├── .github ├── CODEOWNERS ├── ct.yaml ├── lintconf.yaml └── workflows │ ├── everest-pr-checks.yaml │ ├── everest-release.yaml │ ├── release.yaml │ └── test.yaml ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── charts ├── everest │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── Makefile │ ├── README.md │ ├── README.md.gotmpl │ ├── charts │ │ ├── common │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── templates │ │ │ │ ├── _create_default_psp.yaml.tpl │ │ │ │ ├── _csv_cleanup.yaml.tpl │ │ │ │ ├── _db_resources_cleanup.yaml.tpl │ │ │ │ ├── _operators_installer.yaml.tpl │ │ │ │ ├── _psp_cleanup.yaml.tpl │ │ │ │ └── _upgrade_checks.yaml.tpl │ │ │ └── values.yaml │ │ └── everest-db-namespace │ │ │ ├── .helmignore │ │ │ ├── Chart.lock │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── hooks.yaml │ │ │ ├── namespace.yaml │ │ │ ├── operatorgroup.yaml │ │ │ ├── pg.subscription.yaml │ │ │ ├── psmdb.subscription.yaml │ │ │ └── pxc.subscription.yaml │ │ │ └── values.yaml │ ├── crds │ │ ├── everest.yaml │ │ └── olm.yaml │ ├── docs │ │ ├── application-db-namespace.yaml │ │ ├── application.yaml │ │ ├── argocd.md │ │ └── openshift.md │ ├── everest-admin.yaml.tpl │ ├── go.mod │ ├── helm.go │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── everest-catalogsource.yaml │ │ ├── everest-olm │ │ │ ├── catalog-operator.deployment.yaml │ │ │ ├── certs.certmanager.yaml │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── namespace.yaml │ │ │ ├── olm-operator.deployment.yaml │ │ │ ├── olmconfig.yaml │ │ │ ├── packageserver.apiservice.yaml │ │ │ ├── packageserver.deployment.yaml │ │ │ ├── packageserver.rbac.yaml │ │ │ ├── packageserver.service.yaml │ │ │ └── serviceaccount.yaml │ │ ├── everest-operator │ │ │ ├── backupstorage-editor.clusterrole.yaml │ │ │ ├── backupstorage-viewer.clusterrole.yaml │ │ │ ├── databasecluster-editor.clusterrole.yaml │ │ │ ├── databasecluster-viewer.clusterrole.yaml │ │ │ ├── databaseclusterbackup-editor.clusterrole.yaml │ │ │ ├── databaseclusterbackup-viewer.clusterrole.yaml │ │ │ ├── databaseclusterrestore-editor.clusterrole.yaml │ │ │ ├── databaseclusterrestore-viewer.clusterrole.yaml │ │ │ ├── databaseengine-editor.clusterrole.yaml │ │ │ ├── databaseengine-viewer.clusterrole.yaml │ │ │ ├── deployment.yaml │ │ │ ├── leaderelection.role.yaml │ │ │ ├── leaderelection.rolebinding.yaml │ │ │ ├── manager.clusterrole.yaml │ │ │ ├── manager.clusterrolebinding.yaml │ │ │ ├── metrics-auth.clusterrole.yaml │ │ │ ├── metrics-auth.clusterrolebinding.yaml │ │ │ ├── metrics.service.yaml │ │ │ ├── metricsreader.clusterrole.yaml │ │ │ ├── monitoringconfig-editor.clusterrole.yaml │ │ │ ├── monitoringconfig-viewer.clusterrole.yaml │ │ │ ├── podschedulingpolicy-editor.clusterrole.yaml │ │ │ ├── podschedulingpolicy-viewer.clusterrole.yaml │ │ │ ├── rolebinding.yaml │ │ │ └── serviceaccount.yaml │ │ ├── everest-server │ │ │ ├── accounts.secret.yaml │ │ │ ├── certificate.yaml │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ ├── jwt.secret.yaml │ │ │ ├── rbac.configmap.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── settings.configmap.yaml │ │ │ └── tls.secret.yaml │ │ ├── hooks.yaml │ │ ├── ksm-customresourcestate-cm.yaml │ │ ├── ksm-openshift-clusterrolebinding.yaml │ │ ├── monitoring-namespace.yaml │ │ └── monitoring-resources.yaml │ └── values.yaml ├── gcp-marketplace │ ├── psmdb-operator │ │ ├── README.md │ │ ├── apptest │ │ │ ├── deployer │ │ │ │ ├── psmdb-operator │ │ │ │ │ ├── templates │ │ │ │ │ │ └── tester.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── schema.yaml │ │ │ └── tester │ │ │ │ ├── Dockerfile │ │ │ │ ├── tester.sh │ │ │ │ └── tests │ │ │ │ └── basic-suite.yaml │ │ ├── chart │ │ │ └── psmdb-operator │ │ │ │ ├── .helmignore │ │ │ │ ├── Chart.yaml │ │ │ │ ├── LICENSE.txt │ │ │ │ ├── README.md │ │ │ │ ├── files │ │ │ │ ├── crd │ │ │ │ │ └── crd.yaml │ │ │ │ └── custom-resource │ │ │ │ │ └── cr.yaml │ │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── application.yaml │ │ │ │ ├── cr-configmap.yaml │ │ │ │ ├── crd-configmap.yaml │ │ │ │ ├── crd-create.yaml │ │ │ │ └── deployment.yaml │ │ │ │ └── values.yaml │ │ ├── deployer │ │ │ └── Dockerfile │ │ ├── resources │ │ │ └── service-accounts.yaml │ │ └── schema.yaml │ └── pxc-operator │ │ ├── README.md │ │ ├── apptest │ │ ├── deployer │ │ │ ├── pxc-operator │ │ │ │ └── templates │ │ │ │ │ └── tester.yaml │ │ │ └── schema.yaml │ │ └── tester │ │ │ ├── Dockerfile │ │ │ ├── tester.sh │ │ │ └── tests │ │ │ └── basic-suite.yaml │ │ ├── chart │ │ └── pxc-operator │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── LICENSE.txt │ │ │ ├── README.md │ │ │ ├── files │ │ │ ├── crd │ │ │ │ └── crd.yaml │ │ │ └── custom-resource │ │ │ │ └── cr.yaml │ │ │ ├── logo.png │ │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── application.yaml │ │ │ ├── cr-configmap.yaml │ │ │ ├── crd-configmap.yaml │ │ │ ├── crd-create.yaml │ │ │ └── deployment.yaml │ │ │ └── values.yaml │ │ ├── deployer │ │ └── Dockerfile │ │ ├── resources │ │ └── service-accounts.yaml │ │ └── schema.yaml ├── pg-db │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── cluster.yaml │ └── values.yaml ├── pg-operator │ ├── Chart.yaml │ ├── README.md │ ├── crds │ │ └── crd.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── role-binding.yaml │ │ └── role.yaml │ └── values.yaml ├── pmm │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── ingress.yaml │ │ ├── secret-certs.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── statefulset.yaml │ └── values.yaml ├── ps-db │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── cluster-secret.yaml │ │ ├── cluster.yaml │ │ ├── role-binding.yaml │ │ └── role.yaml │ └── values.yaml ├── ps-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── crds │ │ └── crd.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── role-binding.yaml │ │ └── role.yaml │ └── values.yaml ├── psmdb-db │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── cluster-secret.yaml │ │ └── cluster.yaml │ └── values.yaml ├── psmdb-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── LICENSE.txt │ ├── README.md │ ├── crds │ │ └── crd.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── namespace.yaml │ │ ├── role-binding.yaml │ │ └── role.yaml │ └── values.yaml ├── pxc-db │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── cluster-secret.yaml │ │ ├── cluster-ssl-secret.yaml │ │ ├── cluster.yaml │ │ └── s3-secret.yaml │ └── values.yaml └── pxc-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── LICENSE.txt │ ├── README.md │ ├── crds │ └── crd.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── namespace.yaml │ ├── role-binding.yaml │ └── role.yaml │ └── values.yaml └── code-of-conduct.md /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @hors @tplavcic @nmarukovich @jvpasinatto @eleo007 @valmiranogueira 2 | /charts/pmm/ @percona/pmm-review-be 3 | /charts/everest/ @percona/everest-backend-devs 4 | .github/everest-pr-checks.yaml @percona/everest-backend-devs 5 | .github/everest-release.yaml @percona/everest-backend-devs 6 | -------------------------------------------------------------------------------- /.github/ct.yaml: -------------------------------------------------------------------------------- 1 | # See https://github.com/helm/chart-testing#configuration 2 | remote: origin 3 | target-branch: main 4 | helm-extra-args: --timeout 600s 5 | -------------------------------------------------------------------------------- /.github/lintconf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | rules: 3 | braces: 4 | min-spaces-inside: 0 5 | max-spaces-inside: 0 6 | min-spaces-inside-empty: -1 7 | max-spaces-inside-empty: -1 8 | brackets: 9 | min-spaces-inside: 0 10 | max-spaces-inside: 0 11 | min-spaces-inside-empty: -1 12 | max-spaces-inside-empty: -1 13 | colons: 14 | max-spaces-before: 0 15 | max-spaces-after: 1 16 | commas: 17 | max-spaces-before: 0 18 | min-spaces-after: 1 19 | max-spaces-after: 1 20 | comments: 21 | require-starting-space: true 22 | min-spaces-from-content: 2 23 | document-end: disable 24 | document-start: disable # No --- to start a file 25 | empty-lines: 26 | max: 2 27 | max-start: 0 28 | max-end: 0 29 | hyphens: 30 | max-spaces-after: 1 31 | indentation: 32 | spaces: consistent 33 | indent-sequences: whatever # - list indentation will handle both indentation and without 34 | check-multi-line-strings: false 35 | key-duplicates: enable 36 | line-length: disable # Lines can be any length 37 | new-line-at-end-of-file: enable 38 | new-lines: 39 | type: unix 40 | trailing-spaces: disable 41 | truthy: 42 | level: warning 43 | -------------------------------------------------------------------------------- /.github/workflows/everest-release.yaml: -------------------------------------------------------------------------------- 1 | name: Everest Chart Release 2 | on: 3 | workflow_dispatch: 4 | inputs: 5 | version: 6 | description: "Everest version" 7 | required: true 8 | jobs: 9 | release: 10 | env: 11 | VERSION: ${{ github.event.inputs.version }} 12 | # Is set if the VERSION corresponds to an RC. 13 | IS_RC: 0 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Set environment variables 17 | run: | 18 | if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 19 | echo "IS_RC=1" >> $GITHUB_ENV 20 | fi 21 | 22 | - name: Checkout 23 | uses: actions/checkout@v4 24 | with: 25 | sparse-checkout: | 26 | charts/everest 27 | 28 | - name: Configure Git 29 | run: | 30 | git config user.name "$GITHUB_ACTOR" 31 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 32 | 33 | - name: Update CRDs 34 | run: | 35 | cd charts/everest 36 | CRD_VERSION=v${{ env.VERSION }} make crds-gen 37 | 38 | - name: Prepare RC 39 | if: ${{ env.IS_RC == '1' }} 40 | run: | 41 | cd charts/everest 42 | make release-dev 43 | 44 | - name: Prepare release 45 | if: ${{ env.IS_RC == '0' }} 46 | run: | 47 | cd charts/everest 48 | make release 49 | 50 | - name: Install Helm 51 | uses: azure/setup-helm@v1 52 | with: 53 | version: v3.4.0 54 | 55 | - name: Release chart 56 | uses: helm/chart-releaser-action@v1.6.0 57 | env: 58 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 59 | 60 | - name: Release sub-chart 61 | uses: helm/chart-releaser-action@v1.6.0 62 | with: 63 | charts_dir: charts/everest/charts 64 | skip_existing: true 65 | env: 66 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 67 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | path-ignore: 6 | - 'charts/gcp-marketplace/**' 7 | - 'charts/everest/**' 8 | branches: 9 | - main 10 | 11 | jobs: 12 | release: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v3 17 | with: 18 | fetch-depth: 0 19 | 20 | - name: Remove skipped charts 21 | run: | 22 | rm -rf charts/everest 23 | 24 | - name: Configure Git 25 | run: | 26 | git config user.name "$GITHUB_ACTOR" 27 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 28 | 29 | - name: Install Helm 30 | uses: azure/setup-helm@v4.2.0 31 | with: 32 | version: v3.15.4 33 | 34 | - name: Run chart-releaser 35 | uses: helm/chart-releaser-action@v1.6.0 36 | env: 37 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 38 | with: 39 | skip_existing: true 40 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: Lint and Test Charts 2 | 3 | on: 4 | pull_request: 5 | path-ignore: 6 | - 'charts/gcp-marketplace/**' 7 | - 'charts/everest/**' 8 | 9 | jobs: 10 | lint-test: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v3 15 | with: 16 | fetch-depth: 0 17 | 18 | - name: Set up Helm 19 | uses: azure/setup-helm@v4.2.0 20 | with: 21 | version: v3.15.4 22 | 23 | - uses: actions/setup-python@v5 24 | with: 25 | python-version: '3.9' 26 | 27 | - name: Set up chart-testing 28 | uses: helm/chart-testing-action@v2.6.1 29 | 30 | - name: Run chart-testing (list-changed) 31 | id: list-changed 32 | run: | 33 | changed=$(ct list-changed --config .github/ct.yaml) 34 | if [[ -n "$changed" ]]; then 35 | echo "changed=true" >> $GITHUB_OUTPUT 36 | fi 37 | 38 | - name: Run chart-testing (lint) 39 | run: ct lint --config .github/ct.yaml --lint-conf .github/lintconf.yaml --excluded-charts=everest 40 | 41 | - name: Create kind cluster 42 | uses: helm/kind-action@v1.10.0 43 | # Only build a kind cluster if there are chart changes to test. 44 | if: steps.list-changed.outputs.changed == 'true' 45 | 46 | - name: Run chart-testing (install) 47 | run: | 48 | OPERATOR_INSTALL=$(ct list-changed --config .github/ct.yaml | sed 's:charts/::' | grep "\-db$" | sed 's/-db$/-operator/') 49 | if [ -n "$OPERATOR_INSTALL" ]; then 50 | for operator in $OPERATOR_INSTALL; do helm install --namespace default $operator charts/$operator/.; done 51 | fi 52 | ct install --config .github/ct.yaml --excluded-charts=everest 53 | if [ -n "$OPERATOR_INSTALL" ]; then 54 | for operator in $OPERATOR_INSTALL; do helm uninstall --namespace default $operator; done 55 | fi 56 | 57 | - name: Build chart package 58 | run: | 59 | changed=$(ct list-changed --config .github/ct.yaml) 60 | [ $(echo -n "$changed" | grep -c '^') == 1 ] && helm package $changed || echo "skipping package" 61 | 62 | - name: Upload helm chart 63 | uses: actions/upload-artifact@v4 64 | with: 65 | path: ./*.tgz 66 | retention-days: 30 67 | if-no-files-found: ignore 68 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .deploy/ 2 | .idea/ 3 | *.tgz 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2019 Paul Czarkowski 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /charts/everest/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | 25 | Makefile 26 | go.mod 27 | go.sum 28 | helm.go 29 | docs/ 30 | -------------------------------------------------------------------------------- /charts/everest/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: file://charts/common 4 | version: 0.0.17 5 | - name: everest-db-namespace 6 | repository: file://charts/everest-db-namespace 7 | version: 0.0.0 8 | - name: kube-state-metrics 9 | repository: https://prometheus-community.github.io/helm-charts 10 | version: 5.27.0 11 | - name: victoria-metrics-operator 12 | repository: https://victoriametrics.github.io/helm-charts 13 | version: 0.43.0 14 | - name: pmm 15 | repository: https://percona.github.io/percona-helm-charts 16 | version: 1.3.21 17 | digest: sha256:b2e96656a4daa68aec3399ad1ae6f0513759b9967b6ec09fc438c545e53c86cf 18 | generated: "2025-06-04T11:11:10.251485+03:00" 19 | -------------------------------------------------------------------------------- /charts/everest/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: everest 3 | description: A cloud-native database platform 4 | version: 0.0.0 5 | appVersion: 0.0.0 6 | type: application 7 | kubeVersion: '>= 1.27.0-0' 8 | maintainers: 9 | - name: mayankshah1607 10 | email: mayank.shah@percona.com 11 | - name: oksana-grishchenko 12 | email: oksana.grishchenko@percona.com 13 | - name: recharte 14 | email: diogo.recharte@percona.com 15 | dependencies: 16 | - name: common 17 | version: 0.0.* 18 | repository: "file://charts/common" 19 | # This is not really a dependency, but we define it as one so that we're 20 | # able to conditionally disable rendering these manifests along with the core chart manifests. 21 | # The default behaviour of Helm is to always include the sub-chart manfiests unless explicitly disabled. 22 | - name: everest-db-namespace 23 | alias: dbNamespace 24 | version: 0.0.0 25 | repository: "file://charts/everest-db-namespace" 26 | condition: "dbNamespace.enabled" 27 | - name: kube-state-metrics 28 | repository: https://prometheus-community.github.io/helm-charts 29 | version: 5.27.0 30 | condition: "kube-state-metrics.enabled" 31 | - name: victoria-metrics-operator 32 | alias: monitoring 33 | version: 0.43.0 34 | repository: "https://victoriametrics.github.io/helm-charts" 35 | condition: "monitoring.enabled" 36 | - name: pmm 37 | repository: "https://percona.github.io/percona-helm-charts" 38 | condition: "pmm.enabled" 39 | version: 1.3.* 40 | -------------------------------------------------------------------------------- /charts/everest/Makefile: -------------------------------------------------------------------------------- 1 | HELM ?= helm 2 | 3 | # values to override 4 | IMAGE_PREFIX ?= percona 5 | TELEMETRY ?= true 6 | 7 | prepare-chart: 8 | CHART_FILES="Chart.yaml ./charts/everest-db-namespace/Chart.yaml"; \ 9 | for chart in $$CHART_FILES; do \ 10 | yq eval -i '.version = "${VERSION}"' $$chart; \ 11 | yq eval -i '.appVersion = "${VERSION}"' $$chart; \ 12 | done 13 | yq eval -i '.server.image = "$(IMAGE_PREFIX)/everest"' values.yaml 14 | yq eval -i '.olm.catalogSourceImage = "$(IMAGE_PREFIX)/everest-catalog"' values.yaml 15 | yq eval -i '.operator.image = "$(IMAGE_PREFIX)/everest-operator"' values.yaml 16 | yq eval -i '.telemetry = $(TELEMETRY)' values.yaml 17 | yq eval -i '(.dependencies[] | select(.name == "everest-db-namespace")).version = "${VERSION}"' Chart.yaml 18 | $(MAKE) deps 19 | 20 | release: prepare-chart 21 | 22 | release-dev: IMAGE_PREFIX=perconalab 23 | release-dev: TELEMETRY=false 24 | release-dev: prepare-chart 25 | 26 | add-repos: 27 | $(HELM) version 28 | $(HELM) repo add prometheus-community https://prometheus-community.github.io/helm-charts 29 | $(HELM) repo add vm https://victoriametrics.github.io/helm-charts 30 | $(HELM) repo add percona https://percona.github.io/percona-helm-charts/ 31 | 32 | deps: add-repos 33 | $(HELM) dependency update . 34 | $(HELM) dependency update ./charts/everest-db-namespace 35 | 36 | docs-gen: 37 | docker run --rm -v "$(PWD)/:/helm-docs" -u $(shell id -u) jnorwood/helm-docs:v1.14.2 38 | 39 | 40 | EVEREST_REPO_URL ?= https://github.com/percona/everest-operator 41 | CRD_DIR ?= config/crd 42 | CRD_VERSION ?= main 43 | crds-gen: 44 | docker run --rm registry.k8s.io/kustomize/kustomize:v5.0.0 build $(EVEREST_REPO_URL)/$(CRD_DIR)?ref=$(CRD_VERSION) > crds/everest.yaml 45 | 46 | prepare-pr: 47 | $(MAKE) deps 48 | $(MAKE) docs-gen 49 | EVEREST_REPO_URL=$(EVEREST_REPO_URL) \ 50 | CRD_DIR=$(CRD_DIR) \ 51 | CRD_VERSION=$(CRD_VERSION) $(MAKE) crds-gen 52 | -------------------------------------------------------------------------------- /charts/everest/charts/common/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/everest/charts/common/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: common 3 | description: A library chart for Everest containing common resources. 4 | type: library 5 | version: 0.0.17 6 | appVersion: "0.0.3" 7 | maintainers: 8 | - name: mayankshah1607 9 | email: mayank.shah@percona.com 10 | - name: oksana-grishchenko 11 | email: oksana.grishchenko@percona.com 12 | - name: recharte 13 | email: diogo.recharte@percona.com 14 | -------------------------------------------------------------------------------- /charts/everest/charts/common/README.md: -------------------------------------------------------------------------------- 1 | # common 2 | 3 | ![Version: 0.0.17](https://img.shields.io/badge/Version-0.0.17-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.0.3](https://img.shields.io/badge/AppVersion-0.0.3-informational?style=flat-square) 4 | 5 | A library chart for Everest containing common resources. 6 | 7 | ## Maintainers 8 | 9 | | Name | Email | Url | 10 | | ---- | ------ | --- | 11 | | mayankshah1607 | | | 12 | | oksana-grishchenko | | | 13 | | recharte | | | 14 | 15 | ---------------------------------------------- 16 | Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) 17 | -------------------------------------------------------------------------------- /charts/everest/charts/common/templates/_create_default_psp.yaml.tpl: -------------------------------------------------------------------------------- 1 | # Create default pod scheduling policies. 