From 0 to Kubernetes – Step 6, doing other things with it :)

I’m sure that post title is going to get old real fast.

Anyway, let’s do what I’ve actually set this whole thing up for, and … deploy AWX.

A little bit of background: Not too long ago, AWX 18, and shortly after that AWX 19, was released.

(Note: AWX is the open source upstream project for Red Hat Ansible Tower)

The biggest change in AWX 18 was that the “local docker” installation method was dropped – meaning my existing AWX 17.1.0 which just runs in a few local docker containers will not see any further updates… and since that version has a small bug that isn’t critical but extremely annoying, I’m not too happy with that.

Starting with AWX 18, a “local docker” setup is really only useful for developers who are contributing to it – but not as an actual management tool. And also starting with AWX18, the only installation method that is actually supported for “production use” is the AWX operator – which is only for kubernetes (and compatible setups, it works just fine in K3s).

According to the latest installation instructions deploying with the AWX operator is dead simple, and guess what, it is.

All you have to do is to deploy the operator with one command:

kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml

or if you want to apply one specific version to get to a specific AWX version, replace /devel/ in that url with /versionnumber/ from github, for example like this:

kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/0.8.0/deploy/awx-operator.yaml

and then create one small deployment file that creates an “AWX” object, like so:

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
spec:
  tower_ingress_type: Ingress

and apply that one with kubectl. Then, after some time, you’ll be able to get the url for your tower with kubectl, and access it with a webbrowser.

kubectl describe service awx-service

So far, so good, for my setup here I had to change the process a little bit, since I wanted to import the database from my “production AWX”.

The process of such a migration is pretty well documented:

  1. make sure your “live” database is accessible from other hosts
  2. create a secret in kubernetes that contains the details for the database connection
  3. add the postgres details to your deployment file

My secrets file looks like this:

apiVersion: v1
kind: Namespace
metadata:
  name: awx
---
apiVersion: v1
kind: Secret
metadata:
  name: awx-secret-key
  namespace: awx
stringData:
  secret_key: dideldum
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  name: awx-old-postgres-configuration
  namespace: awx
stringData:
  host: "tower.my.lan"
  port: "5432"
  database: "awx"
  username: "dideldum"
  password: "dideldum"
type: Opaque

Of course my deployment file also looks a bit different:

apiVersion: v1
kind: Namespace
metadata:
  name: awx
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx
  namespace: awx
spec:
  tower_ingress_type: Ingress
  tower_hostname: awx.apps.my.lan
  tower_old_postgres_configuration_secret: awx-old-postgres-configuration
  tower_web_resource_requirements:
    requests:
      cpu: 250m
      memory: 1Gi
    limits:
      cpu: 750m
      memory: 4Gi
  tower_task_resource_requirements:
    requests:
      cpu: 250m
      memory: 1Gi
    limits:
      cpu: 500m
      memory: 2Gi

As you can see I’m pointing the operator towards my live database with that entry “tower_old_postgres_configuration_secret”. What I’m also doing is changing the minimum requirements and upper limits for memory and CPU to something that’s about half of the default – my little “appserver” is not all that big. The values come from about two years of monitoring my live AWX instance.

Finally, I need a router in traefik:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutetls
  namespace: awx
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`awx.apps.eregion.home`)
    kind: Rule
    services:
    - name: awx-service
      port: 80
  tls: {}

With all this in place I can login at https://awx.apps.my.lan/ with my credentials of my live AWX instance, and I see the same job history that way in there at the time of my AWX19 deployment.

Now all I need is enough patience to wait until AWX gets to a point where it’s usable for me again – for now I am NOT going to shut down my AWX 17.1.0 just yet – there are some issues with AWX 18 and above that basically mean you can’t really use it right now without putting a lot of extra work in, and possibly maintaining two separate versions of your playbooks.

Continued here.

1 thought on “From 0 to Kubernetes – Step 6, doing other things with it :)

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: