From 5e8f58edfa70fcd3359388115f82ea565903b4f8 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Mon, 12 Aug 2024 23:00:09 +0200 Subject: [PATCH] update operator, add backup script and kustomization file for updating --- README.md | 4 + backup.yaml | 8 + build/operator.yaml | 3280 +++++++++++++++++++++++++++++++++++++++++++ kustomization.yaml | 13 + manifest.yaml | 1 + 5 files changed, 3306 insertions(+) create mode 100644 backup.yaml create mode 100644 build/operator.yaml create mode 100644 kustomization.yaml diff --git a/README.md b/README.md index e69de29..7a01e9e 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,4 @@ +to update the operator change the values in the kustomization file and then run: +``` +kubectl kustomize -o build/operator.yaml +``` \ No newline at end of file diff --git a/backup.yaml b/backup.yaml new file mode 100644 index 0000000..893be33 --- /dev/null +++ b/backup.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: awx.ansible.com/v1beta1 +kind: AWXBackup +metadata: + name: awxbackup-2024-08 + namespace: awx +spec: + deployment_name: awx-aaron \ No newline at end of file diff --git a/build/operator.yaml b/build/operator.yaml new file mode 100644 index 0000000..7fc7c29 --- /dev/null +++ b/build/operator.yaml @@ -0,0 +1,3280 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: awx +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awxbackups.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWXBackup + listKind: AWXBackupList + plural: awxbackups + singular: awxbackup + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Schema validation for the AWXBackup CRD + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additional_labels: + description: Additional labels defined on the resource, which should + be propagated to child resources + items: + type: string + type: array + backup_pvc: + description: Name of the backup PVC + type: string + backup_pvc_namespace: + description: (Deprecated) Namespace the PVC is in + type: string + backup_resource_requirements: + description: Resource requirements for the management pod used to + create a backup + properties: + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object + backup_storage_class: + description: Storage class to use when creating PVC for backup + type: string + backup_storage_requirements: + description: Storage requirements for backup PVC (may be similar to + existing postgres PVC backing up from) + type: string + clean_backup_on_delete: + description: Flag to indicate if backup should be deleted on PVC if + AWXBackup object is deleted + type: boolean + db_management_pod_node_selector: + description: nodeSelector for the Postgres pods to backup + type: string + deployment_name: + description: Name of the deployment to be backed up + type: string + image_pull_policy: + default: IfNotPresent + description: The image pull policy + enum: + - Always + - always + - Never + - never + - IfNotPresent + - ifnotpresent + type: string + no_log: + default: true + description: Configure no_log for no_log tasks + type: boolean + pg_dump_suffix: + description: Additional parameters for the pg_dump command + type: string + postgres_image: + description: Registry path to the PostgreSQL container to use + type: string + postgres_image_version: + description: PostgreSQL container image version to use + type: string + postgres_label_selector: + description: Label selector used to identify postgres pod for backing + up data + type: string + precreate_partition_hours: + description: Number of hours worth of events table partitions to precreate + before backup to avoid pg_dump locks. + format: int32 + type: integer + set_self_labels: + default: true + description: Maintain some of the recommended `app.kubernetes.io/*` + labels on the resource (self) + type: boolean + required: + - deployment_name + type: object + x-kubernetes-preserve-unknown-fields: true + status: + properties: + backupClaim: + description: Backup persistent volume claim + type: string + backupDirectory: + description: Backup directory name on the specified pvc + type: string + conditions: + description: The resulting conditions when a Service Telemetry is + instantiated + items: + properties: + lastTransitionTime: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awxmeshingresses.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWXMeshIngress + listKind: AWXMeshIngressList + plural: awxmeshingresses + singular: awxmeshingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AWXMeshIngress is the Schema for the awxmeshingresses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of AWXMeshIngress + properties: + affinity: + description: Scheduling constraints to apply to the Pod definition + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + deployment_name: + description: Name of the AWX deployment to create the Mesh Ingress + for. + type: string + external_hostname: + description: External hostname to use for the Mesh Ingress. + type: string + external_ipaddress: + description: External IP address to use for the Mesh Ingress. + type: string + image_pull_secrets: + description: Image pull secrets for Mesh Ingress containers. + items: + type: string + type: array + ingress_annotations: + description: Annotations to add to the