|
|
@@ -1,531 +0,0 @@
|
|
|
-# This file is generated by Ansible. Changes will be lost.
|
|
|
-# Update templates under ansible/templates/
|
|
|
----
|
|
|
-apiVersion: apiextensions.k8s.io/v1
|
|
|
-kind: CustomResourceDefinition
|
|
|
-metadata:
|
|
|
- name: awxs.awx.ansible.com
|
|
|
- namespace: awx
|
|
|
-spec:
|
|
|
- group: awx.ansible.com
|
|
|
- names:
|
|
|
- kind: AWX
|
|
|
- listKind: AWXList
|
|
|
- plural: awxs
|
|
|
- singular: awx
|
|
|
- scope: Namespaced
|
|
|
- versions:
|
|
|
- - name: v1beta1
|
|
|
- served: true
|
|
|
- storage: true
|
|
|
- subresources:
|
|
|
- status: {}
|
|
|
- schema:
|
|
|
- openAPIV3Schema:
|
|
|
- description: Schema validation for the AWX CRD
|
|
|
- properties:
|
|
|
- spec:
|
|
|
- properties:
|
|
|
- deployment_type:
|
|
|
- description: Name of the deployment type
|
|
|
- type: string
|
|
|
- default: awx
|
|
|
- kind:
|
|
|
- description: Kind of the deployment type
|
|
|
- type: string
|
|
|
- default: AWX
|
|
|
- api_version:
|
|
|
- description: apiVersion of the deployment type
|
|
|
- type: string
|
|
|
- default: awx.ansible.com/v1beta1
|
|
|
- tower_task_privileged:
|
|
|
- description: If a privileged security context should be enabled
|
|
|
- type: boolean
|
|
|
- default: false
|
|
|
- tower_admin_user:
|
|
|
- description: Username to use for the admin account
|
|
|
- type: string
|
|
|
- default: admin
|
|
|
- tower_hostname:
|
|
|
- description: The hostname of the instance
|
|
|
- type: string
|
|
|
- tower_admin_email:
|
|
|
- description: The admin user email
|
|
|
- type: string
|
|
|
- tower_admin_password_secret:
|
|
|
- description: Secret where the admin password can be found
|
|
|
- type: string
|
|
|
- tower_postgres_configuration_secret:
|
|
|
- description: Secret where the database configuration can be found
|
|
|
- type: string
|
|
|
- tower_old_postgres_configuration_secret:
|
|
|
- description: Secret where the old database configuration can be found for data migration
|
|
|
- type: string
|
|
|
- tower_secret_key_secret:
|
|
|
- description: Secret where the secret key can be found
|
|
|
- type: string
|
|
|
- tower_broadcast_websocket_secret:
|
|
|
- description: Secret where the broadcast websocket secret can be found
|
|
|
- type: string
|
|
|
- tower_extra_volumes:
|
|
|
- description: Specify extra volumes to add to the application pod
|
|
|
- type: string
|
|
|
- tower_ingress_type:
|
|
|
- description: The ingress type to use to reach the deployed instance
|
|
|
- type: string
|
|
|
- enum:
|
|
|
- - none
|
|
|
- - Ingress
|
|
|
- - ingress
|
|
|
- - Route
|
|
|
- - route
|
|
|
- - LoadBalancer
|
|
|
- - loadbalancer
|
|
|
- - NodePort
|
|
|
- - nodeport
|
|
|
- tower_ingress_annotations:
|
|
|
- description: Annotations to add to the ingress
|
|
|
- type: string
|
|
|
- tower_ingress_tls_secret:
|
|
|
- description: Secret where the ingress TLS secret can be found
|
|
|
- type: string
|
|
|
- tower_loadbalancer_annotations:
|
|
|
- description: Annotations to add to the loadbalancer
|
|
|
- type: string
|
|
|
- tower_loadbalancer_protocol:
|
|
|
- description: Protocol to use for the loadbalancer
|
|
|
- type: string
|
|
|
- default: http
|
|
|
- enum:
|
|
|
- - http
|
|
|
- - https
|
|
|
- tower_loadbalancer_port:
|
|
|
- description: Port to use for the loadbalancer
|
|
|
- type: integer
|
|
|
- default: 80
|
|
|
- tower_route_host:
|
|
|
- description: The DNS to use to points to the instance
|
|
|
- type: string
|
|
|
- tower_route_tls_termination_mechanism:
|
|
|
- description: The secure TLS termination mechanism to use
|
|
|
- type: string
|
|
|
- default: Edge
|
|
|
- enum:
|
|
|
- - Edge
|
|
|
- - edge
|
|
|
- - Passthrough
|
|
|
- - passthrough
|
|
|
- tower_route_tls_secret:
|
|
|
- description: Secret where the TLS related credentials are stored
|
|
|
- type: string
|
|
|
- tower_node_selector:
|
|
|
- description: nodeSelector for the AWX pods
|
|
|
- type: string
|
|
|
- tower_tolerations:
|
|
|
- description: node tolerations for the AWX pods
|
|
|
- type: string
|
|
|
- tower_image:
|
|
|
- description: Registry path to the application container to use
|
|
|
- type: string
|
|
|
- tower_image_version:
|
|
|
- description: Application container image version to use
|
|
|
- type: string
|
|
|
- tower_ee_images:
|
|
|
- description: Registry path to the Execution Environment container to use
|
|
|
- type: array
|
|
|
- items:
|
|
|
- type: object
|
|
|
- properties:
|
|
|
- name:
|
|
|
- type: string
|
|
|
- image:
|
|
|
- type: string
|
|
|
- tower_image_pull_policy:
|
|
|
- description: The image pull policy
|
|
|
- type: string
|
|
|
- default: IfNotPresent
|
|
|
- enum:
|
|
|
- - Always
|
|
|
- - always
|
|
|
- - Never
|
|
|
- - never
|
|
|
- - IfNotPresent
|
|
|
- - ifnotpresent
|
|
|
- tower_image_pull_secret:
|
|
|
- description: The image pull secret
|
|
|
- type: string
|
|
|
- tower_task_resource_requirements:
|
|
|
- description: Resource requirements for the task container
|
|
|
- properties:
|
|
|
- requests:
|
|
|
- properties:
|
|
|
- cpu:
|
|
|
- type: string
|
|
|
- memory:
|
|
|
- type: string
|
|
|
- storage:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- limits:
|
|
|
- properties:
|
|
|
- cpu:
|
|
|
- type: string
|
|
|
- memory:
|
|
|
- type: string
|
|
|
- storage:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- type: object
|
|
|
- tower_web_resource_requirements:
|
|
|
- description: Resource requirements for the web container
|
|
|
- properties:
|
|
|
- requests:
|
|
|
- properties:
|
|
|
- cpu:
|
|
|
- type: string
|
|
|
- memory:
|
|
|
- type: string
|
|
|
- storage:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- limits:
|
|
|
- properties:
|
|
|
- cpu:
|
|
|
- type: string
|
|
|
- memory:
|
|
|
- type: string
|
|
|
- storage:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- type: object
|
|
|
- tower_replicas:
|
|
|
- description: Number of instance replicas
|
|
|
- type: integer
|
|
|
- default: 1
|
|
|
- format: int32
|
|
|
- tower_garbage_collect_secrets:
|
|
|
- description: Whether or not to remove secrets upon instance removal
|
|
|
- default: false
|
|
|
- type: boolean
|
|
|
- tower_create_preload_data:
|
|
|
- description: Whether or not to preload data upon Tower instance creation
|
|
|
- default: true
|
|
|
- type: boolean
|
|
|
- tower_task_args:
|
|
|
- type: array
|
|
|
- items:
|
|
|
- type: string
|
|
|
- tower_task_command:
|
|
|
- type: array
|
|
|
- items:
|
|
|
- type: string
|
|
|
- tower_web_args:
|
|
|
- type: array
|
|
|
- items:
|
|
|
- type: string
|
|
|
- tower_web_command:
|
|
|
- type: array
|
|
|
- items:
|
|
|
- type: string
|
|
|
- tower_task_extra_env:
|
|
|
- type: string
|
|
|
- tower_web_extra_env:
|
|
|
- type: string
|
|
|
- tower_ee_extra_volume_mounts:
|
|
|
- description: Specify volume mounts to be added to Execution container
|
|
|
- type: string
|
|
|
- tower_task_extra_volume_mounts:
|
|
|
- description: Specify volume mounts to be added to Task container
|
|
|
- type: string
|
|
|
- tower_web_extra_volume_mounts:
|
|
|
- description: Specify volume mounts to be added to the Web container
|
|
|
- type: string
|
|
|
- tower_redis_image:
|
|
|
- description: Registry path to the redis container to use
|
|
|
- type: string
|
|
|
- tower_redis_image_version:
|
|
|
- description: Redis container image version to use
|
|
|
- type: string
|
|
|
- tower_postgres_image:
|
|
|
- description: Registry path to the PostgreSQL container to use
|
|
|
- type: string
|
|
|
- tower_postgres_image_version:
|
|
|
- description: PostgreSQL container image version to use
|
|
|
- type: string
|
|
|
- tower_postgres_selector:
|
|
|
- description: nodeSelector for the Postgres pods
|
|
|
- type: string
|
|
|
- tower_postgres_tolerations:
|
|
|
- description: node tolerations for the Postgres pods
|
|
|
- type: string
|
|
|
- tower_postgres_storage_requirements:
|
|
|
- description: Storage requirements for the PostgreSQL container
|
|
|
- properties:
|
|
|
- requests:
|
|
|
- properties:
|
|
|
- storage:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- limits:
|
|
|
- properties:
|
|
|
- storage:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- type: object
|
|
|
- tower_postgres_resource_requirements:
|
|
|
- description: Resource requirements for the PostgreSQL container
|
|
|
- properties:
|
|
|
- requests:
|
|
|
- properties:
|
|
|
- cpu:
|
|
|
- type: string
|
|
|
- memory:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- limits:
|
|
|
- properties:
|
|
|
- cpu:
|
|
|
- type: string
|
|
|
- memory:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- type: object
|
|
|
- tower_postgres_storage_class:
|
|
|
- description: Storage class to use for the PostgreSQL PVC
|
|
|
- type: string
|
|
|
- tower_postgres_data_path:
|
|
|
- description: Path where the PostgreSQL data are located
|
|
|
- type: string
|
|
|
- ca_trust_bundle:
|
|
|
- description: Path where the trusted CA bundle is available
|
|
|
- type: string
|
|
|
- development_mode:
|
|
|
- description: If the deployment should be done in development mode
|
|
|
- type: boolean
|
|
|
- ldap_cacert_secret:
|
|
|
- description: Secret where can be found the LDAP trusted Certificate Authority Bundle
|
|
|
- type: string
|
|
|
- tower_projects_persistence:
|
|
|
- description: Whether or not the /var/lib/projects directory will be persistent
|
|
|
- default: false
|
|
|
- type: boolean
|
|
|
- tower_projects_use_existing_claim:
|
|
|
- description: Using existing PersistentVolumeClaim
|
|
|
- type: string
|
|
|
- enum:
|
|
|
- - _Yes_
|
|
|
- - _No_
|
|
|
- tower_projects_existing_claim:
|
|
|
- description: PersistentVolumeClaim to mount /var/lib/projects directory
|
|
|
- type: string
|
|
|
- tower_projects_storage_class:
|
|
|
- description: Storage class for the /var/lib/projects PersistentVolumeClaim
|
|
|
- type: string
|
|
|
- tower_projects_storage_size:
|
|
|
- description: Size for the /var/lib/projects PersistentVolumeClaim
|
|
|
- default: 8Gi
|
|
|
- type: string
|
|
|
- tower_projects_storage_access_mode:
|
|
|
- description: AccessMode for the /var/lib/projects PersistentVolumeClaim
|
|
|
- default: ReadWriteMany
|
|
|
- type: string
|
|
|
- extra_settings:
|
|
|
- description: Extra settings to specify for the API
|
|
|
- items:
|
|
|
- properties:
|
|
|
- setting:
|
|
|
- type: string
|
|
|
- value:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- type: array
|
|
|
- type: object
|
|
|
- status:
|
|
|
- properties:
|
|
|
- towerURL:
|
|
|
- description: URL to access the deployed instance
|
|
|
- type: string
|
|
|
- towerAdminUser:
|
|
|
- description: Admin user of the deployed instance
|
|
|
- type: string
|
|
|
- towerAdminPasswordSecret:
|
|
|
- description: Admin password of the deployed instance
|
|
|
- type: string
|
|
|
- towerMigratedFromSecret:
|
|
|
- description: The secret used for migrating an old Tower.
