From 14aba9edb295f17004a56d4174159421f8e80201 Mon Sep 17 00:00:00 2001 From: Timur Tukaev <90071493+tym83@users.noreply.github.com> Date: Sun, 20 Jul 2025 15:56:25 +0500 Subject: [PATCH 01/80] Create CONTRIBUTOR_LADDER.md Contributor ladder is an important tool for community participants who are loyal to project and would like to take more responsibility in project. Besides, it's needed for CNCF Incubated applications Signed-off-by: Timur Tukaev <90071493+tym83@users.noreply.github.com> --- CONTRIBUTOR_LADDER.md | 151 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 CONTRIBUTOR_LADDER.md diff --git a/CONTRIBUTOR_LADDER.md b/CONTRIBUTOR_LADDER.md new file mode 100644 index 00000000..9e2f2d38 --- /dev/null +++ b/CONTRIBUTOR_LADDER.md @@ -0,0 +1,151 @@ +# Contributor Ladder Template + +* [Contributor Ladder](#contributor-ladder-template) + * [Community Participant](#community-participant) + * [Contributor](#contributor) + * [Reviewer](#reviewer) + * [Maintainer](#maintainer) +* [Inactivity](#inactivity) +* [Involuntary Removal](#involuntary-removal-or-demotion) +* [Stepping Down/Emeritus Process](#stepping-downemeritus-process) +* [Contact](#contact) + + +## Contributor Ladder + +Hello! We are excited that you want to learn more about our project contributor ladder! This contributor ladder outlines the different contributor roles within the project, along with the responsibilities and privileges that come with them. Community members generally start at the first levels of the "ladder" and advance up it as their involvement in the project grows. Our project members are happy to help you advance along the contributor ladder. + +Each of the contributor roles below is organized into lists of three types of things. "Responsibilities" are things that a contributor is expected to do. "Requirements" are qualifications a person needs to meet to be in that role, and "Privileges" are things contributors on that level are entitled to. + + +### Community Participant +Description: A Community Participant engages with the project and its community, contributing their time, thoughts, etc. Community participants are usually users who have stopped being anonymous and started being active in project discussions. + +* Responsibilities: + * Must follow the [CNCF CoC](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) +* How users can get involved with the community: + * Participating in community discussions + * Helping other users + * Submitting bug reports + * Commenting on issues + * Trying out new releases + * Attending community events + + +### Contributor +Description: A Contributor contributes directly to the project and adds value to it. Contributions need not be code. People at the Contributor level may be new contributors, or they may only contribute occasionally. + +* Responsibilities include: + * Follow the [CNCF CoC](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) + * Follow the project [contributing guide] (https://github.com/cozystack/cozystack/blob/main/CONTRIBUTING.md) +* Requirements (one or several of the below): + * Report and sometimes resolve issues + * Occasionally submit PRs + * Contribute to the documentation + * Show up at meetings, takes notes + * Answer questions from other community members + * Submit feedback on issues and PRs + * Test releases and patches and submit reviews + * Run or helps run events + * Promote the project in public + * Help run the project infrastructure +* Privileges: + * Invitations to contributor events + * Eligible to become a Maintainer + + +### Reviewer +Description: A Reviewer has responsibility for specific code, documentation, test, or other project areas. They are collectively responsible, with other Reviewers, for reviewing all changes to those areas and indicating whether those changes are ready to merge. They have a track record of contribution and review in the project. + +Reviewers are responsible for a "specific area." This can be a specific code directory, driver, chapter of the docs, test job, event, or other clearly-defined project component that is smaller than an entire repository or subproject. Most often it is one or a set of directories in one or more Git repositories. The "specific area" below refers to this area of responsibility. + +Reviewers have all the rights and responsibilities of a Contributor, plus: + +* Responsibilities include: + * Continues to contribute regularly, as demonstrated by having at least 15 PRs a year, as demonstrated by [Cozystack devstats](https://cozystack.devstats.cncf.io). + * Following the reviewing guide + * Reviewing most Pull Requests against their specific areas of responsibility + * Reviewing at least 40 PRs per year + * Helping other contributors become reviewers +* Requirements: + * Must have successful contributions to the project, including at least one of the following: + * 10 accepted PRs, + * Reviewed 20 PRs, + * Resolved and closed 20 Issues, + * Become responsible for a key project management area, + * Or some equivalent combination or contribution + * Must have been contributing for at least 6 months + * Must be actively contributing to at least one project area + * Must have two sponsors who are also Reviewers or Maintainers, at least one of whom does not work for the same employer + * Has reviewed, or helped review, at least 20 Pull Requests + * Has analyzed and resolved test failures in their specific area + * Has demonstrated an in-depth knowledge of the specific area + * Commits to being responsible for that specific area + * Is supportive of new and occasional contributors and helps get useful PRs in shape to commit +* Additional privileges: + * Has GitHub or CI/CD rights to approve pull requests in specific directories + * Can recommend and review other contributors to become Reviewers + * May be assigned Issues and Reviews + * May give commands to CI/CD automation + * Can recommend other contributors to become Reviewers + + +The process of becoming a Reviewer is: +1. The contributor is nominated by opening a PR against the appropriate repository, which adds their GitHub username to the OWNERS file for one or more directories. +2. At least two members of the team that owns that repository or main directory, who are already Approvers, approve the PR. + + +### Maintainer +Description: Maintainers are very established contributors who are responsible for the entire project. As such, they have the ability to approve PRs against any area of the project, and are expected to participate in making decisions about the strategy and priorities of the project. + +A Maintainer must meet the responsibilities and requirements of a Reviewer, plus: + +* Responsibilities include: + * Reviewing at least 40 PRs per year, especially PRs that involve multiple parts of the project + * Mentoring new Reviewers + * Writing refactoring PRs + * Participating in CNCF maintainer activities + * Determining strategy and policy for the project + * Participating in, and leading, community meetings +* Requirements + * Experience as a Reviewer for at least 6 months + * Demonstrates a broad knowledge of the project across multiple areas + * Is able to exercise judgment for the good of the project, independent of their employer, friends, or team + * Mentors other contributors + * Can commit to spending at least 10 hours per month working on the project +* Additional privileges: + * Approve PRs to any area of the project + * Represent the project in public as a Maintainer + * Communicate with the CNCF on behalf of the project + * Have a vote in Maintainer decision-making meetings + + +Process of becoming a maintainer: +1. Any current Maintainer may nominate a current Reviewer to become a new Maintainer, by opening a PR against the root of the cozystack repository adding the nominee as an Approver in the [MAINTAINERS](https://github.com/cozystack/cozystack/blob/main/MAINTAINERS.md) file. +2. The nominee will add a comment to the PR testifying that they agree to all requirements of becoming a Maintainer. +3. A majority of the current Maintainers must then approve the PR. + + +## Inactivity +It is important for contributors to be and stay active to set an example and show commitment to the project. Inactivity is harmful to the project as it may lead to unexpected delays, contributor attrition, and a lost of trust in the project. + +* Inactivity is measured by: + * Periods of no contributions for longer than 6 months + * Periods of no communication for longer than 3 months +* Consequences of being inactive include: + * Involuntary removal or demotion + * Being asked to move to Emeritus status + +## Involuntary Removal or Demotion + +Involuntary removal/demotion of a contributor happens when responsibilities and requirements aren't being met. This may include repeated patterns of inactivity, extended period of inactivity, a period of failing to meet the requirements of your role, and/or a violation of the Code of Conduct. This process is important because it protects the community and its deliverables while also opens up opportunities for new contributors to step in. + +Involuntary removal or demotion is handled through a vote by a majority of the current Maintainers. + +## Stepping Down/Emeritus Process +If and when contributors' commitment levels change, contributors can consider stepping down (moving down the contributor ladder) vs moving to emeritus status (completely stepping away from the project). + +Contact the Maintainers about changing to Emeritus status, or reducing your contributor level. + +## Contact +* For inquiries, please reach out to: @kvaps, @tym83 From 24482d958b4e36209cc633ed9349a91c920ca058 Mon Sep 17 00:00:00 2001 From: Marian Koreniuk Date: Wed, 10 Sep 2025 21:55:24 +0200 Subject: [PATCH 02/80] Update issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 44 ++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..f19d7317 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,44 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "[Bug]" +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +** Environment** +- Cozystack version +- Provider: on-prem, Hetzner or else + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + + +**Logs** +``` +Paste any relevant logs here +``` + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Additional context** +Add any other context about the problem here. + +**Checklist** +- [ ] I have checked the documentation +- [ ] I have searched for similar issues +- [ ] I have included all required information +- [ ] I have provided clear steps to reproduce +- [ ] I have included relevant logs From 7f8b673dbc4ab736549416c905c18e07a839ab67 Mon Sep 17 00:00:00 2001 From: Marian Koreniuk Date: Wed, 10 Sep 2025 22:01:37 +0200 Subject: [PATCH 03/80] Update bug_report.md Signed-off-by: Marian Koreniuk --- .github/ISSUE_TEMPLATE/bug_report.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index f19d7317..d38f73f9 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -2,7 +2,7 @@ name: Bug report about: Create a report to help us improve title: "[Bug]" -labels: '' +labels: 'bug' assignees: '' --- @@ -10,7 +10,7 @@ assignees: '' **Describe the bug** A clear and concise description of what the bug is. -** Environment** +**Environment** - Cozystack version - Provider: on-prem, Hetzner or else @@ -27,7 +27,7 @@ A clear and concise description of what you expected to happen. **Logs** ``` -Paste any relevant logs here +Paste any relevant logs here. Please redact tokens, passwords, private keys. ``` **Screenshots** From 16a700dabf4410295e0289466d94c5a1c8d16ef3 Mon Sep 17 00:00:00 2001 From: Marian Koreniuk Date: Thu, 11 Sep 2025 16:26:20 +0200 Subject: [PATCH 04/80] Fix bug_report.md Signed-off-by: Marian Koreniuk --- .github/ISSUE_TEMPLATE/bug_report.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index d38f73f9..609163c9 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,18 +1,21 @@ --- name: Bug report about: Create a report to help us improve -title: "[Bug]" labels: 'bug' assignees: '' --- + **Describe the bug** A clear and concise description of what the bug is. **Environment** - Cozystack version -- Provider: on-prem, Hetzner or else +- Provider: on-prem, Hetzner, and so on **To Reproduce** Steps to reproduce the behavior: @@ -21,8 +24,8 @@ Steps to reproduce the behavior: 3. Scroll down to '....' 4. See error -**Expected behavior** -A clear and concise description of what you expected to happen. +**Actual behaviour** +A clear and concise description of what happens when the bug occurs. Explain how the system currently behaves, including error messages, unexpected results, or incorrect functionality observed during execution. **Logs** @@ -31,7 +34,7 @@ Paste any relevant logs here. Please redact tokens, passwords, private keys. ``` **Screenshots** -If applicable, add screenshots to help explain your problem. +If applicable, add screenshots to help explain the problem. **Additional context** Add any other context about the problem here. From 5654ac4e3d49019650b7e6f0c35adb5661edd84f Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sun, 7 Sep 2025 05:14:23 -0500 Subject: [PATCH 05/80] Initial support for FoundationDB operator Signed-off-by: Isaiah Olson --- hack/e2e-apps/foundationdb.bats | 80 + packages/apps/foundationdb/.helmignore | 1 + packages/apps/foundationdb/Chart.yaml | 25 + packages/apps/foundationdb/Makefile | 4 + packages/apps/foundationdb/README.md | 136 + packages/apps/foundationdb/charts/cozy-lib | 1 + .../apps/foundationdb/logos/foundationdb.svg | 106 + .../foundationdb/templates/_resources.tpl | 33 + .../apps/foundationdb/templates/backup.yaml | 65 + .../apps/foundationdb/templates/cluster.yaml | 86 + .../templates/dashboard-resourcemap.yaml | 22 + .../templates/workloadmonitor.yaml | 20 + packages/apps/foundationdb/values.schema.json | 203 + packages/apps/foundationdb/values.yaml | 73 + packages/apps/versions_map | 1 + .../system/foundationdb-operator/.helmignore | 1 + .../system/foundationdb-operator/Chart.yaml | 3 + .../system/foundationdb-operator/Makefile | 19 + .../charts/fdb-operator/Chart.yaml | 23 + ....foundationdb.org_foundationdbbackups.yaml | 3899 ++++++++++++++ ...foundationdb.org_foundationdbclusters.yaml | 4784 +++++++++++++++++ ...foundationdb.org_foundationdbrestores.yaml | 100 + .../charts/fdb-operator/templates/NOTES.txt | 6 + .../fdb-operator/templates/_helpers.tpl | 60 + .../templates/manager/deployment.yaml | 117 + .../templates/rbac/rbac_role.yaml | 131 + .../templates/rbac/rbac_role_binding.yaml | 44 + .../templates/rbac/serviceaccount.yaml | 17 + .../charts/fdb-operator/values.yaml | 70 + .../system/foundationdb-operator/values.yaml | 4 + 30 files changed, 10134 insertions(+) create mode 100644 hack/e2e-apps/foundationdb.bats create mode 100644 packages/apps/foundationdb/.helmignore create mode 100644 packages/apps/foundationdb/Chart.yaml create mode 100644 packages/apps/foundationdb/Makefile create mode 100644 packages/apps/foundationdb/README.md create mode 120000 packages/apps/foundationdb/charts/cozy-lib create mode 100644 packages/apps/foundationdb/logos/foundationdb.svg create mode 100644 packages/apps/foundationdb/templates/_resources.tpl create mode 100644 packages/apps/foundationdb/templates/backup.yaml create mode 100644 packages/apps/foundationdb/templates/cluster.yaml create mode 100644 packages/apps/foundationdb/templates/dashboard-resourcemap.yaml create mode 100644 packages/apps/foundationdb/templates/workloadmonitor.yaml create mode 100644 packages/apps/foundationdb/values.schema.json create mode 100644 packages/apps/foundationdb/values.yaml create mode 100644 packages/system/foundationdb-operator/.helmignore create mode 100644 packages/system/foundationdb-operator/Chart.yaml create mode 100644 packages/system/foundationdb-operator/Makefile create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml create mode 100644 packages/system/foundationdb-operator/charts/fdb-operator/values.yaml create mode 100644 packages/system/foundationdb-operator/values.yaml diff --git a/hack/e2e-apps/foundationdb.bats b/hack/e2e-apps/foundationdb.bats new file mode 100644 index 00000000..e9e43cad --- /dev/null +++ b/hack/e2e-apps/foundationdb.bats @@ -0,0 +1,80 @@ +#!