This repository demonstrates how to install and manage Percona Everest using Argo CD and Helm Charts via GitOps. It includes:
everest-db.yaml: deploys Percona database operatorseverest.yaml: deploys the Everest control planepercona-everest-bootstrap.yaml: the "App of Apps" that orchestrates the platform setup
apps/
βββ everest/
βββ everest-db.yaml
βββ everest.yaml bootstrap/
βββ percona-everest-bootstrap.yaml
Percona Everest is an open-source database-as-a-service platform for Kubernetes. It provides unified deployment and management of Percona PostgreSQL, MySQL, and MongoDB operators via a single UI and API.
Install via official docs or Helm:
helm repo add argo https://argoproj.github.io/argo-helm
helm install argocd argo/argo-cd --namespace argocd --create-namespaceRun:
kubectl apply -f bootstrap/percona-everest-bootstrap.yamlkubectl port-forward svc/everest -n everest-system 8080:8080To retrieve the admin password:
kubectl get secret everest-accounts -n everest-system \
-o jsonpath='{.data.users\.yaml}' | base64 --decode | yq '.admin.passwordHash'This repository demonstrates how to deploy Percona Everest using a GitOps approach with Argo CD. Percona Everest simplifies the deployment and management of Percona database distributions (MongoDB, PostgreSQL, MySQL) on Kubernetes, along with integrated Percona Monitoring and Management (PMM).
Before you begin, ensure you have:
- A running Kubernetes cluster (e.g., Minikube, Kind, GKE, EKS, AKS).
kubectlconfigured to connect to your cluster.- Argo CD installed and configured in your Kubernetes cluster. If not, refer to the Argo CD Installation Guide at the end of this README.
This repository contains Argo CD Application manifests that define how Percona Everest and its database operators should be deployed.
- The
apps/everest.yamldefines the core Everest UI and PMM integration. - The
apps/everest-db.yamldefines the Percona Database Operators. It's configured to automatically approve OLMInstallPlansfor the MongoDB, PostgreSQL, and XtraDB Cluster operators, ensuring a seamless deployment.
-
Deploy the Everest Core Application:
kubectl apply -f apps/everest.yaml -n argocd
-
Deploy the Everest Database Operators Application:
Run the following command to deploy the Everest Database Operators application in ArgoCD:
kubectl apply -f apps/everest-db.yaml -n argocd
By default, the
everest-dbapplication is configured with automatic synchronization settings in ArgoCD:automated: prune: true # Automatically removes outdated resources no longer present in the desired state selfHeal: true # Detects and corrects drift by enforcing the expected resource state
While these settings help maintain consistency by automatically updating and fixing resources, automatic install plan approval is not recommended for production environments.
For production use, it is recommended to review and manually approve InstallPlans to maintain better control over updates and operator versions.
To prevent unintended changes in a production environment, you should disable automatic pruning and self-healing by commenting out the following lines in
everest-db.yaml:# automated: # prune: true # selfHeal: trueIn production environments, automatic updates and corrections can introduce unexpected changes, especially when upgrading operators. To improve stability, manual synchronization management and InstallPlan approvals are recommended. π
If you need more flexibility without fully disabling auto-sync, you can set prune: false to prevent automatic resource deletion.
Run the following command to check for InstallPlans requiring approval:
kubectl get installplans -n everest
If you see an InstallPlan with APPROVAL Manual and APPROVED false, follow the steps below to approve it.
Approving an InstallPlan Find the InstallPlan name and use the following command to approve it manually:
kubectl patch installplan <installplan-name> -n everest --type merge -p '{"spec":{"approved":true}}'Once approved, verify the updated status with:
kubectl get installplans -n everestAfter approval, OLM will continue with the installation process, and the required operators should start running.
-
Monitor Deployment Status:
Argo CD will now start syncing these applications. You can monitor their status using the Argo CD CLI:
argocd app list argocd app get everest argocd app get everest-db
Wait until both applications show
STATUS SyncedandHEALTH Healthy. This might take a few minutes as Kubernetes resources are provisioned and operators start.Here's an overview of the deployed applications in Argo CD:
Fig 1: Argo CD Applications Dashboard showing Everest and Everest-DB are Healthy and Synced.
A detailed view of the Everest-DB application within Argo CD, illustrating the deployed operators:
Fig 2: Detailed view of the Everest-DB application in Argo CD, showing the deployed Percona database operators.
-
Verify Operator Pods:
You can check the deployed operator pods in the
databasesnamespace:kubectl get pods -n databases kubectl get csv -n databases
You should see the operator pods running and their ClusterServiceVersions (CSVs) in a
Succeededphase.
