AWX-operator_setup_on_K3s+https.md

This is a walk through of this github repo: https://github.com/kurokobo/awx-on-k3s

Subscribe To Me On YouTube: https://bit.ly/lon_sub

Thanks to @kurokobo for making these steps. Check his github on the link above. If this video helped you get the AWX-operator working, please give the video a like and subscribe to my channel. I appreciate it!

Links: Rancher: https://rancher.com/docs/k3s/latest/en/ YouTube Video: https://youtu.be/xVOnBDvpbK0

Here I add the missing sections so less expereinces people can achieve installing and setting up AWX on K3s with HTTPS.

My setup:

• Instance Type: t3a.xlarge
• Centos 8 - AMI: ami-0e1b0ca392c9f2523
• Region: eu-west-2
• My user has root privilege via sudo
• For some reason, the CentOS iage started with no space in /
• Now login and grow XFS for / on your server

sudo yum -y install cloud-utils-growpart gdisk
lsblk
sudo growpart /dev/nvme0n1 2
sudo xfs_growfs /
exit #(back to the ec2-user)

KUBECTL install

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl kubectl version --client

INSTALL K3s

sudo systemctl disable firewalld --now curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644 k3s kubectl cluster-info k3s kubectl config view

Install awx-operator

k3s kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.13.0/deploy/awx-operator.yaml git clone https://github.com/kurokobo/awx-on-k3s.git

cd awx-on-k3s/ AWX_HOST="ec2-18-130-175-220.eu-west-2.compute.amazonaws.com" openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./base/tls.crt -keyout ./base/tls.key -subj "/CN=${AWX_HOST}/O=${AWX_HOST}" -addext "subjectAltName = DNS:${AWX_HOST}" vi base/awx.yaml

  admin_user: admin
  admin_password_secret: awx-admin-password

  ingress_type: ingress
  ingress_tls_secret: awx-secret-tls
  hostname: ec2-3-8-114-43.eu-west-2.compute.amazonaws.com  <--- your name

modify password if required: vi base/kustomization.yaml

  - name: awx-postgres-configuration
    type: Opaque
    literals:
      - host=awx-postgres
      - port=5432
      - database=awx
      - username=awx
      - password=Ansible123!  <--- HERE
      - type=managed

  - name: awx-admin-password
    type: Opaque
    literals:
      - password=Ansible123!  <--- AND HERE

sudo mkdir -p /data/postgres sudo mkdir -p /data/projects sudo chown 1000:0 /data/projects k3s kubectl apply -k base

$ k3s kubectl apply -k base
namespace/awx created
secret/awx-admin-password created
secret/awx-postgres-configuration created
secret/awx-secret-tls created
persistentvolume/awx-postgres-volume created
persistentvolume/awx-projects-volume created
persistentvolumeclaim/awx-projects-claim created
awx.awx.ansible.com/awx created

k3s kubectl logs -f deployment/awx-operator (process takes maybe 5-7 minutes)

• Depending on your setup, you may need to open the FW for https/443.

Once it's complete, you should see this:

--------------------------- Ansible Task Status Event StdOut  -----------------

PLAY RECAP *********************************************************************
localhost                  : ok=54   changed=0    unreachable=0    failed=0    skipped=37   rescued=0    ignored=0

Check everything is up.

k3s kubectl -n awx get awx,all,ingress,secrets

NAME                      AGE
awx.awx.ansible.com/awx   13m

NAME                      READY   STATUS    RESTARTS   AGE
pod/awx-postgres-0        1/1     Running   0          12m
pod/awx-59ff55b5b-shhb5   4/4     Running   0          12m

NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
service/awx-postgres   ClusterIP   None          <none>        5432/TCP   12m
service/awx-service    ClusterIP   10.43.83.81   <none>        80/TCP     12m

NAME                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/awx   1/1     1            1           12m

NAME                            DESIRED   CURRENT   READY   AGE
replicaset.apps/awx-59ff55b5b   1         1         1       12m

NAME                            READY   AGE
statefulset.apps/awx-postgres   1/1     12m

NAME                                    CLASS    HOSTS                                            ADDRESS        PORTS     AGE
ingress.networking.k8s.io/awx-ingress   <none>   ec2-3-8-114-43.eu-west-2.compute.amazonaws.com   172.31.31.20   80, 443   12m

NAME                                TYPE                                  DATA   AGE
secret/awx-admin-password           Opaque                                1      13m
secret/default-token-vkgx4          kubernetes.io/service-account-token   3      13m
secret/awx-postgres-configuration   Opaque                                6      13m
secret/awx-secret-tls               kubernetes.io/tls                     2      13m
secret/awx-app-credentials          Opaque                                3      12m
secret/awx-token-h55dk              kubernetes.io/service-account-token   3      12m
secret/awx-secret-key               Opaque                                1      12m
secret/awx-broadcast-websocket      Opaque                                1      12m

Now login to AWX

https://ec2-18-130-175-220.eu-west-2.compute.amazonaws.com

Default user: admin password: Ansible123!

