EVEREST-1511 | Everest Helm chart

.github/CODEOWNERS

@@ -1,2 +1,3 @@
 * @hors @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007
 /charts/pmm/ @percona/pmm-review-be  @spron-in
+/charts/everest/ @percona/everest-backend-devs

.github/workflows/release.yaml

@@ -4,6 +4,7 @@ on:
   push:
     path-ignore:
       - 'charts/gcp-marketplace/**'
+      - 'charts/everest/**'
     branches:
       - main
 

.github/workflows/test.yaml

@@ -48,7 +48,7 @@ jobs:
           if [ -n "$OPERATOR_INSTALL" ]; then
             for operator in $OPERATOR_INSTALL; do helm install --namespace default $operator charts/$operator/.; done
           fi
-          ct install --config .github/ct.yaml
+          ct install --config .github/ct.yaml --excluded-charts=everest
           if [ -n "$OPERATOR_INSTALL" ]; then
             for operator in $OPERATOR_INSTALL; do helm uninstall --namespace default $operator; done
           fi

.gitignore

@@ -1,2 +1,3 @@
 .deploy/
 .idea/
+*.tgz

charts/everest/.helmignore

@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+Makefile

charts/everest/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: common
+  repository: file://charts/common
+  version: 0.0.1
+- name: everest-db-namespace
+  repository: file://charts/everest-db-namespace
+  version: 0.0.0
+digest: sha256:c41bc5832c4bf3829a3ceabb7b3fcd2461035cc66986aa0acea8e7b366a6e036
+generated: "2024-10-21T20:53:46.621274+05:30"

charts/everest/Chart.yaml

@@ -0,0 +1,27 @@
+apiVersion: v2
+name: everest
+description: A cloud-native database platform
+version: 0.0.0
+appVersion: 0.0.0
+type: application
+kubeVersion: '>= 1.27.0'
+maintainers:
+  - name: mayankshah1607
+    email: [email protected]
+  - name: oksana-grishchenko
+    email: [email protected]
+  - name: recharte
+    email: [email protected]
+  - name: michal-kralik
+    email: [email protected]
+dependencies:
+  - name: common
+    version: 0.0.1
+    repository: "file://charts/common"
+    # This is not really a dependency, but we define it as one so that we're
+    # able to conditionally disable rendering these manifests along with the core chart manifests.
+    # The default behaviour of Helm is to always include the sub-chart manfiests unless explicitly disabled.
+  - name: everest-db-namespace
+    version: 0.0.0
+    repository: "file://charts/everest-db-namespace"
+    condition: "everest-db-namespace.enabled"

charts/everest/Makefile

@@ -0,0 +1,20 @@
+prepare-chart:
+	CHART_FILES="Chart.yaml ./charts/everest-db-namespace/Chart.yaml"; \
+	for chart in $$CHART_FILES; do \
+		yq eval -i '.version = "${VERSION}"' $$chart; \
+		yq eval -i '.appVersion = "${VERSION}"' $$chart; \
+	done
+	yq eval -i '.server.image = "$(IMAGE_PREFIX)/everest"' values.yaml
+	yq eval -i '.olm.catalogSourceImage = "$(IMAGE_PREFIX)/everest-catalog"' values.yaml
+	yq eval -i '.operator.image = "$(IMAGE_PREFIX)/everest-operator"' values.yaml
+	yq eval -i '(.dependencies[] | select(.name == "everest-db-namespace")).version = "${VERSION}"' Chart.yaml
+
+
+release: IMAGE_PREFIX=percona
+release: prepare-chart
+
+release-dev: IMAGE_PREFIX=perconalab
+release-dev: prepare-chart
+
+docs-gen:
+	docker run --rm -v "$(PWD)/:/helm-docs" -u $(shell id -u) jnorwood/helm-docs:v1.9.1

