Last active
June 11, 2021 05:04
-
-
Save tchellomello/e38c71248591034f8a7cc28421fe2245 to your computer and use it in GitHub Desktop.
awx-operator testing using custom-ca
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file is generated by Ansible. Changes will be lost. | |
| # Update templates under ansible/templates/ | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: awxs.awx.ansible.com | |
| spec: | |
| group: awx.ansible.com | |
| names: | |
| kind: AWX | |
| listKind: AWXList | |
| plural: awxs | |
| singular: awx | |
| scope: Namespaced | |
| versions: | |
| - name: v1beta1 | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| schema: | |
| openAPIV3Schema: | |
| description: Schema validation for the AWX CRD | |
| properties: | |
| spec: | |
| properties: | |
| deployment_type: | |
| description: Name of the deployment type | |
| type: string | |
| default: awx | |
| kind: | |
| description: Kind of the deployment type | |
| type: string | |
| default: AWX | |
| api_version: | |
| description: apiVersion of the deployment type | |
| type: string | |
| default: awx.ansible.com/v1beta1 | |
| task_privileged: | |
| description: If a privileged security context should be enabled | |
| type: boolean | |
| default: false | |
| admin_user: | |
| description: Username to use for the admin account | |
| type: string | |
| default: admin | |
| hostname: | |
| description: The hostname of the instance | |
| type: string | |
| admin_email: | |
| description: The admin user email | |
| type: string | |
| admin_password_secret: | |
| description: Secret where the admin password can be found | |
| type: string | |
| postgres_configuration_secret: | |
| description: Secret where the database configuration can be found | |
| type: string | |
| old_postgres_configuration_secret: | |
| description: Secret where the old database configuration can be found for data migration | |
| type: string | |
| postgres_label_selector: | |
| description: Label selector used to identify postgres pod for data migration | |
| type: string | |
| secret_key_secret: | |
| description: Secret where the secret key can be found | |
| type: string | |
| broadcast_websocket_secret: | |
| description: Secret where the broadcast websocket secret can be found | |
| type: string | |
| extra_volumes: | |
| description: Specify extra volumes to add to the application pod | |
| type: string | |
| service_type: | |
| description: The service type to be used on the deployed instance | |
| type: string | |
| enum: | |
| - LoadBalancer | |
| - loadbalancer | |
| - ClusterIP | |
| - clusterip | |
| - NodePort | |
| - nodeport | |
| ingress_type: | |
| description: The ingress type to use to reach the deployed instance | |
| type: string | |
| enum: | |
| - none | |
| - Ingress | |
| - ingress | |
| - Route | |
| - route | |
| ingress_annotations: | |
| description: Annotations to add to the Ingress Controller | |
| type: string | |
| ingress_tls_secret: | |
| description: Secret where the Ingress TLS secret can be found | |
| type: string | |
| loadbalancer_annotations: | |
| description: Annotations to add to the loadbalancer | |
| type: string | |
| loadbalancer_protocol: | |
| description: Protocol to use for the loadbalancer | |
| type: string | |
| default: http | |
| enum: | |
| - http | |
| - https | |
| loadbalancer_port: | |
| description: Port to use for the loadbalancer | |
| type: integer | |
| default: 80 | |
| route_host: | |
| description: The DNS to use to points to the instance | |
| type: string | |
| route_tls_termination_mechanism: | |
| description: The secure TLS termination mechanism to use | |
| type: string | |
| default: Edge | |
| enum: | |
| - Edge | |
| - edge | |
| - Passthrough | |
| - passthrough | |
| route_tls_secret: | |
| description: Secret where the TLS related credentials are stored | |
| type: string | |
| node_selector: | |
| description: nodeSelector for the pods | |
| type: string | |
| service_labels: | |
| description: Additional labels to apply to the service | |
| type: string | |
| tolerations: | |
| description: node tolerations for the pods | |
| type: string | |
| image: | |
| description: Registry path to the application container to use | |
| type: string | |
| image_version: | |
| description: Application container image version to use | |
| type: string | |
| ee_images: | |
| description: Registry path to the Execution Environment container to use | |
| type: array | |
| items: | |
| type: object | |
| properties: | |
| name: | |
| type: string | |
| image: | |
| type: string | |
| control_plane_ee_image: | |
| description: Registry path to the Execution Environment container image to use on control plane pods | |
| type: string | |