Enjoy!

Hi @Pzharyuk

I don't have a K3s cluster running atm for me to check. I created this based on the kurokobo github page so it might be worth checking their issues page on the github repo. It's possible others have had this issue and there is a fix?

Sorry I can't be more helpful right now.

Hi @Pzharyuk
I've resolved this issue with the method described in CrashLoopBackOff on awx-postgres-0 pod :

# Replace `/data/postgres` with your directory path.
POSTGRES_PATH=/data/postgres
sudo mkdir -p $POSTGRES_PATH/data
sudo chmod 755 $POSTGRES_PATH $POSTGRES_PATH/data
sudo chown 0:0 $POSTGRES_PATH $POSTGRES_PATH/data

Thank you @sbilque I will give this a try!

I am attempting to install on Ubuntu 18.04 and Ubuntu 20.04. On both the k3s kubectl apply -k base command does not successfully complete and produces error:
{"level":"error","ts":1650555844.9798474,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"awx-controller","request":"awx/awx","error":"event runner on failed","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/[email protected]/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tpkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tpkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\tpkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:90"}

Dear All - I have followed exact steps, but it seems like its a never ending install, and im getting "404 page not found" can't. Please guide when possible. Thank you.

[root@awx ~]# k3s kubectl -n awx get awx,all,ingress,secrets
NAME AGE
awx.awx.ansible.com/awx 38m

NAME READY STATUS RESTARTS AGE
pod/awx-postgres-0 1/1 Running 0 37m

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/awx-postgres ClusterIP None 5432/TCP 37m
service/awx-service ClusterIP 10.43.112.100 80/TCP 37m

NAME READY AGE
statefulset.apps/awx-postgres 1/1 37m

NAME TYPE DATA AGE
secret/awx-admin-password Opaque 1 38m
secret/default-token-dtqpk kubernetes.io/service-account-token 3 38m
secret/awx-postgres-configuration Opaque 6 38m
secret/awx-secret-tls kubernetes.io/tls 2 38m
secret/awx-secret-key Opaque 1 38m
secret/awx-broadcast-websocket Opaque 1 38m
secret/awx-app-credentials Opaque 3 37m

[root@awx awx-on-k3s]# cat base/
awx.yaml kustomization.yaml namespace.yaml pvc.yaml pv.yaml tls.crt tls.key
[root@awx awx-on-k3s]# cat base/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: awx

generatorOptions:
disableNameSuffixHash: true

secretGenerator:

• name: awx-secret-tls
  type: kubernetes.io/tls
  files:

  • tls.crt
  • tls.key

• name: awx-postgres-configuration
  type: Opaque
  literals:

  • host=awx-postgres
  • port=5432
  • database=awx
  • username=awx
  • password=redhat
  • type=managed

• name: awx-admin-password
  type: Opaque
  literals:

  • password=redhat

resources:

• namespace.yaml
• pv.yaml
• pvc.yaml
• awx.yaml
  [root@awx awx-on-k3s]# cat base/awx.yaml

---

apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:

These parameters are designed for use with:

- AWX Operator: 0.20.0

https://github.com/ansible/awx-operator/blob/0.20.0/README.md

- AWX: 20.1.0

https://github.com/ansible/awx/blob/20.1.0/INSTALL.md

admin_user: admin
admin_password_secret: awx-admin-password

ingress_type: ingress
ingress_tls_secret: awx-secret-tls
hostname: 10.0.0.218

postgres_configuration_secret: awx-postgres-configuration

postgres_storage_class: awx-postgres-volume
postgres_storage_requirements:
requests:
storage: 8Gi

projects_persistence: true
projects_existing_claim: awx-projects-claim

web_resource_requirements: {}
task_resource_requirements: {}
ee_resource_requirements: {}

I followed everything in your guide exactly other than having to expand the volume I didn't need to do that.

