Awx-operator: enable https

Created on 13 Jul 2020  ·  4Comments  ·  Source: ansible/awx-operator

How is https configured with the awx-operator?

picture nicolaibaralmueller
👍1

Most helpful comment

Leaving this here if ever you want to setup TLS on your ingress in k8s:

  1. First you need to make sure your ingress type is set to none in your awx resource:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
  namespace: ansible-awx
spec:
  deployment_type: awx
  tower_admin_user: test
  tower_admin_email: [email protected]
  tower_admin_password: changeme
  tower_broadcast_websocket_secret: changeme
  tower_ingress_type: none
  1. (optional) If your tls certificate secret resides in a different namespace, create an ExternalName service to proxy the requests between namespaces (external name is the FQDN of the awx service):
kind: Service
apiVersion: v1
metadata:
  name: awx-service-proxy
spec:
  type: ExternalName
  externalName: awx-service.ansible-awx.svc.cluster.local
  ports:
  - port: 80
  1. Create the ingress ressource which points to the proxy service (or awx service):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: awx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
      - awx.mydomain.com
    secretName: ingress-tls
  rules:
    - host: awx.mydomain.com
      http:
        paths:
          - backend:
              serviceName: awx-service-proxy
              servicePort: 80
            path: /
            pathType: ImplementationSpecific
picture yohanb on 28 Oct 2020
👍2

All 4 comments

If you are on OCP then the route handles https and ssl termination. On the ingress controller side you'll need to figure that out some other way I reckon.

matburt picture matburt on 21 Aug 2020

Leaving this here if ever you want to setup TLS on your ingress in k8s:

  1. First you need to make sure your ingress type is set to none in your awx resource:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
  namespace: ansible-awx
spec:
  deployment_type: awx
  tower_admin_user: test
  tower_admin_email: [email protected]
  tower_admin_password: changeme
  tower_broadcast_websocket_secret: changeme
  tower_ingress_type: none
  1. (optional) If your tls certificate secret resides in a different namespace, create an ExternalName service to proxy the requests between namespaces (external name is the FQDN of the awx service):
kind: Service
apiVersion: v1
metadata:
  name: awx-service-proxy
spec:
  type: ExternalName
  externalName: awx-service.ansible-awx.svc.cluster.local
  ports:
  - port: 80
  1. Create the ingress ressource which points to the proxy service (or awx service):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: awx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
      - awx.mydomain.com
    secretName: ingress-tls
  rules:
    - host: awx.mydomain.com
      http:
        paths:
          - backend:
              serviceName: awx-service-proxy
              servicePort: 80
            path: /
            pathType: ImplementationSpecific
yohanb picture yohanb on 28 Oct 2020
👍2

Leaving this here if ever you want to setup TLS on your ingress in k8s:

  1. First you need to make sure your ingress type is set to none in your awx resource:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
  namespace: ansible-awx
spec:
  deployment_type: awx
  tower_admin_user: test
  tower_admin_email: [email protected]
  tower_admin_password: changeme
  tower_broadcast_websocket_secret: changeme
  tower_ingress_type: none
  1. (optional) If your tls certificate secret resides in a different namespace, create an ExternalName service to proxy the requests between namespaces (external name is the FQDN of the awx service):
kind: Service
apiVersion: v1
metadata:
  name: awx-service-proxy
spec:
  type: ExternalName
  externalName: awx-service.ansible-awx.svc.cluster.local
  ports:
  - port: 80
  1. Create the ingress ressource which points to the proxy service (or awx service):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: awx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
      - awx.mydomain.com
    secretName: ingress-tls
  rules:
    - host: awx.mydomain.com
      http:
        paths:
          - backend:
              serviceName: awx-service-proxy
              servicePort: 80
            path: /
            pathType: ImplementationSpecific

Thanks so much. How do you add a certificate though?

nicolaibaralmueller picture nicolaibaralmueller on 28 Oct 2020

@nicolaibaralmueller https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

yohanb picture yohanb on 28 Oct 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

HarishaAmeen picture HarishaAmeen  ·  5Comments
k-harutyunyan picture k-harutyunyan  ·  7Comments
eniomachado picture eniomachado  ·  11Comments
crouthamela picture crouthamela  ·  4Comments
daenney picture daenney  ·  6Comments