Add use_db_compression option for backup database dumps (#2106 )

* Add use_db_compression option for backup database dumps Enable optional pg_dump compression (-Z 9) via use_db_compression boolean flag. Restore auto-detects compressed (.db.gz) or uncompressed (.db) backups for backward compatibility. Authored By: Christian M. Adams <chadams@redhat.com> Assisted By: Claude * Add CRD field, CSV descriptor, and restore auto-detection for use_db_compression Authored By: Christian M. Adams <chadams@redhat.com> Assisted By: Claude
Fix unquoted timestamps in backup/restore event templates (#2110 )
2026-03-27 13:53:12 +00:00 · 2026-03-24 20:03:44 +00:00 · 2026-03-23 14:11:54 -04:00 · 2026-03-05 07:22:22 -05:00 · 2026-03-04 13:45:50 -05:00 · 2026-03-04 13:45:50 -05:00
276 changed files with 12637 additions and 3825 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "component:docs"
+      - "dependencies"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -4,21 +4,24 @@ name: CI

 on:
  pull_request:
-    branches: [devel]
-
  push:
-    branches: [devel]

 jobs:
  molecule:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    name: molecule
+    strategy:
+      matrix:
+        ansible_args:
+          - --skip-tags=replicas
+          - -t replicas
    env:
-      DOCKER_API_VERSION: "1.38"
+      DOCKER_API_VERSION: "1.44"
+      DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4

-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.8"

@@ -35,50 +38,32 @@ jobs:
          MOLECULE_VERBOSITY: 3
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
+          STORE_DEBUG_OUTPUT: true
        run: |
          sudo rm -f $(which kustomize)
          make kustomize
-          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
-  helm:
-    runs-on: ubuntu-18.04
-    name: helm
-    steps:
-      - uses: actions/checkout@v2
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind -- ${{ matrix.ansible_args }}
+
+      - name: Upload artifacts for failed tests if Run Molecule fails
+        if: failure()
+        uses: actions/upload-artifact@v4
        with:
-          fetch-depth: 0
+          name: awx_operator_molecule_test
+          path: ${{ env.DEBUG_OUTPUT_DIR }}
+  no-log:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4

-      - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.2.0
-
-      - name: Build operator image and load into kind
+      - name: Check no_log statements
        run: |
-          IMG=awx-operator-ci make docker-build
-          kind load docker-image --name chart-testing awx-operator-ci
-
-      - name: Patch pull policy for tests
-        run: |
-          kustomize edit add patch --path ../testing/pull_policy/Never.yaml
-        working-directory: config/default
-
-      - name: Build and lint helm chart
-        run: |
-          IMG=awx-operator-ci make helm-chart
-          helm lint ./charts/awx-operator
-
-      - name: Install kubeval
-        run: |
-          mkdir tmp && cd tmp
-          wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
-          tar xf kubeval-linux-amd64.tar.gz
-          sudo cp kubeval /usr/local/bin
-        working-directory: ./charts
-
-      - name: Run kubeval
-        run: |
-          helm template -n awx awx-operator > tmp/test.yaml
-          kubeval --strict --force-color --ignore-missing-schemas tmp/test.yaml
-        working-directory: ./charts
-
-      - name: Install helm chart
-        run: |
-          helm install --wait my-awx-operator --namespace awx --create-namespace ./charts/awx-operator
+          set +e
+          no_log=$(grep -nr ' no_log:' roles | grep -v '"{{ no_log }}"')
+          if [ -n "${no_log}" ]; then
+            echo 'Please update the following no_log statement(s) with the "{{ no_log }}" value'
+            echo "${no_log}"
+            exit 1
+          fi
+  nox-sessions:
+    uses: ./.github/workflows/reusable-nox.yml
--- a/.github/workflows/devel.yaml
+++ b/.github/workflows/devel.yaml
@@ -8,20 +8,41 @@ on:

 jobs:
  release:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    name: Push devel image
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4

-      - name: Build Image
+      - name: Fail if QUAY_REGISTRY not set
        run: |
-          IMG=awx-operator:devel make docker-build
+          if [[ -z "${{ vars.QUAY_REGISTRY }}" ]]; then
+            echo "QUAY_REGISTRY not set. Please set QUAY_REGISTRY in variable GitHub Actions variables."
+            exit 1
+          fi

-      - name: Push To Quay
-        uses: redhat-actions/push-to-registry@v2.1.1
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
        with:
-          image: awx-operator
-          tags: devel
-          registry: quay.io/ansible/
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ${{ vars.QUAY_REGISTRY }}
          username: ${{ secrets.QUAY_USER }}
          password: ${{ secrets.QUAY_TOKEN }}
+
+
+      - name: Build and Store Image @ghcr
+        run: |
+          IMG=ghcr.io/${{ github.repository }}:${{ github.sha }} make docker-buildx
+
+
+      - name: Publish Image to quay.io
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ github.sha }} \
+            --tag ${{ vars.QUAY_REGISTRY }}/awx-operator:devel
--- a/.github/workflows/feature.yml
+++ b/.github/workflows/feature.yml
@@ -0,0 +1,56 @@
+---
+
+name: Feature Branch Image Build and Push
+
+on:
+  push:
+    branches: [feature_*]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    name: Push devel image
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # needed so that git describe --tag works
+
+      - name: Set VERSION
+        run: |
+          echo "VERSION=$(git describe --tags)" >>${GITHUB_ENV}
+
+      - name: Set lower case owner name
+        run: |
+          echo "OWNER_LC=${OWNER,,}" >>${GITHUB_ENV}
+        env:
+          OWNER: '${{ github.repository_owner }}'
+
+      - name: Set IMAGE_TAG_BASE
+        run: |
+          echo "IMAGE_TAG_BASE=ghcr.io/${OWNER_LC}/awx-operator" >>${GITHUB_ENV}
+
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and Push awx-operator Image
+        run: |
+          make docker-build docker-push
+          docker tag ${IMAGE_TAG_BASE}:${VERSION} ${IMAGE_TAG_BASE}:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}:${GITHUB_REF##*/}
+
+      - name: Build bundle manifests
+        run: |
+          make bundle
+
+      - name: Build and Push awx-operator Bundle
+        run: |
+          make bundle-build bundle-push
+          docker tag ${IMAGE_TAG_BASE}-bundle:v${VERSION} ${IMAGE_TAG_BASE}-bundle:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}-bundle:${GITHUB_REF##*/}
+
+      - name: Build and Push awx-operator Catalog
+        run: |
+          make catalog-build catalog-push
+          docker tag ${IMAGE_TAG_BASE}-catalog:v${VERSION} ${IMAGE_TAG_BASE}-catalog:${GITHUB_REF##*/}
+          docker push ${IMAGE_TAG_BASE}-catalog:${GITHUB_REF##*/}
--- a/.github/workflows/label_issue.yml
+++ b/.github/workflows/label_issue.yml
@@ -0,0 +1,54 @@
+---
+name: Label Issues
+
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    name: Label
+
+    steps:
+      - name: Label Issue - Needs Triage
+        uses: github/issue-labeler@v3.4
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          not-before: 2021-12-07T07:00:00Z
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0
+        if: github.event_name == 'issues'
+
+  community:
+    runs-on: ubuntu-latest
+    name: Label Issue - Community
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+      - name: Install python requests
+        run: pip install requests
+      - name: Check if user is a member of Ansible org
+        uses: jannekem/run-python-script-action@v1
+        id: check_user
+        with:
+          script: |
+            import requests
+            headers = {'Accept': 'application/vnd.github+json', 'Authorization': 'token ${{ secrets.GITHUB_TOKEN }}'}
+            response = requests.get('${{ fromJson(toJson(github.event.issue.user.url)) }}/orgs?per_page=100', headers=headers)
+            is_member = False
+            for org in response.json():
+              if org['login'] == 'ansible':
+                is_member = True
+            if is_member:
+                print("User is member")
+            else:
+                print("User is community")
+      - name: Add community label if not a member
+        if: contains(steps.check_user.outputs.stdout, 'community')
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: "community"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/label_pr.yml
+++ b/.github/workflows/label_pr.yml
@@ -0,0 +1,49 @@
+name: Label PR
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  community:
+    runs-on: ubuntu-latest
+    name: Label PR - Community
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+
+      - name: Create a virtual environment
+        run: python3 -m venv venv
+
+      - name: Activate virtual environment and install dependencies
+        run: |
+          source venv/bin/activate
+          pip3 install requests
+
+      - name: Check if user is a member of Ansible org
+        uses: jannekem/run-python-script-action@v1
+        id: check_user
+        with:
+          script: |
+            import requests
+            headers = {'Accept': 'application/vnd.github+json', 'Authorization': 'token ${{ secrets.GITHUB_TOKEN }}'}
+            response = requests.get('${{ fromJson(toJson(github.event.pull_request.user.url)) }}/orgs?per_page=100', headers=headers)
+            is_member = False
+            for org in response.json():
+              if org['login'] == 'ansible':
+                is_member = True
+            if is_member:
+                print("User is member")
+            else:
+                print("User is community")
+
+      - name: Add community label if not a member
+        if: contains(steps.check_user.outputs.stdout, 'community')
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: "community"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/pr_body_check.yml
+++ b/.github/workflows/pr_body_check.yml
@@ -13,21 +13,13 @@ jobs:
      packages: write
      contents: read
    steps:
-      - name: Write PR body to a file
-        run: |
-          cat >> pr.body << __SOME_RANDOM_PR_EOF__
-          ${{ github.event.pull_request.body }}
-          __SOME_RANDOM_PR_EOF__
-
-      - name: Display the received body for troubleshooting
-        run: cat pr.body
-
-      # We want to write these out individually just incase the options were joined on a single line
      - name: Check for each of the lines
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
        run: |
-          grep "Bug, Docs Fix or other nominal change" pr.body > Z
-          grep "New or Enhanced Feature" pr.body > Y
-          grep "Breaking Change" pr.body > X
+          echo "$PR_BODY" | grep "Bug, Docs Fix or other nominal change" > Z
+          echo "$PR_BODY" | grep "New or Enhanced Feature" > Y
+          echo "$PR_BODY" | grep "Breaking Change" > X
          exit 0
        # We exit 0 and set the shell to prevent the returns from the greps from failing this step
        # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
--- a/.github/workflows/promote.yaml
+++ b/.github/workflows/promote.yaml
@@ -3,38 +3,70 @@ name: Promote AWX Operator image
 on:
  release:
    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: 'Name for the tag of the release.'
+        required: true
+      quay_registry:
+        description: 'Quay registry to push to.'
+        default: 'quay.io/ansible'
+
+env:
+  QUAY_REGISTRY: ${{ vars.QUAY_REGISTRY }}

 jobs:
  promote:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
-
-      - name: Log in to GHCR
+      - name: Set GitHub Env vars for workflow_dispatch event
+        if: ${{ github.event_name == 'workflow_dispatch' }}
        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
+          echo "QUAY_REGISTRY=${{ github.event.inputs.quay_registry }}" >> $GITHUB_ENV

-      - name: Log in to Quay
+      - name: Set GitHub Env vars if release event
+        if: ${{ github.event_name == 'release' }}
        run: |
-          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
+          echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV

-      - name: Re-tag and promote awx-operator image
+      - name: Fail if QUAY_REGISTRY not set
        run: |
-          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
-          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
-          docker push quay.io/${{ github.repository }}:latest
+          if [[ -z "${{ env.QUAY_REGISTRY }}" ]]; then
+            echo "QUAY_REGISTRY not set. Please set QUAY_REGISTRY in variable GitHub Actions variables."
+            exit 1
+          fi

-      - name: Configure git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+      - uses: actions/checkout@v4
+        with:
+          depth: 0

