Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add 'customSecrets' and 'customVolumes' values to Helm Chart to simplifies the creation of ressources for PoC #1690

Merged
merged 1 commit into from
Feb 7, 2024
Merged

add 'customSecrets' and 'customVolumes' values to Helm Chart to simplifies the creation of ressources for PoC #1690

merged 1 commit into from
Feb 7, 2024

Conversation

sbilque
Copy link
Contributor

@sbilque sbilque commented Jan 22, 2024

SUMMARY

This PR allows deploying secrets and persistentvolumes resources required by AWX in the cluster when using the Helm Chart for PoC or testing.

Resources are defined in the customSecrets and customVolumes values.

Compared to the extraDeploy value, you don't need to know any special syntax to describe resources.

ISSUE TYPE
  • New or Enhanced Feature

Example usage in a values.yml file

AWX:
  # enable use of awx-deploy template
  ...

  spec:
     projects_persistence: true

  # configurations for external postgres instance
  postgres:
    enabled: false
    ...

customSecrets:
  enabled: true
  admin:
    enabled: true
    password: mysuperlongpassword
  secretKey:
    enabled: true
    key: supersecuresecretkey
    secretName: my-awx-secret-key
  ingressTls:
    enabled: true
    selfSignedCert: false
    key: fakekey 
    certificate: fakecertificate
  bundleCacert:
    enabled: true
    crt: <contentofmybundlecacrt>
  cpPullCredentials:
    enabled: false
    dockerconfig:
      - registry: docker.io
        username: user
        password: pwd

customVolumes:
  postgres:
    enabled: true
    hostPath: /data/postgres-13
  projects:
   enabled: true
   hostPath: /data/projects

Example usage with kubernetes.core.helm Ansible module:

- name: Deploy the AWX instance
  kubernetes.core.helm:
    ...  
    values_files: 
      AWX:
        spec:
           projects_persistence: true
      customSecrets:
        enabled: true
        admin:
          enabled: true
          password: !vault |
            $ANSIBLE_VAULT;1.2;AES256
            346534353436643039616632653135656534
        secretKey:
          enabled: true
          password: !vault |
            $ANSIBLE_VAULT;1.2;AES256
            346534353436643039616632653135656534
          secretName: my-awx-secret-key
        ingressTls:
          enabled: true
          selfSignedCert: false
          key: fakekey 
          certificate: fakecertificate
        bundleCacert:
          enabled: true
          crt: "{{ lookup('ansible.builtin.file', 'ca-certs.crt') }}"
        ldapCacert:
          enabled: true
          crt: "{{ lookup('ansible.builtin.file', 'ldap-certs.crt') }}"
      customVolumes:
        postgres:
        enabled: true
          hostPath: /data/postgres-13
        projects:
          enabled: true
          hostPath: /data/projects

@sbilque sbilque marked this pull request as ready for review January 22, 2024 10:30
rooftopcellist
rooftopcellist reviewed Jan 24, 2024
View reviewed changes
.helm/starter/templates/awx-deploy.yaml Outdated
@@ -6,6 +6,10 @@ metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
spec:
{{- /* Provide custom persistent volumes configs if enabled */}}
{{- include "spec.storageClassNames" $ }}
{{-/* Provide custom secrets configs if enabled */}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like you need a space here.

Suggested change
{{-/* Provide custom secrets configs if enabled */}}
{{- /* Provide custom secrets configs if enabled */}}

@rooftopcellist
Copy link
Member

@sbilque Looks like there is a failure in the helm linter:

Error:  templates/: parse error at (awx-operator/templates/awx-deploy.yaml:11): "-"

Could you take a look at that?

Otherwise, the PR looks good to me. cc @miles-w-3 if you have time to review this.

@sbilque sbilque force-pushed the customSecrets branch 2 times, most recently from ade884d to ec5cfe7 Compare January 24, 2024 21:49
@sbilque
Copy link
Contributor Author

sbilque commented Jan 24, 2024
edited
Loading

@rooftopcellist
Thank you for your feedback. I have corrected my mistake. Helm lint now runs without error.

@miles-w-3
Copy link
Contributor

@rooftopcellist Looks good to me, I remember @TheRealHaoLiu bringing up the dangers of passing in secrets this way when I first talked through the postgres secret, I figured it was worth a mention but i see the readme has a disclaimer

@rooftopcellist rooftopcellist enabled auto-merge (squash) February 7, 2024 19:27
@rooftopcellist rooftopcellist self-requested a review February 7, 2024 20:10
@rooftopcellist rooftopcellist merged commit 368f786 into ansible:devel Feb 7, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rooftopcellist rooftopcellist rooftopcellist approved these changes

Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sbilque @rooftopcellist @miles-w-3