diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 17c888e6d..2b1518456 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,9 +10,9 @@ on: branches: [devel] jobs: - pull_request: + molecule: runs-on: ubuntu-18.04 - name: pull_request + name: molecule env: DOCKER_API_VERSION: "1.38" steps: @@ -39,3 +39,28 @@ jobs: sudo rm -f $(which kustomize) make kustomize KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind + helm: + runs-on: ubuntu-18.04 + name: helm + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1.2.0 + + - name: Build operator image and load into kind + run: | + IMG=awx-operator-ci make docker-build + kind load docker-image --name chart-testing awx-operator-ci + + - name: Patch pull policy for tests + run: | + kustomize edit add patch --path ../testing/pull_policy/Never.yaml + working-directory: config/default + + - name: Build and install helm chart + run: | + IMG=awx-operator-ci make helm-chart + helm install --wait my-awx-operator ./charts/awx-operator diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 68d88bfa5..09036e173 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -8,6 +8,8 @@ jobs: promote: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v2 + - name: Log in to GHCR run: | echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin @@ -23,3 +25,16 @@ jobs: docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }} docker push quay.io/${{ github.repository }}:latest + + - name: Configure git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Release Helm chart + run: | + ansible-playbook ansible/helm-release.yml -v \ + -e operator_image=quay.io/${{ github.repository }} \ + -e chart_owner=${{ github.repository_owner }} \ + -e tag=${{ github.event.release.tag_name }} \ + -e gh_token=${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index d154a6f28..a0e231056 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ /bundle /bundle_tmp* /bundle.Dockerfile +/charts +/.cr-release-packages diff --git a/.helm/starter/.helmignore b/.helm/starter/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/.helm/starter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.helm/starter/Chart.yaml b/.helm/starter/Chart.yaml new file mode 100644 index 000000000..efc98d552 --- /dev/null +++ b/.helm/starter/Chart.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v2 +appVersion: 0.1.0 +description: A Helm chart for Kubernetes +name: starter +type: application +version: 0.1.0 diff --git a/.helm/starter/values.yaml b/.helm/starter/values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/Makefile b/Makefile index 15c564116..7cfdf95bd 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,13 @@ VERSION ?= $(shell git describe --tags) CONTAINER_CMD ?= docker +# GNU vs BSD in-place sed +ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu) + SED_I := sed -i +else + SED_I := sed -i '' +endif + # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: @@ -41,6 +48,14 @@ BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) IMG ?= $(IMAGE_TAG_BASE):$(VERSION) NAMESPACE ?= awx +# Helm variables +CHART_NAME ?= awx-operator +CHART_DESCRIPTION ?= A Helm chart for the AWX Operator +CHART_OWNER ?= $(GH_REPO_OWNER) +CHART_REPO ?= awx-operator +CHART_BRANCH ?= gh-pages +CHART_INDEX ?= index.yaml + all: docker-build ##@ General @@ -93,7 +108,8 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi $(KUSTOMIZE) build config/default | kubectl delete -f - OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') -ARCH := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/') +ARCHA := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/') +ARCHX := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/') .PHONY: kustomize KUSTOMIZE = $(shell pwd)/bin/kustomize @@ -103,7 +119,7 @@ ifeq (,$(shell which kustomize 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(KUSTOMIZE)) ;\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCHA).tar.gz | \ tar xzf - -C bin/ ;\ } else @@ -119,7 +135,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ - curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCHA) ;\ chmod +x $(ANSIBLE_OPERATOR) ;\ } else @@ -150,7 +166,7 @@ ifeq (,$(shell which opm 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(OPM)) ;\ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCHA)-opm ;\ chmod +x $(OPM) ;\ } else @@ -181,3 +197,125 @@ catalog-build: opm ## Build a catalog image. .PHONY: catalog-push catalog-push: ## Push a catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) + +.PHONY: kubectl-slice +KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice +kubectl-slice: ## Download kubectl-slice locally if necessary. +ifeq (,$(wildcard $(KUBECTL_SLICE))) +ifeq (,$(shell which kubectl-slice 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUBECTL_SLICE)) ;\ + curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \ + tar xzf - -C bin/ kubectl-slice ;\ + } +else +KUBECTL_SLICE = $(shell which kubectl-slice) +endif +endif + +.PHONY: helm +HELM = $(shell pwd)/bin/helm +helm: ## Download helm locally if necessary. +ifeq (,$(wildcard $(HELM))) +ifeq (,$(shell which helm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(HELM)) ;\ + curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \ + tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\ + mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\ + rmdir bin/$(OS)-$(ARCHA) ;\ + } +else +HELM = $(shell which helm) +endif +endif + +.PHONY: yq +YQ = $(shell pwd)/bin/yq +yq: ## Download yq locally if necessary. +ifeq (,$(wildcard $(YQ))) +ifeq (,$(shell which yq 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(HELM)) ;\ + curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \ + tar xzf - -C bin/ ;\ + mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\ + } +else +YQ = $(shell which yq) +endif +endif + +PHONY: cr +CR = $(shell pwd)/bin/cr +cr: ## Download cr locally if necessary. +ifeq (,$(wildcard $(CR))) +ifeq (,$(shell which cr 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(CR)) ;\ + curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \ + tar xzf - -C bin/ cr ;\ + } +else +CR = $(shell which cr) +endif +endif + +charts: + mkdir -p $@ + +.PHONY: helm-chart +helm-chart: kustomize helm kubectl-slice yq charts + @echo "== KUSTOMIZE (image and namespace) ==" + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} + + @echo "== HELM ==" + cd charts && \ + $(HELM) create awx-operator --starter $(shell pwd)/.helm/starter ;\ + $(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\ + $(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\ + $(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\ + + @cat charts/$(CHART_NAME)/Chart.yaml + + @echo "== KUSTOMIZE (annotation) ==" + cd config/manager && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION) + cd config/default && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION) + + @echo "== SLICE ==" + $(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \ + $(KUBECTL_SLICE) --input-file=- \ + --output-dir=charts/$(CHART_NAME)/templates \ + --sort-by-kind + @echo "Helm Chart $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt + + +.PHONY: helm-package +helm-package: cr helm-chart + @echo "== CHART RELEASER (package) ==" + $(CR) package ./charts/awx-operator + +# The actual release happens in ansible/helm-release.yml +# until https://github.com/helm/chart-releaser/issues/122 happens +.PHONY: helm-index +helm-index: cr helm-chart + @echo "== CHART RELEASER (httpsorigin) ==" + git remote add httpsorigin "https://github.com/$(CHART_OWNER)/$(CHART_REPO).git" + git fetch httpsorigin + + @echo "== CHART RELEASER (index) ==" + $(CR) index \ + --owner "$(CHART_OWNER)" \ + --git-repo "$(CHART_REPO)" \ + --token "$(CR_TOKEN)" \ + --pages-branch "$(CHART_BRANCH)" \ + --index-path "./charts/$(CHART_INDEX)" \ + --charts-repo "https://$(CHART_OWNER).github.io/$(CHART_REPO)/$(CHART_INDEX)" \ + --remote httpsorigin \ + --release-name-template="{{ .Version }}" \ + --push diff --git a/README.md b/README.md index 19ec170f9..27b20de77 100644 --- a/README.md +++ b/README.md @@ -8,46 +8,51 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w -- [AWX Operator](#awx-operator) -- [Table of Contents](#table-of-contents) - - [Purpose](#purpose) - - [Usage](#usage) - - [Creating a minikube cluster for testing](#creating-a-minikube-cluster-for-testing) - - [Basic Install](#basic-install) - - [Admin user account configuration](#admin-user-account-configuration) - - [Network and TLS Configuration](#network-and-tls-configuration) - - [Service Type](#service-type) - - [Ingress Type](#ingress-type) - - [Database Configuration](#database-configuration) - - [External PostgreSQL Service](#external-postgresql-service) - - [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance) - - [Managed PostgreSQL Service](#managed-postgresql-service) - - [Advanced Configuration](#advanced-configuration) - - [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx) - - [Redis container capabilities](#redis-container-capabilities) - - [Privileged Tasks](#privileged-tasks) - - [Containers Resource Requirements](#containers-resource-requirements) - - [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes) - - [Trusting a Custom Certificate Authority](#trusting-a-custom-certificate-authority) - - [Enabling LDAP Integration at AWX bootstrap](#enabling-ldap-integration-at-awx-bootstrap) - - [Persisting Projects Directory](#persisting-projects-directory) - - [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) - - [Default execution environments from private registries](#default-execution-environments-from-private-registries) - - [Control plane ee from private registry](#control-plane-ee-from-private-registry) - - [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers) - - [Extra Settings](#extra-settings) - - [Service Account](#service-account) - - [Uninstall](#uninstall) - - [Upgrading](#upgrading) - - [v0.14.0](#v0140) - - [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations) - - [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project) - - [Steps to upgrade](#steps-to-upgrade) - - [Contributing](#contributing) - - [Release Process](#release-process) - - [Author](#author) +* [AWX Operator](#awx-operator) +* [Table of Contents](#table-of-contents) + * [Purpose](#purpose) + * [Usage](#usage) + * [Creating a minikube cluster for testing](#creating-a-minikube-cluster-for-testing) + * [Basic Install](#basic-install) + * [Helm Install on existing cluster](#helm-install-on-existing-cluster) + * [Admin user account configuration](#admin-user-account-configuration) + * [Network and TLS Configuration](#network-and-tls-configuration) + * [Service Type](#service-type) + * [Ingress Type](#ingress-type) + * [Database Configuration](#database-configuration) + * [External PostgreSQL Service](#external-postgresql-service) + * [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance) + * [Managed PostgreSQL Service](#managed-postgresql-service) + * [Advanced