internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-27 05:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: internet:fix-helm-release-again
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0
..
compare: internet:checkpoint_v1
Branches Tags
internet:devel internet:TheRealHaoLiu-CI-test-10302025 internet:uwsgi_configurable_timeout internet:dependabot/github_actions/dependencies-c216064e94 internet:dependabot/pip/docs/dependencies-9f52a38f71 internet:test-python-module-fix internet:feature_receptor-collection-python-311 internet:pg-dump-restore-in-job internet:checkpoint_v1 internet:fix-helm-release-again internet:docs-for-port-quotes internet:update-gh-pages-urls internet:pr-check-capacity-fix internet:awx-ee-latest internet:shanemcd-patch-1
internet:2.19.1 internet:2.19.0 internet:2.18.0 internet:2.17.0 internet:2.16.1 internet:2.16.0 internet:2.15.0 internet:2.14.0 internet:2.13.1 internet:2.13.0 internet:2.12.2 internet:2.12.1 internet:2.12.0 internet:2.11.0 internet:2.10.0 internet:2.9.0 internet:2.8.0 internet:2.7.2 internet:2.7.1 internet:2.7.0 internet:2.6.0 internet:2.5.3 internet:2.5.2 internet:2.5.1 internet:2.5.0 internet:2.4.0 internet:2.3.0 internet:2.2.1 internet:2.2.0 internet:2.1.0 internet:2.0.1 internet:2.0.0 internet:1.4.0 internet:1.3.0 internet:1.2.0 internet:1.1.4 internet:1.1.3 internet:1.1.2 internet:1.1.1 internet:1.1.0 internet:1.0.0 internet:0.30.0 internet:0.29.0 internet:0.28.0 internet:0.27.0 internet:0.26.0 internet:0.25.0 internet:0.24.0 internet:0.23.0 internet:0.22.0 internet:0.21.0 internet:0.20.2 internet:0.20.1 internet:0.20.0 internet:0.19.0 internet:0.18.0 internet:0.17.0 internet:0.16.1 internet:0.16.0 internet:0.15.0 internet:0.14.0 internet:0.13.0 internet:0.12.0 internet:0.11.0 internet:0.10.0 internet:0.9.0 internet:0.8.0 internet:0.7.0 internet:0.6.0

3 Commits
fix-helm-r ... checkpoint

Author SHA1 Message Date
Rick Elrod
0d55f9e80d Revert "[checkpoint_v1] Pin Cython for tests, so that PyYAML can build (#1493)" (#1495) 2023-07-17 15:30:43 -05:00
Rick Elrod
ef3c95b6b3 [checkpoint_v1] Pin Cython for tests, so that PyYAML can build (#1493) 
Signed-off-by: Rick Elrod <rick@elrod.me>
 2023-07-17 12:43:57 -05:00
Rick Elrod
a5ef262f3c [ci] pin ansible-compat for molecule 
https://github.com/ansible-community/molecule/issues/3903

Signed-off-by: Rick Elrod <rick@elrod.me>
 2023-05-23 18:12:00 -05:00
35 changed files with 290 additions and 2023 deletions
Expand all files Collapse all files

2
.github/workflows/feature.yml vendored
View File

@@ -8,7 +8,7 @@ on:
jobs:
release:
runs-on: ubuntu-latest
runs-on: ubuntu-18.04
name: Push devel image
steps:
- uses: actions/checkout@v3

8
.github/workflows/promote.yaml vendored
View File

@@ -12,6 +12,11 @@ jobs:
with:
depth: 0
- uses: actions/checkout@v3
with:
ref: gh-pages
path: gh-pages
- name: Log in to GHCR
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
@@ -35,5 +40,4 @@ jobs:
-e chart_owner=${{ github.repository_owner }} \
-e tag=${{ github.event.release.tag_name }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
-e gh_user=${{ github.actor }} \
-e repo_type=https
-e gh_user=${{ github.actor }}

26
.github/workflows/publish-helm.yml vendored
View File

@@ -1,26 +0,0 @@
---
name: Re-publish helm chart
on:
workflow_dispatch:
inputs:
tag:
description: 'Release tag'
required: true
type: string
jobs:
promote:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
depth: 0
- name: Release Helm chart
run: |
ansible-playbook ansible/helm-release.yml -v \
-e operator_image=quay.io/${{ github.repository }} \
-e chart_owner=${{ github.repository_owner }} \
-e tag=${{ inputs.tag }} \
-e gh_token=${{ secrets.GITHUB_TOKEN }} \
-e gh_user=${{ github.actor }} \
-e repo_type=https

2
.helm/starter/values.yaml
View File

@@ -1,4 +1,4 @@
AWX:
AWX:
# enable use of awx-deploy template
enabled: false
name: awx

1
.yamllint
View File

@@ -7,7 +7,6 @@ ignore: |
awx-operator.clusterserviceversion.yaml
bundle
.helm/starter
hacking/
rules:
truthy: disable

15
CONTRIBUTING.md
View File

@@ -31,7 +31,7 @@ Have questions about this document or anything not covered here? Please file a n
```
2. Make your changes.
3. Test your changes according described on the Testing section.
4. If everything looks correct, commit your changes.
4. If everylooks looks correct, commit your changes.
```sh
#> git add <FILES>
#> git commit -m "My message here"
@@ -56,17 +56,14 @@ Running `molecule test` sets up a clean environment, builds the operator, runs a
If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
#### Testing in Kind
Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
* https://kind.sigs.k8s.io/docs/user/quick-start/
To run the tests, from the root of your checkout, run the following command:
#### Testing in Docker
```sh
#> molecule test -s kind
#> molecule test -s test-local
```
This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
#### Testing in Minikube
```sh
@@ -140,4 +137,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t
## Reporting Issues
We welcome your feedback, and encourage you to file an issue when you run into a problem.
We welcome your feedback, and encourage you to file an issue when you run into a problem.

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM quay.io/operator-framework/ansible-operator:v1.28.1
FROM quay.io/operator-framework/ansible-operator:v1.26.0
USER 0

13
Makefile
View File

@@ -65,7 +65,6 @@ CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
CHART_OWNER ?= $(GH_REPO_OWNER)
CHART_REPO ?= awx-operator
CHART_BRANCH ?= gh-pages
CHART_DIR ?= gh-pages
CHART_INDEX ?= index.yaml
.PHONY: all
@@ -141,7 +140,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(KUSTOMIZE)) ;\
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCHA).tar.gz | \
tar xzf - -C bin/ ;\
}
else
@@ -228,7 +227,7 @@ ifeq (,$(shell which kubectl-slice 2>/dev/null))
@{ \
set -e ;\
mkdir -p $(dir $(KUBECTL_SLICE)) ;\
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \
curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
tar xzf - -C bin/ kubectl-slice ;\
}
else
@@ -355,7 +354,7 @@ helm-package: helm-chart
@echo "== Package Current Chart Version =="
mkdir -p .cr-release-packages
# package the chart and put it in .cr-release-packages dir
$(HELM) package ./charts/awx-operator -d .cr-release-packages/$(VERSION)
$(HELM) package ./charts/awx-operator -d .cr-release-packages
# List all tags oldest to newest.
TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3)
@@ -365,7 +364,7 @@ TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/
# that is contained within a larger repo, where a tag may not require a new chart version
.PHONY: helm-index
helm-index:
# when running in CI the gh-pages branch is checked out by the ansible playbook
# when running in CI this gh-pages are already checked out with github action to 'gh-pages' directory
# TODO: test if gh-pages directory exists and if not exist
@echo "== GENERATE INDEX FILE =="
@@ -393,6 +392,6 @@ helm-index:
# generate the index file in the root of the gh-pages branch
# --merge will leave any values in index.yaml that don't get generated by this command, but
# it is likely that all values are overridden
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml
$(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge gh-pages/index.yaml
mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml
mv .cr-release-packages/index.yaml gh-pages/index.yaml

117
README.md
View File

@@ -131,7 +131,7 @@ $ alias kubectl="minikube kubectl --"
### Basic Install
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/ )
Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Follow the instructions here to install the latest version of Kustomize: https://kubectl.docs.kubernetes.io/installation/kustomize/
First, create a file called `kustomization.yaml` with the following content:
@@ -156,7 +156,7 @@ namespace: awx
Install the manifests by running this:
```
$ kubectl apply -k .
$ kustomize build . | kubectl apply -f -
namespace/awx created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
@@ -229,10 +229,10 @@ resources:
...
```
Finally, apply the changes to create the AWX instance in your cluster:
Finally, run `kustomize` again to create the AWX instance in your cluster:
```
kubectl apply -k .
kustomize build . | kubectl apply -f -
```
After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
@@ -477,23 +477,6 @@ spec:
environment: testing
```
##### Specialized Ingress Controller configuration
Some Ingress Controllers need a special configuration to fully support AWX, add the following value with the `ingress_controller` variable, if you are using one of these:
| Ingress Controller name | value |
| ------------------------------------- | ------- |
| [Contour](https://projectcontour.io/) | contour |
```yaml
---
spec:
...
ingress_type: ingress
hostname: awx-demo.example.com
ingress_controller: contour
```
* Route
The following variables are customizable when `ingress_type=route`
@@ -676,25 +659,6 @@ $ oc adm policy add-scc-to-user privileged -z awx
Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
#### Containers HostAliases Requirements
Sometimes you might need to use [HostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) in web/task containers.
| Name | Description | Default |
| ------------ | --------------------- | ------- |
| host_aliases | A list of HostAliases | None |
Example of customization could be:
```yaml
---
spec:
...
host_aliases:
- ip: <name-of-your-ip>
hostnames:
- <name-of-your-domain>
```
#### Containers Resource Requirements
@@ -752,14 +716,7 @@ spec:
control_plane_priority_class: awx-demo-high-priority
postgres_priority_class: awx-demo-medium-priority
```
#### Scaling the Web and Task Pods independently
You can scale replicas up or down for each deployment by using the `web_replicas` or `task_replicas` respectively. You can scale all pods across both deployments by using `replicas` as well. The logic behind these CRD keys acts as such:
- If you specify the `replicas` field, the key passed will scale both the `web` and `task` replicas to the same number.
- If `web_replicas` or `task_replicas` is ever passed, it will override the existing `replicas` field on the specific deployment with the new key value.
These new replicas can be constrained in a similar manner to previous single deployments by appending the particular deployment name in front of the constraint used. More about those new constraints can be found below in the [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes) section.
#### Assigning AWX pods to specific nodes
You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
@@ -768,28 +725,18 @@ pods to be scheduled onto nodes with matching taints.
The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints`
If you want to use affinity rules for your AWX pod you can use the `affinity` option.
If you want to constrain the web and task pods individually, you can do so by specificying the deployment type before the specific setting. For
example, specifying `task_tolerations` will allow the AWX task pod to be scheduled onto nodes with matching taints.
| Name | Description | Default |
| -------------------------------- | ---------------------------------------- | ------- |
| postgres_image | Path of the image to pull | postgres |
| postgres_image_version | Image version to pull | 13 |
| node_selector | AWX pods' nodeSelector | '' |
| web_node_selector | AWX web pods' nodeSelector | '' |
| task_node_selector | AWX task pods' nodeSelector | '' |
| topology_spread_constraints | AWX pods' topologySpreadConstraints | '' |
| web_topology_spread_constraints | AWX web pods' topologySpreadConstraints | '' |
| task_topology_spread_constraints | AWX task pods' topologySpreadConstraints | '' |
| affinity | AWX pods' affinity rules | '' |
| web_affinity | AWX web pods' affinity rules | '' |
| task_affinity | AWX task pods' affinity rules | '' |
| tolerations | AWX pods' tolerations | '' |
| web_tolerations | AWX web pods' tolerations | '' |
| task_tolerations | AWX task pods' tolerations | '' |
| annotations | AWX pods' annotations | '' |
| postgres_selector | Postgres pods' nodeSelector | '' |
| postgres_tolerations | Postgres pods' tolerations | '' |
| Name | Description | Default |
| --------------------------- | ----------------------------------- | ------- |
| postgres_image | Path of the image to pull | postgres |
| postgres_image_version | Image version to pull | 13 |
| node_selector | AWX pods' nodeSelector | '' |
| topology_spread_constraints | AWX pods' topologySpreadConstraints | '' |
| affinity | AWX pods' affinity rules | '' |
| tolerations | AWX pods' tolerations | '' |
| annotations | AWX pods' annotations | '' |
| postgres_selector | Postgres pods' nodeSelector | '' |
| postgres_tolerations | Postgres pods' tolerations | '' |
Example of customization could be:
@@ -813,11 +760,6 @@ spec:
operator: "Equal"
value: "AWX"
effect: "NoSchedule"
task_tolerations: |
- key: "dedicated"
operator: "Equal"
value: "AWX_task"
effect: "NoSchedule"
postgres_selector: |
disktype: ssd
kubernetes.io/arch: amd64
@@ -930,7 +872,7 @@ A sample of extra settings can be found as below. All possible options can be fo
value: 'LDAPSearch("OU=Groups,DC=abc,DC=com",ldap.SCOPE_SUBTREE,"(objectClass=group)",)'
- setting: AUTH_LDAP_GROUP_TYPE
value: 'GroupOfNamesType()'
value: 'GroupOfNamesType'
- setting: AUTH_LDAP_USER_ATTR_MAP
value: '{"first_name": "givenName","last_name": "sn","email": "mail"}'
@@ -1083,33 +1025,6 @@ Using the [extra_volumes feature](#custom-volume-and-volume-mount-options), it i
