From 136b2c47f8c12d8b1dca0b91bab041771bb9bfbb Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 7 Apr 2021 17:20:04 -0400 Subject: [PATCH 1/4] Remove unnecessary variables from molecule CR --- deploy/crds/awx_v1beta1_molecule.yaml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/deploy/crds/awx_v1beta1_molecule.yaml b/deploy/crds/awx_v1beta1_molecule.yaml index 6f4b69a08..f81db42b2 100644 --- a/deploy/crds/awx_v1beta1_molecule.yaml +++ b/deploy/crds/awx_v1beta1_molecule.yaml @@ -7,28 +7,11 @@ metadata: spec: deployment_type: awx tower_ingress_type: ingress - tower_task_privileged: false - - tower_admin_email: test@example.com - - tower_image: quay.io/ansible/awx:18.0.0 - tower_web_resource_requirements: requests: cpu: 500m memory: 128M - tower_task_resource_requirements: requests: cpu: 500m memory: 128M - - tower_create_preload_data: true - - tower_memcached_image: memcached:alpine - - tower_redis_image: redis:latest - - tower_postgres_pass: awxpass - tower_postgres_image: postgres:12 - tower_postgres_storage_class: '' From aa03a7f26893305aeb7f11ad428cdf64fce06e7c Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 7 Apr 2021 17:20:52 -0400 Subject: [PATCH 2/4] Ensure CRD exists before deploying Operator --- ansible/templates/awx-operator.yaml.j2 | 4 +- deploy/awx-operator.yaml | 298 ++++++++++++------------- 2 files changed, 151 insertions(+), 151 deletions(-) diff --git a/ansible/templates/awx-operator.yaml.j2 b/ansible/templates/awx-operator.yaml.j2 index 18ab68935..6d1364ba1 100644 --- a/ansible/templates/awx-operator.yaml.j2 +++ b/ansible/templates/awx-operator.yaml.j2 @@ -1,6 +1,8 @@ #jinja2: trim_blocks:False # This file is generated by Ansible. Changes will be lost. # Update templates under ansible/templates/ +{% include 'crd.yml.j2' %} + {% include 'role.yml.j2' %} {% include 'role_binding.yml.j2' %} @@ -8,5 +10,3 @@ {% include 'service_account.yml.j2' %} {% include 'operator.yml.j2' %} - -{% include 'crd.yml.j2' %} diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index 63f171405..d07913c09 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -1,154 +1,5 @@ # This file is generated by Ansible. Changes will be lost. # Update templates under ansible/templates/ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: awx-operator -rules: - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - '*' - - apiGroups: - - "" - - "rbac.authorization.k8s.io" - resources: - - pods - - services - - services/finalizers - - serviceaccounts - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - roles - - rolebindings - verbs: - - '*' - - apiGroups: - - apps - - extensions - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - - ingresses - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - apiGroups: - - apps - resourceNames: - - awx-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/scale - verbs: - - patch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - apiGroups: - - awx.ansible.com - resources: - - '*' - verbs: - - '*' - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: awx-operator -subjects: - - kind: ServiceAccount - name: awx-operator - namespace: default -roleRef: - kind: ClusterRole - name: awx-operator - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: awx-operator - namespace: default - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: awx-operator -spec: - replicas: 1 - selector: - matchLabels: - name: awx-operator - template: - metadata: - labels: - name: awx-operator - spec: - serviceAccountName: awx-operator - containers: - - name: awx-operator - image: "quay.io/ansible/awx-operator:0.7.0" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - # Watch all namespaces (cluster-scoped). - - name: WATCH_NAMESPACE - value: "" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: awx-operator - - name: ANSIBLE_GATHERING - value: explicit - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - volumes: - - name: runner - emptyDir: {} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -473,3 +324,152 @@ spec: type: array type: object type: object + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: awx-operator +rules: + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - "" + - "rbac.authorization.k8s.io" + resources: + - pods + - services + - services/finalizers + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - apps + - extensions + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + - ingresses + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - awx-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resources: + - deployments/scale + verbs: + - patch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - awx.ansible.com + resources: + - '*' + verbs: + - '*' + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: awx-operator +subjects: + - kind: ServiceAccount + name: awx-operator + namespace: default +roleRef: + kind: ClusterRole + name: awx-operator + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: awx-operator + namespace: default + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: awx-operator +spec: + replicas: 1 + selector: + matchLabels: + name: awx-operator + template: + metadata: + labels: + name: awx-operator + spec: + serviceAccountName: awx-operator + containers: + - name: awx-operator + image: "quay.io/shanemcd/awx-operator:0.7.1" + imagePullPolicy: "Always" + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + env: + # Watch all namespaces (cluster-scoped). + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: awx-operator + - name: ANSIBLE_GATHERING + value: explicit + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + volumes: + - name: runner + emptyDir: {} From f6b7a32a33daf7585822e186b66c061b82e401d3 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 7 Apr 2021 17:23:59 -0400 Subject: [PATCH 3/4] Bump version --- ansible/group_vars/all | 2 +- deploy/awx-operator.yaml | 2 +- roles/installer/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/group_vars/all b/ansible/group_vars/all index 033482281..cc78b7603 100644 --- a/ansible/group_vars/all +++ b/ansible/group_vars/all @@ -1,3 +1,3 @@ operator_image: quay.io/ansible/awx-operator -operator_version: 0.7.0 +operator_version: 0.8.0 pull_policy: Always diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml index d07913c09..60d4b34c9 100644 --- a/deploy/awx-operator.yaml +++ b/deploy/awx-operator.yaml @@ -447,7 +447,7 @@ spec: serviceAccountName: awx-operator containers: - name: awx-operator - image: "quay.io/shanemcd/awx-operator:0.7.1" + image: "quay.io/ansible/awx-operator:0.8.0" imagePullPolicy: "Always" volumeMounts: - mountPath: /tmp/ansible-operator/runner diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml index 32f4bb0b6..108bee84c 100644 --- a/roles/installer/defaults/main.yml +++ b/roles/installer/defaults/main.yml @@ -81,7 +81,7 @@ tower_extra_volumes: '' # Use these image versions for Ansible AWX. -tower_image: quay.io/ansible/awx:18.0.0 +tower_image: quay.io/ansible/awx:19.0.0 tower_image_pull_policy: IfNotPresent tower_image_pull_secret: '' From 1c9173f48ab15603ff351bac5e5338e2d6d95878 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Wed, 7 Apr 2021 17:24:14 -0400 Subject: [PATCH 4/4] Regenerate OLM metadata --- bundle.Dockerfile | 2 +- .../awx-operator.clusterserviceversion.yaml | 24 +++------ .../manifests/awx.ansible.com_awxs_crd.yaml | 49 ++++++++++--------- 3 files changed, 34 insertions(+), 41 deletions(-) diff --git a/bundle.Dockerfile b/bundle.Dockerfile index f78084ba2..17fe97cdb 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -6,9 +6,9 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=awx-operator LABEL operators.operatorframework.io.bundle.channels.v1=alpha LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.project_layout=ansible LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4 -LABEL operators.operatorframework.io.metrics.project_layout=ansible COPY deploy/olm-catalog/awx-operator/manifests /manifests/ COPY deploy/olm-catalog/awx-operator/metadata /metadata/ diff --git a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml index 3c0ef8366..5755c63ef 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml @@ -13,16 +13,7 @@ metadata: }, "spec": { "deployment_type": "awx", - "tower_admin_email": "test@example.com", - "tower_create_preload_data": true, - "tower_image": "quay.io/ansible/awx:18.0.0", "tower_ingress_type": "ingress", - "tower_memcached_image": "memcached:alpine", - "tower_postgres_image": "postgres:12", - "tower_postgres_pass": "awxpass", - "tower_postgres_storage_class": "", - "tower_redis_image": "redis:latest", - "tower_task_privileged": false, "tower_task_resource_requirements": { "requests": { "cpu": "500m", @@ -266,22 +257,23 @@ spec: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_ - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim - - displayName: Tower Projects Storage Class Name - description: Tower Projects Storage Class Name. If not present, the default storage class will be used. + - description: Tower Projects Storage Class Name. If not present, the default + storage class will be used. + displayName: Tower Projects Storage Class Name path: tower_projects_storage_class x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Tower Projects Storage Size - description: Tower Projects Storage Size + - description: Tower Projects Storage Size + displayName: Tower Projects Storage Size path: tower_projects_storage_size x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_ - urn:alm:descriptor:com.tectonic.ui:text - - displayName: Tower Projects Storage Access Mode - description: Tower Projects Storage Access Mode + - description: Tower Projects Storage Access Mode + displayName: Tower Projects Storage Access Mode path: tower_projects_storage_access_mode x-descriptors: - urn:alm:descriptor:com.tectonic.ui:advanced @@ -476,7 +468,7 @@ spec: value: awx-operator - name: ANSIBLE_GATHERING value: explicit - image: quay.io/ansible/awx-operator:0.7.0 + image: quay.io/ansible/awx-operator:0.8.0 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml index df5062603..00bf9aedb 100644 --- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml +++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml @@ -32,30 +32,6 @@ spec: description: Secret where can be found the LDAP trusted Certificate Authority Bundle type: string - tower_projects_persistence: - description: Whether or not the /var/lib/projects directory will be persistent - default: false - type: boolean - tower_projects_use_existing_claim: - description: Using existing PersistentVolumeClaim - type: string - enum: - - _Yes_ - - _No_ - tower_projects_existing_claim: - description: PersistentVolumeClaim to mount /var/lib/projects directory - type: string - tower_projects_storage_class: - description: Storage class for the /var/lib/projects PersistentVolumeClaim - type: string - tower_projects_storage_size: - description: Size for the /var/lib/projects PersistentVolumeClaim - default: 8Gi - type: string - tower_projects_storage_access_mode: - description: AccessMode for the /var/lib/projects PersistentVolumeClaim - default: ReadWriteMany - type: string tower_admin_email: description: The admin user email type: string @@ -183,6 +159,31 @@ spec: tower_postgres_storage_class: description: Storage class to use for the PostgreSQL PVC type: string + tower_projects_existing_claim: + description: PersistentVolumeClaim to mount /var/lib/projects directory + type: string + tower_projects_persistence: + default: false + description: Whether or not the /var/lib/projects directory will be + persistent + type: boolean + tower_projects_storage_access_mode: + default: ReadWriteMany + description: AccessMode for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_storage_class: + description: Storage class for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_storage_size: + default: 8Gi + description: Size for the /var/lib/projects PersistentVolumeClaim + type: string + tower_projects_use_existing_claim: + description: Using existing PersistentVolumeClaim + enum: + - _Yes_ + - _No_ + type: string tower_redis_image: description: Registry path to the redis container to use type: string