Add use_db_compression option for backup database dumps (#2106)

* Add use_db_compression option for backup database dumps

Enable optional pg_dump compression (-Z 9) via use_db_compression
boolean flag. Restore auto-detects compressed (.db.gz) or
uncompressed (.db) backups for backward compatibility.

Authored By: Christian M. Adams <chadams@redhat.com>
Assisted By: Claude

* Add CRD field, CSV descriptor, and restore auto-detection for use_db_compression

Authored By: Christian M. Adams <chadams@redhat.com>
Assisted By: Claude

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,3 @@
+# Community Code of Conduct
+
+Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,39 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
-
----
-
-##### ISSUE TYPE
- - Bug Report
-
-##### SUMMARY
-<!-- Briefly describe the problem. -->
-
-##### ENVIRONMENT
-* AWX version: X.Y.Z
-* Operator version: X.Y.Z
-* Kubernetes version: 
-* AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
-
-##### STEPS TO REPRODUCE
-
-<!-- Please describe exactly how to reproduce the problem. -->
-
-##### EXPECTED RESULTS
-
-<!-- What did you expect to happen when running the steps above? -->
-
-##### ACTUAL RESULTS
-
-<!-- What actually happened? -->
-
-##### ADDITIONAL INFORMATION
-
-<!-- Include any links to sosreport, database dumps, screenshots or other
-information. -->
-
-##### AWX-OPERATOR LOGS

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,125 @@
+---
+name: Bug Report
+description: "🐞 Create a report to help us improve"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Bug Report issues are for **concrete, actionable bugs** only.
+        For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Please confirm the following
+      options:
+        - label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+          required: true
+        - label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
+          required: true
+        - label: I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.
+          required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Bug Summary
+      description: Briefly describe the problem.
+    validations:
+      required: false
+
+  - type: input
+    id: awx-operator-version
+    attributes:
+      label: AWX Operator version
+      description: What version of the AWX Operator are you running?
+    validations:
+      required: true
+
+  - type: input
+    id: awx-version
+    attributes:
+      label: AWX version
+      description: What version of AWX are you running?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: platform
+    attributes:
+      label: Kubernetes platform
+      description: What platform did you install the Operator in?
+      multiple: false
+      options:
+        - kubernetes
+        - minikube
+        - openshift
+        - minishift
+        - docker development environment
+        - other (please specify in additional information)
+    validations:
+      required: true
+
+  - type: input
+    id: kube-version
+    attributes:
+      label: Kubernetes/Platform version
+      description: What version of your platform/kuberneties are you using?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: modified-architecture
+    attributes:
+      label: Modifications
+      description: >-
+       Have you modified the installation, deployment topology, or container images in any way? If yes, please
+       explain in the "additional information" field at the bottom of the form.
+      multiple: false
+      options:
+        - "no"
+        - "yes"
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps-to-reproduce
+    attributes:
+      label: Steps to reproduce
+      description: >-
+        Starting from a new installation of the system, describe exactly how a developer or quality engineer can reproduce the bug
+        on infrastructure that isn't yours. Include any and all resources created, input values, test users, roles assigned, playbooks used, etc.
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected-results
+    attributes:
+      label: Expected results
+      description: What did you expect to happpen when running the steps above?
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual-results
+    attributes:
+      label: Actual results
+      description: What actually happened?
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: Additional information
+      description: Include any relevant log output, links to sosreport, database dumps, screenshots, AWX spec yaml, or other information.
+    validations:
+      required: false
+
+  - type: textarea
+    id: operator-logs
+    attributes:
+      label: Operator Logs
+      description: Include any relevant logs generated by the operator.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: For debugging help or technical support
+    url: https://github.com/ansible/awx-operator#get-involved
+    about: For general debugging or technical support please see the Get Involved section of our readme.
+  - name: 📝 Ansible Code of Conduct
+    url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
+    about: AWX uses the Ansible Code of Conduct; ❤ Be nice to other members of the community. ☮ Behave.
+  - name: 💼 For Enterprise
+    url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser
+    about: Red Hat offers support for the Ansible Automation Platform

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,29 @@
+---
+name: ✨ Feature request
+description: Suggest an idea for this project
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Feature Request issues are for **feature requests** only.
+        For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Please confirm the following
+      options:
+        - label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+          required: true
+        - label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
+          required: true
+        - label: I understand that AWX Operator is open source software provided for free and that I might not receive a timely response.
+          required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Feature Summary
+      description: Briefly describe the desired enhancement.
+    validations:
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,26 @@
+##### SUMMARY
+<!--- Describe the change, including rationale and design decisions -->
+
+<!---
+If you are fixing an existing issue, please include "fixes #nnn" in your
+commit message and your description; but you should still explain what
+the change does.
+-->
+
+##### ISSUE TYPE
+<!--- Pick one below and delete the rest: -->
+ - Breaking Change 
+ - New or Enhanced Feature
+ - Bug, Docs Fix or other nominal change
+
+##### ADDITIONAL INFORMATION
+<!---
+Include additional information to help people understand the change here.
+For bugs that don't have a linked bug report, a step-by-step reproduction
+of the problem is helpful.
+-->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+```
+
+```

.github/dependabot.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "component:docs"
+      - "dependencies"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"

.github/workflows/ci.yaml

@@ -4,21 +4,24 @@ name: CI
 
 on:
   pull_request:
-    branches: [devel]
-
   push:
-    branches: [devel]
 
 jobs:
-  pull_request:
-    runs-on: ubuntu-18.04
-    name: pull_request
+  molecule:
+    runs-on: ubuntu-latest
+    name: molecule
+    strategy:
+      matrix:
+        ansible_args:
+          - --skip-tags=replicas
+          - -t replicas
     env:
-      DOCKER_API_VERSION: "1.38"
+      DOCKER_API_VERSION: "1.44"
+      DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.8"
 
@@ -35,7 +38,32 @@ jobs:
           MOLECULE_VERBOSITY: 3
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
+          STORE_DEBUG_OUTPUT: true
         run: |
           sudo rm -f $(which kustomize)
           make kustomize
-          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind -- ${{ matrix.ansible_args }}
+
+      - name: Upload artifacts for failed tests if Run Molecule fails
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: awx_operator_molecule_test
+          path: ${{ env.DEBUG_OUTPUT_DIR }}
+  no-log:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Check no_log statements
+        run: |
+          set +e
+          no_log=$(grep -nr ' no_log:' roles | grep -v '"{{ no_log }}"')
+          if [ -n "${no_log}" ]; then
+            echo 'Please update the following no_log statement(s) with the "{{ no_log }}" value'
+            echo "${no_log}"
+            exit 1
+          fi
+  nox-sessions:
+    uses: ./.github/workflows/reusable-nox.yml

.github/workflows/devel.yaml

@@ -8,20 +8,41 @@ on:
 
 jobs:
   release:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     name: Push devel image
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
-      - name: Build Image
+      - name: Fail if QUAY_REGISTRY not set
         run: |
-          IMG=awx-operator:devel make docker-build
+          if [[ -z "${{ vars.QUAY_REGISTRY }}" ]]; then
+            echo "QUAY_REGISTRY not set. Please set QUAY_REGISTRY in variable GitHub Actions variables."
+            exit 1
+          fi
 
-      - name: Push To Quay
-        uses: redhat-actions/push-to-registry@v2.1.1
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
         with:
-          image: awx-operator
-          tags: devel
-          registry: quay.io/ansible/
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ${{ vars.QUAY_REGISTRY }}
           username: ${{ secrets.QUAY_USER }}
           password: ${{ secrets.QUAY_TOKEN }}
+
+
+      - name: Build and Store Image @ghcr
+        run: |
+          IMG=ghcr.io/${{ github.repository }}:${{ github.sha }} make docker-buildx
+
+
+      - name: Publish Image to quay.io
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ github.sha }} \
+            --tag ${{ vars.QUAY_REGISTRY }}/awx-operator:devel

.github/workflows/feature.yml

@@ -0,0 +1,56 @@
+---
+
+name: Feature Branch Image Build and Push
+
+on:
+  push:
+    branches: [feature_*]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    name: Push devel image
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # needed so that git describe --tag works
+
+      - name: Set VERSION
+        run: |
+          echo "VERSION=$(git describe --tags)" >>${GITHUB_ENV}
+
+      - name: Set lower case owner name
+        run: |
+          echo "OWNER_LC=${OWNER,,}" >>${GITHUB_ENV}
+        env:
+          OWNER: '${{ github.repository_owner }}'
+
+      - name: Set IMAGE_TAG_BASE
+        run: |
+          echo "IMAGE_TAG_BASE=ghcr.io/${OWNER_LC}/awx-operator" >>${GITHUB_ENV}
+
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and Push awx-operator Image
+        run: |
+          make docker-build docker-push
+          docker tag ${IMAGE_TAG_BASE}:${VERSION} ${IMAGE_TAG_BASE}:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}:${GITHUB_REF##*/}
+
+      - name: Build bundle manifests
+        run: |
+          make bundle
+
+      - name: Build and Push awx-operator Bundle
+        run: |
+          make bundle-build bundle-push
+          docker tag ${IMAGE_TAG_BASE}-bundle:v${VERSION} ${IMAGE_TAG_BASE}-bundle:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}-bundle:${GITHUB_REF##*/}
+
+      - name: Build and Push awx-operator Catalog
+        run: |
+          make catalog-build catalog-push
+          docker tag ${IMAGE_TAG_BASE}-catalog:v${VERSION} ${IMAGE_TAG_BASE}-catalog:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}-catalog:${GITHUB_REF##*/}

.github/workflows/label_issue.yml

@@ -0,0 +1,54 @@
+---
+name: Label Issues
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    name: Label
+
+    steps:
+      - name: Label Issue - Needs Triage
+        uses: github/issue-labeler@v3.4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          not-before: 2021-12-07T07:00:00Z
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0
+        if: github.event_name == 'issues'
+
+  community:
+    runs-on: ubuntu-latest
+    name: Label Issue - Community
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+      - name: Install python requests
+        run: pip install requests
+      - name: Check if user is a member of Ansible org
+        uses: jannekem/run-python-script-action@v1
+        id: check_user
+        with:
+          script: |
+            import requests
+            headers = {'Accept': 'application/vnd.github+json', 'Authorization': 'token ${{ secrets.GITHUB_TOKEN }}'}
+            response = requests.get('${{ fromJson(toJson(github.event.issue.user.url)) }}/orgs?per_page=100', headers=headers)
+            is_member = False
+            for org in response.json():
+              if org['login'] == 'ansible':
+                is_member = True
+            if is_member:
+                print("User is member")
+            else:
+                print("User is community")
+      - name: Add community label if not a member
+        if: contains(steps.check_user.outputs.stdout, 'community')
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: "community"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/label_pr.yml

@@ -0,0 +1,49 @@
+name: Label PR
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  community:
+    runs-on: ubuntu-latest
+    name: Label PR - Community
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+
+      - name: Create a virtual environment
+        run: python3 -m venv venv
+
+      - name: Activate virtual environment and install dependencies
+        run: |
+          source venv/bin/activate
+          pip3 install requests
+
+      - name: Check if user is a member of Ansible org
+        uses: jannekem/run-python-script-action@v1
+        id: check_user
+        with:
+          script: |
+            import requests
+            headers = {'Accept': 'application/vnd.github+json', 'Authorization': 'token ${{ secrets.GITHUB_TOKEN }}'}
+            response = requests.get('${{ fromJson(toJson(github.event.pull_request.user.url)) }}/orgs?per_page=100', headers=headers)
+            is_member = False
+            for org in response.json():
+              if org['login'] == 'ansible':
+                is_member = True
+            if is_member:
+                print("User is member")
+            else:
+                print("User is community")
+
+      - name: Add community label if not a member
+        if: contains(steps.check_user.outputs.stdout, 'community')
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: "community"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr_body_check.yml

@@ -0,0 +1,37 @@
+---
+name: PR Check
+env:
+  BRANCH: ${{ github.base_ref || 'devel' }}
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  pr-check:
+    name: Scan PR description for semantic versioning keywords
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Check for each of the lines
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
+        run: |
+          echo "$PR_BODY" | grep "Bug, Docs Fix or other nominal change" > Z
+          echo "$PR_BODY" | grep "New or Enhanced Feature" > Y
+          echo "$PR_BODY" | grep "Breaking Change" > X
+          exit 0
+        # We exit 0 and set the shell to prevent the returns from the greps from failing this step
+        # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+        shell: bash {0}
+
+      - name: Check for exactly one item
+        run: |
+          if [ $(cat X Y Z | wc -l) != 1 ] ; then
+            echo "The PR body must contain exactly one of [ 'Bug, Docs Fix or other nominal change', 'New or Enhanced Feature', 'Breaking Change' ]"
+            echo "We counted $(cat X Y Z | wc -l)"
+            echo "See the default PR body for examples"
+            exit 255;
+          else
+            exit 0;
+          fi

.github/workflows/promote.yaml

@@ -3,23 +3,70 @@ name: Promote AWX Operator image
 on:
   release:
     types: [published]
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: 'Name for the tag of the release.'
+        required: true
+      quay_registry:
+        description: 'Quay registry to push to.'
+        default: 'quay.io/ansible'
+
+env:
+  QUAY_REGISTRY: ${{ vars.QUAY_REGISTRY }}
 
 jobs:
   promote:
     runs-on: ubuntu-latest
     steps:
-      - name: Log in to GHCR
+      - name: Set GitHub Env vars for workflow_dispatch event
+        if: ${{ github.event_name == 'workflow_dispatch' }}
         run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
+          echo "QUAY_REGISTRY=${{ github.event.inputs.quay_registry }}" >> $GITHUB_ENV
 
-      - name: Log in to Quay
+      - name: Set GitHub Env vars if release event
+        if: ${{ github.event_name == 'release' }}
         run: |
-          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
+          echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
 
-      - name: Re-tag and promote awx-operator image
+      - name: Fail if QUAY_REGISTRY not set
         run: |
-          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
-          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker push quay.io/${{ github.repository }}:latest
+          if [[ -z "${{ env.QUAY_REGISTRY }}" ]]; then
+            echo "QUAY_REGISTRY not set. Please set QUAY_REGISTRY in variable GitHub Actions variables."
+            exit 1
+          fi
+
+      - uses: actions/checkout@v4
+        with:
+          depth: 0
+
+
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ${{ env.QUAY_REGISTRY }}
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+
+      - name: Pull Tagged Staged Image and Publish to quay.io
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
+            --tag ${{ env.QUAY_REGISTRY }}/awx-operator:${{ env.TAG_NAME }}
+
+
+      - name: Pull Staged Image and Publish to quay.io/${{ github.repository }}:latest
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
+            --tag ${{ env.QUAY_REGISTRY }}/awx-operator:latest