The AWX nginx config automatically includes /etc/nginx/conf.d/*.conf if present.
##### Custom Favicon
You can use custom volume mounts to mount in your own favicon to be displayed in your AWX browser tab.
First, Create the configmap from a local favicon.ico file.
```bash
$ oc create configmap favicon-configmap --from-file favicon.ico
```
Then specify the extra_volume and web_extra_volume_mounts on your AWX CR spec
```yaml
spec:
extra_volumes: |
- name: favicon
configMap:
defaultMode: 420
items:
- key: favicon.ico
path: favicon.ico
name: favicon-configmap
web_extra_volume_mounts: |
- name: favicon
mountPath: /var/lib/awx/public/static/media/favicon.ico
subPath: favicon.ico
```
#### Default execution environments from private registries

61
ansible/helm-release.yml
View File

@@ -2,8 +2,6 @@
- hosts: localhost
vars:
chart_repo: awx-operator
environment:
CHART_OWNER: "{{ chart_owner }}"
tasks:
- name: Look up release
uri:
@@ -45,7 +43,7 @@
- name: Upload helm chart
uri:
url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}"
src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz"
src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
headers:
Authorization: "token {{ gh_token }}"
Content-Type: "application/octet-stream"
@@ -68,55 +66,26 @@
- when: commits_for_release.stdout == ''
block:
- name: Make a temp dir
tempfile:
state: directory
register: temp_dir
- name: Clone the gh-pages branch from {{ chart_owner }}
git:
repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}"
dest: "{{ temp_dir.path }}"
single_branch: yes
version: gh-pages
vars:
http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}"
ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git"
- name: Configure git config
shell: |
git config user.name {{ gh_user }}
git config user.email {{ gh_user }}@users.noreply.github.com
args:
chdir: "{{ playbook_dir }}/../gh-pages"
- name: Publish helm index
ansible.builtin.command:
cmd: make helm-index
command: |
make helm-index
environment:
CHART_OWNER: "{{ chart_owner }}"
CR_TOKEN: "{{ gh_token }}"
CHART_DIR: "{{ temp_dir.path }}"
args:
chdir: "{{ playbook_dir }}/.."
- name: Set url base swap in gitconfig
command:
cmd: "git config --global url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/"
args:
chdir: "{{ temp_dir.path }}/"
no_log: true
chdir: "{{ playbook_dir }}/../"
- name: Stage and Push commit to gh-pages branch
command:
cmd: "{{ item }}"
loop:
- git add index.yaml
- git commit -m "{{ commit_message }}"
- git push
shell: |
git add index.yaml
git commit -m "{{ commit_message }}"
git push
args:
chdir: "{{ temp_dir.path }}/"
environment:
GIT_AUTHOR_NAME: "{{ gh_user }}"
GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com"
GIT_COMMITTER_NAME: "{{ gh_user }}"
GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com"
always:
- name: Remove temp dir
file:
path: "{{ temp_dir.path }}"
state: absent
chdir: "{{ playbook_dir }}/../gh-pages"

846
config/crd/bases/awx.ansible.com_awxs.yaml
View File

@@ -121,9 +121,6 @@ spec:
ingress_class_name:
description: The name of ingress class to use instead of the cluster default.
type: string
ingress_controller:
description: Special configuration for specific Ingress Controllers
type: string
loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
@@ -163,46 +160,9 @@ spec:
node_selector:
description: nodeSelector for the pods
type: string
web_node_selector:
description: nodeSelector for the web pods
type: string
task_node_selector:
description: nodeSelector for the task pods
type: string
topology_spread_constraints:
description: topology rule(s) for the pods
type: string
task_topology_spread_constraints:
description: topology rule(s) for the task pods
type: string
web_topology_spread_constraints:
description: topology rule(s) for the web pods
type: string
termination_grace_period_seconds:
description: Optional duration in seconds pods needs to terminate gracefully
type: integer
format: int32
service_labels:
description: Additional labels to apply to the service
type: string
annotations:
description: Common annotations for both Web and Task deployments.
type: string
task_annotations:
description: Task deployment annotations. This will override the general annotations parameter for the Task deployment.
type: string
web_annotations:
description: Web deployment annotations. This will override the general annotations parameter for the Web deployment.
type: string
tolerations:
description: node tolerations for the pods
type: string
task_tolerations:
description: node tolerations for the task pods
type: string
web_tolerations:
description: node tolerations for the web pods
type: string
affinity:
description: If specified, the pod's scheduling constraints
properties:
@@ -569,738 +529,19 @@ spec:
type: array
type: object
type: object
web_affinity:
description: If specified, the pod's scheduling constraints
properties:
nodeAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
preference:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
properties:
nodeSelectorTerms:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
task_affinity:
description: If specified, the pod's scheduling constraints
properties:
nodeAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
preference:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
properties:
nodeSelectorTerms:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
x-kubernetes-map-type: atomic
type: array
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
termination_grace_period_seconds:
description: Optional duration in seconds pods needs to terminate gracefully
type: integer
format: int32
service_labels:
description: Additional labels to apply to the service
type: string
annotations:
description: annotations for the pods
type: string
tolerations:
description: node tolerations for the pods
type: string
image:
description: Registry path to the application container to use
type: string
@@ -1345,18 +586,6 @@ spec:
image_pull_secret: # deprecated
description: (Deprecated) Image pull secret for app and database containers
type: string
host_aliases:
description: HostAliases for app containers
type: array
items:
type: object
properties:
ip:
type: string
hostnames:
type: array
items:
type: string
task_resource_requirements:
description: Resource requirements for the task container
properties:
@@ -1467,28 +696,6 @@ spec:
type: string
type: object
type: object
rsyslog_resource_requirements:
description: Resource requirements for the rsyslog container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
service_account_annotations:
description: ServiceAccount annotations
type: string
@@ -1497,14 +704,6 @@ spec:
type: integer
default: 1
format: int32
web_replicas:
description: Number of web instance replicas
type: integer
format: int32
task_replicas:
description: Number of task instance replicas
type: integer
format: int32
garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
@@ -1630,25 +829,6 @@ spec:
type: array
items:
type: string
postgres_keepalives:
description: Controls whether client-side TCP keepalives are used for Postgres connections.
default: true
type: boolean
postgres_keepalives_count:
description: Controls the number of TCP keepalives that can be lost before the client's connection to the server is considered dead.
type: integer
default: 5
format: int32
postgres_keepalives_idle:
description: Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server.
type: integer
default: 5
format: int32
postgres_keepalives_interval:
description: Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.
type: integer
default: 5
format: int32
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string

10
config/default/kustomization.yaml
View File

@@ -21,10 +21,12 @@ resources:
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patches:
- path: manager_auth_proxy_patch.yaml
- manager_auth_proxy_patch.yaml
# Mount the controller config file for loading manager configurations
# through a ComponentConfig type
#- manager_config_patch.yaml

7
config/default/manager_auth_proxy_patch.yaml
View File

@@ -12,9 +12,10 @@ spec:
- name: kube-rbac-proxy
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
# TODO(user): uncomment for common cases that do not require escalating privileges
# capabilities:
# drop:
# - "ALL"
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
args:
- "--secure-listen-address=0.0.0.0:8443"

1
config/manager/manager.yaml
View File

@@ -51,6 +51,7 @@ spec:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
# TODO(user): uncomment for common cases that do not require escalating privileges
capabilities:
drop:
- "ALL"

142
config/manifests/bases/awx-operator.clusterserviceversion.yaml
View File

@@ -88,10 +88,10 @@ spec:
kind: AWXRestore
name: awxrestores.awx.ansible.com
specDescriptors:
- description: Select what type of backup to specify. Backup CR, allows you
to specify the name of an AWXBackup object (recommended approach). The
PVC option allows you to specify a custom PVC and directory to backup from.
displayName: Backup Source to restore from
- displayName: Backup Source to restore from
description: Select what type of backup to specify. Backup CR, allows you to specify
the name of an AWXBackup object (recommended approach). The PVC option allows you to
specify a custom PVC and directory to backup from.
path: backup_source
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:select:Backup CR
@@ -115,9 +115,8 @@ spec:
path: backup_pvc_namespace
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- description: This is the directory inside the PVC that your backup is stored
in.
displayName: Backup Directory
- displayName: Backup Directory
description: This is the directory inside the PVC that your backup is stored in.
path: backup_dir
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
@@ -152,8 +151,7 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:text
version: v1beta1
- description: Deploy a new instance of AWX. A standardized way to define, operate
and scale automation with Ansible.
- description: Deploy a new instance of AWX. A standardized way to define, operate and scale automation with Ansible.
displayName: AWX
kind: AWX
name: awxs.awx.ansible.com
@@ -188,9 +186,8 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- description: Name of the k8s secret the symmetric encryption key is stored
in.
displayName: Secret Key
- displayName: Secret Key
description: Name of the k8s secret the symmetric encryption key is stored in.
path: secret_key_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
@@ -229,7 +226,7 @@ spec:
path: ingress_api_version
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Ingress Path
path: ingress_path
x-descriptors:
@@ -254,12 +251,6 @@ spec:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:io.kubernetes:Secret
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: Ingress Controller
path: ingress_controller
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
- displayName: LoadBalancer Annotations
path: service_annotations
x-descriptors:
@@ -323,11 +314,6 @@ spec:
path: image_pull_secret
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: HostAliases for app containers
path: host_aliases
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:text
- displayName: Web Container Resource Requirements
path: web_resource_requirements
x-descriptors:
@@ -343,9 +329,9 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL init container is not used when an external DB
- displayName: PostgreSQL Init Container Resource Requirements
description: The PostgreSQL init container is not used when an external DB
is configured
displayName: PostgreSQL Init Container Resource Requirements
path: postgres_init_container_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
@@ -355,37 +341,25 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Rsyslog Container Resource Requirements
path: rsyslog_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL container is not used when an external DB is configured
displayName: PostgreSQL Container Resource Requirements
- displayName: PostgreSQL Container Resource Requirements
description: The PostgreSQL container is not used when an external DB
is configured
path: postgres_resource_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: The PostgreSQL container is not used when an external DB is configured
displayName: PostgreSQL Container Storage Requirements
- displayName: PostgreSQL Container Storage Requirements
description: The PostgreSQL container is not used when an external DB
is configured
path: postgres_storage_requirements
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- displayName: Replicas
path: replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Web Replicas
path: web_replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Task Replicas
path: task_replicas
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:number
- displayName: Remove used secrets on instance removal?
path: garbage_collect_secrets
x-descriptors:
@@ -481,8 +455,8 @@ spec:
- displayName: Postgres Storage Class
path: postgres_storage_class
x-descriptors:
- urn:alm:descriptor:io.kubernetes:StorageClass
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Datapath
path: postgres_data_path
x-descriptors:
@@ -493,26 +467,6 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Enable Postgres Keepalives
path: postgres_keepalives
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Keepalives Count
path: postgres_keepalives_count
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Keepalives Idle
path: postgres_keepalives_idle
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Postgres Keepalives Interval
path: postgres_keepalives_interval
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Certificate Authorirty Trust Bundle
path: ca_trust_bundle
x-descriptors:
@@ -654,46 +608,16 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Node Selector
path: web_node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Node Selector
path: task_node_selector
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Topology Spread Constraints
path: topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Topology Spread Constraints
path: web_topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Topology Spread Constraints
path: task_topology_spread_constraints
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Affinity
path: affinity
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Affinity
path: web_affinity
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Affinity
path: task_affinity
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Control Plane Priority Class
path: control_plane_priority_class
x-descriptors:
@@ -720,31 +644,11 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Annotations
path: task_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Annotations
path: web_annotations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Tolerations
path: tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Web Tolerations
path: web_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: Task Tolerations
path: task_tolerations
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:hidden
- displayName: CSRF Cookie Secure Setting
path: csrf_cookie_secure
x-descriptors:
@@ -820,8 +724,8 @@ spec:
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- urn:alm:descriptor:com.tectonic.ui:booleanSwitch
- displayName: Additional labels defined on the resource, which should be propagated
to child resources
- displayName: Additional labels defined on the resource, which should be
propagated to child resources
path: additional_labels
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
@@ -906,7 +810,7 @@ spec:
- email: awx-project@googlegroups.com
name: AWX Team
maturity: alpha
minKubeVersion: 1.22.15
MinKubeVersion: 1.22.15
provider:
name: Ansible
url: github.com/ansible/awx-operator

8
config/testing/kustomization.yaml
View File

@@ -7,6 +7,10 @@ namePrefix: osdk-
#commonLabels:
# someName: someValue
patchesStrategicMerge:
- manager_image.yaml
- debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
@@ -17,7 +21,3 @@ resources:
images:
- name: testing
newName: testing-operator
patches:
- path: manager_image.yaml
- path: debug_logs_patch.yaml
- path: ../default/manager_auth_proxy_patch.yaml

29
docs/doc-proposal.md
View File

@@ -1,29 +0,0 @@
# Docs Breakdown for AWX Operator
## Introduction
This table below is aimed at breaking down the ReadME documentation for Ansible AWX Operator and structure it in the way it can be moved to the Read The Docs module.
From the ReadMe file, the documentation can be classified into six distinct segments which are:
- Introduction/Getting Started
- Installation
- User Guide
- Upgrade
- Uninstall
- Contributors Guide
Using these listed segments, we can do a proper breakdown of all the topics in the ReadMe and place each one in the segment they fall into. This table is open to any form of refactoring or modifications.
| Segments | Topics |
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Introduction | - [Purpose](https://github.com/ansible/awx-operator#purpose) |
| Installation | - [Creating a minikube cluster for testing](https://github.com/ansible/awx-operator#creating-a-minikube-cluster-for-testing)<br>- [Basic Install](https://github.com/ansible/awx-operator#basic-install)<br>- [Helm Install on existing cluster](https://github.com/ansible/awx-operator#helm-install-on-existing-cluster) |
| User Guide | - [Admin user account configuration](https://github.com/ansible/awx-operator#admin-user-account-configuration)<br>- [Network and TLS Configuration](https://github.com/ansible/awx-operator#network-and-tls-configuration)<br> * [Service Type](https://github.com/ansible/awx-operator#service-type)<br> * [Ingress Type](https://github.com/ansible/awx-operator#ingress-type)<br>- [Database Configuration](https://github.com/ansible/awx-operator#database-configuration)<br> * [External PostgreSQL Service](https://github.com/ansible/awx-operator#external-postgresql-service)<br> * [Migrating data from an old AWX instance](https://github.com/ansible/awx-operator#migrating-data-from-an-old-awx-instance)<br> * [Managed PostgreSQL Service](https://github.com/ansible/awx-operator#managed-postgresql-service)<br>- [Advanced Configuration](https://github.com/ansible/awx-operator#advanced-configuration)<br> * [Deploying a specific version of AWX](https://github.com/ansible/awx-operator#deploying-a-specific-version-of-awx)<br> * [Redis container capabilities](https://github.com/ansible/awx-operator#redis-container-capabilities)<br> * [Privileged Tasks](https://github.com/ansible/awx-operator#privileged-tasks)<br> * [Containers Resource Requirements](https://github.com/ansible/awx-operator#containers-resource-requirements)<br> * [Priority Classes](https://github.com/ansible/awx-operator#priority-classes)<br> * [Assigning AWX pods to specific nodes](https://github.com/ansible/awx-operator#assigning-awx-pods-to-specific-nodes)<br> * [Trusting a Custom Certificate Authority](https://github.com/ansible/awx-operator#trusting-a-custom-certificate-authority)<br> * [Enabling LDAP Integration at AWX bootstrap](https://github.com/ansible/awx-operator#enabling-ldap-integration-at-awx-bootstrap)<br> * [Persisting Projects Directory](https://github.com/ansible/awx-operator#persisting-projects-directory)<br> * [Custom Volume and Volume Mount Options](https://github.com/ansible/awx-operator#custom-volume-and-volume-mount-options)<br> * [Default execution environments from private registries](https://github.com/ansible/awx-operator#default-execution-environments-from-private-registries)<br> * * [Control plane ee from private registry](https://github.com/ansible/awx-operator#control-plane-ee-from-private-registry)<br> * [Exporting Environment Variables to Containers](https://github.com/ansible/awx-operator#exporting-environment-variables-to-containers)<br> * [CSRF Cookie Secure Setting](https://github.com/ansible/awx-operator#csrf-cookie-secure-setting)<br> * [Session Cookie Secure Setting](https://github.com/ansible/awx-operator#session-cookie-secure-setting)<br> * [Extra Settings](https://github.com/ansible/awx-operator#extra-settings)<br> * [Configure no_log](https://github.com/ansible/awx-operator#no-log)<br> * [Auto Upgrade](https://github.com/ansible/awx-operator#auto-upgrade)<br> ** [Upgrade of instances without auto upgrade](https://github.com/ansible/awx-operator#upgrade-of-instances-without-auto-upgrade)<br> * [Service Account](https://github.com/ansible/awx-operator#service-account)<br> * [Labeling operator managed objects](https://github.com/ansible/awx-operator#labeling-operator-managed-objects)<br> * [Pods termination grace period](https://github.com/ansible/awx-operator#pods-termination-grace-period)<br> * [Disable IPV6](https://github.com/ansible/awx-operator#disable-ipv6)<br> * [Add Execution Nodes](https://github.com/ansible/awx-operator#adding-execution-nodes)<br> ** [Custom Receptor CA](https://github.com/ansible/awx-operator#custom-receptor-ca)<br> * [Debugging](https://github.com/ansible/awx-operator/blob/devel/docs/debugging.md)<br> * [Migration](https://github.com/ansible/awx-operator/blob/devel/docs/migration.md) |
| Upgrade | - [Upgrading](https://github.com/ansible/awx-operator#upgrading)<br> * [Backup](https://github.com/ansible/awx-operator#backup)<br> * [v0.14.0](https://github.com/ansible/awx-operator#v0140)<br> ** [Cluster-scope to Namespace-scope considerations](https://github.com/ansible/awx-operator#cluster-scope-to-namespace-scope-considerations)<br> ** [Project is now based on v1.x of the operator-sdk project](https://github.com/ansible/awx-operator#project-is-now-based-on-v1x-of-the-operator-sdk-project)<br> ** [Steps to upgrade](https://github.com/ansible/awx-operator#steps-to-upgrade) |
| Uninstall | - [Uninstall](https://github.com/ansible/awx-operator#uninstall) |
| Contributors Guide | - [Contributing](https://github.com/ansible/awx-operator#contributing)<br>- [Release Process](https://github.com/ansible/awx-operator#release-process)<br>- [Author](https://github.com/ansible/awx-operator#author)<br>- [Code of Conduct](https://github.com/ansible/awx-operator#code-of-conduct)<br>- [Get Involved](https://github.com/ansible/awx-operator#get-involved) |
Note: I could not get the multi-level bullet point list to work in the table so I used single asterisk `*` for one level down and double asterisk `**` for two level down.

95
molecule/default/tasks/awx_test.yml
View File

@@ -19,36 +19,19 @@
register: admin_pw_secret
- block:
- name: Get web pod details
- name: Get pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-web
register: awx_web_pod
- app.kubernetes.io/name = example-awx
register: awx_pod
when: not awx_version
- name: Get task pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-task
register: awx_task_pod
when: not awx_version
- name: Extract tags from images from web pod
- name: Extract tags from images
set_fact:
web_image_tags: |
{{ awx_web_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
- name: Extract tags from images from task pod
set_fact:
task_image_tags: |
{{ awx_task_pod.resources[0].spec.containers |
image_tags: |
{{ awx_pod.resources[0].spec.containers |
map(attribute='image') |
map('regex_search', default_awx_version) }}
when: not awx_version
@@ -59,8 +42,7 @@
This is an environment variable that is set via build arg when releasing awx-operator.
when:
- not awx_version
- default_awx_version not in web_image_tags
- default_awx_version not in task_image_tags
- default_awx_version not in image_tags
- name: Launch Demo Job Template
awx.awx.job_launch:
@@ -103,7 +85,7 @@
msg: '{{ failed_task }}'
- block:
- name: Look up details for this AWX instance
- name: Look up details for this deployment
k8s_info:
namespace: "{{ namespace }}"
api_version: "awx.ansible.com/v1beta1"
@@ -111,21 +93,13 @@
name: example-awx
register: this_awx
- name: Get web pod details
- name: Get pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-web
register: awx_web_pod
- name: Get task pod details
k8s_info:
namespace: '{{ namespace }}'
kind: Pod
label_selectors:
- app.kubernetes.io/name = example-awx-task
register: awx_task_pod
- app.kubernetes.io/name = example-awx
register: awx_pod
- name: Extract additional_labels from AWX spec
set_fact:
@@ -135,58 +109,31 @@
| list
}}
- name: Extract additional_labels from AWX web Pod
- name: Extract additional_labels from AWX Pod
set_fact:
awx_web_pod_additional_labels: >-
{{ awx_web_pod.resources[0].metadata.labels
pod_additional_labels: >-
{{ awx_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
| list
}}
- name: Extract additional_labels from AWX task Pod
set_fact:
awx_task_pod_additional_labels: >-
{{ awx_task_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', this_awx.resources[0].spec.additional_labels)
| list
}}
- name: Assert AWX web Pod contains additional_labels
- name: AWX Pod contains additional_labels
ansible.builtin.assert:
that:
- awx_web_pod_additional_labels == awx_additional_labels
- pod_additional_labels == awx_additional_labels
- name: Assert AWX task Pod contains additional_labels
ansible.builtin.assert:
that:
- awx_task_pod_additional_labels == awx_additional_labels
- name: Extract web Pod labels which shouldn't have been propagated to it from AWX
- name: Extract Pod labels which shouldn't have been propagated to it from AWX
set_fact:
awx_web_pod_extra_labels: >-
{{ awx_web_pod.resources[0].metadata.labels
pod_extra_labels: >-
{{ awx_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
| list
}}
- name: AWX web Pod doesn't contain AWX labels not in additional_labels
- name: AWX Pod doesn't contain AWX labels not in additional_labels
ansible.builtin.assert:
that:
- awx_web_pod_extra_labels == []
- name: Extract task Pod labels which shouldn't have been propagated to it from AWX
set_fact:
awx_task_pod_extra_labels: >-
{{ awx_task_pod.resources[0].metadata.labels
| dict2items | selectattr('key', 'in', ["my/do-not-inherit"])
| list
}}
- name: AWX task Pod doesn't contain AWX labels not in additional_labels
ansible.builtin.assert:
that:
- awx_task_pod_extra_labels == []
- pod_extra_labels == []
rescue:
- name: Re-emit failure
vars:

14
molecule/kind/converge.yml
View File

@@ -5,20 +5,8 @@
gather_facts: no
tasks:
# Remove after this if fixed: https://github.com/ansible-collections/community.docker/issues/611
- name: Install docker
become: yes
pip:
name:
- websocket-client==0.59.0
- requests==2.28.2
- urllib3==1.26.15
- docker
- docker-compose
state: present
- name: Build operator image
community.docker.docker_image:
docker_image:
build:
path: '{{ project_dir }}'
pull: no

1
molecule/requirements.yml
View File

@@ -5,5 +5,4 @@ collections:
version: 2.3.2
- name: operator_sdk.util
- name: community.docker
version: 3.4.4
- name: awx.awx

1
roles/common/templates/labels/common.yaml.j2
View File

@@ -1,4 +1,5 @@
# https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'

135
roles/installer/defaults/main.yml
View File

@@ -36,16 +36,12 @@ ingress_annotations: ''
# certificate and key.
ingress_tls_secret: ''
# Special configuration for specific Ingress Controllers. E.g.:
# ingress_controller: contour
ingress_controller: ''
loadbalancer_protocol: 'http'
loadbalancer_port: '80'
service_annotations: ''
# Port to be used for NodePort configuration, default is to auto-assign a port between 30000-32768
# nodeport_port: '30080'
#nodeport_port: '30080'
# The TLS termination mechanism to use to access
# the services. Supported mechanism are: edge, passthrough
@@ -71,24 +67,11 @@ hostname: ''
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
# disktype: ssd
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
node_selector: ''
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
web_node_selector: ''
# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
# to be scheduled on that node. Specify as literal block. E.g.:
# node_selector: |
# kubernetes.io/arch: amd64
# kubernetes.io/os: linux
task_node_selector: ''
# Add a topologySpreadConstraints for the AWX pods.
# Specify as literal block. E.g.:
# topology_spread_constraints: |
@@ -100,27 +83,7 @@ task_node_selector: ''
# app.kubernetes.io/name: "<resourcename>"
topology_spread_constraints: ''
# Add a topologySpreadConstraints for the task pods.
# Specify as literal block. E.g.:
# task_topology_spread_constraints: |
# - maxSkew: 100
# topologyKey: "topology.kubernetes.io/zone"
# whenUnsatisfiable: "ScheduleAnyway"
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: "<resourcename>"
task_topology_spread_constraints: ''
# Add a topologySpreadConstraints for the web pods.
# Specify as literal block. E.g.:
# web_topology_spread_constraints: |
# - maxSkew: 100
# topologyKey: "topology.kubernetes.io/zone"
# whenUnsatisfiable: "ScheduleAnyway"
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: "<resourcename>"
web_topology_spread_constraints: ''
affinity: {}
# Add node tolerations for the AWX pods. Specify as literal block. E.g.:
# tolerations: |
@@ -130,76 +93,12 @@ web_topology_spread_constraints: ''
# effect: "NoSchedule"
tolerations: ''
# Add node tolerations for the task pods. Specify as literal block. E.g.:
# task_tolerations: |
# - key: "dedicated"
# operator: "Equal"
# value: "AWXtask"
# effect: "NoSchedule"
task_tolerations: ''
# Add node tolerations for the web pods. Specify as literal block. E.g.:
# web_tolerations: |
# - key: "dedicated"
# operator: "Equal"
# value: "AWXweb"
# effect: "NoSchedule"
web_tolerations: ''
# Add affinities for all pods
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: app.kubernetes.io/component
# operator: In
# values:
# - awx
affinity: {}
# Add affinities for all task pods
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - awx-task
task_affinity: {}
# Add affinities for all web pods
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - awx-web
web_affinity: {}
# Add annotations to awx pods. Specify as literal block. E.g.:
# annotations: |
# my.annotation/1: value
# my.annotation/2: value2
annotations: ''
# Override annotations to awx task pods. Specify as literal block. E.g.:
# task_annotations: |
# my.task-annotation/1: value
# my.task-annotation/2: value2
task_annotations: ''
# Override annotations to awx web pods. Specify as literal block. E.g.:
# web_annotations: |
# my.web-annotation/1: value
# my.web-annotation/2: value2
web_annotations: ''
admin_user: admin
admin_email: test@example.com
@@ -274,18 +173,13 @@ _init_projects_container_image: quay.io/centos/centos:stream9
create_preload_data: true
replicas: "1"
web_replicas: ''
task_replicas: ''
task_args:
- /usr/bin/launch_awx_task.sh
task_command: []
web_args:
- /usr/bin/launch_awx_web.sh
- /usr/bin/launch_awx.sh
web_command: []
rsyslog_args:
- /usr/bin/launch_awx_rsyslog.sh
rsyslog_command: []
task_resource_requirements:
requests:
@@ -302,8 +196,6 @@ ee_resource_requirements:
cpu: 100m
memory: 64Mi
# TODO: validate default resource requirements
# Customize CSRF options
csrf_cookie_secure: False
session_cookie_secure: False
@@ -315,12 +207,6 @@ redis_resource_requirements:
requests:
cpu: 50m
memory: 64Mi
rsyslog_resource_requirements:
requests:
cpu: 100m
memory: 128Mi
# Add extra environment variables to the AWX task/web containers. Specify as
# literal block. E.g.:
# task_extra_env: |
@@ -386,12 +272,6 @@ projects_existing_claim: ''
# Define postgres configuration arguments to use
postgres_extra_args: ''
# Configure postgres connection keepalive
postgres_keepalives: true
postgres_keepalives_idle: 5
postgres_keepalives_interval: 5
postgres_keepalives_count: 5
# Define the storage_class, size and access_mode
# when not using an existing claim
projects_storage_size: 8Gi
@@ -433,10 +313,3 @@ set_self_labels: true
# Disable web container's nginx ipv6 listener
ipv6_disabled: false
# Set hostAliases on deployments
# hostAliases:
# - ip: 10.10.0.10
# hostnames:
# - hostname
host_aliases: ''

16
roles/installer/tasks/initialize_django.yml
View File

@@ -2,7 +2,7 @@
- name: Check if there are any super users defined.
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "echo 'from django.contrib.auth.models import User;
@@ -16,7 +16,7 @@
- name: Create super user via Django if it doesn't exist.
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput
register: result
@@ -28,7 +28,7 @@
- name: Update Django super user password
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: awx-manage update_password --username='{{ admin_user }}' --password='{{ admin_password }}'
register: result
@@ -39,7 +39,7 @@
- name: Check if legacy queue is present
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage list_instances | grep '^\[tower capacity=[0-9]*\]'"
@@ -50,7 +50,7 @@
- name: Unregister legacy queue
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage unregister_queue --queuename=tower"
@@ -74,7 +74,7 @@
- name: Register default execution environments (without authentication)
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage register_default_execution_environments"
@@ -95,7 +95,7 @@
- name: Register default execution environments (with authentication)
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage register_default_execution_environments
@@ -111,7 +111,7 @@
- name: Create preload data if necessary. # noqa 305
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage create_preload_data"

12
roles/installer/tasks/install.yml
View File

@@ -1,12 +1,4 @@
---
- name: Delete old deployment for before installing during upgrade
k8s:
kind: Deployment
api_version: v1
namespace: "{{ ansible_operator_meta.namespace }}"
name: "{{ ansible_operator_meta.name }}"
state: absent
- name: Patching labels to AWX kind
k8s:
state: present
@@ -83,7 +75,7 @@
- name: Check for pending migrations
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l"
@@ -93,7 +85,7 @@
- name: Migrate the database if the K8s resources were updated. # noqa 305
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage migrate --noinput"

33
roles/installer/tasks/main.yml
View File

@@ -1,36 +1,13 @@
---
- name: Check for presence of old awx Deployment
- name: Check for presence of Deployment
k8s_info:
api_version: apps/v1
kind: Deployment
name: "{{ ansible_operator_meta.name }}"
namespace: "{{ ansible_operator_meta.namespace }}"
register: awx_deployment
register: tower_deployment
- name: Check for presence of awx-task Deployment
k8s_info:
api_version: v1
kind: Deployment
name: "{{ ansible_operator_meta.name }}-task"
namespace: "{{ ansible_operator_meta.namespace }}"
register: awx_task_deployment
- name: Check for presence of awx-web Deployment
k8s_info:
api_version: v1
kind: Deployment
name: "{{ ansible_operator_meta.name }}-web"
namespace: "{{ ansible_operator_meta.namespace }}"
register: awx_web_deployment
- name: Start installation if auto_upgrade is true
# Just execute deployment steps when auto_upgrade is true or when no deployment exists
- name: Start installation
include_tasks: install.yml
when:
- auto_upgrade | bool
- name: Start installation if auto_upgrade is false and deployment is missing
include_tasks: install.yml
when:
- not (auto_upgrade | bool)
- not (awx_deployment['resources'] | length > 0)
- not (awx_web_deployment['resources'] | length > 0 and awx_task_deployment['resources'] | length > 0)
when: (tower_deployment['resources'] | length > 0 and auto_upgrade | bool ) or (tower_deployment['resources'] | length == 0)

28
roles/installer/tasks/resources_configuration.yml
View File

@@ -1,28 +1,29 @@
---
- name: Get the current resource task pod information.
- name: Get the current resource pod information.
k8s_info:
api_version: v1
kind: Pod
namespace: '{{ ansible_operator_meta.namespace }}'
label_selectors:
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}-task"
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}"
- "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
- "app.kubernetes.io/component={{ deployment_type }}"
field_selectors:
- status.phase=Running
register: awx_task_pod
register: tower_pod
- name: Set the resource pod as a variable.
set_fact:
awx_task_pod: >-
{{ awx_task_pod['resources']
tower_pod: >-
{{ tower_pod['resources']
| rejectattr('metadata.deletionTimestamp', 'defined')
| sort(attribute='metadata.creationTimestamp')
| first | default({}) }}
- name: Set the resource pod name as a variable.
set_fact:
awx_task_pod_name: "{{ awx_task_pod['metadata']['name'] | default('') }}"
tower_pod_name: "{{ tower_pod['metadata']['name'] | default('') }}"
- name: Set user provided control plane ee image
set_fact:
@@ -248,12 +249,9 @@
- name: Apply deployment resources
k8s:
apply: yes
definition: "{{ lookup('template', 'deployments/{{ item }}.yaml.j2') }}"
definition: "{{ lookup('template', 'deployments/deployment.yaml.j2') }}"
wait: yes
wait_timeout: "{{ (120 * replicas) or 120 }}"
loop:
- task
- web
wait_timeout: "{{ 120 * replicas or 120 }}"
register: this_deployment_result
- block:
@@ -262,7 +260,7 @@
kind: Pod
namespace: '{{ ansible_operator_meta.namespace }}'
label_selectors:
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}-task"
- "app.kubernetes.io/name={{ ansible_operator_meta.name }}"
- "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
- "app.kubernetes.io/component={{ deployment_type }}"
field_selectors:
@@ -271,7 +269,7 @@
- name: Update new resource pod as a variable.
set_fact:
awx_task_pod: >-
tower_pod: >-
{{ _new_pod['resources']
| rejectattr('metadata.deletionTimestamp', 'defined')
| sort(attribute='metadata.creationTimestamp')
@@ -279,11 +277,11 @@
- name: Update new resource pod name as a variable.
set_fact:
awx_task_pod_name: '{{ awx_task_pod["metadata"]["name"] | default("")}}'
tower_pod_name: '{{ tower_pod["metadata"]["name"] | default("")}}'
when:
- this_deployment_result.changed
- name: Verify the resource pod name is populated.
assert:
that: awx_task_pod_name != ''
that: tower_pod_name != ''
fail_msg: "Could not find the tower pod's name."

5
roles/installer/tasks/scale_down_deployment.yml
View File

@@ -12,11 +12,8 @@
kubernetes.core.k8s_scale:
api_version: apps/v1
kind: Deployment
name: "{{ item }}"
name: "{{ ansible_operator_meta.name }}"
namespace: "{{ ansible_operator_meta.namespace }}"
replicas: 0
wait: yes
loop:
- "{{ ansible_operator_meta.name }}-task"
- "{{ ansible_operator_meta.name }}-web"
when: this_deployment['resources'] | length

2
roles/installer/tasks/update_status.yml
View File

@@ -47,7 +47,7 @@
- name: Retrieve instance version
k8s_exec:
namespace: "{{ ansible_operator_meta.namespace }}"
pod: "{{ awx_task_pod_name }}"
pod: "{{ tower_pod_name }}"
container: "{{ ansible_operator_meta.name }}-task"
command: >-
bash -c "awx-manage --version"

2
roles/installer/templates/configmaps/config.yaml.j2
View File

@@ -236,7 +236,7 @@ data:
bind 127.0.0.1
receptor_conf: |
---
- log-level: info
- log-level: debug
- local-only: null
- node:
firewallrules:

213
roles/installer/templates/deployments/task.yaml.j2 → roles/installer/templates/deployments/deployment.yaml.j2
View File

@@ -1,27 +1,23 @@
# AWX Deployment.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ ansible_operator_meta.name }}-task'
name: '{{ ansible_operator_meta.name }}'
namespace: '{{ ansible_operator_meta.namespace }}'
labels:
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
spec:
{% if task_replicas %}
replicas: {{ task_replicas }}
{% elif replicas %}
replicas: {{ replicas }}
{% endif %}
selector:
matchLabels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-task'
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
template:
metadata:
labels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-task'
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
annotations:
@@ -43,9 +39,7 @@ spec:
] %}
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
{% endfor %}
{% if task_annotations %}
{{ task_annotations | indent(width=8) }}
{% elif annotations %}
{% if annotations %}
{{ annotations | indent(width=8) }}
{% endif %}
spec:
@@ -59,16 +53,6 @@ spec:
- name: {{ secret }}
{% endfor %}
{% endif %}
{% if host_aliases is defined and host_aliases | length > 0 %}
hostAliases:
{% for item in host_aliases %}
- ip: {{ item.ip }}
hostnames:
{% for hostname in item.hostnames %}
- {{ hostname }}
{% endfor %}
{% endfor %}
{% endif %}
{% if control_plane_priority_class is defined %}
priorityClassName: '{{ control_plane_priority_class }}'
{% endif %}
@@ -122,7 +106,6 @@ spec:
- name: init-projects
image: '{{ _init_projects_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ task_resource_requirements }}
command:
- /bin/sh
- -c
@@ -175,6 +158,108 @@ spec:
/var/lib/pre-stop/scripts/termination-waiter
{% endif %}
resources: {{ redis_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-web'
{% if web_command %}
command: {{ web_command }}
{% endif %}
{% if web_args %}
args: {{ web_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
ports:
- containerPort: 8052
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- containerPort: 8053
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/execution_environments.py"
subPath: execution_environments.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py
readOnly: true
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ ansible_operator_meta.name }}-nginx-certs"
mountPath: "/etc/nginx/pki"
readOnly: true
{% endif %}
{% if ldap_cacert_ca_crt %}
- name: "{{ ansible_operator_meta.name }}-ldap-cacert"
mountPath: /etc/openldap/certs/ldap-ca.crt
subPath: ldap-ca.crt
readOnly: true
{% endif %}
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: /etc/tower/settings.py
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: supervisor-socket
mountPath: "/var/run/supervisor"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
- name: rsyslog-dir
mountPath: "/var/lib/awx/rsyslog"
- name: "{{ ansible_operator_meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/signing/work-public-key.pem"
subPath: "work-public-key.pem"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if web_extra_volume_mounts -%}
{{ web_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: UWSGI_MOUNT_PATH
value: "{{ ingress_path }}"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if web_extra_env -%}
{{ web_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ web_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-task'
imagePullPolicy: '{{ image_pull_policy }}'
@@ -219,8 +304,12 @@ spec:
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: supervisor-socket
mountPath: "/var/run/supervisor"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
- name: rsyslog-dir
mountPath: "/var/lib/awx/rsyslog"
- name: "{{ ansible_operator_meta.name }}-receptor-config"
mountPath: "/etc/receptor/"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
@@ -251,10 +340,8 @@ spec:
- /var/lib/pre-stop/scripts/termination-master
{% endif %}
env:
- name: AWX_COMPONENT
value: "task"
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_task.conf"
- name: SUPERVISOR_WEB_CONFIG_PATH
value: "/etc/supervisord.conf"
- name: AWX_SKIP_MIGRATIONS
value: "1"
- name: MY_POD_UID
@@ -343,80 +430,22 @@ spec:
{% if ee_extra_env -%}
{{ ee_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ rsyslog_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-rsyslog'
{% if rsyslog_command %}
command: {{ rsyslog_command }}
{% endif %}
{% if rsyslog_args %}
args: {{ rsyslog_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
env:
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_rsyslog.conf"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if task_node_selector %}
nodeSelector:
{{ task_node_selector | indent(width=8) }}
{% elif node_selector %}
{% if node_selector %}
nodeSelector:
{{ node_selector | indent(width=8) }}
{% endif %}
{% if task_topology_spread_constraints %}
topologySpreadConstraints:
{{ task_topology_spread_constraints | indent(width=8) }}
{% elif topology_spread_constraints %}
{% if topology_spread_constraints %}
topologySpreadConstraints:
{{ topology_spread_constraints | indent(width=8) }}
{% endif %}
{% if task_tolerations %}
tolerations:
{{ task_tolerations | indent(width=8) }}
{% elif tolerations %}
tolerations:
{{ tolerations | indent(width=8) }}
{% endif %}
{% if task_affinity %}
affinity:
{{ task_affinity | to_nice_yaml | indent(width=8) }}
{% elif affinity %}
{% if affinity | length %}
affinity:
{{ affinity | to_nice_yaml | indent(width=8) }}
{% endif %}
{% if tolerations %}
tolerations:
{{ tolerations | indent(width=8) }}
{% endif %}
{% if (projects_persistence|bool and is_k8s|bool) or (security_context_settings|length) %}
securityContext:
{% if projects_persistence|bool and is_k8s|bool %}
@@ -512,10 +541,14 @@ spec:
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-redis-data
emptyDir: {}
- name: supervisor-socket
emptyDir: {}
- name: rsyslog-socket
emptyDir: {}
- name: receptor-socket
emptyDir: {}
- name: rsyslog-dir
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-receptor-config
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-default-receptor-config

427
roles/installer/templates/deployments/web.yaml.j2
View File

@@ -1,427 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ ansible_operator_meta.name }}-web'
namespace: '{{ ansible_operator_meta.namespace }}'
labels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
spec:
{% if web_replicas %}
replicas: {{ web_replicas }}
{% elif replicas %}
replicas: {{ replicas }}
{% endif %}
selector:
matchLabels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
template:
metadata:
labels:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
annotations:
{% for template in [
"configmaps/config",
"configmaps/pre_stop_scripts",
"secrets/app_credentials",
"storage/persistent",
] %}
checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
{% endfor %}
{% for secret in [
"bundle_cacert",
"route_tls",
"ldap_cacert",
"secret_key",
"receptor_ca",
"receptor_work_signing",
] %}
checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
{% endfor %}
{% if web_annotations %}
{{ web_annotations | indent(width=8) }}
{% elif annotations %}
{{ annotations | indent(width=8) }}
{% endif %}
spec:
serviceAccountName: '{{ ansible_operator_meta.name }}'
{% if image_pull_secret is defined %}
imagePullSecrets:
- name: {{ image_pull_secret }}
{% elif image_pull_secrets | length > 0 %}
imagePullSecrets:
{% for secret in image_pull_secrets %}
- name: {{ secret }}
{% endfor %}
{% endif %}
{% if host_aliases is defined and host_aliases | length > 0 %}
hostAliases:
{% for item in host_aliases %}
- ip: {{ item.ip }}
hostnames:
{% for hostname in item.hostnames %}
- {{ hostname }}
{% endfor %}
{% endfor %}
{% endif %}
{% if control_plane_priority_class is defined %}
priorityClassName: '{{ control_plane_priority_class }}'
{% endif %}
initContainers:
{% if bundle_ca_crt or projects_persistence|bool or init_container_extra_commands %}
- name: init
image: '{{ _init_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ web_resource_requirements }}
command:
- /bin/sh
- -c
- |
{% if bundle_ca_crt %}
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
update-ca-trust
{% endif %}
{% if init_container_extra_commands %}
{{ init_container_extra_commands | indent(width=14) }}
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if init_container_extra_volume_mounts -%}
{{ init_container_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
{% endif %}
{% if projects_persistence|bool and is_k8s|bool %}
- name: init-projects
image: '{{ _init_projects_container_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
resources: {{ web_resource_requirements }}
command:
- /bin/sh
- -c
- |
chmod 775 /var/lib/awx/projects
chgrp 1000 /var/lib/awx/projects
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
{% endif %}
containers:
- image: '{{ _redis_image }}'
imagePullPolicy: '{{ image_pull_policy }}'
name: redis
{% if redis_capabilities is defined and redis_capabilities %}
securityContext:
capabilities:
add: {{ redis_capabilities }}
{% endif %}
args: ["redis-server", "/etc/redis.conf"]
volumeMounts:
- name: {{ ansible_operator_meta.name }}-redis-config
mountPath: "/etc/redis.conf"
