Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow adding extra settings files from configmaps or secrets #1834

Closed
3 tasks done
kurokobo opened this issue Apr 18, 2024 · 1 comment · Fixed by #1836
Closed
3 tasks done

Allow adding extra settings files from configmaps or secrets #1834

kurokobo opened this issue Apr 18, 2024 · 1 comment · Fixed by #1836
Labels
community needs_triage

Comments

@kurokobo
Copy link
Contributor

kurokobo commented Apr 18, 2024
edited

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that AWX Operator is open source software provided for free and that I might not receive a timely response.

Feature Summary

Summary

If the users want to add extra settings to AWX, currently users can define them in extra_settings in AWX CR or mount any settings files under /etc/tower/conf.d/,

However, extra_settings is difficult to pass dictionaries or lists formatted for readability. In addition, if there is a large number of keys in extra_settings, it is difficult to manage.
These problems can be solved by mounting additional settings files, but it is still a bit of a hassle because we have to write exactly multiple volumes in a multi-line string in multiple places e.g. extra_volumes, web_extra_volume_mounts, task_extra_volume_mounts.

Therefore, I propose the addition of extra_settings_files to CRD to provide the ability to easily mount any configmap or secrets as additional settings files.

It would be better to support mounting secrets containing the entire settings file, not just the configmaps, in case users want to embed sensitive information directly in the settings file.

Example configmaps and secrets:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: awx-extra-settings-auth-configmap
  ...
data:
  saml.py: |
    HOGE = "hoge"
    FUGA = "fuga"
  ldap.py: |
    PIYO = "piyo"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: awx-extra-settings-jobs-configmp
  ...
data:
  job.py: |
    import os
    FOO = [
      "hoge",
      "fuga",
      "piyo",
    ]
    BAR = {
      "hoge": "hoge",
      "fuga": "fuga",
      "piyo": "piyo",
    }
    BAZ = os.getenv("BAZ")
---
apiVersion: v1
kind: Secret
metadata:
  name: awx-extra-settings-passwords-secrets
  ...
stringData:
  passwords.py: |
    HOGE_PASSWORD="my-super-secure-passwords"
    FUGA_PASSWORD="my-super-secure-passwords"

Example AWX CR

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
  ...
spec
  ...
  extra_settings_files:
    configmaps:
      - name: awx-extra-settings-auth-configmap
        key: saml.py
      - name: awx-extra-settings-auth-configmap
        key: ldap.py
      - name: awx-extra-settings-jobs-configmp
        key: job.py
    secrets:
      - name: awx-extra-settings-passwords-secrets
        key: passwords.py
  ...

Additional info

Context: #1824 (comment)
@kurokobo
Copy link
Contributor Author

@rooftopcellist
Please let me know if you have any ideas or opinions about this 😃

@kurokobo kurokobo mentioned this issue Apr 22, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community needs_triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: implement extra_settings_files kurokobo/awx-operator
1 participant
@kurokobo