AWX Kubernetes deploy without service creation

Is it possible to deploy awx-operator without the service being created?
I see in the documentation ‘service_type’ can be ClusterIP, LoadBalancer or NodePort.
Network and tls configuration
Would there be an option like ‘None’ similar to the ingress_type?

The reason: I would like to add my own custom service for the AWX web pods. This works currently additional to the auto-created service.

Hi, currently there is no such option to deploy AWX without services.
What is the reason that default service can not satisfy your requirements?

I want to set up a K8s cluster in Azure with an Application Gateway.

The setup I have in mind concentrates in pure K8s in a locked down VNET. The exposing of services/IPs and TLS is handled by the Azure Load Balancer.

With a custom service and NodePort, I can define ExternalIPs and add every node in the cluster. Then add the External IPs of the nodes to the Azure Load Balancer.
So the pods are reachable via the same service running on each node through the LB.

Q: I guess the AWX service would use the IP of the node it is running on and the ExternalIPs do not need to be defined?

This is all theory for now and only tested in my Dev environment, correct me if I am wrong.

p.s. I have a few other apps running without service and add a custom service, so to keep it consistent.

This is more of a platform architecture problem than it is an AWX problem.

AWX isn’t necessarily going to exist on every node of your k8s cluster, and it doesn’t really know or control how your k8s cluster is going to route ingress traffic. Your k8s cluster will have an ingress controller of some sort, and the service_type and ingress_type you specify in AWX is going to piggy back on whatever you have (if it’s available) in your k8s cluster.

In my environment, for .e.g, AWX is deployed on OCP (OpenShift) 4.12 on vcenter. It uses service_type: ClusterIP and ingress_type: Route (Route is unique to OCP). Then there’s nginx/haproxy/f5 loadbalancers between me and the OCP cluster, and a wildcard DNS record for the OCP cluster. The way it’s all set up allows me to create any service I want on OCP and securely connect to over https without ever having to modify any other networking-related service.

I can’t tell you exactly what to do in Azure, but I would suspect that you will want to create a “custom service” that allows you to securely connect to any k8s service in your cluster that you create there. Then you can deploy AWX, Galaxy, EDA, or w/e else to your cluster without also having to fiddle too much with Azure. Whether or not this means you would need a loadbalancer between your k8s cluster and the gateway, I’m not actually sure; I just know how my predecessors configured our environment and that it works really well.

2 Likes

Hmm, correct me if my understanding of your requirements is incorrect, just by deploying standard Service resource with type: LoadBalancer, it will be exposed by Azure Load Balancer. Also you can specify external IP for ALB by service.beta.kubernetes.io/azure-load-balancer-ipv4 or service.beta.kubernetes.io/azure-load-balancer-ipv6.

We can add any annotations for Service can be added by service_annotations by AWX Operator. So I think you can satisfy your requirements with standard Service created by Operator, insread of custom one. Doesn’t this help you?

https://ansible.readthedocs.io/projects/awx-operator/en/latest/user-guide/network-and-tls-configuration.html

2 Likes

Thank you, I set up Azure AKS two years ago with AWX and it runs well.

This time it is at a smaller scale running on three VMs, so I can set up three master nodes also running pods.

My original question is already answered, there is no option to disable the AWX autogenerated service.

I will probably use the existing service as NodePort, I tested it and it works just as well.