summaryrefslogtreecommitdiffstats
path: root/kubernetes/contrib/components/awx
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/contrib/components/awx')
-rwxr-xr-xkubernetes/contrib/components/awx/Chart.yaml36
-rw-r--r--kubernetes/contrib/components/awx/Makefile58
-rw-r--r--kubernetes/contrib/components/awx/components/Makefile58
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/Chart.yaml31
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/NOTES.txt33
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml89
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/pv.yaml40
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/pvc.yaml39
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/service.yaml42
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/values.yaml88
-rw-r--r--kubernetes/contrib/components/awx/resources/config/credentials.py38
-rw-r--r--kubernetes/contrib/components/awx/resources/config/environment.sh27
-rw-r--r--kubernetes/contrib/components/awx/templates/configmap.yaml238
-rw-r--r--kubernetes/contrib/components/awx/templates/job.yaml130
-rw-r--r--kubernetes/contrib/components/awx/templates/secret.yaml31
-rwxr-xr-xkubernetes/contrib/components/awx/templates/service.yaml79
-rw-r--r--kubernetes/contrib/components/awx/templates/serviceaccount.yaml44
-rw-r--r--kubernetes/contrib/components/awx/templates/statefulset.yaml227
-rwxr-xr-xkubernetes/contrib/components/awx/values.yaml120
19 files changed, 0 insertions, 1448 deletions
diff --git a/kubernetes/contrib/components/awx/Chart.yaml b/kubernetes/contrib/components/awx/Chart.yaml
deleted file mode 100755
index 38689dee53..0000000000
--- a/kubernetes/contrib/components/awx/Chart.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright © 2019 Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Ansible AWX
-name: awx
-sources:
- - https://github.com/ansible/awx
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: awx-postgres
- version: ~12.x-0
- repository: 'file://components/awx-postgres'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local' \ No newline at end of file
diff --git a/kubernetes/contrib/components/awx/Makefile b/kubernetes/contrib/components/awx/Makefile
deleted file mode 100644
index ef273d0e9b..0000000000
--- a/kubernetes/contrib/components/awx/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/contrib/components/awx/components/Makefile b/kubernetes/contrib/components/awx/components/Makefile
deleted file mode 100644
index 79ba2fb47e..0000000000
--- a/kubernetes/contrib/components/awx/components/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/Chart.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/Chart.yaml
deleted file mode 100755
index 7d6045642f..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/Chart.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright © 2019 Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Ansible AWX database
-name: awx-postgres
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/NOTES.txt b/kubernetes/contrib/components/awx/components/awx-postgres/templates/NOTES.txt
deleted file mode 100755
index 3ab092e848..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
deleted file mode 100755
index 61c0457712..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
+++ /dev/null
@@ -1,89 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- readinessProbe:
- exec:
- command:
- - /bin/sh
- - -i
- - -c
- - psql -h 127.0.0.1 -U $POSTGRES_USER -q -d {{ .Values.config.postgresDB }}
- -c 'SELECT 1'
- initialDelaySeconds: 5
- timeoutSeconds: 1
- env:
- - name: POSTGRES_USER
- value: "{{ .Values.config.postgresUser }}"
- - name: POSTGRES_PASSWORD
- value: "{{ .Values.config.postgresPassword }}"
- - name: POSTGRES_DB
- value: "{{ .Values.config.postgresDB }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/pv.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/pv.yaml
deleted file mode 100755
index bfe63abafe..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/pv.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/pvc.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/pvc.yaml
deleted file mode 100755
index e12dabf175..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/pvc.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/service.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/service.yaml
deleted file mode 100755
index f560417425..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/service.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
deleted file mode 100755
index a6dc5ff90a..0000000000
--- a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global: # global defaults
- nodePortPrefixExt: 304
- persistence: {}
-
-# application image
-image: postgres:10.4-alpine
-pullPolicy: Always
-
-# application configuration
-config:
- postgresUser: awx
- postgresPassword: awx
- postgresDB: awx
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
-
- # Uncomment the storageClass parameter to use an existing PV
- # that will match the following class.
- # When uncomment the storageClass, the PV is not created anymore.
