first commit

.gitignore

@@ -0,0 +1,2 @@
+*.crt
+*.key

README.md

@@ -0,0 +1,147 @@
+# AWX on Single Node K3s
+
+An example implementation of AWX on single node K3s using AWX Operator, with easy-to-use simplified configuration with ownership of data and passwords.
+
+- Accesible over HTTPS from remote host
+- All data will be stored under `/data`
+- Fixed (configurable) passwords for AWX and PostgreSQL
+- Fixed (configurable) versions of AWX and PostgreSQL
+
+## Environment
+
+- Tested on:
+  - CentOS 8 (Minimal)
+- Products that will be deployed:
+  - AWX-Operator 0.9.0
+  - AWX Version 19.1.0
+  - PostgreSQL 12
+
+## References
+
+- [K3s - Lightweight Kubernetes](https://rancher.com/docs/k3s/latest/en/)
+- [INSTALL.md on ansible/awx](https://github.com/ansible/awx/blob/19.1.0/INSTALL.md) @19.1.0
+- [README.md on ansible/awx-operator](https://github.com/ansible/awx-operator/blob/0.9.0/README.md) @0.9.0
+
+## Procedure
+
+### Prepare CentOS 8 host
+
+Disable Firewalld. This is [recommended by K3s](https://rancher.com/docs/k3s/latest/en/advanced/#additional-preparation-for-red-hat-centos-enterprise-linux).
+
+```bash
+sudo systemctl disable firewalld --now
+```
+
+### Install K3s
+
+Install K3s with `--write-kubeconfig-mode 644` to make config file (`/etc/rancher/k3s/k3s.yaml`) readable by non-root user.
+
+```bash
+curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
+```
+
+### Install AWX Operator
+
+Install specified version of AWX Operator.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.9.0/deploy/awx-operator.yaml
+```
+
+### Prepare required files
+
+Clone this repository and change directory.
+
+```bash
+git clone https://github.com/kurokobo/awx-on-k3s.git
+cd awx-on-k3s
+```
+
+Generate a Self-Signed Certificate. Note that IP address can't be specified.
+
+```bash
+AWX_HOST="awx.example.com"
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./base/tls.crt -keyout ./base/tls.key -subj "/CN=${AWX_HOST}/O=${AWX_HOST}" -addext "subjectAltName = DNS:${AWX_HOST}"
+```
+
+Modify `tower_hostname` in `base\awx.yaml`.
+
+```yaml
+---
+...
+spec:
+  tower_ingress_type: Ingress
+  tower_ingress_tls_secret: awx-secret-tls
+  tower_hostname: awx.example.com     👈👈👈
+...
+```
+
+Modify two `password`s in `base\kustomization.yaml`.
+
+```yaml
+...
+  - name: awx-postgres-configuration
+    type: Opaque
+    literals:
+      - host=awx-postgres
+      - port=5432
+      - database=awx
+      - username=awx
+      - password=Ansible123!!     👈👈👈
+      - type=managed
+
+  - name: awx-admin-password
+    type: Opaque
+    literals:
+      - password=Ansible123!!     👈👈👈
+...
+```
+
+Prepare directories for Persistent Volumes defined in `base/pv.yaml`.
+
+```bash
+sudo mkdir -p /data/postgres
+sudo mkdir -p /data/projects
+sudo chown 1000:0 /data/projects
+```
+
+### Deploy AWX
+
+Deploy AWX, this takes few minutes to complete.
+
+```bash
+kubectl apply -k base
+```
+
+Once this completed, the logs of `deployment/awx-operator` end with:
+
+```txt
+--------------------------- Ansible Task Status Event StdOut  -----------------
+PLAY RECAP *********************************************************************
+localhost                  : ok=42   changed=0    unreachable=0    failed=0    skipped=31   rescued=0    ignored=0
+-------------------------------------------------------------------------------
+```
+
+Required objects has been deployed in `awx` namespace.
+
+```bash
+$ kubectl get all -n awx
+NAME                       READY   STATUS    RESTARTS   AGE
+pod/awx-postgres-0         1/1     Running   0          131m
+pod/awx-545c885884-62qxd   4/4     Running   0          131m
+
+NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
+service/awx-postgres   ClusterIP   None          <none>        5432/TCP       131m
+service/awx-service    NodePort    10.43.34.90   <none>        80:30882/TCP   131m
+
+NAME                  READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/awx   1/1     1            1           131m
+
+NAME                             DESIRED   CURRENT   READY   AGE
+replicaset.apps/awx-545c885884   1         1         1       131m
+
+NAME                            READY   AGE
+statefulset.apps/awx-postgres   1/1     131m
+```
+
+Now AWX is available at `https://<awx-host>/`.

base/awx.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  tower_image_version: "19.1.0"
+  tower_postgres_image_version: "12"
+
+  tower_ingress_type: Ingress
+  tower_ingress_tls_secret: awx-secret-tls
+  tower_hostname: awx.example.com
+
+  tower_postgres_configuration_secret: awx-secret-postgres
+
+  tower_postgres_storage_class: awx-postgres-volume
+  tower_postgres_storage_requirements:
+    requests:
+      storage: 2Gi
+
+  tower_projects_persistence: true
+  tower_projects_existing_claim: awx-projects-claim

base/kustomization.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: awx
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+secretGenerator:
+  - name: awx-secret-tls
+    type: kubernetes.io/tls
+    files:
+      - tls.crt
+      - tls.key
+
+  - name: awx-postgres-configuration
+    type: Opaque
+    literals:
+      - host=awx-postgres
+      - port=5432
+      - database=awx
+      - username=awx
+      - password=Ansible123!
+      - type=managed
+
+  - name: awx-admin-password
+    type: Opaque
+    literals:
+      - password=Ansible123!
+
+resources:
+  - namespace.yaml
+  - pv.yaml
+  - pvc.yaml
+  - awx.yaml

base/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: awx

base/pv.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: awx-postgres-volume
+spec:
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  capacity:
+    storage: 2Gi
+  storageClassName: awx-postgres-volume
+  hostPath:
+    path: /data/postgres
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: awx-projects-volume
+spec:
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  capacity:
+    storage: 2Gi
+  storageClassName: awx-projects-volume
+  hostPath:
+    path: /data/projects

base/pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: awx-projects-claim
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: awx-projects-volume