Install Ansible AWX on Kubernetes
-
Gineesh Madapparambath
- Ansible, Automation, Dev ops
- August 30, 2024
Ansible AWX is the upstream project for the Ansible automation controller (Part of Red Hat Ansible Automation Platform). It offers a web-based user interface, REST API, and a task engine built on top of Ansible. AWX is designed to be a frequently released, fast-moving project where all new development occurs.
Installing Ansible AWX is straightforward with the latest versions. However, if you are attempting to install a version earlier than 18, you will need to follow the Docker-based installation method. For newer versions, Ansible AWX is installed using the AWX Operator on top of a Kubernetes or OpenShift cluster.
Important Note:
Warning/Disclaimer: Ansible AWX is a community-supported project and does not carry the same level of support or long-term stability as Red Hat Ansible Automation Platform.
Comparison with Automation Controller:
Ansible Automation Platform, which includes the Automation Controller (formerly Ansible Tower), is produced by selecting certain releases of AWX, hardening them for long-term support, and making them available to customers as a hosted service. The Automation Platform is fully supported by Red Hat, providing enterprise-grade support and stability. This model of development is tested and trusted by Red Hat, following a similar approach as seen with Fedora and Red Hat Enterprise Linux®. For a detailed comparison, you can refer to the official comparison here .
Setup a Kubernetes Cluster
You can use any existing or new cluster or even spin up a minikube cluster on your laptop/workstation for testing purposes.
Please note down the memory and CPU requirements as Ansible AWX pods need some minimum resources to run.
$ minikube start \
--driver=kvm2 \
--nodes 1 \
--cni calico \
--cpus=4 \
--memory=8g \
--kubernetes-version=v1.31.0 \
--container-runtime=containerd \
--addons=ingress
Enable Addons as needed
# Check addons
$ minikube addons list
$ minikube addons enable metrics-server
$ minikube dashboard
Deploy AWX Operator
Access your cluster and deploy Ansible AWX operator; replace TAG with the version from Release Page
$ git clone [email protected]:ansible/awx-operator.git
$ cd awx-operator
# Find available tags/versions
$ git tag
# Switch to the required version tag
$ git checkout tags/2.19.1
Now, deploy the Ansible AWX Operator
$ make deploy
namespace/awx created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com unchanged
customresourcedefinition.apiextensions.k8s.io/awxmeshingresses.awx.ansible.com unchanged
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com unchanged
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com unchanged
serviceaccount/awx-operator-controller-manager created
role.rbac.authorization.k8s.io/awx-operator-awx-manager-role created
role.rbac.authorization.k8s.io/awx-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader unchanged
clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role unchanged
rolebinding.rbac.authorization.k8s.io/awx-operator-awx-manager-rolebinding created
rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding unchanged
configmap/awx-operator-awx-manager-config created
service/awx-operator-controller-manager-metrics-service created
deployment.apps/awx-operator-controller-manager created
After a few seconds, you will see the Ansible AWX pod is up and running.
$ kubectl get pod -n awx
NAME READY STATUS RESTARTS AGE
awx-operator-controller-manager-687b856498-mt67z 2/2 Running 0 45s
Create AWX Deployment
Now, we can create an instance for Ansible AWX; create a file awx-demo.yaml with the below content. (You can customize it with Ingress service or other details as needed)
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-demo
spec:
service_type: nodeport
If the service_type is not specified, the ClusterIP service will be used for your AWX Tower service.
Now create the resource.
$ kubectl apply -f awx-demo.yml
awx.awx.ansible.com/awx-demo created
Refer to the Ansible AWX Operator documentation for advanced installation options.
Get the Admin Password for Ansible AWX
By default, the admin user is admin and the password is available in the <resourcename>-admin-password secret. You can also create your custom secret for the Admin password and use it for the Ansible AWX deployment.
$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode
lxQ8uWlE9Wevkgmy5Kx2AqFdY80v34gx
Also, read How to Change Admin Password in Ansible Automation Platform on Kubernetes or OpenShift .
Get the Path to Access Ansible AWX
You will find the NodePort IP address for service awx-demo-service as follows.
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx-demo-postgres-15 ClusterIP None <none> 5432/TCP 42m
awx-demo-service NodePort 10.104.141.148 <none> 80:30363/TCP 42m
awx-operator-controller-manager-metrics-service ClusterIP 10.96.254.191 <none> 8443/TCP 45m
Accessing Ansible AWX WEBUI – minikube and Nodeport
If you are using a minikube cluster, you can get the node IP and port as follows.
$ minikube service awx-demo-service --url -n awx
http://192.168.39.163:30363
Now you can access the Ansible AWX WEBUI at http://192.168.39.163:30363 .
Enter the username admin and the retrieved password and Log In.
Accessing Ansible AWX WEBUI – kubectl port-forward
If you are using a standard Kubernetes cluster (not minikube), then you can use port-forward for temporary access as follows.
$ kubectl port-forward service/awx-demo-service 7080:80
Forwarding from 127.0.0.1:7080 -> 8052
Forwarding from [::1]:7080 -> 8052
Now you can access Ansible AWX WEBUI at localhost:7080 .
Accessing Ansible AWX WEBUI – Ingress
If you have installed an Ingress Controller in your Kubernetes cluster, you can also use this method. (eg: minikube addons enable metrics-server ).
Prepare the Ingress resource YAML.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: awx-ingress
namespace: awx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
-
path: /awx
pathType: Prefix
backend:
service:
name: awx-demo-service
port:
number: 80
Create the Ingress resource as follows.
$ kubectl apply -f awx-ingress.yaml
ingress.networking.k8s.io/awx-ingress created
We will not be using any custom service here but the default Ingress controller service in the minikube cluster.
$ minikube service list -n ingress-nginx
|---------------|------------------------------------|--------------|-----------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|---------------|------------------------------------|--------------|-----------------------------|
|
ingress-nginx | ingress-nginx-controller | http/80 | http://192.168.39.163:3193
1 |
| | | https/443 | http://192.168.39.163:32337 |
| ingress-nginx | ingress-nginx-controller-admission | No node port | |
|---------------|------------------------------------|--------------|-----------------------------|
Now, you can access the Ansible AWX WEBUI at http://192.168.39.163:31931/awx .
Access Ansible AWX on a remote Minikube or Kubernetes Cluster
If your Kubernetes/minikube Cluster is on a remote machine/VM (eg: Cloud Instance with Public IP) then you can access it using the above method (if NodePort is the same as remote IP) or you can use LoadBalancer methods.
In our case, we have deployed this in a Google Cloud instance without GUI and we need to enable port-forwarding as below.
$ kubectl port-forward service/awx-demo-service 7080:80
So the Ansible AWX service is available at minikube VM localhost:7080 now, but we dont have GUI there to access !!
So, we do a port-forwarding from our laptop/workstation via SSH Tunnel.
# On your Workstation/Laptop
# eg: ssh -L LOCAL_PORT:localhost:REMOTE_PORT User@REMOTE_IP
$ ssh -L 7080:localhost:7080 [email protected]
Now, open a browser on your laptop/workstation and goto localhost:7080 ; that’s it.
Enjoy Ansible AWX running on top of Kubernetes or minikube .
