tweak settings for PR checks to have capacity

set memory setting based on resource settings

.ansible-lint

@@ -1,3 +1,4 @@
+---
 skip_list:
   - '306'
   - '602'
@@ -5,3 +6,4 @@ skip_list:
 
 exclude_paths:
   - deploy/
+  - .cache/

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,39 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+##### ISSUE TYPE
+ - Bug Report
+
+##### SUMMARY
+<!-- Briefly describe the problem. -->
+
+##### ENVIRONMENT
+* AWX version: X.Y.Z
+* Operator version: X.Y.Z
+* Kubernetes version: 
+* AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
+
+##### STEPS TO REPRODUCE
+
+<!-- Please describe exactly how to reproduce the problem. -->
+
+##### EXPECTED RESULTS
+
+<!-- What did you expect to happen when running the steps above? -->
+
+##### ACTUAL RESULTS
+
+<!-- What actually happened? -->
+
+##### ADDITIONAL INFORMATION
+
+<!-- Include any links to sosreport, database dumps, screenshots or other
+information. -->
+
+##### AWX-OPERATOR LOGS

.github/issue_labeler.yml

@@ -0,0 +1,3 @@
+---
+needs_triage:
+  - '.*'

.github/workflows/ci.yaml

@@ -0,0 +1,41 @@
+---
+
+name: CI
+
+on:
+  pull_request:
+    branches: [devel]
+
+  push:
+    branches: [devel]
+
+jobs:
+  pull_request:
+    runs-on: ubuntu-18.04
+    name: pull_request
+    env:
+      DOCKER_API_VERSION: "1.38"
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: "3.8"
+
+      - name: Install Dependencies
+        run: |
+          pip install -r molecule/requirements.txt
+
+      - name: Install Collections
+        run: |
+          ansible-galaxy collection install -r molecule/requirements.yml
+
+      - name: Run Molecule
+        env:
+          MOLECULE_VERBOSITY: 3
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+        run: |
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind

.github/workflows/devel.yaml

@@ -0,0 +1,27 @@
+---
+
+name: Devel
+
+on:
+  push:
+    branches: [devel]
+
+jobs:
+  release:
+    runs-on: ubuntu-18.04
+    name: Push devel image
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build Image
+        run: |
+          IMG=awx-operator:devel make docker-build
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2.1.1
+        with:
+          image: awx-operator
+          tags: devel
+          registry: quay.io/ansible/
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}

.github/workflows/promote.yaml

@@ -0,0 +1,25 @@
+---
+name: Promote AWX Operator image
+on:
+  release:
+    types: [published]
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Log in to Quay
+        run: |
+          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
+
+      - name: Re-tag and promote awx-operator image
+        run: |
+          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
+          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker push quay.io/${{ github.repository }}:latest

.github/workflows/stage.yml

@@ -0,0 +1,84 @@
+---
+name: Stage Release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to stage'
+        required: true
+      default_awx_version:
+        description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
+        required: true
+      confirm:
+        description: 'Are you sure? Set this to yes.'
+        required: true
+        default: 'no'
+
+jobs:
+  stage:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+    steps:
+      - name: Verify inputs
+        run: |
+          set -e
+
+          if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
+            >&2 echo "Confirm must be 'yes'"
+            exit 1
+          fi
+
+          if [[ ${{ github.event.inputs.version }} == "" ]]; then
+            >&2 echo "Set version to continue."
+            exit 1
+          fi
+
+          exit 0
+
+      - name: Checkout awx
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx
+          path: awx
+
+      - name: Checkout awx-operator
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx-operator
+          path: awx-operator
+
+      - name: Install playbook dependencies
+        run: |
+          python3 -m pip install docker
+
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and stage awx-operator
+        working-directory: awx-operator
+        run: |
+          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }}" \
+          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
+          VERSION=${{ github.event.inputs.version }} make docker-build docker-push
+
+      - name: Run test deployment
+        working-directory: awx-operator
+        run: |
+          python3 -m pip install -r molecule/requirements.txt
+          ansible-galaxy collection install -r molecule/requirements.yml
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+        env:
+          AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
+
+      - name: Create draft release
+        working-directory: awx
+        run: |
+          ansible-playbook tools/ansible/stage.yml \
+            -e version=${{ github.event.inputs.version }} \
+            -e repo=${{ github.repository_owner }}/awx-operator \
+            -e github_token=${{ secrets.GITHUB_TOKEN }}

.github/workflows/triage_new.yml

@@ -0,0 +1,22 @@
+---
+name: Triage
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    name: Label
+
+    steps:
+      - name: Label issues
+        uses: github/issue-labeler@v2.4.1
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          not-before: 2021-12-07T07:00:00Z
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0
+        if: github.event_name == 'issues'

.gitignore

@@ -1 +1,6 @@
 *~
+.cache/
+/bin
+/bundle
+/bundle_tmp*
+/bundle.Dockerfile

.travis.yml

@@ -1,19 +0,0 @@
----
-services: docker
-language: python
-
-before_install:
-  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-  - sudo apt-get update
-  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
-
-env:
-  - DOCKER_API_VERSION=1.38
-
-install:
-  - pip3 install docker molecule molecule-docker yamllint ansible-lint openshift jmespath
-  - ansible-galaxy collection install community.kubernetes
-
-script:
-  - molecule test -s test-local

.yamllint

@@ -1,7 +1,13 @@
 ---
 extends: default
+
+ignore: |
+  .cache/
+  kustomization.yaml
+  awx-operator.clusterserviceversion.yaml
+  bundle
+
 rules:
   truthy: disable
   line-length:
-    max: 160
-    level: warning
+    max: 170

CHANGELOG.md

@@ -0,0 +1,43 @@
+# Changelog
+
+This is a list of high-level changes for each release of `awx-operator`. A full list of commits can be found at `https://github.com/ansible/awx-operator/releases/tag/<version>`.
+
+# 0.14.0 (TBA)
+
+- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x.
+  - To avoid a headache, you probably want to delete your existing operator Deployment and follow the README.
+- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change)
+
+# 0.10.0 (Jun 1, 2021)
+
+- Make tower_ingress_type to respect ClusterIP definition (Marcelo Moreira de Mello) - e37c091 (breaking_change)
+- Add ability to get/create/delete secrets for the awx service account (Christian M. Adams) - 61b3cb4
+- Added ability to specify annotations to ServiceAccount (Marcelo Moreira de Mello) - 446ac0b
+- Do not shadow other variables (Yanis Guenane) - 223fe98
+- Do not prepend variables name with tower_ (Yanis Guenane) - 75458d0 (breaking_change)
+- Fully remove finalizer (Christian M. Adams) - fd92050
+- Use custom pg_dump format for faster restores (Christian M. Adams) - f16d9ac
+- Allow user to specify empty string for storage class on PVC (Christian M. Adams) - 818b837
+- Unset ownerRefs in the installer instead of the finalizer (Christian M. Adams) - c12a1f0
+- Make awx-operator compatible with Ansible 2.12 (Alan Rominger) - 5216489
+- Restore: set proper kind var after deploying AWX CR (Julen Landa Alustiza) - fc4687f
+- Add support for custom service labels (Jeremy Kimber) - fd42802
+- Rename product specific variable names (Christian M. Adams) - 5ae3636 (breaking_change)
+- Add watcher for backup CR (Christian M. Adams) - fdcc745
+
+# 0.9.0 (May 1, 2021)
+
+- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
+- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
+- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
+- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
+- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
+- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
+- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
+- Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change)
+- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
+- Add tower_ingress_type NodePort (stal) - 1b87616
+- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
+- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
+- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
+- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c

CONTRIBUTING.md

@@ -0,0 +1,140 @@
+# AWX-Operator Contributing Guidelines
+
+Hi there! We're excited to have you as a contributor.
+
+Have questions about this document or anything not covered here? Please file a new at [https://github.com/ansible/awx-operator/issues](https://github.com/ansible/awx-operator/issues).
+
+## Table of contents
+
+* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
+* [Submmiting your Work](#submitting-your-work)
+* [Testing](#testing)
+    * [Testing in Docker](#testing-in-docker)
+    * [Testing in Minikube](#testing-in-minikube)
+* [Generating a bundle](#generating-a-bundle)
+* [Reporting Issues](#reporting-issues)
+
+
+## Things to know prior to submitting code
+
+- All code submissions are done through pull requests against the `devel` branch.
+- All PRs must have a single commit. Make sure to `squash` any changes into a single commit.
+- Take care to make sure no merge commits are in the submission, and use `git rebase` vs `git merge` for this reason.
+- If collaborating with someone else on the same branch, consider using `--force-with-lease` instead of `--force`. This will prevent you from accidentally overwriting commits pushed by someone else. For more information, see https://git-scm.com/docs/git-push#git-push---force-with-leaseltrefnamegt
+- We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions, or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)
+
+
+## Submmiting your work
+1. From your fork `devel` branch, create a new brach to stage your changes.
+```sh
+#> git checkout -b <branch-name>
+```
+2. Make your changes.
+3. Test your changes according described on the Testing section.
+4. If everylooks looks correct, commit your changes.
+```sh
+#> git add <FILES>
+#> git commit -m "My message here"
+```
+5. Create your [pull request](https://github.com/ansible/awx-operator/pulls)
+
+**Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.
+
+
+
+## Testing
+
+This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
+
+You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:
+
+```sh
+#> pip install 'molecule[docker]'
+```
+
+Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).
+
+If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
+
+#### Testing in Docker
+
+```sh
+#> molecule test -s test-local
+```
+
+This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
+
+#### Testing in Minikube
+
+```sh
+#> minikube start --memory 8g --cpus 4
+#> minikube addons enable ingress
+#> molecule test -s test-minikube
+```
+
+[Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/) is a more full-featured test environment running inside a full VM on your computer, with an assigned IP address. This makes it easier to test things like NodePort services and Ingress from outside the Kubernetes cluster (e.g. in a browser on your computer).
+
+Once the operator is deployed, you can visit the AWX UI in your browser by following these steps:
+
+  1. Make sure you have an entry like `IP_ADDRESS  example-awx.test` in your `/etc/hosts` file. (Get the IP address with `minikube ip`.)
+  2. Visit `http://example-awx.test/` in your browser. (Default admin login is `test`/`changeme`.)
+
+Alternatively, you can also update the service `awx-service` in your namespace to use the type `NodePort` and use following command to get the URL to access your AWX instance:
+
+```sh
+#> minikube service <serviceName> -n <namespaceName> --url
+```
+
+## Generating a bundle
+
+> :warning: operator-sdk version 0.19.4 is needed to run the following commands
+
+If one has the Operator Lifecycle Manager (OLM) installed, the following steps is the process to generate the bundle that would nicely display in the OLM interface.
+
+At the root of this directory:
+
+1. Build and publish the operator
+
+```
+#> operator-sdk build registry.example.com/ansible/awx-operator:mytag
+#> podman push registry.example.com/ansible/awx-operator:mytag
+```
+
+2. Build and publish the bundle
+
+```
+#> podman build . -f bundle.Dockerfile -t registry.example.com/ansible/awx-operator-bundle:mytag
+#> podman push registry.example.com/ansible/awx-operator-bundle:mytag
+```
+
+3. Build and publish an index with your bundle in it
+
+```
+#> opm index add --bundles registry.example.com/ansible/awx-operator-bundle:mytag --tag registry.example.com/ansible/awx-operator-catalog:mytag
+#> podman push registry.example.com/ansible/awx-operator-catalog:mytag
+```
+
+4. In your Kubernetes create a new CatalogSource pointing to `registry.example.com/ansible/awx-operator-catalog:mytag`
+
+```
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: <catalogsource-name>
+  namespace: <namespace>
+spec:
+  displayName: 'myoperatorhub'
+  image: registry.example.com/ansible/awx-operator-catalog:mytag
+  publisher: 'myoperatorhub'
+  sourceType: grpc
+```
+
+Applying this template will do it. Once the CatalogSource is in a READY state, the bundle should be available on the OperatorHub tab (as part of the custom CatalogSource that just got added)
+
+5. Enjoy
+
+
+## Reporting Issues
+
+We welcome your feedback, and encourage you to file an issue when you run into a problem.

