expand/awx-on-k3s
1
0
Fork 0
mirror of https://github.com/Expand-sys/awx-on-k3s synced 2025-12-15 21:42:15 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: bump AWX Operator version to 0.22.0

Browse source
This commit is contained in:
kurokobo 2022-06-09 00:13:17 +09:00
parent bc7b0b83ed
commit 5ed8dd0039
18 changed files with 167 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
README.md
View file

@ -27,17 +27,17 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas
- Tested on: - Tested on:
- CentOS Stream 8 (Minimal) - CentOS Stream 8 (Minimal)
- K3s v1.22.7+k3s1 - K3s v1.23.6+k3s1
- Products that will be deployed: - Products that will be deployed:
- AWX Operator 0.21.0 - AWX Operator 0.22.0
- AWX 21.0.0 - AWX 21.1.0
- PostgreSQL 12 - PostgreSQL 12
## References ## References
- [K3s - Lightweight Kubernetes](https://rancher.com/docs/k3s/latest/en/) - [K3s - Lightweight Kubernetes](https://rancher.com/docs/k3s/latest/en/)
- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/21.0.0/INSTALL.md) @21.0.0 - [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/21.1.0/INSTALL.md) @21.1.0
- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.21.0/README.md) @0.21.0 - [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.22.0/README.md) @0.22.0
## Requirements ## Requirements
@ -83,7 +83,7 @@ Install specified version of AWX Operator. Note that this procedure is applicabl
cd ~ cd ~
git clone https://github.com/ansible/awx-operator.git git clone https://github.com/ansible/awx-operator.git
cd awx-operator cd awx-operator
git checkout 0.21.0 git checkout 0.22.0
``` ```
Export the name of the namespace where you want to deploy AWX Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `awx`. Export the name of the namespace where you want to deploy AWX Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `awx`.
@ -230,6 +230,7 @@ secret/awx-operator-controller-manager-token-sz6wq kubernetes.io/service-accou
secret/awx-admin-password Opaque 1 4m17s secret/awx-admin-password Opaque 1 4m17s
secret/awx-postgres-configuration Opaque 6 4m17s secret/awx-postgres-configuration Opaque 6 4m17s
secret/awx-secret-tls kubernetes.io/tls 2 4m17s secret/awx-secret-tls kubernetes.io/tls 2 4m17s
secret/redhat-operators-pull-secret kubernetes.io/dockerconfigjson 1 4m17s
secret/awx-app-credentials Opaque 3 4m2s secret/awx-app-credentials Opaque 3 4m2s
secret/awx-token-jfndh kubernetes.io/service-account-token 3 4m2s secret/awx-token-jfndh kubernetes.io/service-account-token 3 4m2s
secret/awx-secret-key Opaque 1 4m13s secret/awx-secret-key Opaque 1 4m13s
@ -277,7 +278,7 @@ Refer [📁 **Back up AWX using AWX Operator**](backup) and [📁 **Restore AWX
- [📝Trust custom Certificate Authority](tips/trust-custom-ca.md) - [📝Trust custom Certificate Authority](tips/trust-custom-ca.md)
- [📝Expose `/etc/hosts` to Pods on K3s](tips/expose-hosts.md) - [📝Expose `/etc/hosts` to Pods on K3s](tips/expose-hosts.md)
- [📝Redirect HTTP to HTTPS](tips/https-redirection.md) - [📝Redirect HTTP to HTTPS](tips/https-redirection.md)
- [📝Add HTTP Proxy](tips/add-http-proxy.md) - [📝Use HTTP proxy](tips/use-http-proxy.md)
- [📝Uninstall deployed resouces](tips/uninstall.md) - [📝Uninstall deployed resouces](tips/uninstall.md)
- [📝Deploy older version of AWX Operator](tips/deploy-older-operator.md) - [📝Deploy older version of AWX Operator](tips/deploy-older-operator.md)
- [📝Upgrade AWX Operator and AWX](tips/upgrade-operator.md) - [📝Upgrade AWX Operator and AWX](tips/upgrade-operator.md)

6
backup/README.md
View file

@ -86,12 +86,6 @@ total 736
-rw-------. 1 systemd-coredump root 745302 Jun 6 06:51 tower.db -rw-------. 1 systemd-coredump root 745302 Jun 6 06:51 tower.db
``` ```
Note that if you are using AWX Operator `0.12.0` or earlier, the contents of the Secret that passed through `ingress_tls_secret` parameter will not be included in this backup files. If necessary, get a dump of this Secret, or keep original certificate file and key file. In `0.13.0` or later, this secret is included in the backup file therefore you can ignore this step.
```bash
kubectl get secret awx-secret-tls -n awx -o yaml > awx-secret-tls.yaml
```
## Appendix: Back up AWX using Ansible ## Appendix: Back up AWX using Ansible
An example simple playbook for Ansible is also provided in this repository. This can be used with `ansible-playbook`, `ansible-runner`, and AWX. It can be also used with the scheduling feature on AWX too. An example simple playbook for Ansible is also provided in this repository. This can be used with `ansible-playbook`, `ansible-runner`, and AWX. It can be also used with the scheduling feature on AWX too.

4
backup/ansible/README.md
View file

@ -30,7 +30,7 @@ An example simple playbook for Ansible is also provided in this repository. This
| - | - | - | | - | - | - |
| `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` | | `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` |
| `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` | | `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` |
| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/0.21.0/roles/backup) for acceptable fields. | `{'deployment_name':'awx','backup_pvc':'awx-backup-claim'}` | | `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/0.22.0/roles/backup) for acceptable fields. | `{'deployment_name':'awx','backup_pvc':'awx-backup-claim'}` |
| `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` | | `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` |
| `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. **Note that the actual backup data will remain in the PVC after the `AWXBackup` resource is deleted.** | `30` | | `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. **Note that the actual backup data will remain in the PVC after the `AWXBackup` resource is deleted.** | `30` |
@ -53,7 +53,7 @@ Obtain the API Token which required to authenticate the Kubernetes API. This tok
```bash ```bash
$ SECRET=$(kubectl -n ${NAMESPACE} get sa awx-backup -o jsonpath='{.secrets[0].name}') $ SECRET=$(kubectl -n ${NAMESPACE} get sa awx-backup -o jsonpath='{.secrets[0].name}')
$ kubectl -n awx get secret ${SECRET} -o jsonpath='{.data.token}' | base64 -d $ kubectl -n ${NAMESPACE} get secret ${SECRET} -o jsonpath='{.data.token}' | base64 -d
eyJhbGciOiJSUzI...hcGsPI5MzmaMHQvw eyJhbGciOiJSUzI...hcGsPI5MzmaMHQvw
``` ```

8
base/awx.yaml
View file

@ -5,10 +5,10 @@ metadata:
name: awx name: awx
spec: spec:
# These parameters are designed for use with: # These parameters are designed for use with:
# - AWX Operator: 0.21.0 # - AWX Operator: 0.22.0
# https://github.com/ansible/awx-operator/blob/0.21.0/README.md # https://github.com/ansible/awx-operator/blob/0.22.0/README.md
# - AWX: 21.0.0 # - AWX: 21.1.0
# https://github.com/ansible/awx/blob/21.0.0/INSTALL.md # https://github.com/ansible/awx/blob/21.1.0/INSTALL.md
admin_user: admin admin_user: admin
admin_password_secret: awx-admin-password admin_password_secret: awx-admin-password

2
base/kustomization.yaml
View file

@ -28,7 +28,7 @@ secretGenerator:
literals: literals:
- password=Ansible123! - password=Ansible123!
# Temporary workaround to suppress errors from AWX Operator 0.21.0. # Temporary workaround to suppress errors from AWX Operator 0.22.0.
# Refer: https://github.com/kurokobo/awx-on-k3s/issues/74 # Refer: https://github.com/kurokobo/awx-on-k3s/issues/74
- name: redhat-operators-pull-secret - name: redhat-operators-pull-secret
files: files:

4
builder/README.md
View file

@ -9,8 +9,8 @@ This repository includes ready-to-use files as an example to use Ansible Builder
- CentOS Stream 8 (Minimal) - CentOS Stream 8 (Minimal)
- Python 3.9 - Python 3.9
- Docker 20.10.12 - Docker 20.10.17
- Ansible Builder 1.0.1 - Ansible Builder 1.1.0
## Install ## Install

