how to configure ingress tls

230 views
Skip to first unread message

Andreas Bourges

unread,
Oct 13, 2022, 8:25:39 AM10/13/22
to AWX Project
Hi everybody,

...I'm a bit confused on how to enable TLS for AWX using ingress. I'm not too familiar with k3s (or k8s) at all and TLS is giving me a hard time now.

We're currently running on k3s using operator v0.28 and corresponding awx 21.5.0.

Do I need to set up an ingress controller myself or is this part of the deployment when applying my awx-deploy.yml to k3s?


is mentioning service_type, ingress_type and other stuff, but I'm completely unsure what and which combination (and which prerequesites are implied) make sense and would result in giving my https access to awx ?!

Maybe someone else has already gone through this valley of tears and can provide me some guidance on how to enable tls for the awx frontend?

Thanks,

Andreas

Wei-Yen Tan

unread,
Oct 13, 2022, 8:28:11 AM10/13/22
to awx-p...@googlegroups.com
K3s comes with traefik as an ingress controller. 

Sent from Outlook for iOS
From: 'Andreas Bourges' via AWX Project <awx-p...@googlegroups.com>
Sent: Thursday, October 13, 2022 8:25:39 PM
To: AWX Project <awx-p...@googlegroups.com>
Subject: [awx-project] how to configure ingress tls
 
--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/bac22dd7-3201-4ea4-bc07-e48e27e797ebn%40googlegroups.com.

Wei-Yen Tan

unread,
Oct 13, 2022, 8:38:04 AM10/13/22
to awx-p...@googlegroups.com
I have gotten awx as a https end point. 

Sent from Outlook for iOS
From: Wei-Yen Tan <weiye...@gmail.com>
Sent: Thursday, October 13, 2022 8:28:04 PM
To: awx-p...@googlegroups.com <awx-p...@googlegroups.com>
Subject: Re: [awx-project] how to configure ingress tls
 

andyb...@googlemail.com

unread,
Oct 13, 2022, 8:59:33 AM10/13/22
to awx-p...@googlegroups.com

Hi,

 

…correct – traefik is running:

 

root@awx-troubleshooting:~# kubectl get pods -A

NAMESPACE     NAME                                               READY   STATUS      RESTARTS      AGE

kube-system   helm-install-traefik-crd-q9z56                     0/1     Completed   0             8d

kube-system   helm-install-traefik-9pxl4                         0/1     Completed   1             8d

kube-system   svclb-traefik-84d9f79c-62gkp                       2/2     Running     8 (53s ago)   8d

kube-system   coredns-b96499967-vzbkg                            1/1     Running     4 (53s ago)   8d

kube-system   local-path-provisioner-7b7dc8d6f5-cvwg9            1/1     Running     5 (53s ago)   8d

awx           awx-postgres-13-0                                  1/1     Running     1 (52s ago)   7d2h

awx           awx-95657c866-8jhl2                                4/4     Running     4 (52s ago)   7d1h

awx           awx-operator-controller-manager-7b4dbff7c8-l5x5x   2/2     Running     2 (52s ago)   7d2h

kube-system   traefik-7cd4fcff68-z8jxh                           1/1     Running     4 (52s ago)   8d

kube-system   metrics-server-668d979685-64jsz                    1/1     Running     4 (53s ago)   8d

 

From the docs:

 

“The following variables are customizable when ingress_type=ingress. The ingress type creates an Ingress resource as documented which can be shared with many other Ingress Controllers as listed.”

 

So I’ll set ingress_type to ingress and I would use clusterIP as service_type, right?

 

Thanks,

 

Andreas

--
You received this message because you are subscribed to a topic in the Google Groups "AWX Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/awx-project/4D4ve8fXupQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/SYBP282MB35258AA467EFE96ECF498B14AD259%40SYBP282MB3525.AUSP282.PROD.OUTLOOK.COM.

andyb...@googlemail.com

unread,
Oct 13, 2022, 11:50:59 AM10/13/22
to awx-p...@googlegroups.com

Hi,

 

after some more fiddling with my awx-deploy.yml, I got it up and running now.

 

Thanks,

 

Andreas

 

Von: awx-p...@googlegroups.com <awx-p...@googlegroups.com> Im Auftrag von Wei-Yen Tan
Gesendet: Donnerstag, 13. Oktober 2022 14:38
An: awx-p...@googlegroups.com

--
You received this message because you are subscribed to a topic in the Google Groups "AWX Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/awx-project/4D4ve8fXupQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/SYBP282MB35258AA467EFE96ECF498B14AD259%40SYBP282MB3525.AUSP282.PROD.OUTLOOK.COM.

Reply all
Reply to author
Forward
0 new messages