You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I understand that AWX is open source software provided for free and that I might not receive a timely response.
I am NOT reporting a (potential) security vulnerability. (These should be emailed to [email protected] instead.)
Bug Summary
The jobs AWX spins up are not respecting my selector and tolerations. I have firewall rules in place for 2 virtual machines that have the kubernetes label team=operations so that they can ssh to the rest of the virtual machines.
AWX version
2.18.0
Select the relevant components
UI
UI (tech preview)
API
Docs
Collection
CLI
Other
Installation method
kubernetes
Modifications
no
Ansible version
AWX EE (24.5.0)
Operating system
Rocky 9
Web browser
No response
Steps to reproduce
Have kubernetes and 2 seperate nodes on it with label "team=operations"
have the following files in a directory.
awx-instance.yaml
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-instance
namespace: awx
spec:
# ipv6 staat uit op onze vm's en dit geeft problemen als we dit niet uitzetten op awx.
ipv6_disabled: true
# ingress
service_type: clusterip
ingress_type: ingress
ingress_hosts:
- hostname: foo.bar.com
# postgress
postgres_storage_class: netapp
postgres_storage_requirements:
requests:
storage: 100Gi
# Assigning AWX pods to specific nodes
node_selector: |
team: operations
tolerations: |
- key: "team"
operator: "Equal"
value: "operations"
effect: "NoSchedule"
postgres_selector: |
team: operations
postgres_tolerations: |
- key: "team"
operator: "Equal"
value: "operations"
effect: "NoSchedule"
and kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Find the latest tag here: https://github.com/ansible/awx-operator/releases
- github.com/ansible/awx-operator/config/default?ref=2.13.1
- awx-instance.yaml
# Set the image tags to match the git version from above
images:
- name: quay.io/ansible/awx-operator
newTag: 2.18.0
# Specify a custom namespace in which to install AWX
namespace: awx
Then start up AWX
kubectl apply -k .
Then realise it spins up pods on nodes it isn't allowed to so you change your awx-instance.yaml to this.
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx-instance
namespace: awx
spec:
# ipv6 staat uit op onze vm's en dit geeft problemen als we dit niet uitzetten op awx.
ipv6_disabled: true
# ingress
service_type: clusterip
ingress_type: ingress
ingress_hosts:
- hostname: foo.bar.com
# postgress
postgres_storage_class: netapp
postgres_storage_requirements:
requests:
storage: 100Gi
# Assigning AWX pods to specific nodes
node_selector: |
team: operations
tolerations: |
- key: "team"
operator: "Equal"
value: "operations"
effect: "NoSchedule"
postgres_selector: |
team: operations
postgres_tolerations: |
- key: "team"
operator: "Equal"
value: "operations"
effect: "NoSchedule"
web_node_selector: |
team: operations
web_tolerations: |
- key: "team"
operator: "Equal"
value: "operations"
effect: "NoSchedule"
task_node_selector: |
team: operations
task_tolerations: |
- key: "team"
operator: "Equal"
value: "operations"
effect: "NoSchedule"
Then execute following command again.
kubectl apply -k .
Expected results
The jobs that AWX spins up to only go on the nodes with label "team=operations"
Actual results
The jobs that AWX spins up are going to nodes that don't have the label "team=operations" and thus fail since our firewall doesn't allow other nodes to ssh to our vm's.
Additional information
No response
The text was updated successfully, but these errors were encountered:
Please confirm the following
[email protected]
instead.)Bug Summary
The jobs AWX spins up are not respecting my selector and tolerations. I have firewall rules in place for 2 virtual machines that have the kubernetes label team=operations so that they can ssh to the rest of the virtual machines.
AWX version
2.18.0
Select the relevant components
Installation method
kubernetes
Modifications
no
Ansible version
AWX EE (24.5.0)
Operating system
Rocky 9
Web browser
No response
Steps to reproduce
Have kubernetes and 2 seperate nodes on it with label "team=operations"
have the following files in a directory.
awx-instance.yaml
and kustomization.yaml
Then start up AWX
Then realise it spins up pods on nodes it isn't allowed to so you change your awx-instance.yaml to this.
Then execute following command again.
Expected results
The jobs that AWX spins up to only go on the nodes with label "team=operations"
Actual results
The jobs that AWX spins up are going to nodes that don't have the label "team=operations" and thus fail since our firewall doesn't allow other nodes to ssh to our vm's.
Additional information
No response
The text was updated successfully, but these errors were encountered: