Merge branch 'main' into GITHUB-ISSUE-1847-fix-azure-binlog-upload-fo…

…r-large-files

.github/CODEOWNERS

@@ -1,3 +1,3 @@
-* @hors @egegunes @inelpandzic @pooknull
-/e2e-tests/ @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007
-Jenkinsfile @tplavcic @nmarukovich @ptankov @jvpasinatto @eleo007
+* @hors @egegunes @pooknull @nmarukovich @gkech
+/e2e-tests/ @ptankov @jvpasinatto @eleo007
+Jenkinsfile @ptankov @jvpasinatto @eleo007

.github/linters/go.mod

@@ -1,3 +1,3 @@
 module linters
 
-go 1.13
+go 1.23.4

.github/workflows/reviewdog.yml

@@ -8,7 +8,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.23'
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
@@ -34,7 +34,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.23'
       - run: go install mvdan.cc/sh/v3/cmd/shfmt@latest
       - run: $(go env GOPATH)/bin/shfmt -f . | grep -v 'vendor' | xargs $(go env GOPATH)/bin/shfmt -bn -ci -s -w
       - name: suggester / shfmt
@@ -85,7 +85,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.23'
       - name: check on release branch
         if: ${{ contains(github.head_ref, 'release-') || contains(github.base_ref, 'release-') }}
         run: |

.github/workflows/scan.yml

@@ -31,7 +31,7 @@ jobs:
           ./e2e-tests/build
 
       - name: Run Trivy vulnerability scanner image (linux/arm64)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.29.0
         with:
           image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-arm64'
           format: 'table'
@@ -50,7 +50,7 @@ jobs:
           ./e2e-tests/build
 
       - name: Run Trivy vulnerability scanner image (linux/amd64)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.29.0
         with:
           image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}-amd64'
           format: 'table'

.github/workflows/test.yml

@@ -7,7 +7,7 @@ jobs:
     steps:
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.23'
       - uses: actions/checkout@v4
       - name: go test
         run: make test

Jenkinsfile

@@ -361,7 +361,7 @@ EOF
                             --rm \
                             -v $WORKSPACE/src/github.com/percona/percona-xtradb-cluster-operator:/go/src/github.com/percona/percona-xtradb-cluster-operator \
                             -w /go/src/github.com/percona/percona-xtradb-cluster-operator \
-                            golang:1.22 sh -c '
+                            golang:1.23 sh -c '
                                 go install -mod=readonly github.com/google/go-licenses@latest;
                                 /go/bin/go-licenses csv github.com/percona/percona-xtradb-cluster-operator/cmd/manager \
                                     | cut -d , -f 3 \
@@ -390,7 +390,7 @@ EOF
                             -w /go/src/github.com/percona/percona-xtradb-cluster-operator \
                             -e GO111MODULE=on \
                             -e GOFLAGS='-buildvcs=false' \
-                            golang:1.22 sh -c 'go build -v -o percona-xtradb-cluster-operator github.com/percona/percona-xtradb-cluster-operator/cmd/manager'
+                            golang:1.23 sh -c 'go build -v -o percona-xtradb-cluster-operator github.com/percona/percona-xtradb-cluster-operator/cmd/manager'
                     "
                 '''
 

Makefile

@@ -101,6 +101,10 @@ ENVTEST = $(shell pwd)/bin/setup-envtest
 envtest: ## Download envtest-setup locally if necessary.
 	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
+SWAGGER = $(shell pwd)/bin/swagger
+swagger: ## Download swagger locally if necessary.
+	$(call go-get-tool,$(SWAGGER),github.com/go-swagger/go-swagger/cmd/swagger@latest)
+
 # Prepare release
 CERT_MANAGER_VER := $(shell grep -Eo "cert-manager v.*" go.mod|grep -Eo "[0-9]+\.[0-9]+\.[0-9]+")
 release: manifests
@@ -141,3 +145,16 @@ after-release: manifests
 		-e "/^  backup:/,/^    image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0-backup#}" \
 		-e "/initContainer:/,/image:/{s#image: .*#image: perconalab/percona-xtradb-cluster-operator:main#}" \
 		-e "/^  pmm:/,/^    image:/{s#image: .*#image: perconalab/pmm-client:dev-latest#}" deploy/cr.yaml
+
+VS_BRANCH = main
+version-service-client: swagger
+	curl https://raw.githubusercontent.com/Percona-Lab/percona-version-service/$(VS_BRANCH)/api/version.swagger.yaml \
+		--output ./version.swagger.yaml
+	rm -rf ./version/client
+	mkdir -p ./version/client/models
+	mkdir -p ./version/client/version_service
+	./bin/swagger generate client \
+		-f ./version.swagger.yaml \
+		-c ./version/client \
+		-m ./version/client/models
+	rm ./version.swagger.yaml

README.md

@@ -11,7 +11,7 @@
 
 [Percona Operator for MySQL based on Percona XtraDB Cluster](https://docs.percona.com/percona-operator-for-mysql/pxc/index.html) (PXC) automates the creation and management of highly available, enterprise-ready MySQL database clusters on Kubernetes.
 
