From 17c4be5b26277fcc4aaecad325b7ffcb9eaf600c Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Mon, 18 Nov 2024 14:08:43 -0700 Subject: [PATCH] Update Servers/Automation/Ansible/AWX/Deployment/AWX Operator.md --- .../Ansible/AWX/Deployment/AWX Operator.md | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/Servers/Automation/Ansible/AWX/Deployment/AWX Operator.md b/Servers/Automation/Ansible/AWX/Deployment/AWX Operator.md index 1076a51..bfbc368 100644 --- a/Servers/Automation/Ansible/AWX/Deployment/AWX Operator.md +++ b/Servers/Automation/Ansible/AWX/Deployment/AWX Operator.md @@ -133,7 +133,29 @@ kubectl apply -k . ## Access the AWX WebUI behind Ingress Controller After you have deployed AWX into the cluster, it will not be immediately accessible to the host's network (such as your personal computer) unless you set up a DNS record pointing to it. In the example above, you would have an `A` or `CNAME` DNS record pointing to the internal IP address of the Rancher RKE2 Cluster host. -The RKE2 Cluster will translate `awx.bunny-lab.io` to the AWX web-service container(s) automatically. SSL certificates are not covered in this documentation, but suffice to say, the can be configured on another reverse proxy such as Traefik or via Cert-Manager / JetStack. The process of setting this up goes outside the scope of this document. +The RKE2 Cluster will translate `awx.bunny-lab.io` to the AWX web-service container(s) automatically due to having an internal Reverse Proxy within the Kubernetes Cluster. SSL certificates generated within Kubernetes/Rancher RKE2 are not covered in this documentation, but suffice to say, the AWX server can be configured on behind another reverse proxy such as Traefik or via Cert-Manager / JetStack. The process of setting this up goes outside the scope of this document. + +### Traefik Implementation +If you want to put this behind traefik, you will need a slightly unique traefik configuration file, seen below, to effectively transparently passthrough traffic into the RKE2 Cluster's reverse proxy. + +```yaml title="awx.bunny-lab.io.yml" +tcp: + routers: + awx-tcp-router: + rule: "HostSNI(`awx.bunny-lab.io`)" + entryPoints: ["websecure"] + service: awx-nginx-service + tls: + passthrough: true +# middlewares: +# - auth-bunny-lab-io # Referencing the Keycloak Server + + services: + awx-nginx-service: + loadBalancer: + servers: + - address: "192.168.3.10:443" +``` !!! success "Accessing the AWX WebUI" If you have gotten this far, you should now be able to access AWX via the WebUI and log in.