2 | # 3 | {{- define "everest.createDefaultPsp" }} 4 | apiVersion: everest.percona.com/v1alpha1 5 | kind: PodSchedulingPolicy 6 | metadata: 7 | name: everest-default-mysql 8 | finalizers: 9 | - everest.percona.com/readonly-protection 10 | annotations: 11 | "helm.sh/hook": post-install 12 | "helm.sh/resource-policy": keep 13 | "helm.sh/hook-weight": "-5" 14 | spec: 15 | engineType: pxc 16 | affinityConfig: 17 | pxc: 18 | engine: 19 | podAntiAffinity: 20 | preferredDuringSchedulingIgnoredDuringExecution: 21 | - podAffinityTerm: 22 | topologyKey: kubernetes.io/hostname 23 | weight: 1 24 | proxy: 25 | podAntiAffinity: 26 | preferredDuringSchedulingIgnoredDuringExecution: 27 | - podAffinityTerm: 28 | topologyKey: kubernetes.io/hostname 29 | weight: 1 30 | --- 31 | apiVersion: everest.percona.com/v1alpha1 32 | kind: PodSchedulingPolicy 33 | metadata: 34 | name: everest-default-postgresql 35 | finalizers: 36 | - everest.percona.com/readonly-protection 37 | annotations: 38 | "helm.sh/hook": post-install 39 | "helm.sh/resource-policy": keep 40 | "helm.sh/hook-weight": "-5" 41 | spec: 42 | engineType: postgresql 43 | affinityConfig: 44 | postgresql: 45 | engine: 46 | podAntiAffinity: 47 | preferredDuringSchedulingIgnoredDuringExecution: 48 | - podAffinityTerm: 49 | topologyKey: kubernetes.io/hostname 50 | weight: 1 51 | proxy: 52 | podAntiAffinity: 53 | preferredDuringSchedulingIgnoredDuringExecution: 54 | - podAffinityTerm: 55 | topologyKey: kubernetes.io/hostname 56 | weight: 1 57 | --- 58 | apiVersion: everest.percona.com/v1alpha1 59 | kind: PodSchedulingPolicy 60 | metadata: 61 | name: everest-default-mongodb 62 | finalizers: 63 | - everest.percona.com/readonly-protection 64 | annotations: 65 | "helm.sh/hook": post-install 66 | "helm.sh/resource-policy": keep 67 | "helm.sh/hook-weight": "-5" 68 | spec: 69 | engineType: psmdb 70 | affinityConfig: 71 | psmdb: 72 | engine: 73 | podAntiAffinity: 74 | preferredDuringSchedulingIgnoredDuringExecution: 75 | - podAffinityTerm: 76 | topologyKey: kubernetes.io/hostname 77 | weight: 1 78 | proxy: 79 | podAntiAffinity: 80 | preferredDuringSchedulingIgnoredDuringExecution: 81 | - podAffinityTerm: 82 | topologyKey: kubernetes.io/hostname 83 | weight: 1 84 | configServer: 85 | podAntiAffinity: 86 | preferredDuringSchedulingIgnoredDuringExecution: 87 | - podAffinityTerm: 88 | topologyKey: kubernetes.io/hostname 89 | weight: 1 90 | --- 91 | {{- end }} -------------------------------------------------------------------------------- /charts/everest/charts/common/templates/_csv_cleanup.yaml.tpl: -------------------------------------------------------------------------------- 1 | # 2 | # @param .namespace The namespace where the operator is installed 3 | # 4 | {{- define "everest.csvCleanup" }} 5 | {{- $hookName := printf "everest-helm-pre-delete-hook" }} 6 | apiVersion: v1 7 | kind: ServiceAccount 8 | metadata: 9 | name: {{ $hookName }} 10 | namespace: {{ .namespace }} 11 | annotations: 12 | "helm.sh/hook": pre-delete 13 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 14 | --- 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: {{ $hookName }} 19 | namespace: {{ .namespace }} 20 | annotations: 21 | "helm.sh/hook": pre-delete 22 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 23 | rules: 24 | - apiGroups: 25 | - operators.coreos.com 26 | resources: 27 | - clusterserviceversions 28 | - subscriptions 29 | verbs: 30 | - delete 31 | - list 32 | --- 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | kind: RoleBinding 35 | metadata: 36 | name: {{ $hookName }} 37 | namespace: {{ .namespace }} 38 | annotations: 39 | "helm.sh/hook": pre-delete 40 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 41 | roleRef: 42 | apiGroup: rbac.authorization.k8s.io 43 | kind: Role 44 | name: {{ $hookName }} 45 | subjects: 46 | - kind: ServiceAccount 47 | name: {{ $hookName }} 48 | namespace: {{ .namespace }} 49 | --- 50 | apiVersion: batch/v1 51 | kind: Job 52 | metadata: 53 | name: {{ $hookName }}-{{ randNumeric 6 }} 54 | namespace: {{ .namespace }} 55 | annotations: 56 | "helm.sh/hook": pre-delete 57 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 58 | spec: 59 | template: 60 | spec: 61 | containers: 62 | - image: bitnami/kubectl:latest 63 | name: {{ $hookName }} 64 | command: 65 | - /bin/sh 66 | - -c 67 | - | 68 | kubectl delete subscription -n {{ .namespace }} --all --wait 69 | kubectl delete csv -n {{ .namespace }} --all --wait 70 | dnsPolicy: ClusterFirst 71 | restartPolicy: OnFailure 72 | serviceAccount: {{ $hookName }} 73 | serviceAccountName: {{ $hookName }} 74 | terminationGracePeriodSeconds: 30 75 | --- 76 | {{- end }} 77 | -------------------------------------------------------------------------------- /charts/everest/charts/common/templates/_db_resources_cleanup.yaml.tpl: -------------------------------------------------------------------------------- 1 | # 2 | # @param .namespace The namespace where DB and its resources are deployed 3 | # 4 | {{- define "everest.dbResourcesCleanup" }} 5 | {{- $hookName := printf "everest-helm-pre-delete-db-resource-cleanup" }} 6 | apiVersion: v1 7 | kind: ServiceAccount 8 | metadata: 9 | name: {{ $hookName }} 10 | namespace: {{ .namespace }} 11 | annotations: 12 | "helm.sh/hook": pre-delete 13 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 14 | "helm.sh/hook-weight": "-1" 15 | --- 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | kind: Role 18 | metadata: 19 | name: {{ $hookName }} 20 | namespace: {{ .namespace }} 21 | annotations: 22 | "helm.sh/hook": pre-delete 23 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 24 | "helm.sh/hook-weight": "-1" 25 | rules: 26 | - apiGroups: 27 | - everest.percona.com 28 | resources: 29 | - databaseclusters 30 | - backupstorages 31 | - monitoringconfigs 32 | verbs: 33 | - get 34 | - delete 35 | - list 36 | - watch 37 | --- 38 | apiVersion: rbac.authorization.k8s.io/v1 39 | kind: RoleBinding 40 | metadata: 41 | name: {{ $hookName }} 42 | namespace: {{ .namespace }} 43 | annotations: 44 | "helm.sh/hook": pre-delete 45 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 46 | "helm.sh/hook-weight": "-1" 47 | roleRef: 48 | apiGroup: rbac.authorization.k8s.io 49 | kind: Role 50 | name: {{ $hookName }} 51 | subjects: 52 | - kind: ServiceAccount 53 | name: {{ $hookName }} 54 | namespace: {{ .namespace }} 55 | --- 56 | apiVersion: batch/v1 57 | kind: Job 58 | metadata: 59 | name: {{ $hookName }}-{{ randNumeric 6 }} 60 | namespace: {{ .namespace }} 61 | annotations: 62 | "helm.sh/hook": pre-delete 63 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 64 | "helm.sh/hook-weight": "-1" 65 | spec: 66 | template: 67 | spec: 68 | containers: 69 | - image: bitnami/kubectl:latest 70 | name: {{ $hookName }} 71 | command: 72 | - /bin/sh 73 | - -ec 74 | args: 75 | - | 76 | echo "Deleting DatabaseClusters" 77 | kubectl delete databaseclusters -n {{ .namespace }} --all --wait --cascade='foreground' 78 | 79 | echo "Deleting BackupStorages" 80 | kubectl delete backupstorages -n {{ .namespace }} --all --wait 81 | 82 | echo "Deleting MonitoringConfigs" 83 | kubectl delete monitoringconfigs -n {{ .namespace }} --all --wait 84 | dnsPolicy: ClusterFirst 85 | restartPolicy: OnFailure 86 | serviceAccount: {{ $hookName }} 87 | serviceAccountName: {{ $hookName }} 88 | terminationGracePeriodSeconds: 30 89 | --- 90 | {{- end }} 91 | 92 | -------------------------------------------------------------------------------- /charts/everest/charts/common/templates/_psp_cleanup.yaml.tpl: -------------------------------------------------------------------------------- 1 | # Cleanup all default pod scheduling policies during uninstall. 2 | # 3 | # @param .namespace The namespace where Everest server is installed 4 | # 5 | {{- define "everest.pspCleanup" }} 6 | {{- $hookName := printf "everest-helm-psp-cleanup-hook" }} 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: {{ $hookName }} 11 | namespace: {{ .namespace }} 12 | annotations: 13 | "helm.sh/hook": post-delete 14 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 15 | "helm.sh/hook-weight": "-5" 16 | --- 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | kind: ClusterRole 19 | metadata: 20 | name: {{ $hookName }} 21 | annotations: 22 | "helm.sh/hook": post-delete 23 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 24 | "helm.sh/hook-weight": "-5" 25 | rules: 26 | - apiGroups: 27 | - everest.percona.com 28 | resources: 29 | - podschedulingpolicies 30 | verbs: 31 | - get 32 | - list 33 | - patch 34 | - delete 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: ClusterRoleBinding 38 | metadata: 39 | name: {{ $hookName }} 40 | annotations: 41 | "helm.sh/hook": post-delete 42 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 43 | "helm.sh/hook-weight": "-5" 44 | roleRef: 45 | apiGroup: rbac.authorization.k8s.io 46 | kind: ClusterRole 47 | name: {{ $hookName }} 48 | subjects: 49 | - kind: ServiceAccount 50 | name: {{ $hookName }} 51 | namespace: {{ .namespace }} 52 | --- 53 | apiVersion: batch/v1 54 | kind: Job 55 | metadata: 56 | name: {{ $hookName }}-{{ randNumeric 6 }} 57 | namespace: {{ .namespace }} 58 | annotations: 59 | "helm.sh/hook": post-delete 60 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 61 | "helm.sh/hook-weight": "-5" 62 | spec: 63 | template: 64 | spec: 65 | containers: 66 | - image: bitnami/kubectl:latest 67 | name: {{ $hookName }} 68 | command: 69 | - /bin/sh 70 | - -c 71 | - | 72 | for pspName in `kubectl get podschedulingpolicy -o jsonpath='{.items[?(@.metadata.finalizers[*]=="everest.percona.com/readonly-protection")].metadata.name}'` 73 | do 74 | kubectl patch podschedulingpolicy/$pspName -p '{"metadata":{"finalizers":[]}}' --type=merge 75 | kubectl delete $pspName 76 | done 77 | dnsPolicy: ClusterFirst 78 | restartPolicy: OnFailure 79 | serviceAccount: {{ $hookName }} 80 | serviceAccountName: {{ $hookName }} 81 | terminationGracePeriodSeconds: 30 82 | --- 83 | {{- end }} 84 | -------------------------------------------------------------------------------- /charts/everest/charts/common/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/percona/percona-helm-charts/b8ed7639c04d7e3a8b6bd195a5c1c664a1ec9539/charts/everest/charts/common/values.yaml -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: file://../common 4 | version: 0.0.17 5 | digest: sha256:6fd60645ad5f5709f5b8544db58a3ea055b88b2a5b9761855bb738b374520091 6 | generated: "2025-06-04T11:11:14.48524+03:00" 7 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: everest-db-namespace 3 | description: A sub-chart for provisioning Everest DB namespaces. 4 | type: application 5 | version: 0.0.0 6 | appVersion: 0.0.0 7 | kubeVersion: '>= 1.27.0-0' 8 | dependencies: 9 | - name: common 10 | version: 0.0.* 11 | repository: "file://../common" 12 | maintainers: 13 | - name: mayankshah1607 14 | email: mayank.shah@percona.com 15 | - name: oksana-grishchenko 16 | email: oksana.grishchenko@percona.com 17 | - name: recharte 18 | email: diogo.recharte@percona.com 19 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/README.md: -------------------------------------------------------------------------------- 1 | # everest-db-namespace 2 | 3 | ![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square) 4 | 5 | A sub-chart for provisioning Everest DB namespaces. 6 | 7 | ## Maintainers 8 | 9 | | Name | Email | Url | 10 | | ---- | ------ | --- | 11 | | mayankshah1607 | | | 12 | | oksana-grishchenko | | | 13 | | recharte | | | 14 | 15 | ## Requirements 16 | 17 | Kubernetes: `>= 1.27.0-0` 18 | 19 | | Repository | Name | Version | 20 | |------------|------|---------| 21 | | file://../common | common | 0.0.* | 22 | 23 | ## Values 24 | 25 | | Key | Type | Default | Description | 26 | |-----|------|---------|-------------| 27 | | cleanupOnUninstall | bool | `true` | If set, cleans up the DB resources on uninstall. | 28 | | compatibility.openshift | bool | `false` | If set, enable OpenShift compatibility. | 29 | | namespaceOverride | string | `""` | Namespace override. Defaults to the value of .Release.Namespace. | 30 | | postgresql | bool | `true` | If set, installs the Percona Postgresql Server operator. | 31 | | psmdb | bool | `true` | If set, installs the Percona Server MongoDB operator. | 32 | | pxc | bool | `true` | If set, installs the Percona XtraDB Cluster operator. | 33 | | telemetry | bool | `true` | If set, enabled sending telemetry information. | 34 | 35 | ---------------------------------------------- 36 | Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) 37 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Allows overriding the install namespace in combined charts. 3 | */}} 4 | {{- define "db.namespace" -}} 5 | {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Allow overriding OLM namespace 10 | */}} 11 | {{- define "db.olmNamespace"}} 12 | {{- if .Values.compatibility.openshift }} 13 | {{- "openshift-marketplace" }} 14 | {{- else }} 15 | {{- .Values.olm.namespace }} 16 | {{- end }} 17 | {{- end }} 18 | 19 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/hooks.yaml: -------------------------------------------------------------------------------- 1 | {{- include "everest.csvCleanup" (dict "namespace" (include "db.namespace" .)) }} 2 | --- 3 | {{- include "everest.operatorsInstaller" (dict "namespace" (include "db.namespace" .)) }} 4 | --- 5 | {{ if .Values.cleanupOnUninstall }} 6 | {{- include "everest.dbResourcesCleanup" (dict "namespace" (include "db.namespace" .)) }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.namespaceOverride }} 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: {{ .Values.namespaceOverride }} 6 | labels: 7 | app.kubernetes.io/managed-by: everest 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: everest-databases 5 | namespace: {{ include "db.namespace" . }} 6 | spec: 7 | targetNamespaces: 8 | - {{ include "db.namespace" . }} 9 | upgradeStrategy: Default 10 | 11 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/pg.subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.postgresql }} 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: percona-postgresql-operator 6 | namespace: {{ include "db.namespace" . }} 7 | annotations: 8 | # This annotation ensures that the Subscription is not removed 9 | # during upgrade, which could otherwise result in a broken installation. 10 | # The uninstallation of operators is handled gracefully in the pre-delete hook. 11 | helm.sh/resource-policy: keep 12 | spec: 13 | channel: stable-v2 14 | installPlanApproval: Manual 15 | name: percona-postgresql-operator 16 | source: everest-catalog 17 | sourceNamespace: {{ include "db.olmNamespace" . }} 18 | config: 19 | env: 20 | - name: DISABLE_TELEMETRY 21 | {{- if not $.Values.telemetry }} 22 | value: "true" 23 | {{- else }} 24 | value: "false" 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/psmdb.subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.psmdb }} 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: percona-server-mongodb-operator 6 | namespace: {{ include "db.namespace" . }} 7 | annotations: 8 | # This annotation ensures that the Subscription is not removed 9 | # during upgrade, which could otherwise result in a broken installation. 10 | # The uninstallation of operators is handled gracefully in the pre-delete hook. 11 | helm.sh/resource-policy: keep 12 | spec: 13 | channel: stable-v1 14 | installPlanApproval: Manual 15 | name: percona-server-mongodb-operator 16 | source: everest-catalog 17 | sourceNamespace: {{ include "db.olmNamespace" . }} 18 | config: 19 | env: 20 | - name: DISABLE_TELEMETRY 21 | {{- if not $.Values.telemetry }} 22 | value: "true" 23 | {{- else }} 24 | value: "false" 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/templates/pxc.subscription.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pxc }} 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: percona-xtradb-cluster-operator 6 | namespace: {{ include "db.namespace" . }} 7 | annotations: 8 | # This annotation ensures that the Subscription is not removed 9 | # during upgrade, which could otherwise result in a broken installation. 10 | # The uninstallation of operators is handled gracefully in the pre-delete hook. 11 | helm.sh/resource-policy: keep 12 | spec: 13 | channel: stable-v1 14 | installPlanApproval: Manual 15 | name: percona-xtradb-cluster-operator 16 | source: everest-catalog 17 | sourceNamespace: {{ include "db.olmNamespace" . }} 18 | config: 19 | env: 20 | - name: DISABLE_TELEMETRY 21 | {{- if not $.Values.telemetry }} 22 | value: "true" 23 | {{- else }} 24 | value: "false" 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/everest/charts/everest-db-namespace/values.yaml: -------------------------------------------------------------------------------- 1 | compatibility: 2 | # -- If set, enable OpenShift compatibility. 3 | openshift: false 4 | # -- Namespace override. Defaults to the value of .Release.Namespace. 5 | namespaceOverride: "" 6 | # -- If set, enabled sending telemetry information. 7 | telemetry: true 8 | # -- If set, installs the Percona Server MongoDB operator. 9 | psmdb: true 10 | # -- If set, installs the Percona XtraDB Cluster operator. 11 | pxc: true 12 | # -- If set, installs the Percona Postgresql Server operator. 13 | postgresql: true 14 | 15 | # @ignore 16 | olm: 17 | # -- Namespace where OLM is installed in the cluster. 18 | namespace: everest-olm 19 | # -- If set, cleans up the DB resources on uninstall. 20 | cleanupOnUninstall: true 21 | -------------------------------------------------------------------------------- /charts/everest/docs/application-db-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: everest-db 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: everest 9 | server: https://kubernetes.default.svc 10 | project: default 11 | source: 12 | chart: everest-db-namespace 13 | repoURL: https://percona.github.io/percona-helm-charts/ 14 | targetRevision: 1.3.0 15 | syncPolicy: 16 | syncOptions: 17 | - CreateNamespace=true 18 | - ServerSideApply=true 19 | 20 | -------------------------------------------------------------------------------- /charts/everest/docs/application.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: everest 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: everest-system 9 | server: https://kubernetes.default.svc 10 | ignoreDifferences: 11 | # If `server.jwtKey` is not set, the Secret will be updated with 12 | # a new random key on every sync. 13 | - group: "" 14 | jsonPointers: 15 | - /data 16 | kind: Secret 17 | name: everest-jwt 18 | namespace: everest-system 19 | - group: "" 20 | jsonPointers: 21 | - /data 22 | kind: Secret 23 | name: everest-accounts 24 | namespace: everest-system 25 | # If deploying OLM without using cert-manager, the certificates are 26 | # are changed on every sync since they are randomly generated. 27 | - group: "" 28 | jsonPointers: 29 | - /data 30 | kind: Secret 31 | name: packageserver-service-cert 32 | namespace: everest-olm 33 | - group: apiregistration.k8s.io 34 | jqPathExpressions: 35 | - .spec.caBundle 36 | - .metadata.annotations 37 | kind: APIService 38 | name: v1.packages.operators.coreos.com 39 | project: default 40 | source: 41 | chart: everest 42 | helm: 43 | parameters: 44 | - name: dbNamespace.enabled 45 | value: "false" 46 | - name: upgrade.preflightChecks 47 | value: "false" 48 | repoURL: https://percona.github.io/percona-helm-charts/ 49 | targetRevision: 1.3.0 50 | syncPolicy: 51 | syncOptions: 52 | - CreateNamespace=true 53 | - RespectIgnoreDifferences=true 54 | - ServerSideApply=true 55 | -------------------------------------------------------------------------------- /charts/everest/docs/openshift.md: -------------------------------------------------------------------------------- 1 | # Installing Percona Everest on OpenShift 2 | 3 | The Percona Everest Helm chart can be installed on OpenShift with some additional configuration steps. 4 | 5 | > Note: Support for OpenShift is currently in progress, so it may not work as expected. If you encounter any issues, please report them by creating a new issue [here](https://github.com/percona/everest/issues/new). 6 | 7 | ## 1. Install Everest 8 | 9 | Run the following command to install Everest with OpenShift compatibility enabled: 10 | 11 | ```sh 12 | helm install everest-core percona/everest \ 13 | --namespace everest-system \ 14 | --create-namespace \ 15 | --set compatibility.openshift=true \ 16 | --set dbNamespace.compatibility.openshift=true \ 17 | --set kube-state-metrics.securityContext.enabled=false \ 18 | --set kube-state-metrics.rbac.create=false 19 | ``` 20 | 21 | ## 2. (Optional) Update RBAC for kube-state-metrics 22 | 23 | If you're using a chart version older than 1.5.0, you must manually create a `ClusterRoleBinding` for kube-state-metrics. Use the following YAML: 24 | 25 | ```sh 26 | cat < Note: For versions 1.5.0 and above, this `ClusterRoleBinding` is created automatically when you set `compatibility.openshift=true`. 43 | 44 | ## 3. (Optional) Install additional database namespaces 45 | 46 | If you need to add database namespaces, run the following command with OpenShift compatibility enabled: 47 | 48 | ``` 49 | helm install everest \ 50 | percona/everest-db-namespace \ 51 | --create-namespace \ 52 | --namespace everest \ 53 | --set compatibility.openshift=true 54 | ``` 55 | 56 | For detailed instructions, refer to the guide linked [here](../README.md), but adjust the installation parameters according to the values specified in this document. 57 | 58 | -------------------------------------------------------------------------------- /charts/everest/everest-admin.yaml.tpl: -------------------------------------------------------------------------------- 1 | admin: 2 | passwordHash: {{ .Values.server.initialAdminPassword | default (randAlphaNum 64) }} 3 | enabled: true 4 | capabilities: 5 | - login 6 | -------------------------------------------------------------------------------- /charts/everest/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/percona/percona-helm-charts/charts/everest 2 | 3 | go 1.23.2 4 | -------------------------------------------------------------------------------- /charts/everest/helm.go: -------------------------------------------------------------------------------- 1 | package everest 2 | 3 | import "embed" 4 | 5 | // Chart contains the Everest Helm chart files. 6 | // 7 | //go:embed all:* 8 | var Chart embed.FS 9 | -------------------------------------------------------------------------------- /charts/everest/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Release.IsInstall }} 2 | {{- $pfSrcPort := "8080" }} 3 | {{- $pfDstPort := "8080" }} 4 | {{- $pfUrlProto := "http" }} 5 | {{- if .Values.server.tls.enabled }} 6 | {{- $pfSrcPort = "8443" }} 7 | {{- $pfDstPort = "443" }} 8 | {{- $pfUrlProto = "https" }} 9 | {{- end }} 10 | {{- $pfCmd := printf "kubectl port-forward svc/%s %s:%s -n %s" .Values.server.service.name $pfSrcPort $pfDstPort .Release.Namespace }} 11 | {{- $pfUrl := printf "%s://localhost:%s" $pfUrlProto $pfSrcPort }} 12 | Thank you for installing Everest (v{{ .Chart.AppVersion }})! 13 | 14 | Follow the steps below to get started: 15 | {{ if not .Values.dbNamespace.enabled }} 16 | PROVISION A NAMESPACE FOR YOUR DATABASES 17 | ========================================= 18 | 19 | Install a namespace for your databases using the following command: 20 | 21 | helm install everest percona/everest-db-namespace --namespace everest --create-namespace 22 | 23 | {{- end }} 24 | 25 | RETRIEVE THE INITIAL ADMIN PASSWORD 26 | ==================================== 27 | 28 | Run the following command to fetch the initial admin password: 29 | 30 | kubectl get secret everest-accounts -n everest-system -o jsonpath='{.data.users\.yaml}' | base64 --decode | yq '.admin.passwordHash' 31 | 32 | **Note:** The initial password is stored in plain text. For security, change it immediately using the following command: 33 | 34 | everestctl accounts set-password -u admin 35 | 36 | ACCESS THE EVEREST UI 37 | ====================== 38 | 39 | To access the web UI, set up port-forwarding and visit {{ $pfUrl }} in your browser: 40 | 41 | {{ $pfCmd }} 42 | {{- end }} 43 | 44 | {{- if .Release.IsUpgrade }} 45 | Everest has been successfully upgraded to version {{ .Chart.AppVersion }}! 