├── .helmignore ├── Chart.yaml ├── README.md ├── charts ├── .gitkeep ├── memcached-2.9.0.tgz ├── postgresql-6.2.0.tgz └── rabbitmq-6.2.6.tgz ├── requirements.lock ├── requirements.yaml ├── templates ├── NOTES.txt ├── _helpers.tpl ├── configmap-nginx.yaml ├── configmap.yaml ├── deployment.yaml ├── ingress.yaml ├── service.yaml └── servicemonitor.yaml └── values.yaml /.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Installs Ansible AWX (Ansible Web UI), with dependencies (rabbitmq, postgresql, memcahed) 3 | name: awx 4 | version: 0.6.0 5 | appVersion: 6.1.0 6 | maintainers: 7 | - name: kim0 8 | email: email.ahmedkamal@googlemail.com 9 | sources: 10 | - https://github.com/ansible/awx 11 | keywords: 12 | - ansible 13 | - awx 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible AWX 2 | 3 | Helm deployement of Ansible AWX on Kubernetes 4 | 5 | ## Introduction 6 | 7 | This chart bootstraps an [AWX](https://github.com/ansible/awx) deployment on 8 | a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) 9 | package manager. 10 | 11 | ## Installing the Chart 12 | 13 | To install the chart with the release name `my-release`: 14 | 15 | ```console 16 | helm repo add rfy-awx https://raw.githubusercontent.com/rfyio/ansible-awx-helm-chart/master/ 17 | helm repo update 18 | helm install --name my-release rfy-awx/awx 19 | ``` 20 | 21 | To install the development version: 22 | 23 | ```console 24 | helm dep up ./awx 25 | helm install --name my-release ./awx 26 | ``` 27 | 28 | The command deploys AWX on the Kubernetes cluster in the default configuration. 29 | The [configuration](#configuration) section lists the parameters that can be configured 30 | during installation. 31 | 32 | This charts embeds chart dependencies specified in the requirements.yaml file: 33 | 34 | - postgresql 35 | - memcached 36 | - rabbitmq 37 | 38 | **Note**: Currently, this chart is not ready to be used with external postgresql, 39 | memcached or rabbitmq. PR welcomed. 40 | 41 | ## Uninstalling the Chart 42 | 43 | To uninstall/delete the `my-release` deployment: 44 | 45 | ```console 46 | helm delete my-release 47 | ``` 48 | 49 | The command removes all the Kubernetes components associated with the chart 50 | and deletes the release. 51 | 52 | ## Configuration 53 | 54 | The following table lists the configurable parameters of the 55 | awx chart and their default values. 56 | Postgresql, memcached, rabbitmq charts values can be overridden in 57 | awx/values.yaml 58 | 59 | Parameter | Description | Default 60 | --------- | ----------- | ------- 61 | `replicaCount` | Pod replica count | `1` 62 | `awx_web.image.repository` | | `ansible/awx_web` 63 | `awx_web.image.tag` | | `2.1.2` 64 | `awx_web.image.pullPolicy` | | `IfNotPresent` 65 | `awx_task.image.repository` | | `ansible/awx_task` 66 | `awx_task.image.tag` | | `2.1.2` 67 | `awx_task.image.pullPolicy` | | `IfNotPresent` 68 | `awx_secret_key` | | `awxsecret` 69 | `default_admin_user` | | `admin` 70 | `default_admin_password` | | `password` 71 | `deployment.annotations` | | `{}` 72 | `service.internalPort` | | `8052` 73 | `service.externalPort` | | `8052` 74 | `ingress.enabled` | | `false` 75 | `memcached.install` | Install memcached chart | `true` 76 | `rabbitmq.install` | Install rabbitmq chart | `true` 77 | `rabbitmq.rabbitmq.username` | Rabbitmq username | `awx` 78 | `rabbitmq.rabbitmq.password` | Rabbitmq password| `awx` 79 | `rabbitmq.rabbitmq.configuration` | Rabbitmq configuration file| cf values.yaml 80 | `postgresql.install` | Install postgresql chart | `true` 81 | `postgresql.postgresqlUsername` | postgresql username | `postgres` 82 | `postgresql.postgresqlPassword` | postgresql password | `awx` 83 | `postgresql.postgresqlDatabase` | postgresql database | `awx` 84 | `postgresql.persistence.enabled` | postgresql persistence | `true` 85 | `metrics.enabled` | Start a side-car prometheus exporter | `false` 86 | `metrics.image.registry` | Exporter image registry | `docker.io` 87 | `metrics.image.repository` | Exporter image name | `bitnami/rabbitmq-exporter` 88 | `metrics.image.tag` | Exporter image tag | `{TAG_NAME}` 89 | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` 90 | `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` 91 | `metrics.serviceMonitor.namespace` | Namespace where servicemonitor resource should be created | `nil` 92 | `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` 93 | `metrics.serviceMonitor.scrapeTimeout`| Specify the timeout after which the scrape is ended | `nil` 94 | `metrics.serviceMonitor.relabellings`| Specify Metric Relabellings to add to the scrape endpoint | `nil` 95 | `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` 96 | `metrics.serviceMonitor.additionalLabels`| Used to pass Labels that are required by the Installed Prometheus Operator | `{}` 97 | `metrics.port` | Prometheus metrics exporter port | `9419` 98 | `metrics.env` | Exporter [configuration environment variables](https://github.com/kbudde/rabbitmq_exporter#configuration) | `{}` 99 | `metrics.resources` | Exporter resource requests/limit | `nil` 100 | `metrics.capabilities` | Exporter: Comma-separated list of extended [scraping capabilities supported by the target RabbitMQ server](https://github.com/kbudde/rabbitmq_exporter#extended-rabbitmq-capabilities) | `bert,no_sort` 101 | -------------------------------------------------------------------------------- /charts/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arthur-c/ansible-awx-helm-chart/e0d6708c443aa6971b274f0b4af82e1d12759456/charts/.gitkeep -------------------------------------------------------------------------------- /charts/memcached-2.9.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arthur-c/ansible-awx-helm-chart/e0d6708c443aa6971b274f0b4af82e1d12759456/charts/memcached-2.9.0.tgz -------------------------------------------------------------------------------- /charts/postgresql-6.2.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arthur-c/ansible-awx-helm-chart/e0d6708c443aa6971b274f0b4af82e1d12759456/charts/postgresql-6.2.0.tgz -------------------------------------------------------------------------------- /charts/rabbitmq-6.2.6.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arthur-c/ansible-awx-helm-chart/e0d6708c443aa6971b274f0b4af82e1d12759456/charts/rabbitmq-6.2.6.tgz -------------------------------------------------------------------------------- /requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: rabbitmq 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 6.2.6 5 | - name: postgresql 6 | repository: https://kubernetes-charts.storage.googleapis.com/ 7 | version: 6.2.0 8 | - name: memcached 9 | repository: https://kubernetes-charts.storage.googleapis.com/ 10 | version: 2.9.0 11 | digest: sha256:337499e3c8051b6439b4ac4a873617643bc11e46096672d222d23bcef232c83f 12 | generated: "2019-08-09T18:06:53.3108+02:00" 13 | -------------------------------------------------------------------------------- /requirements.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - name: rabbitmq 4 | version: 6.2.6 5 | repository: https://kubernetes-charts.storage.googleapis.com/ 6 | condition: rabbitmq.install 7 | - name: postgresql 8 | version: 6.2.0 9 | repository: https://kubernetes-charts.storage.googleapis.com/ 10 | condition: postgresql.install 11 | - name: memcached 12 | version: 2.9.0 13 | repository: https://kubernetes-charts.storage.googleapis.com/ 14 | condition: memcached.install 15 | -------------------------------------------------------------------------------- /templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} 5 | {{- end }} 6 | {{- end }} 7 | 8 | -------------------------------------------------------------------------------- /templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "awx.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "awx.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "awx.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /templates/configmap-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "awx.fullname" . }}-nginx-config 5 | labels: 6 | app.kubernetes.io/name: {{ include "awx.name" . }} 7 | helm.sh/chart: {{ include "awx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | data: 11 | nginx_settings: | 12 | #user awx; 13 | 14 | worker_processes 1; 15 | 16 | pid /tmp/nginx.pid; 17 | 18 | events { 19 | worker_connections 1024; 20 | } 21 | 22 | http { 23 | include /etc/nginx/mime.types; 24 | default_type application/octet-stream; 25 | server_tokens off; 26 | 27 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 28 | '$status $body_bytes_sent "$http_referer" ' 29 | '"$http_user_agent" "$http_x_forwarded_for"'; 30 | 31 | access_log /dev/stdout main; 32 | 33 | map $http_upgrade $connection_upgrade { 34 | default upgrade; 35 | '' close; 36 | } 37 | 38 | sendfile on; 39 | #tcp_nopush on; 40 | #gzip on; 41 | 42 | upstream uwsgi { 43 | server 127.0.0.1:8050; 44 | } 45 | 46 | upstream daphne { 47 | server 127.0.0.1:8051; 48 | } 49 | 50 | server { 51 | listen {{ .Values.service.internalPort }} default_server; 52 | 53 | # If you have a domain name, this is where to add it 54 | server_name _; 55 | keepalive_timeout 65; 56 | 57 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 58 | add_header Strict-Transport-Security max-age=15768000; 59 | add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; 60 | add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; 61 | 62 | # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) 63 | add_header X-Frame-Options "DENY"; 64 | 65 | location /nginx_status { 66 | stub_status on; 67 | access_log off; 68 | allow 127.0.0.1; 69 | deny all; 70 | } 71 | 72 | location /static/ { 73 | alias /var/lib/awx/public/static/; 74 | } 75 | 76 | location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; } 77 | 78 | location /websocket { 79 | # Pass request to the upstream alias 80 | proxy_pass http://daphne; 81 | # Require http version 1.1 to allow for upgrade requests 82 | proxy_http_version 1.1; 83 | # We want proxy_buffering off for proxying to websockets. 84 | proxy_buffering off; 85 | # http://en.wikipedia.org/wiki/X-Forwarded-For 86 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 87 | # enable this if you use HTTPS: 88 | proxy_set_header X-Forwarded-Proto https; 89 | # pass the Host: header from the client for the sake of redirects 90 | proxy_set_header Host $http_host; 91 | # We've set the Host header, so we don't need Nginx to muddle 92 | # about with redirects 93 | proxy_redirect off; 94 | # Depending on the request value, set the Upgrade and 95 | # connection headers 96 | proxy_set_header Upgrade $http_upgrade; 97 | proxy_set_header Connection $connection_upgrade; 98 | } 99 | 100 | location / { 101 | # Add trailing / if missing 102 | rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent; 103 | uwsgi_read_timeout 120s; 104 | uwsgi_pass uwsgi; 105 | include /etc/nginx/uwsgi_params; 106 | proxy_set_header X-Forwarded-Port 443; 107 | } 108 | } 109 | } 110 | -------------------------------------------------------------------------------- /templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "awx.fullname" . }}-application-config 5 | labels: 6 | app.kubernetes.io/name: {{ include "awx.name" . }} 7 | helm.sh/chart: {{ include "awx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | data: 11 | secret_key: {{ .Values.awx_secret_key }} 12 | awx_settings: | 13 | import os 14 | import socket 15 | ADMINS = () 16 | 17 | def get_secret(): 18 | if