/usr/bin/env bats + +@test "Create DB FoundationDB" { + name='test' + kubectl apply -f - </dev/null; do sleep 5; done" +} \ No newline at end of file diff --git a/packages/apps/foundationdb/.helmignore b/packages/apps/foundationdb/.helmignore new file mode 100644 index 00000000..33ceb8f0 --- /dev/null +++ b/packages/apps/foundationdb/.helmignore @@ -0,0 +1 @@ +Makefile \ No newline at end of file diff --git a/packages/apps/foundationdb/Chart.yaml b/packages/apps/foundationdb/Chart.yaml new file mode 100644 index 00000000..d0463fdf --- /dev/null +++ b/packages/apps/foundationdb/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: foundationdb +description: Managed FoundationDB service +icon: /logos/foundationdb.svg + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "7.4.1" \ No newline at end of file diff --git a/packages/apps/foundationdb/Makefile b/packages/apps/foundationdb/Makefile new file mode 100644 index 00000000..b885e4b1 --- /dev/null +++ b/packages/apps/foundationdb/Makefile @@ -0,0 +1,4 @@ +include ../../../scripts/package.mk + +generate: + cozyvalues-gen -v values.yaml -s values.schema.json -r README.md \ No newline at end of file diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md new file mode 100644 index 00000000..b5245013 --- /dev/null +++ b/packages/apps/foundationdb/README.md @@ -0,0 +1,136 @@ +# FoundationDB + +A managed FoundationDB service for Cozystack. + +## Overview + +FoundationDB is a distributed database designed to handle large volumes of structured data across clusters of commodity servers. It organizes data as an ordered key-value store and employs ACID transactions for all operations. + +This package provides a managed FoundationDB cluster deployment using the FoundationDB Kubernetes Operator. + +## Features + +- **High Availability**: Multi-instance deployment with automatic failover +- **ACID Transactions**: Full ACID transaction support across the cluster +- **Scalable**: Easily scale storage and compute resources +- **Backup Integration**: Optional S3-compatible backup storage +- **Monitoring**: Built-in monitoring and alerting through WorkloadMonitor +- **Flexible Configuration**: Support for custom FoundationDB parameters + +## Configuration + +### Basic Configuration + +```yaml +# Number of total instances +replicas: 3 + +# Cluster process configuration +cluster: + version: "7.4.1" + processCounts: + storage: 3 # Storage processes + stateless: -1 # Automatically calculated + cluster_controller: 1 +``` + +### Storage + +```yaml +storage: + size: "16Gi" # Storage size per instance + storageClass: "" # Storage class (optional) +``` + +### Resources + +```yaml +resources: + preset: "medium" # small, medium, large, xlarge + # Custom overrides + limits: + cpu: "2000m" + memory: "4Gi" + requests: + cpu: "1000m" + memory: "2Gi" +``` + +### Backup (Optional) + +```yaml +backup: + enabled: true + s3: + bucket: "my-fdb-backups" + endpoint: "https://s3.amazonaws.com" + region: "us-east-1" + credentials: + accessKeyId: "AKIA..." + secretAccessKey: "..." + retentionPolicy: "7d" +``` + +### Advanced Configuration + +```yaml +advanced: + # Custom FoundationDB parameters + customParameters: + - "knob_disable_posix_kernel_aio=1" + + # Image type (split recommended for production) + imageType: "split" + + # Enable automatic pod replacements + automaticReplacements: true +``` + +## Prerequisites + +- FoundationDB Operator must be installed in the cluster +- Sufficient storage and compute resources +- For backups: S3-compatible storage credentials + +## Deployment + +1. Install the FoundationDB operator (system package) +2. Deploy this application package with your desired configuration +3. The cluster will be automatically provisioned and configured + +## Monitoring + +This package includes WorkloadMonitor integration for cluster health monitoring and resource tracking. Monitoring can be disabled by setting: + +```yaml +monitoring: + enabled: false +``` + +## Security + +- All containers run with restricted security contexts +- No privilege escalation allowed +- Read-only root filesystem where possible +- Custom security context configurations supported + +## Fault Tolerance + +FoundationDB is designed for high availability: +- Automatic failure detection and recovery +- Data replication across instances +- Configurable fault domains for rack/zone awareness +- Transaction log redundancy + +## Performance Considerations + +- Use SSD storage for better performance +- Consider dedicating nodes for storage processes +- Monitor cluster metrics for optimization opportunities +- Scale storage and stateless processes based on workload + +## Support + +For issues related to FoundationDB itself, refer to the [FoundationDB documentation](https://apple.github.io/foundationdb/). + +For Cozystack-specific issues, consult the Cozystack documentation or support channels. \ No newline at end of file diff --git a/packages/apps/foundationdb/charts/cozy-lib b/packages/apps/foundationdb/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/foundationdb/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/foundationdb/logos/foundationdb.svg b/packages/apps/foundationdb/logos/foundationdb.svg new file mode 100644 index 00000000..6ff3bd28 --- /dev/null +++ b/packages/apps/foundationdb/logos/foundationdb.svg @@ -0,0 +1,106 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packages/apps/foundationdb/templates/_resources.tpl b/packages/apps/foundationdb/templates/_resources.tpl new file mode 100644 index 00000000..e21e34e0 --- /dev/null +++ b/packages/apps/foundationdb/templates/_resources.tpl @@ -0,0 +1,33 @@ +{{/* +Common resource definitions +*/}} +{{- define "foundationdb.resources" -}} +{{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resources.preset .Values.resources $) }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "foundationdb.labels" -}} +helm.sh/chart: {{ include "foundationdb.chart" . }} +{{ include "foundationdb.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "foundationdb.selectorLabels" -}} +app.kubernetes.io/name: foundationdb +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Chart name and version +*/}} +{{- define "foundationdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/backup.yaml b/packages/apps/foundationdb/templates/backup.yaml new file mode 100644 index 00000000..129a7b2c --- /dev/null +++ b/packages/apps/foundationdb/templates/backup.yaml @@ -0,0 +1,65 @@ +{{- if .Values.backup.