Dockerfile

@@ -1,11 +1,12 @@
-FROM quay.io/operator-framework/ansible-operator:v0.19.4
+FROM quay.io/operator-framework/ansible-operator:v1.12.0
+
+ARG DEFAULT_AWX_VERSION
+ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
 
-# Install Ansible requirements.
 COPY requirements.yml ${HOME}/requirements.yml
 RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
  && chmod -R ug+rwx ${HOME}/.ansible
 
 COPY watches.yaml ${HOME}/watches.yaml
-
-COPY main.yml ${HOME}/main.yml
 COPY roles/ ${HOME}/roles/
+COPY playbooks/ ${HOME}/playbooks/

LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Makefile

@@ -0,0 +1,184 @@
+# VERSION defines the project version for the bundle.
+# Update this value when you upgrade the version of your project.
+# To re-generate a bundle for another specific version without changing the standard setup, you can:
+# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
+# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
+VERSION ?= $(shell git describe --tags)
+
+CONTAINER_CMD ?= docker
+
+# CHANNELS define the bundle channels used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
+# To re-generate a bundle for other specific channels without changing the standard setup, you can:
+# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
+# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
+ifneq ($(origin CHANNELS), undefined)
+BUNDLE_CHANNELS := --channels=$(CHANNELS)
+endif
+
+# DEFAULT_CHANNEL defines the default channel used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable")
+# To re-generate a bundle for any other default channel without changing the default setup, you can:
+# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
+# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
+ifneq ($(origin DEFAULT_CHANNEL), undefined)
+BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
+endif
+BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
+
+# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images.
+# This variable is used to construct full image tags for bundle and catalog images.
+#
+# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
+# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION.
+IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
+
+# BUNDLE_IMG defines the image:tag used for the bundle.
+# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
+BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
+
+# Image URL to use all building/pushing image targets
+IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+NAMESPACE ?= awx
+
+all: docker-build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Build
+
+run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
+	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
+
+docker-build: ## Build docker image with the manager.
+	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
+
+docker-push: ## Push docker image with the manager.
+	${CONTAINER_CMD} push ${IMG}
+
+##@ Deployment
+
+install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+
+gen-resources: kustomize ## Generate resources for controller and print to stdout
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default
+
+deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCH := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
+
+.PHONY: kustomize
+KUSTOMIZE = $(shell pwd)/bin/kustomize
+kustomize: ## Download kustomize locally if necessary.
+ifeq (,$(wildcard $(KUSTOMIZE)))
+ifeq (,$(shell which kustomize 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(KUSTOMIZE)) ;\
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \
+	tar xzf - -C bin/ ;\
+	}
+else
+KUSTOMIZE = $(shell which kustomize)
+endif
+endif
+
+.PHONY: ansible-operator
+ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
+ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
+ifeq (,$(shell which ansible-operator 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\
+	chmod +x $(ANSIBLE_OPERATOR) ;\
+	}
+else
+ANSIBLE_OPERATOR = $(shell which ansible-operator)
+endif
+endif
+
+.PHONY: bundle
+bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
+	operator-sdk generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	cd config/manifests/bases && python inject-csv-config.py
+	operator-sdk bundle validate ./bundle
+
+.PHONY: bundle-build
+bundle-build: ## Build the bundle image.
+	${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+
+.PHONY: bundle-push
+bundle-push: ## Push the bundle image.
+	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
+
+.PHONY: opm
+OPM = ./bin/opm
+opm: ## Download opm locally if necessary.
+ifeq (,$(wildcard $(OPM)))
+ifeq (,$(shell which opm 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPM)) ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\
+	chmod +x $(OPM) ;\
+	}
+else
+OPM = $(shell which opm)
+endif
+endif
+
+# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
+# These images MUST exist in a registry and be pull-able.
+BUNDLE_IMGS ?= $(BUNDLE_IMG)
+
+# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
+CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
+
+# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
+ifneq ($(origin CATALOG_BASE_IMG), undefined)
+FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
+endif
+
+# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
+# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
+# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
+.PHONY: catalog-build
+catalog-build: opm ## Build a catalog image.
+	$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+
+# Push the catalog image.
+.PHONY: catalog-push
+catalog-push: ## Push a catalog image.
+	$(MAKE) docker-push IMG=$(CATALOG_IMG)

PROJECT

@@ -0,0 +1,16 @@
+domain: ansible.com
+layout:
+- ansible.sdk.operatorframework.io/v1
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: awx-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWX
+  version: v1beta1
+version: "3"

ansible/build-and-push.yml

@@ -1,17 +0,0 @@
----
-- name: Build and Deploy the AWX Operator
-  hosts: localhost
-
-  collections:
-    - community.general
-
-  tasks:
-    - name: Build and (optionally) push operator image
-      docker_image:
-        name: "{{ operator_image }}:{{ operator_version }}"
-        pull: no
-        push: "{{ push_image | bool }}"
-        build:
-          dockerfile: "build/Dockerfile"
-          path: "../"
-        force: yes

ansible/chain-operator-files.yml

@@ -1,17 +0,0 @@
----
-# To run: `ansible-playbook chain-operator-files.yml`
-- name: Chain operator files together for easy deployment.
-  hosts: localhost
-  connection: local
-  gather_facts: false
-
-  tasks:
-    - name: Template CRD
-      template:
-        src: crd.yml.j2
-        dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml"
-
-    - name: Template awx-operator.yaml
-      template:
-        src: awx-operator.yaml.j2
-        dest: ../deploy/awx-operator.yaml

ansible/deploy-operator.yml

@@ -1,29 +0,0 @@
----
-- name: Reconstruct awx-operator.yaml
-  include: chain-operator-files.yml
-
-- name: Deploy Operator
-  hosts: localhost
-  vars:
-    k8s_namespace: "default"
-    obliterate: no
-
-  collections:
-    - community.kubernetes
-
-  tasks:
-    - name: Obliterate Operator
-      k8s:
-        state: absent
-        namespace: "{{ k8s_namespace }}"
-        src: "../deploy/awx-operator.yaml"
-        wait: yes
-      when: obliterate | bool
-
-    - name: Deploy Operator
-      k8s:
-        state: present
-        namespace: "{{ k8s_namespace }}"
-        apply: yes
-        wait: yes
-        src: "../deploy/awx-operator.yaml"

ansible/group_vars/all

@@ -1,3 +0,0 @@
-operator_image: quay.io/ansible/awx-operator
-operator_version: 0.6.0
-pull_policy: Always

ansible/instantiate-awx-deployment.yml

@@ -3,13 +3,13 @@
   hosts: localhost
 
   collections:
-    - community.kubernetes
+    - kubernetes.core
 
   tasks:
     - name: Deploy AWX
       k8s:
         state: "{{ state | default('present') }}"
-        namespace: default
+        namespace: "{{ namespace | default('default') }}"
         apply: yes
         wait: yes
         definition:
@@ -18,11 +18,14 @@
           metadata:
             name: awx
           spec:
-            tower_admin_user: test
-            tower_admin_email: test@example.com
-            tower_admin_password: changeme
-            tower_broadcast_websocket_secret: changeme
-            tower_ingress_type: "{{ tower_ingress_type | default(omit) }}" # Either Route or Ingress
-            tower_image: "{{ tower_image | default(omit) }}"
-            development_mode: "{{ development_mode | default(omit) }}"
-            tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}"
+            admin_user: admin
+            admin_email: admin@localhost
+            service_type: "{{ service_type | default(omit) }}"  # Either clusterIP, Loadbalancer or NodePort
+            ingress_type: "{{ ingress_type | default(omit) }}"  # Either none, Ingress, Route
+            image: "{{ image | default(omit) }}"
+            image_version: "{{ image_version | default(omit) }}"
+            development_mode: "{{ development_mode | default(omit) | bool }}"
+            image_pull_policy: "{{ image_pull_policy | default(omit) }}"
+            # ee_images:
+            #   - name: test-ee
+            #     image: quay.io/<user>/awx-ee

ansible/templates/awx-operator.yaml.j2

@@ -1,12 +0,0 @@
-#jinja2: trim_blocks:False
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
-{% include 'role.yml.j2' %}
-
-{% include 'role_binding.yml.j2' %}
-
-{% include 'service_account.yml.j2' %}
-
-{% include 'operator.yml.j2' %}
-
-{% include 'crd.yml.j2' %}

ansible/templates/crd.yml.j2

@@ -1,50 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  subresources:
-    status: {}
-  version: v1beta1
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-  validation:
-    openAPIV3Schema:
-      description: Schema validation for the AWX CRD
-      type: object
-      properties:
-        spec:
-          type: object
-          properties:
-            external_database:
-              type: boolean
-              description: |
-                If true you must supply a secret containing the location and credentials for
-                connecting to the external database by a user who has permission to create
-                and apply a schema.
-
-                The secret should have the name: <custom resource name>-postgres-configuration and
-                should look like:
-
-                apiVersion: v1
-                kind: Secret
-                metadata:
-                  name: <crname>-postgres-configuration
-                  namespace: <target namespace>
-                stringData:
-                  host: <external ip or url resolvable by the cluster>
-                  port: <external port, this usually defaults to 5432>
-                  database: <desired database name>
-                  username: <username to connect as>
-                  password: <password to connect with>
-                type: Opaque

ansible/templates/operator.yml.j2

@@ -1,44 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "{{ operator_image }}:{{ operator_version }}"
-          imagePullPolicy: "{{ pull_policy|default('Always') }}"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 5
-            periodSeconds: 3
-      volumes:
-        - name: runner
-          emptyDir: {}

awx-demo.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport

build/test-framework/Dockerfile

@@ -1,13 +0,0 @@
-ARG BASEIMAGE
-FROM ${BASEIMAGE}
-USER 0
-
-RUN yum install -y python-devel gcc libffi-devel
-RUN pip install molecule==3.0.6 jmespath
-
-ARG NAMESPACEDMAN
-ADD $NAMESPACEDMAN /namespaced.yaml
-ADD build/test-framework/ansible-test.sh /ansible-test.sh
-RUN chmod +x /ansible-test.sh
-USER 1001
-ADD . /opt/ansible/project

build/test-framework/ansible-test.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-export WATCH_NAMESPACE=${TEST_NAMESPACE}
-(/usr/local/bin/entrypoint)&
-trap "kill $!" SIGINT SIGTERM EXIT
-
-cd ${HOME}/project
-exec molecule test -s test-minikube

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -0,0 +1,467 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxs.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWX
+    listKind: AWXList
+    plural: awxs
+    singular: awx
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          description: Schema validation for the AWX CRD
+          properties:
+            spec:
+              properties:
+                deployment_type:
+                  description: Name of the deployment type
+                  type: string
+                kind:
+                  description: Kind of the deployment type
+                  type: string
+                api_version:
+                  description: apiVersion of the deployment type
+                  type: string
+                task_privileged:
+                  description: If a privileged security context should be enabled
+                  type: boolean
+                  default: false
+                admin_user:
+                  description: Username to use for the admin account
+                  type: string
+                  default: admin
+                hostname:
+                  description: The hostname of the instance
+                  type: string
+                admin_email:
+                  description: The admin user email
+                  type: string
+                admin_password_secret:
+                  description: Secret where the admin password can be found
+                  type: string
+                postgres_configuration_secret:
+                  description: Secret where the database configuration can be found
+                  type: string
+                old_postgres_configuration_secret:
+                  description: Secret where the old database configuration can be found for data migration
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for data migration
+                  type: string
+                secret_key_secret:
+                  description: Secret where the secret key can be found
+                  type: string
+                broadcast_websocket_secret:
+                  description: Secret where the broadcast websocket secret can be found
+                  type: string
+                extra_volumes:
+                  description: Specify extra volumes to add to the application pod
+                  type: string
+                service_annotations:
+                  description: Annotations to add to the service
+                  type: string
+                service_type:
+                  description: The service type to be used on the deployed instance
+                  type: string
+                  enum:
+                    - LoadBalancer
+                    - loadbalancer
+                    - ClusterIP
+                    - clusterip
+                    - NodePort
+                    - nodeport
+                ingress_type:
+                  description: The ingress type to use to reach the deployed instance
+                  type: string
+                  enum:
+                    - none
+                    - Ingress
+                    - ingress
+                    - Route
+                    - route
+                ingress_path:
+                  description: The ingress path used to reach the deployed service
+                  type: string
+                ingress_path_type:
+                  description: The ingress path type for the deployed service
+                  type: string
+                ingress_annotations:
+                  description: Annotations to add to the Ingress Controller
+                  type: string
+                ingress_tls_secret:
+                  description: Secret where the Ingress TLS secret can be found
+                  type: string
+                loadbalancer_protocol:
+                  description: Protocol to use for the loadbalancer
+                  type: string
+                  default: http
+                  enum:
+                    - http
+                    - https
+                loadbalancer_port:
+                  description: Port to use for the loadbalancer
+                  type: integer
+                  default: 80
+                route_host:
+                  description: The DNS to use to points to the instance
+                  type: string
+                route_tls_termination_mechanism:
+                  description: The secure TLS termination mechanism to use
+                  type: string
+                  default: Edge
+                  enum:
+                    - Edge
+                    - edge
+                    - Passthrough
+                    - passthrough
+                route_tls_secret:
+                  description: Secret where the TLS related credentials are stored
+                  type: string
+                nodeport_port:
+                  description: Port to use for the nodeport
+                  type: integer
+                  default: 30080
+                node_selector:
+                  description: nodeSelector for the pods
+                  type: string
+                topology_spread_constraints:
+                  description: topology rule(s) for the pods
+                  type: string
+                service_labels:
+                  description: Additional labels to apply to the service
+                  type: string
+                tolerations:
+                  description: node tolerations for the pods
+                  type: string
+                image:
+                  description: Registry path to the application container to use
+                  type: string
+                image_version:
+                  description: Application container image version to use
+                  type: string
+                ee_images:
+                  description: Registry path to the Execution Environment container to use
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      image:
+                        type: string
+                control_plane_ee_image:
+                  description: Registry path to the Execution Environment container image to use on control plane pods
+                  type: string
+                ee_pull_credentials_secret:
+                  description: Secret where pull credentials for registered ees can be found
+                  type: string
+                image_pull_policy:
+                  description: The image pull policy
+                  type: string
+                  default: IfNotPresent
+                  enum:
+                    - Always
+                    - always
+                    - Never
+                    - never
+                    - IfNotPresent
+                    - ifnotpresent
+                image_pull_secret:
+                  description: The image pull secret
+                  type: string
+                task_resource_requirements:
+                  description: Resource requirements for the task container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                web_resource_requirements:
+                  description: Resource requirements for the web container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                ee_resource_requirements:
+                  description: Resource requirements for the ee container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                service_account_annotations:
+                  description: ServiceAccount annotations
+                  type: string
+                replicas:
+                  description: Number of instance replicas
+                  type: integer
+                  default: 1
+                  format: int32
+                garbage_collect_secrets:
+                  description: Whether or not to remove secrets upon instance removal
+                  default: false
+                  type: boolean
+                create_preload_data:
+                  description: Whether or not to preload data upon instance creation
+                  default: true
+                  type: boolean
+                task_args:
+                  type: array
+                  items:
+                    type: string
+                task_command:
+                  type: array
+                  items:
+                    type: string
+                web_args:
+                  type: array
+                  items:
+                    type: string
+                web_command:
+                  type: array
+                  items:
+                    type: string
+                task_extra_env:
+                  type: string
+                web_extra_env:
+                  type: string
+                ee_extra_env:
+                  type: string
+                ee_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Execution container
+                  type: string
+                task_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Task container
+                  type: string
+                web_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the Web container
+                  type: string
+                redis_image:
+                  description: Registry path to the redis container to use
+                  type: string
+                redis_image_version:
+                  description: Redis container image version to use
+                  type: string
+                redis_capabilities:
+                  description: Redis container capabilities
+                  type: array
+                  items:
+                    type: string
+                init_container_image:
+                  description: Registry path to the init container to use
+                  type: string
+                init_container_image_version:
+                  description: Init container image version to use
+                  type: string
+                init_container_extra_commands:
+                  description: Extra commands for the init container
+                  type: string
+                init_container_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the init container
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+                postgres_selector:
+                  description: nodeSelector for the Postgres pods
+                  type: string
+                postgres_tolerations:
+                  description: node tolerations for the Postgres pods
+                  type: string
+                postgres_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                postgres_resource_requirements:
+                  description: Resource requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                      type: object
+                  type: object
+                postgres_storage_class:
+                  description: Storage class to use for the PostgreSQL PVC
+                  type: string
+                postgres_data_path:
+                  description: Path where the PostgreSQL data are located
+                  type: string
+                postgres_extra_args:
+                  type: array
+                  items:
+                    type: string
+                ca_trust_bundle:
+                  description: Path where the trusted CA bundle is available
+                  type: string
+                development_mode:
+                  description: If the deployment should be done in development mode
+                  type: boolean
+                ldap_cacert_secret:
+                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
+                  type: string
+                bundle_cacert_secret:
+                  description: Secret where can be found the trusted Certificate Authority Bundle
+                  type: string
+                projects_persistence:
+                  description: Whether or not the /var/lib/projects directory will be persistent
+                  default: false
+                  type: boolean
+                projects_use_existing_claim:
+                  description: Using existing PersistentVolumeClaim
+                  type: string
+                  enum:
+                    - _Yes_
+                    - _No_
+                projects_existing_claim:
+                  description: PersistentVolumeClaim to mount /var/lib/projects directory
+                  type: string
+                projects_storage_class:
+                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
+                  type: string
+                projects_storage_size:
+                  description: Size for the /var/lib/projects PersistentVolumeClaim
+                  default: 8Gi
+                  type: string
+                projects_storage_access_mode:
+                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
+                  default: ReadWriteMany
+                  type: string
+                extra_settings:
+                  description: Extra settings to specify for the API
+                  items:
+                    properties:
+                      setting:
+                        type: string
+                      value:
+                        x-kubernetes-preserve-unknown-fields: true
+                    type: object
+                  type: array
+                security_context_settings:
+                  description: Key/values that will be set under the pod-level securityContext field
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+              type: object
+            status:
+              properties:
+                URL:
+                  description: URL to access the deployed instance
+                  type: string
+                adminUser:
+                  description: Admin user of the deployed instance
+                  type: string
+                adminPasswordSecret:
+                  description: Admin password secret name of the deployed instance
+                  type: string
+                postgresConfigurationSecret:
+                  description: Postgres Configuration secret name of the deployed instance
+                  type: string
+                broadcastWebsocketSecret:
+                  description: Broadcast websocket secret name of the deployed instance
+                  type: string
+                secretKeySecret:
+                  description: Secret key secret name of the deployed instance
+                  type: string
+                migratedFromSecret:
+                  description: The secret used for migrating an old instance.
+                  type: string
+                version:
+                  description: Version of the deployed instance
+                  type: string
+                image:
+                  description: URL of the image used for the deployed instance
+                  type: string
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      status:
+                        type: string
+                      type:
+                        type: string
+                      reason:
+                        type: string
+                      lastTransitionTime:
+                        type: string
+                    type: object
+                  type: array
+              type: object
+          type: object

config/crd/bases/awxbackup.ansible.com_awxbackups.yaml

@@ -0,0 +1,77 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+          description: Schema validation for the AWXBackup CRD
+          properties:
+            spec:
+              type: object
+              required:
+                - deployment_name
+              properties:
+                deployment_name:
+                  description: Name of the deployment to be backed up
+                  type: string
+                backup_pvc:
+                  description: Name of the PVC to be used for storing the backup
+                  type: string
+                backup_pvc_namespace:
+                  description: Namespace the PVC is in
+                  type: string
+                backup_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  type: string
+                backup_storage_class:
+                  description: Storage class to use when creating PVC for backup
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for backing up data
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+            status:
+              type: object
+              properties:
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      reason:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    type: object
+                  type: array
+                backupDirectory:
+                  description: Backup directory name on the specified pvc
+                  type: string
+                backupClaim:
+                  description: Backup persistent volume claim
+                  type: string

config/crd/bases/awxrestore.ansible.com_awxrestores.yaml

@@ -0,0 +1,78 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxrestores.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXRestore
+    listKind: AWXRestoreList
+    plural: awxrestores
+    singular: awxrestore
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+          description: Schema validation for the AWXRestore CRD
+          properties:
+            spec:
+              type: object
+              properties:
+                backup_source:
+                  description: Backup source
+                  type: string
+                  enum:
+                    - CR
+                    - PVC
+                deployment_name:
+                  description: Name of the deployment to be restored to
+                  type: string
+                backup_name:
+                  description: AWXBackup object name
+                  type: string
+                backup_pvc:
+                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
+                  type: string
+                backup_pvc_namespace:
+                  description: Namespace the PVC is in
+                  type: string
+                backup_dir:
+                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for backing up data
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+            status:
+              type: object
+              properties:
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      reason:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    type: object
+                  type: array
+                restoreComplete:
+                  description: Restore process complete
+                  type: boolean

