Upgrade to Operator SDK v1.22.2 (#1001 )

* Upgrade to Operator SDK 1.16.0 * Upgrade Operator SDK to v1.22.2 & bump base image version
Merge pull request #1029 from shanemcd/delete-logging-code
2026-03-27 22:03:11 +00:00 · 2022-08-22 18:54:56 -04:00 · 2022-08-22 11:48:05 -04:00 · 2022-08-22 10:56:37 -04:00 · 2022-08-19 13:25:33 -04:00 · 2022-08-18 19:10:54 -04:00
220 changed files with 8211 additions and 4546 deletions
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Community Code of Conduct
+
+Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,125 @@
+---
+name: Bug Report
+description: "🐞 Create a report to help us improve"
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Bug Report issues are for **concrete, actionable bugs** only.
+        For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Please confirm the following
+      options:
+        - label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+          required: true
+        - label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
+          required: true
+        - label: I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.
+          required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Bug Summary
+      description: Briefly describe the problem.
+    validations:
+      required: false
+
+  - type: input
+    id: awx-operator-version
+    attributes:
+      label: AWX Operator version
+      description: What version of the AWX Operator are you running?
+    validations:
+      required: true
+
+  - type: input
+    id: awx-version
+    attributes:
+      label: AWX version
+      description: What version of AWX are you running?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: platform
+    attributes:
+      label: Kubernetes platform
+      description: What platform did you install the Operator in?
+      multiple: false
+      options:
+        - kubernetes
+        - minikube
+        - openshift
+        - minishift
+        - docker development environment
+        - other (please specify in additional information)
+    validations:
+      required: true
+
+  - type: input
+    id: kube-version
+    attributes:
+      label: Kubernetes/Platform version
+      description: What version of your platform/kuberneties are you using?
+    validations:
+      required: true
+
+  - type: dropdown
+    id: modified-architecture
+    attributes:
+      label: Modifications
+      description: >-
+       Have you modified the installation, deployment topology, or container images in any way? If yes, please
+       explain in the "additional information" field at the bottom of the form.
+      multiple: false
+      options:
+        - "no"
+        - "yes"
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps-to-reproduce
+    attributes:
+      label: Steps to reproduce
+      description: >-
+        Starting from a new installation of the system, describe exactly how a developer or quality engineer can reproduce the bug
+        on infrastructure that isn't yours. Include any and all resources created, input values, test users, roles assigned, playbooks used, etc.
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected-results
+    attributes:
+      label: Expected results
+      description: What did you expect to happpen when running the steps above?
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual-results
+    attributes:
+      label: Actual results
+      description: What actually happened?
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: Additional information
+      description: Include any relevant log output, links to sosreport, database dumps, screenshots, AWX spec yaml, or other information.
+    validations:
+      required: false
+
+  - type: textarea
+    id: operator-logs
+    attributes:
+      label: Operator Logs
+      description: Include any relevant logs generated by the operator.
+    validations:
+      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,12 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: For debugging help or technical support
+    url: https://github.com/ansible/awx-operator#get-involved
+    about: For general debugging or technical support please see the Get Involved section of our readme.
+  - name: 📝 Ansible Code of Conduct
+    url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
+    about: AWX uses the Ansible Code of Conduct; ❤ Be nice to other members of the community. ☮ Behave.
+  - name: 💼 For Enterprise
+    url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser
+    about: Red Hat offers support for the Ansible Automation Platform
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,29 @@
+---
+name: ✨ Feature request
+description: Suggest an idea for this project
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Feature Request issues are for **feature requests** only.
+        For debugging help or technical support, please see the [Get Involved section of our README](https://github.com/ansible/awx-operator#get-involved)
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Please confirm the following
+      options:
+        - label: I agree to follow this project's [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
+          required: true
+        - label: I have checked the [current issues](https://github.com/ansible/awx-operator/issues) for duplicates.
+          required: true
+        - label: I understand that AWX Operator is open source software provided for free and that I might not receive a timely response.
+          required: true
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Feature Summary
+      description: Briefly describe the desired enhancement.
+    validations:
+      required: true
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,26 @@
+##### SUMMARY
+<!--- Describe the change, including rationale and design decisions -->
+
+<!---
+If you are fixing an existing issue, please include "fixes #nnn" in your
+commit message and your description; but you should still explain what
+the change does.
+-->
+
+##### ISSUE TYPE
+<!--- Pick one below and delete the rest: -->
+ - Breaking Change 
+ - New or Enhanced Feature
+ - Bug, Docs Fix or other nominal change
+
+##### ADDITIONAL INFORMATION
+<!---
+Include additional information to help people understand the change here.
+For bugs that don't have a linked bug report, a step-by-step reproduction
+of the problem is helpful.
+-->
+
+<!--- Paste verbatim command output below, e.g. before and after your change -->
+```
+
+```
--- a/.github/issue_labeler.yml
+++ b/.github/issue_labeler.yml
@@ -0,0 +1,3 @@
+---
+needs_triage:
+  - '.*'
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -10,9 +10,9 @@ on:
    branches: [devel]

 jobs:
-  pull_request:
+  molecule:
    runs-on: ubuntu-18.04
-    name: pull_request
+    name: molecule
    env:
      DOCKER_API_VERSION: "1.38"
    steps:
@@ -24,21 +24,61 @@ jobs:

      - name: Install Dependencies
        run: |
-          pip install \
-            molecule \
-            molecule-docker \
-            yamllint \
-            ansible-lint \
-            openshift \
-            jmespath \
-            ansible
+          pip install -r molecule/requirements.txt

      - name: Install Collections
        run: |
-         ansible-galaxy collection install community.kubernetes operator_sdk.util
+          ansible-galaxy collection install -r molecule/requirements.yml

      - name: Run Molecule
        env:
          MOLECULE_VERBOSITY: 3
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
        run: |
-          molecule test -s test-local
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+  helm:
+    runs-on: ubuntu-18.04
+    name: helm
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Create k8s Kind Cluster
+        uses: helm/kind-action@v1.2.0
+
+      - name: Build operator image and load into kind
+        run: |
+          IMG=awx-operator-ci make docker-build
+          kind load docker-image --name chart-testing awx-operator-ci
+
+      - name: Patch pull policy for tests
+        run: |
+          kustomize edit add patch --path ../testing/pull_policy/Never.yaml
+        working-directory: config/default
+
+      - name: Build and lint helm chart
+        run: |
+          IMG=awx-operator-ci make helm-chart
+          helm lint ./charts/awx-operator
+
+      - name: Install kubeval
+        run: |
+          mkdir tmp && cd tmp
+          wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
+          tar xf kubeval-linux-amd64.tar.gz
+          sudo cp kubeval /usr/local/bin
+        working-directory: ./charts
+
+      - name: Run kubeval
+        run: |
+          helm template -n awx awx-operator > tmp/test.yaml
+          kubeval --strict --force-color --ignore-missing-schemas tmp/test.yaml
+        working-directory: ./charts
+
+      - name: Install helm chart
+        run: |
+          helm install --wait my-awx-operator --namespace awx --create-namespace ./charts/awx-operator
--- a/.github/workflows/devel.yaml
+++ b/.github/workflows/devel.yaml
@@ -13,16 +13,9 @@ jobs:
    steps:
      - uses: actions/checkout@v2

-      - name: Install Operator-SDK
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
-          chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-
      - name: Build Image
        run: |
-          operator-sdk build awx-operator:devel
+          IMG=awx-operator:devel make docker-build

      - name: Push To Quay
        uses: redhat-actions/push-to-registry@v2.1.1
@@ -30,5 +23,5 @@ jobs:
          image: awx-operator
          tags: devel
          registry: quay.io/ansible/
-          username: ${{ secrets.QUAY_USERNAME }}
+          username: ${{ secrets.QUAY_USER }}
          password: ${{ secrets.QUAY_TOKEN }}
--- a/.github/workflows/pr_body_check.yml
+++ b/.github/workflows/pr_body_check.yml
@@ -0,0 +1,45 @@
+---
+name: PR Check
+env:
+  BRANCH: ${{ github.base_ref || 'devel' }}
+on:
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+jobs:
+  pr-check:
+    name: Scan PR description for semantic versioning keywords
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Write PR body to a file
+        run: |
+          cat >> pr.body << __SOME_RANDOM_PR_EOF__
+          ${{ github.event.pull_request.body }}
+          __SOME_RANDOM_PR_EOF__
+
+      - name: Display the received body for troubleshooting
+        run: cat pr.body
+
+      # We want to write these out individually just incase the options were joined on a single line
+      - name: Check for each of the lines
+        run: |
+          grep "Bug, Docs Fix or other nominal change" pr.body > Z
+          grep "New or Enhanced Feature" pr.body > Y
+          grep "Breaking Change" pr.body > X
+          exit 0
+        # We exit 0 and set the shell to prevent the returns from the greps from failing this step
+        # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+        shell: bash {0}
+
+      - name: Check for exactly one item
+        run: |
+          if [ $(cat X Y Z | wc -l) != 1 ] ; then
+            echo "The PR body must contain exactly one of [ 'Bug, Docs Fix or other nominal change', 'New or Enhanced Feature', 'Breaking Change' ]"
+            echo "We counted $(cat X Y Z | wc -l)"
+            echo "See the default PR body for examples"
+            exit 255;
+          else
+            exit 0;
+          fi
--- a/.github/workflows/promote.yaml
+++ b/.github/workflows/promote.yaml
@@ -0,0 +1,40 @@
+---
+name: Promote AWX Operator image
+on:
+  release:
+    types: [published]
+
+jobs:
+  promote:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Log in to Quay
+        run: |
+          echo ${{ secrets.QUAY_TOKEN }} | docker login quay.io -u ${{ secrets.QUAY_USER }} --password-stdin
+
+      - name: Re-tag and promote awx-operator image
+        run: |
+          docker pull ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest
+          docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }}
+          docker push quay.io/${{ github.repository }}:latest
+
+      - name: Configure git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Release Helm chart
+        run: |
+          ansible-playbook ansible/helm-release.yml -v \
+            -e operator_image=quay.io/${{ github.repository }} \
+            -e chart_owner=${{ github.repository_owner }} \
+            -e tag=${{ github.event.release.tag_name }} \
+            -e gh_token=${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,35 +0,0 @@
---
-
-name: Release
-
-on:
-  release:
-    types:
-      - created
-
-jobs:
-  release:
-    runs-on: ubuntu-18.04
-    name: Push tagged image to Quay
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Install Operator-SDK
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/bin
-          wget -O $GITHUB_WORKSPACE/bin/operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.19.4/operator-sdk-v0.19.4-x86_64-linux-gnu
-          chmod +x $GITHUB_WORKSPACE/bin/operator-sdk
-          echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-
-      - name: Build Image
-        run: |
-          operator-sdk build awx-operator:${{ github.event.release.tag_name }}
-
-      - name: Push To Quay
-        uses: redhat-actions/push-to-registry@v2.1.1
-        with:
-          image: awx-operator
-          tags: ${{ github.event.release.tag_name }}
-          registry: quay.io/ansible/
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_TOKEN }}
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -0,0 +1,85 @@
+---
+name: Stage Release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to stage'
+        required: true
+      default_awx_version:
+        description: 'Will be injected as the DEFAULT_AWX_VERSION build arg.'
+        required: true
+      confirm:
+        description: 'Are you sure? Set this to yes.'
+        required: true
+        default: 'no'
+
+jobs:
+  stage:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+    steps:
+      - name: Verify inputs
+        run: |
+          set -e
+
+          if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
+            >&2 echo "Confirm must be 'yes'"
+            exit 1
+          fi
+
+          if [[ ${{ github.event.inputs.version }} == "" ]]; then
+            >&2 echo "Set version to continue."
+            exit 1
+          fi
+
+          exit 0
+
+      - name: Checkout awx
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx
+          path: awx
+
+      - name: Checkout awx-operator
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository_owner }}/awx-operator
+          path: awx-operator
+
+      - name: Install playbook dependencies
+        run: |
+          python3 -m pip install docker
+
+      - name: Log in to GHCR
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Build and stage awx-operator
+        working-directory: awx-operator
+        run: |
+          BUILD_ARGS="--build-arg DEFAULT_AWX_VERSION=${{ github.event.inputs.default_awx_version }} \
+                      --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
+          IMAGE_TAG_BASE=ghcr.io/${{ github.repository_owner }}/awx-operator \
+          VERSION=${{ github.event.inputs.version }} make docker-build docker-push
+
+      - name: Run test deployment
+        working-directory: awx-operator
+        run: |
+          python3 -m pip install -r molecule/requirements.txt
+          ansible-galaxy collection install -r molecule/requirements.yml
+          sudo rm -f $(which kustomize)
+          make kustomize
+          KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+        env:
+          AWX_TEST_VERSION: ${{ github.event.inputs.default_awx_version }}
+
+      - name: Create draft release
+        working-directory: awx
+        run: |
+          ansible-playbook tools/ansible/stage.yml \
+            -e version=${{ github.event.inputs.version }} \
+            -e repo=${{ github.repository_owner }}/awx-operator \
+            -e github_token=${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/triage_new.yml
+++ b/.github/workflows/triage_new.yml
@@ -0,0 +1,22 @@
+---
+name: Triage
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    name: Label
+
+    steps:
+      - name: Label issues
+        uses: github/issue-labeler@v2.4.1
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          not-before: 2021-12-07T07:00:00Z
+          configuration-path: .github/issue_labeler.yml
+          enable-versioned-regex: 0
+        if: github.event_name == 'issues'
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,9 @@
 *~
 .cache/
+/bin
+/bundle
+/bundle_tmp*
+/bundle.Dockerfile
+/charts
+/.cr-release-packages
+.vscode/
--- a/.helm/starter/.helmignore
+++ b/.helm/starter/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/.helm/starter/Chart.yaml
+++ b/.helm/starter/Chart.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v2
+appVersion: 0.1.0
+description: A Helm chart for Kubernetes
+name: starter
+type: application
+version: 0.1.0
--- a/.helm/starter/README.md
+++ b/.helm/starter/README.md
@@ -0,0 +1,56 @@
+# AWX Operator Helm Chart
+
+This chart installs the AWX Operator resources configured in [this](https://github.com/ansible/awx-operator) repository. 