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-s3-creds + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + AWS_ACCESS_KEY_ID: {{ .Values.backup.s3.credentials.accessKeyId | b64enc }} + AWS_SECRET_ACCESS_KEY: {{ .Values.backup.s3.credentials.secretAccessKey | b64enc }} + +--- +apiVersion: apps.foundationdb.org/v1beta2 +kind: FoundationDBBackup +metadata: + name: {{ .Release.Name }}-backup + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + clusterName: {{ .Release.Name }} + + backupState: Running + + backupDeploymentSpec: + podTemplateSpec: + spec: + containers: + - name: foundationdb + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + runAsUser: 0 + + customParameters: + - backup_agent_snapshot_mode=0 + + snapshotPeriodSeconds: 3600 + + blobStoreConfiguration: + accountName: {{ .Values.backup.s3.bucket }} + bucket: {{ .Values.backup.s3.bucket }} + {{- if .Values.backup.s3.endpoint }} + endpoint: {{ .Values.backup.s3.endpoint }} + {{- end }} + credentials: + AWS_ACCESS_KEY_ID: + secretKeyRef: + name: {{ .Release.Name }}-s3-creds + key: AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: + secretKeyRef: + name: {{ .Release.Name }}-s3-creds + key: AWS_SECRET_ACCESS_KEY +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/cluster.yaml b/packages/apps/foundationdb/templates/cluster.yaml new file mode 100644 index 00000000..40038a2f --- /dev/null +++ b/packages/apps/foundationdb/templates/cluster.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps.foundationdb.org/v1beta2 +kind: FoundationDBCluster +metadata: + name: {{ .Release.Name }} + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + version: {{ .Values.cluster.version | quote }} + + processCounts: + {{- toYaml .Values.cluster.processCounts | nindent 4 }} + + automationOptions: + replacements: + enabled: {{ .Values.advanced.automaticReplacements }} + faultDomain: + key: {{ .Values.cluster.faultDomain.key }} + {{- if .Values.cluster.faultDomain.valueFrom }} + valueFrom: {{ .Values.cluster.faultDomain.valueFrom }} + {{- end }} + imageType: {{ .Values.advanced.imageType }} + labels: + filterOnOwnerReference: false + matchLabels: + foundationdb.org/fdb-cluster-name: {{ .Release.Name }} + processClassLabels: + - foundationdb.org/fdb-process-class + processGroupIDLabels: + - foundationdb.org/fdb-process-group-id + minimumUptimeSecondsForBounce: 60 + + processes: + general: + {{- if .Values.advanced.customParameters }} + customParameters: + {{- range .Values.advanced.customParameters }} + - {{ . }} + {{- end }} + {{- end }} + podTemplate: + spec: + containers: + - name: foundationdb + resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resources.preset .Values.resources $) | nindent 16 }} + securityContext: + {{- toYaml .Values.advanced.securityContext | nindent 16 }} + - name: foundationdb-kubernetes-sidecar + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + {{- toYaml .Values.advanced.securityContext | nindent 16 }} + initContainers: + - name: foundationdb-kubernetes-init + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + securityContext: + {{- toYaml .Values.advanced.securityContext | nindent 16 }} + + volumeClaimTemplate: + spec: + {{- if .Values.storage.storageClass }} + storageClassName: {{ .Values.storage.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.size }} + + routing: + defineDNSLocalityFields: true + + sidecarContainer: + enableLivenessProbe: true + enableReadinessProbe: true \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/dashboard-resourcemap.yaml b/packages/apps/foundationdb/templates/dashboard-resourcemap.yaml new file mode 100644 index 00000000..ea378769 --- /dev/null +++ b/packages/apps/foundationdb/templates/dashboard-resourcemap.yaml @@ -0,0 +1,22 @@ +{{- if .Values.monitoring.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-resourcemap + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.cozystack.io/type: dashboard-resourcemap +data: + resources: | + - apiVersion: apps.foundationdb.org/v1beta2 + kind: FoundationDBCluster + name: {{ .Release.Name }} + {{- if .Values.backup.enabled }} + - apiVersion: apps.foundationdb.org/v1beta2 + kind: FoundationDBBackup + name: {{ .Release.Name }}-backup + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/workloadmonitor.yaml b/packages/apps/foundationdb/templates/workloadmonitor.yaml new file mode 100644 index 00000000..b06fe877 --- /dev/null +++ b/packages/apps/foundationdb/templates/workloadmonitor.yaml @@ -0,0 +1,20 @@ +{{- if .Values.monitoring.enabled }} +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: {{ .Release.Name }} + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + minReplicas: 1 + kind: foundationdb + type: foundationdb + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: foundationdb + version: {{ .Chart.Version }} +{{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json new file mode 100644 index 00000000..d12a605f --- /dev/null +++ b/packages/apps/foundationdb/values.schema.json @@ -0,0 +1,203 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "replicas": { + "type": "integer", + "minimum": 1, + "default": 3, + "title": "Number of replicas", + "description": "Total number of FoundationDB instances" + }, + "cluster": { + "type": "object", + "title": "Cluster Configuration", + "properties": { + "processCounts": { + "type": "object", + "title": "Process Counts", + "properties": { + "stateless": { + "type": "integer", + "default": -1, + "title": "Stateless processes", + "description": "Number of stateless processes (-1 for automatic)" + }, + "storage": { + "type": "integer", + "minimum": 1, + "default": 3, + "title": "Storage processes", + "description": "Number of storage processes" + }, + "cluster_controller": { + "type": "integer", + "minimum": 1, + "default": 1, + "title": "Cluster controllers", + "description": "Number of cluster controller processes" + } + } + }, + "version": { + "type": "string", + "default": "7.4.1", + "title": "FoundationDB Version", + "description": "Version of FoundationDB to deploy" + }, + "faultDomain": { + "type": "object", + "title": "Fault Domain", + "properties": { + "key": { + "type": "string", + "default": "foundationdb.org/none", + "title": "Fault domain key" + }, + "valueFrom": { + "type": "string", + "default": "$FDB_ZONE_ID", + "title": "Fault domain value source" + } + } + } + } + }, + "storage": { + "type": "object", + "title": "Storage Configuration", + "properties": { + "size": { + "type": "string", + "default": "16Gi", + "title": "Storage size", + "description": "Size of persistent volumes for each instance" + }, + "storageClass": { + "type": "string", + "title": "Storage class", + "description": "Kubernetes storage class to use (optional)" + } + } + }, + "resources": { + "type": "object", + "title": "Resource Configuration", + "properties": { + "preset": { + "type": "string", + "enum": ["small", "medium", "large", "xlarge"], + "default": "medium", + "title": "Resource preset", + "description": "Predefined resource configuration" + }, + "limits": { + "type": "object", + "title": "Resource limits", + "properties": { + "cpu": {"type": "string"}, + "memory": {"type": "string"} + } + }, + "requests": { + "type": "object", + "title": "Resource requests", + "properties": { + "cpu": {"type": "string"}, + "memory": {"type": "string"} + } + } + } + }, + "backup": { + "type": "object", + "title": "Backup Configuration", + "properties": { + "enabled": { + "type": "boolean", + "default": false, + "title": "Enable backups", + "description": "Enable automatic backups to S3" + }, + "s3": { + "type": "object", + "title": "S3 Configuration", + "properties": { + "bucket": { + "type": "string", + "title": "S3 bucket name" + }, + "endpoint": { + "type": "string", + "title": "S3 endpoint URL" + }, + "region": { + "type": "string", + "default": "us-east-1", + "title": "S3 region" + }, + "credentials": { + "type": "object", + "title": "S3 