Ansible管理平臺AWX的部署 https://www.sujx.net/2023/09/17/Kubernetes-K3s/index.html
（含 docker.io品嚣，gcr.io，registry.k8s.io mirror 配置）

一钧大、K3S 環(huán)境

mirror 加速配置

cat > /etc/rancher/k3s/registries.yaml <<EOF
mirrors:
  docker.io:
    endpoint:
      - "https://registry.cn-hangzhou.aliyuncs.com/"
  quay.io:
    endpoint:
      - "https://quay.tencentcloudcr.com/"
  registry.k8s.io:
    endpoint:
      - "https://registry.aliyuncs.com/v2/google_containers"
  gcr.io:
    endpoint:
      - "https://gcr.m.daocloud.io/"
  k8s.gcr.io:
    endpoint:
      - "https://registry.aliyuncs.com/google_containers"
  ghcr.io:
    endpoint:
      - "https://ghcr.m.daocloud.io/"
EOF

二、源碼準(zhǔn)備

[root@VM-201-12-centos ~]# git clone https://github.com/ansible/awx-operator.git
[root@VM-201-12-centos ~]# cd awx-operator/
[root@VM-201-12-centos awx-operator]# git branch
* devel
[root@VM-201-12-centos awx-operator]# git checkout tags/2.12.2
Note: switching to 'tags/2.12.2'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at 630a5ee Fix bug where uppercase Route fails (#1731)

[root@VM-201-12-centos awx-operator]# git branch
* (HEAD detached at 2.12.2)
  devel

可以使用 git tag 查看所有 tag 信息

三啊央、部署 awx-operator

[root@VM-201-12-centos awx-operator]# make deploy
namespace/awx created
customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxmeshingresses.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
serviceaccount/awx-operator-controller-manager created
role.rbac.authorization.k8s.io/awx-operator-awx-manager-role created
role.rbac.authorization.k8s.io/awx-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/awx-operator-awx-manager-rolebinding created
rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created
configmap/awx-operator-awx-manager-config created
service/awx-operator-controller-manager-metrics-service created
deployment.apps/awx-operator-controller-manager created

[root@VM-201-12-centos awx-operator]# kubectl get pods --namespace awx
NAME                                               READY   STATUS    RESTARTS   AGE
awx-operator-controller-manager-589cdd869b-k57p4   2/2     Running   0          139m

[root@VM-201-12-centos awx-operator]# kubectl config set-context --current --namespace=awx
Context "default" modified.

[root@VM-201-12-centos awx-operator]# kubectl get pods
NAME                                               READY   STATUS    RESTARTS   AGE
awx-operator-controller-manager-589cdd869b-k57p4   2/2     Running   0          140m

四涨醋、默認(rèn)部署 （awx-demo）

在同目錄創(chuàng)建文件 awx-demo.yml（默認(rèn)有的），如下：

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx-demo
spec:
  service_type: nodeport

自定義需要添加到文件 kustomization.yaml浴骂，如下

...
resources:
  - github.com/ansible/awx-operator/config/default?ref=<tag>
  # Add this extra line:
  - awx-demo.yml
...

部署

[root@VM-201-12-centos awx-operator]# kubectl apply -k .
error: unable to find one of 'kustomization.yaml', 'kustomization.yml' or 'Kustomization' in directory '/root/awx-operator'

創(chuàng)建 kustomization.yaml 如下

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
  - github.com/ansible/awx-operator/config/default?ref=2.12.2
  # Add this extra line:
  - awx-demo.yml

# Set the image tags to match the git version from above
images:
  - name: quay.io/ansible/awx-operator
    newTag: 2.12.2

# Specify a custom namespace in which to install AWX
namespace: awx

[root@VM-201-12-centos awx-operator]# kubectl apply -k .
...
awx.awx.ansible.com/awx-demo created

慢慢等

[root@VM-201-12-centos ~]# kubectl get pods
NAME                                               READY   STATUS    RESTARTS        AGE
awx-demo-postgres-13-0                             1/1     Running   0               4h48m
awx-demo-task-6bd48c549d-rcdbm                     4/4     Running   0               4h47m
awx-demo-web-869bf8d66d-swc82                      3/3     Running   0               4h45m
awx-operator-controller-manager-589cdd869b-k57p4   2/2     Running   1 (4h38m ago)   7h15m

