106d90aeb3
Remove launch scripts from configmaps
...
The duplication of these scripts has been bothering me for a while. They dont
get enough usage to justify their existence.
2020-12-22 09:12:03 -05:00
8788c904c8
Revert: Force containers in k8s to run under root group
...
This reverts most of:
https://github.com/ansible/awx/commit/423df6618d1f5484ea428dcd32371e67bb4c49d4
Since https://github.com/sclorg/redis-container/pull/62 is now shipped downstream
2020-12-08 13:06:00 -05:00
e85a32d463
Fix typo in deployment template
2020-12-08 13:00:14 -05:00
b6b87aea76
Use literal quotation marks for Kubernetes annotations instead of quote filter
2020-12-04 14:34:08 -05:00
182ff3464e
Fix typo for kubernetes_service_account_annotations variable
2020-12-04 14:02:51 -05:00
973c9d313e
Merge pull request #8751 from hjkatz/patch-4
...
Separate Kubernetes Ingress TLS spec from backend spec
Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2020-12-04 17:03:26 +00:00
52646362c3
Merge pull request #8747 from hjkatz/patch-3
...
Add Kubernetes Service support for annotations
Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2020-12-04 15:53:39 +00:00
8a433f30e4
Merge pull request #8746 from hjkatz/patch-2
...
Add quotes to kubernetes annotations
Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2020-12-04 15:53:35 +00:00
6ab3d5301c
Separate Kubernetes Ingress TLS spec from backend spec
2020-12-04 10:50:49 -05:00
8b4b54d2c4
Add Kubernetes Service support for annotations
2020-12-03 18:36:02 -05:00
701deb2268
Add quotes to kubernetes annotations
2020-12-03 18:28:50 -05:00
85adc4a0ab
Remove duplicate spec key from Ingress for kubernetes template
2020-12-03 18:18:18 -05:00
a50e32d4ea
Add support for Kubernetes Pod annotations
...
Variable `kubernetes_pod_annotations` will add annotations to Kubernetes pods
2020-10-21 19:59:11 -04:00
23c386223c
Add Kubernetes Deployment support for annotations
...
Annotations are only supported for ingress and service accounts
This PR will allow you now to specify annotations for Kubernetes Deployment
resources by defining `kubernetes_deployment_annotations` var list
2020-10-19 16:33:54 -04:00
512da5a01c
Add custom root ca certificate via configmap
...
Signed-off-by: Brant Evans <bevans@redhat.com >
2020-09-22 16:42:39 -07:00
8d5914b3f1
K8s ServiceAccount variabilization
2020-09-14 17:37:45 +02:00
07160d9719
Add kubernetes_web_svc_type variable to installer/inventory
...
awx-web-svc is now settable, e.g. ClusterIP or NodePort. Default
is NodePort
2020-07-29 14:18:10 -04:00
75c6c068a7
Remove the NodePort type for the web svc.
2020-07-17 12:51:29 -04:00
e26387cdf3
Remove references to old images
2020-07-01 14:57:48 -04:00
5ca66ac806
Merge pull request #7317 from shanemcd/redis-root-group
...
Force containers in k8s to run under root group
Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2020-06-16 23:41:42 +00:00
423df6618d
Force containers in k8s to run under root group
...
Normally containers belong to the 'root' group, but for some reason the
downstream red hat scl redis image only belongs to the 'redis' group by default. This fixes that.
2020-06-10 13:40:15 -04:00
eb5970b4a1
merge and resolve conflicts
2020-06-10 16:01:17 +02:00
d2bbe7aa1a
remove memcache from everywhere and add djagno-redis to cover it
2020-06-09 10:24:23 -04:00
1e6437b773
Resolve conflict 2
2020-06-06 00:17:26 +02:00
7d0c49c043
Fix conflict
2020-06-05 23:41:20 +02:00
64e3135754
Only build one awx image instead of separate web and task images
2020-06-03 10:48:48 -04:00
559d917184
Make supervisor more consistent
...
Configs go in /etc, sockets in /var/run/supervisor for all invocations.
2020-06-02 19:51:16 -04:00
4a9603a7ea
Allow priv container for awx_task and option to create psp
2020-05-29 20:24:49 +02:00
b13a175668
Reshape security context for AWX containers
2020-05-29 12:35:45 +02:00
736e7a33ac
Fixes ca_trust_dir mapping for k8s and openshift
...
Signed-off-by: Marcelo Moreira de Mello <tchello.mello@gmail.com >
2020-05-15 02:37:33 -04:00
7659ffca1e
fixed ingress template
2020-04-27 14:33:42 -07:00
7bfc99a615
don't expose redis port
2020-04-17 15:34:11 -04:00
c8ceb62269
Rename awx rsyslog socket and PID dir
2020-04-15 14:11:15 -04:00
ca7c840d8c
Fix permissions on rsyslog.conf for k8s
2020-04-13 19:33:23 -04:00
e52cebc28e
rsyslogd: use %rawmsg-after-pri% instead of %msg%
...
after some prolonged RFC reading and tinkering w/ rsyslogd...
cpython's SysLogHandler doesn't emit RFC3164 formatted messages
in the format you'd expect; it's missing the ISO date, hostname, etc...
along with other header values; the handler implementation relies on you
to specify a syslog-like formatter (we've replaced all of this with our
own *custom* logstash-esque formatter that effectively outputs valid JSON
- without dates and other syslog header values prepended)
because of this unanticipated format, rsyslogd chokes when trying to
parse the message's parts; AWX is emitting:
<priority>RAWJSON
...so the usage of `%msg%` isn't going to work for us, because rsyslog
tries to parse *all* of the possible headers (and yells, because it
can't find a date to parse):
see: https://www.rsyslog.com/files/temp/doc-indent/configuration/properties.html#message-properties
this is fine, because we don't *need* any of that message parsing
anyways; in the end, we're *just* interested in forwarding the raw
JSON/text content to the third party log handler
2020-04-13 11:44:00 -04:00
e740340793
ConfigMap rsyslog conf files for k8
2020-04-13 11:43:59 -04:00
996d7ce054
Move supervisor and rsyslog sock files to their own dirs under /var/run
2020-04-13 11:43:59 -04:00
c0af3c537b
Configure rsyslog to listen over a unix domain socket instead of a port
...
- Add a placeholder rsyslog.conf so it doesn't fail on start
- Create access restricted directory for unix socket to be created in
- Create RSyslogHandler to exit early when logging socket doesn't exist
- Write updated logging settings when dispatcher comes up and restart rsyslog so they take effect
- Move rsyslogd to the web container and create rpc supervisor.sock
- Add env var for supervisor.conf path
2020-04-13 11:43:59 -04:00
c06188da56
align with openshift
2020-04-06 09:16:46 -04:00
37a715c680
use memcached unix domain socket rather than tcp
2020-04-06 08:35:12 -04:00
6d60e7dadc
align with openshift
2020-04-02 13:56:33 -04:00
346b9b9e3e
ConfigMap supervisor configs and launch scripts for k8s
2020-04-02 13:56:33 -04:00
99384b1db9
Merge pull request #6506 from shanemcd/stateless-set
...
Switch from StatefulSet to Deployment
Reviewed-by: Matthew Jones <mat@matburt.net >
https://github.com/matburt
2020-04-02 17:51:25 +00:00
929f4bfb81
start redis container with conf file
2020-04-02 11:13:35 -04:00
3060505110
Switch from StatefulSet to Deployment
...
We can do this now that we dropped RabbitMQ.
2020-04-02 09:24:49 -04:00
770b457430
redis socket support
2020-03-18 16:10:19 -04:00
45ce6d794e
Initial migration of rabbitmq -> redis for k8s installs
2020-03-18 16:10:17 -04:00
ed8133be2d
add Service Account annotation
...
Signed-off-by: Donovan Murphy <dono@dono.email >
2020-02-19 20:29:42 -06:00
4dee5eddeb
Merge pull request #5989 from egmar/support-for-imagePullSecrets
...
Added support for K8S imagePullSecrets
Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2020-02-19 19:45:12 +00:00
74a31224e0
Moved imagePullSecrets into ServiceAccount definition
2020-02-19 10:45:07 +02:00
Shane McDonald
Harrison Katz
softwarefactory-project-zuul[bot]
Nicolas G
Brant Evans
Martinho Moreira
Seth Foster
Joseph Pisciotta
Shane McDonald
mosad
Rebeccah
Bill Nottingham
Marcelo Moreira de Mello
Vyacheslav Andreykiv (Intel)
Ryan Petrello
Christian Adams
chris meyers
Donovan Murphy
Egor Margineanu