Ingress Controller + type: string + ingress_api_version: + description: The Ingress API version to use + type: string + ingress_class_name: + description: The name of ingress class to use instead of the cluster + default. + type: string + ingress_controller: + description: Special configuration for specific Ingress Controllers + type: string + ingress_type: + description: The ingress type to use to reach the deployed instance + enum: + - none + - Ingress + - ingress + - IngressRouteTCP + - ingressroutetcp + - Route + - route + type: string + node_selector: + description: Assign the Mesh Ingress Pod to the specified node. + type: string + tolerations: + description: Scheduling tolerations for the Mesh Ingress instance. + type: string + topology_spread_constraints: + description: Topology spread constraints for the Mesh Ingress instance. + type: string + required: + - deployment_name + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of AWXMeshIngress + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awxrestores.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWXRestore + listKind: AWXRestoreList + plural: awxrestores + singular: awxrestore + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Schema validation for the AWXRestore CRD + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additional_labels: + description: Additional labels defined on the resource, which should + be propagated to child resources + items: + type: string + type: array + backup_dir: + description: Backup directory name, set as a status found on the awxbackup + object (backupDirectory) + type: string + backup_name: + description: AWXBackup object name + type: string + backup_pvc: + description: Name of the PVC to be restored from, set as a status + found on the awxbackup object (backupClaim) + type: string + backup_pvc_namespace: + description: (Deprecated) Namespace the PVC is in + type: string + backup_source: + description: Backup source + enum: + - Backup CR + - PVC + type: string + cluster_name: + description: Cluster name + type: string + db_management_pod_node_selector: + description: nodeSelector for the Postgres pods to backup + type: string + deployment_name: + description: Name of the restored deployment. This should be different + from the original deployment name if the original deployment still + exists. + type: string + force_drop_db: + default: false + description: Force drop the database before restoring. USE WITH CAUTION! + type: boolean + image_pull_policy: + default: IfNotPresent + description: The image pull policy + enum: + - Always + - always + - Never + - never + - IfNotPresent + - ifnotpresent + type: string + no_log: + default: true + description: Configure no_log for no_log tasks + type: boolean + postgres_image: + description: Registry path to the PostgreSQL container to use + type: string + postgres_image_version: + description: PostgreSQL container image version to use + type: string + postgres_label_selector: + description: Label selector used to identify postgres pod for backing + up data + type: string + restore_resource_requirements: + description: Resource requirements for the management pod that restores + AWX from a backup + properties: + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object + set_self_labels: + default: true + description: Maintain some of the recommended `app.kubernetes.io/*` + labels on the resource (self) + type: boolean + spec_overrides: + description: Overrides for the AWX spec + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - deployment_name + type: object + x-kubernetes-preserve-unknown-fields: true + status: + properties: + conditions: + description: The resulting conditions when a Service Telemetry is + instantiated + items: + properties: + lastTransitionTime: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + restoreComplete: + description: Restore process complete + type: boolean + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awxs.awx.ansible.com +spec: + group: awx.ansible.com + names: + kind: AWX + listKind: AWXList + plural: awxs + singular: awx + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Schema validation for the AWX CRD + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additional_labels: + description: Additional labels defined on the resource, which should + be propagated to child resources + items: + type: string + type: array + admin_email: + description: The admin user email + type: string + admin_password_secret: + description: Secret where the admin password can be found + maxLength: 255 + pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]{0,253}[a-zA-Z0-9]$ + type: string + admin_user: + default: admin + description: Username to use for the admin account + type: string + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + description: Common annotations for both Web and Task deployments. + type: string + api_urlpattern_prefix: + description: An optional configuration to add a prefix in the API + URL path + type: string + api_version: + description: apiVersion of the deployment type + type: string + auto_upgrade: + default: true + description: Should AWX instances be automatically upgraded when operator + gets upgraded + type: boolean + broadcast_websocket_secret: + description: Secret where the broadcast websocket secret can be found + maxLength: 255 + pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]{0,253}[a-zA-Z0-9]$ + type: string + bundle_cacert_secret: + description: Secret where can be found the trusted Certificate Authority + Bundle + type: string + ca_trust_bundle: + description: Path where the trusted CA bundle is available + type: string + control_plane_ee_image: + description: Registry path to the Execution Environment container + image to use on control plane pods + type: string + control_plane_priority_class: + description: Assign a preexisting priority class to the control plane + pods + type: string + create_preload_data: + default: true + description: Whether or not to preload data upon instance creation + type: boolean + csrf_cookie_secure: + description: Set csrf cookie secure mode for web + type: string + deployment_type: + description: Name of the deployment type + type: string + development_mode: + description: If the deployment should be done in development mode + type: boolean + ee_extra_env: + type: string + ee_extra_volume_mounts: + description: Specify volume mounts to be added to Execution container + type: string + ee_images: + description: Registry path to the Execution Environment container + to use + items: + properties: + image: + type: string + name: + type: string + type: object + type: array + ee_pull_credentials_secret: + description: Secret where pull credentials for registered ees can + be found + type: string + ee_resource_requirements: + description: Resource requirements for the ee container + properties: + limits: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + extra_settings: + description: Extra settings to specify for AWX + items: + properties: + setting: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + extra_settings_files: + description: Extra ConfigMaps or Secrets of settings files to specify + for AWX + properties: + configmaps: + items: + properties: + key: + type: string + name: + type: string + type: object + type: array + secrets: + items: + properties: + key: + type: string + name: + type: string + type: object + type: array + type: object + extra_volumes: + description: Specify extra volumes to add to the application pod + type: string + garbage_collect_secrets: + default: false + description: Whether or not to remove secrets upon instance removal + type: boolean + host_aliases: + description: HostAliases for app containers + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostname: + description: (Deprecated) The hostname of the instance + type: string + image: + description: Registry path to the application container to use + type: string + image_pull_policy: + default: IfNotPresent + description: The image pull policy + enum: + - Always + - always + - Never + - never + - IfNotPresent + - ifnotpresent + type: string + image_pull_secret: + description: (Deprecated) Image pull secret for app and database containers + type: string + image_pull_secrets: + description: Image pull secrets for app and database containers + items: + type: string + type: array + image_version: + description: Application container image version to use + type: string + ingress_annotations: + description: Annotations to add to the Ingress Controller + type: string + ingress_api_version: + description: The Ingress API version to use + type: string + ingress_class_name: + description: The name of ingress class to use instead of the cluster + default. + type: string + ingress_controller: + description: Special configuration for specific Ingress Controllers + type: string + ingress_hosts: + description: Ingress hostnames of the instance + items: + properties: + hostname: + description: Hostname of the instance + type: string + tls_secret: + description: Secret where the Ingress TLS secret can be found + type: string + type: object + type: array + ingress_path: + description: The ingress path used to reach the deployed service + type: string + ingress_path_type: + description: The ingress path type for the deployed service + type: string + ingress_tls_secret: + description: (Deprecated) Secret where the Ingress TLS secret can + be found + type: string + ingress_type: + description: The ingress type to use to reach the deployed instance + enum: + - none + - Ingress + - ingress + - Route + - route + type: string + init_container_extra_commands: + description: Extra commands for the init container + type: string + init_container_extra_volume_mounts: + description: Specify volume mounts to be added to the init container + type: string + init_container_image: + description: Registry path to the init container to use + type: string + init_container_image_version: + description: Init container image version to use + type: string + init_container_resource_requirements: + description: Resource requirements for the init container + properties: + limits: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + init_projects_container_image: + description: Registry path to the init projects container to use + type: string + ipv6_disabled: + default: false + description: Disable web container's nginx ipv6 listener + type: boolean + kind: + description: Kind of the deployment type + type: string + ldap_cacert_secret: + description: Secret where can be found the LDAP trusted Certificate + Authority Bundle + type: string + ldap_password_secret: + description: Secret where can be found the LDAP bind password + type: string + loadbalancer_class: + default: "" + description: Class of LoadBalancer to use + type: string + loadbalancer_ip: + default: "" + description: Assign LoadBalancer IP address + type: string + loadbalancer_port: + default: 80 + description: Port to use for the loadbalancer + type: integer + loadbalancer_protocol: + default: http + description: Protocol to use for the loadbalancer + enum: + - http + - https + type: string + metrics_utility_configmap: + description: Metrics-Utility ConfigMap + type: string + metrics_utility_console_enabled: + default: false + description: Enable metrics utility shipping to Red Hat Hybrid Cloud + Console + type: boolean + metrics_utility_cronjob_gather_schedule: + default: '@hourly' + description: Metrics-Utility Gather Data CronJob Schedule + type: string + metrics_utility_cronjob_report_schedule: + default: '@monthly' + description: Metrics-Utility Report CronJob Schedule + type: string + metrics_utility_enabled: + default: false + description: Enable metrics utility + type: boolean + metrics_utility_image: + description: Metrics-Utility Image + type: string + metrics_utility_image_pull_policy: + description: Metrics-Utility Image PullPolicy + type: string + metrics_utility_image_version: + description: Metrics-Utility Image Version + type: string + metrics_utility_pvc_claim: + description: Metrics-Utility PVC Claim + type: string + metrics_utility_pvc_claim_size: + default: 5Gi + description: Metrics-Utility PVC Claim Size + type: string + metrics_utility_pvc_claim_storage_class: + description: Metrics-Utility PVC Claim Storage Class + type: string + metrics_utility_secret: + description: Metrics-Utility Secret + type: string + metrics_utility_ship_target: + description: Metrics-Utility Ship Target + type: string + nginx_listen_queue_size: + description: Set the socket listen queue size for nginx (defaults + to same as uwsgi) + type: integer + nginx_worker_connections: + description: Set the number of connections per worker for nginx + type: integer + nginx_worker_cpu_affinity: + description: Set the CPU affinity for nginx workers + type: string + nginx_worker_processes: + description: Set the number of workers for nginx + type: integer + no_log: + default: true + description: Configure no_log for no_log tasks + type: boolean + node_selector: + description: nodeSelector for the pods + type: string + nodeport_port: + description: Port to use for the nodeport + type: integer + old_postgres_configuration_secret: + description: Secret where the old database configuration can be found + for data migration + maxLength: 255 + pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]{0,253}[a-zA-Z0-9]$ + type: string + postgres_configuration_secret: + description: Secret where the database configuration can be found + type: string + postgres_data_volume_init: + description: Sets permissions on the /var/lib/pgdata/data for postgres + container using an init container (not Openshift) + type: boolean + postgres_extra_args: + items: + type: string + type: array + postgres_extra_volume_mounts: + description: Specify volume mounts to be added to Postgres container + type: string + postgres_extra_volumes: + description: Specify extra volumes to add to the application pod + type: string + postgres_image: + description: Registry path to the PostgreSQL container to use + type: string + postgres_image_version: + description: PostgreSQL container image version to use + type: string + postgres_init_container_commands: + description: Customize the postgres init container commands (Non Openshift) + type: string + postgres_init_container_resource_requirements: + description: (Deprecated, use postgres_resource_requirements parameter) + Resource requirements for the postgres init container + properties: + limits: + properties: + cpu: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + postgres_keep_pvc_after_upgrade: + description: Specify whether or not to keep the old PVC after PostgreSQL + upgrades + type: boolean + postgres_keepalives: + default: true + description: Controls whether client-side TCP keepalives are used + for Postgres connections. + type: boolean + postgres_keepalives_count: + default: 5 + description: Controls the number of TCP keepalives that can be lost + before the client's connection to the server is considered dead. + format: int32 + type: integer + postgres_keepalives_idle: + default: 5 + description: Controls the number of seconds of inactivity after which + TCP should send a keepalive message to the server. + format: int32 + type: integer + postgres_keepalives_interval: + default: 5 + description: Controls the number of seconds after which a TCP keepalive + message that is not acknowledged by the server should be retransmitted. + format: int32 + type: integer + postgres_label_selector: + description: Label selector used to identify postgres pod for data + migration + type: string + postgres_priority_class: + description: Assign a preexisting priority class to the postgres pod + type: string + postgres_resource_requirements: + description: Resource