[root@VM-201-12-centos ~]# kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
NAME                             READY   STATUS    RESTARTS   AGE
awx-demo-postgres-13-0           1/1     Running   0          4h50m
awx-demo-task-6bd48c549d-rcdbm   4/4     Running   0          4h49m
awx-demo-web-869bf8d66d-swc82    3/3     Running   0          4h46m

[root@VM-201-12-centos ~]# kubectl get svc -l "app.kubernetes.io/managed-by=awx-operator"
NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
awx-demo-postgres-13   ClusterIP   None           <none>        5432/TCP       4h50m
awx-demo-service       NodePort    10.43.125.17   <none>        80:31664/TCP   4h49m

五、自定義部署 （外聯(lián)pgsql）

1. 創(chuàng)建 pgsql

CREATE USER awx WITH PASSWORD 'awx';
CREATE DATABASE awx OWNER awx;

2. 創(chuàng)建 pgsql 的 secret

pg-secret.yaml 如下

---
apiVersion: v1
kind: Secret
metadata:
  name: sitawx-postgres-configuration
  namespace: awx
stringData:
  host: "10.41.98.124"
  port: "5432"
  database: awx
  username: awx
  password: awx
  sslmode: prefer
  type: unmanaged
type: Opaque

[root@VM-201-31-centos awx-operator]# kubectl apply -f pg-secret.yaml 
secret/sitawx-postgres-configuration created
[root@VM-201-31-centos awx-operator]# 
[root@VM-201-31-centos awx-operator]# kubectl get secrets
NAME                            TYPE     DATA   AGE
sitawx-postgres-configuration   Opaque   7      10s

3. 創(chuàng)建 aws-sit.yaml

---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
  name: awx-sit
spec:
  service_type: nodeport
  postgres_configuration_secret: sitawx-postgres-configuration

4. 修改 kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
  #- github.com/ansible/awx-operator/config/default?ref=2.15.0
  - ./config/default
  # Add this extra line:
  - awx-sit.yml

# Set the image tags to match the git version from above
images:
  - name: quay.io/ansible/awx-operator
    newTag: 2.15.0

# Specify a custom namespace in which to install AWX
namespace: awx

5. 部署 awx

[root@VM-201-31-centos awx-operator]# kubectl apply -k .
namespace/awx unchanged
...
awx.awx.ansible.com/awx-sit created

[root@VM-201-31-centos awx-operator]# kubectl get pods
NAME                                              READY   STATUS      RESTARTS   AGE
awx-operator-controller-manager-9874d5cfc-hhqql   2/2     Running     0          26m
awx-sit-web-869b5fcbb8-96ts9                      3/3     Running     0          16m
awx-sit-migration-24.2.0-hjt6h                    0/1     Completed   0          16m
awx-sit-task-dd9dcb5fc-d6kwb                      4/4     Running     0          16m

六溯警、卸載

[root@VM-201-31-centos awx-operator]# kubectl delete awx awx-sit
awx.awx.ansible.com "awx-sit" deleted

[root@VM-201-31-centos awx-operator]# kubectl get pods
NAME                                              READY   STATUS        RESTARTS   AGE
awx-operator-controller-manager-9874d5cfc-7kj5s   2/2     Running       0          89m
awx-sit-web-75895b8f88-84cd4                      3/3     Terminating   0          58m
...
[root@VM-201-31-centos awx-operator]# kubectl get pods
NAME                                              READY   STATUS    RESTARTS   AGE
awx-operator-controller-manager-9874d5cfc-7kj5s   2/2     Running   0          90m

[root@VM-201-31-centos awx-operator]# kubectl get deployments
NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
awx-operator-controller-manager   1/1     1            1           90m

七坎炼、訪問

獲取密碼

[root@VM-201-12-centos ~]# kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo
Z4SEZLrZnDqjsHpWJqfNQYF7b6llT1Tp

[root@VM-201-31-centos awx-operator]# kubectl get service
NAME                                              TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
awx-operator-controller-manager-metrics-service   ClusterIP   10.43.73.225   <none>        8443/TCP       36m
awx-sit-service                                   NodePort    10.43.7.169    <none>        80:30791/TCP   26m

URL
http://k3s_worknode_ip:port

k3s_worknode_ip 為 POD 所在 node ip
port 通過 kubectl get service 查找愧膀，如上為 30791