expand/awx-on-k3s
1
0
Fork 0
mirror of https://github.com/Expand-sys/awx-on-k3s synced 2025-12-15 21:42:15 +11:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: bump operator version to 2.0.0

Browse source
This commit is contained in:
kurokobo 2023-04-05 01:16:39 +09:00
parent 25ffe92bd1
commit 7d08810dd4
7 changed files with 85 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
README.md
View file

@ -29,17 +29,17 @@ An example implementation of AWX on single node K3s using AWX Operator, with eas
- Tested on:
- CentOS Stream 8 (Minimal)
- K3s v1.25.7+k3s1
- K3s v1.26.3+k3s1
- Products that will be deployed:
- AWX Operator 1.4.0
- AWX 21.14.0
- AWX Operator 2.0.0
- AWX 22.0.0
- PostgreSQL 13
## References
- [K3s - Lightweight Kubernetes](https://docs.k3s.io/)
- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/21.14.0/INSTALL.md) @21.14.0
- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/1.4.0/README.md) @1.4.0
- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/22.0.0/INSTALL.md) @22.0.0
- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/2.0.0/README.md) @2.0.0
## Requirements
@ -90,7 +90,7 @@ Install specified version of AWX Operator. Note that this procedure is applicabl
cd ~
git clone https://github.com/ansible/awx-operator.git
cd awx-operator
git checkout 1.4.0
git checkout 2.0.0
```
Export the name of the namespace where you want to deploy AWX Operator as the environment variable `NAMESPACE` and run `make deploy`. The default namespace is `awx`.
@ -127,7 +127,7 @@ If you want to use files suitable for the specific version of AWX Operator, [ref
cd ~
git clone https://github.com/kurokobo/awx-on-k3s.git
cd awx-on-k3s
git checkout 1.4.0
git checkout 2.0.0
```
Generate a Self-Signed certificate. Note that IP address can't be specified. If you want to use a certificate from public ACME CA such as Let's Encrypt or ZeroSSL instead of Self-Signed certificate, follow the guide on [📁 **Use SSL Certificate from Public ACME CA**](acme) first and come back to this step when done.
@ -200,7 +200,7 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager
...
----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
PLAY RECAP *********************************************************************
localhost : ok=80 changed=0 unreachable=0 failed=0 skipped=78 rescued=0 ignored=1
localhost : ok=83 changed=0 unreachable=0 failed=0 skipped=79 rescued=0 ignored=1
```
Required objects has been deployed next to AWX Operator in `awx` namespace.
@ -208,42 +208,45 @@ Required objects has been deployed next to AWX Operator in `awx` namespace.
```bash
$ kubectl -n awx get awx,all,ingress,secrets
NAME AGE
awx.awx.ansible.com/awx 5m
awx.awx.ansible.com/awx 6m15s
NAME READY STATUS RESTARTS AGE
pod/awx-operator-controller-manager-5d5d58758c-7xcrl 2/2 Running 0 5m35s
pod/awx-postgres-13-0 1/1 Running 0 4m46s
pod/awx-5b859c644-zp6x5 4/4 Running 0 4m26s
pod/awx-operator-controller-manager-57867569c4-ggl29 2/2 Running 0 6m50s
pod/awx-postgres-13-0 1/1 Running 0 5m56s
pod/awx-task-5d8cd9b6b9-8ptjt 4/4 Running 0 5m25s
pod/awx-web-66f89bc9cf-6zck5 3/3 Running 0 4m39s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.229.20 <none> 8443/TCP 5m45s
service/awx-postgres-13 ClusterIP None <none> 5432/TCP 4m46s
service/awx-service ClusterIP 10.43.135.205 <none> 80/TCP 4m28s
service/awx-operator-controller-manager-metrics-service ClusterIP 10.43.18.30 <none> 8443/TCP 7m
service/awx-postgres-13 ClusterIP None <none> 5432/TCP 5m55s
service/awx-service ClusterIP 10.43.237.218 <none> 80/TCP 5m28s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/awx-operator-controller-manager 1/1 1 1 5m45s
deployment.apps/awx 1/1 1 1 4m26s
deployment.apps/awx-operator-controller-manager 1/1 1 1 7m
deployment.apps/awx-task 1/1 1 1 5m25s
deployment.apps/awx-web 1/1 1 1 4m39s
NAME DESIRED CURRENT READY AGE
replicaset.apps/awx-operator-controller-manager-5d5d58758c 1 1 1 5m35s
replicaset.apps/awx-5b859c644 1 1 1 4m26s
replicaset.apps/awx-operator-controller-manager-57867569c4 1 1 1 6m50s
replicaset.apps/awx-task-5d8cd9b6b9 1 1 1 5m25s
replicaset.apps/awx-web-66f89bc9cf 1 1 1 4m39s
NAME READY AGE
