mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
5fb6bb7519
Bump operator-sdk, ansible-operator, and OPM binaries to align with the OCP 4.20 / AAP 2.7 target. Replace the deprecated kube-rbac-proxy sidecar (removed in operator-sdk v1.38.0) with controller-runtime's built-in WithAuthenticationAndAuthorization for metrics endpoint protection. Changes: - Makefile: operator-sdk v1.36.1 → v1.40.0, OPM v1.26.0 → v1.55.0 - Dockerfile: ansible-operator base image v1.36.1 → v1.40.0 - Remove kube-rbac-proxy sidecar and auth_proxy_* RBAC manifests - Add metrics_auth_role, metrics_reader, and metrics_service resources - Add --metrics-secure, --metrics-require-rbac, --metrics-bind-address flags via JSON patch to serve metrics directly from the manager on port 8443 with TLS and RBAC authentication Ref: AAP-65254 Authored By: Christian M. Adams <chadams@redhat.com> Assisted By: Claude
26 lines
759 B
Docker
26 lines
759 B
Docker
FROM quay.io/operator-framework/ansible-operator:v1.40.0
|
|
|
|
USER root
|
|
RUN dnf update --security --bugfix -y --disableplugin=subscription-manager && \
|
|
dnf install -y --disableplugin=subscription-manager openssl
|
|
|
|
USER 1001
|
|
|
|
ARG DEFAULT_AWX_VERSION
|
|
ARG OPERATOR_VERSION
|
|
ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
|
|
ENV OPERATOR_VERSION=${OPERATOR_VERSION}
|
|
|
|
COPY requirements.yml ${HOME}/requirements.yml
|
|
RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
|
|
&& chmod -R ug+rwx ${HOME}/.ansible
|
|
|
|
COPY watches.yaml ${HOME}/watches.yaml
|
|
COPY roles/ ${HOME}/roles/
|
|
COPY playbooks/ ${HOME}/playbooks/
|
|
|
|
ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
|
|
"--watches-file=./watches.yaml", \
|
|
"--reconcile-period=0s" \
|
|
]
|