Merge pull request #755 from rooftopcellist/mv-data-subPath

Use an Init Container to move the pg data subPath in the pvc

.github/workflows/devel.yaml

@@ -13,16 +13,9 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
-      - name: Install Operator-SDK
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
-          chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-
       - name: Build Image
         run: |
-          operator-sdk build awx-operator:devel
+          IMG=awx-operator:devel make docker-build
 
       - name: Push To Quay
         uses: redhat-actions/push-to-registry@v2.1.1
@@ -30,5 +23,5 @@ jobs:
           image: awx-operator
           tags: devel
           registry: quay.io/ansible/
-          username: ${{ secrets.QUAY_USERNAME }}
+          username: ${{ secrets.QUAY_USER }}
           password: ${{ secrets.QUAY_TOKEN }}

.github/workflows/promote.yaml

@@ -0,0 +1,25 @@
+---
+name: Promote AWX Operator image
+on:
+  release:
+    types: [published]
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Log in to Quay
+        run: |
+          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
+
+      - name: Re-tag and promote awx-operator image
+        run: |
+          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
+          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker push quay.io/${{ github.repository }}:latest

.github/workflows/release.yaml

@@ -1,28 +0,0 @@
----
-
-name: Release
-
-on:
-  release:
-    types:
-      - created
-
-jobs:
-  release:
-    runs-on: ubuntu-18.04
-    name: Push tagged image to Quay
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build Image
-        run: |
-          IMG=awx-operator:${{ github.event.release.tag_name }} make docker-build
-
-      - name: Push To Quay
-        uses: redhat-actions/push-to-registry@v2.1.1
-        with:
-          image: awx-operator
-          tags: ${{ github.event.release.tag_name }}
-          registry: quay.io/ansible/
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_TOKEN }}

.github/workflows/stage.yml

@@ -0,0 +1,84 @@
+---
+name: Stage Release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to stage'
+        required: true
+      default_awx_version:
+        description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
+        required: true
+      confirm:
+        description: 'Are you sure? Set this to yes.'
+        required: true
+        default: 'no'
+
+jobs:
+  stage:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+    steps:
+      - name: Verify inputs
+        run: |
+          set -e
+
+          if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
+            >&2 echo "Confirm must be 'yes'"
+            exit 1
+          fi
+
+          if [[ ${{ github.event.inputs.version }} == "" ]]; then
+            >&2 echo "Set version to continue."
+            exit 1
+          fi
+
+          exit 0
+
+      - name: Checkout awx
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx
+          path: awx
+
+      - name: Checkout awx-operator
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx-operator
+          path: awx-operator
+
+      - name: Install playbook dependencies
+        run: |
+          python3 -m pip install docker
+
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and stage awx-operator
+        working-directory: awx-operator
+        run: |
+          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }}" \
+          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
+          VERSION=${{ github.event.inputs.version }} make docker-build docker-push
+
+      - name: Run test deployment
+        working-directory: awx-operator
+        run: |
+          python3 -m pip install -r molecule/requirements.txt
+          ansible-galaxy collection install -r molecule/requirements.yml
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+        env:
+          AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
+
+      - name: Create draft release
+        working-directory: awx
+        run: |
+          ansible-playbook tools/ansible/stage.yml \
+            -e version=${{ github.event.inputs.version }} \
+            -e repo=${{ github.repository_owner }}/awx-operator \
+            -e github_token=${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,3 +1,6 @@
 *~
 .cache/
 /bin
+/bundle
+/bundle_tmp*
+/bundle.Dockerfile

.yamllint

@@ -11,4 +11,3 @@ rules:
   truthy: disable
   line-length:
     max: 170
-    level: warning

Dockerfile

@@ -1,5 +1,8 @@
 FROM quay.io/operator-framework/ansible-operator:v1.12.0
 
+ARG DEFAULT_AWX_VERSION
+ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
+
 COPY requirements.yml ${HOME}/requirements.yml
 RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
  && chmod -R ug+rwx ${HOME}/.ansible

Makefile

@@ -3,7 +3,9 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.14.0
+VERSION ?= $(shell git describe --tags)
+
+CONTAINER_CMD ?= docker
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
@@ -63,10 +65,10 @@ run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kub
 	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
 
 docker-build: ## Build docker image with the manager.
-	docker build -t ${IMG} .
+	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
 
 docker-push: ## Push docker image with the manager.
-	docker push ${IMG}
+	${CONTAINER_CMD} push ${IMG}
 
 ##@ Deployment
 
@@ -76,10 +78,15 @@ install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/con
 uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | kubectl delete -f -
 
+gen-resources: kustomize ## Generate resources for controller and print to stdout
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default
+
 deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default | kubectl apply -f -
 
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl delete -f -
@@ -124,11 +131,12 @@ bundle: kustomize ## Generate bundle manifests and metadata, then validate gener
 	operator-sdk generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	cd config/manifests/bases && python inject-csv-config.py
 	operator-sdk bundle validate ./bundle
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
-	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+	${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
 
 .PHONY: bundle-push
 bundle-push: ## Push the bundle image.
@@ -167,7 +175,7 @@ endif
 # https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
 .PHONY: catalog-build
 catalog-build: opm ## Build a catalog image.
-	$(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+	$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
 
 # Push the catalog image.
 .PHONY: catalog-push

README.md

@@ -44,8 +44,6 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
 
 This operator is meant to provide a more Kubernetes-native installation method for AWX via an AWX Custom Resource Definition (CRD).
 
-> :warning: The operator is not supported by Red Hat, and is in **alpha** status. For now, use it at your own risk!
-
 ## Usage
 
 ### Basic Install
@@ -136,7 +134,7 @@ awx-operator-controller-manager-66ccd8f997-rhd4z   2/2     Running   0
 So we don't have to keep repeating `-n $NAMESPACE`, let's set the current namespace for `kubectl`:
 
 ```
-$ kubectl config set-context --current --namespace=$NAMESPACE 
+$ kubectl config set-context --current --namespace=$NAMESPACE
 ```
 
 Next, create a file named `awx-demo.yml` with the suggested content below. The `metadata.name` you provide, will be the name of the resulting AWX deployment.
@@ -163,7 +161,7 @@ awx.awx.ansible.com/awx-demo created
 After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
 
 ```
-$ kubectl logs -f deployments/awx-operator-controller-manager -c manager
+$ kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
 ```
 
 After a few seconds, you should see the operator begin to create new resources:
@@ -320,6 +318,7 @@ The following variables are customizable when `ingress_type=ingress`. The `ingre
 | ingress_tls_secret         | Secret that contains the TLS information | Empty string                 |
 | hostname                   | Define the FQDN                          | {{ meta.name }}.example.com  |
 | ingress_path               | Define the ingress path to the service   | /                            |
+| ingress_path_type          | Define the type of the path (for LBs)    | Prefix                       |
 
 ```yaml
 ---
@@ -421,6 +420,9 @@ spec:
     limits:
       storage: 50Gi
   postgres_storage_class: fast-ssd
+  postgres_extra_args:
+    - '-c'
+    - 'max_connections=1000'
 ```
 
 **Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
@@ -458,6 +460,20 @@ spec:
 
 **Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
 
+#### Redis container capabilities
+
+Depending on your kubernetes cluster and settings you might need to grant some capabilities to the redis container so it can start. Set the `redis_capabilities` option so the capabilities are added in the deployment.
+
+```yaml
+---
+spec:
+  ...
+  redis_capabilities:
+    - CHOWN
+    - SETUID
+    - SETGID
+```
+
 #### Privileged Tasks
 
 Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource:
@@ -522,16 +538,18 @@ spec:
 You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
 the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
 pods to be scheduled onto nodes with matching taints.
+The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints`  
 
 
-| Name                           | Description                 | Default |
-| -------------------------------| --------------------------- | ------- |
-| postgres_image                 | Path of the image to pull   | 12      |
-| postgres_image_version         | Image version to pull       | 12      |
-| node_selector                  | AWX pods' nodeSelector      | ''      |
-| tolerations                    | AWX pods' tolerations       | ''      |
-| postgres_selector              | Postgres pods' nodeSelector | ''      |
-| postgres_tolerations           | Postgres pods' tolerations  | ''      |
+| Name                           | Description                              | Default |
+| -------------------------------| ---------------------------------------- | ------- |
+| postgres_image                 | Path of the image to pull                | 12      |
+| postgres_image_version         | Image version to pull                    | 12      |
+| node_selector                  | AWX pods' nodeSelector                   | ''      |
+| topology_spread_constraints    | AWX pods' topologySpreadConstraints      | ''      |
+| tolerations                    | AWX pods' tolerations                    | ''      |
+| postgres_selector              | Postgres pods' nodeSelector              | ''      |
+| postgres_tolerations           | Postgres pods' tolerations               | ''      |
 
 Example of customization could be:
 
@@ -543,6 +561,13 @@ spec:
     disktype: ssd
     kubernetes.io/arch: amd64
     kubernetes.io/os: linux
+  topology_spread_constraints: |
+    - maxSkew: 100
+      topologyKey: "topology.kubernetes.io/zone"
+      whenUnsatisfiable: "ScheduleAnyway"
+      labelSelector:
+        matchLabels:
+          app.kubernetes.io/name: "<resourcename>"
   tolerations: |
     - key: "dedicated"
       operator: "Equal"
@@ -841,46 +866,11 @@ Please visit [our contributing guidelines](https://github.com/ansible/awx-operat
 
 ## Release Process
 
-### Update version and files
+The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you dont need to do it as a separate step.
 
-Update the awx-operator version:
+If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually.
 
-  - `Makefile`
-
-### Verify Functionality
-
-Run the following command inside this directory:
-
-```
-$ IMAGE_TAG_BASE=quay.io/<user>/awx-operator make docker-build docker-push
-```
-
-After it is built, test it on a local cluster:
-
-```
-$ minikube start --memory 6g --cpus 4
-$ minikube addons enable ingress
-$ export NAMESPACE=example-awx
-$ make deploy
-$ ansible-playbook ansible/instantiate-awx-deployment.yml -e namespace=$NAMESPACE -e image=quay.io/<user>/awx -e service_type=nodeport
-$ # Verify that the awx-task and awx-web containers are launched
-$ # with the right version of the awx image
-$ # Launch a job at `minikube service awx-demo-service --url -n $NAMESPACE`
-$ minikube delete
-```
-
-### Update changelog
-
-Generate a list of commits between the versions and add it to the [changelog](./CHANGELOG.md).
-```
-$ git log --no-merges --pretty="- %s (%an) - %h " <old_tag>..<new_tag>
-```
-
-### Commit / Create Release
-
-If everything works, commit the updated version, then [publish a new release](https://github.com/ansible/awx-operator/releases/new) using the same version you used in `ansible/group_vars/all`.
-
-After creating the release, [this GitHub Workflow](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/release.yaml) will run and publish the new image to quay.io.
+After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, publishing the image to Quay.
 
