--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Ansible AWX
+name: awx
+sources:
+ - https://github.com/ansible/awx
+version: 5.0.0
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+make-awx:
+ cd charts && helm dep up awx-postgres
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Ansible AWX database
+name: awx-postgres
+version: 5.0.0
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ .Values.global.repository | default .Values.repository }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ readinessProbe:
+ exec:
+ command:
+ - /bin/sh
+ - -i
+ - -c
+ - psql -h 127.0.0.1 -U $POSTGRES_USER -q -d {{ .Values.config.postgresDB }}
+ -c 'SELECT 1'
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ env:
+ - name: POSTGRES_USER
+ value: "{{ .Values.config.postgresUser }}"
+ - name: POSTGRES_PASSWORD
+ value: "{{ .Values.config.postgresPassword }}"
+ - name: POSTGRES_DB
+ value: "{{ .Values.config.postgresDB }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /var/lib/postgresql/data
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ {{- if .Values.persistence.enabled }}
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if not .Values.persistence.storageClass -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if not .Values.persistence.storageClass }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
+{{- end }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for mariadb.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global: # global defaults
+ nodePortPrefixExt: 304
+ persistence: {}
+
+# application image
+repository: docker.io
+image: postgres:10.4-alpine
+pullPolicy: Always
+
+# application configuration
+config:
+ postgresUser: awx
+ postgresPassword: awx
+ postgresDB: awx
+
+ingress:
+ enabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+
+ # Uncomment the storageClass parameter to use an existing PV
+ # that will match the following class.
+ # When uncomment the storageClass, the PV is not created anymore.
+
+ # storageClass: "nfs-dev-sc"
+
+ accessMode: ReadWriteMany
+ size: 1Gi
+
+ # When using storage class, mountPath and mountSubPath are
+ # simply ignored.
+
+ mountPath: /dockerdata-nfs
+ mountSubPath: awx/pgdata
+
+service:
+ type: ClusterIP
+ name: awx-postgresql
+ portName: awx-postgresql
+ internalPort: 5432
+ externalPort: 5432
+
+resources: {}
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Ansible AWX application
+name: awx
+version: 5.0.0
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DATABASES = {
+ 'default': {
+ 'ATOMIC_REQUESTS': True,
+ 'ENGINE': 'awx.main.db.profiled_pg',
+ 'NAME': "{{ .Values.config.postgresDB }}",
+ 'USER': "{{ .Values.config.postgresUser }}",
+ 'PASSWORD': "{{ .Values.config.postgresPassword }}",
+ 'HOST': "awx-postgresql",
+ 'PORT': "5432",
+ }
+}
+BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(
+ "{{ .Values.config.rabbitmqUser }}",
+ "{{ .Values.config.rabbitmqPassword }}",
+ "localhost",
+ "5672",
+ "{{ .Values.config.rabbitmqVhost }}")
+CHANNEL_LAYERS = {
+ 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer',
+ 'ROUTING': 'awx.main.routing.channel_routing',
+ 'CONFIG': {'url': BROKER_URL}}
+}
\ No newline at end of file
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DATABASE_USER={{ .Values.config.postgresUser }}
+DATABASE_NAME={{ .Values.config.postgresDB }}
+DATABASE_HOST=awx-postgresql
+DATABASE_PORT=5432
+DATABASE_PASSWORD={{ .Values.config.postgresPassword }}
+MEMCACHED_HOST=localhost
+RABBITMQ_HOST=localhost
+AWX_ADMIN_USER={{ .Values.config.awxAdminUser }}
+AWX_ADMIN_PASSWORD={{ .Values.config.awxAdminPassword }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-init-mgnt
+ namespace: {{ include "common.namespace" . }}
+data:
+ entrypoint: |
+ #/bin/sh
+
+ awx-manage migrate --noinput
+ if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]]
+ then
+ echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell
+ awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}'
+ fi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+ awx_settings: |
+ import os
+ import socket
+ ADMINS = ()
+
+ AWX_PROOT_ENABLED = True
+
+ # Automatically deprovision pods that go offline
+ AWX_AUTO_DEPROVISION_INSTANCES = True
+
+ SYSTEM_TASK_ABS_CPU = 6
+ SYSTEM_TASK_ABS_MEM = 20
+
+ INSIGHTS_URL_BASE = "https://example.org"
+
+ #Autoprovisioning should replace this
+ CLUSTER_HOST_ID = socket.gethostname()
+ SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
+
+ SESSION_COOKIE_SECURE = False
+ CSRF_COOKIE_SECURE = False
+
+ REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
+
+ STATIC_ROOT = '/var/lib/awx/public/static'
+ PROJECTS_ROOT = '/var/lib/awx/projects'
+ JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
+ SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
+ ALLOWED_HOSTS = ['*']
+ INTERNAL_API_URL = 'http://127.0.0.1:8052'
+ SERVER_EMAIL = 'root@localhost'
+ DEFAULT_FROM_EMAIL = 'webmaster@localhost'
+ EMAIL_SUBJECT_PREFIX = '[AWX] '
+ EMAIL_HOST = 'localhost'
+ EMAIL_PORT = 25
+ EMAIL_HOST_USER = ''
+ EMAIL_HOST_PASSWORD = ''
+ EMAIL_USE_TLS = False
+
+ LOGGING['handlers']['console'] = {
+ '()': 'logging.StreamHandler',
+ 'level': 'DEBUG',
+ 'formatter': 'simple',
+ }
+
+ LOGGING['loggers']['django.request']['handlers'] = ['console']
+ LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
+ LOGGING['loggers']['awx']['handlers'] = ['console']
+ LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
+ LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console']
+ LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console']
+ LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console']
+ LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
+ LOGGING['loggers']['social']['handlers'] = ['console']
+ LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
+ LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
+ LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
+ LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
+ LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
+ LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
+ LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
+ LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
+ LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
+
+ CACHES = {
+ 'default': {
+ 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+ 'LOCATION': '{}:{}'.format("localhost", "11211")
+ },
+ 'ephemeral': {
+ 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+ },
+ }
+
+ USE_X_FORWARDED_PORT = True
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rabbitmq
+ namespace: {{ include "common.namespace" . }}
+data:
+ enabled_plugins: |
+ [rabbitmq_management,rabbitmq_peer_discovery_k8s].
+ rabbitmq.conf: |
+ ## Clustering
+ management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json
+ cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
+ cluster_formation.k8s.host = kubernetes.default.svc
+ cluster_formation.k8s.address_type = ip
+ cluster_formation.node_cleanup.interval = 10
+ cluster_formation.node_cleanup.only_log_warning = false
+ cluster_partition_handling = autoheal
+ ## queue master locator
+ queue_master_locator=min-masters
+ ## enable guest user
+ loopback_users.guest = false
+ rabbitmq_definitions.json: |
+ {
+ "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}],
+ "permissions":[
+ {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"}
+ ],
+ "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}],
+ "policies":[
+ {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}}
+ ]
+ }
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 5
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-mgnt
+ release: {{ .Release.Name }}
+ spec:
+ serviceAccount: {{ include "common.fullname" . }}
+ serviceAccountName: {{ include "common.fullname" . }}
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - awx-postgres
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - command: ["/bin/sh","-c"]
+ args: ["/etc/tower/job-entrypoint.sh"]
+ image: "{{ .Values.repository }}/{{ .Values.image.task }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-mgnt
+ resources:
+ requests:
+ cpu: 1500m
+ memory: 2Gi
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /etc/tower/job-entrypoint.sh
+ name: awx-mgnt
+ readOnly: true
+ subPath: job-entrypoint.py
+ - mountPath: /etc/tower/settings.py
+ name: awx-application-config
+ readOnly: true
+ subPath: settings.py
+ - mountPath: /etc/tower/conf.d/
+ name: awx-application-credentials
+ readOnly: true
+ - mountPath: /etc/tower/SECRET_KEY
+ name: awx-secret-key
+ readOnly: true
+ subPath: SECRET_KEY
+
+ volumes:
+ - configMap:
+ defaultMode: 0777
+ items:
+ - key: entrypoint
+ path: job-entrypoint.py
+ name: {{ include "common.fullname" . }}-init-mgnt
+ name: awx-mgnt
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: awx_settings
+ path: settings.py
+ name: {{ include "common.fullname" . }}-settings
+ name: awx-application-config
+ - name: awx-application-credentials
+ secret:
+ defaultMode: 420
+ items:
+ - key: credentials_py
+ path: credentials.py
+ - key: environment_sh
+ path: environment.sh
+ secretName: {{ include "common.fullname" . }}-secrets
+ - name: awx-secret-key
+ secret:
+ defaultMode: 420
+ items:
+ - key: secret_key
+ path: SECRET_KEY
+ secretName: {{ include "common.fullname" . }}-secrets
