enabling ssl/tls for awx turtorial please
101 views
Skip to first unread message
awx junior
Dec 28, 2022, 5:22:44 AM12/28/22
to AWX Project
Hello,
I am very new to kubernetes.
I managed to install awx v18 using awx-operator since that process was well explained in README.md however I am struggling to enable awx gui to work over https.
1 do I need to install k8s load balancer service (what should I use, how do I do that)
2 can I install x.509 cert on the host and bind awx to use it somehow (if so what are required steps)
Can someone be so kind and elaborate a bit/provide step by step guide (explain the process as if I was 5y old)?
Thanks
Kevin Knox
Dec 29, 2022, 3:09:06 PM12/29/22
to AWX Project
I'm afraid I cannot explain it well enough. I'm a newbie myself, taking up a running installation and trying to upgrade it. Still, I'll tell you what I inherited.
# We create a secret before doing the oc apply
export ca_root="$HOME/github/openshift-platform/clusters/shared_files/root-ca.pem"
oc create secret generic our-root-ca-cert -n $project --from-file=ldap-ca.crt=$ca_root --from-file=bundle-ca.crt=$ca_root
# In the yaml instance definition, we then call to the secret
bundle_cacert_secret: our-root-ca-cert
If there are other steps, I'm not yet aware of them.
# We create a secret before doing the oc apply
export ca_root="$HOME/github/openshift-platform/clusters/shared_files/root-ca.pem"
oc create secret generic our-root-ca-cert -n $project --from-file=ldap-ca.crt=$ca_root --from-file=bundle-ca.crt=$ca_root
# In the yaml instance definition, we then call to the secret
bundle_cacert_secret: our-root-ca-cert
If there are other steps, I'm not yet aware of them.
awx junior
Jan 3, 2023, 4:13:29 AM1/3/23
to AWX Project
Thanks Kevin,
From what I found out kubernetes relies on cloud infrastructure for ingress traffic and doesn't provide tool for that natively for on prem installs.
There is build in
Traefik (edge router) and
Klipper
(single node load balancer) build into k3s but its pretty new concept to me and I find traefik rather complicated.
I understand awx would rely on traefik to define how traffic should go in/out of awx and tls encryption to be provided by LB (load balancer) ==> http traffic between web console user and awx will be tls encrypted and after that it would be plain text http.
Just need to figure out how to make it work all together (there for I asked for some tutorial for newbies).
Can anyone with working on-prem https share how you put it all together?
Thanks
)
Kevin Knox
Jan 4, 2023, 9:00:22 AM1/4/23
to AWX Project
You may hear something better than what I shared, but we are on prem with ssl working.
Reply all
Reply to author
Forward
0 new messages