Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS CA certificate cannot be added as AWX.bundle_cacert_secret #18

Open
gehoernchen opened this issue Sep 12, 2024 · 1 comment
Open

TLS CA certificate cannot be added as AWX.bundle_cacert_secret #18

gehoernchen opened this issue Sep 12, 2024 · 1 comment

Comments

@gehoernchen
Copy link

gehoernchen commented Sep 12, 2024
edited
Loading

Hello,

I am using the Helm chart to deploy an instance of AWX. I am trying to get my company's TLS certificate into the pods, because we utilize company proxies that have their own TLS certificates.

My values.yaml:

AWX:
  enabled: true
  name: awx
  spec:
    admin_user: admin
    bundle_cacert_secret: awx-custom-certs 
    secret_key_secret: awx-secret-key
    no_log: false

  # configurations for external postgres instance
  postgres:
    enabled: false
    host: Unset
    port: 5678
    dbName: Unset
    username: admin
    # for secret management, pass in the password independently of this file
    # at the command line, use --set AWX.postgres.password
    password: Unset
    sslmode: prefer
    type: unmanaged

customSecrets:
  enabled: true
  old_postgres_configuration_secret:
    old_postgres_configuration_secret: awx-old-postgres-configuration
    enabled: true
    secretName: awx-old-postgres-configuration

The secret in question:

$ kubectl describe secret awx-custom-certs

Name:         awx-custom-certs
Namespace:    awx
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: awx-operator
              meta.helm.sh/release-namespace: awx

Type:  Opaque

Data
====
bundle-ca.crt:  4744 bytes

What I expect: The secret is to be mounted inside the pods and trusted.

What is happening: The secret is not mounted into the pods. Via the web UI, I am getting Unable to get local issuer certificate.

Using customSecrets.bundleCacert, I was able to get it into the container:

customSecrets:
  enabled: true
  old_postgres_configuration_secret:
    old_postgres_configuration_secret: awx-old-postgres-configuration
    enabled: true
    secretName: awx-old-postgres-configuration
  bundleCacert:
    enabled: true
    crt: |
      <certcontents>
@miles-w-3
Copy link
Collaborator

miles-w-3 commented Sep 19, 2024
edited
Loading

this ticket does not relate to the functionality of the chart itself, which just packages and installs the operator. I recommend you ask at https://github.com/ansible/awx-operator

I stand corrected, a lot has been added since I last looked at the chart. This still may be an issue with the operator itself, if you're specifying a field within the AWX CR spec and it's not having the desired effect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miles-w-3 @gehoernchen