89
galaxy/README.md
View file

@ -180,7 +180,7 @@ There is a Kubernetes Operator for Pulp 3 named Pulp Operator.
- [pulp/pulp-operator: Kubernetes Operator for Pulp 3](https://github.com/pulp/pulp-operator) - [pulp/pulp-operator: Kubernetes Operator for Pulp 3](https://github.com/pulp/pulp-operator)
This project is still under active development and there is no support, however, at least the code to create a new instance seems to be implemented. In this procedure, we use [Pulp Operator 0.8.0](https://github.com/pulp/pulp-operator/tree/0.8.0) This project is still under active development and there is no support, however, at least the code to create a new instance seems to be implemented. In this procedure, we use [Pulp Operator 0.11.0](https://github.com/pulp/pulp-operator/tree/0.11.0)
### Patch K3s ### Patch K3s
@ -208,7 +208,7 @@ Install specified version of Pulp Operator.
cd ~ cd ~
git clone https://github.com/pulp/pulp-operator.git git clone https://github.com/pulp/pulp-operator.git
cd pulp-operator cd pulp-operator
git checkout 0.8.0 git checkout 0.11.0
``` ```
Export the name of the namespace where you want to deploy Pulp Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `pulp-operator-system`. Export the name of the namespace where you want to deploy Pulp Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `pulp-operator-system`.
@ -314,7 +314,7 @@ $ kubectl -n galaxy logs -f deployments/pulp-operator-controller-manager -c pulp
... ...
----- Ansible Task Status Event StdOut (pulp.pulpproject.org/v1beta1, Kind=Pulp, galaxy/galaxy) ----- ----- Ansible Task Status Event StdOut (pulp.pulpproject.org/v1beta1, Kind=Pulp, galaxy/galaxy) -----
PLAY RECAP ********************************************************************* PLAY RECAP *********************************************************************
localhost : ok=75 changed=0 unreachable=0 failed=0 skipped=62 rescued=0 ignored=0 localhost : ok=84 changed=0 unreachable=0 failed=0 skipped=67 rescued=0 ignored=0
``` ```
Required objects has been deployed next to Pulp Operator in `galaxy` namespace. Required objects has been deployed next to Pulp Operator in `galaxy` namespace.
@ -322,58 +322,57 @@ Required objects has been deployed next to Pulp Operator in `galaxy` namespace.
```bash ```bash
$ kubectl -n galaxy get pulp,all,ingress,secrets $ kubectl -n galaxy get pulp,all,ingress,secrets
NAME AGE NAME AGE
pulp.pulp.pulpproject.org/galaxy 3m58s pulp.pulp.pulpproject.org/galaxy 4m48s
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
pod/pulp-operator-controller-manager-9b8644f46-plw72 2/2 Running 0 4m37s pod/pulp-operator-controller-manager-74d4f59ddb-mtwzq 2/2 Running 0 5m4s
pod/galaxy-redis-65c899f464-c6dhb 1/1 Running 0 3m50s pod/galaxy-postgres-13-0 1/1 Running 0 4m31s
pod/galaxy-postgres-0 1/1 Running 0 3m53s pod/galaxy-redis-6f79b47f66-4dg75 1/1 Running 0 4m5s
pod/galaxy-content-76f68bb68f-6tn2q 1/1 Running 0 3m37s pod/galaxy-content-57fd45b97c-mxkdx 1/1 Running 0 3m39s
pod/galaxy-worker-76c986fd54-qjg28 1/1 Running 0 3m36s pod/galaxy-worker-6fcbd5ff47-b2h6v 1/1 Running 0 3m37s
pod/galaxy-api-76985868c8-vjwks 1/1 Running 0 3m39s pod/galaxy-api-5cf69c85d-vc6z8 1/1 Running 0 3m43s
pod/galaxy-web-67cc96d8d6-644dh 1/1 Running 0 3m48s pod/galaxy-web-5f7bc488fb-69mbk 1/1 Running 0 4m22s
pod/galaxy-resource-manager-64dbf49746-jcsfs 1/1 Running 0 118s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/pulp-operator-controller-manager-metrics-service ClusterIP 10.43.173.114 <none> 8443/TCP 4m37s service/pulp-operator-controller-manager-metrics-service ClusterIP 10.43.145.99 <none> 8443/TCP 5m4s
service/galaxy-postgres-svc ClusterIP None <none> 5432/TCP 3m53s service/galaxy-postgres-13 ClusterIP None <none> 5432/TCP 4m31s
service/galaxy-redis-svc ClusterIP 10.43.29.57 <none> 6379/TCP 3m51s service/galaxy-web-svc ClusterIP 10.43.17.192 <none> 24880/TCP 4m21s
service/galaxy-web-svc ClusterIP 10.43.245.204 <none> 24880/TCP 3m47s service/galaxy-redis-svc ClusterIP 10.43.58.131 <none> 6379/TCP 4m7s
service/galaxy-api-svc ClusterIP 10.43.146.254 <none> 24817/TCP 3m40s service/galaxy-api-svc ClusterIP 10.43.106.139 <none> 24817/TCP 3m52s
service/galaxy-content-svc ClusterIP 10.43.214.64 <none> 24816/TCP 3m38s service/galaxy-content-svc ClusterIP 10.43.154.10 <none> 24816/TCP 3m41s
NAME READY UP-TO-DATE AVAILABLE AGE NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/pulp-operator-controller-manager 1/1 1 1 4m37s deployment.apps/pulp-operator-controller-manager 1/1 1 1 5m4s
deployment.apps/galaxy-redis 1/1 1 1 3m50s deployment.apps/galaxy-redis 1/1 1 1 4m5s
deployment.apps/galaxy-content 1/1 1 1 3m37s deployment.apps/galaxy-content 1/1 1 1 3m39s
deployment.apps/galaxy-worker 1/1 1 1 3m36s deployment.apps/galaxy-worker 1/1 1 1 3m37s
deployment.apps/galaxy-api 1/1 1 1 3m39s deployment.apps/galaxy-api 1/1 1 1 3m43s
deployment.apps/galaxy-web 1/1 1 1 3m48s deployment.apps/galaxy-web 1/1 1 1 4m22s
deployment.apps/galaxy-resource-manager 1/1 1 1 118s
NAME DESIRED CURRENT READY AGE NAME DESIRED CURRENT READY AGE
replicaset.apps/pulp-operator-controller-manager-9b8644f46 1 1 1 4m37s replicaset.apps/pulp-operator-controller-manager-74d4f59ddb 1 1 1 5m4s
replicaset.apps/galaxy-redis-65c899f464 1 1 1 3m50s replicaset.apps/galaxy-redis-6f79b47f66 1 1 1 4m5s
replicaset.apps/galaxy-content-76f68bb68f 1 1 1 3m37s replicaset.apps/galaxy-content-57fd45b97c 1 1 1 3m39s
replicaset.apps/galaxy-worker-76c986fd54 1 1 1 3m36s replicaset.apps/galaxy-worker-6fcbd5ff47 1 1 1 3m37s
replicaset.apps/galaxy-api-76985868c8 1 1 1 3m39s replicaset.apps/galaxy-api-5cf69c85d 1 1 1 3m43s
replicaset.apps/galaxy-web-67cc96d8d6 1 1 1 3m48s replicaset.apps/galaxy-web-5f7bc488fb 1 1 1 4m22s
replicaset.apps/galaxy-resource-manager-64dbf49746 1 1 1 118s
NAME READY AGE NAME READY AGE
statefulset.apps/galaxy-postgres 1/1 3m53s statefulset.apps/galaxy-postgres-13 1/1 4m31s
NAME CLASS HOSTS ADDRESS PORTS AGE NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/galaxy-ingress <none> galaxy.example.com 192.168.0.100 80, 443 3m50s ingress.networking.k8s.io/galaxy-ingress <none> galaxy.example.com 192.168.0.100 80, 443 4m19s
NAME TYPE DATA AGE NAME TYPE DATA AGE
secret/default-token-vsnlj kubernetes.io/service-account-token 3 4m37s secret/default-token-lhlds kubernetes.io/service-account-token 3 5m4s
secret/pulp-operator-sa-token-smzj2 kubernetes.io/service-account-token 3 4m37s secret/pulp-operator-sa-token-45zqf kubernetes.io/service-account-token 3 5m4s
secret/galaxy-admin-password Opaque 1 3m58s secret/galaxy-admin-password Opaque 1 4m48s
secret/galaxy-postgres-configuration Opaque 6 3m58s secret/galaxy-postgres-configuration Opaque 6 4m48s
secret/galaxy-secret-tls kubernetes.io/tls 2 3m58s secret/galaxy-secret-tls kubernetes.io/tls 2 4m48s
secret/galaxy-server Opaque 1 3m44s secret/redhat-operators-pull-secret Opaque 1 4m40s
secret/galaxy-db-fields-encryption Opaque 1 3m41s secret/galaxy-server Opaque 1 4m3s
secret/galaxy-db-fields-encryption Opaque 1 3m54s
secret/galaxy-container-auth Opaque 2 3m47s
``` ```
Now your AWX is available at `https://galaxy.example.com/` or the hostname you specified. You can log in to the GUI by user `admin` with password you specified in `pulp/kustomization.yaml`. Now your AWX is available at `https://galaxy.example.com/` or the hostname you specified. You can log in to the GUI by user `admin` with password you specified in `pulp/kustomization.yaml`.
@ -475,7 +474,7 @@ ansible-galaxy collection build
Then create `demo` namespace on Galaxy NG, and publish your collection. Then create `demo` namespace on Galaxy NG, and publish your collection.
Note that you can get appropriate URL for `--server` from `Collections` > `Namespaces` > `View collections` > `CLI Configuration` per collections. Your token is available at `Collections` > `API Token`. Note that you can get appropriate URL for `--server` from `Collections` > `Namespaces` > `View collections` > `CLI Configuration` per collections. Your token is available at `Collections` > `API token management` > `Load token`.
```bash ```bash
ansible-galaxy collection publish \ ansible-galaxy collection publish \

12
galaxy/pulp/galaxy.yaml
View file

@ -4,15 +4,15 @@ metadata:
name: galaxy name: galaxy
spec: spec:
# These parameters are designed for use with: # These parameters are designed for use with:
# - Pulp Operator: 0.8.0 # - Pulp Operator: 0.11.0
# https://github.com/pulp/pulp-operator/blob/0.8.0/README.md # https://github.com/pulp/pulp-operator/blob/0.11.0/README.md
# - Galaxy NG: 4.4.2 # - Galaxy NG: 4.5.0
# https://github.com/ansible/galaxy_ng/tree/4.4.2 # https://github.com/ansible/galaxy_ng/tree/4.5.0
image: quay.io/pulp/galaxy image: quay.io/pulp/galaxy
image_version: 4.4.2 image_version: 4.5.0
image_web: quay.io/pulp/galaxy-web image_web: quay.io/pulp/galaxy-web
image_web_version: 4.4.2 image_web_version: 4.5.0
admin_password_secret: galaxy-admin-password admin_password_secret: galaxy-admin-password

3
galaxy/pulp/kustomization.yaml
View file

@ -16,7 +16,7 @@ secretGenerator:
- name: galaxy-postgres-configuration - name: galaxy-postgres-configuration
type: Opaque type: Opaque
literals: literals:
- host=galaxy-postgres-svc - host=galaxy-postgres-13
- port=5432 - port=5432
- database=galaxy - database=galaxy
- username=galaxy - username=galaxy
@ -29,6 +29,5 @@ secretGenerator:
- password=Galaxy123! - password=Galaxy123!
resources: resources:
- namespace.yaml
- pv.yaml - pv.yaml
- galaxy.yaml - galaxy.yaml

5
galaxy/pulp/namespace.yaml
View file

@ -1,5 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: galaxy

6
restore/README.md
View file

@ -112,9 +112,3 @@ $ kubectl -n awx get awxrestore
NAME AGE NAME AGE
awxrestore-2021-06-06 137m awxrestore-2021-06-06 137m
``` ```
Note that if you are using AWX Operator `0.12.0` or earlier, the Secret for TLS should be manually restored (or create newly using original certificate and key file). This step is not required for `0.13.0` or later.
```bash
kubectl apply -f awx-secret-tls.yaml
```

