internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
devel
awx-operator/docs/user-guide/admin-user-account-configuration.md
kurokobo 2b0221bbc6 docs: overall minor renovations (#1874) 
* docs: simplify README.md and make index.md to refer to it
* docs: change order for pages in navigation and add missing pages
* docs: fix headings to improve navigation, transform notes to admonition, fix indentation, linting issues and minor issues
* docs: merge docs for using images from private registries
* docs: add example to integrate LDAP configuration via extra_settings_files
* Apply suggestions from code review
docs: apply suggested changes

Co-authored-by: Don Naro <dnaro@redhat.com>

* docs: update the doc site url as same as the url in https://www.ansible.com/ecosystem/
* docs: minor fixes for hpa page
* docs: expand note block
* docs: apply #1904 to README.md

---------

Co-authored-by: Don Naro <dnaro@redhat.com>
2024-07-20 18:34:21 -04:00

2.6 KiB
Raw Permalink Blame History

Admin user account configuration

There are three variables that are customizable for the admin user account creation.

Name Description Default
admin_user Name of the admin user admin
admin_email Email of the admin user test@example.com
admin_password_secret Secret that contains the admin user password Empty string

!!! warning admin_password_secret must be a Kubernetes secret and not your text clear password.

If admin_password_secret is not provided, the operator will look for a secret named <resourcename>-admin-password for the admin password. If it is not present, the operator will generate a password and create a Secret from it named <resourcename>-admin-password.

To retrieve the admin password, run kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo

The secret that is expected to be passed should be formatted as follow:

---
apiVersion: v1
kind: Secret
metadata:
  name: <resourcename>-admin-password
  namespace: <target namespace>
stringData:
  password: mysuperlongpassword

Secret Key Configuration

This key is used to encrypt sensitive data in the database.

Name Description Default
secret_key_secret Secret that contains the symmetric key for encryption Generated

!!! warning secret_key_secret must be a Kubernetes secret and not your text clear secret value.

If secret_key_secret is not provided, the operator will look for a secret named <resourcename>-secret-key for the secret key. If it is not present, the operator will generate a password and create a Secret from it named <resourcename>-secret-key. It is important to not delete this secret as it will be needed for upgrades and if the pods get scaled down at any point. If you are using a GitOps flow, you will want to pass a secret key secret.

The secret should be formatted as follow:

---
apiVersion: v1
kind: Secret
metadata:
  name: custom-awx-secret-key
  namespace: <target namespace>
stringData:
  secret_key: supersecuresecretkey

Then specify the secret name on the AWX spec:

---
spec:
  ...
  secret_key_secret: custom-awx-secret-key