ARA is a Python and Django based visualization for Ansible Playbook runs. An Ansible callback plugin records the playbook results to an ARA instance via http(s). This work is a publicly hosted Open Source Helm Chart of ARA.
Overview of ARA Records Ansible.
helm repo add spreitzer https://registry.spreitzer.ch/chartrepo/helm
helm install my-release spreitzer/ara
This Helm Chart deploys an ARA api instance. ARA api is the server component of the ARA software. It will serve Ansible playbook run reports and hosts in a user friendly web interface, as well as the api which the client part uses to submit reports.
The ARA api is neither secured or open for submitting reports. You will have to configure the ARA api for authentication. Please see the ARA documentation. The ARA api may be secured by disabling authentication in ARA api and providing authentication over HTTPS via ingress annotations.
ARA api supports a multitude of database backends configurable via the aforementioned environment variables. This Helm Chart may in future support high availability and incorporate an easy configuration. However at the moment you will have to configure high availability and scalability via replicas, deployment strategy, persistence and the deployment environment variables by yourself.
Please contribute here:
Under the conditions of merit:
- You create it (eg. features), you lead it
- You break it, you fix it
- Be kind and benevolent, but prefer contribution over harmony
With your contribution you agree that your work is published under the MIT license of this project. See LICENSE.
- Kubernetes
- Helm
- Storage in Kubernetes
Name | Description | Value |
---|---|---|
replicas |
Amount of deployment replias | 1 |
extraEnv |
Extra environment variables | {} |
deploymentStrategy.type |
Deployment type | "RollingUpdate" |
deploymentStrategy.rollingUpdate |
RollingUpdate parameters | {} |
image.repo |
Image repository | "recordsansible/ara-api" |
image.tag |
Image tag | "latest" |
service.type |
Type of kubernetes service | "ClusterIP" |
Please find ARA api environment variables and behavior documented here.
Example
replicas: 1
deploymentStrategy:
type: Recreate
extraEnv:
ARA_ALLOWED_HOSTS: "['localhost', '::1', '127.0.0.1', 'ara.example.com', 'ara-web.example.com']"
ARA_EXTERNAL_AUTH: 'True'
ARA_READ_LOGIN_REQUIRED: 'False'
ARA_WRITE_LOGIN_REQUIRED: 'False'
Name | Description | Value |
---|---|---|
ingress.enabled |
Switch to enable/disable an ingress | false |
ingress.annotations |
Ingress annotations map | {} |
ingress.tls |
Switch to enable/disable TLS/SSL | false |
ingress.tlsSecret |
Name of secret of tls certificate | "ara-tls" |
ingress.hosts |
List of FQDN for the ingress | ["ara.example.com"] |
Example
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-realm: "ARA Records Ansible"
nginx.ingress.kubernetes.io/auth-secret: ara-htpasswd
enabled: true
tls: true
hosts:
- ara.example.com
Name | Description | Value |
---|---|---|
persistence.enabled |
Switch to enable/disable persistence | false |
persistence.accessModes |
Volume access modes | ["ReadWriteOnce"] |
persistence.size |
Size of volume | "8Gi" |
persistence.storageClass |
StorageClass of volume | "" |
Example
persistence:
enabled: true
accessModes:
- ReadWriteOnce
storageClass: default
Refer to:
- https://oauth2-proxy.github.io/oauth2-proxy/docs/
- https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy
- https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/values.yaml
Example
oauth2proxy:
enabled: true
redis:
enabled: true
sessionStorage:
type: redis
config:
clientID: xxx
clientSecret: xxx
cookieSecret: xxx
extraArgs:
upstream: http://ara-ara:8000
provider: keycloak-oidc
redirect-url: https://ara-web.example.com/oauth2/callback
oidc-issuer-url: https://<keycloak host>/auth/realms/<keycloak realm>
allowed-group: ara
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
- ara-web.example.com
tls:
- secretName: oauth2-proxy-tls
hosts:
- ara-web.example.com
tbd.
tbd.
tbd.
Free and Open Source, MIT license, See LICENSE.
- The bitnami/charts/mariadb/README.md documentation served as inspiration for this documentation