[ci,dx] Bump MariaDB operator version

[IvanHunters]

Update MariaDB operator to a new version.

[ci,dx] Update MariaDB operator version

What this PR does

Release note

[mariadb] Bump MariaDB operator version

Summary by CodeRabbit

• New Features

  • Support for external MariaDB instances and physical backups management
  • Validation webhook added for physical backups
  • New config option to specify MariaDB image registry/name

• Updates

  • MariaDB operator bumped to 25.10.2
  • Default MariaDB version updated from 11.4 to 11.8
  • Expanded Kubernetes permissions for endpoint slices and volume snapshots
  • Pod metadata label added to MariaDB pods

• Documentation

  • Updated docs links and version badges in charts README

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Chart metadata and defaults for the MariaDB Operator were bumped from 0.38.1 → 25.10.2, MariaDB image defaults updated to 11.8, RBAC rules expanded (endpoints → endpointslices, volumesnapshots, persistentvolumeclaim delete, new custom resources), MutatingWebhook removed and new Validating webhook added for physicalbackups.

Changes

Cohort / File(s)	Summary
Chart Version Updates packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml, packages/system/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/Chart.yaml	Bumped chart version and appVersion and dependency version for mariadb-operator-crds from 0.38.1 → 25.10.2
Documentation & Readme packages/system/mariadb-operator/charts/mariadb-operator/README.md, packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl, packages/system/mariadb-operator/charts/mariadb-operator/templates/NOTES.txt	Updated badges/version text to 25.10.2; fixed docs links (HELM.md→helm.md, QUICKSTART.md→quickstart.md); README values table updated with new fields and image naming
Configuration / Values packages/system/mariadb-operator/charts/mariadb-operator/values.yaml, packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/configmap.yaml	Default config.mariadbDefaultVersion → 11.8; config.mariadbImage → docker-registry1.mariadb.com/library/mariadb:11.8.2; added config.mariadbImageName; added RELATED_IMAGE_MARIADB_NAME to ConfigMap
RBAC Permission Updates packages/system/mariadb-operator/charts/mariadb-operator/templates/cert-controller/rbac.yaml, packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/rbac.yaml, packages/system/mariadb-operator/charts/mariadb-operator/templates/operator/rbac-namespace.yaml	Replaced endpoints/endpoints/restricted with endpointslices/endpointslices/restricted under discovery.k8s.io; added delete on persistentvolumeclaims; added volumesnapshots under snapshot.storage.k8s.io; added externalmariadbs and physicalbackups (including finalizers/status) to k8s.mariadb.com RBAC rules; added some get verbs
Webhook Configuration packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook/config.yaml	Removed MutatingWebhookConfiguration entries; preserved existing validating webhook for backups and added validating webhook for physicalbackups (CREATE/UPDATE)
Application Manifest packages/apps/mysql/templates/mariadb.yaml	Added podMetadata label policy.cozystack.io/allow-to-apiserver: "true" to MariaDB pod spec

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant K8s as Kubernetes API
  participant Webhook as Admission Webhooks
  participant Operator as MariaDB Operator
  note right of Webhook `#bfe3c9`: Mutating webhooks removed
  K8s->>Webhook: Admission request (CREATE/UPDATE)
  alt Validating webhook rules match (backup/physicalbackup)
    Webhook->>K8s: Validate (allow/deny)
  else No matching validating webhook
    Webhook->>K8s: No-op (allow)
  end
  K8s->>Operator: Resource events (create/update)
  Operator->>K8s: Uses RBAC: endpointslices, PVC delete, volumesnapshots, externalmariadbs, physicalbackups

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay extra attention to RBAC files (templates/operator/rbac.yaml, templates/operator/rbac-namespace.yaml, templates/cert-controller/rbac.yaml) for correct apiGroups/resources/verbs.
• Verify webhook removal/addition in templates/webhook/config.yaml aligns with operator admission handlers.
• Confirm config.mariadbImageName wiring to ConfigMap (templates/operator/configmap.yaml) and values defaults.