CentOS 8 Stream Running 8GB Ram, 2 Core CPU - from a Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz

my awx.yaml file changes were just:

  admin_user: falconinet
  admin_password_secret: somepassword

  ingress_type: ingress
  ingress_tls_secret: somepassword
  hostname: ansible.mydomain.net

For any others stumbling over this. The admin, ingress and Postgres passwords or secrets should only be changed in the 'base/kustomize.yaml' file as shown. the entries in the 'base/awx.yaml' they are placeholders that ere being referred to and used in other places .. the only thing to be changed in the 'base/awx.yaml' file is the hostname as shown in the gist.

Any idea what might be wrong? I followed the article on my almalinux 8 ( centos 8 compatible ) and it ends up with:

PLAY RECAP *********************************************************************
localhost                  : ok=66   changed=2    unreachable=0    failed=0    skipped=43   rescued=0    ignored=0

Which looks correct to me?
But if I try to connect to my k3s node with https://awx.example.com I get

Bad gateway

in my browser.

Here is my ingress info:

k3s kubectl describe ingress awx-ingress -n awx
Name:             awx-ingress
Labels:           app.kubernetes.io/component=awx
                  app.kubernetes.io/managed-by=awx-operator
                  app.kubernetes.io/name=awx
                  app.kubernetes.io/operator-version=0.23.0
                  app.kubernetes.io/part-of=awx
Namespace:        awx
Address:          10.10.97.50
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
  awx-secret-tls terminates awx.example.com
Rules:
  Host            Path  Backends
  ----            ----  --------
  awx.ict.om.org
                  /   awx-service:80 (10.42.0.12:8052)
Annotations:      <none>
Events:           <none>

Where 10.10.97.50 is the correct physical IP of my k3s node.
How do I debug this any further?
A google article suggested the firewalld had to be off on my centos 8 ( almalinux 8 ) but that made no difference even after a reboot.

Found some more info, in case it helps?

kubectl -n kube-system describe services/traefik
Name:                     traefik
Namespace:                kube-system
Labels:                   app.kubernetes.io/instance=traefik
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=traefik
                          helm.sh/chart=traefik-10.19.300
Annotations:              meta.helm.sh/release-name: traefik
                          meta.helm.sh/release-namespace: kube-system
Selector:                 app.kubernetes.io/instance=traefik,app.kubernetes.io/name=traefik
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.43.216.35
IPs:                      10.43.216.35
LoadBalancer Ingress:     10.10.97.50
Port:                     web  80/TCP
TargetPort:               web/TCP
NodePort:                 web  31724/TCP
Endpoints:                10.42.0.8:8000
Port:                     websecure  443/TCP
TargetPort:               websecure/TCP
NodePort:                 websecure  32558/TCP
Endpoints:                10.42.0.8:8443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason            Age                From           Message
  ----    ------            ----               ----           -------
  Normal  UpdatedIngressIP  34m                svccontroller  LoadBalancer Ingress IP addresses updated: 10.10.97.50
  Normal  AppliedDaemonSet  34m (x6 over 34m)  svccontroller  Applied LoadBalancer DaemonSet kube-system/svclb-traefik

I have since also switched on hostNetwork to true and added the three extra lines for extra_settings mentioned in the @kurokobo's k3s awx troubleshooting page, but I still get a Bad Gateway message.
How can I best debug this any further?

I keep running into the following when running the "k3s kubectl apply -k base":

$ k3s kubectl apply -k base
persistentvolume/awx-postgres-13-volume unchanged
persistentvolume/awx-projects-volume unchanged
error validating "base": error validating data: ValidationError(AWX.spec): unknown field "postgres_init_container_resource_requirements" in com.ansible.awx.v1beta1.AWX.spec; if you choose to ignore these errors, turn validation off with --validate=false
Error from server (NotFound): error when creating "base": namespaces "awx" not found
Error from server (NotFound): error when creating "base": namespaces "awx" not found
Error from server (NotFound): error when creating "base": namespaces "awx" not found
Error from server (NotFound): error when creating "base": namespaces "awx" not found

to save anyone pain, using the korokobo doc worked for me on rocky8 https://github.com/kurokobo/awx-on-k3s , but these instructions failed with the following, had to rebuild and start clean:
k3s kubectl apply -k base
persistentvolume/awx-postgres-13-volume unchanged
persistentvolume/awx-projects-volume unchanged
error validating "base": error validating data: ValidationError(AWX.spec): unknown field "postgres_init_container_resource_requirements" in com.ansible.awx.v1beta1.AWX.spec; if you choose to ignore these errors, turn validation off with --validate=false
Error from server (NotFound): error when creating "base": namespaces "awx" not found
Error from server (NotFound): error when creating "base": namespaces "awx" not found
Error from server (NotFound): error when creating "base": namespaces "awx" not found
Error from server (NotFound): error when creating "base": namespaces "awx" not found