| ee_pull_credentials_secret: | |
| description: Secret where pull credentials for registered ees can be found | |
| type: string | |
| image_pull_policy: | |
| description: The image pull policy | |
| type: string | |
| default: IfNotPresent | |
| enum: | |
| - Always | |
| - always | |
| - Never | |
| - never | |
| - IfNotPresent | |
| - ifnotpresent | |
| image_pull_secret: | |
| description: The image pull secret | |
| type: string | |
| task_resource_requirements: | |
| description: Resource requirements for the task container | |
| properties: | |
| requests: | |
| properties: | |
| cpu: | |
| type: string | |
| memory: | |
| type: string | |
| storage: | |
| type: string | |
| type: object | |
| limits: | |
| properties: | |
| cpu: | |
| type: string | |
| memory: | |
| type: string | |
| storage: | |
| type: string | |
| type: object | |
| type: object | |
| web_resource_requirements: | |
| description: Resource requirements for the web container | |
| properties: | |
| requests: | |
| properties: | |
| cpu: | |
| type: string | |
| memory: | |
| type: string | |
| storage: | |
| type: string | |
| type: object | |
| limits: | |
| properties: | |
| cpu: | |
| type: string | |
| memory: | |
| type: string | |
| storage: | |
| type: string | |
| type: object | |
| type: object | |
| service_account_annotations: | |
| description: ServiceAccount annotations | |
| type: string | |
| replicas: | |
| description: Number of instance replicas | |
| type: integer | |
| default: 1 | |
| format: int32 | |
| garbage_collect_secrets: | |
| description: Whether or not to remove secrets upon instance removal | |
| default: false | |
| type: boolean | |
| create_preload_data: | |
| description: Whether or not to preload data upon instance creation | |
| default: true | |
| type: boolean | |
| task_args: | |
| type: array | |
| items: | |
| type: string | |
| task_command: | |
| type: array | |
| items: | |
| type: string | |
| web_args: | |
| type: array | |
| items: | |
| type: string | |
| web_command: | |
| type: array | |
| items: | |
| type: string | |
| task_extra_env: | |
| type: string | |
| web_extra_env: | |
| type: string | |
| ee_extra_volume_mounts: | |
| description: Specify volume mounts to be added to Execution container | |
| type: string | |
| task_extra_volume_mounts: | |
| description: Specify volume mounts to be added to Task container | |
| type: string | |
| web_extra_volume_mounts: | |
| description: Specify volume mounts to be added to the Web container | |
| type: string | |
| redis_image: | |
| description: Registry path to the redis container to use | |
| type: string | |
| redis_image_version: | |
| description: Redis container image version to use | |
| type: string | |
| init_container_image: | |
| description: Registry path to the init container to use | |
| type: string | |
| init_container_image_version: | |
| description: Init container image version to use | |
| type: string | |
| postgres_image: | |
| description: Registry path to the PostgreSQL container to use | |
| type: string | |
| postgres_image_version: | |
| description: PostgreSQL container image version to use | |
| type: string | |
| postgres_selector: | |
| description: nodeSelector for the Postgres pods | |
| type: string | |
| postgres_tolerations: | |
| description: node tolerations for the Postgres pods | |
| type: string | |
| postgres_storage_requirements: | |
| description: Storage requirements for the PostgreSQL container | |
| properties: | |
| requests: | |
| properties: | |
| storage: | |
| type: string | |
| type: object | |
| limits: | |
| properties: | |
| storage: | |
| type: string | |
| type: object | |
| type: object | |
| postgres_resource_requirements: | |
| description: Resource requirements for the PostgreSQL container | |
| properties: | |
| requests: | |
| properties: | |
| cpu: | |
| type: string | |
| memory: | |
| type: string | |
| type: object | |
| limits: | |
| properties: | |
| cpu: | |
| type: string | |
| memory: | |
| type: string | |
| type: object | |
| type: object | |
| postgres_storage_class: | |
| description: Storage class to use for the PostgreSQL PVC | |
| type: string | |
| postgres_data_path: | |
| description: Path where the PostgreSQL data are located | |
| type: string | |
| ca_trust_bundle: | |
| description: Path where the trusted CA bundle is available | |
| type: string | |
| development_mode: | |
| description: If the deployment should be done in development mode | |
| type: boolean | |
| ldap_cacert_secret: | |
| description: Secret where can be found the LDAP trusted Certificate Authority Bundle | |
| type: string | |
| bundle_cacert_secret: | |
| description: Secret where can be found the trusted Certificate Authority Bundle | |
| type: string | |
| projects_persistence: | |
| description: Whether or not the /var/lib/projects directory will be persistent | |
| default: false | |
| type: boolean | |
| projects_use_existing_claim: | |
| description: Using existing PersistentVolumeClaim | |
| type: string | |
| enum: | |
| - _Yes_ | |
| - _No_ | |
| projects_existing_claim: | |
| description: PersistentVolumeClaim to mount /var/lib/projects directory | |
| type: string | |
| projects_storage_class: | |
| description: Storage class for the /var/lib/projects PersistentVolumeClaim | |
| type: string | |
| projects_storage_size: | |
| description: Size for the /var/lib/projects PersistentVolumeClaim | |
| default: 8Gi | |
| type: string | |
| projects_storage_access_mode: | |
| description: AccessMode for the /var/lib/projects PersistentVolumeClaim | |
| default: ReadWriteMany | |
| type: string | |
| extra_settings: | |
| description: Extra settings to specify for the API | |
| items: | |
| properties: | |
| setting: | |
| type: string | |
| value: | |
| type: string | |
| type: object | |
| type: array | |
| type: object | |
| status: | |
| properties: | |
| URL: | |
| description: URL to access the deployed instance | |
| type: string | |
| adminUser: | |
| description: Admin user of the deployed instance | |
| type: string | |
| adminPasswordSecret: | |
| description: Admin password secret name of the deployed instance | |
| type: string | |
| postgresConfigurationSecret: | |
| description: Postgres Configuration secret name of the deployed instance | |
| type: string | |
| broadcastWebsocketSecret: | |
| description: Broadcast websocket secret name of the deployed instance | |
| type: string | |
| secretKeySecret: | |
| description: Secret key secret name of the deployed instance | |
| type: string | |
| migratedFromSecret: | |
| description: The secret used for migrating an old instance. | |
| type: string | |
| version: | |
| description: Version of the deployed instance | |
| type: string | |
| image: | |
| description: URL of the image used for the deployed instance | |
| type: string | |
| conditions: | |
| description: The resulting conditions when a Service Telemetry is instantiated | |
| items: | |
| properties: | |
| status: | |
| type: string | |
| type: | |
| type: string | |
| reason: | |
| type: string | |
| lastTransitionTime: | |
| type: string | |
| type: object | |
| type: array | |
| type: object | |
| type: object | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: awxbackups.awx.ansible.com | |
| spec: | |
| group: awx.ansible.com | |
| names: | |
| kind: AWXBackup | |
| listKind: AWXBackupList | |
| plural: awxbackups | |
| singular: awxbackup | |
| scope: Namespaced | |
| versions: | |
| - name: v1beta1 | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| schema: | |
| openAPIV3Schema: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| description: Schema validation for the AWXBackup CRD | |
| properties: | |
| spec: | |
| type: object | |
| required: | |
| - deployment_name | |
| properties: | |
| deployment_name: | |
| description: Name of the deployment to be backed up | |
| type: string | |
| backup_pvc: | |
| description: Name of the PVC to be used for storing the backup | |
| type: string | |
| backup_pvc_namespace: | |
| description: Namespace the PVC is in | |
| type: string | |
| backup_storage_requirements: | |
| description: Storage requirements for the PostgreSQL container | |
| type: string | |
| backup_storage_class: | |
| description: Storage class to use when creating PVC for backup | |
| type: string | |
| postgres_label_selector: | |
| description: Label selector used to identify postgres pod for backing up data | |
| type: string | |
| postgres_image: | |
| description: Registry path to the PostgreSQL container to use | |
| type: string | |
| postgres_image_version: | |
| description: PostgreSQL container image version to use | |
| type: string | |
| status: | |
| type: object | |
| properties: | |
| conditions: | |
| description: The resulting conditions when a Service Telemetry is | |
| instantiated | |
| items: | |
| properties: | |
| lastTransitionTime: | |
| type: string | |
| reason: | |
| type: string | |
| status: | |
| type: string | |
| type: | |
| type: string | |
| type: object | |
| type: array | |
| backupDirectory: | |
| description: Backup directory name on the specified pvc | |
| type: string | |
| backupClaim: | |
| description: Backup persistent volume claim | |
| type: string | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: awxrestores.awx.ansible.com | |
| spec: | |
| group: awx.ansible.com | |
| names: | |
| kind: AWXRestore | |
| listKind: AWXRestoreList | |
