-of-conduct.md
- contributors-guide/get-involved.md
- Installation: - Installation:
- Installation: installation/index.md
- installation/basic-install.md - installation/basic-install.md
- installation/kind-install.md
- installation/creating-a-minikube-cluster-for-testing.md - installation/creating-a-minikube-cluster-for-testing.md
- installation/helm-install-on-existing-cluster.md
- Migrate: - Migrate:
- migration/migration.md - migration/migration.md
- Upgrade:
- upgrade/upgrading.md
- Uninstall: - Uninstall:
- uninstall/uninstall.md - uninstall/uninstall.md
- User Guide: - User Guide:
- user-guide/admin-user-account-configuration.md - user-guide/admin-user-account-configuration.md
- user-guide/network-and-tls-configuration.md - user-guide/network-and-tls-configuration.md
- user-guide/database-configuration.md - user-guide/database-configuration.md
- Upgrade:
- upgrade/upgrading.md
- Advanced Configuration: - Advanced Configuration:
- user-guide/advanced-configuration/deploying-a-specific-version-of-awx.md - user-guide/advanced-configuration/deploying-a-specific-version-of-awx.md
- user-guide/advanced-configuration/redis-container-capabilities.md - user-guide/advanced-configuration/redis-container-capabilities.md
- user-guide/advanced-configuration/privileged-tasks.md - user-guide/advanced-configuration/privileged-tasks.md
- user-guide/advanced-configuration/host-aliases.md
- user-guide/advanced-configuration/containers-resource-requirements.md - user-guide/advanced-configuration/containers-resource-requirements.md
- user-guide/advanced-configuration/priority-classes.md - user-guide/advanced-configuration/priority-classes.md
- user-guide/advanced-configuration/adding-execution-nodes.md
- user-guide/advanced-configuration/scaling-the-web-and-task-pods-independently.md - user-guide/advanced-configuration/scaling-the-web-and-task-pods-independently.md
- user-guide/advanced-configuration/horizontal-pod-autoscaler.md
- user-guide/advanced-configuration/assigning-awx-pods-to-specific-nodes.md - user-guide/advanced-configuration/assigning-awx-pods-to-specific-nodes.md
- user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md - user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md
- user-guide/advanced-configuration/custom-receptor-certs.md
- user-guide/advanced-configuration/enabling-ldap-integration-at-awx-bootstrap.md - user-guide/advanced-configuration/enabling-ldap-integration-at-awx-bootstrap.md
- user-guide/advanced-configuration/persisting-projects-directory.md - user-guide/advanced-configuration/persisting-projects-directory.md
- user-guide/advanced-configuration/custom-volume-and-volume-mount-options.md - user-guide/advanced-configuration/custom-volume-and-volume-mount-options.md
- user-guide/advanced-configuration/default-execution-environments-from-private-registries.md
- user-guide/advanced-configuration/exporting-environment-variables-to-containers.md - user-guide/advanced-configuration/exporting-environment-variables-to-containers.md
- user-guide/advanced-configuration/csrf-cookie-secure-setting.md - user-guide/advanced-configuration/csrf-cookie-secure-setting.md
- user-guide/advanced-configuration/session-cookie-secure-setting.md - user-guide/advanced-configuration/session-cookie-secure-setting.md
@@ -80,9 +77,18 @@ nav:
- user-guide/advanced-configuration/service-account.md - user-guide/advanced-configuration/service-account.md
- user-guide/advanced-configuration/labeling-operator-managed-objects.md - user-guide/advanced-configuration/labeling-operator-managed-objects.md
- user-guide/advanced-configuration/pods-termination-grace-period.md - user-guide/advanced-configuration/pods-termination-grace-period.md
- user-guide/advanced-configuration/security-context.md
- user-guide/advanced-configuration/container-probes.md
- user-guide/advanced-configuration/disable-ipv6.md - user-guide/advanced-configuration/disable-ipv6.md
- user-guide/advanced-configuration/mesh-ingress.md
- Troubleshooting: - Troubleshooting:
- troubleshooting/debugging.md - troubleshooting/debugging.md
- Contributors Guide:
- contributors-guide/contributing.md
- contributors-guide/release-process.md
- contributors-guide/author.md
- contributors-guide/code-of-conduct.md
- contributors-guide/get-involved.md
exclude_docs: exclude_docs:
README.md README.md
@@ -90,7 +96,8 @@ exclude_docs:
plugins: plugins:
- autorefs - autorefs
- markdown-exec - markdown-exec
- search - material/search:
separator: '[\s\-,:!=\[\]()"`/]+|\.(?!\d)|&[lg]t;|(?!\b)(?=[A-Z][a-z])'
- mkdocstrings: - mkdocstrings:
handlers: handlers:
python: python:

3
molecule/default/molecule.yml
View File

@@ -21,6 +21,7 @@ provisioner:
namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
host_vars: host_vars:
localhost: localhost:
awx_ee_image: ${AWX_EE_TEST_IMAGE:-""}
awx_image: ${AWX_TEST_IMAGE:-""} awx_image: ${AWX_TEST_IMAGE:-""}
awx_version: ${AWX_TEST_VERSION:-""} awx_version: ${AWX_TEST_VERSION:-""}
default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}" default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
@@ -30,6 +31,8 @@ provisioner:
operator_image: ${OPERATOR_IMAGE:-""} operator_image: ${OPERATOR_IMAGE:-""}
operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"}
kustomize: ${KUSTOMIZE_PATH:-kustomize} kustomize: ${KUSTOMIZE_PATH:-kustomize}
store_debug_output: ${STORE_DEBUG_OUTPUT:-false}
debug_output_dir: ${DEBUG_OUTPUT_DIR:-"/tmp/awx_operator_molecule_test"}
env: env:
K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"}
verifier: verifier:

2
molecule/default/tasks/apply_awx_spec.yml
View File

@@ -1,5 +1,5 @@
--- ---
- name: Create or update the awx.ansible.com/v1alpha1.AWX - name: Create or update the awx.ansible.com/v1beta1.AWX
k8s: k8s:
state: present state: present
namespace: '{{ namespace }}' namespace: '{{ namespace }}'

8
molecule/default/tasks/awx_replicas_test.yml
View File

@@ -49,16 +49,16 @@
#### ####
- debug: - debug:
msg: test - replicas=3 should give 3 of each msg: test - replicas=2 should give 2 of each
- include_tasks: apply_awx_spec.yml - include_tasks: apply_awx_spec.yml
vars: vars:
additional_fields: additional_fields:
replicas: 3 replicas: 2
- include_tasks: _test_case_replicas.yml - include_tasks: _test_case_replicas.yml
vars: vars:
expected_web_replicas: 3 expected_web_replicas: 2
expected_task_replicas: 3 expected_task_replicas: 2
tags: tags:
- replicas - replicas

240
molecule/default/tasks/awx_test.yml
View File

@@ -1,98 +1,8 @@
--- ---
- include_tasks: apply_awx_spec.yml - include_tasks: apply_awx_spec.yml
- name: Obtain generated admin password - name: Validate AWX deployment
k8s_info: block:
namespace: '{{ namespace }}'
kind: Secret
name: example-awx-admin-password
register: admin_pw_secret
- block:
- name: Get web pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-web
register: awx_web_pod
when: not awx_version
- name: Get task pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-task
register: awx_task_pod
when: not awx_version
- name: Extract tags from images from web pod
set_fact:
web_image_tags: |
{{ awx_web_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
- name: Extract tags from images from task pod
set_fact:
task_image_tags: |
{{ awx_task_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
- fail:
msg: |
It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
This is an environment variable that is set via build arg when releasing awx-operator.
when:
- not awx_version
- default_awx_version not in web_image_tags
- default_awx_version not in task_image_tags
- name: Launch Demo Job Template
awx.awx.job_launch:
name: Demo Job Template
wait: yes
validate_certs: no
controller_host: localhost/awx/
controller_username: admin
controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
rescue:
- name: Get list of project updates and jobs
uri:
url: "http://localhost/awx/api/v2/{{ resource }}/"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
register: job_lists
loop:
- project_updates
- jobs
loop_control:
loop_var: resource
- name: Get all job and project details
uri:
url: "http://localhost{{ endpoint }}"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
loop: |
{{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
loop_control:
loop_var: endpoint
- name: Re-emit failure
vars:
failed_task:
result: '{{ ansible_failed_result }}'
fail:
msg: '{{ failed_task }}'
- block:
- name: Look up details for this AWX instance - name: Look up details for this AWX instance
k8s_info: k8s_info:
namespace: "{{ namespace }}" namespace: "{{ namespace }}"
@@ -117,6 +27,31 @@
- app.kubernetes.io/name = example-awx-task - app.kubernetes.io/name = example-awx-task
register: awx_task_pod register: awx_task_pod
- name: Validate DEFAULT_AWX_VERSION
block:
- name: Extract tags from images from web pod
set_fact:
web_image_tags: |
{{ awx_web_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
- name: Extract tags from images from task pod
set_fact:
task_image_tags: |
{{ awx_task_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
- fail:
msg: |
It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
This is an environment variable that is set via build arg when releasing awx-operator.
when:
- default_awx_version not in web_image_tags
- default_awx_version not in task_image_tags
when: not awx_version
- name: Validate additional_labels
block:
- name: Extract additional_labels from AWX spec - name: Extract additional_labels from AWX spec
set_fact: set_fact:
awx_additional_labels: >- awx_additional_labels: >-
@@ -184,3 +119,124 @@
result: '{{ ansible_failed_result }}' result: '{{ ansible_failed_result }}'
fail: fail:
msg: '{{ failed_task }}' msg: '{{ failed_task }}'
- name: Obtain generated admin password
k8s_info:
namespace: '{{ namespace }}'
kind: Secret
name: example-awx-admin-password
register: admin_pw_secret
- name: Wait for instance to be ready
uri:
url: "http://localhost/awx/api/v2/instances/?node_type=control&node_state=ready"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
register: instances
until: instances['json']['count'] | int > 0
retries: 20
delay: 2
- name: Validate demo job launch
block:
- name: Launch Demo Job Template
awx.awx.job_launch:
name: Demo Job Template
wait: yes
validate_certs: no
controller_host: localhost/awx/
controller_username: admin
controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
rescue:
- name: Create debug output directory
ansible.builtin.file:
path: '{{ debug_output_dir }}'
state: directory
- name: Get list of project updates and jobs
uri:
url: "http://localhost/awx/api/v2/{{ resource }}/"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
register: job_lists
loop:
- project_updates
- jobs
loop_control:
loop_var: resource
- name: Store job_lists debug output
copy:
content: "{{ job_lists | to_nice_json }}"
dest: "{{ debug_output_dir }}/job_lists.json"
when: store_debug_output | default(false)
- name: Get all job and project_update details
uri:
url: "http://localhost{{ endpoint }}"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
loop: |
{{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
loop_control:
loop_var: endpoint
register: job_details
- name: Store job_details debug output
copy:
content: "{{ job_details | to_nice_json }}"
dest: "{{ debug_output_dir }}/job_details.json"
when: store_debug_output | default(false)
- name: Get list of instances
uri:
url: "http://localhost/awx/api/v2/instances/"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
register: instances_list
- name: Store instances_list debug output
copy:
content: "{{ instances_list | to_nice_json }}"
dest: "{{ debug_output_dir }}/instances_list.json"
when: store_debug_output | default(false)
- name: Get instances detail
uri:
url: "http://localhost{{ item }}"
user: admin
password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
force_basic_auth: yes
loop: |
{{ instances_list.json.results | map(attribute='url') }}
loop_control:
loop_var: item
register: instances_details
- name: Store instances_details debug output
copy:
content: "{{ instances_details | to_nice_json }}"
dest: "{{ debug_output_dir }}/instances_details.json"
when: store_debug_output | default(false)
## TODO: figure out why this doesn't work
# - name: Store debug outputs
# copy:
# content: '{{ item }}'
# dest: "{{ debug_output_dir }}/{{ item }}.json"
# loop:
# - job_lists
# - job_details
# when: store_debug_output | default(false)
- name: Re-emit failure
vars:
failed_task:
result: '{{ ansible_failed_result }}'
fail:
msg: '{{ failed_task }}'