7
restore/kustomization.yaml
View file

@ -6,13 +6,6 @@ namespace: awx
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true
#secretGenerator:
# - name: awx-secret-tls
# type: kubernetes.io/tls
# files:
# - tls.crt
# - tls.key
resources: resources:
- pv.yaml - pv.yaml
- pvc.yaml - pvc.yaml

4
runner/README.md
View file

@ -9,8 +9,8 @@ This repository includes ready-to-use files as an example to run Ansible Runner.
- CentOS Stream 8 (Minimal) - CentOS Stream 8 (Minimal)
- Python 3.9 - Python 3.9
- Docker 20.10.12 - Docker 20.10.17
- Ansible Runner 2.1.3 - Ansible Runner 2.2.0
## Install ## Install

2
tips/README.md
View file

@ -4,7 +4,7 @@
- [📝Trust custom Certificate Authority](trust-custom-ca.md) - [📝Trust custom Certificate Authority](trust-custom-ca.md)
- [📝Expose `/etc/hosts` to Pods on K3s](expose-hosts.md) - [📝Expose `/etc/hosts` to Pods on K3s](expose-hosts.md)
- [📝Redirect HTTP to HTTPS](https-redirection.md) - [📝Redirect HTTP to HTTPS](https-redirection.md)
- [📝Add HTTP Proxy](add-http-proxy.md) - [📝Use HTTP proxy](use-http-proxy.md)
- [📝Uninstall deployed resouces](uninstall.md) - [📝Uninstall deployed resouces](uninstall.md)
- [📝Deploy older version of AWX Operator](deploy-older-operator.md) - [📝Deploy older version of AWX Operator](deploy-older-operator.md)
- [📝Upgrade AWX Operator and AWX](upgrade-operator.md) - [📝Upgrade AWX Operator and AWX](upgrade-operator.md)

29
tips/add-http-proxy.md
View file

@ -1,29 +0,0 @@
# Add Proxy Settings for AWX containers
If you are deploying AWX in a corporate environment, you may have no direct access to the internet, but need to go through a proxy way to achieve this is to add a section `extra_settings:` to awx.yaml. These settings will be available in the `Settings` -> `Jobs Settings` -> `Extra Environment Variables` block in the AWX UI.
## Add Proxy Settings to base/awx.yaml
You need to specify your proxy settings in the section `extra_settings:` in `base/awx.yaml` like this:
```
extra_settings: |
- setting: AWX_TASK_ENV['HTTP_PROXY']
value: "'http://proxy.example.com:3128'"
- setting: AWX_TASK_ENV['HTTPS_PROXY']
value: "'http://proxy.example.com:3128'"
- setting: AWX_TASK_ENV['NO_PROXY']
value: "'localhost,.example.com,127.0.0.1'"
```
You may have to adjust your settings to match your environment.
## Deploy your changes
To activate your proxy settings you need to deploy your changes using `kubectl` like this:
```
kubectl apply -k base
```
Now you need to wait some time until K3S has restarted all your pods.
After logging in you can navigate to `Settings` -> `Jobs Settings` and find your proxy settings in the `Extra Environment Variables` block.