os.path.exists("/etc/tower/SECRET_KEY"): 19 | return open('/etc/tower/SECRET_KEY', 'rb').read().strip() 20 | return os.getenv("SECRET_KEY", "privateawx") 21 | 22 | AWX_PROOT_ENABLED = False 23 | 24 | # Automatically deprovision pods that go offline 25 | AWX_AUTO_DEPROVISION_INSTANCES = True 26 | 27 | #Autoprovisioning should replace this 28 | CLUSTER_HOST_ID = socket.gethostname() 29 | SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' 30 | 31 | SESSION_COOKIE_SECURE = False 32 | CSRF_COOKIE_SECURE = False 33 | 34 | REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR'] 35 | 36 | STATIC_ROOT = '/var/lib/awx/public/static' 37 | PROJECTS_ROOT = '/var/lib/awx/projects' 38 | JOBOUTPUT_ROOT = '/var/lib/awx/job_status' 39 | # SECRET_KEY = file('/etc/tower/SECRET_KEY', 'rb').read().strip() 40 | SECRET_KEY = get_secret() 41 | ALLOWED_HOSTS = ['*'] 42 | INTERNAL_API_URL = 'http://127.0.0.1:8052' 43 | # Custom helm values 44 | TOWER_URL_BASE = '{{ .Values.awx_url_base }}' 45 | SERVER_EMAIL = '{{ .Values.server_email }}' 46 | DEFAULT_FROM_EMAIL = '{{ .Values.default_from_email }}' 47 | EMAIL_SUBJECT_PREFIX = '{{ .Values.email_subject_prefix }}' 48 | EMAIL_HOST = '{{ .Values.email_host }}' 49 | EMAIL_PORT = '{{ .Values.email_port }}' 50 | EMAIL_HOST_USER = '{{ .Values.email_host_user }}' 51 | EMAIL_HOST_PASSWORD = '{{ .Values.email_host_password }}' 52 | EMAIL_USE_TLS = {{ .Values.email_use_tls }} 53 | 54 | LOGGING['handlers']['console'] = { 55 | '()': 'logging.StreamHandler', 56 | 'level': 'DEBUG', 57 | 'formatter': 'simple', 58 | } 59 | 60 | LOGGING['loggers']['django.request']['handlers'] = ['console'] 61 | LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] 62 | LOGGING['loggers']['awx']['handlers'] = ['console'] 63 | LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console'] 64 | LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console'] 65 | LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console'] 66 | LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console'] 67 | LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console'] 68 | LOGGING['loggers']['social']['handlers'] = ['console'] 69 | LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console'] 70 | LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] 71 | LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console'] 72 | LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} 73 | LOGGING['handlers']['fact_receiver'] = {'class': 'logging.NullHandler'} 74 | LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} 75 | LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} 76 | LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} 77 | LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} 78 | LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} 79 | 80 | DATABASES = { 81 | 'default': { 82 | 'ATOMIC_REQUESTS': True, 83 | 'ENGINE': 'django.db.backends.postgresql', 84 | 'NAME': "{{ .Values.postgresql.postgresqlDatabase }}", 85 | 'USER': "{{ .Values.postgresql.postgresqlUsername }}", 86 | 'PASSWORD': "{{ .Values.postgresql.postgresqlPassword }}", 87 | 'HOST': "{{ include "awx.fullname" . }}-postgresql", 88 | 'PORT': "5432", 89 | } 90 | } 91 | 92 | BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( 93 | "{{ .Values.rabbitmq.rabbitmq.username }}", 94 | "{{ .Values.rabbitmq.rabbitmq.password }}", 95 | "{{ include "awx.fullname" . }}-rabbitmq", 96 | "{{ default "5672" .Values.rabbitmq.service.port }}", 97 | "{{ default "awx" .Values.rabbitmq.vhost }}") 98 | 99 | CHANNEL_LAYERS = { 100 | 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer', 101 | 'ROUTING': 'awx.main.routing.channel_routing', 102 | 'CONFIG': {'url': BROKER_URL}} 103 | } 104 | 105 | CACHES = { 106 | 'default': { 107 | 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 108 | 'LOCATION': '{}:{}'.format("{{ include "awx.fullname" . }}-memcached", "{{ default "11211" .Values.memcached_port }}") 109 | }, 110 | 'ephemeral': { 111 | 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', 112 | }, 113 | } 114 | 115 | USE_X_FORWARDED_PORT = True 116 | -------------------------------------------------------------------------------- /templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "awx.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "awx.name" . }} 7 | helm.sh/chart: {{ include "awx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | annotations: 11 | {{- range $key, $value := .Values.deployment.annotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | spec: 15 | replicas: {{ .Values.replicaCount }} 16 | selector: 17 | matchLabels: 18 | app.kubernetes.io/name: {{ include "awx.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | template: 21 | metadata: 22 | labels: 23 | app.kubernetes.io/name: {{ template "awx.name" . }} 24 | app.kubernetes.io/instance: {{ .Release.Name }} 25 | spec: 26 | containers: 27 | - name: web 28 | image: "{{ .Values.awx_web.image.repository }}:{{ .Values.awx_web.image.tag }}" 29 | imagePullPolicy: {{ .Values.awx_web.image.pullPolicy }} 30 | ports: 31 | - name: http 32 | containerPort: {{ .Values.service.internalPort }} 33 | livenessProbe: 34 | httpGet: 35 | path: / 36 | port: {{ .Values.service.internalPort }} 37 | readinessProbe: 38 | httpGet: 39 | path: / 40 | port: {{ .Values.service.internalPort }} 41 | volumeMounts: 42 | - mountPath: /etc/tower 43 | name: {{ include "awx.fullname" . }}-application-config 44 | - name: {{ include "awx.fullname" . }}-nginx-config 45 | mountPath: /etc/nginx/nginx.conf 46 | subPath: nginx.conf 47 | env: 48 | - name: DATABASE_USER 49 | value: {{ .Values.postgresql.postgresqlUsername }} 50 | - name: DATABASE_NAME 51 | value: {{ .Values.postgresql.postgresqlDatabase }} 52 | - name: DATABASE_HOST 53 | value: {{ include "awx.fullname" . }}-postgresql 54 | - name: DATABASE_PORT 55 | value: "5432" 56 | - name: DATABASE_PASSWORD 57 | value: {{ .Values.postgresql.postgresqlPassword }} 58 | - name: MEMCACHED_HOST 59 | value: {{ include "awx.fullname" . }}-memcached 60 | - name: MEMCACHED_PORT 61 | value: "11211" 62 | - name: RABBITMQ_HOST 63 | value: {{ include "awx.fullname" . }}-rabbitmq 64 | - name: RABBITMQ_PORT 65 | value: "4369" 66 | 67 | - name: task 68 | image: "{{ .Values.awx_task.image.repository }}:{{ .Values.awx_task.image.tag }}" 69 | imagePullPolicy: {{ .Values.awx_task.image.pullPolicy }} 70 | command: 71 | - /usr/bin/launch_awx_task.sh 72 | volumeMounts: 73 | - mountPath: /etc/tower 74 | name: {{ include "awx.fullname" . }}-application-config 75 | env: 76 | - name: DATABASE_USER 77 | value: {{ .Values.postgresql.postgresqlUsername }} 78 | - name: DATABASE_NAME 79 | value: {{ .Values.postgresql.postgresqlDatabase }} 80 | - name: DATABASE_HOST 81 | value: {{ include "awx.fullname" . }}-postgresql 82 | - name: DATABASE_PORT 83 | value: "5432" 84 | - name: DATABASE_PASSWORD 85 | value: {{ .Values.postgresql.postgresqlPassword }} 86 | - name: MEMCACHED_HOST 87 | value: {{ include "awx.fullname" . }}-memcached 88 | - name: MEMCACHED_PORT 89 | value: "11211" 90 | - name: RABBITMQ_HOST 91 | value: {{ include "awx.fullname" . }}-rabbitmq 92 | - name: RABBITMQ_PORT 93 | value: "4369" 94 | - name: AWX_ADMIN_USER 95 | value: {{ .Values.default_admin_user }} 96 | - name: AWX_ADMIN_PASSWORD 97 | value: {{ .Values.default_admin_password }} 98 | 99 | resources: 100 | {{ toYaml .Values.resources | indent 12 }} 101 | {{- if .Values.nodeSelector }} 102 | nodeSelector: 103 | {{ toYaml .Values.nodeSelector | indent 8 }} 104 | {{- end }} 105 | volumes: 106 | - name: {{ include "awx.fullname" . }}-application-config 107 | configMap: 108 | name: {{ include "awx.fullname" . }}-application-config 109 | items: 110 | - key: awx_settings 111 | path: settings.py 112 | - key: secret_key 113 | path: SECRET_KEY 114 | - name: {{ include "awx.fullname" . }}-nginx-config 115 | configMap: 116 | name: {{ include "awx.fullname" . }}-nginx-config 117 | items: 118 | - key: nginx_settings 119 | path: nginx.conf 120 | -------------------------------------------------------------------------------- /templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "awx.fullname" . -}} 3 | {{- $ingressPath := .Values.ingress.path -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ $fullName }} 8 | labels: 9 | app.kubernetes.io/name: {{ include "awx.name" . }} 10 | helm.sh/chart: {{ include "awx.chart" . }} 11 | app.kubernetes.io/instance: {{ .Release.Name }} 12 | app.kubernetes.io/managed-by: {{ .Release.Service }} 13 | {{- with .Values.ingress.annotations }} 14 | annotations: 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- if .Values.ingress.tls }} 19 | tls: 20 | {{- range .Values.ingress.tls }} 21 | - hosts: 22 | {{- range .hosts }} 23 | - {{ . | quote }} 24 | {{- end }} 25 | secretName: {{ .secretName }} 26 | {{- end }} 27 | {{- end }} 28 | rules: 29 | {{- range .Values.ingress.hosts }} 30 | - host: {{ . | quote }} 31 | http: 32 | paths: 33 | - path: {{ $ingressPath }} 34 | backend: 35 | serviceName: {{ $fullName }} 36 | servicePort: http 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "awx.fullname" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ include "awx.name" . }} 7 | helm.sh/chart: {{ include "awx.chart" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | {{- if or .Values.service.annotations .Values.metrics.enabled }} 11 | annotations: 12 | {{- end }} 13 | {{- if .Values.service.annotations }} 14 | {{ toYaml .Values.service.annotations | indent 4 }} 15 | {{- end }} 16 | {{- if .Values.metrics.enabled }} 17 | {{ toYaml .Values.metrics.annotations | indent 4 }} 18 | {{- end }} 19 | spec: 20 | type: {{ .Values.service.type }} 21 | ports: 22 | - port: {{ .Values.service.externalPort }} 23 | targetPort: {{ .Values.service.internalPort }} 24 | protocol: TCP 25 | name: http 26 | selector: 27 | app.kubernetes.io/name: {{ include "awx.name" . }} 28 | app.kubernetes.io/instance: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "awx.fullname" . }} 6 | {{- if .Values.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | app: {{ template "awx.name" . }} 11 | chart: {{ template "awx.chart" . }} 12 | heritage: "{{ .Release.Service }}" 13 | release: "{{ .Release.Name }}" 14 | {{- if .Values.metrics.serviceMonitor.additionalLabels }} 15 | {{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} 16 | {{- end }} 17 | spec: 18 | endpoints: 19 | - port: http 20 | interval: {{ .Values.metrics.serviceMonitor.interval }} 21 | {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} 22 | scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} 23 | {{- end }} 24 | honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} 25 | {{- if .Values.metrics.serviceMonitor.relabellings }} 26 | metricRelabelings: 27 | {{ toYaml .Values.metrics.serviceMonitor.relabellings | indent 6 }} 28 | {{- end }} 29 | namespaceSelector: 30 | matchNames: 31 | - {{ .Release.Namespace }} 32 | selector: 33 | matchLabels: 34 | app: {{ template "awx.name" . }} 35 | release: "{{ .Release.Name }}" 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for awx 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | fullnameOverride: "awx" # Bug bites us, if this is unspecified! 6 | replicaCount: 1 7 | 8 | # awx_web & tasks are deployed in the same pod 9 | awx_web: 10 | image: 11 | repository: ansible/awx_web 12 | tag: 9.1.0 13 | pullPolicy: IfNotPresent 14 | 15 | awx_task: 16 | image: 17 | repository: ansible/awx_task 18 | tag: 9.1.0 19 | pullPolicy: IfNotPresent 20 | 21 | # AWX config 22 | awx_secret_key: awxsecret 23 | awx_url_base: 'https://towerhost' 24 | default_admin_user: admin 25 | default_admin_password: password 26 | 27 | server_email: 'root@localhost' 28 | default_from_email: 'webmaster@localhost' 29 | email_subject_prefix: '[AWX] ' 30 | email_host: 'localhost' 31 | email_port: 25 32 | email_host_user: '' 33 | email_host_password: '' 34 | email_use_tls: 'False' 35 | 36 | deployment: 37 | annotations: {} 38 | 39 | service: 40 | internalPort: 8052 41 | externalPort: 8052 42 | 43 | ingress: 44 | enabled: false 45 | # Used to create an Ingress record. 46 | hosts: 47 | - chart-example.local 48 | annotations: {} 49 | # kubernetes.io/ingress.class: nginx 50 | # kubernetes.io/tls-acme: "true" 51 | tls: [] 52 | # Secrets must be manually created in the namespace. 53 | # - secretName: chart-example-tls 54 | # hosts: 55 | # - chart-example.local 56 | 57 | metrics: 58 | enabled: false 59 | ## Metrics exporter port 60 | port: 9419 61 | annotations: 62 | prometheus.io/scrape: "true" 63 | prometheus.io/port: "9090" 64 | ## Prometheus Service Monitor 65 | ## ref: https://github.com/coreos/prometheus-operator 66 | ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint 67 | serviceMonitor: 68 | ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry 69 | enabled: false 70 | ## Specify the namespace in which the serviceMonitor resource will be created 71 | # namespace: "" 72 | ## Specify the interval at which metrics should be scraped 73 | interval: 30s 74 | ## Specify the timeout after which the scrape is ended 75 | # scrapeTimeout: 30s 76 | ## Specify Metric Relabellings to add to the scrape endpoint 77 | # relabellings: 78 | ## Specify honorLabels parameter to add the scrape endpoint 79 | honorLabels: false 80 | ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with 81 | ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec 82 | additionalLabels: {} 83 | 84 | 85 | 86 | # Chart values https://github.com/helm/charts/blob/master/stable/memcached/values.yaml 87 | memcached: 88 | install: true 89 | 90 | # Chart values https://github.com/helm/charts/blob/master/stable/rabbitmq/values.yaml 91 | rabbitmq: 92 | install: true 93 | rabbitmq: 94 | username: awx 95 | password: awx 96 | ## Configution file content https://www.rabbitmq.com/configure.html#configuration-files 97 | configuration: |- 98 | ## Clustering 99 | cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s 100 | cluster_formation.k8s.host = kubernetes.default.svc.cluster.local 101 | cluster_formation.node_cleanup.interval = 10 102 | cluster_formation.node_cleanup.only_log_warning = false 103 | cluster_partition_handling = autoheal 104 | ## queue master locator 105 | queue_master_locator=min-masters 106 | ## enable guest user 107 | loopback_users.guest = false 108 | ## awx vhost 109 | default_vhost = awx 110 | 111 | # Chart values https://github.com/helm/charts/blob/master/stable/postgresql/values.yaml 112 | postgresql: 113 | install: true 114 | image: 115 | registry: docker.io 116 | repository: bitnami/postgresql 117 | tag: 9.6 118 | postgresqlUsername: postgres 119 | postgresqlPassword: awx 120 | postgresqlDatabase: awx 121 | persistence: 122 | enabled: true 123 | metrics: 124 | enabled: false 125 | 126 | resources: {} 127 | # We usually recommend not to specify default resources and to leave this as a conscious 128 | # choice for the user. This also increases chances charts run on environments with little 129 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 130 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 131 | # limits: 132 | # cpu: 100m 133 | # memory: 128Mi 134 | # requests: 135 | # cpu: 100m 136 | # memory: 128Mi 137 | 138 | nodeSelector: {} 139 | 140 | tolerations: [] 141 | 142 | affinity: {} 143 | --------------------------------------------------------------------------------