Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added mesh ingress content to instances chapter. #14854

Merged
merged 14 commits into from
Feb 15, 2024
Merged

Added mesh ingress content to instances chapter. #14854

merged 14 commits into from
Feb 15, 2024

Conversation

tvo318
Copy link
Member

@tvo318 tvo318 commented Feb 7, 2024
edited
Loading

SUMMARY

This PR outlines the process for setting up and configuring an example mesh ingress scenario.
It addresses issue #14816.
It has a dependency on (operator PR #1706) for links to work but they are correct when they get published.

See rendered preview: https://ansible--14854.org.readthedocs.build/projects/awx/en/14854/administration/instances.html

ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • Docs
AWX VERSION

Latest

ADDITIONAL INFORMATION

Associated with AAP 2.5

@tvo318
Copy link
Member Author

tvo318 commented Feb 7, 2024

@TheRealHaoLiu, @fosterseth - is this how we want to document this feature? I didn't get real screens, I purely based it on the demo you all did for me and used the screens from there so they are consistent. So if we stick with this, we will need to recapture these exact screens.

TheRealHaoLiu
TheRealHaoLiu reviewed Feb 7, 2024
View reviewed changes
docs/docsite/rst/administration/instances.rst Outdated
Configuring a mesh ingress
---------------------------

If a remote execution node is setup inside a datacenter to communicate with target hosts from a k8s cluster because the k8s cluster is unable to reach the hosts via SSH, it risks exposing port information. To solve this, a hop node is placed inside of the k8s cluster to route traffic from task pods to the execution node, eliminating the risk of exposing any ports since execution node connections are outbound only.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creating a remote execution node without enabling mesh ingress you would have to allow inbound connection to the receptor listener port on the remote execution node

In restricted networking environment (inside private network) where this connection is not allowed using mesh ingress can allow the remote execution to connect into the awx control-plane instead of having to allow connection from the awx control-plane

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To solve this, a hop node is placed inside of the k8s cluster to route traffic from task pods to the execution node

more of implementation detail... the ingress present as a hop node in the instance page to allow user to peer into the mesh

fosterseth
fosterseth reviewed Feb 9, 2024
View reviewed changes
docs/docsite/rst/administration/instances.rst Outdated Show resolved Hide resolved
docs/docsite/rst/administration/instances.rst Outdated Show resolved Hide resolved
docs/docsite/rst/administration/instances.rst Outdated Show resolved Hide resolved
docs/docsite/rst/administration/instances.rst Outdated Show resolved Hide resolved
tvo318 and others added 5 commits February 12, 2024 07:38
@tvo318 @fosterseth
Line 75
f4160c2 
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
@tvo318 @fosterseth
Line 117
28b13f1 
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
@tvo318 @fosterseth
Line 126
12dbbdd 
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
@tvo318
Wording changes and update graphics
e524df9
@tvo318
Merge branch 'devel' into mesh-ingress
8296351
@tvo318 tvo318 merged commit 5179333 into ansible:devel Feb 15, 2024
21 checks passed
@tvo318 tvo318 deleted the mesh-ingress branch February 21, 2024 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fosterseth fosterseth fosterseth left review comments

@TheRealHaoLiu TheRealHaoLiu TheRealHaoLiu approved these changes

Assignees
No one assigned
Labels
component:docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tvo318 @fosterseth @TheRealHaoLiu