Merge pull request #811 from shanemcd/format-readme-tables

Reformat markdown tables in README.md

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,39 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+##### ISSUE TYPE
+ - Bug Report
+
+##### SUMMARY
+<!-- Briefly describe the problem. -->
+
+##### ENVIRONMENT
+* AWX version: X.Y.Z
+* Operator version: X.Y.Z
+* Kubernetes version: 
+* AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
+
+##### STEPS TO REPRODUCE
+
+<!-- Please describe exactly how to reproduce the problem. -->
+
+##### EXPECTED RESULTS
+
+<!-- What did you expect to happen when running the steps above? -->
+
+##### ACTUAL RESULTS
+
+<!-- What actually happened? -->
+
+##### ADDITIONAL INFORMATION
+
+<!-- Include any links to sosreport, database dumps, screenshots or other
+information. -->
+
+##### AWX-OPERATOR LOGS

.github/issue_labeler.yml

@@ -0,0 +1,3 @@
+---
+needs_triage:
+  - '.*'

.github/workflows/ci.yaml

@@ -0,0 +1,41 @@
+---
+
+name: CI
+
+on:
+  pull_request:
+    branches: [devel]
+
+  push:
+    branches: [devel]
+
+jobs:
+  pull_request:
+    runs-on: ubuntu-18.04
+    name: pull_request
+    env:
+      DOCKER_API_VERSION: "1.38"
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: "3.8"
+
+      - name: Install Dependencies
+        run: |
+          pip install -r molecule/requirements.txt
+
+      - name: Install Collections
+        run: |
+          ansible-galaxy collection install -r molecule/requirements.yml
+
+      - name: Run Molecule
+        env:
+          MOLECULE_VERBOSITY: 3
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+        run: |
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind

.github/workflows/devel.yaml

@@ -0,0 +1,27 @@
+---
+
+name: Devel
+
+on:
+  push:
+    branches: [devel]
+
+jobs:
+  release:
+    runs-on: ubuntu-18.04
+    name: Push devel image
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build Image
+        run: |
+          IMG=awx-operator:devel make docker-build
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2.1.1
+        with:
+          image: awx-operator
+          tags: devel
+          registry: quay.io/ansible/
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}

.github/workflows/promote.yaml

@@ -0,0 +1,25 @@
+---
+name: Promote AWX Operator image
+on:
+  release:
+    types: [published]
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Log in to Quay
+        run: |
+          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
+
+      - name: Re-tag and promote awx-operator image
+        run: |
+          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
+          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker push quay.io/${{ github.repository }}:latest

.github/workflows/stage.yml

@@ -0,0 +1,84 @@
+---
+name: Stage Release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to stage'
+        required: true
+      default_awx_version:
+        description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
+        required: true
+      confirm:
+        description: 'Are you sure? Set this to yes.'
+        required: true
+        default: 'no'
+
+jobs:
+  stage:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+    steps:
+      - name: Verify inputs
+        run: |
+          set -e
+
+          if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
+            >&2 echo "Confirm must be 'yes'"
+            exit 1
+          fi
+
+          if [[ ${{ github.event.inputs.version }} == "" ]]; then
+            >&2 echo "Set version to continue."
+            exit 1
+          fi
+
+          exit 0
+
+      - name: Checkout awx
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx
+          path: awx
+
+      - name: Checkout awx-operator
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx-operator
+          path: awx-operator
+
+      - name: Install playbook dependencies
+        run: |
+          python3 -m pip install docker
+
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and stage awx-operator
+        working-directory: awx-operator
+        run: |
+          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }}" \
+          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
+          VERSION=${{ github.event.inputs.version }} make docker-build docker-push
+
+      - name: Run test deployment
+        working-directory: awx-operator
+        run: |
+          python3 -m pip install -r molecule/requirements.txt
+          ansible-galaxy collection install -r molecule/requirements.yml
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+        env:
+          AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
+
+      - name: Create draft release
+        working-directory: awx
+        run: |
+          ansible-playbook tools/ansible/stage.yml \
+            -e version=${{ github.event.inputs.version }} \
+            -e repo=${{ github.repository_owner }}/awx-operator \
+            -e github_token=${{ secrets.GITHUB_TOKEN }}

.github/workflows/triage_new.yml

@@ -0,0 +1,22 @@
+---
+name: Triage
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    name: Label
+
+    steps:
+      - name: Label issues
+        uses: github/issue-labeler@v2.4.1
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          not-before: 2021-12-07T07:00:00Z
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0
+        if: github.event_name == 'issues'

.gitignore

@@ -1,2 +1,6 @@
 *~
 .cache/
+/bin
+/bundle
+/bundle_tmp*
+/bundle.Dockerfile

.travis.yml

@@ -1,19 +0,0 @@
----
-services: docker
-language: python
-
-before_install:
-  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-  - sudo apt-get update
-  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
-
-env:
-  - DOCKER_API_VERSION=1.38
-
-install:
-  - pip3 install docker molecule molecule-docker yamllint ansible-lint openshift jmespath ansible
-  - ansible-galaxy collection install community.kubernetes operator_sdk.util
-
-script:
-  - MOLECULE_VERBOSITY=3 molecule test -s test-local

.yamllint

@@ -3,10 +3,11 @@ extends: default
 
 ignore: |
   .cache/
-  deploy/olm-catalog
+  kustomization.yaml
+  awx-operator.clusterserviceversion.yaml
+  bundle
 
 rules:
   truthy: disable
   line-length:
-    max: 160
-    level: warning
+    max: 170

CHANGELOG.md

@@ -0,0 +1,43 @@
+# Changelog
+
+This is a list of high-level changes for each release of `awx-operator`. A full list of commits can be found at `https://github.com/ansible/awx-operator/releases/tag/<version>`.
+
+# 0.14.0 (TBA)
+
+- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x.
+  - To avoid a headache, you probably want to delete your existing operator Deployment and follow the README.
+- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change)
+
+# 0.10.0 (Jun 1, 2021)
+
+- Make tower_ingress_type to respect ClusterIP definition (Marcelo Moreira de Mello) - e37c091 (breaking_change)
+- Add ability to get/create/delete secrets for the awx service account (Christian M. Adams) - 61b3cb4
+- Added ability to specify annotations to ServiceAccount (Marcelo Moreira de Mello) - 446ac0b
+- Do not shadow other variables (Yanis Guenane) - 223fe98
+- Do not prepend variables name with tower_ (Yanis Guenane) - 75458d0 (breaking_change)
+- Fully remove finalizer (Christian M. Adams) - fd92050
+- Use custom pg_dump format for faster restores (Christian M. Adams) - f16d9ac
+- Allow user to specify empty string for storage class on PVC (Christian M. Adams) - 818b837
+- Unset ownerRefs in the installer instead of the finalizer (Christian M. Adams) - c12a1f0
+- Make awx-operator compatible with Ansible 2.12 (Alan Rominger) - 5216489
+- Restore: set proper kind var after deploying AWX CR (Julen Landa Alustiza) - fc4687f
+- Add support for custom service labels (Jeremy Kimber) - fd42802
+- Rename product specific variable names (Christian M. Adams) - 5ae3636 (breaking_change)
+- Add watcher for backup CR (Christian M. Adams) - fdcc745
+
+# 0.9.0 (May 1, 2021)
+
+- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
+- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
+- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
+- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
+- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
+- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
+- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
+- Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change)
+- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
+- Add tower_ingress_type NodePort (stal) - 1b87616
+- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
+- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
+- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
+- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c

CONTRIBUTING.md

@@ -0,0 +1,140 @@
+# AWX-Operator Contributing Guidelines
+
+Hi there! We're excited to have you as a contributor.
+
+Have questions about this document or anything not covered here? Please file a new at [https://github.com/ansible/awx-operator/issues](https://github.com/ansible/awx-operator/issues).
+
+## Table of contents
+
+* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
+* [Submmiting your Work](#submitting-your-work)
+* [Testing](#testing)
+    * [Testing in Docker](#testing-in-docker)
+    * [Testing in Minikube](#testing-in-minikube)
+* [Generating a bundle](#generating-a-bundle)
+* [Reporting Issues](#reporting-issues)
+
+
+## Things to know prior to submitting code
+
+- All code submissions are done through pull requests against the `devel` branch.
+- All PRs must have a single commit. Make sure to `squash` any changes into a single commit.
+- Take care to make sure no merge commits are in the submission, and use `git rebase` vs `git merge` for this reason.
+- If collaborating with someone else on the same branch, consider using `--force-with-lease` instead of `--force`. This will prevent you from accidentally overwriting commits pushed by someone else. For more information, see https://git-scm.com/docs/git-push#git-push---force-with-leaseltrefnamegt
+- We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions, or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)
+
+
+## Submmiting your work
+1. From your fork `devel` branch, create a new brach to stage your changes.
+```sh
+#> git checkout -b <branch-name>
+```
+2. Make your changes.
+3. Test your changes according described on the Testing section.
+4. If everylooks looks correct, commit your changes.
+```sh
+#> git add <FILES>
+#> git commit -m "My message here"
+```
+5. Create your [pull request](https://github.com/ansible/awx-operator/pulls)
+
+**Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.
+
+
+
+## Testing
+
+This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
+
+You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:
+
+```sh
+#> pip install 'molecule[docker]'
+```
+
+Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).
+
+If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
+
+#### Testing in Docker
+
+```sh
+#> molecule test -s test-local
+```
+
+This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
+
+#### Testing in Minikube
+
+```sh
+#> minikube start --memory 8g --cpus 4
+#> minikube addons enable ingress
+#> molecule test -s test-minikube
+```
+
+[Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/) is a more full-featured test environment running inside a full VM on your computer, with an assigned IP address. This makes it easier to test things like NodePort services and Ingress from outside the Kubernetes cluster (e.g. in a browser on your computer).
+
+Once the operator is deployed, you can visit the AWX UI in your browser by following these steps:
+
+  1. Make sure you have an entry like `IP_ADDRESS  example-awx.test` in your `/etc/hosts` file. (Get the IP address with `minikube ip`.)
+  2. Visit `http://example-awx.test/` in your browser. (Default admin login is `test`/`changeme`.)
+
+Alternatively, you can also update the service `awx-service` in your namespace to use the type `NodePort` and use following command to get the URL to access your AWX instance:
+
+```sh
+#> minikube service <serviceName> -n <namespaceName> --url
+```
+
+## Generating a bundle
+
+> :warning: operator-sdk version 0.19.4 is needed to run the following commands
+
+If one has the Operator Lifecycle Manager (OLM) installed, the following steps is the process to generate the bundle that would nicely display in the OLM interface.
+
+At the root of this directory:
+
+1. Build and publish the operator
+
+```
+#> operator-sdk build registry.example.com/ansible/awx-operator:mytag
+#> podman push registry.example.com/ansible/awx-operator:mytag
+```
+
+2. Build and publish the bundle
+
+```
+#> podman build . -f bundle.Dockerfile -t registry.example.com/ansible/awx-operator-bundle:mytag
+#> podman push registry.example.com/ansible/awx-operator-bundle:mytag
+```
+
+3. Build and publish an index with your bundle in it
+
+```
+#> opm index add --bundles registry.example.com/ansible/awx-operator-bundle:mytag --tag registry.example.com/ansible/awx-operator-catalog:mytag
+#> podman push registry.example.com/ansible/awx-operator-catalog:mytag
+```
+
+4. In your Kubernetes create a new CatalogSource pointing to `registry.example.com/ansible/awx-operator-catalog:mytag`
+
+```
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: <catalogsource-name>
+  namespace: <namespace>
+spec:
+  displayName: 'myoperatorhub'
+  image: registry.example.com/ansible/awx-operator-catalog:mytag
+  publisher: 'myoperatorhub'
+  sourceType: grpc
+```
+
+Applying this template will do it. Once the CatalogSource is in a READY state, the bundle should be available on the OperatorHub tab (as part of the custom CatalogSource that just got added)
+
+5. Enjoy
+
+
+## Reporting Issues
+
+We welcome your feedback, and encourage you to file an issue when you run into a problem.

Dockerfile

@@ -1,11 +1,12 @@
-FROM quay.io/operator-framework/ansible-operator:v0.19.4
+FROM quay.io/operator-framework/ansible-operator:v1.12.0
+
+ARG DEFAULT_AWX_VERSION
+ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
 
-# Install Ansible requirements.
 COPY requirements.yml ${HOME}/requirements.yml
 RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
  && chmod -R ug+rwx ${HOME}/.ansible
 
 COPY watches.yaml ${HOME}/watches.yaml
-
-COPY main.yml ${HOME}/main.yml
 COPY roles/ ${HOME}/roles/
+COPY playbooks/ ${HOME}/playbooks/

Makefile

@@ -0,0 +1,184 @@
+# VERSION defines the project version for the bundle.
+# Update this value when you upgrade the version of your project.
+# To re-generate a bundle for another specific version without changing the standard setup, you can:
+# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
+# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
+VERSION ?= $(shell git describe --tags)
+
+CONTAINER_CMD ?= docker
+
+# CHANNELS define the bundle channels used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
+# To re-generate a bundle for other specific channels without changing the standard setup, you can:
+# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
+# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
+ifneq ($(origin CHANNELS), undefined)
+BUNDLE_CHANNELS := --channels=$(CHANNELS)
+endif
+
+# DEFAULT_CHANNEL defines the default channel used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable")
+# To re-generate a bundle for any other default channel without changing the default setup, you can:
+# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
+# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
+ifneq ($(origin DEFAULT_CHANNEL), undefined)
+BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
+endif
+BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
+
+# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images.
+# This variable is used to construct full image tags for bundle and catalog images.
+#
+# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
+# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION.
+IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
+
+# BUNDLE_IMG defines the image:tag used for the bundle.
+# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
+BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
+
+# Image URL to use all building/pushing image targets
+IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+NAMESPACE ?= awx
+
+all: docker-build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Build
+
+run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
+	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
+
+docker-build: ## Build docker image with the manager.
+	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
+
+docker-push: ## Push docker image with the manager.
+	${CONTAINER_CMD} push ${IMG}
+
+##@ Deployment
+
+install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+
+gen-resources: kustomize ## Generate resources for controller and print to stdout
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default
+
+deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCH := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
+
+.PHONY: kustomize
+KUSTOMIZE = $(shell pwd)/bin/kustomize
+kustomize: ## Download kustomize locally if necessary.
+ifeq (,$(wildcard $(KUSTOMIZE)))
+ifeq (,$(shell which kustomize 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(KUSTOMIZE)) ;\
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \
+	tar xzf - -C bin/ ;\
+	}
+else
+KUSTOMIZE = $(shell which kustomize)
+endif
+endif
+
+.PHONY: ansible-operator
+ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
+ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
+ifeq (,$(shell which ansible-operator 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\
+	chmod +x $(ANSIBLE_OPERATOR) ;\
+	}
+else
+ANSIBLE_OPERATOR = $(shell which ansible-operator)
+endif
+endif
+
+.PHONY: bundle
+bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
+	operator-sdk generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	cd config/manifests/bases && python inject-csv-config.py
+	operator-sdk bundle validate ./bundle
+
+.PHONY: bundle-build
+bundle-build: ## Build the bundle image.
+	${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+
+.PHONY: bundle-push
+bundle-push: ## Push the bundle image.
+	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
+
+.PHONY: opm
+OPM = ./bin/opm
+opm: ## Download opm locally if necessary.
+ifeq (,$(wildcard $(OPM)))
+ifeq (,$(shell which opm 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPM)) ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\
+	chmod +x $(OPM) ;\
+	}
+else
+OPM = $(shell which opm)
+endif
+endif
+
+# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
+# These images MUST exist in a registry and be pull-able.
+BUNDLE_IMGS ?= $(BUNDLE_IMG)
+
+# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
+CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
+
+# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
+ifneq ($(origin CATALOG_BASE_IMG), undefined)
+FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
+endif
+
+# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
+# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
+# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
+.PHONY: catalog-build
+catalog-build: opm ## Build a catalog image.
+	$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+
+# Push the catalog image.
+.PHONY: catalog-push
+catalog-push: ## Push a catalog image.
+	$(MAKE) docker-push IMG=$(CATALOG_IMG)

PROJECT

@@ -0,0 +1,16 @@
+domain: ansible.com
+layout:
+- ansible.sdk.operatorframework.io/v1
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: awx-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWX
+  version: v1beta1
+version: "3"

ansible/build-and-push.yml

@@ -1,17 +0,0 @@
----
-- name: Build and Deploy the AWX Operator
-  hosts: localhost
-
-  collections:
-    - community.general
-
-  tasks:
-    - name: Build and (optionally) push operator image
-      docker_image:
-        name: "{{ operator_image }}:{{ operator_version }}"
-        pull: no
-        push: "{{ push_image | bool }}"
-        build:
-          dockerfile: "build/Dockerfile"
-          path: "../"
-        force: yes

ansible/chain-operator-files.yml

@@ -1,19 +0,0 @@
----
-# To run: `ansible-playbook chain-operator-files.yml`
-- name: Chain operator files together for easy deployment.
-  hosts: localhost
-  connection: local
-  gather_facts: false
-
-  tasks:
-    - name: Template CRD
-      template:
-        src: crd.yml.j2
-        dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml"
-        mode: '0644'
-
-    - name: Template awx-operator.yaml
-      template:
-        src: awx-operator.yaml.j2
-        dest: ../deploy/awx-operator.yaml
-        mode: '0644'

ansible/deploy-operator.yml

@@ -1,29 +0,0 @@
----
-- name: Reconstruct awx-operator.yaml
-  include: chain-operator-files.yml
-
-- name: Deploy Operator
-  hosts: localhost
-  vars:
-    k8s_namespace: "default"
-    obliterate: no
-
-  collections:
-    - community.kubernetes
-
-  tasks:
-    - name: Obliterate Operator
-      k8s:
-        state: absent
-        namespace: "{{ k8s_namespace }}"
-        src: "../deploy/awx-operator.yaml"
-        wait: yes
-      when: obliterate | bool
-
-    - name: Deploy Operator
-      k8s:
-        state: present
-        namespace: "{{ k8s_namespace }}"
-        apply: yes
-        wait: yes
-        src: "../deploy/awx-operator.yaml"

ansible/group_vars/all

@@ -1,3 +0,0 @@
-operator_image: quay.io/ansible/awx-operator
-operator_version: 0.7.0
-pull_policy: Always

ansible/instantiate-awx-deployment.yml

@@ -3,7 +3,7 @@
   hosts: localhost
 
   collections:
-    - community.kubernetes
+    - kubernetes.core
 
   tasks:
     - name: Deploy AWX
@@ -18,9 +18,14 @@
           metadata:
             name: awx
           spec:
-            tower_admin_user: test
-            tower_admin_email: test@example.com
-            tower_ingress_type: "{{ tower_ingress_type | default(omit) }}"  # Either Route, Ingress or LoadBalancer
-            tower_image: "{{ tower_image | default(omit) }}"
-            development_mode: "{{ development_mode | default(omit) }}"
-            tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}"
+            admin_user: admin
+            admin_email: admin@localhost
+            service_type: "{{ service_type | default(omit) }}"  # Either clusterIP, Loadbalancer or NodePort
+            ingress_type: "{{ ingress_type | default(omit) }}"  # Either none, Ingress, Route
+            image: "{{ image | default(omit) }}"
+            image_version: "{{ image_version | default(omit) }}"
+            development_mode: "{{ development_mode | default(omit) | bool }}"
+            image_pull_policy: "{{ image_pull_policy | default(omit) }}"
+            # ee_images:
+            #   - name: test-ee
+            #     image: quay.io/<user>/awx-ee

ansible/templates/awx-operator.yaml.j2

@@ -1,12 +0,0 @@
-#jinja2: trim_blocks:False
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
-{% include 'role.yml.j2' %}
-
-{% include 'role_binding.yml.j2' %}
-
-{% include 'service_account.yml.j2' %}
-
-{% include 'operator.yml.j2' %}
-
-{% include 'crd.yml.j2' %}

ansible/templates/crd.yml.j2

@@ -1,276 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_task_extra_volume_mounts:
-                  type: string
-                tower_web_extra_volume_mounts:
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object

ansible/templates/operator.yml.j2

@@ -1,44 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "{{ operator_image }}:{{ operator_version }}"
-          imagePullPolicy: "{{ pull_policy|default('Always') }}"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 5
-            periodSeconds: 3
-      volumes:
-        - name: runner
-          emptyDir: {}

awx-demo.yml

@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport

build/test-framework/Dockerfile

@@ -1,13 +0,0 @@
-ARG BASEIMAGE
-FROM ${BASEIMAGE}
-USER 0
-
-RUN yum install -y python-devel gcc libffi-devel
-RUN pip install molecule==3.0.6 jmespath
-
-ARG NAMESPACEDMAN
-ADD $NAMESPACEDMAN /namespaced.yaml
-ADD build/test-framework/ansible-test.sh /ansible-test.sh
-RUN chmod +x /ansible-test.sh
-USER 1001
-ADD . /opt/ansible/project

build/test-framework/ansible-test.sh

@@ -1,7 +0,0 @@
-#!/bin/sh
-export WATCH_NAMESPACE=${TEST_NAMESPACE}
-(/usr/local/bin/entrypoint)&
-trap "kill $!" SIGINT SIGTERM EXIT
-
-cd ${HOME}/project
-exec molecule test -s test-minikube