-      - name: Release Helm chart
+
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ${{ env.QUAY_REGISTRY }}
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+
+      - name: Pull Tagged Staged Image and Publish to quay.io
        run: |
-          ansible-playbook ansible/helm-release.yml -v \
-            -e operator_image=quay.io/${{ github.repository }} \
-            -e chart_owner=${{ github.repository_owner }} \
-            -e tag=${{ github.event.release.tag_name }} \
-            -e gh_token=${{ secrets.GITHUB_TOKEN }}
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
+            --tag ${{ env.QUAY_REGISTRY }}/awx-operator:${{ env.TAG_NAME }}
+
+
+      - name: Pull Staged Image and Publish to quay.io/${{ github.repository }}:latest
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${{ env.TAG_NAME }} \
+            --tag ${{ env.QUAY_REGISTRY }}/awx-operator:latest
--- a/.github/workflows/reusable-nox.yml
+++ b/.github/workflows/reusable-nox.yml
@@ -0,0 +1,26 @@
+---
+name: nox
+
+"on":
+    workflow_call:
+
+jobs:
+    nox:
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+            matrix:
+                include:
+                - session: build
+                  python-versions: "3.11"
+        name: "Run nox ${{ matrix.session }} session"
+        steps:
+        - name: Check out repo
+          uses: actions/checkout@v4
+        - name: Setup nox
+          uses: wntrblm/nox@2024.04.15
+          with:
+              python-versions: "${{ matrix.python-versions }}"
+        - name: "Run nox -s ${{ matrix.session }}"
+          run: |
+            nox -s "${{ matrix.session }}"
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -37,14 +37,8 @@ jobs:

          exit 0

-      - name: Checkout awx
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ github.repository_owner }}/awx
-          path: awx
-
      - name: Checkout awx-operator
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
          repository: ${{ github.repository_owner }}/awx-operator
          path: awx-operator
@@ -53,17 +47,20 @@ jobs:
        run: |
          python3 -m pip install docker

-      - name: Log in to GHCR
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567    # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Build and stage awx-operator
+      - name: Stage awx-operator
        working-directory: awx-operator
        run: |
          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }} \
-                      --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
-          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
-          VERSION=${{ github.event.inputs.version }} make docker-build docker-push
+              --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
+          IMG=ghcr.io/${{ github.repository }}:${{ github.event.inputs.version }} \
+          make docker-buildx

      - name: Run test deployment
        working-directory: awx-operator
@@ -76,10 +73,12 @@ jobs:
        env:
          AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}

-      - name: Create draft release
-        working-directory: awx
-        run: |
-          ansible-playbook tools/ansible/stage.yml \
-            -e version=${{ github.event.inputs.version }} \
-            -e repo=${{ github.repository_owner }}/awx-operator \
-            -e github_token=${{ secrets.GITHUB_TOKEN }}
+      - name: Create Draft Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          release_name: Release ${{ github.event.inputs.version }}
+          draft: true
--- a/.github/workflows/triage_new.yml
+++ b/.github/workflows/triage_new.yml
@@ -1,22 +0,0 @@
---
-name: Triage
-
-on:
-  issues:
-    types:
-      - opened
-
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    name: Label
-
-    steps:
-      - name: Label issues
-        uses: github/issue-labeler@v2.4.1
-        with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
-          not-before: 2021-12-07T07:00:00Z
-          configuration-path: .github/issue_labeler.yml
-          enable-versioned-regex: 0
-        if: github.event_name == 'issues'
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 *~
+gh-pages/
 .cache/
 /bin
 /bundle
@@ -7,3 +8,7 @@
 /charts
 /.cr-release-packages
 .vscode/
+__pycache__
+/site
+venv/*
+hacking/
--- a/.helm/starter/.helmignore
+++ b/.helm/starter/.helmignore
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
--- a/.helm/starter/Chart.yaml
+++ b/.helm/starter/Chart.yaml
@@ -1,7 +0,0 @@
---
-apiVersion: v2
-appVersion: 0.1.0
-description: A Helm chart for Kubernetes
-name: starter
-type: application
-version: 0.1.0
--- a/.helm/starter/README.md
+++ b/.helm/starter/README.md
@@ -1,56 +0,0 @@
-# AWX Operator Helm Chart
-
-This chart installs the AWX Operator resources configured in [this](https://github.com/ansible/awx-operator) repository. 
-
-## Getting Started
-To configure your AWX resource using this chart, create your own `yaml` values file. The name is up to personal preference since it will explicitly be passed into the helm chart. Helm will merge whatever values you specify in your file with the default `values.yaml`, overriding any settings you've changed while allowing you to fall back on defaults. Because of this functionality, `values.yaml` should not be edited directly.
-
-In your values config, enable `AWX.enable` and add `AWX.spec` values based on the awx operator's [documentation](https://github.com/ansible/awx-operator/blob/devel/README.md). Consult the docs below for additional functionality.
-
-### Installing
-The operator's [helm install](https://github.com/ansible/awx-operator/blob/devel/README.md#helm-install-on-existing-cluster) guide provides key installation instructions. 
-
-Example:
-```
-helm install my-awx-operator awx-operator/awx-operator -n awx --create-namespace -f myvalues.yaml
-```
-
-Argument breakdown:
-* `-f` passes in the file with your custom values
-* `-n` sets the namespace to be installed in
-  * This value is accessed by `{{ $.Release.Namespace }}` in the templates
-  * Acts as the default namespace for all unspecified resources
-* `--create-namespace` specifies that helm should create the namespace before installing
-
-To update an existing installation, use `helm upgrade` instead of `install`. The rest of the syntax remains the same.
-
-## Configuration
-The goal of adding helm configurations is to abstract out and simplify the creation of multi-resource configs. The `AWX.spec` field maps directly to the spec configs of the `AWX` resource that the operator provides, which are detailed in the [main README](https://github.com/ansible/awx-operator/blob/devel/README.md). Other sub-config can be added with the goal of simplifying more involved setups that require additional resources to be specified.
-
-These sub-headers aim to be a more intuitive entrypoint into customizing your deployment, and are easier to manage in the long-term. By design, the helm templates will defer to the manually defined specs to avoid configuration conflicts. For example, if `AWX.spec.postgres_configuration_secret` is being used, the `AWX.postgres` settings will not be applied, even if enabled. 
-
-### External Postgres
-The `AWX.postgres` section simplifies the creation of the external postgres secret. If enabled, the configs provided will automatically be placed in a `postgres-config` secret and linked to the `AWX` resource. For proper secret management, the `AWX.postgres.password` value, and any other sensitive values, can be passed in at the command line rather than specified in code. Use the `--set` argument with `helm install`. 
-
-
-## Values Summary
-
-### AWX
-| Value | Description | Default |
-|---|---|---|
-| `AWX.enabled` | Enable this AWX resource configuration | `false` |
-| `AWX.name` | The name of the AWX resource and default prefix for other resources | `"awx"` |
-| `AWX.spec` | specs to directly configure the AWX resource | `{}` |
-| `AWX.postgres` | configurations for the external postgres secret | - |
-
-
-# Contributing 
-
-## Adding abstracted sections
-Where possible, defer to `AWX.spec` configs before applying the abstracted configs to avoid collision. This can be facilitated by the `(hasKey .spec what_i_will_abstract)` check. 
-
-## Building and Testing
-This chart is built using the Makefile in the [awx-operator repo](https://github.com/ansible/awx-operator). Clone the repo and run `make helm-chart`. This will create the awx-operator chart in the `charts/awx-operator` directory. In this process, the contents of the `.helm/starter` directory will be added to the chart.
-
-## Future Goals
-All values under the `AWX` header are focused on configurations that use the operator. Configurations that relate to the Operator itself could be placed under an `Operator` heading, but that may add a layer of complication over current development.
--- a/.helm/starter/templates/_helpers.tpl
+++ b/.helm/starter/templates/_helpers.tpl
@@ -1,6 +0,0 @@
-{{/*
-Generate the name of the postgres secret, expects AWX context passed in
-*/}}
-{{- define "postgres.secretName" -}}
-{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }}
-{{- end }}
--- a/.helm/starter/templates/awx-deploy.yaml
+++ b/.helm/starter/templates/awx-deploy.yaml
@@ -1,24 +0,0 @@
-{{- if $.Values.AWX.enabled }}
-{{- with .Values.AWX }}
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: {{ .name }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-{{- /* Include raw map from the values file spec */}}
-{{ .spec | toYaml | indent 2 }}
-{{- /* Provide security context defaults */}}
-  {{- if not (hasKey .spec "security_context_settings") }}
-  security_context_settings:
-    runAsGroup: 0
-    runAsUser: 0
-    fsGroup: 0
-    fsGroupChangePolicy: OnRootMismatch
-  {{- end }}
-{{- /* Postgres configs if enabled and not already present */}}
-  {{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }}
-  postgres_configuration_secret: {{ include "postgres.secretName" $ }}
-  {{- end }}
-{{- end }}
-{{- end }}
--- a/.helm/starter/templates/postgres-config.yaml
+++ b/.helm/starter/templates/postgres-config.yaml
@@ -1,18 +0,0 @@
-{{- if and $.Values.AWX.enabled $.Values.AWX.postgres.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "postgres.secretName" . }}
-  namespace: {{ $.Release.Namespace }}
-{{- with $.Values.AWX.postgres }}
-stringData:
-  host: {{ .host }}
-  port: {{ .port | quote }}
-  database: {{ .dbName }}
-  username: {{ .username }}
-  password: {{ .password }}
-  sslmode: {{ .sslmode }}
-  type: {{ .type }}
-type: Opaque
-{{- end }}
-{{- end }}
--- a/.helm/starter/values.yaml
+++ b/.helm/starter/values.yaml
@@ -1,19 +0,0 @@
-AWX: 
-  # enable use of awx-deploy template
-  enabled: false
-  name: awx
-  spec:
-    admin_user: admin
-
-  # configurations for external postgres instance
-  postgres:
-    enabled: false
-    host: Unset
-    port: 5678
-    dbName: Unset
-    username: admin
-    # for secret management, pass in the password independently of this file
-    # at the command line, use --set AWX.postgres.password
-    password: Unset
-    sslmode: prefer
-    type: unmanaged
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -0,0 +1,17 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# RTD API version
+version: 2
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+mkdocs:
+  configuration: mkdocs.yml
+
+python:
+  install:
+  - requirements: ./docs/requirements.txt
--- a/.yamllint
+++ b/.yamllint
@@ -6,9 +6,14 @@ ignore: |
  kustomization.yaml
  awx-operator.clusterserviceversion.yaml
  bundle
-  .helm/starter
+  hacking/

 rules:
  truthy: disable
  line-length:
    max: 170
+  document-start: disable
+  comments-indentation: disable
+  indentation:
+    level: warning
+    indent-sequences: consistent
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,13 +6,16 @@ Have questions about this document or anything not covered here? Please file a n

 ## Table of contents

-* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
-* [Submmiting your Work](#submitting-your-work)
-* [Testing](#testing)
-    * [Testing in Docker](#testing-in-docker)
-    * [Testing in Minikube](#testing-in-minikube)
-* [Generating a bundle](#generating-a-bundle)
-* [Reporting Issues](#reporting-issues)
+- [AWX-Operator Contributing Guidelines](#awx-operator-contributing-guidelines)
+  - [Table of contents](#table-of-contents)
+  - [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
+  - [Submmiting your work](#submmiting-your-work)
+  - [Development](#development)
+  - [Testing](#testing)
+      - [Testing in Kind](#testing-in-kind)
+      - [Testing in Minikube](#testing-in-minikube)
+  - [Generating a bundle](#generating-a-bundle)
+  - [Reporting Issues](#reporting-issues)


 ## Things to know prior to submitting code
@@ -25,13 +28,13 @@ Have questions about this document or anything not covered here? Please file a n


 ## Submmiting your work
-1. From your fork `devel` branch, create a new brach to stage your changes.
+1. From your fork `devel` branch, create a new branch to stage your changes.
 ```sh
 #> git checkout -b <branch-name>
 ```
 2. Make your changes.
 3. Test your changes according described on the Testing section.
-4. If everylooks looks correct, commit your changes.
+4. If everything looks correct, commit your changes.
 ```sh
 #> git add <FILES>
 #> git commit -m "My message here"
@@ -40,30 +43,34 @@ Have questions about this document or anything not covered here? Please file a n

 **Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.

-
+## Development
+The development environment consists of running an [`up.sh`](./up.sh) and a [`down.sh`](./down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](docs/development.md) for information on how to deploy and test changes from your branch.

 ## Testing

-This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
+This Operator includes a [Molecule](https://ansible.readthedocs.io/projects/molecule/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).

 You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:

 ```sh
-#> pip install 'molecule[docker]'
+#> python -m pip install molecule-plugins[docker]
 ```

 Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).

 If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.

-#### Testing in Docker
+#### Testing in Kind
+
+Testing with a kind cluster is the recommended way to test the awx-operator locally. First, you need to install kind if you haven't already. Please see these docs for setting that up:
+* https://kind.sigs.k8s.io/docs/user/quick-start/
+
+To run the tests, from the root of your checkout, run the following command:

 ```sh
-#> molecule test -s test-local
+#> molecule test -s kind
 ```

-This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
-
 #### Testing in Minikube

 ```sh
@@ -137,4 +144,4 @@ Applying this template will do it. Once the CatalogSource is in a READY state, t

 ## Reporting Issues

-We welcome your feedback, and encourage you to file an issue when you run into a problem.
+We welcome your feedback, and encourage you to file an issue when you run into a problem.
--- a/13
+++ b/13
@@ -1,4 +1,10 @@
-FROM quay.io/operator-framework/ansible-operator:v1.12.0
+FROM quay.io/operator-framework/ansible-operator:v1.40.0
+
+USER root
+RUN dnf update --security --bugfix -y --disableplugin=subscription-manager && \
+    dnf install -y --disableplugin=subscription-manager openssl
+
+USER 1001

 ARG DEFAULT_AWX_VERSION
 ARG OPERATOR_VERSION
@@ -12,3 +18,8 @@ RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
 COPY watches.yaml ${HOME}/watches.yaml
 COPY roles/ ${HOME}/roles/
 COPY playbooks/ ${HOME}/playbooks/
+
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
+    "--watches-file=./watches.yaml", \
+    "--reconcile-period=0s" \
+    ]
--- a/223
+++ b/223
@@ -4,16 +4,10 @@
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 VERSION ?= $(shell git describe --tags)
+PREV_VERSION ?= $(shell git describe --abbrev=0 --tags $(shell git rev-list --tags --skip=1 --max-count=1))

 CONTAINER_CMD ?= docker

-# GNU vs BSD in-place sed
-ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
-	SED_I := sed -i
-else
-	SED_I := sed -i ''
-endif
-
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
 # To re-generate a bundle for other specific channels without changing the standard setup, you can:
@@ -44,18 +38,22 @@ IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
 BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)

+# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
+BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+
+# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
+# You can enable this value if you would like to use SHA Based Digests
+# To enable set flag to true
+USE_IMAGE_DIGESTS ?= false
+ifeq ($(USE_IMAGE_DIGESTS), true)
+       BUNDLE_GEN_FLAGS += --use-image-digests
+endif
+
 # Image URL to use all building/pushing image targets
 IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
 NAMESPACE ?= awx

-# Helm variables
-CHART_NAME ?= awx-operator
-CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
-CHART_OWNER ?= $(GH_REPO_OWNER)
-CHART_REPO ?= awx-operator
-CHART_BRANCH ?= gh-pages
-CHART_INDEX ?= index.yaml
-
+.PHONY: all
 all: docker-build

 ##@ General
@@ -71,38 +69,70 @@ all: docker-build
 # More info on the awk command:
 # http://linuxcommand.org/lc3_adv_awk.php

+.PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

+.PHONY: print-%
+print-%: ## Print any variable from the Makefile. Use as `make print-VARIABLE`
+	@echo $($*)
+
 ##@ Build

+.PHONY: run
 run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
 	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run

+.PHONY: docker-build
 docker-build: ## Build docker image with the manager.
 	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .

+.PHONY: docker-push
 docker-push: ## Push docker image with the manager.
 	${CONTAINER_CMD} push ${IMG}

+# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
+# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
+# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> than the export will fail)
+# To properly provided solutions that supports more than one platform you should use this option.
+PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+.PHONY: docker-buildx
+docker-buildx: ## Build and push docker image for the manager for cross-platform support
+	- docker buildx create --name project-v3-builder
+	docker buildx use project-v3-builder
+	- docker buildx build --push $(BUILD_ARGS) --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile .
+	- docker buildx rm project-v3-builder
+
+.PHONY: podman-buildx
+podman-buildx: ## Build and push podman image for the manager for cross-platform support
+	podman build --platform=$(PLATFORMS) $(BUILD_ARGS) --manifest ${IMG} -f Dockerfile .
+	podman manifest push --all ${IMG} ${IMG}
+
 ##@ Deployment

+.PHONY: install
 install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | kubectl apply -f -

+.PHONY: uninstall
 uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | kubectl delete -f -

+.PHONY: gen-resources
 gen-resources: kustomize ## Generate resources for controller and print to stdout
 	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	@$(KUSTOMIZE) build config/default

+.PHONY: deploy
 deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	@$(KUSTOMIZE) build config/default | kubectl apply -f -

+.PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	$(KUSTOMIZE) build config/default | kubectl delete -f -
@@ -119,7 +149,7 @@ ifeq (,$(shell which kustomize 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(KUSTOMIZE)) ;\
-	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCHA).tar.gz | \
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.0.1/kustomize_v5.0.1_$(OS)_$(ARCHA).tar.gz | \
 	tar xzf - -C bin/ ;\
 	}
 else
@@ -127,6 +157,22 @@ KUSTOMIZE = $(shell which kustomize)
 endif
 endif

+.PHONY: operator-sdk
+OPERATOR_SDK = $(shell pwd)/bin/operator-sdk
+operator-sdk: ## Download operator-sdk locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(OPERATOR_SDK)))
+ifeq (,$(shell which operator-sdk 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPERATOR_SDK)) ;\
+	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.40.0/operator-sdk_$(OS)_$(ARCHA) ;\
+	chmod +x $(OPERATOR_SDK) ;\
+	}
+else
+OPERATOR_SDK = $(shell which operator-sdk)
+endif
+endif
+
 .PHONY: ansible-operator
 ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
 ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
@@ -135,7 +181,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
-	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCHA) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.40.0/ansible-operator_$(OS)_$(ARCHA) ;\
 	chmod +x $(ANSIBLE_OPERATOR) ;\
 	}
 else
@@ -144,11 +190,11 @@ endif
 endif

 .PHONY: bundle
-bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
-	operator-sdk generate kustomize manifests -q
+bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
-	operator-sdk bundle validate ./bundle
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(OPERATOR_SDK) bundle validate ./bundle

 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
@@ -166,7 +212,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCHA)-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.55.0/$(OS)-$(ARCHA)-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else
@@ -197,136 +243,3 @@ catalog-build: opm ## Build a catalog image.
 .PHONY: catalog-push
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
-
-.PHONY: kubectl-slice
-KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice
-kubectl-slice: ## Download kubectl-slice locally if necessary.
-ifeq (,$(wildcard $(KUBECTL_SLICE)))
-ifeq (,$(shell which kubectl-slice 2>/dev/null))
-	@{ \
-	set -e ;\
-	mkdir -p $(dir $(KUBECTL_SLICE)) ;\
-	curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
-	tar xzf - -C bin/ kubectl-slice ;\
-	}
-else
-KUBECTL_SLICE = $(shell which kubectl-slice)
-endif
-endif
-
-.PHONY: helm
-HELM = $(shell pwd)/bin/helm
-helm: ## Download helm locally if necessary.
-ifeq (,$(wildcard $(HELM)))
-ifeq (,$(shell which helm 2>/dev/null))
-	@{ \
-	set -e ;\
-	mkdir -p $(dir $(HELM)) ;\
-	curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \
-	tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\
-	mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\
-	rmdir bin/$(OS)-$(ARCHA) ;\
-	}
-else
-HELM = $(shell which helm)
-endif
-endif
-
-.PHONY: yq
-YQ = $(shell pwd)/bin/yq
-yq: ## Download yq locally if necessary.
-ifeq (,$(wildcard $(YQ)))
-ifeq (,$(shell which yq 2>/dev/null))
-	@{ \
-	set -e ;\
-	mkdir -p $(dir $(HELM)) ;\
-	curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \
-	tar xzf - -C bin/ ;\
-	mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\
-	}
-else
-YQ = $(shell which yq)
-endif
-endif
-
-PHONY: cr
-CR = $(shell pwd)/bin/cr
-cr: ## Download cr locally if necessary.
-ifeq (,$(wildcard $(CR)))
-ifeq (,$(shell which cr 2>/dev/null))
-	@{ \
-	set -e ;\
-	mkdir -p $(dir $(CR)) ;\
-	curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \
-	tar xzf - -C bin/ cr ;\
-	}
-else
-CR = $(shell which cr)
-endif
-endif
-
-charts:
-	mkdir -p $@
-
-.PHONY: helm-chart
-helm-chart: helm-chart-generate helm-chart-slice
-
-.PHONY: helm-chart-generate
-helm-chart-generate: kustomize helm kubectl-slice yq charts
-	@echo "== KUSTOMIZE (image and namespace) =="
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-
-	@echo "== HELM =="
-	cd charts && \
-		$(HELM) create awx-operator --starter $(shell pwd)/.helm/starter ;\
-		$(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\
-		$(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\
-		$(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\
-
-	@cat charts/$(CHART_NAME)/Chart.yaml
-
-	@echo "== KUSTOMIZE (annotation) =="
-	cd config/manager && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION)
-	cd config/default && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION)
-
-	@echo "== SLICE =="
-	$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \
-		$(KUBECTL_SLICE) --input-file=- \
-			--output-dir=charts/$(CHART_NAME)/templates \
-			--sort-by-kind
-	@echo "AWX Operator installed with Helm Chart version $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt
-	mkdir charts/$(CHART_NAME)/crds
-	mv charts/$(CHART_NAME)/templates/customresourcedefinition* charts/$(CHART_NAME)/crds
-
-.PHONY: helm-chart-edit
-helm-chart-slice:
-	@echo "== EDIT =="
-	$(foreach file, $(wildcard charts/$(CHART_NAME)/templates/*),$(YQ) -i 'del(.. | select(has("namespace")).namespace)' $(file);)
-	$(foreach file, $(wildcard charts/$(CHART_NAME)/templates/*rolebinding*),$(YQ) -i '.subjects[0].namespace = "{{ .Release.Namespace }}"' $(file);)
-	rm -f charts/$(CHART_NAME)/templates/namespace*.yaml
-
-
-.PHONY: helm-package
-helm-package: cr helm-chart
-	@echo "== CHART RELEASER (package) =="
-	$(CR) package ./charts/awx-operator
-
-# The actual release happens in ansible/helm-release.yml
-# until https://github.com/helm/chart-releaser/issues/122 happens
-.PHONY: helm-index
-helm-index: cr helm-chart
-	@echo "== CHART RELEASER (httpsorigin) =="
-	git remote add httpsorigin "https://github.com/$(CHART_OWNER)/$(CHART_REPO).git"
-	git fetch httpsorigin
-
-	@echo "== CHART RELEASER (index) =="
-	$(CR) index \
-		--owner "$(CHART_OWNER)" \
-		--git-repo "$(CHART_REPO)" \
-		--token "$(CR_TOKEN)" \
-		--pages-branch "$(CHART_BRANCH)" \
-		--index-path "./charts/$(CHART_INDEX)" \
-		--charts-repo "https://$(CHART_OWNER).github.io/$(CHART_REPO)/$(CHART_INDEX)" \
-		--remote httpsorigin \
-		--release-name-template="{{ .Version }}" \
-		--push
--- a/25
+++ b/25
@@ -1,3 +1,7 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: ansible.com
 layout:
 - ansible.sdk.operatorframework.io/v1
@@ -13,4 +17,25 @@ resources:
  group: awx
  kind: AWX
  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXBackup
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXRestore
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXMeshIngress
+  version: v1alpha1
 version: "3"
--- a/README.md
+++ b/README.md
--- a/ansible/helm-release.yml
+++ b/ansible/helm-release.yml
@@ -1,47 +0,0 @@
---
- hosts: localhost
-  vars:
-    chart_repo: awx-operator
-  tasks:
-    - name: Look up release
-      uri:
-        url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}"
-      register: release
-      ignore_errors: yes
-
-    - fail:
-        msg: |
-          Release must exist before running this playbook
-      when: release is not success
-
-    - name: Build and package helm chart
-      command: |
-        make helm-chart helm-package
-      environment:
-        VERSION: "{{ tag }}"
-        IMAGE_TAG_BASE: "{{ operator_image }}"
-      args:
-        chdir: "{{ playbook_dir }}/../"
-
-    # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
-    - name: Upload helm chart
-      uri:
-        url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz"
-        src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
-        headers:
-          Authorization: "token {{ gh_token }}"
-          Content-Type: "application/octet-stream"
-        status_code:
-          - 200
-          - 201
-      register: asset_upload
-      changed_when: asset_upload.json.state == "uploaded"
-
-    - name: Publish helm index
-      command: |
-        make helm-index
-      environment:
-        CHART_OWNER: "{{ chart_owner }}"
-        CR_TOKEN: "{{ gh_token }}"
-      args:
-        chdir: "{{ playbook_dir }}/../"
--- a/ansible/instantiate-awx-deployment.yml
+++ b/ansible/instantiate-awx-deployment.yml
@@ -26,6 +26,7 @@
            image_version: "{{ image_version | default(omit) }}"
            development_mode: "{{ development_mode | default(omit) | bool }}"
            image_pull_policy: "{{ image_pull_policy | default(omit) }}"
+            nodeport_port: "{{ nodeport_port | default(omit) }}"
            # ee_images:
            #   - name: test-ee
            #     image: quay.io/<user>/awx-ee
--- a/awxmeshingress-demo.yml
+++ b/awxmeshingress-demo.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1alpha1
+kind: AWXMeshIngress
+metadata:
+  name: awx-mesh-ingress-demo
+spec:
+  deployment_name: awx-demo
--- a/config/crd/bases/awx.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml
@@ -0,0 +1,158 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXBackup CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            x-kubernetes-validations:
+            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
+              message: "Both postgres_image and postgres_image_version must be set when required"
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the deployment to be backed up
+                type: string
+              backup_pvc:
+                description: Name of the backup PVC
+                type: string
+              create_backup_pvc:
+                description: If true (default), automatically create the backup PVC if it does not exist
+                type: boolean
+                default: true
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_storage_requirements:
+                description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
+                type: string
+              backup_resource_requirements:
+                description: Resource requirements for the management pod used to create a backup
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              backup_storage_class:
+                description: Storage class to use when creating PVC for backup
+                type: string
+              clean_backup_on_delete:
+                description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
+                type: boolean
+              pg_dump_suffix:
+                description: Additional parameters for the pg_dump command
+                type: string
+              use_db_compression:
+                description: Enable compression for database dumps using pg_dump built-in compression.
+                type: boolean
+                default: true
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              precreate_partition_hours:
+                description: Number of hours worth of events table partitions to precreate before backup to avoid pg_dump locks.
+                type: integer
+                format: int32
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: boolean
+                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              backupDirectory:
+                description: Backup directory name on the specified pvc
+                type: string
+              backupClaim:
+                description: Backup persistent volume claim
+                type: string
--- a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
+++ b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
@@ -0,0 +1,464 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxmeshingresses.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXMeshIngress
+    listKind: AWXMeshIngressList
+    plural: awxmeshingresses
+    singular: awxmeshingress
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AWXMeshIngress is the Schema for the awxmeshingresses API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec defines the desired state of AWXMeshIngress
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the AWX deployment to create the Mesh Ingress for.
+                type: string
+              image_pull_secrets:
+                description: Image pull secrets for Mesh Ingress containers.
+                type: array
+                items:
+                  type: string
+              external_hostname:
+                description: External hostname to use for the Mesh Ingress.
+                type: string
+              external_ipaddress:
+                description: External IP address to use for the Mesh Ingress.
+                type: string
+              ingress_type:
+                description: The ingress type to use to reach the deployed instance
+                type: string
+                enum:
+                - none
+                - Ingress
+                - ingress
+                - IngressRouteTCP
+                - ingressroutetcp
+                - Route
+                - route
+              ingress_api_version:
+                description: The Ingress API version to use
+                type: string
+              ingress_annotations:
+                description: Annotations to add to the Ingress Controller
+                type: string
+              route_annotations:
+                description: Annotations to add to the OpenShift Route
+                type: string
+              ingress_class_name:
+                description: The name of ingress class to use instead of the cluster default.
+                type: string
+              ingress_controller:
+                description: Special configuration for specific Ingress Controllers
+                type: string
+              node_selector:
+                description: Assign the Mesh Ingress Pod to the specified node.
+                type: string
+              tolerations:
+                description: Scheduling tolerations for the Mesh Ingress instance.
+                type: string
+              topology_spread_constraints:
+                description: Topology spread constraints for the Mesh Ingress instance.
+                type: string
+              affinity:
+                description: Scheduling constraints to apply to the Pod definition
+                properties:
+                  nodeAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            preference:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - preference
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        properties:
+                          nodeSelectorTerms:
+                            items:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchFields:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            type: array
+                        required:
+                        - nodeSelectorTerms
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
+                  podAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            podAffinityTerm:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - podAffinityTerm
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaceSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaces:
+                              items:
+                                type: string
+                              type: array
+                            topologyKey:
+                              type: string
+                          required:
+                          - topologyKey
+                          type: object
+                        type: array
+                    type: object
+                  podAntiAffinity:
+                    properties:
+                      preferredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            podAffinityTerm:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            weight:
+                              format: int32
+                              type: integer
+                          required:
+                          - podAffinityTerm
+                          - weight
+                          type: object
+                        type: array
+                      requiredDuringSchedulingIgnoredDuringExecution:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaceSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            namespaces:
+                              items:
+                                type: string
+                              type: array
+                            topologyKey:
+                              type: string
+                          required:
+                          - topologyKey
+                          type: object
+                        type: array
+                    type: object
+                type: object
+          status:
+            description: Status defines the observed state of AWXMeshIngress
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
--- a/config/crd/bases/awx.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml
@@ -0,0 +1,156 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxrestores.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXRestore
+    listKind: AWXRestoreList
+    plural: awxrestores
+    singular: awxrestore
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXRestore CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            x-kubernetes-validations:
+            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
+              message: "Both postgres_image and postgres_image_version must be set when required"
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              backup_source:
+                description: Backup source
+                type: string
+                enum:
+                - Backup CR
+                - PVC
+              deployment_name:
+                description: Name of the restored deployment. This should be different from the original deployment name
+                  if the original deployment still exists.
+                type: string
+              cluster_name:
+                description: Cluster name
+                type: string
+              backup_name:
+                description: AWXBackup object name
+                type: string
+              backup_pvc:
+                description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
+                type: string
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_dir:
+                description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
+                type: string
+              restore_resource_requirements:
+                description: Resource requirements for the management pod that restores AWX from a backup
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              spec_overrides:
+                description: Overrides for the AWX spec
+                # type: string
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              db_management_pod_node_selector:
+                description: nodeSelector for the Postgres pods to backup
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: boolean
+                default: true
+              additional_labels:
+                description: Additional labels defined on the resource, which should be propagated to child resources
+                type: array
+                items:
+                  type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+              force_drop_db:
+                description: Force drop the database before restoring. USE WITH CAUTION!
+                type: boolean
+                default: false
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              restoreComplete:
+                description: Restore process complete
+                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
--- a/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awxbackup.ansible.com_awxbackups.yaml
@@ -1,87 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxbackups.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXBackup
-    listKind: AWXBackupList
-    plural: awxbackups
-    singular: awxbackup
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXBackup CRD
-          properties:
-            spec:
-              type: object
-              required:
-                - deployment_name
-              properties:
-                deployment_name:
-                  description: Name of the deployment to be backed up
-                  type: string
-                backup_pvc:
-                  description: Name of the backup PVC
-                  type: string
-                backup_pvc_namespace:
-                  description: (Deprecated) Namespace the PVC is in
-                  type: string
-                backup_storage_requirements:
-                  description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
-                  type: string
-                backup_storage_class:
-                  description: Storage class to use when creating PVC for backup
-                  type: string
-                clean_backup_on_delete:
-                  description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
-                  type: boolean
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                no_log:
-                  description: Configure no_log for no_log tasks
-                  type: string
-                set_self_labels:
-                  description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
-                  type: boolean
-                  default: true
-            status:
-              type: object
-              properties:
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      lastTransitionTime:
-                        type: string
-                      reason:
-                        type: string
-                      status:
-                        type: string
-                      type:
-                        type: string
-                    type: object
-                  type: array
-                backupDirectory:
-                  description: Backup directory name on the specified pvc
-                  type: string
-                backupClaim:
-                  description: Backup persistent volume claim
-                  type: string
--- a/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awxrestore.ansible.com_awxrestores.yaml
@@ -1,86 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxrestores.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWXRestore
-    listKind: AWXRestoreList
-    plural: awxrestores
-    singular: awxrestore
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-          description: Schema validation for the AWXRestore CRD
-          properties:
-            spec:
-              type: object
-              properties:
-                backup_source:
-                  description: Backup source
-                  type: string
-                  enum:
-                    - CR
-                    - PVC
-                deployment_name:
-                  description: Name of the restored deployment. This should be different from the original deployment name
-                    if the original deployment still exists.
-                  type: string
-                backup_name:
-                  description: AWXBackup object name
-                  type: string
-                backup_pvc:
-                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
-                  type: string
-                backup_pvc_namespace:
-                  description: (Deprecated) Namespace the PVC is in
-                  type: string
-                backup_dir:
-                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
-                  type: string
-                postgres_label_selector:
-                  description: Label selector used to identify postgres pod for backing up data
-                  type: string
-                postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                no_log:
-                  description: Configure no_log for no_log tasks
-                  type: string
-                set_self_labels:
-                  description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
-                  type: boolean
-                  default: true
-            status:
-              type: object
-              properties:
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      lastTransitionTime:
-                        type: string
-                      reason:
-                        type: string
-                      status:
-                        type: string
-                      type:
-                        type: string
-                    type: object
-                  type: array
-                restoreComplete:
-                  description: Restore process complete
-                  type: boolean
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -1,9 +1,9 @@
---
 # This kustomization.yaml is not intended to be run by itself,
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 resources:
-  - bases/awx.ansible.com_awxs.yaml
-  - bases/awxbackup.ansible.com_awxbackups.yaml
-  - bases/awxrestore.ansible.com_awxrestores.yaml
-# +kubebuilder:scaffold:crdkustomizeresource
+- bases/awx.ansible.com_awxs.yaml
+- bases/awx.ansible.com_awxbackups.yaml
+- bases/awx.ansible.com_awxrestores.yaml
+- bases/awx.ansible.com_awxmeshingresses.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -1,24 +1,30 @@
 # Adds namespace to all resources.
 namespace: awx
+
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
 namePrefix: awx-operator-
+
 # Labels to add to all resources and selectors.
-# commonLabels:
-#   someName: someValue
-  # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-  # - ../prometheus
-  # Protect the /metrics endpoint by putting it behind auth.
-  # If you want your controller-manager to expose the /metrics
-  # endpoint w/o any authn/z, please comment the following line.
-patchesStrategicMerge:
- manager_auth_proxy_patch.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
 resources:
 - ../crd
 - ../rbac
 - ../manager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+- metrics_service.yaml
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: manager_metrics_patch.yaml
+  target:
+    kind: Deployment
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -1,29 +0,0 @@
---
-# This patch inject a sidecar container which is a HTTP proxy for the
-# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: controller-manager
-  namespace: system
-spec:
-  template:
-    spec:
-      containers:
-        - name: kube-rbac-proxy
-          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
-          args:
-            - "--secure-listen-address=0.0.0.0:8443"
-            - "--upstream=http://127.0.0.1:8080/"
-            - "--logtostderr=true"
-            - "--v=10"
-          ports:
-            - containerPort: 8443
-              protocol: TCP
-              name: https
-        - name: awx-manager
-          args:
-            - "--health-probe-bind-address=:6789"
-            - "--metrics-bind-address=127.0.0.1:8080"
-            - "--leader-elect"
-            - "--leader-election-id=awx-operator"
--- a/config/default/manager_config_patch.yaml
+++ b/config/default/manager_config_patch.yaml
@@ -1,4 +1,3 @@
---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -8,14 +7,14 @@ spec:
  template:
    spec:
      containers:
-        - name: awx-manager
-          args:
-            - "--config=controller_manager_config.yaml"
-          volumeMounts:
-            - name: awx-manager-config
-              mountPath: /controller_manager_config.yaml
-              subPath: controller_manager_config.yaml
-      volumes:
+      - name: awx-manager
+        args:
+        - "--config=controller_manager_config.yaml"
+        volumeMounts:
        - name: awx-manager-config
-          configMap:
-            name: awx-manager-config
+          mountPath: /controller_manager_config.yaml
+          subPath: controller_manager_config.yaml
+      volumes:
+      - name: awx-manager-config
+        configMap:
+          name: awx-manager-config
--- a/config/default/manager_metrics_patch.yaml
+++ b/config/default/manager_metrics_patch.yaml
@@ -0,0 +1,12 @@
+# This patch adds the args to allow exposing the metrics endpoint using HTTPS
+- op: add
+  path: /spec/template/spec/containers/0/args/0
+  value: --metrics-bind-address=:8443
+# This patch adds the args to allow securing the metrics endpoint
+- op: add
+  path: /spec/template/spec/containers/0/args/0
+  value: --metrics-secure
+# This patch adds the args to allow RBAC-based authn/authz for the metrics endpoint
+- op: add
+  path: /spec/template/spec/containers/0/args/0
+  value: --metrics-require-rbac
--- a/config/default/metrics_service.yaml
+++ b/config/default/metrics_service.yaml
@@ -1,16 +1,18 @@
---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    control-plane: controller-manager
+    app.kubernetes.io/name: awx-operator
+    app.kubernetes.io/managed-by: kustomize
  name: controller-manager-metrics-service
  namespace: system
 spec:
  ports:
-    - name: https
-      port: 8443
-      protocol: TCP
-      targetPort: https
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
  selector:
    control-plane: controller-manager
+    app.kubernetes.io/name: awx-operator
--- a/config/manager/controller_manager_config.yaml
+++ b/config/manager/controller_manager_config.yaml
@@ -1,10 +1,20 @@
---
-apiVersion: controller-runtime.sigs.k8s.io/v1beta1
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
 kind: ControllerManagerConfig
 health:
  healthProbeBindAddress: :6789
 metrics:
  bindAddress: 127.0.0.1:8080
+
 leaderElection:
  leaderElect: true
  resourceName: 811c9dc5.ansible.com
+# leaderElectionReleaseOnCancel defines if the leader should step down volume
+# when the Manager ends. This requires the binary to immediately end when the
+# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+# speeds up voluntary leader transitions as the new leader don't have to wait
+# LeaseDuration time first.
+# In the default scaffold provided, the program ends immediately after
+# the manager stops, so would be fine to enable this option. However,
+# if you are doing or is intended to do any operation such as perform cleanups
+# after the manager stops then its usage might be unsafe.
+# leaderElectionReleaseOnCancel: true
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -1,11 +1,14 @@
 resources:
 - manager.yaml
+
 generatorOptions:
  disableNameSuffixHash: true
+
 configMapGenerator:
 - files:
  - controller_manager_config.yaml
  name: awx-manager-config
+
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -20,48 +20,63 @@ spec:
  replicas: 1
  template:
    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: awx-manager
      labels:
        control-plane: controller-manager
    spec:
      securityContext:
        runAsNonRoot: true
+        # For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
      containers:
-        - args:
-            - --leader-elect
-            - --leader-election-id=awx-operator
-          image: controller:latest
-          name: awx-manager
-          env:
-            - name: ANSIBLE_GATHERING
-              value: explicit
-            - name: ANSIBLE_DEBUG_LOGS
-              value: 'false'
-            - name: WATCH_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          securityContext:
-            allowPrivilegeEscalation: false
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: 6789
-            initialDelaySeconds: 5
-            periodSeconds: 10
-          resources:
-            requests:
-              memory: "32Mi"
-              cpu: "50m"
-            limits:
-              memory: "4096Mi"
-              cpu: "2000m"
+      - args:
+        - --leader-elect
+        - --leader-election-id=awx-operator
+        - --health-probe-bind-address=:6789
+        image: controller:latest
+        imagePullPolicy: IfNotPresent
+        name: awx-manager
+        env:
+        - name: ANSIBLE_GATHERING
+          value: explicit
+        - name: ANSIBLE_DEBUG_LOGS
+          value: 'false'
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 6789
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 6789
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "50m"
+          limits:
+            memory: "4000Mi"
+            cpu: "2000m"
      serviceAccountName: controller-manager
      imagePullSecrets:
-        - name: redhat-operators-pull-secret
+      - name: redhat-operators-pull-secret
      terminationGracePeriodSeconds: 10
--- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
--- a/config/manifests/kustomization.yaml
+++ b/config/manifests/kustomization.yaml
@@ -1,8 +1,7 @@
---
 # These resources constitute the fully configured set of manifests
 # used to generate the 'manifests/' directory in a bundle.
 resources:
-  - bases/awx-operator.clusterserviceversion.yaml
-  - ../default
-  - ../samples
-  - ../scorecard
+- bases/awx-operator.clusterserviceversion.yaml
+- ../default
+- ../samples
+- ../scorecard
--- a/config/prometheus/kustomization.yaml
+++ b/config/prometheus/kustomization.yaml
@@ -1,3 +1,2 @@
---
 resources:
-  - monitor.yaml
+- monitor.yaml
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@@ -1,4 +1,3 @@
---
 # Prometheus Monitor Service (Metrics)
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
--- a/config/rbac/auth_proxy_role.yaml
+++ b/config/rbac/auth_proxy_role.yaml
@@ -1,18 +0,0 @@
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: proxy-role
-rules:
-  - apiGroups:
-      - authentication.k8s.io
-    resources:
-      - tokenreviews
-    verbs:
-      - create
-  - apiGroups:
-      - authorization.k8s.io
-    resources:
-      - subjectaccessreviews
-    verbs:
-      - create
--- a/config/rbac/awx_editor_role.yaml
+++ b/config/rbac/awx_editor_role.yaml
@@ -1,25 +1,24 @@
---
 # permissions for end users to edit awxs.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: awx-editor-role
 rules:
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs
-    verbs:
-      - create
-      - delete
-      - get
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs/status
-    verbs:
-      - get
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get
--- a/config/rbac/awx_viewer_role.yaml
+++ b/config/rbac/awx_viewer_role.yaml
@@ -1,21 +1,20 @@
---
 # permissions for end users to view awxs.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: awx-viewer-role
 rules:
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - awxs/status
-    verbs:
-      - get
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get
--- a/config/rbac/awxbackup_editor_role.yaml
+++ b/config/rbac/awxbackup_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get
--- a/config/rbac/awxbackup_viewer_role.yaml
+++ b/config/rbac/awxbackup_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get
--- a/config/rbac/awxmeshingress_editor_role.yaml
+++ b/config/rbac/awxmeshingress_editor_role.yaml
@@ -0,0 +1,31 @@
+# permissions for end users to edit awxmeshingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: awxmeshingress-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: awx-operator
+    app.kubernetes.io/part-of: awx-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: awxmeshingress-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses/status
+  verbs:
+  - get
--- a/config/rbac/awxmeshingress_viewer_role.yaml
+++ b/config/rbac/awxmeshingress_viewer_role.yaml
@@ -0,0 +1,27 @@
+# permissions for end users to view awxmeshingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: awxmeshingress-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: awx-operator
+    app.kubernetes.io/part-of: awx-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: awxmeshingress-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxmeshingresses/status
+  verbs:
+  - get
--- a/config/rbac/awxrestore_editor_role.yaml
+++ b/config/rbac/awxrestore_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get
--- a/config/rbac/awxrestore_viewer_role.yaml
+++ b/config/rbac/awxrestore_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -1,19 +1,14 @@
---
 resources:
-  # All RBAC will be applied under this service account in
-  # the deployment namespace. You may comment out this resource
-  # if your manager will use a service account that exists at
-  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
-  # subjects if changing service account names.
-  - service_account.yaml
-  - role.yaml
-  - role_binding.yaml
-  - leader_election_role.yaml
-  - leader_election_role_binding.yaml
-  # Comment the following 4 lines if you want to disable
-  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-  # which protects your /metrics endpoint.
-  - auth_proxy_service.yaml
-  - auth_proxy_role.yaml
-  - auth_proxy_role_binding.yaml
-  - auth_proxy_client_clusterrole.yaml
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+- metrics_auth_role.yaml
+- metrics_auth_role_binding.yaml
+- metrics_reader_role.yaml
--- a/config/rbac/leader_election_role.yaml
+++ b/config/rbac/leader_election_role.yaml
@@ -1,38 +1,37 @@
---
 # permissions to do leader election.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: leader-election-role
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - patch
-      - delete
-  - apiGroups:
-      - coordination.k8s.io
-    resources:
-      - leases
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - patch
-      - delete
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
--- a/config/rbac/leader_election_role_binding.yaml
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -1,4 +1,3 @@
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -8,6 +7,6 @@ roleRef:
  kind: Role
  name: leader-election-role
 subjects:
-  - kind: ServiceAccount
-    name: controller-manager
-    namespace: system
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
--- a/config/rbac/metrics_auth_role.yaml
+++ b/config/rbac/metrics_auth_role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
--- a/config/rbac/metrics_auth_role_binding.yaml
+++ b/config/rbac/metrics_auth_role_binding.yaml
@@ -1,13 +1,12 @@
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: proxy-rolebinding
+  name: metrics-auth-rolebinding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: proxy-role
+  name: metrics-auth-role
 subjects:
-  - kind: ServiceAccount
-    name: controller-manager
-    namespace: system
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
--- a/config/rbac/auth_proxy_client_clusterrole.yaml
+++ b/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -1,10 +1,9 @@
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: metrics-reader
 rules:
-  - nonResourceURLs:
-      - "/metrics"
-    verbs:
-      - get
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -20,7 +20,6 @@ rules:
      - watch
  - apiGroups:
      - ""
-      - "rbac.authorization.k8s.io"
    resources:
      - pods
      - services
@@ -31,6 +30,17 @@ rules:
      - events
      - configmaps
      - secrets
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - "rbac.authorization.k8s.io"
+    resources:
      - roles
      - rolebindings
    verbs:
@@ -43,12 +53,22 @@ rules:
      - watch
  - apiGroups:
      - apps
-      - networking.k8s.io
    resources:
      - deployments
      - daemonsets
      - replicasets
      - statefulsets
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
      - ingresses
    verbs:
      - get
@@ -58,6 +78,18 @@ rules:
      - patch
      - update
      - watch
+  - apiGroups:
+      - batch
+    resources:
+      - cronjobs
+      - jobs
+    verbs:
+      - get
+      - list
+      - create
+      - patch
+      - update
+      - watch
  - apiGroups:
      - monitoring.coreos.com
    resources:
@@ -104,3 +136,16 @@ rules:
      - awxrestores
    verbs:
      - '*'
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutetcps
+    verbs:
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
--- a/config/rbac/service_account.yaml
+++ b/config/rbac/service_account.yaml
@@ -1,4 +1,3 @@
---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
--- a/config/samples/awx_v1alpha1_awxmeshingress.yaml
+++ b/config/samples/awx_v1alpha1_awxmeshingress.yaml
@@ -0,0 +1,8 @@
+# Placeholder to pass CI and allow bundle generation
+---
+apiVersion: awx.ansible.com/v1alpha1
+kind: AWXMeshIngress
+metadata:
+  name: example-awx-mesh-ingress
+spec:
+  deployment_name: example-awx
--- a/config/samples/awx_v1beta1_awx_resource_limits.yaml
+++ b/config/samples/awx_v1beta1_awx_resource_limits.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-with-limits
+spec:
+  task_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 2000m
+      memory: 4Gi
+  web_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  ee_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  redis_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 64Mi
+    limits:
+      cpu: 1000m
+      memory: 4Gi
+  rsyslog_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+  init_container_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 1000m
+      memory: 2Gi
--- a/config/samples/awx_v1beta1_awxbackup.yaml
+++ b/config/samples/awx_v1beta1_awxbackup.yaml
@@ -0,0 +1,13 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXBackup
+metadata:
+  name: example-awx-backup
+spec:
+  deployment_name: example-awx
+  backup_resource_requirements:
+    limits:
+      cpu: "1000m"
+      memory: "4096Mi"
+    requests:
+      cpu: "25m"
+      memory: "32Mi"
--- a/config/samples/awx_v1beta1_awxrestore.yaml
+++ b/config/samples/awx_v1beta1_awxrestore.yaml
@@ -0,0 +1,14 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXRestore
+metadata:
+  name: awxrestore-sample
+spec:
+  deployment_name: example-awx-2
+  backup_name: example-awx-backup
+  restore_resource_requirements:
+    limits:
+      cpu: "1000m"
+      memory: "4096Mi"
+    requests:
+      cpu: "25m"
+      memory: "32Mi"
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -1,5 +1,7 @@
---
 ## Append samples you want in your CSV to this file as resources ##
 resources:
-  - awx_v1beta1_awx.yaml
-# +kubebuilder:scaffold:manifestskustomizesamples
+- awx_v1beta1_awx.yaml
+- awx_v1beta1_awxbackup.yaml
+- awx_v1beta1_awxrestore.yaml
+- awx_v1alpha1_awxmeshingress.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples
--- a/config/scorecard/bases/config.yaml
+++ b/config/scorecard/bases/config.yaml
@@ -1,8 +1,7 @@
---
 apiVersion: scorecard.operatorframework.io/v1alpha3
 kind: Configuration
 metadata:
  name: config
 stages:
-  - parallel: true
-    tests: []
+- parallel: true
+  tests: []
--- a/config/scorecard/kustomization.yaml
+++ b/config/scorecard/kustomization.yaml
@@ -1,17 +1,16 @@
---
 resources:
-  - bases/config.yaml
+- bases/config.yaml
 patchesJson6902:
-  - path: patches/basic.config.yaml
-    target:
-      group: scorecard.operatorframework.io
-      version: v1alpha3
-      kind: Configuration
-      name: config
-  - path: patches/olm.config.yaml
-    target:
-      group: scorecard.operatorframework.io
-      version: v1alpha3
-      kind: Configuration
-      name: config
-# +kubebuilder:scaffold:patchesJson6902
+- path: patches/basic.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+- path: patches/olm.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+#+kubebuilder:scaffold:patchesJson6902
--- a/config/scorecard/patches/basic.config.yaml
+++ b/config/scorecard/patches/basic.config.yaml
@@ -1,11 +1,10 @@
---
 - op: add
  path: /stages/0/tests/-
  value:
    entrypoint:
-      - scorecard-test
-      - basic-check-spec
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
    labels:
      suite: basic
      test: basic-check-spec-test
--- a/config/scorecard/patches/olm.config.yaml
+++ b/config/scorecard/patches/olm.config.yaml
@@ -1,11 +1,10 @@
---
 - op: add
  path: /stages/0/tests/-
  value:
    entrypoint:
-      - scorecard-test
-      - olm-bundle-validation
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
    labels:
      suite: olm
      test: olm-bundle-validation-test
@@ -13,9 +12,9 @@
  path: /stages/0/tests/-
  value:
    entrypoint:
-      - scorecard-test
-      - olm-crds-have-validation
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
    labels:
      suite: olm
      test: olm-crds-have-validation-test
@@ -23,9 +22,9 @@
  path: /stages/0/tests/-
  value:
    entrypoint:
-      - scorecard-test
-      - olm-crds-have-resources
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
    labels:
      suite: olm
      test: olm-crds-have-resources-test
@@ -33,9 +32,9 @@
  path: /stages/0/tests/-
  value:
    entrypoint:
-      - scorecard-test
-      - olm-spec-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
    labels:
      suite: olm
      test: olm-spec-descriptors-test
@@ -43,9 +42,9 @@
  path: /stages/0/tests/-
  value:
    entrypoint:
-      - scorecard-test
-      - olm-status-descriptors
-    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    - scorecard-test
+    - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.26.0
    labels:
      suite: olm
      test: olm-status-descriptors-test
--- a/config/testing/kustomization.yaml
+++ b/config/testing/kustomization.yaml
@@ -1,21 +1,26 @@
 # Adds namespace to all resources.
 namespace: osdk-test
+
 namePrefix: osdk-
+
 # Labels to add to all resources and selectors.
-# commonLabels:
-#   someName: someValue
-patchesStrategicMerge:
- manager_image.yaml
- debug_logs_patch.yaml
- ../default/manager_auth_proxy_patch.yaml
+#commonLabels:
+#  someName: someValue
+
+
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ../crd
 - ../rbac
 - ../manager
+- ../default/metrics_service.yaml
 images:
 - name: testing
  newName: testing-operator
 patches:
- path: pull_policy/Never.yaml
+- path: manager_image.yaml
+- path: debug_logs_patch.yaml
+- path: ../default/manager_metrics_patch.yaml
+  target:
+    kind: Deployment
--- a/dev/awx-cr/awx-cr-settings.yml
+++ b/dev/awx-cr/awx-cr-settings.yml
@@ -0,0 +1,24 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: route
+  no_log: false
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key
+
+  # Resource Requirements
+  postgres_storage_requirements:
+    requests:
+      storage: 10Gi
+
+  # Extra Settings
+  extra_settings:
+    - setting: MAX_PAGE_SIZE
+      value: "500"
--- a/dev/awx-cr/awx-db-configuration.cr.yml
+++ b/dev/awx-cr/awx-db-configuration.cr.yml
@@ -0,0 +1,30 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: Route
+
+  postgres_extra_settings:
+    - setting: max_connections
+      value: "999"
+    - setting: ssl_ciphers
+      value: "HIGH:!aNULL:!MD5"
+
+  # requires custom-postgres-configuration secret to be pre-created
+  # postgres_configuration_secret: custom-postgres-configuration
+
+  postgres_resource_requirements:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 800m
+      memory: 1Gi
+  postgres_storage_requirements:
+    requests:
+      storage: 20Gi
+    limits:
+      storage: 100Gi
--- a/dev/awx-cr/awx-k8s-ingress.yml
+++ b/dev/awx-cr/awx-k8s-ingress.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: nodeport
+  ingress_type: ingress
+
+  # Secrets
+  admin_password_secret: custom-admin-password
+  postgres_configuration_secret: custom-pg-configuration
+  secret_key_secret: custom-secret-key
--- a/dev/awx-cr/awx-openshift-cr.yml
+++ b/dev/awx-cr/awx-openshift-cr.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  service_type: clusterip
+  ingress_type: Route
+
+  # # Secrets
+  # admin_password_secret: custom-admin-password
+  # postgres_configuration_secret: custom-pg-configuration
+  # secret_key_secret: custom-secret-key
--- a/dev/secrets/admin-password-secret.yml
+++ b/dev/secrets/admin-password-secret.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-admin-password
+stringData:
+  password: 'password'
--- a/dev/secrets/custom-secret-key.yml
+++ b/dev/secrets/custom-secret-key.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: custom-secret-key
+stringData:
+  secret_key: 'awxsecret'
--- a/dev/secrets/external-pg-secret.yml
+++ b/dev/secrets/external-pg-secret.yml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-pg-secret
+stringData:
+  database: 'awx'
+  host: 'awx-postgres'
+  password: 'test'
+  port: '5432'
+  type: 'managed'
+  username: 'awx'
--- a/docs/README.md
+++ b/docs/README.md
@@ -0,0 +1,16 @@
+# Building the Ansible AWX Operator Docs
+
+To build the AWX Operator docs locally:
+
+1. Clone the AWX operator repository.
+1. Preferrably, create a virtual environment for installing the dependencies.  
+   a. `python3 -m venv venv`  
+   b. `source venv/bin/activate`
+1. From the root directory:  
+   a. `pip install -r docs/requirements.txt`  
+   b. `mkdocs build`
+1. View the docs in your browser:  
+   a. `mkdocs serve`  
+   b. Open your browser and navigate to `http://127.0.0.1:8000/`
+
+This will create a new directory called `site/` in the root of your clone containing the index.html and static files.
--- a/docs/awx-demo.svg
+++ b/docs/awx-demo.svg
--- a/docs/contributors-guide/author.md
+++ b/docs/contributors-guide/author.md
@@ -0,0 +1,3 @@
+# Author
+
+This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team
--- a/docs/contributors-guide/code-of-conduct.md
+++ b/docs/contributors-guide/code-of-conduct.md
@@ -0,0 +1,3 @@
+# Code of Conduct
+
+We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)
--- a/docs/contributors-guide/contributing.md
+++ b/docs/contributors-guide/contributing.md
@@ -0,0 +1,5 @@
+# Contributing
+
+Please visit [our contributing guidelines](https://github.com/ansible/awx-operator/blob/devel/CONTRIBUTING.md).
+
+For docs changes, create PRs on the appropriate files in the `/docs` folder.
--- a/docs/contributors-guide/get-involved.md
+++ b/docs/contributors-guide/get-involved.md
@@ -0,0 +1,24 @@
+# Get Involved
+
+We welcome your feedback, questions and ideas. Here's how to reach the community.
+
+## Forum
+
+Join the [Ansible Forum](https://forum.ansible.com) as a single starting point and our default communication platform for questions and help, development discussions, events, and much more. [Register](https://forum.ansible.com/signup?) to join the community. Search by categories and tags to find interesting topics or start a new one; subscribe only to topics you need!
+
+* [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example `awx-operator` and  `documentation`.
+* [Posts tagged with 'awx-operator'](https://forum.ansible.com/tag/awx-operator): subscribe to participate in project-related conversations.
+* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn) used to announce releases and important changes.
+* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+For more information on the forum navigation, see [Navigating the Ansible forum](https://forum.ansible.com/t/navigating-the-ansible-forum-tags-categories-and-concepts/39) post.
+
+## Matrix
+
+For real-time interactions, conversations in the community happen over the Matrix protocol in the following channels:
+
+* [#awx:ansible.com](https://matrix.to/#/#awx:ansible.com): AWX and AWX-Operator project-related discussions.
+* [#docs:ansible.im](https://matrix.to/#/#docs:ansible.im): Ansible, AWX and AWX-Operator documentation-related discussions.
+
+For more information, see the community-hosted [Matrix FAQ](https://hackmd.io/@ansible-community/community-matrix-faq).
--- a/docs/contributors-guide/release-process.md
+++ b/docs/contributors-guide/release-process.md
@@ -0,0 +1,10 @@
+# Release Process
+
+The first step is to create a draft release. Typically this will happen in the [Stage Release](https://github.com/ansible/awx/blob/devel/.github/workflows/stage.yml) workflow for AWX and you don't need to do it as a separate step.
+
+If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually.
+
+After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, which will:
+
+- Publish image to Quay
+- Release Helm chart
--- a/docs/debugging.md
+++ b/docs/debugging.md
@@ -1,51 +0,0 @@
-# Iterating on the installer without deploying the operator
-
-Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps.
-
-Install some dependencies:
-
-```
-$ ansible-galaxy collection install -r molecule/requirements.yml
-$ pip install -r molecule/requirements.txt
-```
-
-To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator:
-
-```
-$ kubectl scale deployment awx-operator-controller-manager --replicas=0
-```
-
-Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature):
-
-```yaml
-# run.yml
---
- hosts: localhost
-  roles:
-    - installer
-```
-
-Create a vars file:
-
-```yaml
-# vars.yml
---
-ansible_operator_meta:
-  name: awx
-  namespace: awx
-service_type: nodeport
-```
-
-Run the installer:
-
-```
-$ ansible-playbook run.yml -e @vars.yml -v
-```
-
-Grab the URL and admin password:
-
-```
-$ minikube service awx-service --url -n awx
-$ minikube kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode
-LU6lTfvnkjUvDwL240kXKy1sNhjakZmT
-```
--- a/docs/development.md
+++ b/docs/development.md
@@ -0,0 +1,104 @@
+# Development Guide
+
+There are development scripts and yaml examples in the [`dev/`](../dev) directory that, along with the up.sh and down.sh scripts in the root of the repo, can be used to build, deploy and test changes made to the awx-operator.
+
+
+## Prerequisites
+
+You will need to have the following tools installed:
+
+* [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [podman](https://podman.io/docs/installation) or [docker](https://docs.docker.com/get-docker/)
+* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+* [oc](https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html) (if using Openshift)
+
+You will also need to have a container registry account. This guide uses quay.io, but any container registry will work. You will need to create a robot account and login at the CLI with `podman login` or `docker login`.
+
+## Quay.io Setup for Development
+
+Before using the development scripts, you'll need to set up a Quay.io repository and pull secret:
+
+### 1. Create a Private Quay.io Repository
+- Go to [quay.io](https://quay.io) and create a private repository named `awx-operator` under your username
+- The repository URL should be `quay.io/username/awx-operator`
+
+### 2. Create a Bot Account
+- In your Quay.io repository, go to Settings → Robot Accounts
+- Create a new robot account with write permissions to your repository
+- Click on the robot account name to view its credentials
+
+### 3. Generate Kubernetes Pull Secret
+- In the robot account details, click "Kubernetes Secret"
+- Copy the generated YAML content from the pop-up
+
+### 4. Create Local Pull Secret File
+- Create a file at `hacking/pull-secret.yml` in your awx-operator checkout
+- Paste the Kubernetes secret YAML content into this file
+- **Important**: Change the `name` field in the secret from the default to `redhat-operators-pull-secret`
+- The `hacking/` directory is in `.gitignore`, so this file won't be committed to git
+
+Example `hacking/pull-secret.yml`:
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: redhat-operators-pull-secret  # Change this name
+  namespace: awx
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: <base64-encoded-credentials>
+```
+
+## Build and Deploy
+
+
+If you clone the repo, and make sure you are logged in at the CLI with oc and your cluster, you can run:
+
+```
+export QUAY_USER=username
+export NAMESPACE=awx
+export TAG=test
+./up.sh
+```
+
+You can add those variables to your .bashrc file so that you can just run `./up.sh` in the future.
+
+> Note: the first time you run this, it will create quay.io repos on your fork. If you followed the Quay.io setup steps above and created the `hacking/pull-secret.yml` file, the script will automatically handle the pull secret. Otherwise, you will need to either make those repos public, or create a global pull secret on your cluster.
+
+To get the URL, if on **Openshift**, run:
+
+```
+$ oc get route
+```
+
+On **k8s with ingress**, run:
+
+```
+$ kubectl get ing
+```
+
+On **k8s with nodeport**, run:
+
+```
+$ kubectl get svc
+```
+
+The URL is then `http://<Node-IP>:<NodePort>`
+
+> Note: NodePort will only work if you expose that port on your underlying k8s node, or are accessing it from localhost.
+
+By default, the usename and password will be admin and password if using the `up.sh` script because it pre-creates a custom admin password k8s secret and specifies it on the AWX custom resource spec. Without that, a password would have been generated and stored in a k8s secret named <deployment-name>-admin-password.
+
+## Clean up
+
+
+Same thing for cleanup, just run ./down.sh and it will clean up your namespace on that cluster
+
+
+```
+./down.sh
+```
+
+## Running CI tests locally
+
+More tests coming soon...
--- a/docs/index.md
+++ b/docs/index.md
@@ -0,0 +1 @@
+../README.md
--- a/docs/installation/basic-install.md
+++ b/docs/installation/basic-install.md
@@ -0,0 +1,177 @@
+# Basic Install
+
+After cloning this repository, you must choose the tag to run:
+
+```sh
+git clone git@github.com:ansible/awx-operator.git
+cd awx-operator
+git tag
+git checkout tags/<tag>
+
+# For instance:
+git checkout tags/2.7.2
+```
+
+If you work from a fork and made modifications since the tag was issued, you must provide the VERSION number to deploy. Otherwise the operator will get stuck in "ImagePullBackOff" state:
+
+```sh
+export VERSION=<tag>
+
+# For instance:
+export VERSION=2.7.2
+```
+
+Once you have a running Kubernetes cluster, you can deploy AWX Operator into your cluster using [Kustomize](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). Since kubectl version 1.14 kustomize functionality is built-in (otherwise, follow the instructions here to install the latest version of Kustomize: <https://kubectl.docs.kubernetes.io/installation/kustomize/>)
+
+!!! tip
+    If you don't have a Kubernetes cluster, you can use [Minikube](https://minikube.sigs.k8s.io/docs/) for testing purposes. See the [Minikube install docs](./creating-a-minikube-cluster-for-testing.md) for more details.
+
+!!! note
+    Some things may need to be configured slightly differently for different Kubernetes flavors for the networking aspects. When installing on Kind, see the [kind install docs](./kind-install.md) for more details.
+
+There is a make target you can run:
+
+```sh
+make deploy
+```
+
+If you have a custom operator image you have built, you can specify it with:
+
+```sh
+IMG=quay.io/$YOURNAMESPACE/awx-operator:$YOURTAG make deploy
+```
+
+Otherwise, you can manually create a file called `kustomization.yaml` with the following content:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
+  - github.com/ansible/awx-operator/config/default?ref=<tag>
+
+# Set the image tags to match the git version from above
+images:
+  - name: quay.io/ansible/awx-operator
+    newTag: <tag>
+
+# Specify a custom namespace in which to install AWX
+namespace: awx
+```
+
+!!! tip
+    If you need to change any of the default settings for the operator (such as resources.limits), you can add [patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) at the bottom of your kustomization.yaml file.
+
+Install the manifests by running this:
+
+```sh
+$ kubectl apply -k .
+namespace/awx created
+customresourcedefinition.apiextensions.k8s.io/awxbackups.awx.ansible.com created
+customresourcedefinition.apiextensions.k8s.io/awxrestores.awx.ansible.com created
+customresourcedefinition.apiextensions.k8s.io/awxs.awx.ansible.com created
+serviceaccount/awx-operator-controller-manager created
+role.rbac.authorization.k8s.io/awx-operator-awx-manager-role created
+role.rbac.authorization.k8s.io/awx-operator-leader-election-role created
+clusterrole.rbac.authorization.k8s.io/awx-operator-metrics-reader created
+clusterrole.rbac.authorization.k8s.io/awx-operator-proxy-role created
+rolebinding.rbac.authorization.k8s.io/awx-operator-awx-manager-rolebinding created
+rolebinding.rbac.authorization.k8s.io/awx-operator-leader-election-rolebinding created
+clusterrolebinding.rbac.authorization.k8s.io/awx-operator-proxy-rolebinding created
+configmap/awx-operator-awx-manager-config created
+service/awx-operator-controller-manager-metrics-service created
+deployment.apps/awx-operator-controller-manager created
+```
+
+Wait a bit and you should have the `awx-operator` running:
+
+```sh
+$ kubectl get pods -n awx
+NAME                                               READY   STATUS    RESTARTS   AGE
+awx-operator-controller-manager-66ccd8f997-rhd4z   2/2     Running   0          11s
+```
+
+So we don't have to keep repeating `-n awx`, let's set the current namespace for `kubectl`:
+
+```sh
+kubectl config set-context --current --namespace=awx
+```
+
+Next, create a file named `awx-demo.yml` in the same folder with the suggested content below. The `metadata.name` you provide will be the name of the resulting AWX deployment.
+
+!!! note
+    If you deploy more than one AWX instance to the same namespace, be sure to use unique names.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
+```
+
+!!! tip
+    It may make sense to create and specify your own secret key for your deployment so that if the k8s secret gets deleted, it can be re-created if needed.  If it is not provided, one will be auto-generated, but cannot be recovered if lost. Read more [here](../user-guide/admin-user-account-configuration.md#secret-key-configuration).
+
+If you are on Openshift, you can take advantage of Routes by specifying the following your spec. This will automatically create a Route for you with a custom hostname. This can be found on the Route section of the Openshift Console.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: clusterip
+  ingress_type: Route
+```
+
+Make sure to add this new file to the list of `resources` in your `kustomization.yaml` file:
+
+```yaml
+...
+resources:
+  - github.com/ansible/awx-operator/config/default?ref=<tag>
+  # Add this extra line:
+  - awx-demo.yml
+...
+```
+
+Finally, apply the changes to create the AWX instance in your cluster:
+
+```sh
+kubectl apply -k .
+```
+
+After a few seconds, you should see the operator begin to create new resources:
+
+```sh
+$ kubectl get pods -l "app.kubernetes.io/managed-by=awx-operator"
+NAME                        READY   STATUS    RESTARTS   AGE
+awx-demo-77d96f88d5-pnhr8   4/4     Running   0          3m24s
+awx-demo-postgres-0         1/1     Running   0          3m34s
+
+$ kubectl get svc -l "app.kubernetes.io/managed-by=awx-operator"
+NAME                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
+awx-demo-postgres   ClusterIP   None           <none>        5432/TCP       4m4s
+awx-demo-service    NodePort    10.109.40.38   <none>        80:31006/TCP   3m56s
+```
+
+After a few minutes, the new AWX instance will be deployed. You can look at the operator pod logs in order to know where the installation process is at:
+
+```sh
+kubectl logs -f deployments/awx-operator-controller-manager -c awx-manager
+```
+
+Once deployed, your AWX instance should now be reachable at `http://localhost:<assigned-nodeport>/` (in this case, `http://localhost:31006/`).
+
+By default, the admin user is `admin` and the password is available in the `<resourcename>-admin-password` secret. To retrieve the admin password, run:
+
+```sh
+$ kubectl get secret awx-demo-admin-password -o jsonpath="{.data.password}" | base64 --decode ; echo
+yDL2Cx5Za94g9MvBP6B73nzVLlmfgPjR
+```
+
+You just completed the most basic install of an AWX instance via this operator. Congratulations!!!
--- a/docs/installation/creating-a-minikube-cluster-for-testing.md
+++ b/docs/installation/creating-a-minikube-cluster-for-testing.md
@@ -0,0 +1,61 @@
+# Creating a minikube cluster for testing
+
+If you do not have an existing cluster, the `awx-operator` can be deployed on a [Minikube](https://minikube.sigs.k8s.io/docs/) cluster for testing purposes. Due to different OS and hardware environments, please refer to the official Minikube documentation for further information.
+
+```sh
+$ minikube start --cpus=4 --memory=6g --addons=ingress
+😄  minikube v1.23.2 on Fedora 34
+✨  Using the docker driver based on existing profile
+👍  Starting control plane node minikube in cluster minikube
+🚜  Pulling base image ...
+🏃  Updating the running docker "minikube" container ...
+🐳  Preparing Kubernetes v1.22.2 on Docker 20.10.8 ...
+🔎  Verifying Kubernetes components...
+    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
+    ▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.3
+    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
+    ▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
+🔎  Verifying ingress addon...
+🌟  Enabled addons: storage-provisioner, default-storageclass, ingress
+🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
+```
+
+Once Minikube is deployed, check if the node(s) and `kube-apiserver` communication is working as expected.
+
+```sh
+$ minikube kubectl -- get nodes
+NAME       STATUS   ROLES                  AGE    VERSION
+minikube   Ready    control-plane,master   113s   v1.22.2
+
+$ minikube kubectl -- get pods -A
+NAMESPACE       NAME                                        READY   STATUS      RESTARTS   AGE
+ingress-nginx   ingress-nginx-admission-create--1-kk67h     0/1     Completed   0          2m1s
+ingress-nginx   ingress-nginx-admission-patch--1-7mp2r      0/1     Completed   1          2m1s
+ingress-nginx   ingress-nginx-controller-69bdbc4d57-bmwg8   1/1     Running     0          2m
+kube-system     coredns-78fcd69978-q7nmx                    1/1     Running     0          2m
+kube-system     etcd-minikube                               1/1     Running     0          2m12s
+kube-system     kube-apiserver-minikube                     1/1     Running     0          2m16s
+kube-system     kube-controller-manager-minikube            1/1     Running     0          2m12s
+kube-system     kube-proxy-5mmnw                            1/1     Running     0          2m1s
+kube-system     kube-scheduler-minikube                     1/1     Running     0          2m15s
+kube-system     storage-provisioner                         1/1     Running     0          2m11s
+```
+
+It is not required for `kubectl` to be separately installed since it comes already wrapped inside minikube. As demonstrated above, simply prefix `minikube kubectl --` before kubectl command, i.e. `kubectl get nodes` would become `minikube kubectl -- get nodes`
+
+Let's create an alias for easier usage:
+
+```sh
+alias kubectl="minikube kubectl --"
+```
+
+Now, you can proceed with the installation of the AWX Operator and AWX. Please refer to the [Basic Install](basic-install.md) for further instructions.
+
+!!! tip
+    Once your AWX has been deployed, the AWX instance will be accessible by running:
+
+    ```sh
+    minikube service -n awx awx-demo-service --url
+    ```
+
+For an example using the Nginx Ingress Controller in Minikube, don't miss our [demo video](https://asciinema.org/a/416946).
--- a/docs/installation/kind-install.md
+++ b/docs/installation/kind-install.md
@@ -0,0 +1,119 @@
+# AWX Operator on Kind
+
+## Kind Install
+
+Install Kind by running the following. Refer to the [official Kind documentation](https://kind.sigs.k8s.io/docs/user/quick-start/) for more information.
+
+```sh
+# For Intel Macs
+[ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-darwin-amd64
+# For M1 / ARM Macs
+[ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-darwin-arm64
+chmod +x ./kind
+mv ./kind /some-dir-in-your-PATH/kind
+```
+
+### Create the Kind cluster
+
+Create a file called `kind.config`
+
+```yaml
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+- role: control-plane
+  extraPortMappings:
+  - containerPort: 32000
+    hostPort: 32000
+    listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
+    protocol: tcp # Optional, defaults to tcp
+- role: worker
+```
+
+Then create a cluster using that config
+
+```sh
+kind create cluster --config=kind.config
+```
+
+Set cluster context for kubectl
+
+```sh
+kubectl cluster-info --context kind-kind
+```
+
+Install NGINX Ingress Controller
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+```
+
+## AWX
+
+Set the namespace context
+
+```sh
+kubectl config set-context --current --namespace=awx
+```
+
+Checkout the tag you want to install from
+
+```sh
+git checkout 2.7.2
+```
+
+Create a file named `kustomization.yaml` in the root of your local awx-operator clone. Include the following:
+
+```sh
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Find the latest tag here: https://github.com/ansible/awx-operator/releases
+  - github.com/ansible/awx-operator/config/default?ref=2.7.2
+
+# Set the image tags to match the git version from above
+images:
+  - name: quay.io/ansible/awx-operator
+    newTag: 2.7.2
+
+# Specify a custom namespace in which to install AWX
+namespace: awx
+```
+
+Run the following to apply the yaml
+
+```sh
+kubectl apply -k .
+```
+
+Create a file called `awx-cr.yaml` with the following contents and any configuration changes you may wish to add.
+
+```yaml
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
+  nodeport_port: 32000
+```
+
+Create your AWX CR
+
+```sh
+kubectl create -f awx-cr.yaml
+```
+
+Your AWX instance should now be reachable at <http://localhost:32000/>
+
+!!! note
+    If you configured a custom `nodeport_port`, you can find it by running `kubectl -n awx get svc awx-demo-service`
+
+## Cleanup
+
+When you are done, you can delete all of this by running
+
+```sh
+kind delete cluster
+```
--- a/docs/migration/migration.md
+++ b/docs/migration/migration.md
@@ -19,7 +19,8 @@ stringData:
 type: Opaque
 ```

-**Note**: `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.
+!!! note
+    `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.

 ### Old Database Credentials

@@ -34,23 +35,21 @@ metadata:
  namespace: <target namespace>
 stringData:
  host: <external ip or url resolvable by the cluster>
-  port: <external port, this usually defaults to 5432>
+  port: "<external port, this usually defaults to 5432>"    # quotes are required
  database: <desired database name>
  username: <username to connect as>
  password: <password to connect with>
 type: Opaque
 ```

-> For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.cluster.local`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from.
+!!! note
+    For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.<cluster domain>`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from, and `<cluster domain>` is filled in with the internal kubernetes cluster domain (In most cases it's `cluster.local`).

-If your AWX deployment is already using an external database server or its database is otherwise not managed
-by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
-In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
-from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
-database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
+If your AWX deployment is already using an external database server or its database is otherwise not managed by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
+In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_` from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing database and apply any pending migrations.
+It is strongly recommended to backup your database beforehand.

-The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label,
-you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
+The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label, you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.

 ## Deploy AWX

@@ -66,7 +65,16 @@ spec:
  secret_key_secret: <resourcename>-secret-key
  ...
 ```
+### Exclude postgreSQL tables during migration (optional)
+
+Use the `pg_dump_suffix` parameter under `AWX.spec` to customize the pg_dump command that will execute during migration. This variable will append your provided pg_dump parameters to the end of the 'standard' command. For example, to exclude the data from 'main_jobevent' and 'main_job' to decrease the size of the backup use:
+
+```
+pg_dump_suffix: "--exclude-table-data 'main_jobevent*' --exclude-table-data 'main_job'"
+```
+
 ## Important Note
+
 If you intend to put all the above in one file, make sure to separate each block with three dashes like so:

 ```yaml
@@ -79,4 +87,5 @@ If you intend to put all the above in one file, make sure to separate each block
 ---
 # AWX Config
 ```
+
 Failing to do so will lead to an inoperable setup.
--- a/docs/requirements.in
+++ b/docs/requirements.in
@@ -0,0 +1,3 @@
+# This requirements file is used for AWX Operator latest doc builds.
+
+mkdocs-ansible
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -0,0 +1,193 @@
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    pip-compile --allow-unsafe --output-file=docs/requirements.txt --strip-extras docs/requirements.in
+#
+babel==2.14.0
+    # via mkdocs-material
+beautifulsoup4==4.12.3
+    # via
+    #   linkchecker
+    #   mkdocs-htmlproofer-plugin
+    #   readtime
+cairocffi==1.6.1
+    # via cairosvg
+cairosvg==2.7.0
+    # via mkdocs-ansible
+certifi==2024.2.2
+    # via requests
+cffi==1.16.0
+    # via cairocffi
+charset-normalizer==3.3.2
+    # via requests
+click==8.1.7
+    # via
+    #   mkdocs
+    #   mkdocstrings
+colorama==0.4.6
+    # via
+    #   griffe
+    #   mkdocs-material
+csscompressor==0.9.5
+    # via mkdocs-minify-plugin
+cssselect==1.2.0
+    # via pyquery
+cssselect2==0.7.0
+    # via cairosvg
+defusedxml==0.7.1
+    # via cairosvg
+dnspython==2.6.1
+    # via linkchecker
+ghp-import==2.1.0
+    # via mkdocs
+griffe==0.40.1
+    # via mkdocstrings-python
+htmlmin2==0.1.13
+    # via mkdocs-minify-plugin
+idna==3.6
+    # via requests
+jinja2==3.1.3
+    # via
+    #   mkdocs
+    #   mkdocs-macros-plugin
+    #   mkdocs-material
+    #   mkdocstrings
+jsmin==3.0.1
+    # via mkdocs-minify-plugin
+linkchecker==10.4.0
+    # via mkdocs-ansible
+lxml==5.1.0
+    # via
+    #   mkdocs-material
+    #   pyquery
+markdown==3.5.2
+    # via
+    #   markdown-include
+    #   mkdocs
+    #   mkdocs-autorefs
+    #   mkdocs-htmlproofer-plugin
+    #   mkdocs-material
+    #   mkdocstrings
+    #   pymdown-extensions
+markdown-exec==1.8.0
+    # via mkdocs-ansible
+markdown-include==0.8.1
+    # via mkdocs-ansible
+markdown2==2.4.12
+    # via readtime
+markupsafe==2.1.5
+    # via
+    #   jinja2
+    #   mkdocs
+    #   mkdocstrings
+mergedeep==1.3.4
+    # via mkdocs
+mkdocs==1.5.3
+    # via
+    #   mkdocs-ansible
+    #   mkdocs-autorefs
+    #   mkdocs-gen-files
+    #   mkdocs-htmlproofer-plugin
+    #   mkdocs-macros-plugin
+    #   mkdocs-material
+    #   mkdocs-minify-plugin
+    #   mkdocs-monorepo-plugin
+    #   mkdocstrings
+mkdocs-ansible==24.3.1
+    # via -r requirements.in
+mkdocs-autorefs==0.5.0
+    # via mkdocstrings
+mkdocs-gen-files==0.5.0
+    # via mkdocs-ansible
+mkdocs-htmlproofer-plugin==1.0.0
+    # via mkdocs-ansible
+mkdocs-macros-plugin==1.0.5
+    # via mkdocs-ansible
+mkdocs-material==9.2.6
+    # via mkdocs-ansible
+mkdocs-material-extensions==1.3.1
+    # via
+    #   mkdocs-ansible
+    #   mkdocs-material
+mkdocs-minify-plugin==0.8.0
+    # via mkdocs-ansible
+mkdocs-monorepo-plugin==1.1.0
+    # via mkdocs-ansible
+mkdocstrings==0.24.0
+    # via
+    #   mkdocs-ansible
+    #   mkdocstrings-python
+mkdocstrings-python==1.8.0
+    # via mkdocs-ansible
+packaging==23.2
+    # via mkdocs
+paginate==0.5.6
+    # via mkdocs-material
+pathspec==0.12.1
+    # via mkdocs
+pillow==10.0.1
+    # via
+    #   cairosvg
+    #   mkdocs-ansible
+pipdeptree==2.7.1
+    # via mkdocs-ansible
+platformdirs==4.2.0
+    # via
+    #   mkdocs
+    #   mkdocstrings
+pycparser==2.21
+    # via cffi
+pygments==2.17.2
+    # via mkdocs-material
+pymdown-extensions==10.0.1
+    # via
+    #   markdown-exec
+    #   mkdocs-ansible
+    #   mkdocs-material
+    #   mkdocstrings
+pyquery==2.0.0
+    # via readtime
+python-dateutil==2.8.2
+    # via
+    #   ghp-import
+    #   mkdocs-macros-plugin
+python-slugify==8.0.4
+    # via mkdocs-monorepo-plugin
+pyyaml==6.0.1
+    # via
+    #   mkdocs
+    #   mkdocs-macros-plugin
+    #   pymdown-extensions
+    #   pyyaml-env-tag
+pyyaml-env-tag==0.1
+    # via mkdocs
+readtime==3.0.0
+    # via mkdocs-material
+regex==2023.12.25
+    # via mkdocs-material
+requests==2.31.0
+    # via
+    #   linkchecker
+    #   mkdocs-htmlproofer-plugin
+    #   mkdocs-material
+six==1.16.0
+    # via python-dateutil
+soupsieve==2.5
+    # via beautifulsoup4
+termcolor==2.4.0
+    # via mkdocs-macros-plugin
+text-unidecode==1.3
+    # via python-slugify
+tinycss2==1.2.1
+    # via
+    #   cairosvg
+    #   cssselect2
+urllib3==2.2.1
+    # via requests
+watchdog==4.0.0
+    # via mkdocs
+webencodings==0.5.1
+    # via
+    #   cssselect2
+    #   tinycss2
--- a/docs/troubleshooting/debugging.md
+++ b/docs/troubleshooting/debugging.md
@@ -0,0 +1,125 @@
+# Debugging the AWX Operator
+
+## General Debugging
+
+When the operator is deploying AWX, it is running the `installer` role inside the operator container. If the AWX CR's status is `Failed`, it is often useful to look at the awx-operator container logs, which shows the output of the installer role. To see these logs, run:
+
+```sh
+kubectl logs deployments/awx-operator-controller-manager -c awx-manager -f
+```
+
+### Inspect k8s Resources
+
+Past that, it is often useful to inspect various resources the AWX Operator manages like:
+
+* awx
+* awxbackup
+* awxrestore
+* pod
+* deployment
+* pvc
+* service
+* ingress
+* route
+* secrets
+* serviceaccount
+
+To inspect these resources you can use these commands
+
+```sh
+# Inspecting k8s resources
+kubectl describe -n <namespace> <resource> <resource-name>
+kubectl get -n <namespace> <resource> <resource-name> -o yaml
+kubectl logs -n <namespace> <resource> <resource-name>
+
+# Inspecting Pods
+kubectl exec -it -n <namespace> <pod> <pod-name>
+```
+
+### Configure No Log
+
+It is possible to show task output for debugging by setting no_log to false on the AWX CR spec.
+This will show output in the awx-operator logs for any failed tasks where no_log was set to true.
+
+For example:
+
+```sh
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
+  no_log: false                  # <------------
+
+```
+
+## Iterating on the installer without deploying the operator
+
+Go through the [normal basic install](../installation/basic-install.md) steps.
+
+Install some dependencies:
+
+```sh
+ansible-galaxy collection install -r molecule/requirements.yml
+pip install -r molecule/requirements.txt
+```
+
+To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator:
+
+```sh
+kubectl scale deployment awx-operator-controller-manager --replicas=0
+```
+
+Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature):
+
+```yaml
+# run.yml
+---
+- hosts: localhost
+  roles:
+    - installer
+```
+
+Create a vars file:
+
+```yaml
+# vars.yml
+---
+ansible_operator_meta:
+  name: awx
+  namespace: awx
+set_self_labels: false
+update_status: false
+service_type: nodeport
+```
+
+The vars file will replace the awx resource so any value that you wish to over ride using the awx resource, put in the vars file. For example, if you wish to use your own image, version and pull policy, you can specify it like below:
+
+```yaml
+# vars.yml
+---
+ansible_operator_meta:
+  name: awx
+  namespace: awx
+set_self_labels: false
+update_status: false
+service_type: nodeport
+image: $DEV_DOCKER_TAG_BASE/awx_kube_devel
+image_pull_policy: Always
+image_version: $COMPOSE_TAG
+```
+
+Run the installer:
+
+```sh
+ansible-playbook run.yml -e @vars.yml -v
+```
+
+Grab the URL and admin password:
+
+```sh
+$ kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode ; echo
+LU6lTfvnkjUvDwL240kXKy1sNhjakZmT
+```
--- a/docs/uninstall/uninstall.md
+++ b/docs/uninstall/uninstall.md
@@ -0,0 +1,13 @@
+# Uninstall
+
+To uninstall an AWX deployment instance, you basically need to remove the AWX kind related to that instance. For example, to delete an AWX instance named awx-demo, you would do:
+
+```sh
+$ kubectl delete awx awx-demo
+awx.awx.ansible.com "awx-demo" deleted
+```
+
+Deleting an AWX instance will remove all related deployments and statefulsets, however, persistent volumes and secrets will remain. To enforce secrets also getting removed, you can use `garbage_collect_secrets: true`.
+
+!!! note
+    If you ever intend to recover an AWX from an existing database you will need a copy of the secrets in order to perform a successful recovery.
--- a/Show More
+++ b/Show More