Once the applications are Healthy, you can access the Everest and PMM UIs.
By default, the everest.yaml configures the Everest and PMM services to use LoadBalancer type. This means your cloud provider will attempt to provision external IP addresses for these services.
If you are running on a local cluster (like Minikube/Kind) or if your cloud provider doesn't support LoadBalancer services, you might not get an external IP. In such cases, or if you prefer to access them without an external IP, you can change the service type to ClusterIP in apps/everest.yaml and use kubectl port-forward.
To change the service type:
Edit apps/everest.yaml and modify these lines under helm.parameters:
- name: server.service.type
value: "ClusterIP" # Change from "LoadBalancer"
# ...
- name: pmm.service.type
value: "ClusterIP" # Change from "LoadBalancer"After modifying the file, run kubectl apply -f apps/everest.yaml -n argocd again.
-
Get Everest UI Admin Password:
kubectl get secret everest-accounts -n everest-system -o jsonpath='{.data.users\.yaml}' | base64 --decode | yq '.admin.passwordHash'
-
Get PMM Admin Password:
kubectl get secret pmm-secret -n everest-system -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode
-
Access UIs:
-
If using
LoadBalancer(default):kubectl get svc -n everest-system
Look for the
everestandpmmservices. If they show anEXTERNAL-IP, use that to access the UIs in your browser.- For Everest UI: Navigate to
https://<EXTERNAL-IP_OF_EVEREST_SVC>:8080 - For PMM UI: Navigate to
http://<EXTERNAL-IP_OF_PMM_SVC>(PMM typically uses port 80/443 for UI)
- For Everest UI: Navigate to
-
If using
ClusterIP(or for local access): Usekubectl port-forwardto temporarily expose the services to your local machine.# For Everest UI (adjust ports if necessary) kubectl port-forward svc/everest -n everest-system 8080:8080 # For PMM UI (adjust ports if necessary) kubectl port-forward svc/pmm -n everest-system 8081:80
Then, navigate to
https://localhost:8080for Everest andhttp://localhost:8081for PMM in your browser.
Here's an example of the Percona Everest UI dashboard showing deployed databases:
Fig 3: Percona Everest UI displaying a list of managed database clusters.
And here's a view of the PMM dashboard integrated with Everest:
Fig 4: Percona Monitoring and Management (PMM) dashboard providing insights into monitored database services and instances. -
You're now ready to log into the Percona Everest UI (username admin, password retrieved from everest-accounts secret) and begin deploying and managing your database clusters!
If Argo CD is not yet installed in your Kubernetes cluster, follow these detailed steps.
-
Create the Argo CD Namespace:
kubectl create namespace argocd
-
Install Argo CD Manifests:
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
This will deploy all Argo CD components into the
argocdnamespace. -
Wait for Argo CD Pods to be Ready:
kubectl get pods -n argocd
Wait until all pods show
READY 1/1andSTATUS Running. -
Download the Argo CD CLI:
# For macOS brew install argocd # For Linux (adjust version as needed) curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd rm argocd-linux-amd64
-
Get the Initial Admin Password:
argocd admin initial-password -n argocd # Example output: aBcHjK12XyZSave this password. This password is only for the first login.
-
Access Argo CD UI for Initial Login:
To access the Argo CD web UI for the first time, you'll need its IP address and the initial admin password.
-
Port-Forward (recommended for local setup):
kubectl port-forward svc/argocd-server -n argocd 8080:443
Then, open your browser to
https://localhost:8080. -
Get External IP (if using LoadBalancer/NodePort):
kubectl get svc argocd-server -n argocd
Look for the
EXTERNAL-IPorNODEPORT.
Log in to the Argo CD UI with username
adminand the password you retrieved fromargocd admin initial-password. -
-
Log in to Argo CD CLI:
argocd login localhost:8080 --insecure # Username: admin # Password: <paste_your_initial_password>
-
Update Admin Password (Highly Recommended):
argocd account update-password # Follow the prompts to set a new, strong password. -
Delete Initial Admin Secret (Recommended for enhanced security):
kubectl delete secret argocd-initial-admin-secret -n argocd
-
Configure Argo CD RBAC:
For the
adminuser to manage applications within the Argo CD UI or CLI after the initial setup, you'll need to ensure it has the necessary permissions. This repository includes anargocd-rbac.yamlfile to grant full admin access.kubectl apply -f argocd-rbac.yaml -n argocd
Note: After applying RBAC changes, it's a good practice to re-login to the Argo CD CLI to ensure your session picks up the new permissions.
argocd logout localhost:8080 argocd login localhost:8080 --insecure # Username: admin # Password: <your_new_password>