requirements for the PostgreSQL container + properties: + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object + postgres_security_context_settings: + description: Key/values that will be set under the pod-level securityContext + field + type: object + x-kubernetes-preserve-unknown-fields: true + postgres_selector: + description: nodeSelector for the Postgres pods + type: string + postgres_storage_class: + description: Storage class to use for the PostgreSQL PVC + type: string + postgres_storage_requirements: + description: Storage requirements for the PostgreSQL container + properties: + limits: + properties: + storage: + type: string + type: object + requests: + properties: + storage: + type: string + type: object + type: object + postgres_tolerations: + description: node tolerations for the Postgres pods + type: string + projects_existing_claim: + description: PersistentVolumeClaim to mount /var/lib/projects directory + type: string + projects_persistence: + default: false + description: Whether or not the /var/lib/projects directory will be + persistent + type: boolean + projects_storage_access_mode: + default: ReadWriteMany + description: AccessMode for the /var/lib/projects PersistentVolumeClaim + type: string + projects_storage_class: + description: Storage class for the /var/lib/projects PersistentVolumeClaim + type: string + projects_storage_size: + default: 8Gi + description: Size for the /var/lib/projects PersistentVolumeClaim + type: string + projects_use_existing_claim: + description: Using existing PersistentVolumeClaim + enum: + - _Yes_ + - _No_ + type: string + receptor_log_level: + description: Set log level of receptor service + type: string + redis_capabilities: + description: Redis container capabilities + items: + type: string + type: array + redis_image: + description: Registry path to the redis container to use + type: string + redis_image_version: + description: Redis container image version to use + type: string + redis_resource_requirements: + description: Resource requirements for the redis container + properties: + limits: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + replicas: + default: 1 + description: Number of instance replicas + format: int32 + type: integer + route_api_version: + description: The route API version to use + type: string + route_host: + description: The DNS to use to points to the instance + type: string + route_tls_secret: + description: Secret where the TLS related credentials are stored + type: string + route_tls_termination_mechanism: + default: Edge + description: The secure TLS termination mechanism to use + enum: + - Edge + - edge + - Passthrough + - passthrough + type: string + rsyslog_args: + items: + type: string + type: array + rsyslog_command: + items: + type: string + type: array + rsyslog_extra_env: + type: string + rsyslog_extra_volume_mounts: + description: Specify volume mounts to be added to the Rsyslog container + type: string + rsyslog_resource_requirements: + description: Resource requirements for the rsyslog container + properties: + limits: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + secret_key_secret: + description: Secret where the secret key can be found + maxLength: 255 + pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]{0,253}[a-zA-Z0-9]$ + type: string + security_context_settings: + description: Key/values that will be set under the pod-level securityContext + field + type: object + x-kubernetes-preserve-unknown-fields: true + service_account_annotations: + description: ServiceAccount annotations + type: string + service_annotations: + description: Annotations to add to the service + type: string + service_labels: + description: Additional labels to apply to the service + type: string + service_type: + description: The service type to be used on the deployed instance + enum: + - LoadBalancer + - loadbalancer + - ClusterIP + - clusterip + - NodePort + - nodeport + type: string + session_cookie_secure: + description: Set session cookie secure mode for web + type: string + set_self_labels: + default: true + description: Maintain some of the recommended `app.kubernetes.io/*` + labels on the resource (self) + type: boolean + task_affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + task_annotations: + description: Task deployment annotations. This will override the general + annotations parameter for the Task deployment. + type: string + task_args: + items: + type: string + type: array + task_command: + items: + type: string + type: array + task_extra_env: + type: string + task_extra_volume_mounts: + description: Specify volume mounts to be added to Task container + type: string + task_liveness_failure_threshold: + default: 3 + description: Number of consecutive failure events to identify failure + of task pod + format: int32 + type: integer + task_liveness_initial_delay: + default: 5 + description: Initial delay before starting liveness checks on task + pod + format: int32 + type: integer + task_liveness_period: + default: 0 + description: Time period in seconds between each liveness check for + the task pod + format: int32 + type: integer + task_liveness_timeout: + default: 1 + description: Number of seconds to wait for a probe response from task + pod + format: int32 + type: integer + task_manage_replicas: + default: true + description: Enables operator control of replicas count for the task + deployment when set to 'true' + type: boolean + task_node_selector: + description: nodeSelector for the task pods + type: string + task_privileged: + default: false + description: If a privileged security context should be enabled + type: boolean + task_readiness_failure_threshold: + default: 3 + description: Number of consecutive failure events to identify failure + of task pod + format: int32 + type: integer + task_readiness_initial_delay: + default: 20 + description: Initial delay before starting readiness checks on task + pod + format: int32 + type: integer + task_readiness_period: + default: 0 + description: Time period in seconds between each readiness check for + the task pod + format: int32 + type: integer + task_readiness_timeout: + default: 1 + description: Number of seconds to wait for a probe response from task + pod + format: int32 + type: integer + task_replicas: + description: Number of task instance replicas + format: int32 + type: integer + task_resource_requirements: + description: Resource requirements for the task container + properties: + limits: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + task_tolerations: + description: node tolerations for the task pods + type: string + task_topology_spread_constraints: + description: topology rule(s) for the task pods + type: string + termination_grace_period_seconds: + description: Optional duration in seconds pods needs to terminate + gracefully + format: int32 + type: integer + tolerations: + description: node tolerations for the pods + type: string + topology_spread_constraints: + description: topology rule(s) for the pods + type: string + uwsgi_listen_queue_size: + description: Set the socket listen queue size for uwsgi + type: integer + uwsgi_processes: + description: Set the number of uwsgi processes to run in a web container + type: integer + web_affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + web_annotations: + description: Web deployment annotations. This will override the general + annotations parameter for the Web deployment. + type: string + web_args: + items: + type: string + type: array + web_command: + items: + type: string + type: array + web_extra_env: + type: string + web_extra_volume_mounts: + description: Specify volume mounts to be added to the Web container + type: string + web_liveness_failure_threshold: + default: 3 + description: Number of consecutive failure events to identify failure + of web pod + format: int32 + type: integer + web_liveness_initial_delay: + default: 5 + description: Initial delay before starting liveness checks on web + pod + format: int32 + type: integer + web_liveness_period: + default: 0 + description: Time period in seconds between each liveness check for + the web pod + format: int32 + type: integer + web_liveness_timeout: + default: 1 + description: Number of seconds to wait for a probe response from web + pod + format: int32 + type: integer + web_manage_replicas: + default: true + description: Enables operator control of replicas count for the web + deployment when set to 'true' + type: boolean + web_node_selector: + description: nodeSelector for the web pods + type: string + web_readiness_failure_threshold: + default: 3 + description: Number of consecutive failure events to identify failure + of web pod + format: int32 + type: integer + web_readiness_initial_delay: + default: 20 + description: Initial delay before starting readiness checks on web + pod + format: int32 + type: integer + web_readiness_period: + default: 0 + description: Time period in seconds between each readiness check for + the web pod + format: int32 + type: integer + web_readiness_timeout: + default: 1 + description: Number of seconds to wait for a probe response from web + pod + format: int32 + type: integer + web_replicas: + description: Number of web instance replicas + format: int32 + type: integer + web_resource_requirements: + description: Resource requirements for the web container + properties: + limits: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + requests: + properties: + cpu: + type: string + ephemeral-storage: + type: string + memory: + type: string + storage: + type: string + type: object + type: object + web_tolerations: + description: node tolerations for the web pods + type: string + web_topology_spread_constraints: + description: topology rule(s) for the web pods + type: string + type: object + status: + properties: + URL: + description: URL to access the deployed instance + type: string + adminPasswordSecret: + description: Admin password secret name of the deployed instance + type: string + adminUser: + description: Admin user of the deployed instance + type: string + broadcastWebsocketSecret: + description: Broadcast websocket secret name of the deployed instance + type: string + conditions: + description: The resulting conditions when a Service Telemetry is + instantiated + items: + properties: + lastTransitionTime: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + image: + description: URL of the image used for the deployed instance + type: string + migratedFromSecret: + description: The secret used for migrating an old