From ffbc588266852eb70449bcc284cdf459220b4d4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Fri, 26 Sep 2025 15:24:53 +0200 Subject: [PATCH] feat: Add Mariadb Operator --- helmfile.d/mariadb-operator.yaml.gotmpl | 43 ++++++++++++ values/argo/manifests/sys-project.yaml | 1 + .../mariadb-operator/env-oceanbox.yaml.gotmpl | 3 + values/mariadb-operator/env.yaml.gotmpl | 3 + .../manifests/mariadb-operator.yaml | 66 +++++++++++++++++++ .../CiliumNetworkPolicy-allow-api-server.yaml | 14 ++++ ...umNetworkPolicy-allow-host-to-mariadb.yaml | 14 ++++ ...etworkPolicy-allow-prometheus-metrics.yaml | 19 ++++++ ...workPolicy-allow-remote-node-webhooks.yaml | 20 ++++++ .../mariadb-operator/values/values-prod.yaml | 14 ++++ 10 files changed, 197 insertions(+) create mode 100644 helmfile.d/mariadb-operator.yaml.gotmpl create mode 100644 values/mariadb-operator/env-oceanbox.yaml.gotmpl create mode 100644 values/mariadb-operator/env.yaml.gotmpl create mode 100644 values/mariadb-operator/manifests/mariadb-operator.yaml create mode 100644 values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml create mode 100644 values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml create mode 100644 values/mariadb-operator/values/values-prod.yaml diff --git a/helmfile.d/mariadb-operator.yaml.gotmpl b/helmfile.d/mariadb-operator.yaml.gotmpl new file mode 100644 index 00000000..36ee966b --- /dev/null +++ b/helmfile.d/mariadb-operator.yaml.gotmpl @@ -0,0 +1,43 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: mariadb-operator + url: "https://helm.mariadb.com/mariadb-operator" + +commonLabels: + tier: system + +releases: +- name: mariadb-operator + namespace: mariadb-operator + chart: mariadb-operator/mariadb-operator + version: 0.30.0 + condition: mariadb_operator.enabled + values: + - ../values/mariadb-operator/values/mariadb-operator.yaml.gotmpl + - ../values/mariadb-operator/values/mariadb-operator-{{ .Environment.Name }}.yaml.gotmpl + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/mariadb-operator/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: mariadb-operator + chart: manifests + condition: mariadb_operator.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/mariadb-operator/env.yaml.gotmpl + - ../values/mariadb-operator/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/mariadb-operator/manifests + - manifests diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index a0b9f5f3..70f79a38 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -97,6 +97,7 @@ spec: - https://grafana.github.io/helm-charts - https://charts.enix.io - https://helm.mariadb.com/mariadb-operator + - https://helm.mariadb.com - https://helm.cilium.io - https://chartmuseum.github.io/charts - https://dapr.github.io/helm-charts diff --git a/values/mariadb-operator/env-oceanbox.yaml.gotmpl b/values/mariadb-operator/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..5b54de89 --- /dev/null +++ b/values/mariadb-operator/env-oceanbox.yaml.gotmpl @@ -0,0 +1,3 @@ +mariadb_operator: + enabled: true + autosync: false diff --git a/values/mariadb-operator/env.yaml.gotmpl b/values/mariadb-operator/env.yaml.gotmpl new file mode 100644 index 00000000..9ca5beb5 --- /dev/null +++ b/values/mariadb-operator/env.yaml.gotmpl @@ -0,0 +1,3 @@ +mariadb_operator: + enabled: false + autosync: false diff --git a/values/mariadb-operator/manifests/mariadb-operator.yaml b/values/mariadb-operator/manifests/mariadb-operator.yaml new file mode 100644 index 00000000..56868efd --- /dev/null +++ b/values/mariadb-operator/manifests/mariadb-operator.yaml @@ -0,0 +1,66 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mariadb-operator + namespace: argocd +spec: + destination: + namespace: mariadb-operator + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: default + - name: HELMFILE_FILE_PATH + value: mariadb-operator.yaml.gotmpl + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true + {{- if .Values.mariadb_operator.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mariadb-crd + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1" + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: mariadb-operator + server: 'https://kubernetes.default.svc' + source: + repoURL: 'https://helm.mariadb.com' + targetRevision: '0.30.0' + chart: mariadb-operator-crds + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + automated: {} + syncOptions: + - ServerSideApply=true + - CreateNamespace=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..0ba72bdd --- /dev/null +++ b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: mariadb-operator +spec: + egress: + - toEntities: + - kube-apiserver + endpointSelector: + matchLabels: + app.kubernetes.io/instance: mariadb-operator +{{- end}} diff --git a/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml new file mode 100644 index 00000000..4f017202 --- /dev/null +++ b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-to-mariadb + namespace: mariadb-operator +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: mariadb-operator + ingress: + - fromEntities: + - host +{{- end}} diff --git a/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..0125a936 --- /dev/null +++ b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,19 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: mariadb-operator +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: mariadb-operator + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + toPorts: + - ports: + - port: "8080" + protocol: TCP +{{- end}} diff --git a/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml new file mode 100644 index 00000000..ea7a7f3e --- /dev/null +++ b/values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: mariadb-operator +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + toPorts: + - ports: + - port: "443" + protocol: TCP + - port: "9443" + protocol: TCP +{{- end}} diff --git a/values/mariadb-operator/values/values-prod.yaml b/values/mariadb-operator/values/values-prod.yaml new file mode 100644 index 00000000..2e287597 --- /dev/null +++ b/values/mariadb-operator/values/values-prod.yaml @@ -0,0 +1,14 @@ +ha: + enabled: false +metrics: + enabled: true + serviceMonitor: + additionalLabels: + release: prometheus + enabled: true +webhook: + certificate: + certManager: false + serviceMonitor: + additionalLabels: + release: prometehus