internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
07427be0b79411f5c8fd2ffd7caf4fd92fcce47a
awx-operator/docs/user-guide/network-and-tls-configuration.md
Guillaume Lefevre 07427be0b7 Allow multiple ingress hosts to be defined when using ingress (#1377) 
* Replace api version for deployment kind to apps/v1

* Add new multiple ingress spec and deprecate hostname and ingress_tls_secret

* Manage new ingress_hosts.tls_secret backup separately

* Fix ci molecule lint warnings and error

* Fix documentation

* Fix ingress_hosts tls_secret key being optional

* Remove fieldDependency:ingress_type:Ingress for Ingress Hosts

* Fix scenario when neither hostname or ingress_hosts is defined

---------

Co-authored-by: Guillaume Lefevre <guillaume.lefevre@agoda.com>
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Christian Adams <chadams@redhat.com>
2024-01-05 10:15:04 -05:00

6.2 KiB
Raw Blame History

Network and TLS Configuration

Service Type

If the service_type is not specified, the ClusterIP service will be used for your AWX Tower service.

The service_type supported options are: ClusterIP, LoadBalancer and NodePort.

The following variables are customizable for any service_type

Name Description Default
service_labels Add custom labels Empty string
service_annotations Add service annotations Empty string 
---
spec:
  ...
  service_type: ClusterIP
  service_annotations: |
    environment: testing
  service_labels: |
    environment: testing
  • LoadBalancer

The following variables are customizable only when service_type=LoadBalancer

Name Description Default
loadbalancer_protocol Protocol to use for Loadbalancer ingress http
loadbalancer_port Port used for Loadbalancer ingress 80
loadbalancer_ip Assign Loadbalancer IP '' 
---
spec:
  ...
  service_type: LoadBalancer
  loadbalancer_ip: '192.168.10.25'
  loadbalancer_protocol: https
  loadbalancer_port: 443
  service_annotations: |
    environment: testing
  service_labels: |
    environment: testing

When setting up a Load Balancer for HTTPS you will be required to set the loadbalancer_port to move the port away from 80.

The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.

  • NodePort

The following variables are customizable only when service_type=NodePort

Name Description Default
nodeport_port Port used for NodePort 30080 
---
spec:
  ...
  service_type: NodePort
  nodeport_port: 30080

Ingress Type

By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, when the ingress_type is not specified, it will default to none and nothing ingress-wise will be created.

The ingress_type supported options are: none, ingress and route. To toggle between these options, you can add the following to your AWX CRD:

  • None
---
spec:
  ...
  ingress_type: none
  • Generic Ingress Controller

The following variables are customizable when ingress_type=ingress. The ingress type creates an Ingress resource as documented which can be shared with many other Ingress Controllers as listed.

Name Description Default
ingress_annotations Ingress annotations Empty string
ingress_tls_secret (deprecated) Secret that contains the TLS information Empty string
ingress_class_name Define the ingress class name Cluster default
hostname (deprecated) Define the FQDN {{ meta.name }}.example.com
ingress_hosts Define one or multiple FQDN with optional Secret that contains the TLS information Empty string
ingress_path Define the ingress path to the service /
ingress_path_type Define the type of the path (for LBs) Prefix
ingress_api_version Define the Ingress resource apiVersion 'networking.k8s.io/v1' 
---
spec:
  ...
  ingress_type: ingress
  ingress_hosts:
    - hostname: awx-demo.example.com
    - hostname: awx-demo.sample.com
      tls_secret: sample-tls-secret
  ingress_annotations: |
    environment: testing
Specialized Ingress Controller configuration

Some Ingress Controllers need a special configuration to fully support AWX, add the following value with the ingress_controller variable, if you are using one of these:

Ingress Controller name value
Contour contour 
---
spec:
  ...
  ingress_type: ingress
  ingress_hosts:
    - hostname: awx-demo.example.com
    - hostname: awx-demo.sample.com
      tls_secret: sample-tls-secret
  ingress_controller: contour
  • Route

The following variables are customizable when ingress_type=route

Name Description Default
route_host Common name the route answers for <instance-name>-<namespace>-<routerCanonicalHostname>
route_tls_termination_mechanism TLS Termination mechanism (Edge, Passthrough) Edge
route_tls_secret Secret that contains the TLS information Empty string
route_api_version Define the Route resource apiVersion 'route.openshift.io/v1' 
---
spec:
  ...
  ingress_type: route
  route_host: awx-demo.example.com
  route_tls_termination_mechanism: Passthrough
  route_tls_secret: custom-route-tls-secret-name