internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-08 06:12:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:2.4.0
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:docs-for-port-quotes
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

1 Commits
2.4.0 ... docs-for-p

Author SHA1 Message Date
Christian Adams
d53c93c864 Document the need for quotes on pg secret port value 2023-03-15 13:35:49 -04:00
54 changed files with 388 additions and 2535 deletions
Expand all files Collapse all files

2
.github/workflows/ci.yaml vendored
View File

@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: molecule name: molecule
env: env:
DOCKER_API_VERSION: "1.41" DOCKER_API_VERSION: "1.38"
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2

2
.github/workflows/feature.yml vendored
View File

@@ -8,7 +8,7 @@ on:
jobs: jobs:
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-18.04
name: Push devel image name: Push devel image
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3

10
.github/workflows/promote.yaml vendored
View File

@@ -12,6 +12,11 @@ jobs:
with: with:
depth: 0 depth: 0
- uses: actions/checkout@v3
with:
ref: gh-pages
path: gh-pages
- name: Log in to GHCR - name: Log in to GHCR
run: | run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
@@ -34,6 +39,5 @@ jobs:
-e operator_image=quay.io/${{ github.repository }} \ -e operator_image=quay.io/${{ github.repository }} \
-e chart_owner=${{ github.repository_owner }} \ -e chart_owner=${{ github.repository_owner }} \
-e tag=${{ github.event.release.tag_name }} \ -e tag=${{ github.event.release.tag_name }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }} \ -e gh_token=${{ secrets.GITHUB_TOKEN }}
-e gh_user=${{ github.actor }} \ -e gh_user=${{ github.actor }}
-e repo_type=https

26
.github/workflows/publish-helm.yml vendored
View File

@@ -1,26 +0,0 @@
---
name: Re-publish helm chart
on:
workflow_dispatch:
inputs:
tag:
description: 'Release tag'
required: true
type: string
jobs:
promote:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
depth: 0
- name: Release Helm chart
run: |
ansible-playbook ansible/helm-release.yml -v \
-e operator_image=quay.io/${{ github.repository }} \
-e chart_owner=${{ github.repository_owner }} \
-e tag=${{ inputs.tag }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
-e gh_user=${{ github.actor }} \
-e repo_type=https

1
.gitignore vendored
View File

@@ -9,4 +9,3 @@ gh-pages/
/.cr-release-packages /.cr-release-packages
.vscode/ .vscode/
__pycache__ __pycache__
/site

1
.yamllint
View File

@@ -7,7 +7,6 @@ ignore: |
awx-operator.clusterserviceversion.yaml awx-operator.clusterserviceversion.yaml
bundle bundle
.helm/starter .helm/starter
hacking/
rules: rules:
truthy: disable truthy: disable

13
CONTRIBUTING.md
View File

@@ -31,7 +31,7 @@ Have questions about this document or anything not covered here? Please file a n
``` ```
2. Make your changes. 2. Make your changes.
3. Test your changes according described on the Testing section. 3. Test your changes according described on the Testing section.
4. If everything looks correct, commit your changes. 4. If everylooks looks correct, commit your changes.
```sh ```sh
#> git add <FILES> #> git add <FILES>
#> git commit -m "My message here" #> git commit -m "My message here"
@@ -56,17 +56,14 @@ Running `molecule test` sets up a clean environment, builds the operator, runs a
If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end. If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
#### Testing in Kind #### Testing in Docker
Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
* https://kind.sigs.k8s.io/docs/user/quick-start/
To run the tests, from the root of your checkout, run the following command:
```sh ```sh
#> molecule test -s kind #> molecule test -s test-local
``` ```
This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
#### Testing in Minikube #### Testing in Minikube
```sh ```sh

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM quay.io/operator-framework/ansible-operator:v1.28.1 FROM quay.io/operator-framework/ansible-operator:v1.26.0
USER 0 USER 0

13
Makefile
View File

@@ -65,7 +65,6 @@ CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
CHART_OWNER ?= $(GH_REPO_OWNER) CHART_OWNER ?= $(GH_REPO_OWNER)
CHART_REPO ?= awx-operator CHART_REPO ?= awx-operator
CHART_BRANCH ?= gh-pages CHART_BRANCH ?= gh-pages
CHART_DIR ?= gh-pages
CHART_INDEX ?= index.yaml CHART_INDEX ?= index.yaml
.PHONY: all .PHONY: all
@@ -141,7 +140,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
@{ \ @{ \
set -e ;\ set -e ;\
mkdir -p $(dir $(KUSTOMIZE)) ;\ mkdir -p $(dir $(KUSTOMIZE)) ;\
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \ curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ ;\ tar xzf - -C bin/ ;\
} }
else else
@@ -228,7 +227,7 @@ ifeq (,$(shell which kubectl-slice 2>/dev/null))
@{ \ @{ \
set -e ;\ set -e ;\
mkdir -p $(dir $(KUBECTL_SLICE)) ;\ mkdir -p $(dir $(KUBECTL_SLICE)) ;\
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \ curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
tar xzf - -C bin/ kubectl-slice ;\ tar xzf - -C bin/ kubectl-slice ;\
} }
else else
@@ -355,7 +354,7 @@ helm-package: helm-chart
@echo "== Package Current Chart Version ==" @echo "== Package Current Chart Version =="
mkdir -p .cr-release-packages mkdir -p .cr-release-packages
# package the chart and put it in .cr-release-packages dir # package the chart and put it in .cr-release-packages dir
$(HELM) package ./charts/awx-operator -d .cr-release-packages/$(VERSION) $(HELM) package ./charts/awx-operator -d .cr-release-packages
# List all tags oldest to newest. # List all tags oldest to newest.
TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3) TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3)
@@ -365,7 +364,7 @@ TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/
# that is contained within a larger repo, where a tag may not require a new chart version # that is contained within a larger repo, where a tag may not require a new chart version
.PHONY: helm-index .PHONY: helm-index
helm-index: helm-index:
# when running in CI the gh-pages branch is checked out by the ansible playbook # when running in CI this gh-pages are already checked out with github action to 'gh-pages' directory
# TODO: test if gh-pages directory exists and if not exist # TODO: test if gh-pages directory exists and if not exist
@echo "== GENERATE INDEX FILE ==" @echo "== GENERATE INDEX FILE =="
@@ -393,6 +392,6 @@ helm-index:
# generate the index file in the root of the gh-pages branch # generate the index file in the root of the gh-pages branch
# --merge will leave any values in index.yaml that don't get generated by this command, but # --merge will leave any values in index.yaml that don't get generated by this command, but
# it is likely that all values are overridden # it is likely that all values are overridden
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml $(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge gh-pages/index.yaml
mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml mv .cr-release-packages/index.yaml gh-pages/index.yaml

114
README.md
View File

@@ -131,7 +131,7 @@ $ alias kubectl="minikube kubectl --"
### Basic Install ### Basic Install
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/ ) Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/
First, create a file called `kustomization.yaml` with the following content: First, create a file called `kustomization.yaml` with the following content:
@@ -156,7 +156,7 @@ namespace: awx
Install the manifests by running this: Install the manifests by running this:
``` ```
$ kubectl apply -k . $ kustomize build . | kubectl apply -f -
namespace/awx created namespace/awx created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
@@ -229,10 +229,10 @@ resources:
... ...
``` ```
Finally, apply the changes to create the AWX instance in your cluster: Finally, run `kustomize` again to create the AWX instance in your cluster:
``` ```
kubectl apply -k . kustomize build . | kubectl apply -f -
``` ```
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at: After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
@@ -403,14 +403,12 @@ The following variables are customizable only when `service_type=LoadBalancer`
| --------------------- | ---------------------------------------- | ------- | | --------------------- | ---------------------------------------- | ------- |
| loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http | | loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http |
| loadbalancer_port | Port used for Loadbalancer ingress | 80 | | loadbalancer_port | Port used for Loadbalancer ingress | 80 |
| loadbalancer_ip | Assign Loadbalancer IP | '' |
```yaml ```yaml
--- ---
spec: spec:
... ...
service_type: LoadBalancer service_type: LoadBalancer
loadbalancer_ip: '192.168.10.25'
loadbalancer_protocol: https loadbalancer_protocol: https
loadbalancer_port: 443 loadbalancer_port: 443
service_annotations: | service_annotations: |
@@ -477,23 +475,6 @@ spec:
environment: testing environment: testing
``` ```
##### Specialized Ingress Controller configuration
Some Ingress Controllers need a special configuration to fully support AWX, add the following value with the `ingress_controller` variable, if you are using one of these:
| Ingress Controller name | value |
| ------------------------------------- | ------- |
| [Contour](https://projectcontour.io/) | contour |
```yaml
---
spec:
...
ingress_type: ingress
hostname: awx-demo.example.com
ingress_controller: contour
```
* Route * Route
The following variables are customizable when `ingress_type=route` The following variables are customizable when `ingress_type=route`
@@ -676,25 +657,6 @@ $ oc adm policy add-scc-to-user privileged -z awx
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action. Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
#### Containers HostAliases Requirements
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
| Name | Description | Default |
| ------------ | --------------------- | ------- |
| host_aliases | A list of HostAliases | None |
Example of customization could be:
```yaml
---
spec:
...
host_aliases:
- ip: <name-of-your-ip>
hostnames:
- <name-of-your-domain>
```
#### Containers Resource Requirements #### Containers Resource Requirements
@@ -716,29 +678,23 @@ spec:
requests: requests:
cpu: 250m cpu: 250m
memory: 2Gi memory: 2Gi
ephemeral-storage: 100M
limits: limits:
cpu: 1000m cpu: 1000m
memory: 4Gi memory: 4Gi
ephemeral-storage: 500M
task_resource_requirements: task_resource_requirements:
requests: requests:
cpu: 250m cpu: 250m
memory: 1Gi memory: 1Gi
ephemeral-storage: 100M
limits: limits:
cpu: 2000m cpu: 2000m
memory: 2Gi memory: 2Gi
ephemeral-storage: 500M
ee_resource_requirements: ee_resource_requirements:
requests: requests:
cpu: 250m cpu: 250m
memory: 100Mi memory: 100Mi
ephemeral-storage: 100M
limits: limits:
cpu: 500m cpu: 500m
memory: 2Gi memory: 2Gi
ephemeral-storage: 500M
``` ```
#### Priority Classes #### Priority Classes
@@ -758,14 +714,7 @@ spec:
control_plane_priority_class: awx-demo-high-priority control_plane_priority_class: awx-demo-high-priority
postgres_priority_class: awx-demo-medium-priority postgres_priority_class: awx-demo-medium-priority
``` ```
#### Scaling the Web and Task Pods independently
You can scale replicas up or down for each deployment by using the `web_replicas` or `task_replicas` respectively. You can scale all pods across both deployments by using `replicas` as well. The logic behind these CRD keys acts as such:
- If you specify the `replicas` field, the key passed will scale both the `web` and `task` replicas to the same number.
- If `web_replicas` or `task_replicas` is ever passed, it will override the existing `replicas` field on the specific deployment with the new key value.
These new replicas can be constrained in a similar manner to previous single deployments by appending the particular deployment name in front of the constraint used. More about those new constraints can be found below in the [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes) section.
#### Assigning AWX pods to specific nodes #### Assigning AWX pods to specific nodes
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
@@ -774,25 +723,15 @@ pods to be scheduled onto nodes with matching taints.
The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints` The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints`
If you want to use affinity rules for your AWX pod you can use the `affinity` option. If you want to use affinity rules for your AWX pod you can use the `affinity` option.
If you want to constrain the web and task pods individually, you can do so by specificying the deployment type before the specific setting. For
example, specifying `task_tolerations` will allow the AWX task pod to be scheduled onto nodes with matching taints.
| Name | Description | Default | | Name | Description | Default |
| -------------------------------- | ---------------------------------------- | ------- | | --------------------------- | ----------------------------------- | ------- |
| postgres_image | Path of the image to pull | postgres | | postgres_image | Path of the image to pull | postgres |
| postgres_image_version | Image version to pull | 13 | | postgres_image_version | Image version to pull | 13 |
| node_selector | AWX pods' nodeSelector | '' | | node_selector | AWX pods' nodeSelector | '' |
| web_node_selector | AWX web pods' nodeSelector | '' |
| task_node_selector | AWX task pods' nodeSelector | '' |
| topology_spread_constraints | AWX pods' topologySpreadConstraints | '' | | topology_spread_constraints | AWX pods' topologySpreadConstraints | '' |
| web_topology_spread_constraints | AWX web pods' topologySpreadConstraints | '' |
| task_topology_spread_constraints | AWX task pods' topologySpreadConstraints | '' |
| affinity | AWX pods' affinity rules | '' | | affinity | AWX pods' affinity rules | '' |
| web_affinity | AWX web pods' affinity rules | '' |
| task_affinity | AWX task pods' affinity rules | '' |
| tolerations | AWX pods' tolerations | '' | | tolerations | AWX pods' tolerations | '' |
| web_tolerations | AWX web pods' tolerations | '' |
| task_tolerations | AWX task pods' tolerations | '' |
| annotations | AWX pods' annotations | '' | | annotations | AWX pods' annotations | '' |
| postgres_selector | Postgres pods' nodeSelector | '' | | postgres_selector | Postgres pods' nodeSelector | '' |
| postgres_tolerations | Postgres pods' tolerations | '' | | postgres_tolerations | Postgres pods' tolerations | '' |
@@ -819,11 +758,6 @@ spec:
operator: "Equal" operator: "Equal"
value: "AWX" value: "AWX"
effect: "NoSchedule" effect: "NoSchedule"
task_tolerations: |
- key: "dedicated"
operator: "Equal"
value: "AWX_task"
effect: "NoSchedule"
postgres_selector: | postgres_selector: |
disktype: ssd disktype: ssd
kubernetes.io/arch: amd64 kubernetes.io/arch: amd64
@@ -936,7 +870,7 @@ A sample of extra settings can be found as below. All possible options can be fo
value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)' value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
- setting: AUTH_LDAP_GROUP_TYPE - setting: AUTH_LDAP_GROUP_TYPE
value: 'GroupOfNamesType()' value: 'GroupOfNamesType(name_attr="cn")'
- setting: AUTH_LDAP_USER_ATTR_MAP - setting: AUTH_LDAP_USER_ATTR_MAP
value: '{"first_name": "givenName","last_name": "sn","email": "mail"}' value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'
@@ -1004,7 +938,6 @@ In a scenario where custom volumes and volume mounts are required to either over
| extra_volumes | Specify extra volumes to add to the application pod | '' | | extra_volumes | Specify extra volumes to add to the application pod | '' |
| web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' | | web_extra_volume_mounts | Specify volume mounts to be added to Web container | '' |
| task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' | | task_extra_volume_mounts | Specify volume mounts to be added to Task container | '' |
| rsyslog_extra_volume_mounts | Specify volume mounts to be added to Rsyslog container | '' |
| ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' | | ee_extra_volume_mounts | Specify volume mounts to be added to Execution container | '' |
| init_container_extra_volume_mounts | Specify volume mounts to be added to Init container | '' | | init_container_extra_volume_mounts | Specify volume mounts to be added to Init container | '' |
| init_container_extra_commands | Specify additional commands for Init container | '' | | init_container_extra_commands | Specify additional commands for Init container | '' |
@@ -1090,33 +1023,6 @@ Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it i
The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present. The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
##### Custom Favicon
You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
First, Create the configmap from a local favicon.ico file.
```bash
$ oc create configmap favicon-configmap --from-file favicon.ico
```
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
```yaml
spec:
extra_volumes: |
- name: favicon
configMap:
defaultMode: 420
items:
- key: favicon.ico
path: favicon.ico
name: favicon-configmap
web_extra_volume_mounts: |
- name: favicon
mountPath: /var/lib/awx/public/static/media/favicon.ico
subPath: favicon.ico
```
#### Default execution environments from private registries #### Default execution environments from private registries
@@ -1167,10 +1073,9 @@ type: kubernetes.io/dockerconfigjson
If you need to export custom environment variables to your containers. If you need to export custom environment variables to your containers.
| Name | Description | Default | | Name | Description | Default |
| ----------------- | ------------------------------------------------------ | ------- | | -------------- | --------------------------------------------------- | ------- |
| task_extra_env | Environment variables to be added to Task container | '' | | task_extra_env | Environment variables to be added to Task container | '' |
| web_extra_env | Environment variables to be added to Web container | '' | | web_extra_env | Environment variables to be added to Web container | '' |
| rsyslog_extra_env | Environment variables to be added to Rsyslog container | '' |
| ee_extra_env | Environment variables to be added to EE container | '' | | ee_extra_env | Environment variables to be added to EE container | '' |
> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec). > :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
@@ -1185,9 +1090,6 @@ Example configuration of environment variables
web_extra_env: | web_extra_env: |
- name: MYCUSTOMVAR - name: MYCUSTOMVAR
value: foo value: foo
rsyslog_extra_env: |
- name: MYCUSTOMVAR
value: foo
ee_extra_env: | ee_extra_env: |
- name: MYCUSTOMVAR - name: MYCUSTOMVAR
value: foo value: foo
@@ -1231,8 +1133,6 @@ With`extra_settings`, you can pass multiple custom settings via the `awx-operato
| -------------- | -------------- | ------- | | -------------- | -------------- | ------- |
| extra_settings | Extra settings | '' | | extra_settings | Extra settings | '' |
**Note:** Parameters configured in `extra_settings` are set as read-only settings in AWX. As a result, they cannot be changed in the UI after deployment. If you need to change the setting after the initial deployment, you need to change it on the AWX CR spec.
Example configuration of `extra_settings` parameter Example configuration of `extra_settings` parameter
```yaml ```yaml

