diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-04-09 06:03:49 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-04-09 06:03:49 +0000 |
commit | 277ea0d7bf43a7cfcf0a621ea2ecfdcdc22672b9 (patch) | |
tree | 5062feab38e6d7074475cf755dbc60ced2390951 /kubernetes/contrib/components/awx/charts | |
parent | 21d5e7be75d5e8aa4abfe269bea89edec38c75c1 (diff) | |
parent | a5bb31b95347229e400099565bedd3f6a3785c9a (diff) |
Merge "[Contrib] Authorize choice of subcomponents"
Diffstat (limited to 'kubernetes/contrib/components/awx/charts')
17 files changed, 1171 insertions, 0 deletions
diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/Chart.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/Chart.yaml new file mode 100755 index 0000000000..e30faf275e --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX database +name: awx-postgres +version: 6.0.0 diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/NOTES.txt b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/NOTES.txt new file mode 100755 index 0000000000..3ab092e848 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml new file mode 100755 index 0000000000..67d13cf477 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml @@ -0,0 +1,86 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ .Values.global.repository | default .Values.repository }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + readinessProbe: + exec: + command: + - /bin/sh + - -i + - -c + - psql -h 127.0.0.1 -U $POSTGRES_USER -q -d {{ .Values.config.postgresDB }} + -c 'SELECT 1' + initialDelaySeconds: 5 + timeoutSeconds: 1 + env: + - name: POSTGRES_USER + value: "{{ .Values.config.postgresUser }}" + - name: POSTGRES_PASSWORD + value: "{{ .Values.config.postgresPassword }}" + - name: POSTGRES_DB + value: "{{ .Values.config.postgresDB }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: {{ include "common.fullname" . }}-data + mountPath: /var/lib/postgresql/data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + {{- if .Values.persistence.enabled }} + - name: {{ include "common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pv.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pv.yaml new file mode 100755 index 0000000000..bfe63abafe --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pv.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pvc.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pvc.yaml new file mode 100755 index 0000000000..e12dabf175 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/pvc.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end -}} diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/service.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/service.yaml new file mode 100755 index 0000000000..f560417425 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/service.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/values.yaml new file mode 100755 index 0000000000..09012ead47 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/values.yaml @@ -0,0 +1,83 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: # global defaults + nodePortPrefixExt: 304 + persistence: {} + +# application image +repository: docker.io +image: postgres:10.4-alpine +pullPolicy: Always + +# application configuration +config: + postgresUser: awx + postgresPassword: awx + postgresDB: awx + +ingress: + enabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + + # Uncomment the storageClass parameter to use an existing PV + # that will match the following class. + # When uncomment the storageClass, the PV is not created anymore. + + # storageClass: "nfs-dev-sc" + + accessMode: ReadWriteOnce + size: 1Gi + + # When using storage class, mountPath and mountSubPath are + # simply ignored. + + mountPath: /dockerdata-nfs + mountSubPath: awx/pgdata + +service: + type: ClusterIP + name: awx-postgresql + portName: awx-postgresql + internalPort: 5432 + externalPort: 5432 + +resources: {} diff --git a/kubernetes/contrib/components/awx/charts/awx/Chart.yaml b/kubernetes/contrib/components/awx/charts/awx/Chart.yaml new file mode 100755 index 0000000000..00dca3f62c --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Ansible AWX application +name: awx +version: 6.0.0 diff --git a/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py new file mode 100644 index 0000000000..39350e05d0 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/resources/config/credentials.py @@ -0,0 +1,36 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DATABASES = { + 'default': { + 'ATOMIC_REQUESTS': True, + 'ENGINE': 'awx.main.db.profiled_pg', + 'NAME': "{{ .Values.config.postgresDB }}", + 'USER': "{{ .Values.config.postgresUser }}", + 'PASSWORD': "{{ .Values.config.postgresPassword }}", + 'HOST': "awx-postgresql", + 'PORT': "5432", + } +} +BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( + "{{ .Values.config.rabbitmqUser }}", + "{{ .Values.config.rabbitmqPassword }}", + "localhost", + "5672", + "{{ .Values.config.rabbitmqVhost }}") +CHANNEL_LAYERS = { + 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer', + 'ROUTING': 'awx.main.routing.channel_routing', + 'CONFIG': {'url': BROKER_URL}} +}
