Make CI use this branch when running label PR check

Fix Label PR check by using python venv for requests library
2026-03-29 06:43:11 +00:00 · 2024-10-16 12:12:33 -04:00 · 2024-10-16 11:51:28 -04:00
83 changed files with 540 additions and 1243 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -16,7 +16,7 @@ jobs:
          - --skip-tags=replicas
          - -t replicas
    env:
-      DOCKER_API_VERSION: "1.44"
+      DOCKER_API_VERSION: "1.41"
      DEBUG_OUTPUT_DIR: /tmp/awx_operator_molecule_test
    steps:
      - uses: actions/checkout@v4
--- a/.github/workflows/label_pr.yml
+++ b/.github/workflows/label_pr.yml
@@ -13,6 +13,8 @@ jobs:
    name: Label PR - Community
    steps:
      - uses: actions/checkout@v4
        with:
          ref: test-python-module-fix
      - uses: actions/setup-python@v5
--- a/.github/workflows/publish-operator-hub.yaml
+++ b/.github/workflows/publish-operator-hub.yaml
@@ -0,0 +1,86 @@
 name: Publish AWX Operator on operator-hub
 on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      tag_name:
        description: 'Name for the tag of the release.'
        required: true
      operator_hub_fork:
        description: 'Fork of operator-hub where the PR will be created from. default: awx-auto'
        required: true
        default: 'awx-auto'
      image_registry:
        description: 'Image registry where the image is published to. default: quay.io'
        required: true
        default: 'quay.io'
      image_registry_organization:
        description: 'Image registry organization where the image is published to. default: ansible'
        required: true
        default: 'ansible'
      community_operator_github_org:
        description: 'Github organization for community-opeartor project. default: k8s-operatorhub'
        required: true
        default: 'k8s-operatorhub'
      community_operator_prod_github_org:
        description: 'GitHub organization for community-operator-prod project. default: redhat-openshift-ecosystem'
        required: true
        default: 'redhat-openshift-ecosystem'
 jobs:
  promote:
    runs-on: ubuntu-latest
    steps:
      - name: Set GITHUB_ENV from workflow_dispatch event
        if: ${{ github.event_name == 'workflow_dispatch' }}
        run: |
          echo "VERSION=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
          echo "IMAGE_REGISTRY=${{ github.event.inputs.image_registry }}" >> $GITHUB_ENV
          echo "IMAGE_REGISTRY_ORGANIZATION=${{ github.event.inputs.image_registry_organization }}" >> $GITHUB_ENV
          echo "COMMUNITY_OPERATOR_GITHUB_ORG=${{ github.event.inputs.community_operator_github_org }}" >> $GITHUB_ENV
          echo "COMMUNITY_OPERATOR_PROD_GITHUB_ORG=${{ github.event.inputs.community_operator_prod_github_org }}" >> $GITHUB_ENV
      - name: Set GITHUB_ENV for release event
        if: ${{ github.event_name == 'release' }}
        run: |
          echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
          echo "IMAGE_REGISTRY=quay.io" >> $GITHUB_ENV
          echo "IMAGE_REGISTRY_ORGANIZATION=ansible" >> $GITHUB_ENV
          echo "COMMUNITY_OPERATOR_GITHUB_ORG=k8s-operatorhub" >> $GITHUB_ENV
          echo "COMMUNITY_OPERATOR_PROD_GITHUB_ORG=redhat-openshift-ecosystem" >> $GITHUB_ENV
      - name: Log in to image registry
        run: |
          echo ${{ secrets.QUAY_TOKEN }} | docker login ${{ env.IMAGE_REGISTRY }} -u ${{ secrets.QUAY_USER }} --password-stdin
      - name: Checkout awx-operator at workflow branch
        uses: actions/checkout@v4
        with:
          path: awx-operator
      - name: Checkout awx-opearator at ${{ env.VERSION }}
        uses: actions/checkout@v4
        with:
          fetch-tags: true
          ref: ${{ env.VERSION }}
          path: awx-operator-${{ env.VERSION }}
          fetch-depth: 0  # fetch all history so that git describe works
      - name: Copy scripts to awx-operator-${{ env.VERSION }}
        run: |
          cp -f \
            awx-operator/hack/publish-to-operator-hub.sh \
            awx-operator-${{ env.VERSION }}/hack/publish-to-operator-hub.sh
          cp -f \
            awx-operator/Makefile \
            awx-operator-${{ env.VERSION }}/Makefile
      - name: Build and publish bundle to operator-hub
        working-directory: awx-operator-${{ env.VERSION }}
        env:
          IMG_REPOSITORY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_REGISTRY_ORGANIZATION }}
          GITHUB_TOKEN: ${{ secrets.AWX_AUTO_GITHUB_TOKEN }}
        run: |
          git config --global user.email "awx-automation@redhat.com"
          git config --global user.name "AWX Automation"
          ./hack/publish-to-operator-hub.sh
--- a/.gitignore
+++ b/.gitignore
@@ -11,4 +11,3 @@ gh-pages/
 __pycache__
 /site
 venv/*
 hacking/
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -10,7 +10,6 @@ Have questions about this document or anything not covered here? Please file a n
  - [Table of contents](#table-of-contents)
  - [Things to know prior to submitting code](#things-to-know-prior-to-submitting-code)
  - [Submmiting your work](#submmiting-your-work)
  - [Development](#development)
  - [Testing](#testing)
      - [Testing in Kind](#testing-in-kind)
      - [Testing in Minikube](#testing-in-minikube)
@@ -43,8 +42,7 @@ Have questions about this document or anything not covered here? Please file a n
 **Note**: If you have multiple commits, make sure to `squash` your commits into a single commit which will facilitate our release process.
-## Development
+
 The development environment consists of running an [`up.sh`](./up.sh) and a [`down.sh`](./down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](docs/development.md) for information on how to deploy and test changes from your branch.
 ## Testing
--- a/6
+++ b/6
@@ -1,8 +1,8 @@
-FROM quay.io/operator-framework/ansible-operator:v1.40.0
+FROM quay.io/operator-framework/ansible-operator:v1.34.2
 USER root
-RUN dnf update --security --bugfix -y --disableplugin=subscription-manager && \
+RUN dnf update --security --bugfix -y && \
-    dnf install -y --disableplugin=subscription-manager openssl
+    dnf install -y openssl
 USER 1001
--- a/10
+++ b/10
@@ -105,10 +105,6 @@ docker-buildx: ## Build and push docker image for the manager for cross-platform
 	- docker buildx build --push $(BUILD_ARGS) --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile .
 	- docker buildx rm project-v3-builder
 .PHONY: podman-buildx
 podman-buildx: ## Build and push podman image for the manager for cross-platform support
 	podman build --platform=$(PLATFORMS) $(BUILD_ARGS) --manifest ${IMG} -f Dockerfile .
 	podman manifest push --all ${IMG} ${IMG}
 ##@ Deployment
@@ -165,7 +161,7 @@ ifeq (,$(shell which operator-sdk 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(OPERATOR_SDK)) ;\
-	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.40.0/operator-sdk_$(OS)_$(ARCHA) ;\
+	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.34.2/operator-sdk_$(OS)_$(ARCHA) ;\
 	chmod +x $(OPERATOR_SDK) ;\
 	}
 else
@@ -181,7 +177,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
-	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.40.0/ansible-operator_$(OS)_$(ARCHA) ;\
+	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.34.0/ansible-operator_$(OS)_$(ARCHA) ;\
 	chmod +x $(ANSIBLE_OPERATOR) ;\
 	}
 else
@@ -212,7 +208,7 @@ ifeq (,$(shell which opm 2>/dev/null))
 	@{ \
 	set -e ;\
 	mkdir -p $(dir $(OPM)) ;\
-	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.55.0/$(OS)-$(ARCHA)-opm ;\
+	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.26.0/$(OS)-$(ARCHA)-opm ;\
 	chmod +x $(OPM) ;\
 	}
 else
--- a/README.md
+++ b/README.md
@@ -20,8 +20,6 @@ Please visit [our contributing guidelines](https://github.com/ansible/awx-operat
 For docs changes, create PRs on the appropriate files in the `/docs` folder.
 The development environment consists of running an [`up.sh`](https://github.com/ansible/awx-operator/blob/devel/up.sh) and a [`down.sh`](https://github.com/ansible/awx-operator/blob/devel/down.sh) script, which applies or deletes yaml on the Openshift or K8s cluster you are connected to. See the [development.md](https://github.com/ansible/awx-operator/blob/devel/docs/development.md) for information on how to deploy and test changes from your branch.
 ## Author
 This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team
--- a/config/crd/bases/awx.ansible.com_awxbackups.yaml
+++ b/config/crd/bases/awx.ansible.com_awxbackups.yaml
@@ -37,9 +37,6 @@ spec:
          metadata:
            type: object
          spec:
            x-kubernetes-validations:
            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
              message: "Both postgres_image and postgres_image_version must be set when required"
            type: object
            x-kubernetes-preserve-unknown-fields: true
            required:
@@ -51,10 +48,6 @@ spec:
              backup_pvc:
                description: Name of the backup PVC
                type: string
              create_backup_pvc:
                description: If true (default), automatically create the backup PVC if it does not exist
                type: boolean
                default: true
              backup_pvc_namespace:
                description: (Deprecated) Namespace the PVC is in
                type: string
@@ -88,10 +81,6 @@ spec:
              pg_dump_suffix:
                description: Additional parameters for the pg_dump command
                type: string
              use_db_compression:
                description: Enable compression for database dumps using pg_dump built-in compression.
                type: boolean
                default: true
              postgres_label_selector:
                description: Label selector used to identify postgres pod for backing up data
                type: string
--- a/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
+++ b/config/crd/bases/awx.ansible.com_awxmeshingresses.yaml
@@ -69,9 +69,6 @@ spec:
              ingress_annotations:
                description: Annotations to add to the Ingress Controller
                type: string
              route_annotations:
                description: Annotations to add to the OpenShift Route
                type: string
              ingress_class_name:
                description: The name of ingress class to use instead of the cluster default.
                type: string
--- a/config/crd/bases/awx.ansible.com_awxrestores.yaml
+++ b/config/crd/bases/awx.ansible.com_awxrestores.yaml
@@ -37,9 +37,6 @@ spec:
          metadata:
            type: object
          spec:
            x-kubernetes-validations:
            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
              message: "Both postgres_image and postgres_image_version must be set when required"
            type: object
            x-kubernetes-preserve-unknown-fields: true
            required:
--- a/config/crd/bases/awx.ansible.com_awxs.yaml
+++ b/config/crd/bases/awx.ansible.com_awxs.yaml
@@ -36,17 +36,6 @@ spec:
          metadata:
            type: object
          spec:
            x-kubernetes-validations:
            - rule: "has(self.image) && has(self.image_version) || !has(self.image) && !has(self.image_version)"
              message: "Both image and image_version must be set when required"
            - rule: "has(self.redis_image) && has(self.redis_image_version) || !has(self.redis_image) && !has(self.redis_image_version)"
              message: "Both redis_image and redis_image_version must be set when required"
            - rule: "has(self.postgres_image) && has(self.postgres_image_version) || !has(self.postgres_image) && !has(self.postgres_image_version)"
              message: "Both postgres_image and postgres_image_version must be set when required"
            - rule: >-
                has(self.metrics_utility_image) && has(self.metrics_utility_image_version) ||
                !has(self.metrics_utility_image) && !has(self.metrics_utility_image_version)
              message: "Both metrics_utility_image and metrics_utility_image_version must be set when required"
            properties:
              deployment_type:
                description: Name of the deployment type
@@ -1747,9 +1736,6 @@ spec:
              nginx_worker_connections:
                description: Set the number of connections per worker for nginx
                type: integer
              nginx_client_max_body_size:
                description: Sets the maximum allowed size of the client request body in megabytes (defaults to 5M)
                type: integer
              nginx_worker_cpu_affinity:
                description: Set the CPU affinity for nginx workers
                type: string
@@ -1839,25 +1825,9 @@ spec:
                description: Assign a preexisting priority class to the postgres pod
                type: string
              postgres_extra_args:
                description: "(Deprecated, use postgres_extra_settings parameter) Define postgres configuration arguments to use"
                type: array
                items:
                  type: string
              postgres_extra_settings:
                description: "PostgreSQL configuration settings to be added to postgresql.conf"
                type: array
                items:
                  type: object
                  properties:
                    setting:
                      description: "PostgreSQL configuration parameter name"
                      type: string
                    value:
                      description: "PostgreSQL configuration parameter value"
                      type: string
                  required:
                  - setting
                  - value
              postgres_data_volume_init:
                description: Sets permissions on the /var/lib/pgdata/data for postgres container using an init container (not Openshift)
                type: boolean
@@ -1995,9 +1965,6 @@ spec:
                description: Disable web container's nginx ipv6 listener
                type: boolean
                default: false
              idle_deployment:
                description: Scale down deployments to put AWX into an idle state
                type: boolean
              metrics_utility_enabled:
                description: Enable metrics utility
                type: boolean
@@ -2042,12 +2009,8 @@ spec:
                description: Enable metrics utility shipping to Red Hat Hybrid Cloud Console
                type: boolean
                default: false
              public_base_url:
                description: Public base URL
                type: string
            type: object
          status:
            x-kubernetes-preserve-unknown-fields: true
            properties:
              URL:
                description: URL to access the deployed instance
@@ -2079,9 +2042,6 @@ spec:
              image:
                description: URL of the image used for the deployed instance
                type: string
              upgradedFrom:
                description: Last gated version
                type: string
              conditions:
                description: The resulting conditions when a Service Telemetry is instantiated
                items:
@@ -2096,6 +2056,5 @@ spec:
                      type: string
                  type: object
                type: array
                x-kubernetes-preserve-unknown-fields: true
            type: object
        type: object
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -20,11 +20,11 @@ resources:
 - ../manager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 - metrics_service.yaml
 # Protect the /metrics endpoint by putting it behind auth.
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 patches:
- path: manager_metrics_patch.yaml
+- path: manager_auth_proxy_patch.yaml
  target:
    kind: Deployment
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -0,0 +1,40 @@
 # This patch inject a sidecar container which is a HTTP proxy for the
 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: controller-manager
  namespace: system
 spec:
  template:
    spec:
      containers:
      - name: kube-rbac-proxy
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - "ALL"
        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8080/"
        - "--logtostderr=true"
        - "--v=0"
        ports:
        - containerPort: 8443
          protocol: TCP
          name: https
        resources:
          limits:
            cpu: 500m
            memory: 128Mi
          requests:
            cpu: 5m
            memory: 64Mi
      - name: awx-manager
        args:
        - "--health-probe-bind-address=:6789"
        - "--metrics-bind-address=127.0.0.1:8080"
        - "--leader-elect"
        - "--leader-election-id=awx-operator"
--- a/config/default/manager_metrics_patch.yaml
+++ b/config/default/manager_metrics_patch.yaml
@@ -1,12 +0,0 @@
 # This patch adds the args to allow exposing the metrics endpoint using HTTPS
 - op: add
  path: /spec/template/spec/containers/0/args/0
  value: --metrics-bind-address=:8443
 # This patch adds the args to allow securing the metrics endpoint
 - op: add
  path: /spec/template/spec/containers/0/args/0
  value: --metrics-secure
 # This patch adds the args to allow RBAC-based authn/authz for the metrics endpoint
 - op: add
  path: /spec/template/spec/containers/0/args/0
  value: --metrics-require-rbac
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -38,7 +38,6 @@ spec:
      - args:
        - --leader-elect
        - --leader-election-id=awx-operator
        - --health-probe-bind-address=:6789
        image: controller:latest
        imagePullPolicy: IfNotPresent
        name: awx-manager
@@ -74,8 +73,8 @@ spec:
            memory: "32Mi"
            cpu: "50m"
          limits:
-            memory: "4000Mi"
+            memory: "960Mi"
-            cpu: "2000m"
+            cpu: "1500m"
      serviceAccountName: controller-manager
      imagePullSecrets:
      - name: redhat-operators-pull-secret
--- a/config/manifests/bases/awx-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/awx-operator.clusterserviceversion.yaml
@@ -50,12 +50,6 @@ spec:
        path: ingress_annotations
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:text
      - displayName: Route Annotations
        path: route_annotations
        x-descriptors:
          - 'urn:alm:descriptor:com.tectonic.ui:advanced'
          - 'urn:alm:descriptor:com.tectonic.ui:text'
          - 'urn:alm:descriptor:com.tectonic.ui:fieldDependency:ingress_type:Route'
      - displayName: Ingress Class Name
        path: ingress_class_name
        x-descriptors:
@@ -175,22 +169,10 @@ spec:
        path: additional_labels
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
      - description: Enable compression for database dumps using pg_dump built-in compression
        displayName: Use DB Compression
        path: use_db_compression
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
      - displayName: Node Selector for backup management pod
        path: db_management_pod_node_selector
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
      - displayName: Public Base URL
        path: public_base_url
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:text
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:hidden
      statusDescriptors:
      - description: Persistent volume claim name used during backup
        displayName: Backup Claim
@@ -596,11 +578,6 @@ spec:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:number
        - urn:alm:descriptor:com.tectonic.ui:hidden
      - displayName: Set the maximum allowed size of the client request body in megabytes for nginx
        path: nginx_client_max_body_size
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:number
      - displayName: Task Replicas
        path: task_replicas
        x-descriptors:
@@ -703,16 +680,11 @@ spec:
        x-descriptors:
        - urn:alm:descriptor:io.kubernetes:StorageClass
        - urn:alm:descriptor:com.tectonic.ui:advanced
-      - displayName: Postgres Extra Arguments (Deprecated)
+      - displayName: Postgres Extra Arguments
        path: postgres_extra_args
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:hidden
      - displayName: Postgres Extra Settings
        path: postgres_extra_settings
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:hidden
      - description: Specify extra volumes to add to the postgres pod
        displayName: Postgres Extra Volumes
        path: postgres_extra_volumes
@@ -1177,13 +1149,6 @@ spec:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
        - urn:alm:descriptor:com.tectonic.ui:fieldDependency:metrics_utility_enabled:true
      - description: Scale down deployments to put AWX into an idle state
        displayName: Idle AWX
        path: idle_deployment
        x-descriptors:
        - urn:alm:descriptor:com.tectonic.ui:advanced
        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
        - urn:alm:descriptor:com.tectonic.ui:hidden
      statusDescriptors:
      - description: Route to access the instance deployed
        displayName: URL
--- a/config/rbac/auth_proxy_client_clusterrole.yaml
+++ b/config/rbac/auth_proxy_client_clusterrole.yaml
--- a/config/rbac/metrics_auth_role.yaml
+++ b/config/rbac/metrics_auth_role.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: metrics-auth-role
+  name: proxy-role
 rules:
 - apiGroups:
  - authentication.k8s.io
--- a/config/rbac/metrics_auth_role_binding.yaml
+++ b/config/rbac/metrics_auth_role_binding.yaml
@@ -1,11 +1,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: metrics-auth-rolebinding
+  name: proxy-rolebinding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: metrics-auth-role
+  name: proxy-role
 subjects:
 - kind: ServiceAccount
  name: controller-manager
--- a/config/rbac/auth_proxy_service.yaml
+++ b/config/rbac/auth_proxy_service.yaml
@@ -3,8 +3,6 @@ kind: Service
 metadata:
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: awx-operator
    app.kubernetes.io/managed-by: kustomize
  name: controller-manager-metrics-service
  namespace: system
 spec:
@@ -12,7 +10,6 @@ spec:
  - name: https
    port: 8443
    protocol: TCP
-    targetPort: 8443
+    targetPort: https
  selector:
    control-plane: controller-manager
    app.kubernetes.io/name: awx-operator
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -9,6 +9,10 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
- metrics_auth_role.yaml
+# Comment the following 4 lines if you want to disable
- metrics_auth_role_binding.yaml
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
- metrics_reader_role.yaml
+# which protects your /metrics endpoint.
 - auth_proxy_service.yaml
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
--- a/config/testing/kustomization.yaml
+++ b/config/testing/kustomization.yaml
@@ -14,13 +14,10 @@ resources:
 - ../crd
 - ../rbac
 - ../manager
 - ../default/metrics_service.yaml
 images:
 - name: testing
  newName: testing-operator
 patches:
 - path: manager_image.yaml
 - path: debug_logs_patch.yaml
- path: ../default/manager_metrics_patch.yaml
+- path: ../default/manager_auth_proxy_patch.yaml
  target:
    kind: Deployment
--- a/dev/awx-cr/awx-cr-settings.yml
+++ b/dev/awx-cr/awx-cr-settings.yml
@@ -1,24 +0,0 @@
 ---
 apiVersion: awx.ansible.com/v1beta1
 kind: AWX
 metadata:
  name: awx
 spec:
  service_type: clusterip
  ingress_type: route
  no_log: false
  # Secrets
  admin_password_secret: custom-admin-password
  postgres_configuration_secret: custom-pg-configuration
  secret_key_secret: custom-secret-key
  # Resource Requirements
  postgres_storage_requirements:
    requests:
      storage: 10Gi
  # Extra Settings
  extra_settings:
    - setting: MAX_PAGE_SIZE
      value: "500"
--- a/dev/awx-cr/awx-db-configuration.cr.yml
+++ b/dev/awx-cr/awx-db-configuration.cr.yml
@@ -1,30 +0,0 @@
 ---
 apiVersion: awx.ansible.com/v1beta1
 kind: AWX
 metadata:
  name: awx
 spec:
  service_type: clusterip
  ingress_type: Route
  postgres_extra_settings:
    - setting: max_connections
      value: "999"
    - setting: ssl_ciphers
      value: "HIGH:!aNULL:!MD5"
  # requires custom-postgres-configuration secret to be pre-created
  # postgres_configuration_secret: custom-postgres-configuration
  postgres_resource_requirements:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 800m
      memory: 1Gi
  postgres_storage_requirements:
    requests:
      storage: 20Gi
    limits:
      storage: 100Gi
--- a/dev/awx-cr/awx-k8s-ingress.yml
+++ b/dev/awx-cr/awx-k8s-ingress.yml
@@ -1,13 +0,0 @@
 ---
 apiVersion: awx.ansible.com/v1beta1
 kind: AWX
 metadata:
  name: awx
 spec:
  service_type: nodeport
  ingress_type: ingress
  # Secrets
  admin_password_secret: custom-admin-password
  postgres_configuration_secret: custom-pg-configuration
  secret_key_secret: custom-secret-key
--- a/dev/awx-cr/awx-openshift-cr.yml
+++ b/dev/awx-cr/awx-openshift-cr.yml
@@ -1,13 +0,0 @@
 ---
 apiVersion: awx.ansible.com/v1beta1
 kind: AWX
 metadata:
  name: awx
 spec:
  service_type: clusterip
  ingress_type: Route
  # # Secrets
  # admin_password_secret: custom-admin-password
  # postgres_configuration_secret: custom-pg-configuration
  # secret_key_secret: custom-secret-key
--- a/dev/secrets/admin-password-secret.yml
+++ b/dev/secrets/admin-password-secret.yml
@@ -1,7 +0,0 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: custom-admin-password
 stringData:
  password: 'password'
--- a/dev/secrets/custom-secret-key.yml
+++ b/dev/secrets/custom-secret-key.yml
@@ -1,7 +0,0 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: custom-secret-key
 stringData:
  secret_key: 'awxsecret'
--- a/dev/secrets/external-pg-secret.yml
+++ b/dev/secrets/external-pg-secret.yml
@@ -1,12 +0,0 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: external-pg-secret
 stringData:
  database: 'awx'
  host: 'awx-postgres'
  password: 'test'
  port: '5432'
  type: 'managed'
  username: 'awx'
--- a/docs/contributors-guide/release-process.md
+++ b/docs/contributors-guide/release-process.md
@@ -8,3 +8,20 @@ After the draft release is created, publish it and the [Promote AWX Operator ima
 - Publish image to Quay
 - Release Helm chart
 After the GHA is complete, the final step is to run the [publish-to-operator-hub.sh](https://github.com/ansible/awx-operator/blob/devel/hack/publish-to-operator-hub.sh) script, which will create a PR in the following repos to add the new awx-operator bundle version to OperatorHub:
 - <https://github.com/k8s-operatorhub/community-operators> (community operator index)
 - <https://github.com/redhat-openshift-ecosystem/community-operators-prod> (operator index shipped with Openshift)
 !!! note
    The usage is documented in the script itself, but here is an example of how you would use the script to publish the 2.5.3 awx-opeator bundle to OperatorHub.
    Note that you need to specify the version being released, as well as the previous version. This is because the bundle has a pointer to the previous version that is it being upgrade from. This is used by OLM to create a dependency graph.
    ```bash
    VERSION=2.5.3 PREV_VERSION=2.5.2 ./hack/publish-to-operator-hub.sh
    ```
    There are some quirks with running this on OS X that still need to be fixed, but the script runs smoothly on linux.
 As soon as CI completes successfully, the PR's will be auto-merged. Please remember to monitor those PR's to make sure that CI passes, sometimes it needs a retry.
--- a/docs/development.md
+++ b/docs/development.md
@@ -1,104 +0,0 @@
 # Development Guide
 There are development scripts and yaml examples in the [`dev/`](../dev) directory that, along with the up.sh and down.sh scripts in the root of the repo, can be used to build, deploy and test changes made to the awx-operator.
 ## Prerequisites
 You will need to have the following tools installed:
 * [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
 * [podman](https://podman.io/docs/installation) or [docker](https://docs.docker.com/get-docker/)
 * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
 * [oc](https://docs.openshift.com/container-platform/4.11/cli_reference/openshift_cli/getting-started-cli.html) (if using Openshift)
 You will also need to have a container registry account. This guide uses quay.io, but any container registry will work. You will need to create a robot account and login at the CLI with `podman login` or `docker login`.
 ## Quay.io Setup for Development
 Before using the development scripts, you'll need to set up a Quay.io repository and pull secret:
 ### 1. Create a Private Quay.io Repository
 - Go to [quay.io](https://quay.io) and create a private repository named `awx-operator` under your username
 - The repository URL should be `quay.io/username/awx-operator`
 ### 2. Create a Bot Account
 - In your Quay.io repository, go to Settings → Robot Accounts
 - Create a new robot account with write permissions to your repository
 - Click on the robot account name to view its credentials
 ### 3. Generate Kubernetes Pull Secret
 - In the robot account details, click "Kubernetes Secret"
 - Copy the generated YAML content from the pop-up
 ### 4. Create Local Pull Secret File
 - Create a file at `hacking/pull-secret.yml` in your awx-operator checkout
 - Paste the Kubernetes secret YAML content into this file
 - **Important**: Change the `name` field in the secret from the default to `redhat-operators-pull-secret`
 - The `hacking/` directory is in `.gitignore`, so this file won't be committed to git
 Example `hacking/pull-secret.yml`:
 ```yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: redhat-operators-pull-secret  # Change this name
  namespace: awx
 type: kubernetes.io/dockerconfigjson
 data:
  .dockerconfigjson: <base64-encoded-credentials>
 ```
 ## Build and Deploy
 If you clone the repo, and make sure you are logged in at the CLI with oc and your cluster, you can run:
 ```
 export QUAY_USER=username
 export NAMESPACE=awx
 export TAG=test
 ./up.sh
 ```
 You can add those variables to your .bashrc file so that you can just run `./up.sh` in the future.
 > Note: the first time you run this, it will create quay.io repos on your fork. If you followed the Quay.io setup steps above and created the `hacking/pull-secret.yml` file, the script will automatically handle the pull secret. Otherwise, you will need to either make those repos public, or create a global pull secret on your cluster.
 To get the URL, if on **Openshift**, run:
 ```
 $ oc get route
 ```
 On **k8s with ingress**, run:
 ```
 $ kubectl get ing
 ```
 On **k8s with nodeport**, run:
 ```
 $ kubectl get svc
 ```
 The URL is then `http://<Node-IP>:<NodePort>`
 > Note: NodePort will only work if you expose that port on your underlying k8s node, or are accessing it from localhost.
 By default, the usename and password will be admin and password if using the `up.sh` script because it pre-creates a custom admin password k8s secret and specifies it on the AWX custom resource spec. Without that, a password would have been generated and stored in a k8s secret named <deployment-name>-admin-password.
 ## Clean up
 Same thing for cleanup, just run ./down.sh and it will clean up your namespace on that cluster
 ```
 ./down.sh
 ```
 ## Running CI tests locally
 More tests coming soon...
--- a/docs/troubleshooting/debugging.md
+++ b/docs/troubleshooting/debugging.md
@@ -24,6 +24,13 @@ Past that, it is often useful to inspect various resources the AWX Operator mana
 * secrets
 * serviceaccount
 And if installing via OperatorHub and OLM:
 * subscription
 * csv
 * installPlan
 * catalogSource
 To inspect these resources you can use these commands
 ```sh
--- a/docs/user-guide/advanced-configuration/custom-volume-and-volume-mount-options.md
+++ b/docs/user-guide/advanced-configuration/custom-volume-and-volume-mount-options.md
@@ -115,7 +115,6 @@ configuration.
 * [worker_cpu_affinity](http://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity) with `nginx_worker_cpu_affinity` (default "auto")
 * [worker_connections](http://nginx.org/en/docs/ngx_core_module.html#worker_connections) with `nginx_worker_connections` (minimum of 1024)
 * [listen](https://nginx.org/en/docs/http/ngx_http_core_module.html#listen) with `nginx_listen_queue_size` (default same as uwsgi listen queue size)
 * [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) with `nginx_client_max_body_size` (default of 5M)
 ## Custom Logos
--- a/docs/user-guide/database-configuration.md
+++ b/docs/user-guide/database-configuration.md
@@ -69,7 +69,6 @@ The following variables are customizable for the managed PostgreSQL service
 | postgres_storage_requirements                 | PostgreSQL container storage requirements                       | requests: {storage: 8Gi}                |
 | postgres_storage_class                        | PostgreSQL PV storage class                                     | Empty string                            |
 | postgres_priority_class                       | Priority class used for PostgreSQL pod                          | Empty string                            |
 | postgres_extra_settings                       | PostgreSQL configuration settings to be added to postgresql.conf | `[]`                                    |
 Example of customization could be:
@@ -90,78 +89,14 @@ spec:
    limits:
      storage: 50Gi
  postgres_storage_class: fast-ssd
-  postgres_extra_settings:
+  postgres_extra_args:
-    - setting: max_connections
+    - '-c'
-      value: "1000"
+    - 'max_connections=1000'
 ```
 !!! note
    If `postgres_storage_class` is not defined, PostgreSQL will store it's data on a volume using the default storage class for your cluster.
 ## PostgreSQL Extra Settings
 !!! warning "Deprecation Notice"
    The `postgres_extra_args` parameter is **deprecated** and should no longer be used. Use `postgres_extra_settings` instead for configuring PostgreSQL parameters. The `postgres_extra_args` parameter will be removed in a future version of the AWX operator.
 You can customize PostgreSQL configuration by adding settings to the `postgresql.conf` file using the `postgres_extra_settings` parameter. This allows you to tune PostgreSQL performance, security, and behavior according to your specific requirements.
 The `postgres_extra_settings` parameter accepts an array of setting objects, where each object contains a `setting` name and its corresponding `value`.
 !!! note
    The `postgres_extra_settings` parameter replaces the deprecated `postgres_extra_args` parameter and provides a more structured way to configure PostgreSQL settings.
 ### Configuration Format
 ```yaml
 spec:
  postgres_extra_settings:
    - setting: max_connections
      value: "499"
    - setting: ssl_ciphers
      value: "HIGH:!aNULL:!MD5"
 ```
 **Common PostgreSQL settings you might want to configure:**
 | Setting | Description | Example Value |
 |---------|-------------|---------------|
 | `max_connections` | Maximum number of concurrent connections | `"200"` |
 | `ssl_ciphers` | SSL cipher suites to use | `"HIGH:!aNULL:!MD5"` |
 | `shared_buffers` | Amount of memory for shared memory buffers | `"256MB"` |
 | `effective_cache_size` | Planner's assumption about effective cache size | `"1GB"` |
 | `work_mem` | Amount of memory for internal sort operations | `"4MB"` |
 | `maintenance_work_mem` | Memory for maintenance operations | `"64MB"` |
 | `checkpoint_completion_target` | Target for checkpoint completion | `"0.9"` |
 | `wal_buffers` | Amount of memory for WAL buffers | `"16MB"` |
 ### Important Notes
 !!! warning
    - Changes to `postgres_extra_settings` require a PostgreSQL pod restart to take effect.
    - Some settings may require specific PostgreSQL versions or additional configuration.
    - Always test configuration changes in a non-production environment first.
 !!! tip
    - String values should be quoted in the YAML configuration.
    - Numeric values can be provided as strings or numbers.
    - Boolean values should be provided as strings ("on"/"off" or "true"/"false").
 For a complete list of available PostgreSQL configuration parameters, refer to the [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config.html).
 **Verification:**
 You can verify that your settings have been applied by connecting to the PostgreSQL database and running:
 ```bash
 kubectl exec -it <postgres-pod-name> -n <namespace> -- psql
 ```
 Then run the following query:
 ```sql
 SELECT name, setting FROM pg_settings;
 ```
 ## Note about overriding the postgres image
 We recommend you use the default image sclorg image. If you are coming from a deployment using the old postgres image from dockerhub (postgres:13), upgrading from awx-operator version 2.12.2 and below to 2.15.0+ will handle migrating your data to the new postgresql image (postgresql-15-c9s).
--- a/down.sh
+++ b/down.sh
@@ -1,36 +0,0 @@
 #!/bin/bash
 # AWX Operator down.sh
 # Purpose:
 #   Cleanup and delete the namespace you deployed in
 # -- Usage
 #   NAMESPACE=awx ./down.sh
 # -- Variables
 TAG=${TAG:-dev}
 AWX_CR=${AWX_CR:-awx}
 CLEAN_DB=${CLEAN_DB:-false}
 # -- Check for required variables
 # Set the following environment variables
 # export NAMESPACE=awx
 if [ -z "$NAMESPACE" ]; then
  echo "Error: NAMESPACE env variable is not set. Run the following with your namespace:"
  echo "  export NAMESPACE=developer"
