Merge pull request #266 from shanemcd/bump-19.1.0

Bump 19.1.0

.github/workflows/devel.yaml

@@ -0,0 +1,34 @@
+---
+
+name: Devel
+
+on:
+  push:
+    branches: [devel]
+
+jobs:
+  release:
+    runs-on: ubuntu-18.04
+    name: Push devel image
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Operator-SDK
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/bin
+          wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
+          chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
+          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
+
+      - name: Build Image
+        run: |
+          operator-sdk build awx-operator:devel
+
+      - name: Push To Quay
+        uses: redhat-actions/push-to-registry@v2.1.1
+        with:
+          image: awx-operator
+          tags: devel
+          registry: quay.io/ansible/
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}

.github/workflows/release.yaml

@@ -3,13 +3,14 @@
 name: Release
 
 on:
-  push:
-    branches: [devel]
+  release:
+    types:
+      - created
 
 jobs:
   release:
     runs-on: ubuntu-18.04
-    name: release
+    name: Push tagged image to Quay
     steps:
       - uses: actions/checkout@v2
 
@@ -22,13 +23,13 @@ jobs:
 
       - name: Build Image
         run: |
-          operator-sdk build awx-operator:devel
+          operator-sdk build awx-operator:${{ github.event.release.tag_name }}
 
       - name: Push To Quay
         uses: redhat-actions/push-to-registry@v2.1.1
         with:
           image: awx-operator
-          tags: devel
+          tags: ${{ github.event.release.tag_name }}
           registry: quay.io/ansible/
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_TOKEN }}

README.md

@@ -26,6 +26,8 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w
          * [Containers Resource Requirements](#containers-resource-requirements)
          * [LDAP Certificate Authority](#ldap-certificate-authority)
          * [Persisting Projects Directory](#persisting-projects-directory)
+         * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options)
+         * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers)
    * [Development](#development)
       * [Testing](#testing)
          * [Testing in Docker](#testing-in-docker)
@@ -49,10 +51,12 @@ Note that the operator is not supported by Red Hat, and is in **alpha** status.
 
 This Kubernetes Operator is meant to be deployed in your Kubernetes cluster(s) and can manage one or more AWX instances in any namespace.
 
-First you need to deploy AWX Operator into your cluster:
+First, you need to deploy AWX Operator into your cluster. Start by going to https://github.com/ansible/awx-operator/releases and making note of the latest release.
+
+Replace `<tag>` in the URL below with the version you are deploying:
 
 ```bash
-#> kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/devel/deploy/awx-operator.yaml
+#> kubectl apply -f https://raw.githubusercontent.com/ansible/awx-operator/<tag>/deploy/awx-operator.yaml
 ```
 
 Then create a file named `my-awx.yml` with the following contents:
@@ -119,7 +123,7 @@ stringData:
 
 By default, the AWX operator is not opinionated and won't force a specific ingress type on you. So, if `tower_ingress_type` is not specified as part of the Custom Resource specification, it will default to `none` and nothing ingress-wise will be created.
 
-The AWX operator provides support for three kinds of `Ingress` to access AWX: `Ingress`, `Route` and `LoadBalancer`, To toggle between these options, you can add the following to your AWX CR:
+The AWX operator provides support for four kinds of `Ingress` to access AWX: `Ingress`, `Route`,  `LoadBalancer` and `NodePort`, To toggle between these options, you can add the following to your AWX CR:
 
   * Route
 
@@ -147,9 +151,26 @@ spec:
 spec:
   ...
   tower_ingress_type: LoadBalancer
-  tower_ingress_protocol: http
+  tower_loadbalancer_protocol: http
 ```
 
+  * NodePort
+
+```yaml
+---
+spec:
+  ...
+  tower_ingress_type: NodePort
+```
+
+The AWX `Service` that gets created will have a `type` set based on the `tower_ingress_type` being used:
+
+| Ingress Type `tower_ingress_type`     | Service Type   |
+| ------------------------------------- | -------------- |
+| `LoadBalancer`                        | `LoadBalancer` |
+| `NodePort`                            | `NodePort`     |
+| `Ingress` or `Route` or not specified | `ClusterIP`    |
+
 #### TLS Termination
 
   * Route
@@ -207,9 +228,12 @@ stringData:
   database: <desired database name>
   username: <username to connect as>
   password: <password to connect with>
+  sslmode: prefer
 type: Opaque
 ```
 
+**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.
+
 #### Migrating data from an old AWX instance
 
 For instructions on how to migrate from an older version of AWX, see [migration.md](./docs/migration.md).
@@ -223,7 +247,8 @@ The following variables are customizable for the managed PostgreSQL service
 | Name                                 | Description                                | Default                           |
 | ------------------------------------ | ------------------------------------------ | --------------------------------- |
 | tower_postgres_image                 | Path of the image to pull                  | postgres:12                       |
-| tower_postgres_resource_requirements | PostgreSQL container resource requirements | requests: {storage: 8Gi}          |
+| tower_postgres_resource_requirements | PostgreSQL container resource requirements | Empty object                      |
+| tower_postgres_storage_requirements  | PostgreSQL container storage requirements  | requests: {storage: 8Gi}          |
 | tower_postgres_storage_class         | PostgreSQL PV storage class                | Empty string                      |
 | tower_postgres_data_path             | PostgreSQL data path                       | `/var/lib/postgresql/data/pgdata` |
 
@@ -235,10 +260,15 @@ spec:
   ...
   tower_postgres_resource_requirements:
     requests:
+      cpu: 500m
       memory: 2Gi
+    limits:
+      cpu: 1
+      memory: 4Gi
+  tower_postgres_storage_requirements:
+    requests:
       storage: 8Gi
     limits:
-      memory: 4Gi
       storage: 50Gi
   tower_postgres_storage_class: fast-ssd
 ```
@@ -251,12 +281,15 @@ spec:
 
 There are a few variables that are customizable for awx the image management.
 
-| Name                    | Description                |
-| ----------------------- | -------------------------- |
-| tower_image             | Path of the image to pull  |
-| tower_image_pull_policy | The pull policy to adopt   |
-| tower_image_pull_secret | The pull secret to use     |
-| tower_ee_images         | A list of EEs to register  |
+| Name                      | Description                |
+| --------------------------| -------------------------- |
+| tower_image               | Path of the image to pull  |
+| tower_image_version       | Image version to pull      |
+| tower_image_pull_policy   | The pull policy to adopt   |
+| tower_image_pull_secret   | The pull secret to use     |
+| tower_ee_images           | A list of EEs to register  |
+| tower_redis_image         | Path of the image to pull  |
+| tower_redis_image_version | Image version to pull      |
 
 Example of customization could be:
 
@@ -265,13 +298,16 @@ Example of customization could be:
 spec:
   ...
   tower_image: myorg/my-custom-awx
+  tower_image_version: latest
   tower_image_pull_policy: Always
   tower_image_pull_secret: pull_secret_name
-  tower_ee_images: 
+  tower_ee_images:
     - name: my-custom-awx-ee
       image: myorg/my-custom-awx-ee
 ```
 
+**Note**: The `tower_image` and `tower_image_version` are intended for local mirroring scenarios. Please note that using a version of AWX other than the one bundled with the `awx-operator` is **not** supported. For the default values, check the [main.yml](https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml) file.
+
 #### Privileged Tasks
 
 Depending on the type of tasks that you'll be running, you may find that you need the task pod to run as `privileged`. This can open yourself up to a variety of security concerns, so you should be aware (and verify that you have the privileges) to do this if necessary. In order to toggle this feature, you can add the following to your custom resource:
@@ -325,15 +361,19 @@ spec:
 
 #### Assigning AWX pods to specific nodes
 
-You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `tower_node_selector` constrains
-the AWX pods to run only on the nodes that match all the specified key/value pairs. `tower_tolerations` allow the AWX
+You can constrain the AWX pods created by the operator to run on a certain subset of nodes. `tower_node_selector` and `tower_postgres_selector` constrains
+the AWX pods to run only on the nodes that match all the specified key/value pairs. `tower_tolerations` and `tower_postgres_tolerations` allow the AWX
 pods to be scheduled onto nodes with matching taints.
 
 
-| Name                | Description            | Default |
-| ------------------- | ---------------------- | ------- |
-| tower_node_selector | AWX pods' nodeSelector | ''      |
-| tower_tolerations   | AWX pods' tolerations  | ''      |
+| Name                           | Description                 | Default |
+| -------------------------------| --------------------------- | ------- |
+| tower_postgres_image           | Path of the image to pull   | 12      |
+| tower_postgres_image_version   | Image version to pull       | 12      |
+| tower_node_selector            | AWX pods' nodeSelector      | ''      |
+| tower_tolerations              | AWX pods' tolerations       | ''      |
+| tower_postgres_selector        | Postgres pods' nodeSelector | ''      |
+| tower_postgres_tolerations     | Postgres pods' tolerations  | ''      |
 
 Example of customization could be:
 
@@ -350,6 +390,15 @@ spec:
       operator: "Equal"
       value: "AWX"
       effect: "NoSchedule"
+  tower_postgres_selector: |
+    disktype: ssd
+    kubernetes.io/arch: amd64
+    kubernetes.io/os: linux
+  tower_postgres_tolerations: |
+    - key: "dedicated"
+      operator: "Equal"
+      value: "AWX"
+      effect: "NoSchedule"
 ```
 
 #### LDAP Certificate Authority
@@ -399,6 +448,94 @@ spec:
   tower_projects_storage_size: 20Gi
 ```
 
+#### Custom Volume and Volume Mount Options
+
+In a scenario where custom volumes and volume mounts are required to either overwrite defaults or mount configuration files.
+
+| Name                           | Description                                              | Default |
+| ------------------------------ | -------------------------------------------------------- | ------- |
+| tower_extra_volumes            | Specify extra volumes to add to the application pod      | ''      |
+| tower_web_extra_volume_mounts  | Specify volume mounts to be added to Web container       | ''      |
+| tower_task_extra_volume_mounts | Specify volume mounts to be added to Task container      | ''      |
+| tower_ee_extra_volume_mounts   | Specify volume mounts to be added to Execution container | ''      |
+
+Example configuration for ConfigMap
+
+```yaml
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: <resourcename>-extra-config
+  namespace: <target namespace>
+data:
+  ansible.cfg: |
+     [defaults]
+     remote_tmp = /tmp
+     [ssh_connection]
+     ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
+  custom.py:  |
+      INSIGHTS_URL_BASE = "example.org"
+      AWX_CLEANUP_PATHS = True
+```
+Example spec file for volumes and volume mounts
+
+```yaml
+---
+    spec:
+    ...
+      tower_ee_extra_volume_mounts: |
+        - name: ansible-cfg
+          mountPath: /etc/ansible/ansible.cfg
+          subPath: ansible.cfg
+
+      tower_task_extra_volume_mounts: |
+        - name: custom-py
+          mountPath: /etc/tower/conf.d/custom.py
+          subPath: custom.py
+
+      tower_extra_volumes: |
+        - name: ansible-cfg
+          configMap:
+            defaultMode: 420
+            items:
+              - key: ansible.cfg
+                path: ansible.cfg
+            name: <resourcename>-extra-config
+        - name: custom-py
+          configMap:
+            defaultMode: 420
+            items:
+              - key: custom.py
+                path: custom.py
+            name: <resourcename>-extra-config
+
+```
+
+> :warning: **Volume and VolumeMount names cannot contain underscores(_)**
+
+#### Exporting Environment Variables to Containers
+
+If you need to export custom environment variables to your containers.
+
+| Name                          | Description                                              | Default |
+| ----------------------------- | -------------------------------------------------------- | ------- |
+| tower_task_extra_env          | Environment variables to be added to Task container      | ''      |
+| tower_web_extra_env           | Environment variables to be added to Web container       | ''      |
+
+Example configuration of environment variables
+
+```yaml
+  spec:
+    tower_task_extra_env: |
+      - name: MYCUSTOMVAR
+        value: foo
+    tower_web_extra_env: |
+      - name: MYCUSTOMVAR
+        value: foo
+```
+
+
 ## Development
 
 ### Testing
@@ -502,21 +639,34 @@ There are a few moving parts to this project:
 
 Each of these must be appropriately built in preparation for a new tag:
 
-### Build a new release
+### Verify Functionality
 
 Run the following command inside this directory:
 
 ```sh
-#> operator-sdk build quay.io/ansible/awx-operator:$VERSION
+#> operator-sdk build quay.io/<user>/awx-operator:test
 ```
 
 Then push the generated image to Docker Hub:
 
 ```sh
-#> docker push quay.io/ansible/awx-operator:$VERSION
+#> docker push quay.io/<user>/awx-operator:test
 ```
 
-### Build a new version of the operator yaml file
+After it is built, test it on a local cluster:
+
+
+```sh
+#> minikube start --memory 6g --cpus 4
+#> minikube addons enable ingress
+#> ansible-playbook ansible/deploy-operator.yml -e operator_image=quay.io/<user>/awx-operator -e operator_version=test
+#> kubectl create namespace example-awx
+#> ansible-playbook ansible/instantiate-awx-deployment.yml -e tower_namespace=example-awx
+#> <test everything>
+#> minikube delete
+```
+
+### Update version
 
 Update the awx-operator version:
 
@@ -528,20 +678,11 @@ Once the version has been updated, run from the root of the repo:
 #> ansible-playbook ansible/chain-operator-files.yml
 ```
 
-After it is built, test it on a local cluster:
+### Commit / Create Release
 
+If everything works, commit the updated version, then [publish a new release](https://github.com/ansible/awx-operator/releases/new) using the same version you used in `ansible/group_vars/all`.
 
-```sh
-#> minikube start --memory 6g --cpus 4
-#> minikube addons enable ingress
-#> ansible-playbook ansible/deploy-operator.yml
-#> kubectl create namespace example-awx
-#> ansible-playbook ansible/instantiate-awx-deployment.yml -e tower_namespace=example-awx
-#> <test everything>
-#> minikube delete
-```
-
-If everything works, commit the updated version, then tag a new repository release with the same tag as the Docker image pushed earlier.
+After creating the release, [this GitHub Workflow](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/release.yaml) will run and publish the new image to quay.io.
 
 ## Author
 

ansible/group_vars/all

@@ -1,3 +1,3 @@
 operator_image: quay.io/ansible/awx-operator
-operator_version: 0.8.0
+operator_version: 0.9.0
 pull_policy: Always

ansible/instantiate-awx-deployment.yml

@@ -18,10 +18,11 @@
           metadata:
             name: awx
           spec:
-            tower_admin_user: test
-            tower_admin_email: test@example.com
+            tower_admin_user: admin
+            tower_admin_email: admin@localhost
             tower_ingress_type: "{{ tower_ingress_type | default(omit) }}"  # Either Route, Ingress or LoadBalancer
             tower_image: "{{ tower_image | default(omit) }}"
+            tower_image_version: "{{ tower_image_version | default(omit) }}"
             development_mode: "{{ development_mode | default(omit) | bool }}"
             tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}"
             # tower_ee_images:

ansible/templates/crd.yml.j2

@@ -26,6 +26,15 @@ spec:
                 deployment_type:
                   description: Name of the deployment type
                   type: string
+                  default: awx
+                kind:
+                  description: Kind of the deployment type
+                  type: string
+                  default: AWX
+                api_version:
+                  description: apiVersion of the deployment type
+                  type: string
+                  default: awx.ansible.com/v1beta1
                 tower_task_privileged:
                   description: If a privileged security context should be enabled
                   type: boolean
@@ -69,6 +78,8 @@ spec:
                     - route
                     - LoadBalancer
                     - loadbalancer
+                    - NodePort
+                    - nodeport
                 tower_ingress_annotations:
                   description: Annotations to add to the ingress
                   type: string
@@ -113,6 +124,9 @@ spec:
                 tower_image:
                   description: Registry path to the application container to use
                   type: string
+                tower_image_version:
+                  description: Application container image version to use
+                  type: string
                 tower_ee_images:
                   description: Registry path to the Execution Environment container to use
                   type: array
@@ -214,16 +228,47 @@ spec:
                   type: string
                 tower_web_extra_env:
                   type: string
+                tower_ee_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Execution container
+                  type: string
                 tower_task_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Task container
                   type: string
                 tower_web_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the Web container
                   type: string
                 tower_redis_image:
                   description: Registry path to the redis container to use
                   type: string
+                tower_redis_image_version:
+                  description: Redis container image version to use
+                  type: string
                 tower_postgres_image:
                   description: Registry path to the PostgreSQL container to use
                   type: string
+                tower_postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+                tower_postgres_selector:
+                  description: nodeSelector for the Postgres pods
+                  type: string
+                tower_postgres_tolerations:
+                  description: node tolerations for the Postgres pods
+                  type: string
+                tower_postgres_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                  type: object
                 tower_postgres_resource_requirements:
                   description: Resource requirements for the PostgreSQL container
                   properties:
@@ -233,8 +278,6 @@ spec:
                           type: string
                         memory:
                           type: string
-                        storage:
-                          type: string
                       type: object
                     limits:
                       properties:
@@ -242,8 +285,6 @@ spec:
                           type: string
                         memory:
                           type: string
-                        storage:
-                          type: string
                       type: object
                   type: object
                 tower_postgres_storage_class:
@@ -285,6 +326,16 @@ spec:
                   description: AccessMode for the /var/lib/projects PersistentVolumeClaim
                   default: ReadWriteMany
                   type: string
+                extra_settings:
+                  description: Extra settings to specify for the API
+                  items:
+                    properties:
+                      setting:
+                        type: string
+                      value:
+                        type: string
+                    type: object
+                  type: array
               type: object
             status:
               properties:

ansible/templates/role.yml.j2

@@ -59,6 +59,7 @@ rules:
       - apps
     resources:
       - deployments/scale
+      - statefulsets/scale
     verbs:
       - patch
   - apiGroups:

deploy/awx-operator.yaml

@@ -28,6 +28,15 @@ spec:
                 deployment_type:
                   description: Name of the deployment type
                   type: string
+                  default: awx
+                kind:
+                  description: Kind of the deployment type
+                  type: string
+                  default: AWX
+                api_version:
+                  description: apiVersion of the deployment type
+                  type: string
+                  default: awx.ansible.com/v1beta1
                 tower_task_privileged:
                   description: If a privileged security context should be enabled
                   type: boolean
@@ -71,6 +80,8 @@ spec:
                     - route
                     - LoadBalancer
                     - loadbalancer
+                    - NodePort
+                    - nodeport
                 tower_ingress_annotations:
                   description: Annotations to add to the ingress
                   type: string
@@ -115,6 +126,9 @@ spec:
                 tower_image:
                   description: Registry path to the application container to use
                   type: string
+                tower_image_version:
+                  description: Application container image version to use
+                  type: string
                 tower_ee_images:
                   description: Registry path to the Execution Environment container to use
                   type: array
@@ -216,16 +230,47 @@ spec:
                   type: string
                 tower_web_extra_env:
                   type: string
+                tower_ee_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Execution container
+                  type: string
                 tower_task_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Task container
                   type: string
                 tower_web_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the Web container
                   type: string
                 tower_redis_image:
                   description: Registry path to the redis container to use
                   type: string
+                tower_redis_image_version:
+                  description: Redis container image version to use
+                  type: string
                 tower_postgres_image:
                   description: Registry path to the PostgreSQL container to use
                   type: string
+                tower_postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+                tower_postgres_selector:
+                  description: nodeSelector for the Postgres pods
+                  type: string
+                tower_postgres_tolerations:
+                  description: node tolerations for the Postgres pods
+                  type: string
+                tower_postgres_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                  type: object
                 tower_postgres_resource_requirements:
                   description: Resource requirements for the PostgreSQL container
                   properties:
@@ -235,8 +280,6 @@ spec:
                           type: string
                         memory:
                           type: string
-                        storage:
-                          type: string
                       type: object
                     limits:
                       properties:
@@ -244,8 +287,6 @@ spec:
                           type: string
                         memory:
                           type: string
-                        storage:
-                          type: string
                       type: object
                   type: object
                 tower_postgres_storage_class:
@@ -287,6 +328,16 @@ spec:
                   description: AccessMode for the /var/lib/projects PersistentVolumeClaim
                   default: ReadWriteMany
                   type: string
+                extra_settings:
+                  description: Extra settings to specify for the API
+                  items:
+                    properties:
+                      setting:
+                        type: string
+                      value:
+                        type: string
+                    type: object
+                  type: array
               type: object
             status:
               properties:
@@ -386,6 +437,7 @@ rules:
       - apps
     resources:
       - deployments/scale
+      - statefulsets/scale
     verbs:
       - patch
   - apiGroups:
@@ -447,7 +499,7 @@ spec:
       serviceAccountName: awx-operator
       containers:
         - name: awx-operator
-          image: "quay.io/ansible/awx-operator:0.8.0"
+          image: "quay.io/ansible/awx-operator:0.9.0"
           imagePullPolicy: "Always"
           volumeMounts:
             - mountPath: /tmp/ansible-operator/runner

deploy/crds/awx_v1beta1_crd.yaml

@@ -26,6 +26,15 @@ spec:
                 deployment_type:
                   description: Name of the deployment type
                   type: string
+                  default: awx
+                kind:
+                  description: Kind of the deployment type
+                  type: string
+                  default: AWX
+                api_version:
+                  description: apiVersion of the deployment type
+                  type: string
+                  default: awx.ansible.com/v1beta1
                 tower_task_privileged:
                   description: If a privileged security context should be enabled
                   type: boolean
@@ -69,6 +78,8 @@ spec:
                     - route
                     - LoadBalancer
                     - loadbalancer
+                    - NodePort
+                    - nodeport
                 tower_ingress_annotations:
                   description: Annotations to add to the ingress
                   type: string
@@ -113,6 +124,9 @@ spec:
                 tower_image:
                   description: Registry path to the application container to use
                   type: string
+                tower_image_version:
+                  description: Application container image version to use
+                  type: string
                 tower_ee_images:
                   description: Registry path to the Execution Environment container to use
                   type: array
@@ -214,16 +228,47 @@ spec:
                   type: string
                 tower_web_extra_env:
                   type: string
+                tower_ee_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Execution container
+                  type: string
                 tower_task_extra_volume_mounts:
+                  description: Specify volume mounts to be added to Task container
                   type: string
                 tower_web_extra_volume_mounts:
+                  description: Specify volume mounts to be added to the Web container
                   type: string
                 tower_redis_image:
                   description: Registry path to the redis container to use
                   type: string
+                tower_redis_image_version:
+                  description: Redis container image version to use
+                  type: string
                 tower_postgres_image:
                   description: Registry path to the PostgreSQL container to use
                   type: string
+                tower_postgres_image_version:
+                  description: PostgreSQL container image version to use
+                  type: string
+                tower_postgres_selector:
+                  description: nodeSelector for the Postgres pods
+                  type: string
+                tower_postgres_tolerations:
+                  description: node tolerations for the Postgres pods
+                  type: string
+                tower_postgres_storage_requirements:
+                  description: Storage requirements for the PostgreSQL container
+                  properties:
+                    requests:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                    limits:
+                      properties:
+                        storage:
+                          type: string
+                      type: object
+                  type: object
                 tower_postgres_resource_requirements:
                   description: Resource requirements for the PostgreSQL container
                   properties:
@@ -233,8 +278,6 @@ spec:
                           type: string
                         memory:
                           type: string
-                        storage:
-                          type: string
                       type: object
                     limits:
                       properties:
@@ -242,8 +285,6 @@ spec:
                           type: string
                         memory:
                           type: string
-                        storage:
-                          type: string
                       type: object
                   type: object
                 tower_postgres_storage_class:
@@ -285,6 +326,16 @@ spec:
                   description: AccessMode for the /var/lib/projects PersistentVolumeClaim
                   default: ReadWriteMany
                   type: string
+                extra_settings:
+                  description: Extra settings to specify for the API
+                  items:
+                    properties:
+                      setting:
+                        type: string
+                      value:
+                        type: string
+                    type: object
+                  type: array
               type: object
             status:
               properties:

deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml

@@ -91,6 +91,7 @@ spec:
         - urn:alm:descriptor:com.tectonic.ui:select:Ingress
         - urn:alm:descriptor:com.tectonic.ui:select:Route
         - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
+        - urn:alm:descriptor:com.tectonic.ui:select:NodePort
       - displayName: Tower Ingress Annotations
         path: tower_ingress_annotations
         x-descriptors:
@@ -161,12 +162,16 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: PostgreSQL container resource requirements (when using a managed
-          instance)
+      - displayName: PostgreSQL container resource requirements (when using a managed instance)
         path: tower_postgres_resource_requirements
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
+      - displayName: PostgreSQL container storage requirements (when using a managed instance)
+        path: tower_postgres_storage_requirements
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
       - displayName: Replicas
         path: tower_replicas
         x-descriptors:
@@ -199,21 +204,56 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Deployment Kind
+        path: kind
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Deployment apiVersion
+        path: api_version
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Image
         path: tower_image
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Tower Image Version
+        path: tower_image_version
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Redis Image
         path: tower_redis_image
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Redis Image Version
+        path: tower_redis_image_version
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: PostgreSQL Image
         path: tower_postgres_image
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: PostgreSQL Image Version
+        path: tower_postgres_image_version
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Tower Postgres Selector
+        path: tower_postgres_selector
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Tower Postgres Tolerations
+        path: tower_postgres_tolerations
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Postgres Storage Class
         path: tower_postgres_storage_class
         x-descriptors:
@@ -285,11 +325,25 @@ spec:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Task Extra Env
+        description: Environment variables to be added to Task container
         path: tower_task_extra_env
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: 
+        path: tower_ee_extra_volume_mounts
+        description: Specify volume mounts to be added to Execution container
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: Tower EE Images
+        description: Registry path to the Execution Environment container to use
+        path: tower_ee_images
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Task Extra Volume Mounts
+        description: Specify volume mounts to be added to Task container
         path: tower_task_extra_volume_mounts
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -305,16 +359,19 @@ spec:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Web Extra Env
+        description: Environment variables to be added to Web container
         path: tower_web_extra_env
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Web Extra Volume Mounts
+        description: Specify volume mounts to be added to Web container
         path: tower_web_extra_volume_mounts
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
       - displayName: Tower Extra Volumes
+        description: Specify extra volumes to add to the application pod
         path: tower_extra_volumes
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
@@ -329,6 +386,11 @@ spec:
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:advanced
         - urn:alm:descriptor:com.tectonic.ui:hidden
+      - displayName: API Extra Settings
+        path: extra_settings
+        x-descriptors:
+        - urn:alm:descriptor:com.tectonic.ui:advanced
+        - urn:alm:descriptor:com.tectonic.ui:hidden
       statusDescriptors:
       - description: Route to access the instance deployed
         displayName: URL
@@ -419,6 +481,7 @@ spec:
           - apps
           resources:
           - deployments/scale
+          - statefulsets/scale
           verbs:
           - patch
         - apiGroups:

deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml

@@ -25,6 +25,15 @@ spec:
               deployment_type:
                 description: Name of the deployment type
                 type: string
+                default: awx
+              kind:
+                description: Kind of the deployment type
+                type: string
+                default: AWX
+              api_version:
+                description: apiVersion of the deployment type
+                type: string
+                default: awx.ansible.com/v1beta1
               development_mode:
                 description: If the deployment should be done in development mode
                 type: boolean
@@ -73,6 +82,9 @@ spec:
               tower_image:
                 description: Registry path to the application container to use
                 type: string
+              tower_image_version:
+                description: Application container image version to use
+                type: string
               tower_image_pull_policy:
                 default: IfNotPresent
                 description: The image pull policy
@@ -103,6 +115,8 @@ spec:
                 - route
                 - LoadBalancer
                 - loadbalancer
+                - NodePort
+                - nodeport
                 type: string
               tower_loadbalancer_annotations:
                 description: Annotations to add to the loadbalancer
@@ -134,25 +148,44 @@ spec:
               tower_postgres_image:
                 description: Registry path to the PostgreSQL container to use
                 type: string
-              tower_postgres_resource_requirements:
-                description: Resource requirements for the PostgreSQL container
+              tower_postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              tower_postgres_selector:
+                description: nodeSelector for the Postgres pods
+                type: string
+              tower_postgres_tolerations:
+                description: node tolerations for the Postgres pods
+                type: string
+              tower_postgres_storage_requirements:
+                description: Storage requirements for the PostgreSQL container
                 properties:
-                  limits:
+                  requests:
                     properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
                       storage:
                         type: string
                     type: object
+                  limits:
+                    properties:
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              tower_postgres_resource_requirements:
+                description: Resource requirements for the PostgreSQL container
+                properties:
                   requests:
                     properties:
                       cpu:
                         type: string
                       memory:
                         type: string
-                      storage:
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
                         type: string
                     type: object
                 type: object
@@ -187,6 +220,9 @@ spec:
               tower_redis_image:
                 description: Registry path to the redis container to use
                 type: string
+              tower_redis_image_version:
+                description: Redis container image version to use
+                type: string
               tower_replicas:
                 default: 1
                 description: Number of instance replicas
@@ -219,8 +255,13 @@ spec:
                   type: string
                 type: array
               tower_task_extra_env:
+                description: Environment variables to be added to Task container
+                type: string
+              tower_ee_extra_volume_mounts:
+                description: Specify volume mounts to be added to Execution container
                 type: string
               tower_task_extra_volume_mounts:
+                description: Specify volume mounts to be added to Task container
                 type: string
               tower_task_privileged:
                 default: false
@@ -260,8 +301,10 @@ spec:
                   type: string
                 type: array
               tower_web_extra_env:
+                description: Environment variables to be added to Web container
                 type: string
               tower_web_extra_volume_mounts:
+                description: Specify volume mounts to be added to web container
                 type: string
               tower_web_resource_requirements:
