allow configuration of uwsgi timeout

This is important when you have proxies in front of the service that may have stricter timeouts, as you need at least as strict a timeout at uwsgi to get meaningful traceback and see source of problem.
Fail early if postgres_configuration_secret is specified by does not exist (#2015 )
2026-03-27 05:43:11 +00:00 · 2025-02-19 14:38:54 -05:00 · 2025-02-17 12:38:06 -05:00 · 2025-02-17 12:36:43 -05:00 · 2025-02-11 11:01:18 -05:00 · 2025-01-20 11:32:49 -05:00
337 changed files with 16104 additions and 6386 deletions
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Community Code of Conduct
+
+Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,39 +0,0 @@
---
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
-
---
-
-##### ISSUE TYPE
- - Bug Report
-
-##### SUMMARY
-<!-- Briefly describe the problem. -->
-
-##### ENVIRONMENT
-* AWX version: X.Y.Z
-* Operator version: X.Y.Z
-* Kubernetes version: 
-* AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
-
-##### STEPS TO REPRODUCE
-
-<!-- Please describe exactly how to reproduce the problem. -->
-
-##### EXPECTED RESULTS
-
-<!-- What did you expect to happen when running the steps above? -->
-
-##### ACTUAL RESULTS
-
-<!-- What actually happened? -->
-
-##### ADDITIONAL INFORMATION
-
-<!-- Include any links to sosreport, database dumps, screenshots or other
-information. -->
-
-##### AWX-OPERATOR LOGS
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,125 @@
+---
+name: Bug Report
+description: "🐞 Create a report to help us improve"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Bug Report issues are for **concrete, actionable bugs** only.
+        For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Please confirm the following
+      options:
+        - label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+          required: true
+        - label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
+          required: true
+        - label: I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.
+          required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Bug Summary
+      description: Briefly describe the problem.
+    validations:
+      required: false
+
+  - type: input
+    id: awx-operator-version
+    attributes:
+      label: AWX Operator version
+      description: What version of the AWX Operator are you running?
+    validations:
+      required: true
+
+  - type: input
+    id: awx-version
+    attributes:
+      label: AWX version
+      description: What version of AWX are you running?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: platform
+    attributes:
+      label: Kubernetes platform
+      description: What platform did you install the Operator in?
+      multiple: false
+      options:
+        - kubernetes
+        - minikube
+        - openshift
+        - minishift
+        - docker development environment
+        - other (please specify in additional information)
+    validations:
+      required: true
+
+  - type: input
+    id: kube-version
+    attributes:
+      label: Kubernetes/Platform version
+      description: What version of your platform/kuberneties are you using?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: modified-architecture
+    attributes:
+      label: Modifications
+      description: >-
+       Have you modified the installation, deployment topology, or container images in any way? If yes, please
+       explain in the "additional information" field at the bottom of the form.
+      multiple: false
+      options:
+        - "no"
+        - "yes"
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps-to-reproduce
+    attributes:
+      label: Steps to reproduce
+      description: >-
+        Starting from a new installation of the system, describe exactly how a developer or quality engineer can reproduce the bug
+        on infrastructure that isn't yours. Include any and all resources created, input values, test users, roles assigned, playbooks used, etc.
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected-results
+    attributes:
+      label: Expected results
+      description: What did you expect to happpen when running the steps above?
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual-results
+    attributes:
+      label: Actual results
+      description: What actually happened?
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: Additional information
+      description: Include any relevant log output, links to sosreport, database dumps, screenshots, AWX spec yaml, or other information.
+    validations:
+      required: false
+
+  - type: textarea
+    id: operator-logs
+    attributes:
+      label: Operator Logs
+      description: Include any relevant logs generated by the operator.
+    validations:
+      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,12 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: For debugging help or technical support
+    url: https://github.com/ansible/awx-operator#get-involved
+    about: For general debugging or technical support please see the Get Involved section of our readme.
+  - name: 📝 Ansible Code of Conduct
+    url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
+    about: AWX uses the Ansible Code of Conduct; ❤ Be nice to other members of the community. ☮ Behave.
+  - name: 💼 For Enterprise
+    url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser
+    about: Red Hat offers support for the Ansible Automation Platform
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,29 @@
+---
+name: ✨ Feature request
+description: Suggest an idea for this project
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Feature Request issues are for **feature requests** only.
+        For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Please confirm the following
+      options:
+        - label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+          required: true
+        - label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
+          required: true
+        - label: I understand that AWX Operator is open source software provided for free and that I might not receive a timely response.
+          required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Feature Summary
+      description: Briefly describe the desired enhancement.
+    validations:
+      required: true
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,26 @@
+##### SUMMARY
+<!--- Describe the change, including rationale and design decisions -->
+
+<!---
+If you are fixing an existing issue, please include "fixes #nnn" in your
+commit message and your description; but you should still explain what
+the change does.
+-->
+
+##### ISSUE TYPE
+<!--- Pick one below and delete the rest: -->
+ - Breaking Change 
+ - New or Enhanced Feature
+ - Bug, Docs Fix or other nominal change
+
+##### ADDITIONAL INFORMATION
+<!---
+Include additional information to help people understand the change here.
+For bugs that don't have a linked bug report, a step-by-step reproduction
+of the problem is helpful.
+-->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+```
+
+```
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "component:docs"
+      - "dependencies"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
--- a/.github/issue_labeler.yml
+++ b/.github/issue_labeler.yml
@@ -0,0 +1,3 @@
+---
+needs_triage:
+  - '.*'
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -4,41 +4,66 @@ name: CI

 on:
  pull_request:
-    branches: [devel]
-
  push:
-    branches: [devel]

 jobs:
-  pull_request:
-    runs-on: ubuntu-18.04
-    name: pull_request
+  molecule:
+    runs-on: ubuntu-latest
+    name: molecule
+    strategy:
+      matrix:
+        ansible_args:
+          - --skip-tags=replicas
+          - -t replicas
    env:
-      DOCKER_API_VERSION: "1.38"
+      DOCKER_API_VERSION: "1.41"
+      DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4

-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.8"

      - name: Install Dependencies
        run: |
-          pip install \
-            molecule \
-            molecule-docker \
-            yamllint \
-            ansible-lint \
-            openshift \
-            jmespath \
-            ansible
+          pip install -r molecule/requirements.txt

      - name: Install Collections
        run: |
-         ansible-galaxy collection install community.kubernetes operator_sdk.util
+          ansible-galaxy collection install -r molecule/requirements.yml

      - name: Run Molecule
        env:
          MOLECULE_VERBOSITY: 3
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          STORE_DEBUG_OUTPUT: true
        run: |
-          molecule test -s test-local
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind -- ${{ matrix.ansible_args }}
+
+      - name: Upload artifacts for failed tests if Run Molecule fails
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: awx_operator_molecule_test
+          path: ${{ env.DEBUG_OUTPUT_DIR }}
+  no-log:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Check no_log statements
+        run: |
+          set +e
+          no_log=$(grep -nr ' no_log:' roles | grep -v '"{{ no_log }}"')
+          if [ -n "${no_log}" ]; then
+            echo 'Please update the following no_log statement(s) with the "{{ no_log }}" value'
+            echo "${no_log}"
+            exit 1
+          fi
+  nox-sessions:
+    uses: ./.github/workflows/reusable-nox.yml
--- a/.github/workflows/devel.yaml
+++ b/.github/workflows/devel.yaml
@@ -8,27 +8,41 @@ on:

 jobs:
  release:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    name: Push devel image
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4

-      - name: Install Operator-SDK
+      - name: Fail if QUAY_REGISTRY not set
        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
-          chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
+          if [[ -z "${{ vars.QUAY_REGISTRY }}" ]]; then
+            echo "QUAY_REGISTRY not set. Please set QUAY_REGISTRY in variable GitHub Actions variables."
+            exit 1
+          fi