+
+## Getting Started
+To configure your AWX resource using this chart, create your own `yaml` values file. The name is up to personal preference since it will explicitly be passed into the helm chart. Helm will merge whatever values you specify in your file with the default `values.yaml`, overriding any settings you've changed while allowing you to fall back on defaults. Because of this functionality, `values.yaml` should not be edited directly.
+
+In your values config, enable `AWX.enable` and add `AWX.spec` values based on the awx operator's [documentation](https://github.com/ansible/awx-operator/blob/devel/README.md). Consult the docs below for additional functionality.
+
+### Installing
+The operator's [helm install](https://github.com/ansible/awx-operator/blob/devel/README.md#helm-install-on-existing-cluster) guide provides key installation instructions. 
+
+Example:
+```
+helm install my-awx-operator awx-operator/awx-operator -n awx --create-namespace -f myvalues.yaml
+```
+
+Argument breakdown:
+* `-f` passes in the file with your custom values
+* `-n` sets the namespace to be installed in
+  * This value is accessed by `{{ $.Release.Namespace }}` in the templates
+  * Acts as the default namespace for all unspecified resources
+* `--create-namespace` specifies that helm should create the namespace before installing
+
+To update an existing installation, use `helm upgrade` instead of `install`. The rest of the syntax remains the same.
+
+## Configuration
+The goal of adding helm configurations is to abstract out and simplify the creation of multi-resource configs. The `AWX.spec` field maps directly to the spec configs of the `AWX` resource that the operator provides, which are detailed in the [main README](https://github.com/ansible/awx-operator/blob/devel/README.md). Other sub-config can be added with the goal of simplifying more involved setups that require additional resources to be specified.
+
+These sub-headers aim to be a more intuitive entrypoint into customizing your deployment, and are easier to manage in the long-term. By design, the helm templates will defer to the manually defined specs to avoid configuration conflicts. For example, if `AWX.spec.postgres_configuration_secret` is being used, the `AWX.postgres` settings will not be applied, even if enabled. 
+
+### External Postgres
+The `AWX.postgres` section simplifies the creation of the external postgres secret. If enabled, the configs provided will automatically be placed in a `postgres-config` secret and linked to the `AWX` resource. For proper secret management, the `AWX.postgres.password` value, and any other sensitive values, can be passed in at the command line rather than specified in code. Use the `--set` argument with `helm install`. 
+
+
+## Values Summary
+
+### AWX
+| Value | Description | Default |
+|---|---|---|
+| `AWX.enabled` | Enable this AWX resource configuration | `false` |
+| `AWX.name` | The name of the AWX resource and default prefix for other resources | `"awx"` |
+| `AWX.spec` | specs to directly configure the AWX resource | `{}` |
+| `AWX.postgres` | configurations for the external postgres secret | - |
+
+
+# Contributing 
+
+## Adding abstracted sections
+Where possible, defer to `AWX.spec` configs before applying the abstracted configs to avoid collision. This can be facilitated by the `(hasKey .spec what_i_will_abstract)` check. 
+
+## Building and Testing
+This chart is built using the Makefile in the [awx-operator repo](https://github.com/ansible/awx-operator). Clone the repo and run `make helm-chart`. This will create the awx-operator chart in the `charts/awx-operator` directory. In this process, the contents of the `.helm/starter` directory will be added to the chart.
+
+## Future Goals
+All values under the `AWX` header are focused on configurations that use the operator. Configurations that relate to the Operator itself could be placed under an `Operator` heading, but that may add a layer of complication over current development.
--- a/.helm/starter/templates/_helpers.tpl
+++ b/.helm/starter/templates/_helpers.tpl
@@ -0,0 +1,6 @@
+{{/*
+Generate the name of the postgres secret, expects AWX context passed in
+*/}}
+{{- define "postgres.secretName" -}}
+{{ default (printf "%s-postgres-configuration" .Values.AWX.name) .Values.AWX.postgres.secretName }}
+{{- end }}
--- a/.helm/starter/templates/awx-deploy.yaml
+++ b/.helm/starter/templates/awx-deploy.yaml
@@ -0,0 +1,24 @@
+{{- if $.Values.AWX.enabled }}
+{{- with .Values.AWX }}
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+{{- /* Include raw map from the values file spec */}}
+{{ .spec | toYaml | indent 2 }}
+{{- /* Provide security context defaults */}}
+  {{- if not (hasKey .spec "security_context_settings") }}
+  security_context_settings:
+    runAsGroup: 0
+    runAsUser: 0
+    fsGroup: 0
+    fsGroupChangePolicy: OnRootMismatch
+  {{- end }}
+{{- /* Postgres configs if enabled and not already present */}}
+  {{- if and .postgres.enabled (not (hasKey .spec "postgres_configuration_secret")) }}
+  postgres_configuration_secret: {{ include "postgres.secretName" $ }}
+  {{- end }}
+{{- end }}
+{{- end }}
--- a/.helm/starter/templates/postgres-config.yaml
+++ b/.helm/starter/templates/postgres-config.yaml
@@ -0,0 +1,18 @@
+{{- if and $.Values.AWX.enabled $.Values.AWX.postgres.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "postgres.secretName" . }}
+  namespace: {{ $.Release.Namespace }}
+{{- with $.Values.AWX.postgres }}
+stringData:
+  host: {{ .host }}
+  port: {{ .port | quote }}
+  database: {{ .dbName }}
+  username: {{ .username }}
+  password: {{ .password }}
+  sslmode: {{ .sslmode }}
+  type: {{ .type }}
+type: Opaque
+{{- end }}
+{{- end }}
--- a/.helm/starter/values.yaml
+++ b/.helm/starter/values.yaml
@@ -0,0 +1,19 @@
+AWX: 
+  # enable use of awx-deploy template
+  enabled: false
+  name: awx
+  spec:
+    admin_user: admin
+
+  # configurations for external postgres instance
+  postgres:
+    enabled: false
+    host: Unset
+    port: 5678
+    dbName: Unset
+    username: admin
+    # for secret management, pass in the password independently of this file
+    # at the command line, use --set AWX.postgres.password
+    password: Unset
+    sslmode: prefer
+    type: unmanaged
--- a/.yamllint
+++ b/.yamllint
@@ -3,10 +3,17 @@ extends: default

 ignore: |
  .cache/
-  deploy/olm-catalog
+  kustomization.yaml
+  awx-operator.clusterserviceversion.yaml
+  bundle
+  .helm/starter

 rules:
  truthy: disable
  line-length:
    max: 170
+  document-start: disable
+  comments-indentation: disable
+  indentation:
    level: warning
+    indent-sequences: consistent
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,50 @@
+# Changelog
+
+This is a list of high-level changes for each release of `awx-operator`. A full list of commits can be found at `https://github.com/ansible/awx-operator/releases/tag/<version>`.
+
+# 0.19.0 (Mar 23, 2022)
+
+- Fix corrupted spec for the service with nodeport type (kurokobo) - dbaf64e
+- Add ability to deploy with OLM & added logo (Christian Adams) - 86c31a4
+- Fix backup & restore issues with special characters in the postgres password (kurokobo) - 589a375
+- Use centos:stream8 container where applicable (Shane McDonald)- 12a58d7
+
+# 0.14.0 (Oct 03, 2021)
+
+- Starting with awx-operator 0.14.0, the project is now based on operator-sdk 1.x.
+  - To avoid a headache, you probably want to delete your existing operator Deployment and follow the README.
+- Starting with awx-operator 0.14.0, AWX can only be deployed in the namespace that the operator exists in. See [upgrade docs](./README.md#upgrading) for necessary cleanup actions. (Christian Adams) - 58c3ebf (breaking change)
+
+# 0.10.0 (Jun 1, 2021)
+
+- Make tower_ingress_type to respect ClusterIP definition (Marcelo Moreira de Mello) - e37c091 (breaking_change)
+- Add ability to get/create/delete secrets for the awx service account (Christian M. Adams) - 61b3cb4
+- Added ability to specify annotations to ServiceAccount (Marcelo Moreira de Mello) - 446ac0b
+- Do not shadow other variables (Yanis Guenane) - 223fe98
+- Do not prepend variables name with tower_ (Yanis Guenane) - 75458d0 (breaking_change)
+- Fully remove finalizer (Christian M. Adams) - fd92050
+- Use custom pg_dump format for faster restores (Christian M. Adams) - f16d9ac
+- Allow user to specify empty string for storage class on PVC (Christian M. Adams) - 818b837
+- Unset ownerRefs in the installer instead of the finalizer (Christian M. Adams) - c12a1f0
+- Make awx-operator compatible with Ansible 2.12 (Alan Rominger) - 5216489
+- Restore: set proper kind var after deploying AWX CR (Julen Landa Alustiza) - fc4687f
+- Add support for custom service labels (Jeremy Kimber) - fd42802
+- Rename product specific variable names (Christian M. Adams) - 5ae3636 (breaking_change)
+- Add watcher for backup CR (Christian M. Adams) - fdcc745
+
+# 0.9.0 (May 1, 2021)
+
+- Update playbook to allow for deploying custom image version/tag (Shane McDonald) - 77e7039
+- Mounts /var/lib/awx/projects on awx-web container (Marcelo Moreira de Mello) - f21ec4d
+- Extra Settings: Allow one to pass extra API configuration settings. (Yanis Guenane) - 1d14ebc
+- PostgreSQL: Properly handle variable name difference when using Red Hat containers (Yanis Guenane) - 2965a90
+- Deployment type: Make more fields dynamic based on that field (Yanis Guenane) - 4706aa9
+- Add templated EE volume mount var to operator config (Christian M. Adams) - e55d83f
+- Add NodePort to tower_ingress_type enum (TheStally) - 96b878f
+- Split container image and version in 2 variables (Marcelo Moreira de Mello) - bc34758 (breaking_change)
+- Handles deleting and recreating statefulset and deployment when needed (Marcelo Moreira de Mello) - 597356f
+- Add tower_ingress_type NodePort (stal) - 1b87616
+- expose settings to use custom volumes and volume mounts (Gabe Muniz) - 8d65b84
+- Inherit imagePullPolicy to redis container (Marcelo Moreira de Mello) - 83a85d1
+- Add nodeSelector and tolerations for Postgres pod (Ernesto Pérez) - 151ff11
+- Added support to override pg_sslmode (Marcelo Moreira de Mello) - 298d39c
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,140 @@
+# AWX-Operator Contributing Guidelines
+
+Hi there! We're excited to have you as a contributor.
+
+Have questions about this document or anything not covered here? Please file a new at [https://github.com/ansible/awx-operator/issues](https://github.com/ansible/awx-operator/issues).
+
+## Table of contents
+
+* [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
+* [Submmiting your Work](#submitting-your-work)
+* [Testing](#testing)
+    * [Testing in Docker](#testing-in-docker)
+    * [Testing in Minikube](#testing-in-minikube)
+* [Generating a bundle](#generating-a-bundle)
+* [Reporting Issues](#reporting-issues)
+
+
+## Things to know prior to submitting code
+
+- All code submissions are done through pull requests against the `devel` branch.
+- All PRs must have a single commit. Make sure to `squash` any changes into a single commit.
+- Take care to make sure no merge commits are in the submission, and use `git rebase` vs `git merge` for this reason.
+- If collaborating with someone else on the same branch, consider using `--force-with-lease` instead of `--force`. This will prevent you from accidentally overwriting commits pushed by someone else. For more information, see https://git-scm.com/docs/git-push#git-push---force-with-leaseltrefnamegt
+- We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions, or need assistance, please reach out to our community team at [codeofconduct@ansible.com](mailto:codeofconduct@ansible.com)
+
+
+## Submmiting your work
+1. From your fork `devel` branch, create a new brach to stage your changes.
+```sh
+#> git checkout -b <branch-name>
+```
+2. Make your changes.
+3. Test your changes according described on the Testing section.
+4. If everylooks looks correct, commit your changes.
+```sh
+#> git add <FILES>
+#> git commit -m "My message here"
+```
+5. Create your [pull request](https://github.com/ansible/awx-operator/pulls)
+
+**Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.
+
+
+
+## Testing
+
+This Operator includes a [Molecule](https://molecule.readthedocs.io/en/stable/)-based test environment, which can be executed standalone in Docker (e.g. in CI or in a single Docker container anywhere), or inside any kind of Kubernetes cluster (e.g. Minikube).
+
+You need to make sure you have Molecule installed before running the following commands. You can install Molecule with:
+
+```sh
+#> pip install 'molecule[docker]'
+```
+
+Running `molecule test` sets up a clean environment, builds the operator, runs all configured tests on an example operator instance, then tears down the environment (at least in the case of Docker).
+
+If you want to actively develop the operator, use `molecule converge`, which does everything but tear down the environment at the end.
+
+#### Testing in Docker
+
+```sh
+#> molecule test -s test-local
+```
+
+This environment is meant for headless testing (e.g. in a CI environment, or when making smaller changes which don't need to be verified through a web interface). It is difficult to test things like AWX's web UI or to connect other applications on your local machine to the services running inside the cluster, since it is inside a Docker container with no static IP address.
+
+#### Testing in Minikube
+
+```sh
+#> minikube start --memory 8g --cpus 4
+#> minikube addons enable ingress
+#> molecule test -s test-minikube
+```
+
+[Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/) is a more full-featured test environment running inside a full VM on your computer, with an assigned IP address. This makes it easier to test things like NodePort services and Ingress from outside the Kubernetes cluster (e.g. in a browser on your computer).
+
+Once the operator is deployed, you can visit the AWX UI in your browser by following these steps:
+
+  1. Make sure you have an entry like `IP_ADDRESS  example-awx.test` in your `/etc/hosts` file. (Get the IP address with `minikube ip`.)
+  2. Visit `http://example-awx.test/` in your browser. (Default admin login is `test`/`changeme`.)
