adwerx / charts Goto Github PK
View Code? Open in Web Editor NEWhelm charts maintained by Adwerx Engineering
License: MIT License
helm charts maintained by Adwerx Engineering
License: MIT License
hey i think the ingress in this chart is broken:
all you have to do is make a copy of values.yaml and flip ingress enabled to true and you will get the following:
helm install awx adwerx/awx --values values.yaml
Error: template: awx/templates/ingress.yaml:34:15: executing "awx/templates/ingress.yaml" at <.host>: can't evaluate field host in type interface {}
works fine when ingress.enabled is set to false
On GKE version 1.22 and later, the extensions/v1beta1 API version is no longer supported, it requires a migration to the networking.k8s.io/v1beta1 API version: https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
Deploying faktory with any ingress resource fails with the error:
Error: UPGRADE FAILED: unable to recognize "": no matches for kind "Ingress" in version
"extensions/v1beta1"
This is the k8s version i'm running.
# kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:36:53Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.0", GitCommit:"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77", GitTreeState:"clean", BuildDate:"2019-09-18T14:27:17Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
Installing the chart throws this error
# helm install adwerx/awx --version 1.0.0 --generate-name
Error: apiVersion "apps/v1beta2" in awx/charts/rabbitmq/templates/statefulset.yaml is not available
Acording with the Docs. Stateful sets belong to apps/v1 version.
I fetched the chart dir and modified to apiVersion: apps:v1 but got this error
# helm install ./awx --generate-name
Error: StatefulSet.apps "awx-1569891478-memcached" is invalid: [spec.selector: Required value, spec.template.metadata.labels: Invalid value: map[string]string{"app":"awx-1569891478-memcached", "chart":"memcached-2.9.0", "heritage":"Helm", "release":" awx-1569891478"}: `selector` does not match template `labels`]
Any ideas how to fix this?
Thanks
I am new to K8s env but i manage to install awx via helm3 on 3 node K8s cluster (installed via kubeadm)
bleow are my pods/deployment.
[root@k8smaster1 pgsql]# kubectl get all -A
NAMESPACE NAME READY STATUS RESTARTS AGE
awx pod/awx-demo-64788d7b46-857n9 2/3 Running 0 9m23s
awx pod/awx-demo-postgresql-0 1/1 Running 0 5m15s
kube-system pod/coredns-64897985d-5th6r 1/1 Running 0 31m
kube-system pod/coredns-64897985d-8pjn7 1/1 Running 0 31m
kube-system pod/etcd-k8smaster 1/1 Running 6 32m
kube-system pod/kube-apiserver-k8smaster 1/1 Running 6 32m
kube-system pod/kube-controller-manager-k8smaster 1/1 Running 1 32m
kube-system pod/kube-flannel-ds-9m76k 1/1 Running 0 30m
kube-system pod/kube-flannel-ds-k4r7n 1/1 Running 0 30m
kube-system pod/kube-flannel-ds-rbbq2 1/1 Running 0 30m
kube-system pod/kube-proxy-6svdn 1/1 Running 0 30m
kube-system pod/kube-proxy-bp2sk 1/1 Running 0 31m
kube-system pod/kube-proxy-nrnv5 1/1 Running 0 30m
kube-system pod/kube-scheduler-k8smaster 1/1 Running 6 32m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx service/awx-demo ClusterIP 10.102.233.80 <none> 8090/TCP 9m23s
awx service/awx-demo-postgresql ClusterIP 10.104.122.197 <none> 5432/TCP 9m23s
awx service/awx-demo-postgresql-headless ClusterIP None <none> 5432/TCP 9m23s
default service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 32m
kube-system service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 32m
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/kube-flannel-ds 3 3 3 3 3 <none> 30m
kube-system daemonset.apps/kube-proxy 3 3 3 3 3 kubernetes.io/os=linux 32m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
awx deployment.apps/awx-demo 0/1 1 0 9m23s
kube-system deployment.apps/coredns 2/2 2 2 32m
NAMESPACE NAME DESIRED CURRENT READY AGE
awx replicaset.apps/awx-demo-64788d7b46 1 1 0 9m23s
kube-system replicaset.apps/coredns-64897985d 2 2 2 31m
NAMESPACE NAME READY AGE
awx statefulset.apps/awx-demo-postgresql 1/1 9m23s
Not what next? how i can access AWX-GUI on cluaster nodes/remote ? Assist with steps, please.
hi,
started to use your chart some week ago, anf I just comme to an issue, i'm configuring a SSO to athenticate to awx, and to achieve it I must edit the settings.py set by your config map, I have used the values varailble to do it (.Values.extraConfiguration)
as it' only a 2 indent instead of 4 indent, the template for the config map is not good.
with value:
extraConfiguration: |-
SOCIAL_AUTH_SAML_SP_ENTITY_ID = 'https://awx-pprod.dns.ext'
it generate it:
# Source: helm-awx/charts/awx/templates/settings-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: awx-pprod-settings
labels:
app.kubernetes.io/name: awx
helm.sh/chart: awx-3.4.2
app.kubernetes.io/instance: awx-pprod
app.kubernetes.io/managed-by: Helm
data:
redis.conf: |
bind 127.0.0.1
port 0
unixsocket /var/run/redis/redis.sock
unixsocketperm 777
nginx.conf: |
worker_processes 1;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
sendfile on;
upstream uwsgi {
server 127.0.0.1:8050;
}
upstream daphne {
server 127.0.0.1:8051;
}
server {
listen 8052 default_server;
server_name _;
keepalive_timeout 65;
add_header Strict-Transport-Security max-age=15768000;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
add_header X-Frame-Options "DENY";
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location /static/ {
alias /var/lib/awx/public/static/;
}
location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
location /websocket {
proxy_pass http://daphne;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location / {
rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
uwsgi_read_timeout 120s;
uwsgi_pass uwsgi;
include /etc/nginx/uwsgi_params;
proxy_set_header X-Forwarded-Port 443;
uwsgi_param HTTP_X_FORWARDED_PORT 443;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Expires "0";
add_header Pragma "no-cache";
}
}
}
settings.py: |
import os
import socket
ADMINS = ()
AWX_PROOT_ENABLED = False
IS_K8S = True
# Automatically deprovision pods that go offline
AWX_AUTO_DEPROVISION_INSTANCES = True
# SYSTEM_TASK_ABS_CPU =
# SYSTEM_TASK_ABS_MEM =
# Autoprovisioning should replace this
CLUSTER_HOST_ID = socket.gethostname()
SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
def get_secret():
if os.environ.get('SECRET_KEY'):
return os.environ['SECRET_KEY']
else:
return open('/etc/tower/SECRET_KEY', 'rb').read().strip()
STATIC_ROOT = '/var/lib/awx/public/static'
PROJECTS_ROOT = '/var/lib/awx/projects'
JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
SECRET_KEY = get_secret()
ALLOWED_HOSTS = ['*']
INTERNAL_API_URL = 'http://127.0.0.1:8052'
SERVER_EMAIL = 'root@localhost'
DEFAULT_FROM_EMAIL = 'webmaster@localhost'
EMAIL_SUBJECT_PREFIX = '[AWX] '
EMAIL_HOST = 'localhost'
EMAIL_PORT = 25
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_USE_TLS = False
LOGGING['handlers']['console'] = {
'()': 'logging.StreamHandler',
'level': 'DEBUG',
'formatter': 'simple'
}
LOGGING['loggers']['django.request']['handlers'] = ['console']
LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
LOGGING['loggers']['awx']['handlers'] = ['console', 'external_logger']
LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console', 'external_logger']
LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console', 'external_logger']
LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
LOGGING['loggers']['social']['handlers'] = ['console']
LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
DJANGO_REDIS_IGNORE_EXCEPTIONS = True
USE_X_FORWARDED_PORT = True
BROADCAST_WEBSOCKET_PORT = 8052
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
SOCIAL_AUTH_SAML_SP_ENTITY_ID = 'https://awx-pprod.dns.ext'
may be i'm wrong with the use of this Value variable.
Hi,
Do you know if it's been tested with v19 of AWX and also using the repo located here?
https://quay.io/repository/ansible/awx?tab=tags
It appears that this repo is the recommended one now by the AWX project.
Just wanted to check to see if there was anybody that had tried it and the outcome ?
Thanks.
The secrets xxxx-secret-key
are requiring a secret_key
in the value.yaml.
We'd like to handle the creation of those secrets using a SealedSecret template like that in our umbrella chart:
{{- range $key := index .Values "sealed-secrets" }}
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: {{ .name }}
spec:
encryptedData:
{{- .data | toYaml | nindent 4 }}
template:
metadata:
labels:
{{- if .labels }}
{{- .labels | toYaml | nindent 8 }}
{{- end}}
name: {{ .name }}
type: {{ .type | default "Opaque" | quote }}
{{- end }}
This way, we'll be able to avoid to push clear password values in our gitops repositories. So in order to achieve that, we'll need to make the secret_key
attribute as optional. If it's not defined, this template will not create a secret: https://github.com/AdWerx/charts/blob/master/awx/templates/secret-key-secret.yaml
Basically we just have to add a if
in this template.
Thanks in advance.
Hello!
I am trying out for GitHub-actions-runner Helm chart and I need to customise the image to install the unzip utility.
I have followed the links included in the docs but the Dockerfile seems to be gone.
Would it be possible to have a copy of it?
Thank you!
Hello!!
My postgesSQL is external.
I create a secret with version 3.2.0 of chart. And the pod web not started because it is error return :
If the variable progresql host is not added, it's {{ printf "%s-postgresql" .Release.Name | b64enc | quote }}
used but not DATABASE_HOST
of my secret.
My secret is generate with sealed-secret for bitnami :
sealed-secrets:
- name: awx-secret
data:
AWX_ADMIN_PASSWORD:
AWX_ADMIN_USER:
DATABASE_ADMIN_PASSWORD:
DATABASE_HOST:
DATABASE_NAME:
DATABASE_PASSWORD:
DATABASE_PORT:
DATABASE_USER:
SECRET_KEY:
On this line of credentials.py
the host of the PostgreSQL database is forced to be a service inside Kubernetes.
This is a problem if you are trying to use and external managed PostgreSQL instance, for example, one managed by a cloud provider.
Hi,
v3.4.3 installed on kubernetes cluster,
I use a shell script with various "awx-cli" requests (create/list).
This shell script creates:
This shell script is working fine on old version v2.3.1 over kubernetes cluster v1.15.3, but we're checking this last version on a new kubernetes cluster v1.23.14 to move then our AWX application.
The script is running fine until a "random" period where I receive a lot of error "The Tower server sent back a server error" and of course the script becomes failed due to incomplete data.
Of course, checking this type of error indicates issue at nginx side (ingress-controller) but ...
I currently update the shell script to add some retry mechanism in case of "create" error response, but I still have such error I think during also "list" request ...
The single question is to know if there's a "queue/buffer" at AWX side that may full and no more able to manage new requests, and if right, if we can tune it to increase its size (if possible).
If not, I will continue to investigate my issue (setting retry mechanism at "list" request, or looking at potential setting of nginx for visible parameters).
Thx
I am trying to deploy this chart with using an existing secret for the DB connection info. However, the pod(s) will not start because of failing to connect for the 'postgres' user. When I look in the DB pod, I see a value written to the environment variables for a password for the DB user 'postgres' however it is not the password that is in my sealed secret. I have even attempted to override it using values from the bitnami/chart/values.yaml to know success. It seems the secret that keeps getting deployed to my namespace is the one created by the chart and does not contain the keys and values from my existing secret.
Attempt to install latest tagged version
> helm install -f values.yaml awx adwerx/awx --version 3.2.1
Error: values don't meet the specifications of the schema(s) in the following chart(s):
postgresql:
- postgresqlPassword: Invalid type. Expected: string, given: null
Below is my values.yaml
USER-SUPPLIED VALUES:
defaultAdminExistingSecret: awx-admin-creds
secretKeyExistingSecret: awx-secret-key
postgresqlExistingSecret: awx-pgsql-creds
Thanks for maintaining this helm chart. Would it be possible to get a production/staging setting in the values.yaml to control the -e flag passed to the faktory server? This will allow the use of enterprise features in a production-llke test environment. https://github.com/contribsys/faktory/wiki/Administration#in-staginghttps://github.com/contribsys/faktory/wiki/Administration#in-staging
charts/faktory/templates/statefulset.yaml
Lines 66 to 67 in b07443d
I can attempt a PR if you're interested.
I wanted to try some older versions of AWX to match my client's tower version (not entirely sure what AWX == to Tower 3.7.5)
I added
image:
tag: "16.0.0"
To my values.yml but it was overridden and I got 17.0.1 (not the default 17.1.0).
There any way to use different awx tags?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.