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -0,0 +1,492 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxs.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWX
+    listKind: AWXList
+    plural: awxs
+    singular: awx
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          description: Schema validation for the AWX CRD
+          properties:
+            spec:
+              properties:
+                deployment_type:
+                  description: Name of the deployment type
+                  type: string
+                kind:
+                  description: Kind of the deployment type
+                  type: string
+                api_version:
+                  description: apiVersion of the deployment type
+                  type: string
+                task_privileged:
+                  description: If a privileged security context should be enabled
+                  type: boolean
+                  default: false
+                admin_user:
+                  description: Username to use for the admin account
+                  type: string
+                  default: admin
+                hostname:
+                  description: The hostname of the instance
+                  type: string
+                admin_email:
+                  description: The admin user email
+                  type: string
+                admin_password_secret:
+                  description: Secret where the admin password can be found
+                  type: string
+                postgres_configuration_secret:
+                  description: Secret where the database configuration can be found
+                  type: string
+                old_postgres_configuration_secret:
+                  description: Secret where the old database configuration can be found for data migration
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for data migration
+                  type: string
+                secret_key_secret:
+                  description: Secret where the secret key can be found
+                  type: string
+                broadcast_websocket_secret:
+                  description: Secret where the broadcast websocket secret can be found
+                  type: string
+                extra_volumes:
+                  description: Specify extra volumes to add to the application pod
+                  type: string
+                service_annotations:
+                  description: Annotations to add to the service
+                  type: string
+                service_type:
+                  description: The service type to be used on the deployed instance
+                  type: string
+                  enum:
+                    - LoadBalancer
+                    - loadbalancer
+                    - ClusterIP
+                    - clusterip
+                    - NodePort
+                    - nodeport
+                ingress_type:
+                  description: The ingress type to use to reach the deployed instance
+                  type: string
+                  enum:
+                    - none
+                    - Ingress
+                    - ingress
+                    - Route
+                    - route
+                ingress_path:
+                  description: The ingress path used to reach the deployed service
+                  type: string
+                ingress_path_type:
+                  description: The ingress path type for the deployed service
+                  type: string
+                ingress_annotations:
+                  description: Annotations to add to the Ingress Controller
+                  type: string
+                ingress_tls_secret:
+                  description: Secret where the Ingress TLS secret can be found
+                  type: string
+                loadbalancer_protocol:
+                  description: Protocol to use for the loadbalancer
+                  type: string
+                  default: http
+                  enum:
+                    - http
+                    - https
+                loadbalancer_port:
+                  description: Port to use for the loadbalancer
+                  type: integer
+                  default: 80
+                route_host:
+                  description: The DNS to use to points to the instance
+                  type: string
+                route_tls_termination_mechanism:
+                  description: The secure TLS termination mechanism to use
+                  type: string
+                  default: Edge
+                  enum:
+                    - Edge
+                    - edge
+                    - Passthrough
+                    - passthrough
+                route_tls_secret:
+                  description: Secret where the TLS related credentials are stored
+                  type: string
+                nodeport_port:
+                  description: Port to use for the nodeport
+                  type: integer
+                  default: 30080
+                node_selector:
+                  description: nodeSelector for the pods
+                  type: string
+                topology_spread_constraints:
+                  description: topology rule(s) for the pods
+                  type: string
+                service_labels:
+                  description: Additional labels to apply to the service
+                  type: string
+                annotations:
+                  description: annotations for the pods
+                  type: string
+                tolerations:
+                  description: node tolerations for the pods
+                  type: string
+                image:
+                  description: Registry path to the application container to use
+                  type: string
+                image_version:
+                  description: Application container image version to use
+                  type: string
+                ee_images:
+                  description: Registry path to the Execution Environment container to use
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      name:
+                        type: string
+                      image:
+                        type: string
+                control_plane_ee_image:
+                  description: Registry path to the Execution Environment container image to use on control plane pods
+                  type: string
+                ee_pull_credentials_secret:
+                  description: Secret where pull credentials for registered ees can be found
+                  type: string
+                image_pull_policy:
+                  description: The image pull policy
+                  type: string
+                  default: IfNotPresent
+                  enum:
+                    - Always
+                    - always
+                    - Never
+                    - never
+                    - IfNotPresent
+                    - ifnotpresent
+                image_pull_secret:
+                  description: The image pull secret
+                  type: string
+                task_resource_requirements:
+                  description: Resource requirements for the task container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                web_resource_requirements:
+                  description: Resource requirements for the web container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                ee_resource_requirements:
+                  description: Resource requirements for the ee container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                postgres_init_container_resource_requirements:
+                  description: Resource requirements for the postgres init container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                service_account_annotations:
+                  description: ServiceAccount annotations
+                  type: string
+                replicas:
+                  description: Number of instance replicas
+                  type: integer
+                  default: 1
+                  format: int32
+                garbage_collect_secrets:
+                  description: Whether or not to remove secrets upon instance removal
+                  default: false
+                  type: boolean
+                create_preload_data:
+                  description: Whether or not to preload data upon instance creation
+                  default: true
+                  type: boolean
+                task_args:
+                  type: array
+                  items:
+                    type: string
+                task_command:
+                  type: array
+                  items:
+                    type: string
+                web_args:
+                  type: array
+                  items:
+                    type: string
+                web_command:
+                  type: array
+                  items:
+                    type: string
+                task_extra_env:
+                  type: string
+                web_extra_env:
+                  type: string
+                ee_extra_env:
+                  type: string
+                ee_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Execution container
+                  type: string
+                task_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Task container
+                  type: string
+                web_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the Web container
+                  type: string
+                redis_image:
+                  description: Registry path to the redis container to use
+                  type: string
+                redis_image_version:
+                  description: Redis container image version to use
+                  type: string
+                redis_capabilities:
+                  description: Redis container capabilities
+                  type: array
+                  items:
+                    type: string
+                init_container_image:
+                  description: Registry path to the init container to use
+                  type: string
+                init_container_image_version:
+                  description: Init container image version to use
+                  type: string
+                init_container_extra_commands:
+                  description: Extra commands for the init container
+                  type: string
+                init_container_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the init container
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+                postgres_selector:
+                  description: nodeSelector for the Postgres pods
+                  type: string
+                postgres_tolerations:
+                  description: node tolerations for the Postgres pods
+                  type: string
+                postgres_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                  type: object
+                postgres_resource_requirements:
+                  description: Resource requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        cpu:
+                          type: string
+                        memory:
+                          type: string
+                      type: object
+                  type: object
+                postgres_storage_class:
+                  description: Storage class to use for the PostgreSQL PVC
+                  type: string
+                postgres_data_path:
+                  description: Path where the PostgreSQL data are located
+                  type: string
+                postgres_extra_args:
+                  type: array
+                  items:
+                    type: string
+                ca_trust_bundle:
+                  description: Path where the trusted CA bundle is available
+                  type: string
+                development_mode:
+                  description: If the deployment should be done in development mode
+                  type: boolean
+                ldap_cacert_secret:
+                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
+                  type: string
+                bundle_cacert_secret:
+                  description: Secret where can be found the trusted Certificate Authority Bundle
+                  type: string
+                projects_persistence:
+                  description: Whether or not the /var/lib/projects directory will be persistent
+                  default: false
+                  type: boolean
+                projects_use_existing_claim:
+                  description: Using existing PersistentVolumeClaim
+                  type: string
+                  enum:
+                    - _Yes_
+                    - _No_
+                projects_existing_claim:
+                  description: PersistentVolumeClaim to mount /var/lib/projects directory
+                  type: string
+                projects_storage_class:
+                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
+                  type: string
+                projects_storage_size:
+                  description: Size for the /var/lib/projects PersistentVolumeClaim
+                  default: 8Gi
+                  type: string
+                projects_storage_access_mode:
+                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
+                  default: ReadWriteMany
+                  type: string
+                extra_settings:
+                  description: Extra settings to specify for the API
+                  items:
+                    properties:
+                      setting:
+                        type: string
+                      value:
+                        x-kubernetes-preserve-unknown-fields: true
+                    type: object
+                  type: array
+                security_context_settings:
+                  description: Key/values that will be set under the pod-level securityContext field
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+              type: object
+            status:
+              properties:
+                URL:
+                  description: URL to access the deployed instance
+                  type: string
+                adminUser:
+                  description: Admin user of the deployed instance
+                  type: string
+                adminPasswordSecret:
+                  description: Admin password secret name of the deployed instance
+                  type: string
+                postgresConfigurationSecret:
+                  description: Postgres Configuration secret name of the deployed instance
+                  type: string
+                broadcastWebsocketSecret:
+                  description: Broadcast websocket secret name of the deployed instance
+                  type: string
+                secretKeySecret:
+                  description: Secret key secret name of the deployed instance
+                  type: string
+                migratedFromSecret:
+                  description: The secret used for migrating an old instance.
+                  type: string
+                version:
+                  description: Version of the deployed instance
+                  type: string
+                image:
+                  description: URL of the image used for the deployed instance
+                  type: string
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      status:
+                        type: string
+                      type:
+                        type: string
+                      reason:
+                        type: string
+                      lastTransitionTime:
+                        type: string
+                    type: object
+                  type: array
+              type: object
+          type: object

config/crd/bases/awxbackup.ansible.com_awxbackups.yaml

@@ -0,0 +1,77 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+          description: Schema validation for the AWXBackup CRD
+          properties:
+            spec:
+              type: object
+              required:
+                - deployment_name
+              properties:
+                deployment_name:
+                  description: Name of the deployment to be backed up
+                  type: string
+                backup_pvc:
+                  description: Name of the PVC to be used for storing the backup
+                  type: string
+                backup_pvc_namespace:
+                  description: Namespace the PVC is in
+                  type: string
+                backup_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  type: string
+                backup_storage_class:
+                  description: Storage class to use when creating PVC for backup
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for backing up data
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+            status:
+              type: object
+              properties:
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      reason:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    type: object
+                  type: array
+                backupDirectory:
+                  description: Backup directory name on the specified pvc
+                  type: string
+                backupClaim:
+                  description: Backup persistent volume claim
+                  type: string

config/crd/bases/awxrestore.ansible.com_awxrestores.yaml

@@ -0,0 +1,78 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxrestores.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXRestore
+    listKind: AWXRestoreList
+    plural: awxrestores
+    singular: awxrestore
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+          description: Schema validation for the AWXRestore CRD
+          properties:
+            spec:
+              type: object
+              properties:
+                backup_source:
+                  description: Backup source
+                  type: string
+                  enum:
+                    - CR
+                    - PVC
+                deployment_name:
+                  description: Name of the deployment to be restored to
+                  type: string
+                backup_name:
+                  description: AWXBackup object name
+                  type: string
+                backup_pvc:
+                  description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
+                  type: string
+                backup_pvc_namespace:
+                  description: Namespace the PVC is in
+                  type: string
+                backup_dir:
+                  description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
+                  type: string
+                postgres_label_selector:
+                  description: Label selector used to identify postgres pod for backing up data
+                  type: string
+                postgres_image:
+                  description: Registry path to the PostgreSQL container to use
+                  type: string
+                postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+            status:
+              type: object
+              properties:
+                conditions:
+                  description: The resulting conditions when a Service Telemetry is instantiated
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      reason:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    type: object
+                  type: array
+                restoreComplete:
+                  description: Restore process complete
+                  type: boolean

config/crd/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+  - bases/awx.ansible.com_awxs.yaml
+  - bases/awxbackup.ansible.com_awxbackups.yaml
+  - bases/awxrestore.ansible.com_awxrestores.yaml
+# +kubebuilder:scaffold:crdkustomizeresource

config/default/kustomization.yaml

@@ -0,0 +1,24 @@
+# Adds namespace to all resources.
+namespace: awx
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: awx-operator-
+# Labels to add to all resources and selectors.
+# commonLabels:
+#   someName: someValue
+  # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+  # - ../prometheus
+  # Protect the /metrics endpoint by putting it behind auth.
+  # If you want your controller-manager to expose the /metrics
+  # endpoint w/o any authn/z, please comment the following line.
+patchesStrategicMerge:
+- manager_auth_proxy_patch.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../crd
+- ../rbac
+- ../manager

config/default/manager_auth_proxy_patch.yaml

@@ -0,0 +1,29 @@
+---
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: kube-rbac-proxy
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+          args:
+            - "--secure-listen-address=0.0.0.0:8443"
+            - "--upstream=http://127.0.0.1:8080/"
+            - "--logtostderr=true"
+            - "--v=10"
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+              name: https
+        - name: awx-manager
+          args:
+            - "--health-probe-bind-address=:6789"
+            - "--metrics-bind-address=127.0.0.1:8080"
+            - "--leader-elect"
+            - "--leader-election-id=awx-operator"

config/default/manager_config_patch.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          args:
+            - "--config=controller_manager_config.yaml"
+          volumeMounts:
+            - name: awx-manager-config
+              mountPath: /controller_manager_config.yaml
+              subPath: controller_manager_config.yaml
+      volumes:
+        - name: awx-manager-config
+          configMap:
+            name: awx-manager-config

config/manager/controller_manager_config.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: controller-runtime.sigs.k8s.io/v1beta1
+kind: ControllerManagerConfig
+health:
+  healthProbeBindAddress: :6789
+metrics:
+  bindAddress: 127.0.0.1:8080
+leaderElection:
+  leaderElect: true
+  resourceName: 811c9dc5.ansible.com

config/manager/kustomization.yaml

@@ -0,0 +1,14 @@
+resources:
+- manager.yaml
+generatorOptions:
+  disableNameSuffixHash: true
+configMapGenerator:
+- files:
+  - controller_manager_config.yaml
+  name: awx-manager-config
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: quay.io/ansible/awx-operator
+  newTag: latest

config/manager/manager.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        control-plane: controller-manager
+    spec:
+      securityContext:
+        runAsNonRoot: true
+      containers:
+        - args:
+            - --leader-elect
+            - --leader-election-id=awx-operator
+          image: controller:latest
+          name: awx-manager
+          env:
+            - name: ANSIBLE_GATHERING
+              value: explicit
+            - name: ANSIBLE_DEBUG_LOGS
+              value: 'false'
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 6789
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 6789
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      serviceAccountName: controller-manager
+      terminationGracePeriodSeconds: 10

