chore: Upgrade pxc-operator version (#729)

Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/.github/workflows/pxc.yml b/.github/workflows/pxc.yml
new file mode 100644
index 0000000..d385ca7
--- /dev/null
+++ b/.github/workflows/pxc.yml
@@ -0,0 +1,45 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+name: PXC
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  molecule:
+    runs-on: v3-standard-8
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v4
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          cache: poetry
+
+      - name: Install dependencies
+        run: poetry install --no-interaction --with dev
+
+      - name: Turn off swap
+        run: sudo swapoff -a
+
+      - name: Run Molecule
+        run: poetry run molecule test -s pxc
diff --git a/charts/pxc-operator/Chart.yaml b/charts/pxc-operator/Chart.yaml
index 9113265..8ed6fc3 100644
--- a/charts/pxc-operator/Chart.yaml
+++ b/charts/pxc-operator/Chart.yaml
@@ -1,11 +1,9 @@
 apiVersion: v2
-appVersion: 1.12.0
+appVersion: 1.13.0
 description: A Helm chart for deploying the Percona Operator for MySQL (based on Percona XtraDB Cluster)
 home: https://docs.percona.com/percona-operator-for-mysql/pxc/
 icon: https://artifacthub.io/image/0b8875cd-6661-4269-9cf6-0fd92d59017b@1x
 maintainers:
-- email: ivan.pylypenko@percona.com
-  name: cap1984
 - email: tomislav.plavcic@percona.com
   name: tplavcic
 - email: natalia.marukovich@percona.com
@@ -13,4 +11,4 @@
 - email: sergey.pronin@percona.com
   name: spron-in
 name: pxc-operator
-version: 1.12.0
+version: 1.13.3
diff --git a/charts/pxc-operator/README.md b/charts/pxc-operator/README.md
index 77edfe6..75b4acb 100644
--- a/charts/pxc-operator/README.md
+++ b/charts/pxc-operator/README.md
@@ -7,7 +7,7 @@
 * [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-pxc/index.html)
 
 ## Pre-requisites
-* Kubernetes 1.20+
+* Kubernetes 1.23+
 * Helm v3
 
 # Installation
@@ -19,23 +19,26 @@
 
 ```sh
 helm repo add percona https://percona.github.io/percona-helm-charts/
-helm install my-operator percona/pxc-operator --version 1.12.0 --namespace my-namespace
+helm install my-operator percona/pxc-operator --version 1.13.0 --namespace my-namespace
 ```
 
 The chart can be customized using the following configurable parameters:
 
-| Parameter                       | Description                                                             | Default                                          |
-| ------------------------------- | ------------------------------------------------------------------------| -------------------------------------------------|
-| `image`                         | PXC Operator Container image full path                                  | `percona/percona-xtradb-cluster-operator:1.12.0` |
-| `imagePullPolicy`               | PXC Operator Container pull policy                                      | `Always`                                         |
-| `imagePullSecrets`              | PXC Operator Pod pull secret                                            | `[]`                                             |
-| `replicaCount`                  | PXC Operator Pod quantity                                               | `1`                                              |
-| `tolerations`                   | List of node taints to tolerate                                         | `[]`                                             |
-| `resources`                     | Resource requests and limits                                            | `{}`                                             |
-| `nodeSelector`                  | Labels for Pod assignment                                               | `{}`                                             |
-| `logStructured`                 | Force PXC operator to print JSON-wrapped log messages                   | `false`                                          |
-| `logLevel`                      | PXC Operator logging level                                              | `INFO`                                           |
-| `disableTelemetry`              | Disable sending PXC Operator telemetry data to Percona                  | `false`                                          |
+| Parameter                       | Description                                                                                    | Default                                          |
+| ------------------------------- | -----------------------------------------------------------------------------------------------| -------------------------------------------------|
+| `image`                         | PXC Operator Container image full path                                                         | `percona/percona-xtradb-cluster-operator:1.13.0` |
+| `imagePullPolicy`               | PXC Operator Container pull policy                                                             | `Always`                                         |
+| `containerSecurityContext`      | PXC Operator Container securityContext                                                         | `{}`                                             |
+| `imagePullSecrets`              | PXC Operator Pod pull secret                                                                   | `[]`                                             |
+| `replicaCount`                  | PXC Operator Pod quantity                                                                      | `1`                                              |
+| `tolerations`                   | List of node taints to tolerate                                                                | `[]`                                             |
+| `resources`                     | Resource requests and limits                                                                   | `{}`                                             |
+| `nodeSelector`                  | Labels for Pod assignment                                                                      | `{}`                                             |
+| `logStructured`                 | Force PXC operator to print JSON-wrapped log messages                                          | `false`                                          |
+| `logLevel`                      | PXC Operator logging level                                                                     | `INFO`                                           |
+| `disableTelemetry`              | Disable sending PXC Operator telemetry data to Percona                                         | `false`                                          |
+| `rbac.create`                   | If false RBAC will not be created. RBAC resources will need to be created manually             | `true`                                           |
+| `serviceAccount.create`         | If false the ServiceAccounts will not be created. The ServiceAccounts must be created manually | `true`                                           |
 
