# This file is generated by Ansible. Changes will be lost.
# Update templates under ansible/templates/
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awxs.awx.ansible.com
namespace: awx
spec:
group: awx.ansible.com
names:
kind: AWX
listKind: AWXList
plural: awxs
singular: awx
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: Schema validation for the AWX CRD
properties:
spec:
properties:
deployment_type:
description: Name of the deployment type
type: string
default: awx
kind:
description: Kind of the deployment type
type: string
default: AWX
api_version:
description: apiVersion of the deployment type
type: string
default: awx.ansible.com/v1beta1
tower_task_privileged:
description: If a privileged security context should be enabled
type: boolean
default: false
tower_admin_user:
description: Username to use for the admin account
type: string
default: admin
tower_hostname:
description: The hostname of the instance
type: string
tower_admin_email:
description: The admin user email
type: string
tower_admin_password_secret:
description: Secret where the admin password can be found
type: string
tower_postgres_configuration_secret:
description: Secret where the database configuration can be found
type: string
tower_old_postgres_configuration_secret:
description: Secret where the old database configuration can be found for data migration
type: string
tower_secret_key_secret:
description: Secret where the secret key can be found
type: string
tower_broadcast_websocket_secret:
description: Secret where the broadcast websocket secret can be found
type: string
tower_extra_volumes:
description: Specify extra volumes to add to the application pod
type: string
tower_ingress_type:
description: The ingress type to use to reach the deployed instance
type: string
enum:
- none
- Ingress
- ingress
- Route
- route
- LoadBalancer
- loadbalancer
- NodePort
- nodeport
tower_ingress_annotations:
description: Annotations to add to the ingress
type: string
tower_ingress_tls_secret:
description: Secret where the ingress TLS secret can be found
type: string
tower_loadbalancer_annotations:
description: Annotations to add to the loadbalancer
type: string
tower_loadbalancer_protocol:
description: Protocol to use for the loadbalancer
type: string
default: http
enum:
- http
- https
tower_loadbalancer_port:
description: Port to use for the loadbalancer
type: integer
default: 80
tower_route_host:
description: The DNS to use to points to the instance
type: string
tower_route_tls_termination_mechanism:
description: The secure TLS termination mechanism to use
type: string
default: Edge
enum:
- Edge
- edge
- Passthrough
- passthrough
tower_route_tls_secret:
description: Secret where the TLS related credentials are stored
type: string
tower_node_selector:
description: nodeSelector for the AWX pods
type: string
tower_tolerations:
description: node tolerations for the AWX pods
type: string
tower_image:
description: Registry path to the application container to use
type: string
tower_image_version:
description: Application container image version to use
type: string
tower_ee_images:
description: Registry path to the Execution Environment container to use
type: array
items:
type: object
properties:
name:
type: string
image:
type: string
tower_image_pull_policy:
description: The image pull policy
type: string
default: IfNotPresent
enum:
- Always
- always
- Never
- never
- IfNotPresent
- ifnotpresent
tower_image_pull_secret:
description: The image pull secret
type: string
tower_task_resource_requirements:
description: Resource requirements for the task container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
tower_web_resource_requirements:
description: Resource requirements for the web container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
storage:
type: string
type: object
type: object
tower_replicas:
description: Number of instance replicas
type: integer
default: 1
format: int32
tower_garbage_collect_secrets:
description: Whether or not to remove secrets upon instance removal
default: false
type: boolean
tower_create_preload_data:
description: Whether or not to preload data upon Tower instance creation
default: true
type: boolean
tower_task_args:
type: array
items:
type: string
tower_task_command:
type: array
items:
type: string
tower_web_args:
type: array
items:
type: string
tower_web_command:
type: array
items:
type: string
tower_task_extra_env:
type: string
tower_web_extra_env:
type: string
tower_ee_extra_volume_mounts:
description: Specify volume mounts to be added to Execution container
type: string
tower_task_extra_volume_mounts:
description: Specify volume mounts to be added to Task container
