diff --git a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md index bea0c7f..f5ff2c9 100644 --- a/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md +++ b/Docker & Kubernetes/Servers/AWX/AWX Operator/Ansible AWX Operator.md @@ -260,25 +260,6 @@ Run the following command to apply the Kerberos Keytab file as a configmap into kubectl -n awx create configmap awx-kerberos-config --from-file=/awx/krb5.conf ``` -### Create Custom DNS Host Records for Domain Controllers -You will need to be sure that AWX is able to resolve the FQDNs of the domain controllers for Kerberos to be happy. We will do this by adding another config file in the `/awx` directory and applying it to the deployment. -```jsx title="/awx/custom_dns_records.yml" -apiVersion: v1 -kind: ConfigMap -metadata: - name: custom-dns - namespace: awx -data: - custom-hosts: | - 192.168.3.25 LAB-DC-01.bunny-lab.io LAB-DC-01 - 192.168.3.26 LAB-DC-02.bunny-lab.io LAB-DC-02 -``` - -Then we apply them with the following command: -``` sh -kubectl apply -f custom_dns_records.yml -``` - ### Create an AWX Container Group At this point, we need to make a custom pod for the AWX Execution Environments that will use this Kerberos file. Reference information was found [here](https://github.com/kurokobo/awx-on-k3s/blob/main/tips/use-kerberos.md#create-container-group). @@ -294,15 +275,8 @@ metadata: spec: serviceAccountName: default automountServiceAccountToken: false - initContainers: - - name: init-hosts - image: busybox - command: ['sh', '-c', 'cat /etc/custom-dns/custom-hosts >> /etc/hosts'] - volumeMounts: - - name: custom-dns - mountPath: /etc/custom-dns containers: - - image: 'quay.io/ansible/awx-ee:latest' + - image: quay.io/ansible/awx-ee:latest name: worker args: - ansible-runner @@ -320,14 +294,8 @@ spec: - name: awx-kerberos-volume configMap: name: awx-kerberos-config - - name: custom-dns - configMap: - name: custom-dns ``` -!!! info "Explanation" - Init Container: An init container named init-hosts is added. It runs before the main container starts and appends the custom DNS entries from the ConfigMap to the /etc/hosts file of the Kerberos Instance Group Pod. - ### Job Template & Inventory Examples At this point, you need to adjust your exist Job Template(s) that need to communicate via Kerberos to domain-joined Windows devices to use the "Instance Group" of "**Kerberos**" while keeping the same Execution Environment you have been using up until this point. This will change the Execution Environment to include the Kerberos Keytab file in the EE at playbook runtime.