Ingress service in AWX with nginx
1,559 views
Skip to first unread message
Manikandan Balasubramanian
Jun 21, 2022, 2:50:41 AM6/21/22
to AWX Project
Hi,
I followed the below documentation and created the AWX deployment:
https://github.com/ansible/awx-operator#network-and-tls-configuration
AWX resource and deployments/awx pods were created as intended. I am facing difficulties in setting up the ingress.
I had the below ingress configuration:
ingress_type: ingress
hostname: awx.domain.com
ingress_path: /awx-test
ingress_path_type: Prefix
ingress_tls_secret: awx-tls-secret
ingress_annotations: |
environment: testing
I am using nginix ingress in my cluster; and I was not sure how to provide this information in this configuration.
So I made the service type as Cluster IP, and created custom ingress configuration for this service.
$ kubectl.exe -n awx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx-operator-controller-manager-metrics-service ClusterIP 10.0.118.219 <none> 8443/TCP 4d22h
awx-service ClusterIP 10.0.253.225 <none> 80/TCP 56m
$ ./kubectl -n awx describe ingress
Name: awx-ingress
Labels: <none>
Namespace: awx
Address: <SomeIP>
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
awx-tls-secret terminates awx-domain.com
Rules:
Host Path Backends
---- ---- --------
awx-domain.com
/awx-test awx-service:80 (10.244.0.63:8052)
Annotations: cert-manager.io/cluster-issuer: <someissuer>
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateCertificate 14m cert-manager Successfully created Certificate "awx-tls-secret"
Normal Sync 13m (x2 over 14m) nginx-ingress-controller Scheduled for sync
Normal Sync 13m (x2 over 14m) nginx-ingress-controller Scheduled for sync
When I configure this and go to the path, I keep getting 502 Bad gateway error. Can someone please let me know what I am doing wrong here?
Thanks and Regards,
Mani
I followed the below documentation and created the AWX deployment:
https://github.com/ansible/awx-operator#network-and-tls-configuration
AWX resource and deployments/awx pods were created as intended. I am facing difficulties in setting up the ingress.
I had the below ingress configuration:
ingress_type: ingress
hostname: awx.domain.com
ingress_path: /awx-test
ingress_path_type: Prefix
ingress_tls_secret: awx-tls-secret
ingress_annotations: |
environment: testing
I am using nginix ingress in my cluster; and I was not sure how to provide this information in this configuration.
So I made the service type as Cluster IP, and created custom ingress configuration for this service.
$ kubectl.exe -n awx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx-operator-controller-manager-metrics-service ClusterIP 10.0.118.219 <none> 8443/TCP 4d22h
awx-service ClusterIP 10.0.253.225 <none> 80/TCP 56m
$ ./kubectl -n awx describe ingress
Name: awx-ingress
Labels: <none>
Namespace: awx
Address: <SomeIP>
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
awx-tls-secret terminates awx-domain.com
Rules:
Host Path Backends
---- ---- --------
awx-domain.com
/awx-test awx-service:80 (10.244.0.63:8052)
Annotations: cert-manager.io/cluster-issuer: <someissuer>
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CreateCertificate 14m cert-manager Successfully created Certificate "awx-tls-secret"
Normal Sync 13m (x2 over 14m) nginx-ingress-controller Scheduled for sync
Normal Sync 13m (x2 over 14m) nginx-ingress-controller Scheduled for sync
When I configure this and go to the path, I keep getting 502 Bad gateway error. Can someone please let me know what I am doing wrong here?
Thanks and Regards,
Mani
Manikandan Balasubramanian
Jun 22, 2022, 5:33:53 AM6/22/22
to AWX Project
I installed the latest awx operator image with the below definition:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-test
namespace: awx
spec:
service_type: ClusterIP
service_annotations: |
environment: testing
service_labels: |
environment: testing
postgres_configuration_secret: awx-postgres-configuration
admin_user: awxadmin
admin_email: <>
admin_password_secret: awx-admin-password
image: quay.io/ansible/awx
image_version: latest
ee_images:
- name: awx-test-ee
image: quay.io/ansible/awx-ee
redis_image: docker.io/redis
redis_image_version: latest
kind: AWX
metadata:
name: awx-test
namespace: awx
spec:
service_type: ClusterIP
service_annotations: |
environment: testing
service_labels: |
environment: testing
postgres_configuration_secret: awx-postgres-configuration
admin_user: awxadmin
admin_email: <>
admin_password_secret: awx-admin-password
image: quay.io/ansible/awx
image_version: latest
ee_images:
- name: awx-test-ee
image: quay.io/ansible/awx-ee
redis_image: docker.io/redis
redis_image_version: latest
I observe that the service is being created. However I am unable to access the service.
$ kubectl -n awx get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx-operator-controller-manager-metrics-service ClusterIP 10.0.118.219 <none> 8443/TCP 6d1h
awx-test-service ClusterIP 10.0.26.53 <none> 80/TCP 17m
awx-test-service ClusterIP 10.0.26.53 <none> 80/TCP 17m
From the worker node, I tried curling this cluster IP.
root@:/# curl http://10.0.26.53:80
curl: (7) Failed to connect to 10.0.26.53 port 80: Connection refused
curl: (7) Failed to connect to 10.0.26.53 port 80: Connection refused
I am not sure why the curl is failing for the cluster IP. This service has been auto-generated by the operator.
Thanks and Regards,
Mani
Message has been deleted
AWX Project
Jun 23, 2022, 1:14:59 PM6/23/22
to AWX Project
Hi!
You'll need to use a NodePort or LoadBalancer type of service to expose the service externally (note the <none> under External-IP). A ClusterIP only routes data internally between pods, but doesn't allow outside browsers to reach into the pod to access a service.
AWX Team
Reply all
Reply to author
Forward
0 new messages