2
tips/troubleshooting.md
View file

@ -153,7 +153,7 @@ Typical solutions are one of the following:
ee_resource_requirements: {} 👈👈👈 ee_resource_requirements: {} 👈👈👈
``` ```
- You can specify more specific value for each containers. Refer [official documentation](https://github.com/ansible/awx-operator/blob/0.21.0/README.md#containers-resource-requirements) for details. - You can specify more specific value for each containers. Refer [official documentation](https://github.com/ansible/awx-operator/blob/0.22.0/README.md#containers-resource-requirements) for details.
- In this way you can run AWX with fewer resources, but you may encounter performance issues. - In this way you can run AWX with fewer resources, but you may encounter performance issues.
### The Pod is `Pending` with "1 pod has unbound immediate PersistentVolumeClaims." event ### The Pod is `Pending` with "1 pod has unbound immediate PersistentVolumeClaims." event

94
tips/use-http-proxy.md Normal file
View file

@ -0,0 +1,94 @@
<!-- omit in toc -->
# Configure AWX to use HTTP proxy
If you are deploying AWX in a corporate environment, you may have no direct access to the internet, but need to go through a proxy way. To achieve this, adding proxy settings to both K3s and AWX is required.
<!-- omit in toc -->
## Table of Contents
- [Add proxy settings to K3s](#add-proxy-settings-to-k3s)
- [Add proxy settings to AWX](#add-proxy-settings-to-awx)
- [Add proxy settings to AWX by AWX UI](#add-proxy-settings-to-awx-by-awx-ui)
- [Add Proxy Settings to AWX by AWX Operator](#add-proxy-settings-to-awx-by-awx-operator)
## Add proxy settings to K3s
The proxy settings for K3s is used to pull container images from the internet.
If you have exported the environment variables for your proxy like `HTTP_PROXY` before installation of K3s, the installation script detected them and store your environment variables to `/etc/systemd/system/k3s.service.env`.
Ensure your `/etc/systemd/system/k3s.service.env` has correct environment variables.
```bash
sudo cat /etc/systemd/system/k3s.service.env
```
If your `/etc/systemd/system/k3s.service.env` already has correct envirnment variables for your proxy, there is nothing to do for your K3s.
If not, export environment variables and re-run installation script,
```bash
export HTTP_PROXY=http://proxy.example.com:3128
export HTTPS_PROXY=http://proxy.example.com:3128
export NO_PROXY=127.0.0.1,localhost,.example.com
curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
```
or, add environment variables to `/etc/systemd/system/k3s.service.env` and restart your K3s.
```bash
sudo tee -a /etc/systemd/system/k3s.service.env <<EOF
HTTP_PROXY=http://proxy.example.com:3128
HTTPS_PROXY=http://proxy.example.com:3128
NO_PROXY=127.0.0.1,localhost,.example.com
EOF
sudo systemctl daemon-reload
sudo systemctl restart k3s
```
## Add proxy settings to AWX
The proxy settings for AWX is used to run playbooks, update inventories and projects, access Galaxy, and send notifications.
You can add proxy settings to AWX by both AWX UI and AWX Operator.
### Add proxy settings to AWX by AWX UI
Open `Settings` > `Jobs settings` page in the AWX UI and modify `Extra Environment Variables` block in JSON format.
```json
{
"HTTPS_PROXY": "http://proxy.example.com:3128",
"HTTP_PROXY": "http://proxy.example.com:3128",
"NO_PROXY": "127.0.0.1,localhost,.example.com"
}
```
### Add Proxy Settings to AWX by AWX Operator
Specify your proxy settings in the section `extra_settings:` in `base/awx.yaml` like this:
```yaml
...
spec:
...
extra_settings: 👈👈👈
- setting: AWX_TASK_ENV['HTTP_PROXY'] 👈👈👈
value: "'http://proxy.example.com:3128'" 👈👈👈
- setting: AWX_TASK_ENV['HTTPS_PROXY'] 👈👈👈
value: "'http://proxy.example.com:3128'" 👈👈👈
- setting: AWX_TASK_ENV['NO_PROXY'] 👈👈👈
value: "'127.0.0.1,localhost,.example.com'" 👈👈👈
```
Note that the `value` have to be wrapped in single quotes and then double quotes as shown above.
To activate your proxy settings you need to deploy your changes using `kubectl` like this:
```bash
kubectl apply -k base
```
Now you need to wait some time until K3S has restarted all your pods.
After logging in you can navigate to `Settings` > `Jobs settings` in the AWX UI and find your proxy settings in the `Extra Environment Variables` block. But note that you will not be able to edit the setting via Web UI once the configuration has passed through AWX Operator. If you want to modify your configuration, use AWX Operator again.

1
tips/version-mapping.md
View file

@ -10,6 +10,7 @@ The table below maps the AWX Operator versions and bundled AWX versions.
| AWX Operator | AWX | | AWX Operator | AWX |
| - | - | | - | - |
| 0.22.0 | 21.1.0 |
| 0.21.0 | 21.0.0 | | 0.21.0 | 21.0.0 |
| 0.20.2 | 21.0.0 | | 0.20.2 | 21.0.0 |
| 0.20.1 | 21.0.0 | | 0.20.1 | 21.0.0 |