Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

k8s 1.16 ready - updated chart dependencies - configure helm repo #11

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

k8s 1.16 ready - updated chart dependencies - configure helm repo #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4111b74
updates chart for k8s 1.16
May 8, 2020
478bc62
updates chart for k8s 1.16
May 8, 2020
bccd792
Adds external DB option
May 14, 2020
f7d474d
Adds new chart version
May 14, 2020
6e9d9de
Adds .Values.awx.secrets
May 18, 2020
9d42fbd
Changes to support the secrets
May 18, 2020
780463f
Merge pull request #1 from alberto-sbp/k8s-secrets
May 18, 2020
4bff29c
Adds version Chart version 0.7.2
May 18, 2020
46211a4
WIP
May 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions Changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# ChangeLog

0.7.2

- Introduces k8s secrets as the new way to pass sensitive values
Binary file added awx-0.6.0.tgz
View file
Open in desktop
Binary file not shown.
Binary file added awx-0.7.0.tgz
View file
Open in desktop
Binary file not shown.
Binary file added awx-0.7.1.tgz
View file
Open in desktop
Binary file not shown.
Binary file added awx-0.7.2.tgz
View file
Open in desktop
Binary file not shown.
3 changes: 2 additions & 1 deletion Chart.yaml → awx/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
apiVersion: v1
description: Installs Ansible AWX (Ansible Web UI), with dependencies (rabbitmq, postgresql, memcahed)
icon: http://www.test.png
name: awx
version: 0.6.0
version: 0.7.2
appVersion: 6.1.0
maintainers:
- name: kim0
Expand Down
0 charts/.gitkeep → awx/charts/.gitkeep
View file
Open in desktop
File renamed without changes.
Binary file added awx/charts/memcached-4.2.17.tgz
View file
Open in desktop
Binary file not shown.
Binary file added awx/charts/postgresql-8.9.4.tgz
View file
Open in desktop
Binary file not shown.
Binary file added awx/charts/rabbitmq-6.25.8.tgz
View file
Open in desktop
Binary file not shown.
12 changes: 12 additions & 0 deletions awx/requirements.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
dependencies:
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
version: 6.25.8
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 8.9.4
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 4.2.17
digest: sha256:3e260dfc9be90a47a547ad5b04fd92f3180bb75deaa4ef801be405251c63d890
generated: "2020-05-08T11:19:12.584356+02:00"
14 changes: 14 additions & 0 deletions awx/requirements.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
dependencies:
- name: rabbitmq
version: 6.25.8
repository: https://charts.bitnami.com/bitnami
condition: rabbitmq.install
- name: postgresql
version: 8.9.4
repository: https://charts.bitnami.com/bitnami
condition: postgresql.install
- name: memcached
version: 4.2.17
repository: https://charts.bitnami.com/bitnami
condition: memcached.install
3 changes: 3 additions & 0 deletions awx/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
1. Get the application URL by running these commands:

kubectl get ingress
0 templates/_helpers.tpl → awx/templates/_helpers.tpl
View file
Open in desktop
File renamed without changes.
0 templates/configmap-nginx.yaml → awx/templates/configmap-nginx.yaml
View file
Open in desktop
File renamed without changes.
17 changes: 9 additions & 8 deletions templates/configmap.yaml → awx/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,12 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
secret_key: {{ .Values.awx_secret_key }}
# secret_key: {{ .Values.awx_secret_key }}
awx_settings: |
import os
import socket
ADMINS = ()

def get_secret():
if os.path.exists("/etc/tower/SECRET_KEY"):
return open('/etc/tower/SECRET_KEY', 'rb').read().strip()
return os.getenv("SECRET_KEY", "privateawx")

AWX_PROOT_ENABLED = False

# Automatically deprovision pods that go offline
Expand All @@ -36,8 +31,7 @@ data:
STATIC_ROOT = '/var/lib/awx/public/static'
PROJECTS_ROOT = '/var/lib/awx/projects'
JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
# SECRET_KEY = file('/etc/tower/SECRET_KEY', 'rb').read().strip()
SECRET_KEY = get_secret()
SECRET_KEY = os.environ['AWX_SECRET_KEY']
ALLOWED_HOSTS = ['*']
INTERNAL_API_URL = 'http://127.0.0.1:8052'
# Custom helm values
Expand Down Expand Up @@ -81,10 +75,17 @@ data:
'default': {
'ATOMIC_REQUESTS': True,
'ENGINE': 'django.db.backends.postgresql',
{{- if .Values.postgresql.install }}
'NAME': "{{ .Values.postgresql.postgresqlDatabase }}",
'USER': "{{ .Values.postgresql.postgresqlUsername }}",
'PASSWORD': "{{ .Values.postgresql.postgresqlPassword }}",
'HOST': "{{ include "awx.fullname" . }}-postgresql",
{{- else }}
'NAME': os.environ['DATABASE_NAME'],
'USER': os.environ['DATABASE_USER'],
'PASSWORD': os.environ['DATABASE_PASSWORD'],
'HOST': os.environ['DATABASE_HOST'],
{{- end }}
'PORT': "5432",
}
}
Expand Down
202 changes: 202 additions & 0 deletions awx/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,202 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "awx.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "awx.name" . }}
helm.sh/chart: {{ include "awx.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
annotations:
{{- range $key, $value := .Values.deployment.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "awx.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "awx.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
containers:
- name: web
image: "{{ .Values.awx_web.image.repository }}:{{ .Values.awx_web.image.tag }}"
imagePullPolicy: {{ .Values.awx_web.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.internalPort }}
livenessProbe:
httpGet:
path: /
port: {{ .Values.service.internalPort }}
readinessProbe:
httpGet:
path: /
port: {{ .Values.service.internalPort }}
volumeMounts:
- mountPath: /etc/tower
name: {{ include "awx.fullname" . }}-application-config
- name: {{ include "awx.fullname" . }}-nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
env:
- name: DATABASE_USER
{{- if .Values.postgresql.install }}
value: {{ .Values.postgresql.postgresqlUsername }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database user. Make sure to set `awx.secrets.database`" }}
key: user
{{- end }}
- name: DATABASE_NAME
{{- if .Values.postgresql.install }}
value: {{ .Values.postgresql.postgresqlDatabase }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database name. Make sure to set `awx.secrets.database`" }}
key: database
{{- end }}
- name: DATABASE_HOST
{{- if .Values.postgresql.install }}
value: {{ include "awx.fullname" . }}-postgresql
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database host. Make sure to set `awx.secrets.database`" }}
key: host
{{- end }}
- name: DATABASE_PORT
{{- if .Values.postgresql.install }}
value: "5432"
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database port. Make sure to set `awx.secrets.database`" }}
key: port
{{- end }}
- name: DATABASE_PASSWORD
{{- if .Values.postgresql.install }}
value: {{ .Values.postgresql.postgresqlPassword }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database password. Make sure to set `awx.secrets.database`" }}
key: password
{{- end }}
- name: MEMCACHED_HOST
value: {{ include "awx.fullname" . }}-memcached
- name: MEMCACHED_PORT
value: "11211"
- name: RABBITMQ_HOST
value: {{ include "awx.fullname" . }}-rabbitmq
- name: RABBITMQ_PORT
value: "4369"
- name: AWX_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.app | required "Missing required secret containing the awx_secret_key. Make sure to set `awx.secrets.app`" }}
key: awx_secret_key

