summaryrefslogtreecommitdiffstats
path: root/tools/docker-compose-minikube
diff options
context:
space:
mode:
Diffstat (limited to 'tools/docker-compose-minikube')
-rw-r--r--tools/docker-compose-minikube/deploy.yml6
-rw-r--r--tools/docker-compose-minikube/minikube/defaults/main.yml13
-rw-r--r--tools/docker-compose-minikube/minikube/tasks/main.yml81
-rw-r--r--tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j242
-rw-r--r--tools/docker-compose-minikube/minikube/templates/rbac.yml.j238
5 files changed, 180 insertions, 0 deletions
diff --git a/tools/docker-compose-minikube/deploy.yml b/tools/docker-compose-minikube/deploy.yml
new file mode 100644
index 0000000000..6425a2c52a
--- /dev/null
+++ b/tools/docker-compose-minikube/deploy.yml
@@ -0,0 +1,6 @@
+---
+- name: Deploy Minikube and connect with AWX
+ hosts: localhost
+ gather_facts: true
+ roles:
+ - {role: minikube}
diff --git a/tools/docker-compose-minikube/minikube/defaults/main.yml b/tools/docker-compose-minikube/minikube/defaults/main.yml
new file mode 100644
index 0000000000..42ee8bdbe7
--- /dev/null
+++ b/tools/docker-compose-minikube/minikube/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+sources_dest: '_sources'
+driver: 'docker'
+
+minikube_url_linux: 'https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64'
+minikube_url_macos: 'https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64'
+
+kubectl_url_linux: 'https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl'
+kubectl_url_macos: 'https://dl.k8s.io/release/v1.21.0/bin/darwin/amd64/kubectl'
+
+# Service Account Name
+minikube_service_account_name: 'awx-devel'
+minikube_service_account_namespace: 'default'
diff --git a/tools/docker-compose-minikube/minikube/tasks/main.yml b/tools/docker-compose-minikube/minikube/tasks/main.yml
new file mode 100644
index 0000000000..aa2c4c8c8d
--- /dev/null
+++ b/tools/docker-compose-minikube/minikube/tasks/main.yml
@@ -0,0 +1,81 @@
+---
+- name: Create _sources directory
+ file:
+ path: "{{ sources_dest }}"
+ state: 'directory'
+ mode: '0700'
+
+# Linux block
+- block:
+ - name: Download Minikube
+ get_url:
+ url: "{{ minikube_url_linux }}"
+ dest: "{{ sources_dest }}/minikube"
+ mode: 0755
+
+ - name: Download Kubectl
+ get_url:
+ url: "{{ kubectl_url_linux }}"
+ dest: "{{ sources_dest }}/kubectl"
+ mode: 0755
+ when:
+ - ansible_architecture == "x86_64"
+ - ansible_system == "Linux"
+
+# MacOS block
+- block:
+ - name: Download Minikube
+ get_url:
+ url: "{{ minikube_url_macos }}"
+ dest: "{{ sources_dest }}/minikube"
+ mode: 0755
+
+ - name: Download Kubectl
+ get_url:
+ url: "{{ kubectl_url_macos }}"
+ dest: "{{ sources_dest }}/kubectl"
+ mode: 0755
+ when:
+ - ansible_architecture == "x86_64"
+ - ansible_system == "Darwin"
+
+- name: Starting Minikube
+ shell: "{{ sources_dest }}/minikube start --driver={{ driver }} --install-addons=true --addons=ingress"
+
+- name: Create ServiceAccount and clusterRoleBinding
+ k8s:
+ apply: true
+ definition: "{{ lookup('template', 'rbac.yml.j2') }}"
+
+- name: Retrieve serviceAccount secret name
+ k8s_info:
+ kind: ServiceAccount
+ namespace: '{{ minikube_service_account_namespace }}'
+ name: '{{ minikube_service_account_name }}'
+ register: service_account
+
+- name: Register serviceAccount secret name
+ set_fact:
+ _service_account_secret_name: '{{ service_account["resources"][0]["secrets"][0]["name"] }}'
+ when:
+ - service_account["resources"][0]["secrets"] | length
+ - '"name" in service_account["resources"][0]["secrets"][0]'
+
+- name: Retrieve bearer_token from serviceAccount secret
+ k8s_info:
+ kind: Secret
+ namespace: '{{ minikube_service_account_namespace }}'
+ name: '{{ _service_account_secret_name }}'
+ register: _service_account_secret
+
+- name: Load Minikube Bearer Token
+ set_fact:
+ service_account_token: '{{ _service_account_secret["resources"][0]["data"]["token"] | b64decode }}'
+ when:
+ - _service_account_secret["resources"][0]["data"] | length
+
+- name: Render minikube credential JSON template
+ template:
+ src: bootstrap_minikube.py.j2
+ dest: "{{ sources_dest }}/bootstrap_minikube.py"
+ mode: '0600'
diff --git a/tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j2 b/tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j2
new file mode 100644
index 0000000000..861ba5e23a
--- /dev/null
+++ b/tools/docker-compose-minikube/minikube/templates/bootstrap_minikube.py.j2
@@ -0,0 +1,42 @@
+# Create Openshift/Kubernetes credential for Minikube
+# This script gets called by the bootstrap_development process
+# awx-manage shell_plus --quiet < bootstrap_minikube.py
+
+from awx.main.utils.encryption import encrypt_field
+
+NAME = 'Minikube'
+
+POD_SPEC = """apiVersion: v1
+kind: Pod
+metadata:
+ namespace: {{ minikube_service_account_namespace }}
+spec:
+ containers:
+ - image: 'quay.io/ansible/awx-ee:devel'
+ name: worker
+ args:
+ - ansible-runner
+ - worker
+ - '--private-data-dir=/runner'"""
+
+# Creates Minikube credential
+if not Credential.objects.filter(name=NAME).count():
+ cred = Credential()
+ cred.name = NAME
+ cred.credential_type = CredentialType.objects.get(name='OpenShift or Kubernetes API Bearer Token')
+ cred.description = 'Minikube Devel'
+ cred.inputs['host'] = 'https://minikube:8443'
+ cred.inputs['verify_ssl'] = False
+ cred.inputs['bearer_token'] = '{{ service_account_token }}'
+ encrypt_field(cred, 'bearer_token', secret_key=settings.SECRET_KEY)
+ cred.save()
+
+# Create Container Group for Minikube
+if not InstanceGroup.objects.filter(name=NAME).count():
+ ccgrp = InstanceGroup()
+ ccgrp.name = NAME
+ ccgrp.credential = cred
+ ccgrp.pod_spec_override = POD_SPEC
+ ccgrp.is_container_group = True
+ ccgrp.save()
+
diff --git a/tools/docker-compose-minikube/minikube/templates/rbac.yml.j2 b/tools/docker-compose-minikube/minikube/templates/rbac.yml.j2
new file mode 100644
index 0000000000..642e2d94ca
--- /dev/null
+++ b/tools/docker-compose-minikube/minikube/templates/rbac.yml.j2
@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ minikube_service_account_name }}
+ namespace: {{ minikube_service_account_namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ minikube_service_account_name }}
+ namespace: {{ minikube_service_account_namespace }}
+rules:
+- apiGroups: [""] # "" indicates the core API group
+ resources: ["pods"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: [""]
+ resources: ["pods/log"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["pods/attach"]
+ verbs: ["create"]
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "create", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ minikube_service_account_name }}
+ namespace: {{ minikube_service_account_namespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ minikube_service_account_name }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ minikube_service_account_name }}