+
+Alternatively, you can also update the service `awx-service` in your namespace to use the type `NodePort` and use following command to get the URL to access your AWX instance:
+
+```sh
+#> minikube service <serviceName> -n <namespaceName> --url
+```
+
+## Generating a bundle
+
+> :warning: operator-sdk version 0.19.4 is needed to run the following commands
+
+If one has the Operator Lifecycle Manager (OLM) installed, the following steps is the process to generate the bundle that would nicely display in the OLM interface.
+
+At the root of this directory:
+
+1. Build and publish the operator
+
+```
+#> operator-sdk build registry.example.com/ansible/awx-operator:mytag
+#> podman push registry.example.com/ansible/awx-operator:mytag
+```
+
+2. Build and publish the bundle
+
+```
+#> podman build . -f bundle.Dockerfile -t registry.example.com/ansible/awx-operator-bundle:mytag
+#> podman push registry.example.com/ansible/awx-operator-bundle:mytag
+```
+
+3. Build and publish an index with your bundle in it
+
+```
+#> opm index add --bundles registry.example.com/ansible/awx-operator-bundle:mytag --tag registry.example.com/ansible/awx-operator-catalog:mytag
+#> podman push registry.example.com/ansible/awx-operator-catalog:mytag
+```
+
+4. In your Kubernetes create a new CatalogSource pointing to `registry.example.com/ansible/awx-operator-catalog:mytag`
+
+```
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  name: <catalogsource-name>
+  namespace: <namespace>
+spec:
+  displayName: 'myoperatorhub'
+  image: registry.example.com/ansible/awx-operator-catalog:mytag
+  publisher: 'myoperatorhub'
+  sourceType: grpc
+```
+
+Applying this template will do it. Once the CatalogSource is in a READY state, the bundle should be available on the OperatorHub tab (as part of the custom CatalogSource that just got added)
+
+5. Enjoy
+
+
+## Reporting Issues
+
+We welcome your feedback, and encourage you to file an issue when you run into a problem.
--- a/19
+++ b/19
@@ -0,0 +1,19 @@
+FROM quay.io/operator-framework/ansible-operator:v1.22.2
+
+ARG DEFAULT_AWX_VERSION
+ARG OPERATOR_VERSION
+ENV DEFAULT_AWX_VERSION=${DEFAULT_AWX_VERSION}
+ENV OPERATOR_VERSION=${OPERATOR_VERSION}
+
+COPY requirements.yml ${HOME}/requirements.yml
+RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
+ && chmod -R ug+rwx ${HOME}/.ansible
+
+COPY watches.yaml ${HOME}/watches.yaml
+COPY roles/ ${HOME}/roles/
+COPY playbooks/ ${HOME}/playbooks/
+
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", \
+    "--watches-file=./watches.yaml", \
+    "--reconcile-period=0s" \
+    ]
--- a/355
+++ b/355
@@ -0,0 +1,355 @@
+# VERSION defines the project version for the bundle.
+# Update this value when you upgrade the version of your project.
+# To re-generate a bundle for another specific version without changing the standard setup, you can:
+# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
+# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
+VERSION ?= $(shell git describe --tags)
+
+CONTAINER_CMD ?= docker
+
+# GNU vs BSD in-place sed
+ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
+	SED_I := sed -i
+else
+	SED_I := sed -i ''
+endif
+
+# CHANNELS define the bundle channels used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
+# To re-generate a bundle for other specific channels without changing the standard setup, you can:
+# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable)
+# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable")
+ifneq ($(origin CHANNELS), undefined)
+BUNDLE_CHANNELS := --channels=$(CHANNELS)
+endif
+
+# DEFAULT_CHANNEL defines the default channel used in the bundle.
+# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable")
+# To re-generate a bundle for any other default channel without changing the default setup, you can:
+# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
+# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
+ifneq ($(origin DEFAULT_CHANNEL), undefined)
+BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
+endif
+BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
+
+# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images.
+# This variable is used to construct full image tags for bundle and catalog images.
+#
+# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
+# ansible.com/awx-operator-bundle:$VERSION and ansible.com/awx-operator-catalog:$VERSION.
+IMAGE_TAG_BASE ?= quay.io/ansible/awx-operator
+
+# BUNDLE_IMG defines the image:tag used for the bundle.
+# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
+BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
+
+# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command
+BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+
+# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests
+# You can enable this value if you would like to use SHA Based Digests
+# To enable set flag to true
+USE_IMAGE_DIGESTS ?= false
+ifeq ($(USE_IMAGE_DIGESTS), true)
+       BUNDLE_GEN_FLAGS += --use-image-digests
+endif
+
+# Image URL to use all building/pushing image targets
+IMG ?= $(IMAGE_TAG_BASE):$(VERSION)
+NAMESPACE ?= awx
+
+# Helm variables
+CHART_NAME ?= awx-operator
+CHART_DESCRIPTION ?= A Helm chart for the AWX Operator
+CHART_OWNER ?= $(GH_REPO_OWNER)
+CHART_REPO ?= awx-operator
+CHART_BRANCH ?= gh-pages
+CHART_INDEX ?= index.yaml
+
+.PHONY: all
+all: docker-build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Build
+
+.PHONY: run
+run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config
+	ANSIBLE_ROLES_PATH="$(ANSIBLE_ROLES_PATH):$(shell pwd)/roles" $(ANSIBLE_OPERATOR) run
+
+.PHONY: docker-build
+docker-build: ## Build docker image with the manager.
+	${CONTAINER_CMD} build $(BUILD_ARGS) -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	${CONTAINER_CMD} push ${IMG}
+
+##@ Deployment
+
+.PHONY: install
+install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl delete -f -
+
+.PHONY: gen-resources
+gen-resources: kustomize ## Generate resources for controller and print to stdout
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default
+
+.PHONY: deploy
+deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	@$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	@cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
+ARCHA := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/')
+ARCHX := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/')
+
+.PHONY: kustomize
+KUSTOMIZE = $(shell pwd)/bin/kustomize
+kustomize: ## Download kustomize locally if necessary.
+ifeq (,$(wildcard $(KUSTOMIZE)))
+ifeq (,$(shell which kustomize 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(KUSTOMIZE)) ;\
+	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCHA).tar.gz | \
+	tar xzf - -C bin/ ;\
+	}
+else
+KUSTOMIZE = $(shell which kustomize)
+endif
+endif
+
+.PHONY: ansible-operator
+ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
+ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
+ifeq (,$(shell which ansible-operator 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.22.2/ansible-operator_$(OS)_$(ARCHA) ;\
+	chmod +x $(ANSIBLE_OPERATOR) ;\
+	}
+else
+ANSIBLE_OPERATOR = $(shell which ansible-operator)
+endif
+endif
+
+.PHONY: bundle
+bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
+	operator-sdk generate kustomize manifests -q
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	operator-sdk bundle validate ./bundle
+
+.PHONY: bundle-build
+bundle-build: ## Build the bundle image.
+	${CONTAINER_CMD} build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+
+.PHONY: bundle-push
+bundle-push: ## Push the bundle image.
+	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
+
+.PHONY: opm
+OPM = ./bin/opm
+opm: ## Download opm locally if necessary.
+ifeq (,$(wildcard $(OPM)))
+ifeq (,$(shell which opm 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPM)) ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCHA)-opm ;\
+	chmod +x $(OPM) ;\
+	}
+else
+OPM = $(shell which opm)
+endif
+endif
+
+# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0).
+# These images MUST exist in a registry and be pull-able.
+BUNDLE_IMGS ?= $(BUNDLE_IMG)
+
+# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0).
+CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION)
+
+# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image.
+ifneq ($(origin CATALOG_BASE_IMG), undefined)
+FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG)
+endif
+
+# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'.
+# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see:
+# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
+.PHONY: catalog-build
+catalog-build: opm ## Build a catalog image.
+	$(OPM) index add --container-tool ${CONTAINER_CMD} --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+
+# Push the catalog image.
+.PHONY: catalog-push
+catalog-push: ## Push a catalog image.
+	$(MAKE) docker-push IMG=$(CATALOG_IMG)
+
+.PHONY: kubectl-slice
+KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice
+kubectl-slice: ## Download kubectl-slice locally if necessary.
+ifeq (,$(wildcard $(KUBECTL_SLICE)))
+ifeq (,$(shell which kubectl-slice 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(KUBECTL_SLICE)) ;\
+	curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \
+	tar xzf - -C bin/ kubectl-slice ;\
+	}
+else
+KUBECTL_SLICE = $(shell which kubectl-slice)
+endif
+endif
+
+.PHONY: helm
+HELM = $(shell pwd)/bin/helm
+helm: ## Download helm locally if necessary.
+ifeq (,$(wildcard $(HELM)))
+ifeq (,$(shell which helm 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(HELM)) ;\
+	curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \
+	tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\
+	mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\
+	rmdir bin/$(OS)-$(ARCHA) ;\
+	}
+else
+HELM = $(shell which helm)
+endif
+endif
+
+.PHONY: yq
+YQ = $(shell pwd)/bin/yq
+yq: ## Download yq locally if necessary.
+ifeq (,$(wildcard $(YQ)))
+ifeq (,$(shell which yq 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(HELM)) ;\
+	curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \
+	tar xzf - -C bin/ ;\
+	mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\
+	}
+else
+YQ = $(shell which yq)
+endif
+endif
+
+PHONY: cr
+CR = $(shell pwd)/bin/cr
+cr: ## Download cr locally if necessary.
+ifeq (,$(wildcard $(CR)))
+ifeq (,$(shell which cr 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(CR)) ;\
+	curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \
+	tar xzf - -C bin/ cr ;\
+	}
+else
+CR = $(shell which cr)
+endif
+endif
+
+charts:
+	mkdir -p $@
+
+.PHONY: helm-chart
+helm-chart: helm-chart-generate helm-chart-slice
+
+.PHONY: helm-chart-generate
+helm-chart-generate: kustomize helm kubectl-slice yq charts
+	@echo "== KUSTOMIZE (image and namespace) =="
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+
+	@echo "== HELM =="
+	cd charts && \
+		$(HELM) create awx-operator --starter $(shell pwd)/.helm/starter ;\
+		$(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\
+		$(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\
+		$(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\
+
+	@cat charts/$(CHART_NAME)/Chart.yaml
+
+	@echo "== KUSTOMIZE (annotation) =="
+	cd config/manager && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION)
+	cd config/default && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION)
+
+	@echo "== SLICE =="
+	$(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \
+		$(KUBECTL_SLICE) --input-file=- \
+			--output-dir=charts/$(CHART_NAME)/templates \
+			--sort-by-kind
+	@echo "AWX Operator installed with Helm Chart version $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt
+	# clean old crds dir before copying in newly generated CRDs
+	rm -rf charts/$(CHART_NAME)/crds
+	mkdir charts/$(CHART_NAME)/crds
+	mv charts/$(CHART_NAME)/templates/customresourcedefinition* charts/$(CHART_NAME)/crds
+
+.PHONY: helm-chart-edit
+helm-chart-slice:
+	@echo "== EDIT =="
+	$(foreach file, $(wildcard charts/$(CHART_NAME)/templates/*),$(YQ) -i 'del(.. | select(has("namespace")).namespace)' $(file);)
+	$(foreach file, $(wildcard charts/$(CHART_NAME)/templates/*rolebinding*),$(YQ) -i '.subjects[0].namespace = "{{ .Release.Namespace }}"' $(file);)
+	rm -f charts/$(CHART_NAME)/templates/namespace*.yaml
+
+
+.PHONY: helm-package
+helm-package: cr helm-chart
+	@echo "== CHART RELEASER (package) =="
+	$(CR) package ./charts/awx-operator
+
+# The actual release happens in ansible/helm-release.yml
+# until https://github.com/helm/chart-releaser/issues/122 happens
+.PHONY: helm-index
+helm-index: cr helm-chart
+	@echo "== CHART RELEASER (httpsorigin) =="
+	git remote add httpsorigin "https://github.com/$(CHART_OWNER)/$(CHART_REPO).git"
+	git fetch httpsorigin
+
+	@echo "== CHART RELEASER (index) =="
+	$(CR) index \
+		--owner "$(CHART_OWNER)" \
+		--git-repo "$(CHART_REPO)" \
+		--token "$(CR_TOKEN)" \
+		--pages-branch "$(CHART_BRANCH)" \
+		--index-path "./charts/$(CHART_INDEX)" \
+		--charts-repo "https://$(CHART_OWNER).github.io/$(CHART_REPO)/$(CHART_INDEX)" \
+		--remote httpsorigin \
+		--release-name-template="{{ .Version }}" \
+		--push
--- a/30
+++ b/30
@@ -0,0 +1,30 @@
+domain: ansible.com
+layout:
+- ansible.sdk.operatorframework.io/v1
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: awx-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWX
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXBackup
+  version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ansible.com
+  group: awx
+  kind: AWXRestore
+  version: v1beta1
+version: "3"
--- a/README.md
+++ b/README.md
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+For all security related bugs, email security@ansible.com instead of using this issue tracker and you will receive a prompt response.
+
+For more information on the Ansible community's practices regarding responsible disclosure, see https://www.ansible.com/security
--- a/ansible/build-and-push.yml
+++ b/ansible/build-and-push.yml
@@ -1,17 +0,0 @@
---
- name: Build and Deploy the AWX Operator
-  hosts: localhost
-
-  collections:
-    - community.general
-
-  tasks:
-    - name: Build and (optionally) push operator image
-      docker_image:
-        name: "{{ operator_image }}:{{ operator_version }}"
-        pull: no
-        push: "{{ push_image | bool }}"
-        build:
-          dockerfile: "build/Dockerfile"
-          path: "../"
-        force: yes
--- a/ansible/chain-operator-files.yml
+++ b/ansible/chain-operator-files.yml
@@ -1,19 +0,0 @@
---
-# To run: `ansible-playbook chain-operator-files.yml`
- name: Chain operator files together for easy deployment.
-  hosts: localhost
-  connection: local
-  gather_facts: false
-
-  tasks:
-    - name: Template CRD
-      template:
-        src: crd.yml.j2
-        dest: "{{ playbook_dir }}/../deploy/crds/awx_v1beta1_crd.yaml"
-        mode: '0644'
-
-    - name: Template awx-operator.yaml
-      template:
-        src: awx-operator.yaml.j2
-        dest: ../deploy/awx-operator.yaml
-        mode: '0644'
--- a/ansible/deploy-operator.yml
+++ b/ansible/deploy-operator.yml
@@ -1,29 +0,0 @@
---
- name: Reconstruct awx-operator.yaml
-  include: chain-operator-files.yml
-
- name: Deploy Operator
-  hosts: localhost
-  vars:
-    k8s_namespace: "default"
-    obliterate: no
-
-  collections:
-    - community.kubernetes
-
-  tasks:
-    - name: Obliterate Operator
-      k8s:
-        state: absent
-        namespace: "{{ k8s_namespace }}"
-        src: "../deploy/awx-operator.yaml"
-        wait: yes
-      when: obliterate | bool
-
-    - name: Deploy Operator
-      k8s:
-        state: present
-        namespace: "{{ k8s_namespace }}"
-        apply: yes
-        wait: yes
-        src: "../deploy/awx-operator.yaml"
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -1,3 +0,0 @@
-operator_image: quay.io/ansible/awx-operator
-operator_version: 0.9.0
-pull_policy: Always
--- a/ansible/helm-release.yml
+++ b/ansible/helm-release.yml
@@ -0,0 +1,47 @@
+---
+- hosts: localhost
+  vars:
+    chart_repo: awx-operator
+  tasks:
+    - name: Look up release
+      uri:
+        url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}"
+      register: release
+      ignore_errors: yes
+
+    - fail:
+        msg: |
+          Release must exist before running this playbook
+      when: release is not success
+
+    - name: Build and package helm chart
+      command: |
+        make helm-package
+      environment:
+        VERSION: "{{ tag }}"
+        IMAGE_TAG_BASE: "{{ operator_image }}"
+      args:
+        chdir: "{{ playbook_dir }}/../"
+
+    # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists
+    - name: Upload helm chart
+      uri:
+        url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz"
+        src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz"
+        headers:
+          Authorization: "token {{ gh_token }}"
+          Content-Type: "application/octet-stream"
+        status_code:
+          - 200
+          - 201
+      register: asset_upload
+      changed_when: asset_upload.json.state == "uploaded"
+
+    - name: Publish helm index
+      command: |
+        make helm-index
+      environment:
+        CHART_OWNER: "{{ chart_owner }}"
+        CR_TOKEN: "{{ gh_token }}"
+      args:
+        chdir: "{{ playbook_dir }}/../"
--- a/ansible/instantiate-awx-deployment.yml
+++ b/ansible/instantiate-awx-deployment.yml
@@ -3,13 +3,13 @@
  hosts: localhost

  collections:
-    - community.kubernetes
+    - kubernetes.core

  tasks:
    - name: Deploy AWX
      k8s:
        state: "{{ state | default('present') }}"
-        namespace: "{{ tower_namespace | default('default') }}"
+        namespace: "{{ namespace | default('default') }}"
        apply: yes
        wait: yes
        definition:
@@ -18,13 +18,14 @@
          metadata:
            name: awx
          spec:
-            tower_admin_user: admin
-            tower_admin_email: admin@localhost
-            tower_ingress_type: "{{ tower_ingress_type | default(omit) }}"  # Either Route, Ingress or LoadBalancer
-            tower_image: "{{ tower_image | default(omit) }}"
-            tower_image_version: "{{ tower_image_version | default(omit) }}"
+            admin_user: admin
+            admin_email: admin@localhost
+            service_type: "{{ service_type | default(omit) }}"  # Either clusterIP, Loadbalancer or NodePort
+            ingress_type: "{{ ingress_type | default(omit) }}"  # Either none, Ingress, Route
+            image: "{{ image | default(omit) }}"
+            image_version: "{{ image_version | default(omit) }}"
            development_mode: "{{ development_mode | default(omit) | bool }}"
-            tower_image_pull_policy: "{{ tower_image_pull_policy | default(omit) }}"
-            # tower_ee_images:
+            image_pull_policy: "{{ image_pull_policy | default(omit) }}"
+            # ee_images:
            #   - name: test-ee
            #     image: quay.io/<user>/awx-ee
--- a/ansible/templates/awx-operator.yaml.j2
+++ b/ansible/templates/awx-operator.yaml.j2
@@ -1,12 +0,0 @@
-#jinja2: trim_blocks:False
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
-{% include 'crd.yml.j2' %}
-
-{% include 'role.yml.j2' %}
-
-{% include 'role_binding.yml.j2' %}
-
-{% include 'service_account.yml.j2' %}
-
-{% include 'operator.yml.j2' %}
--- a/ansible/templates/crd.yml.j2
+++ b/ansible/templates/crd.yml.j2
@@ -1,375 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                    - NodePort
-                    - nodeport
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_node_selector:
-                  description: nodeSelector for the AWX pods
-                  type: string
-                tower_tolerations:
-                  description: node tolerations for the AWX pods
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_version:
-                  description: Application container image version to use
-                  type: string
-                tower_ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                tower_task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                tower_web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                tower_postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                tower_postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                tower_postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                tower_projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                tower_projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                tower_projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                tower_projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                tower_projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                tower_projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
--- a/ansible/templates/operator.yml.j2
+++ b/ansible/templates/operator.yml.j2
@@ -1,44 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "{{ operator_image }}:{{ operator_version }}"
-          imagePullPolicy: "{{ pull_policy|default('Always') }}"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-      volumes:
-        - name: runner
-          emptyDir: {}
--- a/ansible/templates/service_account.yml.j2
+++ b/ansible/templates/service_account.yml.j2
@@ -1,6 +0,0 @@
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: default
--- a/awx-demo.yml
+++ b/awx-demo.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: awx-demo
+spec:
+  service_type: nodeport
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,11 +0,0 @@
-FROM quay.io/operator-framework/ansible-operator:v0.19.4
-
-# Install Ansible requirements.
-COPY requirements.yml ${HOME}/requirements.yml
-RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
- && chmod -R ug+rwx ${HOME}/.ansible
-
-COPY watches.yaml ${HOME}/watches.yaml
-
-COPY main.yml ${HOME}/main.yml
-COPY roles/ ${HOME}/roles/
--- a/build/test-framework/Dockerfile
+++ b/build/test-framework/Dockerfile
@@ -1,13 +0,0 @@
-ARG BASEIMAGE
-FROM ${BASEIMAGE}
-USER 0
-
-RUN yum install -y python-devel gcc libffi-devel
-RUN pip install molecule==3.0.6 jmespath
-
-ARG NAMESPACEDMAN
-ADD $NAMESPACEDMAN /namespaced.yaml
-ADD build/test-framework/ansible-test.sh /ansible-test.sh
-RUN chmod +x /ansible-test.sh
-USER 1001
-ADD . /opt/ansible/project
--- a/build/test-framework/ansible-test.sh
+++ b/build/test-framework/ansible-test.sh
@@ -1,7 +0,0 @@
-#!/bin/sh
-export WATCH_NAMESPACE=${TEST_NAMESPACE}
-(/usr/local/bin/entrypoint)&
-trap "kill $!" SIGINT SIGTERM EXIT
-
-cd ${HOME}/project
-exec molecule test -s test-minikube
--- a/bundle.Dockerfile
+++ b/bundle.Dockerfile
@@ -1,14 +0,0 @@
-FROM scratch
-
-LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
-LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
-LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
-LABEL operators.operatorframework.io.bundle.package.v1=awx-operator
-LABEL operators.operatorframework.io.bundle.channels.v1=alpha
-LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
-LABEL operators.operatorframework.io.metrics.project_layout=ansible
-LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v0.19.4
-
-COPY deploy/olm-catalog/awx-operator/manifests /manifests/
-COPY deploy/olm-catalog/awx-operator/metadata /metadata/
--- a/config/crd/bases/awx.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml
@@ -0,0 +1,102 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxbackups.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXBackup
+    listKind: AWXBackupList
+    plural: awxbackups
+    singular: awxbackup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXBackup CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            required:
+            - deployment_name
+            properties:
+              deployment_name:
+                description: Name of the deployment to be backed up
+                type: string
+              backup_pvc:
+                description: Name of the backup PVC
+                type: string
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_storage_requirements:
+                description: Storage requirements for backup PVC (may be similar to existing postgres PVC backing up from)
+                type: string
+              backup_storage_class:
+                description: Storage class to use when creating PVC for backup
+                type: string
+              clean_backup_on_delete:
+                description: Flag to indicate if backup should be deleted on PVC if AWXBackup object is deleted
+                type: boolean
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              backupDirectory:
+                description: Backup directory name on the specified pvc
+                type: string
+              backupClaim:
+                description: Backup persistent volume claim
+                type: string
--- a/config/crd/bases/awx.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml
@@ -0,0 +1,101 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxrestores.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWXRestore
+    listKind: AWXRestoreList
+    plural: awxrestores
+    singular: awxrestore
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        description: Schema validation for the AWXRestore CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              backup_source:
+                description: Backup source
+                type: string
+                enum:
+                - CR
+                - PVC
+              deployment_name:
+                description: Name of the restored deployment. This should be different from the original deployment name
+                  if the original deployment still exists.
+                type: string
+              backup_name:
+                description: AWXBackup object name
+                type: string
+              backup_pvc:
+                description: Name of the PVC to be restored from, set as a status found on the awxbackup object (backupClaim)
+                type: string
+              backup_pvc_namespace:
+                description: (Deprecated) Namespace the PVC is in
+                type: string
+              backup_dir:
+                description: Backup directory name, set as a status found on the awxbackup object (backupDirectory)
+                type: string
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for backing up data
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: string
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    lastTransitionTime:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+              restoreComplete:
+                description: Restore process complete
+                type: boolean
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
@@ -0,0 +1,565 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: awxs.awx.ansible.com
+spec:
+  group: awx.ansible.com
+  names:
+    kind: AWX
+    listKind: AWXList
+    plural: awxs
+    singular: awx
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        description: Schema validation for the AWX CRD
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              deployment_type:
+                description: Name of the deployment type
+                type: string
+              kind:
+                description: Kind of the deployment type
+                type: string
+              api_version:
+                description: apiVersion of the deployment type
+                type: string
+              task_privileged:
+                description: If a privileged security context should be enabled
+                type: boolean
+                default: false
+              admin_user:
+                description: Username to use for the admin account
+                type: string
+                default: admin
+              hostname:
+                description: The hostname of the instance
+                type: string
+              admin_email:
+                description: The admin user email
+                type: string
+              admin_password_secret:
+                description: Secret where the admin password can be found
+                type: string
+              postgres_configuration_secret:
+                description: Secret where the database configuration can be found
+                type: string
+              old_postgres_configuration_secret:
+                description: Secret where the old database configuration can be found for data migration
+                type: string
+              postgres_label_selector:
+                description: Label selector used to identify postgres pod for data migration
+                type: string
+              secret_key_secret:
+                description: Secret where the secret key can be found
+                type: string
+              broadcast_websocket_secret:
+                description: Secret where the broadcast websocket secret can be found
+                type: string
+              extra_volumes:
+                description: Specify extra volumes to add to the application pod
+                type: string
+              service_annotations:
+                description: Annotations to add to the service
+                type: string
+              service_type:
+                description: The service type to be used on the deployed instance
+                type: string
+                enum:
+                - LoadBalancer
+                - loadbalancer
+                - ClusterIP
+                - clusterip
+                - NodePort
+                - nodeport
+              ingress_type:
+                description: The ingress type to use to reach the deployed instance
+                type: string
+                enum:
+                - none
+                - Ingress
+                - ingress
+                - Route
+                - route
+              ingress_path:
+                description: The ingress path used to reach the deployed service
+                type: string
+              ingress_path_type:
+                description: The ingress path type for the deployed service
+                type: string
+              ingress_annotations:
+                description: Annotations to add to the Ingress Controller
+                type: string
+              ingress_tls_secret:
+                description: Secret where the Ingress TLS secret can be found
+                type: string
+              loadbalancer_protocol:
+                description: Protocol to use for the loadbalancer
+                type: string
+                default: http
+                enum:
+                - http
+                - https
+              loadbalancer_port:
+                description: Port to use for the loadbalancer
+                type: integer
+                default: 80
+              route_host:
+                description: The DNS to use to points to the instance
+                type: string
+              route_tls_termination_mechanism:
+                description: The secure TLS termination mechanism to use
+                type: string
+                default: Edge
+                enum:
+                - Edge
+                - edge
+                - Passthrough
+                - passthrough
+              route_tls_secret:
+                description: Secret where the TLS related credentials are stored
+                type: string
+              nodeport_port:
+                description: Port to use for the nodeport
+                type: integer
+                default: 30080
+              node_selector:
+                description: nodeSelector for the pods
+                type: string
+              topology_spread_constraints:
+                description: topology rule(s) for the pods
+                type: string
+              service_labels:
+                description: Additional labels to apply to the service
+                type: string
+              annotations:
+                description: annotations for the pods
+                type: string