credentials", + "properties": { + "accessKeyId": { + "type": "string", + "title": "Access key ID" + }, + "secretAccessKey": { + "type": "string", + "title": "Secret access key" + } + } + } + } + }, + "retentionPolicy": { + "type": "string", + "default": "7d", + "title": "Retention policy", + "description": "How long to keep backups" + } + } + }, + "monitoring": { + "type": "object", + "title": "Monitoring", + "properties": { + "enabled": { + "type": "boolean", + "default": true, + "title": "Enable monitoring", + "description": "Enable WorkloadMonitor integration" + } + } + }, + "advanced": { + "type": "object", + "title": "Advanced Configuration", + "properties": { + "customParameters": { + "type": "array", + "title": "Custom parameters", + "description": "Custom FoundationDB parameters", + "items": { + "type": "string" + } + }, + "imageType": { + "type": "string", + "enum": ["unified", "split"], + "default": "split", + "title": "Image type", + "description": "Container image deployment type" + }, + "automaticReplacements": { + "type": "boolean", + "default": true, + "title": "Automatic replacements", + "description": "Enable automatic pod replacements" + } + } + } + } +} \ No newline at end of file diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml new file mode 100644 index 00000000..1db095fd --- /dev/null +++ b/packages/apps/foundationdb/values.yaml @@ -0,0 +1,73 @@ +# Default values for foundationdb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Number of replicas (total instances) +replicas: 3 + +# Cluster configuration +cluster: + # Process counts for different roles + processCounts: + stateless: -1 # Automatically calculated + storage: 3 # Storage processes + cluster_controller: 1 + + # Version of FoundationDB to use + version: "7.4.1" + + # Fault domain configuration + faultDomain: + key: "foundationdb.org/none" + valueFrom: "$FDB_ZONE_ID" + +# Storage configuration +storage: + # Size of persistent volumes + size: "16Gi" + # Storage class (if not set, uses cluster default) + storageClass: "" + +# Resource configuration +resources: + # Resource preset (will be used by cozy-lib) + preset: "medium" + # Custom resource overrides + limits: {} + requests: {} + +# Backup configuration +backup: + enabled: false + # S3 configuration for backups + s3: + bucket: "" + endpoint: "" + region: "us-east-1" + credentials: + accessKeyId: "" + secretAccessKey: "" + # Retention policy for backups + retentionPolicy: "7d" + +# Monitoring +monitoring: + enabled: true + +# Advanced configuration +advanced: + # Custom parameters to pass to FoundationDB + customParameters: [] + # Example: + # - knob_disable_posix_kernel_aio=1 + + # Image type (split recommended for production) + imageType: "split" + + # Security context for containers + securityContext: + runAsUser: 0 + runAsGroup: 0 + + # Enable automatic replacements + automaticReplacements: true \ No newline at end of file diff --git a/packages/apps/versions_map b/packages/apps/versions_map index 5473c355..81f467d7 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -33,6 +33,7 @@ ferretdb 0.7.1 4369b031 ferretdb 0.8.0 08cb7c0f ferretdb 1.0.0 c02a3818 ferretdb 1.1.0 HEAD +foundationdb 0.1.0 HEAD http-cache 0.1.0 263e47be http-cache 0.2.0 53f2365e http-cache 0.3.0 6c5cf5bf diff --git a/packages/system/foundationdb-operator/.helmignore b/packages/system/foundationdb-operator/.helmignore new file mode 100644 index 00000000..33ceb8f0 --- /dev/null +++ b/packages/system/foundationdb-operator/.helmignore @@ -0,0 +1 @@ +Makefile \ No newline at end of file diff --git a/packages/system/foundationdb-operator/Chart.yaml b/packages/system/foundationdb-operator/Chart.yaml new file mode 100644 index 00000000..7685387c --- /dev/null +++ b/packages/system/foundationdb-operator/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-foundationdb-operator +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process \ No newline at end of file diff --git a/packages/system/foundationdb-operator/Makefile b/packages/system/foundationdb-operator/Makefile new file mode 100644 index 00000000..f735e7c5 --- /dev/null +++ b/packages/system/foundationdb-operator/Makefile @@ -0,0 +1,19 @@ +export NAME=foundationdb-operator +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + rm -rf charts + git clone --depth 1 --branch v2.13.0 https://github.com/FoundationDB/fdb-kubernetes-operator.git tmp-repo + mkdir -p charts + cp -r tmp-repo/charts/fdb-operator charts/ + # Remove symlinked CRDs and replace with actual files + rm -f charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml + rm -f charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml + rm -f charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml + cp tmp-repo/config/crd/bases/apps.foundationdb.org_foundationdbbackups.yaml charts/fdb-operator/crds/ + cp tmp-repo/config/crd/bases/apps.foundationdb.org_foundationdbclusters.yaml charts/fdb-operator/crds/ + cp tmp-repo/config/crd/bases/apps.foundationdb.org_foundationdbrestores.yaml charts/fdb-operator/crds/ + rm -rf tmp-repo + rm -rf charts/fdb-operator/charts \ No newline at end of file diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml new file mode 100644 index 00000000..e9824f59 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: fdb-operator +description: A Helm chart for foundationDB operator +home: https://www.foundationdb.org/ +sources: + - https://github.com/FoundationDB/fdb-kubernetes-operator/tree/main/charts/fdb-operator +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.2.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: v2.13.0 +maintainers: + - name: "foundationdb-ci" diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml new file mode 100644 index 00000000..ee1f50d6 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbbackups.yaml @@ -0,0 +1,3899 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + foundationdb.org/release: v2.13.0 + name: foundationdbbackups.apps.foundationdb.org +spec: + group: apps.foundationdb.org + names: + kind: FoundationDBBackup + listKind: FoundationDBBackupList + plural: foundationdbbackups + shortNames: + - fdbbackup + singular: foundationdbbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Latest generation of the spec + jsonPath: .metadata.generation + name: Generation + type: integer + - description: Last reconciled generation of the spec + jsonPath: .status.generations.reconciled + name: Reconciled + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + agentCount: + type: integer + allowTagOverride: + default: false + type: boolean + backupDeploymentMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + backupState: + enum: + - Running + - Stopped + - Paused + type: string + backupType: + default: backup_agent + enum: + - backup_agent + - partitioned_log + maxLength: 64 + type: string + blobStoreConfiguration: + properties: + accountName: + maxLength: 100 + type: string + backupName: + maxLength: 1024 + type: string + bucket: + maxLength: 63 + minLength: 3 + type: string + urlParameters: + items: + maxLength: 1024 + type: string + maxItems: 100 + type: array + required: + - accountName + type: object + clusterName: + type: string + customParameters: + items: + maxLength: 100 + type: string + maxItems: 100 + type: array + encryptionKeyPath: + maxLength: 4096 + type: string + imageType: + default: split + enum: + - split + - unified + maxLength: 1024 + type: string + mainContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + podTemplateSpec: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + items: + properties: + name: + type: string + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + sidecarContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + snapshotPeriodSeconds: + type: integer + version: + type: string + required: + - clusterName + - version + type: object + status: + properties: + agentCount: + type: integer + backupDetails: + properties: + paused: + type: boolean + running: + type: boolean + snapshotTime: + type: integer + url: + type: string + type: object + deploymentConfigured: + type: boolean + generations: + properties: + needsBackupAgentUpdate: + format: int64 + type: integer + needsBackupModification: + format: int64 + type: integer + needsBackupPauseToggle: + format: int64 + type: integer + needsBackupStart: + format: int64 + type: integer + needsBackupStop: + format: int64 + type: integer + reconciled: + format: int64 + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml new file mode 100644 index 00000000..d65a97b1 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbclusters.yaml @@ -0,0 +1,4784 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + foundationdb.org/release: v2.13.0 + name: foundationdbclusters.apps.foundationdb.org +spec: + group: apps.foundationdb.org + names: + kind: FoundationDBCluster + listKind: FoundationDBClusterList + plural: foundationdbclusters + shortNames: + - fdb + singular: foundationdbcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Latest generation of the spec + jsonPath: .metadata.generation + name: Generation + type: integer + - description: Last reconciled generation of the spec + jsonPath: .status.generations.reconciled + name: Reconciled + type: integer + - description: Database available + jsonPath: .status.health.available + name: Available + type: boolean + - description: Database fully replicated + jsonPath: .status.health.fullReplication + name: FullReplication + type: boolean + - description: Number of reconciled process groups + jsonPath: .status.reconciledProcessGroups + name: ReconciledProcessGroups + priority: 1 + type: integer + - description: Desired number of process groups + jsonPath: .status.desiredProcessGroups + name: DesiredProcessGroups + priority: 1 + type: integer + - description: Running version + jsonPath: .status.runningVersion + name: Version + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + automationOptions: + properties: + cacheDatabaseStatusForReconciliation: + type: boolean + configureDatabase: + type: boolean + databaseInteractionMode: + maxLength: 256 + type: string + deletionMode: + default: Zone + enum: + - All + - Zone + - ProcessGroup + - None + type: string + failedPodDurationSeconds: + type: integer + ignoreLogGroupsForUpgrade: + items: + maxLength: 256 + type: string + maxItems: 10 + type: array + ignoreMissingProcessesSeconds: + type: integer + ignorePendingPodsDuration: + format: int64 + type: integer + ignoreTerminatingPodsSeconds: + type: integer + killProcesses: + type: boolean + maintenanceModeOptions: + properties: + UseMaintenanceModeChecker: + type: boolean + maintenanceModeTimeSeconds: + type: integer + resetMaintenanceMode: + type: boolean + type: object + maxConcurrentReplacements: + minimum: 0 + type: integer + podUpdateStrategy: + default: ReplaceTransactionSystem + enum: + - Replace + - ReplaceTransactionSystem + - Delete + type: string + removalMode: + default: Zone + enum: + - All + - Zone + - ProcessGroup + - None + type: string + replacements: + properties: + enabled: + type: boolean + failureDetectionTimeSeconds: + type: integer + faultDomainBasedReplacements: + type: boolean + maxConcurrentReplacements: + default: 1 + minimum: 0 + type: integer + maxFaultDomainsWithTaintedProcessGroups: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + taintReplacementOptions: + items: + properties: + durationInSeconds: + format: int64 + minimum: 0 + type: integer + key: + maxLength: 256 + pattern: ^([\-._\/a-z0-9A-Z\*])*$ + type: string + required: + - durationInSeconds + - key + type: object + maxItems: 32 + type: array + taintReplacementTimeSeconds: + type: integer + type: object + synchronizationMode: + default: local + enum: + - local + - global + type: string + useLocalitiesForExclusion: + type: boolean + useManagementAPI: + type: boolean + useNonBlockingExcludes: + type: boolean + waitBetweenRemovalsSeconds: + type: integer + type: object + buggify: + properties: + blockRemoval: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 1000 + type: array + crashLoop: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + type: array + crashLoopContainers: + items: + properties: + containerName: + maxLength: 253 + minLength: 1 + type: string + targets: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 10000 + minItems: 0 + type: array + type: object + maxItems: 8 + minItems: 0 + type: array + emptyMonitorConf: + type: boolean + ignoreDuringRestart: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 1000 + type: array + noSchedule: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + type: array + type: object + configMap: + properties: + apiVersion: + type: string + binaryData: + additionalProperties: + format: byte + type: string + type: object + data: + additionalProperties: + type: string + type: object + immutable: + type: boolean + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + type: object + coordinatorSelection: + items: + properties: + priority: + type: integer + processClass: + type: string + type: object + type: array + dataCenter: + type: string + dataHall: + type: string + databaseConfiguration: + properties: + commit_proxies: + type: integer + excluded_servers: + items: + properties: + address: + maxLength: 48 + type: string + locality: + maxLength: 200 + type: string + type: object + maxItems: 1024 + type: array + grv_proxies: + type: integer + log_routers: + type: integer + log_spill: + type: integer + log_version: + type: integer + logs: + type: integer + perpetual_storage_wiggle: + type: integer + perpetual_storage_wiggle_engine: + enum: + - "" + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + - none + maxLength: 100 + type: string + perpetual_storage_wiggle_locality: + type: string + proxies: + type: integer + redundancy_mode: + enum: + - single + - double + - triple + - three_data_hall + maxLength: 100 + type: string + regions: + items: + properties: + datacenters: + items: + properties: + id: + type: string + priority: + type: integer + satellite: + maximum: 1 + minimum: 0 + type: integer + type: object + type: array + satellite_logs: + type: integer + satellite_redundancy_mode: + maxLength: 100 + type: string + type: object + type: array + remote_logs: + type: integer + resolvers: + type: integer + storage: + type: integer + storage_engine: + default: ssd-2 + enum: + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + maxLength: 100 + type: string + storage_migration_type: + enum: + - "" + - disabled + - aggressive + - gradual + maxLength: 100 + type: string + usable_regions: + type: integer + type: object + faultDomain: + properties: + key: + type: string + value: + type: string + valueFrom: + type: string + zoneCount: + type: integer + zoneIndex: + type: integer + type: object + ignoreUpgradabilityChecks: + type: boolean + imageType: + default: unified + enum: + - split + - unified + maxLength: 1024 + type: string + labels: + properties: + filterOnOwnerReference: + type: boolean + matchLabels: + additionalProperties: + type: string + type: object + processClassLabels: + items: + type: string + maxItems: 100 + type: array + processGroupIDLabels: + items: + type: string + maxItems: 100 + type: array + resourceLabels: + additionalProperties: + type: string + type: object + type: object + lockOptions: + properties: + denyList: + items: + properties: + allow: + type: boolean + id: + type: string + type: object + type: array + disableLocks: + type: boolean + lockDurationMinutes: + type: integer + lockKeyPrefix: + type: string + type: object + logGroup: + type: string + logServersPerPod: + type: integer + mainContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + maxZonesWithUnavailablePods: + type: integer + minimumUptimeSecondsForBounce: + default: 600 + minimum: 1 + type: integer + partialConnectionString: + properties: + coordinators: + items: + type: string + type: array + databaseName: + type: string + generationID: + type: string + type: object + processCounts: + properties: + backup: + type: integer + cluster_controller: + type: integer + commit_proxy: + type: integer + coordinator: + type: integer + data_distributor: + type: integer + fast_restore: + type: integer + grv_proxy: + type: integer + log: + type: integer + master: + type: integer + proxy: + type: integer + ratekeeper: + type: integer + resolution: + type: integer + router: + type: integer + stateless: + type: integer + storage: + type: integer + storage_cache: + type: integer + test: + type: integer + tester: + type: integer + transaction: + type: integer + unset: + type: integer + type: object + processGroupIDPrefix: + maxLength: 43 + pattern: ^[a-z0-9A-Z]([\-._a-z0-9A-Z])*[a-z0-9A-Z]$ + type: string + processGroupsToRemove: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 500 + minItems: 0 + type: array + processGroupsToRemoveWithoutExclusion: + items: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + maxItems: 500 + minItems: 0 + type: array + processes: + additionalProperties: + properties: + customParameters: + items: + maxLength: 100 + type: string + maxItems: 100 + type: array + podTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + stopSignal: + type: string + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + items: + properties: + name: + type: string + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxChangePolicy: + type: string + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + volumeClaimTemplate: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object + phase: + type: string + type: object + type: object + type: object + type: object + replaceInstancesWhenResourcesChange: + default: false + type: boolean + routing: + properties: + defineDNSLocalityFields: + type: boolean + dnsDomain: + maxLength: 253 + minLength: 1 + type: string + headlessService: + type: boolean + podIPFamily: + type: integer + publicIPSource: + type: string + useDNSInClusterFile: + type: boolean + type: object + seedConnectionString: + type: string + sidecarContainer: + properties: + enableLivenessProbe: + type: boolean + enableReadinessProbe: + type: boolean + enableTls: + type: boolean + imageConfigs: + items: + properties: + baseImage: + maxLength: 200 + type: string + tag: + maxLength: 100 + type: string + tagSuffix: + maxLength: 50 + type: string + version: + maxLength: 20 + type: string + type: object + maxItems: 100 + type: array + peerVerificationRules: + maxLength: 10000 + type: string + type: object + sidecarVariables: + items: + type: string + type: array + skip: + default: false + type: boolean + storageServersPerPod: + type: integer + trustedCAs: + items: + type: string + type: array + useExplicitListenAddress: + type: boolean + version: + pattern: (\d+)\.(\d+)\.(\d+) + type: string + required: + - version + type: object + status: + properties: + configured: + type: boolean + connectionString: + type: string + databaseConfiguration: + properties: + commit_proxies: + type: integer + excluded_servers: + items: + properties: + address: + maxLength: 48 + type: string + locality: + maxLength: 200 + type: string + type: object + maxItems: 1024 + type: array + grv_proxies: + type: integer + log_routers: + type: integer + log_spill: + type: integer + log_version: + type: integer + logs: + type: integer + perpetual_storage_wiggle: + type: integer + perpetual_storage_wiggle_engine: + enum: + - "" + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + - none + maxLength: 100 + type: string + perpetual_storage_wiggle_locality: + type: string + proxies: + type: integer + redundancy_mode: + enum: + - single + - double + - triple + - three_data_hall + maxLength: 100 + type: string + regions: + items: + properties: + datacenters: + items: + properties: + id: + type: string + priority: + type: integer + satellite: + maximum: 1 + minimum: 0 + type: integer + type: object + type: array + satellite_logs: + type: integer + satellite_redundancy_mode: + maxLength: 100 + type: string + type: object + type: array + remote_logs: + type: integer + resolvers: + type: integer + storage: + type: integer + storage_engine: + default: ssd-2 + enum: + - ssd + - ssd-1 + - ssd-2 + - memory + - memory-1 + - memory-2 + - ssd-redwood-1-experimental + - ssd-redwood-1 + - ssd-rocksdb-experimental + - ssd-rocksdb-v1 + - ssd-sharded-rocksdb + - memory-radixtree-beta + - custom + maxLength: 100 + type: string + storage_migration_type: + enum: + - "" + - disabled + - aggressive + - gradual + maxLength: 100 + type: string + usable_regions: + type: integer + type: object + desiredProcessGroups: + type: integer + generations: + properties: + hasExtraListeners: + format: int64 + type: integer + hasPendingRemoval: + format: int64 + type: integer + hasUnhealthyProcess: + format: int64 + type: integer + missingDatabaseStatus: + format: int64 + type: integer + needsBounce: + format: int64 + type: integer + needsConfigurationChange: + format: int64 + type: integer + needsCoordinatorChange: + format: int64 + type: integer + needsGrow: + format: int64 + type: integer + needsLockConfigurationChanges: + format: int64 + type: integer + needsMonitorConfUpdate: + format: int64 + type: integer + needsPodDeletion: + format: int64 + type: integer + needsServiceUpdate: + format: int64 + type: integer + needsShrink: + format: int64 + type: integer + reconciled: + format: int64 + type: integer + type: object + hasIncorrectConfigMap: + type: boolean + hasIncorrectServiceConfig: + type: boolean + hasListenIPsForAllPods: + type: boolean + health: + properties: + available: + type: boolean + dataMovementPriority: + type: integer + fullReplication: + type: boolean + healthy: + type: boolean + type: object + imageTypes: + items: + maxLength: 1024 + type: string + maxItems: 10 + type: array + locks: + properties: + lockDenyList: + items: + type: string + type: array + type: object + logServersPerDisk: + items: + type: integer + maxItems: 5 + type: array + maintenanceModeInfo: + properties: + processGroups: + items: + type: string + maxItems: 200 + type: array + startTimestamp: + format: date-time + type: string + zoneID: + maxLength: 512 + type: string + type: object + needsNewCoordinators: + type: boolean + processGroups: + items: + properties: + addresses: + items: + type: string + type: array + exclusionSkipped: + type: boolean + exclusionTimestamp: + format: date-time + type: string + faultDomain: + maxLength: 512 + type: string + processClass: + type: string + processGroupConditions: + items: + properties: + timestamp: + format: int64 + type: integer + type: + type: string + type: object + type: array + processGroupID: + maxLength: 63 + pattern: ^(([\w-]+)-(\d+)|\*)$ + type: string + removalTimestamp: + format: date-time + type: string + type: object + type: array + reconciledProcessGroups: + type: integer + requiredAddresses: + properties: + nonTLS: + type: boolean + tls: + type: boolean + type: object + runningVersion: + type: string + storageServersPerDisk: + items: + type: integer + maxItems: 5 + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml new file mode 100644 index 00000000..2f02fb0f --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/crds/apps.foundationdb.org_foundationdbrestores.