config/manifests/bases/awx-operator.clusterserviceversion.yaml

@@ -0,0 +1,40 @@
+apiVersion: operators.coreos.com/v1beta1
+kind: ClusterServiceVersion
+metadata:
+  annotations:
+    alm-examples: '[]'
+    capabilities: Basic Install
+  name: awx-operator.v0.0.0
+  namespace: placeholder
+spec:
+  apiservicedefinitions: {}
+  customresourcedefinitions: {}
+  description: An operator for the AWX Project
+  displayName: AWX
+  icon:
+  - base64data: ""
+    mediatype: ""
+  install:
+    spec:
+      deployments: null
+    strategy: ""
+  installModes:
+  - supported: true
+    type: OwnNamespace
+  - supported: true
+    type: SingleNamespace
+  - supported: true
+    type: MultiNamespace
+  - supported: false
+    type: AllNamespaces
+  keywords:
+  - automation
+  - ansible
+  links:
+  - name: Awx Operator
+    url: https://awx-operator.domain
+  maturity: alpha
+  provider:
+    name: Ansible
+    url: github.com/ansible/awx-operator
+  version: 0.0.0

config/manifests/bases/inject-csv-config.py

@@ -0,0 +1,24 @@
+'''
+After generating the CSV file, inject custom configuration such as
+OLM parameters, relatedImages, etc.
+'''
+
+import yaml
+
+csv_path = "../../../bundle/manifests/awx-operator.clusterserviceversion.yaml"
+existing_csv = open(csv_path, 'r')
+csv = yaml.safe_load(existing_csv)
+
+
+raw_olm_params = open("olm-parameters.yaml")
+olm_params = yaml.safe_load(raw_olm_params)
+
+# Inject OLM parameters for Customer Resource Objects
+csv['spec']['customresourcedefinitions']['owned'] = olm_params
+
+csv['metadata']['annotations']['alm-examples'] = ''
+
+file_content = yaml.safe_dump(csv, default_flow_style=False, explicit_start=True)
+
+with open(csv_path, 'w') as f:
+    f.write(file_content)

config/manifests/bases/olm-parameters.yaml

@@ -0,0 +1,612 @@
+---
+- displayName: AWX Backup
+  description: Back up a deployment of the awx, including jobs, inventories, and credentials
+  kind: AWXBackup
+  name: awxbackups.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+  - displayName: Deployment name
+    path: deployment_name
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+  - displayName: Backup persistent volume claim
+    path: backup_pvc
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup persistent volume claim namespace
+    path: backup_pvc_namespace
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup PVC storage requirements
+    path: backup_storage_requirements
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Backup PVC storage class
+    path: backup_storage_class
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:text
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+  - displayName: Database backup label selector
+    path: postgres_label_selector
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  - displayName: PostgreSQL Image
+    path: postgres_image
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  - displayName: PostgreSQL Image Version
+    path: postgres_image_version
+    x-descriptors:
+      - urn:alm:descriptor:com.tectonic.ui:advanced
+      - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: The persistent volume claim name used during backup
+      displayName: Backup claim
+      path: backupClaim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: The directory data is backed up to on the PVC
+      displayName: Backup directory
+      path: backupDirectory
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+- displayName: AWX Restore
+  description: Restore a previous awx deployment into the namespace
+  kind: AWXRestore
+  name: awxrestores.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+    - displayName: Backup source to restore ?
+      path: backup_source
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:select:CR
+        - urn:alm:descriptor:com.tectonic.ui:select:PVC
+    - displayName: Backup name
+      path: backup_name
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:CR
+    - displayName: Name of newly restored deployment
+      path: deployment_name
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Backup persistent volume claim
+      path: backup_pvc
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
+    - displayName: Backup namespace
+      path: backup_pvc_namespace
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Backup directory in the persistent volume claim
+      path: backup_dir
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:backup_source:PVC
+    - displayName: Database restore label selector
+      path: postgres_label_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image
+      path: postgres_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image Version
+      path: postgres_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: The state of the restore
+      displayName: Restore status
+      path: restoreComplete
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+- description: Deploy a new instance of AWX
+  displayName: AWX
+  kind: AWX
+  name: awxs.awx.ansible.com
+  version: v1beta1
+  specDescriptors:
+    - displayName: Hostname
+      path: hostname
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin account username
+      path: admin_user
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin email address
+      path: admin_email
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Admin password secret
+      path: admin_password_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Database configuration secret
+      path: postgres_configuration_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Old Database configuration secret
+      path: old_postgres_configuration_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Secret key secret
+      path: secret_key_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Broadcast Websocket Secret
+      path: broadcast_websocket_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Service Account Annotations
+      path: service_account_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Tower Service Type
+      path: service_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:ClusterIP
+        - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
+        - urn:alm:descriptor:com.tectonic.ui:select:NodePort
+    - displayName: Tower Ingress Type
+      path: ingress_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:none
+        - urn:alm:descriptor:com.tectonic.ui:select:Ingress
+        - urn:alm:descriptor:com.tectonic.ui:select:Route
+    - displayName: Ingress Path
+      path: ingress_path
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Ingress Path Type
+      path: ingress_path_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower Ingress Annotations
+      path: ingress_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower Ingress TLS Secret
+      path: ingress_tls_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Ingress
+    - displayName: Tower LoadBalancer Annotations
+      path: service_annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Tower LoadBalancer Protocol
+      path: loadbalancer_protocol
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:http
+        - urn:alm:descriptor:com.tectonic.ui:select:https
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Tower LoadBalancer Port
+      path: loadbalancer_port
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:number
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:service_type:LoadBalancer
+    - displayName: Route DNS host
+      path: route_host
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Route TLS termination mechanism
+      path: route_tls_termination_mechanism
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:Edge
+        - urn:alm:descriptor:com.tectonic.ui:select:Passthrough
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Route TLS credential secret
+      path: route_tls_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route
+    - displayName: Image Pull Policy
+      path: image_pull_policy
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
+    - displayName: Image Pull Secret
+      path: image_pull_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Web container resource requirements
+      path: web_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: Task container resource requirements
+      path: task_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: EE Control Plane container resource requirements
+      path: ee_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL init container resource requirements (when using a managed instance)
+      path: postgres_init_container_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL container resource requirements (when using a managed instance)
+      path: postgres_resource_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: PostgreSQL container storage requirements (when using a managed instance)
+      path: postgres_storage_requirements
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+    - displayName: Replicas
+      path: replicas
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:number
+    - displayName: Remove used secrets on instance removal ?
+      path: garbage_collect_secrets
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Preload instance with data upon creation ?
+      path: create_preload_data
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Deploy the instance in development mode ?
+      path: development_mode
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Should the task container deployed with privileged level ?
+      path: task_privileged
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment Type
+      path: deployment_type
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment Kind
+      path: kind
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Deployment apiVersion
+      path: api_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Image
+      path: image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Image Version
+      path: image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Image
+      path: redis_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Image Version
+      path: redis_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Redis Capabilities
+      path: redis_capabilities
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image
+      path: postgres_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: PostgreSQL Image Version
+      path: postgres_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Selector
+      path: postgres_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Label Selector
+      path: postgres_label_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Tolerations
+      path: postgres_tolerations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Storage Class
+      path: postgres_storage_class
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Datapath
+      path: postgres_data_path
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Postgres Extra Arguments
+      path: postgres_extra_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Certificate Authorirty Trust Bundle
+      path: ca_trust_bundle
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: LDAP Certificate Authority Trust Bundle
+      path: ldap_cacert_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Task Args
+      path: task_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Enable persistence for /var/lib/projects directory?
+      path: projects_persistence
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+    - displayName: Use existing Persistent Claim?
+      path: projects_use_existing_claim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:select:_Yes_
+        - urn:alm:descriptor:com.tectonic.ui:select:_No_
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_persistence:true
+    - displayName: Projects Existing Persistent Claim
+      path: projects_existing_claim
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_Yes_
+        - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
+    - description: Projects Storage Class Name. If not present, the default storage
+        class will be used.
+      displayName: Projects Storage Class Name
+      path: projects_storage_class
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Projects Storage Size
+      displayName: Projects Storage Size
+      path: projects_storage_size
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Projects Storage Access Mode
+      displayName: Projects Storage Access Mode
+      path: projects_storage_access_mode
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:projects_use_existing_claim:_No_
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - displayName: Task Command
+      path: task_command
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to Task container
+      displayName: Task Extra Env
+      path: task_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Execution container
+      displayName: EE Extra Volume Mounts
+      path: ee_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the Execution Environment container to use
+      displayName: EE Images
+      path: ee_images
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to EE container
+      displayName: EE Extra Env
+      path: ee_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the Execution Environment container to use on
+        control plane pods
+      displayName: Control Plane EE Image
+      path: control_plane_ee_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: EE Images Pull Credentials Secret
+      displayName: EE Images Pull Credentials Secret
+      path: ee_pull_credentials_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - description: Specify volume mounts to be added to Task container
+      displayName: Task Extra Volume Mounts
+      path: task_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Web Args
+      path: web_args
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Web Command
+      path: web_command
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Environment variables to be added to Web container
+      displayName: Web Extra Env
+      path: web_extra_env
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Web container
+      displayName: Web Extra Volume Mounts
+      path: web_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify extra volumes to add to the application pod
+      displayName: Extra Volumes
+      path: extra_volumes
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Node Selector
+      path: node_selector
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Topology Spread Constraints
+      path: topology_spread_constraints
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Service Labels
+      path: service_labels
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:text
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Annotations
+      path: annotations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Tolerations
+      path: tolerations
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: API Extra Settings
+      path: extra_settings
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - displayName: Security Context Settings
+      path: security_context_settings
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Registry path to the init container to use
+      displayName: Init Container Image
+      path: init_container_image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Init container image version to use
+      displayName: Init Container Image Version
+      path: init_container_image_version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify Extra commands for the Init container
+      displayName: Init Container Extra Commands
+      path: init_container_extra_commands
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Specify volume mounts to be added to Init container
+      displayName: Init Container Extra Volume Mounts
+      path: init_container_extra_volume_mounts
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+    - description: Secret where can be found the trusted Certificate Authority Bundle
+      path: bundle_cacert_secret
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - displayName: Nodeport Port
+      path: nodeport_port
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+  statusDescriptors:
+    - description: Route to access the instance deployed
+      displayName: URL
+      path: URL
+      x-descriptors:
+        - urn:alm:descriptor:org.w3:link
+    - description: Admin user for the instance deployed
+      displayName: Admin User
+      path: adminUser
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Admin password for the instance deployed
+      displayName: Admin Password
+      path: adminPasswordSecret
+      x-descriptors:
+        - urn:alm:descriptor:io.kubernetes:Secret
+    - description: Version of the instance deployed
+      displayName: Version
+      path: version
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text
+    - description: Image of the instance deployed
+      displayName: Image
+      path: image
+      x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:text

config/manifests/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+# These resources constitute the fully configured set of manifests
+# used to generate the 'manifests/' directory in a bundle.
+resources:
+  - bases/awx-operator.clusterserviceversion.yaml
+  - ../default
+  - ../samples
+  - ../scorecard

config/prometheus/kustomization.yaml

@@ -0,0 +1,3 @@
+---
+resources:
+  - monitor.yaml

config/prometheus/monitor.yaml

@@ -0,0 +1,20 @@
+---
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - path: /metrics
+      port: https
+      scheme: https
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: controller-manager

config/rbac/auth_proxy_client_clusterrole.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+  - nonResourceURLs:
+      - "/metrics"
+    verbs:
+      - get

config/rbac/auth_proxy_role.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create

config/rbac/auth_proxy_role_binding.yaml

@@ -1,13 +1,13 @@
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: awx-operator
+  name: proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
 subjects:
   - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
+    name: controller-manager
+    namespace: system

config/rbac/auth_proxy_service.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: https
+  selector:
+    control-plane: controller-manager

config/rbac/awx_editor_role.yaml

@@ -0,0 +1,25 @@
+---
+# permissions for end users to edit awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-editor-role
+rules:
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs/status
+    verbs:
+      - get

config/rbac/awx_viewer_role.yaml

@@ -0,0 +1,21 @@
+---
+# permissions for end users to view awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-viewer-role
+rules:
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - awx.ansible.com
+    resources:
+      - awxs/status
+    verbs:
+      - get

config/rbac/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+resources:
+  # All RBAC will be applied under this service account in
+  # the deployment namespace. You may comment out this resource
+  # if your manager will use a service account that exists at
+  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
+  # subjects if changing service account names.
+  - service_account.yaml
+  - role.yaml
+  - role_binding.yaml
+  - leader_election_role.yaml
+  - leader_election_role_binding.yaml
+  # Comment the following 4 lines if you want to disable
+  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+  # which protects your /metrics endpoint.
+  - auth_proxy_service.yaml
+  - auth_proxy_role.yaml
+  - auth_proxy_role_binding.yaml
+  - auth_proxy_client_clusterrole.yaml

config/rbac/leader_election_role.yaml

@@ -0,0 +1,38 @@
+---
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

config/rbac/leader_election_role_binding.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager
+    namespace: system

config/rbac/role.yaml

@@ -1,9 +1,9 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   creationTimestamp: null
-  name: awx-operator
+  name: awx-manager-role
 rules:
   - apiGroups:
       - route.openshift.io
@@ -11,7 +11,13 @@ rules:
       - routes
       - routes/custom-host
     verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
   - apiGroups:
       - ""
       - "rbac.authorization.k8s.io"
@@ -28,10 +34,16 @@ rules:
       - roles
       - rolebindings
     verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
   - apiGroups:
       - apps
-      - extensions
+      - networking.k8s.io
     resources:
       - deployments
       - daemonsets
@@ -39,7 +51,13 @@ rules:
       - statefulsets
       - ingresses
     verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
   - apiGroups:
       - monitoring.coreos.com
     resources:
@@ -59,12 +77,15 @@ rules:
       - apps
     resources:
       - deployments/scale
+      - statefulsets/scale
     verbs:
       - patch
   - apiGroups:
       - ""
     resources:
       - pods/exec
+      - pods/attach
+      - pods/log  # log & attach rules needed to be able to grant them to AWX service account
     verbs:
       - create
       - get
@@ -74,9 +95,12 @@ rules:
       - replicasets
     verbs:
       - get
+      - create
   - apiGroups:
       - awx.ansible.com
     resources:
       - '*'
+      - awxbackups
+      - awxrestores
     verbs:
       - '*'

config/rbac/role_binding.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: awx-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: awx-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager

config/rbac/service_account.yaml

@@ -2,5 +2,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: awx-operator
-  namespace: default
+  name: controller-manager
+  namespace: system

config/samples/awx_v1beta1_awx.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: example-awx
+spec:
+  web_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  task_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 200m
+      memory: 64M

config/samples/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+## Append samples you want in your CSV to this file as resources ##
+resources:
+  - awx_v1beta1_awx.yaml
+# +kubebuilder:scaffold:manifestskustomizesamples

config/scorecard/bases/config.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: scorecard.operatorframework.io/v1alpha3
+kind: Configuration
+metadata:
+  name: config
+stages:
+  - parallel: true
+    tests: []

config/scorecard/kustomization.yaml

@@ -0,0 +1,17 @@
+---
+resources:
+  - bases/config.yaml
+patchesJson6902:
+  - path: patches/basic.config.yaml
+    target:
+      group: scorecard.operatorframework.io
+      version: v1alpha3
+      kind: Configuration
+      name: config
+  - path: patches/olm.config.yaml
+    target:
+      group: scorecard.operatorframework.io
+      version: v1alpha3
+      kind: Configuration
+      name: config
+# +kubebuilder:scaffold:patchesJson6902

config/scorecard/patches/basic.config.yaml

@@ -0,0 +1,11 @@
+---
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: basic
+      test: basic-check-spec-test

config/scorecard/patches/olm.config.yaml

@@ -0,0 +1,51 @@
+---
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-bundle-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-crds-have-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-crds-have-resources-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-spec-descriptors-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+      - scorecard-test
+      - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.12.0
+    labels:
+      suite: olm
+      test: olm-status-descriptors-test

config/testing/debug_logs_patch.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          env:
+            - name: ANSIBLE_DEBUG_LOGS
+              value: "TRUE"

config/testing/kustomization.yaml

@@ -0,0 +1,21 @@
+# Adds namespace to all resources.
+namespace: osdk-test
+namePrefix: osdk-
+# Labels to add to all resources and selectors.
+# commonLabels:
+#   someName: someValue
+patchesStrategicMerge:
+- manager_image.yaml
+- debug_logs_patch.yaml
+- ../default/manager_auth_proxy_patch.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../crd
+- ../rbac
+- ../manager
+images:
+- name: testing
+  newName: testing-operator
+patches:
+- path: pull_policy/Never.yaml

config/testing/manager_image.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          image: testing

config/testing/pull_policy/Always.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Always

config/testing/pull_policy/IfNotPresent.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: IfNotPresent

config/testing/pull_policy/Never.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Never

deploy/awx-operator.yaml

@@ -1,427 +0,0 @@
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: awx-operator
-rules:
-  - apiGroups:
-      - route.openshift.io
-    resources:
-      - routes
-      - routes/custom-host
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-      - "rbac.authorization.k8s.io"
-    resources:
-      - pods
-      - services
-      - services/finalizers
-      - serviceaccounts
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-      - roles
-      - rolebindings
-    verbs:
-      - '*'
-  - apiGroups:
-      - apps
-      - extensions
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-      - ingresses
-    verbs:
-      - '*'
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - create
-  - apiGroups:
-      - apps
-    resourceNames:
-      - awx-operator
-    resources:
-      - deployments/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - apps
-    resources:
-      - deployments/scale
-    verbs:
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - replicasets
-    verbs:
-      - get
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - '*'
-    verbs:
-      - '*'
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: awx-operator
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: default
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "quay.io/ansible/awx-operator:0.7.0"
-          imagePullPolicy: "Always"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 5
-            periodSeconds: 3
-      volumes:
-        - name: runner
-          emptyDir: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_task_extra_volume_mounts:
-                  type: string
-                tower_web_extra_volume_mounts:
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object

deploy/crds/awx_v1beta1_cr.yaml

@@ -1,24 +0,0 @@
----
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: example-awx
-  namespace: example-awx
-spec:
-  tower_ingress_type: none
-  tower_task_privileged: false
-
-  tower_hostname: example-awx.test
-
-  tower_admin_user: test
-  tower_admin_email: test@example.com
-
-  tower_image: quay.io/ansible/awx:18.0.0
-
-  tower_create_preload_data: true
-
-  tower_memcached_image: memcached:alpine
-
-  tower_redis_image: redis:latest
-
-  tower_postgres_storage_class: ''

deploy/crds/awx_v1beta1_crd.yaml

@@ -1,276 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_task_extra_volume_mounts:
-                  type: string
-                tower_web_extra_volume_mounts:
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object

deploy/crds/awx_v1beta1_molecule.yaml

@@ -1,34 +0,0 @@
----
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: example-awx
-  namespace: example-awx
-spec:
-  deployment_type: awx
-  tower_ingress_type: ingress
-  tower_task_privileged: false
-
-  tower_admin_email: test@example.com
-
-  tower_image: quay.io/ansible/awx:18.0.0
-
-  tower_web_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 128M
-
-  tower_task_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 128M
-
-  tower_create_preload_data: true
-
-  tower_memcached_image: memcached:alpine
-
-  tower_redis_image: redis:latest
-
-  tower_postgres_pass: awxpass
-  tower_postgres_image: postgres:12
-  tower_postgres_storage_class: ''

deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml

@@ -1,402 +0,0 @@
-apiVersion: operators.coreos.com/v1alpha1
-kind: ClusterServiceVersion
-metadata:
-  annotations:
-    alm-examples: |-
-      [
-        {
-          "apiVersion": "awx.ansible.com/v1beta1",
-          "kind": "AWX",
-          "metadata": {
-            "name": "example-awx",
-            "namespace": "example-awx"
-          },
-          "spec": {
-            "tower_admin_email": "test@example.com",
-            "tower_admin_user": "test",
-            "tower_broadcast_websocket_secret": "changeme",
-            "tower_create_preload_data": true,
-            "tower_hostname": "example-awx.test",
-            "tower_image": "quay.io/ansible/awx:18.0.0",
-            "tower_ingress_type": "none",
-            "tower_memcached_image": "memcached:alpine",
-            "tower_postgres_storage_class": "",
-            "tower_redis_image": "redis:latest",
-            "tower_task_privileged": false
-          }
-        },
-        {
-          "apiVersion": "awx.ansible.com/v1beta1",
-          "kind": "AWX",
-          "metadata": {
-            "name": "example-awx",
-            "namespace": "example-awx"
-          },
-          "spec": {
-            "deployment_type": "awx",
-            "tower_admin_email": "test@example.com",
-            "tower_broadcast_websocket_secret": "changeme",
-            "tower_create_preload_data": true,
-            "tower_image": "quay.io/ansible/awx:18.0.0",
-            "tower_ingress_type": "ingress",
-            "tower_memcached_image": "memcached:alpine",
-            "tower_postgres_image": "postgres:12",
-            "tower_postgres_pass": "awxpass",
-            "tower_postgres_storage_class": "",
-            "tower_redis_image": "redis:latest",
-            "tower_task_privileged": false,
-            "tower_task_resource_requirements": {
-              "requests": {
-                "cpu": "500m",
-                "memory": "128M"
-              }
-            },
-            "tower_web_resource_requirements": {
-              "requests": {
-                "cpu": "500m",
-                "memory": "128M"
-              }
-            }
-          }
-        }
-      ]
-    capabilities: Basic Install
-    operators.operatorframework.io/builder: operator-sdk-v0.19.4
-    operators.operatorframework.io/project_layout: ansible
-  name: awx-operator.v0.0.1
-  namespace: placeholder
-spec:
-  apiservicedefinitions: {}
-  customresourcedefinitions:
-    owned:
-    - description: A AWX Instance
-      kind: AWX
-      displayName: AWX
-      name: awxs.awx.ansible.com
-      specDescriptors:
-      - displayName: Hostname
-        path: tower_hostname
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Admin account username
-        path: tower_admin_user
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Admin email address
-        path: tower_admin_email
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Admin password secret
-        path: tower_admin_password_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Database configuration secret
-        path: tower_postgres_configuration_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-        path: tower_old_postgres_configuration_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Secret key secret
-        path: tower_secret_key_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Broadcast Websocket Secret
-        path: tower_broadcast_websocket_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Ingress Type
-        path: tower_ingress_type
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:none
-        - urn:alm:descriptor:com.tectonic.ui:select:Ingress
-        - urn:alm:descriptor:com.tectonic.ui:select:Route
-        - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
-      - displayName: Tower Ingress Annotations
-        path: tower_ingress_annotations
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress
-      - displayName: Tower Ingress TLS Secret
-        path: tower_ingress_tls_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress
-      - displayName: Tower LoadBalancer Annotations
-        path: tower_loadbalancer_annotations
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
-      - displayName: Tower LoadBalancer Protocol
-        path: tower_loadbalancer_protocol
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:http
-        - urn:alm:descriptor:com.tectonic.ui:select:https
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
-      - displayName: Tower LoadBalancer Port
-        path: tower_loadbalancer_port
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:number
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
-      - displayName: Route DNS host
-        path: tower_route_host
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
-      - displayName: Route TLS termination mechanism
-        path: tower_route_tls_termination_mechanism
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:Edge
-        - urn:alm:descriptor:com.tectonic.ui:select:Passthrough
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
-      - displayName: Route TLS credential secret
-        path: tower_route_tls_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
-      - displayName: Image Pull Policy
-        path: tower_image_pull_policy
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
-      - displayName: Web container resource requirements
-        path: tower_web_resource_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: Task container resource requirements
-        path: tower_task_resource_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: PostgreSQL container resource requirements (when using a managed
-          instance)
-        path: tower_postgres_resource_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: Replicas
-        path: tower_replicas
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:number
-      - displayName: Remove used secrets on instance removal ?
-        path: tower_garbage_collect_secrets
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Preload instance with data upon creation ?
-        path: tower_create_preload_data
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Deployment Type
-        path: deployment_type
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Image
-        path: tower_image
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Postgres Storage Class
-        path: tower_postgres_storage_class
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Certificate Authorirty Trust Bundle
-        path: ca_trust_bundle
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      statusDescriptors:
-      - description: Route to access the instance deployed
-        displayName: URL
-        path: towerURL
-        x-descriptors:
-        - urn:alm:descriptor:org.w3:link
-      - description: Admin user for the instance deployed
-        displayName: Admin User
-        path: towerAdminUser
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - description: Admin password for the instance deployed
-        displayName: Admin Password
-        path: towerAdminPasswordSecret
-        x-descriptors:
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - description: Version of the instance deployed
-        displayName: Version
-        path: towerVersion
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - description: Image of the instance deployed
-        displayName: Image
-        path: towerImage
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:text
-      version: v1beta1
-  description: AWX operator
-  displayName: AWX
-  icon:
-  - base64data: ""
-    mediatype: ""
-  install:
-    spec:
-      clusterPermissions:
-      - rules:
-        - apiGroups:
-          - route.openshift.io
-          resources:
-          - routes
-          - routes/custom-host
-          verbs:
-          - '*'
-        - apiGroups:
-          - ""
-          - rbac.authorization.k8s.io
-          resources:
-          - pods
-          - services
-          - services/finalizers
-          - serviceaccounts
-          - endpoints
-          - persistentvolumeclaims
-          - events
-          - configmaps
-          - secrets
-          - roles
-          - rolebindings
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps
-          - extensions
-          resources:
-          - deployments
-          - daemonsets
-          - replicasets
-          - statefulsets
-          - ingresses
-          verbs:
-          - '*'
-        - apiGroups:
-          - monitoring.coreos.com
-          resources:
-          - servicemonitors
-          verbs:
-          - get
-          - create
-        - apiGroups:
-          - apps
-          resourceNames:
-          - awx-operator
-          resources:
-          - deployments/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - ""
-          resources:
-          - pods/exec
-          verbs:
-          - create
-          - get
-        - apiGroups:
-          - apps
-          resources:
-          - replicasets
-          verbs:
-          - get
-        - apiGroups:
-          - awx.ansible.com
-          resources:
-          - '*'
-          verbs:
-          - '*'
-        serviceAccountName: awx-operator
-      deployments:
-      - name: awx-operator
-        spec:
-          replicas: 1
-          selector:
-            matchLabels:
-              name: awx-operator
-          strategy: {}
-          template:
-            metadata:
-              labels:
-                name: awx-operator
-            spec:
-              containers:
-              - env:
-                - name: WATCH_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.annotations['olm.targetNamespaces']
-                - name: POD_NAME
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.name
-                - name: OPERATOR_NAME
-                  value: awx-operator
-                - name: ANSIBLE_GATHERING
-                  value: explicit
-                image: quay.io/ansible/awx-operator:0.6.0
-                imagePullPolicy: Always
-                livenessProbe:
-                  httpGet:
-                    path: /healthz
-                    port: 6789
-                  initialDelaySeconds: 5
-                  periodSeconds: 3
-                name: awx-operator
-                resources: {}
-                volumeMounts:
-                - mountPath: /tmp/ansible-operator/runner
-                  name: runner
-              serviceAccountName: awx-operator
-              volumes:
-              - emptyDir: {}
-                name: runner
-    strategy: deployment
-  installModes:
-  - supported: true
-    type: OwnNamespace
-  - supported: true
-    type: SingleNamespace
-  - supported: false
-    type: MultiNamespace
-  - supported: true
-    type: AllNamespaces
-  keywords:
-  - awx
-  links:
-  - name: Awx Operator
-    url: https://github.com/ansible/awx-operator
-  maintainers:
-  - email: yguenane@redhat.com
-    name: Yanis Guenane
-  maturity: alpha
-  provider:
-    name: AWX Community
-    url: https://github.com/ansible/awx-operator
-  version: 0.0.1

deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml

@@ -1,280 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  creationTimestamp: null
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Schema validation for the AWX CRD
-        properties:
-          spec:
-            properties:
-              ca_trust_bundle:
-                description: Path where the trusted CA bundle is available
-                type: string
-              deployment_type:
-                description: Name of the deployment type
-                type: string
-              development_mode:
-                description: If the deployment should be done in development mode
-                type: boolean
-              tower_admin_email:
-                description: The admin user email
-                type: string
-              tower_admin_password_secret:
-                description: Secret where the admin password can be found
-                type: string
-              tower_admin_user:
-                description: Username to use for the admin account
-                type: string
-              tower_broadcast_websocket_secret:
-                description: Secret where the broadcast websocket secret can be found
-                type: string
-              tower_create_preload_data:
-                default: true
-                description: Whether or not to preload data upon Tower instance creation
-                type: boolean
-              tower_extra_volumes:
-                description: Specify extra volumes to add to the application pod
-                type: string
-              tower_garbage_collect_secrets:
-                default: false
-                description: Whether or not to remove secrets upon instance removal
-                type: boolean
-              tower_hostname:
-                description: The hostname of the instance
-                type: string
-              tower_image:
-                description: Registry path to the application container to use
-                type: string
-              tower_image_pull_policy:
-                default: IfNotPresent
-                description: The image pull policy
-                enum:
-                - Always
-                - always
-                - Never
-                - never
-                - IfNotPresent
-                - ifnotpresent
-                type: string
-              tower_ingress_annotations:
-                description: Annotations to add to the ingress
-                type: string
-              tower_ingress_tls_secret:
-                description: Secret where the ingress TLS secret can be found
-                type: string
-              tower_ingress_type:
-                description: The ingress type to use to reach the deployed instance
-                enum:
-                - none
-                - Ingress
-                - ingress
-                - Route
-                - route
-                - LoadBalancer
-                - loadbalancer
-                type: string
-              tower_loadbalancer_annotations:
-                description: Annotations to add to the loadbalancer
-                type: string
-              tower_loadbalancer_protocol:
-                description: Protocol to use for the loadbalancer
-                type: string
-                default: http
-                enum:
-                  - http
-                  - https
-              tower_loadbalancer_port:
-                description: Port to use for the loadbalancer
-                type: number
-                default: 80
-              tower_postgres_configuration_secret:
-                description: Secret where the database configuration can be found
-                type: string
-              tower_old_postgres_configuration_secret:
-                description: Secret where the old database configuration can be found for data migration
-                type: string
-              tower_postgres_data_path:
-                description: Path where the PostgreSQL data are located
-                type: string
-              tower_postgres_image:
-                description: Registry path to the PostgreSQL container to use
-                type: string
-              tower_postgres_resource_requirements:
-                description: Resource requirements for the PostgreSQL container
-                properties:
-                  limits:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                  requests:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                type: object
-              tower_postgres_storage_class:
-                description: Storage class to use for the PostgreSQL PVC
-                type: string
-              tower_redis_image:
-                description: Registry path to the redis container to use
-                type: string
-              tower_replicas:
-                default: 1
-                description: Number of instance replicas
-                format: int32
-                type: integer
-              tower_route_host:
-                description: The DNS to use to points to the instance
-                type: string
-              tower_route_tls_secret:
-                description: Secret where the TLS related credentials are stored
-                type: string
-              tower_route_tls_termination_mechanism:
-                default: Edge
-                description: The secure TLS termination mechanism to use
-                enum:
-                - Edge
-                - edge
-                - Passthrough
-                - passthrough
-                type: string
-              tower_secret_key_secret:
-                description: Secret where the secret key can be found
-                type: string
-              tower_task_args:
-                items:
-                  type: string
-                type: array
-              tower_task_command:
-                items:
-                  type: string
-                type: array
-              tower_task_extra_env:
-                type: string
-              tower_task_extra_volume_mounts:
-                type: string
-              tower_task_privileged:
-                description: If a privileged security context should be enabled
-                type: boolean
-              tower_task_resource_requirements:
-                description: Resource requirements for the task container
-                properties:
-                  limits:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                  requests:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                type: object
-              tower_web_args:
-                items:
-                  type: string
-                type: array
-              tower_web_command:
-                items:
-                  type: string
-                type: array
-              tower_web_extra_env:
-                type: string
-              tower_web_extra_volume_mounts:
-                type: string
-              tower_web_resource_requirements:
-                description: Resource requirements for the web container
-                properties:
-                  limits:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                  requests:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                type: object
-            type: object
-          status:
-            properties:
-              conditions:
-                description: The resulting conditions when a Service Telemetry is
-                  instantiated
-                items:
-                  properties:
-                    lastTransitionTime:
-                      type: string
-                    reason:
-                      type: string
-                    status:
-                      type: string
-                    type:
-                      type: string
-                  type: object
-                type: array
-              towerAdminPasswordSecret:
-                description: Admin password of the deployed instance
-                type: string
-              towerAdminUser:
-                description: Admin user of the deployed instance
-                type: string
-              towerImage:
-                description: URL of the image used for the deployed instance
-                type: string
-              towerURL:
-                description: URL to access the deployed instance
-                type: string
-              towerVersion:
-                description: Version of the deployed instance
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null

deploy/olm-catalog/awx-operator/metadata/annotations.yaml

@@ -1,10 +0,0 @@
-annotations:
-  operators.operatorframework.io.bundle.channel.default.v1: alpha
-  operators.operatorframework.io.bundle.channels.v1: alpha
-  operators.operatorframework.io.bundle.manifests.v1: manifests/
-  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
-  operators.operatorframework.io.bundle.metadata.v1: metadata/
-  operators.operatorframework.io.bundle.package.v1: awx-operator
-  operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4
-  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
-  operators.operatorframework.io.metrics.project_layout: ansible

docs/migration.md

@@ -6,14 +6,14 @@ To migrate data from an older AWX installation, you must provide some informatio
 
 ### Secret Key
 
-You can find your old secret key in the inventory file you used to deploy AWX in releases prior to version 18. 
+You can find your old secret key in the inventory file you used to deploy AWX in releases prior to version 18.
 
 ```yaml
 apiVersion: v1
 kind: Secret
 metadata:
   name: <resourcename>-secret-key
-  namespace: <target namespace>
+  namespace: <target-namespace>
 stringData:
   secret_key: <old-secret-key>
 type: Opaque
@@ -21,7 +21,7 @@ type: Opaque
 
 **Note**: `<resourcename>` must match the `name` of the AWX object you are creating. In our example below, it is `awx`.
 
-### Old Databse Credentials
+### Old Database Credentials
 
 The secret should be formatted as follows:
 
@@ -43,6 +43,15 @@ type: Opaque
 
 > For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.cluster.local`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from.
 
+If your AWX deployment is already using an external database server or its database is otherwise not managed
+by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
+In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
+from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
+database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
+
+The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label,
+you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
+
 ## Deploy AWX
 
 When you apply your AWX object, you must specify the name to the database secret you created above:
@@ -53,6 +62,21 @@ kind: AWX
 metadata:
   name: awx
 spec:
-  tower_old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
+  old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
+  secret_key_secret: <resourcename>-secret-key
   ...
 ```
+## Important Note
+If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
+
+```yaml
+---
+# Secret key
+
+---
+# Database creds
+
+---
+# AWX Config
+```
+Failing to do so will lead to an inoperable setup.

main.yml

@@ -1,5 +0,0 @@
----
-- hosts: localhost
-  gather_facts: no
-  roles:
-    - installer

molecule/default/asserts.yml

@@ -1,20 +0,0 @@
----
-- name: Verify cluster resources
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-
-  tasks:
-    - name: Get AWX Pod data
-      k8s_info:
-        kind: Pod
-        namespace: example-awx
-        label_selectors:
-          - app=awx
-      register: tower_pods
-
-    - name: Verify there is one AWX pod
-      assert:
-        that: '{{ (tower_pods.resources | length) == 1 }}'

molecule/default/converge.yml

@@ -2,9 +2,17 @@
 - name: Converge
   hosts: localhost
   connection: local
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-  roles:
-    - installer
+  gather_facts: no
+  collections:
+    - kubernetes.core
 
-- import_playbook: '{{ playbook_dir }}/asserts.yml'
+  tasks:
+    - name: Create Namespace
+      k8s:
+        api_version: v1
+        kind: Namespace
+        name: '{{ namespace }}'
+
+    - import_tasks: kustomize.yml
+      vars:
+        state: present

molecule/default/create.yml

@@ -0,0 +1,6 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks: []

molecule/default/destroy.yml

@@ -0,0 +1,24 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  collections:
+    - kubernetes.core
+
+  tasks:
+    - import_tasks: kustomize.yml
+      vars:
+        state: absent
+
+    - name: Destroy Namespace
+      k8s:
+        api_version: v1
+        kind: Namespace
+        name: '{{ namespace }}'
+        state: absent
+
+    - name: Unset pull policy
+      command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
+      args:
+        chdir: '{{ config_dir }}/testing'

molecule/default/kustomize.yml

@@ -0,0 +1,15 @@
+---
+- name: Build kustomize testing overlay
+  # load_restrictor must be set to none so we can load patch files from the default overlay
+  command: '{{ kustomize }} build  --load_restrictor none .'
+  args:
+    chdir: '{{ config_dir }}/testing'
+  register: resources
+  changed_when: false
+
+- name: Set resources to {{ state }}
+  k8s:
+    definition: '{{ item }}'
+    state: '{{ state }}'
+    wait: yes
+  loop: '{{ resources.stdout | from_yaml_all | list }}'

molecule/default/molecule.yml

@@ -2,33 +2,38 @@
 dependency:
   name: galaxy
 driver:
-  name: docker
+  name: delegated
 lint: |
   set -e
   yamllint .
-  ansible-lint
 platforms:
-  - name: kind-default
+  - name: cluster
     groups:
       - k8s
-    image: bsycorp/kind:latest-1.14
-    privileged: True
-    override_command: no
-    exposed_ports:
-      - 8443/tcp
-      - 10080/tcp
-    published_ports:
-      - 0.0.0.0:${TEST_CLUSTER_PORT:-9443}:8443/tcp
-    pre_build_image: yes
 provisioner:
   name: ansible
-  log: True
+  lint: |
+    set -e
+    ansible-lint
   inventory:
     group_vars:
       all:
-        operator_namespace: ${TEST_NAMESPACE:-default}
+        namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
+    host_vars:
+      localhost:
+        awx_image: ${AWX_TEST_IMAGE:-""}
+        awx_version: ${AWX_TEST_VERSION:-""}
+        default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
+        ansible_python_interpreter: '{{ ansible_playbook_python }}'
+        config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
+        samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
+        operator_image: ${OPERATOR_IMAGE:-""}
+        operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"}
+        kustomize: ${KUSTOMIZE_PATH:-kustomize}
   env:
-    K8S_AUTH_KUBECONFIG: /tmp/molecule/kind-default/kubeconfig
-    KUBECONFIG: /tmp/molecule/kind-default/kubeconfig
-    ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
-    KIND_PORT: '${TEST_CLUSTER_PORT:-9443}'
+    K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"}
+verifier:
+  name: ansible
+  lint: |
+    set -e
+    ansible-lint

molecule/default/prepare.yml

@@ -1,31 +1,28 @@
 ---
-- name: Prepare operator resources
+- name: Prepare
   hosts: localhost
   connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-    deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
-    templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
-  vars_files:
-    - "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/group_vars/all"
+  gather_facts: false
 
   tasks:
-    - name: Create Custom Resource Definition
-      k8s:
-        definition: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_crd.yaml'])) }}"
+    - name: Ensure operator image is set
+      fail:
+        msg: |
+          You must specify the OPERATOR_IMAGE environment variable in order to run the
+          'default' scenario
+      when: not operator_image
 
-    - name: Ensure specified namespace is present
-      k8s:
-        api_version: v1
-        kind: Namespace
-        name: '{{ operator_namespace }}'
+    - name: Set testing image
+      command: '{{ kustomize }} edit set image testing={{ operator_image }}'
+      args:
+        chdir: '{{ config_dir }}/testing'
 
-    - name: Create RBAC resources
-      k8s:
-        definition: "{{ lookup('template', '/'.join([templates_dir, item])) }}"
-        namespace: '{{ operator_namespace }}'
-      with_items:
-        - role.yml.j2
-        - role_binding.yml.j2
-        - service_account.yml.j2
+    - name: Set pull policy
+      command: '{{ kustomize }} edit add patch --path pull_policy/{{ operator_pull_policy }}.yaml'
+      args:
+        chdir: '{{ config_dir }}/testing'
+
+    - name: Set testing namespace
+      command: '{{ kustomize }} edit set namespace {{ namespace }}'
+      args:
+        chdir: '{{ config_dir }}/testing'

molecule/default/tasks/awx_test.yml

@@ -0,0 +1,85 @@
+---
+- name: Create the awx.ansible.com/v1alpha1.AWX
+  k8s:
+    state: present
+    namespace: '{{ namespace }}'
+    definition: "{{ lookup('template', 'awx_cr_molecule.yml.j2') | from_yaml }}"
+    wait: yes
+    wait_timeout: 900
+    wait_condition:
+      type: Running
+      reason: Successful
+      status: "True"
+
+- name: Obtain generated admin password
+  k8s_info:
+    namespace: '{{ namespace }}'
+    kind: Secret
+    name: example-awx-admin-password
+  register: admin_pw_secret
+
+- block:
+    - name: Get pod details
+      k8s_info:
+        namespace: '{{ namespace }}'
+        kind: Pod
+        label_selectors:
+          - app.kubernetes.io/name = example-awx
+      register: awx_pod
+      when: not awx_version
+
+    - name: Exract tags from images
+      set_fact:
+        image_tags: |
+          {{ awx_pod.resources[0].spec.containers |
+             map(attribute='image') |
+             map('regex_search', default_awx_version) }}
+      when: not awx_version
+
+    - fail:
+        msg: |
+          It looks like you may have broken the DEFAULT_AWX_VERSION functionality.
+          This is an environment variable that is set via build arg when releasing awx-operator.
+      when:
+        - not awx_version
+        - default_awx_version not in image_tags
+
+    - name: Launch Demo Job Template
+      awx.awx.job_launch:
+        name: Demo Job Template
+        wait: yes
+        validate_certs: no
+        controller_host: localhost
+        controller_username: admin
+        controller_password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+  rescue:
+    - name: Get list of project updates and jobs
+      uri:
+        url: "http://localhost/api/v2/{{ resource }}/"
+        user: admin
+        password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+        force_basic_auth: yes
+      register: job_lists
+      loop:
+        - project_updates
+        - jobs
+      loop_control:
+        loop_var: resource
+
+    - name: Get all job and project details
+      uri:
+        url: "http://localhost{{ endpoint }}"
+        user: admin
+        password: "{{ admin_pw_secret.resources[0].data.password | b64decode }}"
+        force_basic_auth: yes
+      loop: |
+        {{ job_lists.results | map(attribute='json') | map(attribute='results') | flatten | map(attribute='url') }}
+      loop_control:
+        loop_var: endpoint
+
+    - name: Re-emit failure
+      vars:
+        failed_task:
+          result: '{{ ansible_failed_result }}'
+      fail:
+        msg: '{{ failed_task }}'

molecule/default/templates/awx_cr_molecule.yml.j2

@@ -0,0 +1,27 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: example-awx
+spec:
+{% if awx_image %}
+  image: {{ awx_image }}
+{% endif %}
+{% if awx_version %}
+  image_version: {{ awx_version }}
+{% endif %}
+  ingress_type: ingress
+  ingress_annotations: |
+    kubernetes.io/ingress.class: nginx
+  web_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  task_resource_requirements:
+    requests:
+      cpu: 250m
+      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 200m
+      memory: 64M

molecule/default/verify.yml

@@ -0,0 +1,57 @@
+---
+- name: Verify
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  collections:
+    - kubernetes.core
+
+  vars:
+    ctrl_label: control-plane=controller-manager
+
+  tasks:
+    - block:
+        - name: Import all test files from tasks/
+          include_tasks: '{{ item }}'
+          with_fileglob:
+            - tasks/*_test.yml
+      rescue:
+        - name: Retrieve relevant resources
+          k8s_info:
+            api_version: '{{ item.api_version }}'
+            kind: '{{ item.kind }}'
+            namespace: '{{ namespace }}'
+          loop:
+            - api_version: v1
+              kind: Pod
+            - api_version: apps/v1
+              kind: Deployment
+            - api_version: v1
+              kind: Secret
+            - api_version: v1
+              kind: ConfigMap
+          register: debug_resources
+
+        - name: Retrieve Pod logs
+          k8s_log:
+            name: '{{ item.metadata.name }}'
+            namespace: '{{ namespace }}'
+            container: awx-manager
+          loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}"
+          register: debug_logs
+
+        - name: Output gathered resources
+          debug:
+            var: debug_resources
+
+        - name: Output gathered logs
+          debug:
+            var: item.log_lines
+          loop: '{{ debug_logs.results }}'
+
+        - name: Re-emit failure
+          vars:
+            failed_task:
+              result: '{{ ansible_failed_result }}'
+          fail:
+            msg: '{{ failed_task }}'

molecule/kind/converge.yml

@@ -0,0 +1,34 @@
+---
+- name: Converge
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  tasks:
+    - name: Build operator image
+      docker_image:
+        build:
+          path: '{{ project_dir }}'
+          pull: no
+          args:
+            DEFAULT_AWX_VERSION: '{{ default_awx_version }}'
+        name: '{{ operator_image }}'
+        tag: latest
+        push: no
+        source: build
+        force_source: yes
+
+    - name: Load operator image into kind cluster
+      command: kind load docker-image --name osdk-test '{{ operator_image }}'
+      register: result
+      changed_when: '"not yet present" in result.stdout'
+
+    - name: Load awx image into kind cluster
+      command: kind load docker-image --name osdk-test '{{ awx_image }}:{{ awx_version }}'
+      register: result
+      changed_when: '"not yet present" in result.stdout'
+      when:
+        - awx_image is defined
+        - awx_image != ''
+
+- import_playbook: ../default/converge.yml

molecule/kind/create.yml

@@ -0,0 +1,27 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Create test kind cluster
+      shell: |
+        cat <<EOF | kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} --config=-
+        kind: Cluster
+        apiVersion: kind.x-k8s.io/v1alpha4
+        nodes:
+        - role: control-plane
+          kubeadmConfigPatches:
+          - |
+            kind: InitConfiguration
+            nodeRegistration:
+              kubeletExtraArgs:
+                node-labels: "ingress-ready=true"
+          extraPortMappings:
+          - containerPort: 80
+            hostPort: 80
+            protocol: TCP
+          - containerPort: 443
+            hostPort: 443
+            protocol: TCP
+        EOF

molecule/kind/destroy.yml

@@ -0,0 +1,16 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  collections:
+    - kubernetes.core
+
+  tasks:
+    - name: Destroy test kind cluster
+      command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }}
+
+    - name: Unset pull policy
+      command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml'
+      args:
+        chdir: '{{ config_dir }}/testing'

molecule/kind/molecule.yml

@@ -0,0 +1,44 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: delegated
+lint: |
+  set -e
+  yamllint .
+platforms:
+  - name: cluster
+    groups:
+      - k8s
+provisioner:
+  name: ansible
+  playbooks:
+    verify: ../default/verify.yml
+  lint: |
+    set -e
+    ansible-lint
+  inventory:
+    group_vars:
+      all:
+        namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test}
+    host_vars:
+      localhost:
+        awx_image: ${AWX_TEST_IMAGE:-""}
+        awx_version: ${AWX_TEST_VERSION:-""}
+        ansible_python_interpreter: '{{ ansible_playbook_python }}'
+        default_awx_version: "{{ lookup('url', 'https://api.github.com/repos/ansible/awx/releases/latest') | from_json | json_query('tag_name') }}"
+        config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config
+        samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples
+        project_dir: ${MOLECULE_PROJECT_DIRECTORY}
+        operator_image: testing-operator
+        operator_pull_policy: "Never"
+        kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
+        kustomize: ${KUSTOMIZE_PATH:-kustomize}
+  env:
+    K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
+    KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig
+verifier:
+  name: ansible
+  lint: |
+    set -e
+    ansible-lint

molecule/kind/prepare.yml

@@ -0,0 +1,29 @@
+---
+- name: Prepare
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  collections:
+    - kubernetes.core
+  vars:
+    nginx_ingress_definition: 'https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml'
+  tasks:
+    - name: Install NGINX ingress
+      k8s:
+        definition: |
+          {{ lookup('url', nginx_ingress_definition, split_lines=False) | from_yaml_all }}
+
+    - name: Wait for NGINX ingress to become available
+      k8s_info:
+        kind: Pod
+        namespace: ingress-nginx
+        label_selectors:
+          - app.kubernetes.io/component=controller
+        wait: yes
+        wait_timeout: 30
+        wait_condition:
+          type: Ready
+      register: result  # For some reason, this task always fails on the first try...
+      until: result is not failed
+
+- import_playbook: ../default/prepare.yml

molecule/requirements.txt

@@ -0,0 +1,7 @@
+molecule
+molecule-docker
+yamllint
+ansible-lint
+openshift!=0.13.0
+jmespath
+ansible-core

molecule/requirements.yml

@@ -0,0 +1,8 @@
+---
+collections:
+  - name: community.general
+  - name: kubernetes.core
+    version: 1.2.1
+  - name: operator_sdk.util
+  - name: community.docker
+  - name: awx.awx

molecule/test-local/ansible.cfg

@@ -1,2 +0,0 @@
-[defaults]
-stdout_callback = yaml

molecule/test-local/converge.yml

@@ -1,133 +0,0 @@
----
-- name: Build Operator in Kind container
-  hosts: k8s
-
-  vars:
-    image_name: awx.ansible.com/awx-operator:testing
-
-  tasks:
-    # using command so we don't need to install any dependencies
-    - name: Get existing image hash
-      command: docker images -q {{ image_name }}
-      register: prev_hash
-      changed_when: false
-
-    - name: Build Operator Image
-      command: docker build -f /build/build/Dockerfile -t {{ image_name }} /build
-      register: build_cmd
-      changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:]))
-
-- name: Converge
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-    deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
-    templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
-    pull_policy: Never
-    operator_image: awx.ansible.com/awx-operator
-    operator_version: testing
-    custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}"
-  tasks:
-
-    - block:
-
-        - name: Delete the Operator Deployment
-          k8s:
-            state: absent
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-          register: delete_deployment
-          when: hostvars[groups.k8s.0].build_cmd.changed
-
-        - name: Wait 30s for Operator Deployment to terminate
-          k8s_info:
-            api_version: '{{ definition.apiVersion }}'
-            kind: '{{ definition.kind }}'
-            namespace: '{{ operator_namespace }}'
-            name: '{{ definition.metadata.name }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: deployment
-          until: not deployment.resources
-          delay: 3
-          retries: 10
-          when: delete_deployment.changed
-
-        - name: Create the Operator Deployment
-          k8s:
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-
-        - name: Ensure the AWX custom_resource namespace exists
-          k8s:
-            state: present
-            name: '{{ custom_resource.metadata.namespace }}'
-            kind: Namespace
-            api_version: v1
-
-        - name: Create the AWX Custom Resource
-          k8s:
-            state: present
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            definition: '{{ custom_resource }}'
-
-        - name: Wait 15m for reconciliation to run
-          k8s_info:
-            api_version: '{{ custom_resource.apiVersion }}'
-            kind: '{{ custom_resource.kind }}'
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            name: '{{ custom_resource.metadata.name }}'
-          register: cr
-          until:
-            - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
-          delay: 6
-          retries: 150
-
-      rescue:
-
-        - name: debug cr
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: debug_cr
-          vars:
-            debug_cr: '{{ lookup("k8s",
-              kind=custom_resource.kind,
-              api_version=custom_resource.apiVersion,
-              namespace=custom_resource.metadata.namespace,
-              resource_name=custom_resource.metadata.name)
-            }}'
-
-        - name: debug awx deployment
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: deploy
-          vars:
-            deploy: '{{ lookup("k8s",
-              kind="Deployment",
-              api_version="apps/v1",
-              namespace=custom_resource.metadata.namespace,
-              label_selector="app=awx")
-            }}'
-
-        - name: get operator logs
-          ignore_errors: yes
-          failed_when: false
-          command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }}
-          environment:
-            KUBECONFIG: '{{ lookup("env", "KUBECONFIG") }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: log
-
-        - name: print debug output
-          debug: var=log.stdout_lines
-
-        - name: fail if converge didn't succeed
-          fail:
-            msg: "Failed on action: converge"
-
-- import_playbook: '{{ playbook_dir }}/../default/asserts.yml'

molecule/test-local/molecule.yml

@@ -1,46 +0,0 @@
----
-dependency:
-  name: galaxy
-driver:
-  name: docker
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
-platforms:
-  - name: kind-test-local
-    groups:
-      - k8s
-    image: bsycorp/kind:v1.17.9
-    privileged: True
-    override_command: no
-    exposed_ports:
-      - 8443/tcp
-      - 10080/tcp
-    published_ports:
-      - 0.0.0.0:${TEST_CLUSTER_PORT:-10443}:8443/tcp
-    pre_build_image: yes
-    volumes:
-      - ${MOLECULE_PROJECT_DIRECTORY}:/build:Z
-provisioner:
-  name: ansible
-  log: True
-  inventory:
-    group_vars:
-      all:
-        operator_namespace: ${TEST_NAMESPACE:-default}
-  env:
-    K8S_AUTH_KUBECONFIG: /tmp/molecule/kind-test-local/kubeconfig
-    KUBECONFIG: /tmp/molecule/kind-test-local/kubeconfig
-    ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
-    KIND_PORT: '${TEST_CLUSTER_PORT:-10443}'
-scenario:
-  test_sequence:
-    - lint
-    - destroy
-    - dependency
-    - syntax
-    - create
-    - prepare
-    - converge
-    - destroy

molecule/test-local/prepare.yml

@@ -1,38 +0,0 @@
----
-- name: Prepare kubernetes environment
-  hosts: k8s
-  gather_facts: no
-  vars:
-    kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
-  tasks:
-    - name: delete the kubeconfig if present
-      file:
-        path: '{{ kubeconfig }}'
-        state: absent
-      delegate_to: localhost
-
-    - name: Fetch the kubeconfig
-      fetch:
-        dest: '{{ kubeconfig }}'
-        flat: yes
-        src: /root/.kube/config
-
-    - name: Change the kubeconfig port to the proper value
-      replace:
-        regexp: 8443
-        replace: "{{ lookup('env', 'KIND_PORT') }}"
-        path: '{{ kubeconfig }}'
-        mode: 0644
-      delegate_to: localhost
-
-    - name: Wait for the Kubernetes API to become available (this could take a minute)
-      uri:
-        url: "http://localhost:10080/kubernetes-ready"
-        status_code: 200
-        validate_certs: no
-      register: result
-      until: (result.status|default(-1)) == 200
-      retries: 60
-      delay: 5
-
-- import_playbook: ../default/prepare.yml

molecule/test-minikube/converge.yml

@@ -1,141 +0,0 @@
----
-# TODO: For some reason prepare is not run after a destroy in the Minikube env.
-- import_playbook: ../default/prepare.yml
-
-- name: Build Operator in Minikube
-  hosts: localhost
-  connection: local
-
-  vars:
-    image_name: awx.ansible.com/awx-operator:testing
-
-  tasks:
-    # Use raw Docker commands inside Minikube to avoid extra Python dependencies.
-    - name: Get existing image hash
-      shell: |
-        eval $(minikube docker-env)
-        docker images -q {{ image_name }}
-      register: prev_hash
-      changed_when: false
-
-    - name: Build Operator Image
-      shell: |
-        eval $(minikube docker-env)
-        docker build -f ../../build/Dockerfile -t {{ image_name }} ../..
-      register: build_cmd
-      changed_when: not prev_hash.stdout or (prev_hash.stdout and prev_hash.stdout not in ''.join(build_cmd.stdout_lines[-2:]))
-
-- name: Converge
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-    deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy"
-    templates_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/ansible/templates"
-    pull_policy: Never
-    operator_image: awx.ansible.com/awx-operator
-    operator_version: testing
-    # Change this to _awx to test AWX, _tower to test Tower.
-    custom_resource: "{{ lookup('file', '/'.join([deploy_dir, 'crds/awx_v1beta1_molecule.yaml'])) | from_yaml }}"
-
-  tasks:
-    - block:
-        - name: Delete the Operator Deployment
-          k8s:
-            state: absent
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-          register: delete_deployment
-          when: build_cmd.changed
-
-        - name: Wait 30s for Operator Deployment to terminate
-          k8s_info:
-            api_version: '{{ definition.apiVersion }}'
-            kind: '{{ definition.kind }}'
-            namespace: '{{ operator_namespace }}'
-            name: '{{ definition.metadata.name }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: deployment
-          until: not deployment.resources
-          delay: 3
-          retries: 10
-          when: delete_deployment.changed
-
-        - name: Create the Operator Deployment
-          k8s:
-            namespace: '{{ operator_namespace }}'
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) }}"
-
-        - name: Ensure the AWX custom_resource namespace exists
-          k8s:
-            state: present
-            name: '{{ custom_resource.metadata.namespace }}'
-            kind: Namespace
-            api_version: v1
-
-        - name: Create the AWX Custom Resource
-          k8s:
-            state: present
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            definition: '{{ custom_resource }}'
-
-        - name: Wait 15m for reconciliation to run
-          k8s_info:
-            api_version: '{{ custom_resource.apiVersion }}'
-            kind: '{{ custom_resource.kind }}'
-            namespace: '{{ custom_resource.metadata.namespace }}'
-            name: '{{ custom_resource.metadata.name }}'
-          register: cr
-          until:
-            - "'Successful' in (cr | json_query('resources[].status.conditions[].reason'))"
-          delay: 6
-          retries: 150
-
-      rescue:
-
-        - name: debug cr
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: debug_cr
-          vars:
-            debug_cr: '{{ lookup("k8s",
-              kind=custom_resource.kind,
-              api_version=custom_resource.apiVersion,
-              namespace=custom_resource.metadata.namespace,
-              resource_name=custom_resource.metadata.name)
-            }}'
-
-        - name: debug awx deployment
-          ignore_errors: yes
-          failed_when: false
-          debug:
-            var: deploy
-          vars:
-            deploy: '{{ lookup("k8s",
-              kind="Deployment",
-              api_version="apps/v1",
-              namespace=custom_resource.metadata.namespace,
-              label_selector="app=awx")
-            }}'
-
-        - name: get operator logs
-          ignore_errors: yes
-          failed_when: false
-          command: kubectl logs deployment/{{ definition.metadata.name }} -n {{ operator_namespace }} -c operator
-          environment:
-            KUBECONFIG: '{{ lookup("env", "KUBECONFIG") }}'
-          vars:
-            definition: "{{ lookup('template', '/'.join([templates_dir, 'operator.yml.j2'])) | from_yaml }}"
-          register: log
-
-        - name: print debug output
-          debug: var=log.stdout_lines
-
-        - name: fail if converge didn't succeed
-          fail:
-            msg: "Failed on action: converge"
-
-- import_playbook: '{{ playbook_dir }}/../default/asserts.yml'

molecule/test-minikube/molecule.yml

@@ -1,34 +0,0 @@
----
-dependency:
-  name: galaxy
-driver:
-  name: delegated
-  options:
-    managed: False
-    ansible_connection_options: {}
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
-platforms:
-  - name: test-minikube
-    groups:
-      - k8s
-provisioner:
-  name: ansible
-  inventory:
-    group_vars:
-      all:
-        operator_namespace: ${TEST_NAMESPACE:-default}
-  env:
-    ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles
-scenario:
-  test_sequence:
-    - lint
-    - destroy
-    - dependency
-    - syntax
-    - create
-    - prepare
-    - converge
-    - destroy