Possibly related PRs

• [mariadb-operator] Add post-delete job to remove PVCs #1553 — touches PVC cleanup Job and RBAC for PVC delete permissions; directly related to this PR's added persistentvolumeclaims: delete permission.

Suggested labels

enhancement, size:XL

Suggested reviewers

• kvaps
• lllamnyp
• nbykov0

Poem

🐰 A hop from 0.38 to 25.10 I bring,
MariaDB grows, new default bells ring.
Endpointslices replace the old tune,
Webhooks trimmed, validations bloom.
Puff of carrots — RBAC and images in spring!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: updating MariaDB operator from version 0.38.1 to 25.10.2 across chart files, dependencies, configurations, and RBAC permissions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch improvement/mariadb-operator

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7d2250b and f512061.

📒 Files selected for processing (1)

• packages/apps/mysql/templates/mariadb.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build

🔇 Additional comments (1)

packages/apps/mysql/templates/mariadb.yaml (1)

40-42: No issues found — podMetadata label is properly supported by MariaDB operator 25.10.2.

The policy.cozystack.io/allow-to-apiserver label in podMetadata is an established cozystack infrastructure pattern used consistently across 26+ operators in the codebase (postgres, ferretdb, rabbitmq, kafka, seaweedfs, keycloak, and others). The MariaDB Operator supports podMetadata (including labels) in the 25.10.x series, so the implementation is compatible with the upgraded operator version and requires no changes.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @IvanHunters, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a significant upgrade of the MariaDB operator to version "25.10.2". The update encompasses bumping version numbers across Helm chart files, modernizing Kubernetes RBAC permissions to leverage "endpointslices" for service discovery, and expanding the operator's capabilities to manage new custom resources like "ExternalMariaDBs" and "PhysicalBackups", alongside "VolumeSnapshots". Additionally, default MariaDB image configurations have been revised, and the webhook setup has been adjusted to remove a mutating webhook for MariaDBs and introduce a validating webhook for physical backups.

Highlights

• MariaDB Operator Version Bump: The MariaDB operator and its associated Custom Resource Definitions (CRDs) have been upgraded from version "0.38.1" to "25.10.2" across various Helm chart files.
• Kubernetes API Modernization: RBAC roles for both the operator and cert-controller have been updated to utilize "endpointslices" from the "discovery.k8s.io" API group, replacing the older "endpoints" resource from the core API group, aligning with newer Kubernetes networking practices.
• Expanded Resource Support: The operator's RBAC permissions have been extended to include support for new custom resources such as "ExternalMariaDBs" and "PhysicalBackups", as well as "VolumeSnapshots" for storage management.
• MariaDB Image Configuration Updates: The default MariaDB version has been updated from "11.4" to "11.8", and a new "mariadbImageName" configuration option has been introduced to provide more granular control over the MariaDB image.
• Webhook Configuration Refinement: The mutating webhook configuration for MariaDB resources has been removed, and a new validating webhook for "PhysicalBackups" has been added to enforce policies on backup operations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request bumps the MariaDB operator version from 0.38.1 to 25.10.2. This major version change introduces several new features and improvements, such as support for physicalbackups, externalmariadbs, and volumesnapshots. The RBAC rules have been updated accordingly to support these new features. Notably, the operator now migrates from Endpoints to EndpointSlices, which is a good modernization. My review focuses on the RBAC permission changes, specifically the new delete permission for PersistentVolumeClaims.

[gemini-code-assist]

The addition of the delete verb for persistentvolumeclaims grants the operator highly destructive permissions. While this might be necessary for certain lifecycle operations, it increases the risk of accidental data loss. Please ensure this permission is strictly necessary and that the operator's logic handles PVC deletion with extreme care, for example, by making it opt-in or dependent on the PVC's reclaim policy.

[gemini-code-assist]

The addition of the delete verb for persistentvolumeclaims grants the operator highly destructive permissions. While this might be necessary for certain lifecycle operations, it increases the risk of accidental data loss. Please ensure this permission is strictly necessary and that the operator's logic handles PVC deletion with extreme care, for example, by making it opt-in or dependent on the PVC's reclaim policy.

[kvaps]

LGTM