feat: Add Mariadb Operator

helmfile.d/mariadb-operator.yaml.gotmpl

@@ -0,0 +1,43 @@
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+- name: mariadb-operator
+  url: "https://helm.mariadb.com/mariadb-operator"
+
+commonLabels:
+  tier: system
+
+releases:
+- name: mariadb-operator
+  namespace: mariadb-operator
+  chart: mariadb-operator/mariadb-operator
+  version: 0.30.0
+  condition: mariadb_operator.enabled
+  values:
+  - ../values/mariadb-operator/values/mariadb-operator.yaml.gotmpl
+  - ../values/mariadb-operator/values/mariadb-operator-{{ .Environment.Name }}.yaml.gotmpl
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/mariadb-operator/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: manifests
+  namespace: mariadb-operator
+  chart: manifests
+  condition: mariadb_operator.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/env.yaml
+  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
+  - ../values/mariadb-operator/env.yaml.gotmpl
+  - ../values/mariadb-operator/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/mariadb-operator/manifests
+    - manifests

values/argo/manifests/sys-project.yaml

@@ -97,6 +97,7 @@ spec:
   - https://grafana.github.io/helm-charts
   - https://charts.enix.io
   - https://helm.mariadb.com/mariadb-operator
+  - https://helm.mariadb.com
   - https://helm.cilium.io
   - https://chartmuseum.github.io/charts
   - https://dapr.github.io/helm-charts

values/mariadb-operator/env-oceanbox.yaml.gotmpl

@@ -0,0 +1,3 @@
+mariadb_operator:
+  enabled: true
+  autosync: false

values/mariadb-operator/env.yaml.gotmpl

@@ -0,0 +1,3 @@
+mariadb_operator:
+  enabled: false
+  autosync: false

values/mariadb-operator/manifests/mariadb-operator.yaml

@@ -0,0 +1,66 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mariadb-operator
+  namespace: argocd
+spec:
+  destination:
+    namespace: mariadb-operator
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfile.d
+    plugin:
+      name: helmfile-cmp
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+      - name: HELMFILE_ENVIRONMENT
+        value: default
+      - name: HELMFILE_FILE_PATH
+        value: mariadb-operator.yaml.gotmpl
+  project: sys
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: sys
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      - ServerSideApply=true
+    {{- if .Values.mariadb_operator.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mariadb-crd
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: mariadb-operator
+    server: 'https://kubernetes.default.svc'
+  source:
+    repoURL: 'https://helm.mariadb.com'
+    targetRevision: '0.30.0'
+    chart: mariadb-operator-crds
+  project: sys
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: sys
+    automated: {}
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+{{- end }}

values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-api-server
+  namespace: mariadb-operator
+spec:
+  egress:
+    - toEntities:
+        - kube-apiserver
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: mariadb-operator
+{{- end}}

values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-host-to-mariadb
+  namespace: mariadb-operator
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: mariadb-operator
+  ingress:
+    - fromEntities:
+        - host
+{{- end}}

values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-prometheus-metrics
+  namespace: mariadb-operator
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: mariadb-operator
+  ingress:
+    - fromEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: prometheus
+      toPorts:
+        - ports:
+            - port: "8080"
+              protocol: TCP
+{{- end}}

values/mariadb-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-remote-node-webhooks
+  namespace: mariadb-operator
+spec:
+  endpointSelector:
+    matchLabels: {}
+  ingress:
+    - fromEntities:
+        - kube-apiserver
+        - remote-node
+      toPorts:
+        - ports:
+            - port: "443"
+              protocol: TCP
+            - port: "9443"
+              protocol: TCP
+{{- end}}

values/mariadb-operator/values/values-prod.yaml

@@ -0,0 +1,14 @@
+ha:
+  enabled: false
+metrics:
+  enabled: true
+  serviceMonitor:
+    additionalLabels:
+      release: prometheus
+    enabled: true
+webhook:
+  certificate:
+    certManager: false
+  serviceMonitor:
+    additionalLabels:
+      release: prometehus