feat: HA chart improvements

[as51340]

Read-only root filesystem change is connected to memgraph/mgconsole#96 because mgconsole uses a history file by default from /home/memgraph/.memgraph. Now, we will use env variable MGCONSOLE_HISTORY_PATH.

The env section is removed because the new default way of setting license key and organisation name will be through secrets. Secrets will not support anymore setting user through env variables, users should manually create users by running Cypher queries on data instances. The current design was not clean enough because env variables were also applied to coordinators which didn't make any sense since coordinators are running without auth.

Fixed the bug when boolean value is passed as label value with nodeSelection enabled.
Fixed the bug with namespace usage in vmagent.

[as51340]

Release notes:
Fixes the bug when boolean value is passed to affinity.dataNodeLabelValue or affinity.coordinatorNodeLabelValue by using quote function on the passed argument. Boolean values are often used with Portworx storage. #227
Fixes the bug with vmagent deployment when both vmagentRemote.namespace and prometheus.namespace aren't specified by defaulting the vmagent.namespace to the release namespace. #227
All StatefulSets now use readOnlyRootFilesystem. Because of that, StatefulSets automatically pass env variables DGL_DOWNLOAD_DIR=/tmp/.dgl, DGLDEFAULTDIR=/tmp/.dgl and MGCONSOLE_HISTORY_PATH=/tmp/.memgraph. Because of this, /tmp is provided as emptyDir scratch space. #227
The chart now auto-appends --bolt-port, --management-port, --coordinator-port, --coordinator-id, --coordinator-hostname, --data-directory, --log-level, --also-log-to-stderr and --log-file from ports.* and commonArgs.{data,coordinators}.logging.*. Setting any of these in data[].args or coordinators[].args causes helm install to fail with a template error. #227
The secrets.enabled, secrets.userKey and secrets.passwordKey values have been removed because
the previous implementation also applied these env variables to coordinators, which run without auth. The memgraph-secrets Secret is now reserved for the license and organization name. #227
The HA chart no longer accepts the license and organization name as plaintext values via env.MEMGRAPH_ENTERPRISE_LICENSE and env.MEMGRAPH_ORGANIZATION_NAME. Both values are now read from a Kubernetes Secret referenced via secretKeyRef, and the secret must exist before you run
helm install — the StatefulSets will fail to start otherwise. The previous
env.* values have been removed from values.yaml. #227
Added new configuration value coreDumpsImage.repository, coreDumpsImage.tag, coreDumpsImage.pullPolicy, prometheus.extraVolumes, prometheus.extraVolumeMounts, commonArgs.data.logging.log_level, commonArgs.data.logging.also_log_to_stderr, commonArgs.data.logging.log_file, commonArgs.coordinators.logging.log_level, commonArgs.coordinators.logging.also_log_to_stderr, commonArgs.coordinators.logging.log_file. #227

[antejavor]

Here is codex take.

• P1 - Existing HA auth-secret support is broken by reusing secrets for license data. The PR changes secrets to only mean license/org keys in values.yaml#L150
  (

  helm-charts/charts/memgraph-high-availability/values.yaml

  Line 150 in 7484245

  secrets:

  ), and the pods now only inject MEMGRAPH_ENTERPRISE_LICENSE / MEMGRAPH_ORGANIZATION_NAME in
  data.yaml#L181 (

  helm-charts/charts/memgraph-high-availability/templates/data.yaml

  Line 181 in 7484245

  - name: MEMGRAPH_ENTERPRISE_LICENSE

  ) and coordinators.yaml#L184
  (

  helm-charts/charts/memgraph-high-availability/templates/coordinators.yaml

  Line 184 in 7484245

  - name: MEMGRAPH_ENTERPRISE_LICENSE

  ). The old secrets.enabled/userKey/passwordKey path for MEMGRAPH_USER / MEMGRAPH_PASS
  WORD is removed, so existing values either stop setting auth env vars or point the new license lookup at the old auth secret. Use a separate license secret key path or preserve the old auth block.

@as51340 I think this is fine since we are breaking the process.

• P1 - AKS Terraform quick start now deploys a chart that requires a secret Terraform never creates. The AKS README still describes Terraform as the full setup in aks/README.md#L16
  (

  helm-charts/charts/memgraph-high-availability/aks/README.md

  Line 16 in 7484245

  ## Automated setup with Terraform

  ), and the Helm release only reads values_file in aks/main.tf#L82
  (

  helm-charts/charts/memgraph-high-availability/aks/main.tf

  Line 82 in 7484245

  resource "helm_release" "memgraph_ha" {

  ). Since the chart now unconditionally references memgraph-secrets, the advertised terraform apply path
  will leave pods stuck unless the user manually creates the secret first. Add a Kubernetes secret resource/input to Terraform or make the quick start create it before helm_release.

@as51340 I can see you added that.

• P2 - Coordinator defaults lost --storage-snapshot-on-exit=false. Data instances still keep it in values.yaml#L372
  (

  helm-charts/charts/memgraph-high-availability/values.yaml

  Line 372 in 7484245

  args: # Args specific to this instance

  ), but coordinators now have empty args in values.yaml#L387
  (

  helm-charts/charts/memgraph-high-availability/values.yaml

  Line 387 in 7484245

  args: [] # Args specific to this instance

  ) and the template only auto-appends ports/logging in coordinators.yaml#L176
  (

  helm-charts/charts/memgraph-high-availability/templates/coordinators.yaml

  Line 176 in 7484245

  - "--bolt-port={{ $.Values.ports.boltPort }}"

  ). The repo’s default config has snapshot-on-exit enabled, so upgrades change coordin
  ator shutdown behavior while leaving termination grace at 30s. Keep the old coordinator flag or document the behavior change.

@as51340 not sure about this P2 in the end, is this expected?

And few of my comments below (take what you find needed).

[as51340]

@as51340 not sure about this P2 in the end, is this expected?

all good