Configuration](#advanced-configuration) + * [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx) + * [Redis container capabilities](#redis-container-capabilities) + * [Privileged Tasks](#privileged-tasks) + * [Containers Resource Requirements](#containers-resource-requirements) + * [Priority Classes](#priority-classes) + * [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes) + * [Trusting a Custom Certificate Authority](#trusting-a-custom-certificate-authority) + * [Enabling LDAP Integration at AWX bootstrap](#enabling-ldap-integration-at-awx-bootstrap) + * [Persisting Projects Directory](#persisting-projects-directory) + * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) + * [Default execution environments from private registries](#default-execution-environments-from-private-registries) + * [Control plane ee from private registry](#control-plane-ee-from-private-registry) + * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers) + * [CSRF Cookie Secure Setting](#csrf-cookie-secure-setting) + * [Session Cookie Secure Setting](#session-cookie-secure-setting) + * [Extra Settings](#extra-settings) + * [Service Account](#service-account) + * [Uninstall](#uninstall) + * [Upgrading](#upgrading) + * [v0.14.0](#v0140) + * [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations) + * [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project) + * [Steps to upgrade](#steps-to-upgrade) + * [Contributing](#contributing) + * [Release Process](#release-process) + * [Author](#author) + ## Purpose @@ -237,6 +242,34 @@ You just completed the most basic install of an AWX instance via this operator. For an example using the Nginx Controller in Minukube, don't miss our [demo video](https://asciinema.org/a/416946). +### Helm Install on existing cluster + +For those that wish to use [Helm](https://helm.sh/) to install the awx-operator to an existing K8s cluster: + +```bash +$ helm repo add awx-operator https://ansible.github.io/awx-operator/ +"awx-operator" has been added to your repositories + +$ helm repo update +Hang tight while we grab the latest from your chart repositories... +...Successfully got an update from the "awx-operator" chart repository +Update Complete. ⎈Happy Helming!⎈ + +$ helm search repo awx-operator +NAME CHART VERSION APP VERSION DESCRIPTION +awx-operator/awx-operator 0.17.1 0.17.1 A Helm chart for the AWX Operator + +$ helm install my-awx-operator awx-operator/awx-operator +NAME: my-awx-operator +LAST DEPLOYED: Thu Feb 17 22:09:05 2022 +NAMESPACE: default +STATUS: deployed +REVISION: 1 +TEST SUITE: None +NOTES: +Helm Chart 0.17.1 +``` + ### Admin user account configuration There are three variables that are customizable for the admin user account creation. @@ -591,7 +624,7 @@ spec: The AWX and Postgres pods can be assigned a custom PriorityClass to rank their importance compared to other pods in your cluster, which determines which pods get evicted first if resources are running low. First, [create your PriorityClass](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) if needed. -Then set the name of your priority class to the control plane and postgres pods as shown below. +Then set the name of your priority class to the control plane and postgres pods as shown below. ```yaml --- @@ -1051,7 +1084,10 @@ The first step is to create a draft release. Typically this will happen in the [ If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually. -After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, publishing the image to Quay. +After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, which will: + +- Publish image to Quay +- Release Helm chart ## Author diff --git a/ansible/helm-release.yml b/ansible/helm-release.yml new file mode 100644 index 000000000..7fca49d06 --- /dev/null +++ b/ansible/helm-release.yml @@ -0,0 +1,47 @@ +--- +- hosts: localhost + vars: + chart_repo: awx-operator + tasks: + - name: Look up release + uri: + url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}" + register: release + ignore_errors: yes + + - fail: + msg: | + Release must exist before running this playbook + when: release is not success + + - name: Build and package helm chart + command: | + make helm-chart helm-package + environment: + VERSION: "{{ tag }}" + IMAGE_TAG_BASE: "{{ operator_image }}" + args: + chdir: "{{ playbook_dir }}/../" + + # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists + - name: Upload helm chart + uri: + url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz" + src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz" + headers: + Authorization: "token {{ gh_token }}" + Content-Type: "application/octet-stream" + status_code: + - 200 + - 201 + register: asset_upload + changed_when: asset_upload.json.state == "uploaded" + + - name: Publish helm index + command: | + make helm-index + environment: + CHART_OWNER: "{{ chart_owner }}" + CR_TOKEN: "{{ gh_token }}" + args: + chdir: "{{ playbook_dir }}/../" diff --git a/molecule/default/kustomize.yml b/molecule/default/kustomize.yml index f3d888c2f..75183ccf6 100644 --- a/molecule/default/kustomize.yml +++ b/molecule/default/kustomize.yml @@ -1,7 +1,7 @@ --- - name: Build kustomize testing overlay # load_restrictor must be set to none so we can load patch files from the default overlay - command: '{{ kustomize }} build --load_restrictor none .' + command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone .' args: chdir: '{{ config_dir }}/testing' register: resources