bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-07-31 20:51:25 -06:00
parent 8c80479845
commit 13ddc642d2
1 changed files with 164 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md
View File

@ -88,6 +88,67 @@ You will need to create these files all in the same directory using the content
namespace: awx namespace: awx
``` ```
=== "add-kerberos-configmap.yml"
```jsx title="/awx/kustomization.yml"
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx
namespace: awx
spec:
template:
spec:
containers:
- name: awx
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-task
namespace: awx
spec:
template:
spec:
containers:
- name: awx-task
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-web
namespace: awx
spec:
template:
spec:
containers:
- name: awx-web
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
```
## Ensure the Kubernetes Cluster is Ready ## Ensure the Kubernetes Cluster is Ready
Check that the status of the cluster is ready by running the following commands, it should appear similar to the [Rancher RKE2 Example](https://docs.bunny-lab.io/Containers/Kubernetes/Rancher%20RKE2/Rancher%20RKE2%20Cluster/#install-helm-rancher-certmanager-jetstack-rancher-and-longhorn): Check that the status of the cluster is ready by running the following commands, it should appear similar to the [Rancher RKE2 Example](https://docs.bunny-lab.io/Containers/Kubernetes/Rancher%20RKE2/Rancher%20RKE2%20Cluster/#install-helm-rancher-certmanager-jetstack-rancher-and-longhorn):
``` ```
@ -124,6 +185,109 @@ kubectl apply -k .
!!! warning "Be Patient - Wait 20 Minutes" !!! warning "Be Patient - Wait 20 Minutes"
The process may take a while to spin up AWX, postgresql, redis, and other workloads necessary for AWX to function. Depending on the speed of the server, it may take between 5 and 20 minutes for AWX to be ready to connect to. You can watch the progress via the CLI commands listed above, or directly on Rancher's WebUI at https://rancher.bunny-lab.io. The process may take a while to spin up AWX, postgresql, redis, and other workloads necessary for AWX to function. Depending on the speed of the server, it may take between 5 and 20 minutes for AWX to be ready to connect to. You can watch the progress via the CLI commands listed above, or directly on Rancher's WebUI at https://rancher.bunny-lab.io.
## Add Kerberos Authentication (Windows)
You may find that you need to be able to remotely control domain-joined Windows devices using Kerberos. You need to go through some extra steps to set this up after you have successfully deployed AWX Operator into Kubernetes.
Add the following Kubernetes patch file to the `/awx` folder on the AWX Operator server.
=== "krb5-configmap.yml"
```jsx title="/awx/krb5-configmap.yml"
apiVersion: v1
kind: ConfigMap
metadata:
name: krb5-config
namespace: awx
data:
krb5.conf: |
[libdefaults]
default_realm = BUNNY-LAB.IO
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
BUNNY-LAB.IO = {
kdc = 192.168.3.25
kdc = 192.168.3.26
admin_server = 192.168.3.25
}
[domain_realm]
.bunny-lab.io = BUNNY-LAB.IO
bunny-lab.io = BUNNY-LAB.IO
```
=== "kerberos-patch.yml"
```jsx title="/awx/ingress.yml"
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx
namespace: awx
spec:
template:
spec:
containers:
- name: awx
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-task
namespace: awx
spec:
template:
spec:
containers:
- name: awx-task
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: awx-web
namespace: awx
spec:
template:
spec:
containers:
- name: awx-web
volumeMounts:
- name: krb5-config
mountPath: /etc/krb5.conf
subPath: krb5.conf
volumes:
- name: krb5-config
configMap:
name: krb5-config
```
Then run the following commands to apply the configmap to the Kubernetes cluster, then patch each container to add the file.
``` sh
kubectl apply -f /awx/krb5-configmap.yml
kubectl patch deployment awx -n awx --patch "$(cat kerberos-patch.yml | sed -n '/^apiVersion: apps\/v1/,/^---/p')"
kubectl patch deployment awx-task -n awx --patch "$(cat kerberos-patch.yml | sed -n '/^apiVersion: apps\/v1/,/^---/p')"
kubectl patch deployment awx-web -n awx --patch "$(cat kerberos-patch.yml | sed -n '/^apiVersion: apps\/v1/,$p')"
kubectl apply -k .
```
## Access the AWX WebUI behind Ingress Controller ## Access the AWX WebUI behind Ingress Controller
After you have deployed AWX into the cluster, it will not be immediately accessible to the host's network (such as your personal computer) unless you set up a DNS record pointing to it. In the example above, you would have an `A` or `CNAME` DNS record pointing to the internal IP address of the Rancher RKE2 Cluster host. After you have deployed AWX into the cluster, it will not be immediately accessible to the host's network (such as your personal computer) unless you set up a DNS record pointing to it. In the example above, you would have an `A` or `CNAME` DNS record pointing to the internal IP address of the Rancher RKE2 Cluster host.