diff --git a/awx.yml b/awx.yml
new file mode 100644
index 0000000..cdaffba
--- /dev/null
+++ b/awx.yml
@@ -0,0 +1,30 @@
+---
+
+# configuring awx cluster
+
+- name: 'apply awx config update to {{ host | default("all") }}'
+  hosts: '{{ host | default("kube_control_plane") }}'
+  serial: "{{ serial_number | default(10) }}"
+  vars:
+    ansible_ssh_host: "{{ stage_server_domain }}"
+
+  pre_tasks:
+    - name: "Check if ansible version is at least {{ ansible_minimal_version }}"
+      assert:
+        that:
+          - ansible_version.string is version(ansible_minimal_version, ">=")
+        msg: "The ansible version has to be at least {{ ansible_minimal_version }}"
+      tags:
+        - always
+
+    - name: "Import autodiscover pre-tasks"
+      import_tasks: tasks/autodiscover_pre_tasks.yml
+      tags:
+        - always
+
+  roles:
+    - role: kubernetes/awx
+      when: kubernetes_with_awx | default(false)
+      tags:
+        - never # shouldn't be done automatically due to removal logic
+        - update_awx_config
diff --git a/group_vars/stage_dev/kubernetes.yml b/group_vars/stage_dev/kubernetes.yml
index 2af52c9..edc71b5 100644
--- a/group_vars/stage_dev/kubernetes.yml
+++ b/group_vars/stage_dev/kubernetes.yml
@@ -1,5 +1,6 @@
 ---
 
-kubernetes_with_certmanager: true
 kubernetes_with_externaldns: true
+kubernetes_with_certmanager: true
 kubernetes_with_ingress: true
+kubernetes_with_awx: true
diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml
index db3b2d5..3fe6611 100644
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@@ -111,10 +111,3 @@ custom_stage_plattform_users:
 
 custom_stage_hetzner_ssh_keys:
   - "ext.hans-peter.wissenbach@netgo.de"
-
-kubernetes_with_prometheus: False
-cert_manager_dplmt: False
-kubernetes_with_certmanager: False
-kubernetes_with_extdns: False
-kubernetes_with_ingress: False
-kubernetes_with_gitea: False
diff --git a/group_vars/stage_devscr/kubernetes.yml b/group_vars/stage_devscr/kubernetes.yml
index 1a2f942..7bcaf80 100644
--- a/group_vars/stage_devscr/kubernetes.yml
+++ b/group_vars/stage_devscr/kubernetes.yml
@@ -1,6 +1,6 @@
 ---
 
-kubernetes_with_certmanager: true
 kubernetes_with_externaldns: true
+kubernetes_with_certmanager: true
 kubernetes_with_ingress: true
 kubernetes_with_gitea: true
diff --git a/group_vars/stage_prodnso/kubernetes.yml b/group_vars/stage_prodnso/kubernetes.yml
index ed97d53..978f00b 100644
--- a/group_vars/stage_prodnso/kubernetes.yml
+++ b/group_vars/stage_prodnso/kubernetes.yml
@@ -1 +1,6 @@
 ---
+
+kubernetes_with_externaldns: true
+kubernetes_with_certmanager: true
+kubernetes_with_ingress: true
+kubernetes_with_awx: true
\ No newline at end of file
diff --git a/group_vars/stage_qa/kubernetes.yml b/group_vars/stage_qa/kubernetes.yml
index ed97d53..edc71b5 100644
--- a/group_vars/stage_qa/kubernetes.yml
+++ b/group_vars/stage_qa/kubernetes.yml
@@ -1 +1,6 @@
 ---
+
+kubernetes_with_externaldns: true
+kubernetes_with_certmanager: true
+kubernetes_with_ingress: true
+kubernetes_with_awx: true
diff --git a/kubernetes.yml b/kubernetes.yml
index 6a804c6..6171016 100644
--- a/kubernetes.yml
+++ b/kubernetes.yml
@@ -1,5 +1,7 @@
 ---
 
+# bootstraping kubernetes cluster
+
 - name: 'apply kubernetes setup to {{ host | default("all") }}'
   hosts: '{{ host | default("kube_control_plane") }}'
   serial: "{{ serial_number | default(10) }}"
@@ -62,8 +64,3 @@
       when: kubernetes_with_bootstrap | default(true)
       tags:
         - bootstrap
-
-    - role: kubernetes/awx
-      when: kubernetes_with_awx | default(false)
-      tags:
-        - awx
diff --git a/roles/kubernetes/awx/tasks/main.yml b/roles/kubernetes/awx/tasks/main.yml
index 4741a27..73bc03f 100644
--- a/roles/kubernetes/awx/tasks/main.yml
+++ b/roles/kubernetes/awx/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: "Checkin if awx in k8s cluster is avail"
+- name: "Checkin if awx in k8s cluster is available"
   delegate_to: localhost
   uri:
     url: "https://{{ shared_service_kube_awx_hostname }}/api/login"
@@ -18,7 +18,8 @@
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
   tags:
-    - awx
+    - never # shouldn't be done automatically due to removal logic
+    - update_awx_config
 
 - name: "Authenticating with awx server"
   delegate_to: localhost
@@ -33,15 +34,17 @@
     status_code: 200
   register: authentication_response
   tags:
-    - awx
+    - never # shouldn't be done automatically due to removal logic
+    - update_awx_config
 
 - name: DEBUG
   debug:
     msg: "{{ authentication_response }}"
-  tags:
-    - awx
   when:
     - debug
+  tags:
+    - never # shouldn't be done automatically due to removal logic
+    - update_awx_config
 
 - name: "Configure some stuff"
   include_tasks: awx-config.yml