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: rabbitmq.conf
+ path: rabbitmq.conf
+ - key: enabled_plugins
+ path: enabled_plugins
+ - key: rabbitmq_definitions.json
+ path: rabbitmq_definitions.json
+ name: {{ include "common.fullname" . }}-rabbitmq
+ name: rabbitmq-config
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: {{ include "common.fullname" . }}-secrets
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ credentials_py: {{ tpl (.Files.Get "resources/config/credentials.py") . | b64enc }}
+ environment_sh: {{ tpl (.Files.Get "resources/config/environment.sh") . | b64enc }}
+ rabbitmq_erlang_cookie: {{ .Values.config.rabbitmqErlangCookie | b64enc | quote }}
+ secret_key: {{ .Values.config.secretKey | b64enc | quote }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-rmq-mgmt
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.rmqmgmt.type }}
+ ports:
+ - port: {{ .Values.service.rmqmgmt.externalPort }}
+ targetPort: {{ .Values.service.rmqmgmt.internalPort }}
+ name: {{ .Values.service.rmqmgmt.portName }}
+ selector:
+ app: {{ include "common.fullname" . }}
+ release: {{ .Release.Name }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-web
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.web.type }}
+ ports:
+ - port: {{ .Values.service.web.externalPort }}
+ targetPort: {{ .Values.service.web.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }}
+ name: {{ .Values.service.web.portName }}
+ selector:
+ app: {{ include "common.fullname" . }}
+ release: {{ .Release.Name }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-rabbitmq
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ type: LoadBalancer
+spec:
+ type: {{ .Values.service.rabbitmq.type }}
+ ports:
+ - port: {{ .Values.service.rabbitmq.http.externalPort }}
+ targetPort: {{ .Values.service.rabbitmq.http.internalPort }}
+ name: {{ .Values.service.rabbitmq.http.portName }}
+ - port: {{ .Values.service.rabbitmq.amqp.externalPort }}
+ targetPort: {{ .Values.service.rabbitmq.amqp.internalPort }}
+ name: {{ .Values.service.rabbitmq.amqp.portName }}
+ selector:
+ app: {{ include "common.fullname" . }}
+ release: {{ .Release.Name }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "common.fullname" . }}-endpoint-reader
+ namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["", "extensions", "apps", "batch"]
+ resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"]
+ verbs: ["get", "list"]
+---
+apiVersion: v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: {{ include "common.fullname" . }}-endpoint-reader
+ namespace: {{ include "common.namespace" . }}
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "common.fullname" . }}-endpoint-reader
+ subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.fullname" . }}
+kind: List
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ podManagementPolicy: OrderedReady
+ replicas: {{ .Values.replicaCount }}
+ serviceName: {{ include "common.fullname" . }}
+ selector:
+ matchLabels:
+ app: {{ include "common.fullname" . }}
+ name: {{ include "common.name" . }}-web-deploy
+ service: django
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.fullname" . }}
+ name: {{ include "common.name" . }}-web-deploy
+ release: {{ .Release.Name }}
+ service: django
+ spec:
+
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ include "common.name" . }}-mgnt
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+
+ - image: "{{ .Values.repository }}/{{ .Values.image.web }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-web
+ ports:
+ - containerPort: {{ .Values.service.web.internalPort }}
+ protocol: TCP
+ resources:
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ volumeMounts:
+ - mountPath: /etc/tower/settings.py
+ name: awx-application-config
+ readOnly: true
+ subPath: settings.py
+ - mountPath: /etc/tower/conf.d/
+ name: awx-application-credentials
+ readOnly: true
+ - mountPath: /etc/tower/SECRET_KEY
+ name: awx-secret-key
+ readOnly: true
+ subPath: SECRET_KEY
+ - command: ["/bin/sh","-c"]
+ args: ["/usr/bin/launch_awx_task.sh"]
+ env:
+ - name: AWX_SKIP_MIGRATIONS
+ value: "1"
+
+ image: "{{ .Values.repository }}/{{ .Values.image.task }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-celery
+ resources:
+ requests:
+ cpu: 1500m
+ memory: 2Gi
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /etc/tower/settings.py
+ name: awx-application-config
+ readOnly: true
+ subPath: settings.py
+ - mountPath: /etc/tower/conf.d/
+ name: awx-application-credentials
+ readOnly: true
+ - mountPath: /etc/tower/SECRET_KEY
+ name: awx-secret-key
+ readOnly: true
+ subPath: SECRET_KEY
+ - env:
+ - name: MY_POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: RABBITMQ_USE_LONGNAME
+ value: "true"
+ - name: RABBITMQ_NODENAME
+ value: rabbit@$(MY_POD_IP)
+ - name: RABBITMQ_ERLANG_COOKIE
+ valueFrom:
+ secretKeyRef:
+ key: rabbitmq_erlang_cookie
+ name: {{ include "common.fullname" . }}-secrets
+ - name: K8S_SERVICE_NAME
+ value: {{ include "common.servicename" . }}-rabbitmq
+
+ image: "{{ .Values.repository }}/{{ .Values.image.rabbitmq }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-rabbit
+ livenessProbe:
+ exec:
+ command:
+ - rabbitmqctl
+ - status
+ failureThreshold: 3
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ successThreshold: 1
+ timeoutSeconds: 10
+ ports:
+ - containerPort: {{ .Values.service.rabbitmq.http.internalPort }}
+ name: {{ .Values.service.rabbitmq.http.portName }}
+ protocol: TCP
+ - containerPort: {{ .Values.service.rabbitmq.amqp.internalPort }}
+ name: {{ .Values.service.rabbitmq.amqp.portName }}
+ protocol: TCP
+ readinessProbe:
+ exec:
+ command:
+ - rabbitmqctl
+ - status
+ failureThreshold: 3
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ successThreshold: 1
+ timeoutSeconds: 10
+ resources:
+ requests:
+ cpu: 500m
+ memory: 2Gi
+ volumeMounts:
+ - mountPath: /etc/rabbitmq
+ name: rabbitmq-config
+
+ - image: "{{ .Values.image.memcached }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-memcached
+ resources:
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ serviceAccount: {{ include "common.fullname" . }}
+ serviceAccountName: {{ include "common.fullname" . }}
+ volumes:
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: awx_settings
+ path: settings.py
+ name: {{ include "common.fullname" . }}-settings
+ name: awx-application-config
+ - name: awx-application-credentials
+ secret:
+ defaultMode: 420
+ items:
+ - key: credentials_py
+ path: credentials.py
+ - key: environment_sh
+ path: environment.sh
+ secretName: {{ include "common.fullname" . }}-secrets
+ - name: awx-secret-key
+ secret:
+ defaultMode: 420
+ items:
+ - key: secret_key
+ path: SECRET_KEY
+ secretName: {{ include "common.fullname" . }}-secrets
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: rabbitmq.conf
+ path: rabbitmq.conf
+ - key: enabled_plugins
+ path: enabled_plugins
+ - key: rabbitmq_definitions.json
+ path: rabbitmq_definitions.json
+ name: {{ include "common.fullname" . }}-rabbitmq
+ name: rabbitmq-config
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for mariadb.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global: # global defaults
+ nodePortPrefixExt: 304
+ persistence: {}
+
+# application image
+repository: ansible
+image:
+ web: awx_web:latest
+ task: awx_task:latest
+ rabbitmq: awx_rabbitmq:3.7.4
+ memcached: memcached:latest
+pullPolicy: Always
+
+# application configuration
+config:
+ postgresUser: awx
+ postgresPassword: awx
+ postgresDB: awx
+# RabbitMQ Configuration
+ rabbitmqUser: awx
+ rabbitmqPassword: awxpass
+ rabbitmqVhost: awx
+ rabbitmqErlangCookie: cookiemonster3
+# This will create or update a default admin (superuser) account in AWX, if not provided
+# then these default values are used
+ awxAdminUser: admin
+ awxAdminPassword: password
+ awxAdminEmail: cds@onap.org
+# AWX Secret key
+# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt
+# your credentials
+ secretKey: awxsecret
+
+ingress:
+ enabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ enabled: true
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+
+ # Uncomment the storageClass parameter to use an existing PV
+ # that will match the following class.
+ # When uncomment the storageClass, the PV is not created anymore.
+
+ # storageClass: "nfs-dev-sc"
+
+ accessMode: ReadWriteMany
+ size: 5Gi
+
+ # When using storage class, mountPath and mountSubPath are
+ # simply ignored.
+
+ mountPath: /dockerdata-nfs
+ mountSubPath: awx/pgdata
+
+service:
+ rmqmgmt:
+ type: ClusterIP
+ portName: rmqmgmt
+ internalPort: 15672
+ externalPort: 15672
+ web:
+ type: NodePort
+ portName: web
+ internalPort: 8052
+ externalPort: 80
+ nodePort: 78
+ rabbitmq:
+ type: ClusterIP
+ http:
+ portName: http
+ internalPort: 15672
+ externalPort: 15672
+ amqp:
+ portName: amqp
+ internalPort: 5672
+ externalPort: 5672
+
+resources: {}
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~4.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ commonConfigPrefix: awx
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: hub.docker.io
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+
+ingress:
+ enabled: false
+
+resources: {}
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+awx:
+ enabled: true
netbox:
enabled: true
\ No newline at end of file
Code Review / oom.git / commitdiff