-      - name: Build Image
-        run: |
-          operator-sdk build awx-operator:devel
-
-      - name: Push To Quay
-        uses: redhat-actions/push-to-registry@v2.1.1
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
        with:
-          image: awx-operator
-          tags: devel
-          registry: quay.io/ansible/
-          username: ${{ secrets.QUAY_USERNAME }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ${{ vars.QUAY_REGISTRY }}
+          username: ${{ secrets.QUAY_USER }}
          password: ${{ secrets.QUAY_TOKEN }}
+
+
+      - name: Build and Store Image @ghcr
+        run: |
+          IMG=ghcr.io/${{ github.repository }}:${{ github.sha }} make docker-buildx
+
+
+      - name: Publish Image to quay.io
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ github.sha }} \
+            --tag ${{ vars.QUAY_REGISTRY }}/awx-operator:devel
--- a/.github/workflows/feature.yml
+++ b/.github/workflows/feature.yml
@@ -0,0 +1,56 @@
+---
+
+name: Feature Branch Image Build and Push
+
+on:
+  push:
+    branches: [feature_*]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    name: Push devel image
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # needed so that git describe --tag works
+
+      - name: Set VERSION
+        run: |
+          echo "VERSION=$(git describe --tags)" >>${GITHUB_ENV}
+
+      - name: Set lower case owner name
+        run: |
+          echo "OWNER_LC=${OWNER,,}" >>${GITHUB_ENV}
+        env:
+          OWNER: '${{ github.repository_owner }}'
+
+      - name: Set IMAGE_TAG_BASE
+        run: |
+          echo "IMAGE_TAG_BASE=ghcr.io/${OWNER_LC}/awx-operator" >>${GITHUB_ENV}
+
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and Push awx-operator Image
+        run: |
+          make docker-build docker-push
+          docker tag ${IMAGE_TAG_BASE}:${VERSION} ${IMAGE_TAG_BASE}:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}:${GITHUB_REF##*/}
+
+      - name: Build bundle manifests
+        run: |
+          make bundle
+
+      - name: Build and Push awx-operator Bundle
+        run: |
+          make bundle-build bundle-push
+          docker tag ${IMAGE_TAG_BASE}-bundle:v${VERSION} ${IMAGE_TAG_BASE}-bundle:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}-bundle:${GITHUB_REF##*/}
+
+      - name: Build and Push awx-operator Catalog
+        run: |
+          make catalog-build catalog-push
+          docker tag ${IMAGE_TAG_BASE}-catalog:v${VERSION} ${IMAGE_TAG_BASE}-catalog:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}-catalog:${GITHUB_REF##*/}
--- a/.github/workflows/label_issue.yml
+++ b/.github/workflows/label_issue.yml
@@ -0,0 +1,54 @@
+---
+name: Label Issues
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    name: Label
+
+    steps:
+      - name: Label Issue - Needs Triage
+        uses: github/issue-labeler@v3.4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          not-before: 2021-12-07T07:00:00Z
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0
+        if: github.event_name == 'issues'
+
+  community:
+    runs-on: ubuntu-latest
+    name: Label Issue - Community
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+      - name: Install python requests
+        run: pip install requests
+      - name: Check if user is a member of Ansible org
+        uses: jannekem/run-python-script-action@v1
+        id: check_user
+        with:
+          script: |
+            import requests
+            headers = {'Accept': 'application/vnd.github+json', 'Authorization': 'token ${{ secrets.GITHUB_TOKEN }}'}
+            response = requests.get('${{ fromJson(toJson(github.event.issue.user.url)) }}/orgs?per_page=100', headers=headers)
+            is_member = False
+            for org in response.json():
+              if org['login'] == 'ansible':
+                is_member = True
+            if is_member:
+                print("User is member")
+            else:
+                print("User is community")
+      - name: Add community label if not a member
+        if: contains(steps.check_user.outputs.stdout, 'community')
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: "community"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/label_pr.yml
+++ b/.github/workflows/label_pr.yml
@@ -0,0 +1,49 @@
+name: Label PR
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  community:
+    runs-on: ubuntu-latest
+    name: Label PR - Community
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+
+      - name: Create a virtual environment
+        run: python3 -m venv venv
+
+      - name: Activate virtual environment and install dependencies
+        run: |
+          source venv/bin/activate
+          pip3 install requests
+
+      - name: Check if user is a member of Ansible org
+        uses: jannekem/run-python-script-action@v1
+        id: check_user
+        with:
+          script: |
+            import requests
+            headers = {'Accept': 'application/vnd.github+json', 'Authorization': 'token ${{ secrets.GITHUB_TOKEN }}'}
+            response = requests.get('${{ fromJson(toJson(github.event.pull_request.user.url)) }}/orgs?per_page=100', headers=headers)
+            is_member = False
+            for org in response.json():
+              if org['login'] == 'ansible':
+                is_member = True
+            if is_member:
+                print("User is member")
+            else:
+                print("User is community")
+
+      - name: Add community label if not a member
+        if: contains(steps.check_user.outputs.stdout, 'community')
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: "community"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/pr_body_check.yml
+++ b/.github/workflows/pr_body_check.yml
@@ -0,0 +1,37 @@
+---
+name: PR Check
+env:
+  BRANCH: ${{ github.base_ref || 'devel' }}
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  pr-check:
+    name: Scan PR description for semantic versioning keywords
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Check for each of the lines
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
+        run: |
+          echo "$PR_BODY" | grep "Bug, Docs Fix or other nominal change" > Z
+          echo "$PR_BODY" | grep "New or Enhanced Feature" > Y
+          echo "$PR_BODY" | grep "Breaking Change" > X
+          exit 0
+        # We exit 0 and set the shell to prevent the returns from the greps from failing this step
+        # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+        shell: bash {0}
+
+      - name: Check for exactly one item
+        run: |
+          if [ $(cat X Y Z | wc -l) != 1 ] ; then
+            echo "The PR body must contain exactly one of [ 'Bug, Docs Fix or other nominal change', 'New or Enhanced Feature', 'Breaking Change' ]"
+            echo "We counted $(cat X Y Z | wc -l)"
+            echo "See the default PR body for examples"
+            exit 255;
+          else
+            exit 0;
+          fi
--- a/.github/workflows/promote.yaml
+++ b/.github/workflows/promote.yaml
@@ -0,0 +1,72 @@
+---
+name: Promote AWX Operator image
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: 'Name for the tag of the release.'
+        required: true
+      quay_registry:
+        description: 'Quay registry to push to.'
+        default: 'quay.io/ansible'
+
+env:
+  QUAY_REGISTRY: ${{ vars.QUAY_REGISTRY }}
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set GitHub Env vars for workflow_dispatch event
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
+          echo "QUAY_REGISTRY=${{ github.event.inputs.quay_registry }}" >> $GITHUB_ENV
+
+      - name: Set GitHub Env vars if release event
+        if: ${{ github.event_name == 'release' }}
+        run: |
+          echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+      - name: Fail if QUAY_REGISTRY not set
+        run: |
+          if [[ -z "${{ env.QUAY_REGISTRY }}" ]]; then
+            echo "QUAY_REGISTRY not set. Please set QUAY_REGISTRY in variable GitHub Actions variables."
+            exit 1
+          fi
+
+      - uses: actions/checkout@v4
+        with:
+          depth: 0
+
+
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ${{ env.QUAY_REGISTRY }}
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+
+      - name: Pull Tagged Staged Image and Publish to quay.io
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
+            --tag ${{ env.QUAY_REGISTRY }}/awx-operator:${{ env.TAG_NAME }}
+
+
+      - name: Pull Staged Image and Publish to quay.io/${{ github.repository }}:latest
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
+            --tag ${{ env.QUAY_REGISTRY }}/awx-operator:latest
--- a/.github/workflows/publish-operator-hub.yaml
+++ b/.github/workflows/publish-operator-hub.yaml
@@ -0,0 +1,86 @@
+name: Publish AWX Operator on operator-hub
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: 'Name for the tag of the release.'
+        required: true
+      operator_hub_fork:
+        description: 'Fork of operator-hub where the PR will be created from. default: awx-auto'
+        required: true
+        default: 'awx-auto'
+      image_registry:
+        description: 'Image registry where the image is published to. default: quay.io'
+        required: true
+        default: 'quay.io'
+      image_registry_organization:
+        description: 'Image registry organization where the image is published to. default: ansible'
+        required: true
+        default: 'ansible'
+      community_operator_github_org:
+        description: 'Github organization for community-opeartor project. default: k8s-operatorhub'
+        required: true
+        default: 'k8s-operatorhub'
+      community_operator_prod_github_org:
+        description: 'GitHub organization for community-operator-prod project. default: redhat-openshift-ecosystem'
+        required: true
+        default: 'redhat-openshift-ecosystem'
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set GITHUB_ENV from workflow_dispatch event
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          echo "VERSION=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
+          echo "IMAGE_REGISTRY=${{ github.event.inputs.image_registry }}" >> $GITHUB_ENV
+          echo "IMAGE_REGISTRY_ORGANIZATION=${{ github.event.inputs.image_registry_organization }}" >> $GITHUB_ENV
+          echo "COMMUNITY_OPERATOR_GITHUB_ORG=${{ github.event.inputs.community_operator_github_org }}" >> $GITHUB_ENV
+          echo "COMMUNITY_OPERATOR_PROD_GITHUB_ORG=${{ github.event.inputs.community_operator_prod_github_org }}" >> $GITHUB_ENV
+
+      - name: Set GITHUB_ENV for release event
+        if: ${{ github.event_name == 'release' }}
+        run: |
+          echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+          echo "IMAGE_REGISTRY=quay.io" >> $GITHUB_ENV
+          echo "IMAGE_REGISTRY_ORGANIZATION=ansible" >> $GITHUB_ENV
+          echo "COMMUNITY_OPERATOR_GITHUB_ORG=k8s-operatorhub" >> $GITHUB_ENV
+          echo "COMMUNITY_OPERATOR_PROD_GITHUB_ORG=redhat-openshift-ecosystem" >> $GITHUB_ENV
+
+      - name: Log in to image registry
+        run: |
+          echo ${{ secrets.QUAY_TOKEN }} | docker login ${{ env.IMAGE_REGISTRY }} -u ${{ secrets.QUAY_USER }} --password-stdin
+
+      - name: Checkout awx-operator at workflow branch
+        uses: actions/checkout@v4
+        with:
+          path: awx-operator
+
+      - name: Checkout awx-opearator at ${{ env.VERSION }}
+        uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+          ref: ${{ env.VERSION }}
+          path: awx-operator-${{ env.VERSION }}
+          fetch-depth: 0  # fetch all history so that git describe works
+
+      - name: Copy scripts to awx-operator-${{ env.VERSION }}
+        run: |
+          cp -f \
+            awx-operator/hack/publish-to-operator-hub.sh \
+            awx-operator-${{ env.VERSION }}/hack/publish-to-operator-hub.sh
+          cp -f \
+            awx-operator/Makefile \
+            awx-operator-${{ env.VERSION }}/Makefile
+
+      - name: Build and publish bundle to operator-hub
+        working-directory: awx-operator-${{ env.VERSION }}
+        env:
+          IMG_REPOSITORY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_REGISTRY_ORGANIZATION }}
+          GITHUB_TOKEN: ${{ secrets.AWX_AUTO_GITHUB_TOKEN }}
+        run: |
+          git config --global user.email "awx-automation@redhat.com"
+          git config --global user.name "AWX Automation"
+          ./hack/publish-to-operator-hub.sh
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,35 +0,0 @@
---
-
-name: Release
-
-on:
-  release:
-    types:
-      - created
-
-jobs:
-  release:
-    runs-on: ubuntu-18.04
-    name: Push tagged image to Quay
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Install Operator-SDK
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
-          chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-
-      - name: Build Image
-        run: |
-          operator-sdk build awx-operator:${{ github.event.release.tag_name }}
-
-      - name: Push To Quay
-        uses: redhat-actions/push-to-registry@v2.1.1
-        with:
-          image: awx-operator
-          tags: ${{ github.event.release.tag_name }}
-          registry: quay.io/ansible/
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_TOKEN }}
--- a/.github/workflows/reusable-nox.yml
+++ b/.github/workflows/reusable-nox.yml
@@ -0,0 +1,26 @@
+---
+name: nox
+
+"on":
+    workflow_call:
+
+jobs:
+    nox:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                - session: build
+                  python-versions: "3.11"
+        name: "Run nox ${{ matrix.session }} session"
+        steps:
+        - name: Check out repo
+          uses: actions/checkout@v4
+        - name: Setup nox
+          uses: wntrblm/nox@2024.04.15
+          with:
+              python-versions: "${{ matrix.python-versions }}"
+        - name: "Run nox -s ${{ matrix.session }}"
+          run: |
+            nox -s "${{ matrix.session }}"
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -0,0 +1,84 @@
+---
+name: Stage Release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to stage'
+        required: true
+      default_awx_version:
+        description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
+        required: true
+      confirm:
+        description: 'Are you sure? Set this to yes.'
+        required: true
+        default: 'no'
+
+jobs:
+  stage:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+    steps:
+      - name: Verify inputs
+        run: |
+          set -e
+
+          if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
+            >&2 echo "Confirm must be 'yes'"
+            exit 1
+          fi
+
+          if [[ ${{ github.event.inputs.version }} == "" ]]; then
+            >&2 echo "Set version to continue."
+            exit 1
+          fi
+
+          exit 0
+
+      - name: Checkout awx-operator
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.repository_owner }}/awx-operator
+          path: awx-operator
+
+      - name: Install playbook dependencies
+        run: |
+          python3 -m pip install docker
+
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Stage awx-operator
+        working-directory: awx-operator
+        run: |
+          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }} \
+              --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
+          IMG=ghcr.io/${{ github.repository }}:${{ github.event.inputs.version }} \
+          make docker-buildx
+
+      - name: Run test deployment
+        working-directory: awx-operator
+        run: |
+          python3 -m pip install -r molecule/requirements.txt
+          ansible-galaxy collection install -r molecule/requirements.yml
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+        env:
+          AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
+
+      - name: Create Draft Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          release_name: Release ${{ github.event.inputs.version }}
+          draft: true
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,13 @@
 *~
+gh-pages/
 .cache/
+/bin
+/bundle
+/bundle_tmp*
+/bundle.Dockerfile
+/charts
+/.cr-release-packages
+.vscode/
+__pycache__
+/site
+venv/*
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -0,0 +1,17 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# RTD API version
+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+mkdocs:
+  configuration: mkdocs.yml
+
+python:
+  install:
+  - requirements: ./docs/requirements.txt
--- a/.yamllint
+++ b/.yamllint
@@ -3,10 +3,17 @@ extends: default

 ignore: |
  .cache/
-  deploy/olm-catalog
+  kustomization.yaml
+  awx-operator.clusterserviceversion.yaml
+  bundle
+  hacking/

 rules:
  truthy: disable
  line-length:
    max: 170
+  document-start: disable
+  comments-indentation: disable
+  indentation:
    level: warning
+    indent-sequences: consistent
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,19 +2,49 @@

 This is a list of high-level changes for each release of `awx-operator`. A full list of commits can be found at `https://github.com/ansible/awx-operator/releases/tag/<version>`.

