DM-54393: Add czar external service template and ingest helper tini to Qserv Helm chart

[fritzm]

The Qserv Helm chart requires a czar “external” service template – this provides a place to hang load balancer annotations to permit access to czar http and mysqlproxy ports from outside the k8s cluster. One commit on this PR adds this.

A separate (unrelated) commit here changes the ingest helper template in the chart to use tini as PID 1 in the ingest helper build base container. This provides signal handling so the ingest helper container exits in a timely fashion under k8s.

A third commit adds tini itself to the build base Dockerfile; this commit should drop out when this PR is rebased after DM-54392 merges to main.

[iagaponenko]

LGTM, just a few questions and comments.

[iagaponenko]

You already made this fix as well as set an explicit version of the nlohmann library in the previous PR: #1007

Did you cherry-pick this commit from the other PR?

[fritzm]

Yes. This commit should just drop out when this branch is rebased before merge.

[iagaponenko]

Just for my own education. Is this the version number of the development branch of Qserv? Or, this is the version number of the chart?

[fritzm]

One of each :-)

version is the chart version
appVersion is the wrapped application (Qserv) version

Since our chart is in the application source tree and the two are always tagged/released simultaneously, these will always change in lock-step.

If we split the chart off into its own repo, it might be versioned/released independently of Qserv itself.

In practice, these numbers aren't terribly important, since we aren't doing independent chart releases to chart repositories. But I like to keep them more or less up to date so they aren't outright lies.

I think we have a little more thinking to do on how we want to update these (and default values.yaml container tags, etc.) as part of our release process.

[iagaponenko]

For my own education, are these the IP addresses on the SLAC network or on the internal Kubernetes network? If the former, then the next question - would it work at UKDF?

[fritzm]

Yes, these are SLAC/USDF and Google IDF. They are USDF-specific, and would need to be edited for UKDF, along with a few other items in the chart (storage class names, etc.)

We should shortly switch to having a "default" values.yaml, and then some site-specific ones. We need to decide whether or not we want to carry all that in the base Qserv repo. It doesn't feel quite "right", but if you recall, having separate repos like we had for a while with qserv-operator and qserv-injest was also confusing and painful...

[iagaponenko]

Just a minor comment - at some point (not in this PR) we should begin naming the development branch of Qserv similarly to how we do this in the production ("classic") version, e.g., 2026.3.2-pre.

[fritzm]

Agree