90
ansible/helm-release.yml
View File

@@ -2,8 +2,6 @@
- hosts: localhost - hosts: localhost
vars: vars:
chart_repo: awx-operator chart_repo: awx-operator
environment:
CHART_OWNER: "{{ chart_owner }}"
tasks: tasks:
- name: Look up release - name: Look up release
uri: uri:
@@ -16,22 +14,6 @@
Release must exist before running this playbook Release must exist before running this playbook
when: release is not success when: release is not success
- name: Set helm filename and commit message
set_fact:
asset_already_attached: False
helm_file_name: "awx-operator-{{ tag }}.tgz"
commit_message: "Updated index.yaml for release {{ release.json.tag_name }}"
- name: See if file is already attached
set_fact:
asset_already_attached: True
loop: "{{ release.json.get('assets', []) }}"
loop_control:
label: "{{ item.name }}"
when: item.name == helm_file_name
- when: not asset_already_attached
block:
- name: Build and package helm chart - name: Build and package helm chart
command: | command: |
make helm-package make helm-package
@@ -44,8 +26,8 @@
# Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
- name: Upload helm chart - name: Upload helm chart
uri: uri:
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}" url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz"
src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz" src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
headers: headers:
Authorization: "token {{ gh_token }}" Authorization: "token {{ gh_token }}"
Content-Type: "application/octet-stream" Content-Type: "application/octet-stream"
@@ -55,68 +37,26 @@
register: asset_upload register: asset_upload
changed_when: asset_upload.json.state == "uploaded" changed_when: asset_upload.json.state == "uploaded"
- name: Ensure gh-pages exists - name: Configure git config
file: shell: |
state: directory git config user.name {{ gh_user }}
path: "{{ playbook_dir }}/../gh-pages" git config user.email {{ gh_user }}@users.noreply.github.com
args:
- name: Check if we have published the release
command:
cmd: "git log --grep='{{ commit_message }}'"
chdir: "{{ playbook_dir }}/../gh-pages" chdir: "{{ playbook_dir }}/../gh-pages"
register: commits_for_release
- when: commits_for_release.stdout == ''
block:
- name: Make a temp dir
tempfile:
state: directory
register: temp_dir
- name: Clone the gh-pages branch from {{ chart_owner }}
git:
repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}"
dest: "{{ temp_dir.path }}"
single_branch: yes
version: gh-pages
vars:
http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}"
ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git"
- name: Publish helm index - name: Publish helm index
ansible.builtin.command: command: |
cmd: make helm-index make helm-index
environment: environment:
CHART_OWNER: "{{ chart_owner }}" CHART_OWNER: "{{ chart_owner }}"
CR_TOKEN: "{{ gh_token }}" CR_TOKEN: "{{ gh_token }}"
CHART_DIR: "{{ temp_dir.path }}"
args: args:
chdir: "{{ playbook_dir }}/.." chdir: "{{ playbook_dir }}/../"
- name: Set url base swap in gitconfig
command:
cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
args:
chdir: "{{ temp_dir.path }}/"
no_log: true
- name: Stage and Push commit to gh-pages branch - name: Stage and Push commit to gh-pages branch
command: shell: |
cmd: "{{ item }}" git add index.yaml
loop: git commit -m "Updated index.yaml latest release"
- git add index.yaml git push
- git commit -m "{{ commit_message }}"
- git push
args: args:
chdir: "{{ temp_dir.path }}/" chdir: "{{ playbook_dir }}/../gh-pages"
environment:
GIT_AUTHOR_NAME: "{{ gh_user }}"
GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com"
GIT_COMMITTER_NAME: "{{ gh_user }}"
GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com"
always:
- name: Remove temp dir
file:
path: "{{ temp_dir.path }}"
state: absent

14
config/crd/bases/awx.ansible.com_awxbackups.yaml
View File

@@ -90,20 +90,6 @@ spec:
postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
db_management_pod_node_selector:
description: nodeSelector for the Postgres pods to backup
type: string
no_log: no_log:
description: Configure no_log for no_log tasks description: Configure no_log for no_log tasks
type: boolean type: boolean

18
config/crd/bases/awx.ansible.com_awxrestores.yaml
View File

@@ -39,14 +39,12 @@ spec:
spec: spec:
type: object type: object
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
required:
- deployment_name
properties: properties:
backup_source: backup_source:
description: Backup source description: Backup source
type: string type: string
enum: enum:
- Backup CR - CR
- PVC - PVC
deployment_name: deployment_name:
description: Name of the restored deployment. This should be different from the original deployment name description: Name of the restored deployment. This should be different from the original deployment name
@@ -94,20 +92,6 @@ spec:
postgres_image_version: postgres_image_version:
description: PostgreSQL container image version to use description: PostgreSQL container image version to use
type: string type: string
image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
db_management_pod_node_selector:
description: nodeSelector for the Postgres pods to backup
type: string
no_log: no_log:
description: Configure no_log for no_log tasks description: Configure no_log for no_log tasks
type: boolean type: boolean

902
config/crd/bases/awx.ansible.com_awxs.yaml
View File

File diff suppressed because it is too large Load Diff

10
config/default/kustomization.yaml
View File

@@ -21,10 +21,12 @@ resources:
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus #- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth. # Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics # If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line. # endpoint w/o any authn/z, please comment the following line.
apiVersion: kustomize.config.k8s.io/v1beta1 - manager_auth_proxy_patch.yaml
kind: Kustomization
patches: # Mount the controller config file for loading manager configurations
- path: manager_auth_proxy_patch.yaml # through a ComponentConfig type
#- manager_config_patch.yaml

9
config/default/manager_auth_proxy_patch.yaml
View File

@@ -12,10 +12,11 @@ spec:
- name: kube-rbac-proxy - name: kube-rbac-proxy
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: # TODO(user): uncomment for common cases that do not require escalating privileges
drop: # capabilities:
- "ALL" # drop:
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 # - "ALL"
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
args: args:
- "--secure-listen-address=0.0.0.0:8443" - "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/" - "--upstream=http://127.0.0.1:8080/"

1
config/manager/manager.yaml
View File

@@ -51,6 +51,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# TODO(user): uncomment for common cases that do not require escalating privileges
capabilities: capabilities:
drop: drop:
- "ALL" - "ALL"