| plural: awxrestores | |
| singular: awxrestore | |
| scope: Namespaced | |
| versions: | |
| - name: v1beta1 | |
| served: true | |
| storage: true | |
| subresources: | |
| status: {} | |
| schema: | |
| openAPIV3Schema: | |
| type: object | |
| x-kubernetes-preserve-unknown-fields: true | |
| description: Schema validation for the AWXRestore CRD | |
| properties: | |
| spec: | |
| type: object | |
| properties: | |
| backup_source: | |
| description: Backup source | |
| type: string | |
| enum: | |
| - CR | |
| - PVC | |
| deployment_name: | |
| description: Name of the deployment to be restored to | |
| type: string | |
| backup_name: | |
| description: AWXBackup object name | |
| type: string | |
| backup_pvc: | |
| description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim) | |
| type: string | |
| backup_pvc_namespace: | |
| description: Namespace the PVC is in | |
| type: string | |
| backup_dir: | |
| description: Backup directory name, set as a status found on the awxbackup object (backupDirectory) | |
| type: string | |
| postgres_label_selector: | |
| description: Label selector used to identify postgres pod for backing up data | |
| type: string | |
| postgres_image: | |
| description: Registry path to the PostgreSQL container to use | |
| type: string | |
| postgres_image_version: | |
| description: PostgreSQL container image version to use | |
| type: string | |
| status: | |
| type: object | |
| properties: | |
| conditions: | |
| description: The resulting conditions when a Service Telemetry is | |
| instantiated | |
| items: | |
| properties: | |
| lastTransitionTime: | |
| type: string | |
| reason: | |
| type: string | |
| status: | |
| type: string | |
| type: | |
| type: string | |
| type: object | |
| type: array | |
| restoreComplete: | |
| description: Restore process complete | |
| type: string | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| creationTimestamp: null | |
| name: awx-operator | |
| rules: | |
| - apiGroups: | |
| - route.openshift.io | |
| resources: | |
| - routes | |
| - routes/custom-host | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - "" | |
| - "rbac.authorization.k8s.io" | |
| resources: | |
| - pods | |
| - services | |
| - services/finalizers | |
| - serviceaccounts | |
| - endpoints | |
| - persistentvolumeclaims | |
| - events | |
| - configmaps | |
| - secrets | |
| - roles | |
| - rolebindings | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - apps | |
| - extensions | |
| resources: | |
| - deployments | |
| - daemonsets | |
| - replicasets | |
| - statefulsets | |
| - ingresses | |
| verbs: | |
| - '*' | |
| - apiGroups: | |
| - monitoring.coreos.com | |
| resources: | |
| - servicemonitors | |
| verbs: | |
| - get | |
| - create | |
| - apiGroups: | |
| - apps | |
| resourceNames: | |
| - awx-operator | |
| resources: | |
| - deployments/finalizers | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - deployments/scale | |
| - statefulsets/scale | |
| verbs: | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/exec | |
| verbs: | |
| - create | |
| - get | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - replicasets | |
| verbs: | |
| - get | |
| - apiGroups: | |
| - awx.ansible.com | |
| resources: | |
| - '*' | |
| - awxbackups | |
| - awxrestores | |
| verbs: | |
| - '*' | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: awx-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: awx-operator | |
| namespace: default | |
| roleRef: | |
| kind: ClusterRole | |
| name: awx-operator | |
| apiGroup: rbac.authorization.k8s.io | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: awx-operator | |
| namespace: default | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: awx-operator | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| name: awx-operator | |
| template: | |
| metadata: | |
| labels: | |
| name: awx-operator | |
| spec: | |
| serviceAccountName: awx-operator | |
| containers: | |
| - name: awx-operator | |
| image: "quay.io/tchellomello/awx-operator:custom-ca" | |
| imagePullPolicy: "Always" | |
| volumeMounts: | |
| - mountPath: /tmp/ansible-operator/runner | |
| name: runner | |
| env: | |
| # Watch all namespaces (cluster-scoped). | |
| - name: WATCH_NAMESPACE | |
| value: "" | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: OPERATOR_NAME | |
| value: awx-operator | |
| - name: ANSIBLE_GATHERING | |
| value: explicit | |
| - name: OPERATOR_VERSION | |
| value: "custom-ca" | |
| - name: ANSIBLE_DEBUG_LOGS | |
| value: "true" | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 6789 | |
| initialDelaySeconds: 15 | |
| periodSeconds: 20 | |
| volumes: | |
| - name: runner | |
| emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment