--- deployment_type: awx kind: 'AWX' api_version: '{{ deployment_type }}.ansible.com/v1beta1' database_name: "{{ deployment_type }}" database_username: "{{ deployment_type }}" task_privileged: false service_type: ClusterIP ingress_type: none ingress_class_name: '' ingress_path: '/' ingress_path_type: 'Prefix' ingress_api_version: 'networking.k8s.io/v1' # Add annotations to the service account. Specify as literal block. E.g.: # service_account_annotations: | # eks.amazonaws.com/role-arn: arn:aws:iam:::role/ service_account_annotations: '' # Custom labels for the tower service. Specify as literal block. E.g.: # service_labels: | # environment: non-production # zone: internal service_labels: '' # Add annotations to the ingress. Specify as literal block. E.g.: # ingress_annotations: | # kubernetes.io/ingress.class: nginx # nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s ingress_annotations: '' # TLS secret for the ingress. The secret either has to exist before hand with # the corresponding cert and key or just be an indicator for where an automated # process like cert-manager (enabled via annotations) will store the TLS # certificate and key. ingress_tls_secret: '' loadbalancer_protocol: 'http' loadbalancer_port: '80' service_annotations: '' # Port to be used for NodePort configuration, default is to auto-assign a port between 30000-32768 #nodeport_port: '30080' # The TLS termination mechanism to use to access # the services. Supported mechanism are: edge, passthrough # route_tls_termination_mechanism: edge # Secret to lookup that provide the TLS specific # credentials to deploy # route_tls_secret: '' # Route API Version to support older version # of the kubernetes services route_api_version: 'route.openshift.io/v1' # Host to create the root with. # If not specific will default to -- # route_host: '' hostname: '' # Add a nodeSelector for the AWX pods. It must match a node's labels for the pod # to be scheduled on that node. Specify as literal block. E.g.: # node_selector: | # disktype: ssd # kubernetes.io/arch: amd64 # kubernetes.io/os: linux node_selector: '' # Add a topologySpreadConstraints for the AWX pods. # Specify as literal block. E.g.: # topology_spread_constraints: | # - maxSkew: 100 # topologyKey: "topology.kubernetes.io/zone" # whenUnsatisfiable: "ScheduleAnyway" # labelSelector: # matchLabels: # app.kubernetes.io/name: "" topology_spread_constraints: '' affinity: {} # Add node tolerations for the AWX pods. Specify as literal block. E.g.: # tolerations: | # - key: "dedicated" # operator: "Equal" # value: "AWX" # effect: "NoSchedule" tolerations: '' # Add annotations to awx pods. Specify as literal block. E.g.: # annotations: | # my.annotation/1: value # my.annotation/2: value2 annotations: '' admin_user: admin admin_email: test@example.com # Secret to lookup that provide the admin password # admin_password_secret: '' # Secret to lookup that provide the broadcast websocket key # broadcast_websocket_secret: '' # Secret to lookup that provide the secret key # secret_key_secret: '' # Secret to lookup that provide the PostgreSQL configuration # postgres_configuration_secret: '' # Secret to lookup that provides old database credentials (for migration) old_postgres_configuration_secret: '' # Secret to lookup that provides default execution environment pull credentials # ee_pull_credentials_secret: '' # Add extra volumes to the AWX pod. Specify as literal block. E.g.: # extra_volumes: | # - name: my-volume # emptyDir: {} extra_volumes: '' # Use these image versions for Ansible AWX. _image: quay.io/ansible/awx _image_version: "{{ lookup('env', 'DEFAULT_AWX_VERSION') or 'latest' }}" _redis_image: docker.io/redis _redis_image_version: 7 _postgres_image: postgres _postgres_image_version: 13 image_pull_policy: IfNotPresent image_pull_secrets: [] # Extra commands which will be appended to the initContainer # Make sure that each command entered return an exit code 0 # otherwise the initContainer will fail # init_container_extra_commands: | # date >> /var/lib/awx/projects/timestamp # chgrp 1000 /shared # chmod 775 /shared init_container_extra_commands: '' # Mount extra volumes on the initContainer. # The volume used must be defined as an `extra_volumes` resource # init_container_extra_volume_mounts: | # - name: shared-vol # mountPath: /shared init_container_extra_volume_mounts: '' ee_images: - name: AWX EE (latest) image: quay.io/ansible/awx-ee:latest _control_plane_ee_image: quay.io/ansible/awx-ee:latest _init_container_image: "{{ _control_plane_ee_image.split(':')[0] }}" _init_container_image_version: "{{ _control_plane_ee_image.split(':')[1] }}" _init_projects_container_image: quay.io/centos/centos:stream9 create_preload_data: true replicas: "1" task_args: - /usr/bin/launch_awx_task.sh task_command: [] web_args: - /usr/bin/launch_awx.sh web_command: [] task_resource_requirements: requests: cpu: 100m memory: 128Mi web_resource_requirements: requests: cpu: 100m memory: 128Mi ee_resource_requirements: requests: cpu: 100m memory: 64Mi # Customize CSRF options csrf_cookie_secure: False session_cookie_secure: False # Assign a preexisting priority class to the control plane pods control_plane_priority_class: '' redis_resource_requirements: requests: cpu: 50m memory: 64Mi # Add extra environment variables to the AWX task/web containers. Specify as # literal block. E.g.: # task_extra_env: | # - name: FOO # value: bar # - name: BAZ # value: bing task_extra_env: '' web_extra_env: '' ee_extra_env: '' # Mount extra volumes on the AWX task/web containers. Specify as literal block. # E.g.: # task_extra_volume_mounts: '' # - name: my-volume # mountPath: /some/path task_extra_volume_mounts: '' web_extra_volume_mounts: '' ee_extra_volume_mounts: '' # Add a nodeSelector for the Postgres pods. # It must match a node's labels for the pod to be scheduled on that node. # Specify as literal block. E.g.: # postgres_selector: | # disktype: ssd # kubernetes.io/arch: amd64 # kubernetes.io/os: linux postgres_selector: '' # Specify whether or not to keep the old PVC after PostgreSQL upgrades postgres_keep_pvc_after_upgrade: True # Add node tolerations for the Postgres pods. # Specify as literal block. E.g.: # postgres_tolerations: | # - key: "dedicated" # operator: "Equal" # value: "AWX" # effect: "NoSchedule" postgres_tolerations: '' postgres_storage_requirements: requests: storage: 8Gi postgres_resource_requirements: requests: cpu: 10m memory: 64Mi postgres_init_container_resource_requirements: requests: cpu: 10m memory: 64Mi # Assign a preexisting priority class to the postgres pod postgres_priority_class: '' postgres_data_path: '/var/lib/postgresql/data/pgdata' # Persistence to the AWX project data folder # Whether or not the /var/lib/projects directory will be persistent projects_persistence: false # # Define an existing PersistentVolumeClaim to use projects_existing_claim: '' # # Define postgres configuration arguments to use postgres_extra_args: '' # Define the storage_class, size and access_mode # when not using an existing claim projects_storage_size: 8Gi projects_storage_access_mode: ReadWriteMany ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt" # Secret to lookup that provides the LDAP CACert trusted bundle # ldap_cacert_secret: '' # Secret to lookup that provides the LDAP bind password ldap_password_secret: '' # Secret to lookup that provides the custom CA trusted bundle bundle_cacert_secret: '' # Whether secrets should be garbage collected # on teardown # garbage_collect_secrets: false development_mode: false security_context_settings: {} # Set no_log settings on certain tasks no_log: true # Should AWX instances be automatically upgraded when operator gets upgraded # auto_upgrade: true # Labels defined on the resource, which should be propagated to child resources additional_labels: [] # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self) set_self_labels: true # Disable web container's nginx ipv6 listener ipv6_disabled: false