186
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -65,11 +65,6 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image Pull Policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: No Log Configuration - displayName: No Log Configuration
path: no_log path: no_log
x-descriptors: x-descriptors:
@@ -93,10 +88,10 @@ spec:
kind: AWXRestore kind: AWXRestore
name: awxrestores.awx.ansible.com name: awxrestores.awx.ansible.com
specDescriptors: specDescriptors:
- description: Select what type of backup to specify. Backup CR, allows you - displayName: Backup Source to restore from
to specify the name of an AWXBackup object (recommended approach). The description: Select what type of backup to specify. Backup CR, allows you to specify
PVC option allows you to specify a custom PVC and directory to backup from. the name of an AWXBackup object (recommended approach). The PVC option allows you to
displayName: Backup Source to restore from specify a custom PVC and directory to backup from.
path: backup_source path: backup_source
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:select:Backup CR - urn:alm:descriptor:com.tectonic.ui:select:Backup CR
@@ -120,9 +115,8 @@ spec:
path: backup_pvc_namespace path: backup_pvc_namespace
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- description: This is the directory inside the PVC that your backup is stored - displayName: Backup Directory
in. description: This is the directory inside the PVC that your backup is stored in.
displayName: Backup Directory
path: backup_dir path: backup_dir
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
@@ -140,11 +134,6 @@ spec:
path: postgres_image_version path: postgres_image_version
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Image Pull Policy
path: image_pull_policy
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
- displayName: Restore Management Pod Resource Requirements - displayName: Restore Management Pod Resource Requirements
path: restore_resource_requirements path: restore_resource_requirements
x-descriptors: x-descriptors:
@@ -162,8 +151,7 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text - urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1 version: v1beta1
- description: Deploy a new instance of AWX. A standardized way to define, operate - description: Deploy a new instance of AWX. A standardized way to define, operate and scale automation with Ansible.
and scale automation with Ansible.
displayName: AWX displayName: AWX
kind: AWX kind: AWX
name: awxs.awx.ansible.com name: awxs.awx.ansible.com
@@ -198,9 +186,8 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- description: Name of the k8s secret the symmetric encryption key is stored - displayName: Secret Key
in. description: Name of the k8s secret the symmetric encryption key is stored in.
displayName: Secret Key
path: secret_key_secret path: secret_key_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -264,12 +251,6 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret - urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Ingress Controller
path: ingress_controller
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: LoadBalancer Annotations - displayName: LoadBalancer Annotations
path: service_annotations path: service_annotations
x-descriptors: x-descriptors:
@@ -289,12 +270,6 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number - urn:alm:descriptor:com.tectonic.ui:number
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: LoadBalancer IP
path: loadbalancer_ip
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:string
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
- displayName: Route API Version - displayName: Route API Version
path: route_api_version path: route_api_version
x-descriptors: x-descriptors:
@@ -333,11 +308,6 @@ spec:
path: image_pull_secret path: image_pull_secret
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: HostAliases for app containers
path: host_aliases
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Web Container Resource Requirements - displayName: Web Container Resource Requirements
path: web_resource_requirements path: web_resource_requirements
x-descriptors: x-descriptors:
@@ -353,9 +323,9 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL init container is not used when an external DB - displayName: PostgreSQL Init Container Resource Requirements
description: The PostgreSQL init container is not used when an external DB
is configured is configured
displayName: PostgreSQL Init Container Resource Requirements
path: postgres_init_container_resource_requirements path: postgres_init_container_resource_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -365,42 +335,25 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Rsyslog Container Resource Requirements - displayName: PostgreSQL Container Resource Requirements
path: rsyslog_resource_requirements description: The PostgreSQL container is not used when an external DB
x-descriptors: is configured
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL container is not used when an external DB is configured
displayName: PostgreSQL Container Resource Requirements
path: postgres_resource_requirements path: postgres_resource_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL container is not used when an external DB is configured - displayName: PostgreSQL Container Storage Requirements
displayName: PostgreSQL Container Storage Requirements description: The PostgreSQL container is not used when an external DB
is configured
path: postgres_storage_requirements path: postgres_storage_requirements
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- description: Init Container resource requirements
path: init_container_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas - displayName: Replicas
path: replicas path: replicas
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number - urn:alm:descriptor:com.tectonic.ui:number
- displayName: Web Replicas
path: web_replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Task Replicas
path: task_replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Remove used secrets on instance removal? - displayName: Remove used secrets on instance removal?
path: garbage_collect_secrets path: garbage_collect_secrets
x-descriptors: x-descriptors:
@@ -496,8 +449,8 @@ spec:
- displayName: Postgres Storage Class - displayName: Postgres Storage Class
path: postgres_storage_class path: postgres_storage_class
x-descriptors: x-descriptors:
- urn:alm:descriptor:io.kubernetes:StorageClass
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Datapath - displayName: Postgres Datapath
path: postgres_data_path path: postgres_data_path
x-descriptors: x-descriptors:
@@ -508,26 +461,6 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Enable Postgres Keepalives
path: postgres_keepalives
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Keepalives Count
path: postgres_keepalives_count
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Keepalives Idle
path: postgres_keepalives_idle
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Keepalives Interval
path: postgres_keepalives_interval
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Certificate Authorirty Trust Bundle - displayName: Certificate Authorirty Trust Bundle
path: ca_trust_bundle path: ca_trust_bundle
x-descriptors: x-descriptors:
@@ -658,28 +591,6 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Rsyslog Args
path: rsyslog_args
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Rsyslog Command
path: rsyslog_command
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Environment variables to be added to Rsyslog container
displayName: Rsyslog Extra Env
path: rsyslog_extra_env
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify volume mounts to be added to Rsyslog container
displayName: Rsyslog Extra Volume Mounts
path: rsyslog_extra_volume_mounts
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: Specify extra volumes to add to the application pod - description: Specify extra volumes to add to the application pod
displayName: Extra Volumes displayName: Extra Volumes
path: extra_volumes path: extra_volumes
@@ -691,46 +602,16 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Node Selector
path: web_node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Node Selector
path: task_node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Topology Spread Constraints - displayName: Topology Spread Constraints
path: topology_spread_constraints path: topology_spread_constraints
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Topology Spread Constraints
path: web_topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Topology Spread Constraints
path: task_topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Affinity - displayName: Affinity
path: affinity path: affinity
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Affinity
path: web_affinity
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Affinity
path: task_affinity
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Control Plane Priority Class - displayName: Control Plane Priority Class
path: control_plane_priority_class path: control_plane_priority_class
x-descriptors: x-descriptors:
@@ -757,31 +638,11 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Annotations
path: task_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Annotations
path: web_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tolerations - displayName: Tolerations
path: tolerations path: tolerations
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Tolerations
path: web_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Tolerations
path: task_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: CSRF Cookie Secure Setting - displayName: CSRF Cookie Secure Setting
path: csrf_cookie_secure path: csrf_cookie_secure
x-descriptors: x-descriptors:
@@ -792,11 +653,6 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden - urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Receptor Log Level
path: receptor_log_level
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: API Extra Settings - displayName: API Extra Settings
path: extra_settings path: extra_settings
x-descriptors: x-descriptors:
@@ -862,8 +718,8 @@ spec:
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Additional labels defined on the resource, which should be propagated - displayName: Additional labels defined on the resource, which should be
to child resources propagated to child resources
path: additional_labels path: additional_labels
x-descriptors: x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -948,7 +804,7 @@ spec:
- email: awx-project@googlegroups.com - email: awx-project@googlegroups.com
name: AWX Team name: AWX Team
maturity: alpha maturity: alpha
minKubeVersion: 1.22.15 MinKubeVersion: 1.22.15
provider: provider:
name: Ansible name: Ansible
url: github.com/ansible/awx-operator url: github.com/ansible/awx-operator

8
config/testing/kustomization.yaml
View File

@@ -7,6 +7,10 @@ namePrefix: osdk-
#commonLabels: #commonLabels:
# someName: someValue # someName: someValue
patchesStrategicMerge:
- manager_image.yaml
- debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
@@ -17,7 +21,3 @@ resources:
images: images:
- name: testing - name: testing
newName: testing-operator newName: testing-operator
patches:
- path: manager_image.yaml
- path: debug_logs_patch.yaml
- path: ../default/manager_auth_proxy_patch.yaml

65
docs/debugging.md
View File

@@ -1,67 +1,4 @@
# Debugging the AWX Operator # Iterating on the installer without deploying the operator
## General Debugging
When the operator is deploying AWX, it is running the `installer` role inside the operator container. If the AWX CR's status is `Failed`, it is often useful to look at the awx-operator container logs, which shows the output of the installer role. To see these logs, run:
```
kubectl logs deployments/awx-operator-controller-manager -c awx-manager -f
```
### Inspect k8s Resources
Past that, it is often useful to inspect various resources the AWX Operator manages like:
* awx
* awxbackup
* awxrestore
* pod
* deployment
* pvc
* service
* ingress
* route
* secrets
* serviceaccount
And if installing via OperatorHub and OLM:
* subscription
* csv
* installPlan
* catalogSource
To inspect these resources you can use these commands
```
# Inspecting k8s resources
kubectl describe -n <namespace> <resource> <resource-name>
kubectl get -n <namespace> <resource> <resource-name> -o yaml
kubectl logs -n <namespace> <resource> <resource-name>
# Inspecting Pods
kubectl exec -it -n <namespace> <pod> <pod-name>
```
### Configure No Log
It is possible to show task output for debugging by setting no_log to false on the AWX CR spec.
This will show output in the awx-operator logs for any failed tasks where no_log was set to true.
For example:
```
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-demo
spec:
service_type: nodeport
no_log: false # <------------
```
## Iterating on the installer without deploying the operator
Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps. Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps.