-Within the [Percona Operator for MySQL based on Percona XtraDB Cluster](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html) we have implemented our best practices for deployment and configuration Percona XtraDB Cluster instances in a Kubernetes-based environment on-premises or in the cloud. The Operator provides the following capabilities to keep the cluster healthy:
+Within the [Percona Operator for MySQL based on Percona XtraDB Cluster](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html) we have implemented our best practices for deployment and configuration of Percona XtraDB Cluster instances in a Kubernetes-based environment on-premises or in the cloud. The Operator provides the following capabilities to keep the cluster healthy:
 
 * Easy deployment with no single point of failure
 * Load balancing and proxy service with either HAProxy or ProxySQL
@@ -21,8 +21,7 @@ Within the [Percona Operator for MySQL based on Percona XtraDB Cluster](https://
 * Automated Password Rotation – use the standard Kubernetes API to enforce password rotation policies for system user
 * Private container image registries
 
-You interact with Percona Operator mostly via the command line tool. If you feel more comfortable with operating the Operator and database clusters via the web interface, there is [Percona Everest](https://docs.percona.com/everest/index.html) - an open-source web-based database provisioning tool available for you. It automates day-to-day database management operations for you, reducing the overall administrative overhead. [Get started with Percona Everest](https://docs.percona.com/everest/quickstart-guide/quick-install.html).
-
+While the Percona Operator is primarily managed through the command line, you can also use **[Percona Everest](https://docs.percona.com/everest/index.html)** for a web-based user interface. This open-source tool provides a streamlined experience for provisioning and managing your databases, simplifying day-to-day tasks and reducing administrative overhead. Learn more about Percona Everest in the [documentation](https://docs.percona.com/everest/index.html) or jump right in with the [quickstart guide](https://docs.percona.com/everest/quickstart-guide/quick-install.html).
 
 # Architecture
 
@@ -57,41 +56,24 @@ kubectl apply -f https://raw.githubusercontent.com/percona/percona-xtradb-cluste
 
 See full documentation with examples and various advanced cases on [percona.com](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html).
 
+# Need help?
+
+**Commercial Support**  | **Community Support** |
+:-: | :-: |
+| <br/>Enterprise-grade assistance for your mission-critical MySQL deployments with the Percona Operator for MySQL. Get expert guidance for complex tasks like multi-cloud replication, database migration and building platforms.<br/><br/>  | <br/>Connect with our engineers and fellow users for general questions, troubleshooting, and sharing feedback and ideas.<br/><br/>  | 
+| **[Get Percona Support](https://hubs.ly/Q02ZTH940)** | **[Visit our Forum](https://forums.percona.com/c/mysql-mariadb/percona-kubernetes-operator-for-mysql/28)** |
+
 # Contributing
 
 Percona welcomes and encourages community contributions to help improve Percona Operator for MySQL.
 
 See the [Contribution Guide](CONTRIBUTING.md) and [Building and Testing Guide](e2e-tests/README.md) for more information on how you can contribute.
 
-## Communication
-
-We would love to hear from you! Reach out to us on [Forum](https://forums.percona.com/c/mysql-mariadb/percona-kubernetes-operator-for-mysql/28) with your questions, feedback and ideas
-
-# Join Percona Kubernetes Squad!                                                                              
-```                                                                                     
-                    %                        _____                
-                   %%%                      |  __ \                                          
-                 ###%%%%%%%%%%%%*           | |__) |__ _ __ ___ ___  _ __   __ _             
-                ###  ##%%      %%%%         |  ___/ _ \ '__/ __/ _ \| '_ \ / _` |            
-              ####     ##%       %%%%       | |  |  __/ | | (_| (_) | | | | (_| |            
-             ###        ####      %%%       |_|   \___|_|  \___\___/|_| |_|\__,_|           
-           ,((###         ###     %%%        _      _          _____                       _
-          (((( (###        ####  %%%%       | |   / _ \       / ____|                     | | 
-         (((     ((#         ######         | | _| (_) |___  | (___   __ _ _   _  __ _  __| | 
-       ((((       (((#        ####          | |/ /> _ </ __|  \___ \ / _` | | | |/ _` |/ _` |
-      /((          ,(((        *###         |   <| (_) \__ \  ____) | (_| | |_| | (_| | (_| |
-    ////             (((         ####       |_|\_\\___/|___/ |_____/ \__, |\__,_|\__,_|\__,_|
-   ///                ((((        ####                                  | |                  
- /////////////(((((((((((((((((########                                 |_|   Join @ percona.com/k8s   
-```
-
-You can get early access to new product features, invite-only ”ask me anything” sessions with Percona Kubernetes experts, and monthly swag raffles. Interested? Fill in the form at [percona.com/k8s](https://www.percona.com/k8s).
-
-# Roadmap
+## Roadmap
 
 We have a public roadmap which can be found [here](https://github.com/orgs/percona/projects/10). Please feel free to contribute and propose new features by following the roadmap [guidelines](https://github.com/percona/roadmap).
 
-# Submitting Bug Reports
+## Submitting Bug Reports
 
 If you find a bug in Percona Docker Images or in one of the related projects, please submit a report to that project's [JIRA](https://jira.percona.com/browse/K8SPXC) issue tracker or [create a GitHub issue](https://docs.github.com/en/issues/tracking-your-work-with-issues/creating-an-issue#creating-an-issue-from-a-repository) in this repository. 
 

build/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=${BUILDPLATFORM} golang:1.22 AS go_builder
+FROM --platform=${BUILDPLATFORM} golang:1.23 AS go_builder
 WORKDIR /go/src/github.com/percona/percona-xtradb-cluster-operator
 
 COPY go.mod go.sum ./
@@ -31,8 +31,8 @@ RUN GOOS=$GOOS GOARCH=${TARGETARCH} CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFL
     && cp -r build/_output/bin/pitr /usr/local/bin/pitr
 
 RUN GOOS=$GOOS GOARCH=${TARGETARCH} CGO_ENABLED=$CGO_ENABLED GO_LDFLAGS=$GO_LDFLAGS \
-       go build -o build/_output/bin/mysql-state-monitor \
-               cmd/mysql-state-monitor/main.go \
+       go build -ldflags "-w -s -X main.GitCommit=$GIT_COMMIT -X main.GitBranch=$GIT_BRANCH -X main.BuildTime=$BUILD_TIME" \
+            -o build/_output/bin/mysql-state-monitor cmd/mysql-state-monitor/main.go \
     && cp -r build/_output/bin/mysql-state-monitor /usr/local/bin/mysql-state-monitor
 
 # Looking for all possible License/Notice files and copying them to the image

build/liveness-check.sh

@@ -22,7 +22,8 @@ NODE_IP=$(hostname -I | awk ' { print $1 } ')
 #Timeout exists for instances where mysqld may be hung
 TIMEOUT=$((${LIVENESS_CHECK_TIMEOUT:-5} - 1))
 MYSQL_STATE=ready
-if [[ ${MYSQL_VERSION} == '8.0' ]]; then
+MYSQL_VERSION=$(mysqld -V | awk '{print $3}' | awk -F'.' '{print $1"."$2}')
+if [[ ${MYSQL_VERSION} =~ ^(8\.0|8\.4)$ && -f ${MYSQL_STATE_FILE} ]]; then
 	MYSQL_STATE=$(tr -d '\0' < ${MYSQL_STATE_FILE})
 fi
 

build/pxc-configure-pxc.sh

@@ -69,7 +69,7 @@ fi
 
 CFG=/etc/mysql/node.cnf
 MYSQL_VERSION=$(mysqld -V | awk '{print $3}' | awk -F'.' '{print $1"."$2}')
-if [ "$MYSQL_VERSION" == '8.0' ]; then
+if [[ "$MYSQL_VERSION" =~ ^(8\.0|8\.4)$ ]]; then
 	grep -E -q "^[#]?admin-address" "$CFG" || sed '/^\[mysqld\]/a admin-address=\n' ${CFG} 1<>${CFG}
 	grep -E -q "^[#]?log_error_suppression_list" "$CFG" || sed '/^\[mysqld\]/a log_error_suppression_list="MY-010055"\n' ${CFG} 1<>${CFG}
 else

build/pxc-entrypoint.sh

@@ -165,7 +165,7 @@ if [ -f "$vault_secret" ]; then
 	sed -i "/\[mysqld\]/a early-plugin-load=keyring_vault.so" $CFG
 	sed -i "/\[mysqld\]/a keyring_vault_config=$vault_secret" $CFG
 
