Skip to main content
HashnodeHesti Networking Lab

Command Palette

Search for a command to run...

Deploying Enterprise AWX on K3s

Published
4 min read
H
Hùng Việt
Part of seriesNetwork Automation

NetDevOps: Deploying Enterprise AWX on K3s

In the world of NetDevOps, moving from manual Ansible CLI execution to a centralized platform is a game-changer. Ansible AWX (the open-source version of Red Hat Ansible Automation Platform) provides the Web UI, RBAC, and API capabilities needed to scale network automation — like pushing mass firmware upgrades (e.g., Cisco IOS-XE 17.15.04b) across hundreds of devices.

However, deploying AWX on Kubernetes in certain regions (like Vietnam) often hits a major roadblock: the ImagePullBackOff error due to gcr.io (Google Container Registry) being throttled or blocked.

In this guide from Hesti Networking Lab, we will deploy AWX using the AWX Operator on K3s and implement a specific patch to bypass these network restrictions.

🏗️ 1. Infrastructure Preparation

To ensure stability for Ansible Execution Environments, we recommend using a full Virtual Machine (VM) rather than a container-based environment.

  • OS: Ubuntu 22.04 / 24.04 LTS

  • Specs: 4 vCPU, 8GB RAM (Minimum), 40GB+ Disk.

  • Network: Internet access and a static IP.

🚀 2. Step 1: Install K3s (The Foundation)

K3s is a highly available, certified Kubernetes distribution designed for production workloads in resource-constrained environments. It’s perfect for our NetDevOps Lab.

Run the following command to install K3s:

curl -sfL [https://get.k3s.io](https://get.k3s.io) | sh -

Configure permissions to run kubectl as your current user:

mkdir -p ~/.kube
sudo k3s kubectl config view --raw > ~/.kube/config
chmod 600 ~/.kube/config

Verify the node is ready:

kubectl get nodes

⚙️ 3. Step 2: The AWX Operator & GCR Fix

The "Standard" installation usually fails at this stage because the kube-rbac-proxy image is hosted on gcr.io. We will fix this by patching the kustomization.yaml to pull from quay.io instead.

Create a deployment directory:

mkdir ~/awx-deploy && cd ~/awx-deploy

Create kustomization.yaml:

nano kustomization.yaml

Paste the following content:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  # Pull the AWX Operator (Version 2.19.1)
  - [github.com/ansible/awx-operator/config/default?ref=2.19.1](https://github.com/ansible/awx-operator/config/default?ref=2.19.1)

images:
  - name: quay.io/ansible/awx-operator
    newTag: 2.19.1
  # --- CRITICAL FIX FOR GCR.IO ISSUES ---
  - name: gcr.io/kubebuilder/kube-rbac-proxy
    newName: quay.io/brancz/kube-rbac-proxy
    newTag: v0.15.0

namespace: awx

Deploy the Operator:

kubectl apply -k .

kubectl get pods -n awx -w

Wait until you see awx-operator-controller-manager is Running 2/2.

🏗️ 4. Step 3: Deploy the AWX Instance

Now, we define the actual AWX application. We will use nodeport to make the web interface accessible via the VM's IP.

Create awx-demo.yml:

nano awx-demo.yml

Paste the content:

---
apiVersion: [awx.ansible.com/v1beta1](https://awx.ansible.com/v1beta1)
kind: AWX
metadata:
  name: awx-demo
spec:
  service_type: nodeport

Update your kustomization.yaml to include this new resource:

nano kustomization.yaml

Modify the resources section:

resources:
  - [github.com/ansible/awx-operator/config/default?ref=2.19.1](https://github.com/ansible/awx-operator/config/default?ref=2.19.1)
  - awx-demo.yml  # Add this line

Apply the final configuration:

kubectl apply -k .

⏳ 5. Step 4: Verification & Login

It will take 5-10 minutes for the Operator to pull the Postgres, Redis, Task, and Web images. Monitor the progress:

watch kubectl get pods -n awx

Harvest the Rewards:

Once the awx-demo-task is 4/4 Running and awx-demo-web is 3/3 Running, you are ready.

1. Get the Web Access Port:

kubectl get svc awx-demo-service -n awx

Identify the Port mapped to 80 (e.g., 80:31213/TCP). Access it via http://<VM_IP>:31213.

2. Retrieve the Admin Password:

kubectl get secret awx-demo-admin-password -n awx -o jsonpath="{.data.password}" | base64 --decode ; echo

Login:

  • Username: admin

  • Password: (The string retrieved above)

🎯 Summary

By implementing a simple image patch, we bypassed regional network restrictions and successfully deployed a production-grade AWX instance on K3s. This setup is the perfect "Command Center" for any NetDevOps engineer looking to automate enterprise infrastructure.

Happy Automating!

#netdevops#ansible#awx#kubernetes#networkautomation#k3s

Comments

Join the discussion

No comments yet. Be the first to comment.

Network Automation

Part 1 of 3
Up next

Automating Cisco IOS Upgrades: A Step-by-Step Ansible Guide (INSTALL MODE)

Introduction If you’ve been following my blog, you might have seen my earlier guide on Bundle Mode upgrades. That method is classic-simple and familiar. But let’s be honest, if you are managing modern Catalyst 9000s or ISR routers, Install Mode is th...

More from this blog

H

Hesti Networking Lab

3 posts

👋 I'm Hung Ha (Hesti) – a Network Engineer passionate about automating the boring stuff. Here at Hesti's Lab, I share real-world guides on Network Automation, Ansible, Cloud☁️, and AI Agents 🤖.