11
molecule/default/templates/awx_cr_molecule.yml.j2
View File

@@ -13,6 +13,12 @@ spec:
{% endif %} {% endif %}
{% if awx_version %} {% if awx_version %}
image_version: {{ awx_version }} image_version: {{ awx_version }}
{% endif %}
{% if awx_ee_image %}
control_plane_ee_image: {{ awx_ee_image }}
ee_images:
- image: {{ awx_ee_image }}
name: AWX EE
{% endif %} {% endif %}
ingress_type: ingress ingress_type: ingress
ingress_path: /awx ingress_path: /awx
@@ -32,11 +38,14 @@ spec:
memory: 16M memory: 16M
no_log: false no_log: false
postgres_resource_requirements: {} postgres_resource_requirements: {}
postgres_init_container_resource_requirements: {}
redis_resource_requirements: {} redis_resource_requirements: {}
additional_labels: additional_labels:
- my/team - my/team
- my/service - my/service
extra_settings:
- setting: LOG_AGGREGATOR_LEVEL
value: "'DEBUG'"
task_readiness_period: 15
{% if additional_fields is defined %} {% if additional_fields is defined %}
{{ additional_fields | to_nice_yaml | indent(2) }} {{ additional_fields | to_nice_yaml | indent(2) }}
{% endif %} {% endif %}

15
molecule/default/utils/output_all_container_logs_for_pod.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- name: Get all container log in pod
kubernetes.core.k8s_log:
namespace: '{{ namespace }}'
name: '{{ item.metadata.name }}'
all_containers: true
register: all_container_logs
- name: Store logs in file
ansible.builtin.copy:
content: "{{ all_container_logs.log_lines | join('\n') }}"
dest: '{{ debug_output_dir }}/{{ item.metadata.name }}.log'
# TODO: all_containser option dump all of the output in a single output make it hard to read we probably should iterate through each of the container to get specific logs
# also we should probably investigate toolings to do OpenShift style sosreport/must-gather for kind cluster or switch to microshift where sosreport is supported

29
molecule/default/utils/output_k8s_resources.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Retrieve relevant k8s resources
kubernetes.core.k8s_info:
api_version: '{{ item.api_version }}'
kind: '{{ item.kind }}'
namespace: '{{ namespace }}'
loop:
- api_version: v1
kind: Pod
- api_version: apps/v1
kind: Deployment
- api_version: v1
kind: Secret
- api_version: v1
kind: ConfigMap
- api_version: "awx.ansible.com/v1beta1"
kind: AWX
register: debug_resources
- name: debug print item.kind and item.metadata.name
debug:
msg: '{{ item.kind }}-{{ item.metadata.name }}'
loop: "{{ debug_resources.results | map(attribute='resources') | flatten }}"
- name: Output gathered resource to files
ansible.builtin.copy:
content: '{{ item | to_nice_json }}'
dest: '{{ debug_output_dir }}/{{ item.kind }}-{{ item.metadata.name }}.json'
loop: "{{ debug_resources.results | map(attribute='resources') | flatten }}"