 Specify parameters using `--set key=value[,key=value]` argument to `helm install`
 
diff --git a/charts/pxc-operator/crds/crd.yaml b/charts/pxc-operator/crds/crd.yaml
index b3f0a5a..2b65638 100644
--- a/charts/pxc-operator/crds/crd.yaml
+++ b/charts/pxc-operator/crds/crd.yaml
@@ -144,6 +144,8 @@
                 type: string
               vaultSecretName:
                 type: string
+              verifyTLS:
+                type: boolean
             type: object
         type: object
     served: true
@@ -288,6 +290,8 @@
                     type: string
                   vaultSecretName:
                     type: string
+                  verifyTLS:
+                    type: boolean
                 type: object
               pitr:
                 properties:
@@ -373,6 +377,8 @@
                         type: string
                       vaultSecretName:
                         type: string
+                      verifyTLS:
+                        type: boolean
                     type: object
                   date:
                     type: string
@@ -383,6 +389,37 @@
                 type: object
               pxcCluster:
                 type: string
+              resources:
+                properties:
+                  claims:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - name
+                    x-kubernetes-list-type: map
+                  limits:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    type: object
+                  requests:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    type: object
+                type: object
             type: object
           status:
             properties:
@@ -756,6 +793,8 @@
                 type: boolean
               backup:
                 properties:
+                  allowParallel:
+                    type: boolean
                   annotations:
                     additionalProperties:
                       type: string
@@ -780,6 +819,18 @@
                         type: boolean
                       resources:
                         properties:
+                          claims:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
                           limits:
                             additionalProperties:
                               anyOf:
@@ -1326,6 +1377,18 @@
                           type: string
                         resources:
                           properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
                             limits:
                               additionalProperties:
                                 anyOf:
@@ -1426,12 +1489,26 @@
                                       type: string
                                     name:
                                       type: string
+                                    namespace:
+                                      type: string
                                   required:
                                   - kind
                                   - name
                                   type: object
                                 resources:
                                   properties:
+                                    claims:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                        required:
+                                        - name
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-map-keys:
+                                      - name
+                                      x-kubernetes-list-type: map
                                     limits:
                                       additionalProperties:
                                         anyOf:
@@ -2216,6 +2293,18 @@
                     type: string
                   resources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -2284,12 +2373,26 @@
                                   type: string
                                 name:
                                   type: string
+                                namespace:
+                                  type: string
                               required:
                               - kind
                               - name
                               type: object
                             resources:
                               properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
                                 limits:
                                   additionalProperties:
                                     anyOf:
@@ -2390,6 +2493,18 @@
                     type: array
                   sidecarResources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -2622,12 +2737,26 @@
                                           type: string
                                         name:
                                           type: string
+                                        namespace:
+                                          type: string
                                       required:
                                       - kind
                                       - name
                                       type: object
                                     resources:
                                       properties:
+                                        claims:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                         limits:
                                           additionalProperties:
                                             anyOf:
@@ -3468,8 +3597,33 @@
                               format: int32
                               type: integer
                           type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                            - resourceName
+                            - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
                         resources:
                           properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
                             limits:
                               additionalProperties:
                                 anyOf:
@@ -3747,12 +3901,26 @@
                                 type: string
                               name:
                                 type: string
+                              namespace:
+                                type: string
                             required:
                             - kind
                             - name
                             type: object
                           resources:
                             properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                - name
+                                x-kubernetes-list-type: map
                               limits:
                                 additionalProperties:
                                   anyOf:
@@ -3889,6 +4057,18 @@
                     type: string
                   resources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -3988,6 +4168,18 @@
                     type: string
                   resources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -4733,6 +4925,18 @@
                     type: string
                   resources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -4801,12 +5005,26 @@
                                   type: string
                                 name:
                                   type: string
+                                namespace:
+                                  type: string
                               required:
                               - kind
                               - name
                               type: object
                             resources:
                               properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
                                 limits:
                                   additionalProperties:
                                     anyOf:
@@ -4907,6 +5125,18 @@
                     type: array
                   sidecarResources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -5139,12 +5369,26 @@
                                           type: string
                                         name:
                                           type: string
+                                        namespace:
+                                          type: string
                                       required:
                                       - kind
                                       - name
                                       type: object
                                     resources:
                                       properties:
+                                        claims:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                         limits:
                                           additionalProperties:
                                             anyOf:
@@ -5985,8 +6229,33 @@
                               format: int32
                               type: integer
                           type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                            - resourceName
+                            - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
                         resources:
                           properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
                             limits:
                               additionalProperties:
                                 anyOf:
@@ -6264,12 +6533,26 @@
                                 type: string
                               name:
                                 type: string
+                              namespace:
+                                type: string
                             required:
                             - kind
                             - name
                             type: object
                           resources:
                             properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                - name
+                                x-kubernetes-list-type: map
                               limits:
                                 additionalProperties:
                                   anyOf:
@@ -7092,6 +7375,18 @@
                     type: array
                   resources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -7160,12 +7455,26 @@
                                   type: string
                                 name:
                                   type: string
+                                namespace:
+                                  type: string
                               required:
                               - kind
                               - name
                               type: object
                             resources:
                               properties:
+                                claims:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                    required:
+                                    - name
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                  - name
+                                  x-kubernetes-list-type: map
                                 limits:
                                   additionalProperties:
                                     anyOf:
@@ -7266,6 +7575,18 @@
                     type: array
                   sidecarResources:
                     properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
                       limits:
                         additionalProperties:
                           anyOf:
@@ -7498,12 +7819,26 @@
                                           type: string
                                         name:
                                           type: string
+                                        namespace:
+                                          type: string
                                       required:
                                       - kind
                                       - name
                                       type: object
                                     resources:
                                       properties:
+                                        claims:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                            required:
+                                            - name
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-map-keys:
+                                          - name
+                                          x-kubernetes-list-type: map
                                         limits:
                                           additionalProperties:
                                             anyOf:
@@ -8344,8 +8679,33 @@
                               format: int32
                               type: integer
                           type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                            - resourceName
+                            - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
                         resources:
                           properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
                             limits:
                               additionalProperties:
                                 anyOf:
@@ -8623,12 +8983,26 @@
                                 type: string
                               name:
                                 type: string
+                              namespace:
+                                type: string
                             required:
                             - kind
                             - name
                             type: object
                           resources:
                             properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                - name
+                                x-kubernetes-list-type: map
                               limits:
                                 additionalProperties:
                                   anyOf:
diff --git a/charts/pxc-operator/templates/deployment.yaml b/charts/pxc-operator/templates/deployment.yaml
index 5f70d75..69d615d 100644
--- a/charts/pxc-operator/templates/deployment.yaml
+++ b/charts/pxc-operator/templates/deployment.yaml
@@ -2,6 +2,7 @@
 kind: Deployment
 metadata:
   name: {{ include "pxc-operator.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
 {{ include "pxc-operator.labels" . | indent 4 }}
 spec:
@@ -40,6 +41,11 @@
             protocol: TCP
           command:
           - percona-xtradb-cluster-operator
+          {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }}
+          volumeMounts:
+            - name: tmpdir
+              mountPath: /tmp
+          {{- end }}
           env:
             - name: WATCH_NAMESPACE
               {{- if .Values.watchAllNamespaces }}
@@ -67,6 +73,10 @@
               scheme: HTTP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -79,6 +89,11 @@
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+    {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }}
+      volumes:
+        - name: tmpdir
+          emptyDir: {}
+    {{- end }}
 {{- if .Values.watchAllNamespaces }}
 ---
 apiVersion: v1
diff --git a/charts/pxc-operator/templates/namespace.yaml b/charts/pxc-operator/templates/namespace.yaml
index 5de1cbc..6eac7de 100644
--- a/charts/pxc-operator/templates/namespace.yaml
+++ b/charts/pxc-operator/templates/namespace.yaml
@@ -3,4 +3,6 @@
 kind: Namespace
 metadata:
   name: {{ .Values.watchNamespace }}
-{{ end }}
\ No newline at end of file
+  annotations:
+    helm.sh/resource-policy: keep
+{{ end }}
diff --git a/charts/pxc-operator/templates/role-binding.yaml b/charts/pxc-operator/templates/role-binding.yaml
index 43ed7ca..57913f9 100644
--- a/charts/pxc-operator/templates/role-binding.yaml
+++ b/charts/pxc-operator/templates/role-binding.yaml
@@ -1,13 +1,12 @@
+{{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "pxc-operator.fullname" . }}
+  namespace: {{ .Release.Namespace }}
 ---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: percona-xtradb-cluster-operator
----
+{{- end }}
+{{- if .Values.rbac.create }}
 {{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
 kind: ClusterRoleBinding
 {{- else }}
@@ -18,6 +17,8 @@
   name: {{ include "pxc-operator.fullname" . }}
   {{- if .Values.watchNamespace }}
   namespace: {{ .Values.watchNamespace }}
+  {{- else if not .Values.watchAllNamespaces }}
+  namespace: {{ .Release.Namespace }}
   {{- end }}
   labels:
 {{ include "pxc-operator.labels" . | indent 4 }}
@@ -35,3 +36,4 @@
   {{- end }}
   name: {{ include "pxc-operator.fullname" . }}
   apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/charts/pxc-operator/templates/role.yaml b/charts/pxc-operator/templates/role.yaml
index 47c023c..7d3bc46 100644
--- a/charts/pxc-operator/templates/role.yaml
+++ b/charts/pxc-operator/templates/role.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create }}
 {{- if or .Values.watchNamespace .Values.watchAllNamespaces }}
 kind: ClusterRole
 {{- else }}
@@ -6,6 +7,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "pxc-operator.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
 {{ include "pxc-operator.labels" . | indent 4 }}
 rules:
@@ -131,3 +133,4 @@
   - patch
   - delete
   - deletecollection
+{{- end }}
diff --git a/charts/pxc-operator/values.yaml b/charts/pxc-operator/values.yaml
index f6d7d6d..725945f 100644
--- a/charts/pxc-operator/values.yaml
+++ b/charts/pxc-operator/values.yaml
@@ -15,6 +15,16 @@
 # set if operator should be deployed in cluster wide mode. defaults to false
 watchAllNamespaces: false
 
+# rbac: settings for deployer RBAC creation
+rbac:
+  # rbac.create: if false RBAC resources should be in place
+  create: true
+
+# serviceAccount: settings for Service Accounts used by the deployer
+serviceAccount:
+  # serviceAccount.create: Whether to create the Service Accounts or not
+  create: true
+
 # set if you want to use a different operator name
 # defaults to `percona-xtradb-cluster-operator`
 # operatorName:
@@ -35,6 +45,8 @@
     cpu: 100m
     memory: 20Mi
 
+containerSecurityContext: {}
+
 nodeSelector: {}
 
 tolerations: []
diff --git a/molecule/pxc/converge.yml b/molecule/pxc/converge.yml
new file mode 100644
index 0000000..5a69a77
--- /dev/null
+++ b/molecule/pxc/converge.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- hosts: controllers
+  become: true
+  roles:
+    - vexxhost.atmosphere.percona_xtradb_cluster
diff --git a/molecule/pxc/molecule.yml b/molecule/pxc/molecule.yml
new file mode 100644
index 0000000..9514cfb
--- /dev/null
+++ b/molecule/pxc/molecule.yml
@@ -0,0 +1,112 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: ${MOLECULE_SCENARIO_NAME}
+    image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    privileged: true
+    cgroupns_mode: host
+    pre_build_image: true
+    purge_networks: true
+    dns_servers:
+      - 1.1.1.1
+    docker_networks:
+      - name: mgmt
+        ipam_config:
+          - subnet: 10.96.240.0/24
+            gateway: 10.96.240.1
+      - name: public
+        ipam_config:
+          - subnet: 10.96.250.0/24
+            gateway: 10.96.250.1
+    networks:
+      - name: mgmt
+      - name: public
+    published_ports:
+      - 80:80
+      - 443:443
+    security_opts:
+      - apparmor=unconfined
+    volumes:
+      - /dev:/dev
+      - /lib/modules:/lib/modules:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+      - /usr/src:/usr/src:ro
+    groups:
+      - controllers
+      - cephs
+      - computes
+provisioner:
+  name: ansible
+  config_options:
+    connection:
+      pipelining: true
+    tags:
+      skip: >-
+        sysctl,
+        ethtool
+  inventory:
+    group_vars:
+      all:
+        # Ceph
+        ceph_fsid: ${MOLECULE_CEPH_FSID:-"d1f9e453-f13a-4d30-9ab1-e5ae1d87b67f"}
+        ceph_conf_overrides:
+          - section: global
+            option: osd crush chooseleaf type
+            value: 0
+          - section: mon
+            option: auth allow insecure global id reclaim
+            value: false
+        # Kubernetes
+        kubernetes_keepalived_interface: eth0
+        kubernetes_keepalived_vrid: 42
+        kubernetes_keepalived_vip: 10.96.240.10
+        kubernetes_hostname: 10.96.240.10
+        # CNI
+        cilium_helm_values:
+          operator:
+            replicas: 1
+        # CSI
+        csi_driver: ${MOLECULE_CSI_DRIVER:-"local-path-provisioner"}
+        ceph_csi_rbd_helm_values:
+          provisioner:
+            replicaCount: 1
+        # Percona XtraDB Cluster
