search

ansible-community / awx-operator-helm

Helm chart for the AWX operator.
https://ansible-community.github.io/awx-operator-helm/
GNU General Public License v3.0
25 stars 7 forks source link

TLS CA certificate cannot be added as AWX.bundle_cacert_secret #18

Open gehoernchen opened 1 month ago

gehoernchen commented 1 month ago

Hello,

I am using the Helm chart to deploy an instance of AWX. I am trying to get my company's TLS certificate into the pods, because we utilize company proxies that have their own TLS certificates.

My values.yaml:

AWX:
  enabled: true
  name: awx
  spec:
    admin_user: admin
    bundle_cacert_secret: awx-custom-certs 
    secret_key_secret: awx-secret-key
    no_log: false

  # configurations for external postgres instance
  postgres:
    enabled: false
    host: Unset
    port: 5678
    dbName: Unset
    username: admin
    # for secret management, pass in the password independently of this file
    # at the command line, use --set AWX.postgres.password
    password: Unset
    sslmode: prefer
    type: unmanaged

customSecrets:
  enabled: true
  old_postgres_configuration_secret:
    old_postgres_configuration_secret: awx-old-postgres-configuration
    enabled: true
    secretName: awx-old-postgres-configuration

The secret in question:

$ kubectl describe secret awx-custom-certs

Name:         awx-custom-certs
Namespace:    awx
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: awx-operator
              meta.helm.sh/release-namespace: awx

Type:  Opaque

Data
====
bundle-ca.crt:  4744 bytes

What I expect: The secret is to be mounted inside the pods and trusted.

What is happening: The secret is not mounted into the pods. Via the web UI, I am getting Unable to get local issuer certificate.

Using customSecrets.bundleCacert, I was able to get it into the container:

customSecrets:
  enabled: true
  old_postgres_configuration_secret:
    old_postgres_configuration_secret: awx-old-postgres-configuration
    enabled: true
    secretName: awx-old-postgres-configuration
  bundleCacert:
    enabled: true
    crt: |
      <certcontents>
miles-w-3 commented 1 month ago

this ticket does not relate to the functionality of the chart itself, which just packages and installs the operator. I recommend you ask at https://github.com/ansible/awx-operator

I stand corrected, a lot has been added since I last looked at the chart. This still may be an issue with the operator itself, if you're specifying a field within the AWX CR spec and it's not having the desired effect