46 | {{- end }} 47 | 48 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-catalogsource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: CatalogSource 3 | metadata: 4 | name: everest-catalog 5 | namespace: {{ include "everest.olmNamespace" . }} 6 | spec: 7 | displayName: Everest Catalog 8 | grpcPodConfig: 9 | securityContextConfig: restricted 10 | image: {{ .Values.olm.catalogSourceImage }}:{{ .Chart.Version }} 11 | publisher: Percona 12 | sourceType: grpc 13 | updateStrategy: 14 | registryPoll: 15 | interval: 45m 16 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/catalog-operator.deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: catalog-operator 6 | namespace: {{ include "everest.olmNamespace" . }} 7 | labels: 8 | app: catalog-operator 9 | spec: 10 | strategy: 11 | type: RollingUpdate 12 | replicas: 1 13 | selector: 14 | matchLabels: 15 | app: catalog-operator 16 | template: 17 | metadata: 18 | labels: 19 | app: catalog-operator 20 | spec: 21 | securityContext: 22 | runAsNonRoot: true 23 | seccompProfile: 24 | type: RuntimeDefault 25 | serviceAccountName: olm-operator-serviceaccount 26 | containers: 27 | - name: catalog-operator 28 | securityContext: 29 | allowPrivilegeEscalation: false 30 | capabilities: 31 | drop: [ "ALL" ] 32 | command: 33 | - /bin/catalog 34 | args: 35 | - '--namespace' 36 | - everest-olm 37 | - --configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest 38 | - --util-image 39 | - {{ .Values.olm.image }} 40 | - --set-workload-user-id=true 41 | image: {{ .Values.olm.image }} 42 | imagePullPolicy: IfNotPresent 43 | ports: 44 | - containerPort: 8080 45 | name: metrics 46 | livenessProbe: 47 | httpGet: 48 | path: /healthz 49 | port: 8080 50 | scheme: HTTP 51 | readinessProbe: 52 | httpGet: 53 | path: /healthz 54 | port: 8080 55 | scheme: HTTP 56 | terminationMessagePolicy: FallbackToLogsOnError 57 | resources: 58 | requests: 59 | cpu: 10m 60 | memory: 80Mi 61 | nodeSelector: 62 | kubernetes.io/os: linux 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/certs.certmanager.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | {{- if eq .Values.olm.packageserver.tls.type "cert-manager"}} 3 | {{- $tls := fromYaml (include "olm.certs" .) }} 4 | --- 5 | apiVersion: cert-manager.io/v1 6 | kind: Issuer 7 | metadata: 8 | name: olm-ca-issuer 9 | namespace: {{ include "everest.olmNamespace" . }} 10 | spec: 11 | selfSigned: {} 12 | --- 13 | apiVersion: cert-manager.io/v1 14 | kind: Certificate 15 | metadata: 16 | name: olm-ca-cert 17 | namespace: {{ include "everest.olmNamespace" . }} 18 | spec: 19 | secretName: olm-ca-cert 20 | duration: 87600h # 10 year 21 | renewBefore: 720h # 30 days 22 | isCA: true 23 | commonName: olm-ca 24 | issuerRef: 25 | name: olm-ca-issuer 26 | kind: Issuer 27 | --- 28 | apiVersion: cert-manager.io/v1 29 | kind: Issuer 30 | metadata: 31 | name: olm-cert-issuer 32 | namespace: {{ include "everest.olmNamespace" . }} 33 | spec: 34 | ca: 35 | secretName: olm-ca-cert 36 | --- 37 | apiVersion: cert-manager.io/v1 38 | kind: Certificate 39 | metadata: 40 | name: olm-packageserver-tls 41 | namespace: {{ include "everest.olmNamespace" . }} 42 | spec: 43 | secretName: packageserver-service-cert 44 | commonName: {{ $tls.commonName }} 45 | dnsNames: {{ toYaml $tls.altNames | nindent 4 }} 46 | duration: 8760h # 1 year 47 | issuerRef: 48 | name: olm-cert-issuer 49 | kind: Issuer 50 | --- 51 | {{- end }} 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:controller:operator-lifecycle-manager 6 | rules: 7 | - apiGroups: ["*"] 8 | resources: ["*"] 9 | verbs: ["*"] 10 | - nonResourceURLs: ["*"] 11 | verbs: ["*"] 12 | --- 13 | kind: ClusterRole 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | metadata: 16 | name: aggregate-olm-edit 17 | labels: 18 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 19 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 20 | rules: 21 | - apiGroups: ["operators.coreos.com"] 22 | resources: ["subscriptions"] 23 | verbs: ["create", "update", "patch", "delete"] 24 | - apiGroups: ["operators.coreos.com"] 25 | resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] 26 | verbs: ["delete"] 27 | --- 28 | kind: ClusterRole 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | metadata: 31 | name: aggregate-olm-view 32 | labels: 33 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 34 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 35 | rbac.authorization.k8s.io/aggregate-to-view: "true" 36 | rules: 37 | - apiGroups: ["operators.coreos.com"] 38 | resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] 39 | verbs: ["get", "list", "watch"] 40 | - apiGroups: ["packages.operators.coreos.com"] 41 | resources: ["packagemanifests", "packagemanifests/icon"] 42 | verbs: ["get", "list", "watch"] 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: olm-operator-binding-olm 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: system:controller:operator-lifecycle-manager 10 | subjects: 11 | - kind: ServiceAccount 12 | namespace: {{ include "everest.olmNamespace" . }} 13 | name: olm-operator-serviceaccount 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: {{ include "everest.olmNamespace" . }} 6 | {{- end }} 7 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/olm-operator.deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: olm-operator 6 | namespace: {{ include "everest.olmNamespace" . }} 7 | labels: 8 | app: olm-operator 9 | spec: 10 | strategy: 11 | type: RollingUpdate 12 | replicas: 1 13 | selector: 14 | matchLabels: 15 | app: olm-operator 16 | template: 17 | metadata: 18 | labels: 19 | app: olm-operator 20 | spec: 21 | securityContext: 22 | runAsNonRoot: true 23 | seccompProfile: 24 | type: RuntimeDefault 25 | serviceAccountName: olm-operator-serviceaccount 26 | containers: 27 | - name: olm-operator 28 | securityContext: 29 | allowPrivilegeEscalation: false 30 | capabilities: 31 | drop: [ "ALL" ] 32 | command: 33 | - /bin/olm 34 | args: 35 | - --namespace 36 | - $(OPERATOR_NAMESPACE) 37 | - --writeStatusName 38 | - "" 39 | image: {{ .Values.olm.image }} 40 | imagePullPolicy: IfNotPresent 41 | ports: 42 | - containerPort: 8080 43 | name: metrics 44 | livenessProbe: 45 | httpGet: 46 | path: /healthz 47 | port: 8080 48 | scheme: HTTP 49 | readinessProbe: 50 | httpGet: 51 | path: /healthz 52 | port: 8080 53 | scheme: HTTP 54 | terminationMessagePolicy: FallbackToLogsOnError 55 | env: 56 | - name: OPERATOR_NAMESPACE 57 | valueFrom: 58 | fieldRef: 59 | fieldPath: metadata.namespace 60 | - name: OPERATOR_NAME 61 | value: olm-operator 62 | resources: 63 | requests: 64 | cpu: 10m 65 | memory: 160Mi 66 | nodeSelector: 67 | kubernetes.io/os: linux 68 | {{- end }} 69 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/olmconfig.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: operators.coreos.com/v1 3 | kind: OLMConfig 4 | metadata: 5 | name: cluster 6 | {{- end }} 7 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/packageserver.apiservice.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | {{- $tls := fromYaml (include "olm.certs" .) }} 3 | {{- $apiService := (lookup "apiregistration.k8s.io/v1" "APIService" "" "v1.packages.operators.coreos.com") -}} 4 | {{- $secret := (lookup "v1" "Secret" (include "everest.olmNamespace" .) "packageserver-service-cert") -}} 5 | --- 6 | apiVersion: apiregistration.k8s.io/v1 7 | kind: APIService 8 | metadata: 9 | name: v1.packages.operators.coreos.com 10 | annotations: 11 | {{- if eq .Values.olm.packageserver.tls.type "cert-manager" }} 12 | cert-manager.io/inject-ca-from: {{ (include "everest.olmNamespace" .) }}/olm-packageserver-tls 13 | {{- end }} 14 | spec: 15 | {{- if ne .Values.olm.packageserver.tls.type "cert-manager" }} 16 | {{- if $apiService }} 17 | caBundle: {{ $apiService.spec.caBundle }} 18 | {{- else }} 19 | caBundle: {{ $tls.caCert }} 20 | {{- end }} 21 | {{- end }} 22 | group: packages.operators.coreos.com 23 | groupPriorityMinimum: 2000 24 | version: v1 25 | versionPriority: 800 26 | service: 27 | name: packageserver-service 28 | namespace: {{ include "everest.olmNamespace" . }} 29 | port: 5443 30 | --- 31 | {{- if ne .Values.olm.packageserver.tls.type "cert-manager" }} 32 | apiVersion: v1 33 | data: 34 | {{- if $secret }} 35 | {{- range $key, $value := $secret.data }} 36 | {{ $key }}: {{ $value }} 37 | {{- end }} 38 | {{- else }} 39 | tls.crt: {{ $tls.tlsCert }} 40 | tls.key: {{ $tls.tlsKey }} 41 | {{- end }} 42 | kind: Secret 43 | metadata: 44 | name: packageserver-service-cert 45 | namespace: {{ include "everest.olmNamespace" . }} 46 | type: kubernetes.io/tls 47 | {{- end }} 48 | {{- end }} 49 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/packageserver.rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: packageserver-clusterrole 6 | rules: 7 | - apiGroups: 8 | - authorization.k8s.io 9 | resources: 10 | - subjectaccessreviews 11 | verbs: 12 | - create 13 | - get 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - configmaps 18 | verbs: 19 | - list 20 | - get 21 | - watch 22 | - apiGroups: 23 | - operators.coreos.com 24 | resources: 25 | - catalogsources 26 | verbs: 27 | - list 28 | - get 29 | - watch 30 | - apiGroups: 31 | - packages.operators.coreos.com 32 | resources: 33 | - packagemanifests 34 | verbs: ["*"] 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: ClusterRoleBinding 38 | metadata: 39 | name: packageserver-clusterrolebinding 40 | roleRef: 41 | apiGroup: rbac.authorization.k8s.io 42 | kind: ClusterRole 43 | name: packageserver-clusterrole 44 | subjects: 45 | - kind: ServiceAccount 46 | name: olm-operator-serviceaccount 47 | namespace: {{ include "everest.olmNamespace" . }} 48 | {{- end }} 49 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/packageserver.service.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: packageserver-service 6 | namespace: {{ include "everest.olmNamespace" . }} 7 | spec: 8 | internalTrafficPolicy: Cluster 9 | ports: 10 | - name: "5443" 11 | port: 5443 12 | protocol: TCP 13 | targetPort: 5443 14 | selector: 15 | app: packageserver 16 | type: ClusterIP 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-olm/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and (not .Values.compatibility.openshift) .Values.olm.install) }} 2 | kind: ServiceAccount 3 | apiVersion: v1 4 | metadata: 5 | name: olm-operator-serviceaccount 6 | namespace: {{ include "everest.olmNamespace" . }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/backupstorage-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-backupstorage-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - backupstorages 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - backupstorages/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/backupstorage-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-backupstorage-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - backupstorages 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - backupstorages/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databasecluster-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databasecluster-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseclusters 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - databaseclusters/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databasecluster-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databasecluster-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseclusters 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - databaseclusters/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databaseclusterbackup-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databaseclusterbackup-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseclusterbackups 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - databaseclusterbackups/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databaseclusterbackup-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databaseclusterbackup-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseclusterbackups 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - databaseclusterbackups/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databaseclusterrestore-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databaseclusterrestore-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseclusterrestores 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - databaseclusterrestores/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databaseclusterrestore-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databaseclusterrestore-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseclusterrestores 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - databaseclusterrestores/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databaseengine-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databaseengine-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseengines 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - databaseengines/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/databaseengine-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-databaseengine-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - databaseengines 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - databaseengines/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: everest-operator 5 | namespace: {{ include "everest.namespace" . }} 6 | spec: 7 | replicas: 1 8 | revisionHistoryLimit: 1 9 | selector: 10 | matchLabels: 11 | app: everest-operator 12 | strategy: 13 | rollingUpdate: 14 | maxSurge: 25% 15 | maxUnavailable: 25% 16 | type: RollingUpdate 17 | template: 18 | metadata: 19 | labels: 20 | app: everest-operator 21 | spec: 22 | containers: 23 | - args: 24 | {{- if .Values.operator.enableLeaderElection }} 25 | - --leader-elect 26 | {{- end }} 27 | - --metrics-bind-address=:8443 28 | - --health-probe-bind-address=:8081 29 | - --monitoring-namespace={{ .Values.monitoring.namespaceOverride }} 30 | - --system-namespace={{ include "everest.namespace" . }} 31 | command: 32 | - /manager 33 | image: {{ .Values.operator.image }}:{{ .Chart.Version }} 34 | imagePullPolicy: IfNotPresent 35 | livenessProbe: 36 | failureThreshold: 3 37 | httpGet: 38 | path: /healthz 39 | port: 8081 40 | scheme: HTTP 41 | initialDelaySeconds: 15 42 | periodSeconds: 20 43 | successThreshold: 1 44 | timeoutSeconds: 1 45 | name: manager 46 | readinessProbe: 47 | failureThreshold: 3 48 | httpGet: 49 | path: /readyz 50 | port: 8081 51 | scheme: HTTP 52 | initialDelaySeconds: 5 53 | periodSeconds: 10 54 | successThreshold: 1 55 | timeoutSeconds: 1 56 | resources: {{ toYaml .Values.operator.resources | nindent 10 }} 57 | env: 58 | - name: POD_NAME 59 | valueFrom: 60 | fieldRef: 61 | fieldPath: metadata.name 62 | - name: PERCONA_VERSION_SERVICE_URL 63 | value: {{ printf "%s/%s" (include "everest.versionMetadataURL" .) "versions/v1" }} 64 | {{- if .Values.operator.env }} 65 | {{- toYaml .Values.operator.env | nindent 8 }} 66 | {{- end }} 67 | securityContext: 68 | allowPrivilegeEscalation: false 69 | capabilities: 70 | drop: 71 | - ALL 72 | terminationMessagePath: /dev/termination-log 73 | terminationMessagePolicy: File 74 | dnsPolicy: ClusterFirst 75 | restartPolicy: Always 76 | schedulerName: default-scheduler 77 | securityContext: 78 | runAsNonRoot: true 79 | serviceAccount: everest-operator-controller-manager 80 | serviceAccountName: everest-operator-controller-manager 81 | terminationGracePeriodSeconds: 10 82 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/leaderelection.role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: everest-operator-leader-election-role 5 | namespace: {{ include "everest.namespace" . }} 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - delete 18 | - patch 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - delete 30 | - patch 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/leaderelection.rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: everest-operator-leader-election-rolebinding 5 | namespace: {{ include "everest.namespace" . }} 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: everest-operator-leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: everest-operator-controller-manager 13 | namespace: {{ include "everest.namespace" .}} 14 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/manager.clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: everest-operator-manager-rolebinding 5 | subjects: 6 | - kind: ServiceAccount 7 | name: everest-operator-controller-manager 8 | namespace: {{ include "everest.namespace" . }} 9 | roleRef: 10 | kind: ClusterRole 11 | name: everest-operator-manager-role 12 | apiGroup: rbac.authorization.k8s.io 13 | 14 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/metrics-auth.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-metrics-auth-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/metrics-auth.clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: everest-operator-metrics-auth-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: everest-operator-metrics-auth-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: everest-operator-controller-manager 12 | namespace: {{ include "everest.namespace" . }} 13 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/metrics.service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: everest-operator-metrics-service 5 | namespace: {{ include "everest.namespace" . }} 6 | spec: 7 | internalTrafficPolicy: Cluster 8 | ipFamilies: 9 | - IPv4 10 | ipFamilyPolicy: SingleStack 11 | ports: 12 | - name: https 13 | port: 8443 14 | protocol: TCP 15 | targetPort: 8443 16 | selector: 17 | app: everest-operator 18 | sessionAffinity: None 19 | type: ClusterIP 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/metricsreader.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | name: everest-operator-metrics-reader 6 | rules: 7 | - nonResourceURLs: 8 | - /metrics 9 | verbs: 10 | - get 11 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/monitoringconfig-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-monitoringconfig-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - monitoringconfigs 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - monitoringconfigs/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/monitoringconfig-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-monitoringconfig-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - monitoringconfigs 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - monitoringconfigs/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/podschedulingpolicy-editor.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-podschedulingpolicy-editor-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - podschedulingpolicies 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch 18 | - apiGroups: 19 | - everest.percona.com 20 | resources: 21 | - podschedulingpolicies/status 22 | verbs: 23 | - get 24 | - patch 25 | - update 26 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/podschedulingpolicy-viewer.clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-operator-podschedulingpolicy-viewer-role 5 | rules: 6 | - apiGroups: 7 | - everest.percona.com 8 | resources: 9 | - podschedulingpolicies 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - everest.percona.com 16 | resources: 17 | - podschedulingpolicies/status 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: everest-operator-local 5 | namespace: {{ include "everest.namespace" . }} 6 | subjects: 7 | - kind: ServiceAccount 8 | name: everest-operator 9 | namespace: {{ .Release.Namespace }} 10 | roleRef: 11 | kind: Role 12 | name: everest-operator 13 | apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-operator/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: everest-operator-controller-manager 5 | namespace: {{ include "everest.namespace" . }} 6 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/accounts.secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Release.IsInstall }} 2 | {{- $secretName := (printf "everest-accounts") -}} 3 | {{- $secret := (lookup "v1" "Secret" (include "everest.namespace" .) $secretName ) -}} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ $secretName }} 8 | namespace: {{ include "everest.namespace" . }} 9 | annotations: 10 | {{- if not $secret }} 11 | insecure-password/admin: "true" 12 | {{- else }} 13 | {{- range $key, $value := $secret.metadata.annotations }} 14 | {{ $key }}: {{ $value | quote }} 15 | {{- end }} 16 | {{- end }} 17 | helm.sh/resource-policy: keep 18 | data: 19 | {{- if not $secret }} 20 | users.yaml: {{ tpl (.Files.Get "everest-admin.yaml.tpl") . | b64enc }} 21 | {{- else }} 22 | users.yaml: {{ index $secret.data "users.yaml" }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Values.server.tls.enabled .Values.server.tls.certificate.create) }} 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: {{ .Values.server.tls.secret.name }} 6 | namespace: {{ include "everest.namespace" . }} 7 | spec: 8 | {{- with .Values.server.tls.certificate.secretTemplate }} 9 | secretTemplate: 10 | annotations: 11 | {{- range $key, $value := .annotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | labels: 15 | {{- range $key, $value := .labels }} 16 | {{ $key }}: {{ $value | quote }} 17 | {{- end }} 18 | {{- end }} 19 | secretName: {{ .Values.server.tls.secret.name }} 20 | commonName: {{ .Values.server.tls.certificate.domain }} 21 | dnsNames: 22 | - {{ .Values.server.tls.certificate.domain }} 23 | {{- range .Values.server.tls.certificate.additionalHosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | {{- with .Values.server.tls.certificate.duration }} 27 | duration: {{ . | quote }} 28 | {{- end }} 29 | {{- with .Values.server.tls.certificate.renewBefore }} 30 | renewBefore: {{ . | quote }} 31 | {{- end }} 32 | issuerRef: 33 | {{- with .Values.server.tls.certificate.issuer.group }} 34 | group: {{ . | quote }} 35 | {{- end }} 36 | kind: {{ .Values.server.tls.certificate.issuer.kind | quote }} 37 | name: {{ .Values.server.tls.certificate.issuer.name | quote }} 38 | {{- with .Values.server.tls.certificate.privateKey }} 39 | privateKey: 40 | {{- toYaml . | nindent 4 }} 41 | {{- end }} 42 | {{- with .Values.server.tls.certificate.usages }} 43 | usages: 44 | {{- toYaml . | nindent 4 }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: everest-admin-cluster-role 5 | rules: 6 | - apiGroups: ["everest.percona.com"] 7 | resources: ["databaseengines"] 8 | verbs: ["get", "list", "update"] 9 | - apiGroups: [""] 10 | resources: ["secrets", "configmaps", "namespaces"] 11 | verbs: ["*"] 12 | - apiGroups: [""] 13 | resources: ["nodes", "pods", "persistentvolumes"] 14 | verbs: ["get", "list"] 15 | - apiGroups: ["storage.k8s.io"] 16 | resources: ["storageclasses"] 17 | verbs: ["list"] 18 | - apiGroups: ["everest.percona.com"] 19 | resources: ["*"] 20 | verbs: ["*"] 21 | - apiGroups: ["operators.coreos.com"] 22 | resources: ["installplans"] 23 | verbs: ["get", "list", "update"] 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: everest-admin-cluster-role-binding 5 | roleRef: 6 | kind: "ClusterRole" 7 | apiGroup: "rbac.authorization.k8s.io" 8 | name: everest-admin-cluster-role 9 | subjects: 10 | - kind: "ServiceAccount" 11 | name: everest-admin 12 | namespace: everest-system 13 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if (ne (include "everest.namespace" .) "everest-system") }} 2 | {{ fail "Namespace cannot be set to anything other than everest-system" }} 3 | {{- end }} 4 | {{- $tlsCertsPath := "/etc/tls" }} 5 | {{- $probeScheme := "HTTP" }} 6 | {{- if .Values.server.tls.enabled }} 7 | {{- $probeScheme = "HTTPS" }} 8 | {{- end }} 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | metadata: 12 | name: everest-server 13 | namespace: {{ include "everest.namespace" . }} 14 | spec: 15 | replicas: 1 16 | strategy: 17 | type: RollingUpdate 18 | selector: 19 | matchLabels: 20 | app.kubernetes.io/name: everest-server 21 | app.kubernetes.io/component: everest-server 22 | template: 23 | metadata: 24 | labels: 25 | app.kubernetes.io/name: everest-server 26 | app.kubernetes.io/component: everest-server 27 | spec: 28 | serviceAccountName: everest-admin 29 | automountServiceAccountToken: true 30 | volumes: 31 | - name: jwt-secret 32 | secret: 33 | secretName: everest-jwt 34 | {{- if .Values.server.tls.enabled }} 35 | - name: tls-certs 36 | secret: 37 | secretName: {{ .Values.server.tls.secret.name }} 38 | {{- end }} 39 | containers: 40 | - name: everest 41 | image: {{ .Values.server.image }}:{{ .Chart.Version }} 42 | ports: 43 | - containerPort: {{ .Values.server.service.port }} 44 | readinessProbe: 45 | httpGet: 46 | path: /healthz 47 | port: {{ .Values.server.service.port }} 48 | scheme: {{ $probeScheme }} 49 | initialDelaySeconds: 5 50 | periodSeconds: 5 51 | livenessProbe: 52 | httpGet: 53 | path: /healthz 54 | port: {{ .Values.server.service.port }} 55 | scheme: {{ $probeScheme }} 56 | initialDelaySeconds: 300 57 | periodSeconds: 15 58 | resources: {{ toYaml .Values.server.resources | nindent 12 }} 59 | volumeMounts: 60 | - name: jwt-secret 61 | mountPath: /etc/jwt 62 | {{- if .Values.server.tls.enabled }} 63 | - name: tls-certs 64 | mountPath: {{ $tlsCertsPath }} 65 | readOnly: true 66 | {{- end }} 67 | env: 68 | {{- if not .Values.telemetry }} 69 | - name: DISABLE_TELEMETRY 70 | value: "true" 71 | {{- end }} 72 | {{- if hasKey .Values.server "apiRequestsRateLimit" }} 73 | - name: API_REQUESTS_RATE_LIMIT 74 | value: "{{ .Values.server.apiRequestsRateLimit }}" 75 | {{- end }} 76 | - name: VERSION_SERVICE_URL 77 | value: {{ (include "everest.versionMetadataURL" .) }} 78 | - name: PORT 79 | value: {{ .Values.server.service.port | quote }} 80 | {{- if .Values.server.tls.enabled }} 81 | - name: TLS_CERTS_PATH 82 | value: {{ $tlsCertsPath | quote }} 83 | {{- end }} 84 | {{- if .Values.server.env }} 85 | {{- toYaml .Values.server.env | nindent 8 }} 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- if and .Values.ingress.ingressClassName (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 3 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 4 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.ingressClassName}} 5 | {{- end }} 6 | {{- end }} 7 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 8 | apiVersion: networking.k8s.io/v1 9 | {{- else -}} 10 | apiVersion: networking.k8s.io/v1beta1 11 | {{- end }} 12 | kind: Ingress 13 | metadata: 14 | name: {{ include "chart.fullname" . }} 15 | namespace: {{ include "everest.namespace" . }} 16 | labels: 17 | {{- include "chart.labels" . | nindent 4 }} 18 | {{- with .Values.ingress.annotations }} 19 | annotations: 20 | {{- toYaml . | nindent 4 }} 21 | {{- end }} 22 | spec: 23 | {{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 24 | ingressClassName: {{ .Values.ingress.ingressClassName }} 25 | {{- end }} 26 | {{- if .Values.ingress.tls }} 27 | tls: 28 | {{- range .Values.ingress.tls }} 29 | - hosts: 30 | {{- range .hosts }} 31 | - {{ . | quote }} 32 | {{- end }} 33 | secretName: {{ .secretName }} 34 | {{- end }} 35 | {{- end }} 36 | rules: 37 | {{- range .Values.ingress.hosts }} 38 | - host: {{ .host | quote }} 39 | http: 40 | paths: 41 | {{- range .paths }} 42 | - path: {{ .path }} 43 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 44 | pathType: {{ .pathType }} 45 | {{- end }} 46 | backend: 47 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 48 | service: 49 | name: {{ $.Values.server.service.name }} 50 | port: 51 | number: {{ $.Values.server.service.port }} 52 | {{- else }} 53 | serviceName: {{ $.Values.server.service.name }} 54 | servicePort: {{ $.Values.server.service.port }} 55 | {{- end }} 56 | {{- end }} 57 | {{- end }} 58 | {{- end }} -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/jwt.secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Release.IsInstall }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "everest-jwt" 6 | namespace: {{ include "everest.namespace" . }} 7 | annotations: 8 | helm.sh/resource-policy: keep 9 | data: 10 | id_rsa: {{ .Values.server.jwtKey | default (genPrivateKey "rsa") | b64enc }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/rbac.configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Release.IsInstall }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "everest-rbac" 6 | namespace: {{ include "everest.namespace" . }} 7 | annotations: 8 | helm.sh/resource-policy: keep 9 | data: 10 | enabled: {{ .Values.server.rbac.enabled | default "false" | quote }} 11 | policy.csv: | 12 | {{- .Values.server.rbac.policy | nindent 4 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: everest-admin-role 5 | namespace: {{ include "everest.namespace" . }} 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["namespaces"] 9 | verbs: ["get", "list"] 10 | - apiGroups: ["apps"] 11 | resources: ["deployments"] 12 | verbs: ["get"] 13 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: everest-admin-role-binding 5 | namespace: {{ include "everest.namespace" . }} 6 | roleRef: 7 | kind: "Role" 8 | apiGroup: "rbac.authorization.k8s.io" 9 | name: everest-admin-role 10 | subjects: 11 | - kind: "ServiceAccount" 12 | name: everest-admin 13 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.server.service.name }} 5 | namespace: {{ include "everest.namespace" . }} 6 | labels: 7 | app.kubernetes.io/name: everest 8 | app.kubernetes.io/component: everest 9 | spec: 10 | selector: 11 | app.kubernetes.io/name: everest-server 12 | app.kubernetes.io/component: everest-server 13 | type: {{ .Values.server.service.type }} 14 | ports: 15 | - protocol: TCP 16 | {{- if .Values.server.tls.enabled }} 17 | name: https 18 | port: 443 19 | {{- else }} 20 | name: http 21 | port: {{ .Values.server.service.port }} 22 | {{- end }} 23 | targetPort: {{ .Values.server.service.port }} 24 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: everest-admin 5 | namespace: {{ include "everest.namespace" . }} 6 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/settings.configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Release.IsInstall }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "everest-settings" 6 | namespace: {{ include "everest.namespace" . }} 7 | annotations: 8 | helm.sh/resource-policy: keep 9 | data: 10 | {{- if .Values.server.oidc }} 11 | oidc.config: | 12 | {{- toYaml .Values.server.oidc | nindent 4 }} 13 | {{- end }} 14 | {{- end }} 15 | 16 | -------------------------------------------------------------------------------- /charts/everest/templates/everest-server/tls.secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if (and .Release.IsInstall .Values.server.tls.enabled (not .Values.server.tls.certificate.create) ) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.server.tls.secret.name }} 6 | namespace: {{ include "everest.namespace" . }} 7 | annotations: 8 | helm.sh/resource-policy: keep 9 | data: 10 | {{- include "everest.tlsCerts" . | trim | nindent 2 }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/everest/templates/hooks.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.upgrade.preflightChecks }} 2 | {{- include "everest.preUpgradeChecks" (dict "namespace" (include "everest.namespace" .) "version" .Chart.Version "versionMetadataURL" (include "everest.versionMetadataURL" .)) }} 3 | {{- end }} 4 | --- 5 | {{- /* 6 | # --- Pod Scheduling Policies 7 | # During the installation of Everest v1.7.0 we need to create default pod scheduling policies. 8 | */}} 9 | 10 | {{- if .Release.IsInstall }} 11 | {{- include "everest.createDefaultPsp" . }} 12 | {{- end }} 13 | 14 | {{- /* # Cleanup all default pod scheduling policies during uninstall. */}} 15 | {{- include "everest.pspCleanup" (dict "namespace" (include "everest.namespace" .)) }} 16 | --- 17 | -------------------------------------------------------------------------------- /charts/everest/templates/ksm-openshift-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | # We need a separate ClusterRoleBinding for OpenShift, as the one that comes pre-installed cannot be bound to the ServiceAccount used 2 | # for Everest's kube-state-metrics installation. 3 | {{- $ksm := (index .Values "kube-state-metrics") -}} 4 | {{- if (and $ksm.enabled .Values.compatibility.openshift )}} 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRoleBinding 7 | metadata: 8 | name: ksm-openshift-cluster-role-binding 9 | roleRef: 10 | kind: "ClusterRole" 11 | apiGroup: "rbac.authorization.k8s.io" 12 | name: kube-state-metrics 13 | subjects: 14 | - kind: "ServiceAccount" 15 | name: kube-state-metrics 16 | namespace: {{ $ksm.namespaceOverride }} 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/everest/templates/monitoring-namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.monitoring.enabled }} 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: {{ .Values.monitoring.namespaceOverride }} 6 | {{- end }} 7 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/apptest/deployer/psmdb-operator/templates/tester.yaml: -------------------------------------------------------------------------------- 1 | # TODO(marketplace-k8s-app-tools/issues/302): Remove this after native 2 | # Testrunner support is added to deployer 3 | apiVersion: v1 4 | # TODO(click-to-deploy/issues/324): Migrate to Job after adding support to 5 | # deployer 6 | # kind: Job 7 | kind: Pod 8 | metadata: 9 | name: "{{ .Release.Name }}-tester" 10 | labels: 11 | app.kubernetes.io/name: "{{ .Release.Name }}" 12 | annotations: 13 | marketplace.cloud.google.com/verification: test 14 | spec: 15 | # TODO(click-to-deploy/issues/324): Add deadline after migrating to Job 16 | # activeDeadlineSeconds: 1200 17 | # TODO(click-to-deploy/issues/323): Remove following dependency on internal name 18 | serviceAccountName: {{ .Values.CDRJobServiceAccount }} 19 | containers: 20 | - name: tester 21 | image: "{{ .Values.testerImage }}" 22 | imagePullPolicy: Always 23 | env: 24 | - name: NAMESPACE 25 | valueFrom: 26 | fieldRef: 27 | fieldPath: metadata.namespace 28 | - name: APP_INSTANCE_NAME 29 | value: {{ .Release.Name }} 30 | - name: MONGO_USER 31 | valueFrom: 32 | secretKeyRef: 33 | key: MONGODB_USER_ADMIN_USER 34 | name: {{ .Release.Name }}-secrets 35 | - name: MONGO_PASSWORD 36 | valueFrom: 37 | secretKeyRef: 38 | key: MONGODB_USER_ADMIN_PASSWORD 39 | name: {{ .Release.Name }}-secrets 40 | restartPolicy: Never 41 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/apptest/deployer/psmdb-operator/values.yaml: -------------------------------------------------------------------------------- 1 | testerImage: null -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/apptest/deployer/schema.yaml: -------------------------------------------------------------------------------- 1 | properties: 2 | testerImage: 3 | type: string 4 | default: $REGISTRY/tester:$TAG 5 | x-google-property: 6 | type: IMAGE 7 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/apptest/tester/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gcr.io/cloud-marketplace-tools/testrunner:0.1.2 2 | 3 | RUN apt-get update && apt-get install -y gnupg wget jq 4 | RUN wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - 5 | RUN echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list 6 | RUN apt-get update && apt-get install -y --no-install-recommends \ 7 | mongodb-org-shell \ 8 | && rm -rf /var/lib/apt/lists/* 9 | 10 | RUN wget -q -O /bin/kubectl \ 11 | https://storage.googleapis.com/kubernetes-release/release/v1.16.10/bin/linux/amd64/kubectl \ 12 | && chmod 755 /bin/kubectl 13 | 14 | COPY tests/* /tests/ 15 | COPY tester.sh /tester.sh 16 | 17 | WORKDIR / 18 | ENTRYPOINT ["/tester.sh"] -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/apptest/tester/tester.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2019 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -xeo pipefail 18 | shopt -s nullglob 19 | 20 | for test in /tests/*; do 21 | testrunner -logtostderr "--test_spec=${test}" 22 | done 23 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/apptest/tester/tests/basic-suite.yaml: -------------------------------------------------------------------------------- 1 | actions: 2 | - name: Wait for all pods 3 | bashTest: 4 | script: |- 5 | TIMEOUT=120 6 | INTERVAL=5 7 | PERIOD=0 8 | while [[ "$(kubectl get psmdb/${APP_INSTANCE_NAME} -o jsonpath='{.status.replsets.rs0.ready}')" \ 9 | -ne "$(kubectl get psmdb/${APP_INSTANCE_NAME} -o jsonpath='{.status.replsets.rs0.size}')" ]]; do 10 | sleep ${INTERVAL} 11 | ((PERIOD+=INTERVAL)) 12 | if [[ "${PERIOD}" -ge "${TIMEOUT}" ]]; then 13 | exit 1 14 | fi 15 | done 16 | expect: 17 | exitCode: 18 | equals: 0 19 | - name: Can connect to a database 20 | bashTest: 21 | script: |- 22 | printf "db.runCommand({ ping: 1 }).ok" \ 23 | | mongo "mongodb+srv://${MONGO_USER}:${MONGO_PASSWORD}@${APP_INSTANCE_NAME}-rs0.${NAMESPACE}.svc.cluster.local/admin?replicaSet=rs0&ssl=false" --quiet 24 | expect: 25 | stdout: 26 | matches: 1 27 | exitCode: 28 | equals: 0 29 | - name: Create a user 30 | bashTest: 31 | script: |- 32 | printf 'db.createUser({user: "myApp", pwd: "myPass", roles: [{ db: "myApp", role: "readWrite" }]})' \ 33 | | mongo "mongodb+srv://${MONGO_USER}:${MONGO_PASSWORD}@${APP_INSTANCE_NAME}-rs0.${NAMESPACE}.svc.cluster.local/admin?replicaSet=rs0&ssl=false" 34 | expect: 35 | stdout: 36 | contains: "Successfully added user" 37 | exitCode: 38 | equals: 0 39 | - name: Put some data 40 | bashTest: 41 | script: |- 42 | printf 'use myApp\n db.test.insert({ x: 100500 })' \ 43 | | mongo "mongodb+srv://myApp:myPass@${APP_INSTANCE_NAME}-rs0.${NAMESPACE}.svc.cluster.local/admin?replicaSet=rs0&ssl=false" 44 | expect: 45 | stdout: 46 | contains: 'WriteResult({ "nInserted" : 1 })' 47 | exitCode: 48 | equals: 0 49 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.5.0" 3 | description: A Helm chart for Deploying the Percona Kubernetes Operator for Percona Server for MongoDB 4 | name: psmdb-operator 5 | home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/kubernetes.html 6 | version: 0.1.0 7 | maintainers: 8 | - name: cap1984 9 | email: ivan.pylypenko@percona.com 10 | - name: tplavcic 11 | email: tomislav.plavcic@percona.com 12 | - name: paulczar 13 | email: username.taken@gmail.com 14 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2019 Paul Czarkowski 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/README.md: -------------------------------------------------------------------------------- 1 | # psmdb-operator: A chart for installing the Percona Kubernetes operator for MongoDB 2 | 3 | This chart implements Percona Server MongoDB operator deployment. The Operator itself can be found here: 4 | * 5 | 6 | ## Pre-requisites 7 | * Kubernetes 1.11+ 8 | * PV support on the underlying infrastructure - only if you are provisioning persistent volume(s). 9 | * At least `v2.4.0` version of helm 10 | 11 | ## Deployment Details 12 | * 13 | 14 | ## Chart Details 15 | This chart will: 16 | * deploy a PSMDB Operator Pod for the further MongoDB creation in K8S. 17 | 18 | ### Installing the Chart 19 | To install the chart with the `psmdb` release name using a dedicated namespace (recommended): 20 | 21 | ```sh 22 | helm repo add percona https://percona.github.io/percona-helm-charts/ 23 | helm install my-operator percona/psmdb-operator --version 0.1.0 --namespace my-namespace 24 | ``` 25 | 26 | The chart can be customized using the following configurable parameters: 27 | 28 | | Parameter | Description | Default | 29 | | ------------------------------- | ------------------------------------------------------------------------------| ------------------------------------------| 30 | | `image.repository` | PSMDB Operator Container image name | `percona/percona-server-mongodb-operator` | 31 | | `image.tag` | PSMDB Operator Container image tag | `1.5.0` | 32 | | `image.pullPolicy` | PSMDB Operator Container pull policy | `Always` | 33 | | `image.pullSecrets` | PSMDB Operator Pod pull secret | `[]` | 34 | | `replicaCount` | PSMDB Operator Pod quantity | `1` | 35 | | `tolerations` | List of node taints to tolerate | `[]` | 36 | | `resources` | Resource requests and limits | `{}` | 37 | | `nodeSelector` | Labels for Pod assignment | `{}` | 38 | | `watchNamespace` | Set when a different from default namespace is needed to watch | `""` | 39 | 40 | Specify parameters using `--set key=value[,key=value]` argument to `helm install` 41 | 42 | Alternatively a YAML file that specifies the values for the parameters can be provided like this: 43 | 44 | ```sh 45 | helm install psmdb-operator -f values.yaml percona/psmdb-operator 46 | ``` 47 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/files/custom-resource/cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: psmdb.percona.com/v1-5-0 2 | kind: PerconaServerMongoDB 3 | metadata: 4 | name: {{ .Release.Name | trunc 22 }} 5 | ownerReferences: 6 | - apiVersion: app.k8s.io/v1beta1 7 | blockOwnerDeletion: true 8 | kind: Application 9 | name: {{ .Release.Name }} 10 | uid: ${PARENT_UID} 11 | spec: 12 | image: {{ template "psmdb-operator.mongoImage" . }} 13 | imagePullPolicy: Always 14 | allowUnsafeConfigurations: false 15 | updateStrategy: SmartUpdate 16 | upgradeOptions: 17 | versionServiceEndpoint: https://check.percona.com/versions/ 18 | apply: disabled 19 | schedule: "0 2 * * *" 20 | secrets: 21 | users: {{ .Release.Name | trunc 22 }}-secrets 22 | pmm: 23 | enabled: false 24 | image: "{{ .Values.pmm.image.registry }}/{{ .Values.pmm.image.repository }}:{{ .Values.pmm.image.tag }}" 25 | serverHost: monitoring-service 26 | replsets: 27 | - name: rs0 28 | size: {{ .Values.psmdb.replicas }} 29 | affinity: 30 | antiAffinityTopologyKey: "kubernetes.io/hostname" 31 | podDisruptionBudget: 32 | maxUnavailable: 1 33 | expose: 34 | enabled: false 35 | exposeType: LoadBalancer 36 | arbiter: 37 | enabled: false 38 | size: 1 39 | affinity: 40 | antiAffinityTopologyKey: "kubernetes.io/hostname" 41 | resources: 42 | limits: 43 | cpu: "300m" 44 | memory: "0.5G" 45 | requests: 46 | cpu: "300m" 47 | memory: "0.5G" 48 | volumeSpec: 49 | persistentVolumeClaim: 50 | resources: 51 | requests: 52 | storage: 3Gi 53 | mongod: 54 | net: 55 | port: 27017 56 | hostPort: 0 57 | security: 58 | redactClientLogData: false 59 | enableEncryption: true 60 | encryptionKeySecret: {{ .Release.Name | trunc 22 }}-mongodb-encryption-key 61 | encryptionCipherMode: AES256-CBC 62 | setParameter: 63 | ttlMonitorSleepSecs: 60 64 | wiredTigerConcurrentReadTransactions: 128 65 | wiredTigerConcurrentWriteTransactions: 128 66 | storage: 67 | engine: wiredTiger 68 | inMemory: 69 | engineConfig: 70 | inMemorySizeRatio: 0.9 71 | mmapv1: 72 | nsSize: 16 73 | smallfiles: false 74 | wiredTiger: 75 | engineConfig: 76 | cacheSizeRatio: 0.5 77 | directoryForIndexes: false 78 | journalCompressor: snappy 79 | collectionConfig: 80 | blockCompressor: snappy 81 | indexConfig: 82 | prefixCompression: true 83 | operationProfiling: 84 | mode: slowOp 85 | slowOpThresholdMs: 100 86 | rateLimit: 100 87 | backup: 88 | enabled: true 89 | restartOnFailure: true 90 | image: "{{ .Values.backup.image.registry }}/{{ .Values.backup.image.repository }}:{{ .Values.backup.image.tag }}" 91 | serviceAccountName: {{ .Values.operator.serviceAccountName }} 92 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "psmdb-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "psmdb-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "psmdb-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "psmdb-operator.labels" -}} 38 | app.kubernetes.io/name: {{ include "psmdb-operator.name" . }} 39 | helm.sh/chart: {{ include "psmdb-operator.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | 48 | {{- define "psmdb-operator.CRDsConfigMap" -}} 49 | {{- printf "%s-crd-config-map" .Release.Name | trunc 63 -}} 50 | {{- end -}} 51 | 52 | {{- define "psmdb-operator.CRDsJob" -}} 53 | {{- printf "%s-crd-job" .Release.Name | trunc 63 -}} 54 | {{- end -}} 55 | 56 | {{- define "psmdb-operator.CRConfigMap" -}} 57 | {{- printf "%s-cr-config-map" .Release.Name | trunc 63 -}} 58 | {{- end -}} 59 | 60 | {{- define "psmdb-operator.mongoImage" -}} 61 | {{- $pattern := default (printf "%s/%%s:%s" .Values.psmdb.image.registry .Values.psmdb.image.tag) -}} 62 | {{- if eq .Values.psmdb.image.version "4.2" }} 63 | {{- printf $pattern .Values.psmdb42.image.repository -}} 64 | {{- else if eq .Values.psmdb.image.version "4.0" }} 65 | {{- printf $pattern .Values.psmdb40.image.repository -}} 66 | {{- else -}} 67 | {{- printf $pattern .Values.psmdb36.image.repository -}} 68 | {{- end -}} 69 | {{- end -}} -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/templates/cr-configmap.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "psmdb-operator.CRConfigMap" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ .Release.Name }} 8 | app.kubernetes.io/component: crd-configmap 9 | data: 10 | {{- $root := . -}} 11 | {{- range $path, $bytes := .Files.Glob "files/custom-resource/*.yaml" }} 12 | {{ base $path }}: |- 13 | {{- tpl ($root.Files.Get $path) $root | nindent 4}} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/templates/crd-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "psmdb-operator.CRDsConfigMap" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ .Release.Name }} 7 | app.kubernetes.io/component: crd-configmap 8 | data: 9 | {{- $root := . -}} 10 | {{- range $path, $bytes := .Files.Glob "files/crd/*.yaml" }} 11 | {{ base $path }}: |- 12 | {{- $root.Files.Get $path | nindent 4 }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/templates/crd-create.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | annotations: 5 | name: {{ template "psmdb-operator.CRDsJob" . }} 6 | labels: 7 | app.kubernetes.io/name: "{{ .Release.Name }}" 8 | app.kubernetes.io/component: crd-job 9 | spec: 10 | backoffLimit: 0 11 | completions: 1 12 | parallelism: 1 13 | template: 14 | spec: 15 | containers: 16 | - command: 17 | - "/bin/bash" 18 | - "-ec" 19 | - | 20 | PARENT_UID=$(kubectl get application {{ .Release.Name }} -o jsonpath='{.metadata.uid}') 21 | for crd in /crd_to_create/*; 22 | do kubectl apply -f $crd; 23 | done 24 | for cr in /cr_to_create/*; 25 | do cat $cr | env -i PARENT_UID=${PARENT_UID} envsubst | kubectl apply -f -; 26 | done 27 | kubectl patch job/{{ template "psmdb-operator.CRDsJob" . }} --type merge -p='{"metadata":{"ownerReferences":[{"apiVersion": "app.k8s.io/v1beta1","blockOwnerDeletion": true,"kind": "Application","name":"{{ .Release.Name }}","uid": "'"${PARENT_UID}"'"}]}}' 28 | kubectl patch deployment/{{ template "psmdb-operator.fullname" . }} --type merge -p='{"metadata":{"ownerReferences":[{"apiVersion": "app.k8s.io/v1beta1","blockOwnerDeletion": true,"kind": "Application","name":"{{ .Release.Name }}","uid": "'"${PARENT_UID}"'"}]}}' 29 | image: {{ .Values.deployerHelm.image }} 30 | imagePullPolicy: Always 31 | name: crd-create 32 | volumeMounts: 33 | - name: crd-configmap 34 | mountPath: /crd_to_create/ 35 | - name: cr-configmap 36 | mountPath: /cr_to_create/ 37 | dnsPolicy: ClusterFirst 38 | restartPolicy: Never 39 | serviceAccountName: {{ .Values.CDRJobServiceAccount }} 40 | volumes: 41 | - name: crd-configmap 42 | configMap: 43 | name: {{ template "psmdb-operator.CRDsConfigMap" . }} 44 | - name: cr-configmap 45 | configMap: 46 | name: {{ template "psmdb-operator.CRConfigMap" . }} 47 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "psmdb-operator.fullname" . }} 5 | labels: 6 | {{ include "psmdb-operator.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "psmdb-operator.name" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "psmdb-operator.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | spec: 19 | serviceAccountName: {{ .Values.operator.serviceAccountName }} 20 | {{- with .Values.imagePullSecrets }} 21 | imagePullSecrets: 22 | {{- toYaml . | nindent 8 }} 23 | {{- end }} 24 | containers: 25 | - name: {{ .Chart.Name }} 26 | image: {{ .Values.operator.image.registry }}/{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag | trunc 5 }} 27 | imagePullPolicy: {{ .Values.operator.image.pullPolicy }} 28 | ports: 29 | - containerPort: 60000 30 | name: metrics 31 | command: 32 | - percona-server-mongodb-operator 33 | env: 34 | - name: WATCH_NAMESPACE 35 | value: {{ default .Release.Namespace .Values.watchNamespace }} 36 | - name: OPERATOR_NAME 37 | value: {{ default "percona-server-mongodb-operator" .Values.operatorName }} 38 | - name: RESYNC_PERIOD 39 | value: "{{ .Values.env.resyncPeriod }}" 40 | - name: LOG_VERBOSE 41 | value: "{{ .Values.env.logVerbose }}" 42 | # livenessProbe: 43 | # httpGet: 44 | # path: / 45 | # port: metrics 46 | # readinessProbe: 47 | # httpGet: 48 | # path: / 49 | # port: metrics 50 | resources: 51 | {{- toYaml .Values.resources | nindent 12 }} 52 | {{- with .Values.nodeSelector }} 53 | nodeSelector: 54 | {{- toYaml . | nindent 8 }} 55 | {{- end }} 56 | {{- with .Values.affinity }} 57 | affinity: 58 | {{- toYaml . | nindent 8 }} 59 | {{- end }} 60 | {{- with .Values.tolerations }} 61 | tolerations: 62 | {{- toYaml . | nindent 8 }} 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/chart/psmdb-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for pxc-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | operator: 8 | image: 9 | registry: null 10 | repository: null 11 | tag: null 12 | pullPolicy: Always 13 | serviceAccountName: null 14 | 15 | psmdb: 16 | replicas: null 17 | datadirSize: null 18 | image: 19 | registry: null 20 | repository: null 21 | tag: null 22 | version: null 23 | backup: 24 | image: 25 | registry: null 26 | repository: null 27 | tag: null 28 | pmm: 29 | image: 30 | registry: null 31 | repository: null 32 | tag: null 33 | name: null 34 | 35 | 36 | env: 37 | resyncPeriod: 5s 38 | logVerbose: false 39 | 40 | # set if you want to specify a namespace to watch 41 | # defaults to `.Release.namespace` if left blank 42 | # watchNamespace: 43 | 44 | # set if you want to use a different operator name 45 | # defaults to `percona-xtradb-cluster-operator` 46 | # operatorName: 47 | 48 | # set to false if you don't want the helm chart to 49 | # automatically create the CRD. 50 | createCRD: true 51 | 52 | imagePullSecrets: [] 53 | nameOverride: "" 54 | fullnameOverride: "" 55 | 56 | resources: {} 57 | # We usually recommend not to specify default resources and to leave this as a conscious 58 | # choice for the user. This also increases chances charts run on environments with little 59 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 60 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 61 | # limits: 62 | # cpu: 100m 63 | # memory: 128Mi 64 | # requests: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | 68 | nodeSelector: {} 69 | 70 | tolerations: [] 71 | 72 | affinity: {} 73 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/psmdb-operator/deployer/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG MARKETPLACE_TOOLS_TAG 2 | FROM marketplace.gcr.io/google/debian9 AS build 3 | 4 | RUN apt-get update \ 5 | && apt-get install -y --no-install-recommends gettext 6 | 7 | ADD chart/psmdb-operator /tmp/chart 8 | RUN cd /tmp && tar -czvf /tmp/psmdb-operator.tar.gz chart 9 | 10 | ADD apptest/deployer/psmdb-operator /tmp/test/chart 11 | RUN cd /tmp/test && tar -czvf /tmp/test/psmdb-operator.tar.gz chart/ 12 | 13 | ADD schema.yaml /tmp/schema.yaml 14 | 15 | ARG REGISTRY 16 | ARG TAG 17 | ARG PSMDB_36 18 | ARG PSMDB_40 19 | ARG PSMDB_42 20 | 21 | RUN cat /tmp/schema.yaml \ 22 | | env -i "REGISTRY=$REGISTRY" "TAG=$TAG" "PSMDB_36=$PSMDB_36" "PSMDB_40=$PSMDB_40" "PSMDB_42=$PSMDB_42" envsubst \ 23 | > /tmp/schema.yaml.new \ 24 | && mv /tmp/schema.yaml.new /tmp/schema.yaml 25 | RUN cat /tmp/schema.yaml 26 | 27 | ADD apptest/deployer/schema.yaml /tmp/apptest/schema.yaml 28 | RUN cat /tmp/apptest/schema.yaml \ 29 | | env -i "REGISTRY=$REGISTRY" "TAG=$TAG" envsubst \ 30 | > /tmp/apptest/schema.yaml.new \ 31 | && mv /tmp/apptest/schema.yaml.new /tmp/apptest/schema.yaml 32 | 33 | FROM gcr.io/cloud-marketplace-tools/k8s/deployer_helm:$MARKETPLACE_TOOLS_TAG 34 | COPY --from=build /tmp/psmdb-operator.tar.gz /data/chart/ 35 | COPY --from=build /tmp/test/psmdb-operator.tar.gz /data-test/chart/ 36 | COPY --from=build /tmp/schema.yaml /data/ 37 | COPY --from=build /tmp/apptest/schema.yaml /data-test/ 38 | 39 | ENV WAIT_FOR_READY_TIMEOUT 1800 40 | ENV TESTER_TIMEOUT 1800 41 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/apptest/deployer/pxc-operator/templates/tester.yaml: -------------------------------------------------------------------------------- 1 | # TODO(marketplace-k8s-app-tools/issues/302): Remove this after native 2 | # Testrunner support is added to deployer 3 | apiVersion: v1 4 | # TODO(click-to-deploy/issues/324): Migrate to Job after adding support to 5 | # deployer 6 | # kind: Job 7 | kind: Pod 8 | metadata: 9 | name: "{{ .Release.Name }}-tester" 10 | labels: 11 | app.kubernetes.io/name: "{{ .Release.Name }}" 12 | annotations: 13 | marketplace.cloud.google.com/verification: test 14 | spec: 15 | # TODO(click-to-deploy/issues/324): Add deadline after migrating to Job 16 | # activeDeadlineSeconds: 1200 17 | # TODO(click-to-deploy/issues/323): Remove following dependency on internal name 18 | serviceAccountName: {{ .Values.CDRJobServiceAccount }} 19 | containers: 20 | - name: tester 21 | image: "{{ .Values.testerImage }}" 22 | imagePullPolicy: Always 23 | env: 24 | - name: NAMESPACE 25 | valueFrom: 26 | fieldRef: 27 | fieldPath: metadata.namespace 28 | - name: APP_INSTANCE_NAME 29 | value: {{ .Release.Name | trunc 22 }} 30 | - name: MYSQL_PASSWORD 31 | valueFrom: 32 | secretKeyRef: 33 | name: {{ .Release.Name }}-secrets 34 | key: root 35 | restartPolicy: Never 36 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/apptest/deployer/schema.yaml: -------------------------------------------------------------------------------- 1 | properties: 2 | testerImage: 3 | type: string 4 | default: $REGISTRY/tester:$TAG 5 | x-google-property: 6 | type: IMAGE 7 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/apptest/tester/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gcr.io/cloud-marketplace-tools/testrunner:0.1.2 2 | 3 | RUN apt-get update && apt-get install -y --no-install-recommends \ 4 | gnupg \ 5 | wget \ 6 | jq \ 7 | curl \ 8 | default-mysql-client \ 9 | && rm -rf /var/lib/apt/lists/* 10 | 11 | RUN wget -q -O /bin/kubectl \ 12 | https://storage.googleapis.com/kubernetes-release/release/v1.16.10/bin/linux/amd64/kubectl \ 13 | && chmod 755 /bin/kubectl 14 | 15 | COPY tests/* /tests/ 16 | COPY tester.sh /tester.sh 17 | 18 | WORKDIR / 19 | ENTRYPOINT ["/tester.sh"] 20 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/apptest/tester/tester.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2019 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -xeo pipefail 18 | shopt -s nullglob 19 | 20 | for test in /tests/*; do 21 | testrunner -logtostderr "--test_spec=${test}" 22 | done 23 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/apptest/tester/tests/basic-suite.yaml: -------------------------------------------------------------------------------- 1 | actions: 2 | - name: Wait for all pods 3 | bashTest: 4 | script: |- 5 | TIMEOUT=360 6 | INTERVAL=5 7 | PERIOD=0 8 | while [[ "$(kubectl get pxc/${APP_INSTANCE_NAME} -o jsonpath='{.status.pxc.ready}')" -ne "$(kubectl get pxc/${APP_INSTANCE_NAME} -o jsonpath='{.spec.pxc.size}')" ]] \ 9 | || [[ "$(kubectl get pxc/${APP_INSTANCE_NAME} -o jsonpath='{.status.haproxy.ready}')" -ne "$(kubectl get pxc/${APP_INSTANCE_NAME} -o jsonpath='{.spec.haproxy.size}')" ]] \ 10 | || [[ "$(kubectl get pxc/${APP_INSTANCE_NAME} -o jsonpath='{.status.state}')" -ne "ready" ]]; do 11 | sleep ${INTERVAL} 12 | ((PERIOD+=INTERVAL)) 13 | if [[ "${PERIOD}" -ge "${TIMEOUT}" ]]; then 14 | exit 1 15 | fi 16 | done 17 | expect: 18 | exitCode: 19 | equals: 0 20 | - name: Can connect to a database 21 | bashTest: 22 | script: |- 23 | mysql -h ${APP_INSTANCE_NAME}-haproxy.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_PASSWORD}" -e "SHOW DATABASES" 24 | expect: 25 | stdout: 26 | contains: "information_schema" 27 | exitCode: 28 | equals: 0 29 | - name: Can not connect to a database with incorrect credentials 30 | bashTest: 31 | script: mysql -h ${APP_INSTANCE_NAME}-haproxy.${NAMESPACE}.svc.cluster.local -u root -p"wrong_pass" -e "SHOW DATABASES" 32 | expect: 33 | stderr: 34 | matches: 'ERROR 1045 (28000): Access denied for user ''root''@''.+'' (using password: YES)' 35 | exitCode: 36 | equals: 1 37 | - name: Can create database 38 | bashTest: 39 | script: mysql -h ${APP_INSTANCE_NAME}-haproxy.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_PASSWORD}" -e "CREATE DATABASE IF NOT EXISTS test_database" 40 | expect: 41 | exitCode: 42 | equals: 0 43 | - name: Check replication 44 | bashTest: 45 | script: mysql -h ${APP_INSTANCE_NAME}-pxc-1.${APP_INSTANCE_NAME}-pxc.${NAMESPACE}.svc.cluster.local -u root -p"${MYSQL_PASSWORD}" -e "SHOW DATABASES" 46 | expect: 47 | stdout: 48 | contains: test_database 49 | exitCode: 50 | equals: 0 51 | - name: Wait for cluster removal 52 | bashTest: 53 | script: |- 54 | TIMEOUT=120 55 | INTERVAL=5 56 | PERIOD=0 57 | kubectl delete pxc/${APP_INSTANCE_NAME} 58 | while [[ -n "$(kubectl get pxc/${APP_INSTANCE_NAME} 2>/dev/null || true)" ]]; do 59 | sleep ${INTERVAL} 60 | ((PERIOD+=INTERVAL)) 61 | if [[ "${PERIOD}" -ge "${TIMEOUT}" ]]; then 62 | exit 1 63 | fi 64 | done 65 | expect: 66 | exitCode: 67 | equals: 0 68 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.7.0" 3 | description: A Helm chart for Deploying the Percona XtraDB Cluster Operator Kubernetes 4 | name: pxc-operator 5 | home: https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html 6 | version: 0.1.9 7 | maintainers: 8 | - name: paulczar 9 | email: username.taken@gmail.com 10 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2019 Paul Czarkowski 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/README.md: -------------------------------------------------------------------------------- 1 | # pxс-operator: A chart for installing Percona Kubernetes Operator for Percona XtraDB Cluster 2 | 3 | This chart implements the Percona XtraDB Cluster Operator deployment. [Percona XtraDB Cluster](https://www.percona.com/doc/percona-xtradb-cluster/LATEST/index.html) is a database clustering solution for MySQL. The Operator itself can be found here: 4 | * 5 | 6 | ## Pre-requisites 7 | * Kubernetes 1.11+ 8 | * PV support on the underlying infrastructure - only if you are provisioning persistent volume(s). 9 | * At least `v2.4.0` version of helm 10 | 11 | ## Deployment Details 12 | * 13 | 14 | ## Chart Details 15 | This chart will: 16 | * deploy a PXC Operator Pod for the further MySQL XtraDB Cluster creation in K8S. 17 | 18 | ### Installing the Chart 19 | To install the chart with the `pxc` release name using a dedicated namespace (recommended): 20 | 21 | ```sh 22 | helm repo add percona https://percona.github.io/percona-helm-charts/ 23 | helm install my-operator percona/pxc-operator --version 0.1.9 --namespace my-namespace 24 | ``` 25 | 26 | The chart can be customized using the following configurable parameters: 27 | 28 | | Parameter | Description | Default | 29 | | ------------------------------- | ------------------------------------------------------------------------------| ------------------------------------------| 30 | | `image.repository` | PXC Operator Container image name | `percona/percona-xtradb-cluster-operator` | 31 | | `image.tag` | PXC Operator Container image tag | `1.5.0` | 32 | | `image.pullPolicy` | PXC Operator Container pull policy | `Always` | 33 | | `image.pullSecrets` | PXC Operator Pod pull secret | `[]` | 34 | | `replicaCount` | PXC Operator Pod quantity | `1` | 35 | | `tolerations` | List of node taints to tolerate | `[]` | 36 | | `resources` | Resource requests and limits | `{}` | 37 | | `nodeSelector` | Labels for Pod assignment | `{}` | 38 | 39 | Specify parameters using `--set key=value[,key=value]` argument to `helm install` 40 | 41 | Alternatively a YAML file that specifies the values for the parameters can be provided like this: 42 | 43 | ```sh 44 | helm install pxc-operator -f values.yaml percona/pxc-operator 45 | ``` 46 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/percona/percona-helm-charts/b8ed7639c04d7e3a8b6bd195a5c1c664a1ec9539/charts/gcp-marketplace/pxc-operator/chart/pxc-operator/logo.png -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pxc-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pxc-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pxc-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "pxc-operator.labels" -}} 38 | app.kubernetes.io/name: {{ include "pxc-operator.name" . }} 39 | helm.sh/chart: {{ include "pxc-operator.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{- define "pxc-operator.CRDsConfigMap" -}} 48 | {{- printf "%s-crd-config-map" .Release.Name | trunc 63 -}} 49 | {{- end -}} 50 | 51 | {{- define "pxc-operator.CRDsJob" -}} 52 | {{- printf "%s-crd-job" .Release.Name | trunc 63 -}} 53 | {{- end -}} 54 | 55 | {{- define "pxc-operator.CRConfigMap" -}} 56 | {{- printf "%s-cr-config-map" .Release.Name | trunc 63 -}} 57 | {{- end -}} 58 | 59 | {{- define "pxc-operator.pxcVersion" -}} 60 | {{- if hasPrefix "8.0" .Values.pxc.version -}} 61 | {{ .Values.pxc80.image.registry }}/{{ .Values.pxc80.image.repository }}:{{ .Values.pxc80.image.tag }} 62 | {{- else if hasPrefix "5.7" .Values.pxc.version -}} 63 | {{ .Values.pxc57.image.registry }}/{{ .Values.pxc57.image.repository }}:{{ .Values.pxc57.image.tag }} 64 | {{- end -}} 65 | {{- end -}} 66 | 67 | {{- define "pxc-operator.pxcBackupVersion" -}} 68 | {{- if hasPrefix "8.0" .Values.pxc.version -}} 69 | {{ .Values.pxc80backup.image.registry }}/{{ .Values.pxc80backup.image.repository }}:{{ .Values.pxc80backup.image.tag }} 70 | {{- else if hasPrefix "5.7" .Values.pxc.version -}} 71 | {{ .Values.pxc57backup.image.registry }}/{{ .Values.pxc57backup.image.repository }}:{{ .Values.pxc57backup.image.tag }} 72 | {{- end -}} 73 | {{- end -}} 74 | 75 | {{- define "pxc-operator.unsafeConfigurations" -}} 76 | {{- if eq .Values.pxc.replicas 1.0 -}} 77 | true 78 | {{- else -}} 79 | false 80 | {{- end -}} 81 | {{- end -}} 82 | 83 | {{- define "pxc-operator.serviceType" -}} 84 | {{- if or (eq .Values.serviceType "InternalLB") (eq .Values.serviceType "PublicLB") -}} 85 | LoadBalancer 86 | {{- else -}} 87 | ClusterIP 88 | {{- end -}} 89 | {{- end -}} 90 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/templates/cr-configmap.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "pxc-operator.CRConfigMap" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ .Release.Name }} 8 | app.kubernetes.io/component: crd-configmap 9 | data: 10 | {{- $root := . -}} 11 | {{- range $path, $bytes := .Files.Glob "files/custom-resource/*.yaml" }} 12 | {{ base $path }}: |- 13 | {{- tpl ($root.Files.Get $path) $root | nindent 4}} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/templates/crd-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "pxc-operator.CRDsConfigMap" . }} 5 | labels: 6 | app.kubernetes.io/name: {{ .Release.Name }} 7 | app.kubernetes.io/component: crd-configmap 8 | data: 9 | {{- $root := . -}} 10 | {{- range $path, $bytes := .Files.Glob "files/crd/*.yaml" }} 11 | {{ base $path }}: |- 12 | {{- $root.Files.Get $path | nindent 4 }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "pxc-operator.fullname" . }} 5 | labels: 6 | {{ include "pxc-operator.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "pxc-operator.name" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "pxc-operator.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | spec: 19 | terminationGracePeriodSeconds: 600 20 | serviceAccountName: {{ .Values.operator.serviceAccountName }} 21 | {{- with .Values.imagePullSecrets }} 22 | imagePullSecrets: 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | containers: 26 | - name: {{ .Chart.Name }} 27 | image: "{{ .Values.operator.image.registry }}/{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" 28 | imagePullPolicy: {{ .Values.operator.image.pullPolicy }} 29 | ports: 30 | - containerPort: 60000 31 | name: metrics 32 | command: 33 | - percona-xtradb-cluster-operator 34 | env: 35 | - name: WATCH_NAMESPACE 36 | value: {{ default .Release.Namespace .Values.watchNamespace }} 37 | - name: OPERATOR_NAME 38 | value: {{ default "percona-xtradb-cluster-operator" .Values.operatorName }} 39 | # livenessProbe: 40 | # httpGet: 41 | # path: / 42 | # port: metrics 43 | # readinessProbe: 44 | # httpGet: 45 | # path: / 46 | # port: metrics 47 | resources: 48 | {{- toYaml .Values.resources | nindent 12 }} 49 | {{- with .Values.nodeSelector }} 50 | nodeSelector: 51 | {{- toYaml . | nindent 8 }} 52 | {{- end }} 53 | {{- with .Values.affinity }} 54 | affinity: 55 | {{- toYaml . | nindent 8 }} 56 | {{- end }} 57 | {{- with .Values.tolerations }} 58 | tolerations: 59 | {{- toYaml . | nindent 8 }} 60 | {{- end }} 61 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/chart/pxc-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for pxc-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | operator: 8 | image: 9 | registry: null 10 | repository: null 11 | tag: null 12 | pullPolicy: IfNotPresent 13 | serviceAccountName: null 14 | 15 | pxc: 16 | datadir: 17 | size: null 18 | version: null 19 | replicas: null 20 | name: null 21 | serviceType: null 22 | 23 | 24 | # set if you want to specify a namespace to watch 25 | # defaults to `.Release.namespace` if left blank 26 | # watchNamespace: 27 | 28 | # set if you want to use a different operator name 29 | # defaults to `percona-xtradb-cluster-operator` 30 | # operatorName: 31 | 32 | # set to false if you don't want the helm chart to 33 | # automatically create the CRD. 34 | createCRD: true 35 | 36 | imagePullSecrets: [] 37 | nameOverride: "" 38 | fullnameOverride: "" 39 | 40 | resources: {} 41 | # We usually recommend not to specify default resources and to leave this as a conscious 42 | # choice for the user. This also increases chances charts run on environments with little 43 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 44 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 45 | # limits: 46 | # cpu: 100m 47 | # memory: 128Mi 48 | # requests: 49 | # cpu: 100m 50 | # memory: 128Mi 51 | 52 | nodeSelector: {} 53 | 54 | tolerations: [] 55 | 56 | affinity: {} 57 | -------------------------------------------------------------------------------- /charts/gcp-marketplace/pxc-operator/deployer/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG MARKETPLACE_TOOLS_TAG 2 | FROM marketplace.gcr.io/google/debian9 AS build 3 | 4 | RUN apt-get update \ 5 | && apt-get install -y --no-install-recommends gettext 6 | 7 | ADD chart/pxc-operator /tmp/chart 8 | RUN cd /tmp && tar -czvf /tmp/pxc-operator.tar.gz chart 9 | 10 | ADD apptest/deployer/pxc-operator /tmp/test/chart 11 | RUN cd /tmp/test && tar -czvf /tmp/test/pxc-operator.tar.gz chart/ 12 | 13 | ADD schema.yaml /tmp/schema.yaml 14 | 15 | ARG REGISTRY 16 | ARG TAG 17 | ARG PXC_80 18 | ARG PXC_57 19 | 20 | RUN cat /tmp/schema.yaml \ 21 | | env -i "REGISTRY=$REGISTRY" "TAG=$TAG" "PXC_80=$PXC_80" "PXC_57=$PXC_57" envsubst \ 22 | > /tmp/schema.yaml.new \ 23 | && mv /tmp/schema.yaml.new /tmp/schema.yaml 24 | RUN cat /tmp/schema.yaml 25 | 26 | ADD apptest/deployer/schema.yaml /tmp/apptest/schema.yaml 27 | RUN cat /tmp/apptest/schema.yaml \ 28 | | env -i "REGISTRY=$REGISTRY" "TAG=$TAG" envsubst \ 29 | > /tmp/apptest/schema.yaml.new \ 30 | && mv /tmp/apptest/schema.yaml.new /tmp/apptest/schema.yaml 31 | 32 | FROM gcr.io/cloud-marketplace-tools/k8s/deployer_helm:$MARKETPLACE_TOOLS_TAG 33 | COPY --from=build /tmp/pxc-operator.tar.gz /data/chart/ 34 | COPY --from=build /tmp/schema.yaml /data/ 35 | COPY --from=build /tmp/test/pxc-operator.tar.gz /data-test/chart/ 36 | COPY --from=build /tmp/apptest/schema.yaml /data-test/ 37 | 38 | ENV WAIT_FOR_READY_TIMEOUT 1800 39 | ENV TESTER_TIMEOUT 1800 40 | -------------------------------------------------------------------------------- /charts/pg-db/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/pg-db/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: pg-db 3 | description: 'A Helm chart to deploy the PostgreSQL database with the Percona Operator for PostgreSQL' 4 | type: application 5 | version: 2.6.0 6 | appVersion: 2.6.0 7 | home: https://docs.percona.com/percona-operator-for-postgresql/2.0/ 8 | maintainers: 9 | - name: spron-in 10 | email: sergey.pronin@percona.com 11 | - name: nmarukovich 12 | email: natalia.marukovich@gmail.com 13 | - name: jvpasinatto 14 | email: julio.pasinatto@percona.com 15 | keywords: 16 | - PostgreSQL 17 | - Operator 18 | - Database 19 | - Postgres 20 | - SQL 21 | - RDBMS 22 | -------------------------------------------------------------------------------- /charts/pg-db/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | # 2 | 3 | % _____ 4 | %%% | __ \ 5 | ###%%%%%%%%%%%%* | |__) |__ _ __ ___ ___ _ __ __ _ 6 | ### ##%% %%%% | ___/ _ \ '__/ __/ _ \| '_ \ / _` | 7 | #### ##% %%%% | | | __/ | | (_| (_) | | | | (_| | 8 | ### #### %%% |_| \___|_| \___\___/|_| |_|\__,_| 9 | ,((### ### %%% _ _ _____ _ 10 | (((( (### #### %%%% | | / _ \ / ____| | | 11 | ((( ((# ###### | | _| (_) |___ | (___ __ _ _ _ __ _ __| | 12 | (((( (((# #### | |/ /> _ >> https://percona.com/k8s <<< 22 | 23 | To get a PostgreSQL prompt inside your new cluster you can run: 24 | {{ $clusterName := include "pg-database.fullname" . }} 25 | {{- if .Values.users }} 26 | {{ $users := .Values.users }} {{ $firstUser := first $users }} {{ $userName := $firstUser.name }} 27 | PGBOUNCER_URI=$(kubectl -n {{ .Release.Namespace }} get secrets {{ $clusterName }}-pguser-{{ $userName }} -o jsonpath="{.data.pgbouncer-uri}" | base64 --decode) 28 | {{- else }} 29 | PGBOUNCER_URI=$(kubectl -n {{ .Release.Namespace }} get secrets {{ $clusterName }}-pguser-{{ $clusterName }} -o jsonpath="{.data.pgbouncer-uri}" | base64 --decode) 30 | {{- end }} 31 | 32 | And then connect to a cluster with a temporary Pod: 33 | 34 | $ kubectl run -i --rm --tty percona-client --image=perconalab/percona-distribution-postgresql:16 --restart=Never \ 35 | -- psql $PGBOUNCER_URI 36 | -------------------------------------------------------------------------------- /charts/pg-db/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pg-database.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pg-database.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 21 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 21 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 21 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pg-database.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 21 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "pg-database.labels" -}} 38 | app.kubernetes.io/name: {{ include "pg-database.name" . }} 39 | helm.sh/chart: {{ include "pg-database.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{- define "pg-database.backup-repos" -}} 48 | {{- if .Values.backups.pgbackrest.repos }} 49 | repos: 50 | {{- range $repo := .Values.backups.pgbackrest.repos }} 51 | {{- if or ($repo.s3) ($repo.gcs) }} 52 | {{- if $repo.endpoint }} 53 | endpoint: {{ $repo.endpoint }} 54 | {{- end }} 55 | {{- if $repo.region }} 56 | region: {{ $repo.region }} 57 | {{- end }} 58 | bucket: {{ $repo.bucket }} 59 | {{- end }} 60 | {{- if $repo.azure }} 61 | container: {{ $repo.container}} 62 | {{- end }} 63 | {{- end }} 64 | {{- end }} 65 | {{- end }} 66 | 67 | {{/* 68 | Common resources template 69 | */}} 70 | {{- define "pg-database.resources" -}} 71 | {{- if .resources }} 72 | resources: 73 | {{- if .resources.requests }} 74 | requests: 75 | cpu: {{ .resources.requests.cpu }} 76 | memory: {{ .resources.requests.memory }} 77 | {{- end }} 78 | {{- if .resources.limits }} 79 | limits: 80 | cpu: {{ .resources.limits.cpu }} 81 | memory: {{ .resources.limits.memory }} 82 | {{- end }} 83 | {{- end }} 84 | {{- end }} -------------------------------------------------------------------------------- /charts/pg-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: pg-operator 3 | description: 'A Helm chart to deploy the Percona Operator for PostgreSQL' 4 | type: application 5 | version: 2.6.0 6 | appVersion: 2.6.0 7 | home: https://docs.percona.com/percona-operator-for-postgresql/2.0/ 8 | maintainers: 9 | - name: spron-in 10 | email: sergey.pronin@percona.com 11 | - name: nmarukovich 12 | email: natalia.marukovich@gmail.com 13 | - name: jvpasinatto 14 | email: julio.pasinatto@percona.com 15 | keywords: 16 | - PostgreSQL 17 | - Operator 18 | - Database 19 | - Postgres 20 | - SQL 21 | - RDBMS 22 | -------------------------------------------------------------------------------- /charts/pg-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Percona Operator for PostgreSQL is deployed. 2 | See if the operator Pod is running: 3 | 4 | kubectl get pods -l app.kubernetes.io/name={{ include "postgres-operator.name" . }} --namespace {{ .Release.Namespace }} 5 | 6 | Check the operator logs if the Pod is not starting: 7 | 8 | export POD=$(kubectl get pods -l app.kubernetes.io/name={{ include "postgres-operator.name" . }} --namespace {{ .Release.Namespace }} --output name) 9 | kubectl logs $POD --namespace={{ .Release.Namespace }} 10 | 11 | 2. Deploy the database cluster from pg-db chart: 12 | 13 | helm install my-db percona/pg-db --namespace={{ .Release.Namespace }} 14 | 15 | Read more in our documentation: https://docs.percona.com/percona-operator-for-postgresql/2.0/ 16 | -------------------------------------------------------------------------------- /charts/pg-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "postgres-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 7 | {{- end }} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "postgres-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride }} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 17 | {{- else }} 18 | {{- $name := default .Chart.Name .Values.nameOverride }} 19 | {{- if contains $name .Release.Name }} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 21 | {{- else }} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 23 | {{- end }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "postgres-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 32 | {{- end }} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "postgres-operator.labels" -}} 38 | helm.sh/chart: {{ include "postgres-operator.chart" . }} 39 | {{ include "postgres-operator.selectorLabels" . }} 40 | {{- if .Chart.AppVersion }} 41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 42 | {{- end }} 43 | app.kubernetes.io/managed-by: {{ .Release.Service }} 44 | meta.helm.sh/release-name: {{ .Release.Name }} 45 | meta.helm.sh/release-namespace: {{ .Release.Namespace }} 46 | {{- end }} 47 | 48 | {{/* 49 | Selector labels 50 | */}} 51 | {{- define "postgres-operator.selectorLabels" -}} 52 | app.kubernetes.io/name: {{ include "postgres-operator.name" . }} 53 | app.kubernetes.io/instance: {{ .Release.Name }} 54 | {{- end }} 55 | 56 | 57 | {{/* 58 | Create the template for clusterroleName based on values.yaml parameters 59 | */}} 60 | {{- define "postgres-operator.clusterroleName" -}} 61 | {{- if .Values.rbac.useClusterAdmin -}} 62 | cluster-admin 63 | {{- else -}} 64 | {{ include "postgres-operator.fullname" . }}-cr 65 | {{- end }} 66 | {{- end }} 67 | 68 | {{/* 69 | Functions returns image URI according to parameters set 70 | */}} 71 | {{- define "postgres-operator.image" -}} 72 | {{- if .Values.image }} 73 | {{- .Values.image }} 74 | {{- else }} 75 | {{- printf "%s:%s" .Values.operatorImageRepository .Chart.AppVersion }} 76 | {{- end }} 77 | {{- end -}} 78 | -------------------------------------------------------------------------------- /charts/pg-operator/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "postgres-operator.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | --- 7 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 8 | kind: ClusterRoleBinding 9 | {{- else }} 10 | kind: RoleBinding 11 | {{- end }} 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | metadata: 14 | name: {{ include "postgres-operator.fullname" . }} 15 | {{- if not (or .Values.watchNamespace .Values.watchAllNamespaces) }} 16 | namespace: {{ .Release.Namespace }} 17 | {{- end }} 18 | labels: 19 | {{ include "postgres-operator.labels" . | indent 4 }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ include "postgres-operator.fullname" . }} 23 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 24 | namespace: {{ .Release.Namespace }} 25 | {{- end }} 26 | roleRef: 27 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 28 | kind: ClusterRole 29 | {{- else }} 30 | kind: Role 31 | {{- end }} 32 | name: {{ include "postgres-operator.fullname" . }} 33 | apiGroup: rbac.authorization.k8s.io 34 | -------------------------------------------------------------------------------- /charts/pg-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for pg-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | operatorImageRepository: percona/percona-postgresql-operator 8 | imagePullPolicy: IfNotPresent 9 | image: "" 10 | 11 | # set if you want to specify a namespace to watch 12 | # defaults to `.Release.namespace` if left blank 13 | # watchNamespace: 14 | 15 | # set if operator should be deployed in cluster wide mode. defaults to false 16 | watchAllNamespaces: false 17 | 18 | imagePullSecrets: [] 19 | nameOverride: "" 20 | fullnameOverride: "" 21 | 22 | resources: 23 | # We usually recommend not to specify default resources and to leave this as a conscious 24 | # choice for the user. This also increases chances charts run on environments with little 25 | # resources, such as Minikube. If you don't want to specify resources, comment the following 26 | # lines and add the curly braces after 'resources:'. 27 | limits: 28 | cpu: 200m 29 | memory: 500Mi 30 | requests: 31 | cpu: 100m 32 | memory: 20Mi 33 | 34 | nodeSelector: {} 35 | 36 | tolerations: [] 37 | 38 | affinity: {} 39 | 40 | podAnnotations: {} 41 | 42 | # disableTelemetry: according to 43 | # https://docs.percona.com/percona-operator-for-postgresql/2.0/telemetry.html 44 | # this is how you can disable telemetry collection 45 | # default is false which means telemetry will be collected 46 | disableTelemetry: false 47 | 48 | logStructured: false 49 | logLevel: "INFO" 50 | -------------------------------------------------------------------------------- /charts/pmm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/pmm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: pmm 3 | description: A Helm chart for Percona Monitoring and Management (PMM) 4 | type: application 5 | version: 1.4.5 6 | appVersion: "3.2.0" 7 | home: https://github.com/percona/pmm 8 | maintainers: 9 | - name: tplavcic 10 | email: tomislav.plavcic@percona.com 11 | - name: bupychuk 12 | email: nurlan.moldomurov@percona.com 13 | - name: spron-in 14 | email: sergey.pronin@percona.com 15 | keywords: 16 | - PMM 17 | - Monitoring 18 | icon: https://www.percona.com/sites/default/files/pmm-logo.png 19 | -------------------------------------------------------------------------------- /charts/pmm/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | Percona Monitoring and Management (PMM) 3 | 4 | An open source database monitoring, observability and management tool 5 | Check more info here: https://docs.percona.com/percona-monitoring-and-management/index.html 6 | 7 | Get the application URL: 8 | {{- if .Values.ingress.enabled }} 9 | {{- range $host := .Values.ingress.hosts }} 10 | {{- range .paths }} 11 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 12 | {{- end }} 13 | {{- end }} 14 | {{- else if contains "NodePort" .Values.service.type }} 15 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.service.name }}) 16 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 17 | echo https://$NODE_IP:$NODE_PORT 18 | {{- else if contains "LoadBalancer" .Values.service.type }} 19 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 20 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.service.name }}' 21 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.service.name }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") 22 | echo https://$SERVICE_IP:{{ .Values.service.port }} 23 | {{- else if contains "ClusterIP" .Values.service.type }} 24 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pmm.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 25 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") 26 | echo "Visit https://127.0.0.1:8080 to use your application" 27 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 28 | {{- end }} 29 | 30 | Get password for the "admin" user: 31 | export ADMIN_PASS=$(kubectl get secret pmm-secret --namespace {{ .Release.Namespace }} -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode) 32 | echo $ADMIN_PASS 33 | -------------------------------------------------------------------------------- /charts/pmm/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "pmm.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "pmm.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "pmm.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Allows overriding the install namespace in combined charts. 35 | */}} 36 | {{- define "pmm.namespace" -}} 37 | {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" }} 38 | {{- end }} 39 | 40 | {{/* 41 | Common labels 42 | */}} 43 | {{- define "pmm.labels" -}} 44 | helm.sh/chart: {{ include "pmm.chart" . }} 45 | {{ include "pmm.selectorLabels" . }} 46 | {{- if .Chart.AppVersion }} 47 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 48 | {{- end }} 49 | app.kubernetes.io/managed-by: {{ .Release.Service }} 50 | {{- end }} 51 | 52 | {{/* 53 | Selector labels 54 | */}} 55 | {{- define "pmm.selectorLabels" -}} 56 | app.kubernetes.io/name: {{ include "pmm.name" . }} 57 | app.kubernetes.io/instance: {{ .Release.Name }} 58 | app.kubernetes.io/component: pmm-server 59 | app.kubernetes.io/part-of: percona-platform 60 | {{- if .Values.extraLabels }} 61 | {{ toYaml .Values.extraLabels }} 62 | {{- end }} 63 | {{- end }} 64 | 65 | {{/* 66 | Create the name of the service account to use 67 | */}} 68 | {{- define "pmm.serviceAccountName" -}} 69 | {{- if .Values.serviceAccount.create }} 70 | {{- default (include "pmm.fullname" .) .Values.serviceAccount.name }} 71 | {{- else }} 72 | {{- default "default" .Values.serviceAccount.name }} 73 | {{- end }} 74 | {{- end }} 75 | 76 | {{/* 77 | Pod annotation 78 | */}} 79 | {{- define "pmm.podAnnotations" -}} 80 | app.kubernetes.io/managed-by: {{ .Release.Service }} 81 | helm.sh/chart: {{ include "pmm.chart" . }} 82 | checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 83 | {{- if .Values.podAnnotations }} 84 | {{ toYaml .Values.podAnnotations }} 85 | {{- end }} 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /charts/pmm/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "pmm.fullname" . }} 6 | namespace: {{ include "pmm.namespace" . }} 7 | labels: 8 | {{- include "pmm.labels" . | nindent 4 }} 9 | rules: 10 | # standard RBAC 11 | - apiGroups: [""] # "" indicates the core API group 12 | resources: 13 | - namespaces 14 | - endpoints 15 | - services 16 | - nodes 17 | - pods 18 | - secrets 19 | - serviceaccounts 20 | verbs: 21 | - get 22 | - watch 23 | - list 24 | - nonResourceURLs: 25 | - /metrics 26 | - /metrics/resources 27 | verbs: 28 | - get 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/pmm/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | {{- if .Values.pmmEnv.ENABLE_CLUSTER_ROLE_ADMIN -}} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: {{ include "pmm.fullname" . }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: cluster-admin 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ include "pmm.serviceAccountName" . }} 14 | namespace: {{ include "pmm.namespace" . }} 15 | {{- else }} 16 | apiVersion: rbac.authorization.k8s.io/v1 17 | kind: ClusterRoleBinding 18 | metadata: 19 | name: {{ include "pmm.fullname" . }} 20 | roleRef: 21 | apiGroup: rbac.authorization.k8s.io 22 | kind: ClusterRole 23 | name: {{ include "pmm.fullname" . }} 24 | subjects: 25 | - kind: ServiceAccount 26 | name: {{ include "pmm.serviceAccountName" . }} 27 | namespace: {{ include "pmm.namespace" . }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/pmm/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.pmmEnv -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "pmm.fullname" . }} 6 | namespace: {{ include "pmm.namespace" . }} 7 | labels: 8 | {{- include "pmm.labels" . | nindent 4 }} 9 | data: 10 | # environment passed to the PMM 11 | {{- with .Values.pmmEnv }} 12 | {{- . | toYaml | nindent 6 }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/pmm/templates/secret-certs.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.certs.name -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.certs.name }} 6 | namespace: {{ include "pmm.namespace" . }} 7 | labels: 8 | {{- include "pmm.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | type: Opaque 14 | data: 15 | # ngnix ssl certificates 16 | {{- with .Values.certs.files }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/pmm/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secret.create -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.secret.name }} 6 | namespace: {{ include "pmm.namespace" . }} 7 | labels: 8 | {{- include "pmm.labels" . | nindent 4 }} 9 | {{- with .Values.secret.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | type: Opaque 14 | data: 15 | # base64 encoded password 16 | # encode some password: `echo -n "admin" | base64` 17 | # to get the password on deployed cluster: `kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode` 18 | PMM_ADMIN_PASSWORD: {{ .Values.secret.pmm_password | default (randAscii 16) | b64enc | quote }} 19 | {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} 20 | GF_AUTH_GENERIC_OAUTH_CLIENT_ID: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_ID }} 21 | {{- end }} 22 | {{- if .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} 23 | GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.secret.GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/pmm/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- $serviceType := .Values.service.type -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ .Values.service.name }} 6 | namespace: {{ include "pmm.namespace" . }} 7 | labels: 8 | {{- include "pmm.labels" . | nindent 4 }} 9 | {{- with .Values.service.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 8 }} 12 | {{- end }} 13 | {{- with .Values.service.finalizers }} 14 | finalizers: 15 | {{- toYaml . | nindent 8 }} 16 | {{- end }} 17 | spec: 18 | type: {{ $serviceType | default "ClusterIP" }} 19 | {{- with .Values.service.ports }} 20 | ports: 21 | {{- toYaml . | nindent 8 }} 22 | {{- end }} 23 | selector: 24 | {{- include "pmm.selectorLabels" . | nindent 4 }} 25 | {{- if .Values.ingress.enabled }} 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: {{ .Values.service.name }}-grpc 31 | namespace: {{ include "pmm.namespace" . }} 32 | labels: 33 | {{- include "pmm.labels" . | nindent 4 }} 34 | {{- with .Values.service.annotations }} 35 | annotations: 36 | {{- toYaml . | nindent 8 }} 37 | {{- end }} 38 | {{- with .Values.service.finalizers }} 39 | finalizers: 40 | {{- toYaml . | nindent 8 }} 41 | {{- end }} 42 | spec: 43 | type: {{ $serviceType | default "ClusterIP" }} 44 | {{- with .Values.service.ports }} 45 | ports: 46 | {{- toYaml . | nindent 8 }} 47 | {{- end }} 48 | selector: 49 | {{- include "pmm.selectorLabels" . | nindent 4 }} 50 | --- 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /charts/pmm/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "pmm.serviceAccountName" . }} 6 | namespace: {{ include "pmm.namespace" . }} 7 | labels: 8 | {{- include "pmm.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | secrets: 14 | - name: {{ include "pmm.serviceAccountName" . }}-token 15 | --- 16 | apiVersion: v1 17 | kind: Secret 18 | type: kubernetes.io/service-account-token 19 | metadata: 20 | name: {{ include "pmm.serviceAccountName" . }}-token 21 | namespace: {{ include "pmm.namespace" . }} 22 | annotations: 23 | kubernetes.io/service-account.name: {{ include "pmm.serviceAccountName" . }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/ps-db/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/ps-db/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "0.10.0" 3 | description: A Helm chart for installing Percona Server Databases using the PS Operator. 4 | name: ps-db 5 | home: https://www.percona.com/doc/kubernetes-operator-for-mysql/ps 6 | version: 0.10.0 7 | maintainers: 8 | - name: jvpasinatto 9 | email: julio.pasinatto@percona.com 10 | - name: nmarukovich 11 | email: natalia.marukovich@percona.com 12 | - name: eleo007 13 | email: eleonora.zinchenko@percona.com 14 | -------------------------------------------------------------------------------- /charts/ps-db/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | # 2 | 3 | % _____ 4 | %%% | __ \ 5 | ###%%%%%%%%%%%%* | |__) |__ _ __ ___ ___ _ __ __ _ 6 | ### ##%% %%%% | ___/ _ \ '__/ __/ _ \| '_ \ / _` | 7 | #### ##% %%%% | | | __/ | | (_| (_) | | | | (_| | 8 | ### #### %%% |_| \___|_| \___\___/|_| |_|\__,_| 9 | ,((### ### %%% _ _ _____ _ 10 | (((( (### #### %%%% | | / _ \ / ____| | | 11 | ((( ((# ###### | | _| (_) |___ | (___ __ _ _ _ __ _ __| | 12 | (((( (((# #### | |/ /> _ >> https://percona.com/k8s <<< 22 | 23 | To get a MySQL prompt inside your new cluster you can run: 24 | 25 | ROOT_PASSWORD=$(kubectl -n {{ .Release.Namespace }} get secrets {{ include "ps-database.fullname" . }}-secrets -o jsonpath="{.data.root}" | base64 --decode) 26 | kubectl -n {{ .Release.Namespace }} exec -ti \ 27 | {{ include "ps-database.fullname" . }}-mysql-0 -- mysql -uroot -p"$ROOT_PASSWORD" 28 | 29 | -------------------------------------------------------------------------------- /charts/ps-db/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "ps-database.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "ps-database.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 21 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 21 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 21 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "ps-database.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 21 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "ps-database.labels" -}} 38 | app.kubernetes.io/name: {{ include "ps-database.name" . }} 39 | helm.sh/chart: {{ include "ps-database.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /charts/ps-db/templates/cluster-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.passwords }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | {{- if hasKey .Values "secretsName" }} 6 | name: {{ .Values.secretsName }} 7 | {{- else }} 8 | name: {{ include "ps-database.fullname" . }}-secrets 9 | {{- end }} 10 | namespace: {{ .Release.Namespace }} 11 | labels: 12 | {{ include "ps-database.labels" . | indent 4 }} 13 | type: Opaque 14 | stringData: 15 | {{ .Values.passwords | toYaml | indent 2 }} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/ps-db/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "ps-database.fullname" . }}-orchestrator 5 | namespace: {{ .Release.Namespace }} 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: RoleBinding 9 | metadata: 10 | name: {{ include "ps-database.fullname" . }}-orchestrator 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | {{ include "ps-database.labels" . | indent 4 }} 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: Role 17 | name: {{ include "ps-database.fullname" . }}-orchestrator 18 | subjects: 19 | - kind: ServiceAccount 20 | name: {{ include "ps-database.fullname" . }}-orchestrator 21 | -------------------------------------------------------------------------------- /charts/ps-db/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ include "ps-database.fullname" . }}-orchestrator 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "ps-database.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - pods 13 | verbs: 14 | - list 15 | - patch 16 | - apiGroups: 17 | - ps.percona.com 18 | resources: 19 | - perconaservermysqls 20 | verbs: 21 | - get 22 | -------------------------------------------------------------------------------- /charts/ps-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/ps-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "0.10.0" 3 | description: A Helm chart for Deploying the Percona Operator for MySQL (based on Percona Server for MySQL) 4 | name: ps-operator 5 | home: https://docs.percona.com/percona-operator-for-mysql/ps/ 6 | version: 0.10.0 7 | maintainers: 8 | - name: jvpasinatto 9 | email: julio.pasinatto@percona.com 10 | - name: nmarukovich 11 | email: natalia.marukovich@percona.com 12 | - name: eleo007 13 | email: eleonora.zinchenko@percona.com 14 | -------------------------------------------------------------------------------- /charts/ps-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Percona Operator for MySQL is deployed. 2 | See if the operator Pod is running: 3 | 4 | kubectl get pods -l app.kubernetes.io/name=ps-operator --namespace {{ .Release.Namespace }} 5 | 6 | Check the operator logs if the Pod is not starting: 7 | 8 | export POD=$(kubectl get pods -l app.kubernetes.io/name=ps-operator --namespace {{ .Release.Namespace }} --output name) 9 | kubectl logs $POD --namespace={{ .Release.Namespace }} 10 | 11 | 2. Deploy the database cluster from ps-db chart: 12 | 13 | helm install my-db percona/ps-db --namespace={{ .Release.Namespace }} 14 | 15 | Read more in our documentation: https://docs.percona.com/percona-operator-for-mysql/ps/ 16 | -------------------------------------------------------------------------------- /charts/ps-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "ps-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "ps-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "ps-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "ps-operator.labels" -}} 38 | app.kubernetes.io/name: {{ include "ps-operator.name" . }} 39 | helm.sh/chart: {{ include "ps-operator.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /charts/ps-operator/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | controller_manager_config.yaml: | 4 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 5 | kind: ControllerManagerConfig 6 | health: 7 | healthProbeBindAddress: :8081 8 | metrics: 9 | bindAddress: 127.0.0.1:8080 10 | webhook: 11 | port: 9443 12 | leaderElection: 13 | leaderElect: true 14 | resourceName: 08db2feb.percona.com 15 | kind: ConfigMap 16 | metadata: 17 | name: {{ include "ps-operator.fullname" . }}-config 18 | namespace: {{ .Release.Namespace }} 19 | -------------------------------------------------------------------------------- /charts/ps-operator/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "ps-operator.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "ps-operator.labels" . | indent 4 }} 8 | spec: 9 | replicas: {{ .Values.replicaCount }} 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: {{ include "ps-operator.name" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | strategy: 15 | rollingUpdate: 16 | maxUnavailable: 1 17 | type: RollingUpdate 18 | template: 19 | metadata: 20 | labels: 21 | app.kubernetes.io/name: {{ include "ps-operator.name" . }} 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | spec: 24 | containers: 25 | - args: 26 | - --leader-elect 27 | command: 28 | - /usr/local/bin/percona-server-mysql-operator 29 | env: 30 | - name: LOG_STRUCTURED 31 | value: "{{ .Values.env.logStructured }}" 32 | - name: LOG_LEVEL 33 | value: "{{ .Values.env.logLevel }}" 34 | - name: WATCH_NAMESPACE 35 | valueFrom: 36 | fieldRef: 37 | apiVersion: v1 38 | fieldPath: metadata.namespace 39 | - name: DISABLE_TELEMETRY 40 | value: "{{ .Values.disableTelemetry }}" 41 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 42 | imagePullPolicy: Always 43 | livenessProbe: 44 | httpGet: 45 | path: /healthz 46 | port: 8081 47 | initialDelaySeconds: 15 48 | periodSeconds: 20 49 | name: manager 50 | readinessProbe: 51 | httpGet: 52 | path: /readyz 53 | port: 8081 54 | initialDelaySeconds: 5 55 | periodSeconds: 10 56 | resources: 57 | {{- toYaml .Values.resources | nindent 10 }} 58 | securityContext: 59 | allowPrivilegeEscalation: false 60 | securityContext: 61 | runAsNonRoot: true 62 | serviceAccountName: {{ include "ps-operator.fullname" . }} 63 | {{- with .Values.imagePullSecrets }} 64 | imagePullSecrets: 65 | {{- toYaml . | nindent 8 }} 66 | {{- end }} 67 | terminationGracePeriodSeconds: 10 68 | {{- with .Values.nodeSelector }} 69 | nodeSelector: 70 | {{- toYaml . | nindent 8 }} 71 | {{- end }} 72 | {{- with .Values.affinity }} 73 | affinity: 74 | {{- toYaml . | nindent 8 }} 75 | {{- end }} 76 | {{- with .Values.tolerations }} 77 | tolerations: 78 | {{- toYaml . | nindent 8 }} 79 | {{- end }} 80 | -------------------------------------------------------------------------------- /charts/ps-operator/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ps-operator.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | --- 8 | {{- end }} 9 | {{- if .Values.rbac.create }} 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: RoleBinding 12 | metadata: 13 | name: {{ include "ps-operator.fullname" . }}-leaderelection 14 | {{- if .Values.watchNamespace }} 15 | namespace: {{ .Values.watchNamespace }} 16 | {{- else }} 17 | namespace: {{ .Release.Namespace }} 18 | {{- end }} 19 | labels: 20 | {{ include "ps-operator.labels" . | indent 4 }} 21 | roleRef: 22 | apiGroup: rbac.authorization.k8s.io 23 | {{- if .Values.watchNamespace }} 24 | kind: ClusterRole 25 | {{- else }} 26 | kind: Role 27 | {{- end }} 28 | name: {{ include "ps-operator.fullname" . }}-leaderelection 29 | subjects: 30 | - kind: ServiceAccount 31 | name: {{ include "ps-operator.fullname" . }} 32 | --- 33 | apiVersion: rbac.authorization.k8s.io/v1 34 | kind: RoleBinding 35 | metadata: 36 | name: {{ include "ps-operator.fullname" . }} 37 | {{- if .Values.watchNamespace }} 38 | namespace: {{ .Values.watchNamespace }} 39 | {{- else }} 40 | namespace: {{ .Release.Namespace }} 41 | {{- end }} 42 | labels: 43 | {{ include "ps-operator.labels" . | indent 4 }} 44 | roleRef: 45 | apiGroup: rbac.authorization.k8s.io 46 | {{- if .Values.watchNamespace }} 47 | kind: ClusterRole 48 | {{- else }} 49 | kind: Role 50 | {{- end }} 51 | name: {{ include "ps-operator.fullname" . }} 52 | subjects: 53 | - kind: ServiceAccount 54 | name: {{ include "ps-operator.fullname" . }} 55 | {{- end }} 56 | -------------------------------------------------------------------------------- /charts/ps-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for ps-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: percona/percona-server-mysql-operator 9 | tag: 0.10.0 10 | pullPolicy: IfNotPresent 11 | 12 | imagePullSecrets: [] 13 | nameOverride: "" 14 | fullnameOverride: "" 15 | 16 | # rbac: settings for deployer RBAC creation 17 | rbac: 18 | # rbac.create: if false RBAC resources should be in place 19 | create: true 20 | 21 | # serviceAccount: settings for Service Accounts used by the deployer 22 | serviceAccount: 23 | # serviceAccount.create: Whether to create the Service Accounts or not 24 | create: true 25 | 26 | env: 27 | logStructured: false 28 | logLevel: "INFO" 29 | 30 | resources: {} 31 | # We usually recommend not to specify default resources and to leave this as a conscious 32 | # choice for the user. This also increases chances charts run on environments with little 33 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 34 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 35 | # limits: 36 | # cpu: 100m 37 | # memory: 128Mi 38 | # requests: 39 | # cpu: 100m 40 | # memory: 128Mi 41 | 42 | nodeSelector: {} 43 | 44 | tolerations: [] 45 | 46 | affinity: {} 47 | 48 | disableTelemetry: false 49 | -------------------------------------------------------------------------------- /charts/psmdb-db/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/psmdb-db/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.20.1" 3 | description: A Helm chart for installing Percona Server MongoDB Cluster Databases using the PSMDB Operator. 4 | name: psmdb-db 5 | home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html 6 | version: 1.20.1 7 | maintainers: 8 | - name: nmarukovich 9 | email: natalia.marukovich@percona.com 10 | - name: jvpasinatto 11 | email: julio.pasinatto@percona.com 12 | - name: eleo007 13 | email: eleonora.zinchenko@percona.com 14 | -------------------------------------------------------------------------------- /charts/psmdb-db/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | # 2 | 3 | % _____ 4 | %%% | __ \ 5 | ###%%%%%%%%%%%%* | |__) |__ _ __ ___ ___ _ __ __ _ 6 | ### ##%% %%%% | ___/ _ \ '__/ __/ _ \| '_ \ / _` | 7 | #### ##% %%%% | | | __/ | | (_| (_) | | | | (_| | 8 | ### #### %%% |_| \___|_| \___\___/|_| |_|\__,_| 9 | ,((### ### %%% _ _ _____ _ 10 | (((( (### #### %%%% | | / _ \ / ____| | | 11 | ((( ((# ###### | | _| (_) |___ | (___ __ _ _ _ __ _ __| | 12 | (((( (((# #### | |/ /> _ >> https://percona.com/k8s <<< 22 | 23 | Percona Server for MongoDB cluster is deployed now. Get the username and password: 24 | 25 | ADMIN_USER=$(kubectl -n {{ .Release.Namespace }} get secrets {{ include "psmdb-database.fullname" . }}-secrets -o jsonpath="{.data.MONGODB_USER_ADMIN_USER}" | base64 --decode) 26 | ADMIN_PASSWORD=$(kubectl -n {{ .Release.Namespace }} get secrets {{ include "psmdb-database.fullname" . }}-secrets -o jsonpath="{.data.MONGODB_USER_ADMIN_PASSWORD}" | base64 --decode) 27 | 28 | Connect to the cluster: 29 | {{- if .Values.sharding.enabled }} 30 | 31 | kubectl run -i --rm --tty percona-client --image=percona/percona-server-mongodb:7.0 --restart=Never \ 32 | -- mongosh "mongodb://${ADMIN_USER}:${ADMIN_PASSWORD}@{{ include "psmdb-database.fullname" . }}-mongos.{{ .Release.Namespace }}.svc.cluster.local/admin?ssl=false" 33 | 34 | {{- else }} 35 | 36 | kubectl run -i --rm --tty percona-client --image=percona/percona-server-mongodb:7.0 --restart=Never \ 37 | -- mongosh "mongodb+srv://${ADMIN_USER}:${ADMIN_PASSWORD}@{{ include "psmdb-database.fullname" . }}-{{ .Values.replsets.rs0.name }}.{{ .Release.Namespace }}.svc.cluster.local/admin?replicaSet=rs0&ssl=false" 38 | 39 | {{- end }} 40 | 41 | -------------------------------------------------------------------------------- /charts/psmdb-db/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "psmdb-database.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "psmdb-database.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 21 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 21 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 21 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "psmdb-database.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 21 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "psmdb-database.labels" -}} 38 | app.kubernetes.io/name: {{ include "psmdb-database.name" . }} 39 | helm.sh/chart: {{ include "psmdb-database.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /charts/psmdb-db/templates/cluster-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasKey .Values "systemUsers" }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "psmdb-database.fullname" . }}-secrets 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "psmdb-database.labels" . | indent 4 }} 9 | type: Opaque 10 | stringData: 11 | {{ .Values.systemUsers | toYaml | indent 2 }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/psmdb-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/psmdb-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: "1.20.1" 3 | description: A Helm chart for deploying the Percona Operator for MongoDB 4 | name: psmdb-operator 5 | home: https://docs.percona.com/percona-operator-for-mongodb/ 6 | version: 1.20.1 7 | maintainers: 8 | - name: nmarukovich 9 | email: natalia.marukovich@percona.com 10 | - name: jvpasinatto 11 | email: julio.pasinatto@percona.com 12 | - name: eleo007 13 | email: eleonora.zinchenko@percona.com 14 | -------------------------------------------------------------------------------- /charts/psmdb-operator/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2019 Paul Czarkowski 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /charts/psmdb-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Percona Operator for MongoDB is deployed. 2 | See if the operator Pod is running: 3 | 4 | kubectl get pods -l app.kubernetes.io/name=psmdb-operator --namespace {{ .Release.Namespace }} 5 | 6 | Check the operator logs if the Pod is not starting: 7 | 8 | export POD=$(kubectl get pods -l app.kubernetes.io/name=psmdb-operator --namespace {{ .Release.Namespace }} --output name) 9 | kubectl logs $POD --namespace={{ .Release.Namespace }} 10 | 11 | 2. Deploy the database cluster from psmdb-db chart: 12 | 13 | helm install my-db percona/psmdb-db --namespace={{ .Release.Namespace }} 14 | 15 | Read more in our documentation: https://docs.percona.com/percona-operator-for-mongodb/ 16 | -------------------------------------------------------------------------------- /charts/psmdb-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "psmdb-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "psmdb-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "psmdb-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "psmdb-operator.labels" -}} 38 | app.kubernetes.io/name: {{ include "psmdb-operator.name" . }} 39 | helm.sh/chart: {{ include "psmdb-operator.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | -------------------------------------------------------------------------------- /charts/psmdb-operator/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.watchNamespace .Values.createNamespace }} 2 | {{ range ( split "," .Values.watchNamespace ) }} 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: {{ trim . }} 7 | annotations: 8 | helm.sh/resource-policy: keep 9 | --- 10 | {{ end }} 11 | {{ end }} 12 | -------------------------------------------------------------------------------- /charts/psmdb-operator/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "psmdb-operator.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | {{- with .Values.serviceAccount.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | --- 12 | {{- end }} 13 | {{- if .Values.rbac.create }} 14 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 15 | kind: ClusterRoleBinding 16 | {{- else }} 17 | kind: RoleBinding 18 | {{- end }} 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | metadata: 21 | name: service-account-{{ include "psmdb-operator.fullname" . }} 22 | {{- if not (or .Values.watchNamespace .Values.watchAllNamespaces) }} 23 | namespace: {{ .Release.Namespace }} 24 | {{- end }} 25 | labels: 26 | {{ include "psmdb-operator.labels" . | indent 4 }} 27 | subjects: 28 | - kind: ServiceAccount 29 | name: {{ include "psmdb-operator.fullname" . }} 30 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 31 | namespace: {{ .Release.Namespace }} 32 | {{- end }} 33 | roleRef: 34 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 35 | kind: ClusterRole 36 | {{- else }} 37 | kind: Role 38 | {{- end }} 39 | name: {{ include "psmdb-operator.fullname" . }} 40 | apiGroup: rbac.authorization.k8s.io 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/psmdb-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for psmdb-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: percona/percona-server-mongodb-operator 9 | tag: 1.20.1 10 | pullPolicy: IfNotPresent 11 | 12 | # disableTelemetry: according to 13 | # https://docs.percona.com/percona-operator-for-mongodb/telemetry.html 14 | # this is how you can disable telemetry collection 15 | # default is false which means telemetry will be collected 16 | disableTelemetry: false 17 | 18 | # set if you want to specify a namespace to watch 19 | # defaults to `.Release.namespace` if left blank 20 | # multiple namespaces can be specified and separated by comma 21 | # watchNamespace: 22 | # set if you want that watched namespaces are created by helm 23 | # createNamespace: false 24 | 25 | # set if operator should be deployed in cluster wide mode. defaults to false 26 | watchAllNamespaces: false 27 | 28 | # rbac: settings for deployer RBAC creation 29 | rbac: 30 | # rbac.create: if false RBAC resources should be in place 31 | create: true 32 | 33 | # serviceAccount: settings for Service Accounts used by the deployer 34 | serviceAccount: 35 | # serviceAccount.create: Whether to create the Service Accounts or not 36 | create: true 37 | # annotations to add to the service account 38 | annotations: {} 39 | 40 | # annotations to add to the operator deployment 41 | annotations: {} 42 | 43 | # labels to add to the operator deployment 44 | labels: {} 45 | 46 | # annotations to add to the operator pod 47 | podAnnotations: {} 48 | # prometheus.io/scrape: "true" 49 | # prometheus.io/port: "8080" 50 | 51 | # labels to the operator pod 52 | podLabels: {} 53 | 54 | podSecurityContext: {} 55 | # runAsNonRoot: true 56 | # runAsUser: 2 57 | # runAsGroup: 2 58 | # fsGroup: 2 59 | # fsGroupChangePolicy: "OnRootMismatch" 60 | 61 | securityContext: {} 62 | # allowPrivilegeEscalation: false 63 | # capabilities: 64 | # drop: 65 | # - ALL 66 | # seccompProfile: 67 | # type: RuntimeDefault 68 | 69 | # set if you want to use a different operator name 70 | # defaults to `percona-server-mongodb-operator` 71 | # operatorName: 72 | 73 | imagePullSecrets: [] 74 | nameOverride: "" 75 | fullnameOverride: "" 76 | 77 | env: 78 | resyncPeriod: 5s 79 | 80 | resources: {} 81 | # We usually recommend not to specify default resources and to leave this as a conscious 82 | # choice for the user. This also increases chances charts run on environments with little 83 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 84 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 85 | # limits: 86 | # cpu: 100m 87 | # memory: 128Mi 88 | # requests: 89 | # cpu: 100m 90 | # memory: 128Mi 91 | 92 | nodeSelector: {} 93 | 94 | tolerations: [] 95 | 96 | affinity: {} 97 | 98 | logStructured: false 99 | logLevel: "INFO" 100 | -------------------------------------------------------------------------------- /charts/pxc-db/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/pxc-db/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.17.0 3 | description: A Helm chart for installing Percona XtraDB Cluster Databases using the PXC Operator. 4 | name: pxc-db 5 | home: https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html 6 | version: 1.17.1 7 | maintainers: 8 | - name: eleo007 9 | email: eleonora.zinchenko@percona.com 10 | - name: nmarukovich 11 | email: natalia.marukovich@percona.com 12 | - name: jvpasinatto 13 | email: julio.pasinatto@percona.com 14 | icon: https://artifacthub.io/image/0b8875cd-6661-4269-9cf6-0fd92d59017b@1x 15 | -------------------------------------------------------------------------------- /charts/pxc-db/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | # 2 | 3 | % _____ 4 | %%% | __ \ 5 | ###%%%%%%%%%%%%* | |__) |__ _ __ ___ ___ _ __ __ _ 6 | ### ##%% %%%% | ___/ _ \ '__/ __/ _ \| '_ \ / _` | 7 | #### ##% %%%% | | | __/ | | (_| (_) | | | | (_| | 8 | ### #### %%% |_| \___|_| \___\___/|_| |_|\__,_| 9 | ,((### ### %%% _ _ _____ _ 10 | (((( (### #### %%%% | | / _ \ / ____| | | 11 | ((( ((# ###### | | _| (_) |___ | (___ __ _ _ _ __ _ __| | 12 | (((( (((# #### | |/ /> _ >> https://percona.com/k8s <<< 22 | 23 | 1. To get a MySQL prompt inside your new cluster you can run: 24 | 25 | {{- if hasKey .Values.pxc "clusterSecretName" }} 26 | ROOT_PASSWORD=`kubectl -n {{ .Release.Namespace }} get secrets {{ .Values.pxc.clusterSecretName }} -o jsonpath="{.data.root}" | base64 --decode` 27 | kubectl -n {{ .Release.Namespace }} exec -ti \ 28 | {{ include "pxc-database.fullname" . }}-pxc-0 -c pxc -- mysql -uroot -p"$ROOT_PASSWORD" 29 | {{- else }} 30 | ROOT_PASSWORD=`kubectl -n {{ .Release.Namespace }} get secrets {{ include "pxc-database.fullname" . }}-secrets -o jsonpath="{.data.root}" | base64 --decode` 31 | kubectl -n {{ .Release.Namespace }} exec -ti \ 32 | {{ include "pxc-database.fullname" . }}-pxc-0 -c pxc -- mysql -uroot -p"$ROOT_PASSWORD" 33 | {{- end }} 34 | 35 | 36 | 2. To connect an Application running in the same Kubernetes cluster you can connect with: 37 | 38 | {{- if hasKey .Values.pxc "clusterSecretName" }} 39 | ROOT_PASSWORD=`kubectl -n {{ .Release.Namespace }} get secrets {{ .Values.pxc.clusterSecretName }} -o jsonpath="{.data.root}" | base64 --decode` 40 | {{- else }} 41 | ROOT_PASSWORD=`kubectl -n {{ .Release.Namespace }} get secrets {{ include "pxc-database.fullname" . }}-secrets -o jsonpath="{.data.root}" | base64 --decode` 42 | {{- end }} 43 | 44 | 45 | {{- if .Values.proxysql.enabled }} 46 | 47 | kubectl run -i --tty --rm percona-client --image=percona --restart=Never \ 48 | -- mysql -h {{ template "pxc-database.fullname" . }}-proxysql.{{ .Release.Namespace }}.svc.cluster.local -uroot -p"$ROOT_PASSWORD" 49 | 50 | {{- else }} 51 | 52 | kubectl run -i --tty --rm percona-client --image=percona --restart=Never \ 53 | -- mysql -h {{ template "pxc-database.fullname" . }}-haproxy.{{ .Release.Namespace }}.svc.cluster.local -uroot -p"$ROOT_PASSWORD" 54 | 55 | {{- end }} 56 | 57 | -------------------------------------------------------------------------------- /charts/pxc-db/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pxc-database.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pxc-database.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 21 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 21 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 21 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pxc-database.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 21 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "pxc-database.labels" -}} 38 | app.kubernetes.io/name: {{ include "pxc-database.name" . }} 39 | helm.sh/chart: {{ include "pxc-database.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | This filters the backup.storages hash for S3 credentials. If we detect them, they go in a separate secret. 49 | */}} 50 | {{- define "pxc-database.storages" -}} 51 | {{- $storages := dict -}} 52 | {{- range $key, $value := .Values.backup.storages -}} 53 | {{- if and (hasKey $value "type") (eq $value.type "s3") (hasKey $value "s3") (hasKey (index $value "s3") "credentialsAccessKey") (hasKey (index $value "s3") "credentialsSecretKey") }} 54 | {{- if hasKey (index $value "s3") "credentialsSecret" -}} 55 | {{- fail "credentialsSecret and credentialsAccessKey/credentialsSecretKey isn't supported!" -}} 56 | {{- end -}} 57 | {{- $secretName := printf "%s-s3-%s" (include "pxc-database.fullname" $) $key -}} 58 | {{- $s3 := set (omit (index $value "s3") "credentialsAccessKey" "credentialsSecretKey") "credentialsSecret" $secretName -}} 59 | {{- $_value := set (omit $value "s3") "s3" $s3 -}} 60 | {{- $_ := set $storages $key $_value -}} 61 | {{- else -}} 62 | {{- $_ := set $storages $key $value -}} 63 | {{- end -}} 64 | {{- end -}} 65 | {{- $storages | toYaml -}} 66 | {{- end -}} 67 | 68 | {{/* 69 | Functions returns image URI according to parameters set 70 | */}} 71 | {{- define "pxc-db.operator-image" -}} 72 | {{- if .Values.image }} 73 | {{- .Values.image }} 74 | {{- else }} 75 | {{- printf "%s:%s" .Values.operatorImageRepository .Chart.AppVersion }} 76 | {{- end }} 77 | {{- end -}} 78 | -------------------------------------------------------------------------------- /charts/pxc-db/templates/cluster-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if hasKey .Values.secrets "passwords" }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | {{- if hasKey .Values.pxc "clusterSecretName" }} 6 | name: {{ .Values.pxc.clusterSecretName }} 7 | {{- else }} 8 | name: {{ include "pxc-database.fullname" . }}-secrets 9 | {{- end }} 10 | namespace: {{ .Release.Namespace }} 11 | labels: 12 | {{ include "pxc-database.labels" . | indent 4 }} 13 | type: Opaque 14 | data: 15 | root: {{ .Values.secrets.passwords.root | b64enc }} 16 | xtrabackup: {{ .Values.secrets.passwords.xtrabackup | b64enc }} 17 | monitor: {{ .Values.secrets.passwords.monitor | b64enc }} 18 | proxyadmin: {{ .Values.secrets.passwords.proxyadmin | b64enc }} 19 | {{- if hasKey .Values.secrets.passwords "pmmserverkey" }} 20 | pmmserverkey: {{ .Values.secrets.passwords.pmmserverkey | b64enc }} 21 | {{- else if hasKey .Values.secrets.passwords "pmmserver" }} 22 | pmmserver: {{ .Values.secrets.passwords.pmmserver | b64enc }} 23 | {{- end}} 24 | operator: {{ .Values.secrets.passwords.operator | b64enc }} 25 | replication: {{ .Values.secrets.passwords.replication | b64enc }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/pxc-db/templates/cluster-ssl-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tls.enabled }} 2 | 3 | {{- if not .Values.pxc.certManager }} 4 | 5 | {{- $nameDB := printf "%s" (include "pxc-database.fullname" .) }} 6 | {{ $ca := genCA (printf "%s-ca" $nameDB ) 1095 }} 7 | {{ $caCert := $ca.Cert | toString | b64enc }} 8 | 9 | {{- $certName := printf "%s-proxysql" $nameDB }} 10 | {{- $altNames := list ( printf "%s-pxc" $nameDB ) ( printf "*.%s-pxc" $nameDB ) ( printf "*.%s-proxysql" $nameDB ) -}} 11 | {{ $cert := genSignedCert $certName nil $altNames 365 $ca }} 12 | {{ $tlsCert := $cert.Cert | toString | b64enc }} 13 | {{ $tlsKey := $cert.Key | toString | b64enc }} 14 | 15 | {{- $internalCertName := printf "%s-pxc" $nameDB }} 16 | {{- $internalAltNames := list ( printf "%s" $internalCertName ) ( printf "*.%s" $internalCertName ) ( printf "%s-haproxy-replicas.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas" $nameDB ) ( printf "%s-haproxy.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy" $nameDB ) -}} 17 | {{ $internalTLS := genSignedCert $internalCertName nil $internalAltNames 365 $ca }} 18 | {{ $internalTLSCert := $internalTLS.Cert | toString | b64enc }} 19 | {{ $internalTLSKey := $internalTLS.Key | toString | b64enc }} 20 | 21 | {{- $existingCert := (lookup "v1" "Secret" .Release.Namespace (printf "%s-ssl" $nameDB)) }} 22 | {{- if $existingCert }} 23 | {{- $caCert = index $existingCert.data "ca.crt" }} 24 | {{- $tlsCert = index $existingCert.data "tls.crt" }} 25 | {{- $tlsKey = index $existingCert.data "tls.key" }} 26 | {{- end -}} 27 | 28 | {{- $existingInternalCert := (lookup "v1" "Secret" .Release.Namespace (printf "%s-ssl-internal" $nameDB)) }} 29 | {{- if $existingInternalCert }} 30 | {{- $caCert = index $existingInternalCert.data "ca.crt" }} 31 | {{- $internalTLSCert = index $existingInternalCert.data "tls.crt" }} 32 | {{- $internalTLSKey = index $existingInternalCert.data "tls.key" }} 33 | {{- end -}} 34 | 35 | {{- if not (hasKey .Values.secrets.tls "cluster") }} 36 | --- 37 | apiVersion: v1 38 | kind: Secret 39 | metadata: 40 | name: {{ $nameDB }}-ssl 41 | namespace: {{ .Release.Namespace }} 42 | annotations: 43 | helm.sh/resource-policy: keep 44 | labels: 45 | {{ include "pxc-database.labels" . | indent 4 }} 46 | type: kubernetes.io/tls 47 | data: 48 | ca.crt: {{ $caCert }} 49 | tls.crt: {{ $tlsCert }} 50 | tls.key: {{ $tlsKey }} 51 | {{- end -}} 52 | 53 | {{- if not (hasKey .Values.secrets.tls "internal") }} 54 | --- 55 | apiVersion: v1 56 | kind: Secret 57 | metadata: 58 | name: {{ $nameDB }}-ssl-internal 59 | namespace: {{ .Release.Namespace }} 60 | annotations: 61 | helm.sh/resource-policy: keep 62 | labels: 63 | {{ include "pxc-database.labels" . | indent 4 }} 64 | type: kubernetes.io/tls 65 | data: 66 | ca.crt: {{ $caCert }} 67 | tls.crt: {{ $internalTLSCert }} 68 | tls.key: {{ $internalTLSKey }} 69 | {{- end -}} 70 | 71 | {{- /* cert-manager enabled */}} 72 | {{- end -}} 73 | 74 | {{- /* tls disabled */}} 75 | {{- end -}} 76 | -------------------------------------------------------------------------------- /charts/pxc-db/templates/s3-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- range $key, $value := .Values.backup.storages }} 2 | {{- if and (hasKey $value "type") (eq $value.type "s3") (hasKey $value "s3") (hasKey (index $value "s3") "credentialsAccessKey") (hasKey (index $value "s3") "credentialsSecretKey") }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ include "pxc-database.fullname" $ }}-s3-{{ $key }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | {{ include "pxc-database.labels" $ | indent 4 }} 11 | type: Opaque 12 | data: 13 | AWS_ACCESS_KEY_ID: {{ index $value "s3" "credentialsAccessKey" | b64enc }} 14 | AWS_SECRET_ACCESS_KEY: {{ index $value "s3" "credentialsSecretKey" | b64enc }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/pxc-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/pxc-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.17.0 3 | description: A Helm chart for deploying the Percona Operator for MySQL (based on Percona XtraDB Cluster) 4 | name: pxc-operator 5 | home: https://docs.percona.com/percona-operator-for-mysql/pxc/ 6 | version: 1.17.0 7 | maintainers: 8 | - name: nmarukovich 9 | email: natalia.marukovich@percona.com 10 | - name: eleo007 11 | email: eleonora.zinchenko@percona.com 12 | - name: jvpasinatto 13 | email: julio.pasinatto@percona.com 14 | icon: https://artifacthub.io/image/0b8875cd-6661-4269-9cf6-0fd92d59017b@1x 15 | -------------------------------------------------------------------------------- /charts/pxc-operator/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2019 Paul Czarkowski 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. -------------------------------------------------------------------------------- /charts/pxc-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Percona Operator for MySQL is deployed. 2 | 3 | Check if operator Pod is running: 4 | 5 | kubectl get pods -l app.kubernetes.io/name={{ template "pxc-operator.name" . }} --namespace {{ .Release.Namespace }} 6 | 7 | Troubleshoot by checking the logs: 8 | 9 | export POD=$(kubectl get pods -l app.kubernetes.io/name={{ template "pxc-operator.name" . }} --namespace {{ .Release.Namespace }} --output name) 10 | kubectl logs $POD --namespace={{ .Release.Namespace }} 11 | 12 | 2. Deploy the cluster with the following command: 13 | 14 | helm install my-db percona/pxc-db --namespace={{ .Release.Namespace }} 15 | 16 | Read more in our documentation: https://docs.percona.com/percona-operator-for-mysql/pxc/ 17 | -------------------------------------------------------------------------------- /charts/pxc-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "pxc-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "pxc-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "pxc-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "pxc-operator.labels" -}} 38 | app.kubernetes.io/name: {{ include "pxc-operator.name" . }} 39 | helm.sh/chart: {{ include "pxc-operator.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Functions returns image URI according to parameters set 49 | */}} 50 | {{- define "pxc-operator.image" -}} 51 | {{- if .Values.image }} 52 | {{- .Values.image }} 53 | {{- else }} 54 | {{- printf "%s:%s" .Values.operatorImageRepository .Chart.AppVersion }} 55 | {{- end }} 56 | {{- end -}} -------------------------------------------------------------------------------- /charts/pxc-operator/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.watchNamespace .Values.createNamespace }} 2 | {{ range ( split "," .Values.watchNamespace ) }} 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: {{ trim . }} 7 | annotations: 8 | helm.sh/resource-policy: keep 9 | --- 10 | {{ end }} 11 | {{ end }} 12 | -------------------------------------------------------------------------------- /charts/pxc-operator/templates/role-binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "pxc-operator.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | --- 8 | {{- end }} 9 | {{- if .Values.rbac.create }} 10 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 11 | kind: ClusterRoleBinding 12 | {{- else }} 13 | kind: RoleBinding 14 | {{- end }} 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | metadata: 17 | name: {{ include "pxc-operator.fullname" . }} 18 | {{- if not (or .Values.watchNamespace .Values.watchAllNamespaces) }} 19 | namespace: {{ .Release.Namespace }} 20 | {{- end }} 21 | labels: 22 | {{ include "pxc-operator.labels" . | indent 4 }} 23 | subjects: 24 | - kind: ServiceAccount 25 | name: {{ include "pxc-operator.fullname" . }} 26 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 27 | namespace: {{ .Release.Namespace }} 28 | {{- end }} 29 | roleRef: 30 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 31 | kind: ClusterRole 32 | {{- else }} 33 | kind: Role 34 | {{- end }} 35 | name: {{ include "pxc-operator.fullname" . }} 36 | apiGroup: rbac.authorization.k8s.io 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /charts/pxc-operator/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 3 | kind: ClusterRole 4 | {{- else }} 5 | kind: Role 6 | {{- end }} 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | metadata: 9 | name: {{ include "pxc-operator.fullname" . }} 10 | {{- if not (or .Values.watchNamespace .Values.watchAllNamespaces) }} 11 | namespace: {{ .Release.Namespace }} 12 | {{- end }} 13 | labels: 14 | {{ include "pxc-operator.labels" . | indent 4 }} 15 | rules: 16 | - apiGroups: 17 | - pxc.percona.com 18 | resources: 19 | - perconaxtradbclusters 20 | - perconaxtradbclusters/status 21 | - perconaxtradbclusterbackups 22 | - perconaxtradbclusterbackups/status 23 | - perconaxtradbclusterrestores 24 | - perconaxtradbclusterrestores/status 25 | - perconaxtradbclusterrestores/finalizers 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - create 31 | - update 32 | - patch 33 | - delete 34 | {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} 35 | - apiGroups: 36 | - admissionregistration.k8s.io 37 | resources: 38 | - validatingwebhookconfigurations 39 | verbs: 40 | - get 41 | - list 42 | - watch 43 | - create 44 | - update 45 | - patch 46 | - delete 47 | {{- end }} 48 | - apiGroups: 49 | - "" 50 | resources: 51 | - pods 52 | - pods/exec 53 | - pods/log 54 | - configmaps 55 | - services 56 | - persistentvolumeclaims 57 | - secrets 58 | verbs: 59 | - get 60 | - list 61 | - watch 62 | - create 63 | - update 64 | - patch 65 | - delete 66 | - apiGroups: 67 | - apps 68 | resources: 69 | - deployments 70 | - replicasets 71 | - statefulsets 72 | verbs: 73 | - get 74 | - list 75 | - watch 76 | - create 77 | - update 78 | - patch 79 | - delete 80 | - apiGroups: 81 | - batch 82 | resources: 83 | - jobs 84 | - cronjobs 85 | verbs: 86 | - get 87 | - list 88 | - watch 89 | - create 90 | - update 91 | - patch 92 | - delete 93 | - apiGroups: 94 | - policy 95 | resources: 96 | - poddisruptionbudgets 97 | verbs: 98 | - get 99 | - list 100 | - watch 101 | - create 102 | - update 103 | - patch 104 | - delete 105 | - apiGroups: 106 | - coordination.k8s.io 107 | resources: 108 | - leases 109 | verbs: 110 | - get 111 | - list 112 | - watch 113 | - create 114 | - update 115 | - patch 116 | - delete 117 | - apiGroups: 118 | - events.k8s.io 119 | - "" 120 | resources: 121 | - events 122 | verbs: 123 | - create 124 | - patch 125 | - get 126 | - list 127 | - watch 128 | - apiGroups: 129 | - certmanager.k8s.io 130 | - cert-manager.io 131 | resources: 132 | - issuers 133 | - certificates 134 | verbs: 135 | - get 136 | - list 137 | - watch 138 | - create 139 | - update 140 | - patch 141 | - delete 142 | - deletecollection 143 | {{- end }} 144 | -------------------------------------------------------------------------------- /charts/pxc-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for pxc-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | operatorImageRepository: percona/percona-xtradb-cluster-operator 8 | imagePullPolicy: IfNotPresent 9 | image: "" 10 | 11 | # set if you want to specify a namespace to watch 12 | # defaults to `.Release.namespace` if left blank 13 | # multiple namespaces can be specified and separated by comma 14 | # watchNamespace: 15 | # set if you want that watched namespaces are created by helm 16 | # createNamespace: false 17 | 18 | # set if operator should be deployed in cluster wide mode. defaults to false 19 | watchAllNamespaces: false 20 | 21 | # rbac: settings for deployer RBAC creation 22 | rbac: 23 | # rbac.create: if false RBAC resources should be in place 24 | create: true 25 | 26 | # serviceAccount: settings for Service Accounts used by the deployer 27 | serviceAccount: 28 | # serviceAccount.create: Whether to create the Service Accounts or not 29 | create: true 30 | 31 | # set if you want to use a different operator name 32 | # defaults to `percona-xtradb-cluster-operator` 33 | # operatorName: 34 | 35 | imagePullSecrets: [] 36 | nameOverride: "" 37 | fullnameOverride: "" 38 | 39 | resources: 40 | # We usually recommend not to specify default resources and to leave this as a conscious 41 | # choice for the user. This also increases chances charts run on environments with little 42 | # resources, such as Minikube. If you don't want to specify resources, comment the following 43 | # lines and add the curly braces after 'resources:'. 44 | limits: 45 | cpu: 200m 46 | memory: 500Mi 47 | requests: 48 | cpu: 100m 49 | memory: 20Mi 50 | 51 | containerSecurityContext: {} 52 | 53 | nodeSelector: {} 54 | 55 | tolerations: [] 56 | 57 | affinity: {} 58 | 59 | podAnnotations: {} 60 | 61 | logStructured: false 62 | logLevel: "INFO" 63 | disableTelemetry: false 64 | 65 | extraEnvVars: [] 66 | # - name: http_proxy 67 | # value: "example-proxy-http" 68 | # - name: https_proxy 69 | # value: "example-proxy-https" 70 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Percona Percona Helm Charts Code of Conduct 2 | 3 | All Percona Products follow the [Percona Community Code of Conduct](https://github.com/percona/community/blob/main/content/contribute/coc.md). 4 | 5 | If you notice any unacceptable behavior, let us know as soon as possible by writing to . We will respond within 48 hours. 6 | 7 | 8 | --------------------------------------------------------------------------------