- name: task
image: "{{ .Values.awx_task.image.repository }}:{{ .Values.awx_task.image.tag }}"
imagePullPolicy: {{ .Values.awx_task.image.pullPolicy }}
command:
- /usr/bin/launch_awx_task.sh
volumeMounts:
- mountPath: /etc/tower
name: {{ include "awx.fullname" . }}-application-config
env:
- name: DATABASE_USER
{{- if .Values.postgresql.install }}
value: {{ .Values.postgresql.postgresqlUsername }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database user. Make sure to set `awx.secrets.database`" }}
key: user
{{- end }}
- name: DATABASE_NAME
{{- if .Values.postgresql.install }}
value: {{ .Values.postgresql.postgresqlDatabase }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database name. Make sure to set `awx.secrets.database`" }}
key: database
{{- end }}
- name: DATABASE_HOST
{{- if .Values.postgresql.install }}
value: {{ include "awx.fullname" . }}-postgresql
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database host. Make sure to set `awx.secrets.database`" }}
key: host
{{- end }}
- name: DATABASE_PORT
{{- if .Values.postgresql.install }}
value: "5432"
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database port. Make sure to set `awx.secrets.database`" }}
key: port
{{- end }}
- name: DATABASE_PASSWORD
{{- if .Values.postgresql.install }}
value: {{ .Values.postgresql.postgresqlPassword }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.database | required "Missing required secret containing the database password. Make sure to set `awx.secrets.database`" }}
key: password
{{- end }}
- name: MEMCACHED_HOST
value: {{ include "awx.fullname" . }}-memcached
- name: MEMCACHED_PORT
value: "11211"
- name: RABBITMQ_HOST
value: {{ include "awx.fullname" . }}-rabbitmq
- name: RABBITMQ_PORT
value: "4369"
- name: AWX_ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.app | required "Missing required secret containing the default_admin_user. Make sure to set `awx.secrets.app`" }}
key: default_admin_user
- name: AWX_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.app | required "Missing required secret containing the default_admin_password. Make sure to set `awx.secrets.app`" }}
key: default_admin_password
- name: AWX_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.awx.secrets.app | required "Missing required secret containing the awx_secret_key. Make sure to set `awx.secrets.app`" }}
key: awx_secret_key
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
volumes:
- name: {{ include "awx.fullname" . }}-application-config
configMap:
name: {{ include "awx.fullname" . }}-application-config
items:
- key: awx_settings
path: settings.py
- name: {{ include "awx.fullname" . }}-nginx-config
configMap:
name: {{ include "awx.fullname" . }}-nginx-config
items:
- key: nginx_settings
path: nginx.conf
0 templates/ingress.yaml → awx/templates/ingress.yaml
View file
Open in desktop
File renamed without changes.
0 templates/service.yaml → awx/templates/service.yaml
View file
Open in desktop
File renamed without changes.
0 templates/servicemonitor.yaml → awx/templates/servicemonitor.yaml
View file
Open in desktop
File renamed without changes.
22 changes: 18 additions & 4 deletions values.yaml → awx/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,25 @@ awx_task:
pullPolicy: IfNotPresent

# AWX config
awx_secret_key: awxsecret
awx_url_base: 'https://towerhost'
default_admin_user: admin
default_admin_password: password
awx:
secrets:
app: []
# Name of the kubernetes secret present on the namespace containing DB credentials like:
# data:
# default_admin_user: admin
# default_admin_password: password
# awx_secret_key: awxsecret
database: []
# Name of the kubernetes secret present on the namespace containing DB credentials like:
# data:
# host: hostname
# user: awx
# password: secretpassword
# database: awx
# port: 5432


awx_url_base: 'https://towerhost'
server_email: 'root@localhost'
default_from_email: 'webmaster@localhost'
email_subject_prefix: '[AWX] '
Expand Down
Binary file removed charts/memcached-2.9.0.tgz
View file
Open in desktop
Binary file not shown.
Binary file removed charts/postgresql-6.2.0.tgz
View file
Open in desktop
Binary file not shown.
Binary file removed charts/rabbitmq-6.2.6.tgz
View file
Open in desktop
Binary file not shown.
Loading