29
docs/doc-proposal.md
View File

@@ -1,29 +0,0 @@
# Docs Breakdown for AWX Operator
## Introduction
This table below is aimed at breaking down the ReadME documentation for Ansible AWX Operator and structure it in the way it can be moved to the Read The Docs module.
From the ReadMe file, the documentation can be classified into six distinct segments which are:
- Introduction/Getting Started
- Installation
- User Guide
- Upgrade
- Uninstall
- Contributors Guide
Using these listed segments, we can do a proper breakdown of all the topics in the ReadMe and place each one in the segment they fall into. This table is open to any form of refactoring or modifications.
| Segments | Topics |
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Introduction | - [Purpose](https://github.com/ansible/awx-operator#purpose) |
| Installation | - [Creating a minikube cluster for testing](https://github.com/ansible/awx-operator#creating-a-minikube-cluster-for-testing)<br>- [Basic Install](https://github.com/ansible/awx-operator#basic-install)<br>- [Helm Install on existing cluster](https://github.com/ansible/awx-operator#helm-install-on-existing-cluster) |
| User Guide | - [Admin user account configuration](https://github.com/ansible/awx-operator#admin-user-account-configuration)<br>- [Network and TLS Configuration](https://github.com/ansible/awx-operator#network-and-tls-configuration)<br> * [Service Type](https://github.com/ansible/awx-operator#service-type)<br> * [Ingress Type](https://github.com/ansible/awx-operator#ingress-type)<br>- [Database Configuration](https://github.com/ansible/awx-operator#database-configuration)<br> * [External PostgreSQL Service](https://github.com/ansible/awx-operator#external-postgresql-service)<br> * [Migrating data from an old AWX instance](https://github.com/ansible/awx-operator#migrating-data-from-an-old-awx-instance)<br> * [Managed PostgreSQL Service](https://github.com/ansible/awx-operator#managed-postgresql-service)<br>- [Advanced Configuration](https://github.com/ansible/awx-operator#advanced-configuration)<br> * [Deploying a specific version of AWX](https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx)<br> * [Redis container capabilities](https://github.com/ansible/awx-operator#redis-container-capabilities)<br> * [Privileged Tasks](https://github.com/ansible/awx-operator#privileged-tasks)<br> * [Containers Resource Requirements](https://github.com/ansible/awx-operator#containers-resource-requirements)<br> * [Priority Classes](https://github.com/ansible/awx-operator#priority-classes)<br> * [Assigning AWX pods to specific nodes](https://github.com/ansible/awx-operator#assigning-awx-pods-to-specific-nodes)<br> * [Trusting a Custom Certificate Authority](https://github.com/ansible/awx-operator#trusting-a-custom-certificate-authority)<br> * [Enabling LDAP Integration at AWX bootstrap](https://github.com/ansible/awx-operator#enabling-ldap-integration-at-awx-bootstrap)<br> * [Persisting Projects Directory](https://github.com/ansible/awx-operator#persisting-projects-directory)<br> * [Custom Volume and Volume Mount Options](https://github.com/ansible/awx-operator#custom-volume-and-volume-mount-options)<br> * [Default execution environments from private registries](https://github.com/ansible/awx-operator#default-execution-environments-from-private-registries)<br> * * [Control plane ee from private registry](https://github.com/ansible/awx-operator#control-plane-ee-from-private-registry)<br> * [Exporting Environment Variables to Containers](https://github.com/ansible/awx-operator#exporting-environment-variables-to-containers)<br> * [CSRF Cookie Secure Setting](https://github.com/ansible/awx-operator#csrf-cookie-secure-setting)<br> * [Session Cookie Secure Setting](https://github.com/ansible/awx-operator#session-cookie-secure-setting)<br> * [Extra Settings](https://github.com/ansible/awx-operator#extra-settings)<br> * [Configure no_log](https://github.com/ansible/awx-operator#no-log)<br> * [Auto Upgrade](https://github.com/ansible/awx-operator#auto-upgrade)<br> ** [Upgrade of instances without auto upgrade](https://github.com/ansible/awx-operator#upgrade-of-instances-without-auto-upgrade)<br> * [Service Account](https://github.com/ansible/awx-operator#service-account)<br> * [Labeling operator managed objects](https://github.com/ansible/awx-operator#labeling-operator-managed-objects)<br> * [Pods termination grace period](https://github.com/ansible/awx-operator#pods-termination-grace-period)<br> * [Disable IPV6](https://github.com/ansible/awx-operator#disable-ipv6)<br> * [Add Execution Nodes](https://github.com/ansible/awx-operator#adding-execution-nodes)<br> ** [Custom Receptor CA](https://github.com/ansible/awx-operator#custom-receptor-ca)<br> * [Debugging](https://github.com/ansible/awx-operator/blob/devel/docs/debugging.md)<br> * [Migration](https://github.com/ansible/awx-operator/blob/devel/docs/migration.md) |
| Upgrade | - [Upgrading](https://github.com/ansible/awx-operator#upgrading)<br> * [Backup](https://github.com/ansible/awx-operator#backup)<br> * [v0.14.0](https://github.com/ansible/awx-operator#v0140)<br> ** [Cluster-scope to Namespace-scope considerations](https://github.com/ansible/awx-operator#cluster-scope-to-namespace-scope-considerations)<br> ** [Project is now based on v1.x of the operator-sdk project](https://github.com/ansible/awx-operator#project-is-now-based-on-v1x-of-the-operator-sdk-project)<br> ** [Steps to upgrade](https://github.com/ansible/awx-operator#steps-to-upgrade) |
| Uninstall | - [Uninstall](https://github.com/ansible/awx-operator#uninstall) |
| Contributors Guide | - [Contributing](https://github.com/ansible/awx-operator#contributing)<br>- [Release Process](https://github.com/ansible/awx-operator#release-process)<br>- [Author](https://github.com/ansible/awx-operator#author)<br>- [Code of Conduct](https://github.com/ansible/awx-operator#code-of-conduct)<br>- [Get Involved](https://github.com/ansible/awx-operator#get-involved) |
Note: I could not get the multi-level bullet point list to work in the table so I used single asterisk `*` for one level down and double asterisk `**` for two level down.

1
docs/index.md
View File

@@ -1 +0,0 @@
# Welcome to the documentation of ansible awx-operator

12
docs/requirements.txt
View File

@@ -1,12 +0,0 @@
cairosvg==2.7.0
markdown-exec>=1.6.0
mkdocs-ansible[lock]>=0.1.6
mkdocs-gen-files>=0.4.0
mkdocs-material-extensions>=1.1.1
mkdocs-material>=9.1.15
mkdocs==1.4.3
mkdocstrings-python>=1.1.0
mkdocstrings>=0.22.0
pillow==9.5.0
pipdeptree==2.7.1
pymdown-extensions==10.0.1

82
mkdocs.yml
View File

@@ -1,82 +0,0 @@
---
site_name: awx-operator
site_url: https://awx-operator.readthedocs.io/
repo_url: https://github.com/ansible/awx-operator
edit_uri: blob/devel/docs/
docs_dir: docs
strict: true
use_directory_urls: false
theme:
name: "material"
features:
- content.code.copy
- content.action.edit
- navigation.expand
- navigation.sections
- navigation.instant
- navigation.indexes
- navigation.tracking
- toc.integrate
palette:
- media: "(prefers-color-scheme: light)"
primary: teal
accent: blue
scheme: default
toggle:
icon: material/brightness-7
name: Switch to dark mode
- media: "(prefers-color-scheme: dark)"
scheme: slate
primary: teal
accent: blue
toggle:
icon: material/brightness-4
name: Switch to light mode
nav:
- home: index.md
- debugging.md
- migration.md
plugins:
- autorefs
- markdown-exec
- search
- mkdocstrings:
handlers:
python:
paths: [src]
options:
# Sphinx is for historical reasons, but we could consider switching if needed
# https://mkdocstrings.github.io/griffe/docstrings/
docstring_style: sphinx
merge_init_into_class: yes
show_submodules: yes
import:
- url: https://docs.ansible.com/ansible/latest/objects.inv
domains: [py, std]
markdown_extensions:
- admonition
- def_list
- footnotes
- pymdownx.highlight:
anchor_linenums: true
- pymdownx.inlinehilite
- pymdownx.snippets:
check_paths: true
- pymdownx.superfences
- pymdownx.magiclink:
repo_url_shortener: true
repo_url_shorthand: true
social_url_shorthand: true
social_url_shortener: true
user: facelessuser
repo: pymdown-extensions
normalize_issue_symbols: true
- pymdownx.tabbed:
alternate_style: true
- toc:
toc_depth: 2
permalink: true

95
molecule/default/tasks/awx_test.yml
View File

@@ -19,36 +19,19 @@
register: admin_pw_secret register: admin_pw_secret
- block: - block:
- name: Get web pod details - name: Get pod details
k8s_info: k8s_info:
namespace: '{{ namespace }}' namespace: '{{ namespace }}'
kind: Pod kind: Pod
label_selectors: label_selectors:
- app.kubernetes.io/name = example-awx-web - app.kubernetes.io/name = example-awx
register: awx_web_pod register: awx_pod
when: not awx_version when: not awx_version
- name: Get task pod details - name: Extract tags from images
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-task
register: awx_task_pod
when: not awx_version
- name: Extract tags from images from web pod
set_fact: set_fact:
web_image_tags: | image_tags: |
{{ awx_web_pod.resources[0].spec.containers | {{ awx_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
- name: Extract tags from images from task pod
set_fact:
task_image_tags: |
{{ awx_task_pod.resources[0].spec.containers |
map(attribute='image') | map(attribute='image') |
map('regex_search', default_awx_version) }} map('regex_search', default_awx_version) }}
when: not awx_version when: not awx_version
@@ -59,8 +42,7 @@
This is an environment variable that is set via build arg when releasing awx-operator. This is an environment variable that is set via build arg when releasing awx-operator.
when: when:
- not awx_version - not awx_version
- default_awx_version not in web_image_tags - default_awx_version not in image_tags
- default_awx_version not in task_image_tags
- name: Launch Demo Job Template - name: Launch Demo Job Template
awx.awx.job_launch: awx.awx.job_launch:
@@ -103,7 +85,7 @@
msg: '{{ failed_task }}' msg: '{{ failed_task }}'
- block: - block:
- name: Look up details for this AWX instance - name: Look up details for this deployment
k8s_info: k8s_info:
namespace: "{{ namespace }}" namespace: "{{ namespace }}"
api_version: "awx.ansible.com/v1beta1" api_version: "awx.ansible.com/v1beta1"
@@ -111,21 +93,13 @@
name: example-awx name: example-awx
register: this_awx register: this_awx
- name: Get web pod details - name: Get pod details
k8s_info: k8s_info:
namespace: '{{ namespace }}' namespace: '{{ namespace }}'
kind: Pod kind: Pod
label_selectors: label_selectors:
- app.kubernetes.io/name = example-awx-web - app.kubernetes.io/name = example-awx
register: awx_web_pod register: awx_pod
- name: Get task pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-task
register: awx_task_pod
- name: Extract additional_labels from AWX spec - name: Extract additional_labels from AWX spec
set_fact: set_fact:
@@ -135,58 +109,31 @@
| list | list
}} }}
- name: Extract additional_labels from AWX web Pod - name: Extract additional_labels from AWX Pod
set_fact: set_fact:
awx_web_pod_additional_labels: >- pod_additional_labels: >-
{{ awx_web_pod.resources[0].metadata.labels {{ awx_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels) | dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
| list | list
}} }}
- name: Extract additional_labels from AWX task Pod - name: AWX Pod contains additional_labels
set_fact:
awx_task_pod_additional_labels: >-
{{ awx_task_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
| list
}}
- name: Assert AWX web Pod contains additional_labels
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- awx_web_pod_additional_labels == awx_additional_labels - pod_additional_labels == awx_additional_labels
- name: Assert AWX task Pod contains additional_labels - name: Extract Pod labels which shouldn't have been propagated to it from AWX
ansible.builtin.assert:
that:
- awx_task_pod_additional_labels == awx_additional_labels
- name: Extract web Pod labels which shouldn't have been propagated to it from AWX
set_fact: set_fact:
awx_web_pod_extra_labels: >- pod_extra_labels: >-
{{ awx_web_pod.resources[0].metadata.labels {{ awx_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"]) | dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
| list | list
}} }}
- name: AWX web Pod doesn't contain AWX labels not in additional_labels - name: AWX Pod doesn't contain AWX labels not in additional_labels
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- awx_web_pod_extra_labels == [] - pod_extra_labels == []
- name: Extract task Pod labels which shouldn't have been propagated to it from AWX
set_fact:
awx_task_pod_extra_labels: >-
{{ awx_task_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
| list
}}
- name: AWX task Pod doesn't contain AWX labels not in additional_labels
ansible.builtin.assert:
that:
- awx_task_pod_extra_labels == []
rescue: rescue:
- name: Re-emit failure - name: Re-emit failure
vars: vars:

14
molecule/kind/converge.yml
View File

@@ -5,20 +5,8 @@
gather_facts: no gather_facts: no
tasks: tasks:
# Remove after this if fixed: https://github.com/ansible-collections/community.docker/issues/611
- name: Install docker
become: yes
pip:
name:
- websocket-client==0.59.0
- requests==2.28.2
- urllib3==1.26.15
- docker
- docker-compose
state: present
- name: Build operator image - name: Build operator image
community.docker.docker_image: docker_image:
build: build:
path: '{{ project_dir }}' path: '{{ project_dir }}'
pull: no pull: no

1
molecule/requirements.txt
View File

@@ -5,4 +5,3 @@ ansible-lint
openshift!=0.13.0 openshift!=0.13.0
jmespath jmespath
ansible-core ansible-core
ansible-compat<4 # https://github.com/ansible-community/molecule/issues/3903

1
molecule/requirements.yml
View File

@@ -5,5 +5,4 @@ collections:
version: 2.3.2 version: 2.3.2
- name: operator_sdk.util - name: operator_sdk.util
- name: community.docker - name: community.docker
version: 3.4.4
- name: awx.awx - name: awx.awx

6
roles/backup/README.md
View File

@@ -82,12 +82,6 @@ It is also possible to tie the lifetime of the backup files to that of the AWXBa
clean_backup_on_delete: true clean_backup_on_delete: true
``` ```
Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
```
image_pull_policy: 'IfNotPresent'
```
Variable to define resources limits and request for backup CR. Variable to define resources limits and request for backup CR.
``` ```
backup_resource_requirements: backup_resource_requirements:

8
roles/backup/defaults/main.yml
View File

@@ -17,14 +17,6 @@ no_log: true
# Variable to set when you want backups to be cleaned up when the CRD object is deleted # Variable to set when you want backups to be cleaned up when the CRD object is deleted
clean_backup_on_delete: false clean_backup_on_delete: false
# Add a nodeSelector for the Postgres pods to backup.
# Specify as literal block. E.g.:
# db_management_pod_node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
db_management_pod_node_selector: ''
# Variable to signal that this role is being run as a finalizer # Variable to signal that this role is being run as a finalizer
finalizer_run: false finalizer_run: false

6
roles/backup/templates/management-pod.yml.j2
View File

@@ -10,7 +10,7 @@ spec:
containers: containers:
- name: {{ ansible_operator_meta.name }}-db-management - name: {{ ansible_operator_meta.name }}-db-management
image: "{{ _postgres_image }}" image: "{{ _postgres_image }}"
imagePullPolicy: "{{ image_pull_policy }}" imagePullPolicy: Always
command: ["sleep", "infinity"] command: ["sleep", "infinity"]
volumeMounts: volumeMounts:
- name: {{ ansible_operator_meta.name }}-backup - name: {{ ansible_operator_meta.name }}-backup
@@ -20,10 +20,6 @@ spec:
resources: resources:
{{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }} {{ backup_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
{%- endif %} {%- endif %}
{% if db_management_pod_node_selector %}
nodeSelector:
{{ db_management_pod_node_selector | indent(width=8) }}
{% endif %}
volumes: volumes:
- name: {{ ansible_operator_meta.name }}-backup - name: {{ ansible_operator_meta.name }}-backup
persistentVolumeClaim: persistentVolumeClaim:

1
roles/backup/vars/main.yml
View File

@@ -5,4 +5,3 @@ _postgres_image_version: 13
backup_complete: false backup_complete: false
database_type: "unmanaged" database_type: "unmanaged"
supported_pg_version: 13 supported_pg_version: 13
image_pull_policy: IfNotPresent

1
roles/common/templates/labels/common.yaml.j2
View File

@@ -1,4 +1,5 @@
# https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/ # https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}' app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'

142
roles/installer/defaults/main.yml
View File

@@ -36,10 +36,6 @@ ingress_annotations: ''
# certificate and key. # certificate and key.
ingress_tls_secret: '' ingress_tls_secret: ''
# Special configuration for specific Ingress Controllers. E.g.:
# ingress_controller: contour
ingress_controller: ''
loadbalancer_protocol: 'http' loadbalancer_protocol: 'http'
loadbalancer_port: '80' loadbalancer_port: '80'
service_annotations: '' service_annotations: ''
@@ -71,24 +67,11 @@ hostname: ''
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod # Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.: # to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: | # node_selector: |
# disktype: ssd
# kubernetes.io/arch: amd64 # kubernetes.io/arch: amd64
# kubernetes.io/os: linux # kubernetes.io/os: linux
node_selector: '' node_selector: ''
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
web_node_selector: ''
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
task_node_selector: ''
# Add a topologySpreadConstraints for the AWX pods. # Add a topologySpreadConstraints for the AWX pods.
# Specify as literal block. E.g.: # Specify as literal block. E.g.:
# topology_spread_constraints: | # topology_spread_constraints: |
@@ -100,27 +83,7 @@ task_node_selector: ''
# app.kubernetes.io/name: "<resourcename>" # app.kubernetes.io/name: "<resourcename>"
topology_spread_constraints: '' topology_spread_constraints: ''
# Add a topologySpreadConstraints for the task pods. affinity: {}
# Specify as literal block. E.g.:
# task_topology_spread_constraints: |
# - maxSkew: 100
# topologyKey: "topology.kubernetes.io/zone"
# whenUnsatisfiable: "ScheduleAnyway"
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: "<resourcename>"
task_topology_spread_constraints: ''
# Add a topologySpreadConstraints for the web pods.
# Specify as literal block. E.g.:
# web_topology_spread_constraints: |
# - maxSkew: 100
# topologyKey: "topology.kubernetes.io/zone"
# whenUnsatisfiable: "ScheduleAnyway"
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: "<resourcename>"
web_topology_spread_constraints: ''
# Add node tolerations for the AWX pods. Specify as literal block. E.g.: # Add node tolerations for the AWX pods. Specify as literal block. E.g.:
# tolerations: | # tolerations: |
@@ -130,76 +93,12 @@ web_topology_spread_constraints: ''
# effect: "NoSchedule" # effect: "NoSchedule"
tolerations: '' tolerations: ''
# Add node tolerations for the task pods. Specify as literal block. E.g.:
# task_tolerations: |
# - key: "dedicated"
# operator: "Equal"
# value: "AWXtask"
# effect: "NoSchedule"
task_tolerations: ''
# Add node tolerations for the web pods. Specify as literal block. E.g.:
# web_tolerations: |
# - key: "dedicated"
# operator: "Equal"
# value: "AWXweb"
# effect: "NoSchedule"
web_tolerations: ''
# Add affinities for all pods
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: app.kubernetes.io/component
# operator: In
# values:
# - awx
affinity: {}
# Add affinities for all task pods
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - awx-task
task_affinity: {}
# Add affinities for all web pods
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - awx-web
web_affinity: {}
# Add annotations to awx pods. Specify as literal block. E.g.: # Add annotations to awx pods. Specify as literal block. E.g.:
# annotations: | # annotations: |
# my.annotation/1: value # my.annotation/1: value
# my.annotation/2: value2 # my.annotation/2: value2
annotations: '' annotations: ''
# Override annotations to awx task pods. Specify as literal block. E.g.:
# task_annotations: |
# my.task-annotation/1: value
# my.task-annotation/2: value2
task_annotations: ''
# Override annotations to awx web pods. Specify as literal block. E.g.:
# web_annotations: |
# my.web-annotation/1: value
# my.web-annotation/2: value2
web_annotations: ''
admin_user: admin admin_user: admin
admin_email: test@example.com admin_email: test@example.com
@@ -274,18 +173,13 @@ _init_projects_container_image: quay.io/centos/centos:stream9
create_preload_data: true create_preload_data: true
replicas: "1" replicas: "1"
web_replicas: ''
task_replicas: ''
task_args: task_args:
- /usr/bin/launch_awx_task.sh - /usr/bin/launch_awx_task.sh
task_command: [] task_command: []
web_args: web_args:
- /usr/bin/launch_awx_web.sh - /usr/bin/launch_awx.sh
web_command: [] web_command: []
rsyslog_args:
- /usr/bin/launch_awx_rsyslog.sh
rsyslog_command: []
task_resource_requirements: task_resource_requirements:
requests: requests:
@@ -302,8 +196,6 @@ ee_resource_requirements:
cpu: 100m cpu: 100m
memory: 64Mi memory: 64Mi
# TODO: validate default resource requirements
# Customize CSRF options # Customize CSRF options
csrf_cookie_secure: False csrf_cookie_secure: False
session_cookie_secure: False session_cookie_secure: False
@@ -315,17 +207,6 @@ redis_resource_requirements:
requests: requests:
cpu: 50m cpu: 50m
memory: 64Mi memory: 64Mi
rsyslog_resource_requirements:
requests:
cpu: 100m
memory: 128Mi
init_container_resource_requirements:
requests:
cpu: 100m
memory: 128Mi
# Add extra environment variables to the AWX task/web containers. Specify as # Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.: # literal block. E.g.:
# task_extra_env: | # task_extra_env: |
@@ -335,7 +216,6 @@ init_container_resource_requirements:
# value: bing # value: bing
task_extra_env: '' task_extra_env: ''
web_extra_env: '' web_extra_env: ''
rsyslog_extra_env: ''
ee_extra_env: '' ee_extra_env: ''
# Mount extra volumes on the AWX task/web containers. Specify as literal block. # Mount extra volumes on the AWX task/web containers. Specify as literal block.
@@ -345,7 +225,6 @@ ee_extra_env: ''
# mountPath: /some/path # mountPath: /some/path
task_extra_volume_mounts: '' task_extra_volume_mounts: ''
web_extra_volume_mounts: '' web_extra_volume_mounts: ''
rsyslog_extra_volume_mounts: ''
ee_extra_volume_mounts: '' ee_extra_volume_mounts: ''
# Add a nodeSelector for the Postgres pods. # Add a nodeSelector for the Postgres pods.
@@ -393,12 +272,6 @@ projects_existing_claim: ''
# Define postgres configuration arguments to use # Define postgres configuration arguments to use
postgres_extra_args: '' postgres_extra_args: ''
# Configure postgres connection keepalive
postgres_keepalives: true
postgres_keepalives_idle: 5
postgres_keepalives_interval: 5
postgres_keepalives_count: 5
# Define the storage_class, size and access_mode # Define the storage_class, size and access_mode
# when not using an existing claim # when not using an existing claim
projects_storage_size: 8Gi projects_storage_size: 8Gi
@@ -440,12 +313,3 @@ set_self_labels: true
# Disable web container's nginx ipv6 listener # Disable web container's nginx ipv6 listener
ipv6_disabled: false ipv6_disabled: false
# Set hostAliases on deployments
# hostAliases:
# - ip: 10.10.0.10
# hostnames:
# - hostname
host_aliases: ''
receptor_log_level: info

16
roles/installer/tasks/initialize_django.yml
View File

@@ -2,7 +2,7 @@
- name: Check if there are any super users defined. - name: Check if there are any super users defined.
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "echo 'from django.contrib.auth.models import User; bash -c "echo 'from django.contrib.auth.models import User;
@@ -16,7 +16,7 @@
- name: Create super user via Django if it doesn't exist. - name: Create super user via Django if it doesn't exist.
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput
register: result register: result
@@ -28,7 +28,7 @@
- name: Update Django super user password - name: Update Django super user password
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}' command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}'
register: result register: result
@@ -39,7 +39,7 @@
- name: Check if legacy queue is present - name: Check if legacy queue is present
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'" bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'"
@@ -50,7 +50,7 @@
- name: Unregister legacy queue - name: Unregister legacy queue
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage unregister_queue --queuename=tower" bash -c "awx-manage unregister_queue --queuename=tower"
@@ -74,7 +74,7 @@
- name: Register default execution environments (without authentication) - name: Register default execution environments (without authentication)
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage register_default_execution_environments" bash -c "awx-manage register_default_execution_environments"
@@ -95,7 +95,7 @@
- name: Register default execution environments (with authentication) - name: Register default execution environments (with authentication)
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage register_default_execution_environments bash -c "awx-manage register_default_execution_environments
@@ -111,7 +111,7 @@
- name: Create preload data if necessary. # noqa 305 - name: Create preload data if necessary. # noqa 305
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage create_preload_data" bash -c "awx-manage create_preload_data"

12
roles/installer/tasks/install.yml
View File

@@ -1,12 +1,4 @@
--- ---
- name: Delete old deployment for before installing during upgrade
k8s:
kind: Deployment
api_version: v1
namespace: "{{ ansible_operator_meta.namespace }}"
name: "{{ ansible_operator_meta.name }}"
state: absent
- name: Patching labels to AWX kind - name: Patching labels to AWX kind
k8s: k8s:
state: present state: present
@@ -83,7 +75,7 @@
- name: Check for pending migrations - name: Check for pending migrations
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l" bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l"
@@ -93,7 +85,7 @@
- name: Migrate the database if the K8s resources were updated. # noqa 305 - name: Migrate the database if the K8s resources were updated. # noqa 305
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage migrate --noinput" bash -c "awx-manage migrate --noinput"

