helm: Add pxc-operator as optional dependency

In lieu of relying on the zuul-operator to install pxc-operator on
demand we can install it using the Helm chart if desired.  This will
help to reduce the access that the zuul-operator requires to function.

This change injects the pxc-operator chart from
https://percona.github.io/percona-helm-charts using version 1.11.0,
which matches the existing template bundle in the operator.  Similarly
to cert-manager, we specify this as a conditional dependency in the
chart specification so as to allow the user to determine if they'd
like to install pxc-operator or not.

NOTE: This dependency is disabled by default as it might be surprising
to the user.

We also include
https://github.com/percona/percona-helm-charts/pull/146 which fixes an
issue in the chart preventing deployment.

Change-Id: I287fa0dd74017b4e50c8039c748c3dda993654a3

helm/zuul-operator/Chart.yaml

@@ -11,4 +11,8 @@ dependencies:
   - name: cert-manager
     version: "1.8.2"
     repository: "https://charts.jetstack.io/charts"
-    condition: cert-manager.enabled
+    condition: cert-manager.enabled
+  - name: pxc-operator
+    version: "1.11.0"
+    repository: "https://percona.github.io/percona-helm-charts"
+    condition: pxc-operator.enabled

helm/zuul-operator/charts/pxc-operator/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/zuul-operator/charts/pxc-operator/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+appVersion: 1.11.0
+description: A Helm chart for Deploying the Percona XtraDB Cluster Operator Kubernetes
+name: pxc-operator
+home: https://www.percona.com/doc/kubernetes-operator-for-pxc/kubernetes.html
+version: 1.11.0
+maintainers:
+  - name: cap1984
+    email: ivan.pylypenko@percona.com
+  - name: tplavcic
+    email: tomislav.plavcic@percona.com
+  - name: nmarukovich
+    email: natalia.marukovich@percona.com
+icon: https://artifacthub.io/image/0b8875cd-6661-4269-9cf6-0fd92d59017b@1x

helm/zuul-operator/charts/pxc-operator/LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright 2019 Paul Czarkowski <username.taken@gmail.com>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

helm/zuul-operator/charts/pxc-operator/README.md

@@ -0,0 +1,53 @@
+# Percona Operator For MySQL
+
+[Percona XtraDB Cluster (PXC)](https://www.percona.com/doc/percona-xtradb-cluster/LATEST/index.html) is a database clustering solution for MySQL. Percona Operator For MySQL allows users to deploy and manage Percona XtraDB Clusters on Kubernetes.
+
+Useful links
+* [Operator Github repository](https://github.com/percona/percona-xtradb-cluster-operator)
+* [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html)
+
+## Pre-requisites
+* Kubernetes 1.20+
+* Helm v3
+
+# Installation
+
+This chart will deploy the Operator Pod for the further Percona XtraDB Cluster creation in Kubernetes.
+
+## Installing the Chart
+To install the chart with the `pxc` release name using a dedicated namespace (recommended):
+
+```sh
+helm repo add percona https://percona.github.io/percona-helm-charts/
+helm install my-operator percona/pxc-operator --version 1.11.0 --namespace my-namespace
+```
+
+The chart can be customized using the following configurable parameters:
+
+| Parameter                       | Description                                                             | Default                                          |
+| ------------------------------- | ------------------------------------------------------------------------| -------------------------------------------------|
+| `image`                         | PXC Operator Container image full path                                  | `percona/percona-xtradb-cluster-operator:1.11.0` |
+| `imagePullPolicy`               | PXC Operator Container pull policy                                      | `Always`                                         |
+| `imagePullSecrets`              | PXC Operator Pod pull secret                                            | `[]`                                             |
+| `replicaCount`                  | PXC Operator Pod quantity                                               | `1`                                              |
+| `tolerations`                   | List of node taints to tolerate                                         | `[]`                                             |
+| `resources`                     | Resource requests and limits                                            | `{}`                                             |
+| `nodeSelector`                  | Labels for Pod assignment                                               | `{}`                                             |
+
+Specify parameters using `--set key=value[,key=value]` argument to `helm install`
+
+Alternatively a YAML file that specifies the values for the parameters can be provided like this:
+
+```sh
+helm install pxc-operator -f values.yaml percona/pxc-operator
+```
+
+## Deploy the database
+
+To deploy Percona XtraDB Cluster run the following command:
+
+```sh
+helm install my-db percona/pxc-db
+```
+
+See more about Percona XtraDB Cluster in its chart [here](https://github.com/percona/percona-helm-charts/blob/main/charts/pxc-db) or in the [Helm chart installation guide](https://www.percona.com/doc/kubernetes-operator-for-pxc/helm.html).

helm/zuul-operator/charts/pxc-operator/templates/NOTES.txt

@@ -0,0 +1,5 @@
+1. pxc-operator deployed.
+  If you would like to deploy an pxc-cluster set cluster.enabled to true in values.yaml
+  Check the pxc-operator logs
+    export POD=$(kubectl get pods -l app.kubernetes.io/name={{ template "pxc-operator.name" . }} --namespace {{ .Release.Namespace }} --output name)
+    kubectl logs $POD --namespace={{ .Release.Namespace }}

helm/zuul-operator/charts/pxc-operator/templates/_helpers.tpl

@@ -0,0 +1,56 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "pxc-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "pxc-operator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "pxc-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "pxc-operator.labels" -}}
+app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
+helm.sh/chart: {{ include "pxc-operator.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Functions returns image URI according to parameters set
+*/}}
+{{- define "pxc-operator.image" -}}
+{{- if .Values.image }}
+{{- .Values.image }}
+{{- else }}
+{{- printf "%s:%s" .Values.operatorImageRepository .Chart.AppVersion }}
+{{- end }}
+{{- end -}}

helm/zuul-operator/charts/pxc-operator/templates/deployment.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "pxc-operator.fullname" . }}
+  labels:
+{{ include "pxc-operator.labels" . | indent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: operator
+      app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/part-of: {{ include "pxc-operator.name" . }}
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: operator
+        app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/part-of: {{ include "pxc-operator.name" . }}
+    spec:
+      serviceAccountName: {{ include "pxc-operator.fullname" . }}
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      terminationGracePeriodSeconds: 600
+      containers:
+        - name: percona-xtradb-cluster-operator
+          image: {{ include "pxc-operator.image" . }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          ports:
+          - containerPort: 8080
+            name: metrics
+            protocol: TCP
+          command:
+          - percona-xtradb-cluster-operator
+          env:
+            - name: WATCH_NAMESPACE
+              {{- if .Values.watchAllNamespaces }}
+              value: ""
+              {{- else }}
+              value: "{{ default .Release.Namespace .Values.watchNamespace }}"
+              {{- end }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: {{ include "pxc-operator.fullname" . }}
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /metrics
+              port: metrics
+              scheme: HTTP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- if .Values.watchAllNamespaces }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "pxc-operator.name" . }}
+  labels:
+    name: {{ include "pxc-operator.name" . }}
+spec:
+  ports:
+    - port: 443
+      targetPort: 9443
+  selector:
+    app.kubernetes.io/name: {{ include "pxc-operator.name" . }}
+{{- end }}

helm/zuul-operator/charts/pxc-operator/templates/namespace.yaml

@@ -0,0 +1,6 @@
+{{ if .Values.watchNamespace }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.watchNamespace }}
+{{ end }}

helm/zuul-operator/charts/pxc-operator/templates/role-binding.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "pxc-operator.fullname" . }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: percona-xtradb-cluster-operator
+---
+{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
+kind: ClusterRoleBinding
+{{- else }}
+kind: RoleBinding
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "pxc-operator.fullname" . }}
+  {{- if .Values.watchNamespace }}
+  namespace: {{ .Values.watchNamespace }}
+  {{- end }}
+  labels:
+{{ include "pxc-operator.labels" . | indent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "pxc-operator.fullname" . }}
+  {{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+roleRef:
+  {{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
+  kind: ClusterRole
+  {{- else }}
+  kind: Role
+  {{- end }}
+  name: {{ include "pxc-operator.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io

helm/zuul-operator/charts/pxc-operator/templates/role.yaml

@@ -0,0 +1,133 @@
+{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
+kind: ClusterRole
+{{- else }}
+kind: Role
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "pxc-operator.fullname" . }}
+  labels:
+{{ include "pxc-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - pxc.percona.com
+  resources:
+  - perconaxtradbclusters
+  - perconaxtradbclusters/status
+  - perconaxtradbclusterbackups
+  - perconaxtradbclusterbackups/status
+  - perconaxtradbclusterrestores
+  - perconaxtradbclusterrestores/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+{{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+{{- end }}
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/exec
+  - pods/log
+  - configmaps
+  - services
+  - persistentvolumeclaims
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - certmanager.k8s.io
+  - cert-manager.io
+  resources:
+  - issuers
+  - certificates
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+  - deletecollection

helm/zuul-operator/charts/pxc-operator/values.yaml

@@ -0,0 +1,42 @@
+# Default values for pxc-operator.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+operatorImageRepository: percona/percona-xtradb-cluster-operator
+imagePullPolicy: IfNotPresent
+image: ""
+
+# set if you want to specify a namespace to watch
+# defaults to `.Release.namespace` if left blank
+# watchNamespace:
+
+# set if operator should be deployed in cluster wide mode. defaults to false
+watchAllNamespaces: false
+
+# set if you want to use a different operator name
+# defaults to `percona-xtradb-cluster-operator`
+# operatorName:
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you don't want to specify resources, comment the following
+  # lines and add the curly braces after 'resources:'.
+  limits:
+    cpu: 200m
+    memory: 500Mi
+  requests:
+    cpu: 100m
+    memory: 20Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

helm/zuul-operator/values.yaml

@@ -66,3 +66,6 @@ cert-manager:
 
   startupapicheck:
     enabled: false
+
+pxc-operator:
+  enabled: false