.github/workflows/reusable-nox.yml

@@ -0,0 +1,26 @@
+---
+name: nox
+
+"on":
+    workflow_call:
+
+jobs:
+    nox:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                - session: build
+                  python-versions: "3.11"
+        name: "Run nox ${{ matrix.session }} session"
+        steps:
+        - name: Check out repo
+          uses: actions/checkout@v4
+        - name: Setup nox
+          uses: wntrblm/nox@2024.04.15
+          with:
+              python-versions: "${{ matrix.python-versions }}"
+        - name: "Run nox -s ${{ matrix.session }}"
+          run: |
+            nox -s "${{ matrix.session }}"

.github/workflows/stage.yml

@@ -37,14 +37,8 @@ jobs:
 
           exit 0
 
-      - name: Checkout awx
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ github.repository_owner }}/awx
-          path: awx
-
       - name: Checkout awx-operator
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           repository: ${{ github.repository_owner }}/awx-operator
           path: awx-operator
@@ -53,17 +47,20 @@ jobs:
         run: |
           python3 -m pip install docker
 
-      - name: Log in to GHCR
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and stage awx-operator
+      - name: Stage awx-operator
         working-directory: awx-operator
         run: |
           BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }} \
-                      --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
-          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
-          VERSION=${{ github.event.inputs.version }} make docker-build docker-push
+              --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
+          IMG=ghcr.io/${{ github.repository }}:${{ github.event.inputs.version }} \
+          make docker-buildx
 
       - name: Run test deployment
         working-directory: awx-operator
@@ -76,10 +73,12 @@ jobs:
         env:
           AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
 
-      - name: Create draft release
-        working-directory: awx
-        run: |
-          ansible-playbook tools/ansible/stage.yml \
-            -e version=${{ github.event.inputs.version }} \
-            -e repo=${{ github.repository_owner }}/awx-operator \
-            -e github_token=${{ secrets.GITHUB_TOKEN }}
+      - name: Create Draft Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          release_name: Release ${{ github.event.inputs.version }}
+          draft: true

.github/workflows/triage_new.yml

@@ -1,22 +0,0 @@
----
-name: Triage
-
-on:
-  issues:
-    types:
-      - opened
-
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    name: Label
-
-    steps:
-      - name: Label issues
-        uses: github/issue-labeler@v2.4.1
-        with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
-          not-before: 2021-12-07T07:00:00Z
-          configuration-path: .github/issue_labeler.yml
-          enable-versioned-regex: 0
-        if: github.event_name == 'issues'

.gitignore

@@ -1,6 +1,14 @@
 *~
+gh-pages/
 .cache/
 /bin
 /bundle
 /bundle_tmp*
 /bundle.Dockerfile
+/charts
+/.cr-release-packages
+.vscode/
+__pycache__
+/site
+venv/*
+hacking/

.readthedocs.yml

@@ -0,0 +1,17 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# RTD API version
+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+mkdocs:
+  configuration: mkdocs.yml
+
+python:
+  install:
+  - requirements: ./docs/requirements.txt

.yamllint

@@ -6,8 +6,14 @@ ignore: |
   kustomization.yaml
   awx-operator.clusterserviceversion.yaml
   bundle
+  hacking/
 
 rules:
   truthy: disable
   line-length:
     max: 170
+  document-start: disable
+  comments-indentation: disable
+  indentation:
+    level: warning
+    indent-sequences: consistent

CONTRIBUTING.md

@@ -6,13 +6,16 @@ Have questions about this document or anything not covered here? Please file a n
 
 ## Table of contents
 
-* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
-* [Submmiting your Work](#submitting-your-work)
-* [Testing](#testing)
-    * [Testing in Docker](#testing-in-docker)
-    * [Testing in Minikube](#testing-in-minikube)
-* [Generating a bundle](#generating-a-bundle)
-* [Reporting Issues](#reporting-issues)
+- [AWX-Operator Contributing Guidelines](#awx-operator-contributing-guidelines)
+  - [Table of contents](#table-of-contents)
+  - [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
+  - [Submmiting your work](#submmiting-your-work)
+  - [Development](#development)
+  - [Testing](#testing)
+      - [Testing in Kind](#testing-in-kind)
+      - [Testing in Minikube](#testing-in-minikube)
+  - [Generating a bundle](#generating-a-bundle)
+  - [Reporting Issues](#reporting-issues)
 
 
 ## Things to know prior to submitting code
@@ -25,13 +28,13 @@ Have questions about this document or anything not covered here? Please file a n
 
 
 ## Submmiting your work
-1. From your fork `devel` branch, create a new brach to stage your changes.
+1. From your fork `devel` branch, create a new branch to stage your changes.
 ```sh
 #> git checkout -b <branch-name>
 ```
 2. Make your changes.
 3. Test your changes according described on the Testing section.
-4. If everylooks looks correct, commit your changes.
+4. If everything looks correct, commit your changes.
 ```sh
 #> git add <FILES>
 #> git commit -m "My message here"
@@ -40,30 +43,34 @@ Have questions about this document or anything not covered here? Please file a n
 
 **Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.
 
-
+## Development
+The development environment consists of running an [`up.sh`](./up.sh) and a [`down.sh`](./down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](docs/development.md) for information on how to deploy and test changes from your branch.
 
 ## Testing
 
-This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
+This Operator includes a [Molecule](https://ansible.readthedocs.io/projects/molecule/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
 
 You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:
 
 ```sh
-#> pip install 'molecule[docker]'
+#> python -m pip install molecule-plugins[docker]
 ```
 
 Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).
 
 If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
 
-#### Testing in Docker
+#### Testing in Kind
+
+Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
+* https://kind.sigs.k8s.io/docs/user/quick-start/
+
+To run the tests, from the root of your checkout, run the following command:
 
 ```sh
-#> molecule test -s test-local
+#> molecule test -s kind
 ```
 
-This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
-
 #### Testing in Minikube
 
 ```sh
@@ -137,4 +144,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t
 
 ## Reporting Issues
 
-We welcome your feedback, and encourage you to file an issue when you run into a problem.
+We welcome your feedback, and encourage you to file an issue when you run into a problem.

Dockerfile

@@ -1,4 +1,10 @@
-FROM quay.io/operator-framework/ansible-operator:v1.12.0
+FROM quay.io/operator-framework/ansible-operator:v1.40.0
+
+USER root
+RUN dnf update --security --bugfix -y --disableplugin=subscription-manager && \
+    dnf install -y --disableplugin=subscription-manager openssl
+
+USER 1001
 
 ARG DEFAULT_AWX_VERSION
 ARG OPERATOR_VERSION
@@ -12,3 +18,8 @@ RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
 COPY watches.yaml ${HOME}/watches.yaml
 COPY roles/ ${HOME}/roles/
 COPY playbooks/ ${HOME}/playbooks/
+
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
+    "--watches-file=./watches.yaml", \
+    "--reconcile-period=0s" \
+    ]

Makefile

@@ -4,6 +4,7 @@
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 VERSION ?= $(shell git describe --tags)
+PREV_VERSION ?= $(shell git describe --abbrev=0 --tags $(shell git rev-list --tags --skip=1 --max-count=1))
 
 CONTAINER_CMD ?= docker
 
@@ -37,10 +38,22 @@ IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
 BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
 
+# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
+BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+
+# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
+# You can enable this value if you would like to use SHA Based Digests
+# To enable set flag to true
+USE_IMAGE_DIGESTS ?= false
+ifeq ($(USE_IMAGE_DIGESTS), true)
+       BUNDLE_GEN_FLAGS += --use-image-digests
+endif
+
 # Image URL to use all building/pushing image targets
 IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
 NAMESPACE ?= awx
 
+.PHONY: all
 all: docker-build
 
 ##@ General
@@ -56,44 +69,77 @@ all: docker-build
 # More info on the awk command:
 # http://linuxcommand.org/lc3_adv_awk.php
 
+.PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
+.PHONY: print-%
+print-%: ## Print any variable from the Makefile. Use as `make print-VARIABLE`
+	@echo $($*)
+
 ##@ Build
 
+.PHONY: run
 run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
 	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
 
+.PHONY: docker-build
 docker-build: ## Build docker image with the manager.
 	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
 
+.PHONY: docker-push
 docker-push: ## Push docker image with the manager.
 	${CONTAINER_CMD} push ${IMG}
 
+# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
+# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
+# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> than the export will fail)
+# To properly provided solutions that supports more than one platform you should use this option.
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+.PHONY: docker-buildx
+docker-buildx: ## Build and push docker image for the manager for cross-platform support
+	- docker buildx create --name project-v3-builder
+	docker buildx use project-v3-builder
+	- docker buildx build --push $(BUILD_ARGS) --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile .
+	- docker buildx rm project-v3-builder
+
+.PHONY: podman-buildx
+podman-buildx: ## Build and push podman image for the manager for cross-platform support
+	podman build --platform=$(PLATFORMS) $(BUILD_ARGS) --manifest ${IMG} -f Dockerfile .
+	podman manifest push --all ${IMG} ${IMG}
+
 ##@ Deployment
 
+.PHONY: install
 install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | kubectl apply -f -
 
+.PHONY: uninstall
 uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | kubectl delete -f -
 
+.PHONY: gen-resources
 gen-resources: kustomize ## Generate resources for controller and print to stdout
 	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	@$(KUSTOMIZE) build config/default
 
+.PHONY: deploy
 deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	@$(KUSTOMIZE) build config/default | kubectl apply -f -
 
+.PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	$(KUSTOMIZE) build config/default | kubectl delete -f -
 
 OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
-ARCH := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
+ARCHA := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
+ARCHX := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/')
 
 .PHONY: kustomize
 KUSTOMIZE = $(shell pwd)/bin/kustomize
@@ -103,7 +149,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(KUSTOMIZE)) ;\
-	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
 	tar xzf - -C bin/ ;\
 	}
 else
@@ -111,6 +157,22 @@ KUSTOMIZE = $(shell which kustomize)
 endif
 endif
 
+.PHONY: operator-sdk
+OPERATOR_SDK = $(shell pwd)/bin/operator-sdk
+operator-sdk: ## Download operator-sdk locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(OPERATOR_SDK)))
+ifeq (,$(shell which operator-sdk 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPERATOR_SDK)) ;\
+	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.40.0/operator-sdk_$(OS)_$(ARCHA) ;\
+	chmod +x $(OPERATOR_SDK) ;\
+	}
+else
+OPERATOR_SDK = $(shell which operator-sdk)
+endif
+endif
+
 .PHONY: ansible-operator
 ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
 ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
@@ -119,7 +181,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
-	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.40.0/ansible-operator_$(OS)_$(ARCHA) ;\
 	chmod +x $(ANSIBLE_OPERATOR) ;\
 	}
 else
@@ -128,11 +190,11 @@ endif
 endif
 
 .PHONY: bundle
-bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
-	operator-sdk generate kustomize manifests -q
+bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
-	operator-sdk bundle validate ./bundle
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(OPERATOR_SDK) bundle validate ./bundle
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
@@ -150,7 +212,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.55.0/$(OS)-$(ARCHA)-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else

PROJECT

@@ -1,3 +1,7 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: ansible.com
 layout:
 - ansible.sdk.operatorframework.io/v1
@@ -13,4 +17,25 @@ resources:
   group: awx
   kind: AWX
   version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXBackup
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXRestore
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXMeshIngress
+  version: v1alpha1
 version: "3"

README.md

@@ -1,920 +1,56 @@
 # AWX Operator
 
-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Build Status](https://github.com/ansible/awx-operator/workflows/CI/badge.svg?event=push)](https://github.com/ansible/awx-operator/actions)
+[![Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-yellow.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
 
 An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built with [Operator SDK](https://github.com/operator-framework/operator-sdk) and Ansible.
 
-# Table of Contents
+The AWX Operator is meant to be deployed in your Kubernetes cluster(s) and can be used to install and manage the lifecycle of an AWX instance in the same namespace.
 
-<!--ts-->
-* [AWX Operator](#awx-operator)
-* [Table of Contents](#table-of-contents)
-   * [Purpose](#purpose)
-   * [Usage](#usage)
-      * [Basic Install on minikube (beginner or testing)](#basic-install-on-minikube-beginner-or-testing)
-      * [Basic Install on existing cluster](#basic-install-on-existing-cluster)
-      * [Admin user account configuration](#admin-user-account-configuration)
-      * [Network and TLS Configuration](#network-and-tls-configuration)
-         * [Service Type](#service-type)
-         * [Ingress Type](#ingress-type)
-      * [Database Configuration](#database-configuration)
-         * [External PostgreSQL Service](#external-postgresql-service)
-         * [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance)
-         * [Managed PostgreSQL Service](#managed-postgresql-service)
-      * [Advanced Configuration](#advanced-configuration)
-         * [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx)
-         * [Redis container capabilities](#redis-container-capabilities)
-         * [Privileged Tasks](#privileged-tasks)
-         * [Containers Resource Requirements](#containers-resource-requirements)
-         * [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes)
-         * [Trusting a Custom Certificate Authority](#trusting-a-custom-certificate-authority)
-         * [Persisting Projects Directory](#persisting-projects-directory)
-         * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options)
-         * [Default execution environments from private registries](#default-execution-environments-from-private-registries)
-         * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers)
-         * [Extra Settings](#extra-settings)
-         * [Service Account](#service-account)
-      * [Uninstall](#uninstall)
-      * [Upgrading](#upgrading)
-         * [v0.14.0](#v0140)
-   * [Contributing](#contributing)
-   * [Release Process](#release-process)
-   * [Author](#author)
-<!--te-->
+## Documentation
 
-## Purpose
+The AWX Operator documentation is available at <https://ansible.readthedocs.io/projects/awx-operator/>
 
-This operator is meant to provide a more Kubernetes-native installation method for AWX via an AWX Custom Resource Definition (CRD).
-
-## Usage
-
-### Basic Install on minikube (beginner or testing)
-
-This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can manage one or more AWX instances in any namespace.
-
-For testing purposes, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.
-
-```
-$ minikube start --cpus=4 --memory=6g --addons=ingress
-😄  minikube v1.23.2 on Fedora 34
-✨  Using the docker driver based on existing profile
-👍  Starting control plane node minikube in cluster minikube
-🚜  Pulling base image ...
-🏃  Updating the running docker "minikube" container ...
-🐳  Preparing Kubernetes v1.22.2 on Docker 20.10.8 ...
-🔎  Verifying Kubernetes components...
-    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
-    ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.3
-    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
-    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
-🔎  Verifying ingress addon...
-🌟  Enabled addons: storage-provisioner, default-storageclass, ingress
-🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
-```
-
-Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
-
-```
-$ minikube kubectl -- get nodes
-NAME       STATUS   ROLES                  AGE    VERSION
-minikube   Ready    control-plane,master   113s   v1.22.2
-
-$ minikube kubectl -- get pods -A
-NAMESPACE       NAME                                        READY   STATUS      RESTARTS   AGE
-ingress-nginx   ingress-nginx-admission-create--1-kk67h     0/1     Completed   0          2m1s
-ingress-nginx   ingress-nginx-admission-patch--1-7mp2r      0/1     Completed   1          2m1s
-ingress-nginx   ingress-nginx-controller-69bdbc4d57-bmwg8   1/1     Running     0          2m
-kube-system     coredns-78fcd69978-q7nmx                    1/1     Running     0          2m
-kube-system     etcd-minikube                               1/1     Running     0          2m12s
-kube-system     kube-apiserver-minikube                     1/1     Running     0          2m16s
-kube-system     kube-controller-manager-minikube            1/1     Running     0          2m12s
-kube-system     kube-proxy-5mmnw                            1/1     Running     0          2m1s
-kube-system     kube-scheduler-minikube                     1/1     Running     0          2m15s
-kube-system     storage-provisioner                         1/1     Running     0          2m11s
-```
-
-It is not required for `kubectl` to be separately installed since it comes already wrapped inside minikube. As demonstrated above, simply prefix `minikube kubectl --` before kubectl command, i.e. `kubectl get nodes` would become `minikube kubectl -- get nodes`
-
-Let's create an alias for easier usage:
-
-```
-$ alias kubectl="minikube kubectl --"
-```
-
-Now you need to deploy AWX Operator into your cluster. Clone this repo and `git checkout` the latest version from https://github.com/ansible/awx-operator/releases, and then run the following command:
-
-```
-$ export NAMESPACE=my-namespace
-$ make deploy
-  /home/user/awx-operator/bin/kustomize build config/default | kubectl apply -f -
-  namespace/my-namespace created
-  customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
-  customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
-  customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
-  serviceaccount/awx-operator-controller-manager created
-  role.rbac.authorization.k8s.io/awx-operator-leader-election-role created
-  role.rbac.authorization.k8s.io/awx-operator-manager-role created
-  clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created
-  clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created
-  rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created
-  rolebinding.rbac.authorization.k8s.io/awx-operator-manager-rolebinding created
-  clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created
-  configmap/awx-operator-manager-config created
-  service/awx-operator-controller-manager-metrics-service created
-  deployment.apps/awx-operator-controller-manager created
-```
-
-Wait a bit and you should have the `awx-operator` running:
-
-```
-$ kubectl get pods -n $NAMESPACE
-NAME                                               READY   STATUS    RESTARTS   AGE
-awx-operator-controller-manager-66ccd8f997-rhd4z   2/2     Running   0          11s
-```
-
-So we don't have to keep repeating `-n $NAMESPACE`, let's set the current namespace for `kubectl`:
-
-```
-$ kubectl config set-context --current --namespace=$NAMESPACE
-```
-
-It is important to know that when you do not set the default namespace to $NAMESPACE that the `awx-operator-controller-manager` might get confused.
-
-Next, create a file named `awx-demo.yml` with the suggested content below. The `metadata.name` you provide, will be the name of the resulting AWX deployment.
-
-**Note:** If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
-
-```yaml
----
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: awx-demo
-spec:
-  service_type: nodeport
-```
-
-Finally, use `kubectl` to create the awx instance in your cluster:
-
-```
-$ kubectl apply -f awx-demo.yml
-awx.awx.ansible.com/awx-demo created
-```
-Or, when you haven't set a default namespace
-
-```
-$ kubectl apply -f awx-demo.yml --namespace=$NAMESPACE
-awx.awx.ansible.com/awx-demo created
-```
-
-After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
-
-```
-$ kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
-```
-
-After a few seconds, you should see the operator begin to create new resources:
-
-```
-$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
-NAME                        READY   STATUS    RESTARTS   AGE
-awx-demo-77d96f88d5-pnhr8   4/4     Running   0          3m24s
-awx-demo-postgres-0         1/1     Running   0          3m34s
-
-$ kubectl get svc -l "app.kubernetes.io/managed-by=awx-operator"
-NAME                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
-awx-demo-postgres   ClusterIP   None           <none>        5432/TCP       4m4s
-awx-demo-service    NodePort    10.109.40.38   <none>        80:31006/TCP   3m56s
-```
-
-Once deployed, the AWX instance will be accessible by running:
-
-```
-$ minikube service awx-demo-service --url -n $NAMESPACE
-```
-
-By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run:
-
-```
-$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode
-yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR
-```
-
-You just completed the most basic install of an AWX instance via this operator. Congratulations!!!
-
-For an example using the Nginx Controller in Minukube, don't miss our [demo video](https://asciinema.org/a/416946).
-
-[![asciicast](https://raw.githubusercontent.com/ansible/awx-operator/devel/docs/awx-demo.svg)](https://asciinema.org/a/416946)
-
-### Basic Install on existing cluster
-
-For those running a whole K8S Cluster the steps to set up the awx-operator are:
-
-```
-$ Prepare required files
-git clone https://github.com/ansible/awx-operator.git
-cd awx-operator
-git checkout {{ latest_released_version }} # replace variable by latest version number in releases
-
-$ Deploy new AWX Operator
-export NAMESPACE=<Name of the namespace where your AWX instanse exists>
-make deploy
-```
-
-### Admin user account configuration
-
-There are three variables that are customizable for the admin user account creation.
-
-| Name                  | Description                                  | Default          |
-| --------------------- | -------------------------------------------- | ---------------- |
-| admin_user            | Name of the admin user                       | admin            |
-| admin_email           | Email of the admin user                      | test@example.com |
-| admin_password_secret | Secret that contains the admin user password | Empty string     |
-
-
-> :warning: **admin_password_secret must be a Kubernetes secret and not your text clear password**.
-
-If `admin_password_secret` is not provided, the operator will look for a secret named `<resourcename>-admin-password` for the admin password. If it is not present, the operator will generate a password and create a Secret from it named `<resourcename>-admin-password`.
-
-To retrieve the admin password, run `kubectl get secret <resourcename>-admin-password -o jsonpath="{.data.password}" | base64 --decode`
-
-The secret that is expected to be passed should be formatted as follow:
-
-```yaml
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <resourcename>-admin-password
-  namespace: <target namespace>
-stringData:
-  password: mysuperlongpassword
-```
-
-
-### Network and TLS Configuration
-
-#### Service Type
-
-If the `service_type` is not specified, the `ClusterIP` service will be used for your AWX Tower service.
-
-The `service_type` supported options are: `ClusterIP`, `LoadBalancer` and `NodePort`.
-
-The following variables are customizable for any `service_type`
-
-| Name                | Description             | Default      |
-| ------------------- | ----------------------- | ------------ |
-| service_labels      | Add custom labels       | Empty string |
-| service_annotations | Add service annotations | Empty string |
-
-```yaml
----
-spec:
-  ...
-  service_type: ClusterIP
-  service_annotations: |
-    environment: testing
-  service_labels: |
-    environment: testing
-```
-
-  * LoadBalancer
-
-The following variables are customizable only when `service_type=LoadBalancer`
-
-| Name                  | Description                              | Default |
-| --------------------- | ---------------------------------------- | ------- |
-| loadbalancer_protocol | Protocol to use for Loadbalancer ingress | http    |
-| loadbalancer_port     | Port used for Loadbalancer ingress       | 80      |
-
-```yaml
----
-spec:
-  ...
-  service_type: LoadBalancer
-  loadbalancer_protocol: https
-  loadbalancer_port: 443
-  service_annotations: |
-    environment: testing
-  service_labels: |
-    environment: testing
-```
-
-When setting up a Load Balancer for HTTPS you will be required to set the `loadbalancer_port` to move the port away from `80`.
-
-The HTTPS Load Balancer also uses SSL termination at the Load Balancer level and will offload traffic to AWX over HTTP.
-
-  * NodePort
-
-The following variables are customizable only when `service_type=NodePort`
-
-| Name          | Description            | Default |
-| ------------- | ---------------------- | ------- |
-| nodeport_port | Port used for NodePort | 30080   |
-
-```yaml
----
-spec:
-  ...
-  service_type: NodePort
-  nodeport_port: 30080
-```
-#### Ingress Type
-
-By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, when the `ingress_type` is not specified, it will default to `none` and nothing ingress-wise will be created.
-
-The `ingress_type` supported options are: `none`, `ingress` and `route`. To toggle between these options, you can add the following to your AWX CRD:
-
-  * None
-
-```yaml
----
-spec:
-  ...
-  ingress_type: none
-```
-
-  * Generic Ingress Controller
-
-The following variables are customizable when `ingress_type=ingress`. The `ingress` type creates an Ingress resource as [documented](https://kubernetes.io/docs/concepts/services-networking/ingress/) which can be shared with many other Ingress Controllers as [listed](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
-
-| Name                | Description                              | Default                     |
-| ------------------- | ---------------------------------------- | --------------------------- |
-| ingress_annotations | Ingress annotations                      | Empty string                |
-| ingress_tls_secret  | Secret that contains the TLS information | Empty string                |
-| hostname            | Define the FQDN                          | {{ meta.name }}.example.com |
-| ingress_path        | Define the ingress path to the service   | /                           |
-| ingress_path_type   | Define the type of the path (for LBs)    | Prefix                      |
-
-```yaml
----
-spec:
-  ...
-  ingress_type: ingress
-  hostname: awx-demo.example.com
-  ingress_annotations: |
-    environment: testing
-```
-
-  * Route
-
-The following variables are customizable when `ingress_type=route`
-
-| Name                            | Description                                   | Default                                                 |
-| ------------------------------- | --------------------------------------------- | ------------------------------------------------------- |
-| route_host                      | Common name the route answers for             | `<instance-name>-<namespace>-<routerCanonicalHostname>` |
-| route_tls_termination_mechanism | TLS Termination mechanism (Edge, Passthrough) | Edge                                                    |
-| route_tls_secret                | Secret that contains the TLS information      | Empty string                                            |
-
-```yaml
----
-spec:
-  ...
-  ingress_type: route
-  route_host: awx-demo.example.com
-  route_tls_termination_mechanism: Passthrough
-  route_tls_secret: custom-route-tls-secret-name
-```
-
-### Database Configuration
-
-#### External PostgreSQL Service
-
-In order for the AWX instance to rely on an external database, the Custom Resource needs to know about the connection details. Those connection details should be stored as a secret and either specified as `postgres_configuration_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-postgres-configuration`.
-
-
-The secret should be formatted as follows:
-
-```yaml
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <resourcename>-postgres-configuration
-  namespace: <target namespace>
-stringData:
-  host: <external ip or url resolvable by the cluster>
-  port: <external port, this usually defaults to 5432>
-  database: <desired database name>
-  username: <username to connect as>
-  password: <password to connect with>
-  sslmode: prefer
-  type: unmanaged
-type: Opaque
-```
-
-> Please ensure that the value for the variable `password` should _not_ contain single or double quotes (`'`, `"`) or backslashes (`\`) to avoid any issues during deployment, backup or restoration.
-
-> It is possible to set a specific username, password, port, or database, but still have the database managed by the operator. In this case, when creating the postgres-configuration secret, the `type: managed` field should be added.
-
-**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.
-
-#### Migrating data from an old AWX instance
-
-For instructions on how to migrate from an older version of AWX, see [migration.md](./docs/migration.md).
-
-#### Managed PostgreSQL Service
-
-If you don't have access to an external PostgreSQL service, the AWX operator can deploy one for you along side the AWX instance itself.
-
-The following variables are customizable for the managed PostgreSQL service
-
-| Name                                          | Description                                   | Default                           |
-| --------------------------------------------- | --------------------------------------------- | --------------------------------- |
-| postgres_image                                | Path of the image to pull                     | postgres:12                       |
-| postgres_init_container_resource_requirements | Database init container resource requirements | requests: {}                      |
-| postgres_resource_requirements                | PostgreSQL container resource requirements    | requests: {}                      |
-| postgres_storage_requirements                 | PostgreSQL container storage requirements     | requests: {storage: 8Gi}          |
-| postgres_storage_class                        | PostgreSQL PV storage class                   | Empty string                      |
-| postgres_data_path                            | PostgreSQL data path                          | `/var/lib/postgresql/data/pgdata` |
-
-Example of customization could be:
-
-```yaml
----
-spec:
-  ...
-  postgres_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 2Gi
-    limits:
-      cpu: 1
-      memory: 4Gi
-  postgres_storage_requirements:
-    requests:
-      storage: 8Gi
-    limits:
-      storage: 50Gi
-  postgres_storage_class: fast-ssd
-  postgres_extra_args:
-    - '-c'
-    - 'max_connections=1000'
-```
-
-**Note**: If `postgres_storage_class` is not defined, Postgres will store it's data on a volume using the default storage class for your cluster.
-
-### Advanced Configuration
-
-#### Deploying a specific version of AWX
-
-There are a few variables that are customizable for awx the image management.
-
-| Name                | Description               |
-| ------------------- | ------------------------- |
-| image               | Path of the image to pull |
-| image_version       | Image version to pull     |
-| image_pull_policy   | The pull policy to adopt  |
-| image_pull_secret   | The pull secret to use    |
-| ee_images           | A list of EEs to register |
-| redis_image         | Path of the image to pull |
-| redis_image_version | Image version to pull     |
-
-Example of customization could be:
-
-```yaml
----
-spec:
-  ...
-  image: myorg/my-custom-awx
-  image_version: latest
-  image_pull_policy: Always
-  image_pull_secret: pull_secret_name
-  ee_images:
-    - name: my-custom-awx-ee
-      image: myorg/my-custom-awx-ee
-```
-
-**Note**: The `image` and `image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
-
-#### Redis container capabilities
-
-Depending on your kubernetes cluster and settings you might need to grant some capabilities to the redis container so it can start. Set the `redis_capabilities` option so the capabilities are added in the deployment.
-
-```yaml
----
-spec:
-  ...
-  redis_capabilities:
-    - CHOWN
-    - SETUID
-    - SETGID
-```
-
-#### Privileged Tasks
-
-Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource:
-
-```yaml
----
-spec:
-  ...
-  task_privileged: true
-```
-
-If you are attempting to do this on an OpenShift cluster, you will need to grant the `awx` ServiceAccount the `privileged` SCC, which can be done with:
-
-```
-$ oc adm policy add-scc-to-user privileged -z awx
-```
-
-Again, this is the most relaxed SCC that is provided by OpenShift, so be sure to familiarize yourself with the security concerns that accompany this action.
-
-
-#### Containers Resource Requirements
-
-The resource requirements for both, the task and the web containers are configurable - both the lower end (requests) and the upper end (limits).
-
-| Name                       | Description                                      | Default                             |
-| -------------------------- | ------------------------------------------------ | ----------------------------------- |
-| web_resource_requirements  | Web container resource requirements              | requests: {cpu: 1000m, memory: 2Gi} |
-| task_resource_requirements | Task container resource requirements             | requests: {cpu: 500m, memory: 1Gi}  |
-| ee_resource_requirements   | EE control plane container resource requirements | requests: {cpu: 500m, memory: 1Gi}  |
-
-Example of customization could be:
-
-```yaml
----
-spec:
-  ...
-  web_resource_requirements:
-    requests:
-      cpu: 1000m
-      memory: 2Gi
-    limits:
-      cpu: 2000m
-      memory: 4Gi
-  task_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 1Gi
-    limits:
-      cpu: 1000m
-      memory: 2Gi
-  ee_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 1Gi
-    limits:
-      cpu: 1000m
-      memory: 2Gi
-```
-
-#### Assigning AWX pods to specific nodes
-
-You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `node_selector` and `postgres_selector` constrains
-the AWX pods to run only on the nodes that match all the specified key/value pairs. `tolerations` and `postgres_tolerations` allow the AWX
-pods to be scheduled onto nodes with matching taints.
-The ability to specify topologySpreadConstraints is also allowed through `topology_spread_constraints`  
-
-
-| Name                        | Description                         | Default |
-| --------------------------- | ----------------------------------- | ------- |
-| postgres_image              | Path of the image to pull           | 12      |
-| postgres_image_version      | Image version to pull               | 12      |
-| node_selector               | AWX pods' nodeSelector              | ''      |
-| topology_spread_constraints | AWX pods' topologySpreadConstraints | ''      |
-| tolerations                 | AWX pods' tolerations               | ''      |
-| annotations                 | AWX pods' annotations               | ''      |
-| postgres_selector           | Postgres pods' nodeSelector         | ''      |
-| postgres_tolerations        | Postgres pods' tolerations          | ''      |
-
-Example of customization could be:
-
-```yaml
----
-spec:
-  ...
-  node_selector: |
-    disktype: ssd
-    kubernetes.io/arch: amd64
-    kubernetes.io/os: linux
-  topology_spread_constraints: |
-    - maxSkew: 100
-      topologyKey: "topology.kubernetes.io/zone"
-      whenUnsatisfiable: "ScheduleAnyway"
-      labelSelector:
-        matchLabels:
-          app.kubernetes.io/name: "<resourcename>"
-  tolerations: |
-    - key: "dedicated"
-      operator: "Equal"
-      value: "AWX"
-      effect: "NoSchedule"
-  postgres_selector: |
-    disktype: ssd
-    kubernetes.io/arch: amd64
-    kubernetes.io/os: linux
-  postgres_tolerations: |
-    - key: "dedicated"
-      operator: "Equal"
-      value: "AWX"
-      effect: "NoSchedule"
-```
-
-#### Trusting a Custom Certificate Authority
-
-In cases which you need to trust a custom Certificate Authority, there are few variables you can customize for the `awx-operator`.
-
-Trusting a custom Certificate Authority allows the AWX to access network services configured with SSL certificates issued locally, such as cloning a project from from an internal Git server via HTTPS. It is common for these scenarios, experiencing the error [unable to verify the first certificate](https://github.com/ansible/awx-operator/issues/376).
-
-
-| Name                 | Description                            | Default |
-| -------------------- | -------------------------------------- | ------- |
-| ldap_cacert_secret   | LDAP Certificate Authority secret name | ''      |
-| bundle_cacert_secret | Certificate Authority secret name      | ''      |
-
-Please note the `awx-operator` will look for the data field `ldap-ca.crt` in the specified secret when using the `ldap_cacert_secret`, whereas the data field `bundle-ca.crt` is required for `bundle_cacert_secret` parameter.
-
-Example of customization could be:
-
-```yaml
----
-spec:
-  ...
-  ldap_cacert_secret: <resourcename>-custom-certs
-  bundle_cacert_secret: <resourcename>-custom-certs
-```
-
-To create the secret, you can use the command below:
-
-```
-# kubectl create secret generic <resourcename>-custom-certs \
-    --from-file=ldap-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>  \
-    --from-file=bundle-ca.crt=<PATH/TO/YOUR/CA/PEM/FILE>
-```
-
-#### Persisting Projects Directory
-
-In cases which you want to persist the `/var/lib/projects` directory, there are few variables that are customizable for the `awx-operator`.
-
-| Name                         | Description                                                                                    | Default       |
-| ---------------------------- | ---------------------------------------------------------------------------------------------- | ------------- |
-| projects_persistence         | Whether or not the /var/lib/projects directory will be persistent                              | false         |
-| projects_storage_class       | Define the PersistentVolume storage class                                                      | ''            |
-| projects_storage_size        | Define the PersistentVolume size                                                               | 8Gi           |
-| projects_storage_access_mode | Define the PersistentVolume access mode                                                        | ReadWriteMany |
-| projects_existing_claim      | Define an existing PersistentVolumeClaim to use (cannot be combined with `projects_storage_*`) | ''            |
-
-Example of customization when the `awx-operator` automatically handles the persistent volume could be:
-
-```yaml
----
-spec:
-  ...
-  projects_persistence: true
-  projects_storage_class: rook-ceph
-  projects_storage_size: 20Gi
-```
-
-#### Custom Volume and Volume Mount Options
-
-In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files.
-
-| Name                               | Description                                              | Default |
-| ---------------------------------- | -------------------------------------------------------- | ------- |
-| extra_volumes                      | Specify extra volumes to add to the application pod      | ''      |
-| web_extra_volume_mounts            | Specify volume mounts to be added to Web container       | ''      |
-| task_extra_volume_mounts           | Specify volume mounts to be added to Task container      | ''      |
-| ee_extra_volume_mounts             | Specify volume mounts to be added to Execution container | ''      |
-| init_container_extra_volume_mounts | Specify volume mounts to be added to Init container      | ''      |
-| init_container_extra_commands      | Specify additional commands for Init container           | ''      |
-
-
-> :warning: The `ee_extra_volume_mounts` and `extra_volumes` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
-
-Example configuration for ConfigMap
-
-```yaml
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <resourcename>-extra-config
-  namespace: <target namespace>
-data:
-  ansible.cfg: |
-     [defaults]
-     remote_tmp = /tmp
-     [ssh_connection]
-     ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
-  custom.py:  |
-      INSIGHTS_URL_BASE = "example.org"
-      AWX_CLEANUP_PATHS = True
-```
-Example spec file for volumes and volume mounts
-
-```yaml
----
-    spec:
-    ...
-      extra_volumes: |
-        - name: ansible-cfg
-          configMap:
-            defaultMode: 420
-            items:
-              - key: ansible.cfg
-                path: ansible.cfg
-            name: <resourcename>-extra-config
-        - name: custom-py
-          configMap:
-            defaultMode: 420
-            items:
-              - key: custom.py
-                path: custom.py
-            name: <resourcename>-extra-config
-        - name: shared-volume
-          persistentVolumeClaim:
-            claimName: my-external-volume-claim
-
-      init_container_extra_volume_mounts: |
-        - name: shared-volume
-          mountPath: /shared
-
-      init_container_extra_commands: |
-        # set proper permissions (rwx) for the awx user
-        chmod 775 /shared
-        chgrp 1000 /shared
-
-      ee_extra_volume_mounts: |
-        - name: ansible-cfg
-          mountPath: /etc/ansible/ansible.cfg
-          subPath: ansible.cfg
-
-      task_extra_volume_mounts: |
-        - name: custom-py
-          mountPath: /etc/tower/conf.d/custom.py
-          subPath: custom.py
-        - name: shared-volume
-          mountPath: /shared
-```
-
-> :warning: **Volume and VolumeMount names cannot contain underscores(_)**
-
-#### Default execution environments from private registries
-
-In order to register default execution environments from private registries, the Custom Resource needs to know about the pull credentials. Those credentials should be stored as a secret and either specified as `ee_pull_credentials_secret` at the CR spec level, or simply be present on the namespace under the name `<resourcename>-ee-pull-credentials` . Instance initialization will register a `Container registry` type credential on the deployed instance and assign it to the registered default execution environments.
-
-The secret should be formated as follows:
-
-```yaml
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <resourcename>-ee-pull-credentials
-  namespace: <target namespace>
-stringData:
-  url: <registry url. i.e. quay.io>
-  username: <username to connect as>
-  password: <password to connect with>
-  ssl_verify: <Optional attribute. Whether verify ssl connection or not. Accepted values "True" (default), "False" >
-type: Opaque
-```
-
-##### Control plane ee from private registry
-The images listed in "ee_images" will be added as globally available Execution Environments. The "control_plane_ee_image" will be used to run project updates. In order to use a private image for any of these you'll need to use `image_pull_secret` to provide a k8s pull secret to access it. Currently the same secret is used for any of these images supplied at install time.
-
-You can create `image_pull_secret`
-```
-kubectl create secret <resoucename>-cp-pull-credentials regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
-```
-If you need more control (for example, to set a namespace or a label on the new secret) then you can customise the Secret before storing it
-
-Example spec file extra-config
-
-```yaml
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <resoucename>-cp-pull-credentials
-  namespace: <target namespace>
-data:
-  .dockerconfigjson: <base64 docker config>
-type: kubernetes.io/dockerconfigjson
-```
-
-#### Exporting Environment Variables to Containers
-
-If you need to export custom environment variables to your containers.
-
-| Name           | Description                                         | Default |
-| -------------- | --------------------------------------------------- | ------- |
-| task_extra_env | Environment variables to be added to Task container | ''      |
-| web_extra_env  | Environment variables to be added to Web container  | ''      |
-| ee_extra_env   | Environment variables to be added to EE container   | ''      |
-
-> :warning: The `ee_extra_env` will only take effect to the globally available Execution Environments. For custom `ee`, please [customize the Pod spec](https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#customize-the-pod-spec).
-
-Example configuration of environment variables
-
-```yaml
-  spec:
-    task_extra_env: |
-      - name: MYCUSTOMVAR
-        value: foo
-    web_extra_env: |
-      - name: MYCUSTOMVAR
-        value: foo
-    ee_extra_env: |
-      - name: MYCUSTOMVAR
-        value: foo
-```
-
-#### Extra Settings
-
-With`extra_settings`, you can pass multiple custom settings via the `awx-operator`. The parameter `extra_settings`  will be appended to the `/etc/tower/settings.py` and can be an alternative to the `extra_volumes` parameter.
-
-| Name           | Description    | Default |
-| -------------- | -------------- | ------- |
-| extra_settings | Extra settings | ''      |
-
-Example configuration of `extra_settings` parameter
-
-```yaml
-  spec:
-    extra_settings:
-      - setting: MAX_PAGE_SIZE
-        value: "500"
-
-      - setting: AUTH_LDAP_BIND_DN
-        value: "cn=admin,dc=example,dc=com"
-```
-
-#### Service Account
-
-If you need to modify some `ServiceAccount` proprieties
-
-| Name                        | Description                       | Default |
-| --------------------------- | --------------------------------- | ------- |
-| service_account_annotations | Annotations to the ServiceAccount | ''      |
-
-Example configuration of environment variables
-
-```yaml
-  spec:
-    service_account_annotations: |
-      eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
-```
-
-
-### Uninstall ###
-
-To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do:
-
-```
-$ kubectl delete awx awx-demo
-awx.awx.ansible.com "awx-demo" deleted
-```
-
-Deleting an AWX instance will remove all related deployments and statefulsets, however, persistent volumes and secrets will remain. To enforce secrets also getting removed, you can use `garbage_collect_secrets: true`.
-
-### Upgrading
-
-To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX.  To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `image_version` variable in `roles/installer/defaults/main.yml` for that particular release.
-
-Apply the awx-operator.yml for that release to upgrade the operator, and in turn also upgrade your AWX deployment.
-
-#### v0.14.0
-
-##### Cluster-scope to Namespace-scope considerations
-
-Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to
-delete your existing `awx-operator` service account, role and role binding.
-
-##### Project is now based on v1.x of the operator-sdk project
-
-Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. You may need to manually delete your old operator Deployment to avoid issues.
-
-##### Steps to upgrade
-
-Delete your old AWX Operator and existing `awx-operator` service account, role and role binding in `default` namespace first:
-
-```
-$ kubectl -n default delete deployment awx-operator
-$ kubectl -n default delete serviceaccount awx-operator
-$ kubectl -n default delete clusterrolebinding awx-operator
-$ kubectl -n default delete clusterrole awx-operator
-```
-
-Then install the new AWX Operator by following the instructions in [Basic Install](#basic-install-on-existing-cluster). The `NAMESPACE` environment variable have to be the name of the namespace in which your old AWX instance resides.
-
-Once the new AWX Operator is up and running, your AWX deployment will also be upgraded.
+> Helm chart documentation is available at <https://ansible-community.github.io/awx-operator-helm/>
 
 ## Contributing
 
 Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).
 
+For docs changes, create PRs on the appropriate files in the `/docs` folder.
 
-## Release Process
-
-The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you dont need to do it as a separate step.
-
-If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually.
-
-After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, publishing the image to Quay.
+The development environment consists of running an [`up.sh`](https://github.com/ansible/awx-operator/blob/devel/up.sh) and a [`down.sh`](https://github.com/ansible/awx-operator/blob/devel/down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](https://github.com/ansible/awx-operator/blob/devel/docs/development.md) for information on how to deploy and test changes from your branch.
 
 ## Author
 
 This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team
+
+## Code of Conduct
+
+We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)
+
+## Get Involved
+
+We welcome your feedback, questions and ideas. Here's how to reach the community.
+
+### Forum
+
+Join the [Ansible Forum](https://forum.ansible.com) as a single starting point and our default communication platform for questions and help, development discussions, events, and much more. [Register](https://forum.ansible.com/signup?) to join the community. Search by categories and tags to find interesting topics or start a new one; subscribe only to topics you need!
+
+* [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example `awx-operator` and  `documentation`.
+* [Posts tagged with 'awx-operator'](https://forum.ansible.com/tag/awx-operator): subscribe to participate in project-related conversations.
+* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn) used to announce releases and important changes.
+* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+For more information on the forum navigation, see [Navigating the Ansible forum](https://forum.ansible.com/t/navigating-the-ansible-forum-tags-categories-and-concepts/39) post.
+
+### Matrix
+
+For real-time interactions, conversations in the community happen over the Matrix protocol in the following channels:
+
+* [#awx:ansible.com](https://matrix.to/#/#awx:ansible.com): AWX and AWX-Operator project-related discussions.
+* [#docs:ansible.im](https://matrix.to/#/#docs:ansible.im): Ansible, AWX and AWX-Operator documentation-related discussions.
+
+For more information, see the community-hosted [Matrix FAQ](https://hackmd.io/@ansible-community/community-matrix-faq).

SECURITY.md

@@ -0,0 +1,3 @@
+For all security related bugs, email security@ansible.com instead of using this issue tracker and you will receive a prompt response.
+
+For more information on the Ansible community's practices regarding responsible disclosure, see https://www.ansible.com/security

ansible/instantiate-awx-deployment.yml

@@ -26,6 +26,7 @@
             image_version: "{{ image_version | default(omit) }}"
             development_mode: "{{ development_mode | default(omit) | bool }}"
             image_pull_policy: "{{ image_pull_policy | default(omit) }}"
+            nodeport_port: "{{ nodeport_port | default(omit) }}"
             # ee_images:
             #   - name: test-ee
             #     image: quay.io/<user>/awx-ee

awxmeshingress-demo.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1alpha1
+kind: AWXMeshIngress
+metadata:
+  name: awx-mesh-ingress-demo
+spec:
+  deployment_name: awx-demo

config/crd/bases/awx.ansible.com_awxbackups.yaml

@@ -0,0 +1,158 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXBackup CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            x-kubernetes-validations:
+            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
+              message: "Both postgres_image and postgres_image_version must be set when required"
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the deployment to be backed up
+                type: string
+              backup_pvc:
+                description: Name of the backup PVC
+                type: string
+              create_backup_pvc:
+                description: If true (default), automatically create the backup PVC if it does not exist
+                type: boolean
+                default: true
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_storage_requirements:
+                description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
+                type: string
+              backup_resource_requirements:
+                description: Resource requirements for the management pod used to create a backup
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              backup_storage_class:
+                description: Storage class to use when creating PVC for backup
+                type: string
+              clean_backup_on_delete:
+                description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
+                type: boolean
+              pg_dump_suffix:
+                description: Additional parameters for the pg_dump command
+                type: string
+              use_db_compression:
+                description: Enable compression for database dumps using pg_dump built-in compression.
+                type: boolean
+                default: true
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              precreate_partition_hours:
+                description: Number of hours worth of events table partitions to precreate before backup to avoid pg_dump locks.
+                type: integer
+                format: int32
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: boolean
+                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              backupDirectory:
+                description: Backup directory name on the specified pvc
+                type: string
+              backupClaim:
+                description: Backup persistent volume claim
+                type: string

config/crd/bases/awx.ansible.com_awxmeshingresses.yaml

@@ -0,0 +1,464 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxmeshingresses.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXMeshIngress
+    listKind: AWXMeshIngressList
+    plural: awxmeshingresses
+    singular: awxmeshingress
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AWXMeshIngress is the Schema for the awxmeshingresses API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec defines the desired state of AWXMeshIngress
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the AWX deployment to create the Mesh Ingress for.
+                type: string
+              image_pull_secrets:
+                description: Image pull secrets for Mesh Ingress containers.
+                type: array
+                items:
+                  type: string
+              external_hostname:
+                description: External hostname to use for the Mesh Ingress.
+                type: string
+              external_ipaddress:
+                description: External IP address to use for the Mesh Ingress.
+                type: string
+              ingress_type:
+                description: The ingress type to use to reach the deployed instance
+                type: string
+                enum:
+                - none
+                - Ingress
+                - ingress
+                - IngressRouteTCP
+                - ingressroutetcp
+                - Route
+                - route
+              ingress_api_version:
+                description: The Ingress API version to use
+                type: string
+              ingress_annotations:
+                description: Annotations to add to the Ingress Controller
+                type: string
+              route_annotations:
+                description: Annotations to add to the OpenShift Route
+                type: string
+              ingress_class_name:
+                description: The name of ingress class to use instead of the cluster default.
+                type: string
+              ingress_controller:
+                description: Special configuration for specific Ingress Controllers
+                type: string
+              node_selector:
+                description: Assign the Mesh Ingress Pod to the specified node.
+                type: string
+              tolerations:
+                description: Scheduling tolerations for the Mesh Ingress instance.
+                type: string
+              topology_spread_constraints:
+                description: Topology spread constraints for the Mesh Ingress instance.
+                type: string
+              affinity:
+                description: Scheduling constraints to apply to the Pod definition
+                properties:
+                  nodeAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            preference:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - preference
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        properties:
+                          nodeSelectorTerms:
+                            items:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            type: array
+                        required:
+                        - nodeSelectorTerms
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
+                  podAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            podAffinityTerm:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - podAffinityTerm
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaceSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaces:
+                              items:
+                                type: string
+                              type: array
+                            topologyKey:
+                              type: string
+                          required:
+                          - topologyKey
+                          type: object
+                        type: array
+                    type: object
+                  podAntiAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            podAffinityTerm:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - podAffinityTerm
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaceSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaces:
+                              items:
+                                type: string
+                              type: array
+                            topologyKey:
+                              type: string
+                          required:
+                          - topologyKey
+                          type: object
+                        type: array
+                    type: object
+                type: object
+          status:
+            description: Status defines the observed state of AWXMeshIngress
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/bases/awx.ansible.com_awxrestores.yaml

@@ -0,0 +1,156 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxrestores.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXRestore
+    listKind: AWXRestoreList
+    plural: awxrestores
+    singular: awxrestore
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXRestore CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            x-kubernetes-validations:
+            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
+              message: "Both postgres_image and postgres_image_version must be set when required"
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              backup_source:
+                description: Backup source
+                type: string
+                enum:
+                - Backup CR
+                - PVC
+              deployment_name:
+                description: Name of the restored deployment. This should be different from the original deployment name
+                  if the original deployment still exists.
+                type: string
+              cluster_name:
+                description: Cluster name
+                type: string
+              backup_name:
+                description: AWXBackup object name
+                type: string
+              backup_pvc:
+                description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
+                type: string
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_dir:
+                description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
+                type: string
+              restore_resource_requirements:
+                description: Resource requirements for the management pod that restores AWX from a backup
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              spec_overrides:
+                description: Overrides for the AWX spec
+                # type: string
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: boolean
+                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+              force_drop_db:
+                description: Force drop the database before restoring. USE WITH CAUTION!
+                type: boolean
+                default: false
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              restoreComplete:
+                description: Restore process complete
+                type: boolean

config/crd/bases/awxbackup.ansible.com_awxbackups.yaml

@@ -1,77 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxbackups.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXBackup
-    listKind: AWXBackupList
-    plural: awxbackups
-    singular: awxbackup
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXBackup CRD
-          properties:
-            spec:
-              type: object
-              required:
-                - deployment_name
-              properties:
-                deployment_name:
-                  description: Name of the deployment to be backed up
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be used for storing the backup
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace the PVC is in
-                  type: string
-                backup_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  type: string
-                backup_storage_class:
-                  description: Storage class to use when creating PVC for backup
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-            status:
-              type: object
-              properties:
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      lastTransitionTime:
-                        type: string
-                      reason:
-                        type: string
-                      status:
-                        type: string
-                      type:
-                        type: string
-                    type: object
-                  type: array
-                backupDirectory:
-                  description: Backup directory name on the specified pvc
-                  type: string
-                backupClaim:
-                  description: Backup persistent volume claim
-                  type: string

config/crd/bases/awxrestore.ansible.com_awxrestores.yaml

@@ -1,78 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxrestores.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXRestore
-    listKind: AWXRestoreList
-    plural: awxrestores
-    singular: awxrestore
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXRestore CRD
-          properties:
-            spec:
-              type: object
-              properties:
-                backup_source:
-                  description: Backup source
-                  type: string
-                  enum:
-                    - CR
-                    - PVC
-                deployment_name:
-                  description: Name of the deployment to be restored to
-                  type: string
-                backup_name:
-                  description: AWXBackup object name
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
-                  type: string
-                backup_pvc_namespace:
-                  description: Namespace the PVC is in
-                  type: string
-                backup_dir:
-                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-            status:
-              type: object
-              properties:
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      lastTransitionTime:
-                        type: string
-                      reason:
-                        type: string
-                      status:
-                        type: string
-                      type:
-                        type: string
-                    type: object
-                  type: array
-                restoreComplete:
-                  description: Restore process complete
-                  type: boolean

config/crd/kustomization.yaml

@@ -1,9 +1,9 @@
----
 # This kustomization.yaml is not intended to be run by itself,
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 resources:
-  - bases/awx.ansible.com_awxs.yaml
-  - bases/awxbackup.ansible.com_awxbackups.yaml
-  - bases/awxrestore.ansible.com_awxrestores.yaml
-# +kubebuilder:scaffold:crdkustomizeresource
+- bases/awx.ansible.com_awxs.yaml
+- bases/awx.ansible.com_awxbackups.yaml
+- bases/awx.ansible.com_awxrestores.yaml
+- bases/awx.ansible.com_awxmeshingresses.yaml
+#+kubebuilder:scaffold:crdkustomizeresource

config/default/kustomization.yaml

@@ -1,24 +1,30 @@
 # Adds namespace to all resources.
 namespace: awx
+
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
 namePrefix: awx-operator-
+
 # Labels to add to all resources and selectors.
-# commonLabels:
-#   someName: someValue
-  # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-  # - ../prometheus
-  # Protect the /metrics endpoint by putting it behind auth.
-  # If you want your controller-manager to expose the /metrics
-  # endpoint w/o any authn/z, please comment the following line.
-patchesStrategicMerge:
-- manager_auth_proxy_patch.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
 resources:
 - ../crd
 - ../rbac
 - ../manager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+- metrics_service.yaml
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: manager_metrics_patch.yaml
+  target:
+    kind: Deployment

config/default/manager_auth_proxy_patch.yaml

@@ -1,29 +0,0 @@
----
-# This patch inject a sidecar container which is a HTTP proxy for the
-# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: controller-manager
-  namespace: system
-spec:
-  template:
-    spec:
-      containers:
-        - name: kube-rbac-proxy
-          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
-          args:
-            - "--secure-listen-address=0.0.0.0:8443"
-            - "--upstream=http://127.0.0.1:8080/"
-            - "--logtostderr=true"
-            - "--v=10"
-          ports:
-            - containerPort: 8443
-              protocol: TCP
-              name: https
-        - name: awx-manager
-          args:
-            - "--health-probe-bind-address=:6789"
-            - "--metrics-bind-address=127.0.0.1:8080"
-            - "--leader-elect"
-            - "--leader-election-id=awx-operator"

config/default/manager_config_patch.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -8,14 +7,14 @@ spec:
   template:
     spec:
       containers:
-        - name: awx-manager
-          args:
-            - "--config=controller_manager_config.yaml"
-          volumeMounts:
-            - name: awx-manager-config
-              mountPath: /controller_manager_config.yaml
-              subPath: controller_manager_config.yaml
-      volumes:
+      - name: awx-manager
+        args:
+        - "--config=controller_manager_config.yaml"
+        volumeMounts:
         - name: awx-manager-config
-          configMap:
-            name: awx-manager-config
+          mountPath: /controller_manager_config.yaml
+          subPath: controller_manager_config.yaml
+      volumes:
+      - name: awx-manager-config
+        configMap:
+          name: awx-manager-config

config/default/manager_metrics_patch.yaml

@@ -0,0 +1,12 @@
+# This patch adds the args to allow exposing the metrics endpoint using HTTPS
+- op: add
+  path: /spec/template/spec/containers/0/args/0
+  value: --metrics-bind-address=:8443
+# This patch adds the args to allow securing the metrics endpoint
+- op: add
+  path: /spec/template/spec/containers/0/args/0
+  value: --metrics-secure
+# This patch adds the args to allow RBAC-based authn/authz for the metrics endpoint
+- op: add
+  path: /spec/template/spec/containers/0/args/0
+  value: --metrics-require-rbac

config/default/metrics_service.yaml

@@ -1,16 +1,18 @@
----
 apiVersion: v1
 kind: Service
 metadata:
   labels:
     control-plane: controller-manager
+    app.kubernetes.io/name: awx-operator
+    app.kubernetes.io/managed-by: kustomize
   name: controller-manager-metrics-service
   namespace: system
 spec:
   ports:
-    - name: https
-      port: 8443
-      protocol: TCP
-      targetPort: https
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
   selector:
     control-plane: controller-manager
+    app.kubernetes.io/name: awx-operator

config/manager/controller_manager_config.yaml

@@ -1,10 +1,20 @@
----
-apiVersion: controller-runtime.sigs.k8s.io/v1beta1
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
 kind: ControllerManagerConfig
 health:
   healthProbeBindAddress: :6789
 metrics:
   bindAddress: 127.0.0.1:8080
+
 leaderElection:
   leaderElect: true
   resourceName: 811c9dc5.ansible.com
+# leaderElectionReleaseOnCancel defines if the leader should step down volume
+# when the Manager ends. This requires the binary to immediately end when the
+# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+# speeds up voluntary leader transitions as the new leader don't have to wait
+# LeaseDuration time first.
+# In the default scaffold provided, the program ends immediately after
+# the manager stops, so would be fine to enable this option. However,
+# if you are doing or is intended to do any operation such as perform cleanups
+# after the manager stops then its usage might be unsafe.
+# leaderElectionReleaseOnCancel: true

config/manager/kustomization.yaml

@@ -1,11 +1,14 @@
 resources:
 - manager.yaml
+
 generatorOptions:
   disableNameSuffixHash: true
+
 configMapGenerator:
 - files:
   - controller_manager_config.yaml
   name: awx-manager-config
+
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:

config/manager/manager.yaml

@@ -20,39 +20,63 @@ spec:
   replicas: 1
   template:
     metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: awx-manager
       labels:
         control-plane: controller-manager
     spec:
       securityContext:
         runAsNonRoot: true
+        # For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
       containers:
-        - args:
-            - --leader-elect
-            - --leader-election-id=awx-operator
-          image: controller:latest
-          name: awx-manager
-          env:
-            - name: ANSIBLE_GATHERING
-              value: explicit
-            - name: ANSIBLE_DEBUG_LOGS
-              value: 'false'
-            - name: WATCH_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          securityContext:
-            allowPrivilegeEscalation: false
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: 6789
-            initialDelaySeconds: 5
-            periodSeconds: 10
+      - args:
+        - --leader-elect
+        - --leader-election-id=awx-operator
+        - --health-probe-bind-address=:6789
+        image: controller:latest
+        imagePullPolicy: IfNotPresent
+        name: awx-manager
+        env:
+        - name: ANSIBLE_GATHERING
+          value: explicit
+        - name: ANSIBLE_DEBUG_LOGS
+          value: 'false'
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 6789
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 6789
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "50m"
+          limits:
+            memory: "4000Mi"
+            cpu: "2000m"
       serviceAccountName: controller-manager
+      imagePullSecrets:
+      - name: redhat-operators-pull-secret
       terminationGracePeriodSeconds: 10

config/manifests/kustomization.yaml

@@ -1,8 +1,7 @@
----
 # These resources constitute the fully configured set of manifests
 # used to generate the 'manifests/' directory in a bundle.
 resources:
-  - bases/awx-operator.clusterserviceversion.yaml
-  - ../default
-  - ../samples
-  - ../scorecard
+- bases/awx-operator.clusterserviceversion.yaml
+- ../default
+- ../samples
+- ../scorecard

config/prometheus/kustomization.yaml

@@ -1,3 +1,2 @@
----
 resources:
-  - monitor.yaml
+- monitor.yaml

config/prometheus/monitor.yaml

@@ -1,4 +1,3 @@
----
 # Prometheus Monitor Service (Metrics)
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor

config/rbac/auth_proxy_role.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: proxy-role
-rules:
-  - apiGroups:
-      - authentication.k8s.io
-    resources:
-      - tokenreviews
-    verbs:
-      - create
-  - apiGroups:
-      - authorization.k8s.io
-    resources:
-      - subjectaccessreviews
-    verbs:
-      - create

config/rbac/awx_editor_role.yaml

@@ -1,25 +1,24 @@
----
 # permissions for end users to edit awxs.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: awx-editor-role
 rules:
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs
-    verbs:
-      - create
-      - delete
-      - get
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs/status
-    verbs:
-      - get
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get

config/rbac/awx_viewer_role.yaml

@@ -1,21 +1,20 @@
----
 # permissions for end users to view awxs.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: awx-viewer-role
 rules:
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs/status
-    verbs:
-      - get
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get

config/rbac/awxbackup_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get

config/rbac/awxbackup_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get

config/rbac/awxmeshingress_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit awxmeshingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: awxmeshingress-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: awx-operator
+    app.kubernetes.io/part-of: awx-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: awxmeshingress-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses/status
+  verbs:
+  - get

config/rbac/awxmeshingress_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view awxmeshingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: awxmeshingress-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: awx-operator
+    app.kubernetes.io/part-of: awx-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: awxmeshingress-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses/status
+  verbs:
+  - get

config/rbac/awxrestore_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get

config/rbac/awxrestore_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get

config/rbac/kustomization.yaml

@@ -1,19 +1,14 @@
----
 resources:
-  # All RBAC will be applied under this service account in
-  # the deployment namespace. You may comment out this resource
-  # if your manager will use a service account that exists at
-  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
-  # subjects if changing service account names.
-  - service_account.yaml
-  - role.yaml
-  - role_binding.yaml
-  - leader_election_role.yaml
-  - leader_election_role_binding.yaml
-  # Comment the following 4 lines if you want to disable
-  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-  # which protects your /metrics endpoint.
-  - auth_proxy_service.yaml
-  - auth_proxy_role.yaml
-  - auth_proxy_role_binding.yaml
-  - auth_proxy_client_clusterrole.yaml
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+- metrics_auth_role.yaml
+- metrics_auth_role_binding.yaml
+- metrics_reader_role.yaml

config/rbac/leader_election_role.yaml

@@ -1,38 +1,37 @@
----
 # permissions to do leader election.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: leader-election-role
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - patch
-      - delete
-  - apiGroups:
-      - coordination.k8s.io
-    resources:
-      - leases
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - patch
-      - delete
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

config/rbac/leader_election_role_binding.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -8,6 +7,6 @@ roleRef:
   kind: Role
   name: leader-election-role
 subjects:
-  - kind: ServiceAccount
-    name: controller-manager
-    namespace: system
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/metrics_auth_role.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create

config/rbac/metrics_auth_role_binding.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: proxy-rolebinding
+  name: metrics-auth-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: proxy-role
+  name: metrics-auth-role
 subjects:
-  - kind: ServiceAccount
-    name: controller-manager
-    namespace: system
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/metrics_reader_role.yaml

@@ -1,10 +1,9 @@
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: metrics-reader
 rules:
-  - nonResourceURLs:
-      - "/metrics"
-    verbs:
-      - get
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get

config/rbac/role.yaml

@@ -20,7 +20,6 @@ rules:
       - watch
   - apiGroups:
       - ""
-      - "rbac.authorization.k8s.io"
     resources:
       - pods
       - services
@@ -31,6 +30,17 @@ rules:
       - events
       - configmaps
       - secrets
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - "rbac.authorization.k8s.io"
+    resources:
       - roles
       - rolebindings
     verbs:
@@ -43,12 +53,22 @@ rules:
       - watch
   - apiGroups:
       - apps
-      - networking.k8s.io
     resources:
       - deployments
       - daemonsets
       - replicasets
       - statefulsets
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
       - ingresses
     verbs:
       - get
@@ -58,6 +78,18 @@ rules:
       - patch
       - update
       - watch
+  - apiGroups:
+      - batch
+    resources:
+      - cronjobs
+      - jobs
+    verbs:
+      - get
+      - list
+      - create
+      - patch
+      - update
+      - watch
   - apiGroups:
       - monitoring.coreos.com
     resources:
@@ -104,3 +136,16 @@ rules:
       - awxrestores
     verbs:
       - '*'
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutetcps
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch

config/rbac/service_account.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: ServiceAccount
 metadata:

config/samples/awx_v1alpha1_awxmeshingress.yaml

@@ -0,0 +1,8 @@
+# Placeholder to pass CI and allow bundle generation
+---
+apiVersion: awx.ansible.com/v1alpha1
+kind: AWXMeshIngress
+metadata:
+  name: example-awx-mesh-ingress
+spec:
+  deployment_name: example-awx

config/samples/awx_v1beta1_awx.yaml

@@ -6,13 +6,13 @@ metadata:
 spec:
   web_resource_requirements:
     requests:
-      cpu: 250m
+      cpu: 50m
       memory: 128M
   task_resource_requirements:
     requests:
-      cpu: 250m
+      cpu: 50m
       memory: 128M
   ee_resource_requirements:
     requests:
-      cpu: 200m
+      cpu: 50m
       memory: 64M

config/samples/awx_v1beta1_awx_resource_limits.yaml

@@ -0,0 +1,48 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-with-limits
+spec:
+  task_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 2000m
+      memory: 4Gi
+  web_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  ee_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  redis_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  rsyslog_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+  init_container_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 2Gi

config/samples/awx_v1beta1_awxbackup.yaml

@@ -0,0 +1,13 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXBackup
+metadata:
+  name: example-awx-backup
+spec:
+  deployment_name: example-awx
+  backup_resource_requirements:
+    limits:
+      cpu: "1000m"
+      memory: "4096Mi"
+    requests:
+      cpu: "25m"
+      memory: "32Mi"

config/samples/awx_v1beta1_awxrestore.yaml

@@ -0,0 +1,14 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXRestore
+metadata:
+  name: awxrestore-sample
+spec:
+  deployment_name: example-awx-2
+  backup_name: example-awx-backup
+  restore_resource_requirements:
+    limits:
+      cpu: "1000m"
+      memory: "4096Mi"
+    requests:
+      cpu: "25m"
+      memory: "32Mi"

config/samples/kustomization.yaml

@@ -1,5 +1,7 @@
----
 ## Append samples you want in your CSV to this file as resources ##
 resources:
-  - awx_v1beta1_awx.yaml
-# +kubebuilder:scaffold:manifestskustomizesamples
+- awx_v1beta1_awx.yaml
+- awx_v1beta1_awxbackup.yaml
+- awx_v1beta1_awxrestore.yaml
+- awx_v1alpha1_awxmeshingress.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples

config/scorecard/bases/config.yaml

@@ -1,8 +1,7 @@
----
 apiVersion: scorecard.operatorframework.io/v1alpha3
 kind: Configuration
 metadata:
   name: config
 stages:
-  - parallel: true
-    tests: []
+- parallel: true
+  tests: []

config/scorecard/kustomization.yaml

@@ -1,17 +1,16 @@
----
 resources:
-  - bases/config.yaml
+- bases/config.yaml
 patchesJson6902:
-  - path: patches/basic.config.yaml
-    target:
-      group: scorecard.operatorframework.io
-      version: v1alpha3
-      kind: Configuration
-      name: config
-  - path: patches/olm.config.yaml
-    target:
-      group: scorecard.operatorframework.io
-      version: v1alpha3
-      kind: Configuration
-      name: config
-# +kubebuilder:scaffold:patchesJson6902
+- path: patches/basic.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+- path: patches/olm.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+#+kubebuilder:scaffold:patchesJson6902

config/scorecard/patches/basic.config.yaml

@@ -1,11 +1,10 @@
----
 - op: add
   path: /stages/0/tests/-
   value:
     entrypoint:
-      - scorecard-test
-      - basic-check-spec
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
     labels:
       suite: basic
       test: basic-check-spec-test

config/scorecard/patches/olm.config.yaml

@@ -1,11 +1,10 @@
----
 - op: add
   path: /stages/0/tests/-
   value:
     entrypoint:
-      - scorecard-test
-      - olm-bundle-validation
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
     labels:
       suite: olm
       test: olm-bundle-validation-test
@@ -13,9 +12,9 @@
   path: /stages/0/tests/-
   value:
     entrypoint:
-      - scorecard-test
-      - olm-crds-have-validation
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
     labels:
       suite: olm
       test: olm-crds-have-validation-test
@@ -23,9 +22,9 @@
   path: /stages/0/tests/-
   value:
     entrypoint:
-      - scorecard-test
-      - olm-crds-have-resources
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
     labels:
       suite: olm
       test: olm-crds-have-resources-test
@@ -33,9 +32,9 @@
   path: /stages/0/tests/-
   value:
     entrypoint:
-      - scorecard-test
-      - olm-spec-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
     labels:
       suite: olm
       test: olm-spec-descriptors-test
@@ -43,9 +42,9 @@
   path: /stages/0/tests/-
   value:
     entrypoint:
-      - scorecard-test
-      - olm-status-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
     labels:
       suite: olm
       test: olm-status-descriptors-test

config/testing/kustomization.yaml

@@ -1,21 +1,26 @@
 # Adds namespace to all resources.
 namespace: osdk-test
+
 namePrefix: osdk-
+
 # Labels to add to all resources and selectors.
-# commonLabels:
-#   someName: someValue
-patchesStrategicMerge:
-- manager_image.yaml
-- debug_logs_patch.yaml
-- ../default/manager_auth_proxy_patch.yaml
+#commonLabels:
+#  someName: someValue
+
+
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../crd
 - ../rbac
 - ../manager
+- ../default/metrics_service.yaml
 images:
 - name: testing
   newName: testing-operator
 patches:
-- path: pull_policy/Never.yaml
+- path: manager_image.yaml
+- path: debug_logs_patch.yaml
+- path: ../default/manager_metrics_patch.yaml
+  target:
+    kind: Deployment

dev/awx-cr/awx-cr-settings.yml

@@ -0,0 +1,24 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: route
+  no_log: false
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key
+
+  # Resource Requirements
+  postgres_storage_requirements:
+    requests:
+      storage: 10Gi
+
+  # Extra Settings
+  extra_settings:
+    - setting: MAX_PAGE_SIZE
+      value: "500"

dev/awx-cr/awx-db-configuration.cr.yml

@@ -0,0 +1,30 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: Route
+
+  postgres_extra_settings:
+    - setting: max_connections
+      value: "999"
+    - setting: ssl_ciphers
+      value: "HIGH:!aNULL:!MD5"
+
+  # requires custom-postgres-configuration secret to be pre-created
+  # postgres_configuration_secret: custom-postgres-configuration
+
+  postgres_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 800m
+      memory: 1Gi
+  postgres_storage_requirements:
+    requests:
+      storage: 20Gi
+    limits:
+      storage: 100Gi

dev/awx-cr/awx-k8s-ingress.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: nodeport
+  ingress_type: ingress
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key

dev/awx-cr/awx-openshift-cr.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: Route
+
+  # # Secrets
+  # admin_password_secret: custom-admin-password
+  # postgres_configuration_secret: custom-pg-configuration
+  # secret_key_secret: custom-secret-key

dev/secrets/admin-password-secret.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-admin-password
+stringData:
+  password: 'password'

dev/secrets/custom-secret-key.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-secret-key
+stringData:
+  secret_key: 'awxsecret'

dev/secrets/external-pg-secret.yml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-pg-secret
+stringData:
+  database: 'awx'
+  host: 'awx-postgres'
+  password: 'test'
+  port: '5432'
+  type: 'managed'
+  username: 'awx'

docs/README.md

@@ -0,0 +1,16 @@
+# Building the Ansible AWX Operator Docs
+
+To build the AWX Operator docs locally:
+
+1. Clone the AWX operator repository.
+1. Preferrably, create a virtual environment for installing the dependencies.  
+   a. `python3 -m venv venv`  
+   b. `source venv/bin/activate`
+1. From the root directory:  
+   a. `pip install -r docs/requirements.txt`  
+   b. `mkdocs build`
+1. View the docs in your browser:  
+   a. `mkdocs serve`  
+   b. Open your browser and navigate to `http://127.0.0.1:8000/`
+
+This will create a new directory called `site/` in the root of your clone containing the index.html and static files.

docs/contributors-guide/author.md

@@ -0,0 +1,3 @@
+# Author
+
+This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team

docs/contributors-guide/code-of-conduct.md

@@ -0,0 +1,3 @@
+# Code of Conduct
+
+We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)

docs/contributors-guide/contributing.md

@@ -0,0 +1,5 @@
+# Contributing
+
+Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).
+
+For docs changes, create PRs on the appropriate files in the `/docs` folder.