+        percona_xtradb_cluster_spec:
+          allowUnsafeConfigurations: true
+          pxc:
+            size: 1
+          haproxy:
+            size: 1
+        # Common
+        domain_name: "{{ (lookup('env', 'HOST_IP') | default(ansible_default_ipv4.address, true)).replace('.', '-') }}.nip.io"
+        openstack_helm_endpoints_region_name: RegionOne
+      cephs:
+        ceph_osd_devices:
+          - "/dev/ceph-{{ inventory_hostname_short }}-osd0/data"
+          - "/dev/ceph-{{ inventory_hostname_short }}-osd1/data"
+          - "/dev/ceph-{{ inventory_hostname_short }}-osd2/data"
+  # options:
+  #   inventory: "${MOLECULE_EPHEMERAL_DIRECTORY}/workspace"
+  # inventory:
+  #   links:
+  #     host_vars: "${MOLECULE_SCENARIO_DIRECTORY}/host_vars"
+  #     group_vars: "${MOLECULE_SCENARIO_DIRECTORY}/group_vars"
+verifier:
+  name: ansible
diff --git a/molecule/pxc/prepare.yml b/molecule/pxc/prepare.yml
new file mode 100644
index 0000000..a357642
--- /dev/null
+++ b/molecule/pxc/prepare.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- import_playbook: ../shared/prepare/base.yml
+- import_playbook: ../shared/prepare/kubernetes.yml
+
+- hosts: controllers
+  become: true
+  roles:
+    - role: vexxhost.atmosphere.percona_xtradb_cluster_operator
+    - role: vexxhost.atmosphere.percona_xtradb_cluster
+      vars:
+        atmosphere_images:
+          percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:5.7.39-31.61
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index d14443b..c34cf2e 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -159,9 +159,10 @@
   ovn_ovsdb_nb: quay.io/vexxhost/ovn-central:23.03.0
   ovn_ovsdb_sb: quay.io/vexxhost/ovn-central:23.03.0
   pause: registry.k8s.io/pause:3.8
-  percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.12.0-haproxy
-  percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.12.0
-  percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:5.7.39-31.61
+  percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy
+  percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0
+  percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2
+  percona_version_service: docker.io/perconalab/version-service:main-3325140
   placement_db_sync: quay.io/vexxhost/placement@sha256:ae9a7567e3619440b3a7a58b5ab407c5efad372627c06fb0ab0193a85c9d1c70 # image-source: quay.io/vexxhost/placement:zed
   placement: quay.io/vexxhost/placement@sha256:ae9a7567e3619440b3a7a58b5ab407c5efad372627c06fb0ab0193a85c9d1c70 # image-source: quay.io/vexxhost/placement:zed
   prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.67.1
diff --git a/roles/percona_xtradb_cluster/tasks/main.yml b/roles/percona_xtradb_cluster/tasks/main.yml
index 384b701..647a24a 100644
--- a/roles/percona_xtradb_cluster/tasks/main.yml
+++ b/roles/percona_xtradb_cluster/tasks/main.yml
@@ -30,7 +30,100 @@
             namespace: openstack
           type: Opaque
 
