sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
helm/awx-operator/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
AWX Operator installed with Helm Chart version 2.3.0

6
helm/awx-operator/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,6 @@
{{/*
Generate the name of the postgres secret, expects AWX context passed in
*/}}
{{- define "postgres.secretName" -}}
{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }}
{{- end }}

24
helm/awx-operator/templates/awx-deploy.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if $.Values.AWX.enabled }}
{{- with .Values.AWX }}
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
spec:
{{- /* Include raw map from the values file spec */}}
{{ .spec | toYaml | indent 2 }}
{{- /* Provide security context defaults */}}
{{- if not (hasKey .spec "security_context_settings") }}
security_context_settings:
runAsGroup: 0
runAsUser: 0
fsGroup: 0
fsGroupChangePolicy: OnRootMismatch
{{- end }}
{{- /* Postgres configs if enabled and not already present */}}
{{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }}
postgres_configuration_secret: {{ include "postgres.secretName" $ }}
{{- end }}
{{- end }}
{{- end }}

11
helm/awx-operator/templates/clusterrole-awx-operator-metrics-reader.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get

19
helm/awx-operator/templates/clusterrole-awx-operator-proxy-role.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

14
helm/awx-operator/templates/clusterrolebinding-awx-operator-proxy-rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: awx-operator-proxy-role
subjects:
- kind: ServiceAccount
name: awx-operator-controller-manager
namespace: '{{ .Release.Namespace }}'

28
helm/awx-operator/templates/configmap-awx-operator-awx-manager-config.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :6789
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: 811c9dc5.ansible.com
# leaderElectionReleaseOnCancel defines if the leader should step down volume
# when the Manager ends. This requires the binary to immediately end when the
# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
# speeds up voluntary leader transitions as the new leader don't have to wait
# LeaseDuration time first.
# In the default scaffold provided, the program ends immediately after
# the manager stops, so would be fine to enable this option. However,
# if you are doing or is intended to do any operation such as perform cleanups
# after the manager stops then its usage might be unsafe.
# leaderElectionReleaseOnCancel: true
kind: ConfigMap
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-awx-manager-config

91
helm/awx-operator/templates/deployment-awx-operator-controller-manager.yaml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
helm.sh/chart: awx-operator
name: awx-operator-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
helm.sh/chart: awx-operator
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: awx-manager
labels:
control-plane: controller-manager
helm.sh/chart: awx-operator
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- args:
- --health-probe-bind-address=:6789
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- --leader-election-id=awx-operator
env:
- name: ANSIBLE_GATHERING
value: explicit
- name: ANSIBLE_DEBUG_LOGS
value: "false"
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/ansible/awx-operator:latest
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 20
name: awx-manager
readinessProbe:
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 2000m
memory: 4096Mi
requests:
cpu: 50m
memory: 32Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
imagePullSecrets:
- name: redhat-operators-pull-secret
securityContext:
runAsNonRoot: true
serviceAccountName: awx-operator-controller-manager
terminationGracePeriodSeconds: 10

18
helm/awx-operator/templates/postgres-config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and $.Values.AWX.enabled $.Values.AWX.postgres.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "postgres.secretName" . }}
namespace: {{ $.Release.Namespace }}
{{- with $.Values.AWX.postgres }}
stringData:
host: {{ .host }}
port: {{ .port | quote }}
database: {{ .dbName }}
username: {{ .username }}
password: {{ .password }}
sslmode: {{ .sslmode }}
type: {{ .type }}
type: Opaque
{{- end }}
{{- end }}

127
helm/awx-operator/templates/role-awx-operator-awx-manager-role.yaml Normal file
View File

@@ -0,0 +1,127 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
labels:
helm.sh/chart: awx-operator
name: awx-operator-awx-manager-role
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- create
- delete
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- awx-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resources:
- deployments/scale
- statefulsets/scale
verbs:
- patch
- apiGroups:
- ""
resources:
- pods/exec
- pods/attach
- pods/log
verbs:
- create
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- create
- apiGroups:
- awx.ansible.com
resources:
- '*'
- awxbackups
- awxrestores
verbs:
- '*'

38
helm/awx-operator/templates/role-awx-operator-leader-election-role.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

14
helm/awx-operator/templates/rolebinding-awx-operator-awx-manager-rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-awx-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: awx-operator-awx-manager-role
subjects:
- kind: ServiceAccount
name: awx-operator-controller-manager
namespace: '{{ .Release.Namespace }}'

14
helm/awx-operator/templates/rolebinding-awx-operator-leader-election-rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: awx-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: awx-operator-controller-manager
namespace: '{{ .Release.Namespace }}'

16
helm/awx-operator/templates/service-awx-operator-controller-manager-metrics-service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
helm.sh/chart: awx-operator
name: awx-operator-controller-manager-metrics-service
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: controller-manager
helm.sh/chart: awx-operator

6
helm/awx-operator/templates/serviceaccount-awx-operator-controller-manager.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: awx-operator
name: awx-operator-controller-manager