Set ownerRef to null for SA, Role and RoleBinding to avoid conflicts

 - Without this, if an AnsibleJob is deleted while another is running,
   it's service account, role and rolebinding will be cascade deleted,
   making the running job fail.

roles/common/tasks/main.yml

@@ -0,0 +1 @@
+---

roles/common/tasks/unset-ownerref.yml

@@ -0,0 +1,15 @@
+---
+- name: Remove ownerReferences on persistent resources
+  k8s:
+    definition:
+      apiVersion: "{{ item.apiVersion }}"
+      kind: "{{ item.kind }}"
+      metadata:
+        name: "resource-operator-controller-manager-job"
+        namespace: '{{ ansible_operator_meta.namespace }}'
+        ownerReferences: null
+  loop:
+    - { kind: 'ServiceAccount', apiVersion: 'v1' }
+    - { kind: 'Role', apiVersion: 'rbac.authorization.k8s.io/v1' }
+    - { kind: 'RoleBinding', apiVersion: 'rbac.authorization.k8s.io/v1' }
+  no_log: "{{ no_log }}"

roles/credential/tasks/main.yml

@@ -68,6 +68,9 @@
     state: present
     definition: "{{ lookup('template', 'service_account.yml.j2') }}"
 
+- name: Unset ownerReference on ServiceAccount, Role, and RoleBinding
+  include_tasks: ../common/tasks/unset-ownerref.yml
+
 - name: Start K8s Runner Job
   kubernetes.core.k8s:
     state: present

roles/instancegroup/tasks/main.yml

@@ -82,6 +82,9 @@
     state: present
     definition: "{{ lookup('template', 'service_account.yml.j2') }}"
 
+- name: Unset ownerReference on ServiceAccount, Role, and RoleBinding
+  include_tasks: ../common/tasks/unset-ownerref.yml
+
 - name: Start K8s Runner Job
   kubernetes.core.k8s:
     state: present

roles/inventory/defaults/main.yml

@@ -2,4 +2,3 @@
 # defaults file for Inventory
 job_ttl: 3600
 backoff_limit: 1
-

roles/inventory/tasks/main.yml

@@ -57,4 +57,3 @@
       message: "There was an error when creating the inventory"
   when:
     - inventory.failed
-

roles/job/tasks/main.yml

@@ -94,6 +94,9 @@
     state: present
     definition: "{{ lookup('template', 'service_account.yml.j2') }}"
 
+- name: Unset ownerReference on ServiceAccount, Role, and RoleBinding
+  include_tasks: ../common/tasks/unset-ownerref.yml
+
 - name: Start K8s Runner Job
   kubernetes.core.k8s:
     state: present

roles/jobtemplate/tasks/main.yml

@@ -102,4 +102,3 @@
       message: "There was an error in the job template"
   when:
     - job_template.failed
-

roles/project/tasks/main.yml

@@ -68,6 +68,9 @@
     state: present
     definition: "{{ lookup('template', 'service_account.yml.j2') }}"
 
+- name: Unset ownerReference on ServiceAccount, Role, and RoleBinding
+  include_tasks: ../common/tasks/unset-ownerref.yml
+
 - name: Start K8s Runner Job
   kubernetes.core.k8s:
     state: present

roles/schedule/tasks/main.yml

@@ -68,6 +68,9 @@
     state: present
     definition: "{{ lookup('template', 'service_account.yml.j2') }}"
 
+- name: Unset ownerReference on ServiceAccount, Role, and RoleBinding
+  include_tasks: ../common/tasks/unset-ownerref.yml
+
 - name: Start K8s Runner Job
   kubernetes.core.k8s:
     state: present

roles/workflow/tasks/main.yml

@@ -94,6 +94,9 @@
     state: present
     definition: "{{ lookup('template', 'service_account.yml.j2') }}"
 
+- name: Unset ownerReference on ServiceAccount, Role, and RoleBinding
+  include_tasks: ../common/tasks/unset-ownerref.yml
+
 - name: Start K8s Runner Job
   kubernetes.core.k8s:
     state: present

test-e2e/tests/job-deprecated.yaml

@@ -7,4 +7,3 @@ spec:
   tower_auth_secret: awxaccess
   job_template_name: Demo Job Template
   runner_pull_policy: IfNotPresent
-