63
molecule/default/verify.yml
View File

@@ -10,52 +10,41 @@
ctrl_label: control-plane=controller-manager ctrl_label: control-plane=controller-manager
tasks: tasks:
- block: - name: Perform awx tests
block:
- name: Import all test files from tasks/ - name: Import all test files from tasks/
include_tasks: '{{ item }}' ansible.builtin.include_tasks: '{{ item }}'
with_fileglob: with_fileglob:
- tasks/*_test.yml - tasks/awx_test.yml
- tasks/awx_replicas_test.yml
tags: tags:
- always - always
rescue: rescue:
- name: Retrieve relevant resources - name: Create debug output directory
k8s_info: ansible.builtin.file:
api_version: '{{ item.api_version }}' path: '{{ debug_output_dir }}'
kind: '{{ item.kind }}' state: directory
namespace: '{{ namespace }}' tags:
loop: - always
- api_version: v1
- name: Gather and output K8s resources
ansible.builtin.include_tasks: utils/output_k8s_resources.yml
tags:
- always
- name: Get all pods
kubernetes.core.k8s_info:
api_version: v1
kind: Pod kind: Pod
- api_version: apps/v1
kind: Deployment
- api_version: v1
kind: Secret
- api_version: v1
kind: ConfigMap
register: debug_resources
tags:
- always
- name: Retrieve Pod logs
k8s_log:
name: '{{ item.metadata.name }}'
namespace: '{{ namespace }}' namespace: '{{ namespace }}'
container: awx-manager register: all_pods
loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}"
register: debug_logs
tags: tags:
- always - always
- name: Output gathered resources - name: Get all container logs for all pods
debug: ansible.builtin.include_tasks: utils/output_all_container_logs_for_pod.yml
var: debug_resources loop: '{{ all_pods.resources }}'
tags: ignore_errors: yes
- always
- name: Output gathered logs
debug:
var: item.log_lines
loop: '{{ debug_logs.results }}'
tags: tags:
- always - always
@@ -63,7 +52,7 @@
vars: vars:
failed_task: failed_task:
result: '{{ ansible_failed_result }}' result: '{{ ansible_failed_result }}'
fail: ansible.builtin.fail:
msg: '{{ failed_task }}' msg: '{{ failed_task }}'
tags: tags:
- always - always

3
molecule/kind/molecule.yml
View File

@@ -23,6 +23,7 @@ provisioner:
namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
host_vars: host_vars:
localhost: localhost:
awx_ee_image: ${AWX_EE_TEST_IMAGE:-""}
awx_image: ${AWX_TEST_IMAGE:-""} awx_image: ${AWX_TEST_IMAGE:-""}
awx_version: ${AWX_TEST_VERSION:-""} awx_version: ${AWX_TEST_VERSION:-""}
ansible_python_interpreter: '{{ ansible_playbook_python }}' ansible_python_interpreter: '{{ ansible_playbook_python }}'
@@ -34,6 +35,8 @@ provisioner:
operator_pull_policy: "Never" operator_pull_policy: "Never"
kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
kustomize: ${KUSTOMIZE_PATH:-kustomize} kustomize: ${KUSTOMIZE_PATH:-kustomize}
store_debug_output: ${STORE_DEBUG_OUTPUT:-false}
debug_output_dir: ${DEBUG_OUTPUT_DIR:-"/tmp/awx_operator_molecule_test"}
env: env:
K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig

2
molecule/requirements.yml
View File

@@ -2,8 +2,6 @@
collections: collections:
- name: community.general - name: community.general
- name: kubernetes.core - name: kubernetes.core
version: 2.3.2
- name: operator_sdk.util - name: operator_sdk.util
- name: community.docker - name: community.docker
version: 3.4.5
- name: awx.awx - name: awx.awx

20
noxfile.py Normal file
View File

@@ -0,0 +1,20 @@
import nox
@nox.session
def build(session: nox.Session):
"""
Build the AWX Operator docsite.
"""
session.install(
"-r",
"docs/requirements.in",
"-c",
"docs/requirements.txt",
)
session.run(
"mkdocs",
"build",
"--strict",
*session.posargs,
)

Some files were not shown because too many files have changed in this diff Show More