-- name: Create Percona XtraDB cluster
+- name: Check if the Percona XtraDB cluster exists
+  run_once: true
+  block:
+    - name: Check if the Percona XtraDB cluster exists
+      kubernetes.core.k8s_info:
+        api_version: pxc.percona.com/v1
+        kind: PerconaXtraDBCluster
+        name: percona-xtradb
+        namespace: openstack
+      register: _pxc_cluster
+      ignore_errors: true
+
+    - name: Get current status of the cluster
+      ansible.builtin.set_fact:
+        _pxc_version: "{{ _pxc_cluster.resources[0].status.pxc.version }}"
+        _pxc_status: "{{ _pxc_cluster.resources[0].status.state }}"
+      when: ( _pxc_cluster.resources | length==1 )
+
+- name: Do version upgrade
+  run_once: true
+  when:
+    - _pxc_version is defined
+    - _pxc_status is defined
+    - _pxc_version.startswith('5.7')
+    - (atmosphere_images['percona_xtradb_cluster'] | vexxhost.kubernetes.docker_image('tag')).startswith('8.')
+  block:
+    - name: Assert that the cluster is healthy before upgrade
+      run_once: true
+      ansible.builtin.assert:
+        that:
+          - _pxc_status == 'ready'
+        fail_msg: >-
+          The Percona XtraDB Cluster is not healthy. Please fix the cluster manually first before upgrade.
+
+    - name: Stop PXC-operator
+      kubernetes.core.k8s_scale:
+        api_version: v1
+        kind: Deployment
+        name: pxc-operator
+        namespace: openstack
+        replicas: 0
+        wait_timeout: 60
+
+    - name: Change the cluster Statefulset image to 8.0
+      kubernetes.core.k8s_json_patch:
+        api_version: apps/v1
+        kind: StatefulSet
+        namespace: openstack
+        name: percona-xtradb-pxc
+        patch:
+          - op: replace
+            path: /spec/template/spec/containers/0/image
+            value: "{{ atmosphere_images['percona_xtradb_cluster'] | vexxhost.kubernetes.docker_image('ref') }}"
+
+    - name: Wait until the cluster Statefulset rollout
+      kubernetes.core.k8s_info:
+        api_version: apps/v1
+        kind: StatefulSet
+        name: percona-xtradb-pxc
+        namespace: openstack
+      register: _pxc_cluster_sts
+      retries: 120
+      delay: 5
+      until:
+        - _pxc_cluster_sts.resources[0].status.replicas == _pxc_cluster_sts.resources[0].status.readyReplicas
+
+    - name: Update pxc cluster spec
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: pxc.percona.com/v1
+          kind: PerconaXtraDBCluster
+          metadata:
+            name: percona-xtradb
+            namespace: openstack
+          spec:
+            pxc:
+              image: "{{ atmosphere_images['percona_xtradb_cluster'] | vexxhost.kubernetes.docker_image('ref') }}"
+        wait_sleep: 1
+        wait_timeout: 600
+        wait: true
+        wait_condition:
+          type: ready
+          status: true
+
+    - name: Start PXC-operator
+      kubernetes.core.k8s_scale:
+        api_version: v1
+        kind: Deployment
+        name: pxc-operator
+        namespace: openstack
+        replicas: 1
+        wait_timeout: 60
+
+- name: Apply Percona XtraDB cluster
   run_once: true
   kubernetes.core.k8s:
     state: present
diff --git a/roles/percona_xtradb_cluster/vars/main.yml b/roles/percona_xtradb_cluster/vars/main.yml
index 7836fdb..5a99be1 100644
--- a/roles/percona_xtradb_cluster/vars/main.yml
+++ b/roles/percona_xtradb_cluster/vars/main.yml
@@ -1,5 +1,5 @@
 _percona_xtradb_cluster_spec:
-  crVersion: "1.12.0"
+  crVersion: "1.13.0"
   secretsName: percona-xtradb
   pxc:
     size: 3
diff --git a/roles/percona_xtradb_cluster/vars_test.go b/roles/percona_xtradb_cluster/vars_test.go
index 9b0deda..f085563 100644
--- a/roles/percona_xtradb_cluster/vars_test.go
+++ b/roles/percona_xtradb_cluster/vars_test.go
@@ -53,7 +53,7 @@
 func TestPerconaXtraDBClusterPXCSpec(t *testing.T) {
 	assert.Equal(t, int32(3), vars.PerconaXtraDBClusterSpec.PXC.Size)
 	assert.Equal(t, true, *vars.PerconaXtraDBClusterSpec.PXC.AutoRecovery)
-	defaults.AssertAtmosphereImage(t, "docker.io/percona/percona-xtradb-cluster:5.7.39-31.61", vars.PerconaXtraDBClusterSpec.PXC.Image)
+	defaults.AssertAtmosphereImage(t, "docker.io/percona/percona-xtradb-cluster:8.0.32-24.2", vars.PerconaXtraDBClusterSpec.PXC.Image)
 
 	assert.Equal(t, map[string]string{
 		"openstack-control-plane": "enabled",