From f0a518baf6ae830b6d1ac321bc1661d7566615f8 Mon Sep 17 00:00:00 2001 From: Don Naro Date: Thu, 8 Aug 2024 18:39:33 +0100 Subject: [PATCH] Remove Helm chart code (#1938) * rm Helm chart starter directory * rm Helm release playbook * rm Helm install from docs * rm Helm chart workflows * rm Helm starter from yamllint * rm Helm targets from Makefile * Revert "rm Helm targets from Makefile" This reverts commit da383601683c7fe277fce61a4d62bd0380ff2bd2. * remove helm from Makefile * rm kubectl-slice and yp from Makefile --- .github/workflows/ci.yaml | 43 -- .github/workflows/promote.yaml | 11 - .github/workflows/publish-helm.yml | 26 -- .helm/starter/.helmignore | 23 -- .helm/starter/Chart.yaml | 7 - .helm/starter/README.md | 371 ------------------ .helm/starter/templates/_helpers.tpl | 6 - .helm/starter/templates/awx-deploy.yaml | 28 -- .helm/starter/templates/extra-list.yaml | 8 - .helm/starter/templates/postgres-config.yaml | 19 - .helm/starter/templates/secrets/_helpers.tpl | 170 -------- .../secrets/admin-password-secret.yaml | 16 - .../secrets/cp-pull-credentials-secret.yaml | 16 - .../secrets/custom-certs-secret.yaml | 49 --- .../secrets/ee-pull-credentials-secret.yaml | 19 - .../templates/secrets/ingress-tls-secret.yaml | 25 -- .../secrets/ldap-password-secret.yaml | 16 - .../templates/secrets/route-tls-secret.yaml | 17 - .../templates/secrets/secret-key-secret.yaml | 16 - .helm/starter/templates/storage/_helpers.tpl | 57 --- .../templates/storage/postgres-pv.yaml | 19 - .../templates/storage/projects-pv.yaml | 32 -- .helm/starter/values.yaml | 19 - .yamllint | 1 - Makefile | 208 ---------- ansible/helm-release.yml | 122 ------ .../helm-install-on-existing-cluster.md | 29 -- mkdocs.yml | 1 - 28 files changed, 1374 deletions(-) delete mode 100644 .github/workflows/publish-helm.yml delete mode 100644 .helm/starter/.helmignore delete mode 100644 .helm/starter/Chart.yaml delete mode 100644 .helm/starter/README.md delete mode 100644 .helm/starter/templates/_helpers.tpl delete mode 100644 .helm/starter/templates/awx-deploy.yaml delete mode 100644 .helm/starter/templates/extra-list.yaml delete mode 100644 .helm/starter/templates/postgres-config.yaml delete mode 100644 .helm/starter/templates/secrets/_helpers.tpl delete mode 100644 .helm/starter/templates/secrets/admin-password-secret.yaml delete mode 100644 .helm/starter/templates/secrets/cp-pull-credentials-secret.yaml delete mode 100644 .helm/starter/templates/secrets/custom-certs-secret.yaml delete mode 100644 .helm/starter/templates/secrets/ee-pull-credentials-secret.yaml delete mode 100644 .helm/starter/templates/secrets/ingress-tls-secret.yaml delete mode 100644 .helm/starter/templates/secrets/ldap-password-secret.yaml delete mode 100644 .helm/starter/templates/secrets/route-tls-secret.yaml delete mode 100644 .helm/starter/templates/secrets/secret-key-secret.yaml delete mode 100644 .helm/starter/templates/storage/_helpers.tpl delete mode 100644 .helm/starter/templates/storage/postgres-pv.yaml delete mode 100644 .helm/starter/templates/storage/projects-pv.yaml delete mode 100644 .helm/starter/values.yaml delete mode 100644 ansible/helm-release.yml delete mode 100644 docs/installation/helm-install-on-existing-cluster.md diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 52844dd75..c7dda08f9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -50,49 +50,6 @@ jobs: with: name: awx_operator_molecule_test path: ${{ env.DEBUG_OUTPUT_DIR }} - helm: - runs-on: ubuntu-latest - name: helm - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.10.0 - - - name: Build operator image and load into kind - run: | - IMG=awx-operator-ci make docker-build - kind load docker-image --name chart-testing awx-operator-ci - - - name: Patch pull policy for tests - run: | - kustomize edit add patch --path ../testing/pull_policy/Never.yaml - working-directory: config/default - - - name: Build and lint helm chart - run: | - IMG=awx-operator-ci make helm-chart - helm lint ./charts/awx-operator - - - name: Install kubeval - run: | - mkdir tmp && cd tmp - wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz - tar xf kubeval-linux-amd64.tar.gz - sudo cp kubeval /usr/local/bin - working-directory: ./charts - - - name: Run kubeval - run: | - helm template -n awx awx-operator > tmp/test.yaml - kubeval --strict --force-color --ignore-missing-schemas tmp/test.yaml - working-directory: ./charts - - - name: Install helm chart - run: | - helm install --wait my-awx-operator --namespace awx --create-namespace ./charts/awx-operator no-log: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 407ad3dd9..f154f8807 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -70,14 +70,3 @@ jobs: docker buildx imagetools create \ ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \ --tag ${{ env.QUAY_REGISTRY }}/awx-operator:latest - - - - name: Release Helm chart - run: | - ansible-playbook ansible/helm-release.yml -v \ - -e operator_image=${{ env.QUAY_REGISTRY }}/awx-operator \ - -e chart_owner=${{ github.repository_owner }} \ - -e tag=${{ env.TAG_NAME }} \ - -e gh_token=${{ secrets.GITHUB_TOKEN }} \ - -e gh_user=${{ github.actor }} \ - -e repo_type=https diff --git a/.github/workflows/publish-helm.yml b/.github/workflows/publish-helm.yml deleted file mode 100644 index 6edbf08cb..000000000 --- a/.github/workflows/publish-helm.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -name: Re-publish helm chart -on: - workflow_dispatch: - inputs: - tag: - description: 'Release tag' - required: true - type: string -jobs: - promote: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - depth: 0 - - - name: Release Helm chart - run: | - ansible-playbook ansible/helm-release.yml -v \ - -e operator_image=quay.io/${{ github.repository }} \ - -e chart_owner=${{ github.repository_owner }} \ - -e tag=${{ inputs.tag }} \ - -e gh_token=${{ secrets.GITHUB_TOKEN }} \ - -e gh_user=${{ github.actor }} \ - -e repo_type=https diff --git a/.helm/starter/.helmignore b/.helm/starter/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/.helm/starter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/.helm/starter/Chart.yaml b/.helm/starter/Chart.yaml deleted file mode 100644 index efc98d552..000000000 --- a/.helm/starter/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v2 -appVersion: 0.1.0 -description: A Helm chart for Kubernetes -name: starter -type: application -version: 0.1.0 diff --git a/.helm/starter/README.md b/.helm/starter/README.md deleted file mode 100644 index 31e48bd7c..000000000 --- a/.helm/starter/README.md +++ /dev/null @@ -1,371 +0,0 @@ -# AWX Operator Helm Chart - -This chart installs the AWX Operator resources configured in [this](https://github.com/ansible/awx-operator) repository. - -## Getting Started -To configure your AWX resource using this chart, create your own `yaml` values file. The name is up to personal preference since it will explicitly be passed into the helm chart. Helm will merge whatever values you specify in your file with the default `values.yaml`, overriding any settings you've changed while allowing you to fall back on defaults. Because of this functionality, `values.yaml` should not be edited directly. - -In your values config, enable `AWX.enabled` and add `AWX.spec` values based on the awx operator's [documentation](https://github.com/ansible/awx-operator/blob/devel/README.md). Consult the docs below for additional functionality. - -### Installing - -The operator's [helm install](https://ansible.readthedocs.io/projects/awx-operator/en/latest/installation/helm-install-on-existing-cluster.html) guide provides key installation instructions. - -Example: - -```bash -helm install my-awx-operator awx-operator/awx-operator -n awx --create-namespace -f myvalues.yaml -``` - -Argument breakdown: -* `-f` passes in the file with your custom values -* `-n` sets the namespace to be installed in - * This value is accessed by `{{ $.Release.Namespace }}` in the templates - * Acts as the default namespace for all unspecified resources -* `--create-namespace` specifies that helm should create the namespace before installing - -To update an existing installation, use `helm upgrade` instead of `install`. The rest of the syntax remains the same. - -### Caveats on upgrading existing installation - -There is no support at this time for upgrading or deleting CRDs using Helm. See [helm documentation](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) for additional detail. - -When upgrading to releases with CRD changes use the following command to update the CRDs - -```bash -kubectl apply --server-side -k github.com/ansible/awx-operator/config/crd?ref= -``` - -If running above command results in an error like below: - -```text -Apply failed with 1 conflict: conflict with "helm" using apiextensions.k8s.io/v1: .spec.versions -Please review the fields above--they currently have other managers. Here -are the ways you can resolve this warning: -* If you intend to manage all of these fields, please re-run the apply - command with the `--force-conflicts` flag. -* If you do not intend to manage all of the fields, please edit your - manifest to remove references to the fields that should keep their - current managers. -* You may co-own fields by updating your manifest to match the existing - value; in this case, you'll become the manager if the other manager(s) - stop managing the field (remove it from their configuration). -See https://kubernetes.io/docs/reference/using-api/server-side-apply/#conflicts -``` - -Use `--force-conflicts` flag to resolve the conflict. - -```bash -kubectl apply --server-side --force-conflicts -k github.com/ansible/awx-operator/config/crd?ref= -``` - -## Configuration -The goal of adding helm configurations is to abstract out and simplify the creation of multi-resource configs. The `AWX.spec` field maps directly to the spec configs of the `AWX` resource that the operator provides, which are detailed in the [main README](https://github.com/ansible/awx-operator/blob/devel/README.md). Other sub-config can be added with the goal of simplifying more involved setups that require additional resources to be specified. - -These sub-headers aim to be a more intuitive entrypoint into customizing your deployment, and are easier to manage in the long-term. By design, the helm templates will defer to the manually defined specs to avoid configuration conflicts. For example, if `AWX.spec.postgres_configuration_secret` is being used, the `AWX.postgres` settings will not be applied, even if enabled. - -### External Postgres -The `AWX.postgres` section simplifies the creation of the external postgres secret. If enabled, the configs provided will automatically be placed in a `postgres-config` secret and linked to the `AWX` resource. For proper secret management, the `AWX.postgres.password` value, and any other sensitive values, can be passed in at the command line rather than specified in code. Use the `--set` argument with `helm install`. Supplying the password this way is not recommended for production use, but may be helpful for initial PoC. - -### Additional Kubernetes Resources -The `AWX.extraDeploy` section allows the creation of additional Kubernetes resources. This simplifies setups requiring additional objects that are used by AWX, e.g. using `ExternalSecrets` to create Kubernetes secrets. - -Resources are passed as an array, either as YAML or strings (literal "|"). The resources are passed through `tpl`, so templating is possible. Example: - -```yaml -AWX: - # enable use of awx-deploy template - ... - - # configurations for external postgres instance - postgres: - enabled: false - ... - -extraDeploy: - - | - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: - name: {{ .Release.Name }}-postgres-secret-string-example - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }} - spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - refreshInterval: "1h" - target: - name: postgres-configuration-secret-string-example - creationPolicy: "Owner" - deletionPolicy: "Delete" - dataFrom: - - extract: - key: awx/postgres-configuration-secret - - - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: - name: "{{ .Release.Name }}-postgres-secret-yaml-example" - namespace: "{{ .Release.Namespace }}" - labels: - app: "{{ .Release.Name }}" - spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - refreshInterval: "1h" - target: - name: postgres-configuration-secret-yaml-example - creationPolicy: "Owner" - deletionPolicy: "Delete" - dataFrom: - - extract: - key: awx/postgres-configuration-secret -``` - -### Custom secrets -The `customSecrets` section simplifies the creation of our custom secrets used during AWX deployment. Supplying the passwords this way is not recommended for production use, but may be helpful for initial PoC. - -If enabled, the configs provided will automatically used to create the respective secrets and linked at the CR spec level. For proper secret management, the sensitive values can be passed in at the command line rather than specified in code. Use the `--set` argument with `helm install`. - -Example: - -```yaml -AWX: - # enable use of awx-deploy template - ... - - # configurations for external postgres instance - postgres: - enabled: false - ... - - customSecrets: - enabled: true - admin: - enabled: true - password: mysuperlongpassword - secretName: my-admin-password - secretKey: - enabled: true - key: supersecuresecretkey - secretName: my-awx-secret-key - ingressTls: - enabled: true - selfSignedCert: true - key: unset - certificate: unset - routeTls: - enabled: false - key: - certificate: - ldapCacert: - enabled: false - crt: - ldap: - enabled: true - password: yourldapdnpassword - bundleCacert: - enabled: false - crt: - eePullCredentials: - enabled: false - url: unset - username: unset - password: unset - sslVerify: true - secretName: my-ee-pull-credentials - cpPullCredentials: - enabled: false - dockerconfig: - - registry: https://index.docker.io/v1/ - username: unset - password: unset - secretName: my-cp-pull-credentials -``` - -### Custom volumes -The `customVolumes` section simplifies the creation of Persistent Volumes used when you want to store your databases and projects files on the cluster's Node. Since their backends are `hostPath`, the size specified are just like a label and there is no actual capacity limitation. - -You have to prepare directories for these volumes. For example: - -```bash -sudo mkdir -p /data/postgres-13 -sudo mkdir -p /data/projects -sudo chmod 755 /data/postgres-13 -sudo chown 1000:0 /data/projects -``` - -Example: - -```yaml -AWX: - # enable use of awx-deploy template - ... - - # configurations for external postgres instance - postgres: - enabled: false - ... - - customVolumes: - postgres: - enabled: true - hostPath: /data/postgres-13 - projects: - enabled: true - hostPath: /data/projects - size: 1Gi -``` - -## Values