-	if [ "$MYSQL_VERSION" == '8.0' ]; then
+	if [[ "$MYSQL_VERSION" =~ ^(8\.0|8\.4)$ ]]; then
 		sed -i "/\[mysqld\]/a default_table_encryption=ON" $CFG
 		sed -i "/\[mysqld\]/a table_encryption_privilege_check=ON" $CFG
 		sed -i "/\[mysqld\]/a innodb_undo_log_encrypt=ON" $CFG
@@ -189,12 +189,11 @@ fi
 grep -q "^progress=" $CFG && sed -i "s|^progress=.*|progress=1|" $CFG
 grep -q "^\[sst\]" "$CFG" || printf '[sst]\n' >>"$CFG"
 grep -q "^cpat=" "$CFG" || sed '/^\[sst\]/a cpat=.*\\.pem$\\|.*init\\.ok$\\|.*galera\\.cache$\\|.*wsrep_recovery_verbose\\.log$\\|.*readiness-check\\.sh$\\|.*liveness-check\\.sh$\\|.*get-pxc-state$\\|.*sst_in_progress$\\|.*sleep-forever$\\|.*pmm-prerun\\.sh$\\|.*sst-xb-tmpdir$\\|.*\\.sst$\\|.*gvwstate\\.dat$\\|.*grastate\\.dat$\\|.*\\.err$\\|.*\\.log$\\|.*RPM_UPGRADE_MARKER$\\|.*RPM_UPGRADE_HISTORY$\\|.*pxc-entrypoint\\.sh$\\|.*unsafe-bootstrap\\.sh$\\|.*pxc-configure-pxc\\.sh\\|.*peer-list$\\|.*auth_plugin$\\|.*version_info$\\|.*mysql-state-monitor$\\|.*mysql-state-monitor\\.log$\\|.*notify\\.sock$\\|.*mysql\\.state$' "$CFG" 1<>"$CFG"
-if [[ $MYSQL_VERSION == '8.0' ]]; then
-	if [[ $MYSQL_PATCH_VERSION -ge 26 ]]; then
-		grep -q "^skip_replica_start=ON" "$CFG" || sed -i "/\[mysqld\]/a skip_replica_start=ON" $CFG
-	else
-		grep -q "^skip_slave_start=ON" "$CFG" || sed -i "/\[mysqld\]/a skip_slave_start=ON" $CFG
-	fi
+
+if [[ $MYSQL_VERSION == '8.0' && $MYSQL_PATCH_VERSION -ge 26 ]] || [[ $MYSQL_VERSION == '8.4' ]]; then
+	grep -q "^skip_replica_start=ON" "$CFG" || sed -i "/\[mysqld\]/a skip_replica_start=ON" $CFG
+else
+	grep -q "^skip_slave_start=ON" "$CFG" || sed -i "/\[mysqld\]/a skip_slave_start=ON" $CFG
 fi
 
 auth_plugin=${DEFAULT_AUTHENTICATION_PLUGIN}
@@ -220,7 +219,7 @@ fi
 echo "${auth_plugin}" >/var/lib/mysql/auth_plugin
 
 sed -i "/default_authentication_plugin/d" $CFG
-if [[ $MYSQL_VERSION == '8.0' && $MYSQL_PATCH_VERSION -ge 27 ]]; then
+if [[ $MYSQL_VERSION == '8.0' && $MYSQL_PATCH_VERSION -ge 27 ]] || [[ $MYSQL_VERSION == "8.4" ]]; then
 	sed -i "/\[mysqld\]/a authentication_policy=${auth_plugin},," $CFG
 else
 	sed -i "/\[mysqld\]/a default_authentication_plugin=${auth_plugin}" $CFG
@@ -294,7 +293,8 @@ if [[ -z ${WSREP_CLUSTER_NAME} || ${WSREP_CLUSTER_NAME} == 'noname' ]]; then
 	exit 1
 fi
 
-if [[ -n ${NOTIFY_SOCKET} && ${MYSQL_VERSION} == '8.0' ]]; then
+if [[ -n ${MYSQL_NOTIFY_SOCKET} && ${MYSQL_VERSION} =~ ^(8\.0|8\.4)$ ]]; then
+	export NOTIFY_SOCKET=${MYSQL_NOTIFY_SOCKET}
 	nohup /var/lib/mysql/mysql-state-monitor >/var/lib/mysql/mysql-state-monitor.log 2>&1 < /dev/null &
 fi
 