-
- # storageClass: "nfs-dev-sc"
-
- accessMode: ReadWriteOnce
- size: 1Gi
-
- # When using storage class, mountPath and mountSubPath are
- # simply ignored.
-
- mountPath: /dockerdata-nfs
- mountSubPath: awx/pgdata
-
-service:
- type: ClusterIP
- name: awx-postgresql
- portName: tcp-postgresql
- internalPort: 5432
- externalPort: 5432
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: awx-postgres
- roles:
- - read
diff --git a/kubernetes/contrib/components/awx/resources/config/credentials.py b/kubernetes/contrib/components/awx/resources/config/credentials.py
deleted file mode 100644
index 85808d10d4..0000000000
--- a/kubernetes/contrib/components/awx/resources/config/credentials.py
+++ /dev/null
@@ -1,38 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-DATABASES = {
- 'default': {
- 'ATOMIC_REQUESTS': True,
- 'ENGINE': 'awx.main.db.profiled_pg',
- 'NAME': "{{ .Values.config.postgresDB }}",
- 'USER': "{{ .Values.config.postgresUser }}",
- 'PASSWORD': "{{ .Values.config.postgresPassword }}",
- 'HOST': "awx-postgresql",
- 'PORT': "5432",
- }
-}
-BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(
- "{{ .Values.config.rabbitmqUser }}",
- "{{ .Values.config.rabbitmqPassword }}",
- "localhost",
- "5672",
- "{{ .Values.config.rabbitmqVhost }}")
-CHANNEL_LAYERS = {
- 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer',
- 'ROUTING': 'awx.main.routing.channel_routing',
- 'CONFIG': {'url': BROKER_URL}}
-} \ No newline at end of file
diff --git a/kubernetes/contrib/components/awx/resources/config/environment.sh b/kubernetes/contrib/components/awx/resources/config/environment.sh
deleted file mode 100644
index cbfe2857ba..0000000000
--- a/kubernetes/contrib/components/awx/resources/config/environment.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-DATABASE_USER={{ .Values.config.postgresUser }}
-DATABASE_NAME={{ .Values.config.postgresDB }}
-DATABASE_HOST=awx-postgresql
-DATABASE_PORT=5432
-DATABASE_PASSWORD={{ .Values.config.postgresPassword }}
-MEMCACHED_HOST=localhost
-RABBITMQ_HOST=localhost
-AWX_ADMIN_USER={{ .Values.config.awxAdminUser }}
-AWX_ADMIN_PASSWORD={{ .Values.config.awxAdminPassword }} \ No newline at end of file
diff --git a/kubernetes/contrib/components/awx/templates/configmap.yaml b/kubernetes/contrib/components/awx/templates/configmap.yaml
deleted file mode 100644
index 59900f1c64..0000000000
--- a/kubernetes/contrib/components/awx/templates/configmap.yaml
+++ /dev/null
@@ -1,238 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-init-mgnt
- namespace: {{ include "common.namespace" . }}
-data:
- entrypoint: |
- #/bin/sh
-
- awx-manage migrate --noinput
- if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]]
- then
- echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell
- awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}'
- fi
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-settings
- namespace: {{ include "common.namespace" . }}
-data:
- awx_settings: |
- import os
- import socket
- ADMINS = ()
-
- AWX_PROOT_ENABLED = True
-
- # Automatically deprovision pods that go offline
- AWX_AUTO_DEPROVISION_INSTANCES = True
-
- SYSTEM_TASK_ABS_CPU = 6
- SYSTEM_TASK_ABS_MEM = 20
-
- INSIGHTS_URL_BASE = "https://example.org"
-
- #Autoprovisioning should replace this
- CLUSTER_HOST_ID = socket.gethostname()
- SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
-
- SESSION_COOKIE_SECURE = False
- CSRF_COOKIE_SECURE = False
-
- REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
-
- STATIC_ROOT = '/var/lib/awx/public/static'
- PROJECTS_ROOT = '/var/lib/awx/projects'
- JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
- SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
- ALLOWED_HOSTS = ['*']
- INTERNAL_API_URL = 'http://127.0.0.1:8052'
- SERVER_EMAIL = 'root@localhost'
- DEFAULT_FROM_EMAIL = 'webmaster@localhost'
- EMAIL_SUBJECT_PREFIX = '[AWX] '
- EMAIL_HOST = 'localhost'
- EMAIL_PORT = 25
- EMAIL_HOST_USER = ''
- EMAIL_HOST_PASSWORD = ''
- EMAIL_USE_TLS = False
-
- LOGGING['handlers']['console'] = {
- '()': 'logging.StreamHandler',
- 'level': 'DEBUG',
- 'formatter': 'simple',
- }
-
- LOGGING['loggers']['django.request']['handlers'] = ['console']
- LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
- LOGGING['loggers']['awx']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console']
- LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
- LOGGING['loggers']['social']['handlers'] = ['console']
- LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
- LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
- LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
- LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
-
- CACHES = {
- 'default': {
- 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
- 'LOCATION': '{}:{}'.format("localhost", "11211")
- },
- 'ephemeral': {
- 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
- },
- }
-
- USE_X_FORWARDED_PORT = True
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rabbitmq
- namespace: {{ include "common.namespace" . }}
-data:
- enabled_plugins: |
- [rabbitmq_management,rabbitmq_peer_discovery_k8s].
- rabbitmq.conf: |
- ## Clustering
- management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json
- cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
- cluster_formation.k8s.host = kubernetes.default.svc
- cluster_formation.k8s.address_type = ip
- cluster_formation.node_cleanup.interval = 10
- cluster_formation.node_cleanup.only_log_warning = false
- cluster_partition_handling = autoheal
- ## queue master locator
- queue_master_locator=min-masters
- ## enable guest user
- loopback_users.guest = false
- rabbitmq_definitions.json: |
- {
- "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}],
- "permissions":[
- {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"}
- ],
- "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}],
- "policies":[
- {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}}
- ]
- }
----
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx-conf
- namespace: {{ include "common.namespace" . }}
- labels:
- app.kubernetes.io/name: {{ include "common.name" . }}
- helm.sh/chart: {{ include "common.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
-data:
- nginx.conf: |
- worker_processes 1;
- pid /tmp/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- server_tokens off;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /dev/stdout main;
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- sendfile on;
- #tcp_nopush on;
- #gzip on;
- upstream uwsgi {
- server 127.0.0.1:8050;
- }
- upstream daphne {
- server 127.0.0.1:8051;
- }
- server {
- listen 8052 default_server;
- # If you have a domain name, this is where to add it
- server_name _;
- keepalive_timeout 65;
- # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
- add_header Strict-Transport-Security max-age=15768000;
- add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
- add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
- # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
- add_header X-Frame-Options "DENY";
- location /nginx_status {
- stub_status on;
- access_log off;
- allow 127.0.0.1;
- deny all;
- }
- location /static/ {
- alias /var/lib/awx/public/static/;
- }
- location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
- location /websocket {
- # Pass request to the upstream alias
- proxy_pass http://daphne;
- # Require http version 1.1 to allow for upgrade requests
- proxy_http_version 1.1;
- # We want proxy_buffering off for proxying to websockets.
- proxy_buffering off;
- # http://en.wikipedia.org/wiki/X-Forwarded-For
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # enable this if you use HTTPS:
- proxy_set_header X-Forwarded-Proto https;
- # pass the Host: header from the client for the sake of redirects
- proxy_set_header Host $http_host;
- # We've set the Host header, so we don't need Nginx to muddle
- # about with redirects
- proxy_redirect off;
- # Depending on the request value, set the Upgrade and
- # connection headers
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- }
- location / {
- # Add trailing / if missing
- rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
- uwsgi_read_timeout 120s;
- uwsgi_pass uwsgi;
- include /etc/nginx/uwsgi_params;
- proxy_set_header X-Forwarded-Port 443;
- }
- }
- }
diff --git a/kubernetes/contrib/components/awx/templates/job.yaml b/kubernetes/contrib/components/awx/templates/job.yaml
deleted file mode 100644
index 1ebe340a68..0000000000
--- a/kubernetes/contrib/components/awx/templates/job.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 5
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-mgnt
- release: {{ include "common.release" . }}
- spec:
- serviceAccount: {{ include "common.fullname" . }}
- serviceAccountName: {{ include "common.fullname" . }}
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - awx-postgres
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-mgnt
- command:
- - /bin/sh
- - -cx
- - |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /etc/tower/job-entrypoint.sh
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.task }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
- requests:
- cpu: 1500m
- memory: 2Gi
- securityContext:
- privileged: true
- volumeMounts:
- - mountPath: /etc/tower/job-entrypoint.sh
- name: awx-mgnt
- readOnly: true
- subPath: job-entrypoint.py
- - mountPath: /etc/tower/settings.py
- name: awx-application-config
- readOnly: true
- subPath: settings.py
- - mountPath: /etc/tower/conf.d/
- name: awx-application-credentials
- readOnly: true
- - mountPath: /etc/tower/SECRET_KEY
- name: awx-secret-key
- readOnly: true
- subPath: SECRET_KEY
- {{ include "common.waitForJobContainer" . | indent 6 | trim }}
- volumes:
- - configMap:
- defaultMode: 0777
- items:
- - key: entrypoint
- path: job-entrypoint.py
- name: {{ include "common.fullname" . }}-init-mgnt
- name: awx-mgnt
- - configMap:
- defaultMode: 420
- items:
- - key: awx_settings
- path: settings.py
- name: {{ include "common.fullname" . }}-settings
- name: awx-application-config
- - name: awx-application-credentials
- secret:
- defaultMode: 420
- items:
- - key: credentials_py
- path: credentials.py
- - key: environment_sh
- path: environment.sh
- secretName: {{ include "common.fullname" . }}-secrets
- - name: awx-secret-key
- secret:
- defaultMode: 420
- items:
- - key: secret_key
- path: SECRET_KEY
- secretName: {{ include "common.fullname" . }}-secrets
- - configMap:
- defaultMode: 420
- items:
- - key: rabbitmq.conf
- path: rabbitmq.conf
- - key: enabled_plugins
- path: enabled_plugins
- - key: rabbitmq_definitions.json
- path: rabbitmq_definitions.json
- name: {{ include "common.fullname" . }}-rabbitmq
- name: rabbitmq-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/templates/secret.yaml b/kubernetes/contrib/components/awx/templates/secret.yaml
deleted file mode 100644
index 642f779214..0000000000
--- a/kubernetes/contrib/components/awx/templates/secret.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
- name: {{ include "common.fullname" . }}-secrets
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- credentials_py: {{ tpl (.Files.Get "resources/config/credentials.py") . | b64enc }}
- environment_sh: {{ tpl (.Files.Get "resources/config/environment.sh") . | b64enc }}
- rabbitmq_erlang_cookie: {{ .Values.config.rabbitmqErlangCookie | b64enc | quote }}
- secret_key: {{ .Values.config.secretKey | b64enc | quote }} \ No newline at end of file
diff --git a/kubernetes/contrib/components/awx/templates/service.yaml b/kubernetes/contrib/components/awx/templates/service.yaml
deleted file mode 100755
index 85ec8c8428..0000000000
--- a/kubernetes/contrib/components/awx/templates/service.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-rmq-mgmt
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.rmqmgmt.type }}
- ports:
- - port: {{ .Values.service.rmqmgmt.externalPort }}
- targetPort: {{ .Values.service.rmqmgmt.internalPort }}
- name: {{ .Values.service.rmqmgmt.portName }}