+              tolerations:
+                description: node tolerations for the pods
+                type: string
+              image:
+                description: Registry path to the application container to use
+                type: string
+              image_version:
+                description: Application container image version to use
+                type: string
+              ee_images:
+                description: Registry path to the Execution Environment container to use
+                type: array
+                items:
+                  type: object
+                  properties:
+                    name:
+                      type: string
+                    image:
+                      type: string
+              control_plane_ee_image:
+                description: Registry path to the Execution Environment container image to use on control plane pods
+                type: string
+              control_plane_priority_class:
+                description: Assign a preexisting priority class to the control plane pods
+                type: string
+              ee_pull_credentials_secret:
+                description: Secret where pull credentials for registered ees can be found
+                type: string
+              image_pull_policy:
+                description: The image pull policy
+                type: string
+                default: IfNotPresent
+                enum:
+                - Always
+                - always
+                - Never
+                - never
+                - IfNotPresent
+                - ifnotpresent
+              image_pull_secrets:
+                description: Image pull secrets for app and database containers
+                type: array
+                items:
+                  type: string
+              image_pull_secret:  # deprecated
+                description: (Deprecated) Image pull secret for app and database containers
+                type: string
+              task_resource_requirements:
+                description: Resource requirements for the task container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              web_resource_requirements:
+                description: Resource requirements for the web container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              ee_resource_requirements:
+                description: Resource requirements for the ee container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              postgres_init_container_resource_requirements:
+                description: Resource requirements for the postgres init container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              redis_resource_requirements:
+                description: Resource requirements for the redis container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              service_account_annotations:
+                description: ServiceAccount annotations
+                type: string
+              replicas:
+                description: Number of instance replicas
+                type: integer
+                default: 1
+                format: int32
+              garbage_collect_secrets:
+                description: Whether or not to remove secrets upon instance removal
+                default: false
+                type: boolean
+              create_preload_data:
+                description: Whether or not to preload data upon instance creation
+                default: true
+                type: boolean
+              task_args:
+                type: array
+                items:
+                  type: string
+              task_command:
+                type: array
+                items:
+                  type: string
+              web_args:
+                type: array
+                items:
+                  type: string
+              web_command:
+                type: array
+                items:
+                  type: string
+              task_extra_env:
+                type: string
+              web_extra_env:
+                type: string
+              ee_extra_env:
+                type: string
+              ee_extra_volume_mounts:
+                description: Specify volume mounts to be added to Execution container
+                type: string
+              task_extra_volume_mounts:
+                description: Specify volume mounts to be added to Task container
+                type: string
+              web_extra_volume_mounts:
+                description: Specify volume mounts to be added to the Web container
+                type: string
+              redis_image:
+                description: Registry path to the redis container to use
+                type: string
+              redis_image_version:
+                description: Redis container image version to use
+                type: string
+              redis_capabilities:
+                description: Redis container capabilities
+                type: array
+                items:
+                  type: string
+              init_container_image:
+                description: Registry path to the init container to use
+                type: string
+              init_container_image_version:
+                description: Init container image version to use
+                type: string
+              init_container_extra_commands:
+                description: Extra commands for the init container
+                type: string
+              init_container_extra_volume_mounts:
+                description: Specify volume mounts to be added to the init container
+                type: string
+              postgres_image:
+                description: Registry path to the PostgreSQL container to use
+                type: string
+              postgres_image_version:
+                description: PostgreSQL container image version to use
+                type: string
+              postgres_selector:
+                description: nodeSelector for the Postgres pods
+                type: string
+              postgres_keep_pvc_after_upgrade:
+                description: Specify whether or not to keep the old PVC after PostgreSQL upgrades
+                type: boolean
+              postgres_tolerations:
+                description: node tolerations for the Postgres pods
+                type: string
+              postgres_storage_requirements:
+                description: Storage requirements for the PostgreSQL container
+                properties:
+                  requests:
+                    properties:
+                      storage:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      storage:
+                        type: string
+                    type: object
+                type: object
+              postgres_resource_requirements:
+                description: Resource requirements for the PostgreSQL container
+                properties:
+                  requests:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                  limits:
+                    properties:
+                      cpu:
+                        type: string
+                      memory:
+                        type: string
+                    type: object
+                type: object
+              postgres_storage_class:
+                description: Storage class to use for the PostgreSQL PVC
+                type: string
+              postgres_priority_class:
+                description: Assign a preexisting priority class to the postgres pod
+                type: string
+              postgres_data_path:
+                description: Path where the PostgreSQL data are located
+                type: string
+              postgres_extra_args:
+                type: array
+                items:
+                  type: string
+              ca_trust_bundle:
+                description: Path where the trusted CA bundle is available
+                type: string
+              development_mode:
+                description: If the deployment should be done in development mode
+                type: boolean
+              ldap_cacert_secret:
+                description: Secret where can be found the LDAP trusted Certificate Authority Bundle
+                type: string
+              ldap_password_secret:
+                description: Secret where can be found the LDAP bind password
+                type: string
+              bundle_cacert_secret:
+                description: Secret where can be found the trusted Certificate Authority Bundle
+                type: string
+              projects_persistence:
+                description: Whether or not the /var/lib/projects directory will be persistent
+                default: false
+                type: boolean
+              projects_use_existing_claim:
+                description: Using existing PersistentVolumeClaim
+                type: string
+                enum:
+                - _Yes_
+                - _No_
+              projects_existing_claim:
+                description: PersistentVolumeClaim to mount /var/lib/projects directory
+                type: string
+              projects_storage_class:
+                description: Storage class for the /var/lib/projects PersistentVolumeClaim
+                type: string
+              projects_storage_size:
+                description: Size for the /var/lib/projects PersistentVolumeClaim
+                default: 8Gi
+                type: string
+              projects_storage_access_mode:
+                description: AccessMode for the /var/lib/projects PersistentVolumeClaim
+                default: ReadWriteMany
+                type: string
+              csrf_cookie_secure:
+                description: Set csrf cookie secure mode for web
+                type: string
+              session_cookie_secure:
+                description: Set session cookie secure mode for web
+                type: string
+              extra_settings:
+                description: Extra settings to specify for the API
+                items:
+                  properties:
+                    setting:
+                      type: string
+                    value:
+                      x-kubernetes-preserve-unknown-fields: true
+                  type: object
+                type: array
+              no_log:
+                description: Configure no_log for no_log tasks
+                type: string
+              security_context_settings:
+                description: Key/values that will be set under the pod-level securityContext field
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              auto_upgrade:
+                description: Should AWX instances be automatically upgraded when operator gets upgraded
+                type: boolean
+                default: true
+              set_self_labels:
+                description: Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
+                type: boolean
+                default: true
+            type: object
+          status:
+            properties:
+              URL:
+                description: URL to access the deployed instance
+                type: string
+              adminUser:
+                description: Admin user of the deployed instance
+                type: string
+              adminPasswordSecret:
+                description: Admin password secret name of the deployed instance
+                type: string
+              postgresConfigurationSecret:
+                description: Postgres Configuration secret name of the deployed instance
+                type: string
+              broadcastWebsocketSecret:
+                description: Broadcast websocket secret name of the deployed instance
+                type: string
+              secretKeySecret:
+                description: Secret key secret name of the deployed instance
+                type: string
+              migratedFromSecret:
+                description: The secret used for migrating an old instance
+                type: string
+              upgradedPostgresVersion:
+                description: Status to indicate that the database has been upgraded to the version in the status
+                type: string
+              version:
+                description: Version of the deployed instance
+                type: string
+              image:
+                description: URL of the image used for the deployed instance
+                type: string
+              conditions:
+                description: The resulting conditions when a Service Telemetry is instantiated
+                items:
+                  properties:
+                    status:
+                      type: string
+                    type:
+                      type: string
+                    reason:
+                      type: string
+                    lastTransitionTime:
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -0,0 +1,8 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/awx.ansible.com_awxs.yaml
+- bases/awx.ansible.com_awxbackups.yaml
+- bases/awx.ansible.com_awxrestores.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,30 @@
+# Adds namespace to all resources.
+namespace: awx
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: awx-operator-
+
+# Labels to add to all resources and selectors.
+#commonLabels:
+#  someName: someValue
+
+bases:
+- ../crd
+- ../rbac
+- ../manager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+patchesStrategicMerge:
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+- manager_auth_proxy_patch.yaml
+
+# Mount the controller config file for loading manager configurations
+# through a ComponentConfig type
+#- manager_config_patch.yaml
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -0,0 +1,41 @@
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: kube-rbac-proxy
+        securityContext:
+          allowPrivilegeEscalation: false
+        # TODO(user): uncomment for common cases that do not require escalating privileges
+        # capabilities:
+        #   drop:
+        #     - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8080/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+      - name: awx-manager
+        args:
+        - "--health-probe-bind-address=:6789"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"
+        - "--leader-election-id=awx-operator"
--- a/config/default/manager_config_patch.yaml
+++ b/config/default/manager_config_patch.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: awx-manager
+        args:
+        - "--config=controller_manager_config.yaml"
+        volumeMounts:
+        - name: awx-manager-config
+          mountPath: /controller_manager_config.yaml
+          subPath: controller_manager_config.yaml
+      volumes:
+      - name: awx-manager-config
+        configMap:
+          name: awx-manager-config
--- a/config/manager/controller_manager_config.yaml
+++ b/config/manager/controller_manager_config.yaml
@@ -0,0 +1,20 @@
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+  healthProbeBindAddress: :6789
+metrics:
+  bindAddress: 127.0.0.1:8080
+
+leaderElection:
+  leaderElect: true
+  resourceName: 811c9dc5.ansible.com
+# leaderElectionReleaseOnCancel defines if the leader should step down volume
+# when the Manager ends. This requires the binary to immediately end when the
+# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+# speeds up voluntary leader transitions as the new leader don't have to wait
+# LeaseDuration time first.
+# In the default scaffold provided, the program ends immediately after
+# the manager stops, so would be fine to enable this option. However,
+# if you are doing or is intended to do any operation such as perform cleanups
+# after the manager stops then its usage might be unsafe.
+# leaderElectionReleaseOnCancel: true
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -0,0 +1,17 @@
+resources:
+- manager.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+- name: awx-manager-config
+  files:
+  - controller_manager_config.yaml
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: quay.io/ansible/awx-operator
+  newTag: latest
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        # For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
+      containers:
+      - args:
+        - --leader-elect
+        - --leader-election-id=awx-operator
+        image: controller:latest
+        name: awx-manager
+        env:
+        - name: ANSIBLE_GATHERING
+          value: explicit
+        - name: ANSIBLE_DEBUG_LOGS
+          value: 'false'
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        securityContext:
+          allowPrivilegeEscalation: false
+        # TODO(user): uncomment for common cases that do not require escalating privileges
+          capabilities:
+            drop:
+            - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 6789
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 6789
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "50m"
+          limits:
+            memory: "4096Mi"
+            cpu: "2000m"
+      serviceAccountName: controller-manager
+      imagePullSecrets:
+      - name: redhat-operators-pull-secret
+      terminationGracePeriodSeconds: 10
--- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
--- a/config/manifests/kustomization.yaml
+++ b/config/manifests/kustomization.yaml
@@ -0,0 +1,7 @@
+# These resources constitute the fully configured set of manifests
+# used to generate the 'manifests/' directory in a bundle.
+resources:
+- bases/awx-operator.clusterserviceversion.yaml
+- ../default
+- ../samples
+- ../scorecard
--- a/config/prometheus/kustomization.yaml
+++ b/config/prometheus/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- monitor.yaml
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@@ -0,0 +1,19 @@
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - path: /metrics
+      port: https
+      scheme: https
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: controller-manager
--- a/config/rbac/auth_proxy_client_clusterrole.yaml
+++ b/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get
--- a/config/rbac/auth_proxy_role.yaml
+++ b/config/rbac/auth_proxy_role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
--- a/config/rbac/auth_proxy_role_binding.yaml
+++ b/config/rbac/auth_proxy_role_binding.yaml
@@ -1,13 +1,12 @@
---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: awx-operator
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
+  name: proxy-rolebinding
 roleRef:
-  kind: ClusterRole
-  name: awx-operator
  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
--- a/config/rbac/auth_proxy_service.yaml
+++ b/config/rbac/auth_proxy_service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager
--- a/config/rbac/awx_editor_role.yaml
+++ b/config/rbac/awx_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get
--- a/config/rbac/awx_viewer_role.yaml
+++ b/config/rbac/awx_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxs.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awx-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxs/status
+  verbs:
+  - get
--- a/config/rbac/awxbackup_editor_role.yaml
+++ b/config/rbac/awxbackup_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get
--- a/config/rbac/awxbackup_viewer_role.yaml
+++ b/config/rbac/awxbackup_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxbackups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxbackup-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxbackups/status
+  verbs:
+  - get
--- a/config/rbac/awxrestore_editor_role.yaml
+++ b/config/rbac/awxrestore_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-editor-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get
--- a/config/rbac/awxrestore_viewer_role.yaml
+++ b/config/rbac/awxrestore_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view awxrestores.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: awxrestore-viewer-role
+rules:
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - awx.ansible.com
+  resources:
+  - awxrestores/status
+  verbs:
+  - get
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -0,0 +1,18 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_client_clusterrole.yaml
--- a/config/rbac/leader_election_role.yaml
+++ b/config/rbac/leader_election_role.yaml
@@ -0,0 +1,37 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
--- a/config/rbac/leader_election_role_binding.yaml
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
--- a/ansible/templates/role.yml.j2
+++ b/ansible/templates/role.yml.j2
@@ -1,9 +1,9 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
  creationTimestamp: null
-  name: awx-operator
+  name: awx-manager-role
 rules:
  - apiGroups:
      - route.openshift.io
@@ -11,7 +11,13 @@ rules:
      - routes
      - routes/custom-host
    verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
  - apiGroups:
      - ""
      - "rbac.authorization.k8s.io"
@@ -28,10 +34,16 @@ rules:
      - roles
      - rolebindings
    verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
  - apiGroups:
      - apps
-      - extensions
+      - networking.k8s.io
    resources:
      - deployments
      - daemonsets
@@ -39,7 +51,13 @@ rules:
      - statefulsets
      - ingresses
    verbs:
-      - '*'
+      - get
+      - list
+      - create
+      - delete
+      - patch
+      - update
+      - watch
  - apiGroups:
      - monitoring.coreos.com
    resources:
@@ -66,6 +84,8 @@ rules:
      - ""
    resources:
      - pods/exec
+      - pods/attach
+      - pods/log  # log & attach rules needed to be able to grant them to AWX service account
    verbs:
      - create
      - get
@@ -75,9 +95,12 @@ rules:
      - replicasets
    verbs:
      - get
+      - create
  - apiGroups:
      - awx.ansible.com
    resources:
      - '*'
+      - awxbackups
+      - awxrestores
    verbs:
      - '*'
--- a/config/rbac/role_binding.yaml
+++ b/config/rbac/role_binding.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: awx-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: awx-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: controller-manager
--- a/config/rbac/service_account.yaml
+++ b/config/rbac/service_account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller-manager
+  namespace: system
--- a/config/samples/awx_v1beta1_awx.yaml
+++ b/config/samples/awx_v1beta1_awx.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: awx.ansible.com/v1beta1
+kind: AWX
+metadata:
+  name: example-awx
+spec:
+  web_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 128M
+  task_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 128M
+  ee_resource_requirements:
+    requests:
+      cpu: 50m
+      memory: 64M
--- a/config/samples/awx_v1beta1_awxbackup.yaml
+++ b/config/samples/awx_v1beta1_awxbackup.yaml
@@ -0,0 +1,6 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXBackup
+metadata:
+  name: example-awx-backup
+spec:
+  deployment_name: example-awx
--- a/config/samples/awx_v1beta1_awxrestore.yaml
+++ b/config/samples/awx_v1beta1_awxrestore.yaml
@@ -0,0 +1,7 @@
+apiVersion: awx.ansible.com/v1beta1
+kind: AWXRestore
+metadata:
+  name: awxrestore-sample
+spec:
+  deployment_name: example-awx-2
+  backup_name: example-awx-backup
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -0,0 +1,6 @@
+## Append samples you want in your CSV to this file as resources ##
+resources:
+- awx_v1beta1_awx.yaml
+- awx_v1beta1_awxbackup.yaml
+- awx_v1beta1_awxrestore.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples
--- a/config/scorecard/bases/config.yaml
+++ b/config/scorecard/bases/config.yaml
@@ -0,0 +1,7 @@
+apiVersion: scorecard.operatorframework.io/v1alpha3
+kind: Configuration
+metadata:
+  name: config
+stages:
+- parallel: true
+  tests: []
--- a/config/scorecard/kustomization.yaml
+++ b/config/scorecard/kustomization.yaml
@@ -0,0 +1,16 @@
+resources:
+- bases/config.yaml
+patchesJson6902:
+- path: patches/basic.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+- path: patches/olm.config.yaml
+  target:
+    group: scorecard.operatorframework.io
+    version: v1alpha3
+    kind: Configuration
+    name: config
+#+kubebuilder:scaffold:patchesJson6902
--- a/config/scorecard/patches/basic.config.yaml
+++ b/config/scorecard/patches/basic.config.yaml
@@ -0,0 +1,10 @@
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - basic-check-spec
+    image: quay.io/operator-framework/scorecard-test:v1.22.2
+    labels:
+      suite: basic
+      test: basic-check-spec-test
--- a/config/scorecard/patches/olm.config.yaml
+++ b/config/scorecard/patches/olm.config.yaml
@@ -0,0 +1,50 @@
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-bundle-validation
+    image: quay.io/operator-framework/scorecard-test:v1.22.2
+    labels:
+      suite: olm
+      test: olm-bundle-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-crds-have-validation
+    image: quay.io/operator-framework/scorecard-test:v1.22.2
+    labels:
+      suite: olm
+      test: olm-crds-have-validation-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-crds-have-resources
+    image: quay.io/operator-framework/scorecard-test:v1.22.2
+    labels:
+      suite: olm
+      test: olm-crds-have-resources-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-spec-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.22.2
+    labels:
+      suite: olm
+      test: olm-spec-descriptors-test
+- op: add
+  path: /stages/0/tests/-
+  value:
+    entrypoint:
+    - scorecard-test
+    - olm-status-descriptors
+    image: quay.io/operator-framework/scorecard-test:v1.22.2
+    labels:
+      suite: olm
+      test: olm-status-descriptors-test
--- a/config/testing/debug_logs_patch.yaml
+++ b/config/testing/debug_logs_patch.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          env:
+            - name: ANSIBLE_DEBUG_LOGS
+              value: "TRUE"
--- a/config/testing/kustomization.yaml
+++ b/config/testing/kustomization.yaml
@@ -0,0 +1,23 @@
+# Adds namespace to all resources.
+namespace: osdk-test
+
+namePrefix: osdk-
+
+# Labels to add to all resources and selectors.
+#commonLabels:
+#  someName: someValue
+
+patchesStrategicMerge:
+- manager_image.yaml
+- debug_logs_patch.yaml
+- ../default/manager_auth_proxy_patch.yaml
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../crd
+- ../rbac
+- ../manager
+images:
+- name: testing
+  newName: testing-operator
--- a/config/testing/manager_image.yaml
+++ b/config/testing/manager_image.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          image: testing
--- a/config/testing/pull_policy/Always.yaml
+++ b/config/testing/pull_policy/Always.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Always
--- a/config/testing/pull_policy/IfNotPresent.yaml
+++ b/config/testing/pull_policy/IfNotPresent.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: IfNotPresent
--- a/config/testing/pull_policy/Never.yaml
+++ b/config/testing/pull_policy/Never.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: awx-manager
+          imagePullPolicy: Never
--- a/deploy/awx-operator.yaml
+++ b/deploy/awx-operator.yaml
@@ -1,527 +0,0 @@
-# This file is generated by Ansible. Changes will be lost.
-# Update templates under ansible/templates/
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                    - NodePort
-                    - nodeport
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_node_selector:
-                  description: nodeSelector for the AWX pods
-                  type: string
-                tower_tolerations:
-                  description: node tolerations for the AWX pods
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_version:
-                  description: Application container image version to use
-                  type: string
-                tower_ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                tower_task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                tower_web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                tower_postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                tower_postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                tower_postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                tower_projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                tower_projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                tower_projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                tower_projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                tower_projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                tower_projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
-
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: awx-operator
-rules:
-  - apiGroups:
-      - route.openshift.io
-    resources:
-      - routes
-      - routes/custom-host
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-      - "rbac.authorization.k8s.io"
-    resources:
-      - pods
-      - services
-      - services/finalizers
-      - serviceaccounts
-      - endpoints
-      - persistentvolumeclaims
-      - events
-      - configmaps
-      - secrets
-      - roles
-      - rolebindings
-    verbs:
-      - '*'
-  - apiGroups:
-      - apps
-      - extensions
-    resources:
-      - deployments
-      - daemonsets
-      - replicasets
-      - statefulsets
-      - ingresses
-    verbs:
-      - '*'
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - create
-  - apiGroups:
-      - apps
-    resourceNames:
-      - awx-operator
-    resources:
-      - deployments/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - apps
-    resources:
-      - deployments/scale
-      - statefulsets/scale
-    verbs:
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - replicasets
-    verbs:
-      - get
-  - apiGroups:
-      - awx.ansible.com
-    resources:
-      - '*'
-    verbs:
-      - '*'
-
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: awx-operator
-subjects:
-  - kind: ServiceAccount
-    name: awx-operator
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: awx-operator
-  apiGroup: rbac.authorization.k8s.io
-
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: awx-operator
-  namespace: default
-
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: awx-operator
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: awx-operator
-  template:
-    metadata:
-      labels:
-        name: awx-operator
-    spec:
-      serviceAccountName: awx-operator
-      containers:
-        - name: awx-operator
-          image: "quay.io/ansible/awx-operator:0.9.0"
-          imagePullPolicy: "Always"
-          volumeMounts:
-            - mountPath: /tmp/ansible-operator/runner
-              name: runner
-          env:
-            # Watch all namespaces (cluster-scoped).
-            - name: WATCH_NAMESPACE
-              value: ""
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: awx-operator
-            - name: ANSIBLE_GATHERING
-              value: explicit
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 6789
-            initialDelaySeconds: 15
-            periodSeconds: 20
-      volumes:
-        - name: runner
-          emptyDir: {}
--- a/deploy/crds/awx_v1beta1_crd.yaml
+++ b/deploy/crds/awx_v1beta1_crd.yaml
@@ -1,375 +0,0 @@
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-    - name: v1beta1
-      served: true
-      storage: true
-      subresources:
-        status: {}
-      schema:
-        openAPIV3Schema:
-          description: Schema validation for the AWX CRD
-          properties:
-            spec:
-              properties:
-                deployment_type:
-                  description: Name of the deployment type
-                  type: string
-                  default: awx
-                kind:
-                  description: Kind of the deployment type
-                  type: string
-                  default: AWX
-                api_version:
-                  description: apiVersion of the deployment type
-                  type: string
-                  default: awx.ansible.com/v1beta1
-                tower_task_privileged:
-                  description: If a privileged security context should be enabled
-                  type: boolean
-                  default: false
-                tower_admin_user:
-                  description: Username to use for the admin account
-                  type: string
-                  default: admin
-                tower_hostname:
-                  description: The hostname of the instance
-                  type: string
-                tower_admin_email:
-                  description: The admin user email
-                  type: string
-                tower_admin_password_secret:
-                  description: Secret where the admin password can be found
-                  type: string
-                tower_postgres_configuration_secret:
-                  description: Secret where the database configuration can be found
-                  type: string
-                tower_old_postgres_configuration_secret:
-                  description: Secret where the old database configuration can be found for data migration
-                  type: string
-                tower_secret_key_secret:
-                  description: Secret where the secret key can be found
-                  type: string
-                tower_broadcast_websocket_secret:
-                  description: Secret where the broadcast websocket secret can be found
-                  type: string
-                tower_extra_volumes:
-                  description: Specify extra volumes to add to the application pod
-                  type: string
-                tower_ingress_type:
-                  description: The ingress type to use to reach the deployed instance
-                  type: string
-                  enum:
-                    - none
-                    - Ingress
-                    - ingress
-                    - Route
-                    - route
-                    - LoadBalancer
-                    - loadbalancer
-                    - NodePort
-                    - nodeport
-                tower_ingress_annotations:
-                  description: Annotations to add to the ingress
-                  type: string
-                tower_ingress_tls_secret:
-                  description: Secret where the ingress TLS secret can be found
-                  type: string
-                tower_loadbalancer_annotations:
-                  description: Annotations to add to the loadbalancer
-                  type: string
-                tower_loadbalancer_protocol:
-                  description: Protocol to use for the loadbalancer
-                  type: string
-                  default: http
-                  enum:
-                    - http
-                    - https
-                tower_loadbalancer_port:
-                  description: Port to use for the loadbalancer
-                  type: integer
-                  default: 80
-                tower_route_host:
-                  description: The DNS to use to points to the instance
-                  type: string
-                tower_route_tls_termination_mechanism:
-                  description: The secure TLS termination mechanism to use
-                  type: string
-                  default: Edge
-                  enum:
-                    - Edge
-                    - edge
-                    - Passthrough
-                    - passthrough
-                tower_route_tls_secret:
-                  description: Secret where the TLS related credentials are stored
-                  type: string
-                tower_node_selector:
-                  description: nodeSelector for the AWX pods
-                  type: string
-                tower_tolerations:
-                  description: node tolerations for the AWX pods
-                  type: string
-                tower_image:
-                  description: Registry path to the application container to use
-                  type: string
-                tower_image_version:
-                  description: Application container image version to use
-                  type: string
-                tower_ee_images:
-                  description: Registry path to the Execution Environment container to use
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        type: string
-                      image:
-                        type: string
-                tower_image_pull_policy:
-                  description: The image pull policy
-                  type: string
-                  default: IfNotPresent
-                  enum:
-                    - Always
-                    - always
-                    - Never
-                    - never
-                    - IfNotPresent
-                    - ifnotpresent
-                tower_image_pull_secret:
-                  description: The image pull secret
-                  type: string
-                tower_task_resource_requirements:
-                  description: Resource requirements for the task container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_web_resource_requirements:
-                  description: Resource requirements for the web container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_replicas:
-                  description: Number of instance replicas
-                  type: integer
-                  default: 1
-                  format: int32
-                tower_garbage_collect_secrets:
-                  description: Whether or not to remove secrets upon instance removal
-                  default: false
-                  type: boolean
-                tower_create_preload_data:
-                  description: Whether or not to preload data upon Tower instance creation
-                  default: true
-                  type: boolean
-                tower_task_args:
-                  type: array
-                  items:
-                    type: string
-                tower_task_command:
-                  type: array
-                  items:
-                    type: string
-                tower_web_args:
-                  type: array
-                  items:
-                    type: string
-                tower_web_command:
-                  type: array
-                  items:
-                    type: string
-                tower_task_extra_env:
-                  type: string
-                tower_web_extra_env:
-                  type: string
-                tower_ee_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Execution container
-                  type: string
-                tower_task_extra_volume_mounts:
-                  description: Specify volume mounts to be added to Task container
-                  type: string
-                tower_web_extra_volume_mounts:
-                  description: Specify volume mounts to be added to the Web container
-                  type: string
-                tower_redis_image:
-                  description: Registry path to the redis container to use
-                  type: string
-                tower_redis_image_version:
-                  description: Redis container image version to use
-                  type: string
-                tower_postgres_image:
-                  description: Registry path to the PostgreSQL container to use
-                  type: string
-                tower_postgres_image_version:
-                  description: PostgreSQL container image version to use
-                  type: string
-                tower_postgres_selector:
-                  description: nodeSelector for the Postgres pods
-                  type: string
-                tower_postgres_tolerations:
-                  description: node tolerations for the Postgres pods
-                  type: string
-                tower_postgres_storage_requirements:
-                  description: Storage requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        storage:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_resource_requirements:
-                  description: Resource requirements for the PostgreSQL container
-                  properties:
-                    requests:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                    limits:
-                      properties:
-                        cpu:
-                          type: string
-                        memory:
-                          type: string
-                      type: object
-                  type: object
-                tower_postgres_storage_class:
-                  description: Storage class to use for the PostgreSQL PVC
-                  type: string
-                tower_postgres_data_path:
-                  description: Path where the PostgreSQL data are located
-                  type: string
-                ca_trust_bundle:
-                  description: Path where the trusted CA bundle is available
-                  type: string
-                development_mode:
-                  description: If the deployment should be done in development mode
-                  type: boolean
-                ldap_cacert_secret:
-                  description: Secret where can be found the LDAP trusted Certificate Authority Bundle
-                  type: string
-                tower_projects_persistence:
-                  description: Whether or not the /var/lib/projects directory will be persistent
-                  default: false
-                  type: boolean
-                tower_projects_use_existing_claim:
-                  description: Using existing PersistentVolumeClaim
-                  type: string
-                  enum:
-                    - _Yes_
-                    - _No_
-                tower_projects_existing_claim:
-                  description: PersistentVolumeClaim to mount /var/lib/projects directory
-                  type: string
-                tower_projects_storage_class:
-                  description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                  type: string
-                tower_projects_storage_size:
-                  description: Size for the /var/lib/projects PersistentVolumeClaim
-                  default: 8Gi
-                  type: string
-                tower_projects_storage_access_mode:
-                  description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                  default: ReadWriteMany
-                  type: string
-                extra_settings:
-                  description: Extra settings to specify for the API
-                  items:
-                    properties:
-                      setting:
-                        type: string
-                      value:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-            status:
-              properties:
-                towerURL:
-                  description: URL to access the deployed instance
-                  type: string
-                towerAdminUser:
-                  description: Admin user of the deployed instance
-                  type: string
-                towerAdminPasswordSecret:
-                  description: Admin password of the deployed instance
-                  type: string
-                towerMigratedFromSecret:
-                  description: The secret used for migrating an old Tower.