docs/contributors-guide/get-involved.md

@@ -0,0 +1,24 @@
+# Get Involved
+
+We welcome your feedback, questions and ideas. Here's how to reach the community.
+
+## Forum
+
+Join the [Ansible Forum](https://forum.ansible.com) as a single starting point and our default communication platform for questions and help, development discussions, events, and much more. [Register](https://forum.ansible.com/signup?) to join the community. Search by categories and tags to find interesting topics or start a new one; subscribe only to topics you need!
+
+* [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example `awx-operator` and  `documentation`.
+* [Posts tagged with 'awx-operator'](https://forum.ansible.com/tag/awx-operator): subscribe to participate in project-related conversations.
+* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn) used to announce releases and important changes.
+* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+For more information on the forum navigation, see [Navigating the Ansible forum](https://forum.ansible.com/t/navigating-the-ansible-forum-tags-categories-and-concepts/39) post.
+
+## Matrix
+
+For real-time interactions, conversations in the community happen over the Matrix protocol in the following channels:
+
+* [#awx:ansible.com](https://matrix.to/#/#awx:ansible.com): AWX and AWX-Operator project-related discussions.
+* [#docs:ansible.im](https://matrix.to/#/#docs:ansible.im): Ansible, AWX and AWX-Operator documentation-related discussions.
+
+For more information, see the community-hosted [Matrix FAQ](https://hackmd.io/@ansible-community/community-matrix-faq).

docs/contributors-guide/release-process.md

@@ -0,0 +1,10 @@
+# Release Process
+
+The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you don't need to do it as a separate step.
+
+If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually.
+
+After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, which will:
+
+- Publish image to Quay
+- Release Helm chart

docs/development.md

@@ -0,0 +1,104 @@
+# Development Guide
+
+There are development scripts and yaml examples in the [`dev/`](../dev) directory that, along with the up.sh and down.sh scripts in the root of the repo, can be used to build, deploy and test changes made to the awx-operator.
+
+
+## Prerequisites
+
+You will need to have the following tools installed:
+
+* [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [podman](https://podman.io/docs/installation) or [docker](https://docs.docker.com/get-docker/)
+* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+* [oc](https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html) (if using Openshift)
+
+You will also need to have a container registry account. This guide uses quay.io, but any container registry will work. You will need to create a robot account and login at the CLI with `podman login` or `docker login`.
+
+## Quay.io Setup for Development
+
+Before using the development scripts, you'll need to set up a Quay.io repository and pull secret:
+
+### 1. Create a Private Quay.io Repository
+- Go to [quay.io](https://quay.io) and create a private repository named `awx-operator` under your username
+- The repository URL should be `quay.io/username/awx-operator`
+
+### 2. Create a Bot Account
+- In your Quay.io repository, go to Settings → Robot Accounts
+- Create a new robot account with write permissions to your repository
+- Click on the robot account name to view its credentials
+
+### 3. Generate Kubernetes Pull Secret
+- In the robot account details, click "Kubernetes Secret"
+- Copy the generated YAML content from the pop-up
+
+### 4. Create Local Pull Secret File
+- Create a file at `hacking/pull-secret.yml` in your awx-operator checkout
+- Paste the Kubernetes secret YAML content into this file
+- **Important**: Change the `name` field in the secret from the default to `redhat-operators-pull-secret`
+- The `hacking/` directory is in `.gitignore`, so this file won't be committed to git
+
+Example `hacking/pull-secret.yml`:
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: redhat-operators-pull-secret  # Change this name
+  namespace: awx
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: <base64-encoded-credentials>
+```
+
+## Build and Deploy
+
+
+If you clone the repo, and make sure you are logged in at the CLI with oc and your cluster, you can run:
+
+```
+export QUAY_USER=username
+export NAMESPACE=awx
+export TAG=test
+./up.sh
+```
+
+You can add those variables to your .bashrc file so that you can just run `./up.sh` in the future.
+
+> Note: the first time you run this, it will create quay.io repos on your fork. If you followed the Quay.io setup steps above and created the `hacking/pull-secret.yml` file, the script will automatically handle the pull secret. Otherwise, you will need to either make those repos public, or create a global pull secret on your cluster.
+
+To get the URL, if on **Openshift**, run:
+
+```
+$ oc get route
+```
+
+On **k8s with ingress**, run:
+
+```
+$ kubectl get ing
+```
+
+On **k8s with nodeport**, run:
+
+```
+$ kubectl get svc
+```
+
+The URL is then `http://<Node-IP>:<NodePort>`
+
+> Note: NodePort will only work if you expose that port on your underlying k8s node, or are accessing it from localhost.
+
+By default, the usename and password will be admin and password if using the `up.sh` script because it pre-creates a custom admin password k8s secret and specifies it on the AWX custom resource spec. Without that, a password would have been generated and stored in a k8s secret named <deployment-name>-admin-password.
+
+## Clean up
+
+
+Same thing for cleanup, just run ./down.sh and it will clean up your namespace on that cluster
+
+
+```
+./down.sh
+```
+
+## Running CI tests locally
+
+More tests coming soon...

docs/index.md

@@ -0,0 +1 @@
+../README.md

docs/installation/basic-install.md

@@ -0,0 +1,177 @@
+# Basic Install
+
+After cloning this repository, you must choose the tag to run:
+
+```sh
+git clone git@github.com:ansible/awx-operator.git
+cd awx-operator
+git tag
+git checkout tags/<tag>
+
+# For instance:
+git checkout tags/2.7.2
+```
+
+If you work from a fork and made modifications since the tag was issued, you must provide the VERSION number to deploy. Otherwise the operator will get stuck in "ImagePullBackOff" state:
+
+```sh
+export VERSION=<tag>
+
+# For instance:
+export VERSION=2.7.2
+```
+
+Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: <https://kubectl.docs.kubernetes.io/installation/kustomize/>)
+
+!!! tip
+    If you don't have a Kubernetes cluster, you can use [Minikube](https://minikube.sigs.k8s.io/docs/) for testing purposes. See the [Minikube install docs](./creating-a-minikube-cluster-for-testing.md) for more details.
+
+!!! note
+    Some things may need to be configured slightly differently for different Kubernetes flavors for the networking aspects. When installing on Kind, see the [kind install docs](./kind-install.md) for more details.
+
+There is a make target you can run:
+
+```sh
+make deploy
+```
+
+If you have a custom operator image you have built, you can specify it with:
+
+```sh
+IMG=quay.io/$YOURNAMESPACE/awx-operator:$YOURTAG make deploy
+```
+
+Otherwise, you can manually create a file called `kustomization.yaml` with the following content:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
+  - github.com/ansible/awx-operator/config/default?ref=<tag>
+
+# Set the image tags to match the git version from above
+images:
+  - name: quay.io/ansible/awx-operator
+    newTag: <tag>
+
+# Specify a custom namespace in which to install AWX
+namespace: awx
+```
+
+!!! tip
+    If you need to change any of the default settings for the operator (such as resources.limits), you can add [patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) at the bottom of your kustomization.yaml file.
+
+Install the manifests by running this:
+
+```sh
+$ kubectl apply -k .
+namespace/awx created
+customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
+customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
+customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
+serviceaccount/awx-operator-controller-manager created
+role.rbac.authorization.k8s.io/awx-operator-awx-manager-role created
+role.rbac.authorization.k8s.io/awx-operator-leader-election-role created
+clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created
+clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created
+rolebinding.rbac.authorization.k8s.io/awx-operator-awx-manager-rolebinding created
+rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created
+clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created
+configmap/awx-operator-awx-manager-config created
+service/awx-operator-controller-manager-metrics-service created
+deployment.apps/awx-operator-controller-manager created
+```
+
+Wait a bit and you should have the `awx-operator` running:
+
+```sh
+$ kubectl get pods -n awx
+NAME                                               READY   STATUS    RESTARTS   AGE
+awx-operator-controller-manager-66ccd8f997-rhd4z   2/2     Running   0          11s
+```
+
+So we don't have to keep repeating `-n awx`, let's set the current namespace for `kubectl`:
+
+```sh
+kubectl config set-context --current --namespace=awx
+```
+
+Next, create a file named `awx-demo.yml` in the same folder with the suggested content below. The `metadata.name` you provide will be the name of the resulting AWX deployment.
+
+!!! note
+    If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
+```
+
+!!! tip
+    It may make sense to create and specify your own secret key for your deployment so that if the k8s secret gets deleted, it can be re-created if needed.  If it is not provided, one will be auto-generated, but cannot be recovered if lost. Read more [here](../user-guide/admin-user-account-configuration.md#secret-key-configuration).
+
+If you are on Openshift, you can take advantage of Routes by specifying the following your spec. This will automatically create a Route for you with a custom hostname. This can be found on the Route section of the Openshift Console.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: clusterip
+  ingress_type: Route
+```
+
+Make sure to add this new file to the list of `resources` in your `kustomization.yaml` file:
+
+```yaml
+...
+resources:
+  - github.com/ansible/awx-operator/config/default?ref=<tag>
+  # Add this extra line:
+  - awx-demo.yml
+...
+```
+
+Finally, apply the changes to create the AWX instance in your cluster:
+
+```sh
+kubectl apply -k .
+```
+
+After a few seconds, you should see the operator begin to create new resources:
+
+```sh
+$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
+NAME                        READY   STATUS    RESTARTS   AGE
+awx-demo-77d96f88d5-pnhr8   4/4     Running   0          3m24s
+awx-demo-postgres-0         1/1     Running   0          3m34s
+
+$ kubectl get svc -l "app.kubernetes.io/managed-by=awx-operator"
+NAME                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
+awx-demo-postgres   ClusterIP   None           <none>        5432/TCP       4m4s
+awx-demo-service    NodePort    10.109.40.38   <none>        80:31006/TCP   3m56s
+```
+
+After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
+
+```sh
+kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
+```
+
+Once deployed, your AWX instance should now be reachable at `http://localhost:<assigned-nodeport>/` (in this case, `http://localhost:31006/`).
+
+By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run:
+
+```sh
+$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo
+yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR
+```
+
+You just completed the most basic install of an AWX instance via this operator. Congratulations!!!

docs/installation/creating-a-minikube-cluster-for-testing.md

@@ -0,0 +1,61 @@
+# Creating a minikube cluster for testing
+
+If you do not have an existing cluster, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster for testing purposes. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.
+
+```sh
+$ minikube start --cpus=4 --memory=6g --addons=ingress
+😄  minikube v1.23.2 on Fedora 34
+✨  Using the docker driver based on existing profile
+👍  Starting control plane node minikube in cluster minikube
+🚜  Pulling base image ...
+🏃  Updating the running docker "minikube" container ...
+🐳  Preparing Kubernetes v1.22.2 on Docker 20.10.8 ...
+🔎  Verifying Kubernetes components...
+    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
+    ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.3
+    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
+    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
+🔎  Verifying ingress addon...
+🌟  Enabled addons: storage-provisioner, default-storageclass, ingress
+🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
+```
+
+Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
+
+```sh
+$ minikube kubectl -- get nodes
+NAME       STATUS   ROLES                  AGE    VERSION
+minikube   Ready    control-plane,master   113s   v1.22.2
+
+$ minikube kubectl -- get pods -A
+NAMESPACE       NAME                                        READY   STATUS      RESTARTS   AGE
+ingress-nginx   ingress-nginx-admission-create--1-kk67h     0/1     Completed   0          2m1s
+ingress-nginx   ingress-nginx-admission-patch--1-7mp2r      0/1     Completed   1          2m1s
+ingress-nginx   ingress-nginx-controller-69bdbc4d57-bmwg8   1/1     Running     0          2m
+kube-system     coredns-78fcd69978-q7nmx                    1/1     Running     0          2m
+kube-system     etcd-minikube                               1/1     Running     0          2m12s
+kube-system     kube-apiserver-minikube                     1/1     Running     0          2m16s
+kube-system     kube-controller-manager-minikube            1/1     Running     0          2m12s
+kube-system     kube-proxy-5mmnw                            1/1     Running     0          2m1s
+kube-system     kube-scheduler-minikube                     1/1     Running     0          2m15s
+kube-system     storage-provisioner                         1/1     Running     0          2m11s
+```
+
+It is not required for `kubectl` to be separately installed since it comes already wrapped inside minikube. As demonstrated above, simply prefix `minikube kubectl --` before kubectl command, i.e. `kubectl get nodes` would become `minikube kubectl -- get nodes`
+
+Let's create an alias for easier usage:
+
+```sh
+alias kubectl="minikube kubectl --"
+```
+
+Now, you can proceed with the installation of the AWX Operator and AWX. Please refer to the [Basic Install](basic-install.md) for further instructions.
+
+!!! tip
+    Once your AWX has been deployed, the AWX instance will be accessible by running:
+
+    ```sh
+    minikube service -n awx awx-demo-service --url
+    ```
+
+For an example using the Nginx Ingress Controller in Minikube, don't miss our [demo video](https://asciinema.org/a/416946).

docs/installation/kind-install.md

@@ -0,0 +1,119 @@
+# AWX Operator on Kind
+
+## Kind Install
+
+Install Kind by running the following. Refer to the [official Kind documentation](https://kind.sigs.k8s.io/docs/user/quick-start/) for more information.
+
+```sh
+# For Intel Macs
+[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-darwin-amd64
+# For M1 / ARM Macs
+[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-darwin-arm64
+chmod +x ./kind
+mv ./kind /some-dir-in-your-PATH/kind
+```
+
+### Create the Kind cluster
+
+Create a file called `kind.config`
+
+```yaml
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+- role: control-plane
+  extraPortMappings:
+  - containerPort: 32000
+    hostPort: 32000
+    listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+    protocol: tcp # Optional, defaults to tcp
+- role: worker
+```
+
+Then create a cluster using that config
+
+```sh
+kind create cluster --config=kind.config
+```
+
+Set cluster context for kubectl
+
+```sh
+kubectl cluster-info --context kind-kind
+```
+
+Install NGINX Ingress Controller
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+```
+
+## AWX
+
+Set the namespace context
+
+```sh
+kubectl config set-context --current --namespace=awx
+```
+
+Checkout the tag you want to install from
+
+```sh
+git checkout 2.7.2
+```
+
+Create a file named `kustomization.yaml` in the root of your local awx-operator clone. Include the following:
+
+```sh
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
+  - github.com/ansible/awx-operator/config/default?ref=2.7.2
+
+# Set the image tags to match the git version from above
+images:
+  - name: quay.io/ansible/awx-operator
+    newTag: 2.7.2
+
+# Specify a custom namespace in which to install AWX
+namespace: awx
+```
+
+Run the following to apply the yaml
+
+```sh
+kubectl apply -k .
+```
+
+Create a file called `awx-cr.yaml` with the following contents and any configuration changes you may wish to add.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
+  nodeport_port: 32000
+```
+
+Create your AWX CR
+
+```sh
+kubectl create -f awx-cr.yaml
+```
+
+Your AWX instance should now be reachable at <http://localhost:32000/>
+
+!!! note
+    If you configured a custom `nodeport_port`, you can find it by running `kubectl -n awx get svc awx-demo-service`
+
+## Cleanup
+
+When you are done, you can delete all of this by running
+
+```sh
+kind delete cluster
+```

docs/migration/migration.md

@@ -19,7 +19,8 @@ stringData:
 type: Opaque
 ```
 
-**Note**: `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.
+!!! note
+    `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.
 
 ### Old Database Credentials
 
@@ -34,23 +35,21 @@ metadata:
   namespace: <target namespace>
 stringData:
   host: <external ip or url resolvable by the cluster>
-  port: <external port, this usually defaults to 5432>
+  port: "<external port, this usually defaults to 5432>"    # quotes are required
   database: <desired database name>
   username: <username to connect as>
   password: <password to connect with>
 type: Opaque
 ```
 
-> For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.cluster.local`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from.
+!!! note
+    For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.<cluster domain>`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from, and `<cluster domain>` is filled in with the internal kubernetes cluster domain (In most cases it's `cluster.local`).
 