                 description: Resource requirements for the web container
@@ -285,6 +328,16 @@ spec:
                         type: string
                     type: object
                 type: object
+              extra_settings:
+                description: Extra settings to specify for the API
+                items:
+                  properties:
+                    setting:
+                      type: string
+                    value:
+                      type: string
+                  type: object
+                type: array
             type: object
           status:
             properties:

docs/migration.md

@@ -43,6 +43,12 @@ type: Opaque
 
 > For `host`, a URL resolvable by the cluster could look something like `postgresql.<namespace>.svc.cluster.local`, where `<namespace>` is filled in with the namespace of the AWX deployment you are migrating data from.
 
+If your AWX deployment is already using an external database server or its database is otherwise not managed
+by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
+In the next section pass it in through `tower_postgres_configuration_secret` instead, omitting the `_old_`
+from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
+database and apply any pending migrations. It is strongly recommended to backup your database beforehand.
+
 ## Deploy AWX
 
 When you apply your AWX object, you must specify the name to the database secret you created above:

roles/installer/defaults/main.yml

@@ -1,5 +1,7 @@
 ---
 deployment_type: awx
+kind: '{{ deployment_type | upper }}'
+api_version: '{{ deployment_type }}.ansible.com/v1beta1'
 
 database_name: "{{ deployment_type }}"
 database_username: "{{ deployment_type }}"
@@ -81,13 +83,18 @@ tower_extra_volumes: ''
 
 # Use these image versions for Ansible AWX.
 
-tower_image: quay.io/ansible/awx:19.0.0
+tower_image: quay.io/ansible/awx
+tower_image_version: 19.1.0
+tower_redis_image: docker.io/redis
+tower_redis_image_version: latest
+tower_postgres_image: postgres
+tower_postgres_image_version: 12
 tower_image_pull_policy: IfNotPresent
 tower_image_pull_secret: ''
 
 tower_ee_images:
-  - name: AWX EE 0.1.1
-    image: quay.io/ansible/awx-ee:0.1.1
+  - name: AWX EE 0.2.0
+    image: quay.io/ansible/awx-ee:0.2.0
 
 tower_create_preload_data: true
 
@@ -126,13 +133,29 @@ tower_web_extra_env: ''
 #     mountPath: /some/path
 tower_task_extra_volume_mounts: ''
 tower_web_extra_volume_mounts: ''
+tower_ee_extra_volume_mounts: ''
 
-tower_redis_image: redis:latest
+# Add a nodeSelector for the Postgres pods.
+# It must match a node's labels for the pod to be scheduled on that node.
+# Specify as literal block. E.g.:
+# tower_postgres_selector: |
+#   disktype: ssd
+#   kubernetes.io/arch: amd64
+#   kubernetes.io/os: linux
+tower_postgres_selector: ''
 
-tower_postgres_image: postgres:12
-tower_postgres_resource_requirements:
+# Add node tolerations for the Postgres pods.
+# Specify as literal block. E.g.:
+# tower_postgres_tolerations: |
+#   - key: "dedicated"
+#     operator: "Equal"
+#     value: "AWX"
+#     effect: "NoSchedule"
+tower_postgres_tolerations: ''
+tower_postgres_storage_requirements:
   requests:
     storage: 8Gi
+tower_postgres_resource_requirements: {}
 tower_postgres_storage_class: ''
 tower_postgres_data_path: '/var/lib/postgresql/data/pgdata'
 

roles/installer/tasks/database_configuration.yml

@@ -64,12 +64,42 @@
   set_fact:
     pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}'
 
-- name: Create Database if no database is specified
-  k8s:
-    apply: true
-    definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
-  when:
-    - pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
+- block:
+    - name: Create Database if no database is specified
+      k8s:
+        apply: true
+        definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
+      register: create_statefulset_result
+
+  rescue:
+    - name: Scale down Deployment for migration
+      include_tasks: scale_down_deployment.yml
+
+    - name: Scale down PostgreSQL statefulset for migration
+      community.kubernetes.k8s_scale:
+        api_version: apps/v1
+        kind: StatefulSet
+        name: "{{ meta.name }}-postgres"
+        namespace: "{{ meta.namespace }}"
+        replicas: 0
+        wait: yes
+
+    - name: Remove PostgreSQL statefulset for upgrade
+      k8s:
+        state: absent
+        api_version: apps/v1
+        kind: StatefulSet
+        name: "{{ meta.name }}-postgres"
+        namespace: "{{ meta.namespace }}"
+        wait: yes
+      when: create_statefulset_result.error == 422
+
+    - name: Recreate PostgreSQL statefulset with updated values
+      k8s:
+        apply: true
+        definition: "{{ lookup('template', 'tower_postgres.yaml.j2') }}"
+  when: pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed'
+
 
 - name: Store Database Configuration
   set_fact:
@@ -78,6 +108,7 @@
     awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}"
     awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
     awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
+    awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] |  default('prefer'|b64encode) | b64decode }}"
 
 - name: Look up details for this deployment
   k8s_info:

roles/installer/tasks/main.yml

@@ -3,8 +3,8 @@
   k8s:
     state: present
     definition:
-      apiVersion: awx.ansible.com/v1beta1
-      kind: AWX
+      apiVersion: '{{ api_version }}'
+      kind: '{{ kind }}'
       name: '{{ meta.name }}'
       namespace: '{{ meta.namespace }}'
       metadata:
@@ -13,12 +13,8 @@
         labels:
           app.kubernetes.io/name: '{{ meta.name }}'
           app.kubernetes.io/part-of: '{{ meta.name }}'
-          app.kubernetes.io/managed-by: awx-operator
-          app.kubernetes.io/component: awx
-
-- name: Get current version
-  set_fact:
-    tower_image_version: "{{ tower_image.split(':')[1] }}"
+          app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+          app.kubernetes.io/component: '{{ deployment_type }}'
 
 - name: Include secret key configuration tasks
   include_tasks: secret_key_configuration.yml
@@ -43,47 +39,8 @@
     - tower_ingress_type | lower == 'route'
     - tower_route_tls_secret != ''
 
-- name: Ensure configured instance resources exist in the cluster.
-  k8s:
-    apply: yes
-    definition: "{{ lookup('template', item) | from_yaml_all | list }}"
-  with_items:
-    - tower_config.yaml.j2
-
-- name: Apply Resources
-  k8s:
-    apply: yes
-    definition: "{{ lookup('template', item + '.yaml.j2') }}"
-  register: tower_deployment_result
-  loop:
-    - 'tower_app_credentials'
-    - 'tower_service_account'
-    - 'tower_persistent'
-    - 'tower_deployment'
-    - 'tower_service'
-    - 'tower_ingress'
-
-- name: Get the resource pod information.
-  k8s_info:
-    kind: Pod
-    namespace: '{{ meta.namespace }}'
-    label_selectors:
-      - "app.kubernetes.io/name={{ meta.name }}"
-      - "app.kubernetes.io/managed-by=awx-operator"
-      - "app.kubernetes.io/component=awx"
-  register: tower_pods
-  until: "tower_pods['resources'][0]['status']['phase'] == 'Running'"
-  delay: 5
-  retries: 60
-
-- name: Set the resource pod name as a variable.
-  set_fact:
-    tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] }}"
-
-- name: Verify the resource pod name is populated.
-  assert:
-    that: tower_pod_name != ''
-    fail_msg: "Could not find the tower pod's name."
+- name: Include resources configuration tasks
+  include_tasks: resources_configuration.yml
 
 - name: Check for pending migrations
   k8s_exec:
@@ -107,7 +64,8 @@
     - database_check is defined
     - (database_check.stdout|trim) != '0'
 
-- include_tasks: initialize.yml
+- name: Initialize Django
+  include_tasks: initialize_django.yml
 
 - name: Update status variables
   include_tasks: update_status.yml

roles/installer/tasks/migrate_data.yml

@@ -12,10 +12,11 @@
   k8s_info:
     kind: Pod
     namespace: '{{ meta.namespace }}'
-    label_selectors:
-      - "app.kubernetes.io/name={{ meta.name }}-postgres"
+    name: '{{ meta.name }}-postgres-0'  # using name to keep compatibility
+    field_selectors:
+      - status.phase=Running
   register: postgres_pod
-  until: "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
+  until: postgres_pod['resources'] | length
   delay: 5
   retries: 60
 
@@ -23,22 +24,8 @@
   set_fact:
     postgres_pod_name: "{{ postgres_pod['resources'][0]['metadata']['name'] }}"
 
-- name: Check for presence of Deployment
-  k8s_info:
-    api_version: v1
-    kind: Deployment
-    name: "{{ meta.name }}"
-    namespace: "{{ meta.namespace }}"
-  register: tower_deployment
-
 - name: Scale down Deployment for migration
-  k8s_scale:
-    api_version: v1
-    kind: Deployment
-    name: "{{ meta.name }}"
-    namespace: "{{ meta.namespace }}"
-    replicas: 0
-  when: tower_deployment['resources'] | length
+  include_tasks: scale_down_deployment.yml
 
 - name: Set pg_dump command
   set_fact:

roles/installer/tasks/resources_configuration.yml

@@ -0,0 +1,80 @@
+---
+
+- name: Get the current resource pod information.
+  k8s_info:
+    api_version: v1
+    kind: Pod
+    namespace: '{{ meta.namespace }}'
+    label_selectors:
+      - "app.kubernetes.io/name={{ meta.name }}"
+      - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
+      - "app.kubernetes.io/component={{ deployment_type }}"
+    field_selectors:
+      - status.phase=Running
+  register: tower_pods
+
+- name: Set the resource pod name as a variable.
+  set_fact:
+    tower_pod_name: "{{ tower_pods['resources'][0]['metadata']['name'] | default('') }}"
+
+- name: Apply Resources
+  k8s:
+    apply: yes
+    definition: "{{ lookup('template', item + '.yaml.j2') }}"
+    wait: yes
+  register: tower_resources_result
+  loop:
+    - 'tower_config'
+    - 'tower_app_credentials'
+    - 'tower_service_account'
+    - 'tower_persistent'
+    - 'tower_service'
+    - 'tower_ingress'
+
+- name: Apply deployment resources
+  k8s:
+    apply: yes
+    definition: "{{ lookup('template', 'tower_deployment.yaml.j2') }}"
+    wait: yes
+  register: tower_deployment_result
+
+- block:
+    - name: Delete pod to reload a resource configuration
+      k8s:
+        api_version: v1
+        state: absent
+        kind: Pod
+        namespace: '{{ meta.namespace }}'
+        name: '{{ tower_pod_name }}'
+        wait: yes
+      when:
+        - tower_resources_result.changed
+        - tower_pod_name | length
+
+    - name: Get the new resource pod information after updating resource.
+      k8s_info:
+        kind: Pod
+        namespace: '{{ meta.namespace }}'
+        label_selectors:
+          - "app.kubernetes.io/name={{ meta.name }}"
+          - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
+          - "app.kubernetes.io/component={{ deployment_type }}"
+        field_selectors:
+          - status.phase=Running
+      register: _new_pod
+      until:
+        - _new_pod['resources'] | length
+        - _new_pod['resources'][0]['metadata']['name'] != tower_pod_name
+      delay: 5
+      retries: 60
+
+    - name: Update new resource pod name as a variable.
+      set_fact:
+        tower_pod_name: '{{ _new_pod["resources"][0]["metadata"]["name"] }}'
+  when:
+    - tower_resources_result.changed or tower_deployment_result.changed
+
+- name: Verify the resource pod name is populated.
+  assert:
+    that: tower_pod_name != ''
+    fail_msg: "Could not find the tower pod's name."

roles/installer/tasks/scale_down_deployment.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Check for presence of Deployment
+  k8s_info:
+    api_version: v1
+    kind: Deployment
+    name: "{{ meta.name }}"
+    namespace: "{{ meta.namespace }}"
+  register: tower_deployment
+
+- name: Scale down Deployment for migration
+  community.kubernetes.k8s_scale:
+    api_version: v1
+    kind: Deployment
+    name: "{{ meta.name }}"
+    namespace: "{{ meta.namespace }}"
+    replicas: 0
+    wait: yes
+  when: tower_deployment['resources'] | length

roles/installer/tasks/update_status.yml

@@ -1,9 +1,4 @@
 ---
-- name: Set apiVersion and kind variables
-  set_fact:
-    api_version: '{{ hostvars["localhost"]["inventory_file"].split("/")[4:6] | join("/")  }}'
-    kind: '{{ hostvars["localhost"]["inventory_file"].split("/")[6]  }}'
-
 - name: Update admin password status
   operator_sdk.util.k8s_status:
     api_version: '{{ api_version }}'

roles/installer/templates/credentials.py.j2

@@ -4,10 +4,10 @@ DATABASES = {
         'ENGINE': 'awx.main.db.profiled_pg',
         'NAME': "{{ awx_postgres_database }}",
         'USER': "{{ awx_postgres_user }}",
-        'PASSWORD': "{{ awx_postgres_pass | quote }}",
+        'PASSWORD': "{{ awx_postgres_pass }}",
         'HOST': '{{ awx_postgres_host }}',
         'PORT': "{{ awx_postgres_port }}",
-        'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}',
+        'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
                      'sslrootcert': '{{ ca_trust_bundle }}',
         },
     }

roles/installer/templates/execution_environments.py.j2

@@ -1,5 +1,5 @@
 DEFAULT_EXECUTION_ENVIRONMENTS = [
 {% for item in tower_ee_images %}
-    {'name': '{{ item.name }}' , 'image': '{{ item.image }}'}
+    {'name': '{{ item.name }}' , 'image': '{{ item.image }}'},
 {% endfor %}
 ]

roles/installer/templates/tower_admin_password_secret.yaml.j2

@@ -7,7 +7,7 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 stringData:
   password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'

roles/installer/templates/tower_app_credentials.yaml.j2

@@ -8,8 +8,8 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 data:
   credentials.py: "{{ lookup('template', 'credentials.py.j2') | b64encode }}"
   ldap.py: "{{ lookup('template', 'ldap.py.j2') | b64encode }}"

roles/installer/templates/tower_broadcast_websocket_secret.yaml.j2

@@ -7,7 +7,7 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 stringData:
   secret: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'

roles/installer/templates/tower_config.yaml.j2

@@ -8,8 +8,8 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 data:
   environment: |
     AWX_SKIP_MIGRATIONS=true
@@ -77,7 +77,6 @@ data:
     LOGGING['loggers']['social']['handlers'] = ['console']
     LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
     LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
-    LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
     LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
     LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
     LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
@@ -89,6 +88,10 @@ data:
     BROADCAST_WEBSOCKET_PORT = 8052
     BROADCAST_WEBSOCKET_PROTOCOL = 'http'
 
+{% for item in extra_settings | default([]) %}
+    {{ item.setting }} = {{ item.value }}
+{% endfor %}
+
   nginx_conf: |
     worker_processes  1;
     pid        /tmp/nginx.pid;

roles/installer/templates/tower_deployment.yaml.j2

@@ -9,23 +9,23 @@ metadata:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/version: '{{ tower_image_version }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 spec:
   replicas: {{ tower_replicas }}
   selector:
     matchLabels:
       app.kubernetes.io/name: '{{ meta.name }}'
-      app.kubernetes.io/managed-by: awx-operator
-      app.kubernetes.io/component: awx
+      app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+      app.kubernetes.io/component: '{{ deployment_type }}'
   template:
     metadata:
       labels:
         app.kubernetes.io/name: '{{ meta.name }}'
         app.kubernetes.io/version: '{{ tower_image_version }}'
         app.kubernetes.io/part-of: '{{ meta.name }}'
-        app.kubernetes.io/managed-by: awx-operator
-        app.kubernetes.io/component: awx
+        app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+        app.kubernetes.io/component: '{{ deployment_type }}'
     spec:
       serviceAccountName: '{{ meta.name }}'
 {% if tower_image_pull_secret %}
@@ -33,7 +33,8 @@ spec:
         - name: {{ tower_image_pull_secret }}
 {% endif %}
       containers:
-        - image: '{{ tower_redis_image }}'
+        - image: '{{ tower_redis_image }}:{{ tower_redis_image_version }}'
+          imagePullPolicy: '{{ tower_image_pull_policy }}'
           name: redis
           args: ["redis-server", "/etc/redis.conf"]
           volumeMounts:
@@ -45,7 +46,7 @@ spec:
               mountPath: "/var/run/redis"
             - name: "{{ meta.name }}-redis-data"
               mountPath: "/data"
-        - image: '{{ tower_image }}'
+        - image: '{{ tower_image }}:{{ tower_image_version }}'
           name: '{{ meta.name }}-web'
 {% if tower_web_command %}
           command: {{ tower_web_command }}
@@ -61,7 +62,16 @@ spec:
 {% endif %}
           volumeMounts:
             - name: "{{ meta.name }}-application-credentials"
-              mountPath: "/etc/tower/conf.d/"
+              mountPath: "/etc/tower/conf.d/execution_environments.py"
+              subPath: execution_environments.py
+              readOnly: true
+            - name: "{{ meta.name }}-application-credentials"
+              mountPath: "/etc/tower/conf.d/credentials.py"
+              subPath: credentials.py
+              readOnly: true
+            - name: "{{ meta.name }}-application-credentials"
+              mountPath: "/etc/tower/conf.d/ldap.py"
+              subPath: ldap.py
               readOnly: true
 {% if tower_ingress_type | lower == 'route' and tower_route_tls_termination_mechanism | lower == 'passthrough' %}
             - name: "{{ meta.name }}-nginx-certs"
@@ -94,6 +104,8 @@ spec:
               mountPath: "/var/run/awx-rsyslog"
             - name: rsyslog-dir
               mountPath: "/var/lib/awx/rsyslog"
+            - name: "{{ meta.name }}-projects"
+              mountPath: "/var/lib/awx/projects"
 {% if development_mode | bool %}
             - name: awx-devel
               mountPath: "/awx_devel"
@@ -114,7 +126,7 @@ spec:
             {{ tower_web_extra_env | indent(width=12, indentfirst=True) }}
 {% endif %}
           resources: {{ tower_web_resource_requirements }}
-        - image: '{{ tower_image }}'
+        - image: '{{ tower_image }}:{{ tower_image_version }}'
           name: '{{ meta.name }}-task'
           imagePullPolicy: '{{ tower_image_pull_policy }}'
 {% if tower_task_privileged == true %}
@@ -129,7 +141,16 @@ spec:
 {% endif %}
           volumeMounts:
             - name: "{{ meta.name }}-application-credentials"
-              mountPath: "/etc/tower/conf.d/"
+              mountPath: "/etc/tower/conf.d/execution_environments.py"
+              subPath: execution_environments.py
+              readOnly: true
+            - name: "{{ meta.name }}-application-credentials"
+              mountPath: "/etc/tower/conf.d/credentials.py"
+              subPath: credentials.py
+              readOnly: true
+            - name: "{{ meta.name }}-application-credentials"
+              mountPath: "/etc/tower/conf.d/ldap.py"
+              subPath: ldap.py
               readOnly: true
             - name: "{{ secret_key_secret_name }}"
               mountPath: /etc/tower/SECRET_KEY
@@ -196,6 +217,9 @@ spec:
               mountPath: "/var/run/receptor"
             - name: "{{ meta.name }}-projects"
               mountPath: "/var/lib/awx/projects"
+{% if tower_ee_extra_volume_mounts -%}
+            {{ tower_ee_extra_volume_mounts | indent(width=12, indentfirst=True) }}
+{% endif %}
 {% if development_mode | bool %}
           env:
             - name: SDB_NOTIFY_HOST

roles/installer/templates/tower_ingress.yaml.j2

@@ -8,8 +8,8 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 {% if tower_ingress_annotations %}
   annotations:
     {{ tower_ingress_annotations | indent(width=4) }}
@@ -41,8 +41,8 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 spec:
 {% if tower_route_host != '' %}
   host: {{ tower_route_host }}

roles/installer/templates/tower_persistent.yaml.j2

@@ -7,8 +7,8 @@ metadata:
   labels:
    app.kubernetes.io/name: '{{ meta.name }}'
    app.kubernetes.io/part-of: '{{ meta.name }}'
-   app.kubernetes.io/managed-by: awx-operator
-   app.kubernetes.io/component: awx
+   app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+   app.kubernetes.io/component: '{{ deployment_type }}'
 spec:
   accessModes:
     - {{ tower_projects_storage_access_mode }}

roles/installer/templates/tower_postgres.yaml.j2

@@ -1,6 +1,6 @@
 # Postgres StatefulSet.
 ---
-apiVersion: v1
+apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: '{{ meta.name }}-postgres'
@@ -8,13 +8,13 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}-postgres'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
     app.kubernetes.io/component: database
 spec:
   selector:
     matchLabels:
       app.kubernetes.io/name: '{{ meta.name }}-postgres'
-      app.kubernetes.io/managed-by: awx-operator
+      app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
       app.kubernetes.io/component: database
   serviceName: '{{ meta.name }}'
   replicas: 1
@@ -25,13 +25,31 @@ spec:
       labels:
         app.kubernetes.io/name: '{{ meta.name }}-postgres'
         app.kubernetes.io/part-of: '{{ meta.name }}'
-        app.kubernetes.io/managed-by: awx-operator
+        app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
         app.kubernetes.io/component: database
     spec:
       containers:
-        - image: '{{ tower_postgres_image }}'
+        - image: '{{ tower_postgres_image }}:{{ tower_postgres_image_version }}'
           name: postgres
           env:
+            # For tower_postgres_image based on rhel8/postgresql-12
+            - name: POSTGRESQL_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: '{{ meta.name }}-postgres-configuration'
+                  key: database
+            - name: POSTGRESQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: '{{ meta.name }}-postgres-configuration'
+                  key: username
+            - name: POSTGRESQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: '{{ meta.name }}-postgres-configuration'
+                  key: password
+
+            # For tower_postgres_image based on postgres
             - name: POSTGRES_DB
               valueFrom:
                 secretKeyRef:
@@ -60,6 +78,15 @@ spec:
             - name: postgres
               mountPath: '{{ tower_postgres_data_path | dirname }}'
               subPath: '{{ tower_postgres_data_path | dirname | basename }}'
+          resources: {{ tower_postgres_resource_requirements }}
+{% if tower_postgres_selector %}
+      nodeSelector:
+        {{ tower_postgres_selector | indent(width=8) }}
+{% endif %}
+{% if tower_postgres_tolerations %}
+      tolerations:
+        {{ tower_postgres_tolerations | indent(width=8) }}
+{% endif %}
   volumeClaimTemplates:
     - metadata:
         name: postgres
@@ -69,7 +96,7 @@ spec:
 {% if tower_postgres_storage_class != '' %}
         storageClassName: '{{ tower_postgres_storage_class }}'
 {% endif %}
-        resources: {{ tower_postgres_resource_requirements }}
+        resources: {{ tower_postgres_storage_requirements }}
 
 # Postgres Service.
 ---
@@ -81,7 +108,7 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}-postgres'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
     app.kubernetes.io/component: database
 spec:
   ports:
@@ -89,5 +116,5 @@ spec:
   clusterIP: None
   selector:
     app.kubernetes.io/name: '{{ meta.name }}-postgres'
-    app.kubernetes.io/managed-by: awx-operator
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
     app.kubernetes.io/component: database

roles/installer/templates/tower_postgres_secret.yaml.j2

@@ -8,8 +8,8 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 stringData:
   password: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'
   username: '{{ database_username }}'

roles/installer/templates/tower_secret_key.yaml.j2

@@ -7,7 +7,7 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 stringData:
   secret_key: '{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}'

roles/installer/templates/tower_service.yaml.j2

@@ -7,9 +7,9 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
-{% if tower_ingress_type | lower == 'loadbalancer' %}
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
+{% if tower_ingress_type | lower == 'loadbalancer' and tower_loadbalancer_annotations %}
   annotations:
     {{ tower_loadbalancer_annotations | indent(width=4) }}
 {% endif %}
@@ -40,10 +40,12 @@ spec:
 {% endif %}
   selector:
     app.kubernetes.io/name: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 {% if tower_ingress_type | lower == "loadbalancer" %}
   type: LoadBalancer
 {% elif tower_ingress_type != "none" %}
   type: NodePort
+{% else %}
+  type: ClusterIP
 {% endif %}

roles/installer/templates/tower_service_account.yaml.j2

@@ -7,8 +7,8 @@ metadata:
   labels:
     app.kubernetes.io/name: '{{ meta.name }}'
     app.kubernetes.io/part-of: '{{ meta.name }}'
-    app.kubernetes.io/managed-by: awx-operator
-    app.kubernetes.io/component: awx
+    app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
+    app.kubernetes.io/component: '{{ deployment_type }}'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role