[Kubernetes] Install AWX Using Helm Chart

Helm 설치 및 설명 참고 {: .prompt-info }

Install awx-operator #

1helm repo add awx-operator https://ansible.github.io/awx-operator/
2helm repo update
3helm install ansible-awx-operator awx-operator/awx-operator -n awx --create-namespace

설치 참고

Customize Default Configuration #

values.yaml 수정
최상위 values.yaml을 수정하면 하위 폴더 values.yaml을 override 한다. {: .prompt-info }
Chart : https://github.com/ansible/awx-operator/tree/{tags}/.helm/starter
Release file (.tgz) : https://github.com/ansible/awx-operator/releases

Install Customize Default Configuration #

1helm install [RELEASE NAME] [Chart.yaml 경로] -f [YAML 파일 또는 URL에 값 지정 (여러 개를 지정가능)] -n [NAMESPACE NAME]

1helm install ansible-awx-operator awx-operator/awx-operator -f override-values.yaml -n [NAMESPACE NAME]

Verify AWX operator installation #

1kubectl get pods -n awx

Create PV, PVC and deploy AWX yaml file #

AWX에는 postgres Pod에 대한 영구 볼륨이 필요 {: .prompt-info }

다만 StorageClass가 설정되어 있다면 자동으로 pv, pvc 생성을 해주므로 AWX instance 바로 배포 {: .prompt-tip }

StorageClass #

StorageClass 생성 파일 작성 #

1vi local-storage-class.yaml

1apiVersion: storage.k8s.io/v1
2kind: StorageClass
3metadata:
4  name: local-storage
5  namespace: awx
6provisioner: kubernetes.io/no-provisioner
7volumeBindingMode: WaitForFirstConsumer

StorageClass 생성 및 확인 #

1kubectl create -f local-storage-class.yaml

1kubectl get sc -n awx

PersistentVolume #

PersistentVolume 생성 파일 작성 #

1vi pv.yaml

 1apiVersion: v1
 2kind: PersistentVolume
 3metadata:
 4  name: postgres-pv
 5  namespace: awx
 6spec:
 7  capacity:
 8    storage: 10Gi
 9  volumeMode: Filesystem
10  accessModes:
11  - ReadWriteOnce
12  persistentVolumeReclaimPolicy: Delete
13  storageClassName: local-storage
14  local:
15    path: /mnt/storage
16  nodeAffinity:
17    required:
18      nodeSelectorTerms:
19      - matchExpressions:
20        - key: kubernetes.io/hostname
21          operator: In
22          values:
23          - k8s-worker

PersistentVolume 생성 및 확인 #

1kubectl create -f pv.yaml

1kubectl get pv -n awx

PersistentVolumeClaim #

PersistentVolumeClaim 생성 파일 작성 #

1vi pvc.yaml

 1apiVersion: v1
 2kind: PersistentVolumeClaim
 3metadata:
 4  name: postgres-13-ansible-awx-postgres-13-0
 5  namespace: awx
 6spec:
 7  storageClassName: local-storage
 8  accessModes:
 9    - ReadWriteOnce
10  resources:
11    requests:
12      storage: 10Gi

PersistentVolumeClaim 생성 및 확인 #

1kubectl create -f pvc.yaml

1kubectl get pvc -n awx

AWX instance 배포 - admin password 없이 Setting #

Instance 생성 파일 작성 #

1vi ansible-awx.yaml

 1apiVersion: awx.ansible.com/v1beta1
 2kind: AWX
 3metadata:
 4  name: ansible-awx
 5  namespace: awx
 6spec:
 7  service_type: nodeport
 8  postgres_storage_class: local-storage
 9  # projects_persistence: true
10  # projects_storage_access_mode: ReadWriteOnce

Instance 배포 #

1kubectl create -f ansible-awx.yaml

Instance 확인 #

1kubectl get pods -n awx

AWX Web 접속 #

service 없을 시 아래와 같이 생성 #

1kubectl expose deployment ansible-awx-web --name ansible-awx-web-svc --type NodePort -n awx

service 확인

1kubectl get svc ansible-awx-web-svc -n awx

기본적으로 관리자는 admin이고 비밀번호는 -admin-password 확인할 수 있다. #

1kubectl get secrets -n awx | grep -i admin-password

1kubectl get secret ansible-awx-admin-password -o jsonpath="{.data.password}" -n awx | base64 --decode ; echo
2
3or
4
5kubectl -n awx get secret ansible-awx-admin-password -o go-template='{{range $k,$v := .data}}{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v | base64decode}}{{end}}{{"\n"}}{{end}}'

Paasword 설정하지 않았을 때 아래와 같이 Secret 조회가 된다.

 1kubectl get secret -n awx
 2NAME                                         TYPE                 DATA   AGE
 3sh.helm.release.v1.ansible-awx-operator.v1   helm.sh/release.v1   1      33m
 4redhat-operators-pull-secret                 Opaque               1      25m
 5ansible-awx-app-credentials                  Opaque               3      24m
 6ansible-awx-admin-password                   Opaque               1      24m
 7ansible-awx-secret-key                       Opaque               1      24m
 8ansible-awx-postgres-configuration           Opaque               6      24m
 9ansible-awx-broadcast-websocket              Opaque               1      24m
10ansible-awx-receptor-ca                      kubernetes.io/tls    2      24m
11ansible-awx-receptor-work-signing            Opaque               2      24m

AWX instance 배포 - admin password 없이 Setting #

Instance Secret 파일 작성 #

1vi awx-admin-password.yaml

1apiVersion: v1
2kind: Secret
3metadata:
4  name: awx-admin-password
5  namespace: awx
6stringData:
7  password: mysuperlongpassword

Instance Secret 배포 #

1kubectl apply -f awx-admin-password.yaml

Instance 생성 파일 작성 #

1vi ansible-awx.yaml

 1apiVersion: awx.ansible.com/v1beta1
 2kind: AWX
 3metadata:
 4  name: ansible-awx
 5  namespace: awx
 6spec:
 7  service_type: nodeport
 8  postgres_storage_class: local-path
 9  admin_user: admin
10  admin_password_secret: awx-admin-password
11  # projects_persistence: true
12  # projects_storage_access_mode: ReadWriteOnce

Instance 배포 #

1kubectl create -f ansible-awx.yaml

Paasword 설정했을 시 아래와 같이 Secret 조회가 된다. #

 1kubectl get secret -n awx
 2NAME                                         TYPE                 DATA   AGE
 3sh.helm.release.v1.ansible-awx-operator.v1   helm.sh/release.v1   1      63m
 4awx-admin-password                           Opaque               1      2m7s
 5redhat-operators-pull-secret                 Opaque               1      90s
 6ansible-awx-secret-key                       Opaque               1      87s
 7ansible-awx-broadcast-websocket              Opaque               1      86s
 8ansible-awx-postgres-configuration           Opaque               6      84s
 9ansible-awx-receptor-ca                      kubernetes.io/tls    2      73s
10ansible-awx-receptor-work-signing            Opaque               2      71s
11ansible-awx-app-credentials                  Opaque               3      70s