Closed rooftopcellist closed 3 years ago
If AWX Resource deployments are needed in multiple namespaces, multiple awx-resource-operators can be deployed to accomplish this.
Do we have to modify the namespace
on Role
and ClusterRole
manually to accomplish this?
@Zokormazo absolutely right, I have removed spots where the namespace had been hard-coded, as we talked about.
The latest commit on this PR makes it possible to template out the tower-resource-operator.yaml definition file.
Benefits:
Example usage for testing changes by building images:
# Set Context
kubectl config set-context --current --namespace=default
# Build & Push Operator
operator-sdk build quay.io/chadams/awx-resource-operator:dev
docker push quay.io/chadams/awx-resource-operator:dev
# Build job launch job container
docker build -t quay.io/chadams/operator-job-run:dev -f build/Dockerfile.runner .
docker push quay.io/chadams/operator-job-run:dev
# Template tower-resource-operator.yaml file
ansible-playbook ansible/chain-operator-files.yml -e operator_image=quay.io/chadams/awx-resource-operator -e operator_version=dev -e runner_image=quay.io/chadams/operator-job-run -e runner_version=dev
# Deploy the Operator'
kubectl create -f deploy/tower-resource-operator.yaml
This can now be deployed to any namespace (not just tower-operator ns).
There are no longer any access errors when deploying.
role.rbac.authorization.k8s.io/tower-resource-operator created
rolebinding.rbac.authorization.k8s.io/tower-resource-operator created
serviceaccount/tower-resource-operator created
customresourcedefinition.apiextensions.k8s.io/ansiblejobs.tower.ansible.com created
customresourcedefinition.apiextensions.k8s.io/jobtemplates.tower.ansible.com created
deployment.apps/tower-resource-operator created
$ oc get pods
NAME READY STATUS RESTARTS AGE
tower-resource-operator-5695559dd-ckw27 1/1 Running 0 12m
$ oc get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
tower-resource-operator 1/1 1 1 12m
Related awx-operator PR: https://github.com/ansible/awx-operator/pull/541
I propose we move the awx-resource-operator from a cluster-scoped operator to a namespace-scoped operator. At a high level this means only Roles for service accounts, no ClusterRoles, and it also means that operators & AWX Resource deployments will have a 1-to-1 relationship.