subPath: redis.conf
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: "{{ ansible_operator_meta.name }}-redis-data"
mountPath: "/data"
resources: {{ redis_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-web'
imagePullPolicy: '{{ image_pull_policy }}'
{% if web_command %}
command: {{ web_command }}
{% endif %}
{% if web_args %}
args: {{ web_args }}
{% endif %}
ports:
- containerPort: 8052
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- containerPort: 8053
{% endif %}
volumeMounts:
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/execution_environments.py"
subPath: execution_environments.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/ldap.py"
subPath: ldap.py
readOnly: true
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ ansible_operator_meta.name }}-nginx-certs"
mountPath: "/etc/nginx/pki"
readOnly: true
{% endif %}
{% if ldap_cacert_ca_crt %}
- name: "{{ ansible_operator_meta.name }}-ldap-cacert"
mountPath: /etc/openldap/certs/ldap-ca.crt
subPath: ldap-ca.crt
readOnly: true
{% endif %}
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: /etc/tower/settings.py
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
{% if projects_persistence|bool %}
- name: "{{ ansible_operator_meta.name }}-projects"
mountPath: "/var/lib/awx/projects"
{% endif %}
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/signing/work-public-key.pem"
subPath: "work-public-key.pem"
readOnly: true
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
{% if web_extra_volume_mounts -%}
{{ web_extra_volume_mounts | indent(width=12, first=True) }}
{% endif %}
env:
- name: AWX_COMPONENT
value: "web"
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_web.conf"
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: UWSGI_MOUNT_PATH
value: "{{ ingress_path }}"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if web_extra_env -%}
{{ web_extra_env | indent(width=12, first=True) }}
{% endif %}
resources: {{ web_resource_requirements }}
- image: '{{ _image }}'
name: '{{ ansible_operator_meta.name }}-rsyslog'
{% if rsyslog_command %}
command: {{ rsyslog_command }}
{% endif %}
{% if rsyslog_args %}
args: {{ rsyslog_args }}
{% endif %}
imagePullPolicy: '{{ image_pull_policy }}'
volumeMounts:
- name: "{{ ansible_operator_meta.name }}-application-credentials"
mountPath: "/etc/tower/conf.d/credentials.py"
subPath: credentials.py
readOnly: true
- name: "{{ secret_key_secret_name }}"
mountPath: /etc/tower/SECRET_KEY
subPath: SECRET_KEY
readOnly: true
- name: {{ ansible_operator_meta.name }}-settings
mountPath: "/etc/tower/settings.py"
subPath: settings.py
readOnly: true
- name: {{ ansible_operator_meta.name }}-redis-socket
mountPath: "/var/run/redis"
- name: rsyslog-socket
mountPath: "/var/run/awx-rsyslog"
resources: {{ rsyslog_resource_requirements }}
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
mountPath: "/etc/pki/ca-trust/extracted"
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
subPath: bundle-ca.crt
readOnly: true
{% endif %}
{% if development_mode | bool %}
- name: awx-devel
mountPath: "/awx_devel"
{% endif %}
env:
- name: SUPERVISOR_CONFIG_PATH
value: "/etc/supervisord_rsyslog.conf"
{% if development_mode | bool %}
- name: AWX_KUBE_DEVEL
value: "1"
{% endif %}
{% if web_node_selector %}
nodeSelector:
{{ web_node_selector | indent(width=8) }}
{% elif node_selector %}
nodeSelector:
{{ node_selector | indent(width=8) }}
{% endif %}
{% if web_topology_spread_constraints %}
topologySpreadConstraints:
{{ web_topology_spread_constraints | indent(width=8) }}
{% elif topology_spread_constraints %}
topologySpreadConstraints:
{{ topology_spread_constraints | indent(width=8) }}
{% endif %}
{% if web_tolerations %}
tolerations:
{{ web_tolerations| indent(width=8) }}
{% elif tolerations %}
tolerations:
{{ tolerations| indent(width=8) }}
{% endif %}
{% if web_affinity %}
affinity:
{{ web_affinity | to_nice_yaml | indent(width=8) }}
{% elif affinity %}
affinity:
{{ affinity | to_nice_yaml | indent(width=8) }}
{% endif %}
volumes:
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
secret:
secretName: "{{ ansible_operator_meta.name }}-receptor-ca"
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
secret:
secretName: "{{ ansible_operator_meta.name }}-receptor-work-signing"
{% if bundle_ca_crt %}
- name: "ca-trust-extracted"
emptyDir: {}
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
secret:
secretName: "{{ bundle_cacert_secret }}"
items:
- key: bundle-ca.crt
path: 'bundle-ca.crt'
{% endif %}
{% if ingress_type | lower == 'route' and route_tls_termination_mechanism | lower == 'passthrough' %}
- name: "{{ ansible_operator_meta.name }}-nginx-certs"
secret:
secretName: "{{ route_tls_secret }}"
items:
- key: tls.key
path: 'web.key'
- key: tls.crt
path: 'web.crt'
{% endif %}
{% if ldap_cacert_ca_crt %}
- name: "{{ ansible_operator_meta.name }}-ldap-cacert"
secret:
secretName: "{{ ldap_cacert_secret }}"
items:
- key: ldap-ca.crt
path: 'ldap-ca.crt'
{% endif %}
- name: "{{ ansible_operator_meta.name }}-application-credentials"
secret:
secretName: "{{ ansible_operator_meta.name }}-app-credentials"
items:
- key: credentials.py
path: 'credentials.py'
- key: ldap.py
path: 'ldap.py'
- key: execution_environments.py
path: 'execution_environments.py'
- name: "{{ secret_key_secret_name }}"
secret:
secretName: '{{ secret_key_secret_name }}'
items:
- key: secret_key
path: SECRET_KEY
- name: {{ ansible_operator_meta.name }}-settings
configMap:
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
items:
- key: settings
path: settings.py
- name: {{ ansible_operator_meta.name }}-nginx-conf
configMap:
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
items:
- key: nginx_conf
path: nginx.conf
- name: {{ ansible_operator_meta.name }}-redis-config
configMap:
name: {{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap
items:
- key: redis_conf
path: redis.conf
- name: {{ ansible_operator_meta.name }}-redis-socket
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-redis-data
emptyDir: {}
- name: rsyslog-socket
emptyDir: {}
- name: receptor-socket
emptyDir: {}
- name: {{ ansible_operator_meta.name }}-receptor-config
configMap:
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
items:
- key: receptor_conf
path: receptor.conf
{% if projects_persistence|bool %}
- name: "{{ ansible_operator_meta.name }}-projects"
persistentVolumeClaim:
{% if projects_existing_claim %}
claimName: {{ projects_existing_claim }}
{% else %}
claimName: '{{ ansible_operator_meta.name }}-projects-claim'
{% endif %}
{% endif %}
{% if development_mode | bool %}
- name: awx-devel
hostPath:
path: /awx_devel
{% endif %}
{% if extra_volumes -%}
{{ extra_volumes | indent(width=8, first=True) }}
{% endif %}

17
roles/installer/templates/networking/ingress.yaml.j2
View File

@@ -9,16 +9,10 @@ metadata:
namespace: '{{ ansible_operator_meta.namespace }}'
labels:
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
{% if ingress_annotations or ingress_controller|lower == "contour" %}
annotations:
{% if ingress_annotations %}
annotations:
{{ ingress_annotations | indent(width=4) }}
{% endif %}
{% if ingress_controller|lower == "contour" %}
projectcontour.io/websocket-routes: "/websocket"
kubernetes.io/ingress.class: contour
{% endif %}
{% endif %}
spec:
{% if ingress_class_name %}
ingressClassName: '{{ ingress_class_name }}'
@@ -33,15 +27,6 @@ spec:
name: '{{ ansible_operator_meta.name }}-service'
port:
number: 80
{% if ingress_controller|lower == "contour" %}
- path: '{{ ingress_path.rstrip("/") }}/websocket'
pathType: '{{ ingress_path_type }}'
backend:
service:
name: '{{ ansible_operator_meta.name }}-service'
port:
number: 80
{% endif %}
{% if hostname %}
host: {{ hostname }}
{% endif %}

5
roles/installer/templates/networking/service.yaml.j2
View File

@@ -13,6 +13,7 @@ metadata:
{% endif %}
spec:
ports:
{% if service_type | lower == "nodeport" %}
- port: 80
protocol: TCP
@@ -45,14 +46,14 @@ spec:
name: http
{% endif %}
selector:
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}-web'
app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}'
{% if service_type | lower == "nodeport" %}
type: NodePort
{% elif service_type | lower == "loadbalancer" %}
type: LoadBalancer
{% if loadbalancer_ip is defined and loadbalancer_ip|length %}
{% if variable is defined and variable|length %}
loadbalancerip: '{{ loadbalancer_ip }}'
{% endif %}
{% else %}

10
roles/installer/templates/settings/credentials.py.j2
View File

@@ -8,17 +8,7 @@ DATABASES = {
'HOST': '{{ awx_postgres_host }}',
'PORT': "{{ awx_postgres_port }}",
'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
{% if awx_postgres_sslmode in ['verify-ca', 'verify-full'] %}
'sslrootcert': '{{ ca_trust_bundle }}',
{% endif %}
{% if postgres_keepalives %}
'keepalives': 1,
'keepalives_idle': {{ postgres_keepalives_idle }},
'keepalives_interval': {{ postgres_keepalives_interval }},
'keepalives_count': {{ postgres_keepalives_count }},
{% else %}
'keepalives': 0,
{% endif %}
},
}
}

7
roles/restore/tasks/postgres.yml
View File

@@ -50,7 +50,7 @@
k8s_info:
api_version: apps/v1
kind: Deployment
name: "{{ ansible_operator_meta.namespace }}-task"
name: "{{ deployment_name }}"
namespace: "{{ ansible_operator_meta.namespace }}"
register: this_deployment
@@ -58,13 +58,10 @@
k8s_scale:
api_version: apps/v1
kind: Deployment
name: "{{ item }}"
name: "{{ deployment_name }}"
namespace: "{{ ansible_operator_meta.namespace }}"
replicas: 0
wait: yes
loop:
- "{{ ansible_operator_meta.name }}-task"
- "{{ ansible_operator_meta.name }}-web"
when: this_deployment['resources'] | length
- name: Set full resolvable host name for postgres pod