35
roles/installer/tasks/main.yml
View File

@@ -1,36 +1,13 @@
--- ---
- name: Check for presence of old awx Deployment - name: Check for presence of Deployment
k8s_info: k8s_info:
api_version: apps/v1 api_version: v1
kind: Deployment kind: Deployment
name: "{{ ansible_operator_meta.name }}" name: "{{ ansible_operator_meta.name }}"
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
register: awx_deployment register: tower_deployment
- name: Check for presence of awx-task Deployment # Just execute deployment steps when auto_upgrade is true or when no deployment exists
k8s_info: - name: Start installation
api_version: v1
kind: Deployment
name: "{{ ansible_operator_meta.name }}-task"
namespace: "{{ ansible_operator_meta.namespace }}"
register: awx_task_deployment
- name: Check for presence of awx-web Deployment
k8s_info:
api_version: v1
kind: Deployment
name: "{{ ansible_operator_meta.name }}-web"
namespace: "{{ ansible_operator_meta.namespace }}"
register: awx_web_deployment
- name: Start installation if auto_upgrade is true
include_tasks: install.yml include_tasks: install.yml
when: when: (tower_deployment['resources'] | length > 0 and auto_upgrade | bool ) or (tower_deployment['resources'] | length == 0)
- auto_upgrade | bool
- name: Start installation if auto_upgrade is false and deployment is missing
include_tasks: install.yml
when:
- not (auto_upgrade | bool)
- not (awx_deployment['resources'] | length > 0)
- not (awx_web_deployment['resources'] | length > 0 and awx_task_deployment['resources'] | length > 0)

28
roles/installer/tasks/resources_configuration.yml
View File

@@ -1,28 +1,29 @@
--- ---
- name: Get the current resource task pod information.
- name: Get the current resource pod information.
k8s_info: k8s_info:
api_version: v1 api_version: v1
kind: Pod kind: Pod
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
label_selectors: label_selectors:
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}-task" - "app.kubernetes.io/name={{ ansible_operator_meta.name }}"
- "app.kubernetes.io/managed-by={{ deployment_type }}-operator" - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
- "app.kubernetes.io/component={{ deployment_type }}" - "app.kubernetes.io/component={{ deployment_type }}"
field_selectors: field_selectors:
- status.phase=Running - status.phase=Running
register: awx_task_pod register: tower_pod
- name: Set the resource pod as a variable. - name: Set the resource pod as a variable.
set_fact: set_fact:
awx_task_pod: >- tower_pod: >-
{{ awx_task_pod['resources'] {{ tower_pod['resources']
| rejectattr('metadata.deletionTimestamp', 'defined') | rejectattr('metadata.deletionTimestamp', 'defined')
| sort(attribute='metadata.creationTimestamp') | sort(attribute='metadata.creationTimestamp')
| first | default({}) }} | first | default({}) }}
- name: Set the resource pod name as a variable. - name: Set the resource pod name as a variable.
set_fact: set_fact:
awx_task_pod_name: "{{ awx_task_pod['metadata']['name'] | default('') }}" tower_pod_name: "{{ tower_pod['metadata']['name'] | default('') }}"
- name: Set user provided control plane ee image - name: Set user provided control plane ee image
set_fact: set_fact:
@@ -248,12 +249,9 @@
- name: Apply deployment resources - name: Apply deployment resources
k8s: k8s:
apply: yes apply: yes
definition: "{{ lookup('template', 'deployments/{{ item }}.yaml.j2') }}" definition: "{{ lookup('template', 'deployments/deployment.yaml.j2') }}"
wait: yes wait: yes
wait_timeout: "{{ (120 * replicas) or 120 }}" wait_timeout: "{{ 120 * replicas or 120 }}"
loop:
- task
- web
register: this_deployment_result register: this_deployment_result
- block: - block:
@@ -262,7 +260,7 @@
kind: Pod kind: Pod
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
label_selectors: label_selectors:
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}-task" - "app.kubernetes.io/name={{ ansible_operator_meta.name }}"
- "app.kubernetes.io/managed-by={{ deployment_type }}-operator" - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
- "app.kubernetes.io/component={{ deployment_type }}" - "app.kubernetes.io/component={{ deployment_type }}"
field_selectors: field_selectors:
@@ -271,7 +269,7 @@
- name: Update new resource pod as a variable. - name: Update new resource pod as a variable.
set_fact: set_fact:
awx_task_pod: >- tower_pod: >-
{{ _new_pod['resources'] {{ _new_pod['resources']
| rejectattr('metadata.deletionTimestamp', 'defined') | rejectattr('metadata.deletionTimestamp', 'defined')
| sort(attribute='metadata.creationTimestamp') | sort(attribute='metadata.creationTimestamp')
@@ -279,11 +277,11 @@
- name: Update new resource pod name as a variable. - name: Update new resource pod name as a variable.
set_fact: set_fact:
awx_task_pod_name: '{{ awx_task_pod["metadata"]["name"] | default("")}}' tower_pod_name: '{{ tower_pod["metadata"]["name"] | default("")}}'
when: when:
- this_deployment_result.changed - this_deployment_result.changed
- name: Verify the resource pod name is populated. - name: Verify the resource pod name is populated.
assert: assert:
that: awx_task_pod_name != '' that: tower_pod_name != ''
fail_msg: "Could not find the tower pod's name." fail_msg: "Could not find the tower pod's name."

9
roles/installer/tasks/scale_down_deployment.yml
View File

@@ -2,7 +2,7 @@
- name: Check for presence of Deployment - name: Check for presence of Deployment
k8s_info: k8s_info:
api_version: apps/v1 api_version: v1
kind: Deployment kind: Deployment
name: "{{ ansible_operator_meta.name }}" name: "{{ ansible_operator_meta.name }}"
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
@@ -10,13 +10,10 @@
- name: Scale down Deployment for migration - name: Scale down Deployment for migration
kubernetes.core.k8s_scale: kubernetes.core.k8s_scale:
api_version: apps/v1 api_version: v1
kind: Deployment kind: Deployment
name: "{{ item }}" name: "{{ ansible_operator_meta.name }}"
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
replicas: 0 replicas: 0
wait: yes wait: yes
loop:
- "{{ ansible_operator_meta.name }}-task"
- "{{ ansible_operator_meta.name }}-web"
when: this_deployment['resources'] | length when: this_deployment['resources'] | length

2
roles/installer/tasks/update_status.yml
View File

@@ -47,7 +47,7 @@
- name: Retrieve instance version - name: Retrieve instance version
k8s_exec: k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}" pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task" container: "{{ ansible_operator_meta.name }}-task"
command: >- command: >-
bash -c "awx-manage --version" bash -c "awx-manage --version"

13
roles/installer/templates/configmaps/config.yaml.j2
View File

@@ -84,9 +84,6 @@ data:
BROADCAST_WEBSOCKET_PROTOCOL = 'http' BROADCAST_WEBSOCKET_PROTOCOL = 'http'
RECEPTOR_LOG_LEVEL = '{{ receptor_log_level }}'
{% for item in extra_settings | default([]) %} {% for item in extra_settings | default([]) %}
{{ item.setting }} = {{ item.value }} {{ item.setting }} = {{ item.value }}
{% endfor %} {% endfor %}
@@ -103,7 +100,6 @@ data:
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
server_tokens off; server_tokens off;
client_max_body_size 5M;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
@@ -138,7 +134,7 @@ data:
server_name _; server_name _;
# Redirect all HTTP links to the matching HTTPS page # Redirect all HTTP links to the matching HTTPS page
return 301 https://$host:8053$request_uri; return 301 https://$host$request_uri;
} }
{% endif %} {% endif %}
@@ -239,7 +235,7 @@ data:
bind 127.0.0.1 bind 127.0.0.1
receptor_conf: | receptor_conf: |
--- ---
- log-level: {{ receptor_log_level }} - log-level: debug
- local-only: null - local-only: null
- node: - node:
firewallrules: firewallrules:
@@ -271,8 +267,7 @@ data:
cert: /etc/receptor/tls/receptor.crt cert: /etc/receptor/tls/receptor.crt
key: /etc/receptor/tls/receptor.key key: /etc/receptor/tls/receptor.key
name: tlsclient name: tlsclient
rootcas: /etc/receptor/tls/ca/mesh-CA.crt rootcas: /etc/receptor/tls/ca/receptor-ca.crt
mintls13: false
- work-signing: - work-signing:
privatekey: /etc/receptor/work_private_key.pem privatekey: /etc/receptor/signing/work-private-key.pem
tokenexpiration: 1m tokenexpiration: 1m

245
roles/installer/templates/deployments/task.yaml.j2 → roles/installer/templates/deployments/deployment.yaml.j2
View File