 ## Author
 

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -89,6 +89,9 @@ spec:
                 ingress_path:
                   description: The ingress path used to reach the deployed service
                   type: string
+                ingress_path_type:
+                  description: The ingress path type for the deployed service
+                  type: string
                 ingress_annotations:
                   description: Annotations to add to the Ingress Controller
                   type: string
@@ -131,6 +134,9 @@ spec:
                 node_selector:
                   description: nodeSelector for the pods
                   type: string
+                topology_spread_constraints:
+                  description: topology rule(s) for the pods
+                  type: string
                 service_labels:
                   description: Additional labels to apply to the service
                   type: string
@@ -292,6 +298,11 @@ spec:
                 redis_image_version:
                   description: Redis container image version to use
                   type: string
+                redis_capabilities:
+                  description: Redis container capabilities
+                  type: array
+                  items:
+                    type: string
                 init_container_image:
                   description: Registry path to the init container to use
                   type: string
@@ -354,6 +365,10 @@ spec:
                 postgres_data_path:
                   description: Path where the PostgreSQL data are located
                   type: string
+                postgres_extra_args:
+                  type: array
+                  items:
+                    type: string
                 ca_trust_bundle:
                   description: Path where the trusted CA bundle is available
                   type: string
@@ -400,6 +415,10 @@ spec:
                         x-kubernetes-preserve-unknown-fields: true
                     type: object
                   type: array
+                security_context_settings:
+                  description: Key/values that will be set under the pod-level securityContext field
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
               type: object
             status:
               properties:

config/default/manager_auth_proxy_patch.yaml

@@ -21,7 +21,7 @@ spec:
             - containerPort: 8443
               protocol: TCP
               name: https
-        - name: manager
+        - name: awx-manager
           args:
             - "--health-probe-bind-address=:6789"
             - "--metrics-bind-address=127.0.0.1:8080"

config/default/manager_config_patch.yaml

@@ -8,14 +8,14 @@ spec:
   template:
     spec:
       containers:
-        - name: manager
+        - name: awx-manager
           args:
             - "--config=controller_manager_config.yaml"
           volumeMounts:
-            - name: manager-config
+            - name: awx-manager-config
               mountPath: /controller_manager_config.yaml
               subPath: controller_manager_config.yaml
       volumes:
-        - name: manager-config
+        - name: awx-manager-config
           configMap:
-            name: manager-config
+            name: awx-manager-config

config/manager/kustomization.yaml

@@ -5,10 +5,10 @@ generatorOptions:
 configMapGenerator:
 - files:
   - controller_manager_config.yaml
-  name: manager-config
+  name: awx-manager-config
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
   newName: quay.io/ansible/awx-operator
-  newTag: 0.14.0
+  newTag: latest

config/manager/manager.yaml

@@ -30,10 +30,12 @@ spec:
             - --leader-elect
             - --leader-election-id=awx-operator
           image: controller:latest
-          name: manager
+          name: awx-manager
           env:
             - name: ANSIBLE_GATHERING
               value: explicit
+            - name: ANSIBLE_DEBUG_LOGS
+              value: 'false'
             - name: WATCH_NAMESPACE
               valueFrom:
                 fieldRef:

config/manifests/bases/inject-csv-config.py

@@ -0,0 +1,24 @@
+'''
+After generating the CSV file, inject custom configuration such as
+OLM parameters, relatedImages, etc.
+'''
+
+import yaml
+
+csv_path = "../../../bundle/manifests/awx-operator.clusterserviceversion.yaml"
+existing_csv = open(csv_path, 'r')
+csv = yaml.safe_load(existing_csv)
+
+
+raw_olm_params = open("olm-parameters.yaml")
+olm_params = yaml.safe_load(raw_olm_params)
+
+# Inject OLM parameters for Customer Resource Objects
+csv['spec']['customresourcedefinitions']['owned'] = olm_params
+
+csv['metadata']['annotations']['alm-examples'] = ''
+
+file_content = yaml.safe_dump(csv, default_flow_style=False, explicit_start=True)
+
+with open(csv_path, 'w') as f:
+    f.write(file_content)

config/manifests/bases/olm-parameters.yaml

@@ -0,0 +1,599 @@
+---
+- displayName: AWX Backup
+  description: Back up a deployment of the awx, including jobs, inventories, and credentials
+  kind: AWXBackup
+  name: awxbackups.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+  - displayName: Deployment name
+    path: deployment_name
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+  - displayName: Backup persistent volume claim
+    path: backup_pvc
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup persistent volume claim namespace
+    path: backup_pvc_namespace
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup PVC storage requirements
+    path: backup_storage_requirements
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup PVC storage class
+    path: backup_storage_class
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Database backup label selector
+    path: postgres_label_selector
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  - displayName: PostgreSQL Image
+    path: postgres_image
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  - displayName: PostgreSQL Image Version
+    path: postgres_image_version
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: The persistent volume claim name used during backup
+      displayName: Backup claim
+      path: backupClaim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: The directory data is backed up to on the PVC
+      displayName: Backup directory
+      path: backupDirectory
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+- displayName: AWX Restore
+  description: Restore a previous awx deployment into the namespace
+  kind: AWXRestore
+  name: awxrestores.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+    - displayName: Backup source to restore ?
+      path: backup_source
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:select:CR
+        - urn:alm:descriptor:com.tectonic.ui:select:PVC
+    - displayName: Backup name
+      path: backup_name
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR
+    - displayName: Name of newly restored deployment
+      path: deployment_name
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Backup persistent volume claim
+      path: backup_pvc
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
+    - displayName: Backup namespace
+      path: backup_pvc_namespace
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Backup directory in the persistent volume claim
+      path: backup_dir
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
+    - displayName: Database restore label selector
+      path: postgres_label_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image
+      path: postgres_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image Version
+      path: postgres_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: The state of the restore
+      displayName: Restore status
+      path: restoreComplete
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+- description: Deploy a new instance of AWX
+  displayName: AWX
+  kind: AWX
+  name: awxs.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+    - displayName: Hostname
+      path: hostname
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin account username
+      path: admin_user
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin email address
+      path: admin_email
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin password secret
+      path: admin_password_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Database configuration secret
+      path: postgres_configuration_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Old Database configuration secret
+      path: old_postgres_configuration_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Secret key secret
+      path: secret_key_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Broadcast Websocket Secret
+      path: broadcast_websocket_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Service Account Annotations
+      path: service_account_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Tower Service Type
+      path: service_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:ClusterIP
+        - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
+        - urn:alm:descriptor:com.tectonic.ui:select:NodePort
+    - displayName: Tower Ingress Type
+      path: ingress_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:none
+        - urn:alm:descriptor:com.tectonic.ui:select:Ingress
+        - urn:alm:descriptor:com.tectonic.ui:select:Route
+    - displayName: Ingress Path
+      path: ingress_path
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Ingress Path Type
+      path: ingress_path_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower Ingress Annotations
+      path: ingress_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower Ingress TLS Secret
+      path: ingress_tls_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower LoadBalancer Annotations
+      path: loadbalancer_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Tower LoadBalancer Protocol
+      path: loadbalancer_protocol
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:http
+        - urn:alm:descriptor:com.tectonic.ui:select:https
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Tower LoadBalancer Port
+      path: loadbalancer_port
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:number
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Route DNS host
+      path: route_host
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Route TLS termination mechanism
+      path: route_tls_termination_mechanism
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:Edge
+        - urn:alm:descriptor:com.tectonic.ui:select:Passthrough
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Route TLS credential secret
+      path: route_tls_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Image Pull Policy
+      path: image_pull_policy
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
+    - displayName: Image Pull Secret
+      path: image_pull_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Web container resource requirements
+      path: web_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: Task container resource requirements
+      path: task_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: EE Control Plane container resource requirements
+      path: ee_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL container resource requirements (when using a managed
+        instance)
+      path: postgres_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL container storage requirements (when using a managed
+        instance)
+      path: postgres_storage_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: Replicas
+      path: replicas
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:number
+    - displayName: Remove used secrets on instance removal ?
+      path: garbage_collect_secrets
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Preload instance with data upon creation ?
+      path: create_preload_data
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Deploy the instance in development mode ?
+      path: development_mode
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Should the task container deployed with privileged level ?
+      path: task_privileged
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment Type
+      path: deployment_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment Kind
+      path: kind
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment apiVersion
+      path: api_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Image
+      path: image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Image Version
+      path: image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Image
+      path: redis_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Image Version
+      path: redis_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Capabilities
+      path: redis_capabilities
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image
+      path: postgres_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image Version
+      path: postgres_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Selector
+      path: postgres_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Label Selector
+      path: postgres_label_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Tolerations
+      path: postgres_tolerations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Storage Class
+      path: postgres_storage_class
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Datapath
+      path: postgres_data_path
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Certificate Authorirty Trust Bundle
+      path: ca_trust_bundle
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: LDAP Certificate Authority Trust Bundle
+      path: ldap_cacert_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Task Args
+      path: task_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Enable persistence for /var/lib/projects directory?
+      path: projects_persistence
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Use existing Persistent Claim?
+      path: projects_use_existing_claim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:_Yes_
+        - urn:alm:descriptor:com.tectonic.ui:select:_No_
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
+    - displayName: Projects Existing Persistent Claim
+      path: projects_existing_claim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
+        - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
+    - description: Projects Storage Class Name. If not present, the default storage
+        class will be used.
+      displayName: Projects Storage Class Name
+      path: projects_storage_class
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Projects Storage Size
+      displayName: Projects Storage Size
+      path: projects_storage_size
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Projects Storage Access Mode
+      displayName: Projects Storage Access Mode
+      path: projects_storage_access_mode
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Task Command
+      path: task_command
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to Task container
+      displayName: Task Extra Env
+      path: task_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Execution container
+      displayName: EE Extra Volume Mounts
+      path: ee_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the Execution Environment container to use
+      displayName: EE Images
+      path: ee_images
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to EE container
+      displayName: EE Extra Env
+      path: ee_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the Execution Environment container to use on
+        control plane pods
+      displayName: Control Plane EE Image
+      path: control_plane_ee_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: EE Images Pull Credentials Secret
+      displayName: EE Images Pull Credentials Secret
+      path: ee_pull_credentials_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - description: Specify volume mounts to be added to Task container
+      displayName: Task Extra Volume Mounts
+      path: task_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Web Args
+      path: web_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Web Command
+      path: web_command
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to Web container
+      displayName: Web Extra Env
+      path: web_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Web container
+      displayName: Web Extra Volume Mounts
+      path: web_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify extra volumes to add to the application pod
+      displayName: Extra Volumes
+      path: extra_volumes
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Node Selector
+      path: node_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Topology Spread Constraints
+      path: topology_spread_constraints
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Service Labels
+      path: service_labels
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Tolerations
+      path: tolerations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: API Extra Settings
+      path: extra_settings
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Security Context Settings
+      path: security_context_settings
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the init container to use
+      displayName: Init Container Image
+      path: init_container_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Init container image version to use
+      displayName: Init Container Image Version
+      path: init_container_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify Extra commands for the Init container
+      displayName: Init Container Extra Commands
+      path: init_container_extra_commands
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Init container
+      displayName: Init Container Extra Volume Mounts
+      path: init_container_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Secret where can be found the trusted Certificate Authority Bundle
+      path: bundle_cacert_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Nodeport Port
+      path: nodeport_port
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: Route to access the instance deployed
+      displayName: URL
+      path: URL
+      x-descriptors:
+        - urn:alm:descriptor:org.w3:link
+    - description: Admin user for the instance deployed
+      displayName: Admin User
+      path: adminUser
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Admin password for the instance deployed
+      displayName: Admin Password
+      path: adminPasswordSecret
+      x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - description: Version of the instance deployed
+      displayName: Version
+      path: version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Image of the instance deployed
+      displayName: Image
+      path: image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text

config/rbac/role.yaml

@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   creationTimestamp: null
-  name: manager-role
+  name: awx-manager-role
 rules:
   - apiGroups:
       - route.openshift.io

config/rbac/role_binding.yaml

@@ -2,11 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: manager-rolebinding
+  name: awx-manager-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: manager-role
+  name: awx-manager-role
 subjects:
   - kind: ServiceAccount
     name: controller-manager

config/samples/awx_v1beta1_awx.yaml

@@ -4,12 +4,6 @@ kind: AWX
 metadata:
   name: example-awx
 spec:
-  service_account_annotations: |
-    foo: bar
-  deployment_type: awx
-  ingress_type: ingress
-  ingress_annotations: |
-    kubernetes.io/ingress.class: nginx
   web_resource_requirements:
     requests:
       cpu: 250m

config/testing/debug_logs_patch.yaml

@@ -8,7 +8,7 @@ spec:
   template:
     spec:
       containers:
-        - name: manager
+        - name: awx-manager
           env:
             - name: ANSIBLE_DEBUG_LOGS
               value: "TRUE"

config/testing/manager_image.yaml

@@ -8,5 +8,5 @@ spec:
   template:
     spec:
       containers:
-        - name: manager
+        - name: awx-manager
           image: testing

config/testing/pull_policy/Always.yaml

@@ -8,5 +8,5 @@ spec:
   template:
     spec:
       containers:
-        - name: manager
+        - name: awx-manager
           imagePullPolicy: Always

config/testing/pull_policy/IfNotPresent.yaml

@@ -8,5 +8,5 @@ spec:
   template:
     spec:
       containers:
-        - name: manager
+        - name: awx-manager
           imagePullPolicy: IfNotPresent

config/testing/pull_policy/Never.yaml

@@ -8,5 +8,5 @@ spec:
   template:
     spec:
       containers:
-        - name: manager
+        - name: awx-manager
           imagePullPolicy: Never

molecule/default/molecule.yml

@@ -21,6 +21,9 @@ provisioner:
         namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
     host_vars:
       localhost:
+        awx_image: ${AWX_TEST_IMAGE:-""}
+        awx_version: ${AWX_TEST_VERSION:-""}
+        default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
         ansible_python_interpreter: '{{ ansible_playbook_python }}'
         config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
         samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples

molecule/default/tasks/awx_test.yml

@@ -3,15 +3,13 @@
   k8s:
     state: present
     namespace: '{{ namespace }}'
-    definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}"
+    definition: "{{ lookup('template', 'awx_cr_molecule.yml.j2') | from_yaml }}"
     wait: yes
     wait_timeout: 900
     wait_condition:
       type: Running
       reason: Successful
       status: "True"
-  vars:
-    cr_file: 'awx_v1beta1_awx.yaml'
 
 - name: Obtain generated admin password
   k8s_info:
@@ -20,11 +18,64 @@
     name: example-awx-admin-password
   register: admin_pw_secret
 
-- name: Launch Demo Job Template
-  awx.awx.job_launch:
-    name: Demo Job Template
-    wait: yes
-    validate_certs: no
-    controller_host: localhost
-    controller_username: admin
-    controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+- block:
+    - name: Get pod details
+      k8s_info:
+        namespace: '{{ namespace }}'
+        kind: Pod
+        label_selectors:
+          - app.kubernetes.io/name = example-awx
+      register: awx_pod
+      when: not awx_version
+
+    - name: Exract tags from images
+      set_fact:
+        image_tags: |
+          {{ awx_pod.resources[0].spec.containers |
+             map(attribute='image') |
+             map('regex_search', default_awx_version) }}
+      when: not awx_version
+
+    - fail:
+        msg: |
+          It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
+          This is an environment variable that is set via build arg when releasing awx-operator.
+      when:
+        - not awx_version
+        - default_awx_version not in image_tags
+
+    - name: Launch Demo Job Template
+      awx.awx.job_launch:
+        name: Demo Job Template
+        wait: yes
+        validate_certs: no
+        controller_host: localhost
+        controller_username: admin
+        controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+  rescue:
+    - name: Get list of project updates and jobs
+      uri:
+        url: "http://localhost/api/v2/{{ item }}/"
+        user: admin
+        password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+        force_basic_auth: yes
+      register: job_lists
+      loop:
+        - project_updates
+        - jobs
+
+    - name: Get all job and project details
+      uri:
+        url: "http://localhost{{ item }}"
+        user: admin
+        password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+        force_basic_auth: yes
+      loop: |
+        {{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
+
+    - name: Re-emit failure
+      vars:
+        failed_task:
+          result: '{{ ansible_failed_result }}'
+      fail:
+        msg: '{{ failed_task }}'

molecule/default/templates/awx_cr_molecule.yml.j2

@@ -0,0 +1,27 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: example-awx
+spec:
+{% if awx_image %}
+  image: {{ awx_image }}
+{% endif %}
+{% if awx_version %}
+  image_version: {{ awx_version }}
+{% endif %}
+  ingress_type: ingress
+  ingress_annotations: |
+    kubernetes.io/ingress.class: nginx
+  web_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  task_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 200m
+      memory: 64M

molecule/default/verify.yml

@@ -36,7 +36,7 @@
           k8s_log:
             name: '{{ item.metadata.name }}'
             namespace: '{{ namespace }}'
-            container: manager
+            container: awx-manager
           loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}"
           register: debug_logs
 

molecule/kind/converge.yml

@@ -10,15 +10,25 @@
         build:
           path: '{{ project_dir }}'
           pull: no
+          args:
+            DEFAULT_AWX_VERSION: '{{ default_awx_version }}'
         name: '{{ operator_image }}'
         tag: latest
         push: no
         source: build
         force_source: yes
 
-    - name: Load image into kind cluster
+    - name: Load operator image into kind cluster
       command: kind load docker-image --name osdk-test '{{ operator_image }}'
       register: result
       changed_when: '"not yet present" in result.stdout'
 
+    - name: Load awx image into kind cluster
+      command: kind load docker-image --name osdk-test '{{ awx_image }}:{{ awx_version }}'
+      register: result
+      changed_when: '"not yet present" in result.stdout'
+      when:
+        - awx_image is defined
+        - awx_image != ''
+
 - import_playbook: ../default/converge.yml

molecule/kind/molecule.yml

@@ -23,7 +23,10 @@ provisioner:
         namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
     host_vars:
       localhost:
+        awx_image: ${AWX_TEST_IMAGE:-""}
+        awx_version: ${AWX_TEST_VERSION:-""}
         ansible_python_interpreter: '{{ ansible_playbook_python }}'
+        default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
         config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
         samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
         project_dir: ${MOLECULE_PROJECT_DIRECTORY}

roles/backup/tasks/init.yml

@@ -63,6 +63,21 @@
   when:
     - backup_pvc == '' or backup_pvc is not defined
 
+- name: Set default postgres image
+  set_fact:
+    _default_postgres_image: "{{ _postgres_image }}:{{_postgres_image_version }}"
+
+- name: Set user provided postgres image
+  set_fact:
+    _custom_postgres_image: "{{ postgres_image }}:{{ postgres_image_version }}"
+  when:
+    - postgres_image | default([]) | length
+    - postgres_image_version is defined and postgres_image_version != ''
+
+- name: Set Postgres image URL
+  set_fact:
+    _postgres_image: "{{ _custom_postgres_image | default(lookup('env', 'RELATED_IMAGE_AWX_POSTGRES')) | default(_default_postgres_image, true) }}"
+
 - name: Create management pod from templated deployment config
   k8s:
     name: "{{ ansible_operator_meta.name }}-db-management"

roles/backup/templates/management-pod.yml.j2

@@ -13,7 +13,7 @@ metadata:
 spec:
   containers:
   - name: {{ ansible_operator_meta.name }}-db-management
-    image: "{{ postgres_image }}:{{ postgres_image_version }}"
+    image: "{{ _postgres_image }}"
     imagePullPolicy: Always
     command: ["sleep", "infinity"]
     volumeMounts:

roles/backup/vars/main.yml

@@ -1,6 +1,6 @@
 ---
 deployment_type: "awx"
-postgres_image: postgres
-postgres_image_version: 12
+_postgres_image: postgres
+_postgres_image_version: 12
 backup_complete: false
 database_type: "unmanaged"

roles/installer/defaults/main.yml

@@ -10,6 +10,7 @@ task_privileged: false
 service_type: ClusterIP
 ingress_type: none
 ingress_path: '/'
+ingress_path_type: 'Prefix'
 # Add annotations to the service account. Specify as literal block. E.g.:
 # service_account_annotations: |
 #   eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
@@ -63,6 +64,17 @@ hostname: ''
 #   kubernetes.io/os: linux
 node_selector: ''
 
+# Add a topologySpreadConstraints for the AWX pods.
+# Specify as literal block. E.g.:
+# topology_spread_constraints: |
+#   - maxSkew: 100
+#     topologyKey: "topology.kubernetes.io/zone"
+#     whenUnsatisfiable: "ScheduleAnyway"
+#     labelSelector:
+#       matchLabels:
+#         app.kubernetes.io/name: "<resourcename>"
+topology_spread_constraints: ''
+
 # Add node tolerations for the AWX pods. Specify as literal block. E.g.:
 # tolerations: |
 #   - key: "dedicated"
@@ -106,14 +118,14 @@ extra_volumes: ''
 
 # Use these image versions for Ansible AWX.
 
-image: quay.io/ansible/awx
-image_version: 19.4.0
-redis_image: docker.io/redis
-redis_image_version: latest
-postgres_image: postgres
-postgres_image_version: 12
-init_container_image: quay.io/centos/centos
-init_container_image_version: 8
+_image: quay.io/ansible/awx
+_image_version: "{{ lookup('env', 'DEFAULT_AWX_VERSION') or 'latest' }}"
+_redis_image: docker.io/redis
+_redis_image_version: latest
+_postgres_image: postgres
+_postgres_image_version: 12
+_init_container_image: quay.io/centos/centos
+_init_container_image_version: 8
 image_pull_policy: IfNotPresent
 image_pull_secret: ''
 
@@ -137,7 +149,7 @@ ee_images:
   - name: AWX EE (latest)
     image: quay.io/ansible/awx-ee:latest
 
-control_plane_ee_image: quay.io/ansible/awx-ee:latest
+_control_plane_ee_image: quay.io/ansible/awx-ee:latest
 
 create_preload_data: true
 
@@ -214,6 +226,9 @@ projects_persistence: false
 # Define an existing PersistentVolumeClaim to use
 projects_existing_claim: ''
 #
+# Define postgres configuration arguments to use
+postgres_extra_args: ''
+
 # Define the storage_class, size and access_mode
 # when not using an existing claim
 projects_storage_size: 8Gi
@@ -234,3 +249,5 @@ bundle_cacert_secret: ''
 garbage_collect_secrets: false
 
 development_mode: false
+
+security_context_settings: {}

roles/installer/tasks/database_configuration.yml

@@ -47,11 +47,26 @@
     - old_pg_config['resources'] | length
   no_log: true
 
+- name: Set default postgres image
+  set_fact:
+    _default_postgres_image: "{{ _postgres_image }}:{{_postgres_image_version }}"
+
 - name: Set PostgreSQL configuration
   set_fact:
     _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}'
   no_log: true
 
+- name: Set user provided postgres image
+  set_fact:
+    _custom_postgres_image: "{{ postgres_image }}:{{ postgres_image_version }}"
+  when:
+    - postgres_image | default([]) | length
+    - postgres_image_version is defined and postgres_image_version != ''
+
+- name: Set Postgres image URL
+  set_fact:
+    _postgres_image: "{{ _custom_postgres_image | default(lookup('env', 'RELATED_IMAGE_AWX_POSTGRES')) | default(_default_postgres_image, true) }}"
+
 - block:
     - name: Create Database configuration
       k8s:
@@ -84,6 +99,10 @@
         definition: "{{ lookup('template', 'postgres.yaml.j2') }}"
       register: create_statefulset_result
 
+    - name: Scale down Deployment for migration
+      include_tasks: scale_down_deployment.yml
+      when: create_statefulset_result.changed
+
   rescue:
     - name: Scale down Deployment for migration
       include_tasks: scale_down_deployment.yml
@@ -123,6 +142,21 @@
     awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] |  default('prefer'|b64encode) | b64decode }}"
   no_log: true
 
+- name: Wait for Database to initialize if managed DB
+  k8s_info:
+    kind: Pod
+    namespace: '{{ ansible_operator_meta.namespace }}'
+    name: '{{ ansible_operator_meta.name }}-postgres-0'  # using name to keep compatibility
+    field_selectors:
+      - status.phase=Running
+  register: postgres_pod
+  until:
+    - "postgres_pod['resources'] | length"
+    - "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
+  delay: 5
+  retries: 60
+  when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
+
 - name: Look up details for this deployment
   k8s_info:
     api_version: "{{ api_version }}"

roles/installer/tasks/resources_configuration.yml

@@ -32,6 +32,64 @@
     - 'ingress'
   no_log: true
 
+- name: Set default awx app image
+  set_fact:
+    _default_image: "{{ _image }}:{{ _image_version }}"
+
+- name: Set user provided awx app image
+  set_fact:
+    _custom_image: "{{ image }}:{{ image_version }}"
+  when:
+    - image | default([]) | length
+    - image_version is defined or image_version != ''
+
+- name: Set AWX app image URL
+  set_fact:
+    _image: "{{ _custom_image | default(lookup('env', 'RELATED_IMAGE_AWX')) | default(_default_image, true) }}"
+
+- name: Set default awx init container image
+  set_fact:
+    _default_init_container_image: "{{ _init_container_image }}:{{ _init_container_image_version }}"
+
+- name: Set user provided awx init image
+  set_fact:
+    _custom_init_container_image: "{{ init_container_image }}:{{ init_container_image_version }}"
+  when:
+    - init_container_image | default([]) | length
+    - init_container_image_version is defined or init_container_image_version != ''
+
+- name: Set Init image URL
+  set_fact:
+    _init_container_image: >-
+      {{ _custom_init_container_image |
+         default(lookup('env', 'RELATED_IMAGE_AWX_INIT_CONTAINER')) |
+         default(_default_init_container_image, true) }}
+
+- name: Set default redis image
+  set_fact:
+    _default_redis_image: "{{ _redis_image }}:{{ _redis_image_version }}"
+
+- name: Set user provided redis image
+  set_fact:
+    _custom_redis_image: "{{ redis_image }}:{{ redis_image_version }}"
+  when:
+    - redis_image | default([]) | length
+    - redis_image_version is defined or redis_image_version != ''
+
+- name: Set Redis image URL
+  set_fact:
+    _redis_image: "{{ _custom_redis_image | default(lookup('env', 'RELATED_IMAGE_AWX_REDIS')) | default(_default_redis_image, true) }}"
+
+- name: Set user provided control plane ee image
+  set_fact:
+    _custom_control_plane_ee_image: "{{ control_plane_ee_image }}"
+  when:
+    - control_plane_ee_image | default([]) | length
+
+- name: Set Control Plane EE image URL
+  set_fact:
+    _control_plane_ee_image: "{{ _custom_control_plane_ee_image | default(lookup('env', 'RELATED_IMAGE_CONTROL_PLANE_EE')) | default(_control_plane_ee_image, true) }}"
+
 - name: Apply deployment resources
   k8s:
     apply: yes

roles/installer/tasks/update_status.yml

@@ -70,7 +70,7 @@
     name: "{{ ansible_operator_meta.name }}"
     namespace: "{{ ansible_operator_meta.namespace }}"
     status:
-      image: "{{ image }}"
+      image: "{{ _custom_image | default(lookup('env', 'RELATED_IMAGE_AWX')) | default(_default_image, true) }}"
 
 - block:
     - name: Retrieve route URL

roles/installer/templates/deployment.yaml.j2

@@ -7,7 +7,7 @@ metadata:
   namespace: '{{ ansible_operator_meta.namespace }}'
   labels:
     app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-    app.kubernetes.io/version: '{{ image_version }}'
+    app.kubernetes.io/version: '{{ _image.split(':')[-1] | truncate(63, True, '') }}'
     app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
     app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
     app.kubernetes.io/component: '{{ deployment_type }}'
@@ -23,7 +23,7 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: '{{ ansible_operator_meta.name }}'
-        app.kubernetes.io/version: '{{ image_version }}'
+        app.kubernetes.io/version: '{{ _image.split(':')[-1] | truncate(63, True, '') }}'
         app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
         app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
         app.kubernetes.io/component: '{{ deployment_type }}'
@@ -35,8 +35,24 @@ spec:
 {% endif %}
 {% if bundle_ca_crt or projects_persistence|bool or init_container_extra_commands %}
       initContainers:
+        - name: database-check
+          image: '{{ _init_container_image }}'
+          imagePullPolicy: '{{ image_pull_policy }}'
+          command:
+            - /bin/sh
+            - -c
+            - |
+              [[ -d /check-db/pgsql/data ]] && rm -rf /check-db/data; mv /check-db/pgsql/data/ /check-db/data/ && rm -rf /check-db/pgsql
+          volumeMounts:
+            - name: check-db-pvc
+              mountPath: /check-db
+              subPath: ''
+            volumes:
+            - name: check-db-pvc
+            persistentVolumeClaim:
+              claimName: postgres-{{ ansible_operator_meta.name }}-postgres-0
         - name: init
-          image: '{{ init_container_image }}:{{ init_container_image_version }}'
+          image: '{{ _init_container_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
           command:
             - /bin/sh
@@ -71,9 +87,14 @@ spec:
 {% endif %}
 {% endif %}
       containers:
-        - image: '{{ redis_image }}:{{ redis_image_version }}'
+        - image: '{{ _redis_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
           name: redis
+{% if redis_capabilities is defined and redis_capabilities %}
+          securityContext:
+            capabilities:
+              add: {{ redis_capabilities }}
+{% endif %}
           args: ["redis-server", "/etc/redis.conf"]
           volumeMounts:
             - name: {{ ansible_operator_meta.name }}-redis-config
@@ -84,7 +105,7 @@ spec:
               mountPath: "/var/run/redis"
             - name: "{{ ansible_operator_meta.name }}-redis-data"
               mountPath: "/data"
-        - image: '{{ image }}:{{ image_version }}'
+        - image: '{{ _image }}'
           name: '{{ ansible_operator_meta.name }}-web'
 {% if web_command %}
           command: {{ web_command }}
@@ -172,7 +193,7 @@ spec:
             {{ web_extra_env | indent(width=12, indentfirst=True) }}
 {% endif %}
           resources: {{ web_resource_requirements }}
-        - image: '{{ image }}:{{ image_version }}'
+        - image: '{{ _image }}'
           name: '{{ ansible_operator_meta.name }}-task'
           imagePullPolicy: '{{ image_pull_policy }}'
 {% if task_privileged == true %}
@@ -262,7 +283,7 @@ spec:
             {{ task_extra_env | indent(width=12, indentfirst=True) }}
 {% endif %}
           resources: {{ task_resource_requirements }}
-        - image: '{{ control_plane_ee_image }}'
+        - image: '{{ _control_plane_ee_image }}'
           name: '{{ ansible_operator_meta.name }}-ee'
           imagePullPolicy: '{{ image_pull_policy }}'
           resources: {{ ee_resource_requirements }}
@@ -301,13 +322,22 @@ spec:
       nodeSelector:
         {{ node_selector | indent(width=8) }}
 {% endif %}
+{% if topology_spread_constraints %}
+      topologySpreadConstraints:
+        {{ topology_spread_constraints | indent(width=8) }}
+{% endif %}
 {% if tolerations %}
       tolerations:
         {{ tolerations | indent(width=8) }}
 {% endif %}
-{% if projects_persistence|bool %}
+{% if projects_persistence|bool or (security_context_settings|length) %}
       securityContext:
+{% if projects_persistence|bool %}
         fsGroup: 1000
+{% endif %}
+{% if security_context_settings|length %}
+        {{ security_context_settings | to_nice_yaml | indent(8) }}
+{% endif %}
 {% endif %}
       volumes:
 {% if bundle_ca_crt %}

roles/installer/templates/execution_environments.py.j2

@@ -3,4 +3,4 @@ GLOBAL_JOB_EXECUTION_ENVIRONMENTS = [
     {'name': '{{ item.name }}' , 'image': '{{ item.image }}'},
 {% endfor %}
 ]
-CONTROL_PLANE_EXECUTION_ENVIRONMENT = '{{ control_plane_ee_image }}'
+CONTROL_PLANE_EXECUTION_ENVIRONMENT = "{{ _custom_control_plane_ee_image | default(lookup('env', 'RELATED_IMAGE_CONTROL_PLANE_EE')) | default(_control_plane_ee_image, true) }}"

roles/installer/templates/ingress.yaml.j2

@@ -20,7 +20,7 @@ spec:
     - http:
         paths:
           - path: '{{ ingress_path }}'
-            pathType: Prefix
+            pathType: '{{ ingress_path_type }}'
             backend:
               service:
                 name: '{{ ansible_operator_meta.name }}-service'

roles/installer/templates/postgres.yaml.j2

@@ -38,9 +38,12 @@ spec:
         - name: {{ image_pull_secret }}
 {% endif %}
       containers:
-        - image: '{{ postgres_image }}:{{ postgres_image_version }}'
+        - image: '{{ _postgres_image }}'
           imagePullPolicy: '{{ image_pull_policy }}'
           name: postgres
+{% if postgres_extra_args %}
+          args: {{ postgres_extra_args }}
+{% endif %}
           env:
             # For postgres_image based on rhel8/postgresql-12
             - name: POSTGRESQL_DATABASE

roles/restore/tasks/init.yml

@@ -71,6 +71,21 @@
     force: true
     wait: true
 
+- name: Set default postgres image
+  set_fact:
+    _default_postgres_image: "{{ _postgres_image }}:{{_postgres_image_version }}"
+
+- name: Set user provided postgres image
+  set_fact:
+    _custom_postgres_image: "{{ postgres_image }}:{{ postgres_image_version }}"
+  when:
+    - postgres_image | default([]) | length
+    - postgres_image_version is defined and postgres_image_version != ''
+
+- name: Set Postgres image URL
+  set_fact:
+    _postgres_image: "{{ _custom_postgres_image | default(lookup('env', 'RELATED_IMAGE_AWX_POSTGRES'))  | default(_default_postgres_image, true) }}"
+
 - name: Create management pod from templated deployment config
   k8s:
     name: "{{ ansible_operator_meta.name }}-db-management"

roles/restore/templates/management-pod.yml.j2

@@ -13,7 +13,7 @@ metadata:
 spec:
   containers:
   - name: {{ ansible_operator_meta.name }}-db-management
-    image: "{{ postgres_image }}:{{ postgres_image_version }}"
+    image: "{{ _postgres_image }}"
     imagePullPolicy: Always
     command: ["sleep", "infinity"]
     volumeMounts:

roles/restore/vars/main.yml

@@ -1,8 +1,8 @@
 ---
 
 deployment_type: "awx"
-postgres_image: postgres
-postgres_image_version: 12
+_postgres_image: postgres
+_postgres_image_version: 12
 
 backup_api_version: '{{ deployment_type }}.ansible.com/v1beta1'
 backup_kind: 'AWXBackup'

watches.yaml

@@ -4,14 +4,17 @@
   group: awx.ansible.com
   kind: AWX
   role: installer
+  snakeCaseParameters: False
 
 - version: v1beta1
   group: awx.ansible.com
   kind: AWXBackup
   role: backup
+  snakeCaseParameters: False
 
 - version: v1beta1
   group: awx.ansible.com
   kind: AWXRestore
   role: restore
+  snakeCaseParameters: False
 # +kubebuilder:scaffold:watch