--- apiVersion: v1 kind: ServiceAccount metadata: name: awx namespace: {{ kubernetes_namespace }} {% if kubernetes_service_account_annotations is defined %} annotations: {% for key, value in kubernetes_service_account_annotations.items() %} {{ key }}: {{ value }} {% endfor %} {% endif %} {% if kubernetes_image_pull_secrets is defined %} imagePullSecrets: - name: "{{ kubernetes_image_pull_secrets }}" {% endif %} --- apiVersion: {{ kubernetes_deployment_api_version }} kind: Deployment metadata: name: {{ kubernetes_deployment_name }} namespace: {{ kubernetes_namespace }} {% if openshift_host is defined %} labels: app: {{ kubernetes_deployment_name }} {% endif %} spec: replicas: 1 {% if kubernetes_deployment_api_version == "apps/v1" %} selector: matchLabels: app: {{ kubernetes_deployment_name }} {% endif %} template: metadata: labels: name: {{ kubernetes_deployment_name }}-web-deploy service: django app: {{ kubernetes_deployment_name }} spec: serviceAccountName: awx terminationGracePeriodSeconds: 10 {% if custom_venvs is defined %} {% set trusted_hosts = "" %} initContainers: - image: 'centos:7' name: init-custom-venvs {% if http_proxy is defined or https_proxy is defined %} {% set trusted_hosts = "--trusted-host pypi.org --trusted-host files.pythonhosted.org --trusted-host pypi.python.org" %} env: {% if http_proxy is defined %} - name: http_proxy value: {{ http_proxy }} {% endif %} {% if https_proxy is defined %} - name: https_proxy value: {{ https_proxy }} {% endif %} {% if no_proxy is defined %} - name: no_proxy value: {{ no_proxy }} {% endif %} {% endif %} command: - sh - '-c' - >- yum install -y ansible curl python-setuptools epel-release \ openssl openssl-devel gcc python-devel && yum install -y python-virtualenv python36 python36-devel && mkdir -p {{ custom_venvs_path }} && {% for custom_venv in custom_venvs %} virtualenv -p {{ custom_venv.python | default(custom_venvs_python) }} \ {{ custom_venvs_path }}/{{ custom_venv.name }} && source {{ custom_venvs_path }}/{{ custom_venv.name }}/bin/activate && {{ custom_venvs_path }}/{{ custom_venv.name }}/bin/pip install {{ trusted_hosts }} -U psutil \ "ansible=={{ custom_venv.python_ansible_version }}" && {% if custom_venv.python_modules is defined %} {{ custom_venvs_path }}/{{ custom_venv.name }}/bin/pip install {{ trusted_hosts }} -U \ {% for module in custom_venv.python_modules %}{{ module }} {% endfor %} && {% endif %} deactivate && {% endfor %} : volumeMounts: - name: custom-venvs mountPath: {{ custom_venvs_path }} {% endif %} containers: - name: {{ kubernetes_deployment_name }}-web image: "{{ kubernetes_web_image }}:{{ kubernetes_web_version }}" imagePullPolicy: Always ports: - containerPort: 8052 {% if ca_trust_dir is defined %} env: - name: REQUESTS_CA_BUNDLE value: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem {% endif %} volumeMounts: - name: supervisor-socket mountPath: "/var/run/supervisor" - name: rsyslog-socket mountPath: "/var/run/awx-rsyslog" - name: rsyslog-dir mountPath: "/var/lib/awx/rsyslog" {% if ca_trust_dir is defined %} - name: {{ kubernetes_deployment_name }}-ca-trust-dir mountPath: "{{ ca_trust_dir }}" readOnly: true {% endif %} {% if project_data_dir is defined %} - name: {{ kubernetes_deployment_name }}-project-data-dir mountPath: "/var/lib/awx/projects" readOnly: false {% endif %} {% if custom_venvs is defined %} - name: custom-venvs mountPath: {{ custom_venvs_path }} {% endif %} - name: {{ kubernetes_deployment_name }}-application-config mountPath: "/etc/tower/settings.py" subPath: settings.py readOnly: true - name: {{ kubernetes_deployment_name }}-nginx-config mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true - name: "{{ kubernetes_deployment_name }}-application-credentials" mountPath: "/etc/tower/conf.d/" readOnly: true - name: {{ kubernetes_deployment_name }}-launch-awx-web mountPath: "/usr/bin/launch_awx.sh" subPath: "launch_awx.sh" readOnly: true - name: {{ kubernetes_deployment_name }}-launch-awx-task mountPath: "/usr/bin/launch_awx_task.sh" subPath: "launch_awx_task.sh" readOnly: true - name: {{ kubernetes_deployment_name }}-supervisor-web-config mountPath: "/etc/supervisord.conf" subPath: supervisor.conf readOnly: true - name: {{ kubernetes_deployment_name }}-supervisor-task-config mountPath: "/etc/supervisord_task.conf" subPath: supervisor_task.conf readOnly: true - name: {{ kubernetes_deployment_name }}-secret-key mountPath: "/etc/tower/SECRET_KEY" subPath: SECRET_KEY readOnly: true - name: {{ kubernetes_deployment_name }}-redis-socket mountPath: "/var/run/redis" - name: {{ kubernetes_deployment_name }}-memcached-socket mountPath: "/var/run/memcached" resources: requests: memory: "{{ web_mem_request }}Gi" cpu: "{{ web_cpu_request }}m" {% if web_mem_limit is defined or web_cpu_limit is defined %} limits: {% endif %} {% if web_mem_limit is defined %} memory: "{{ web_mem_limit }}Gi" {% endif %} {% if web_cpu_limit is defined %} cpu: "{{ web_cpu_limit }}m" {% endif %} - name: {{ kubernetes_deployment_name }}-task securityContext: privileged: true image: "{{ kubernetes_task_image }}:{{ kubernetes_task_version }}" command: - /usr/bin/launch_awx_task.sh imagePullPolicy: Always volumeMounts: - name: supervisor-socket mountPath: "/var/run/supervisor" - name: rsyslog-socket mountPath: "/var/run/awx-rsyslog" - name: rsyslog-dir mountPath: "/var/lib/awx/rsyslog" {% if ca_trust_dir is defined %} - name: {{ kubernetes_deployment_name }}-ca-trust-dir mountPath: "{{ ca_trust_dir }}" readOnly: true {% endif %} {% if custom_venvs is defined %} - name: custom-venvs mountPath: {{ custom_venvs_path }} {% endif %} - name: {{ kubernetes_deployment_name }}-application-config mountPath: "/etc/tower/settings.py" subPath: settings.py readOnly: true - name: "{{ kubernetes_deployment_name }}-application-credentials" mountPath: "/etc/tower/conf.d/" readOnly: true - name: {{ kubernetes_deployment_name }}-launch-awx-web mountPath: "/usr/bin/launch_awx.sh" subPath: "launch_awx.sh" readOnly: true - name: {{ kubernetes_deployment_name }}-launch-awx-task mountPath: "/usr/bin/launch_awx_task.sh" subPath: "launch_awx_task.sh" readOnly: true - name: {{ kubernetes_deployment_name }}-supervisor-web-config mountPath: "/etc/supervisord.conf" subPath: supervisor.conf readOnly: true - name: {{ kubernetes_deployment_name }}-supervisor-task-config mountPath: "/etc/supervisord_task.conf" subPath: supervisor_task.conf readOnly: true - name: {{ kubernetes_deployment_name }}-secret-key mountPath: "/etc/tower/SECRET_KEY" subPath: SECRET_KEY readOnly: true - name: {{ kubernetes_deployment_name }}-redis-socket mountPath: "/var/run/redis" - name: {{ kubernetes_deployment_name }}-memcached-socket mountPath: "/var/run/memcached" env: - name: SUPERVISOR_WEB_CONFIG_PATH value: "/etc/supervisord.conf" - name: AWX_SKIP_MIGRATIONS value: "1" - name: MY_POD_UID valueFrom: fieldRef: fieldPath: metadata.uid - name: MY_POD_IP valueFrom: fieldRef: fieldPath: status.podIP {% if ca_trust_dir is defined %} - name: REQUESTS_CA_BUNDLE value: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem {% endif %} resources: requests: memory: "{{ task_mem_request }}Gi" cpu: "{{ task_cpu_request }}m" {% if task_mem_limit is defined or task_cpu_limit is defined %} limits: {% endif %} {% if task_mem_limit is defined %} memory: "{{ task_mem_limit }}Gi" {% endif %} {% if task_cpu_limit is defined %} cpu: "{{ task_cpu_limit }}m" {% endif %} - name: {{ kubernetes_deployment_name }}-redis image: {{ kubernetes_redis_image }}:{{ kubernetes_redis_image_tag }} imagePullPolicy: Always args: ["redis-server", "{{ kubernetes_redis_config_mount_path }}"] volumeMounts: - name: {{ kubernetes_deployment_name }}-redis-config mountPath: "{{ kubernetes_redis_config_mount_path }}" subPath: redis.conf readOnly: true - name: {{ kubernetes_deployment_name }}-redis-socket mountPath: "/var/run/redis" resources: requests: memory: "{{ redis_mem_request }}Gi" cpu: "{{ redis_cpu_request }}m" {% if redis_mem_limit is defined or redis_cpu_limit is defined %} limits: {% endif %} {% if redis_mem_limit is defined %} memory: "{{ redis_mem_limit }}Gi" {% endif %} {% if redis_cpu_limit is defined %} cpu: "{{ redis_cpu_limit }}m" {% endif %} - name: {{ kubernetes_deployment_name }}-memcached image: "{{ kubernetes_memcached_image }}:{{ kubernetes_memcached_version }}" imagePullPolicy: Always command: - 'memcached' - '-s' - '/var/run/memcached/memcached.sock' - '-a' - '0666' volumeMounts: - name: {{ kubernetes_deployment_name }}-memcached-socket mountPath: "/var/run/memcached" resources: requests: memory: "{{ memcached_mem_request }}Gi" cpu: "{{ memcached_cpu_request }}m" {% if memcached_mem_limit is defined or memcached_cpu_limit is defined %} limits: {% endif %} {% if memcached_mem_limit is defined %} memory: "{{ memcached_mem_limit }}Gi" {% endif %} {% if memcached_cpu_limit is defined %} cpu: "{{ memcached_cpu_limit }}m" {% endif %} {% if tolerations is defined %} tolerations: {{ tolerations | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }} {% endif %} {% if node_selector is defined %} nodeSelector: {{ node_selector | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }} {% endif %} {% if affinity is defined %} affinity: {{ affinity | to_nice_yaml(indent=2) | indent(width=8, indentfirst=True) }} {% endif %} volumes: - name: supervisor-socket emptyDir: {} - name: rsyslog-socket emptyDir: {} - name: rsyslog-dir emptyDir: {} {% if ca_trust_dir is defined %} - name: {{ kubernetes_deployment_name }}-ca-trust-dir hostPath: path: "{{ ca_trust_dir }}" type: Directory {% endif %} {% if project_data_dir is defined %} - name: {{ kubernetes_deployment_name }}-project-data-dir hostPath: path: "{{ project_data_dir }}" type: Directory {% endif %} {% if custom_venvs is defined %} - name: custom-venvs emptyDir: {} {% endif %} - name: {{ kubernetes_deployment_name }}-application-config configMap: name: {{ kubernetes_deployment_name }}-config items: - key: {{ kubernetes_deployment_name }}_settings path: settings.py - name: {{ kubernetes_deployment_name }}-nginx-config configMap: name: {{ kubernetes_deployment_name }}-config items: - key: {{ kubernetes_deployment_name }}_nginx_conf path: nginx.conf - name: {{ kubernetes_deployment_name }}-redis-config configMap: name: {{ kubernetes_deployment_name }}-config items: - key: {{ kubernetes_deployment_name }}_redis_conf path: redis.conf - name: "{{ kubernetes_deployment_name }}-application-credentials" secret: secretName: "{{ kubernetes_deployment_name }}-secrets" items: - key: credentials_py path: 'credentials.py' - key: environment_sh path: 'environment.sh' - name: {{ kubernetes_deployment_name }}-launch-awx-web configMap: name: {{ kubernetes_deployment_name }}-launch-awx items: - key: launch-awx-web path: 'launch_awx.sh' defaultMode: 0755 - name: {{ kubernetes_deployment_name }}-launch-awx-task configMap: name: {{ kubernetes_deployment_name }}-launch-awx items: - key: launch-awx-task path: 'launch_awx_task.sh' defaultMode: 0755 - name: {{ kubernetes_deployment_name }}-supervisor-web-config configMap: name: {{ kubernetes_deployment_name }}-supervisor-config items: - key: supervisor-web-config path: 'supervisor.conf' - name: {{ kubernetes_deployment_name }}-supervisor-task-config configMap: name: {{ kubernetes_deployment_name }}-supervisor-config items: - key: supervisor-task-config path: 'supervisor_task.conf' - name: {{ kubernetes_deployment_name }}-secret-key secret: secretName: "{{ kubernetes_deployment_name }}-secrets" items: - key: secret_key path: SECRET_KEY - name: {{ kubernetes_deployment_name }}-redis-socket emptyDir: {} - name: {{ kubernetes_deployment_name }}-memcached-socket emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: {{ kubernetes_deployment_name }}-web-svc namespace: {{ kubernetes_namespace }} labels: name: {{ kubernetes_deployment_name }}-web-svc spec: type: "NodePort" ports: - name: http port: 80 targetPort: 8052 selector: name: {{ kubernetes_deployment_name }}-web-deploy {% if kubernetes_context is defined %} --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ kubernetes_deployment_name }}-web-svc namespace: {{ kubernetes_namespace }} {% if kubernetes_ingress_annotations is defined %} annotations: {% for key, value in kubernetes_ingress_annotations.items() %} {{ key }}: {{ value }} {% endfor %} {% endif %} spec: {% if kubernetes_ingress_hostname is defined %} {% if kubernetes_ingress_tls_secret is defined %} tls: - hosts: - {{ kubernetes_ingress_hostname }} secretName: {{ kubernetes_ingress_tls_secret }} {% endif %} rules: - host: {{ kubernetes_ingress_hostname }} http: paths: - path: / backend: serviceName: {{ kubernetes_deployment_name }}-web-svc servicePort: 80 {% else %} spec: backend: serviceName: {{ kubernetes_deployment_name }}-web-svc servicePort: 80 {% endif %} {% endif %} {% if openshift_host is defined %} --- apiVersion: v1 kind: Route metadata: name: {{ kubernetes_deployment_name }}-web-svc namespace: {{ kubernetes_namespace }} spec: port: targetPort: http tls: insecureEdgeTerminationPolicy: Redirect termination: edge to: kind: Service name: {{ kubernetes_deployment_name }}-web-svc weight: 100 wildcardPolicy: None {% endif %}