Hi Jeff! Thank you for your reply. Sorry for late reply I was out on a work trip.
I was able to follow the steps you suggested. by adding the following to my awx config.
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-mgmt
spec:
secret_key_secret: awx-mgmt-secret-key
extra_settings:
- setting: USE_X_FORWARDED_HOST
value: "True"
---
apiVersion: v1
kind: Secret
metadata:
name: awx-mgmt-secret-key
namespace: awx
stringData:
secret_key:
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: ca
namespace: awx
spec:
securityPolicy:
name: internal-networks
---
apiVersion: v1
kind: Service
metadata:
annotations:
beta.cloud.google.com/backend-config: '{"ports": {"80":"ca"}}'
name: awx-mgmt-manual-service
namespace: awx
labels:
app: awx-mgmt
spec:
ports:
- port: 80
name: http
targetPort: 8052
protocol: TCP
selector:
app.kubernetes.io/component: awx
app.kubernetes.io/managed-by: awx-operator
app.kubernetes.io/name: awx-mgmt-web
type: NodePort
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: awx-mgmt-manual-ingress
namespace: awx
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
kubernetes.io/ingress.allow-http: "true"
spec:
tls:
- hosts:
- awx-mgmt.com
secretName: awx-mgmt-tls
rules:
- host: awx-mgmt.prd.it.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: awx-mgmt-manual-service
port:
name: http
here is settings.py file
bash-5.1$ tail -n 10 /etc/tower/settings.py
USE_X_FORWARDED_PORT = True
BROADCAST_WEBSOCKET_PORT = 8052
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
RECEPTOR_LOG_LEVEL = 'info'
USE_X_FORWARDED_HOST = True
Regarding the missing field I removed them for security but I will paste below what I have now with some dummy data.
{
"okta": {
"attr_user_permanent_id": "name_id",
"attr_first_name": "User.FirstName",
"attr_last_name": "User.LastName",
"attr_username": "User.email",
"attr_email": "User.email",
"entity_id": "http://www.okta.com/<ID>",
"url": "https://okta.com/app/<NAME>/<ID>/sso/saml",
"x509cert": "<CERT FROM OKTA>"
}
}
I also went ahead and restarted my node and it was to the same results as before relay error.
I tried upgrading our dev to current latest version and I also seem to be getting an error there but that one seems a bit different
That error takes me to the following page instead.
I am starting to think this is perhaps an issue on how I set my ingress/service. I will keep playing around with it. If I find something Ill post here.
Dev I setup a bit different using AWX operator to set up ingress see below.
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-poc
spec:
no_log: false
csrf_cookie_secure: 'False'
session_cookie_secure: 'False'
secret_key_secret: awx-poc-secret-key
service_type: NodePort
service_annotations: |
environment: sandbox
beta.cloud.google.com/backend-config: '{"ports": {"80":"ca"}}'
ingress_type: ingress
ingress_hosts:
- hostname: awx-poc.com
tls_secret: sample-tls-secret
ingress_annotations: |
environment: sandbox
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
kubernetes.io/ingress.allow-http: "true"
extra_settings:
- setting: USE_X_FORWARDED_HOST
value: "True"
- setting: LOG_AGGREGATOR_LEVEL
value: "'DEBUG'"
# error with debug level
extra_volumes: |
- name: awx-web-debug
emptyDir: {}
web_extra_volume_mounts: |
- name: awx-web-debug
mountPath: "/var/log/tower"
---
apiVersion: v1
kind: Secret
metadata:
name: awx-poc-secret-key
namespace: awx-poc
stringData:
secret_key: key
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: ca
namespace: awx-poc
spec:
securityPolicy:
name: internal-networks
Thank you,
jdp1