statefulset.apps/awx-postgres-13 1/1 4m46s
statefulset.apps/awx-postgres-13 1/1 5m56s
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/awx-ingress <none> awx.example.com 192.168.0.219 80, 443 4m27s
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress.networking.k8s.io/awx-ingress traefik awx.example.com 192.168.0.219 80, 443 5m27s
NAME TYPE DATA AGE
secret/awx-admin-password Opaque 1 5m
secret/awx-postgres-configuration Opaque 6 5m
secret/awx-secret-tls kubernetes.io/tls 2 3m54s
secret/redhat-operators-pull-secret Opaque 1 4m30s
secret/awx-app-credentials Opaque 3 4m30s
secret/awx-secret-key Opaque 1 4m55s
secret/awx-broadcast-websocket Opaque 1 4m52s
secret/awx-receptor-ca Opaque 2 4m26s
secret/awx-receptor-work-signing Opaque 2 4m29s
secret/awx-admin-password Opaque 1 6m15s
secret/awx-postgres-configuration Opaque 6 6m15s
secret/awx-secret-tls kubernetes.io/tls 2 6m15s
secret/redhat-operators-pull-secret Opaque 1 6m11s
secret/awx-app-credentials Opaque 3 5m30s
secret/awx-secret-key Opaque 1 6m6s
secret/awx-broadcast-websocket Opaque 1 6m2s
secret/awx-receptor-ca kubernetes.io/tls 2 5m37s
secret/awx-receptor-work-signing Opaque 2 5m33s
```
Now your AWX is available at `https://awx.example.com/` or the hostname you specified.

2
backup/ansible/README.md
View file

@ -32,7 +32,7 @@ An example simple playbook for Ansible is also provided in this repository. This
| - | - | - |
| `awxbackup_namespace` | The name of the NameSpace where the `AWXBackup` resource will be created. | `awx` |
| `awxbackup_name` | The name of the `AWXBackup` resource. Dynamically generated using execution time by default. | `awxbackup-{{ lookup('pipe', 'date +%Y-%m-%d-%H-%M-%S') }}` |
| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/1.4.0/roles/backup) for acceptable fields. | `deployment_name: awx`<br>`backup_pvc: awx-backup-claim`<br>`clean_backup_on_delete: true` |
| `awxbackup_spec` | The `spec` of the `AWXBackup` resource. Refer [official documentation](https://github.com/ansible/awx-operator/tree/2.0.0/roles/backup) for acceptable fields. | `deployment_name: awx`<br>`backup_pvc: awx-backup-claim`<br>`clean_backup_on_delete: true` |
| `awxbackup_timeout` | Time to wait for backup to complete, in seconds. If exceeded, the playbook will fail. | `600` |
| `awxbackup_keep_days` | Number of days to keep `AWXBackup` resources. `AWXBackup` resources older than this value will be deleted by this playbook. Set `0` to keep forever. | `30` |

22
base/awx.yaml
View file

@ -5,10 +5,10 @@ metadata:
name: awx
spec:
# These parameters are designed for use with:
# - AWX Operator: 1.4.0
# https://github.com/ansible/awx-operator/blob/1.4.0/README.md
# - AWX: 21.14.0
# https://github.com/ansible/awx/blob/21.14.0/INSTALL.md
# - AWX Operator: 2.0.0
# https://github.com/ansible/awx-operator/blob/2.0.0/README.md
# - AWX: 22.0.0
# https://github.com/ansible/awx/blob/22.0.0/INSTALL.md
admin_user: admin
admin_password_secret: awx-admin-password
@ -27,6 +27,9 @@ spec:
projects_persistence: true
projects_existing_claim: awx-projects-claim
web_replicas: 1
task_replicas: 1
postgres_init_container_resource_requirements: {}
postgres_resource_requirements: {}
web_resource_requirements: {}
@ -35,3 +38,14 @@ spec:
# Uncomment to reveal "censored" logs
#no_log: false
# A workaround to allow Manual type projects. This have to be removed in the next release
# https://github.com/ansible/awx-operator/issues/1323
extra_volumes: |
- name: awx-projects
persistentVolumeClaim:
claimName: awx-projects-claim
web_extra_volume_mounts: |
- name: awx-projects
mountPath: /var/lib/awx/projects

2
restore/README.md
View file

@ -100,7 +100,7 @@ $ kubectl -n awx logs -f deployments/awx-operator-controller-manager
...
----- Ansible Task Status Event StdOut (awx.ansible.com/v1beta1, Kind=AWX, awx/awx) -----
PLAY RECAP *********************************************************************
localhost : ok=82 changed=0 unreachable=0 failed=0 skipped=76 rescued=0 ignored=1
localhost : ok=85 changed=0 unreachable=0 failed=0 skipped=77 rescued=0 ignored=1
```
This will create AWXRestore object in the namespace, and now your AWX is restored.

51
tips/troubleshooting.md
View file

@ -43,9 +43,10 @@ If the Pods are working properly, its `STATUS` are `Running`. If your Pods are n
```bash
$ kubectl -n awx get pod
NAME READY STATUS RESTARTS AGE
awx-operator-controller-manager-68d787cfbd-j6k7z 2/2 Running 0 7m43s
awx-postgres-13-0 1/1 Running 0 4m6s
awx-84d5c45999-h7xm4 0/4 Pending 0 3m59s
awx-operator-controller-manager-57867569c4-ggl29 2/2 Running 0 8m20s
awx-postgres-13-0 1/1 Running 0 7m26s
awx-task-5d8cd9b6b9-8ptjt 0/4 Pending 0 6m55s
awx-web-66f89bc9cf-6zck5 0/3 Pending 0 6m9s
```
If you have the Pods which has the unexpected state instead of `Running`, the next step is checking `Events` for the Pod. The command to get `Events` for the pod is:
@ -57,7 +58,7 @@ kubectl -n awx describe pod <Pod Name>
By this command, you can get the `Events` for the Pod you specified at the end of the output.
```bash
$ kubectl -n awx describe pod awx-84d5c45999-h7xm4
$ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt
...
Events:
Type Reason Age From Message
@ -77,18 +78,18 @@ The commands to get the logs are following. `-f` is optional, useful to watch th
```bash
# Get the logs of specific Pod.
# If the Pod includes multiple containers, container name has to be specified.
kubectl -n awx logs -f <Pod Name>
kubectl -n awx logs -f <Pod Name> -c <Container Name>
kubectl -n awx logs -f <POD>
kubectl -n awx logs -f <POD> -c <CONTAINER>
# Get the logs of specific Pod which is handled by Deployment resource.
# If the Pod includes multiple containers, container name has to be specified.
kubectl -n awx logs -f deployment/<Deployment Name>
kubectl -n awx logs -f deployment/<Deployment Name> -c <Container Name>
kubectl -n awx logs -f deployment/<DEPLOYMENT>
kubectl -n awx logs -f deployment/<DEPLOYMENT> -c <CONTAINER>
# Get the logs of specific Pod which is handled by StatefulSet resource
# If the Pod includes multiple containers, container name has to be specified.
kubectl -n awx logs -f statefulset/<Deployment Name>
kubectl -n awx logs -f statefulset/<Deployment Name> -c <Container Name>
kubectl -n awx logs -f statefulset/<STATEFULSET>
kubectl -n awx logs -f statefulset/<STATEFULSET> -c <CONTAINER>
```
For AWX Operator and AWX, specifically, the following commands are helpful.
@ -96,13 +97,16 @@ For AWX Operator and AWX, specifically, the following commands are helpful.
- Logs of AWX Operator
- `kubectl -n awx logs -f deployment/awx-operator-controller-manager`
- Logs of AWX related init containers
- `kubectl -n awx logs -f deployment/awx -c init`
- `kubectl -n awx logs -f deployment/awx -c init-projects`
- `kubectl -n awx logs -f deployment/awx-task -c init`
- `kubectl -n awx logs -f deployment/awx-task -c init-projects`
- Logs of AWX related containers
- `kubectl -n awx logs -f deployment/awx -c awx-web`
- `kubectl -n awx logs -f deployment/awx -c awx-task`
- `kubectl -n awx logs -f deployment/awx -c awx-ee`
- `kubectl -n awx logs -f deployment/awx -c redis`
- `kubectl -n awx logs -f deployment/awx-web -c awx-web`
- `kubectl -n awx logs -f deployment/awx-web -c awx-rsyslog`
- `kubectl -n awx logs -f deployment/awx-web -c redis`
- `kubectl -n awx logs -f deployment/awx-task -c awx-task`
- `kubectl -n awx logs -f deployment/awx-task -c awx-ee`
- `kubectl -n awx logs -f deployment/awx-task -c awx-rsyslog`
- `kubectl -n awx logs -f deployment/awx-task -c redis`
- Logs of PostgreSQL
- `kubectl -n awx logs -f statefulset/awx-postgres-13`
@ -157,7 +161,7 @@ To solve this, you can simply wait until the limit is freed up, or [consider giv
If your Pod is in `Pending` state and its `Events` shows following events, the reason is that the node does not have enough CPU and memory to start the Pod. By default AWX requires at least 2 CPUs and 4 GB RAM. In addition more resources are required to run K3s and the OS itself.
```bash
$ kubectl -n awx describe pod awx-84d5c45999-h7xm4
$ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt
...
Events:
Type Reason Age From Message
@ -182,7 +186,7 @@ Typical solutions are one of the following:
ee_resource_requirements: {} 👈👈👈
```
- You can specify more specific value for each containers. Refer [official documentation](https://github.com/ansible/awx-operator/blob/1.4.0/README.md#containers-resource-requirements) for details.
- You can specify more specific value for each containers. Refer [official documentation](https://github.com/ansible/awx-operator/blob/2.0.0/README.md#containers-resource-requirements) for details.
- In this way you can run AWX with fewer resources, but you may encounter performance issues.
### The Pod is `Pending` with "1 pod has unbound immediate PersistentVolumeClaims." event
@ -190,7 +194,7 @@ Typical solutions are one of the following:
If your Pod is in `Pending` state and its `Events` shows following events, the reason is that no usable Persistent Volumes are available.
```bash
$ kubectl -n awx describe pod awx-84d5c45999-h7xm4
$ kubectl -n awx describe pod awx-task-5d8cd9b6b9-8ptjt
...
Events:
Type Reason Age From Message
@ -240,7 +244,7 @@ To solve this, typical solutions are one of the following:
Sometimes your AWX pod is `Running` state correctly but not functional at all, and its log shows following message repeatedly.
```bash
kubectl -n awx logs -f deployment/awx -c awx-web
kubectl -n awx logs -f deployment/awx-web -c awx-web
[wait-for-migrations] Waiting for database migrations...
[wait-for-migrations] Attempt 1 of 30
[wait-for-migrations] Waiting 0.5 seconds before next attempt
@ -277,9 +281,10 @@ In this situation, your Pod for PostgreSQL is in `CrashLoopBackOff` state and it
```bash
$ kubectl -n awx get pod
NAME READY STATUS RESTARTS AGE
awx-operator-controller-manager-68d787cfbd-j6k7z 2/2 Running 0 7m43s
awx-postgres-13-0 1/1 CrashLoopBackOff 3 4m6s
awx-84d5c45999-h7xm4 4/4 Running 0 3m59s
awx-operator-controller-manager-57867569c4-ggl29 2/2 Running 0 8m20s
awx-postgres-13-0 1/1 CrashLoopBackOff 5 7m26s
awx-task-5d8cd9b6b9-8ptjt 0/4 Running 0 6m55s
awx-web-66f89bc9cf-6zck5 0/3 Running 0 6m9s
$ kubectl -n awx logs statefulset/awx-postgres
mkdir: cannot create directory '/var/lib/postgresql/data': Permission denied

4
tips/trust-custom-ca.md
View file

@ -27,7 +27,7 @@ Trusting custom Certificate Authority can be achieved by following steps:
There are two kinds of certificate, one is used to trust LDAP server, and the other is used as the CA bundle.
| Fields in the specification for AWX | Keys in Secret | Containers in AWX pod that the certificate will be mounted | Paths that the certificate will be mounted as |
| Fields in the specification for AWX | Keys in Secret | Containers that the certificate will be mounted | Paths that the certificate will be mounted as |
|-|-|-|-|
| `ldap_cacert_secret` | `ldap-ca.crt` | `awx-web` | `/etc/openldap/certs/ldap-ca.crt` |
| `bundle_cacert_secret` | `bundle-ca.crt` | `awx-web`, `awx-task`, and `awx-ee` | `/etc/pki/ca-trust/source/anchors/bundle-ca.crt` |
@ -131,7 +131,7 @@ If you have problem with SSL connection such as LDAPS, you can verify your certi
```bash
# Open Bash shell of the "awx-web" container
$ kubectl -n awx exec -it deployment/awx -c awx-web -- bash
$ kubectl -n awx exec -it deployment/awx-web -c awx-web -- bash
bash-5.1$
```

1
tips/version-mapping.md
View file

@ -10,6 +10,7 @@ The table below maps the AWX Operator versions and bundled AWX versions.
| AWX Operator | AWX |
| - | - |
| 2.0.0 | 22.0.0 |
| 1.4.0 | 21.14.0 |
| 1.3.0 | 21.13.0 |
| 1.2.0 | 21.12.0 |