  exit 1
 fi
 # -- Delete Backups
 kubectl delete awxbackup --all
 # -- Delete Restores
 kubectl delete awxrestore --all
 # Deploy Operator
 make undeploy NAMESPACE=$NAMESPACE
 # Remove PVCs
 kubectl delete pvc postgres-15-$AWX_CR-postgres-15-0
--- a/hack/publish-to-operator-hub.sh
+++ b/hack/publish-to-operator-hub.sh
@@ -0,0 +1,123 @@
 #!/bin/bash
 # Create PR to Publish to community-operators and community-operators-prod
 #
 # * Create upstream awx-operator release
 # * Check out tag (1.1.2).
 # * Run VERSION=1.1.2 make bundle
 # * Clone https://github.com/k8s-operatorhub/community-operators --branch main
 # * mkdir -p operators/awx-operator/0.31.0/
 # * Copy in manifests/ metadata/ and tests/ directories into operators/awx-operator/1.1.2/
 # * Use sed to add in a replaces or skip entry. replace by default.
 # * No need to update config.yaml
 # * Build and Push operator and bundle images
 # * Open PR or at least push to a branch so that a PR can be manually opened from it.
 #
 # Usage:
 #   First, check out awx-operator tag you intend to release, in this case, 1.0.0
 #   $ VERSION=1.1.2 PREV_VERSION=1.1.1 FORK=<your-fork> ./hack/publish-to-operator-hub.sh
 #
 # Remember to change update the VERSION and PREV_VERSION before running!!!
 set -e
 VERSION=${VERSION:-$(make print-VERSION)}
 PREV_VERSION=${PREV_VERSION:-$(make print-PREV_VERSION)}
 BRANCH=publish-awx-operator-$VERSION
 FORK=${FORK:-awx-auto}
 GITHUB_TOKEN=${GITHUB_TOKEN:-$AWX_AUTO_GITHUB_TOKEN}
 IMG_REPOSITORY=${IMG_REPOSITORY:-quay.io/ansible}
 OPERATOR_IMG=$IMG_REPOSITORY/awx-operator:$VERSION
 CATALOG_IMG=$IMG_REPOSITORY/awx-operator-catalog:$VERSION
 BUNDLE_IMG=$IMG_REPOSITORY/awx-operator-bundle:$VERSION
 COMMUNITY_OPERATOR_GITHUB_ORG=${COMMUNITY_OPERATOR_GITHUB_ORG:-k8s-operatorhub}
 COMMUNITY_OPERATOR_PROD_GITHUB_ORG=${COMMUNITY_OPERATOR_PROD_GITHUB_ORG:-redhat-openshift-ecosystem}
 # Build bundle directory
 make bundle IMG=$OPERATOR_IMG
 # Build bundle and catalog images
 make bundle-build bundle-push BUNDLE_IMG=$BUNDLE_IMG IMG=$OPERATOR_IMG
 make catalog-build catalog-push CATALOG_IMG=$CATALOG_IMG BUNDLE_IMGS=$BUNDLE_IMG BUNDLE_IMG=$BUNDLE_IMG IMG=$OPERATOR_IMG
 # Set containerImage & namespace variables in CSV
 sed -i.bak -e "s|containerImage: quay.io/ansible/awx-operator:devel|containerImage: ${OPERATOR_IMG}|g" bundle/manifests/awx-operator.clusterserviceversion.yaml
 sed -i.bak -e "s|namespace: placeholder|namespace: awx|g" bundle/manifests/awx-operator.clusterserviceversion.yaml
 # Add replaces to dependency graph for upgrade path
 if ! grep -qF 'replaces: awx-operator.v${PREV_VERSION}' bundle/manifests/awx-operator.clusterserviceversion.yaml; then
  sed -i.bak -e "/version: ${VERSION}/a \\
  replaces: awx-operator.v$PREV_VERSION" bundle/manifests/awx-operator.clusterserviceversion.yaml
 fi
 # Rename CSV to contain version in name
 mv bundle/manifests/awx-operator.clusterserviceversion.yaml bundle/manifests/awx-operator.v${VERSION}.clusterserviceversion.yaml
 # Set Openshift Support Range (bump minKubeVersion in CSV when changing)
 if ! grep -qF 'openshift.versions' bundle/metadata/annotations.yaml; then
  sed -i.bak -e "/annotations:/a \\
  com.redhat.openshift.versions: v4.11" bundle/metadata/annotations.yaml
 fi
 # Remove .bak files from bundle result from sed commands
 find bundle -name "*.bak" -type f -delete
 echo "-- Create branch on community-operators fork --"
 git clone https://github.com/$COMMUNITY_OPERATOR_GITHUB_ORG/community-operators.git
 mkdir -p community-operators/operators/awx-operator/$VERSION/
 cp -r bundle/* community-operators/operators/awx-operator/$VERSION/
 pushd community-operators/operators/awx-operator/$VERSION/
 git checkout -b $BRANCH
 git add ./
 git status
 message='operator [N] [CI] awx-operator'
 commitMessage="${message} ${VERSION}"
 git commit -m "$commitMessage" -s
 git remote add upstream https://$GITHUB_TOKEN@github.com/$FORK/community-operators.git
 git push upstream --delete $BRANCH || true
 git push upstream $BRANCH
 gh pr create \
  --title "operator awx-operator (${VERSION})" \
  --body "operator awx-operator (${VERSION})" \
  --base main \
  --head $FORK:$BRANCH \
  --repo $COMMUNITY_OPERATOR_GITHUB_ORG/community-operators
 popd
 echo "-- Create branch on community-operators-prod fork --"
 git clone https://github.com/$COMMUNITY_OPERATOR_PROD_GITHUB_ORG/community-operators-prod.git
 mkdir -p community-operators-prod/operators/awx-operator/$VERSION/
 cp -r bundle/* community-operators-prod/operators/awx-operator/$VERSION/
 pushd community-operators-prod/operators/awx-operator/$VERSION/
 git checkout -b $BRANCH
 git add ./
 git status
 message='operator [N] [CI] awx-operator'
 commitMessage="${message} ${VERSION}"
 git commit -m "$commitMessage" -s
 git remote add upstream https://$GITHUB_TOKEN@github.com/$FORK/community-operators-prod.git
 git push upstream --delete $BRANCH || true
 git push upstream $BRANCH
 gh pr create \
  --title "operator awx-operator (${VERSION})" \
  --body "operator awx-operator (${VERSION})" \
  --base main \
  --head $FORK:$BRANCH \
  --repo $COMMUNITY_OPERATOR_PROD_GITHUB_ORG/community-operators-prod
 popd
--- a/molecule/default/templates/awx_cr_molecule.yml.j2
+++ b/molecule/default/templates/awx_cr_molecule.yml.j2
@@ -49,8 +49,3 @@ spec:
 {% if additional_fields is defined %}
  {{ additional_fields | to_nice_yaml | indent(2) }}
 {% endif %}
  postgres_extra_settings:
    - setting: max_connections
      value: "499"
    - setting: ssl_ciphers
      value: "HIGH:!aNULL:!MD5"
--- a/molecule/default/utils/output_all_container_logs_for_pod.yml
+++ b/molecule/default/utils/output_all_container_logs_for_pod.yml
@@ -5,21 +5,10 @@
    name: '{{ item.metadata.name }}'
    all_containers: true
  register: all_container_logs
  ignore_errors: yes
 - name: Store logs in file
  ansible.builtin.copy:
-    content: |-
+    content: "{{ all_container_logs.log_lines | join('\n') }}"
      {% if all_container_logs is failed %}
      Failed to retrieve logs for pod {{ item.metadata.name }}:
      {{ all_container_logs.msg | default(all_container_logs.stderr | default('No additional details provided.')) }}
      {% elif all_container_logs.log_lines is defined %}
      {{ all_container_logs.log_lines | join('\n') }}
      {% elif all_container_logs.log is defined %}
      {{ all_container_logs.log }}
      {% else %}
      No log content returned by kubernetes.core.k8s_log.
      {% endif %}
    dest: '{{ debug_output_dir }}/{{ item.metadata.name }}.log'
 # TODO: all_containser option dump all of the output in a single output make it hard to read we probably should iterate through each of the container to get specific logs
--- a/molecule/requirements.yml
+++ b/molecule/requirements.yml
@@ -4,6 +4,4 @@ collections:
  - name: kubernetes.core
  - name: operator_sdk.util
  - name: community.docker
-  - name: https://github.com/ansible/awx.git#/awx_collection/
+  - name: awx.awx
    type: git
    version: devel
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,6 +1,6 @@
 ---
 collections:
  - name: kubernetes.core
    version: '>=2.3.2'
  - name: operator_sdk.util
    version: "0.5.0"
  - name: kubernetes.core
    version: "3.2.0"
--- a/roles/backup/defaults/main.yml
+++ b/roles/backup/defaults/main.yml
@@ -8,9 +8,6 @@ api_version: '{{ deployment_type }}.ansible.com/v1beta1'
 backup_pvc: ''
 backup_pvc_namespace: "{{ ansible_operator_meta.namespace }}"
 # If true (default), automatically create the backup PVC if it does not exist
 create_backup_pvc: true
 # Size of backup PVC if created dynamically
 backup_storage_requirements: ''
@@ -42,9 +39,6 @@ backup_resource_requirements:
 # Allow additional parameters to be added to the pg_dump backup command
 pg_dump_suffix: ''
 # Enable compression for database dumps (pg_dump -F custom built-in compression)
 use_db_compression: true
 # Labels defined on the resource, which should be propagated to child resources
 additional_labels: []
--- a/roles/backup/tasks/init.yml
+++ b/roles/backup/tasks/init.yml
@@ -22,18 +22,17 @@
  block:
    - name: Set error message
      set_fact:
-        error_msg: "{{ backup_pvc }} does not exist, please create this pvc first or ensure create_backup_pvc is set to true (default) for automatic backup_pvc creation."
+        error_msg: "{{ backup_pvc }} does not exist, please create this pvc first."
    - name: Handle error
      import_tasks: error_handling.yml
    - name: Fail early if pvc is defined but does not exist
      fail:
-        msg: "{{ backup_pvc }} does not exist, please create this pvc first or ensure create_backup_pvc is set to true (default) for automatic backup_pvc creation."
+        msg: "{{ backup_pvc }} does not exist, please create this pvc first."
  when:
    - backup_pvc != ''
    - provided_pvc.resources | length == 0
    - not create_backup_pvc | bool
 # If backup_pvc is defined, use in management-pod.yml.j2
 - name: Set default pvc name
@@ -43,7 +42,7 @@
 # by default, it will re-use the old pvc if already created (unless a pvc is provided)
 - name: Set PVC to use for backup
  set_fact:
-    backup_pvc: "{{ backup_pvc | default(_default_backup_pvc, true) }}"
+    backup_claim: "{{ backup_pvc | default(_default_backup_pvc, true) }}"
 - block:
    - name: Create PVC for backup
@@ -57,11 +56,11 @@
          apiVersion: v1
          kind: PersistentVolumeClaim
          metadata:
-            name: "{{ backup_pvc }}"
+            name: "{{ deployment_name }}-backup-claim"
            namespace: "{{ backup_pvc_namespace }}"
            ownerReferences: null
  when:
-    - (backup_pvc == '' or backup_pvc is not defined) or (create_backup_pvc | bool)
+    - backup_pvc == '' or backup_pvc is not defined
 - name: Set default postgres image
  set_fact:
--- a/roles/backup/tasks/postgres.yml
+++ b/roles/backup/tasks/postgres.yml
@@ -72,7 +72,7 @@
    command: >-
      touch {{ backup_dir }}/tower.db
- name: Set resolvable_db_host
+- name: Set full resolvable host name for postgres pod
  set_fact:
    resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc", awx_postgres_host) }}'  # yamllint disable-line rule:line-length
  no_log: "{{ no_log }}"
@@ -121,7 +121,6 @@
      -d {{ awx_postgres_database }}
      -p {{ awx_postgres_port }}
      -F custom
      {{ use_db_compression | bool | ternary('', '-Z 0') }}
      {{ pg_dump_suffix }}
  no_log: "{{ no_log }}"
--- a/roles/backup/tasks/update_status.yml
+++ b/roles/backup/tasks/update_status.yml
@@ -9,5 +9,5 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
    status:
      backupDirectory: "{{ backup_dir }}"
-      backupClaim: "{{ backup_pvc }}"
+      backupClaim: "{{ backup_claim }}"
  when: backup_complete
--- a/roles/backup/templates/backup_pvc.yml.j2
+++ b/roles/backup/templates/backup_pvc.yml.j2
@@ -2,8 +2,8 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{ backup_pvc }}
+  name: {{ deployment_name }}-backup-claim
-  namespace: "{{ backup_pvc_namespace }}"
+  namespace: {{ backup_pvc_namespace }}
  ownerReferences: null
  labels:
    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
--- a/roles/backup/templates/event.yml.j2
+++ b/roles/backup/templates/event.yml.j2
@@ -3,15 +3,15 @@ apiVersion: v1
 kind: Event
 metadata:
  name: backup-error.{{ now }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 involvedObject:
  apiVersion: awx.ansible.com/v1beta1
  kind: {{ kind }}
  name: {{ ansible_operator_meta.name }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 message: {{ error_msg }}
 reason: BackupFailed
 type: Warning
-firstTimestamp: "{{ now }}"
+firstTimestamp: {{ now }}
-lastTimestamp: "{{ now }}"
+lastTimestamp: {{ now }}
 count: 1
--- a/roles/backup/templates/management-pod.yml.j2
+++ b/roles/backup/templates/management-pod.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: {{ ansible_operator_meta.name }}-db-management
-  namespace: "{{ backup_pvc_namespace }}"
+  namespace: {{ backup_pvc_namespace }}
  labels:
    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
@@ -27,6 +27,6 @@ spec:
  volumes:
    - name: {{ ansible_operator_meta.name }}-backup
      persistentVolumeClaim:
-        claimName: {{ backup_pvc }}
+        claimName: {{ backup_claim }}
        readOnly: false
  restartPolicy: Never
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -1,6 +1,5 @@
 ---
 deployment_type: awx
 deployment_type_shortname: awx
 kind: 'AWX'
 api_version: '{{ deployment_type }}.ansible.com/v1beta1'
@@ -422,20 +421,14 @@ projects_persistence: false
 # Define an existing PersistentVolumeClaim to use
 projects_existing_claim: ''
 #
-# Define postgres configuration arguments to use (Deprecated)
+# Define postgres configuration arguments to use
 postgres_extra_args: ''
 #
 # Define postgresql.conf configurations
 postgres_extra_settings: []
 postgres_data_volume_init: false
 postgres_init_container_commands: |
  chown 26:0 /var/lib/pgsql/data
  chmod 700 /var/lib/pgsql/data
 # Enable PostgreSQL SCRAM-SHA-256 migration
 postgres_scram_migration_enabled: true
 # Configure postgres connection keepalive
 postgres_keepalives: true
 postgres_keepalives_idle: 5
@@ -495,12 +488,8 @@ ipv6_disabled: false
 #         - hostname
 host_aliases: ''
 # receptor default values
 receptor_log_level: info
 # common default values
 client_request_timeout: 30
 # UWSGI default values
 uwsgi_processes: 5
 # NOTE: to increase this value, net.core.somaxconn must also be increased
@@ -508,19 +497,11 @@ uwsgi_processes: 5
 # Also see https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls for how
 # to allow setting this sysctl, which requires kubelet configuration to add to allowlist
 uwsgi_listen_queue_size: 128
 uwsgi_timeout: "{{ (([(client_request_timeout | int), 10] | max) / 3) | int }}"
 uwsgi_timeout_grace_period: 2
 # NGINX default values
 nginx_worker_processes: 1
 nginx_worker_connections: "{{ uwsgi_listen_queue_size }}"
 nginx_worker_cpu_affinity: 'auto'
 nginx_listen_queue_size: "{{ uwsgi_listen_queue_size }}"
 nginx_client_max_body_size: 5
 nginx_read_timeout: "{{ (([(client_request_timeout | int), 10] | max) / 2) | int }}" # used in nginx config
 extra_settings_files: {}
 # idle_deployment - Scale down deployments to put AWX into an idle state
 idle_deployment: false
--- a/roles/installer/tasks/check_existing.yml
+++ b/roles/installer/tasks/check_existing.yml
@@ -1,38 +0,0 @@
 ---
 - name: Check for presence of Deployment
  kubernetes.core.k8s_info:
    api_version: apps/v1
    kind: Deployment
    namespace: "{{ ansible_operator_meta.namespace }}"
    label_selectors:
      - 'app.kubernetes.io/part-of={{ ansible_operator_meta.name }}'
      - 'app.kubernetes.io/managed-by={{ deployment_type }}-operator'
      - 'app.kubernetes.io/component={{ deployment_type }}'
  register: _deployments
 - name: Set previous_version if deployment exists
  when: _deployments.resources | length > 0
  block:
    - name: Check for existing deployment
      kubernetes.core.k8s_info:
        api_version: "{{ api_version }}"
        kind: "{{ kind }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        name: "{{ ansible_operator_meta.name }}"
      register: existing_cr
    - name: Set previous_version version based on AWX CR version status
      ansible.builtin.set_fact:
        previous_version: "{{ existing_cr.resources[0].status.version }}"
      when:
        - existing_cr.resources | length
        - existing_cr.resources[0].status is defined
        - existing_cr.resources[0].status.version is defined
    - name: If previous_version is less than or equal to gating_version, set upgraded_from to previous_version
      ansible.builtin.set_fact:
        upgraded_from: "{{ previous_version }}"
      when:
        - previous_version is defined
        - previous_version is version_compare(gating_version, '<')
--- a/roles/installer/tasks/database.yml
+++ b/roles/installer/tasks/database.yml
@@ -1,189 +0,0 @@
 ---
 - name: Get database configuration
  include_tasks: database_configuration.yml
 - name: Create postgresql.conf ConfigMap
  k8s:
    apply: true
    definition: "{{ lookup('template', 'configmaps/postgres_extra_settings.yaml.j2') }}"
  when: postgres_extra_settings | length
 # It is possible that N-2 postgres pods may still be present in the namespace from previous upgrades.
 # So we have to take that into account and preferentially set the most recent one.
 - name: Get the old postgres pod (N-1)
  k8s_info:
    kind: Pod
    namespace: "{{ ansible_operator_meta.namespace }}"
    field_selectors:
      - status.phase=Running
  register: _running_pods
 - block:
    - name: Filter pods by name
      set_fact:
        filtered_old_postgres_pods: "{{ _running_pods.resources |
          selectattr('metadata.name', 'match', ansible_operator_meta.name + '-postgres.*-0') |
          rejectattr('metadata.name', 'search', '-' + supported_pg_version | string + '-0') |
          list }}"
  # Sort pods by name in reverse order (most recent PG version first) and set
    - name: Set info for previous postgres pod
      set_fact:
        sorted_old_postgres_pods: "{{ filtered_old_postgres_pods |
          sort(attribute='metadata.name') |
          reverse | list }}"
      when: filtered_old_postgres_pods | length
    - name: Set info for previous postgres pod
      set_fact:
        old_postgres_pod: "{{ sorted_old_postgres_pods | first }}"
      when: filtered_old_postgres_pods | length
  when: _running_pods.resources | length
 - name: Look up details for this deployment
  k8s_info:
    api_version: "{{ api_version }}"
    kind: "{{ kind }}"
    name: "{{ ansible_operator_meta.name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_awx
 # If this deployment has been upgraded before or if upgrade has already been started, set this var
 - name: Set previous PG version var
  set_fact:
    _previous_upgraded_pg_version: "{{ this_awx['resources'][0]['status']['upgradedPostgresVersion'] | default(false) }}"
  when:
    - this_awx['resources'][0] is defined
    - "'upgradedPostgresVersion' in this_awx['resources'][0]['status']"
 - name: Check if postgres pod is running an older version
  block:
    - name: Get old PostgreSQL version
      k8s_exec:
        namespace: "{{ ansible_operator_meta.namespace }}"
        pod: "{{ old_postgres_pod['metadata']['name'] }}"
        command: |
          bash -c """
          if [ -f "{{ _postgres_data_path }}/PG_VERSION" ]; then
            cat "{{ _postgres_data_path }}/PG_VERSION"
          elif [ -f '/var/lib/postgresql/data/pgdata/PG_VERSION' ]; then
            cat '/var/lib/postgresql/data/pgdata/PG_VERSION'
          fi
          """
      register: _old_pg_version
    - debug:
        msg: "--- Upgrading from {{ old_postgres_pod['metadata']['name'] | default('NONE')}} Pod ---"
    - name: Migrate from md5 to scram-sha-256
      k8s_exec:
        namespace: "{{ ansible_operator_meta.namespace }}"
        pod: "{{ old_postgres_pod['metadata']['name'] }}"
        command: |
          bash -c "
          psql -U postgres -c \"ALTER SYSTEM SET password_encryption = 'scram-sha-256';\" &&
          psql -U postgres -c \"SELECT pg_reload_conf();\" &&
          psql -U postgres -c \"ALTER USER \\\"{{ awx_postgres_user }}\\\" WITH PASSWORD '{{ awx_postgres_pass }}';\"
          "
      register: _migration_output
      no_log: "{{ no_log }}"
      when:
        - postgres_scram_migration_enabled
        - (_old_pg_version.stdout | default(0) | int ) == 13
    - name: Upgrade data dir from old Postgres to {{ supported_pg_version }} if applicable
      include_tasks: upgrade_postgres.yml
      when:
        - (_old_pg_version.stdout | default(0) | int ) < supported_pg_version
  when:
    - managed_database
    - (_previous_upgraded_pg_version | default(false)) | ternary(_previous_upgraded_pg_version | int < supported_pg_version, true)
    - old_postgres_pod | length  # If empty, then old pg pod has been removed and we can assume the upgrade is complete
 - block:
    - name: Create Database if no database is specified
      k8s:
        apply: true
        definition: "{{ lookup('template', 'statefulsets/postgres.yaml.j2') }}"
      register: create_statefulset_result
    - name: Scale down Deployment for migration
      include_tasks: scale_down_deployment.yml
      when: create_statefulset_result.changed
  rescue:
    - name: Scale down Deployment for migration
      include_tasks: scale_down_deployment.yml
    - name: Scale down PostgreSQL statefulset for migration
      kubernetes.core.k8s_scale:
        api_version: apps/v1
        kind: StatefulSet
        name: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        replicas: 0
        wait: yes
    - name: Remove PostgreSQL statefulset for upgrade
      k8s:
        state: absent
        api_version: apps/v1
        kind: StatefulSet
        name: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        wait: yes
      when: create_statefulset_result.error == 422
    - name: Recreate PostgreSQL statefulset with updated values
      k8s:
        apply: true
        definition: "{{ lookup('template', 'statefulsets/postgres.yaml.j2') }}"
  when: managed_database
 - name: Set Default label selector for custom resource generated postgres
  set_fact:
    postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}"
  when: postgres_label_selector is not defined
 - name: Get the postgres pod information
  k8s_info:
    kind: Pod
    namespace: "{{ ansible_operator_meta.namespace }}"
    label_selectors:
      - "{{ postgres_label_selector }}"
    field_selectors:
      - status.phase=Running
  register: postgres_pod
 - name: Wait for Database to initialize if managed DB
  k8s_info:
    kind: Pod
    namespace: '{{ ansible_operator_meta.namespace }}'
    label_selectors:
      - "{{ postgres_label_selector }}"
    field_selectors:
      - status.phase=Running
  register: postgres_pod
  until:
    - "postgres_pod['resources'] | length"
    - "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
    - "postgres_pod['resources'][0]['status']['containerStatuses'][0]['ready'] == true"
  delay: 5
  retries: 60
  when: managed_database
 - name: Look up details for this deployment
  k8s_info:
    api_version: "{{ api_version }}"
    kind: "{{ kind }}"
    name: "{{ ansible_operator_meta.name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_awx
 - name: Migrate data from old Openshift instance
  import_tasks: migrate_data.yml
  when:
    - old_pg_config['resources'] is defined
    - old_pg_config['resources'] | length
    - this_awx['resources'][0]['status']['migratedFromSecret'] is not defined
--- a/roles/installer/tasks/database_configuration.yml
+++ b/roles/installer/tasks/database_configuration.yml
@@ -51,14 +51,6 @@
  set_fact:
    _default_postgres_image: "{{ _postgres_image }}:{{_postgres_image_version }}"
 - name: Fail if PostgreSQL secret is specified, but not found
  fail:
    msg: "PostgreSQL configuration {{ postgres_configuration_secret }} not found in namespace {{ ansible_operator_meta.namespace }}"
  when:
    - postgres_configuration_secret | length
    - _custom_pg_config_resources is defined
    - _custom_pg_config_resources['resources'] | length == 0
 - name: Set PostgreSQL configuration
  set_fact:
    _pg_config: '{{ _custom_pg_config_resources["resources"] | default([]) | length | ternary(_custom_pg_config_resources, _default_pg_config_resources) }}'
@@ -114,3 +106,167 @@
 - name: Set database as managed
  set_fact:
    managed_database: "{{ pg_config['resources'][0]['data']['type'] | default('') | b64decode == 'managed' }}"
 # It is possible that N-2 postgres pods may still be present in the namespace from previous upgrades.
 # So we have to take that into account and preferentially set the most recent one.
 - name: Get the old postgres pod (N-1)
  k8s_info:
    kind: Pod
    namespace: "{{ ansible_operator_meta.namespace }}"
    field_selectors:
      - status.phase=Running
  register: _running_pods
 - block:
    - name: Filter pods by name
      set_fact:
        filtered_old_postgres_pods: "{{ _running_pods.resources |
          selectattr('metadata.name', 'match', ansible_operator_meta.name + '-postgres.*-0') |
          rejectattr('metadata.name', 'search', '-' + supported_pg_version | string + '-0') |
          list }}"
  # Sort pods by name in reverse order (most recent PG version first) and set
    - name: Set info for previous postgres pod
      set_fact:
        sorted_old_postgres_pods: "{{ filtered_old_postgres_pods |
          sort(attribute='metadata.name') |
          reverse | list }}"
      when: filtered_old_postgres_pods | length
    - name: Set info for previous postgres pod
      set_fact:
        old_postgres_pod: "{{ sorted_old_postgres_pods | first }}"
      when: filtered_old_postgres_pods | length
  when: _running_pods.resources | length
 - name: Look up details for this deployment
  k8s_info:
    api_version: "{{ api_version }}"
    kind: "{{ kind }}"
    name: "{{ ansible_operator_meta.name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_awx
 # If this deployment has been upgraded before or if upgrade has already been started, set this var
 - name: Set previous PG version var
  set_fact:
    _previous_upgraded_pg_version: "{{ this_awx['resources'][0]['status']['upgradedPostgresVersion'] | default(false) }}"
  when:
    - this_awx['resources'][0] is defined
    - "'upgradedPostgresVersion' in this_awx['resources'][0]['status']"
 - name: Check if postgres pod is running an older version
  block:
    - name: Get old PostgreSQL version
      k8s_exec:
        namespace: "{{ ansible_operator_meta.namespace }}"
        pod: "{{ old_postgres_pod['metadata']['name'] }}"
        command: |
          bash -c """
          if [ -f "{{ _postgres_data_path }}/PG_VERSION" ]; then
            cat "{{ _postgres_data_path }}/PG_VERSION"
          elif [ -f '/var/lib/postgresql/data/pgdata/PG_VERSION' ]; then
            cat '/var/lib/postgresql/data/pgdata/PG_VERSION'
          fi
          """
      register: _old_pg_version
    - debug:
        msg: "--- Upgrading from {{ old_postgres_pod['metadata']['name'] | default('NONE')}} Pod ---"
    - name: Upgrade data dir from old Postgres to {{ supported_pg_version }} if applicable
      include_tasks: upgrade_postgres.yml
      when:
        - (_old_pg_version.stdout | default(0) | int ) < supported_pg_version
  when:
    - managed_database
    - (_previous_upgraded_pg_version | default(false)) | ternary(_previous_upgraded_pg_version | int < supported_pg_version, true)
    - old_postgres_pod | length  # If empty, then old pg pod has been removed and we can assume the upgrade is complete
 - block:
    - name: Create Database if no database is specified
      k8s:
        apply: true
        definition: "{{ lookup('template', 'statefulsets/postgres.yaml.j2') }}"
      register: create_statefulset_result
    - name: Scale down Deployment for migration
      include_tasks: scale_down_deployment.yml
      when: create_statefulset_result.changed
  rescue:
    - name: Scale down Deployment for migration
      include_tasks: scale_down_deployment.yml
    - name: Scale down PostgreSQL statefulset for migration
      kubernetes.core.k8s_scale:
        api_version: apps/v1
        kind: StatefulSet
        name: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        replicas: 0
        wait: yes
    - name: Remove PostgreSQL statefulset for upgrade
      k8s:
        state: absent
        api_version: apps/v1
        kind: StatefulSet
        name: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
        wait: yes
      when: create_statefulset_result.error == 422
    - name: Recreate PostgreSQL statefulset with updated values
      k8s:
        apply: true
        definition: "{{ lookup('template', 'statefulsets/postgres.yaml.j2') }}"
  when: managed_database
 - name: Set Default label selector for custom resource generated postgres
  set_fact:
    postgres_label_selector: "app.kubernetes.io/instance=postgres-{{ supported_pg_version }}-{{ ansible_operator_meta.name }}"
  when: postgres_label_selector is not defined
 - name: Get the postgres pod information
  k8s_info:
    kind: Pod
    namespace: "{{ ansible_operator_meta.namespace }}"
    label_selectors:
      - "{{ postgres_label_selector }}"
    field_selectors:
      - status.phase=Running
  register: postgres_pod
 - name: Wait for Database to initialize if managed DB
  k8s_info:
    kind: Pod
    namespace: '{{ ansible_operator_meta.namespace }}'
    label_selectors:
      - "{{ postgres_label_selector }}"
    field_selectors:
      - status.phase=Running
  register: postgres_pod
  until:
    - "postgres_pod['resources'] | length"
    - "postgres_pod['resources'][0]['status']['phase'] == 'Running'"
    - "postgres_pod['resources'][0]['status']['containerStatuses'][0]['ready'] == true"
  delay: 5
  retries: 60
  when: managed_database
 - name: Look up details for this deployment
  k8s_info:
    api_version: "{{ api_version }}"
    kind: "{{ kind }}"
    name: "{{ ansible_operator_meta.name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_awx
 - name: Migrate data from old Openshift instance
  import_tasks: migrate_data.yml
  when:
    - old_pg_config['resources'] is defined
    - old_pg_config['resources'] | length
    - this_awx['resources'][0]['status']['migratedFromSecret'] is not defined
--- a/roles/installer/tasks/idle_deployment.yml
+++ b/roles/installer/tasks/idle_deployment.yml
@@ -1,34 +0,0 @@
 ---
 - name: Scale down AWX Deployments
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: "{{ item }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
      spec:
        replicas: 0
  loop:
    - '{{ ansible_operator_meta.name }}-task'
    - '{{ ansible_operator_meta.name }}-web'
 - name: Get database configuration
  include_tasks: database_configuration.yml
 - name: Scale down PostgreSQL Statefulset
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: apps/v1
      kind: StatefulSet
      metadata:
        name: "{{ ansible_operator_meta.name }}-postgres-{{ supported_pg_version }}"
        namespace: "{{ ansible_operator_meta.namespace }}"
      spec:
        replicas: 0
  when: managed_database
 - name: End Playbook
  ansible.builtin.meta: end_play
--- a/roles/installer/tasks/initialize_django.yml
+++ b/roles/installer/tasks/initialize_django.yml
@@ -8,7 +8,7 @@
      bash -c "echo 'from django.contrib.auth.models import User;
      nsu = User.objects.filter(is_superuser=True, username=\"{{ admin_user }}\").count();
      exit(0 if nsu > 0 else 1)'
-      | awx-manage shell --no-imports"
+      | awx-manage shell"
  ignore_errors: true
  register: users_result
  changed_when: users_result.return_code > 0
@@ -18,11 +18,13 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
-    command: bash -c "ANSIBLE_REVERSE_RESOURCE_SYNC=false awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput"
+    command: awx-manage createsuperuser --username={{ admin_user | quote }} --email={{ admin_email | quote }} --noinput
  register: result
  changed_when: "'That username is already taken' not in result.stderr"
  failed_when: "'That username is already taken' not in result.stderr and 'Superuser created successfully' not in result.stdout"
  no_log: "{{ no_log }}"
  environment:
    ANSIBLE_REVERSE_RESOURCE_SYNC: "false"
  when: users_result.return_code > 0
 - name: Update Django super user password
@@ -114,7 +116,9 @@
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
-      bash -c "ANSIBLE_REVERSE_RESOURCE_SYNC=false awx-manage create_preload_data"
+      bash -c "awx-manage create_preload_data"
  register: cdo
  changed_when: "'added' in cdo.stdout"
  environment:
    ANSIBLE_REVERSE_RESOURCE_SYNC: "false"
  when: create_preload_data | bool
--- a/roles/installer/tasks/install.yml
+++ b/roles/installer/tasks/install.yml
@@ -44,12 +44,6 @@
 - name: Include secret key configuration tasks
  include_tasks: secret_key_configuration.yml
 - name: Apply Redirect Page Configmap
  k8s:
    apply: true
    definition: "{{ lookup('template', 'configmaps/redirect-page.configmap.html.j2') }}"
  when: public_base_url is defined
 - name: Load LDAP CAcert certificate (Deprecated)
  include_tasks: load_ldap_cacert_secret.yml
  when:
@@ -74,8 +68,8 @@
 - name: Include set_images tasks
  include_tasks: set_images.yml
- name: Include Database tasks
+- name: Include database configuration tasks
-  include_tasks: database.yml
+  include_tasks: database_configuration.yml
 - name: Load Route TLS certificate
  include_tasks: load_route_tls_secret.yml
--- a/roles/installer/tasks/main.yml
+++ b/roles/installer/tasks/main.yml
@@ -1,33 +1,4 @@
 ---
 - name: Idle AWX
  include_tasks: idle_deployment.yml
  when: idle_deployment | bool
 - name: Look up details for this deployment
  k8s_info:
    api_version: "{{ api_version }}"
    kind: "{{ kind }}"
    name: "{{ ansible_operator_meta.name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: this_awx
 - name: set annotations based on this_awx
  set_fact:
    this_annotations: "{{ this_awx['resources'][0]['metadata']['annotations'] | default({}) }}"
 - name: set client_request_timeout based on annotation
  set_fact:
    client_request_timeout: "{{ (this_annotations['aap.ansible.io/client-request-timeout'][:-1]) | int }}"
    client_request_timeout_overidden: true
  when:
    - "'aap.ansible.io/client-request-timeout' in this_annotations"
    - this_annotations['aap.ansible.io/client-request-timeout'] is match('^\\d+s$')
 - name: client_request_timeout has been changed
  debug:
    msg: "client_request_timeout's default 30s value has been overriden by the annotation 'aap.ansible.io/client-request-timeout' to {{ client_request_timeout }}s"
  when: client_request_timeout_overidden | default(false)
 - name: Check for presence of old awx Deployment
  k8s_info:
    api_version: apps/v1
@@ -52,10 +23,6 @@
    namespace: "{{ ansible_operator_meta.namespace }}"
  register: awx_web_deployment
 - name: Check for existing deployment for previous version
  include_tasks: check_existing.yml
  when: gating_version | length
 - name: Start installation if auto_upgrade is true
  include_tasks: install.yml
  when:
--- a/roles/installer/tasks/migrate_data.yml
+++ b/roles/installer/tasks/migrate_data.yml
@@ -77,9 +77,7 @@
      trap 'end_keepalive \"$keepalive_file\" \"$keepalive_pid\"' EXIT SIGINT SIGTERM
      echo keepalive_pid: $keepalive_pid
      set -e -o pipefail
      psql -c 'GRANT postgres TO {{ awx_postgres_user }}'
      PGPASSWORD=\"$PGPASSWORD_OLD\" {{ pgdump }} | PGPASSWORD=\"$POSTGRES_PASSWORD\" {{ pg_restore }}
      psql -c 'REVOKE postgres FROM {{ awx_postgres_user }}'
      set +e +o pipefail
      echo 'Successful'
      "
--- a/roles/installer/tasks/migrate_schema.yml
+++ b/roles/installer/tasks/migrate_schema.yml
@@ -6,7 +6,7 @@
    pod: "{{ awx_web_pod_name }}"
    container: "{{ ansible_operator_meta.name }}-web"
    command: >-
-      bash -c "awx-manage showmigrations | grep -v '(no migrations)' | grep -v '[X]' | grep '[ ]' | wc -l"
+      bash -c "awx-manage showmigrations | grep -v '[X]' | grep '[ ]' | wc -l"
  changed_when: false
  when: awx_web_pod_name != ''
  register: database_check
--- a/roles/installer/tasks/resources_configuration.yml
+++ b/roles/installer/tasks/resources_configuration.yml
@@ -224,7 +224,7 @@
    _custom_image: "{{ image }}:{{ image_version }}"
  when:
    - image | default([]) | length
-    - image_version is defined and image_version != ''
+    - image_version is defined or image_version != ''
 - name: Set AWX app image URL
  set_fact:
@@ -239,7 +239,7 @@
    _custom_redis_image: "{{ redis_image }}:{{ redis_image_version }}"
  when:
    - redis_image | default([]) | length
-    - redis_image_version is defined and redis_image_version != ''
+    - redis_image_version is defined or redis_image_version != ''
 - name: Set Redis image URL
  set_fact:
--- a/roles/installer/tasks/update_status.yml
+++ b/roles/installer/tasks/update_status.yml
@@ -55,16 +55,6 @@
  changed_when: false
  when: awx_web_pod_name != ''
 - name: Update upgradedFrom status
  operator_sdk.util.k8s_status:
    api_version: '{{ api_version }}'
    kind: "{{ kind }}"
    name: "{{ ansible_operator_meta.name }}"
    namespace: "{{ ansible_operator_meta.namespace }}"
    status:
      upgradedFrom: "{{ upgraded_from }}"
  when: upgraded_from is defined
 - name: Update version status
  operator_sdk.util.k8s_status:
    api_version: '{{ api_version }}'
--- a/roles/installer/tasks/upgrade_postgres.yml
+++ b/roles/installer/tasks/upgrade_postgres.yml
@@ -72,7 +72,7 @@
      - "app.kubernetes.io/managed-by={{ deployment_type }}-operator"
  register: old_postgres_svc
- name: Set resolvable_db_host
+- name: Set full resolvable host name for postgres pod
  set_fact:
    resolvable_db_host: "{{ old_postgres_svc['resources'][0]['metadata']['name'] }}.{{ ansible_operator_meta.namespace }}.svc"  # yamllint disable-line rule:line-length
  no_log: "{{ no_log }}"
--- a/roles/installer/templates/configmaps/config.yaml.j2
+++ b/roles/installer/templates/configmaps/config.yaml.j2
@@ -109,25 +109,13 @@ data:
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
        server_tokens off;
-        client_max_body_size {{ nginx_client_max_body_size }}M;
+        client_max_body_size 5M;
        map $http_x_trusted_proxy $trusted_proxy_present {
            default "trusted-proxy";
            ""      "-";
        }
        map $http_x_dab_jw_token $dab_jwt_present {
            default "dab-jwt";
            ""      "-";
        }
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
-                          '"$http_user_agent" "$http_x_forwarded_for" '
+                          '"$http_user_agent" "$http_x_forwarded_for"';
                          '$trusted_proxy_present $dab_jwt_present';
        access_log /dev/stdout main;
        error_log /dev/stderr warn;
        map $http_upgrade $connection_upgrade {
            default upgrade;
@@ -199,7 +187,7 @@ data:
                allow 127.0.0.1;
                deny all;
            }
- 
+
            location {{ (ingress_path + '/static').replace('//', '/') }} {
                alias /var/lib/awx/public/static/;
            }
@@ -241,7 +229,7 @@ data:
            location {{ ingress_path }} {
                # Add trailing / if missing
                rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
-                uwsgi_read_timeout {{ nginx_read_timeout }}s;
+                uwsgi_read_timeout 125s;
                uwsgi_pass uwsgi;
                include /etc/nginx/uwsgi_params;
                include /etc/nginx/conf.d/*.conf;
@@ -255,23 +243,6 @@ data:
                add_header Cache-Control "no-cache, no-store, must-revalidate";
                add_header Expires "0";
                add_header Pragma "no-cache";
                # Return 503 Service Unavailable with JSON response if uWSGI fails to respond
                error_page 504 =503 /json_503;
                error_page 502 =503 /json_503;  # Optional, in case uWSGI is completely down   
            }
            location = /json_503 {
                # Custom JSON response for 503 Service Unavailable
                internal;
                add_header Content-Type application/json;
                # Check if X-Request-ID is set and include it in the response
                if ($http_x_request_id) {
                    return 503 '{"status": "error", "message": "Service Unavailable", "code": 503, "request_id": "$http_x_request_id"}';
                }
                # If X-Request-ID is not set, just return the basic JSON response
                return 503 '{"status": "error", "message": "Service Unavailable", "code": 503}';
            }
        }
    }
@@ -280,7 +251,6 @@ data:
    unixsocketperm 777
    port 0
    bind 127.0.0.1
    timeout 300
  receptor_conf: |
    ---
    - log-level: {{ receptor_log_level }}
@@ -334,8 +304,8 @@ data:
    max-requests = 1000
    buffer-size = 32768
-    harakiri = {{ uwsgi_timeout }}
+    harakiri = 120
-    harakiri-graceful-timeout = {{ uwsgi_timeout_grace_period }}
+    harakiri-graceful-timeout = 115
    harakiri-graceful-signal = 6
    py-call-osafterfork = true
--- a/roles/installer/templates/configmaps/postgres_extra_settings.yaml.j2
+++ b/roles/installer/templates/configmaps/postgres_extra_settings.yaml.j2
@@ -1,16 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: '{{ ansible_operator_meta.name }}-postgres-extra-settings'
  namespace: '{{ ansible_operator_meta.namespace }}'
  labels:
    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 data:
  99-overrides.conf: |
 {% for pg_setting in postgres_extra_settings %}
 {% if pg_setting.value is string %}
    {{ pg_setting.setting }} = '{{ pg_setting.value }}'
 {% else %}
    {{ pg_setting.setting }} = {{ pg_setting.value }}
 {% endif %}
 {% endfor %}
--- a/roles/installer/templates/configmaps/redirect-page.configmap.html.j2
+++ b/roles/installer/templates/configmaps/redirect-page.configmap.html.j2
@@ -1,76 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ ansible_operator_meta.name }}-redirect-page
  namespace: "{{ ansible_operator_meta.namespace }}"
 data:
  redirect-page.html: |
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="refresh" content="15; url={{ public_base_url }}">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Redirecting to Ansible Automation Platform</title>
        <!-- Favicon links -->
        <link rel="icon" type="image/x-icon" href="static/media/favicon.ico">
        <!-- Link to DRF's CSS -->
        <link rel="stylesheet" type="text/css" href="static/rest_framework/css/bootstrap.min.css">
        <link rel="stylesheet" type="text/css" href="static/rest_framework/css/bootstrap-theme.min.css">
        <style>
            body {
                font-family: Arial, sans-serif;
                text-align: center;
                padding-top: 0px;
                /* background-color: rgb(34, 34, 34); */
            }
            .banner {
                background-color: #151414;
                color: rgb(255, 255, 255);
                padding: 20px;
                margin-bottom: 20px;
                min-height: 70px; /* Ensure the banner is tall enough to fit the logo */
                text-align: left;
            }
            .logo {
                width: 150px;
                margin-bottom: 20px;
            }
            a {
                color: #007BFF;
                text-decoration: none;
            }
            a:hover {
                text-decoration: underline;
            }
            .doc-note {
                font-size: 0.7em; /* Makes the text smaller */
                color: #555; /* Optional: Change text color to a lighter shade */
                background-color: #f9f9f9; /* Optional: Light background color */
                padding: 10px; /* Optional: Add some padding */
                margin: 10px 0; /* Optional: Add some margin */
            }
        </style>
    </head>
    <body>
        <!-- Banner Section with Brand Logo -->
        <div class="banner">
            <img src="/static/media/aap-logo.svg" alt="Brand Logo">
        </div>
        <h2>Redirecting to Ansible Automation Platform...</h2>
        <p>If you are not redirected automatically, <a href="{{ public_base_url }}">click here</a> to go to AAP.</p>
        <p class="doc-note">
            The API endpoints for this platform service will temporarily remain available at the URL for this service.
            Please use the Ansible Automation Platform API endpoints corresponding to this component in the future.
            These can be found at <a href="{{ public_base_url }}/api/{{ deployment_type_shortname }}" target="_blank">{{ public_base_url }}/api/{{ deployment_type_shortname }}/</a>.
        </p>
        <!-- Include any additional scripts if needed -->
        <script src="static/rest_framework/js/jquery-3.7.1.min.js"></script>
        <script src="static/rest_framework/js/bootstrap.min.js"></script>
    </body>
    </html>
--- a/roles/installer/templates/deployments/task.yaml.j2
+++ b/roles/installer/templates/deployments/task.yaml.j2
@@ -84,7 +84,7 @@ spec:
            - -c
            - |
              mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
-              update-ca-trust extract --output /etc/pki/ca-trust/extracted
+              update-ca-trust extract
          volumeMounts:
            - name: "ca-trust-extracted"
              mountPath: "/etc/pki/ca-trust/extracted"
--- a/roles/installer/templates/deployments/web.yaml.j2
+++ b/roles/installer/templates/deployments/web.yaml.j2
@@ -28,15 +28,12 @@ spec:
      annotations:
        kubectl.kubernetes.io/default-container: '{{ ansible_operator_meta.name }}-web'
 {% for template in [
-    "configmaps/config.yaml",
+    "configmaps/config",
-    "secrets/app_credentials.yaml",
+    "secrets/app_credentials",
-    "storage/persistent.yaml",
+    "storage/persistent",
  ] %}
-        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.j2') | sha1 }}"
+        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
 {% endfor %}
 {% if public_base_url is defined %}
        checksum-configmaps-redirect-page.configmap.html: "{{ lookup('template', 'configmaps/redirect-page.configmap.html.j2') | sha1 }}"
 {% endif %}
 {% for secret in [
    "bundle_cacert",
    "route_tls",
@@ -93,7 +90,7 @@ spec:
            - -c
            - |
              mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
-              update-ca-trust extract --output /etc/pki/ca-trust/extracted
+              update-ca-trust extract
          volumeMounts:
            - name: "ca-trust-extracted"
              mountPath: "/etc/pki/ca-trust/extracted"
@@ -200,11 +197,6 @@ spec:
            timeoutSeconds: {{ web_readiness_timeout }}
 {% endif %}
          volumeMounts:
 {% if public_base_url is defined %}
            - name: redirect-page
              mountPath: '/var/lib/awx/venv/awx/lib/python3.12/site-packages/awx/ui/build/index.html'
              subPath: redirect-page.html
 {% endif %}
 {% if bundle_ca_crt %}
            - name: "ca-trust-extracted"
              mountPath: "/etc/pki/ca-trust/extracted"
@@ -383,14 +375,6 @@ spec:
        {{ security_context_settings | to_nice_yaml | indent(8) }}
 {% endif %}
      volumes:
 {% if public_base_url is defined %}
        - name: redirect-page
          configMap:
            name: '{{ ansible_operator_meta.name }}-redirect-page'
            items:
              - key: redirect-page.html
                path: redirect-page.html
 {% endif %}
        - name: "{{ ansible_operator_meta.name }}-receptor-ca"
          secret:
            secretName: "{{ ansible_operator_meta.name }}-receptor-ca"
--- a/roles/installer/templates/jobs/migration.yaml.j2
+++ b/roles/installer/templates/jobs/migration.yaml.j2
@@ -24,7 +24,7 @@ spec:
            - -c
            - |
              mkdir -p /etc/pki/ca-trust/extracted/{java,pem,openssl,edk2}
-              update-ca-trust extract --output /etc/pki/ca-trust/extracted
+              update-ca-trust extract
          volumeMounts:
            - name: "ca-trust-extracted"
              mountPath: "/etc/pki/ca-trust/extracted"
--- a/roles/installer/templates/settings/ldap.py.j2
+++ b/roles/installer/templates/settings/ldap.py.j2
@@ -1,13 +1,9 @@
 {% if ldap_cacert_ca_crt %}
 import ldap
 AUTH_LDAP_GLOBAL_OPTIONS = {
 {% if ldap_cacert_ca_crt %}
    ldap.OPT_X_TLS_REQUIRE_CERT: True,
    ldap.OPT_X_TLS_CACERTFILE: "/etc/openldap/certs/ldap-ca.crt"
 }
 {% else %}
 AUTH_LDAP_GLOBAL_OPTIONS = {}
 {% endif %}
 }
 # Load LDAP BIND password from Kubernetes secret if define
 {% if ldap_password_secret -%}
--- a/roles/installer/templates/statefulsets/postgres.yaml.j2
+++ b/roles/installer/templates/statefulsets/postgres.yaml.j2
@@ -34,11 +34,6 @@ spec:
        app.kubernetes.io/component: 'database'
        app.kubernetes.io/part-of: '{{ ansible_operator_meta.name }}'
        app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
      annotations:
 {% if postgres_extra_settings | length > 0 %}
        checksum-postgres_extra_settings: "{{ lookup('template', 'configmaps/postgres_extra_settings.yaml.j2') | sha1 }}"
 {% endif %}
        checksum-secret-postgres_configuration_secret: "{{ lookup('ansible.builtin.vars', 'pg_config', default='')["resources"][0]["data"] | default('') | sha1 }}"
 {% if postgres_annotations %}
        {{ postgres_annotations | indent(width=8) }}
 {% endif %}
@@ -142,11 +137,6 @@ spec:
            - name: postgres-{{ supported_pg_version }}
              mountPath: '{{ _postgres_data_path | dirname }}'
              subPath: '{{ _postgres_data_path | dirname | basename }}'
 {% if postgres_extra_settings | length > 0 %}
            - name: pg-overrides
              mountPath: /opt/app-root/src/postgresql-cfg
              readOnly: true
 {% endif %}
 {% if postgres_extra_volume_mounts %}
            {{ postgres_extra_volume_mounts | indent(width=12, first=True) }}
 {% endif %}
@@ -159,19 +149,9 @@ spec:
      tolerations:
        {{ postgres_tolerations | indent(width=8) }}
 {% endif %}
 {% if (postgres_extra_volumes | length + postgres_extra_settings | length) > 0 %}
      volumes:
 {% if postgres_extra_volumes %}
      volumes:
        {{ postgres_extra_volumes | indent(width=8, first=False) }}
 {% endif %}
 {% if postgres_extra_settings | length > 0 %}
        - name: pg-overrides
          configMap:
            name: '{{ ansible_operator_meta.name }}-postgres-extra-settings'
            items:
              - key: 99-overrides.conf
                path: 99-overrides.conf
 {% endif %}
 {% endif %}
  volumeClaimTemplates:
    - metadata:
--- a/roles/installer/templates/storage/metrics-utility.yaml.j2
+++ b/roles/installer/templates/storage/metrics-utility.yaml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ _metrics_utility_pvc_claim }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
  ownerReferences: null
  labels:
    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
--- a/roles/installer/vars/main.yml
+++ b/roles/installer/vars/main.yml
@@ -21,6 +21,3 @@ _metrics_utility_pvc_claim: "{{ metrics_utility_pvc_claim | default(deployment_t
 _metrics_utility_pvc_claim_size: "{{ metrics_utility_pvc_claim_size | default('5Gi') }}"
 _metrics_utility_cronjob_gather_schedule: "{{ metrics_utility_cronjob_gather_schedule | default('@hourly') }}"
 _metrics_utility_cronjob_report_schedule: "{{ metrics_utility_cronjob_report_schedule | default('@monthly') }}"
 # version check
 gating_version: ''
--- a/roles/mesh_ingress/defaults/main.yml
+++ b/roles/mesh_ingress/defaults/main.yml
@@ -6,7 +6,6 @@ ingress_api_version: 'networking.k8s.io/v1'
 ingress_annotations: ''
 ingress_class_name: ''
 ingress_controller: ''
 route_annotations: ''
 set_self_owneref: true
--- a/roles/mesh_ingress/templates/deployment.yml.j2
+++ b/roles/mesh_ingress/templates/deployment.yml.j2
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ ansible_operator_meta.name }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 spec:
  selector:
    matchLabels:
--- a/roles/mesh_ingress/templates/ingress.yml.j2
+++ b/roles/mesh_ingress/templates/ingress.yml.j2
@@ -6,7 +6,7 @@ apiVersion: '{{ ingress_api_version }}'
 kind: Ingress
 metadata:
  name: {{ ansible_operator_meta.name }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
  annotations:
 {% if ingress_annotations %}
    {{ ingress_annotations | indent(width=4) }}
@@ -41,7 +41,7 @@ apiVersion: '{{ ingress_api_version }}'
 kind: IngressRouteTCP
 metadata:
  name: {{ ansible_operator_meta.name }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
  annotations:
 {% if ingress_annotations %}
    {{ ingress_annotations | indent(width=4) }}
@@ -67,11 +67,8 @@ kind: Route
 metadata:
  annotations:
    openshift.io/host.generated: "true"
 {% if route_annotations %}
    {{ route_annotations | indent(width=4) }}
 {% endif %}
  name: {{ ansible_operator_meta.name }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 spec:
 {% if external_hostname is defined %}
  host: {{ external_hostname }}
--- a/roles/mesh_ingress/templates/receptor_conf.configmap.yml.j2
+++ b/roles/mesh_ingress/templates/receptor_conf.configmap.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ ansible_operator_meta.name }}-receptor-config
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 data:
  receptor_conf: |
    ---
--- a/roles/restore/defaults/main.yml
+++ b/roles/restore/defaults/main.yml
@@ -40,8 +40,5 @@ additional_labels: []
 # Maintain some of the recommended `app.kubernetes.io/*` labels on the resource (self)
 set_self_labels: true
 # If set to true, the restore process will drop and recreate the database schema before restoring
 force_drop_db: false
 spec_overrides: {}
 ...
--- a/roles/restore/tasks/postgres.yml
+++ b/roles/restore/tasks/postgres.yml
@@ -5,7 +5,7 @@
    postgres_configuration_secret: "{{ spec['postgres_configuration_secret'] | default(postgres_configuration_secret) }}"
 - name: Check for specified PostgreSQL configuration
-  kubernetes.core.k8s_info:
+  k8s_info:
    kind: Secret
    namespace: '{{ ansible_operator_meta.namespace }}'
    name: '{{ postgres_configuration_secret }}'
@@ -29,7 +29,7 @@
 - block:
    - name: Get the postgres pod information
-      kubernetes.core.k8s_info:
+      k8s_info:
        kind: Pod
        namespace: '{{ ansible_operator_meta.namespace }}'
        label_selectors:
@@ -47,7 +47,7 @@
  when: awx_postgres_type == 'managed'
 - name: Check for presence of AWX Deployment
-  kubernetes.core.k8s_info:
+  k8s_info:
    api_version: apps/v1
    kind: Deployment
    name: "{{ deployment_name }}-task"
@@ -55,7 +55,7 @@
  register: this_deployment
 - name: Scale down Deployment for migration
-  kubernetes.core.k8s_scale:
+  k8s_scale:
    api_version: apps/v1
    kind: Deployment
    name: "{{ item }}"
@@ -67,40 +67,21 @@
    - "{{ deployment_name }}-web"
  when: this_deployment['resources'] | length
- name: Set resolvable_db_host
+- name: Set full resolvable host name for postgres pod
  set_fact:
    resolvable_db_host: '{{ (awx_postgres_type == "managed") | ternary(awx_postgres_host + "." + ansible_operator_meta.namespace + ".svc." + cluster_name, awx_postgres_host) }}'  # yamllint disable-line rule:line-length
  no_log: "{{ no_log }}"
 - name: Set pg_isready command
  ansible.builtin.set_fact:
    pg_isready: >-
      pg_isready
      -h {{ resolvable_db_host }}
      -p {{ awx_postgres_port }}
  no_log: "{{ no_log }}"
 - name: Set pg_restore command
  set_fact:
    pg_restore: >-
-      pg_restore {{ force_drop_db | bool | ternary('', '--clean --if-exists') }} --no-owner --no-acl
+      pg_restore --clean --if-exists
      -U {{ awx_postgres_user }}
      -h {{ resolvable_db_host }}
      -d {{ awx_postgres_database }}
      -p {{ awx_postgres_port }}
  no_log: "{{ no_log }}"
 - name: Grant CREATEDB privilege to database user for force_drop_db
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ postgres_pod_name }}"
    container: postgres
    command: >-
      psql -c "ALTER USER {{ awx_postgres_user }} CREATEDB;"
  when:
    - force_drop_db | bool
    - awx_postgres_type == 'managed'
 - name: Force drop and create database if force_drop_db is true
  block:
    - name: Set drop db command
@@ -130,8 +111,8 @@
          {{ pg_create_db }}
  when: force_drop_db
- name: Restore Postgres database
+- name: Restore database dump to the new postgresql container
-  kubernetes.core.k8s_exec:
+  k8s_exec:
    namespace: "{{ backup_pvc_namespace }}"
    pod: "{{ ansible_operator_meta.name }}-db-management"
    container: "{{ ansible_operator_meta.name }}-db-management"
@@ -145,11 +126,6 @@
        exit $rc
      }
      keepalive_file=\"$(mktemp)\"
      until {{ pg_isready }} &> /dev/null
      do
          echo \"Waiting until Postgres is accepting connections...\"
          sleep 2
      done
      while [[ -f \"$keepalive_file\" ]]; do
        echo 'Migrating data from old database...'
        sleep 60
@@ -166,14 +142,3 @@
      "
  register: data_migration
  no_log: "{{ no_log }}"
 - name: Revoke CREATEDB privilege from database user
  kubernetes.core.k8s_exec:
    namespace: "{{ ansible_operator_meta.namespace }}"
    pod: "{{ postgres_pod_name }}"
    container: postgres
    command: >-
      psql -c "ALTER USER {{ awx_postgres_user }} NOCREATEDB;"
  when:
    - force_drop_db | bool
    - awx_postgres_type == 'managed'
--- a/roles/restore/templates/event.yml.j2
+++ b/roles/restore/templates/event.yml.j2
@@ -3,15 +3,15 @@ apiVersion: v1
 kind: Event
 metadata:
  name: restore-error.{{ now }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 involvedObject:
  apiVersion: awx.ansible.com/v1beta1
  kind: {{ kind }}
  name: {{ ansible_operator_meta.name }}
-  namespace: "{{ ansible_operator_meta.namespace }}"
+  namespace: {{ ansible_operator_meta.namespace }}
 message: {{ error_msg }}
 reason: RestoreFailed
 type: Warning
-firstTimestamp: "{{ now }}"
+firstTimestamp: {{ now }}
-lastTimestamp: "{{ now }}"
+lastTimestamp: {{ now }}
 count: 1
--- a/roles/restore/templates/management-pod.yml.j2
+++ b/roles/restore/templates/management-pod.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: {{ ansible_operator_meta.name }}-db-management
-  namespace: "{{ backup_pvc_namespace }}"
+  namespace: {{ backup_pvc_namespace }}
  labels:
    {{ lookup("template", "../common/templates/labels/common.yaml.j2") | indent(width=4) | trim }}
 spec:
--- a/roles/restore/vars/main.yml
+++ b/roles/restore/vars/main.yml
@@ -14,4 +14,7 @@ broadcast_websocket_secret: '{{ deployment_name }}-broadcast-websocket'
 postgres_configuration_secret: '{{ deployment_name }}-postgres-configuration'
 supported_pg_version: 15
 image_pull_policy: IfNotPresent
 # If set to true, the restore process will delete the existing database and create a new one
 force_drop_db: false
 pg_drop_create: ''
--- a/up.sh
+++ b/up.sh
@@ -1,148 +0,0 @@
 #!/bin/bash
 # AWX Operator up.sh
 # Purpose:
 #   Build operator image from your local checkout, push to quay.io/youruser/awx-operator:dev, and deploy operator
 # -- Usage
 #   NAMESPACE=awx TAG=dev QUAY_USER=developer ./up.sh
 #   NAMESPACE=awx TAG=dev QUAY_USER=developer PULL_SECRET_FILE=my-secret.yml ./up.sh
 # -- User Variables
 NAMESPACE=${NAMESPACE:-awx}
 QUAY_USER=${QUAY_USER:-developer}
 TAG=${TAG:-$(git rev-parse --short HEAD)}
 DEV_TAG=${DEV_TAG:-dev}
 DEV_TAG_PUSH=${DEV_TAG_PUSH:-true}
 PULL_SECRET_FILE=${PULL_SECRET_FILE:-hacking/pull-secret.yml}
 # -- Check for required variables
 # Set the following environment variables
 # export NAMESPACE=awx
 # export QUAY_USER=developer
 if [ -z "$QUAY_USER" ]; then
  echo "Error: QUAY_USER env variable is not set."
  echo "  export QUAY_USER=developer"
  exit 1
 fi
 if [ -z "$NAMESPACE" ]; then
  echo "Error: NAMESPACE env variable is not set. Run the following with your namespace:"
  echo "  export NAMESPACE=developer"
  exit 1
 fi
 # -- Container Build Engine (podman or docker)
 ENGINE=${ENGINE:-podman}
 # -- Variables
 IMG=quay.io/$QUAY_USER/awx-operator
 KUBE_APPLY="kubectl apply -n $NAMESPACE -f"
 # -- Wait for existing project to be deleted
 # Function to check if the namespace is in terminating state
 is_namespace_terminating() {
    kubectl get namespace $NAMESPACE 2>/dev/null | grep -q 'Terminating'
    return $?
 }
 # Check if the namespace exists and is in terminating state
 if kubectl get namespace $NAMESPACE 2>/dev/null; then
    echo "Namespace $NAMESPACE exists."
    if is_namespace_terminating; then
        echo "Namespace $NAMESPACE is in terminating state. Waiting for it to be fully terminated..."
        while is_namespace_terminating; do
            sleep 5
        done
        echo "Namespace $NAMESPACE has been terminated."
    fi
 fi
 # -- Create namespace
 kubectl create namespace $NAMESPACE
 # -- Prepare
 # Set imagePullPolicy to Always
 files=(
    config/manager/manager.yaml
 )
 for file in "${files[@]}"; do
  if grep -qF 'imagePullPolicy: IfNotPresent' ${file}; then
    sed -i -e "s|imagePullPolicy: IfNotPresent|imagePullPolicy: Always|g" ${file};
  fi
 done
 # Create redhat-operators-pull-secret if pull credentials file exists
 if [ -f "$PULL_SECRET_FILE" ]; then
  $KUBE_APPLY $PULL_SECRET_FILE
 fi
 # Delete old operator deployment
 kubectl delete deployment awx-operator-controller-manager
 # Create secrets
 $KUBE_APPLY dev/secrets/custom-secret-key.yml
 $KUBE_APPLY dev/secrets/admin-password-secret.yml
 # (Optional) Create external-pg-secret
 # $KUBE_APPLY dev/secrets/external-pg-secret.yml
 # -- Login to Quay.io
 $ENGINE login quay.io
 if [ $ENGINE = 'podman' ]; then
  if [ -f "$XDG_RUNTIME_DIR/containers/auth.json" ] ; then
    REGISTRY_AUTH_CONFIG=$XDG_RUNTIME_DIR/containers/auth.json
    echo "Found registry auth config: $REGISTRY_AUTH_CONFIG"
  elif [ -f $HOME/.config/containers/auth.json ] ; then
    REGISTRY_AUTH_CONFIG=$HOME/.config/containers/auth.json
    echo "Found registry auth config: $REGISTRY_AUTH_CONFIG"
  elif [ -f "/home/$USER/.docker/config.json" ] ; then
    REGISTRY_AUTH_CONFIG=/home/$USER/.docker/config.json
    echo "Found registry auth config: $REGISTRY_AUTH_CONFIG"
  else
    echo "No Podman configuration files were found."
  fi
 fi
 if [ $ENGINE = 'docker' ]; then
  if [ -f "/home/$USER/.docker/config.json" ] ; then
 	  REGISTRY_AUTH_CONFIG=/home/$USER/.docker/config.json
    echo "Found registry auth config: $REGISTRY_AUTH_CONFIG"
  else
    echo "No Docker configuration files were found."
  fi
 fi
 # -- Build & Push Operator Image
 echo "Preparing to build $IMG:$TAG ($IMG:$DEV_TAG) with $ENGINE..."
 sleep 3
 # Detect architecture and use multi-arch build for ARM hosts
 HOST_ARCH=$(uname -m)
 if [[ "$HOST_ARCH" == "aarch64" || "$HOST_ARCH" == "arm64" ]] && [ "$ENGINE" = "podman" ]; then
  echo "ARM architecture detected ($HOST_ARCH). Using multi-arch build..."
  make podman-buildx IMG=$IMG:$TAG ENGINE=$ENGINE
 else
  make docker-build docker-push IMG=$IMG:$TAG
  # Tag and Push DEV_TAG Image when DEV_TAG_PUSH is 'True'
  if $DEV_TAG_PUSH ; then
    $ENGINE tag $IMG:$TAG $IMG:$DEV_TAG
    make docker-push IMG=$IMG:$DEV_TAG
  fi
 fi
 # -- Deploy Operator
 make deploy IMG=$IMG:$TAG NAMESPACE=$NAMESPACE
 # -- Create CR
 # uncomment the CR you want to use
 $KUBE_APPLY dev/awx-cr/awx-openshift-cr.yml
 # $KUBE_APPLY dev/awx-cr/awx-cr-settings.yml
 # $KUBE_APPLY dev/awx-cr/awx-k8s-ingress.yml
--- a/vendor/galaxy.ansible.com/kubernetes/core/kubernetes-core-2.3.2.tar.gz
+++ b/vendor/galaxy.ansible.com/kubernetes/core/kubernetes-core-2.3.2.tar.gz
--- a/vendor/galaxy.ansible.com/kubernetes/core/kubernetes-core-3.2.0.tar.gz
+++ b/vendor/galaxy.ansible.com/kubernetes/core/kubernetes-core-3.2.0.tar.gz
Author	SHA1	Message	Date
Christian M. Adams	12febf501b	Make CI use this branch when running label PR check	2024-10-16 12:12:33 -04:00
Christian M. Adams	b567678cc1	Fix Label PR check by using python venv for requests library	2024-10-16 11:51:28 -04:00