@@ -1,27 +1,23 @@
# AWX Deployment.
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: '{{ ansible_operator_meta.name }}-task' name: '{{ ansible_operator_meta.name }}'
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
labels: labels:
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }} {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
spec: spec:
{% if task_replicas %}
replicas: {{ task_replicas }}
{% elif replicas %}
replicas: {{ replicas }} replicas: {{ replicas }}
{% endif %}
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-task' app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
template: template:
metadata: metadata:
labels: labels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-task'
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }} {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }} {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
annotations: annotations:
@@ -43,9 +39,7 @@ spec:
] %} ] %}
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}" checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
{% endfor %} {% endfor %}
{% if task_annotations %} {% if annotations %}
{{ task_annotations | indent(width=8) }}
{% elif annotations %}
{{ annotations | indent(width=8) }} {{ annotations | indent(width=8) }}
{% endif %} {% endif %}
spec: spec:
@@ -59,16 +53,6 @@ spec:
- name: {{ secret }} - name: {{ secret }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if host_aliases is defined and host_aliases | length > 0 %}
hostAliases:
{% for item in host_aliases %}
- ip: {{ item.ip }}
hostnames:
{% for hostname in item.hostnames %}
- {{ hostname }}
{% endfor %}
{% endfor %}
{% endif %}
{% if control_plane_priority_class is defined %} {% if control_plane_priority_class is defined %}
priorityClassName: '{{ control_plane_priority_class }}' priorityClassName: '{{ control_plane_priority_class }}'
{% endif %} {% endif %}
@@ -76,14 +60,14 @@ spec:
- name: init - name: init
image: '{{ _init_container_image }}' image: '{{ _init_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }} resources: {{ task_resource_requirements }}
command: command:
- /bin/sh - /bin/sh
- -c - -c
- | - |
hostname=$MY_POD_NAME hostname=$MY_POD_NAME
receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key receptor --cert-makereq bits=2048 commonname=$hostname dnsname=$hostname nodeid=$hostname outreq=/etc/receptor/tls/receptor.req outkey=/etc/receptor/tls/receptor.key
receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/mesh-CA.crt cakey=/etc/receptor/tls/ca/mesh-CA.key outcert=/etc/receptor/tls/receptor.crt verify=yes receptor --cert-signreq req=/etc/receptor/tls/receptor.req cacert=/etc/receptor/tls/ca/receptor-ca.crt cakey=/etc/receptor/tls/ca/receptor-ca.key outcert=/etc/receptor/tls/receptor.crt verify=yes
{% if bundle_ca_crt %} {% if bundle_ca_crt %}
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2} mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
update-ca-trust update-ca-trust
@@ -98,11 +82,11 @@ spec:
fieldPath: metadata.name fieldPath: metadata.name
volumeMounts: volumeMounts:
- name: "{{ ansible_operator_meta.name }}-receptor-ca" - name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt" mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt" subPath: "tls.crt"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca" - name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.key" mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key" subPath: "tls.key"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-tls" - name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -122,7 +106,6 @@ spec:
- name: init-projects - name: init-projects
image: '{{ _init_projects_container_image }}' image: '{{ _init_projects_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
command: command:
- /bin/sh - /bin/sh
- -c - -c
@@ -175,6 +158,108 @@ spec:
/var/lib/pre-stop/scripts/termination-waiter /var/lib/pre-stop/scripts/termination-waiter
{% endif %} {% endif %}
resources: {{ redis_resource_requirements }} resources: {{ redis_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-web'
{% if web_command %}
command: {{ web_command }}
{% endif %}
{% if web_args %}
args: {{ web_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
ports:
- containerPort: 8052
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- containerPort: 8053
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/execution_environments.py"
subPath: execution_environments.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py
readOnly: true
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ ansible_operator_meta.name }}-nginx-certs"
mountPath: "/etc/nginx/pki"
readOnly: true
{% endif %}
{% if ldap_cacert_ca_crt %}
- name: "{{ ansible_operator_meta.name }}-ldap-cacert"
mountPath: /etc/openldap/certs/ldap-ca.crt
subPath: ldap-ca.crt
readOnly: true
{% endif %}
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: /etc/tower/settings.py
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: supervisor-socket
mountPath: "/var/run/supervisor"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
- name: rsyslog-dir
mountPath: "/var/lib/awx/rsyslog"
- name: "{{ ansible_operator_meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/signing/work-public-key.pem"
subPath: "work-public-key.pem"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if web_extra_volume_mounts -%}
{{ web_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: UWSGI_MOUNT_PATH
value: "{{ ingress_path }}"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if web_extra_env -%}
{{ web_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ web_resource_requirements }}
- image: '{{ _image }}' - image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-task' name: '{{ ansible_operator_meta.name }}-task'
imagePullPolicy: '{{ image_pull_policy }}' imagePullPolicy: '{{ image_pull_policy }}'
@@ -219,12 +304,16 @@ spec:
readOnly: true readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket - name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis" mountPath: "/var/run/redis"
- name: supervisor-socket
mountPath: "/var/run/supervisor"
- name: rsyslog-socket - name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog" mountPath: "/var/run/awx-rsyslog"
- name: rsyslog-dir
mountPath: "/var/lib/awx/rsyslog"
- name: "{{ ansible_operator_meta.name }}-receptor-config" - name: "{{ ansible_operator_meta.name }}-receptor-config"
mountPath: "/etc/receptor/" mountPath: "/etc/receptor/"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing" - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/work_private_key.pem" mountPath: "/etc/receptor/signing/work-private-key.pem"
subPath: "work-private-key.pem" subPath: "work-private-key.pem"
readOnly: true readOnly: true
- name: receptor-socket - name: receptor-socket
@@ -251,10 +340,8 @@ spec:
- /var/lib/pre-stop/scripts/termination-master - /var/lib/pre-stop/scripts/termination-master
{% endif %} {% endif %}
env: env:
- name: AWX_COMPONENT - name: SUPERVISOR_WEB_CONFIG_PATH
value: "task" value: "/etc/supervisord.conf"
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_task.conf"
- name: AWX_SKIP_MIGRATIONS - name: AWX_SKIP_MIGRATIONS
value: "1" value: "1"
- name: MY_POD_UID - name: MY_POD_UID
@@ -305,11 +392,11 @@ spec:
- name: "{{ ansible_operator_meta.name }}-receptor-config" - name: "{{ ansible_operator_meta.name }}-receptor-config"
mountPath: "/etc/receptor/" mountPath: "/etc/receptor/"
- name: "{{ ansible_operator_meta.name }}-receptor-ca" - name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt" mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt" subPath: "tls.crt"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing" - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/work_private_key.pem" mountPath: "/etc/receptor/signing/work-private-key.pem"
subPath: "work-private-key.pem" subPath: "work-private-key.pem"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-tls" - name: "{{ ansible_operator_meta.name }}-receptor-tls"
@@ -343,98 +430,22 @@ spec:
{% if ee_extra_env -%} {% if ee_extra_env -%}
{{ ee_extra_env | indent(width=12, first=True) }} {{ ee_extra_env | indent(width=12, first=True) }}
{% endif %} {% endif %}
- image: '{{ _image }}' {% if node_selector %}
name: '{{ ansible_operator_meta.name }}-rsyslog'
{% if rsyslog_command %}
command: {{ rsyslog_command }}
{% endif %}
{% if rsyslog_args %}
args: {{ rsyslog_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ rsyslog_resource_requirements }}
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if rsyslog_extra_volume_mounts -%}
{{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
{% if termination_grace_period_seconds is defined %}
- name: pre-stop-data
mountPath: /var/lib/pre-stop
- name: pre-stop-scripts
mountPath: /var/lib/pre-stop/scripts
lifecycle:
preStop:
exec:
command:
- bash
- /var/lib/pre-stop/scripts/termination-waiter
{% endif %}
env:
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_rsyslog.conf"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if rsyslog_extra_env -%}
{{ rsyslog_extra_env | indent(width=12, first=True) }}
{% endif %}
{% if task_node_selector %}
nodeSelector:
{{ task_node_selector | indent(width=8) }}
{% elif node_selector %}
nodeSelector: nodeSelector:
{{ node_selector | indent(width=8) }} {{ node_selector | indent(width=8) }}
{% endif %} {% endif %}
{% if task_topology_spread_constraints %} {% if topology_spread_constraints %}
topologySpreadConstraints:
{{ task_topology_spread_constraints | indent(width=8) }}
{% elif topology_spread_constraints %}
topologySpreadConstraints: topologySpreadConstraints:
{{ topology_spread_constraints | indent(width=8) }} {{ topology_spread_constraints | indent(width=8) }}
{% endif %} {% endif %}
{% if task_tolerations %} {% if affinity | length %}
tolerations:
{{ task_tolerations | indent(width=8) }}
{% elif tolerations %}
tolerations:
{{ tolerations | indent(width=8) }}
{% endif %}
{% if task_affinity %}
affinity:
{{ task_affinity | to_nice_yaml | indent(width=8) }}
{% elif affinity %}
affinity: affinity:
{{ affinity | to_nice_yaml | indent(width=8) }} {{ affinity | to_nice_yaml | indent(width=8) }}
{% endif %} {% endif %}
{% if tolerations %}
tolerations:
{{ tolerations | indent(width=8) }}
{% endif %}
{% if (projects_persistence|bool and is_k8s|bool) or (security_context_settings|length) %} {% if (projects_persistence|bool and is_k8s|bool) or (security_context_settings|length) %}
securityContext: securityContext:
{% if projects_persistence|bool and is_k8s|bool %} {% if projects_persistence|bool and is_k8s|bool %}
@@ -530,10 +541,14 @@ spec:
emptyDir: {} emptyDir: {}
- name: {{ ansible_operator_meta.name }}-redis-data - name: {{ ansible_operator_meta.name }}-redis-data
emptyDir: {} emptyDir: {}
- name: supervisor-socket
emptyDir: {}
- name: rsyslog-socket - name: rsyslog-socket
emptyDir: {} emptyDir: {}
- name: receptor-socket - name: receptor-socket
emptyDir: {} emptyDir: {}
- name: rsyslog-dir
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-receptor-config - name: {{ ansible_operator_meta.name }}-receptor-config
emptyDir: {} emptyDir: {}
- name: {{ ansible_operator_meta.name }}-default-receptor-config - name: {{ ansible_operator_meta.name }}-default-receptor-config

432
roles/installer/templates/deployments/web.yaml.j2
View File

@@ -1,432 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ ansible_operator_meta.name }}-web'
namespace: '{{ ansible_operator_meta.namespace }}'
labels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
spec:
{% if web_replicas %}
replicas: {{ web_replicas }}
{% elif replicas %}
replicas: {{ replicas }}
{% endif %}
selector:
matchLabels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
template:
metadata:
labels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
annotations:
{% for template in [
"configmaps/config",
"secrets/app_credentials",
"storage/persistent",
] %}
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
{% endfor %}
{% for secret in [
"bundle_cacert",
"route_tls",
"ldap_cacert",
"secret_key",
"receptor_ca",
"receptor_work_signing",
] %}
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
{% endfor %}
{% if web_annotations %}
{{ web_annotations | indent(width=8) }}
{% elif annotations %}
{{ annotations | indent(width=8) }}
{% endif %}
spec:
serviceAccountName: '{{ ansible_operator_meta.name }}'
{% if image_pull_secret is defined %}
imagePullSecrets:
- name: {{ image_pull_secret }}
{% elif image_pull_secrets | length > 0 %}
imagePullSecrets:
{% for secret in image_pull_secrets %}
- name: {{ secret }}
{% endfor %}
{% endif %}
{% if host_aliases is defined and host_aliases | length > 0 %}
hostAliases:
{% for item in host_aliases %}
- ip: {{ item.ip }}
hostnames:
{% for hostname in item.hostnames %}
- {{ hostname }}
{% endfor %}
{% endfor %}
{% endif %}
{% if control_plane_priority_class is defined %}
priorityClassName: '{{ control_plane_priority_class }}'
{% endif %}
initContainers:
{% if bundle_ca_crt or projects_persistence|bool or init_container_extra_commands %}
- name: init
image: '{{ _init_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
command:
- /bin/sh
- -c
- |
{% if bundle_ca_crt %}
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
update-ca-trust
{% endif %}
{% if init_container_extra_commands %}
{{ init_container_extra_commands | indent(width=14) }}
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if init_container_extra_volume_mounts -%}
{{ init_container_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
{% endif %}
{% if projects_persistence|bool and is_k8s|bool %}
- name: init-projects
image: '{{ _init_projects_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ init_container_resource_requirements }}
command:
- /bin/sh
- -c
- |
chmod 775 /var/lib/awx/projects
chgrp 1000 /var/lib/awx/projects
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
{% endif %}
containers:
- image: '{{ _redis_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
name: redis
{% if redis_capabilities is defined and redis_capabilities %}
securityContext:
capabilities:
add: {{ redis_capabilities }}
{% endif %}
args: ["redis-server", "/etc/redis.conf"]
volumeMounts:
- name: {{ ansible_operator_meta.name }}-redis-config
mountPath: "/etc/redis.conf"
subPath: redis.conf
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: "{{ ansible_operator_meta.name }}-redis-data"
mountPath: "/data"
resources: {{ redis_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-web'
imagePullPolicy: '{{ image_pull_policy }}'
{% if web_command %}
command: {{ web_command }}
{% endif %}
{% if web_args %}
args: {{ web_args }}
{% endif %}
ports:
- containerPort: 8052
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- containerPort: 8053
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/execution_environments.py"
subPath: execution_environments.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py
readOnly: true
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ ansible_operator_meta.name }}-nginx-certs"
mountPath: "/etc/nginx/pki"
readOnly: true
{% endif %}
{% if ldap_cacert_ca_crt %}
- name: "{{ ansible_operator_meta.name }}-ldap-cacert"
mountPath: /etc/openldap/certs/ldap-ca.crt
subPath: ldap-ca.crt
readOnly: true
{% endif %}
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: /etc/tower/settings.py
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
{% if projects_persistence|bool %}
- name: "{{ ansible_operator_meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
{% endif %}
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/mesh-CA.key"
subPath: "tls.key"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/work_public_key.pem"
subPath: "work-public-key.pem"
readOnly: true
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if web_extra_volume_mounts -%}
{{ web_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
env:
- name: AWX_COMPONENT
value: "web"
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_web.conf"
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: UWSGI_MOUNT_PATH
value: "{{ ingress_path }}"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if web_extra_env -%}
{{ web_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ web_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-rsyslog'
{% if rsyslog_command %}
command: {{ rsyslog_command }}
{% endif %}
{% if rsyslog_args %}
args: {{ rsyslog_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if rsyslog_extra_volume_mounts -%}
{{ rsyslog_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
env:
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_rsyslog.conf"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if rsyslog_extra_env -%}
{{ rsyslog_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ rsyslog_resource_requirements }}
{% if web_node_selector %}
nodeSelector:
{{ web_node_selector | indent(width=8) }}
{% elif node_selector %}
nodeSelector:
{{ node_selector | indent(width=8) }}
{% endif %}
{% if web_topology_spread_constraints %}
topologySpreadConstraints:
{{ web_topology_spread_constraints | indent(width=8) }}
{% elif topology_spread_constraints %}
topologySpreadConstraints:
{{ topology_spread_constraints | indent(width=8) }}
{% endif %}
{% if web_tolerations %}
tolerations:
{{ web_tolerations| indent(width=8) }}
{% elif tolerations %}
tolerations:
{{ tolerations| indent(width=8) }}
{% endif %}
{% if web_affinity %}
affinity:
{{ web_affinity | to_nice_yaml | indent(width=8) }}
{% elif affinity %}
affinity:
{{ affinity | to_nice_yaml | indent(width=8) }}
{% endif %}
volumes:
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
secret:
secretName: "{{ ansible_operator_meta.name }}-receptor-ca"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
secret:
secretName: "{{ ansible_operator_meta.name }}-receptor-work-signing"
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
emptyDir: {}
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
secret:
secretName: "{{ bundle_cacert_secret }}"
items:
- key: bundle-ca.crt
path: 'bundle-ca.crt'
{% endif %}
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ ansible_operator_meta.name }}-nginx-certs"
secret:
secretName: "{{ route_tls_secret }}"
items:
- key: tls.key
path: 'web.key'
- key: tls.crt
path: 'web.crt'
{% endif %}
{% if ldap_cacert_ca_crt %}
- name: "{{ ansible_operator_meta.name }}-ldap-cacert"
secret:
secretName: "{{ ldap_cacert_secret }}"
items:
- key: ldap-ca.crt
path: 'ldap-ca.crt'
{% endif %}
- name: "{{ ansible_operator_meta.name }}-application-credentials"
secret:
secretName: "{{ ansible_operator_meta.name }}-app-credentials"
items:
- key: credentials.py
path: 'credentials.py'
- key: ldap.py
path: 'ldap.py'
- key: execution_environments.py
path: 'execution_environments.py'
- name: "{{ secret_key_secret_name }}"
secret:
secretName: '{{ secret_key_secret_name }}'
items:
- key: secret_key
path: SECRET_KEY
- name: {{ ansible_operator_meta.name }}-settings
configMap:
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
items:
- key: settings
path: settings.py
- name: {{ ansible_operator_meta.name }}-nginx-conf
configMap:
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
items:
- key: nginx_conf
path: nginx.conf
- name: {{ ansible_operator_meta.name }}-redis-config
configMap:
name: {{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap
items:
- key: redis_conf
path: redis.conf
- name: {{ ansible_operator_meta.name }}-redis-socket
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-redis-data
emptyDir: {}
- name: rsyslog-socket
emptyDir: {}
- name: receptor-socket
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-receptor-config
configMap:
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
items:
- key: receptor_conf
path: receptor.conf
{% if projects_persistence|bool %}
- name: "{{ ansible_operator_meta.name }}-projects"
persistentVolumeClaim:
{% if projects_existing_claim %}
claimName: {{ projects_existing_claim }}
{% else %}
claimName: '{{ ansible_operator_meta.name }}-projects-claim'
{% endif %}
{% endif %}
{% if development_mode | bool %}
- name: awx-devel
hostPath:
path: /awx_devel
{% endif %}
{% if extra_volumes -%}
{{ extra_volumes | indent(width=8, first=True) }}
{% endif %}

