External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-06 11:11:07 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fixes ca_trust_dir mapping for k8s and openshift

Browse Source 
Signed-off-by: Marcelo Moreira de Mello <tchello.mello@gmail.com>
This commit is contained in:
Marcelo Moreira de Mello
2020-05-15 02:37:33 -04:00
parent 30610f1a62
commit 736e7a33ac
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
installer/inventory
View File

@@ -145,6 +145,8 @@ secret_key=awxsecret
# CA Trust directory. If you need to provide custom CA certificates, supplying # CA Trust directory. If you need to provide custom CA certificates, supplying
# this variable causes this directory on the host to be bind mounted over # this variable causes this directory on the host to be bind mounted over
# /etc/pki/ca-trust in the awx_task and awx_web containers. # /etc/pki/ca-trust in the awx_task and awx_web containers.
# If you are deploying on openshift or kubernetes, set the variable to /etc/pki/ca-trust instead,
# as the awx_web and awx_task containers will not run the `update-ca-trust` command.
#ca_trust_dir=/etc/pki/ca-trust/source/anchors #ca_trust_dir=/etc/pki/ca-trust/source/anchors
# Include /etc/nginx/awx_extra.conf # Include /etc/nginx/awx_extra.conf

13
installer/roles/kubernetes/templates/deployment.yml.j2
View File

@@ -93,6 +93,11 @@ spec:
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 8052 - containerPort: 8052
{% if ca_trust_dir is defined %}
env:
- name: REQUESTS_CA_BUNDLE
value: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
{% endif %}
volumeMounts: volumeMounts:
- name: supervisor-socket - name: supervisor-socket
mountPath: "/var/run/supervisor" mountPath: "/var/run/supervisor"
@@ -102,7 +107,7 @@ spec:
mountPath: "/var/lib/awx/rsyslog" mountPath: "/var/lib/awx/rsyslog"
{% if ca_trust_dir is defined %} {% if ca_trust_dir is defined %}
- name: {{ kubernetes_deployment_name }}-ca-trust-dir - name: {{ kubernetes_deployment_name }}-ca-trust-dir
mountPath: "/etc/pki/ca-trust/source/anchors/" mountPath: "{{ ca_trust_dir }}"
readOnly: true readOnly: true
{% endif %} {% endif %}
{% if project_data_dir is defined %} {% if project_data_dir is defined %}
@@ -188,7 +193,7 @@ spec:
mountPath: "/var/lib/awx/rsyslog" mountPath: "/var/lib/awx/rsyslog"
{% if ca_trust_dir is defined %} {% if ca_trust_dir is defined %}
- name: {{ kubernetes_deployment_name }}-ca-trust-dir - name: {{ kubernetes_deployment_name }}-ca-trust-dir
mountPath: "/etc/pki/ca-trust/source/anchors/" mountPath: "{{ ca_trust_dir }}"
readOnly: true readOnly: true
{% endif %} {% endif %}
{% if custom_venvs is defined %} {% if custom_venvs is defined %}
@@ -247,6 +252,10 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: status.podIP fieldPath: status.podIP
{% if ca_trust_dir is defined %}
- name: REQUESTS_CA_BUNDLE
value: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
{% endif %}
resources: resources:
requests: requests:
memory: "{{ task_mem_request }}Gi" memory: "{{ task_mem_request }}Gi"