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh new file mode 100644 index 0000000000..7c58c6bb48 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/resources/config/environment.sh @@ -0,0 +1,23 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DATABASE_USER={{ .Values.config.postgresUser }} +DATABASE_NAME={{ .Values.config.postgresDB }} +DATABASE_HOST=awx-postgresql +DATABASE_PORT=5432 +DATABASE_PASSWORD={{ .Values.config.postgresPassword }} +MEMCACHED_HOST=localhost +RABBITMQ_HOST=localhost +AWX_ADMIN_USER={{ .Values.config.awxAdminUser }} +AWX_ADMIN_PASSWORD={{ .Values.config.awxAdminPassword }}
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/configmap.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/configmap.yaml new file mode 100644 index 0000000000..9bc62b0856 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/templates/configmap.yaml @@ -0,0 +1,146 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-init-mgnt + namespace: {{ include "common.namespace" . }} +data: + entrypoint: | + #/bin/sh + + awx-manage migrate --noinput + if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]] + then + echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell + awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}' + fi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-settings + namespace: {{ include "common.namespace" . }} +data: + awx_settings: | + import os + import socket + ADMINS = () + + AWX_PROOT_ENABLED = True + + # Automatically deprovision pods that go offline + AWX_AUTO_DEPROVISION_INSTANCES = True + + SYSTEM_TASK_ABS_CPU = 6 + SYSTEM_TASK_ABS_MEM = 20 + + INSIGHTS_URL_BASE = "https://example.org" + + #Autoprovisioning should replace this + CLUSTER_HOST_ID = socket.gethostname() + SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' + + SESSION_COOKIE_SECURE = False + CSRF_COOKIE_SECURE = False + + REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR'] + + STATIC_ROOT = '/var/lib/awx/public/static' + PROJECTS_ROOT = '/var/lib/awx/projects' + JOBOUTPUT_ROOT = '/var/lib/awx/job_status' + SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip() + ALLOWED_HOSTS = ['*'] + INTERNAL_API_URL = 'http://127.0.0.1:8052' + SERVER_EMAIL = 'root@localhost' + DEFAULT_FROM_EMAIL = 'webmaster@localhost' + EMAIL_SUBJECT_PREFIX = '[AWX] ' + EMAIL_HOST = 'localhost' + EMAIL_PORT = 25 + EMAIL_HOST_USER = '' + EMAIL_HOST_PASSWORD = '' + EMAIL_USE_TLS = False + + LOGGING['handlers']['console'] = { + '()': 'logging.StreamHandler', + 'level': 'DEBUG', + 'formatter': 'simple', + } + + LOGGING['loggers']['django.request']['handlers'] = ['console'] + LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] + LOGGING['loggers']['awx']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console'] + LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console'] + LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console'] + LOGGING['loggers']['social']['handlers'] = ['console'] + LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console'] + LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] + LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console'] + LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} + LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} + + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '{}:{}'.format("localhost", "11211") + }, + 'ephemeral': { + 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', + }, + } + + USE_X_FORWARDED_PORT = True +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rabbitmq + namespace: {{ include "common.namespace" . }} +data: + enabled_plugins: | + [rabbitmq_management,rabbitmq_peer_discovery_k8s]. + rabbitmq.conf: | + ## Clustering + management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default.svc + cluster_formation.k8s.address_type = ip + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = false + cluster_partition_handling = autoheal + ## queue master locator + queue_master_locator=min-masters + ## enable guest user + loopback_users.guest = false + rabbitmq_definitions.json: | + { + "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}], + "permissions":[ + {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"} + ], + "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}], + "policies":[ + {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}} + ] + } diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml new file mode 100644 index 0000000000..4be13fbf88 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/templates/job.yaml @@ -0,0 +1,125 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 5 + template: + metadata: + labels: + app: {{ include "common.name" . }}-mgnt + release: {{ include "common.release" . }} + spec: + serviceAccount: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" . }} + restartPolicy: Never + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - awx-postgres + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - command: ["/bin/sh","-c"] + args: ["/etc/tower/job-entrypoint.sh"] + image: "{{ .Values.repository }}/{{ .Values.image.task }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-mgnt + resources: + requests: + cpu: 1500m + memory: 2Gi + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/tower/job-entrypoint.sh + name: awx-mgnt + readOnly: true + subPath: job-entrypoint.py + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + + volumes: + - configMap: + defaultMode: 0777 + items: + - key: entrypoint + path: job-entrypoint.py + name: {{ include "common.fullname" . }}-init-mgnt + name: awx-mgnt + - configMap: + defaultMode: 420 + items: + - key: awx_settings + path: settings.py + name: {{ include "common.fullname" . }}-settings + name: awx-application-config + - name: awx-application-credentials + secret: + defaultMode: 420 + items: + - key: credentials_py + path: credentials.py + - key: environment_sh + path: environment.sh + secretName: {{ include "common.fullname" . }}-secrets + - name: awx-secret-key + secret: + defaultMode: 420 + items: + - key: secret_key + path: SECRET_KEY + secretName: {{ include "common.fullname" . }}-secrets + - configMap: + defaultMode: 420 + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - key: rabbitmq_definitions.json + path: rabbitmq_definitions.json + name: {{ include "common.fullname" . }}-rabbitmq + name: rabbitmq-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/secret.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/secret.yaml new file mode 100644 index 0000000000..642f779214 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "common.fullname" . }}-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + credentials_py: {{ tpl (.Files.Get "resources/config/credentials.py") . | b64enc }} + environment_sh: {{ tpl (.Files.Get "resources/config/environment.sh") . | b64enc }} + rabbitmq_erlang_cookie: {{ .Values.config.rabbitmqErlangCookie | b64enc | quote }} + secret_key: {{ .Values.config.secretKey | b64enc | quote }}
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/service.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/service.yaml new file mode 100755 index 0000000000..10f031da82 --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/templates/service.yaml @@ -0,0 +1,80 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-rmq-mgmt + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.rmqmgmt.type }} + ports: + - port: {{ .Values.service.rmqmgmt.externalPort }} + targetPort: {{ .Values.service.rmqmgmt.internalPort }} + name: {{ .Values.service.rmqmgmt.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-web + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.web.type }} + ports: + - port: {{ .Values.service.web.externalPort }} + targetPort: {{ .Values.service.web.internalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }} + name: {{ .Values.service.web.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-rabbitmq + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + type: LoadBalancer +spec: + type: {{ .Values.service.rabbitmq.type }} + ports: + - port: {{ .Values.service.rabbitmq.http.externalPort }} + targetPort: {{ .Values.service.rabbitmq.http.internalPort }} + name: {{ .Values.service.rabbitmq.http.portName }} + - port: {{ .Values.service.rabbitmq.amqp.externalPort }} + targetPort: {{ .Values.service.rabbitmq.amqp.internalPort }} + name: {{ .Values.service.rabbitmq.amqp.portName }} + selector: + app: {{ include "common.fullname" . }} + release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/serviceaccout.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/serviceaccout.yaml new file mode 100644 index 0000000000..0f52ce800a --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/templates/serviceaccout.yaml @@ -0,0 +1,47 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.fullname" . }}-endpoint-reader + namespace: {{ include "common.namespace" . }} +rules: +- apiGroups: ["", "extensions", "apps", "batch"] + resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"] + verbs: ["get", "list"] +--- +apiVersion: v1 +items: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: {{ include "common.fullname" . }}-endpoint-reader + namespace: {{ include "common.namespace" . }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.fullname" . }}-endpoint-reader + subjects: + - kind: ServiceAccount + name: {{ include "common.fullname" . }} +kind: List
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml new file mode 100644 index 0000000000..988ac174ae --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/templates/statefulset.yaml @@ -0,0 +1,213 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + podManagementPolicy: OrderedReady + replicas: {{ .Values.replicaCount }} + serviceName: {{ include "common.fullname" . }} + selector: + matchLabels: + app: {{ include "common.fullname" . }} + name: {{ include "common.name" . }}-web-deploy + service: django + template: + metadata: + labels: + app: {{ include "common.fullname" . }} + name: {{ include "common.name" . }}-web-deploy + release: {{ include "common.release" . }} + service: django + spec: + + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - {{ include "common.name" . }}-mgnt + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + + containers: + + - image: "{{ .Values.repository }}/{{ .Values.image.web }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-web + ports: + - containerPort: {{ .Values.service.web.internalPort }} + protocol: TCP + resources: + requests: + cpu: 500m + memory: 1Gi + volumeMounts: + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + - command: ["/bin/sh","-c"] + args: ["/usr/bin/launch_awx_task.sh"] + env: + - name: AWX_SKIP_MIGRATIONS + value: "1" + + image: "{{ .Values.repository }}/{{ .Values.image.task }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-celery + resources: + requests: + cpu: 1500m + memory: 2Gi + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/tower/settings.py + name: awx-application-config + readOnly: true + subPath: settings.py + - mountPath: /etc/tower/conf.d/ + name: awx-application-credentials + readOnly: true + - mountPath: /etc/tower/SECRET_KEY + name: awx-secret-key + readOnly: true + subPath: SECRET_KEY + - env: + - name: MY_POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_NODENAME + value: rabbit@$(MY_POD_IP) + - name: RABBITMQ_ERLANG_COOKIE + valueFrom: + secretKeyRef: + key: rabbitmq_erlang_cookie + name: {{ include "common.fullname" . }}-secrets + - name: K8S_SERVICE_NAME + value: {{ include "common.servicename" . }}-rabbitmq + + image: "{{ .Values.repository }}/{{ .Values.image.rabbitmq }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-rabbit + livenessProbe: + exec: + command: + - rabbitmqctl + - status + failureThreshold: 3 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: 1 + timeoutSeconds: 10 + ports: + - containerPort: {{ .Values.service.rabbitmq.http.internalPort }} + name: {{ .Values.service.rabbitmq.http.portName }} + protocol: TCP + - containerPort: {{ .Values.service.rabbitmq.amqp.internalPort }} + name: {{ .Values.service.rabbitmq.amqp.portName }} + protocol: TCP + readinessProbe: + exec: + command: + - rabbitmqctl + - status + failureThreshold: 3 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + successThreshold: 1 + timeoutSeconds: 10 + resources: + requests: + cpu: 500m + memory: 2Gi + volumeMounts: + - mountPath: /etc/rabbitmq + name: rabbitmq-config + + - image: "{{ .Values.image.memcached }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-memcached + resources: + requests: + cpu: 500m + memory: 1Gi + serviceAccount: {{ include "common.fullname" . }} + serviceAccountName: {{ include "common.fullname" . }} + volumes: + - configMap: + defaultMode: 420 + items: + - key: awx_settings + path: settings.py + name: {{ include "common.fullname" . }}-settings + name: awx-application-config + - name: awx-application-credentials + secret: + defaultMode: 420 + items: + - key: credentials_py + path: credentials.py + - key: environment_sh + path: environment.sh + secretName: {{ include "common.fullname" . }}-secrets + - name: awx-secret-key + secret: + defaultMode: 420 + items: + - key: secret_key + path: SECRET_KEY + secretName: {{ include "common.fullname" . }}-secrets + - configMap: + defaultMode: 420 + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + - key: rabbitmq_definitions.json + path: rabbitmq_definitions.json + name: {{ include "common.fullname" . }}-rabbitmq + name: rabbitmq-config + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/contrib/components/awx/charts/awx/values.yaml b/kubernetes/contrib/components/awx/charts/awx/values.yaml new file mode 100755 index 0000000000..fd77a12c0b --- /dev/null +++ b/kubernetes/contrib/components/awx/charts/awx/values.yaml @@ -0,0 +1,111 @@ +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: # global defaults + nodePortPrefixExt: 304 + persistence: {} + +# application image +repository: ansible +image: + web: awx_web:9.0.1 + task: awx_task:9.0.1 + rabbitmq: awx_rabbitmq:3.7.4 + memcached: memcached:1.5.20 +pullPolicy: Always + +# application configuration +config: + postgresUser: awx + postgresPassword: awx + postgresDB: awx +# RabbitMQ Configuration + rabbitmqUser: awx + rabbitmqPassword: awxpass + rabbitmqVhost: awx + rabbitmqErlangCookie: cookiemonster3 +# This will create or update a default admin (superuser) account in AWX, if not provided +# then these default values are used + awxAdminUser: admin + awxAdminPassword: password + awxAdminEmail: cds@onap.org +# AWX Secret key +# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt +# your credentials + secretKey: awxsecret + +ingress: + enabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + enabled: true + +## Persist data to a persitent volume +persistence: + enabled: true + volumeReclaimPolicy: Retain + + # Uncomment the storageClass parameter to use an existing PV + # that will match the following class. + # When uncomment the storageClass, the PV is not created anymore. + + # storageClass: "nfs-dev-sc" + + accessMode: ReadWriteOnce + size: 5Gi + + # When using storage class, mountPath and mountSubPath are + # simply ignored. + + mountPath: /dockerdata-nfs + mountSubPath: awx/pgdata + +service: + rmqmgmt: + type: ClusterIP + portName: rmqmgmt + internalPort: 15672 + externalPort: 15672 + web: + type: NodePort + portName: web + internalPort: 8052 + externalPort: 80 + nodePort: 78 + rabbitmq: + type: ClusterIP + http: + portName: http + internalPort: 15672 + externalPort: 15672 + amqp: + portName: amqp + internalPort: 5672 + externalPort: 5672 + +resources: {} |