K8SPS-241: Cluster-wide support (#673)

* Generate cw-* files.

* Fix env var.

* Fix kustomize.

* Regenerate cw files.

* Update deploy_operator test function.

* Get correct client.

* Fix import.

* Check OPERATOR_NS env var in tests.

* Regenerate cw files.

* Remove operator_ns env var for pmm and minio.

* Update tests.

* Update tests.

* Fix test.

* Fix tests.

* remove comment

Author: inelpandzic

Makefile

@@ -108,6 +108,13 @@ manifests: kustomize generate
 	echo "---" >> $(DEPLOYDIR)/operator.yaml
 	cat $(DEPLOYDIR)/crd.yaml $(DEPLOYDIR)/rbac.yaml $(DEPLOYDIR)/operator.yaml > $(DEPLOYDIR)/bundle.yaml
 
+	$(KUSTOMIZE) build config/rbac/cluster/ > $(DEPLOYDIR)/cw-rbac.yaml
+	echo "---" >> $(DEPLOYDIR)/cw-rbac.yaml
+	cd config/manager/cluster && $(KUSTOMIZE) edit set image perconalab/percona-server-mysql-operator=$(IMAGE)
+	$(KUSTOMIZE) build config/manager/cluster/ > $(DEPLOYDIR)/cw-operator.yaml
+	echo "---" >> $(DEPLOYDIR)/cw-operator.yaml
+	cat $(DEPLOYDIR)/crd.yaml $(DEPLOYDIR)/cw-rbac.yaml $(DEPLOYDIR)/cw-operator.yaml > $(DEPLOYDIR)/cw-bundle.yaml
+
 gen-versionservice-client: swagger
 	rm pkg/version/service/version.swagger.yaml
 	curl https://raw.githubusercontent.com/Percona-Lab/percona-version-service/main/api/version.swagger.yaml --output pkg/version/service/version.swagger.yaml

cmd/manager/main.go

@@ -35,7 +35,6 @@ import (
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	metricsServer "sigs.k8s.io/controller-runtime/pkg/metrics/server"
@@ -134,7 +133,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	nsClient := client.NewNamespacedClient(mgr.GetClient(), namespace)
+	nsClient := mgr.GetClient()
 
 	cliCmd, err := clientcmd.NewClient()
 	if err != nil {

config/manager/cluster/controller_manager_config.yaml

@@ -0,0 +1,11 @@
+apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+kind: ControllerManagerConfig
+health:
+  healthProbeBindAddress: :8081
+metrics:
+  bindAddress: 127.0.0.1:8080
+webhook:
+  port: 9443
+leaderElection:
+  leaderElect: true
+  resourceName: 08db2feb.percona.com

config/manager/cluster/kustomization.yaml

@@ -0,0 +1,16 @@
+resources:
+- manager.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+- files:
+  - controller_manager_config.yaml
+  name: percona-server-mysql-operator-config
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: perconalab/percona-server-mysql-operator
+  newName: perconalab/percona-server-mysql-operator
+  newTag: main

config/manager/cluster/manager.yaml

@@ -0,0 +1,61 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: percona-server-mysql-operator
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: percona-server-mysql-operator
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: percona-server-mysql-operator
+    spec:
+      securityContext:
+        runAsNonRoot: true
+      containers:
+      - command:
+        - /usr/local/bin/percona-server-mysql-operator
+        args:
+        - --leader-elect
+        env:
+        - name: LOG_STRUCTURED
+          value: 'false'
+        - name: LOG_LEVEL
+          value: INFO
+        - name: WATCH_NAMESPACE
+          value: ""
+        - name: DISABLE_TELEMETRY
+          value: "false"
+        image: perconalab/percona-server-mysql-operator:main
+        imagePullPolicy: Always
+        name: manager
+        securityContext:
+          allowPrivilegeEscalation: false
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 200m
+            memory: 100Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+      serviceAccountName: percona-server-mysql-operator
+      terminationGracePeriodSeconds: 10

config/rbac/cluster/kustomization copy.yaml

@@ -0,0 +1,14 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+- orchestrator_service_account.yaml
+- orchestrator_role.yaml
+- orchestrator_role_binding.yaml

config/rbac/cluster/kustomization.yaml

@@ -0,0 +1,14 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+- orchestrator_service_account.yaml
+- orchestrator_role.yaml
+- orchestrator_role_binding.yaml

config/rbac/cluster/leader_election_role.yaml

@@ -0,0 +1,37 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: percona-server-mysql-operator-leaderelection
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

config/rbac/cluster/leader_election_role_binding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: percona-server-mysql-operator-leaderelection
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: percona-server-mysql-operator-leaderelection
+subjects:
+- kind: ServiceAccount
+  name: percona-server-mysql-operator

config/rbac/cluster/orchestrator_role.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: percona-server-mysql-operator-orchestrator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
+  - patch
+- apiGroups:
+  - ps.percona.com
+  resources:
+  - perconaservermysqls
+  verbs:
+  - get