feat: Add support for AWX installation via AWX Operator (#122)

add-ons/awx-operator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

add-ons/awx-operator/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 2.19.1
+description: A Helm chart for the AWX Operator
+name: awx-operator
+type: application
+version: 2.19.1

add-ons/awx-operator/README.md

@@ -0,0 +1,33 @@
+# awx-operator
+
+![Version: 2.19.1](https://img.shields.io/badge/Version-2.19.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.19.1](https://img.shields.io/badge/AppVersion-2.19.1-informational?style=flat-square)
+
+A Helm chart for the AWX Operator
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| AWX.enabled | bool | `true` |  |
+| AWX.name | string | `"awx"` |  |
+| AWX.postgres.dbName | string | `"awx"` |  |
+| AWX.postgres.enabled | bool | `true` |  |
+| AWX.postgres.host | string | `"awx-primary.awx-operator.svc"` |  |
+| AWX.postgres.port | int | `5432` |  |
+| AWX.postgres.sslmode | string | `"prefer"` |  |
+| AWX.postgres.type | string | `"unmanaged"` |  |
+| AWX.postgres.username | string | `"awx"` |  |
+| AWX.spec.admin_user | string | `"admin"` |  |
+| AWX.spec.image | string | `"quay.io/ansible/awx"` |  |
+| AWX.spec.image_version | string | `"24.6.1"` |  |
+| AWX.spec.ingress_hosts[0].hostname | string | `"awx.example.com"` |  |
+| AWX.spec.ingress_path | string | `"/"` |  |
+| AWX.spec.ingress_path_type | string | `"Prefix"` |  |
+| AWX.spec.ingress_type | string | `"ingress"` |  |
+| eso.enabled | bool | `true` | Install components of the ESO. |
+| eso.generic.secretStore.providerConfig | object | `{}` | Defines SecretStore provider configuration. |
+| eso.secretName | string | `"/edp/eks/addons/awx-operator"` | Value name in AWS ParameterStore, AWS SecretsManager or other Secret Store. |
+| eso.secretStoreName | string | `"aws-parameterstore"` | Defines Secret Store name. |
+| eso.type | string | `"aws"` | Defines provider type. One of `aws` or `generic`. |
+| oidc.enabled | bool | `true` |  |
+

add-ons/awx-operator/templates/NOTES.txt

@@ -0,0 +1 @@
+AWX Operator installed with Helm Chart version 2.19.1

add-ons/awx-operator/templates/_helpers.tpl

@@ -0,0 +1,6 @@
+{{/*
+Generate the name of the postgres secret, expects AWX context passed in
+*/}}
+{{- define "postgres.secretName" -}}
+{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }}
+{{- end }}

add-ons/awx-operator/templates/awx-deploy.yaml

@@ -0,0 +1,28 @@
+{{- if $.Values.AWX.enabled }}
+{{- with .Values.AWX }}
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+{{- /* Provide custom persistent volumes configs if enabled */}}
+{{- include "spec.storageClassNames" $ }}
+{{- /* Provide custom secrets configs if enabled */}}
+{{- include "spec.secrets" $ }}
+{{- /* Include raw map from the values file spec */}}
+{{ .spec | toYaml | indent 2 }}
+{{- /* Provide security context defaults */}}
+  {{- if not (hasKey .spec "security_context_settings") }}
+  security_context_settings:
+    runAsGroup: 0
+    runAsUser: 0
+    fsGroup: 0
+    fsGroupChangePolicy: OnRootMismatch
+  {{- end }}
+{{- /* Postgres configs if enabled and not already present */}}
+  {{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }}
+  postgres_configuration_secret: {{ include "postgres.secretName" $ }}
+  {{- end }}
+{{- end }}
+{{- end }}

add-ons/awx-operator/templates/clusterrole-awx-operator-metrics-reader.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    helm.sh/chart: awx-operator
+  name: awx-operator-metrics-reader-{{ .Release.Name }}
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get

add-ons/awx-operator/templates/clusterrole-awx-operator-proxy-role.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    helm.sh/chart: awx-operator
+  name: awx-operator-proxy-role-{{ .Release.Name }}
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create

add-ons/awx-operator/templates/clusterrolebinding-awx-operator-proxy-rolebinding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    helm.sh/chart: awx-operator
+  name: awx-operator-proxy-rolebinding-{{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: awx-operator-proxy-role-{{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: awx-operator-controller-manager
+    namespace: '{{ .Release.Namespace }}'

add-ons/awx-operator/templates/configmap-awx-operator-awx-manager-config.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+data:
+  controller_manager_config.yaml: |
+    apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+    kind: ControllerManagerConfig
+    health:
+      healthProbeBindAddress: :6789
+    metrics:
+      bindAddress: 127.0.0.1:8080
+
+    leaderElection:
+      leaderElect: true
+      resourceName: 811c9dc5.ansible.com
+    # leaderElectionReleaseOnCancel defines if the leader should step down volume
+    # when the Manager ends. This requires the binary to immediately end when the
+    # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+    # speeds up voluntary leader transitions as the new leader don't have to wait
+    # LeaseDuration time first.
+    # In the default scaffold provided, the program ends immediately after
+    # the manager stops, so would be fine to enable this option. However,
+    # if you are doing or is intended to do any operation such as perform cleanups
+    # after the manager stops then its usage might be unsafe.
+    # leaderElectionReleaseOnCancel: true
+kind: ConfigMap
+metadata:
+  labels:
+    helm.sh/chart: awx-operator
+  name: awx-operator-awx-manager-config

add-ons/awx-operator/templates/crds/customresourcedefinition-awxbackups.awx.ansible.com.yaml

@@ -0,0 +1,142 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    helm.sh/chart: awx-operator
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      schema:
+        openAPIV3Schema:
+          description: Schema validation for the AWXBackup CRD
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                additional_labels:
+                  description: Additional labels defined on the resource, which should be propagated to child resources
+                  items:
+                    type: string
+                  type: array
+                backup_pvc:
+                  description: Name of the backup PVC
+                  type: string
+                backup_pvc_namespace:
+                  description: (Deprecated) Namespace the PVC is in
+                  type: string
+                backup_resource_requirements:
+                  description: Resource requirements for the management pod used to create a backup
+                  properties:
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                      type: object
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                      type: object
+                  type: object
+                backup_storage_class:
+                  description: Storage class to use when creating PVC for backup
+                  type: string
+                backup_storage_requirements:
+                  description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
+                  type: string
+                clean_backup_on_delete:
+                  description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
+                  type: boolean
+                db_management_pod_node_selector:
+                  description: nodeSelector for the Postgres pods to backup
+                  type: string
+                deployment_name:
+                  description: Name of the deployment to be backed up
+                  type: string
+                image_pull_policy:
+                  default: IfNotPresent
+                  description: The image pull policy
+                  enum:
+                    - Always
+                    - always
+                    - Never
+                    - never
+                    - IfNotPresent
+                    - ifnotpresent
+                  type: string
+                no_log:
+                  default: true
+                  description: Configure no_log for no_log tasks
+                  type: boolean
+                pg_dump_suffix:
+                  description: Additional parameters for the pg_dump command
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for backing up data
+                  type: string
+                precreate_partition_hours:
+                  description: Number of hours worth of events table partitions to precreate before backup to avoid pg_dump locks.
+                  format: int32
+                  type: integer
+                set_self_labels:
+                  default: true
+                  description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                  type: boolean
+              required:
+                - deployment_name
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+            status:
+              properties:
+                backupClaim:
+                  description: Backup persistent volume claim
+                  type: string
+                backupDirectory:
+                  description: Backup directory name on the specified pvc
+                  type: string
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      reason:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    type: object
+                  type: array
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}