How is https configured with the awx-operator?
If you are on OCP then the route handles https and ssl termination. On the ingress controller side you'll need to figure that out some other way I reckon.
Leaving this here if ever you want to setup TLS on your ingress in k8s:
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
namespace: ansible-awx
spec:
deployment_type: awx
tower_admin_user: test
tower_admin_email: [email protected]
tower_admin_password: changeme
tower_broadcast_websocket_secret: changeme
tower_ingress_type: none
ExternalName
service to proxy the requests between namespaces (external name is the FQDN of the awx service):kind: Service
apiVersion: v1
metadata:
name: awx-service-proxy
spec:
type: ExternalName
externalName: awx-service.ansible-awx.svc.cluster.local
ports:
- port: 80
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: awx-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
tls:
- hosts:
- awx.mydomain.com
secretName: ingress-tls
rules:
- host: awx.mydomain.com
http:
paths:
- backend:
serviceName: awx-service-proxy
servicePort: 80
path: /
pathType: ImplementationSpecific
Leaving this here if ever you want to setup TLS on your ingress in k8s:
- First you need to make sure your ingress type is set to none in your awx resource:
apiVersion: awx.ansible.com/v1beta1 kind: AWX metadata: name: awx namespace: ansible-awx spec: deployment_type: awx tower_admin_user: test tower_admin_email: [email protected] tower_admin_password: changeme tower_broadcast_websocket_secret: changeme tower_ingress_type: none
- (optional) If your tls certificate secret resides in a different namespace, create an
ExternalName
service to proxy the requests between namespaces (external name is the FQDN of the awx service):kind: Service apiVersion: v1 metadata: name: awx-service-proxy spec: type: ExternalName externalName: awx-service.ansible-awx.svc.cluster.local ports: - port: 80
- Create the ingress ressource which points to the proxy service (or awx service):
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: awx-ingress annotations: kubernetes.io/ingress.class: nginx spec: tls: - hosts: - awx.mydomain.com secretName: ingress-tls rules: - host: awx.mydomain.com http: paths: - backend: serviceName: awx-service-proxy servicePort: 80 path: / pathType: ImplementationSpecific
Thanks so much. How do you add a certificate though?
@nicolaibaralmueller https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
Most helpful comment
Leaving this here if ever you want to setup TLS on your ingress in k8s:
ExternalName
service to proxy the requests between namespaces (external name is the FQDN of the awx service):