Firewall rules for awx

Hi everyone,

I am setting up Awx controller and execution nodes in client restricted environment.

We are confused with what url’s need to be whitelisted and what will be the ports need to be opened on controller and direction(ingress/egress).
What could be the destination url/port/ip?
Also, between controller and executor which port needs to be opened?

Currently,
We have whitelisted quay.io on port 80 to pull image from registry.
Between controller and executor port 27199-ingress.

Please help if anyone aware of this or if you did anything similar to this.

Thank you.

hey @sar for quay, you will want 443 and 80.

For awx controller, egress to execution node is on 27199.

for execution node, ingress from k8s worker node that hosts the controller task pod.

but these configuration are highly specific to your own networking environment