|
|
|
- type: string
|
|
|
- towerVersion:
|
|
|
- description: Version of the deployed instance
|
|
|
- type: string
|
|
|
- towerImage:
|
|
|
- description: URL of the image used for the deployed instance
|
|
|
- type: string
|
|
|
- conditions:
|
|
|
- description: The resulting conditions when a Service Telemetry is instantiated
|
|
|
- items:
|
|
|
- properties:
|
|
|
- status:
|
|
|
- type: string
|
|
|
- type:
|
|
|
- type: string
|
|
|
- reason:
|
|
|
- type: string
|
|
|
- lastTransitionTime:
|
|
|
- type: string
|
|
|
- type: object
|
|
|
- type: array
|
|
|
- type: object
|
|
|
- type: object
|
|
|
-
|
|
|
----
|
|
|
-apiVersion: rbac.authorization.k8s.io/v1
|
|
|
-kind: ClusterRole
|
|
|
-metadata:
|
|
|
- creationTimestamp: null
|
|
|
- name: awx-operator
|
|
|
- namespace: awx
|
|
|
-rules:
|
|
|
- - apiGroups:
|
|
|
- - route.openshift.io
|
|
|
- resources:
|
|
|
- - routes
|
|
|
- - routes/custom-host
|
|
|
- verbs:
|
|
|
- - '*'
|
|
|
- - apiGroups:
|
|
|
- - ""
|
|
|
- - "rbac.authorization.k8s.io"
|
|
|
- resources:
|
|
|
- - pods
|
|
|
- - services
|
|
|
- - services/finalizers
|
|
|
- - serviceaccounts
|
|
|
- - endpoints
|
|
|
- - persistentvolumeclaims
|
|
|
- - events
|
|
|
- - configmaps
|
|
|
- - secrets
|
|
|
- - roles
|
|
|
- - rolebindings
|
|
|
- verbs:
|
|
|
- - '*'
|
|
|
- - apiGroups:
|
|
|
- - apps
|
|
|
- - extensions
|
|
|
- resources:
|
|
|
- - deployments
|
|
|
- - daemonsets
|
|
|
- - replicasets
|
|
|
- - statefulsets
|
|
|
- - ingresses
|
|
|
- verbs:
|
|
|
- - '*'
|
|
|
- - apiGroups:
|
|
|
- - monitoring.coreos.com
|
|
|
- resources:
|
|
|
- - servicemonitors
|
|
|
- verbs:
|
|
|
- - get
|
|
|
- - create
|
|
|
- - apiGroups:
|
|
|
- - apps
|
|
|
- resourceNames:
|
|
|
- - awx-operator
|
|
|
- resources:
|
|
|
- - deployments/finalizers
|
|
|
- verbs:
|
|
|
- - update
|
|
|
- - apiGroups:
|
|
|
- - apps
|
|
|
- resources:
|
|
|
- - deployments/scale
|
|
|
- - statefulsets/scale
|
|
|
- verbs:
|
|
|
- - patch
|
|
|
- - apiGroups:
|
|
|
- - ""
|
|
|
- resources:
|
|
|
- - pods/exec
|
|
|
- verbs:
|
|
|
- - create
|
|
|
- - get
|
|
|
- - apiGroups:
|
|
|
- - apps
|
|
|
- resources:
|
|
|
- - replicasets
|
|
|
- verbs:
|
|
|
- - get
|
|
|
- - apiGroups:
|
|
|
- - awx.ansible.com
|
|
|
- resources:
|
|
|
- - '*'
|
|
|
- verbs:
|
|
|
- - '*'
|
|
|
-
|
|
|
----
|
|
|
-kind: ClusterRoleBinding
|
|
|
-apiVersion: rbac.authorization.k8s.io/v1
|
|
|
-metadata:
|
|
|
- name: awx-operator
|
|
|
- namespace: awx
|
|
|
-subjects:
|
|
|
- - kind: ServiceAccount
|
|
|
- name: awx-operator
|
|
|
- namespace: awx
|
|
|
-roleRef:
|
|
|
- kind: ClusterRole
|
|
|
- name: awx-operator
|
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
|
-
|
|
|
----
|
|
|
-apiVersion: v1
|
|
|
-kind: ServiceAccount
|
|
|
-metadata:
|
|
|
- name: awx-operator
|
|
|
- namespace: awx
|
|
|
-
|
|
|
----
|
|
|
-apiVersion: apps/v1
|
|
|
-kind: Deployment
|
|
|
-metadata:
|
|
|
- name: awx-operator
|
|
|
- namespace: awx
|
|
|
-spec:
|
|
|
- replicas: 1
|
|
|
- selector:
|
|
|
- matchLabels:
|
|
|
- name: awx-operator
|
|
|
- template:
|
|
|
- metadata:
|
|
|
- labels:
|
|
|
- name: awx-operator
|
|
|
- spec:
|
|
|
- serviceAccountName: awx-operator
|
|
|
- containers:
|
|
|
- - name: awx-operator
|
|
|
- image: "quay.io/ansible/awx-operator:0.9.0"
|
|
|
- imagePullPolicy: "Always"
|
|
|
- volumeMounts:
|
|
|
- - mountPath: /tmp/ansible-operator/runner
|
|
|
- name: runner
|
|
|
- env:
|
|
|
- # Watch all namespaces (cluster-scoped).
|
|
|
- - name: WATCH_NAMESPACE
|
|
|
- value: ""
|
|
|
- - name: POD_NAME
|
|
|
- valueFrom:
|
|
|
- fieldRef:
|
|
|
- fieldPath: metadata.name
|
|
|
- - name: OPERATOR_NAME
|
|
|
- value: awx-operator
|
|
|
- - name: ANSIBLE_GATHERING
|
|
|
- value: explicit
|
|
|
- livenessProbe:
|
|
|
- httpGet:
|
|
|
- path: /healthz
|
|
|
- port: 6789
|
|
|
- initialDelaySeconds: 15
|
|
|
- periodSeconds: 20
|
|
|
- volumes:
|
|
|
- - name: runner
|
|
|
- emptyDir: {}
|
John Lockman