- selector:
- app: {{ include "common.fullname" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-web
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.web.type }}
- ports:
- - port: {{ .Values.service.web.externalPort }}
- targetPort: {{ .Values.service.web.internalPort }}
- name: {{ .Values.service.web.portName }}
- selector:
- app: {{ include "common.fullname" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-rabbitmq
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- type: LoadBalancer
-spec:
- type: {{ .Values.service.rabbitmq.type }}
- ports:
- - port: {{ .Values.service.rabbitmq.http.externalPort }}
- targetPort: {{ .Values.service.rabbitmq.http.internalPort }}
- name: {{ .Values.service.rabbitmq.http.portName }}
- - port: {{ .Values.service.rabbitmq.amqp.externalPort }}
- targetPort: {{ .Values.service.rabbitmq.amqp.internalPort }}
- name: {{ .Values.service.rabbitmq.amqp.portName }}
- selector:
- app: {{ include "common.fullname" . }}
- release: {{ include "common.release" . }} \ No newline at end of file
diff --git a/kubernetes/contrib/components/awx/templates/serviceaccount.yaml b/kubernetes/contrib/components/awx/templates/serviceaccount.yaml
deleted file mode 100644
index 15baf0e308..0000000000
--- a/kubernetes/contrib/components/awx/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: {{ include "common.fullname" . }}-endpoint-reader
- namespace: {{ include "common.namespace" . }}
-rules:
-- apiGroups: ["", "extensions", "apps", "batch"]
- resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"]
- verbs: ["get", "list"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ include "common.fullname" . }}-endpoint-reader
- namespace: {{ include "common.namespace" . }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ include "common.fullname" . }}-endpoint-reader
-subjects:
-- kind: ServiceAccount
- name: {{ include "common.fullname" . }} \ No newline at end of file
diff --git a/kubernetes/contrib/components/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/templates/statefulset.yaml
deleted file mode 100644
index 1f2c093742..0000000000
--- a/kubernetes/contrib/components/awx/templates/statefulset.yaml
+++ /dev/null
@@ -1,227 +0,0 @@
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- podManagementPolicy: OrderedReady
- replicas: {{ .Values.replicaCount }}
- serviceName: {{ include "common.fullname" . }}
- selector:
- matchLabels:
- app: {{ include "common.fullname" . }}
- name: {{ include "common.name" . }}-web-deploy
- service: django
- template:
- metadata:
- labels:
- app: {{ include "common.fullname" . }}
- name: {{ include "common.name" . }}-web-deploy
- release: {{ include "common.release" . }}
- service: django
- spec:
-
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ include "common.name" . }}-mgnt
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
-
- containers:
-
- - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.web }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-web
- ports:
- - containerPort: {{ .Values.service.web.internalPort }}
- protocol: TCP
- resources:
- requests:
- cpu: 500m
- memory: 1Gi
- volumeMounts:
- - mountPath: /etc/tower/settings.py
- name: awx-application-config
- readOnly: true
- subPath: settings.py
- - mountPath: /etc/tower/conf.d/
- name: awx-application-credentials
- readOnly: true
- - mountPath: /etc/tower/SECRET_KEY
- name: awx-secret-key
- readOnly: true
- subPath: SECRET_KEY
- - mountPath: /etc/nginx/nginx.conf
- name: awx-nginx-conf
- subPath: "nginx.conf"
-
- - command: ["/bin/sh","-c"]
- args: ["/usr/bin/launch_awx_task.sh"]
- env:
- - name: AWX_SKIP_MIGRATIONS
- value: "1"
-
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.task }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-celery
- resources:
- requests:
- cpu: 1500m
- memory: 2Gi
- securityContext:
- privileged: true
- volumeMounts:
- - mountPath: /etc/tower/settings.py
- name: awx-application-config
- readOnly: true
- subPath: settings.py
- - mountPath: /etc/tower/conf.d/
- name: awx-application-credentials
- readOnly: true
- - mountPath: /etc/tower/SECRET_KEY
- name: awx-secret-key
- readOnly: true
- subPath: SECRET_KEY
- - mountPath: /etc/nginx/nginx.conf
- name: awx-nginx-conf
- subPath: "nginx.conf"
- - env:
- - name: MY_POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- - name: RABBITMQ_USE_LONGNAME
- value: "true"
- - name: RABBITMQ_NODENAME
- value: rabbit@$(MY_POD_IP)
- - name: RABBITMQ_ERLANG_COOKIE
- valueFrom:
- secretKeyRef:
- key: rabbitmq_erlang_cookie
- name: {{ include "common.fullname" . }}-secrets
- - name: K8S_SERVICE_NAME
- value: {{ include "common.servicename" . }}-rabbitmq
-
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.rabbitmq }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-rabbit
- livenessProbe:
- exec:
- command:
- - rabbitmqctl
- - status
- failureThreshold: 3
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- successThreshold: 1
- timeoutSeconds: 10
- ports:
- - containerPort: {{ .Values.service.rabbitmq.http.internalPort }}
- name: {{ .Values.service.rabbitmq.http.portName }}
- protocol: TCP
- - containerPort: {{ .Values.service.rabbitmq.amqp.internalPort }}
- name: {{ .Values.service.rabbitmq.amqp.portName }}
- protocol: TCP
- readinessProbe:
- exec:
- command:
- - rabbitmqctl
- - status
- failureThreshold: 3
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- successThreshold: 1
- timeoutSeconds: 10
- resources:
- requests:
- cpu: 500m
- memory: 2Gi
- volumeMounts:
- - mountPath: /etc/rabbitmq
- name: rabbitmq-config
-
- - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.memcached }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-memcached
- resources:
- requests:
- cpu: 500m
- memory: 1Gi
- serviceAccount: {{ include "common.fullname" . }}
- serviceAccountName: {{ include "common.fullname" . }}
- volumes:
- - configMap:
- defaultMode: 420
- items:
- - key: awx_settings
- path: settings.py
- name: {{ include "common.fullname" . }}-settings
- name: awx-application-config
- - name: awx-application-credentials
- secret:
- defaultMode: 420
- items:
- - key: credentials_py
- path: credentials.py
- - key: environment_sh
- path: environment.sh
- secretName: {{ include "common.fullname" . }}-secrets
- - name: awx-secret-key
- secret:
- defaultMode: 420
- items:
- - key: secret_key
- path: SECRET_KEY
- secretName: {{ include "common.fullname" . }}-secrets
- - configMap:
- defaultMode: 420
- items:
- - key: rabbitmq.conf
- path: rabbitmq.conf
- - key: enabled_plugins
- path: enabled_plugins
- - key: rabbitmq_definitions.json
- path: rabbitmq_definitions.json
- name: {{ include "common.fullname" . }}-rabbitmq
- name: rabbitmq-config
- - configMap:
- defaultMode: 420
- items:
- - key: nginx.conf
- path: nginx.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- name: awx-nginx-conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
deleted file mode 100755
index c30999fa6d..0000000000
--- a/kubernetes/contrib/components/awx/values.yaml
+++ /dev/null
@@ -1,120 +0,0 @@
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global: # global defaults
- nodePortPrefixExt: 304
- commonConfigPrefix: awx
- persistence: {}
-
-# application image
-image:
- web: ansible/awx_web:9.0.1
- task: ansible/awx_task:9.0.1
- rabbitmq: ansible/awx_rabbitmq:3.7.4
- memcached: memcached:1.5.20
-pullPolicy: Always
-
-# application configuration
-config:
- postgresUser: awx
- postgresPassword: awx
- postgresDB: awx
-# RabbitMQ Configuration
- rabbitmqUser: awx
- rabbitmqPassword: awxpass
- rabbitmqVhost: awx
- rabbitmqErlangCookie: cookiemonster3
-# This will create or update a default admin (superuser) account in AWX, if not provided
-# then these default values are used
- awxAdminUser: admin
- awxAdminPassword: password
- awxAdminEmail: cds@onap.org
-# AWX Secret key
-# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt
-# your credentials
- secretKey: awxsecret
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- enabled: true
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
-
- # Uncomment the storageClass parameter to use an existing PV
- # that will match the following class.
- # When uncomment the storageClass, the PV is not created anymore.
-
- # storageClass: "nfs-dev-sc"
-
- accessMode: ReadWriteOnce
- size: 5Gi
-
- # When using storage class, mountPath and mountSubPath are
- # simply ignored.
-
- mountPath: /dockerdata-nfs
- mountSubPath: awx/pgdata
-
-service:
- rmqmgmt:
- type: ClusterIP
- portName: http-rmqmgmt
- internalPort: 15672
- externalPort: 15672
- web:
- type: ClusterIP
- portName: http-web
- internalPort: 8052
- externalPort: 8052
- rabbitmq:
- type: ClusterIP
- http:
- portName: http-rmq
- internalPort: 15672
- externalPort: 15672
- amqp:
- portName: tcp-amqp
- internalPort: 5672
- externalPort: 5672
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: awx
- roles:
- - read
-
-wait_for_job_container:
- containers:
- - '{{ include "common.name" . }}-mgnt'