+# 0.19.0 (Mar 23, 2022)
+
+- Fix corrupted spec for the service with nodeport type (kurokobo) - dbaf64e
+- Add ability to deploy with OLM & added logo (Christian Adams) - 86c31a4
+- Fix backup & restore issues with special characters in the postgres password (kurokobo) - 589a375
+- Use centos:stream8 container where applicable (Shane McDonald)- 12a58d7
+
+# 0.14.0 (Oct 03, 2021)
+
+- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x.
+  - To avoid a headache, you probably want to delete your existing operator Deployment and follow the README.
+- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change)
+
+# 0.10.0 (Jun 1, 2021)
+
+- Make tower_ingress_type to respect ClusterIP definition (Marcelo Moreira de Mello) - e37c091 (breaking_change)
+- Add ability to get/create/delete secrets for the awx service account (Christian M. Adams) - 61b3cb4
+- Added ability to specify annotations to ServiceAccount (Marcelo Moreira de Mello) - 446ac0b
+- Do not shadow other variables (Yanis Guenane) - 223fe98
+- Do not prepend variables name with tower_ (Yanis Guenane) - 75458d0 (breaking_change)
+- Fully remove finalizer (Christian M. Adams) - fd92050
+- Use custom pg_dump format for faster restores (Christian M. Adams) - f16d9ac
+- Allow user to specify empty string for storage class on PVC (Christian M. Adams) - 818b837
+- Unset ownerRefs in the installer instead of the finalizer (Christian M. Adams) - c12a1f0
+- Make awx-operator compatible with Ansible 2.12 (Alan Rominger) - 5216489
+- Restore: set proper kind var after deploying AWX CR (Julen Landa Alustiza) - fc4687f
+- Add support for custom service labels (Jeremy Kimber) - fd42802
+- Rename product specific variable names (Christian M. Adams) - 5ae3636 (breaking_change)
+- Add watcher for backup CR (Christian M. Adams) - fdcc745
+
 # 0.9.0 (May 1, 2021)

- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039 
- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d 
- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc 
- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90 
- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9 
- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f 
- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f 
+- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
+- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
+- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
+- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
+- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
+- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
+- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
 - Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change)
- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f 
- Add tower_ingress_type NodePort (stal) - 1b87616 
- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84 
- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1 
- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11 
- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c 
+- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
+- Add tower_ingress_type NodePort (stal) - 1b87616
+- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
+- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
+- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
+- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,13 +6,16 @@ Have questions about this document or anything not covered here? Please file a n

 ## Table of contents

-* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
-* [Submmiting your Work](#submitting-your-work)
-* [Testing](#testing)
-    * [Testing in Docker](#testing-in-docker)
-    * [Testing in Minikube](#testing-in-minikube)
-* [Generating a bundle](#generating-a-bundle)
-* [Reporting Issues](#reporting-issues)
+- [AWX-Operator Contributing Guidelines](#awx-operator-contributing-guidelines)
+  - [Table of contents](#table-of-contents)
+  - [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
+  - [Submmiting your work](#submmiting-your-work)
+  - [Development](#development)
+  - [Testing](#testing)
+      - [Testing in Kind](#testing-in-kind)
+      - [Testing in Minikube](#testing-in-minikube)
+  - [Generating a bundle](#generating-a-bundle)
+  - [Reporting Issues](#reporting-issues)


 ## Things to know prior to submitting code
@@ -25,13 +28,13 @@ Have questions about this document or anything not covered here? Please file a n


 ## Submmiting your work
-1. From your fork `devel` branch, create a new brach to stage your changes.
+1. From your fork `devel` branch, create a new branch to stage your changes.
 ```sh
 #> git checkout -b <branch-name>
 ```
 2. Make your changes.
 3. Test your changes according described on the Testing section.
-4. If everylooks looks correct, commit your changes.
+4. If everything looks correct, commit your changes.
 ```sh
 #> git add <FILES>
 #> git commit -m "My message here"
@@ -40,30 +43,34 @@ Have questions about this document or anything not covered here? Please file a n

 **Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.

-
+## Development
+The development environment consists of running an [`up.sh`](./up.sh) and a [`down.sh`](./down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](docs/development.md) for information on how to deploy and test changes from your branch.

 ## Testing

-This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
+This Operator includes a [Molecule](https://ansible.readthedocs.io/projects/molecule/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).

 You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:

 ```sh
-#> pip install 'molecule[docker]'
+#> python -m pip install molecule-plugins[docker]
 ```

 Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).

 If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.

-#### Testing in Docker
+#### Testing in Kind
+
+Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
+* https://kind.sigs.k8s.io/docs/user/quick-start/
+
+To run the tests, from the root of your checkout, run the following command:

 ```sh
-#> molecule test -s test-local
+#> molecule test -s kind
 ```

-This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
-
 #### Testing in Minikube

 ```sh
@@ -137,4 +144,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t

 ## Reporting Issues

-We welcome your feedback, and encourage you to file an issue when you run into a problem.
+We welcome your feedback, and encourage you to file an issue when you run into a problem.
--- a/25
+++ b/25
@@ -0,0 +1,25 @@
+FROM quay.io/operator-framework/ansible-operator:v1.34.2
+
+USER root
+RUN dnf update --security --bugfix -y && \
+    dnf install -y openssl
+
+USER 1001
+
+ARG DEFAULT_AWX_VERSION
+ARG OPERATOR_VERSION
+ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
+ENV OPERATOR_VERSION=${OPERATOR_VERSION}
+
+COPY requirements.yml ${HOME}/requirements.yml
+RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
+ && chmod -R ug+rwx ${HOME}/.ansible
+
+COPY watches.yaml ${HOME}/watches.yaml
+COPY roles/ ${HOME}/roles/
+COPY playbooks/ ${HOME}/playbooks/
+
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
+    "--watches-file=./watches.yaml", \
+    "--reconcile-period=0s" \
+    ]
--- a/241
+++ b/241
@@ -0,0 +1,241 @@
+# VERSION defines the project version for the bundle.
+# Update this value when you upgrade the version of your project.
+# To re-generate a bundle for another specific version without changing the standard setup, you can:
+# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
+# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
+VERSION ?= $(shell git describe --tags)
+PREV_VERSION ?= $(shell git describe --abbrev=0 --tags $(shell git rev-list --tags --skip=1 --max-count=1))
+
+CONTAINER_CMD ?= docker
+
+# CHANNELS define the bundle channels used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
+# To re-generate a bundle for other specific channels without changing the standard setup, you can:
+# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
+# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
+ifneq ($(origin CHANNELS), undefined)
+BUNDLE_CHANNELS := --channels=$(CHANNELS)
+endif
+
+# DEFAULT_CHANNEL defines the default channel used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable")
+# To re-generate a bundle for any other default channel without changing the default setup, you can:
+# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
+# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
+ifneq ($(origin DEFAULT_CHANNEL), undefined)
+BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
+endif
+BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
+
+# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images.
+# This variable is used to construct full image tags for bundle and catalog images.
+#
+# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
+# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION.
+IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
+
+# BUNDLE_IMG defines the image:tag used for the bundle.
+# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
+BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
+
+# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
+BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+
+# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
+# You can enable this value if you would like to use SHA Based Digests
+# To enable set flag to true
+USE_IMAGE_DIGESTS ?= false
+ifeq ($(USE_IMAGE_DIGESTS), true)
+       BUNDLE_GEN_FLAGS += --use-image-digests
+endif
+
+# Image URL to use all building/pushing image targets
+IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+NAMESPACE ?= awx
+
+.PHONY: all
+all: docker-build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+.PHONY: print-%
+print-%: ## Print any variable from the Makefile. Use as `make print-VARIABLE`
+	@echo $($*)
+
+##@ Build
+
+.PHONY: run
+run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
+	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
+
+.PHONY: docker-build
+docker-build: ## Build docker image with the manager.
+	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	${CONTAINER_CMD} push ${IMG}
+
+# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
+# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
+# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> than the export will fail)
+# To properly provided solutions that supports more than one platform you should use this option.
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+.PHONY: docker-buildx
+docker-buildx: ## Build and push docker image for the manager for cross-platform support
+	- docker buildx create --name project-v3-builder
+	docker buildx use project-v3-builder
+	- docker buildx build --push $(BUILD_ARGS) --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile .
+	- docker buildx rm project-v3-builder
+
+
+##@ Deployment
+
+.PHONY: install
+install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+
+.PHONY: gen-resources
+gen-resources: kustomize ## Generate resources for controller and print to stdout
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default
+
+.PHONY: deploy
+deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCHA := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
+ARCHX := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/')
+
+.PHONY: kustomize
+KUSTOMIZE = $(shell pwd)/bin/kustomize
+kustomize: ## Download kustomize locally if necessary.
+ifeq (,$(wildcard $(KUSTOMIZE)))
+ifeq (,$(shell which kustomize 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(KUSTOMIZE)) ;\
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
+	tar xzf - -C bin/ ;\
+	}
+else
+KUSTOMIZE = $(shell which kustomize)
+endif
+endif
+
+.PHONY: operator-sdk
+OPERATOR_SDK = $(shell pwd)/bin/operator-sdk
+operator-sdk: ## Download operator-sdk locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(OPERATOR_SDK)))
+ifeq (,$(shell which operator-sdk 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPERATOR_SDK)) ;\
+	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.34.2/operator-sdk_$(OS)_$(ARCHA) ;\
+	chmod +x $(OPERATOR_SDK) ;\
+	}
+else
+OPERATOR_SDK = $(shell which operator-sdk)
+endif
+endif
+
+.PHONY: ansible-operator
+ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
+ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
+ifeq (,$(shell which ansible-operator 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.34.0/ansible-operator_$(OS)_$(ARCHA) ;\
+	chmod +x $(ANSIBLE_OPERATOR) ;\
+	}
+else
+ANSIBLE_OPERATOR = $(shell which ansible-operator)
+endif
+endif
+
+.PHONY: bundle
+bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+	$(OPERATOR_SDK) generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(OPERATOR_SDK) bundle validate ./bundle
+
+.PHONY: bundle-build
+bundle-build: ## Build the bundle image.
+	${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+
+.PHONY: bundle-push
+bundle-push: ## Push the bundle image.
+	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
+
+.PHONY: opm
+OPM = ./bin/opm
+opm: ## Download opm locally if necessary.
+ifeq (,$(wildcard $(OPM)))
+ifeq (,$(shell which opm 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPM)) ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.26.0/$(OS)-$(ARCHA)-opm ;\
+	chmod +x $(OPM) ;\
+	}
+else
+OPM = $(shell which opm)
+endif
+endif
+
+# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
+# These images MUST exist in a registry and be pull-able.
+BUNDLE_IMGS ?= $(BUNDLE_IMG)
+
+# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
+CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
+
+# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
+ifneq ($(origin CATALOG_BASE_IMG), undefined)
+FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
+endif
+
+# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
+# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
+# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
+.PHONY: catalog-build
+catalog-build: opm ## Build a catalog image.
+	$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+
+# Push the catalog image.
+.PHONY: catalog-push
+catalog-push: ## Push a catalog image.
+	$(MAKE) docker-push IMG=$(CATALOG_IMG)
--- a/41
+++ b/41
@@ -0,0 +1,41 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
+domain: ansible.com
+layout:
+- ansible.sdk.operatorframework.io/v1
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: awx-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWX
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXBackup
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXRestore
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXMeshIngress
+  version: v1alpha1
+version: "3"
--- a/README.md
+++ b/README.md
@@ -1,721 +1,56 @@
 # AWX Operator

-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions)
+[![Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-yellow.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)

 An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible.

-# Table of Contents
+The AWX Operator is meant to be deployed in your Kubernetes cluster(s) and can be used to install and manage the lifecycle of an AWX instance in the same namespace.

