Ansible AWX on a Single node Kubernetes cluster on PhotonOS 4
Warning
Deprecated guide
https://virtual-bytes.co.uk/2021/05/06/deploying-ansible-awx-on-kubernetes-from-day-0
This guide is outdated, since at least Kubernetes 1.24
Deploy VM
- Deploy PhotonOS 4.0 ISO with 4 cores, 8Gi of memory, 50Gi of storage
- Configure A record and CNAME record on DNS server
- On install configure fqdn as hostname and given static IP address
- Configure
/etc/systemd/timesyncd.confNTP=in the[Time]section - Restart
systemd-timesyncd.serviceafter configuring - Do all updates with
tdnf update - Reboot
Install Kubernetes
tdnf install kubernetes-kubeadmsystemctl disable --now iptablessystemctl enable --now docker- Write the following into
kubeconfig.yml
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
podSubnet: 10.16.0.0/16
serviceSubnet: 10.96.0.0/12
kubeadm config images pull --config kubeconfig.ymlkubeadm init --ignore-preflight-errors SystemVerification --skip-token-print --config kubeconfig.ymlmkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/configkubectl taint nodes --all node-role.kubernetes.io/master-watch kubectl get po -A- Do
systemctl edit kubelet.serviceand write the following into the spacing section
[Service]
CPUAccounting=true
MemoryAccounting=true
systemctl restart kubelet.servicecurl -LO https://github.com/vmware-tanzu/antrea/releases/download/v1.2.3/antrea.ymlkubectl apply -f antrea.ymlwatch kubectl get po -n kube-systemmkdir -p /opt/local-path-provisionercurl -LO https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.20/deploy/local-path-storage.yamlkubectl apply -f local-path-storage.yamlwatch kubectl get sckubectl patch sc local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'curl -LO https://projectcontour.io/quickstart/contour.yamlkubectl apply -f contour.yamlwatch kubectl get po -n projectcontour
Install awx
tdnf install git make targit clone https://github.com/ansible/awx-operator.gitcd awx-operatorgit checkout tags/0.14.0export NAMESPACE=defaultmake deploywatch kubectl get poopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -out ingress-tls.crt -keyout ingress-tls.key -subj "/CN=awx.fritz.box/O=awx-ingress-tls"kubectl create secret tls awx-ingress-tls --key ingress-tls.key --cert ingress-tls.crtcurl -O http://certificates.fritz.box/rootca_public.crtkubectl create secret generic awx-custom-certs --from-file=bundle-ca.crt=/root/rootca_public.crt- Write the following into
awx.yml
---
apiVersion: v1
kind: Secret
metadata:
name: awx-admin-password
namespace: default
stringData:
password: <password>
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
spec:
ingress_type: Ingress
hostname: awx.fritz.box
ingress_tls_secret: awx-ingress-tls
web_resource_requirements:
requests:
cpu: 400m
memory: 2Gi
limits:
cpu: 1000m
memory: 4Gi
task_resource_requirements:
requests:
cpu: 250m
memory: 1Gi
limits:
cpu: 500m
memory: 2Gi
bundle_cacert_secret: awx-custom-certs
kubectl apply -f awx.ymlkubectl logs -f deployments/awx-operator-controller-manager -c awx-managerwatch kubectl get ing,po,svc,pvc
Upgrade components
Ansible AWX
cd awx-operatorgit reset --hard develgit fetch --allgit checkout tags/0.14.0make deploykubectl logs -f deployments/awx-operator-controller-manager -c managerwatch kubectl get ing,po,svc,pvc
Antrea
Upgrade at max 4 minor versions
mv antrea.yml antrea.yml.1curl -LO https://github.com/vmware-tanzu/antrea/releases/download/v1.2.3/antrea.ymlkubectl apply -f antrea.ymlwatch kubectl get po -n kube-system
Contour
https://projectcontour.io/resources/upgrading/
mv contour.yaml contour.yaml.1curl -LO https://projectcontour.io/quickstart/contour.yamlkubectl delete namespace projectcontourkubectl apply -f contour.yamlwatch kubectl get po -n projectcontour