Summary - -### AWX -| Value | Description | Default | -|---|---|---| -| `AWX.enabled` | Enable this AWX resource configuration | `false` | -| `AWX.name` | The name of the AWX resource and default prefix for other resources | `"awx"` | -| `AWX.spec` | specs to directly configure the AWX resource | `{}` | -| `AWX.postgres` | configurations for the external postgres secret | - | - -### extraDeploy -| Value | Description | Default | -|---|---|---| -| `extraDeploy` | array of additional resources to be deployed (supports YAML or literal "\|") | - | - -### Operator -| Value | Description | Default | -|---|---|---| -| `Operator.replicas` | Number of controller-manager instance replicas | `1` | - -### customSecrets -| Value | Description | Default | -|---|---|---| -| `customSecrets.enabled` | Enable the secret resources configuration | `false` | -| `customSecrets.admin` | Configurations for the secret that contains the admin user password | - | -| `customSecrets.secretKey` | Configurations for the secret that contains the symmetric key for encryption | - | -| `customSecrets.ingressTls` | Configurations for the secret that contains the TLS information when `ingress_type=ingress` | - | -| `customSecrets.routeTls` | Configurations for the secret that contains the TLS information when `ingress_type=route` (`route_tls_secret`) | - | -| `customSecrets.ldapCacert` | Configurations for the secret that contains the LDAP Certificate Authority | - | -| `customSecrets.ldap` | Configurations for the secret that contains the LDAP BIND DN password | - | -| `customSecrets.bundleCacert` | Configurations for the secret that contains the Certificate Authority | - | -| `customSecrets.eePullCredentials` | Configurations for the secret that contains the pull credentials for registered ees can be found | - | -| `customSecrets.cpPullCredentials` | Configurations for the secret that contains the image pull credentials for app and database containers | - | - - -Below the addition variables to customize the secret configuration. - -#### Admin user password secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.admin.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.admin.password` | Admin user password | - | -| `customSecrets.admin.secretName` | Name of secret for `admin_password_secret` | `-admin-password>` | - -#### Secret Key secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.secretKey.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.secretKey.key` | Key is used to encrypt sensitive data in the database | - | -| `customSecrets.secretKey.secretName` | Name of secret for `secret_key_secret` | `-secret-key` | - -#### Ingress TLS secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.ingressTls.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.ingressTls.selfSignedCert` | If `true`, an self-signed TLS certificate for `AWX.spec.hostname` will be create by helm | `false` | -| `customSecrets.ingressTls.key` | Private key to use for TLS/SSL | - | -| `customSecrets.ingressTls.certificate` | Certificate to use for TLS/SSL | - | -| `customSecrets.ingressTls.secretName` | Name of secret for `ingress_tls_secret` | `-ingress-tls` | -| `customSecrets.ingressTls.labels` | Array of labels for the secret | - | - -#### Route TLS secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.routeTls.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.routeTls.key` | Private key to use for TLS/SSL | - | -| `customSecrets.routeTls.certificate` | Certificate to use for TLS/SSL | - | -| `customSecrets.routeTls.secretName` | Name of secret for `route_tls_secret` | `-route-tls` | - -#### LDAP Certificate Authority secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.ldapCacert.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.ldapCacert.crt` | Bundle of CA Root Certificates | - | -| `customSecrets.ldapCacert.secretName` | Name of secret for `ldap_cacert_secret` | `-custom-certs` | - -#### LDAP BIND DN Password secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.ldap.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.ldap.password` | LDAP BIND DN password | - | -| `customSecrets.ldap.secretName` | Name of secret for `ldap_password_secret` | `-ldap-password` | - -#### Certificate Authority secret configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.bundleCacert.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.bundleCacert.crt` | Bundle of CA Root Certificates | - | -| `customSecrets.bundleCacert.secretName` | Name of secret for `bundle_cacert_secret` | `-custom-certs` | - -#### Default EE pull secrets configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.eePullCredentials.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.eePullCredentials.url` | Registry url | - | -| `customSecrets.eePullCredentials.username` | Username to connect as | - | -| `customSecrets.eePullCredentials.password` | Password to connect with | - | -| `customSecrets.eePullCredentials.sslVerify` | Whether verify ssl connection or not. | `true` | -| `customSecrets.eePullCredentials.secretName` | Name of secret for `ee_pull_credentials_secret` | `-ee-pull-credentials` | - -#### Control Plane pull secrets configuration -| Value | Description | Default | -|---|---|---| -| `customSecrets.cpPullCredentials.enabled` | If `true`, secret will be created | `false` | -| `customSecrets.cpPullCredentials.dockerconfig` | Array of configurations for the Docker credentials that are used for accessing a registry | - | -| `customSecrets.cpPullCredentials.dockerconfig[].registry` | Server location for Docker registry | `https://index.docker.io/v1/` | -| `customSecrets.cpPullCredentials.dockerconfig[].username` | Username to connect as | - | -| `customSecrets.cpPullCredentials.dockerconfig[].password` | Password to connect with | - | -| `customSecrets.cpPullCredentials.secretName` | Name of secret for `image_pull_secrets`| `-cp-pull-credentials` | - -### customVolumes - -#### Persistent Volume for databases postgres -| Value | Description | Default | -|---|---|---| -| `customVolumes.postgres.enabled` | Enable the PV resource configuration for the postgres databases | `false` | -| `customVolumes.postgres.hostPath` | Directory location on host | - | -| `customVolumes.postgres.size` | Size of the volume | `8Gi` | -| `customVolumes.postgres.accessModes` | Volume access mode | `ReadWriteOnce` | -| `customVolumes.postgres.storageClassName` | PersistentVolume storage class name for `postgres_storage_class` | `-postgres-volume` | - -#### Persistent Volume for projects files -| Value | Description | Default | -|---|---|---| -| `customVolumes.projects.enabled` | Enable the PVC and PVC resources configuration for the projects files | `false` | -| `customVolumes.projects.hostPath` | Directory location on host | - | -| `customVolumes.projects.size` | Size of the volume | `8Gi` | -| `customVolumes.projects.accessModes` | Volume access mode | `ReadWriteOnce` | -| `customVolumes.postgres.storageClassName` | PersistentVolume storage class name | `-projects-volume` | - -# Contributing - -## Adding abstracted sections -Where possible, defer to `AWX.spec` configs before applying the abstracted configs to avoid collision. This can be facilitated by the `(hasKey .spec what_i_will_abstract)` check. - -## Building and Testing -This chart is built using the Makefile in the [awx-operator repo](https://github.com/ansible/awx-operator). Clone the repo and run `make helm-chart`. This