instance + type: string + postgresConfigurationSecret: + description: Postgres Configuration secret name of the deployed instance + type: string + secretKeySecret: + description: Secret key secret name of the deployed instance + type: string + upgradedPostgresVersion: + description: Status to indicate that the database has been upgraded + to the version in the status + type: string + version: + description: Version of the deployed instance + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: awx-operator-controller-manager + namespace: awx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: awx-operator-awx-manager-role + namespace: awx +rules: +- apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - create + - delete + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - get + - list + - create + - delete + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - create + - delete + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list + - create + - delete + - patch + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - create + - delete + - patch + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - create + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/scale + - statefulsets/scale + verbs: + - patch +- apiGroups: + - "" + resources: + - pods/exec + - pods/attach + - pods/log + verbs: + - create + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - create +- apiGroups: + - awx.ansible.com + resources: + - '*' + - awxbackups + - awxrestores + verbs: + - '*' +- apiGroups: + - traefik.containo.us + - traefik.io + resources: + - ingressroutetcps + verbs: + - get + - list + - create + - delete + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: awx-operator-leader-election-role + namespace: awx +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awx-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: awx-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: awx-operator-awx-manager-rolebinding + namespace: awx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: awx-operator-awx-manager-role +subjects: +- kind: ServiceAccount + name: awx-operator-controller-manager + namespace: awx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: awx-operator-leader-election-rolebinding + namespace: awx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: awx-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: awx-operator-controller-manager + namespace: awx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: awx-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: awx-operator-proxy-role +subjects: +- kind: ServiceAccount + name: awx-operator-controller-manager + namespace: awx +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :6789 + metrics: + bindAddress: 127.0.0.1:8080 + + leaderElection: + leaderElect: true + resourceName: 811c9dc5.ansible.com + # leaderElectionReleaseOnCancel defines if the leader should step down volume + # when the Manager ends. This requires the binary to immediately end when the + # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + # speeds up voluntary leader transitions as the new leader don't have to wait + # LeaseDuration time first. + # In the default scaffold provided, the program ends immediately after + # the manager stops, so would be fine to enable this option. However, + # if you are doing or is intended to do any operation such as perform cleanups + # after the manager stops then its usage might be unsafe. + # leaderElectionReleaseOnCancel: true +kind: ConfigMap +metadata: + name: awx-operator-awx-manager-config + namespace: awx +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: awx-operator-controller-manager-metrics-service + namespace: awx +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: awx-operator-controller-manager + namespace: awx +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: awx-manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:6789 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=awx-operator + env: + - name: ANSIBLE_GATHERING + value: explicit + - name: ANSIBLE_DEBUG_LOGS + value: "false" + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/ansible/awx-operator:2.19.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + name: awx-manager + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 1500m + memory: 960Mi + requests: + cpu: 50m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + imagePullSecrets: + - name: redhat-operators-pull-secret + securityContext: + runAsNonRoot: true + serviceAccountName: awx-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..8b4a645 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # Find the latest tag here: https://github.com/ansible/awx-operator/releases + - github.com/ansible/awx-operator/config/default?ref=2.19.1 + +# Set the image tags to match the git version from above +images: + - name: quay.io/ansible/awx-operator + newTag: 2.19.1 + +# Specify a custom namespace in which to install AWX +namespace: awx \ No newline at end of file diff --git a/manifest.yaml b/manifest.yaml index 6cfcfb5..0f8a97d 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -5,6 +5,7 @@ metadata: name: awx-aaron namespace: awx spec: + postgres_data_volume_init: true ingress_type: ingress ingress_hosts: - hostname: awx-aaron.apps.yolokube.de