internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-03-26 21:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3fa60853a2fd7036724d0af53914234a6cd6dbee
awx-operator/docs/user-guide/admin-user-account-configuration.md
Oluchi Nwenyi 470c7c392b Docs: moved user guide segment from readme (#1480)
2023-07-26 17:08:20 -04:00

2.5 KiB
Raw Blame History

Admin user account configuration

There are three variables that are customizable for the admin user account creation.

Name Description Default
admin_user Name of the admin user admin
admin_email Email of the admin user test@example.com
admin_password_secret Secret that contains the admin user password Empty string

⚠️ admin_password_secret must be a Kubernetes secret and not your text clear password.

If admin_password_secret is not provided, the operator will look for a secret named <resourcename>-admin-password for the admin password. If it is not present, the operator will generate a password and create a Secret from it named <resourcename>-admin-password.

To retrieve the admin password, run kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo

The secret that is expected to be passed should be formatted as follow:

---
apiVersion: v1
kind: Secret
metadata:
  name: <resourcename>-admin-password
  namespace: <target namespace>
stringData:
  password: mysuperlongpassword

Secret Key Configuration

This key is used to encrypt sensitive data in the database.

Name Description Default
secret_key_secret Secret that contains the symmetric key for encryption Generated

⚠️ secret_key_secret must be a Kubernetes secret and not your text clear secret value.

If secret_key_secret is not provided, the operator will look for a secret named <resourcename>-secret-key for the secret key. If it is not present, the operator will generate a password and create a Secret from it named <resourcename>-secret-key. It is important to not delete this secret as it will be needed for upgrades and if the pods get scaled down at any point. If you are using a GitOps flow, you will want to pass a secret key secret.

The secret should be formatted as follow:

---
apiVersion: v1
kind: Secret
metadata:
  name: custom-awx-secret-key
  namespace: <target namespace>
stringData:
  secret_key: supersecuresecretkey

Then specify the secret name on the AWX spec:

---
spec:
  ...
  secret_key_secret: custom-awx-secret-key