-<!--ts-->
-* [AWX Operator](#awx-operator)
-* [Table of Contents](#table-of-contents)
-   * [Purpose](#purpose)
-   * [Usage](#usage)
-      * [Basic Install](#basic-install)
-      * [Admin user account configuration](#admin-user-account-configuration)
-      * [Network and TLS Configuration](#network-and-tls-configuration)
-         * [Service Type](#service-type)
-         * [Ingress Type](#ingress-type)
-      * [Database Configuration](#database-configuration)
-         * [External PostgreSQL Service](#external-postgresql-service)
-         * [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance)
-         * [Managed PostgreSQL Service](#managed-postgresql-service)
-      * [Advanced Configuration](#advanced-configuration)
-         * [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx)
-         * [Privileged Tasks](#privileged-tasks)
-         * [Containers Resource Requirements](#containers-resource-requirements)
-         * [LDAP Certificate Authority](#ldap-certificate-authority)
-         * [Persisting Projects Directory](#persisting-projects-directory)
-         * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options)
-         * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers)
-         * [Service Account](#service-account)
-   * [Upgrading](#upgrading)
-   * [Contributing](#contributing)
-   * [Release Process](#release-process)
-      * [Verifiy Functionality](#verify-functionality)
-      * [Update Version](#update-version)
-      * [Commit / Create Release](#commit--create-release)
-   * [Author](#author)
-<!--te-->
+## Documentation

-## Purpose
-
-This operator is meant to provide a more Kubernetes-native installation method for AWX via an AWX Custom Resource Definition (CRD).
-
-> :warning: The operator is not supported by Red Hat, and is in **alpha** status. For now, use it at your own risk!
-
-## Usage
-
-### Basic Install
-
-This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can manage one or more AWX instances in any namespace.
-
-For testing purposes, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.
-
-```bash
-$ minikube start --addons=ingress --cpus=4 --cni=flannel --install-addons=true \
-    --kubernetes-version=stable --memory=6g
-😄  minikube v1.20.0 on Fedora 34
-✨  Using the kvm2 driver based on user configuration
-👍  Starting control plane node minikube in cluster minikube
-🔥  Creating kvm2 VM (CPUs=4, Memory=6144MB, Disk=20000MB) ...
-🐳  Preparing Kubernetes v1.20.2 on Docker 20.10.6 ...
-    ▪ Generating certificates and keys ...
-    ▪ Booting up control plane ...
-    ▪ Configuring RBAC rules ...
-🔗  Configuring Flannel (Container Networking Interface) ...
-🔎  Verifying Kubernetes components...
-    ▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1
-    ▪ Using image k8s.gcr.io/ingress-nginx/controller:v0.44.0
-    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
-    ▪ Using image docker.io/jettech/kube-webhook-certgen:v1.5.1
-🔎  Verifying ingress addon...
-🌟  Enabled addons: storage-provisioner, default-storageclass, ingress
-🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
-```
-
-Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
-
-```bash
-$ kubectl get nodes
-NAME       STATUS   ROLES                  AGE     VERSION
-minikube   Ready    control-plane,master   6m28s   v1.20.2
-
-$ kubectl get pods -A
-NAMESPACE       NAME                                        READY   STATUS      RESTARTS   AGE
-ingress-nginx   ingress-nginx-admission-create-tjk94        0/1     Completed   0          6m4s
-ingress-nginx   ingress-nginx-admission-patch-r4pl6         0/1     Completed   0          6m4s
-ingress-nginx   ingress-nginx-controller-5d88495688-sbtp9   1/1     Running     0          6m4s
-kube-system     coredns-74ff55c5b-2wz6n                     1/1     Running     0          6m4s
-kube-system     etcd-minikube                               1/1     Running     0          6m13s
-kube-system     kube-apiserver-minikube                     1/1     Running     0          6m13s
-kube-system     kube-controller-manager-minikube            1/1     Running     0          6m13s
-kube-system     kube-flannel-ds-amd64-lw7lv                 1/1     Running     0          6m3s
-kube-system     kube-proxy-lcxx7                            1/1     Running     0          6m3s
-kube-system     kube-scheduler-minikube                     1/1     Running     0          6m13s
-kube-system     storage-provisioner                         1/1     Running     1          6m17s
-```
-
-Now you need to deploy AWX Operator into your cluster. Start by going to https://github.com/ansible/awx-operator/releases and making note of the latest release. Replace `<TAG>` in the URL `https://raw.githubusercontent.com/ansible/awx-operator/<TAG>/deploy/awx-operator.yaml` with the version you are deploying.
-
-```bash
-$ kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/<TAG>/deploy/awx-operator.yaml
-customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
-customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
-customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
-clusterrole.rbac.authorization.k8s.io/awx-operator created
-clusterrolebinding.rbac.authorization.k8s.io/awx-operator created
-serviceaccount/awx-operator created
-deployment.apps/awx-operator created
-```
-
-Wait a few minutes and you should have the `awx-operator` running.
-
-```bash
-$ kubectl get pods
-NAME                            READY   STATUS    RESTARTS   AGE
-awx-operator-7dbf9db9d7-z9hqx   1/1     Running   0          50s
-```
-
-Then create a file named `awx-demo.yml` with the suggested content. The `metadata.name` you provide, will be the name of the resulting AWX deployment.  If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
-
-```yaml
---
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: awx-demo
-spec:
-  service_type: nodeport
-  ingress_type: none
-  hostname: awx-demo.example.com
-```
-
-Finally, use `kubectl` to create the awx instance in your cluster:
-
-```bash
-$ kubectl apply -f awx-demo.yml
-awx.awx.ansible.com/awx-demo created
-```
-
-After a few minutes, the new AWX instance will be deployed. One can look at the operator pod logs in order to know where the installation process is at. This can be done by running the following command: `kubectl logs -f deployments/awx-operator`.
-
-```bash
-$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
-NAME                        READY   STATUS    RESTARTS   AGE
-awx-demo-77d96f88d5-pnhr8   4/4     Running   0          3m24s
-awx-demo-postgres-0         1/1     Running   0          3m34s
-
-$ kubectl get svc -l "app.kubernetes.io/managed-by=awx-operator"
-NAME                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
-awx-demo-postgres   ClusterIP   None           <none>        5432/TCP       4m4s
-awx-demo-service    NodePort    10.109.40.38   <none>        80:31006/TCP   3m56s
-```
-
-Once deployed, the AWX instance will be accessible by the command `minikube service awx-demo-service --url`.
-
-By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
-
-You just completed the most basic install of an AWX instance via this operator. Congratulations!!!!
-
-For an example using the Nginx Controller in Minukube, don't miss our [demo video](https://asciinema.org/a/416946).
-
-[![asciicast](https://raw.githubusercontent.com/ansible/awx-operator/devel/docs/awx-demo.svg)](https://asciinema.org/a/416946)
-
-### Admin user account configuration
-
-There are three variables that are customizable for the admin user account creation.
-
-| Name                        | Description                                  | Default          |
-| --------------------------- | -------------------------------------------- | ---------------- |
-| admin_user                  | Name of the admin user                       | admin            |
-| admin_email                 | Email of the admin user                      | test@example.com |
-| admin_password_secret       | Secret that contains the admin user password | Empty string     |
-
-
-> :warning: **admin_password_secret must be a Kubernetes secret and not your text clear password**.
-
-If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
-
-To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
-
-The secret that is expected to be passed should be formatted as follow:
-
-```yaml
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <resourcename>-admin-password
-  namespace: <target namespace>
-stringData:
-  password: mysuperlongpassword
-```
-
-
-### Network and TLS Configuration
-
-#### Service Type
-
-If the `service_type` is not specified, the `ClusterIP` service will be used for your AWX Tower service.
-
-The `service_type` supported options are: `ClusterIP`, `LoadBalancer` and `NodePort`.
-
-The following variables are customizable for any `service_type`
-
-| Name                                  | Description                                   | Default                           |
-| ------------------------------------- | --------------------------------------------- | --------------------------------- |
-| service_labels                  | Add custom labels                             | Empty string                      |
-
-```yaml
---
-spec:
-  ...
-  service_type: ClusterIP
-  service_labels: |
-    environment: testing
-```
-
-  * LoadBalancer
-
-The following variables are customizable only when `service_type=LoadBalancer`
-
-| Name                           | Description                              | Default       |
-| ------------------------------ | ---------------------------------------- | ------------- |
-| loadbalancer_annotations | LoadBalancer annotations                 | Empty string  |
-| loadbalancer_protocol    | Protocol to use for Loadbalancer ingress | http          |
-| loadbalancer_port        | Port used for Loadbalancer ingress       | 80            |
-
-```yaml
---
-spec:
-  ...
-  service_type: LoadBalancer
-  loadbalancer_protocol: https
-  loadbalancer_port: 443
-  loadbalancer_annotations: |
-    environment: testing
-  service_labels: |
-    environment: testing
-```
-
-When setting up a Load Balancer for HTTPS you will be required to set the `loadbalancer_port` to move the port away from `80`.
-
-The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.
-
-#### Ingress Type
-
-By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, when the `ingress_type` is not specified, it will default to `none` and nothing ingress-wise will be created.
-
-The `ingress_type` supported options are: `none`, `ingress` and `route`. To toggle between these options, you can add the following to your AWX CRD:
-
-  * None
-
-```yaml
---
-spec:
-  ...
-  ingress_type: none
-```
-
-  * Generic Ingress Controller
-
-The following variables are customizable when `ingress_type=ingress`. The `ingress` type creates an Ingress resource as [documented](https://kubernetes.io/docs/concepts/services-networking/ingress/) which can be shared with many other Ingress Controllers as [listed](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
-
-| Name                       | Description                              | Default                      |
-| -------------------------- | ---------------------------------------- | ---------------------------- |
-| ingress_annotations        | Ingress annotations                      | Empty string                 |
-| ingress_tls_secret         | Secret that contains the TLS information | Empty string                 |
-| hostname                   | Define the FQDN                          | {{ meta.name }}.example.com  |
-
-```yaml
---
-spec:
-  ...
-  ingress_type: ingress
-  hostname: awx-demo.example.com
-  ingress_annotations: |
-    environment: testing
-```
-
-  * Route
-
-The following variables are customizable when `ingress_type=route`
-
-| Name                                  | Description                                   | Default                                                 |
-| ------------------------------------- | --------------------------------------------- | --------------------------------------------------------|
-| route_host                      | Common name the route answers for             | `<instance-name>-<namespace>-<routerCanonicalHostname>` |
-| route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge                                                    |
-| route_tls_secret                | Secret that contains the TLS information      | Empty string                                            |
-
-```yaml
---
-spec:
-  ...
-  ingress_type: route
-  route_host: awx-demo.example.com
-  route_tls_termination_mechanism: Passthrough
-  route_tls_secret: custom-route-tls-secret-name
-```
-
-### Database Configuration
-
-#### External PostgreSQL Service
-
-In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-postgres-configuration`.
-
-
-The secret should be formatted as follows:
-
-```yaml
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <resourcename>-postgres-configuration
-  namespace: <target namespace>
-stringData:
-  host: <external ip or url resolvable by the cluster>
-  port: <external port, this usually defaults to 5432>
-  database: <desired database name>
-  username: <username to connect as>
-  password: <password to connect with>
-  sslmode: prefer
-  type: unmanaged
-type: Opaque
-```
-
-> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.  
-
-**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.
-
-#### Migrating data from an old AWX instance
-
-For instructions on how to migrate from an older version of AWX, see [migration.md](./docs/migration.md).
-
-#### Managed PostgreSQL Service
-
-If you don't have access to an external PostgreSQL service, the AWX operator can deploy one for you along side the AWX instance itself.
-
-The following variables are customizable for the managed PostgreSQL service
-
-| Name                                 | Description                                | Default                           |
-| ------------------------------------ | ------------------------------------------ | --------------------------------- |
-| postgres_image                       | Path of the image to pull                  | postgres:12                       |
-| postgres_resource_requirements       | PostgreSQL container resource requirements | Empty object                      |
-| postgres_storage_requirements        | PostgreSQL container storage requirements  | requests: {storage: 8Gi}          |
-| postgres_storage_class               | PostgreSQL PV storage class                | Empty string                      |
-| postgres_data_path                   | PostgreSQL data path                       | `/var/lib/postgresql/data/pgdata` |
-
-Example of customization could be:
-
-```yaml
---
-spec:
-  ...
-  postgres_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 2Gi
-    limits:
-      cpu: 1
-      memory: 4Gi
-  postgres_storage_requirements:
-    requests:
-      storage: 8Gi
-    limits:
-      storage: 50Gi
-  postgres_storage_class: fast-ssd
-```
-
-**Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
-
-### Advanced Configuration
-
-#### Deploying a specific version of AWX
-
-There are a few variables that are customizable for awx the image management.
-
-| Name                      | Description                |
-| --------------------------| -------------------------- |
-| image                     | Path of the image to pull  |
-| image_version             | Image version to pull      |
-| image_pull_policy         | The pull policy to adopt   |
-| image_pull_secret         | The pull secret to use     |
-| ee_images                 | A list of EEs to register  |
-| redis_image               | Path of the image to pull  |
-| redis_image_version       | Image version to pull      |
-
-Example of customization could be:
-
-```yaml
---
-spec:
-  ...
-  image: myorg/my-custom-awx
-  image_version: latest
-  image_pull_policy: Always
-  image_pull_secret: pull_secret_name
-  ee_images:
-    - name: my-custom-awx-ee
-      image: myorg/my-custom-awx-ee
-```
-
-**Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
-
-#### Privileged Tasks
-
-Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource:
-
-```yaml
---
-spec:
-  ...
-  task_privileged: true
-```
-
-If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with:
-
-```sh
-#> oc adm policy add-scc-to-user privileged -z awx
-```
-
-Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
-
-
-#### Containers Resource Requirements
-
-The resource requirements for both, the task and the web containers are configurable - both the lower end (requests) and the upper end (limits).
-
-| Name                             | Description                          | Default                             |
-| -------------------------------- | ------------------------------------ | ----------------------------------- |
-| web_resource_requirements        | Web container resource requirements  | requests: {cpu: 1000m, memory: 2Gi} |
-| task_resource_requirements       | Task container resource requirements | requests: {cpu: 500m, memory: 1Gi}  |
-
-Example of customization could be:
-
-```yaml
---
-spec:
-  ...
-  web_resource_requirements:
-    requests:
-      cpu: 1000m
-      memory: 2Gi
-    limits:
-      cpu: 2000m
-      memory: 4Gi
-  task_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 1Gi
-    limits:
-      cpu: 1000m
-      memory: 2Gi
-```
-
-#### Assigning AWX pods to specific nodes
-
-You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
-the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
-pods to be scheduled onto nodes with matching taints.
-
-
-| Name                           | Description                 | Default |
-| -------------------------------| --------------------------- | ------- |
-| postgres_image                 | Path of the image to pull   | 12      |
-| postgres_image_version         | Image version to pull       | 12      |
-| node_selector                  | AWX pods' nodeSelector      | ''      |
-| tolerations                    | AWX pods' tolerations       | ''      |
-| postgres_selector              | Postgres pods' nodeSelector | ''      |
-| postgres_tolerations           | Postgres pods' tolerations  | ''      |
-
-Example of customization could be:
-
-```yaml
---
-spec:
-  ...
-  node_selector: |
-    disktype: ssd
-    kubernetes.io/arch: amd64
-    kubernetes.io/os: linux
-  tolerations: |
-    - key: "dedicated"
-      operator: "Equal"
-      value: "AWX"
-      effect: "NoSchedule"
-  postgres_selector: |
-    disktype: ssd
-    kubernetes.io/arch: amd64
-    kubernetes.io/os: linux
-  postgres_tolerations: |
-    - key: "dedicated"
-      operator: "Equal"
-      value: "AWX"
-      effect: "NoSchedule"
-```
-
-#### LDAP Certificate Authority
-
-If the variable `ldap_cacert_secret` is provided, the operator will look for a the data field `ldap-ca.crt` in the specified secret.
-
-| Name                             | Description                             | Default |
-| -------------------------------- | --------------------------------------- | --------|
-| ldap_cacert_secret               | LDAP Certificate Authority secret name  |  ''     |
-
-
-Example of customization could be:
-
-```yaml
---
-spec:
-  ...
-  ldap_cacert_secret: <resourcename>-ldap-ca-cert
-```
-
-To create the secret, you can use the command below:
-
-```sh
-# kubectl create secret generic <resourcename>-ldap-ca-cert --from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
-```
-
-#### Persisting Projects Directory
-
-In cases which you want to persist the `/var/lib/projects` directory, there are few variables that are customizable for the `awx-operator`.
-
-| Name                               | Description                                                                                          | Default        |
-| -----------------------------------| ---------------------------------------------------------------------------------------------------- | ---------------|
-| projects_persistence         | Whether or not the /var/lib/projects directory will be persistent                                    |  false         |
-| projects_storage_class       | Define the PersistentVolume storage class                                                            |  ''            |
-| projects_storage_size        | Define the PersistentVolume size                                                                     |  8Gi           |
-| projects_storage_access_mode | Define the PersistentVolume access mode                                                              |  ReadWriteMany |
-| projects_existing_claim      | Define an existing PersistentVolumeClaim to use (cannot be combined with `projects_storage_*`) |  ''            |
-
-Example of customization when the `awx-operator` automatically handles the persistent volume could be:
-
-```yaml
---
-spec:
-  ...
-  projects_persistence: true
-  projects_storage_class: rook-ceph
-  projects_storage_size: 20Gi
-```
-
-#### Custom Volume and Volume Mount Options
-
-In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files.
-
-| Name                           | Description                                              | Default |
-| ------------------------------ | -------------------------------------------------------- | ------- |
-| extra_volumes                  | Specify extra volumes to add to the application pod      | ''      |
-| web_extra_volume_mounts        | Specify volume mounts to be added to Web container       | ''      |
-| task_extra_volume_mounts       | Specify volume mounts to be added to Task container      | ''      |
-| ee_extra_volume_mounts         | Specify volume mounts to be added to Execution container | ''      |
-
-Example configuration for ConfigMap
-
-```yaml
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <resourcename>-extra-config
-  namespace: <target namespace>
-data:
-  ansible.cfg: |
-     [defaults]
-     remote_tmp = /tmp
-     [ssh_connection]
-     ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
-  custom.py:  |
-      INSIGHTS_URL_BASE = "example.org"
-      AWX_CLEANUP_PATHS = True
-```
-Example spec file for volumes and volume mounts
-
-```yaml
---
-    spec:
-    ...
-      ee_extra_volume_mounts: |
-        - name: ansible-cfg
-          mountPath: /etc/ansible/ansible.cfg
-          subPath: ansible.cfg
-
-      task_extra_volume_mounts: |
-        - name: custom-py
-          mountPath: /etc/tower/conf.d/custom.py
-          subPath: custom.py
-
-      extra_volumes: |
-        - name: ansible-cfg
-          configMap:
-            defaultMode: 420
-            items:
-              - key: ansible.cfg
-                path: ansible.cfg
-            name: <resourcename>-extra-config
-        - name: custom-py
-          configMap:
-            defaultMode: 420
-            items:
-              - key: custom.py
-                path: custom.py
-            name: <resourcename>-extra-config
-
-```
-
-> :warning: **Volume and VolumeMount names cannot contain underscores(_)**
-
-#### Exporting Environment Variables to Containers
-
-If you need to export custom environment variables to your containers.
-
-| Name                          | Description                                              | Default |
-| ----------------------------- | -------------------------------------------------------- | ------- |
-| task_extra_env                | Environment variables to be added to Task container      | ''      |
-| web_extra_env                 | Environment variables to be added to Web container       | ''      |
-
-Example configuration of environment variables
-
-```yaml
-  spec:
-    task_extra_env: |
-      - name: MYCUSTOMVAR
-        value: foo
-    web_extra_env: |
-      - name: MYCUSTOMVAR
-        value: foo
-```
-
-#### Service Account
-
-If you need to modify some `ServiceAccount` proprieties
-
-| Name                          | Description                                              | Default |
-| ----------------------------- | -------------------------------------------------------- | ------- |
-| service_account_annotations   | Annotations to the ServiceAccount                        | ''      |
-
-Example configuration of environment variables
-
-```yaml
-  spec:
-    service_account_annotations: |
-      eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
-```
-
-### Upgrading
-
-To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX.  To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
-
-Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment.
+The AWX Operator documentation is available at <https://ansible.readthedocs.io/projects/awx-operator/>