-If your AWX deployment is already using an external database server or its database is otherwise not managed
-by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
-In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
-from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
-database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
+If your AWX deployment is already using an external database server or its database is otherwise not managed by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
+In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_` from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing database and apply any pending migrations.
+It is strongly recommended to backup your database beforehand.
 
-The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label,
-you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
+The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label, you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
 
 ## Deploy AWX
 
@@ -66,7 +65,16 @@ spec:
   secret_key_secret: <resourcename>-secret-key
   ...
 ```
+### Exclude postgreSQL tables during migration (optional)
+
+Use the `pg_dump_suffix` parameter under `AWX.spec` to customize the pg_dump command that will execute during migration. This variable will append your provided pg_dump parameters to the end of the 'standard' command. For example, to exclude the data from 'main_jobevent' and 'main_job' to decrease the size of the backup use:
+
+```
+pg_dump_suffix: "--exclude-table-data 'main_jobevent*' --exclude-table-data 'main_job'"
+```
+
 ## Important Note
+
 If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
 
 ```yaml
@@ -79,4 +87,5 @@ If you intend to put all the above in one file, make sure to separate each block
 ---
 # AWX Config
 ```
+
 Failing to do so will lead to an inoperable setup.

docs/requirements.in

@@ -0,0 +1,3 @@
+# This requirements file is used for AWX Operator latest doc builds.
+
+mkdocs-ansible

docs/requirements.txt

@@ -0,0 +1,193 @@
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    pip-compile --allow-unsafe --output-file=docs/requirements.txt --strip-extras docs/requirements.in
+#
+babel==2.14.0
+    # via mkdocs-material
+beautifulsoup4==4.12.3
+    # via
+    #   linkchecker
+    #   mkdocs-htmlproofer-plugin
+    #   readtime
+cairocffi==1.6.1
+    # via cairosvg
+cairosvg==2.7.0
+    # via mkdocs-ansible
+certifi==2024.2.2
+    # via requests
+cffi==1.16.0
+    # via cairocffi
+charset-normalizer==3.3.2
+    # via requests
+click==8.1.7
+    # via
+    #   mkdocs
+    #   mkdocstrings
+colorama==0.4.6
+    # via
+    #   griffe
+    #   mkdocs-material
+csscompressor==0.9.5
+    # via mkdocs-minify-plugin
+cssselect==1.2.0
+    # via pyquery
+cssselect2==0.7.0
+    # via cairosvg
+defusedxml==0.7.1
+    # via cairosvg
+dnspython==2.6.1
+    # via linkchecker
+ghp-import==2.1.0
+    # via mkdocs
+griffe==0.40.1
+    # via mkdocstrings-python
+htmlmin2==0.1.13
+    # via mkdocs-minify-plugin
+idna==3.6
+    # via requests
+jinja2==3.1.3
+    # via
+    #   mkdocs
+    #   mkdocs-macros-plugin
+    #   mkdocs-material
+    #   mkdocstrings
+jsmin==3.0.1
+    # via mkdocs-minify-plugin
+linkchecker==10.4.0
+    # via mkdocs-ansible
+lxml==5.1.0
+    # via
+    #   mkdocs-material
+    #   pyquery
+markdown==3.5.2
+    # via
+    #   markdown-include
+    #   mkdocs
+    #   mkdocs-autorefs
+    #   mkdocs-htmlproofer-plugin
+    #   mkdocs-material
+    #   mkdocstrings
+    #   pymdown-extensions
+markdown-exec==1.8.0
+    # via mkdocs-ansible
+markdown-include==0.8.1
+    # via mkdocs-ansible
+markdown2==2.4.12
+    # via readtime
+markupsafe==2.1.5
+    # via
+    #   jinja2
+    #   mkdocs
+    #   mkdocstrings
+mergedeep==1.3.4
+    # via mkdocs
+mkdocs==1.5.3
+    # via
+    #   mkdocs-ansible
+    #   mkdocs-autorefs
+    #   mkdocs-gen-files
+    #   mkdocs-htmlproofer-plugin
+    #   mkdocs-macros-plugin
+    #   mkdocs-material
+    #   mkdocs-minify-plugin
+    #   mkdocs-monorepo-plugin
+    #   mkdocstrings
+mkdocs-ansible==24.3.1
+    # via -r requirements.in
+mkdocs-autorefs==0.5.0
+    # via mkdocstrings
+mkdocs-gen-files==0.5.0
+    # via mkdocs-ansible
+mkdocs-htmlproofer-plugin==1.0.0
+    # via mkdocs-ansible
+mkdocs-macros-plugin==1.0.5
+    # via mkdocs-ansible
+mkdocs-material==9.2.6
+    # via mkdocs-ansible
+mkdocs-material-extensions==1.3.1
+    # via
+    #   mkdocs-ansible
+    #   mkdocs-material
+mkdocs-minify-plugin==0.8.0
+    # via mkdocs-ansible
+mkdocs-monorepo-plugin==1.1.0
+    # via mkdocs-ansible
+mkdocstrings==0.24.0
+    # via
+    #   mkdocs-ansible
+    #   mkdocstrings-python
+mkdocstrings-python==1.8.0
+    # via mkdocs-ansible
+packaging==23.2
+    # via mkdocs
+paginate==0.5.6
+    # via mkdocs-material
+pathspec==0.12.1
+    # via mkdocs
+pillow==10.0.1
+    # via
+    #   cairosvg
+    #   mkdocs-ansible
+pipdeptree==2.7.1
+    # via mkdocs-ansible
+platformdirs==4.2.0
+    # via
+    #   mkdocs
+    #   mkdocstrings
+pycparser==2.21
+    # via cffi
+pygments==2.17.2
+    # via mkdocs-material
+pymdown-extensions==10.0.1
+    # via
+    #   markdown-exec
+    #   mkdocs-ansible
+    #   mkdocs-material
+    #   mkdocstrings
+pyquery==2.0.0
+    # via readtime
+python-dateutil==2.8.2
+    # via
+    #   ghp-import
+    #   mkdocs-macros-plugin
+python-slugify==8.0.4
+    # via mkdocs-monorepo-plugin
+pyyaml==6.0.1
+    # via
+    #   mkdocs
+    #   mkdocs-macros-plugin
+    #   pymdown-extensions
+    #   pyyaml-env-tag
+pyyaml-env-tag==0.1
+    # via mkdocs
+readtime==3.0.0
+    # via mkdocs-material
+regex==2023.12.25
+    # via mkdocs-material
+requests==2.31.0
+    # via
+    #   linkchecker
+    #   mkdocs-htmlproofer-plugin
+    #   mkdocs-material
+six==1.16.0
+    # via python-dateutil
+soupsieve==2.5
+    # via beautifulsoup4
+termcolor==2.4.0
+    # via mkdocs-macros-plugin
+text-unidecode==1.3
+    # via python-slugify
+tinycss2==1.2.1
+    # via
+    #   cairosvg
+    #   cssselect2
+urllib3==2.2.1
+    # via requests
+watchdog==4.0.0
+    # via mkdocs
+webencodings==0.5.1
+    # via
+    #   cssselect2
+    #   tinycss2

docs/troubleshooting/debugging.md

@@ -0,0 +1,125 @@
+# Debugging the AWX Operator
+
+## General Debugging
+
+When the operator is deploying AWX, it is running the `installer` role inside the operator container. If the AWX CR's status is `Failed`, it is often useful to look at the awx-operator container logs, which shows the output of the installer role. To see these logs, run:
+
+```sh
+kubectl logs deployments/awx-operator-controller-manager -c awx-manager -f
+```
+
+### Inspect k8s Resources
+
+Past that, it is often useful to inspect various resources the AWX Operator manages like:
+
+* awx
+* awxbackup
+* awxrestore
+* pod
+* deployment
+* pvc
+* service
+* ingress
+* route
+* secrets
+* serviceaccount
+
+To inspect these resources you can use these commands
+
+```sh
+# Inspecting k8s resources
+kubectl describe -n <namespace> <resource> <resource-name>
+kubectl get -n <namespace> <resource> <resource-name> -o yaml
+kubectl logs -n <namespace> <resource> <resource-name>
+
+# Inspecting Pods
+kubectl exec -it -n <namespace> <pod> <pod-name>
+```
+
+### Configure No Log
+
+It is possible to show task output for debugging by setting no_log to false on the AWX CR spec.
+This will show output in the awx-operator logs for any failed tasks where no_log was set to true.
+
+For example:
+
+```sh
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
+  no_log: false                  # <------------
+
+```
+
+## Iterating on the installer without deploying the operator
+
+Go through the [normal basic install](../installation/basic-install.md) steps.
+
+Install some dependencies:
+
+```sh
+ansible-galaxy collection install -r molecule/requirements.yml
+pip install -r molecule/requirements.txt
+```
+
+To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator:
+
+```sh
+kubectl scale deployment awx-operator-controller-manager --replicas=0
+```
+
+Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature):
+
+```yaml
+# run.yml
+---
+- hosts: localhost
+  roles:
+    - installer
+```
+
+Create a vars file:
+
+```yaml
+# vars.yml
+---
+ansible_operator_meta:
+  name: awx
+  namespace: awx
+set_self_labels: false
+update_status: false
+service_type: nodeport
+```
+
+The vars file will replace the awx resource so any value that you wish to over ride using the awx resource, put in the vars file. For example, if you wish to use your own image, version and pull policy, you can specify it like below:
+
+```yaml
+# vars.yml
+---
+ansible_operator_meta:
+  name: awx
+  namespace: awx
+set_self_labels: false
+update_status: false
+service_type: nodeport
+image: $DEV_DOCKER_TAG_BASE/awx_kube_devel
+image_pull_policy: Always
+image_version: $COMPOSE_TAG
+```
+
+Run the installer:
+
+```sh
+ansible-playbook run.yml -e @vars.yml -v
+```
+
+Grab the URL and admin password:
+
+```sh
+$ kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode ; echo
+LU6lTfvnkjUvDwL240kXKy1sNhjakZmT
+```

docs/uninstall/uninstall.md

@@ -0,0 +1,13 @@
+# Uninstall
+
+To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do:
+
+```sh
+$ kubectl delete awx awx-demo
+awx.awx.ansible.com "awx-demo" deleted
+```
+
+Deleting an AWX instance will remove all related deployments and statefulsets, however, persistent volumes and secrets will remain. To enforce secrets also getting removed, you can use `garbage_collect_secrets: true`.
+
+!!! note
+    If you ever intend to recover an AWX from an existing database you will need a copy of the secrets in order to perform a successful recovery.

docs/upgrade/upgrading.md

@@ -0,0 +1,56 @@
+# Upgrading
+
+To upgrade AWX, it is recommended to upgrade the awx-operator to the version that maps to the desired version of AWX. To find the version of AWX that will be installed by the awx-operator by default, check the version specified in the `DEFAULT_AWX_VERSION` variable for that particular release. You can do so by running the following command
+
+```shell
+AWX_OPERATOR_VERSION=2.8.0
+docker run --entrypoint="" quay.io/ansible/awx-operator:$AWX_OPERATOR_VERSION bash -c "env | grep DEFAULT_AWX_VERSION"
+```
+
+Make sure you have a backup before upgrading, then upgrade operator by invoking `make deploy` on the desired tag or by applying the `kustomization.yaml` that contains desired version of the operator, and in turn also upgrade your AWX deployment.
+
+## Backup
+
+The first part of any upgrade should be a backup. Note, there are secrets in the pod which work in conjunction with the database. Having just a database backup without the required secrets will not be sufficient for recovering from an issue when upgrading to a new version. See the [backup role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/backup) for information on how to backup your database and secrets.
+
+In the event you need to recover the backup see the [restore role documentation](https://github.com/ansible/awx-operator/tree/devel/roles/restore). _Before Restoring from a backup_, be sure to:
+
+- delete the old existing AWX CR
+- delete the persistent volume claim (PVC) for the database from the old deployment, which has a name like `postgres-15-<deployment-name>-postgres-15-0`
+
+**Note**: Do not delete the namespace/project, as that will delete the backup and the backup's PVC as well.
+
+## PostgreSQL Upgrade Considerations
+
+If there is a PostgreSQL major version upgrade, after the data directory on the PVC is migrated to the new version, the old PVC is kept by default.
+This provides the ability to roll back if needed, but can take up extra storage space in your cluster unnecessarily. You can configure it to be deleted automatically after a successful upgrade by setting the following variable on the AWX spec.
+
+```yaml
+spec:
+  postgres_keep_pvc_after_upgrade: False
+```
+
+## Caveats for upgrading to v0.14.0
+
+### Cluster-scope to Namespace-scope considerations
+
+Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. This is called a namespace-scoped operator. If you are upgrading from an earlier version, you will want to delete your existing `awx-operator` service account, role and role binding.
+
+### Project is now based on v1.x of the operator-sdk project
+
+Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x. You may need to manually delete your old operator Deployment to avoid issues.
+
+### Steps to upgrade to v0.14.0
+
+Delete your old AWX Operator and existing `awx-operator` service account, role and role binding in `default` namespace first:
+
+```sh
+kubectl -n default delete deployment awx-operator
+kubectl -n default delete serviceaccount awx-operator
+kubectl -n default delete clusterrolebinding awx-operator
+kubectl -n default delete clusterrole awx-operator
+```
+
+Then install the new AWX Operator by following the instructions in [Basic Install](../installation/basic-install.md). The `NAMESPACE` environment variable have to be the name of the namespace in which your old AWX instance resides.
+
+Once the new AWX Operator is up and running, your AWX deployment will also be upgraded.