config/crd/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+  - bases/awx.ansible.com_awxs.yaml
+  - bases/awxbackup.ansible.com_awxbackups.yaml
+  - bases/awxrestore.ansible.com_awxrestores.yaml
+# +kubebuilder:scaffold:crdkustomizeresource

config/default/kustomization.yaml

@@ -0,0 +1,24 @@
+# Adds namespace to all resources.
+namespace: awx
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: awx-operator-
+# Labels to add to all resources and selectors.
+# commonLabels:
+#   someName: someValue
+  # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+  # - ../prometheus
+  # Protect the /metrics endpoint by putting it behind auth.
+  # If you want your controller-manager to expose the /metrics
+  # endpoint w/o any authn/z, please comment the following line.
+patchesStrategicMerge:
+- manager_auth_proxy_patch.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../crd
+- ../rbac
+- ../manager

config/default/manager_auth_proxy_patch.yaml

@@ -0,0 +1,29 @@
+---
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: kube-rbac-proxy
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+          args:
+            - "--secure-listen-address=0.0.0.0:8443"
+            - "--upstream=http://127.0.0.1:8080/"
+            - "--logtostderr=true"
+            - "--v=10"
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+              name: https
+        - name: awx-manager
+          args:
+            - "--health-probe-bind-address=:6789"
+            - "--metrics-bind-address=127.0.0.1:8080"
+            - "--leader-elect"
+            - "--leader-election-id=awx-operator"

config/default/manager_config_patch.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          args:
+            - "--config=controller_manager_config.yaml"
+          volumeMounts:
+            - name: awx-manager-config
+              mountPath: /controller_manager_config.yaml
+              subPath: controller_manager_config.yaml
+      volumes:
+        - name: awx-manager-config
+          configMap:
+            name: awx-manager-config

config/manager/controller_manager_config.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: controller-runtime.sigs.k8s.io/v1beta1
+kind: ControllerManagerConfig
+health:
+  healthProbeBindAddress: :6789
+metrics:
+  bindAddress: 127.0.0.1:8080
+leaderElection:
+  leaderElect: true
+  resourceName: 811c9dc5.ansible.com

config/manager/kustomization.yaml

@@ -0,0 +1,14 @@
+resources:
+- manager.yaml
+generatorOptions:
+  disableNameSuffixHash: true
+configMapGenerator:
+- files:
+  - controller_manager_config.yaml
+  name: awx-manager-config
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: quay.io/ansible/awx-operator
+  newTag: latest

config/manager/manager.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        control-plane: controller-manager
+    spec:
+      securityContext:
+        runAsNonRoot: true
+      containers:
+        - args:
+            - --leader-elect
+            - --leader-election-id=awx-operator
+          image: controller:latest
+          name: awx-manager
+          env:
+            - name: ANSIBLE_GATHERING
+              value: explicit
+            - name: ANSIBLE_DEBUG_LOGS
+              value: 'false'
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 6789
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 6789
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      serviceAccountName: controller-manager
+      terminationGracePeriodSeconds: 10

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -0,0 +1,40 @@
+apiVersion: operators.coreos.com/v1beta1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    alm-examples: '[]'
+    capabilities: Basic Install
+  name: awx-operator.v0.0.0
+  namespace: placeholder
+spec:
+  apiservicedefinitions: {}
+  customresourcedefinitions: {}
+  description: An operator for the AWX Project
+  displayName: AWX
+  icon:
+  - base64data: ""
+    mediatype: ""
+  install:
+    spec:
+      deployments: null
+    strategy: ""
+  installModes:
+  - supported: true
+    type: OwnNamespace
+  - supported: true
+    type: SingleNamespace
+  - supported: true
+    type: MultiNamespace
+  - supported: false
+    type: AllNamespaces
+  keywords:
+  - automation
+  - ansible
+  links:
+  - name: Awx Operator
+    url: https://awx-operator.domain
+  maturity: alpha
+  provider:
+    name: Ansible
+    url: github.com/ansible/awx-operator
+  version: 0.0.0

config/manifests/bases/inject-csv-config.py

@@ -0,0 +1,24 @@
+'''
+After generating the CSV file, inject custom configuration such as
+OLM parameters, relatedImages, etc.
+'''
+
+import yaml
+
+csv_path = "../../../bundle/manifests/awx-operator.clusterserviceversion.yaml"
+existing_csv = open(csv_path, 'r')
+csv = yaml.safe_load(existing_csv)
+
+
+raw_olm_params = open("olm-parameters.yaml")
+olm_params = yaml.safe_load(raw_olm_params)
+
+# Inject OLM parameters for Customer Resource Objects
+csv['spec']['customresourcedefinitions']['owned'] = olm_params
+
+csv['metadata']['annotations']['alm-examples'] = ''
+
+file_content = yaml.safe_dump(csv, default_flow_style=False, explicit_start=True)
+
+with open(csv_path, 'w') as f:
+    f.write(file_content)

config/manifests/bases/olm-parameters.yaml

@@ -0,0 +1,604 @@
+---
+- displayName: AWX Backup
+  description: Back up a deployment of the awx, including jobs, inventories, and credentials
+  kind: AWXBackup
+  name: awxbackups.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+  - displayName: Deployment name
+    path: deployment_name
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+  - displayName: Backup persistent volume claim
+    path: backup_pvc
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup persistent volume claim namespace
+    path: backup_pvc_namespace
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup PVC storage requirements
+    path: backup_storage_requirements
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup PVC storage class
+    path: backup_storage_class
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Database backup label selector
+    path: postgres_label_selector
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  - displayName: PostgreSQL Image
+    path: postgres_image
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  - displayName: PostgreSQL Image Version
+    path: postgres_image_version
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: The persistent volume claim name used during backup
+      displayName: Backup claim
+      path: backupClaim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: The directory data is backed up to on the PVC
+      displayName: Backup directory
+      path: backupDirectory
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+- displayName: AWX Restore
+  description: Restore a previous awx deployment into the namespace
+  kind: AWXRestore
+  name: awxrestores.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+    - displayName: Backup source to restore ?
+      path: backup_source
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:select:CR
+        - urn:alm:descriptor:com.tectonic.ui:select:PVC
+    - displayName: Backup name
+      path: backup_name
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR
+    - displayName: Name of newly restored deployment
+      path: deployment_name
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Backup persistent volume claim
+      path: backup_pvc
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
+    - displayName: Backup namespace
+      path: backup_pvc_namespace
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Backup directory in the persistent volume claim
+      path: backup_dir
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
+    - displayName: Database restore label selector
+      path: postgres_label_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image
+      path: postgres_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image Version
+      path: postgres_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: The state of the restore
+      displayName: Restore status
+      path: restoreComplete
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+- description: Deploy a new instance of AWX
+  displayName: AWX
+  kind: AWX
+  name: awxs.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+    - displayName: Hostname
+      path: hostname
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin account username
+      path: admin_user
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin email address
+      path: admin_email
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin password secret
+      path: admin_password_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Database configuration secret
+      path: postgres_configuration_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Old Database configuration secret
+      path: old_postgres_configuration_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Secret key secret
+      path: secret_key_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Broadcast Websocket Secret
+      path: broadcast_websocket_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Service Account Annotations
+      path: service_account_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Tower Service Type
+      path: service_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:ClusterIP
+        - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
+        - urn:alm:descriptor:com.tectonic.ui:select:NodePort
+    - displayName: Tower Ingress Type
+      path: ingress_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:none
+        - urn:alm:descriptor:com.tectonic.ui:select:Ingress
+        - urn:alm:descriptor:com.tectonic.ui:select:Route
+    - displayName: Ingress Path
+      path: ingress_path
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Ingress Path Type
+      path: ingress_path_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower Ingress Annotations
+      path: ingress_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower Ingress TLS Secret
+      path: ingress_tls_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower LoadBalancer Annotations
+      path: service_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Tower LoadBalancer Protocol
+      path: loadbalancer_protocol
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:http
+        - urn:alm:descriptor:com.tectonic.ui:select:https
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Tower LoadBalancer Port
+      path: loadbalancer_port
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:number
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Route DNS host
+      path: route_host
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Route TLS termination mechanism
+      path: route_tls_termination_mechanism
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:Edge
+        - urn:alm:descriptor:com.tectonic.ui:select:Passthrough
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Route TLS credential secret
+      path: route_tls_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Image Pull Policy
+      path: image_pull_policy
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
+    - displayName: Image Pull Secret
+      path: image_pull_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Web container resource requirements
+      path: web_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: Task container resource requirements
+      path: task_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: EE Control Plane container resource requirements
+      path: ee_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL container resource requirements (when using a managed
+        instance)
+      path: postgres_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL container storage requirements (when using a managed
+        instance)
+      path: postgres_storage_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: Replicas
+      path: replicas
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:number
+    - displayName: Remove used secrets on instance removal ?
+      path: garbage_collect_secrets
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Preload instance with data upon creation ?
+      path: create_preload_data
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Deploy the instance in development mode ?
+      path: development_mode
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Should the task container deployed with privileged level ?
+      path: task_privileged
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment Type
+      path: deployment_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment Kind
+      path: kind
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment apiVersion
+      path: api_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Image
+      path: image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Image Version
+      path: image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Image
+      path: redis_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Image Version
+      path: redis_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Capabilities
+      path: redis_capabilities
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image
+      path: postgres_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image Version
+      path: postgres_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Selector
+      path: postgres_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Label Selector
+      path: postgres_label_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Tolerations
+      path: postgres_tolerations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Storage Class
+      path: postgres_storage_class
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Datapath
+      path: postgres_data_path
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Extra Arguments
+      path: postgres_extra_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Certificate Authorirty Trust Bundle
+      path: ca_trust_bundle
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: LDAP Certificate Authority Trust Bundle
+      path: ldap_cacert_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Task Args
+      path: task_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Enable persistence for /var/lib/projects directory?
+      path: projects_persistence
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Use existing Persistent Claim?
+      path: projects_use_existing_claim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:_Yes_
+        - urn:alm:descriptor:com.tectonic.ui:select:_No_
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
+    - displayName: Projects Existing Persistent Claim
+      path: projects_existing_claim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
+        - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
+    - description: Projects Storage Class Name. If not present, the default storage
+        class will be used.
+      displayName: Projects Storage Class Name
+      path: projects_storage_class
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Projects Storage Size
+      displayName: Projects Storage Size
+      path: projects_storage_size
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Projects Storage Access Mode
+      displayName: Projects Storage Access Mode
+      path: projects_storage_access_mode
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Task Command
+      path: task_command
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to Task container
+      displayName: Task Extra Env
+      path: task_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Execution container
+      displayName: EE Extra Volume Mounts
+      path: ee_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the Execution Environment container to use
+      displayName: EE Images
+      path: ee_images
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to EE container
+      displayName: EE Extra Env
+      path: ee_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the Execution Environment container to use on
+        control plane pods
+      displayName: Control Plane EE Image
+      path: control_plane_ee_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: EE Images Pull Credentials Secret
+      displayName: EE Images Pull Credentials Secret
+      path: ee_pull_credentials_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - description: Specify volume mounts to be added to Task container
+      displayName: Task Extra Volume Mounts
+      path: task_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Web Args
+      path: web_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Web Command
+      path: web_command
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to Web container
+      displayName: Web Extra Env
+      path: web_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Web container
+      displayName: Web Extra Volume Mounts
+      path: web_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify extra volumes to add to the application pod
+      displayName: Extra Volumes
+      path: extra_volumes
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Node Selector
+      path: node_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Topology Spread Constraints
+      path: topology_spread_constraints
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Service Labels
+      path: service_labels
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Tolerations
+      path: tolerations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: API Extra Settings
+      path: extra_settings
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Security Context Settings
+      path: security_context_settings
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the init container to use
+      displayName: Init Container Image
+      path: init_container_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Init container image version to use
+      displayName: Init Container Image Version
+      path: init_container_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify Extra commands for the Init container
+      displayName: Init Container Extra Commands
+      path: init_container_extra_commands
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Init container
+      displayName: Init Container Extra Volume Mounts
+      path: init_container_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Secret where can be found the trusted Certificate Authority Bundle
+      path: bundle_cacert_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Nodeport Port
+      path: nodeport_port
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: Route to access the instance deployed
+      displayName: URL
+      path: URL
+      x-descriptors:
+        - urn:alm:descriptor:org.w3:link
+    - description: Admin user for the instance deployed
+      displayName: Admin User
+      path: adminUser
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Admin password for the instance deployed
+      displayName: Admin Password
+      path: adminPasswordSecret
+      x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - description: Version of the instance deployed
+      displayName: Version
+      path: version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Image of the instance deployed
+      displayName: Image
+      path: image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text