type: string
tower_web_extra_volume_mounts:
description: Specify volume mounts to be added to the Web container
type: string
tower_redis_image:
description: Registry path to the redis container to use
type: string
tower_redis_image_version:
description: Redis container image version to use
type: string
tower_postgres_image:
description: Registry path to the PostgreSQL container to use
type: string
tower_postgres_image_version:
description: PostgreSQL container image version to use
type: string
tower_postgres_selector:
description: nodeSelector for the Postgres pods
type: string
tower_postgres_tolerations:
description: node tolerations for the Postgres pods
type: string
tower_postgres_storage_requirements:
description: Storage requirements for the PostgreSQL container
properties:
requests:
properties:
storage:
type: string
type: object
limits:
properties:
storage:
type: string
type: object
type: object
tower_postgres_resource_requirements:
description: Resource requirements for the PostgreSQL container
properties:
requests:
properties:
cpu:
type: string
memory:
type: string
type: object
limits:
properties:
cpu:
type: string
memory:
type: string
type: object
type: object
tower_postgres_storage_class:
description: Storage class to use for the PostgreSQL PVC
type: string
tower_postgres_data_path:
description: Path where the PostgreSQL data are located
type: string
ca_trust_bundle:
description: Path where the trusted CA bundle is available
type: string
development_mode:
description: If the deployment should be done in development mode
type: boolean
ldap_cacert_secret:
description: Secret where can be found the LDAP trusted Certificate Authority Bundle
type: string
tower_projects_persistence:
description: Whether or not the /var/lib/projects directory will be persistent
default: false
type: boolean
tower_projects_use_existing_claim:
description: Using existing PersistentVolumeClaim
type: string
enum:
- _Yes_
- _No_
tower_projects_existing_claim:
description: PersistentVolumeClaim to mount /var/lib/projects directory
type: string
tower_projects_storage_class:
description: Storage class for the /var/lib/projects PersistentVolumeClaim
type: string
tower_projects_storage_size:
description: Size for the /var/lib/projects PersistentVolumeClaim
default: 8Gi
type: string
tower_projects_storage_access_mode:
description: AccessMode for the /var/lib/projects PersistentVolumeClaim
default: ReadWriteMany
type: string
extra_settings:
description: Extra settings to specify for the API
items:
properties:
setting:
type: string
value:
type: string
type: object
type: array
type: object
status:
properties:
towerURL:
description: URL to access the deployed instance
type: string
towerAdminUser:
description: Admin user of the deployed instance
type: string
towerAdminPasswordSecret:
description: Admin password of the deployed instance
type: string
towerMigratedFromSecret:
description: The secret used for migrating an old Tower.
type: string
towerVersion:
description: Version of the deployed instance
type: string
towerImage:
description: URL of the image used for the deployed instance
type: string
conditions:
description: The resulting conditions when a Service Telemetry is instantiated
items:
properties:
status:
type: string
type:
type: string
reason:
type: string
lastTransitionTime:
type: string
type: object
type: array
type: object
type: object
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: awx-operator
namespace: awx
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- ""
- "rbac.authorization.k8s.io"
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
- statefulsets/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- awx.ansible.com
resources:
- '*'
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: awx-operator
namespace: awx
subjects:
- kind: ServiceAccount
name: awx-operator
namespace: awx
roleRef:
kind: ClusterRole
name: awx-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: awx-operator
namespace: awx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-operator
namespace: awx
spec:
replicas: 1
selector:
matchLabels:
name: awx-operator
template:
metadata:
labels:
name: awx-operator
spec:
serviceAccountName: awx-operator
containers:
- name: awx-operator
image: "quay.io/ansible/awx-operator:0.9.0"
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
env:
# Watch all namespaces (cluster-scoped).
- name: WATCH_NAMESPACE
value: ""
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: awx-operator
- name: ANSIBLE_GATHERING
value: explicit
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
volumes:
- name: runner
emptyDir: {}