diff --git a/knowledge base/awx.md b/knowledge base/awx.md
index 03f3649..4169a03 100644
--- a/knowledge base/awx.md
+++ b/knowledge base/awx.md
@@ -1,21 +1,83 @@
# Ansible AWX
-1. [Deployment](#deployment)
-1. [Removal](#removal)
-1. [Testing](#testing)
- 1. [Create demo instances](#create-demo-instances)
+1. [Gotchas](#gotchas)
+1. [Instance setup](#instance-setup)
+ 1. [Deployment](#deployment)
+ 1. [Removal](#removal)
+ 1. [Testing](#testing)
1. [API](#api)
1. [Further readings](#further-readings)
1. [Sources](#sources)
-## Deployment
+## Gotchas
-> ### Incomplete ARM64 image collection
->
-> Consider using only AMD64 nodes to host the containers for AWX.
->
-> As of 2024-04-11, AWX does **not** appear to provide ARM64 images for all its containers.
-> One'll need to build their own missing ARM64 images and specify those during deployment. Good luck with that!
+- Consider using only AMD64 nodes to host the containers for AWX instances.
+
+ As of 2024-04-11, AWX does **not** appear to provide ARM64 images for all its containers.
+ One'll need to build their own missing ARM64 images and specify those during deployment. Good luck with that!
+
+- K8S tolerations set in AWX custom resources only affect K8S-based AWX instances' deployments.
+ They are **not** applied to other resources like automation Jobs.
+
+
+
+ Jobs' specific K8S settings need to be configured in the `pod_spec_override` attribute of Instance Groups of type
+ Container Group.
+
+ ```yaml
+ ---
+ # awx instance_groups get 'default' -f 'yaml'
+ …
+ pod_spec_override: |
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ namespace: awx
+ spec:
+ …
+ containers:
+ - …
+ image: 012345678901.dkr.ecr.eu-west-1.amazonaws.com/custom/awx-ee:latest
+ resources:
+ requests:
+ cpu: 250m
+ memory: 100Mi
+ limits:
+ cpu: 1930m
+ memory: 3297Mi
+ tolerations:
+ - key: org.example.k8s/reservation/app
+ operator: Equal
+ value: awx
+ effect: NoSchedule
+ - key: org.example.k8s/awx/component
+ operator: Equal
+ value: job
+ effect: NoSchedule
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: org.example.k8s/reservation/app
+ operator: In
+ values:
+ - awx
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 10
+ preference:
+ matchExpressions:
+ - key: org.example.k8s/awx/component
+ operator: In
+ values:
+ - job
+ ```
+
+
+
+## Instance setup
+
+### Deployment
Starting from version 18.0, the [AWX Operator][operator's documentation] is the preferred way to install AWX.
It is meant to provide a Kubernetes-native installation method for AWX via an AWX Custom Resource Definition (CRD).
@@ -29,8 +91,8 @@ Requirements:
- The ability to create PersistentVolumeClaims and PersistentVolumes in said K8S cluster.
- The ability for the cluster to create load balancers if setting the service type to load balancer.
-
- Using kustomize
+
+Deploy the operator with kustomize
```sh
$ mkdir -p '/tmp/awx'
@@ -59,8 +121,8 @@ awx-operator-controller-manager-8b7dfcb58-k7jt8 2/2 Running 0 1
-
- Using helm
+
+Deploy the operator with helm
```sh
# Add the operator's repository.
@@ -122,8 +184,8 @@ Useful specs:
| `no_log: false` | See resource creation tasks' output in the operators'logs | Debug |
| `node_selector: …` | Select nodes to run on | Use only specific nodes (see warning at the beginning) |
-
- Using kubectl
+
+Deploy AWX instances with kubectl
```sh
$ cd '/tmp/awx'
@@ -133,7 +195,7 @@ $ cd '/tmp/awx'
- Using kustomize
+ Deploy AWX instances with kustomize
```sh
$ cd '/tmp/awx'
@@ -144,8 +206,8 @@ $ cd '/tmp/awx'
-
- Using the helm chart's integrated definition
+
+ Deploy AWX instances using the operator's helm chart's integrated definition
```sh
# Update the operator by telling it to also deploy the AWX instance.
@@ -169,7 +231,7 @@ awx-demo-web-69d6d5d6c-wdxlv 3/3 Running 0
awx-operator-controller-manager-75b667b745-g9g9c 2/2 Running 0 17m
```
-
+
The default user is `admin`.
Get the password from the `{instance}-admin-password` secret:
@@ -179,14 +241,14 @@ $ kubectl -n 'awx' get secret 'awx-demo-admin-password' -o jsonpath="{.data.pass
L2ZUgNTwtswVW3gtficG1Hd443l3Kicq
```
-Connection:
+Connect to the instance once it is up:
```sh
kubectl -n 'awx' port-forward 'service/awx-service' '8080:http'
open 'http://localhost:8080'
```
-## Removal
+### Removal
Remove the `AWX` resource associated to the instance to delete it:
@@ -211,19 +273,17 @@ Eventually, remove the namespace too to clean all things up:
kubectl delete ns 'awx'
```
-## Testing
-
-### Create demo instances
+### Testing
- Run: follow the basic installation guide
+Run: follow the basic installation guide
[Guide][basic install]
-
-
- 1. ARM, Mac OS X, minikube, kustomize: failed: ARM images for AWX not available
-
+
+
+ 1. ARM, Mac OS X, minikube, kustomize: failed: ARM images for AWX not available
+
```sh
$ minikube start --cpus=4 --memory=6g --addons=ingress
@@ -284,8 +344,8 @@ $ # (ノಠ益ಠ)ノ彡┻━┻
```
-
- 2. AMD64, OpenSUSE Leap 15.5, minikube, kustomize
+
+ 2. AMD64, OpenSUSE Leap 15.5, minikube, kustomize
```sh
$ minikube start --cpus=4 --memory=6g --addons=ingress
@@ -355,12 +415,12 @@ $ minikube kubectl -- delete -k '.'
- Run: follow the helm installation guide
+Run: follow the helm installation guide
[Guide][helm install on existing cluster]
-
- 1. AMD64, OpenSUSE Leap 15.5, minikube, helm
+
+ 1. AMD64, OpenSUSE Leap 15.5, minikube, helm
```sh
$ minikube start --cpus=4 --memory=6g --addons=ingress
@@ -426,14 +486,14 @@ $ minikube kubectl -- delete ns 'awx'
- Run: kustomized helm chart
+Run: kustomized helm chart
> #### Warning
>
> Remember to include the CRDs from the helm chart.
- 1. AMD64, OpenSUSE Leap 15.5, minikube
+ 1. AMD64, OpenSUSE Leap 15.5, minikube
```sh
$ minikube start --cpus=4 --memory=6g --addons=ingress
@@ -509,7 +569,7 @@ $ minikube kubectl -- delete -f <(minikube kubectl -- kustomize --enable-helm)
- 1. AMD64, Mac OS X, EKS
+ 1. AMD64, Mac OS X, EKS
```sh
$ mkdir -p '/tmp/awx'
@@ -614,6 +674,12 @@ awx … config
# List all available endpoints
curl -fs --user 'admin:password' 'https://awx.example.org/api/v2/' | jq '.' -
+# List instance groups
+awx instance_groups list
+
+# Show instance groups
+awx instance_groups get 'default'
+
# List jobs
awx jobs list
awx jobs list -f 'yaml'
@@ -623,6 +689,7 @@ awx jobs list -f 'jq' --filter '.results[] | .name + " is " + .status'
# Show job templates
awx job_templates list
curl -fs --user 'admin:password' 'https://awx.example.org/api/v2/job_templates/' | jq '.' -
+awx job_templates get 'Some Job'
# Show notification templates
awx … notification_templates list
@@ -631,6 +698,7 @@ curl -fs --user 'admin:password' 'https://awx.example.org/api/v2/notification_te
# Show schedules
awx … schedules list
awx … schedules --schedules 'schedule-1' 'schedule-n'
+awx schedules get 'Some Schedule'
curl -fs --user 'admin:password' 'https://awx.example.org/api/v2/schedules/' | jq '.' -
# Export data
@@ -663,6 +731,7 @@ Refer [AWX Command Line Interface] for more information.
- [Installer role's defaults]
- [AWX API Reference]
- [How to use AWX REST API to execute jobs]
+- [Automation Job isn't created with tolerations from AWX manifest]
[arm64 image pulled shows amd64 as its arch]: https://github.com/brancz/kube-rbac-proxy/issues/79#issuecomment-826557647
+[automation job isn't created with tolerations from awx manifest]: https://github.com/ansible/awx-operator/issues/1099#issuecomment-1298706083
[how to use awx rest api to execute jobs]: https://www.dbi-services.com/blog/how-to-use-awx-rest-api-to-execute-jobs/