config/manifests/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+# These resources constitute the fully configured set of manifests
+# used to generate the 'manifests/' directory in a bundle.
+resources:
+  - bases/awx-operator.clusterserviceversion.yaml
+  - ../default
+  - ../samples
+  - ../scorecard

config/prometheus/kustomization.yaml

@@ -0,0 +1,3 @@
+---
+resources:
+  - monitor.yaml

config/prometheus/monitor.yaml

@@ -0,0 +1,20 @@
+---
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - path: /metrics
+      port: https
+      scheme: https
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: controller-manager

config/rbac/auth_proxy_client_clusterrole.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+  - nonResourceURLs:
+      - "/metrics"
+    verbs:
+      - get

config/rbac/auth_proxy_role.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create

config/rbac/auth_proxy_role_binding.yaml

@@ -1,13 +1,13 @@
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: awx-operator
+  name: proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
 subjects:
   - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
+    name: controller-manager
+    namespace: system

config/rbac/auth_proxy_service.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: https
+  selector:
+    control-plane: controller-manager

config/rbac/awx_editor_role.yaml

@@ -0,0 +1,25 @@
+---
+# permissions for end users to edit awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-editor-role
+rules:
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs/status
+    verbs:
+      - get

config/rbac/awx_viewer_role.yaml

@@ -0,0 +1,21 @@
+---
+# permissions for end users to view awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-viewer-role
+rules:
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs/status
+    verbs:
+      - get

config/rbac/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+resources:
+  # All RBAC will be applied under this service account in
+  # the deployment namespace. You may comment out this resource
+  # if your manager will use a service account that exists at
+  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
+  # subjects if changing service account names.
+  - service_account.yaml
+  - role.yaml
+  - role_binding.yaml
+  - leader_election_role.yaml
+  - leader_election_role_binding.yaml
+  # Comment the following 4 lines if you want to disable
+  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+  # which protects your /metrics endpoint.
+  - auth_proxy_service.yaml
+  - auth_proxy_role.yaml
+  - auth_proxy_role_binding.yaml
+  - auth_proxy_client_clusterrole.yaml

config/rbac/leader_election_role.yaml

@@ -0,0 +1,38 @@
+---
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

config/rbac/leader_election_role_binding.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager
+    namespace: system

config/rbac/role.yaml

@@ -1,32 +1,49 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   creationTimestamp: null
-  name: awx-operator
+  name: awx-manager-role
 rules:
   - apiGroups:
       - route.openshift.io
     resources:
       - routes
+      - routes/custom-host
     verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
   - apiGroups:
       - ""
+      - "rbac.authorization.k8s.io"
     resources:
       - pods
       - services
       - services/finalizers
+      - serviceaccounts
       - endpoints
       - persistentvolumeclaims
       - events
       - configmaps
       - secrets
+      - roles
+      - rolebindings
     verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
   - apiGroups:
       - apps
-      - extensions
+      - networking.k8s.io
     resources:
       - deployments
       - daemonsets
@@ -34,7 +51,13 @@ rules:
       - statefulsets
       - ingresses
     verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
   - apiGroups:
       - monitoring.coreos.com
     resources:
@@ -50,10 +73,19 @@ rules:
       - deployments/finalizers
     verbs:
       - update
+  - apiGroups:
+      - apps
+    resources:
+      - deployments/scale
+      - statefulsets/scale
+    verbs:
+      - patch
   - apiGroups:
       - ""
     resources:
       - pods/exec
+      - pods/attach
+      - pods/log  # log & attach rules needed to be able to grant them to AWX service account
     verbs:
       - create
       - get
@@ -63,9 +95,12 @@ rules:
       - replicasets
     verbs:
       - get
+      - create
   - apiGroups:
       - awx.ansible.com
     resources:
       - '*'
+      - awxbackups
+      - awxrestores
     verbs:
       - '*'

config/rbac/role_binding.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: awx-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: awx-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager

config/rbac/service_account.yaml

@@ -2,5 +2,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: awx-operator
-  namespace: default
+  name: controller-manager
+  namespace: system

config/samples/awx_v1beta1_awx.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: example-awx
+spec:
+  web_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  task_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 200m
+      memory: 64M

config/samples/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+## Append samples you want in your CSV to this file as resources ##
+resources:
+  - awx_v1beta1_awx.yaml
+# +kubebuilder:scaffold:manifestskustomizesamples

config/scorecard/bases/config.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: scorecard.operatorframework.io/v1alpha3
+kind: Configuration
+metadata:
+  name: config
+stages:
+  - parallel: true
+    tests: []

config/scorecard/kustomization.yaml

@@ -0,0 +1,17 @@
+---
+resources:
+  - bases/config.yaml
+patchesJson6902:
+  - path: patches/basic.config.yaml
+    target:
+      group: scorecard.operatorframework.io
+      version: v1alpha3
+      kind: Configuration
+      name: config
+  - path: patches/olm.config.yaml
+    target:
+      group: scorecard.operatorframework.io
+      version: v1alpha3
+      kind: Configuration
+      name: config
+# +kubebuilder:scaffold:patchesJson6902

config/scorecard/patches/basic.config.yaml

@@ -0,0 +1,11 @@
+---
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: basic
+      test: basic-check-spec-test

config/scorecard/patches/olm.config.yaml

@@ -0,0 +1,51 @@
+---
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-bundle-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-crds-have-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-crds-have-resources-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-spec-descriptors-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-status-descriptors-test

config/testing/debug_logs_patch.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          env:
+            - name: ANSIBLE_DEBUG_LOGS
+              value: "TRUE"

config/testing/kustomization.yaml

@@ -0,0 +1,21 @@
+# Adds namespace to all resources.
+namespace: osdk-test
+namePrefix: osdk-
+# Labels to add to all resources and selectors.
+# commonLabels:
+#   someName: someValue
+patchesStrategicMerge:
+- manager_image.yaml
+- debug_logs_patch.yaml
+- ../default/manager_auth_proxy_patch.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../crd
+- ../rbac
+- ../manager
+images:
+- name: testing
+  newName: testing-operator
+patches:
+- path: pull_policy/Never.yaml

config/testing/manager_image.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          image: testing

config/testing/pull_policy/Always.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Always

config/testing/pull_policy/IfNotPresent.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: IfNotPresent

config/testing/pull_policy/Never.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Never

deploy/awx-operator.yaml

@@ -1,190 +0,0 @@
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: awx-operator
-rules:
-  - apiGroups:
-      - route.openshift.io
-    resources:
-      - routes
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - services
-      - services/finalizers
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-    verbs:
-      - '*'
-  - apiGroups:
-      - apps
-      - extensions
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-      - ingresses
-    verbs:
-      - '*'
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - create
-  - apiGroups:
-      - apps
-    resourceNames:
-      - awx-operator
-    resources:
-      - deployments/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - replicasets
-    verbs:
-      - get
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - '*'
-    verbs:
-      - '*'
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: awx-operator
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: default
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "quay.io/ansible/awx-operator:0.6.0"
-          imagePullPolicy: "Always"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 5
-            periodSeconds: 3
-      volumes:
-        - name: runner
-          emptyDir: {}
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  subresources:
-    status: {}
-  version: v1beta1
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-  validation:
-    openAPIV3Schema:
-      description: Schema validation for the AWX CRD
-      type: object
-      properties:
-        spec:
-          type: object
-          properties:
-            external_database:
-              type: boolean
-              description: |
-                If true you must supply a secret containing the location and credentials for
-                connecting to the external database by a user who has permission to create
-                and apply a schema.
-
-                The secret should have the name: <custom resource name>-postgres-configuration and
-                should look like:
-
-                apiVersion: v1
-                kind: Secret
-                metadata:
-                  name: <crname>-postgres-configuration
-                  namespace: <target namespace>
-                stringData:
-                  host: <external ip or url resolvable by the cluster>
-                  port: <external port, this usually defaults to 5432>
-                  database: <desired database name>
-                  username: <username to connect as>
-                  password: <password to connect with>
-                type: Opaque

deploy/crds/awx_v1beta1_cr.yaml

@@ -1,33 +0,0 @@
----
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: example-awx
-  namespace: example-awx
-spec:
-  tower_ingress_type: none
-  tower_task_privileged: false
-
-  tower_hostname: example-awx.test
-  tower_broadcast_websocket_secret: changeme
-
-  tower_admin_user: test
-  tower_admin_email: test@example.com
-  tower_admin_password: changeme
-
-  tower_image: ansible/awx:15.0.0
-
-  tower_task_mem_request: 1Gi
-  tower_task_cpu_request: 500m
-
-  tower_web_mem_request: 2Gi
-  tower_web_cpu_request: 1000m
-
-  tower_create_preload_data: true
-
-  tower_memcached_image: memcached:alpine
-
-  tower_redis_image: redis:latest
-
-  tower_postgres_storage_request: 8Gi
-  tower_postgres_storage_class: ''

deploy/crds/awx_v1beta1_crd.yaml

@@ -1,50 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  subresources:
-    status: {}
-  version: v1beta1
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-  validation:
-    openAPIV3Schema:
-      description: Schema validation for the AWX CRD
-      type: object
-      properties:
-        spec:
-          type: object
-          properties:
-            external_database:
-              type: boolean
-              description: |
-                If true you must supply a secret containing the location and credentials for
-                connecting to the external database by a user who has permission to create
-                and apply a schema.
-
-                The secret should have the name: <custom resource name>-postgres-configuration and
-                should look like:
-
-                apiVersion: v1
-                kind: Secret
-                metadata:
-                  name: <crname>-postgres-configuration
-                  namespace: <target namespace>
-                stringData:
-                  host: <external ip or url resolvable by the cluster>
-                  port: <external port, this usually defaults to 5432>
-                  database: <desired database name>
-                  username: <username to connect as>
-                  password: <password to connect with>
-                type: Opaque

deploy/crds/awx_v1beta1_molecule.yaml

@@ -1,35 +0,0 @@
----
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: example-awx
-  namespace: example-awx
-spec:
-  tower_ingress_type: ingress
-  tower_task_privileged: false
-
-  tower_hostname: example-awx.test
-  tower_broadcast_websocket_secret: changeme
-
-  tower_admin_user: test
-  tower_admin_email: test@example.com
-  tower_admin_password: changeme
-
-  tower_image: ansible/awx:15.0.0
-
-  tower_task_mem_request: 128M
-  tower_task_cpu_request: 500m
-
-  tower_web_mem_request: 128M
-  tower_web_cpu_request: 500m
-
-  tower_create_preload_data: true
-
-  tower_memcached_image: memcached:alpine
-
-  tower_redis_image: redis:latest
-
-  tower_postgres_pass: awxpass
-  tower_postgres_image: postgres:12
-  tower_postgres_storage_request: 8Gi
-  tower_postgres_storage_class: ''

deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml

@@ -1,221 +0,0 @@
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: ClusterServiceVersion
-metadata:
-  annotations:
-    alm-examples: |-
-      [
-        {
-          "apiVersion": "awx.ansible.com/v1beta1",
-          "kind": "AWX",
-          "metadata": {
-            "name": "example-awx",
-            "namespace": "example-awx"
-          },
-          "spec": {
-            "tower_admin_email": "test@example.com",
-            "tower_admin_password": "changeme",
-            "tower_admin_user": "test",
-            "tower_broadcast_websocket_secret": "changeme",
-            "tower_create_preload_data": true,
-            "tower_hostname": "example-awx.test",
-            "tower_ingress_type": "none",
-            "tower_memcached_image": "memcached:alpine",
-            "tower_postgres_storage_class": "",
-            "tower_postgres_storage_request": "8Gi",
-            "tower_redis_image": "redis:latest",
-            "tower_task_cpu_request": "500m",
-            "tower_image": "ansible/awx:15.0.0",
-            "tower_task_mem_request": "1Gi",
-            "tower_task_privileged": false,
-            "tower_web_cpu_request": "1000m"
-            "tower_web_mem_request": "2Gi"
-          }
-        },
-        {
-          "apiVersion": "awx.ansible.com/v1beta1",
-          "kind": "AWX",
-          "metadata": {
-            "name": "example-awx",
-            "namespace": "example-awx"
-          },
-          "spec": {
-            "tower_admin_email": "test@example.com",
-            "tower_admin_password": "changeme",
-            "tower_admin_user": "test",
-            "tower_broadcast_websocket_secret": "changeme",
-            "tower_create_preload_data": true,
-            "tower_hostname": "example-awx.test",
-            "tower_ingress_type": "ingress",
-            "tower_memcached_image": "memcached:alpine",
-            "tower_postgres_image": "postgres:12",
-            "tower_postgres_pass": "awxpass",
-            "tower_postgres_storage_class": "",
-            "tower_postgres_storage_request": "8Gi",
-            "tower_redis_image": "redis:latest",
-            "tower_task_cpu_request": "500m",
-            "tower_image": "ansible/awx:15.0.0",
-            "tower_task_mem_request": "128M",
-            "tower_task_privileged": false,
-            "tower_web_cpu_request": "500m",
-            "tower_web_mem_request": "128M"
-          }
-        }
-      ]
-    capabilities: Basic Install
-    operators.operatorframework.io/builder: operator-sdk-v0.19.4
-    operators.operatorframework.io/project_layout: ansible
-  name: awx-operator.v0.0.1
-  namespace: placeholder
-spec:
-  apiservicedefinitions: {}
-  customresourcedefinitions:
-    owned:
-      - kind: AWX
-        name: awxs.awx.ansible.com
-        version: v1beta1
-  description: AWX operator
-  displayName: AWX
-  icon:
-    - base64data: ""
-      mediatype: ""
-  install:
-    spec:
-      clusterPermissions:
-        - rules:
-            - apiGroups:
-                - route.openshift.io
-              resources:
-                - routes
-              verbs:
-                - '*'
-            - apiGroups:
-                - ""
-              resources:
-                - pods
-                - services
-                - services/finalizers
-                - endpoints
-                - persistentvolumeclaims
-                - events
-                - configmaps
-                - secrets
-              verbs:
-                - '*'
-            - apiGroups:
-                - apps
-                - extensions
-              resources:
-                - deployments
-                - daemonsets
-                - replicasets
-                - statefulsets
-                - ingresses
-              verbs:
-                - '*'
-            - apiGroups:
-                - monitoring.coreos.com
-              resources:
-                - servicemonitors
-              verbs:
-                - get
-                - create
-            - apiGroups:
-                - apps
-              resourceNames:
-                - awx-operator
-              resources:
-                - deployments/finalizers
-              verbs:
-                - update
-            - apiGroups:
-                - ""
-              resources:
-                - pods/exec
-              verbs:
-                - create
-                - get
-            - apiGroups:
-                - apps
-              resources:
-                - replicasets
-              verbs:
-                - get
-            - apiGroups:
-                - awx.ansible.com
-              resources:
-                - '*'
-              verbs:
-                - '*'
-          serviceAccountName: awx-operator
-      deployments:
-        - name: awx-operator
-          spec:
-            replicas: 1
-            selector:
-              matchLabels:
-                name: awx-operator
-            strategy: {}
-            template:
-              metadata:
-                labels:
-                  name: awx-operator
-              spec:
-                containers:
-                  - command:
-                      - /usr/local/bin/ao-logs
-                      - /tmp/ansible-operator/runner
-                      - stdout
-                    image: ansible/awx-operator:0.5.0
-                    imagePullPolicy: Always
-                    name: ansible
-                    resources: {}
-                    volumeMounts:
-                      - mountPath: /tmp/ansible-operator/runner
-                        name: runner
-                        readOnly: true
-                  - env:
-                      - name: WATCH_NAMESPACE
-                        valueFrom:
-                          fieldRef:
-                            fieldPath: metadata.annotations['olm.targetNamespaces']
-                      - name: POD_NAME
-                        valueFrom:
-                          fieldRef:
-                            fieldPath: metadata.name
-                      - name: OPERATOR_NAME
-                        value: awx-operator
-                    image: ansible/awx-operator:0.5.0
-                    imagePullPolicy: Always
-                    name: operator
-                    resources: {}
-                    volumeMounts:
-                      - mountPath: /tmp/ansible-operator/runner
-                        name: runner
-                serviceAccountName: awx-operator
-                volumes:
-                  - emptyDir: {}
-                    name: runner
-    strategy: deployment
-  installModes:
-    - supported: true
-      type: OwnNamespace
-    - supported: true
-      type: SingleNamespace
-    - supported: false
-      type: MultiNamespace
-    - supported: true
-      type: AllNamespaces
-  keywords:
-    - awx
-  links:
-    - name: Awx Operator
-      url: https://github.com/ansible/awx-operator
-  maintainers:
-    - email: yguenane@redhat.com
-      name: Yanis Guenane
-  maturity: alpha
-  provider:
-    name: AWX Community
-    url: https://github.com/ansible/awx-operator
-  version: 0.0.1

deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml

@@ -1,57 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  creationTimestamp: null
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: Schema validation for the AWX CRD
-      properties:
-        spec:
-          properties:
-            external_database:
-              description: |
-                If true you must supply a secret containing the location and credentials for
-                connecting to the external database by a user who has permission to create
-                and apply a schema.
-
-                The secret should have the name: <custom resource name>-postgres-configuration and
-                should look like:
-
-                apiVersion: v1
-                kind: Secret
-                metadata:
-                  name: <crname>-postgres-configuration
-                  namespace: <target namespace>
-                stringData:
-                  host: <external ip or url resolvable by the cluster>
-                  port: <external port, this usually defaults to 5432>
-                  database: <desired database name>
-                  username: <username to connect as>
-                  password: <password to connect with>
-                type: Opaque
-              type: boolean
-          type: object
-      type: object
-  version: v1beta1
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null

deploy/olm-catalog/awx-operator/metadata/annotations.yaml

@@ -1,11 +0,0 @@
----
-annotations:
-  operators.operatorframework.io.bundle.channel.default.v1: alpha
-  operators.operatorframework.io.bundle.channels.v1: alpha
-  operators.operatorframework.io.bundle.manifests.v1: manifests/
-  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
-  operators.operatorframework.io.bundle.metadata.v1: metadata/
-  operators.operatorframework.io.bundle.package.v1: awx-operator
-  operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4
-  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
-  operators.operatorframework.io.metrics.project_layout: ansible

docs/migration.md

@@ -0,0 +1,82 @@
+# Migrating data from an old AWX instance
+
+To migrate data from an older AWX installation, you must provide some information via Secrets.
+
+## Creating Secrets for Migration
+
+### Secret Key
+
+You can find your old secret key in the inventory file you used to deploy AWX in releases prior to version 18.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <resourcename>-secret-key
+  namespace: <target-namespace>
+stringData:
+  secret_key: <old-secret-key>
+type: Opaque
+```
+
+**Note**: `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.
+
+### Old Database Credentials
+
+The secret should be formatted as follows:
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <resourcename>-old-postgres-configuration
+  namespace: <target namespace>
+stringData:
+  host: <external ip or url resolvable by the cluster>
+  port: <external port, this usually defaults to 5432>
+  database: <desired database name>
+  username: <username to connect as>
+  password: <password to connect with>
+type: Opaque
+```
+
+> For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.cluster.local`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from.
+
+If your AWX deployment is already using an external database server or its database is otherwise not managed
+by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
+In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
+from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
+database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
+
+The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label,
+you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
+
+## Deploy AWX
+
+When you apply your AWX object, you must specify the name to the database secret you created above:
+
+```yaml
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx
+spec:
+  old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
+  secret_key_secret: <resourcename>-secret-key
+  ...
+```
+## Important Note
+If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
+
+```yaml
+---
+# Secret key
+
+---
+# Database creds
+
+---
+# AWX Config
+```
+Failing to do so will lead to an inoperable setup.

main.yml

@@ -1,5 +0,0 @@
----
-- hosts: localhost
-  gather_facts: no
-  roles:
-    - awx

molecule/default/asserts.yml

@@ -1,20 +0,0 @@
----
-- name: Verify cluster resources
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-
-  tasks:
-    - name: Get AWX Pod data
-      k8s_info:
-        kind: Pod
-        namespace: example-awx
-        label_selectors:
-          - app=awx
-      register: tower_pods
-
-    - name: Verify there is one AWX pod
-      assert:
-        that: '{{ (tower_pods.resources | length) == 1 }}'

molecule/default/converge.yml

@@ -2,9 +2,17 @@
 - name: Converge
   hosts: localhost
   connection: local
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-  roles:
-    - awx
+  gather_facts: no
+  collections:
+    - kubernetes.core
 
-- import_playbook: '{{ playbook_dir }}/asserts.yml'
+  tasks:
+    - name: Create Namespace
+      k8s:
+        api_version: v1
+        kind: Namespace
+        name: '{{ namespace }}'
+
+    - import_tasks: kustomize.yml
+      vars:
+        state: present

molecule/default/create.yml

@@ -0,0 +1,6 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks: []

molecule/default/destroy.yml

@@ -0,0 +1,24 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  collections:
+    - kubernetes.core
+
+  tasks:
+    - import_tasks: kustomize.yml
+      vars:
+        state: absent
+
+    - name: Destroy Namespace
+      k8s:
+        api_version: v1
+        kind: Namespace
+        name: '{{ namespace }}'
+        state: absent
+
+    - name: Unset pull policy
+      command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
+      args:
+        chdir: '{{ config_dir }}/testing'

molecule/default/kustomize.yml

@@ -0,0 +1,15 @@
+---
+- name: Build kustomize testing overlay
+  # load_restrictor must be set to none so we can load patch files from the default overlay
+  command: '{{ kustomize }} build  --load_restrictor none .'
+  args:
+    chdir: '{{ config_dir }}/testing'
+  register: resources
+  changed_when: false
+
+- name: Set resources to {{ state }}
+  k8s:
+    definition: '{{ item }}'
+    state: '{{ state }}'
+    wait: yes
+  loop: '{{ resources.stdout | from_yaml_all | list }}'

molecule/default/molecule.yml

@@ -2,33 +2,38 @@
 dependency:
   name: galaxy
 driver:
-  name: docker
+  name: delegated
 lint: |
   set -e
   yamllint .
-  ansible-lint
 platforms:
-  - name: kind-default
+  - name: cluster
     groups:
       - k8s
-    image: bsycorp/kind:latest-1.14
-    privileged: True
-    override_command: no
-    exposed_ports:
-      - 8443/tcp
-      - 10080/tcp
-    published_ports:
-      - 0.0.0.0:${TEST_CLUSTER_PORT:-9443}:8443/tcp
-    pre_build_image: yes
 provisioner:
   name: ansible
-  log: True
+  lint: |
+    set -e
+    ansible-lint
   inventory:
     group_vars:
       all:
-        operator_namespace: ${TEST_NAMESPACE:-default}
+        namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
+    host_vars:
+      localhost:
+        awx_image: ${AWX_TEST_IMAGE:-""}
+        awx_version: ${AWX_TEST_VERSION:-""}
+        default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
+        ansible_python_interpreter: '{{ ansible_playbook_python }}'
+        config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
+        samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
+        operator_image: ${OPERATOR_IMAGE:-""}
+        operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"}
+        kustomize: ${KUSTOMIZE_PATH:-kustomize}
   env:
-    K8S_AUTH_KUBECONFIG: /tmp/molecule/kind-default/kubeconfig
-    KUBECONFIG: /tmp/molecule/kind-default/kubeconfig
-    ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
-    KIND_PORT: '${TEST_CLUSTER_PORT:-9443}'
+    K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"}
+verifier:
+  name: ansible
+  lint: |
+    set -e
+    ansible-lint

molecule/default/prepare.yml

@@ -1,31 +1,28 @@
 ---
-- name: Prepare operator resources
+- name: Prepare
   hosts: localhost
   connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-    deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
-    templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
-  vars_files:
-    - "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/group_vars/all"
+  gather_facts: false
 
   tasks:
-    - name: Create Custom Resource Definition
-      k8s:
-        definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_crd.yaml'])) }}"
+    - name: Ensure operator image is set
+      fail:
+        msg: |
+          You must specify the OPERATOR_IMAGE environment variable in order to run the
+          'default' scenario
+      when: not operator_image
 
-    - name: Ensure specified namespace is present
-      k8s:
-        api_version: v1
-        kind: Namespace
-        name: '{{ operator_namespace }}'
+    - name: Set testing image
+      command: '{{ kustomize }} edit set image testing={{ operator_image }}'
+      args:
+        chdir: '{{ config_dir }}/testing'
 
-    - name: Create RBAC resources
-      k8s:
-        definition: "{{ lookup('template', '/'.join([templates_dir, item])) }}"
-        namespace: '{{ operator_namespace }}'
-      with_items:
-        - role.yml.j2
-        - role_binding.yml.j2
-        - service_account.yml.j2
+    - name: Set pull policy
+      command: '{{ kustomize }} edit add patch --path pull_policy/{{ operator_pull_policy }}.yaml'
+      args:
+        chdir: '{{ config_dir }}/testing'
+
+    - name: Set testing namespace
+      command: '{{ kustomize }} edit set namespace {{ namespace }}'
+      args:
+        chdir: '{{ config_dir }}/testing'

molecule/default/tasks/awx_test.yml

@@ -0,0 +1,85 @@
+---
+- name: Create the awx.ansible.com/v1alpha1.AWX
+  k8s:
+    state: present
+    namespace: '{{ namespace }}'
+    definition: "{{ lookup('template', 'awx_cr_molecule.yml.j2') | from_yaml }}"
+    wait: yes
+    wait_timeout: 900
+    wait_condition:
+      type: Running
+      reason: Successful
+      status: "True"
+
+- name: Obtain generated admin password
+  k8s_info:
+    namespace: '{{ namespace }}'
+    kind: Secret
+    name: example-awx-admin-password
+  register: admin_pw_secret
+
+- block:
+    - name: Get pod details
+      k8s_info:
+        namespace: '{{ namespace }}'
+        kind: Pod
+        label_selectors:
+          - app.kubernetes.io/name = example-awx
+      register: awx_pod
+      when: not awx_version
+
+    - name: Exract tags from images
+      set_fact:
+        image_tags: |
+          {{ awx_pod.resources[0].spec.containers |
+             map(attribute='image') |
+             map('regex_search', default_awx_version) }}
+      when: not awx_version
+
+    - fail:
+        msg: |
+          It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
+          This is an environment variable that is set via build arg when releasing awx-operator.
+      when:
+        - not awx_version
+        - default_awx_version not in image_tags
+
+    - name: Launch Demo Job Template
+      awx.awx.job_launch:
+        name: Demo Job Template
+        wait: yes
+        validate_certs: no
+        controller_host: localhost
+        controller_username: admin
+        controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+  rescue:
+    - name: Get list of project updates and jobs
+      uri:
+        url: "http://localhost/api/v2/{{ resource }}/"
+        user: admin
+        password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+        force_basic_auth: yes
+      register: job_lists
+      loop:
+        - project_updates
+        - jobs
+      loop_control:
+        loop_var: resource
+
+    - name: Get all job and project details
+      uri:
+        url: "http://localhost{{ endpoint }}"
+        user: admin
+        password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+        force_basic_auth: yes
+      loop: |
+        {{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
+      loop_control:
+        loop_var: endpoint
+
+    - name: Re-emit failure
+      vars:
+        failed_task:
+          result: '{{ ansible_failed_result }}'
+      fail:
+        msg: '{{ failed_task }}'

molecule/default/templates/awx_cr_molecule.yml.j2

@@ -0,0 +1,33 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: example-awx
+spec:
+{% if awx_image %}
+  image: {{ awx_image }}
+{% endif %}
+{% if awx_version %}
+  image_version: {{ awx_version }}
+{% endif %}
+  ingress_type: ingress
+  ingress_annotations: |
+    kubernetes.io/ingress.class: nginx
+  web_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  task_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 200m
+      memory: 64M
+  extra_settings:
+      - setting: SYSTEM_TASK_FORKS_CPU
+        value: 1
+
+      - setting: SYSTEM_TASK_FORKS_MEM
+        value: 1

molecule/default/verify.yml

@@ -0,0 +1,57 @@
+---
+- name: Verify
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  collections:
+    - kubernetes.core
+
+  vars:
+    ctrl_label: control-plane=controller-manager
+
+  tasks:
+    - block:
+        - name: Import all test files from tasks/
+          include_tasks: '{{ item }}'
+          with_fileglob:
+            - tasks/*_test.yml
+      rescue:
+        - name: Retrieve relevant resources
+          k8s_info:
+            api_version: '{{ item.api_version }}'
+            kind: '{{ item.kind }}'
+            namespace: '{{ namespace }}'
+          loop:
+            - api_version: v1
+              kind: Pod
+            - api_version: apps/v1
+              kind: Deployment
+            - api_version: v1
+              kind: Secret
+            - api_version: v1
+              kind: ConfigMap
+          register: debug_resources
+
+        - name: Retrieve Pod logs
+          k8s_log:
+            name: '{{ item.metadata.name }}'
+            namespace: '{{ namespace }}'
+            container: awx-manager
+          loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}"
+          register: debug_logs
+
+        - name: Output gathered resources
+          debug:
+            var: debug_resources
+
+        - name: Output gathered logs
+          debug:
+            var: item.log_lines
+          loop: '{{ debug_logs.results }}'
+
+        - name: Re-emit failure
+          vars:
+            failed_task:
+              result: '{{ ansible_failed_result }}'
+          fail:
+            msg: '{{ failed_task }}'

molecule/kind/converge.yml

@@ -0,0 +1,34 @@
+---
+- name: Converge
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  tasks:
+    - name: Build operator image
+      docker_image:
+        build:
+          path: '{{ project_dir }}'
+          pull: no
+          args:
+            DEFAULT_AWX_VERSION: '{{ default_awx_version }}'
+        name: '{{ operator_image }}'
+        tag: latest
+        push: no
+        source: build
+        force_source: yes
+
+    - name: Load operator image into kind cluster
+      command: kind load docker-image --name osdk-test '{{ operator_image }}'
+      register: result
+      changed_when: '"not yet present" in result.stdout'
+
+    - name: Load awx image into kind cluster
+      command: kind load docker-image --name osdk-test '{{ awx_image }}:{{ awx_version }}'
+      register: result
+      changed_when: '"not yet present" in result.stdout'
+      when:
+        - awx_image is defined
+        - awx_image != ''
+
+- import_playbook: ../default/converge.yml

molecule/kind/create.yml

@@ -0,0 +1,27 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Create test kind cluster
+      shell: |
+        cat <<EOF | kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} --config=-
+        kind: Cluster
+        apiVersion: kind.x-k8s.io/v1alpha4
+        nodes:
+        - role: control-plane
+          kubeadmConfigPatches:
+          - |
+            kind: InitConfiguration
+            nodeRegistration:
+              kubeletExtraArgs:
+                node-labels: "ingress-ready=true"
+          extraPortMappings:
+          - containerPort: 80
+            hostPort: 80
+            protocol: TCP
+          - containerPort: 443
+            hostPort: 443
+            protocol: TCP
+        EOF

molecule/kind/destroy.yml

@@ -0,0 +1,16 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  collections:
+    - kubernetes.core
+
+  tasks:
+    - name: Destroy test kind cluster
+      command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }}
+
+    - name: Unset pull policy
+      command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
+      args:
+        chdir: '{{ config_dir }}/testing'

molecule/kind/molecule.yml

@@ -0,0 +1,44 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: delegated
+lint: |
+  set -e
+  yamllint .
+platforms:
+  - name: cluster
+    groups:
+      - k8s
+provisioner:
+  name: ansible
+  playbooks:
+    verify: ../default/verify.yml
+  lint: |
+    set -e
+    ansible-lint
+  inventory:
+    group_vars:
+      all:
+        namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
+    host_vars:
+      localhost:
+        awx_image: ${AWX_TEST_IMAGE:-""}
+        awx_version: ${AWX_TEST_VERSION:-""}
+        ansible_python_interpreter: '{{ ansible_playbook_python }}'
+        default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
+        config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
+        samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
+        project_dir: ${MOLECULE_PROJECT_DIRECTORY}
+        operator_image: testing-operator
+        operator_pull_policy: "Never"
+        kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+        kustomize: ${KUSTOMIZE_PATH:-kustomize}
+  env:
+    K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
+    KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
+verifier:
+  name: ansible
+  lint: |
+    set -e
+    ansible-lint

molecule/kind/prepare.yml

@@ -0,0 +1,29 @@
+---
+- name: Prepare
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  collections:
+    - kubernetes.core
+  vars:
+    nginx_ingress_definition: 'https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml'
+  tasks:
+    - name: Install NGINX ingress
+      k8s:
+        definition: |
+          {{ lookup('url', nginx_ingress_definition, split_lines=False) | from_yaml_all }}
+
+    - name: Wait for NGINX ingress to become available
+      k8s_info:
+        kind: Pod
+        namespace: ingress-nginx
+        label_selectors:
+          - app.kubernetes.io/component=controller
+        wait: yes
+        wait_timeout: 30
+        wait_condition:
+          type: Ready
+      register: result  # For some reason, this task always fails on the first try...
+      until: result is not failed
+
+- import_playbook: ../default/prepare.yml

molecule/requirements.txt

@@ -0,0 +1,7 @@
+molecule
+molecule-docker
+yamllint
+ansible-lint
+openshift!=0.13.0
+jmespath
+ansible-core

molecule/requirements.yml

@@ -0,0 +1,8 @@
+---
+collections:
+  - name: community.general
+  - name: kubernetes.core
+    version: 1.2.1
+  - name: operator_sdk.util
+  - name: community.docker
+  - name: awx.awx

molecule/test-local/converge.yml

@@ -1,133 +0,0 @@
----
-- name: Build Operator in Kind container
-  hosts: k8s
-
-  vars:
-    image_name: awx.ansible.com/awx-operator:testing
-
-  tasks:
-    # using command so we don't need to install any dependencies
-    - name: Get existing image hash
-      command: docker images -q {{ image_name }}
-      register: prev_hash
-      changed_when: false
-
-    - name: Build Operator Image
-      command: docker build -f /build/build/Dockerfile -t {{ image_name }} /build
-      register: build_cmd
-      changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:]))
-
-- name: Converge
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-    deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
-    templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
-    pull_policy: Never
-    operator_image: awx.ansible.com/awx-operator
-    operator_version: testing
-    custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}"
-  tasks:
-
-    - block:
-
-        - name: Delete the Operator Deployment
-          k8s:
-            state: absent
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-          register: delete_deployment
-          when: hostvars[groups.k8s.0].build_cmd.changed
-
-        - name: Wait 30s for Operator Deployment to terminate
-          k8s_info:
-            api_version: '{{ definition.apiVersion }}'
-            kind: '{{ definition.kind }}'
-            namespace: '{{ operator_namespace }}'
-            name: '{{ definition.metadata.name }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: deployment
-          until: not deployment.resources
-          delay: 3
-          retries: 10
-          when: delete_deployment.changed
-
-        - name: Create the Operator Deployment
-          k8s:
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-
-        - name: Ensure the AWX custom_resource namespace exists
-          k8s:
-            state: present
-            name: '{{ custom_resource.metadata.namespace }}'
-            kind: Namespace
-            api_version: v1
-
-        - name: Create the AWX Custom Resource
-          k8s:
-            state: present
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            definition: '{{ custom_resource }}'
-
-        - name: Wait 15m for reconciliation to run
-          k8s_info:
-            api_version: '{{ custom_resource.apiVersion }}'
-            kind: '{{ custom_resource.kind }}'
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            name: '{{ custom_resource.metadata.name }}'
-          register: cr
-          until:
-            - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
-          delay: 6
-          retries: 150
-
-      rescue:
-
-        - name: debug cr
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: debug_cr
-          vars:
-            debug_cr: '{{ lookup("k8s",
-              kind=custom_resource.kind,
-              api_version=custom_resource.apiVersion,
-              namespace=custom_resource.metadata.namespace,
-              resource_name=custom_resource.metadata.name
-            )}}'
-
-        - name: debug awx deployment
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: deploy
-          vars:
-            deploy: '{{ lookup("k8s",
-              kind="Deployment",
-              api_version="apps/v1",
-              namespace=custom_resource.metadata.namespace,
-              label_selector="app=awx"
-            )}}'
-
-        - name: get operator logs
-          ignore_errors: yes
-          failed_when: false
-          command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }} -c operator
-          environment:
-            KUBECONFIG: '{{ lookup("env", "KUBECONFIG") }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: log
-
-        - name: print debug output
-          debug: var=log.stdout_lines
-
-        - name: fail if converge didn't succeed
-          fail:
-            msg: "Failed on action: converge"
-
-- import_playbook: '{{ playbook_dir }}/../default/asserts.yml'

molecule/test-local/molecule.yml

@@ -1,46 +0,0 @@
----
-dependency:
-  name: galaxy
-driver:
-  name: docker
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
-platforms:
-  - name: kind-test-local
-    groups:
-      - k8s
-    image: bsycorp/kind:latest-1.15
-    privileged: True
-    override_command: no
-    exposed_ports:
-      - 8443/tcp
-      - 10080/tcp
-    published_ports:
-      - 0.0.0.0:${TEST_CLUSTER_PORT:-10443}:8443/tcp
-    pre_build_image: yes
-    volumes:
-      - ${MOLECULE_PROJECT_DIRECTORY}:/build:Z
-provisioner:
-  name: ansible
-  log: True
-  inventory:
-    group_vars:
-      all:
-        operator_namespace: ${TEST_NAMESPACE:-default}
-  env:
-    K8S_AUTH_KUBECONFIG: /tmp/molecule/kind-test-local/kubeconfig
-    KUBECONFIG: /tmp/molecule/kind-test-local/kubeconfig
-    ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
-    KIND_PORT: '${TEST_CLUSTER_PORT:-10443}'
-scenario:
-  test_sequence:
-    - lint
-    - destroy
-    - dependency
-    - syntax
-    - create
-    - prepare
-    - converge
-    - destroy

molecule/test-local/prepare.yml

@@ -1,38 +0,0 @@
----
-- name: Prepare kubernetes environment
-  hosts: k8s
-  gather_facts: no
-  vars:
-    kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
-  tasks:
-    - name: delete the kubeconfig if present
-      file:
-        path: '{{ kubeconfig }}'
-        state: absent
-      delegate_to: localhost
-
-    - name: Fetch the kubeconfig
-      fetch:
-        dest: '{{ kubeconfig }}'
-        flat: yes
-        src: /root/.kube/config
-
-    - name: Change the kubeconfig port to the proper value
-      replace:
-        regexp: 8443
-        replace: "{{ lookup('env', 'KIND_PORT') }}"
-        path: '{{ kubeconfig }}'
-        mode: 0644
-      delegate_to: localhost
-
-    - name: Wait for the Kubernetes API to become available (this could take a minute)
-      uri:
-        url: "http://localhost:10080/kubernetes-ready"
-        status_code: 200
-        validate_certs: no
-      register: result
-      until: (result.status|default(-1)) == 200
-      retries: 60
-      delay: 5
-
-- import_playbook: ../default/prepare.yml

molecule/test-minikube/converge.yml

@@ -1,141 +0,0 @@
----
-# TODO: For some reason prepare is not run after a destroy in the Minikube env.
-- import_playbook: ../default/prepare.yml
-
-- name: Build Operator in Minikube
-  hosts: localhost
-  connection: local
-
-  vars:
-    image_name: awx.ansible.com/awx-operator:testing
-
-  tasks:
-    # Use raw Docker commands inside Minikube to avoid extra Python dependencies.
-    - name: Get existing image hash
-      shell: |
-        eval $(minikube docker-env)
-        docker images -q {{ image_name }}
-      register: prev_hash
-      changed_when: false
-
-    - name: Build Operator Image
-      shell: |
-        eval $(minikube docker-env)
-        docker build -f ../../build/Dockerfile -t {{ image_name }} ../..
-      register: build_cmd
-      changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:]))
-
-- name: Converge
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-    deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
-    templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
-    pull_policy: Never
-    operator_image: awx.ansible.com/awx-operator
-    operator_version: testing
-    # Change this to _awx to test AWX, _tower to test Tower.
-    custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}"
-
-  tasks:
-    - block:
-        - name: Delete the Operator Deployment
-          k8s:
-            state: absent
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-          register: delete_deployment
-          when: build_cmd.changed
-
-        - name: Wait 30s for Operator Deployment to terminate
-          k8s_info:
-            api_version: '{{ definition.apiVersion }}'
-            kind: '{{ definition.kind }}'
-            namespace: '{{ operator_namespace }}'
-            name: '{{ definition.metadata.name }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: deployment
-          until: not deployment.resources
-          delay: 3
-          retries: 10
-          when: delete_deployment.changed
-
-        - name: Create the Operator Deployment
-          k8s:
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-
-        - name: Ensure the AWX custom_resource namespace exists
-          k8s:
-            state: present
-            name: '{{ custom_resource.metadata.namespace }}'
-            kind: Namespace
-            api_version: v1
-
-        - name: Create the AWX Custom Resource
-          k8s:
-            state: present
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            definition: '{{ custom_resource }}'
-
-        - name: Wait 15m for reconciliation to run
-          k8s_info:
-            api_version: '{{ custom_resource.apiVersion }}'
-            kind: '{{ custom_resource.kind }}'
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            name: '{{ custom_resource.metadata.name }}'
-          register: cr
-          until:
-            - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
-          delay: 6
-          retries: 150
-
-      rescue:
-
-        - name: debug cr
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: debug_cr
-          vars:
-            debug_cr: '{{ lookup("k8s",
-              kind=custom_resource.kind,
-              api_version=custom_resource.apiVersion,
-              namespace=custom_resource.metadata.namespace,
-              resource_name=custom_resource.metadata.name
-            )}}'
-
-        - name: debug awx deployment
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: deploy
-          vars:
-            deploy: '{{ lookup("k8s",
-              kind="Deployment",
-              api_version="apps/v1",
-              namespace=custom_resource.metadata.namespace,
-              label_selector="app=awx"
-            )}}'
-
-        - name: get operator logs
-          ignore_errors: yes
-          failed_when: false
-          command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }} -c operator
-          environment:
-            KUBECONFIG: '{{ lookup("env", "KUBECONFIG") }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: log
-
-        - name: print debug output
-          debug: var=log.stdout_lines
-
-        - name: fail if converge didn't succeed
-          fail:
-            msg: "Failed on action: converge"
-
-- import_playbook: '{{ playbook_dir }}/../default/asserts.yml'