Update Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md

@@ -88,67 +88,6 @@ You will need to create these files all in the same directory using the content
     namespace: awx
     ```
 
-=== "add-kerberos-configmap.yml"
-
-    ```jsx title="/awx/kustomization.yml"
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      name: awx
-      namespace: awx
-    spec:
-      template:
-        spec:
-          containers:
-            - name: awx
-              volumeMounts:
-                - name: krb5-config
-                  mountPath: /etc/krb5.conf
-                  subPath: krb5.conf
-          volumes:
-            - name: krb5-config
-              configMap:
-                name: krb5-config
-    ---
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      name: awx-task
-      namespace: awx
-    spec:
-      template:
-        spec:
-          containers:
-            - name: awx-task
-              volumeMounts:
-                - name: krb5-config
-                  mountPath: /etc/krb5.conf
-                  subPath: krb5.conf
-          volumes:
-            - name: krb5-config
-              configMap:
-                name: krb5-config
-    ---
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      name: awx-web
-      namespace: awx
-    spec:
-      template:
-        spec:
-          containers:
-            - name: awx-web
-              volumeMounts:
-                - name: krb5-config
-                  mountPath: /etc/krb5.conf
-                  subPath: krb5.conf
-          volumes:
-            - name: krb5-config
-              configMap:
-                name: krb5-config
-    ```
-
 ## Ensure the Kubernetes Cluster is Ready
 Check that the status of the cluster is ready by running the following commands, it should appear similar to the [Rancher RKE2 Example](https://docs.bunny-lab.io/Containers/Kubernetes/Rancher%20RKE2/Rancher%20RKE2%20Cluster/#install-helm-rancher-certmanager-jetstack-rancher-and-longhorn):
 ```
@@ -188,76 +127,67 @@ kubectl apply -k .
 ## Add Kerberos Authentication (Windows)
 You may find that you need to be able to remotely control domain-joined Windows devices using Kerberos.  You need to go through some extra steps to set this up after you have successfully deployed AWX Operator into Kubernetes.
 
-Add the following Kubernetes patch file to the `/awx` folder on the AWX Operator server.
+### Create Kerberos Keytab File
+Add the following file to the `/awx` folder on the AWX Operator server.
 
-=== "krb5-configmap.yml"
-
-    ```jsx title="/awx/krb5-configmap.yml"
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: krb5-config
-      namespace: awx
-    data:
-      krb5.conf: |
-        [libdefaults]
+```jsx title="/awx/krb5.conf"
+[libdefaults]
     default_realm = BUNNY-LAB.IO
     dns_lookup_realm = false
     dns_lookup_kdc = false
 
-        [realms]
+[realms]
     BUNNY-LAB.IO = {
         kdc = 192.168.3.25
         kdc = 192.168.3.26
         admin_server = 192.168.3.25
     }
 
-        [domain_realm]
+[domain_realm]
     .bunny-lab.io = BUNNY-LAB.IO
     bunny-lab.io = BUNNY-LAB.IO
-    ```
+```
 
-=== "kerberos-patch.yml"
+### Convert Keytab File into ConfigMap
+Run the following command to apply the Kerberos Keytab file as a configmap into the Kubernetes cluster that we will later use AWX to make a custom Execution Environment with.
+``` sh
+kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf
+```
 
-    ```jsx title="/awx/ingress.yml"
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      name: awx-task
+### Create an AWX Container Group
+At this point, we need to make a custom pod for the AWX Execution Environments that will use this Kerberos file.  Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group).
+
+- Create Container Group with custom pod spec that mounts `krb5.conf` to allow Kerberos authentication to be used in this new Execution Environment (EE).
+- Open AWX UI and click on "Instance Groups" under the "Administration" section, then press "Add > Add container group".
+- Enter a descriptive name as you like (e.g. Kerberos EE) and click the toggle "Customize Pod Specification".
+- Put the following YAML string in "Custom pod spec" then press the "Save" button
+``` yml
+apiVersion: v1
+kind: Pod
+metadata:
   namespace: awx
-    spec:
-      template:
-        spec:
+spec:
+  serviceAccountName: default
+  automountServiceAccountToken: false
   containers:
-            - name: awx-task
+    - image: 'quay.io/ansible/awx-ee:latest'
+      name: worker
+      args:
+        - ansible-runner
+        - worker
+        - '--private-data-dir=/runner'
+      resources:
+        requests:
+          cpu: 250m
+          memory: 100Mi
       volumeMounts:
-                - name: krb5-config
+        - name: awx-kerberos-volume
           mountPath: /etc/krb5.conf
           subPath: krb5.conf
   volumes:
-            - name: krb5-config
+    - name: awx-kerberos-volume
       configMap:
-                name: krb5-config
-    ```
-
-Then run the following commands to apply the configmap to the Kubernetes cluster, then patch each container to add the file.
-
-``` sh
-# Apply the Kerberos ConfigMap into Kubernetes Cluster
-kubectl apply -f /awx/krb5-configmap.yml
-
-# Extract and apply patch for awx-task pod
-kubectl patch deployment awx-task -n awx --patch "$(cat awx-task-patch.yml)"
-
-# Scale down to 0
-kubectl scale deployment awx-task -n awx --replicas=0
-
-# Check to ensure it has scaled down to 0 by disappearing from this list.
-kubectl get pods -n awx
-
-# Scale it back up to 1
-kubectl scale deployment awx-task -n awx --replicas=1
-
+        name: awx-kerberos-config
 ```
 
 ## Access the AWX WebUI behind Ingress Controller