charts/everest/README.md

@@ -0,0 +1,85 @@
+# Percona Everest
+
+This helm chart deploys Percona Everest.
+
+Useful links:
+- [Percona Everest Documentation](https://docs.percona.com/everest/index.html)
+- [Percona Everest GitHub](https://github.com/percona/everest)
+
+> :warning: Note: This chart is currently in technical preview.
+Future releases could potentially introduce breaking changes, and we cannot promise a migration path. We do not recommend using this in production environment,
+but if you do so, please be aware of the risks.
+
+## Usage
+
+### Deploy Percona Everest
+
+```sh
+helm repo add percona https://percona.github.io/percona-helm-charts/
+helm install everest-core percona/everest --namespace everest-system --create-namespace
+```
+
+> Note: we currently do not support deploying Everest in a namespace other than `everest-system`.
+
+This command may take a few minutes to complete. Once done, you can retrieve the admin credentials using the following command:
+
+```sh
+kubectl get secret everest-accounts -n everest-system -o jsonpath='{.data.users\.yaml}' | base64 --decode  | yq '.admin.passwordHash'
+```
+
+### Deploy your database namespace components
+
+Once Everest is running, we need to create a namespace for your databases and provision the necessary operators.
+
+```sh
+cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: everest
+  labels:
+    app.kubernetes.io/managed-by: everest
+EOF
+helm install everest percona/everest-db-namespace --namespace everest
+```
+
+### Uninstalling
+
+As a first step, you must always clean up your database namespace(s) first, otherwise the deletion could get stuck.
+```sh
+helm uninstall everest -n everest
+kubectl delete ns everest
+```
+
+Then you can uninstall Everest itself:
+```sh
+helm uninstall everest-core -n everest-system
+kubectl delete ns everest-system
+```
+
+## Configuration
+
+The following table shows the configurable parameters of the Percona Everest chart and their default values.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| everest-db-namespace.enabled | bool | `false` | Do not enable. |
+| monitoring.namespace | string | `"everest-monitoring"` | Namespace where monitoring is installed. Do no change unless you know what you are doing. |
+| namespaceOverride | string | `""` | Namespace override. Defaults to the value of .Release.Namespace. |
+| olm.catalogSourceImage | string | `"perconalab/everest-catalog"` | Image to use for Everest CatalogSource. |
+| olm.image | string | `"quay.io/operator-framework/olm@sha256:1b6002156f568d722c29138575733591037c24b4bfabc67946f268ce4752c3e6"` | Image to use for the OLM components. |
+| olm.namespace | string | `"everest-olm"` | Namespace where OLM is installed. Do no change unless you know what you are doing. |
+| olm.packageserver.tls.caCert | string | `""` | CA certificate for the PackageServer APIService. Overrides the tls.type setting. |
+| olm.packageserver.tls.tlsCert | string | `""` | Client certificate for the PackageServer APIService. Overrides the tls.type setting. |
+| olm.packageserver.tls.tlsKey | string | `""` | Client key for the PackageServer APIService. Overrides the tls.type setting. |
+| olm.packageserver.tls.type | string | `"helm"` | Type of TLS certificates. Supported values are "helm" and "cert-manager". For production setup, it is recommended to use "cert-manager". |
+| operator.enableLeaderElection | bool | `true` | Enable leader election for the operator. |
+| operator.healthProbeAddr | string | `":8081"` | Health probe address for the operator. |
+| operator.image | string | `"perconalab/everest-operator"` | Image to use for the Everest operator container. |
+| operator.metricsAddr | string | `"127.0.0.1:8080"` | Metrics address for the operator. |
+| operator.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"5m","memory":"64Mi"}}` | Resources to allocate for the operator container. |
+| server.image | string | `"perconalab/everest"` | Image to use for the server container. |
+| server.oidc | object | `{}` | OIDC configuration for Everest. |
+| server.rbac | string | `"g, admin, role:admin\n"` | RBAC policy for Everest. |
+| server.resources | object | `{"limits":{"cpu":"200m","memory":"500Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | Resources to allocate for the server container. |
+| telemetry | bool | `true` | If set, enabled sending telemetry information. |

charts/everest/README.md.gotmpl

@@ -0,0 +1,68 @@
+# Percona Everest
+
+This helm chart deploys Percona Everest.
+
+Useful links:
+- [Percona Everest Documentation](https://docs.percona.com/everest/index.html)
+- [Percona Everest GitHub](https://github.com/percona/everest)
+
+> :warning: Note: This chart is currently in technical preview.
+Future releases could potentially introduce breaking changes, and we cannot promise a migration path. We do not recommend using this in production environment,
+but if you do so, please be aware of the risks.
+
+## Usage
+
+### Deploy Percona Everest
+
+```sh
+helm repo add percona https://percona.github.io/percona-helm-charts/
+helm install everest-core percona/everest --namespace everest-system --create-namespace
+```
+
+> Note: we currently do not support deploying Everest in a namespace other than `everest-system`.
+
+This command may take a few minutes to complete. Once done, you can retrieve the admin credentials using the following command:
+
+```sh
+kubectl get secret everest-accounts -n everest-system -o jsonpath='{.data.users\.yaml}' | base64 --decode  | yq '.admin.passwordHash'
+```
+
+### Deploy your database namespace components
+
+Once Everest is running, we need to create a namespace for your databases and provision the necessary operators.
+
+```sh
+cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: everest
+  labels:
+    app.kubernetes.io/managed-by: everest
+EOF
+helm install everest percona/everest-db-namespace --namespace everest
+```
+
+### Uninstalling
+
+As a first step, you must always clean up your database namespace(s) first, otherwise the deletion could get stuck.
+```sh
+helm uninstall everest -n everest
+kubectl delete ns everest
+```
+
+Then you can uninstall Everest itself:
+```sh
+helm uninstall everest-core -n everest-system
+kubectl delete ns everest-system
+```
+
+## Configuration
+
+The following table shows the configurable parameters of the Percona Everest chart and their default values.
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+{{- range .Values }}
+| {{ .Key }} | {{ .Type }} | {{ .Default }} | {{ .AutoDescription }} |
+{{- end }}

charts/everest/charts/common/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/everest/charts/common/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: common
+description: A library chart for Everest containing common resources.
+type: library
+version: 0.0.1
+appVersion: "0.0.1"

charts/everest/charts/common/README.md

@@ -0,0 +1,8 @@
+# common
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
+
+A library chart for Everest containing common resources.
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1)

charts/everest/charts/common/templates/_csv_cleanup.yaml.tpl

@@ -0,0 +1,71 @@
+#
+# @param .namespace     The namespace where the operator is installed
+#
+{{- define "everest.csvCleanup" }}
+{{- $hookName := printf "everest-helm-pre-delete-hook" }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $hookName }}
+  namespace: {{ .namespace }}
+  annotations:
+    "helm.sh/hook-delete-policy": hook-succeeded
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ $hookName }}
+  namespace: {{ .namespace }}
+  annotations:
+    "helm.sh/hook-delete-policy": hook-succeeded
+rules:
+  - apiGroups:
+      - operators.coreos.com
+    resources:
+      - clusterserviceversions
+    verbs:
+      - delete
+      - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $hookName }}
+  namespace: {{ .namespace }}
+  annotations:
+    "helm.sh/hook-delete-policy": hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $hookName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $hookName }}
+    namespace: {{ .namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $hookName }}-{{ randNumeric 6 }}
+  namespace: {{ .namespace }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    spec:
+      containers:
+        - image: bitnami/kubectl:latest
+          name: {{ $hookName }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+              kubectl delete csv -n {{ .namespace }} --all --wait
+      dnsPolicy: ClusterFirst
+      restartPolicy: OnFailure
+      serviceAccount: {{ $hookName }}
+      serviceAccountName: {{ $hookName }}
+      terminationGracePeriodSeconds: 30
+---
+{{- end }}