+> Helm chart documentation is available at <https://ansible-community.github.io/awx-operator-helm/>

 ## Contributing

 Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).

+For docs changes, create PRs on the appropriate files in the `/docs` folder.

-## Release Process
-
-There are a few moving parts to this project:
-
-  1. The Docker image which powers AWX Operator.
-  2. The `awx-operator.yaml` Kubernetes manifest file which initially deploys the Operator into a cluster.
-  3. Then use the command below to generate a list of commits between the versions.
-  ```sh
-  #> git log --no-merges --pretty="- %s (%an) - %h " <old_tag>..<new_tag>
-  ```
-
-Each of these must be appropriately built in preparation for a new tag:
-
-### Verify Functionality
-
-Run the following command inside this directory:
-
-```sh
-#> operator-sdk build quay.io/<user>/awx-operator:test
-```
-
-Then push the generated image to Docker Hub:
-
-```sh
-#> docker push quay.io/<user>/awx-operator:test
-```
-
-After it is built, test it on a local cluster:
-
-
-```sh
-#> minikube start --memory 6g --cpus 4
-#> minikube addons enable ingress
-#> ansible-playbook ansible/deploy-operator.yml -e operator_image=quay.io/<user>/awx-operator -e operator_version=test
-#> kubectl create namespace example-awx
-#> ansible-playbook ansible/instantiate-awx-deployment.yml -e namespace=example-awx
-#> <test everything>
-#> minikube delete
-```
-
-### Update version
-
-Update the awx-operator version:
-
-  - `ansible/group_vars/all`
-
-Once the version has been updated, run from the root of the repo:
-
-```sh
-#> ansible-playbook ansible/chain-operator-files.yml
-```
-
-### Commit / Create Release
-
-If everything works, commit the updated version, then [publish a new release](https://github.com/ansible/awx-operator/releases/new) using the same version you used in `ansible/group_vars/all`.
-
-After creating the release, [this GitHub Workflow](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/release.yaml) will run and publish the new image to quay.io.
+The development environment consists of running an [`up.sh`](https://github.com/ansible/awx-operator/blob/devel/up.sh) and a [`down.sh`](https://github.com/ansible/awx-operator/blob/devel/down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](https://github.com/ansible/awx-operator/blob/devel/docs/development.md) for information on how to deploy and test changes from your branch.

 ## Author

 This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team
+
+## Code of Conduct
+
+We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)
+
+## Get Involved
+
+We welcome your feedback, questions and ideas. Here's how to reach the community.
+
+### Forum
+
+Join the [Ansible Forum](https://forum.ansible.com) as a single starting point and our default communication platform for questions and help, development discussions, events, and much more. [Register](https://forum.ansible.com/signup?) to join the community. Search by categories and tags to find interesting topics or start a new one; subscribe only to topics you need!
+
+* [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example `awx-operator` and  `documentation`.
+* [Posts tagged with 'awx-operator'](https://forum.ansible.com/tag/awx-operator): subscribe to participate in project-related conversations.
+* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn) used to announce releases and important changes.
+* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+For more information on the forum navigation, see [Navigating the Ansible forum](https://forum.ansible.com/t/navigating-the-ansible-forum-tags-categories-and-concepts/39) post.
+
+### Matrix
+
+For real-time interactions, conversations in the community happen over the Matrix protocol in the following channels:
+
+* [#awx:ansible.com](https://matrix.to/#/#awx:ansible.com): AWX and AWX-Operator project-related discussions.
+* [#docs:ansible.im](https://matrix.to/#/#docs:ansible.im): Ansible, AWX and AWX-Operator documentation-related discussions.
+
+For more information, see the community-hosted [Matrix FAQ](https://hackmd.io/@ansible-community/community-matrix-faq).
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+For all security related bugs, email security@ansible.com instead of using this issue tracker and you will receive a prompt response.
+
+For more information on the Ansible community's practices regarding responsible disclosure, see https://www.ansible.com/security
--- a/ansible/build-and-push.yml
+++ b/ansible/build-and-push.yml
@@ -1,17 +0,0 @@
---
- name: Build and Deploy the AWX Operator
-  hosts: localhost
-
-  collections:
-    - community.general
-
-  tasks:
-    - name: Build and (optionally) push operator image
-      docker_image:
-        name: "{{ operator_image }}:{{ operator_version }}"
-        pull: no
-        push: "{{ push_image | bool }}"
-        build:
-          dockerfile: "build/Dockerfile"
-          path: "../"
-        force: yes
--- a/ansible/chain-operator-files.yml
+++ b/ansible/chain-operator-files.yml
@@ -1,31 +0,0 @@
---
-# To run: `ansible-playbook chain-operator-files.yml`
- name: Chain operator files together for easy deployment.
-  hosts: localhost
-  connection: local
-  gather_facts: false
-
-  tasks:
-    - name: Template AWX CRD
-      template:
-        src: crd.yml.j2
-        dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml"
-        mode: '0644'
-
-    - name: Template AWXBackup CRD
-      template:
-        src: awxbackup_crd.yml.j2
-        dest: "{{ playbook_dir }}/../deploy/crds/awxbackup_v1beta1_crd.yaml"
-        mode: '0644'
-
-    - name: Template AWXRestore CRD
-      template:
-        src: awxrestore_crd.yml.j2
-        dest: "{{ playbook_dir }}/../deploy/crds/awxrestore_v1beta1_crd.yaml"
-        mode: '0644'
-
-    - name: Template awx-operator.yaml
-      template:
-        src: awx-operator.yaml.j2
-        dest: ../deploy/awx-operator.yaml
-        mode: '0644'
--- a/ansible/deploy-operator.yml
+++ b/ansible/deploy-operator.yml
@@ -1,29 +0,0 @@
---
- name: Reconstruct awx-operator.yaml
-  import_playbook: chain-operator-files.yml
-
- name: Deploy Operator
-  hosts: localhost
-  vars:
-    k8s_namespace: "default"
-    obliterate: no
-
-  collections:
-    - community.kubernetes
-
-  tasks:
-    - name: Obliterate Operator
-      k8s:
-        state: absent
-        namespace: "{{ k8s_namespace }}"
-        src: "../deploy/awx-operator.yaml"
-        wait: yes
-      when: obliterate | bool
-
-    - name: Deploy Operator
-      k8s:
-        state: present
-        namespace: "{{ k8s_namespace }}"
-        apply: yes
-        wait: yes
-        src: "../deploy/awx-operator.yaml"
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -1,4 +0,0 @@
-operator_image: quay.io/ansible/awx-operator
-operator_version: 0.10.0
-pull_policy: Always
-ansible_debug_logs: "false"
--- a/ansible/instantiate-awx-deployment.yml
+++ b/ansible/instantiate-awx-deployment.yml
@@ -3,7 +3,7 @@
  hosts: localhost

  collections:
-    - community.kubernetes
+    - kubernetes.core

  tasks:
    - name: Deploy AWX
@@ -26,6 +26,7 @@
            image_version: "{{ image_version | default(omit) }}"
            development_mode: "{{ development_mode | default(omit) | bool }}"
            image_pull_policy: "{{ image_pull_policy | default(omit) }}"
+            nodeport_port: "{{ nodeport_port | default(omit) }}"
            # ee_images:
            #   - name: test-ee
            #     image: quay.io/<user>/awx-ee
--- a/ansible/templates/awx-operator.yaml.j2
+++ b/ansible/templates/awx-operator.yaml.j2
@@ -1,16 +0,0 @@
-#jinja2: trim_blocks:False
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
-{% include 'crd.yml.j2' %}
-
-{% include 'awxbackup_crd.yml.j2' %}
-
-{% include 'awxrestore_crd.yml.j2' %}
-
-{% include 'role.yml.j2' %}
-
-{% include 'role_binding.yml.j2' %}
-
-{% include 'service_account.yml.j2' %}
-
-{% include 'operator.yml.j2' %}
--- a/ansible/templates/awxbackup_crd.yml.j2
+++ b/ansible/templates/awxbackup_crd.yml.j2
@@ -1,48 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxbackups.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXBackup
-    listKind: AWXBackupList
-    plural: awxbackups
-    singular: awxbackup
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXBackup CRD
-          properties:
-            spec:
-              type: object
-              required:
-                - deployment_name
-              properties:
-                deployment_name:
-                  description: Name of the deployment to be backed up
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be used for storing the backup
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace PVC is in
-                  type: string
-                backup_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  type: string
-                backup_storage_class:
-                  description: Storage class to use when creating PVC for backup
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
--- a/ansible/templates/awxrestore_crd.yml.j2
+++ b/ansible/templates/awxrestore_crd.yml.j2
@@ -1,52 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxrestores.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXRestore
-    listKind: AWXRestoreList
-    plural: awxrestores
-    singular: awxrestore
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXRestore CRD
-          properties:
-            spec:
-              type: object
-              properties:
-                backup_source:
-                  description: Backup source
-                  type: string
-                  enum:
-                    - CR
-                    - PVC
-                deployment_name:
-                  description: Name of the deployment to be restored to
-                  type: string
-                backup_name:
-                  description: AWXBackup object name
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace the PVC is in
-                  type: string
-                backup_dir:
-                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
--- a/ansible/templates/crd.yml.j2
+++ b/ansible/templates/crd.yml.j2
@@ -1,399 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                hostname:
-                  description: The hostname of the instance
-                  type: string
-                admin_email:
-                  description: The admin user email
-                  type: string
-                admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for data migration
-                  type: string
-                secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                service_type:
-                  description: The service type to be used on the deployed instance
-                  type: string
-                  enum:
-                    - LoadBalancer
-                    - loadbalancer
-                    - ClusterIP
-                    - clusterip
-                    - NodePort
-                    - nodeport
-                ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                ingress_annotations:
-                  description: Annotations to add to the Ingress Controller
-                  type: string
-                ingress_tls_secret:
-                  description: Secret where the Ingress TLS secret can be found
-                  type: string
-                loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                node_selector:
-                  description: nodeSelector for the pods
-                  type: string
-                service_labels:
-                  description: Additional labels to apply to the service
-                  type: string
-                tolerations:
-                  description: node tolerations for the pods
-                  type: string
-                image:
-                  description: Registry path to the application container to use
-                  type: string
-                image_version:
-                  description: Application container image version to use
-                  type: string
-                ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                service_account_annotations:
-                  description: ServiceAccount annotations
-                  type: string
-                replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                create_preload_data:
-                  description: Whether or not to preload data upon instance creation
-                  default: true
-                  type: boolean
-                task_args:
-                  type: array
-                  items:
-                    type: string
-                task_command:
-                  type: array
-                  items:
-                    type: string
-                web_args:
-                  type: array
-                  items:
-                    type: string
-                web_command:
-                  type: array
-                  items:
-                    type: string
-                task_extra_env:
-                  type: string
-                web_extra_env:
-                  type: string
-                ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                URL:
-                  description: URL to access the deployed instance
-                  type: string
-                adminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                adminPasswordSecret:
-                  description: Admin password secret name of the deployed instance
-                  type: string
-                postgresConfigurationSecret:
-                  description: Postgres Configuration secret name of the deployed instance
-                  type: string
-                broadcastWebsocketSecret:
-                  description: Broadcast websocket secret name of the deployed instance
-                  type: string
-                secretKeySecret:
-                  description: Secret key secret name of the deployed instance
-                  type: string
-                migratedFromSecret:
-                  description: The secret used for migrating an old instance.
-                  type: string
-                version:
-                  description: Version of the deployed instance
-                  type: string
-                image:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
--- a/ansible/templates/operator.yml.j2
+++ b/ansible/templates/operator.yml.j2
@@ -1,48 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "{{ operator_image }}:{{ operator_version }}"
-          imagePullPolicy: "{{ pull_policy|default('Always') }}"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-            - name: OPERATOR_VERSION
-              value: "{{ operator_version }}"
-            - name: ANSIBLE_DEBUG_LOGS
-              value: "{{ ansible_debug_logs|lower | default('false'|lower) }}"
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-      volumes:
-        - name: runner
-          emptyDir: {}
--- a/ansible/templates/service_account.yml.j2
+++ b/ansible/templates/service_account.yml.j2
@@ -1,6 +0,0 @@
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: default
--- a/awx-demo.yml
+++ b/awx-demo.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
--- a/awxmeshingress-demo.yml
+++ b/awxmeshingress-demo.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1alpha1
+kind: AWXMeshIngress
+metadata:
+  name: awx-mesh-ingress-demo
+spec:
+  deployment_name: awx-demo
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,11 +0,0 @@
-FROM quay.io/operator-framework/ansible-operator:v0.19.4
-
-# Install Ansible requirements.
-COPY requirements.yml ${HOME}/requirements.yml
-RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
- && chmod -R ug+rwx ${HOME}/.ansible
-
-COPY watches.yaml ${HOME}/watches.yaml
-
-COPY main.yml ${HOME}/main.yml
-COPY roles/ ${HOME}/roles/
--- a/build/test-framework/Dockerfile
+++ b/build/test-framework/Dockerfile
@@ -1,13 +0,0 @@
-ARG BASEIMAGE
-FROM ${BASEIMAGE}
-USER 0
-
-RUN yum install -y python-devel gcc libffi-devel
-RUN pip install molecule==3.0.6 jmespath
-
-ARG NAMESPACEDMAN
-ADD $NAMESPACEDMAN /namespaced.yaml
-ADD build/test-framework/ansible-test.sh /ansible-test.sh
-RUN chmod +x /ansible-test.sh
-USER 1001
-ADD . /opt/ansible/project
--- a/build/test-framework/ansible-test.sh
+++ b/build/test-framework/ansible-test.sh
@@ -1,7 +0,0 @@
-#!/bin/sh
-export WATCH_NAMESPACE=${TEST_NAMESPACE}
-(/usr/local/bin/entrypoint)&
-trap "kill $!" SIGINT SIGTERM EXIT
-
-cd ${HOME}/project
-exec molecule test -s test-minikube
--- a/bundle.Dockerfile
+++ b/bundle.Dockerfile
@@ -1,14 +0,0 @@
-FROM scratch
-
-LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
-LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
-LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
-LABEL operators.operatorframework.io.bundle.package.v1=awx-operator
-LABEL operators.operatorframework.io.bundle.channels.v1=alpha
-LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
-LABEL operators.operatorframework.io.metrics.project_layout=ansible
-LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4
-
-COPY deploy/olm-catalog/awx-operator/manifests /manifests/
-COPY deploy/olm-catalog/awx-operator/metadata /metadata/
--- a/config/crd/bases/awx.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml
@@ -0,0 +1,147 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXBackup CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the deployment to be backed up
+                type: string
+              backup_pvc:
+                description: Name of the backup PVC
+                type: string
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_storage_requirements:
+                description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
+                type: string
+              backup_resource_requirements:
+                description: Resource requirements for the management pod used to create a backup
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              backup_storage_class:
+                description: Storage class to use when creating PVC for backup
+                type: string
+              clean_backup_on_delete:
+                description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
+                type: boolean
+              pg_dump_suffix:
+                description: Additional parameters for the pg_dump command
+                type: string
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              precreate_partition_hours:
+                description: Number of hours worth of events table partitions to precreate before backup to avoid pg_dump locks.
+                type: integer
+                format: int32
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: boolean
+                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              backupDirectory:
+                description: Backup directory name on the specified pvc
+                type: string
+              backupClaim:
+                description: Backup persistent volume claim
+                type: string
--- a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
+++ b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
@@ -0,0 +1,461 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxmeshingresses.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXMeshIngress
+    listKind: AWXMeshIngressList
+    plural: awxmeshingresses
+    singular: awxmeshingress
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AWXMeshIngress is the Schema for the awxmeshingresses API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec defines the desired state of AWXMeshIngress
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the AWX deployment to create the Mesh Ingress for.
+                type: string
+              image_pull_secrets:
+                description: Image pull secrets for Mesh Ingress containers.
+                type: array
+                items:
+                  type: string
+              external_hostname:
+                description: External hostname to use for the Mesh Ingress.
+                type: string
+              external_ipaddress:
+                description: External IP address to use for the Mesh Ingress.
+                type: string
+              ingress_type:
+                description: The ingress type to use to reach the deployed instance
+                type: string
+                enum:
+                - none
+                - Ingress
+                - ingress
+                - IngressRouteTCP
+                - ingressroutetcp
+                - Route
+                - route
+              ingress_api_version:
+                description: The Ingress API version to use
+                type: string
+              ingress_annotations:
+                description: Annotations to add to the Ingress Controller
+                type: string
+              ingress_class_name:
+                description: The name of ingress class to use instead of the cluster default.
+                type: string
+              ingress_controller:
+                description: Special configuration for specific Ingress Controllers
+                type: string
+              node_selector:
+                description: Assign the Mesh Ingress Pod to the specified node.
+                type: string
+              tolerations:
+                description: Scheduling tolerations for the Mesh Ingress instance.
+                type: string
+              topology_spread_constraints:
+                description: Topology spread constraints for the Mesh Ingress instance.
+                type: string
+              affinity:
+                description: Scheduling constraints to apply to the Pod definition
+                properties:
+                  nodeAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            preference:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - preference
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        properties:
+                          nodeSelectorTerms:
+                            items:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            type: array
+                        required:
+                        - nodeSelectorTerms
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
+                  podAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            podAffinityTerm:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - podAffinityTerm
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaceSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaces:
+                              items:
+                                type: string
+                              type: array
+                            topologyKey:
+                              type: string
+                          required:
+                          - topologyKey
+                          type: object
+                        type: array
+                    type: object
+                  podAntiAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            podAffinityTerm:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - podAffinityTerm
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaceSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaces:
+                              items:
+                                type: string
+                              type: array
+                            topologyKey:
+                              type: string
+                          required:
+                          - topologyKey
+                          type: object
+                        type: array
+                    type: object
+                type: object
+          status:
+            description: Status defines the observed state of AWXMeshIngress
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
--- a/config/crd/bases/awx.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml
@@ -0,0 +1,153 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxrestores.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXRestore
+    listKind: AWXRestoreList
+    plural: awxrestores
+    singular: awxrestore
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXRestore CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              backup_source:
+                description: Backup source
+                type: string
+                enum:
+                - Backup CR
+                - PVC
+              deployment_name:
+                description: Name of the restored deployment. This should be different from the original deployment name
+                  if the original deployment still exists.
+                type: string
+              cluster_name:
+                description: Cluster name
+                type: string
+              backup_name:
+                description: AWXBackup object name
+                type: string
+              backup_pvc:
+                description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
+                type: string
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_dir:
+                description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
+                type: string
+              restore_resource_requirements:
+                description: Resource requirements for the management pod that restores AWX from a backup
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              spec_overrides:
+                description: Overrides for the AWX spec
+                # type: string
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: boolean
+                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+              force_drop_db:
+                description: Force drop the database before restoring. USE WITH CAUTION!
+                type: boolean
+                default: false
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              restoreComplete:
+                description: Restore process complete
+                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -0,0 +1,9 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/awx.ansible.com_awxs.yaml
+- bases/awx.ansible.com_awxbackups.yaml
+- bases/awx.ansible.com_awxrestores.yaml
+- bases/awx.ansible.com_awxmeshingresses.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,30 @@
+# Adds namespace to all resources.
+namespace: awx
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: awx-operator-
+
+# Labels to add to all resources and selectors.
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
+resources:
+- ../crd
+- ../rbac
+- ../manager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: manager_auth_proxy_patch.yaml
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -0,0 +1,40 @@
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: kube-rbac-proxy
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8080/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+      - name: awx-manager
+        args:
+        - "--health-probe-bind-address=:6789"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"
+        - "--leader-election-id=awx-operator"
--- a/config/default/manager_config_patch.yaml
+++ b/config/default/manager_config_patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: awx-manager
+        args:
+        - "--config=controller_manager_config.yaml"
+        volumeMounts:
+        - name: awx-manager-config
+          mountPath: /controller_manager_config.yaml
+          subPath: controller_manager_config.yaml
+      volumes:
+      - name: awx-manager-config
+        configMap:
+          name: awx-manager-config
--- a/config/manager/controller_manager_config.yaml
+++ b/config/manager/controller_manager_config.yaml
@@ -0,0 +1,20 @@
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+  healthProbeBindAddress: :6789
+metrics:
+  bindAddress: 127.0.0.1:8080
+
+leaderElection:
+  leaderElect: true
+  resourceName: 811c9dc5.ansible.com
+# leaderElectionReleaseOnCancel defines if the leader should step down volume
+# when the Manager ends. This requires the binary to immediately end when the
+# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+# speeds up voluntary leader transitions as the new leader don't have to wait
+# LeaseDuration time first.
+# In the default scaffold provided, the program ends immediately after
+# the manager stops, so would be fine to enable this option. However,
+# if you are doing or is intended to do any operation such as perform cleanups
+# after the manager stops then its usage might be unsafe.
+# leaderElectionReleaseOnCancel: true
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -0,0 +1,17 @@
+resources:
+- manager.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+- files:
+  - controller_manager_config.yaml
+  name: awx-manager-config
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: quay.io/ansible/awx-operator
+  newTag: latest
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: awx-manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        # For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
+      containers:
+      - args:
+        - --leader-elect
+        - --leader-election-id=awx-operator
+        image: controller:latest
+        imagePullPolicy: IfNotPresent
+        name: awx-manager
+        env:
+        - name: ANSIBLE_GATHERING
+          value: explicit
+        - name: ANSIBLE_DEBUG_LOGS
+          value: 'false'
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 6789
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 6789
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "50m"
+          limits:
+            memory: "4000Mi"
+            cpu: "2000m"
+      serviceAccountName: controller-manager
+      imagePullSecrets:
+      - name: redhat-operators-pull-secret
+      terminationGracePeriodSeconds: 10
--- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
--- a/config/manifests/kustomization.yaml
+++ b/config/manifests/kustomization.yaml
@@ -0,0 +1,7 @@
+# These resources constitute the fully configured set of manifests
+# used to generate the 'manifests/' directory in a bundle.
+resources:
+- bases/awx-operator.clusterserviceversion.yaml
+- ../default
+- ../samples
+- ../scorecard
--- a/config/prometheus/kustomization.yaml
+++ b/config/prometheus/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- monitor.yaml
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@@ -0,0 +1,19 @@
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - path: /metrics
+      port: https
+      scheme: https
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: controller-manager
--- a/config/rbac/auth_proxy_client_clusterrole.yaml
+++ b/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get
--- a/config/rbac/auth_proxy_role.yaml
+++ b/config/rbac/auth_proxy_role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
--- a/config/rbac/auth_proxy_role_binding.yaml
+++ b/config/rbac/auth_proxy_role_binding.yaml
@@ -1,13 +1,12 @@
---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: awx-operator
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
+  name: proxy-rolebinding
 roleRef:
-  kind: ClusterRole
-  name: awx-operator
  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
--- a/config/rbac/auth_proxy_service.yaml
+++ b/config/rbac/auth_proxy_service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager
--- a/config/rbac/awx_editor_role.yaml
+++ b/config/rbac/awx_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get
--- a/config/rbac/awx_viewer_role.yaml
+++ b/config/rbac/awx_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get
--- a/config/rbac/awxbackup_editor_role.yaml
+++ b/config/rbac/awxbackup_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get
--- a/config/rbac/awxbackup_viewer_role.yaml
+++ b/config/rbac/awxbackup_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get
--- a/config/rbac/awxmeshingress_editor_role.yaml
+++ b/config/rbac/awxmeshingress_editor_role.yaml
@@ -0,0 +1,31 @@
+# permissions for end users to edit awxmeshingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: awxmeshingress-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: awx-operator
+    app.kubernetes.io/part-of: awx-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: awxmeshingress-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses/status
+  verbs:
+  - get
--- a/config/rbac/awxmeshingress_viewer_role.yaml
+++ b/config/rbac/awxmeshingress_viewer_role.yaml
@@ -0,0 +1,27 @@
+# permissions for end users to view awxmeshingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: awxmeshingress-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: awx-operator
+    app.kubernetes.io/part-of: awx-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: awxmeshingress-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses/status
+  verbs:
+  - get
--- a/config/rbac/awxrestore_editor_role.yaml
+++ b/config/rbac/awxrestore_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get
--- a/config/rbac/awxrestore_viewer_role.yaml
+++ b/config/rbac/awxrestore_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -0,0 +1,18 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_client_clusterrole.yaml
--- a/config/rbac/leader_election_role.yaml
+++ b/config/rbac/leader_election_role.yaml
@@ -0,0 +1,37 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
--- a/config/rbac/leader_election_role_binding.yaml
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
--- a/ansible/templates/role.yml.j2
+++ b/ansible/templates/role.yml.j2
@@ -1,9 +1,9 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
  creationTimestamp: null
-  name: awx-operator
+  name: awx-manager-role
 rules:
  - apiGroups:
      - route.openshift.io
@@ -11,10 +11,15 @@ rules:
      - routes
      - routes/custom-host
    verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
  - apiGroups:
      - ""
-      - "rbac.authorization.k8s.io"
    resources:
      - pods
      - services
@@ -25,21 +30,66 @@ rules:
      - events
      - configmaps
      - secrets
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - "rbac.authorization.k8s.io"
+    resources:
      - roles
      - rolebindings
    verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
  - apiGroups:
      - apps
-      - extensions
    resources:
      - deployments
      - daemonsets
      - replicasets
      - statefulsets
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
      - ingresses
    verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - batch
+    resources:
+      - cronjobs
+      - jobs
+    verbs:
+      - get
+      - list
+      - create
+      - patch
+      - update
+      - watch
  - apiGroups:
      - monitoring.coreos.com
    resources:
@@ -66,6 +116,8 @@ rules:
      - ""
    resources:
      - pods/exec
+      - pods/attach
+      - pods/log  # log & attach rules needed to be able to grant them to AWX service account
    verbs:
      - create
      - get
@@ -75,6 +127,7 @@ rules:
      - replicasets
    verbs:
      - get
+      - create
  - apiGroups:
      - awx.ansible.com
    resources:
@@ -83,3 +136,16 @@ rules:
      - awxrestores
    verbs:
      - '*'
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutetcps
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
--- a/config/rbac/role_binding.yaml
+++ b/config/rbac/role_binding.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: awx-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: awx-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager
--- a/config/rbac/service_account.yaml
+++ b/config/rbac/service_account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller-manager
+  namespace: system
--- a/config/samples/awx_v1alpha1_awxmeshingress.yaml
+++ b/config/samples/awx_v1alpha1_awxmeshingress.yaml
@@ -0,0 +1,8 @@
+# Placeholder to pass CI and allow bundle generation
+---
+apiVersion: awx.ansible.com/v1alpha1
+kind: AWXMeshIngress
+metadata:
+  name: example-awx-mesh-ingress
+spec:
+  deployment_name: example-awx
--- a/deploy/crds/awx_v1beta1_molecule.yaml
+++ b/deploy/crds/awx_v1beta1_molecule.yaml
@@ -3,17 +3,16 @@ apiVersion: awx.ansible.com/v1beta1
 kind: AWX
 metadata:
  name: example-awx
-  namespace: example-awx
 spec:
-  service_account_annotations: |
-    foo: bar
-  deployment_type: awx
-  ingress_type: ingress
  web_resource_requirements:
    requests:
-      cpu: 500m
+      cpu: 50m
      memory: 128M
  task_resource_requirements:
    requests:
-      cpu: 500m
+      cpu: 50m
      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 64M
--- a/config/samples/awx_v1beta1_awx_resource_limits.yaml
+++ b/config/samples/awx_v1beta1_awx_resource_limits.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-with-limits
+spec:
+  task_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 2000m
+      memory: 4Gi
+  web_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  ee_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  redis_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  rsyslog_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+  init_container_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 2Gi
--- a/config/samples/awx_v1beta1_awxbackup.yaml
+++ b/config/samples/awx_v1beta1_awxbackup.yaml
@@ -0,0 +1,13 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXBackup
+metadata:
+  name: example-awx-backup
+spec:
+  deployment_name: example-awx
+  backup_resource_requirements:
+    limits:
+      cpu: "1000m"
+      memory: "4096Mi"
+    requests:
+      cpu: "25m"
+      memory: "32Mi"
--- a/config/samples/awx_v1beta1_awxrestore.yaml
+++ b/config/samples/awx_v1beta1_awxrestore.yaml
@@ -0,0 +1,14 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXRestore
+metadata:
+  name: awxrestore-sample
+spec:
+  deployment_name: example-awx-2
+  backup_name: example-awx-backup
+  restore_resource_requirements:
+    limits:
+      cpu: "1000m"
+      memory: "4096Mi"
+    requests:
+      cpu: "25m"
+      memory: "32Mi"
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -0,0 +1,7 @@
+## Append samples you want in your CSV to this file as resources ##
+resources:
+- awx_v1beta1_awx.yaml
+- awx_v1beta1_awxbackup.yaml
+- awx_v1beta1_awxrestore.yaml
+- awx_v1alpha1_awxmeshingress.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples
--- a/config/scorecard/bases/config.yaml
+++ b/config/scorecard/bases/config.yaml
@@ -0,0 +1,7 @@
+apiVersion: scorecard.operatorframework.io/v1alpha3
+kind: Configuration
+metadata:
+  name: config
+stages:
+- parallel: true
+  tests: []
--- a/config/scorecard/kustomization.yaml
+++ b/config/scorecard/kustomization.yaml
@@ -0,0 +1,16 @@
+resources:
+- bases/config.yaml
+patchesJson6902:
+- path: patches/basic.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+- path: patches/olm.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+#+kubebuilder:scaffold:patchesJson6902
--- a/config/scorecard/patches/basic.config.yaml
+++ b/config/scorecard/patches/basic.config.yaml
@@ -0,0 +1,10 @@
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
+    labels:
+      suite: basic
+      test: basic-check-spec-test
--- a/config/scorecard/patches/olm.config.yaml
+++ b/config/scorecard/patches/olm.config.yaml
@@ -0,0 +1,50 @@
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
+    labels:
+      suite: olm
+      test: olm-bundle-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
+    labels:
+      suite: olm
+      test: olm-crds-have-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
+    labels:
+      suite: olm
+      test: olm-crds-have-resources-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
+    labels:
+      suite: olm
+      test: olm-spec-descriptors-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
+    labels:
+      suite: olm
+      test: olm-status-descriptors-test
--- a/config/testing/debug_logs_patch.yaml
+++ b/config/testing/debug_logs_patch.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          env:
+            - name: ANSIBLE_DEBUG_LOGS
+              value: "TRUE"
--- a/config/testing/kustomization.yaml
+++ b/config/testing/kustomization.yaml
@@ -0,0 +1,23 @@
+# Adds namespace to all resources.
+namespace: osdk-test
+
+namePrefix: osdk-
+
+# Labels to add to all resources and selectors.
+#commonLabels:
+#  someName: someValue
+
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../crd
+- ../rbac
+- ../manager
+images:
+- name: testing
+  newName: testing-operator
+patches:
+- path: manager_image.yaml
+- path: debug_logs_patch.yaml
+- path: ../default/manager_auth_proxy_patch.yaml
--- a/config/testing/manager_image.yaml
+++ b/config/testing/manager_image.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          image: testing
--- a/config/testing/pull_policy/Always.yaml
+++ b/config/testing/pull_policy/Always.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Always
--- a/config/testing/pull_policy/IfNotPresent.yaml
+++ b/config/testing/pull_policy/IfNotPresent.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: IfNotPresent
--- a/config/testing/pull_policy/Never.yaml
+++ b/config/testing/pull_policy/Never.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Never
--- a/deploy/awx-operator.yaml
+++ b/deploy/awx-operator.yaml
@@ -1,659 +0,0 @@
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                hostname:
-                  description: The hostname of the instance
-                  type: string
-                admin_email:
-                  description: The admin user email
-                  type: string
-                admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for data migration
-                  type: string
-                secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                service_type:
-                  description: The service type to be used on the deployed instance
-                  type: string
-                  enum:
-                    - LoadBalancer
-                    - loadbalancer
-                    - ClusterIP
-                    - clusterip
-                    - NodePort
-                    - nodeport
-                ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                ingress_annotations:
-                  description: Annotations to add to the Ingress Controller
-                  type: string
-                ingress_tls_secret:
-                  description: Secret where the Ingress TLS secret can be found
-                  type: string
-                loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                node_selector:
-                  description: nodeSelector for the pods
-                  type: string
-                service_labels:
-                  description: Additional labels to apply to the service
-                  type: string
-                tolerations:
-                  description: node tolerations for the pods
-                  type: string
-                image:
-                  description: Registry path to the application container to use
-                  type: string
-                image_version:
-                  description: Application container image version to use
-                  type: string
-                ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                service_account_annotations:
-                  description: ServiceAccount annotations
-                  type: string
-                replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                create_preload_data:
-                  description: Whether or not to preload data upon instance creation
-                  default: true
-                  type: boolean
-                task_args:
-                  type: array
-                  items:
-                    type: string
-                task_command:
-                  type: array
-                  items:
-                    type: string
-                web_args:
-                  type: array
-                  items:
-                    type: string
-                web_command:
-                  type: array
-                  items:
-                    type: string
-                task_extra_env:
-                  type: string
-                web_extra_env:
-                  type: string
-                ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                URL:
-                  description: URL to access the deployed instance
-                  type: string
-                adminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                adminPasswordSecret:
-                  description: Admin password secret name of the deployed instance
-                  type: string
-                postgresConfigurationSecret:
-                  description: Postgres Configuration secret name of the deployed instance
-                  type: string
-                broadcastWebsocketSecret:
-                  description: Broadcast websocket secret name of the deployed instance
-                  type: string
-                secretKeySecret:
-                  description: Secret key secret name of the deployed instance
-                  type: string
-                migratedFromSecret:
-                  description: The secret used for migrating an old instance.
-                  type: string
-                version:
-                  description: Version of the deployed instance
-                  type: string
-                image:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
-
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxbackups.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXBackup
-    listKind: AWXBackupList
-    plural: awxbackups
-    singular: awxbackup
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXBackup CRD
-          properties:
-            spec:
-              type: object
-              required:
-                - deployment_name
-              properties:
-                deployment_name:
-                  description: Name of the deployment to be backed up
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be used for storing the backup
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace PVC is in
-                  type: string
-                backup_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  type: string
-                backup_storage_class:
-                  description: Storage class to use when creating PVC for backup
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
-
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxrestores.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXRestore
-    listKind: AWXRestoreList
-    plural: awxrestores
-    singular: awxrestore
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXRestore CRD
-          properties:
-            spec:
-              type: object
-              properties:
-                backup_source:
-                  description: Backup source
-                  type: string
-                  enum:
-                    - CR
-                    - PVC
-                deployment_name:
-                  description: Name of the deployment to be restored to
-                  type: string
-                backup_name:
-                  description: AWXBackup object name
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace the PVC is in
-                  type: string
-                backup_dir:
-                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
-
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: awx-operator
-rules:
-  - apiGroups:
-      - route.openshift.io
-    resources:
-      - routes
-      - routes/custom-host
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-      - "rbac.authorization.k8s.io"
-    resources:
-      - pods
-      - services
-      - services/finalizers
-      - serviceaccounts
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-      - roles
-      - rolebindings
-    verbs:
-      - '*'
-  - apiGroups:
-      - apps
-      - extensions
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-      - ingresses
-    verbs:
-      - '*'
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - create
-  - apiGroups:
-      - apps
-    resourceNames:
-      - awx-operator
-    resources:
-      - deployments/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - apps
-    resources:
-      - deployments/scale
-      - statefulsets/scale
-    verbs:
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - replicasets
-    verbs:
-      - get
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - '*'
-      - awxbackups
-      - awxrestores
-    verbs:
-      - '*'
-
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: awx-operator
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
-
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: default
-
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "quay.io/ansible/awx-operator:0.10.0"
-          imagePullPolicy: "Always"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-            - name: OPERATOR_VERSION
-              value: "0.10.0"
-            - name: ANSIBLE_DEBUG_LOGS
-              value: "false"
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-      volumes:
-        - name: runner
-          emptyDir: {}
--- a/deploy/crds/awx_v1beta1_crd.yaml
+++ b/deploy/crds/awx_v1beta1_crd.yaml
@@ -1,399 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                hostname:
-                  description: The hostname of the instance
-                  type: string
-                admin_email:
-                  description: The admin user email
-                  type: string
-                admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for data migration
-                  type: string
-                secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                service_type:
-                  description: The service type to be used on the deployed instance
-                  type: string
-                  enum:
-                    - LoadBalancer
-                    - loadbalancer
-                    - ClusterIP
-                    - clusterip
-                    - NodePort
-                    - nodeport
-                ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                ingress_annotations:
-                  description: Annotations to add to the Ingress Controller
-                  type: string
-                ingress_tls_secret:
-                  description: Secret where the Ingress TLS secret can be found
-                  type: string
-                loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                node_selector:
-                  description: nodeSelector for the pods
-                  type: string
-                service_labels:
-                  description: Additional labels to apply to the service
-                  type: string
-                tolerations:
-                  description: node tolerations for the pods
-                  type: string
-                image:
-                  description: Registry path to the application container to use
-                  type: string
-                image_version:
-                  description: Application container image version to use
-                  type: string
-                ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                service_account_annotations:
-                  description: ServiceAccount annotations
-                  type: string
-                replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                create_preload_data:
-                  description: Whether or not to preload data upon instance creation
-                  default: true
-                  type: boolean
-                task_args:
-                  type: array
-                  items:
-                    type: string
-                task_command:
-                  type: array
-                  items:
-                    type: string
-                web_args:
-                  type: array
-                  items:
-                    type: string
-                web_command:
-                  type: array
-                  items:
-                    type: string
-                task_extra_env:
-                  type: string
-                web_extra_env:
-                  type: string
-                ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                URL:
-                  description: URL to access the deployed instance
-                  type: string
-                adminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                adminPasswordSecret:
-                  description: Admin password secret name of the deployed instance
-                  type: string
-                postgresConfigurationSecret:
-                  description: Postgres Configuration secret name of the deployed instance
-                  type: string
-                broadcastWebsocketSecret:
-                  description: Broadcast websocket secret name of the deployed instance
-                  type: string
-                secretKeySecret:
-                  description: Secret key secret name of the deployed instance
-                  type: string
-                migratedFromSecret:
-                  description: The secret used for migrating an old instance.
-                  type: string
-                version:
-                  description: Version of the deployed instance
-                  type: string
-                image:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
--- a/deploy/crds/awxbackup_v1beta1_crd.yaml
+++ b/deploy/crds/awxbackup_v1beta1_crd.yaml
@@ -1,48 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxbackups.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXBackup
-    listKind: AWXBackupList
-    plural: awxbackups
-    singular: awxbackup
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXBackup CRD
-          properties:
-            spec:
-              type: object
-              required:
-                - deployment_name
-              properties:
-                deployment_name:
-                  description: Name of the deployment to be backed up
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be used for storing the backup
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace PVC is in
-                  type: string
-                backup_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  type: string
-                backup_storage_class:
-                  description: Storage class to use when creating PVC for backup
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
--- a/deploy/crds/awxrestore_v1beta1_crd.yaml
+++ b/deploy/crds/awxrestore_v1beta1_crd.yaml
@@ -1,52 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxrestores.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXRestore
-    listKind: AWXRestoreList
-    plural: awxrestores
-    singular: awxrestore
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXRestore CRD
-          properties:
-            spec:
-              type: object
-              properties:
-                backup_source:
-                  description: Backup source
-                  type: string
-                  enum:
-                    - CR
-                    - PVC
-                deployment_name:
-                  description: Name of the deployment to be restored to
-                  type: string
-                backup_name:
-                  description: AWXBackup object name
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace the PVC is in
-                  type: string
-                backup_dir:
-                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
--- a/deploy/kustomization.yaml
+++ b/deploy/kustomization.yaml
@@ -1,5 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./awx-operator.yaml
--- a/Show More
+++ b/Show More