will create the awx-operator chart in the `charts/awx-operator` directory. In this process, the contents of the `.helm/starter` directory will be added to the chart. - -## Future Goals -All values under the `AWX` header are focused on configurations that use the operator. Configurations that relate to the Operator itself could be placed under an `Operator` heading, but that may add a layer of complication over current development. - - -# Chart Publishing - -The chart is currently hosted on the gh-pages branch of the repo. During the release pipeline, the `index.yaml` stored in that branch is generated with helm chart entries from all valid tags. We are currently unable to use the `chart-releaser` pipeline due to the fact that the complete helm chart is not committed to the repo and is instead built during the release process. Therefore, the cr action is unable to compare against previous versions. - -Instead of CR, we use `helm repo index` to generate an index from all locally pulled chart versions. Since we build from scratch every time, the timestamps of all entries will be updated. This could be improved by using yq or something similar to detect which tags are already in the index.yaml file, and only merge in tags that are not present. - -Not using CR could be addressed in the future by keeping the chart built as a part of releases, as long as CR compares the chart to previous release packages rather than previous commits. If the latter is the case, then we would not have the necessary history for comparison. diff --git a/.helm/starter/templates/_helpers.tpl b/.helm/starter/templates/_helpers.tpl deleted file mode 100644 index 5deab2941..000000000 --- a/.helm/starter/templates/_helpers.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{/* -Generate the name of the postgres secret, expects AWX context passed in -*/}} -{{- define "postgres.secretName" -}} -{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }} -{{- end }} diff --git a/.helm/starter/templates/awx-deploy.yaml b/.helm/starter/templates/awx-deploy.yaml deleted file mode 100644 index 742ef36ba..000000000 --- a/.helm/starter/templates/awx-deploy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if $.Values.AWX.enabled }} -{{- with .Values.AWX }} -apiVersion: awx.ansible.com/v1beta1 -kind: AWX -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} -spec: -{{- /* Provide custom persistent volumes configs if enabled */}} -{{- include "spec.storageClassNames" $ }} -{{- /* Provide custom secrets configs if enabled */}} -{{- include "spec.secrets" $ }} -{{- /* Include raw map from the values file spec */}} -{{ .spec | toYaml | indent 2 }} -{{- /* Provide security context defaults */}} - {{- if not (hasKey .spec "security_context_settings") }} - security_context_settings: - runAsGroup: 0 - runAsUser: 0 - fsGroup: 0 - fsGroupChangePolicy: OnRootMismatch - {{- end }} -{{- /* Postgres configs if enabled and not already present */}} - {{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }} - postgres_configuration_secret: {{ include "postgres.secretName" $ }} - {{- end }} -{{- end }} -{{- end }} diff --git a/.helm/starter/templates/extra-list.yaml b/.helm/starter/templates/extra-list.yaml deleted file mode 100644 index 5237334f8..000000000 --- a/.helm/starter/templates/extra-list.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- range .Values.extraDeploy }} ---- - {{- if typeIs "string" . }} - {{- tpl . $ }} - {{- else }} - {{- tpl (. | toYaml | nindent 0) $ }} - {{- end }} -{{- end }} diff --git a/.helm/starter/templates/postgres-config.yaml b/.helm/starter/templates/postgres-config.yaml deleted file mode 100644 index 12bb2836c..000000000 --- a/.helm/starter/templates/postgres-config.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and $.Values.AWX.enabled $.Values.AWX.postgres.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "postgres.secretName" . }} - namespace: {{ $.Release.Namespace }} -{{- with $.Values.AWX.postgres }} -stringData: - host: {{ .host }} - port: {{ .port | quote }} - database: {{ .dbName }} - username: {{ .username }} - password: {{ .password }} - sslmode: {{ .sslmode }} - target_session_attrs: {{ .target_session_attrs | default "any" }} - type: {{ .type }} -type: Opaque -{{- end }} -{{- end }} diff --git a/.helm/starter/templates/secrets/_helpers.tpl b/.helm/starter/templates/secrets/_helpers.tpl deleted file mode 100644 index c6a00896d..000000000 --- a/.helm/starter/templates/secrets/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -{{/* -Generate certificates for ingress -*/}} -{{- define "ingress.gen-certs" -}} -{{- $ca := genCA "ingress-ca" 365 -}} -{{- $cert := genSignedCert ( $.Values.AWX.spec.hostname | required "AWX.spec.hostname is required!" ) nil nil 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Generate the name of the secret that contains the admin user password -*/}} -{{- define "admin.secretName" -}} -{{ default (printf "%s-admin-password" $.Values.AWX.name) (default $.Values.customSecrets.admin.secretName $.Values.AWX.spec.admin_password_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the TLS information when ingress_type=route -*/}} -{{- define "routeTls.secretName" -}} -{{ default (printf "%s-route-tls" $.Values.AWX.name) (default $.Values.customSecrets.routeTls.secretName $.Values.AWX.spec.route_tls_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the TLS information when ingress_type=ingress -*/}} -{{- define "ingressTls.secretName" -}} -{{ default (printf "%s-ingress-tls" $.Values.AWX.name) (default $.Values.customSecrets.ingressTls.secretName $.Values.AWX.spec.ingress_tls_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the LDAP Certificate Authority -*/}} -{{- define "ldapCacert.secretName" -}} -{{ default (printf "%s-custom-certs" $.Values.AWX.name) (default ($.Values.customSecrets.ldapCacert).secretName $.Values.AWX.spec.ldap_cacert_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the custom Certificate Authority -*/}} -{{- define "bundleCacert.secretName" -}} -{{ default (printf "%s-custom-certs" $.Values.AWX.name) (default ($.Values.customSecrets.bundleCacert).secretName $.Values.AWX.spec.bundle_cacert_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the LDAP BIND DN password -*/}} -{{- define "ldap.secretName" -}} -{{ default (printf "%s-ldap-password" $.Values.AWX.name) (default $.Values.customSecrets.ldap.secretName $.Values.AWX.spec.ldap_password_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the symmetric key for encryption -*/}} -{{- define "secretKey.secretName" -}} -{{ default (printf "%s-secret-key" $.Values.AWX.name) (default $.Values.customSecrets.secretKey.secretName $.Values.AWX.spec.secret_key_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the default execution environment pull credentials -*/}} -{{- define "eePullCredentials.secretName" -}} -{{ default (printf "%s-ee-pull-credentials" $.Values.AWX.name) (default $.Values.customSecrets.eePullCredentials.secretName $.Values.AWX.spec.ee_pull_credentials_secret) }} -{{- end }} - -{{/* -Generate the name of the secret that contains the default control plane pull credentials -*/}} -{{- define "cpPullCredentials.secretName" -}} -{{ default (printf "%s-cp-pull-credentials" $.Values.AWX.name) (default $.Values.customSecrets.cpPullCredentials.secretName $.Values.AWX.spec.image_pull_secrets) }} -{{- end }} - -{{/* -Generate the .dockerconfigjson file unencoded. -*/}} -{{- define "dockerconfigjson.b64dec" }} - {{- print "{\"auths\":{" }} - {{- range $index, $item := . }} - {{- if $index }} - {{- print "," }} - {{- end }} - {{- printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" (default "https://index.docker.io/v1/" $item.registry) $item.username $item.password (default "" $item.email) (printf "%s:%s" $item.username $item.password | b64enc) }} - {{- end }} - {{- print "}}" }} -{{- end }} - -{{/* -Generate the base64-encoded .dockerconfigjson. -*/}} -{{- define "dockerconfigjson.b64enc" }} - {{- $list := ternary (list .) . (kindIs "map" .) }} - {{- include "dockerconfigjson.required" $list }} - {{- include "dockerconfigjson.b64dec" $list | b64enc }} -{{- end }} - -{{/* -Required values for .dockerconfigjson -*/}} -{{- define "dockerconfigjson.required" -}} - {{- range . -}} - {{- $_ := required "cpPullCredentials.dockerconfigjson[].username is required!" .username -}} - {{- $_ := required "cpPullCredentials.dockerconfigjson[].password is required!" .password -}} - {{- end -}} - {{/* Check for registry uniqueness */}} - {{- $registries := list -}} - {{- range . -}} - {{- $registries = append $registries (default "https://index.docker.io/v1/" .registry) -}} - {{- end -}} - {{- $_ := required "All cpPullCredentials.dockerconfigjson[].registry's must be unique!" (or (eq (len $registries) (len ($registries | uniq))) nil) -}} -{{- end -}} - -{{/* -Generate the name of the secrets -*/}} -{{- define "spec.secrets" -}} -{{- /* secret configs if enabled */}} -{{- if hasKey $.Values "customSecrets" }} -{{- with $.Values.customSecrets }} -{{- if .enabled }} - {{- if hasKey . "admin" }} - {{- if and (not (hasKey $.Values.AWX.spec "admin_password_secret")) .admin.enabled }} - admin_password_secret: {{ include "admin.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "secretKey" }} - {{- if and (not (hasKey $.Values.AWX.spec "secret_key_secret")) .secretKey.enabled }} - secret_key_secret: {{ include "secretKey.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "routeTls" }} - {{- if and (not (hasKey $.Values.AWX.spec "route_tls_secret")) .routeTls.enabled }} - route_tls_secret: {{ include "routeTls.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "ingressTls" }} - {{- if and (not (hasKey $.Values.AWX.spec "ingress_tls_secret")) .ingressTls.enabled }} - ingress_tls_secret: {{ include "ingressTls.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "ldapCacert" }} - {{- if and (not (hasKey $.Values.AWX.spec "ldap_cacert_secret")) .ldapCacert.enabled }} - ldap_cacert_secret: {{ include "ldapCacert.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "bundleCacert" }} - {{- if and (not (hasKey $.Values.AWX.spec "bundle_cacert_secret")) .bundleCacert.enabled }} - bundle_cacert_secret: {{ include "bundleCacert.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "ldap" }} - {{- if and (not (hasKey $.Values.AWX.spec "ldap_password_secret")) .ldap.enabled }} - ldap_password_secret: {{ include "ldap.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "eePullCredentials" }} - {{- if and (not (hasKey $.Values.AWX.spec "ee_pull_credentials_secret")) .eePullCredentials.enabled }} - ee_pull_credentials_secret: {{ include "eePullCredentials.secretName" $ }} - {{- end }} - {{- end }} - {{- if hasKey . "cpPullCredentials" }} - {{- if and (not (hasKey $.Values.AWX.spec "image_pull_secrets")) .cpPullCredentials.enabled }} - image_pull_secrets: - - {{ include "cpPullCredentials.secretName" $ }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/admin-password-secret.yaml b/.helm/starter/templates/secrets/admin-password-secret.yaml deleted file mode 100644 index d864c9f0a..000000000 --- a/.helm/starter/templates/secrets/admin-password-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "admin" }} -{{- with $.Values.customSecrets.admin }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "admin.secretName" $ }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - password: {{ .password | required "customSecrets.admin.password is required!" | b64enc }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/cp-pull-credentials-secret.yaml b/.helm/starter/templates/secrets/cp-pull-credentials-secret.yaml deleted file mode 100644 index df31c36b6..000000000 --- a/.helm/starter/templates/secrets/cp-pull-credentials-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "cpPullCredentials" }} -{{- with $.Values.customSecrets.cpPullCredentials }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "cpPullCredentials.secretName" $ }} - namespace: {{ $.Release.Namespace }} -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ template "dockerconfigjson.b64enc" .dockerconfig | required "customSecrets.cpPullCredentials.dockerconfig is required!" }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/custom-certs-secret.yaml b/.helm/starter/templates/secrets/custom-certs-secret.yaml deleted file mode 100644 index c93f59fb3..000000000 --- a/.helm/starter/templates/secrets/custom-certs-secret.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- with .Values.customSecrets }} -{{- $hasLdapCrt := (hasKey $.Values.customSecrets "ldapCacert") -}} -{{- $hasBundleCrt := (hasKey . "bundleCacert") -}} -{{- if or $hasLdapCrt $hasBundleCrt }} -{{- $ldapCrtEnabled := ternary (.ldapCacert).enabled false $hasLdapCrt -}} -{{- $bundleCrtEnabled := ternary (.bundleCacert).enabled false $hasBundleCrt -}} -{{- $ldapSecretName := (include "ldapCacert.secretName" $) -}} -{{- $bundleSecretName := (include "bundleCacert.secretName" $) -}} -{{- if and (or $bundleCrtEnabled $ldapCrtEnabled) (eq $ldapSecretName $bundleSecretName) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $ldapSecretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: -{{- if $ldapCrtEnabled }} - ldap-ca.crt: {{ .ldapCacert.crt | required "customSecrets.ldapCacert.crt is required!" | b64enc }} -{{- end }} -{{- if $bundleCrtEnabled }} - bundle-ca.crt: {{ .bundleCacert.crt | required "customSecrets.bundleCacert.crt is required!" | b64enc }} -{{- end }} -{{- else }} -{{- if $ldapCrtEnabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $ldapSecretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - ldap-ca.crt: {{ .ldapCacert.crt | required "customSecrets.ldapCacert.crt is required!" | b64enc }} -{{- end }} -{{- if $bundleCrtEnabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $bundleSecretName }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - bundle-ca.crt: {{ .bundleCacert.crt | required "customSecrets.bundleCacert.crt is required!" | b64enc }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/ee-pull-credentials-secret.yaml b/.helm/starter/templates/secrets/ee-pull-credentials-secret.yaml deleted file mode 100644 index b6108028e..000000000 --- a/.helm/starter/templates/secrets/ee-pull-credentials-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "eePullCredentials" }} -{{- with $.Values.customSecrets.eePullCredentials }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "eePullCredentials.secretName" $ }} - namespace: {{ $.Release.Namespace }} -type: Opaque -stringData: - url: {{ (required "customSecrets.eePullCredentials.url is required!" .url) | quote }} - username: {{ (required "customSecrets.eePullCredentials.username is required!" .username) | quote }} - password: {{ (required "customSecrets.eePullCredentials.password is required!" .password) | quote }} - ssl_verify: {{ or .sslVerify (eq (.sslVerify | toString) "") | quote }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/ingress-tls-secret.yaml b/.helm/starter/templates/secrets/ingress-tls-secret.yaml deleted file mode 100644 index b094e29f3..000000000 --- a/.helm/starter/templates/secrets/ingress-tls-secret.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "ingressTls" }} -{{- with $.Values.customSecrets.ingressTls }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "ingressTls.secretName" $ }} - namespace: {{ $.Release.Namespace }} -{{- if .labels }} - labels: -{{ toYaml .labels | indent 4 }} -{{- end }} -type: kubernetes.io/tls -data: -{{- if .selfSignedCert }} -{{ ( include "ingress.gen-certs" $ ) | indent 2 }} -{{ else }} - tls.key: {{ (.key | required "customSecrets.ingressTls.key is required!") | b64enc }} - tls.crt: {{ (.certificate | required "customSecrets.ingressTls.certificate is required!") | b64enc }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/ldap-password-secret.yaml b/.helm/starter/templates/secrets/ldap-password-secret.yaml deleted file mode 100644 index 6d28cc66f..000000000 --- a/.helm/starter/templates/secrets/ldap-password-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "ldap" }} -{{- with $.Values.customSecrets.ldap }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "ldap.secretName" $ }} - namespace: {{ $.Release.Namespace }} -type: Opaque -data: - ldap-password: {{ .password | required "customSecrets.ldap.password is required!" | b64enc }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/route-tls-secret.yaml b/.helm/starter/templates/secrets/route-tls-secret.yaml deleted file mode 100644 index 2e024af93..000000000 --- a/.helm/starter/templates/secrets/route-tls-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "routeTls" }} -{{- with $.Values.customSecrets.routeTls }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "routeTls.secretName" $ }} - namespace: {{ $.Release.Namespace }} -type: kubernetes.io/tls -data: - tls.key: {{ (.key | required "customSecrets.routeTls.key is required!") | b64enc }} - tls.crt: {{ (.certificate | required "customSecrets.routeTls.certificate is required!") | b64enc }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/secrets/secret-key-secret.yaml b/.helm/starter/templates/secrets/secret-key-secret.yaml deleted file mode 100644 index ef9a27769..000000000 --- a/.helm/starter/templates/secrets/secret-key-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if ($.Values.customSecrets).enabled }} -{{- if hasKey .Values.customSecrets "secretKey" }} -{{- with $.Values.customSecrets.secretKey }} -{{- if .enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "secretKey.secretName" $ }} - namespace: {{ $.Release.Namespace }} -type: Opaque -stringData: - secret_key: {{ .key | required "customSecrets.secretKey.key is required!" | quote }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/storage/_helpers.tpl b/.helm/starter/templates/storage/_helpers.tpl deleted file mode 100644 index d31bb439b..000000000 --- a/.helm/starter/templates/storage/_helpers.tpl +++ /dev/null @@ -1,57 +0,0 @@ -{{/* -Generate the name of the persistent volume for postgres folders -*/}} -{{- define "postgres.persistentVolumeName" -}} -{{ printf "%s-postgres-volume" $.Values.AWX.name }} -{{- end }} - -{{/* -Generate the name of the persistent volume for projects folder -*/}} -{{- define "projects.persistentVolumeName" -}} -{{ printf "%s-projects-volume" $.Values.AWX.name }} -{{- end }} - -{{/* -Generate the name of the persistent volume claim for the projects volume -*/}} -{{- define "projects.persistentVolumeClaim" -}} -{{ printf "%s-projects-claim" $.Values.AWX.name }} -{{- end }} - -{{/* -Generate the name of the storage class to use for the postgres volume -*/}} -{{- define "postgres.storageClassName" -}} -{{ default (printf "%s-postgres-volume" $.Values.AWX.name) (default $.Values.AWX.spec.postgres_storage_class (($.Values.customVolumes).postgres).storageClassName) }} -{{- end }} - -{{/* -Generate the name of the storage class to use for the projects volume -*/}} -{{- define "projects.storageClassName" -}} -{{ default (printf "%s-projects-volume" $.Values.AWX.name) (default $.Values.AWX.spec.projects_storage_class (($.Values.customVolumes).projects).storageClassName) }} -{{- end }} - -{{/* -Generate the name of the storage class names, expects AWX context passed in -*/}} -{{- define "spec.storageClassNames" -}} -{{- if and (not $.Values.AWX.postgres.enabled) (eq (($.Values.AWX.spec).postgres_configuration_secret | default "") "") -}} -{{- if (($.Values.customVolumes).postgres).enabled -}} - {{- if not (hasKey $.Values.AWX.spec "postgres_storage_class") }} - postgres_storage_class: {{ include "postgres.storageClassName" $ }} - {{- end }} - {{- if not (hasKey $.Values.AWX.spec "postgres_storage_requirements") }} - postgres_storage_requirements: - requests: - storage: {{ default "8Gi" $.Values.customVolumes.postgres.size | quote }} - {{- end }} -{{- end }} -{{- end }} -{{- if and ($.Values.AWX.spec.projects_persistence) (eq (($.Values.AWX.spec).projects_existing_claim | default "") "") -}} -{{- if (($.Values.customVolumes).projects).enabled }} - projects_existing_claim: {{ include "projects.persistentVolumeClaim" $ }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/templates/storage/postgres-pv.yaml b/.helm/starter/templates/storage/postgres-pv.yaml deleted file mode 100644 index 544feab79..000000000 --- a/.helm/starter/templates/storage/postgres-pv.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and (not $.Values.AWX.postgres.enabled) (eq (($.Values.AWX.spec).postgres_configuration_secret | default "") "") -}} -{{- if (($.Values.customVolumes).postgres).enabled -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "postgres.persistentVolumeName" $ }} -{{- with $.Values.customVolumes.postgres }} -spec: - accessModes: - - {{ default "ReadWriteOnce" .accessModes }} - persistentVolumeReclaimPolicy: {{ default "Retain" .reclaimPolicy | quote }} - capacity: - storage: {{ default "8Gi" .size | quote }} - storageClassName: {{ include "postgres.storageClassName" $ }} - hostPath: - path: /var/lib/pgsql/data/userdata -{{- end }} -{{- end }} -{{- end }} diff --git a/.helm/starter/templates/storage/projects-pv.yaml b/.helm/starter/templates/storage/projects-pv.yaml deleted file mode 100644 index f9a82c661..000000000 --- a/.helm/starter/templates/storage/projects-pv.