@@ -327,7 +327,11 @@ if [ -z "$CLUSTER_JOIN" ] && [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
 		echo 'Initializing database'
 		# we initialize database into $TMPDIR because "--initialize-insecure" option does not work if directory is not empty
 		# in some cases storage driver creates unremovable artifacts (see K8SPXC-286), so $DATADIR cleanup is not possible
-		"$@" --initialize-insecure --skip-ssl --datadir="$TMPDIR"
+		if [[ $MYSQL_VERSION == "8.4" ]]; then
+			"$@" --initialize-insecure --datadir="$TMPDIR"
+		else
+			"$@" --initialize-insecure --skip-ssl --datadir="$TMPDIR"
+		fi
 		mv "$TMPDIR"/* "$DATADIR/"
 		rm -rfv "$TMPDIR"
 		echo 'Database initialized'
@@ -385,15 +389,15 @@ if [ -z "$CLUSTER_JOIN" ] && [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
 		file_env 'MONITOR_HOST' 'localhost'
 		file_env 'MONITOR_PASSWORD' 'monitor' 'monitor'
 		file_env 'REPLICATION_PASSWORD' 'replication' 'replication'
-		if [ "$MYSQL_VERSION" == '8.0' ]; then
+		if [[ "$MYSQL_VERSION" =~ ^(8\.0|8\.4)$ ]]; then
 			read -r -d '' monitorConnectGrant <<-EOSQL || true
 				GRANT SERVICE_CONNECTION_ADMIN ON *.* TO 'monitor'@'${MONITOR_HOST}';
 			EOSQL
 		fi
 
 		# SYSTEM_USER since 8.0.16
 		# https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_system-user
-		if [[ $MYSQL_VERSION == "8.0" ]] && ((MYSQL_PATCH_VERSION >= 16)); then
+		if [[ $MYSQL_VERSION == "8.0" ]] && ((MYSQL_PATCH_VERSION >= 16)) || [[ $MYSQL_VERSION == "8.4" ]]; then
 			read -r -d '' systemUserGrant <<-EOSQL || true
 				GRANT SYSTEM_USER ON *.* TO 'monitor'@'${MONITOR_HOST}';
 			EOSQL
@@ -518,19 +522,11 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
 		fi
 		set -x
 
-		if [[ ${MYSQL_VERSION} == '8.0' ]]; then
-			mysqlState="startup"
-			while [[ "${mysqlState}" != "ready" ]]; do
-				mysqlState=$(tr -d '\0' < ${MYSQL_STATE_FILE})
-				echo >&2 "MySQL upgrade process in progress..."
-				sleep 1
-			done
-		fi
 		for i in {120..0}; do
 			if echo 'SELECT 1' | "${mysql[@]}" &>/dev/null; then
 				break
 			fi
-
+			echo >&2 "MySQL upgrade process in progress..."
 			sleep 1
 		done
 		if [ "$i" = 0 ]; then

build/readiness-check.sh

@@ -16,11 +16,6 @@ MYSQL_PASSWORD="${mysql_pass:-$MONITOR_PASSWORD}"
 DEFAULTS_EXTRA_FILE=${DEFAULTS_EXTRA_FILE:-/etc/my.cnf}
 AVAILABLE_WHEN_DONOR=${AVAILABLE_WHEN_DONOR:-1}
 NODE_IP=$(hostname -I | awk ' { print $1 } ')
-MYSQL_STATE=ready
-if [[ ${MYSQL_VERSION} == '8.0' ]]; then
-	MYSQL_STATE=$(tr -d '\0' < ${MYSQL_STATE_FILE})
-fi
-
 #Timeout exists for instances where mysqld may be hung
 TIMEOUT=$((${READINESS_CHECK_TIMEOUT:-10} - 1))
 
@@ -40,8 +35,7 @@ WSREP_STATUS=($(MYSQL_PWD="${MYSQL_PASSWORD}" $MYSQL_CMDLINE --init-command="SET
 	sed -n -e '2p' -e '5p' | tr '\n' ' '))
 set -x
 
-if [[ "${MYSQL_STATE}" == "ready" && ${WSREP_STATUS[1]} == 'Primary' &&
-	(${WSREP_STATUS[0]} -eq 4 || (${WSREP_STATUS[0]} -eq 2 && $AVAILABLE_WHEN_DONOR -eq 1)) ]]; then
+if [[ ${WSREP_STATUS[1]} == 'Primary' && (${WSREP_STATUS[0]} -eq 4 || (${WSREP_STATUS[0]} -eq 2 && $AVAILABLE_WHEN_DONOR -eq 1)) ]]; then
 	exit 0
 else
 	exit 1