internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-08 06:12:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1061 from fosterseth/add_custom_ca_docs

Browse Source 
Add docs for adding execution nodes and custom CA
This commit is contained in:
Hao Liu
2022-10-03 16:23:42 -04:00
committed by GitHub
parent 5b7589accd ed7e2b2a28
commit 17eb9cf8e8
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@@ -55,6 +55,8 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
* [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations) * [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations)
* [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project) * [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project)
* [Steps to upgrade](#steps-to-upgrade) * [Steps to upgrade](#steps-to-upgrade)
* [Add Execution Nodes](#adding-execution-nodes)
* [Custom Receptor CA](#custom-receptor-ca)
* [Contributing](#contributing) * [Contributing](#contributing)
* [Release Process](#release-process) * [Release Process](#release-process)
* [Author](#author) * [Author](#author)
@@ -1200,6 +1202,33 @@ Then install the new AWX Operator by following the instructions in [Basic Instal
Once the new AWX Operator is up and running, your AWX deployment will also be upgraded. Once the new AWX Operator is up and running, your AWX deployment will also be upgraded.
### Adding Execution Nodes
Starting with AWX Operator v0.30.0 and AWX v21.7.0, standalone execution nodes can be added to your deployments.
See [AWX execution nodes docs](https://github.com/ansible/awx/blob/devel/docs/execution_nodes.md) for information about this feature.
#### Custom Receptor CA
The control nodes on the K8S cluster will communicate with execution nodes via mutual TLS TCP connections, running via Receptor.
Execution nodes will verify incoming connections by ensuring the x509 certificate was issued by a trusted Certificate Authority (CA).
A user may wish to provide their own CA for this validation. If no CA is provided, AWX Operator will automatically generate one using OpenSSL.
Given custom `ca.crt` and `ca.key` stored locally, run the following,
```bash
kubectl create secret tls awx-demo-receptor-ca \
--cert=/path/to/ca.crt --key=/path/to/ca.key
```
The secret should be named `{AWX Custom Resource name}-receptor-ca`. In the above the AWX CR name is "awx-demo". Please replace "awx-demo" with your AWX Custom Resource name.
If this secret is created after AWX is deployed, run the following to restart the deployment,
```bash
kubectl rollout restart deployment awx-demo
```
**Important Note**, changing the receptor CA will break connections to any existing execution nodes. These nodes will enter an `unavailable` state, and jobs will not be able to run on them. Users will need to download and re-run the install bundle for each execution node. This will replace the TLS certificate files with those signed by the new CA. The execution nodes should then appear in a `ready` state after a few minutes.
## Contributing ## Contributing
Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md). Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).