diff --git a/ansible/templates/crd.yml.j2 b/ansible/templates/crd.yml.j2
index 9787b1a3..744164a6 100644
--- a/ansible/templates/crd.yml.j2
+++ b/ansible/templates/crd.yml.j2
@@ -104,6 +104,12 @@ spec:
                 tower_route_tls_secret:
                   description: Secret where the TLS related credentials are stored
                   type: string
+                tower_node_selector:
+                  description: nodeSelector for the AWX pods
+                  type: string
+                tower_tolerations:
+                  description: node tolerations for the AWX pods
+                  type: string
                 tower_image:
                   description: Registry path to the application container to use
                   type: string
diff --git a/deploy/awx-operator.yaml b/deploy/awx-operator.yaml
index 5d26a4fa..0ddba7d9 100644
--- a/deploy/awx-operator.yaml
+++ b/deploy/awx-operator.yaml
@@ -255,6 +255,12 @@ spec:
                 tower_route_tls_secret:
                   description: Secret where the TLS related credentials are stored
                   type: string
+                tower_node_selector:
+                  description: nodeSelector for the AWX pods
+                  type: string
+                tower_tolerations:
+                  description: node tolerations for the AWX pods
+                  type: string
                 tower_image:
                   description: Registry path to the application container to use
                   type: string
diff --git a/deploy/crds/awx_v1beta1_crd.yaml b/deploy/crds/awx_v1beta1_crd.yaml
index 9787b1a3..744164a6 100644
--- a/deploy/crds/awx_v1beta1_crd.yaml
+++ b/deploy/crds/awx_v1beta1_crd.yaml
@@ -104,6 +104,12 @@ spec:
                 tower_route_tls_secret:
                   description: Secret where the TLS related credentials are stored
                   type: string
+                tower_node_selector:
+                  description: nodeSelector for the AWX pods
+                  type: string
+                tower_tolerations:
+                  description: node tolerations for the AWX pods
+                  type: string
                 tower_image:
                   description: Registry path to the application container to use
                   type: string
diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml
index 611f11da..f9318718 100644
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -38,6 +38,22 @@ tower_route_host: ''
 
 tower_hostname: '{{ deployment_type }}.example.com'
 
+# Add a nodeSelector for the AWX pods. It must match a node's labels for the pod
+# to be scheduled on that node. Specify as literal block. E.g.:
+# tower_node_selector: |
+#   disktype: ssd
+#   kubernetes.io/arch: amd64
+#   kubernetes.io/os: linux
+tower_node_selector: ''
+
+# Add node tolerations for the AWX pods. Specify as literal block. E.g.:
+# tower_tolerations: |
+#   - key: "dedicated"
+#     operator: "Equal"
+#     value: "AWX"
+#     effect: "NoSchedule"
+tower_tolerations: ''
+
 tower_admin_user: admin
 tower_admin_email: test@example.com
 
diff --git a/roles/installer/templates/tower_deployment.yaml.j2 b/roles/installer/templates/tower_deployment.yaml.j2
index 40ea2be0..b2893ec4 100644
--- a/roles/installer/templates/tower_deployment.yaml.j2
+++ b/roles/installer/templates/tower_deployment.yaml.j2
@@ -192,6 +192,14 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: status.podIP
+{% endif %}
+{% if tower_node_selector %}
+      nodeSelector:
+        {{ tower_node_selector | indent(width=8) }}
+{% endif %}
+{% if tower_tolerations %}
+      tolerations:
+        {{ tower_tolerations | indent(width=8) }}
 {% endif %}
       volumes:
 {% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %}