mirror of
https://github.com/ansible/awx-operator.git
synced 2026-03-26 21:33:14 +00:00
6e47dc62c2
The latest release of the update-ca-trust requires the --output param
if you run as non-root user.
See: 81a090f89a
And: https://github.com/ansible/awx-ee/issues/258#issuecomment-2439742296
Fixes: https://github.com/ansible/awx-ee/issues/258
146 lines
5.2 KiB
Django/Jinja
146 lines
5.2 KiB
Django/Jinja
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: '{{ ansible_operator_meta.name }}-migration-{{ version }}'
|
|
namespace: '{{ ansible_operator_meta.namespace }}'
|
|
labels:
|
|
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
|
|
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=4) | trim }}
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=8) | trim }}
|
|
{{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
|
|
spec:
|
|
{% if bundle_ca_crt %}
|
|
initContainers:
|
|
- name: init-bundle-ca-trust
|
|
image: '{{ _init_container_image }}'
|
|
imagePullPolicy: '{{ image_pull_policy }}'
|
|
resources: {{ init_container_resource_requirements }}
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
|
|
update-ca-trust extract --output /etc/pki/ca-trust/extracted
|
|
volumeMounts:
|
|
- name: "ca-trust-extracted"
|
|
mountPath: "/etc/pki/ca-trust/extracted"
|
|
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
|
|
mountPath: /etc/pki/ca-trust/source/anchors/bundle-ca.crt
|
|
subPath: bundle-ca.crt
|
|
readOnly: true
|
|
{% endif %}
|
|
containers:
|
|
- name: "migration-job"
|
|
image: '{{ _image }}'
|
|
resources: {{ task_resource_requirements }}
|
|
command:
|
|
- awx-manage
|
|
- migrate
|
|
- --noinput
|
|
volumeMounts:
|
|
- name: {{ ansible_operator_meta.name }}-application-credentials
|
|
mountPath: "/etc/tower/conf.d/credentials.py"
|
|
subPath: credentials.py
|
|
readOnly: true
|
|
- name: "{{ secret_key_secret_name }}"
|
|
mountPath: /etc/tower/SECRET_KEY
|
|
subPath: SECRET_KEY
|
|
readOnly: true
|
|
- name: {{ ansible_operator_meta.name }}-settings
|
|
mountPath: "/etc/tower/settings.py"
|
|
subPath: settings.py
|
|
readOnly: true
|
|
{{ lookup("template", "common/volume_mounts/extra_settings_files.yaml.j2") | indent(width=12) | trim }}
|
|
{% if bundle_ca_crt %}
|
|
- name: "ca-trust-extracted"
|
|
mountPath: "/etc/pki/ca-trust/extracted"
|
|
{% endif %}
|
|
{% if development_mode | bool %}
|
|
- name: awx-devel
|
|
mountPath: "/awx_devel"
|
|
{% endif %}
|
|
serviceAccountName: '{{ ansible_operator_meta.name }}'
|
|
{% if image_pull_secret is defined %}
|
|
imagePullSecrets:
|
|
- name: {{ image_pull_secret }}
|
|
{% elif image_pull_secrets | length > 0 %}
|
|
imagePullSecrets:
|
|
{% for secret in image_pull_secrets %}
|
|
- name: {{ secret }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if task_node_selector %}
|
|
nodeSelector:
|
|
{{ task_node_selector | indent(width=8) }}
|
|
{% elif node_selector %}
|
|
nodeSelector:
|
|
{{ node_selector | indent(width=8) }}
|
|
{% endif %}
|
|
{% if task_topology_spread_constraints %}
|
|
topologySpreadConstraints:
|
|
{{ task_topology_spread_constraints | indent(width=8) }}
|
|
{% elif topology_spread_constraints %}
|
|
topologySpreadConstraints:
|
|
{{ topology_spread_constraints | indent(width=8) }}
|
|
{% endif %}
|
|
{% if task_tolerations %}
|
|
tolerations:
|
|
{{ task_tolerations | indent(width=8) }}
|
|
{% elif tolerations %}
|
|
tolerations:
|
|
{{ tolerations | indent(width=8) }}
|
|
{% endif %}
|
|
{% if task_affinity %}
|
|
affinity:
|
|
{{ task_affinity | to_nice_yaml | indent(width=8) }}
|
|
{% elif affinity %}
|
|
affinity:
|
|
{{ affinity | to_nice_yaml | indent(width=8) }}
|
|
{% endif %}
|
|
volumes:
|
|
- name: "{{ ansible_operator_meta.name }}-application-credentials"
|
|
secret:
|
|
secretName: "{{ ansible_operator_meta.name }}-app-credentials"
|
|
items:
|
|
- key: credentials.py
|
|
path: 'credentials.py'
|
|
- key: ldap.py
|
|
path: 'ldap.py'
|
|
- key: execution_environments.py
|
|
path: 'execution_environments.py'
|
|
- name: "{{ secret_key_secret_name }}"
|
|
secret:
|
|
secretName: '{{ secret_key_secret_name }}'
|
|
items:
|
|
- key: secret_key
|
|
path: SECRET_KEY
|
|
- name: {{ ansible_operator_meta.name }}-settings
|
|
configMap:
|
|
name: '{{ ansible_operator_meta.name }}-{{ deployment_type }}-configmap'
|
|
items:
|
|
- key: settings
|
|
path: settings.py
|
|
{{ lookup("template", "common/volumes/extra_settings_files.yaml.j2") | indent(width=8) | trim }}
|
|
{% if bundle_ca_crt %}
|
|
- name: "ca-trust-extracted"
|
|
emptyDir: {}
|
|
- name: "{{ ansible_operator_meta.name }}-bundle-cacert"
|
|
secret:
|
|
secretName: "{{ bundle_cacert_secret }}"
|
|
items:
|
|
- key: bundle-ca.crt
|
|
path: 'bundle-ca.crt'
|
|
{% endif %}
|
|
{% if development_mode | bool %}
|
|
- name: awx-devel
|
|
hostPath:
|
|
path: /awx_devel
|
|
{% endif %}
|
|
dnsPolicy: ClusterFirst
|
|
restartPolicy: Never
|
|
terminationGracePeriodSeconds: 30
|