-                  type: string
-                towerVersion:
-                  description: Version of the deployed instance
-                  type: string
-                towerImage:
-                  description: URL of the image used for the deployed instance
-                  type: string
-                conditions:
-                  description: The resulting conditions when a Service Telemetry is instantiated
-                  items:
-                    properties:
-                      status:
-                        type: string
-                      type:
-                        type: string
-                      reason:
-                        type: string
-                      lastTransitionTime:
-                        type: string
-                    type: object
-                  type: array
-              type: object
-          type: object
--- a/deploy/crds/awx_v1beta1_molecule.yaml
+++ b/deploy/crds/awx_v1beta1_molecule.yaml
@@ -1,17 +0,0 @@
---
-apiVersion: awx.ansible.com/v1beta1
-kind: AWX
-metadata:
-  name: example-awx
-  namespace: example-awx
-spec:
-  deployment_type: awx
-  tower_ingress_type: ingress
-  tower_web_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 128M
-  tower_task_resource_requirements:
-    requests:
-      cpu: 500m
-      memory: 128M
--- a/deploy/kustomization.yaml
+++ b/deploy/kustomization.yaml
@@ -1,5 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./awx-operator.yaml
--- a/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
+++ b/deploy/olm-catalog/awx-operator/manifests/awx-operator.clusterserviceversion.yaml
@@ -1,573 +0,0 @@
-apiVersion: operators.coreos.com/v1alpha1
-kind: ClusterServiceVersion
-metadata:
-  annotations:
-    alm-examples: |-
-      [
-        {
-          "apiVersion": "awx.ansible.com/v1beta1",
-          "kind": "AWX",
-          "metadata": {
-            "name": "example-awx",
-            "namespace": "example-awx"
-          },
-          "spec": {
-            "deployment_type": "awx",
-            "tower_ingress_type": "ingress",
-            "tower_task_resource_requirements": {
-              "requests": {
-                "cpu": "500m",
-                "memory": "128M"
-              }
-            },
-            "tower_web_resource_requirements": {
-              "requests": {
-                "cpu": "500m",
-                "memory": "128M"
-              }
-            }
-          }
-        }
-      ]
-    capabilities: Basic Install
-    operators.operatorframework.io/builder: operator-sdk-v0.19.4
-    operators.operatorframework.io/project_layout: ansible
-  name: awx-operator.v0.0.1
-  namespace: placeholder
-spec:
-  apiservicedefinitions: {}
-  customresourcedefinitions:
-    owned:
-    - description: A AWX Instance
-      displayName: AWX
-      kind: AWX
-      name: awxs.awx.ansible.com
-      specDescriptors:
-      - displayName: Hostname
-        path: tower_hostname
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Admin account username
-        path: tower_admin_user
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Admin email address
-        path: tower_admin_email
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Admin password secret
-        path: tower_admin_password_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Database configuration secret
-        path: tower_postgres_configuration_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Old Database configuration secret
-        path: tower_old_postgres_configuration_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Secret key secret
-        path: tower_secret_key_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Broadcast Websocket Secret
-        path: tower_broadcast_websocket_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Ingress Type
-        path: tower_ingress_type
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:none
-        - urn:alm:descriptor:com.tectonic.ui:select:Ingress
-        - urn:alm:descriptor:com.tectonic.ui:select:Route
-        - urn:alm:descriptor:com.tectonic.ui:select:LoadBalancer
-        - urn:alm:descriptor:com.tectonic.ui:select:NodePort
-      - displayName: Tower Ingress Annotations
-        path: tower_ingress_annotations
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress
-      - displayName: Tower Ingress TLS Secret
-        path: tower_ingress_tls_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Ingress
-      - displayName: Tower LoadBalancer Annotations
-        path: tower_loadbalancer_annotations
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
-      - displayName: Tower LoadBalancer Protocol
-        path: tower_loadbalancer_protocol
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:http
-        - urn:alm:descriptor:com.tectonic.ui:select:https
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
-      - displayName: Tower LoadBalancer Port
-        path: tower_loadbalancer_port
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:number
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:LoadBalancer
-      - displayName: Route DNS host
-        path: tower_route_host
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:text
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
-      - displayName: Route TLS termination mechanism
-        path: tower_route_tls_termination_mechanism
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:Edge
-        - urn:alm:descriptor:com.tectonic.ui:select:Passthrough
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
-      - displayName: Route TLS credential secret
-        path: tower_route_tls_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_ingress_type:Route
-      - displayName: Image Pull Policy
-        path: tower_image_pull_policy
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy
-      - displayName: Image Pull Secret
-        path: tower_image_pull_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:imagePullSecret
-      - displayName: Web container resource requirements
-        path: tower_web_resource_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: Task container resource requirements
-        path: tower_task_resource_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: PostgreSQL container resource requirements (when using a managed instance)
-        path: tower_postgres_resource_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: PostgreSQL container storage requirements (when using a managed instance)
-        path: tower_postgres_storage_requirements
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:resourceRequirements
-      - displayName: Replicas
-        path: tower_replicas
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:number
-      - displayName: Remove used secrets on instance removal ?
-        path: tower_garbage_collect_secrets
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Preload instance with data upon creation ?
-        path: tower_create_preload_data
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Deploy the instance in development mode ?
-        path: development_mode
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Should Tower Task container deployed with privileged level ?
-        path: tower_task_privileged
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Deployment Type
-        path: deployment_type
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Deployment Kind
-        path: kind
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Deployment apiVersion
-        path: api_version
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Image
-        path: tower_image
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Image Version
-        path: tower_image_version
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Redis Image
-        path: tower_redis_image
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Redis Image Version
-        path: tower_redis_image_version
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: PostgreSQL Image
-        path: tower_postgres_image
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: PostgreSQL Image Version
-        path: tower_postgres_image_version
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Postgres Selector
-        path: tower_postgres_selector
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Postgres Tolerations
-        path: tower_postgres_tolerations
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Postgres Storage Class
-        path: tower_postgres_storage_class
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Postgres Datapath
-        path: tower_postgres_data_path
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Certificate Authorirty Trust Bundle
-        path: ca_trust_bundle
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: LDAP Certificate Authority Trust Bundle
-        path: ldap_cacert_secret
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - displayName: Tower Task Args
-        path: tower_task_args
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Enable persistence for /var/lib/projects directory?
-        path: tower_projects_persistence
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Use existing Persistent Claim?
-        path: tower_projects_use_existing_claim
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:select:_Yes_
-        - urn:alm:descriptor:com.tectonic.ui:select:_No_
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_persistence:true
-      - displayName: Tower Projects Existing Persistent Claim
-        path: tower_projects_existing_claim
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_Yes_
-        - urn:alm:descriptor:io.kubernetes:PersistentVolumeClaim
-      - description: Tower Projects Storage Class Name. If not present, the default
-          storage class will be used.
-        displayName: Tower Projects Storage Class Name
-        path: tower_projects_storage_class
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - description: Tower Projects Storage Size
-        displayName: Tower Projects Storage Size
-        path: tower_projects_storage_size
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - description: Tower Projects Storage Access Mode
-        displayName: Tower Projects Storage Access Mode
-        path: tower_projects_storage_access_mode
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:tower_projects_use_existing_claim:_No_
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - displayName: Tower Task Command
-        path: tower_task_command
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Task Extra Env
-        description: Environment variables to be added to Task container
-        path: tower_task_extra_env
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: 
-        path: tower_ee_extra_volume_mounts
-        description: Specify volume mounts to be added to Execution container
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower EE Images
-        description: Registry path to the Execution Environment container to use
-        path: tower_ee_images
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Task Extra Volume Mounts
-        description: Specify volume mounts to be added to Task container
-        path: tower_task_extra_volume_mounts
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Web Args
-        path: tower_web_args
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Web Command
-        path: tower_web_command
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Web Extra Env
-        description: Environment variables to be added to Web container
-        path: tower_web_extra_env
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Web Extra Volume Mounts
-        description: Specify volume mounts to be added to Web container
-        path: tower_web_extra_volume_mounts
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Extra Volumes
-        description: Specify extra volumes to add to the application pod
-        path: tower_extra_volumes
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Node Selector
-        path: tower_node_selector
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: Tower Tolerations
-        path: tower_tolerations
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      - displayName: API Extra Settings
-        path: extra_settings
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:advanced
-        - urn:alm:descriptor:com.tectonic.ui:hidden
-      statusDescriptors:
-      - description: Route to access the instance deployed
-        displayName: URL
-        path: towerURL
-        x-descriptors:
-        - urn:alm:descriptor:org.w3:link
-      - description: Admin user for the instance deployed
-        displayName: Admin User
-        path: towerAdminUser
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - description: Admin password for the instance deployed
-        displayName: Admin Password
-        path: towerAdminPasswordSecret
-        x-descriptors:
-        - urn:alm:descriptor:io.kubernetes:Secret
-      - description: Version of the instance deployed
-        displayName: Version
-        path: towerVersion
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:text
-      - description: Image of the instance deployed
-        displayName: Image
-        path: towerImage
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:text
-      version: v1beta1
-  description: AWX operator
-  displayName: AWX
-  icon:
-  - base64data: ""
-    mediatype: ""
-  install:
-    spec:
-      clusterPermissions:
-      - rules:
-        - apiGroups:
-          - route.openshift.io
-          resources:
-          - routes
-          - routes/custom-host
-          verbs:
-          - '*'
-        - apiGroups:
-          - ""
-          - rbac.authorization.k8s.io
-          resources:
-          - pods
-          - services
-          - services/finalizers
-          - serviceaccounts
-          - endpoints
-          - persistentvolumeclaims
-          - events
-          - configmaps
-          - secrets
-          - roles
-          - rolebindings
-          verbs:
-          - '*'
-        - apiGroups:
-          - apps
-          - extensions
-          resources:
-          - deployments
-          - daemonsets
-          - replicasets
-          - statefulsets
-          - ingresses
-          verbs:
-          - '*'
-        - apiGroups:
-          - monitoring.coreos.com
-          resources:
-          - servicemonitors
-          verbs:
-          - get
-          - create
-        - apiGroups:
-          - apps
-          resourceNames:
-          - awx-operator
-          resources:
-          - deployments/finalizers
-          verbs:
-          - update
-        - apiGroups:
-          - apps
-          resources:
-          - deployments/scale
-          - statefulsets/scale
-          verbs:
-          - patch
-        - apiGroups:
-          - ""
-          resources:
-          - pods/exec
-          verbs:
-          - create
-          - get
-        - apiGroups:
-          - apps
-          resources:
-          - replicasets
-          verbs:
-          - get
-        - apiGroups:
-          - awx.ansible.com
-          resources:
-          - '*'
-          verbs:
-          - '*'
-        serviceAccountName: awx-operator
-      deployments:
-      - name: awx-operator
-        spec:
-          replicas: 1
-          selector:
-            matchLabels:
-              name: awx-operator
-          strategy: {}
-          template:
-            metadata:
-              labels:
-                name: awx-operator
-            spec:
-              containers:
-              - env:
-                - name: WATCH_NAMESPACE
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.annotations['olm.targetNamespaces']
-                - name: POD_NAME
-                  valueFrom:
-                    fieldRef:
-                      fieldPath: metadata.name
-                - name: OPERATOR_NAME
-                  value: awx-operator
-                - name: ANSIBLE_GATHERING
-                  value: explicit
-                image: quay.io/ansible/awx-operator:0.8.0
-                imagePullPolicy: Always
-                livenessProbe:
-                  httpGet:
-                    path: /healthz
-                    port: 6789
-                  initialDelaySeconds: 15
-                  periodSeconds: 20
-                name: awx-operator
-                resources: {}
-                volumeMounts:
-                - mountPath: /tmp/ansible-operator/runner
-                  name: runner
-              serviceAccountName: awx-operator
-              volumes:
-              - emptyDir: {}
-                name: runner
-    strategy: deployment
-  installModes:
-  - supported: true
-    type: OwnNamespace
-  - supported: true
-    type: SingleNamespace
-  - supported: false
-    type: MultiNamespace
-  - supported: true
-    type: AllNamespaces
-  keywords:
-  - awx
-  links:
-  - name: Awx Operator
-    url: https://github.com/ansible/awx-operator
-  maintainers:
-  - email: yguenane@redhat.com
-    name: Yanis Guenane
-  maturity: alpha
-  provider:
-    name: AWX Community
-    url: https://github.com/ansible/awx-operator
-  version: 0.0.1
--- a/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
+++ b/deploy/olm-catalog/awx-operator/manifests/awx.ansible.com_awxs_crd.yaml
@@ -1,388 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  creationTimestamp: null
-  name: awxs.awx.ansible.com
-spec:
-  group: awx.ansible.com
-  names:
-    kind: AWX
-    listKind: AWXList
-    plural: awxs
-    singular: awx
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Schema validation for the AWX CRD
-        properties:
-          spec:
-            properties:
-              ca_trust_bundle:
-                description: Path where the trusted CA bundle is available
-                type: string
-              deployment_type:
-                description: Name of the deployment type
-                type: string
-                default: awx
-              kind:
-                description: Kind of the deployment type
-                type: string
-                default: AWX
-              api_version:
-                description: apiVersion of the deployment type
-                type: string
-                default: awx.ansible.com/v1beta1
-              development_mode:
-                description: If the deployment should be done in development mode
-                type: boolean
-              ldap_cacert_secret:
-                description: Secret where can be found the LDAP trusted Certificate
-                  Authority Bundle
-                type: string
-              tower_admin_email:
-                description: The admin user email
-                type: string
-              tower_admin_password_secret:
-                description: Secret where the admin password can be found
-                type: string
-              tower_admin_user:
-                default: admin
-                description: Username to use for the admin account
-                type: string
-              tower_broadcast_websocket_secret:
-                description: Secret where the broadcast websocket secret can be found
-                type: string
-              tower_create_preload_data:
-                default: true
-                description: Whether or not to preload data upon Tower instance creation
-                type: boolean
-              tower_ee_images:
-                description: Registry path to the Execution Environment container
-                  to use
-                items:
-                  properties:
-                    image:
-                      type: string
-                    name:
-                      type: string
-                  type: object
-                type: array
-              tower_extra_volumes:
-                description: Specify extra volumes to add to the application pod
-                type: string
-              tower_garbage_collect_secrets:
-                default: false
-                description: Whether or not to remove secrets upon instance removal
-                type: boolean
-              tower_hostname:
-                description: The hostname of the instance
-                type: string
-              tower_image:
-                description: Registry path to the application container to use
-                type: string
-              tower_image_version:
-                description: Application container image version to use
-                type: string
-              tower_image_pull_policy:
-                default: IfNotPresent
-                description: The image pull policy
-                enum:
-                - Always
-                - always
-                - Never
-                - never
-                - IfNotPresent
-                - ifnotpresent
-                type: string
-              tower_image_pull_secret:
-                description: The image pull secret
-                type: string
-              tower_ingress_annotations:
-                description: Annotations to add to the ingress
-                type: string
-              tower_ingress_tls_secret:
-                description: Secret where the ingress TLS secret can be found
-                type: string
-              tower_ingress_type:
-                description: The ingress type to use to reach the deployed instance
-                enum:
-                - none
-                - Ingress
-                - ingress
-                - Route
-                - route
-                - LoadBalancer
-                - loadbalancer
-                - NodePort
-                - nodeport
-                type: string
-              tower_loadbalancer_annotations:
-                description: Annotations to add to the loadbalancer
-                type: string
-              tower_loadbalancer_port:
-                default: 80
-                description: Port to use for the loadbalancer
-                type: integer
-              tower_loadbalancer_protocol:
-                default: http
-                description: Protocol to use for the loadbalancer
-                enum:
-                - http
-                - https
-                type: string
-              tower_node_selector:
-                description: nodeSelector for the AWX pods
-                type: string
-              tower_old_postgres_configuration_secret:
-                description: Secret where the old database configuration can be found
-                  for data migration
-                type: string
-              tower_postgres_configuration_secret:
-                description: Secret where the database configuration can be found
-                type: string
-              tower_postgres_data_path:
-                description: Path where the PostgreSQL data are located
-                type: string
-              tower_postgres_image:
-                description: Registry path to the PostgreSQL container to use
-                type: string
-              tower_postgres_image_version:
-                description: PostgreSQL container image version to use
-                type: string
-              tower_postgres_selector:
-                description: nodeSelector for the Postgres pods
-                type: string
-              tower_postgres_tolerations:
-                description: node tolerations for the Postgres pods
-                type: string
-              tower_postgres_storage_requirements:
-                description: Storage requirements for the PostgreSQL container
-                properties:
-                  requests:
-                    properties:
-                      storage:
-                        type: string
-                    type: object
-                  limits:
-                    properties:
-                      storage:
-                        type: string
-                    type: object
-                type: object
-              tower_postgres_resource_requirements:
-                description: Resource requirements for the PostgreSQL container
-                properties:
-                  requests:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                    type: object
-                  limits:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                    type: object
-                type: object
-              tower_postgres_storage_class:
-                description: Storage class to use for the PostgreSQL PVC
-                type: string
-              tower_projects_existing_claim:
-                description: PersistentVolumeClaim to mount /var/lib/projects directory
-                type: string
-              tower_projects_persistence:
-                default: false
-                description: Whether or not the /var/lib/projects directory will be
-                  persistent
-                type: boolean
-              tower_projects_storage_access_mode:
-                default: ReadWriteMany
-                description: AccessMode for the /var/lib/projects PersistentVolumeClaim
-                type: string
-              tower_projects_storage_class:
-                description: Storage class for the /var/lib/projects PersistentVolumeClaim
-                type: string
-              tower_projects_storage_size:
-                default: 8Gi
-                description: Size for the /var/lib/projects PersistentVolumeClaim
-                type: string
-              tower_projects_use_existing_claim:
-                description: Using existing PersistentVolumeClaim
-                enum:
-                - _Yes_
-                - _No_
-                type: string
-              tower_redis_image:
-                description: Registry path to the redis container to use
-                type: string
-              tower_redis_image_version:
-                description: Redis container image version to use
-                type: string
-              tower_replicas:
-                default: 1
-                description: Number of instance replicas
-                format: int32
-                type: integer
-              tower_route_host:
-                description: The DNS to use to points to the instance
-                type: string
-              tower_route_tls_secret:
-                description: Secret where the TLS related credentials are stored
-                type: string
-              tower_route_tls_termination_mechanism:
-                default: Edge
-                description: The secure TLS termination mechanism to use
-                enum:
-                - Edge
-                - edge
-                - Passthrough
-                - passthrough
-                type: string
-              tower_secret_key_secret:
-                description: Secret where the secret key can be found
-                type: string
-              tower_task_args:
-                items:
-                  type: string
-                type: array
-              tower_task_command:
-                items:
-                  type: string
-                type: array
-              tower_task_extra_env:
-                description: Environment variables to be added to Task container
-                type: string
-              tower_ee_extra_volume_mounts:
-                description: Specify volume mounts to be added to Execution container
-                type: string
-              tower_task_extra_volume_mounts:
-                description: Specify volume mounts to be added to Task container
-                type: string
-              tower_task_privileged:
-                default: false
-                description: If a privileged security context should be enabled
-                type: boolean
-              tower_task_resource_requirements:
-                description: Resource requirements for the task container
-                properties:
-                  limits:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                  requests:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                type: object
-              tower_tolerations:
-                description: node tolerations for the AWX pods
-                type: string
-              tower_web_args:
-                items:
-                  type: string
-                type: array
-              tower_web_command:
-                items:
-                  type: string
-                type: array
-              tower_web_extra_env:
-                description: Environment variables to be added to Web container
-                type: string
-              tower_web_extra_volume_mounts:
-                description: Specify volume mounts to be added to web container
-                type: string
-              tower_web_resource_requirements:
-                description: Resource requirements for the web container
-                properties:
-                  limits:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                  requests:
-                    properties:
-                      cpu:
-                        type: string
-                      memory:
-                        type: string
-                      storage:
-                        type: string
-                    type: object
-                type: object
-              extra_settings:
-                description: Extra settings to specify for the API
-                items:
-                  properties:
-                    setting:
-                      type: string
-                    value:
-                      type: string
-                  type: object
-                type: array
-            type: object
-          status:
-            properties:
-              conditions:
-                description: The resulting conditions when a Service Telemetry is
-                  instantiated
-                items:
-                  properties:
-                    lastTransitionTime:
-                      type: string
-                    reason:
-                      type: string
-                    status:
-                      type: string
-                    type:
-                      type: string
-                  type: object
-                type: array
-              towerAdminPasswordSecret:
-                description: Admin password of the deployed instance
-                type: string
-              towerAdminUser:
-                description: Admin user of the deployed instance
-                type: string
-              towerImage:
-                description: URL of the image used for the deployed instance
-                type: string
-              towerMigratedFromSecret:
-                description: The secret used for migrating an old Tower.
-                type: string
-              towerURL:
-                description: URL to access the deployed instance
-                type: string
-              towerVersion:
-                description: Version of the deployed instance
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: null
-  storedVersions: null
--- a/deploy/olm-catalog/awx-operator/metadata/annotations.yaml
+++ b/deploy/olm-catalog/awx-operator/metadata/annotations.yaml
@@ -1,10 +0,0 @@
-annotations:
-  operators.operatorframework.io.bundle.channel.default.v1: alpha
-  operators.operatorframework.io.bundle.channels.v1: alpha
-  operators.operatorframework.io.bundle.manifests.v1: manifests/
-  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
-  operators.operatorframework.io.bundle.metadata.v1: metadata/
-  operators.operatorframework.io.bundle.package.v1: awx-operator
-  operators.operatorframework.io.metrics.builder: operator-sdk-v0.19.4
-  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
-  operators.operatorframework.io.metrics.project_layout: ansible
--- a/docs/awx-demo.svg
+++ b/docs/awx-demo.svg
--- a/docs/debugging.md
+++ b/docs/debugging.md
@@ -0,0 +1,51 @@
+# Iterating on the installer without deploying the operator
+
+Go through the [normal basic install](https://github.com/ansible/awx-operator/blob/devel/README.md#basic-install) steps.
+
+Install some dependencies:
+
+```
+$ ansible-galaxy collection install -r molecule/requirements.yml
+$ pip install -r molecule/requirements.txt
+```
+
+To prevent the changes we're about to make from being overwritten, scale down any running instance of the operator:
+
+```
+$ kubectl scale deployment awx-operator-controller-manager --replicas=0
+```
+
+Create a playbook that invokes the installer role (the operator uses ansible-runner's role execution feature):
+
+```yaml
+# run.yml
+---
+- hosts: localhost
+  roles:
+    - installer
+```
+
+Create a vars file:
+
+```yaml
+# vars.yml
+---
+ansible_operator_meta:
+  name: awx
+  namespace: awx
+service_type: nodeport
+```
+
+Run the installer:
+
+```
+$ ansible-playbook run.yml -e @vars.yml -v
+```
+
+Grab the URL and admin password:
+
+```
+$ minikube service awx-service --url -n awx
+$ minikube kubectl get secret awx-admin-password -- -o jsonpath="{.data.password}" | base64 --decode
+LU6lTfvnkjUvDwL240kXKy1sNhjakZmT
+```
--- a/docs/migration.md
+++ b/docs/migration.md
@@ -6,14 +6,14 @@ To migrate data from an older AWX installation, you must provide some informatio

 ### Secret Key

-You can find your old secret key in the inventory file you used to deploy AWX in releases prior to version 18. 
+You can find your old secret key in the inventory file you used to deploy AWX in releases prior to version 18.

 ```yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: <resourcename>-secret-key
-  namespace: <target namespace>
+  namespace: <target-namespace>
 stringData:
  secret_key: <old-secret-key>
 type: Opaque
@@ -45,10 +45,13 @@ type: Opaque

 If your AWX deployment is already using an external database server or its database is otherwise not managed
 by the AWX deployment, you can instead create the same secret as above but omit the `-old-` from the `name`.
-In the next section pass it in through `tower_postgres_configuration_secret` instead, omitting the `_old_`
+In the next section pass it in through `postgres_configuration_secret` instead, omitting the `_old_`
 from the key and ensuring the value matches the name of the secret. This will make AWX pick up on the existing
 database and apply any pending migrations. It is strongly recommended to backup your database beforehand.

+The postgresql pod for the old deployment is used when streaming data to the new postgresql pod.  If your postgresql pod has a custom label,
+you can pass that via the `postgres_label_selector` variable to make sure the postgresql pod can be found.
+
 ## Deploy AWX

 When you apply your AWX object, you must specify the name to the database secret you created above:
@@ -59,6 +62,21 @@ kind: AWX
 metadata:
  name: awx
 spec:
-  tower_old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
+  old_postgres_configuration_secret: <resourcename>-old-postgres-configuration
+  secret_key_secret: <resourcename>-secret-key
  ...
 ```
+## Important Note
+If you intend to put all the above in one file, make sure to separate each block with three dashes like so:
+
+```yaml
+---
+# Secret key
+
+---
+# Database creds
+
+---
+# AWX Config
+```
+Failing to do so will lead to an inoperable setup.
--- a/main.yml
+++ b/main.yml
@@ -1,5 +0,0 @@
---
- hosts: localhost
-  gather_facts: no
-  roles:
-    - installer
--- a/molecule/default/asserts.yml
+++ b/molecule/default/asserts.yml
@@ -1,39 +0,0 @@
---
- name: Verify cluster resources
-  hosts: localhost
-  connection: local
-
-  vars:
-    ansible_python_interpreter: '{{ ansible_playbook_python }}'
-
-  tasks:
-    - name: Get AWX Kind data
-      k8s_info:
-        api_version: awx.ansible.com/v1beta1
-        kind: AWX
-        namespace: example-awx
-        label_selectors:
-          - "app.kubernetes.io/name=example-awx"
-          - "app.kubernetes.io/part-of=example-awx"
-          - "app.kubernetes.io/managed-by=awx-operator"
-          - "app.kubernetes.io/component=awx"
-      register: awx_kind
-
-    - name: Verify there is one AWX kind
-      assert:
-        that: '{{ (awx_kind.resources | length) == 1 }}'
-
-    - name: Get AWX Pod data
-      k8s_info:
-        kind: Pod
-        namespace: example-awx
-        label_selectors:
-          - "app.kubernetes.io/name=example-awx"
-          - "app.kubernetes.io/part-of=example-awx"
-          - "app.kubernetes.io/managed-by=awx-operator"
-          - "app.kubernetes.io/component=awx"
-      register: tower_pods
-
-    - name: Verify there is one AWX pod
-      assert:
-        that: '{{ (tower_pods.resources | length) == 1 }}'
--- a/Show More
+++ b/Show More