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and ($.Values.AWX.spec.projects_persistence) (eq (($.Values.AWX.spec).projects_existing_claim | default "") "") -}} -{{- if (($.Values.customVolumes).projects).enabled -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "projects.persistentVolumeName" $ }} -{{- with $.Values.customVolumes.projects }} -spec: - accessModes: - - {{ default "ReadWriteOnce" (default $.Values.AWX.spec.projects_storage_access_mode .accessModes) }} - persistentVolumeReclaimPolicy: {{ default "Retain" .reclaimPolicy | quote }} - capacity: - storage: {{ default "8Gi" (default $.Values.AWX.spec.projects_storage_size .size) | quote }} - storageClassName: {{ include "projects.storageClassName" $ }} - hostPath: - path: {{ required "customVolumes.projects.hostPath is required!" .hostPath | quote }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "projects.persistentVolumeClaim" $ }} -spec: - accessModes: - - {{ default "ReadWriteOnce" (default $.Values.AWX.spec.projects_storage_access_mode .accessModes) }} - volumeMode: Filesystem - resources: - requests: - storage: {{ default "8Gi" (default $.Values.AWX.spec.projects_storage_size .size) | quote }} - storageClassName: {{ include "projects.storageClassName" $ }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/.helm/starter/values.yaml b/.helm/starter/values.yaml deleted file mode 100644 index f6c6db524..000000000 --- a/.helm/starter/values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -AWX: - # enable use of awx-deploy template - enabled: false - name: awx - spec: - admin_user: admin - - # configurations for external postgres instance - postgres: - enabled: false - host: Unset - port: 5678 - dbName: Unset - username: admin - # for secret management, pass in the password independently of this file - # at the command line, use --set AWX.postgres.password - password: Unset - sslmode: prefer - type: unmanaged diff --git a/.yamllint b/.yamllint index 0397b9035..3607db156 100644 --- a/.yamllint +++ b/.yamllint @@ -6,7 +6,6 @@ ignore: | kustomization.yaml awx-operator.clusterserviceversion.yaml bundle - .helm/starter hacking/ rules: diff --git a/Makefile b/Makefile index 4ab08783f..26ef1bb21 100644 --- a/Makefile +++ b/Makefile @@ -8,13 +8,6 @@ PREV_VERSION ?= $(shell git describe --abbrev=0 --tags $(shell git rev-list --ta CONTAINER_CMD ?= docker -# GNU vs BSD in-place sed -ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu) - SED_I := sed -i -else - SED_I := sed -i '' -endif - # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: @@ -60,15 +53,6 @@ endif IMG ?= $(IMAGE_TAG_BASE):$(VERSION) NAMESPACE ?= awx -# Helm variables -CHART_NAME ?= awx-operator -CHART_DESCRIPTION ?= A Helm chart for the AWX Operator -CHART_OWNER ?= $(GH_REPO_OWNER) -CHART_REPO ?= awx-operator -CHART_BRANCH ?= gh-pages -CHART_DIR ?= gh-pages -CHART_INDEX ?= index.yaml - .PHONY: all all: docker-build @@ -255,195 +239,3 @@ catalog-build: opm ## Build a catalog image. .PHONY: catalog-push catalog-push: ## Push a catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) - -.PHONY: kubectl-slice -KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice -kubectl-slice: ## Download kubectl-slice locally if necessary. -ifeq (,$(wildcard $(KUBECTL_SLICE))) -ifeq (,$(shell which kubectl-slice 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(KUBECTL_SLICE)) ;\ - curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_$(OS)_$(ARCHX).tar.gz | \ - tar xzf - -C bin/ kubectl-slice ;\ - } -else -KUBECTL_SLICE = $(shell which kubectl-slice) -endif -endif - -.PHONY: helm -HELM = $(shell pwd)/bin/helm -helm: ## Download helm locally if necessary. -ifeq (,$(wildcard $(HELM))) -ifeq (,$(shell which helm 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(HELM)) ;\ - curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \ - tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\ - mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\ - rmdir bin/$(OS)-$(ARCHA) ;\ - } -else -HELM = $(shell which helm) -endif -endif - -.PHONY: yq -YQ = $(shell pwd)/bin/yq -yq: ## Download yq locally if necessary. -ifeq (,$(wildcard $(YQ))) -ifeq (,$(shell which yq 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(HELM)) ;\ - curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \ - tar xzf - -C bin/ ;\ - mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\ - } -else -YQ = $(shell which yq) -endif -endif - -PHONY: cr -CR = $(shell pwd)/bin/cr -cr: ## Download cr locally if necessary. -ifeq (,$(wildcard $(CR))) -ifeq (,$(shell which cr 2>/dev/null)) - @{ \ - set -e ;\ - mkdir -p $(dir $(CR)) ;\ - curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \ - tar xzf - -C bin/ cr ;\ - } -else -CR = $(shell which cr) -endif -endif - -charts: - mkdir -p $@ - -.PHONY: helm-chart -helm-chart: helm-chart-generate - -.PHONY: helm-chart-generate -helm-chart-generate: kustomize helm kubectl-slice yq charts - @echo "== KUSTOMIZE: Set image and chart label ==" - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - cd config/manager && $(KUSTOMIZE) edit set label helm.sh/chart:$(CHART_NAME) - cd config/default && $(KUSTOMIZE) edit set label helm.sh/chart:$(CHART_NAME) - - @echo "== Gather Helm Chart Metadata ==" - # remove the existing chart if it exists - rm -rf charts/$(CHART_NAME) - # create new chart metadata in Chart.yaml - cd charts && \ - $(HELM) create $(CHART_NAME) --starter $(shell pwd)/.helm/starter ;\ - $(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\ - $(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\ - $(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\ - - @echo "Generated chart metadata:" - @cat charts/$(CHART_NAME)/Chart.yaml - - @echo "== KUSTOMIZE: Generate resources and slice into templates ==" - # place in raw-files directory so they can be modified while they are valid yaml - as soon as they are in templates/, - # wild cards pick up the actual templates, which are not real yaml and can't have yq run on them. - $(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \ - $(KUBECTL_SLICE) --input-file=- \ - --output-dir=charts/$(CHART_NAME)/raw-files \ - --sort-by-kind - - @echo "== GIT: Reset kustomize configs ==" - # reset kustomize configs following kustomize build - git checkout -f config/. - - @echo "== Build Templates and CRDS ==" - # Delete metadata.namespace, release namespace will be automatically inserted by helm - for file in charts/$(CHART_NAME)/raw-files/*; do\ - $(YQ) -i 'del(.metadata.namespace)' $${file};\ - done - # Correct namespace for rolebinding to be release namespace, this must be explicit - for file in charts/$(CHART_NAME)/raw-files/*rolebinding*; do\ - $(YQ) -i '.subjects[0].namespace = "{{ .Release.Namespace }}"' $${file};\ - done - # Add .spec.replicas for the controller-manager deployment - for file in charts/$(CHART_NAME)/raw-files/deployment-*-controller-manager.yaml; do\ - $(YQ) -i '.spec.replicas = "{{ (.Values.Operator).replicas | default 1 }}"' $${file};\ - done - # Correct .metadata.name for cluster scoped resources - cluster_scoped_files="charts/$(CHART_NAME)/raw-files/clusterrolebinding-awx-operator-proxy-rolebinding.yaml charts/$(CHART_NAME)/raw-files/clusterrole-awx-operator-metrics-reader.yaml charts/$(CHART_NAME)/raw-files/clusterrole-awx-operator-proxy-role.yaml";\ - for file in $${cluster_scoped_files}; do\ - $(YQ) -i '.metadata.name += "-{{ .Release.Name }}"' $${file};\ - done - # Correct the reference for the clusterrolebinding - $(YQ) -i '.roleRef.name += "-{{ .Release.Name }}"' 'charts/$(CHART_NAME)/raw-files/clusterrolebinding-awx-operator-proxy-rolebinding.yaml' - # Correct .spec.replicas type for the controller-manager deployment - for file in charts/$(CHART_NAME)/raw-files/deployment-*-controller-manager.yaml; do\ - $(SED_I) "s/'{{ (.Values.Operator).replicas | default 1 }}'/{{ (.Values.Operator).replicas | default 1 }}/g" $${file};\ - done - # move all custom resource definitions to crds folder - mkdir charts/$(CHART_NAME)/crds - mv charts/$(CHART_NAME)/raw-files/customresourcedefinition*.yaml charts/$(CHART_NAME)/crds/. - # remove any namespace definitions - rm -f charts/$(CHART_NAME)/raw-files/namespace*.yaml - # move remaining resources to helm templates - mv charts/$(CHART_NAME)/raw-files/* charts/$(CHART_NAME)/templates/. - # remove the raw-files folder - rm -rf charts/$(CHART_NAME)/raw-files - - # create and populate NOTES.txt - @echo "AWX Operator installed with Helm Chart version $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt - - @echo "Helm chart successfully configured for $(CHART_NAME) version $(VERSION)" - - -.PHONY: helm-package -helm-package: helm-chart - @echo "== Package Current Chart Version ==" - mkdir -p .cr-release-packages - # package the chart and put it in .cr-release-packages dir - $(HELM) package ./charts/$(CHART_NAME) -d .cr-release-packages/$(VERSION) - -# List all tags oldest to newest. -TAGS := $(shell git ls-remote --tags --sort=version:refname --refs -q | cut -d/ -f3) - -# The actual release happens in ansible/helm-release.yml, which calls this targer -# until https://github.com/helm/chart-releaser/issues/122 happens, chart-releaser is not ideal for a chart -# that is contained within a larger repo, where a tag may not require a new chart version -.PHONY: helm-index -helm-index: - # when running in CI the gh-pages branch is checked out by the ansible playbook - # TODO: test if gh-pages directory exists and if not exist - - @echo "== GENERATE INDEX FILE ==" - # This step to workaround issues with old releases being dropped. - # Until https://github.com/helm/chart-releaser/issues/133 happens - @echo "== CHART FETCH previous releases ==" - # Download all old releases - mkdir -p .cr-release-packages - - for tag in $(TAGS); do\ - dl_url="https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/$${tag}/$(CHART_REPO)-$${tag}.tgz";\ - echo "Downloading $${tag} from $${dl_url}";\ - curl -RLOs -z "$(CHART_REPO)-$${tag}.tgz" --fail $${dl_url};\ - result=$$?;\ - if [ $${result} -eq 0 ]; then\ - echo "Downloaded $${dl_url}";\ - mkdir -p .cr-release-packages/$${tag};\ - mv ./$(CHART_REPO)-$${tag}.tgz .cr-release-packages/$${tag};\ - else\ - echo "Skipping release $${tag}; No helm chart present";\ - rm -rf "$(CHART_REPO)-$${tag}.tgz";\ - fi;\ - done;\ - - # generate the index file in the root of the gh-pages branch - # --merge will leave any values in index.yaml that don't get generated by this command, but - # it is likely that all values are overridden - $(HELM) repo index .cr-release-packages --url https://github.com/$(CHART_OWNER)/$(CHART_REPO)/releases/download/ --merge $(CHART_DIR)/index.yaml - - mv .cr-release-packages/index.yaml $(CHART_DIR)/index.yaml diff --git a/ansible/helm-release.yml b/ansible/helm-release.yml deleted file mode 100644 index aeb788d68..000000000 --- a/ansible/helm-release.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -- hosts: localhost - vars: - chart_repo: awx-operator - environment: - CHART_OWNER: "{{ chart_owner }}" - tasks: - - name: Look up release - uri: - url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}" - register: release - ignore_errors: yes - - - fail: - msg: | - Release must exist before running this playbook - when: release is not success - - - name: Set helm filename and commit message - set_fact: - asset_already_attached: False - helm_file_name: "awx-operator-{{ tag }}.tgz" - commit_message: "Updated index.yaml for release {{ release.json.tag_name }}" - - - name: See if file is already attached - set_fact: - asset_already_attached: True - loop: "{{ release.json.get('assets', []) }}" - loop_control: - label: "{{ item.name }}" - when: item.name == helm_file_name - - - when: not asset_already_attached - block: - - name: Build and package helm chart - command: | - make helm-package - environment: - VERSION: "{{ tag }}" - IMAGE_TAG_BASE: "{{ operator_image }}" - args: - chdir: "{{ playbook_dir }}/../" - - # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists - - name: Upload helm chart - uri: - url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name={{ helm_file_name }}" - src: "{{ playbook_dir }}/../.cr-release-packages/{{ tag }}/awx-operator-{{ tag }}.tgz" - headers: - Authorization: "token {{ gh_token }}" - Content-Type: "application/octet-stream" - status_code: - - 200 - - 201 - register: asset_upload - changed_when: asset_upload.json.state == "uploaded" - - - name: Ensure gh-pages exists - file: - state: directory - path: "{{ playbook_dir }}/../gh-pages" - - - name: Check if we have published the release - command: - cmd: "git log --grep='{{ commit_message }}'" - chdir: "{{ playbook_dir }}/../gh-pages" - register: commits_for_release - - - when: commits_for_release.stdout == '' - block: - - name: Make a temp dir - tempfile: - state: directory - register: temp_dir - - - name: Clone the gh-pages branch from {{ chart_owner }} - git: - repo: "{{ ((repo_type | default('http')) == 'ssh') | ternary(ssh_repo, http_repo) }}" - dest: "{{ temp_dir.path }}" - single_branch: yes - version: gh-pages - vars: - http_repo: "https://github.com/{{ chart_owner }}/{{ chart_repo }}" - ssh_repo: "git@github.com:{{ chart_owner }}/{{ chart_repo }}.git" - - - name: Publish helm index - ansible.builtin.command: - cmd: make helm-index - environment: - CHART_OWNER: "{{ chart_owner }}" - CR_TOKEN: "{{ gh_token }}" - CHART_DIR: "{{ temp_dir.path }}" - args: - chdir: "{{ playbook_dir }}/.." - - - name: Set url base swap in gitconfig - command: - cmd: "git config --local url.https://{{ gh_user }}:{{ gh_token }}@github.com/.insteadOf https://github.com/" - args: - chdir: "{{ temp_dir.path }}/" - no_log: true - - - name: Stage and Push commit to gh-pages branch - command: - cmd: "{{ item }}" - loop: - - git add index.yaml - - git commit -m "{{ commit_message }}" - - git push - args: - chdir: "{{ temp_dir.path }}/" - environment: - GIT_AUTHOR_NAME: "{{ gh_user }}" - GIT_AUTHOR_EMAIL: "{{ gh_user }}@users.noreply.github.com" - GIT_COMMITTER_NAME: "{{ gh_user }}" - GIT_COMMITTER_EMAIL: "{{ gh_user }}@users.noreply.github.com" - - always: - - name: Remove temp dir - file: - path: "{{ temp_dir.path }}" - state: absent diff --git a/docs/installation/helm-install-on-existing-cluster.md b/docs/installation/helm-install-on-existing-cluster.md deleted file mode 100644 index 2aecb67c4..000000000 --- a/docs/installation/helm-install-on-existing-cluster.md +++ /dev/null @@ -1,29 +0,0 @@ -# Helm Install on existing cluster - -For those that wish to use [Helm](https://helm.sh/) to install the awx-operator to an existing K8s cluster: - -The helm chart is generated from the `helm-chart` Makefile section using the starter files in `.helm/starter`. Consult [the documentation](https://github.com/ansible/awx-operator/blob/devel/.helm/starter/README.md) on how to customize the AWX resource with your own values. - -```bash -$ helm repo add awx-operator https://ansible.github.io/awx-operator/ -"awx-operator" has been added to your repositories - -$ helm repo update -Hang tight while we grab the latest from your chart repositories... -...Successfully got an update from the "awx-operator" chart repository -Update Complete. ⎈Happy Helming!⎈ - -$ helm search repo awx-operator -NAME CHART VERSION APP VERSION DESCRIPTION -awx-operator/awx-operator 0.17.1 0.17.1 A Helm chart for the AWX Operator - -$ helm install -n awx --create-namespace my-awx-operator awx-operator/awx-operator -NAME: my-awx-operator -LAST DEPLOYED: Thu Feb 17 22:09:05 2022 -NAMESPACE: default -STATUS: deployed -REVISION: 1 -TEST SUITE: None -NOTES: -Helm Chart 0.17.1 -``` diff --git a/mkdocs.yml b/mkdocs.yml index 96e6e864a..32c67f430 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -41,7 +41,6 @@ nav: - Home: index.md - Installation: - installation/basic-install.md - - installation/helm-install-on-existing-cluster.md - installation/kind-install.md - installation/creating-a-minikube-cluster-for-testing.md - Migrate: