search

kurokobo / awx-on-k3s

An example implementation of AWX on single node K3s using AWX Operator, with easy-to-use simplified configuration with ownership of data and passwords.
MIT License
560 stars 158 forks source link

Trusting a Custom Certificate Authority (enable https) on running AWX instance currently without SSL support #284

Closed bskou57 closed 10 months ago

bskou57 commented 10 months ago

Environment

Use "kubectl options" for a list of global command-line options (applies to all commands). [IAAS - root@vmt86rhel937 awx-on-k3s]$ kubectl version WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.7+k3s2", GitCommit:"575bce7689f4be112bd0099362fb8d5f2e39398e", GitTreeState:"clean", BuildDate:"2023-11-08T02:32:49Z", GoVersion:"go1.20.10", Compiler:"gc", Platform:"linux/amd64"} Kustomize Version: v5.0.1 Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.7+k3s2", GitCommit:"575bce7689f4be112bd0099362fb8d5f2e39398e", GitTreeState:"clean", BuildDate:"2023-11-08T02:32:49Z", GoVersion:"go1.20.10", Compiler:"gc", Platform:"linux/amd64"} [IAAS - root@vmt86rhel937 awx-on-k3s]$

Description

I want to run AWX with SSL certificate on a running Single Node K3s currently running without SSL certificate

Step to Reproduce

Hi Kurukobo

First of all good job

No Stage I just want to know if current procedure is valid for a running AWX instance without https that we want to convert with ssl and certificate.

Thanks for oyur support

Logs

Files

kurokobo commented 10 months ago

Could you please clarify your requirements? My guide already provides steps to deploy AWX that is accessible over both HTTPS and HTTP. Also an additional guide to force users to use HTTPS is available.

bskou57 commented 10 months ago

Hello

I just want to enable https with custom CA on an existing running awx instance without reinstalling it

I need to follow more your additional guide for that (enabling HSTS) ?

Thaks for your support

kurokobo commented 10 months ago

I just want to enable https with custom CA

Do you mean you want to use your own certificate that issued by your custom CA instead of a self-signed certificate for HTTPS?

bskou57 commented 10 months ago

Exact

kurokobo commented 10 months ago

So simply replace base/tls.crt and base/tls.key with your custom cert/key, and run kubectl apply -k base again.

kurokobo commented 10 months ago

Proceed on https://forum.ansible.com/t/how-to-enable-https-443-on-awx-running-on-top-of-k8s/2272/4