17
roles/installer/templates/networking/ingress.yaml.j2
View File

@@ -9,16 +9,10 @@ metadata:
namespace: '{{ ansible_operator_meta.namespace }}' namespace: '{{ ansible_operator_meta.namespace }}'
labels: labels:
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }} {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
{% if ingress_annotations or ingress_controller|lower == "contour" %}
annotations:
{% if ingress_annotations %} {% if ingress_annotations %}
annotations:
{{ ingress_annotations | indent(width=4) }} {{ ingress_annotations | indent(width=4) }}
{% endif %} {% endif %}
{% if ingress_controller|lower == "contour" %}
projectcontour.io/websocket-routes: "/websocket"
kubernetes.io/ingress.class: contour
{% endif %}
{% endif %}
spec: spec:
{% if ingress_class_name %} {% if ingress_class_name %}
ingressClassName: '{{ ingress_class_name }}' ingressClassName: '{{ ingress_class_name }}'
@@ -33,15 +27,6 @@ spec:
name: '{{ ansible_operator_meta.name }}-service' name: '{{ ansible_operator_meta.name }}-service'
port: port:
number: 80 number: 80
{% if ingress_controller|lower == "contour" %}
- path: '{{ ingress_path.rstrip("/") }}/websocket'
pathType: '{{ ingress_path_type }}'
backend:
service:
name: '{{ ansible_operator_meta.name }}-service'
port:
number: 80
{% endif %}
{% if hostname %} {% if hostname %}
host: {{ hostname }} host: {{ hostname }}
{% endif %} {% endif %}

6
roles/installer/templates/networking/service.yaml.j2
View File

@@ -13,6 +13,7 @@ metadata:
{% endif %} {% endif %}
spec: spec:
ports: ports:
{% if service_type | lower == "nodeport" %} {% if service_type | lower == "nodeport" %}
- port: 80 - port: 80
protocol: TCP protocol: TCP
@@ -45,16 +46,13 @@ spec:
name: http name: http
{% endif %} {% endif %}
selector: selector:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web' app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
{% if service_type | lower == "nodeport" %} {% if service_type | lower == "nodeport" %}
type: NodePort type: NodePort
{% elif service_type | lower == "loadbalancer" %} {% elif service_type | lower == "loadbalancer" %}
type: LoadBalancer type: LoadBalancer
{% if loadbalancer_ip is defined and loadbalancer_ip|length %}
loadbalancerip: '{{ loadbalancer_ip }}'
{% endif %}
{% else %} {% else %}
type: ClusterIP type: ClusterIP
{% endif %} {% endif %}

10
roles/installer/templates/settings/credentials.py.j2
View File

@@ -8,17 +8,7 @@ DATABASES = {
'HOST': '{{ awx_postgres_host }}', 'HOST': '{{ awx_postgres_host }}',
'PORT': "{{ awx_postgres_port }}", 'PORT': "{{ awx_postgres_port }}",
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}', 'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
{% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
'sslrootcert': '{{ ca_trust_bundle }}', 'sslrootcert': '{{ ca_trust_bundle }}',
{% endif %}
{% if postgres_keepalives %}
'keepalives': 1,
'keepalives_idle': {{ postgres_keepalives_idle }},
'keepalives_interval': {{ postgres_keepalives_interval }},
'keepalives_count': {{ postgres_keepalives_count }},
{% else %}
'keepalives': 0,
{% endif %}
}, },
} }
} }

6
roles/restore/README.md
View File

@@ -101,12 +101,6 @@ backup_pvc: myoldtower-backup-claim
backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08 backup_dir: /backups/tower-openshift-backup-2021-04-02-03:25:08
``` ```
Variable to define Pull policy.You can pass other options like `Always`, `always`, `Never`, `never`, `IfNotPresent`, `ifnotpresent`.
```
image_pull_policy: 'IfNotPresent'
```
Variable to define resources limits and request for restore CR. Variable to define resources limits and request for restore CR.
``` ```

8
roles/restore/defaults/main.yml
View File

@@ -17,14 +17,6 @@ cluster_name: 'cluster.local'
# Set no_log settings on certain tasks # Set no_log settings on certain tasks
no_log: true no_log: true
# Add a nodeSelector for the Postgres pods to backup.
# Specify as literal block. E.g.:
# db_management_pod_node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
db_management_pod_node_selector: ''
# Default resource requirements # Default resource requirements
restore_resource_requirements: restore_resource_requirements:
limits: limits:

19
roles/restore/tasks/import_vars.yml
View File

@@ -2,19 +2,24 @@
- name: Import awx_object variables - name: Import awx_object variables
block: block:
- name: Get AWX object definition from pvc
k8s_exec:
namespace: "{{ backup_pvc_namespace }}"
pod: "{{ ansible_operator_meta.name }}-db-management"
command: >-
bash -c "cat '{{ backup_dir }}/awx_object'"
register: awx_object
- name: Create temp file for spec dict - name: Create temp file for spec dict
tempfile: tempfile:
state: file state: file
register: tmp_spec register: tmp_spec
- name: Get AWX object definition from pvc - name: Write spec vars to temp file
k8s_cp: copy:
namespace: "{{ backup_pvc_namespace }}" content: "{{ awx_object.stdout }}"
pod: "{{ ansible_operator_meta.name }}-db-management" dest: "{{ tmp_spec.path }}"
remote_path: "{{ backup_dir }}/awx_object" mode: '0644'
local_path: "{{ tmp_spec.path }}"
state: from_pod
- name: Include spec vars to save them as a dict - name: Include spec vars to save them as a dict
include_vars: "{{ tmp_spec.path }}" include_vars: "{{ tmp_spec.path }}"

11
roles/restore/tasks/postgres.yml
View File

@@ -48,23 +48,20 @@
- name: Check for presence of AWX Deployment - name: Check for presence of AWX Deployment
k8s_info: k8s_info:
api_version: apps/v1 api_version: v1
kind: Deployment kind: Deployment
name: "{{ ansible_operator_meta.namespace }}-task" name: "{{ deployment_name }}"
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
register: this_deployment register: this_deployment
- name: Scale down Deployment for migration - name: Scale down Deployment for migration
k8s_scale: k8s_scale:
api_version: apps/v1 api_version: v1
kind: Deployment kind: Deployment
name: "{{ item }}" name: "{{ deployment_name }}"
namespace: "{{ ansible_operator_meta.namespace }}" namespace: "{{ ansible_operator_meta.namespace }}"
replicas: 0 replicas: 0
wait: yes wait: yes
loop:
- "{{ ansible_operator_meta.name }}-task"
- "{{ ansible_operator_meta.name }}-web"
when: this_deployment['resources'] | length when: this_deployment['resources'] | length
- name: Set full resolvable host name for postgres pod - name: Set full resolvable host name for postgres pod

21
roles/restore/tasks/secrets.yml
View File

@@ -1,18 +1,25 @@
--- ---
- name: Get secret definition from pvc
k8s_exec:
namespace: "{{ backup_pvc_namespace }}"
pod: "{{ ansible_operator_meta.name }}-db-management"
command: >-
bash -c "cat '{{ backup_dir }}/secrets.yml'"
register: _secrets
no_log: "{{ no_log }}"
- name: Create Temporary secrets file - name: Create Temporary secrets file
tempfile: tempfile:
state: file state: file
suffix: .json suffix: .json
register: tmp_secrets register: tmp_secrets
- name: Get secret definition from pvc - name: Write vars to file locally
k8s_cp: copy:
namespace: "{{ backup_pvc_namespace }}" dest: "{{ tmp_secrets.path }}"
pod: "{{ ansible_operator_meta.name }}-db-management" content: "{{ _secrets.stdout }}"
remote_path: "{{ backup_dir }}/secrets.yml" mode: 0640
local_path: "{{ tmp_secrets.path }}"
state: from_pod
no_log: "{{ no_log }}" no_log: "{{ no_log }}"
- name: Include secret vars from backup - name: Include secret vars from backup

6
roles/restore/templates/management-pod.yml.j2
View File

@@ -10,7 +10,7 @@ spec:
containers: containers:
- name: {{ ansible_operator_meta.name }}-db-management - name: {{ ansible_operator_meta.name }}-db-management
image: "{{ _postgres_image }}" image: "{{ _postgres_image }}"
imagePullPolicy: "{{ image_pull_policy }}" imagePullPolicy: Always
command: ["sleep", "infinity"] command: ["sleep", "infinity"]
volumeMounts: volumeMounts:
- name: {{ ansible_operator_meta.name }}-backup - name: {{ ansible_operator_meta.name }}-backup
@@ -20,10 +20,6 @@ spec:
resources: resources:
{{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }} {{ restore_resource_requirements | to_nice_yaml(indent=2) | indent(width=6, first=False) }}
{%- endif %} {%- endif %}
{% if db_management_pod_node_selector %}
nodeSelector:
{{ db_management_pod_node_selector | indent(width=8) }}
{% endif %}
volumes: volumes:
- name: {{ ansible_operator_meta.name }}-backup - name: {{ ansible_operator_meta.name }}-backup
persistentVolumeClaim: persistentVolumeClaim:

1
roles/restore/vars/main.yml
View File

@@ -13,4 +13,3 @@ admin_password_secret: '{{ deployment_name }}-admin-password'
broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket' broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket'
postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration' postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration'
supported_pg_version: 13 supported_pg_version: 13
image_pull_policy: IfNotPresent