Install Ansible AWX

      Ankush More

      Kubernetes with AWX Operator

      Prerequisites

      • Ubuntu 22.04/24.04 LTS or compatible Linux distribution
      • At least 4GB RAM and 2 CPU cores
      • Root or sudo access
      • Domain name pointing to your server (for SSL certificates)
      • Ports 80, 443, and 6443 open

      https://ansible.readthedocs.io/projects/awx-operator/en/latest/installation/basic-install.html

      Step 1: Install Kubernetes (K3s)

      K3s is a lightweight version of kubernetes which we will be using here.

      # Install K3s (lightweight Kubernetes)
curl -sfL https://get.k3s.io | sh -

# Configure kubectl with proper permissions
mkdir -p $HOME/.kube
sudo cp -i /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
chmod 600 ~/.kube/config
export KUBECONFIG=~/.kube/config

# Set AWX Operator version (check latest at: https://github.com/ansible/awx-operator/releases)
# Add to bashrc for persistence
echo 'export KUBECONFIG=~/.kube/config' >> ~/.bashrc
echo 'export AWX_OPERATOR_TAG=2.19.1' >> ~/.bashrc
echo 'export AWX_DOMAIN_NAME=awx.altgr.in' >> ~/.bashrc
echo 'export AWX_EMAIL_LETSENCRYPT=ankush.more@altgr.in' >> ~/.bashrc
source ~/.bashrc

      Next, we will create awx namespace and set default context to awx. Clone awx operator and apply kustomization.yaml file.

      # Create AWX namespace
kubectl create namespace awx

# We don't have to keep repeating -n awx, let's set the current namespace for kubectl
kubectl config set-context --current --namespace=awx

# Clone awx Operatir
git clone https://github.com/ansible/awx-operator.git
cd ~/awx-operator

# Create kustomization.yaml
cat > kustomization.yaml << EOF
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
  - github.com/ansible/awx-operator/config/default?ref=${AWX_OPERATOR_TAG}

# Set the image tags to match the git version from above
images:
  - name: quay.io/ansible/awx-operator
    newTag: ${AWX_OPERATOR_TAG}

# Specify a custom namespace in which to install AWX
namespace: awx
EOF

# Apply the operator
kubectl apply -k .

      awx-demo.yaml

      cat > awx-demo.yaml << EOF
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx-demo
  namespace: awx
spec:
  # Use ClusterIP for ingress-based access
  service_type: clusterip

  # Resource requests and limits
  web_resource_requirements:
    requests:
      cpu: 1000m
      memory: 2Gi
    limits:
      cpu: 2000m
      memory: 4Gi

  task_resource_requirements:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1000m
      memory: 2Gi

  # PostgreSQL configuration
  postgres_resource_requirements:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1000m
      memory: 2Gi

  # Storage configuration
  postgres_storage_class: local-path
  postgres_storage_requirements:
    requests:
      storage: 8Gi

  projects_persistence: true
  projects_storage_class: local-path
  projects_storage_size: 8Gi
  projects_storage_access_mode: ReadWriteOnce

      NOTE:-

      Edit kustomization.yaml file and add awx-demo.yaml to resources.

      cat > kustomization.yaml << EOF
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
  - github.com/ansible/awx-operator/config/default?ref=${AWX_OPERATOR_TAG}
  - awx-demo.yaml
# Set the image tags to match the git version from above
images:
  - name: quay.io/ansible/awx-operator
    newTag: ${AWX_OPERATOR_TAG}

# Specify a custom namespace in which to install AWX
namespace: awx
      # Apply Operator
kubectl apply -f .

      node port can be used in awx-demo.yaml file and directly access portal via browser. e.g, http://<IP_ADDRESS>:<NODE_PORT>

      SSL certificate configuration (Optional)

      NOTE:- Public IP should be mapped to your FQDN by making A or @ record entry in your domain provider portal e.g, Godaddy, aws route 53 etc.

      Install certmanager

      kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml

      letsencrypt-clusterissuer.yaml

      cat > letsencrypt-clusterissuer.yaml << EOF
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: ${AWX_EMAIL_LETSENCRYPT} # Replace with your email
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: traefik  # Or your ingress controller class name
      # Apply ClusterIssuer
kubectl apply -f letsencrypt-clusterissuer.yaml

      We will be using traefik as out Ingress

      awx-ingress.yaml

      cat > awx-ingress.yaml << EOF
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: awx-demo-ingress
  namespace: awx
  annotations:
    # Cert-manager annotations
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: traefik
  tls:
    - hosts:
        - ${AWX_DOMAIN_NAME}  # REPLACE WITH YOUR DOMAIN
      secretName: letsencrypt-prod
  rules:
    - host: ${AWX_DOMAIN_NAME}  # REPLACE WITH YOUR DOMAIN
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: awx-demo-service
                port:
                  number: 80
      # Apply Ingress
kubectl apply -f awx-ingress.yaml

# Wait a moment for cert-manager to process
sleep 30

# Check if certificate request is created
kubectl get certificaterequests -n awx
kubectl get orders -n awx
kubectl get challenges -n awx

# Check certificate status (it may take 2-5 minutes to issue)
kubectl get certificate -n awx
kubectl describe certificate  -n awx

# Monitor certificate issuance
kubectl describe certificaterequest -n awx

      Manual Certificate Creation (if needed Optional)

      # Create certificate manually if auto-creation fails
cat > awx-certificate.yaml << EOF
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: letsencrypt-prod
  namespace: awx
spec:
  secretName: letsencrypt-prod
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: ${AWX_DOMAIN_NAME}  # REPLACE WITH YOUR DOMAIN
  dnsNames:
    - ${AWX_DOMAIN_NAME}  # REPLACE WITH YOUR DOMAIN
EOF

# Apply certificate
kubectl apply -f awx-certificate.yaml

# Monitor certificate creation
kubectl describe certificate letsencrypt-prod -n awx
kubectl get certificaterequests -n awx -w

      Access AWX

      # Get admin password
kubectl get secret awx-demo-admin-password -n awx -o jsonpath="{.data.password}" | base64 --decode ; echo

# Get admin username (usually 'admin')
kubectl get secret awx-demo-admin-password -n awx -o jsonpath="{.data.username}" | base64 --decode ; echo

# Check service status
kubectl get svc -n awx
kubectl get ingress -n awx

# Access AWX at: https://awx.altgr.in
# Username: admin
# Password: (from the command above)

      Troubleshooting

      # Check AWX operator logs
kubectl logs -f deployment/awx-operator-controller-manager -n awx

# Check AWX instance status
kubectl describe awx awx-demo -n awx

# Check certificate status
kubectl get certificate -n awx
kubectl describe certificate awx-demo-tls-secret -n awx

# Check cert-manager logs
kubectl logs -f deployment/cert-manager -n cert-manager

# Restart AWX pods if needed
kubectl delete pod -l app.kubernetes.io/name=awx-demo -n awx

      Cleanup (Optional)

      # Remove AWX instance
kubectl delete awx awx-demo -n awx

# Remove AWX operator
kubectl delete -k .

# Remove cert-manager
kubectl delete -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml

# Remove K3s
/usr/local/bin/k3s-uninstall.sh

      Discover more from Altgr Blog

      Subscribe to get the latest posts sent to your email.

      Related Posts

      Leave a Reply

      Your email address will not be published. Required fields are marked *