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.18.0 + foundationdb.org/release: v2.13.0 + name: foundationdbrestores.apps.foundationdb.org +spec: + group: apps.foundationdb.org + names: + kind: FoundationDBRestore + listKind: FoundationDBRestoreList + plural: foundationdbrestores + shortNames: + - fdbrestore + singular: foundationdbrestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.state + name: State + type: string + name: v1beta2 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + blobStoreConfiguration: + properties: + accountName: + maxLength: 100 + type: string + backupName: + maxLength: 1024 + type: string + bucket: + maxLength: 63 + minLength: 3 + type: string + urlParameters: + items: + maxLength: 1024 + type: string + maxItems: 100 + type: array + required: + - accountName + type: object + customParameters: + items: + maxLength: 100 + type: string + maxItems: 100 + type: array + destinationClusterName: + type: string + encryptionKeyPath: + maxLength: 4096 + type: string + keyRanges: + items: + properties: + end: + pattern: ^[A-Za-z0-9\/\\-]+$ + type: string + start: + pattern: ^[A-Za-z0-9\/\\-]+$ + type: string + required: + - end + - start + type: object + type: array + required: + - destinationClusterName + type: object + status: + properties: + running: + type: boolean + state: + maxLength: 50 + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt b/packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt new file mode 100644 index 00000000..ae0e2e2c --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/NOTES.txt @@ -0,0 +1,6 @@ +FoundationDB operator has been installed successfully. + +To see the logs of the operator you can use below command +kubectl logs deployment/{{ include "fdb-operator.fullname" . }} -n {{ .Release.Namespace }} -f + +Thanks for trying out FoundationDB helm chart. diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl b/packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl new file mode 100644 index 00000000..5d9d5e12 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "fdb-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fdb-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fdb-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "fdb-operator.labels" -}} +helm.sh/chart: {{ include "fdb-operator.chart" . }} +{{ include "fdb-operator.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | trimPrefix "v" | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fdb-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fdb-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account +*/}} +{{- define "fdb-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "fdb-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml new file mode 100644 index 00000000..e4ef5699 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/manager/deployment.yaml @@ -0,0 +1,117 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fdb-operator.fullname" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.replicas }} + replicas: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "fdb-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "fdb-operator.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "fdb-operator.serviceAccountName" . }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + terminationGracePeriodSeconds: 10 + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + {{- range $version, $params := .Values.initContainers }} + - name: foundationdb-kubernetes-init-{{ $version | replace "." "-" }} + image: {{ $params.image.repository }}:{{ $params.image.tag }} + imagePullPolicy: {{ $params.image.pullPolicy }} + args: + - "--copy-library" + - "{{ $version }}" + - "--copy-binary" + - "fdbcli" + - "--copy-binary" + - "fdbbackup" + - "--copy-binary" + - "fdbrestore" + - "--output-dir" + - "/var/output-files" + - "--mode" + - "init" + volumeMounts: + - name: fdb-binaries + mountPath: /var/output-files + resources: + {{- toYaml $.Values.initContainersResources | nindent 10 }} + securityContext: + {{- toYaml $.Values.initContainerSecurityContext | nindent 10 }} + {{- end }} + containers: + - name: manager + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /manager + {{- if not .Values.globalMode.enabled }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + ports: + - containerPort: 8080 + name: metrics + volumeMounts: + - name: tmp + mountPath: /tmp + - name: logs + mountPath: /var/log/fdb + - name: fdb-binaries + mountPath: /usr/bin/fdb + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 10 }} + livenessProbe: + httpGet: + path: /metrics + port: metrics + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} + - name: logs + emptyDir: {} + - name: fdb-binaries + emptyDir: {} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml new file mode 100644 index 00000000..7772774f --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role.yaml @@ -0,0 +1,131 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.globalMode.enabled }} +kind: ClusterRole +{{- else }} +kind: Role +{{- end }} +metadata: + name: {{ include "fdb-operator.fullname" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - configmaps + - persistentvolumeclaims + - events + verbs: + - get + - watch + - list + - create + - update + - patch + - delete +- apiGroups: + - apps.foundationdb.org + resources: + - foundationdbclusters + - foundationdbbackups + - foundationdbrestores + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps.foundationdb.org + resources: + - foundationdbclusters/status + - foundationdbbackups/status + - foundationdbrestores/status + verbs: + - get + - update + - patch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +{{- if .Values.nodeReadClusterRole }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "fdb-operator.fullname" . }}-clusterrole + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - watch + - list +{{- end }} + diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml new file mode 100644 index 00000000..2335c3c1 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if .Values.globalMode.enabled }} +kind: ClusterRoleBinding +{{- else }} +kind: RoleBinding +{{- end }} +metadata: + name: {{ include "fdb-operator.fullname" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + {{- if .Values.globalMode.enabled }} + kind: ClusterRole + {{- else }} + kind: Role + {{- end }} + name: {{ include "fdb-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "fdb-operator.serviceAccountName" . }} + {{- if .Values.globalMode.enabled }} + namespace: {{ .Release.Namespace }} + {{- end }} +{{- if .Values.nodeReadClusterRole }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "fdb-operator.fullname" . }}-clusterrolebinding + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "fdb-operator.fullname" . }}-clusterrole +subjects: +- kind: ServiceAccount + name: {{ include "fdb-operator.serviceAccountName" . }} + {{- if .Values.globalMode.enabled }} + namespace: {{ .Release.Namespace }} + {{- end }} +{{- end }} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml new file mode 100644 index 00000000..de763cb8 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/templates/rbac/serviceaccount.yaml @@ -0,0 +1,17 @@ +--- +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "fdb-operator.serviceAccountName" . }} + labels: + {{- include "fdb-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/packages/system/foundationdb-operator/charts/fdb-operator/values.yaml b/packages/system/foundationdb-operator/charts/fdb-operator/values.yaml new file mode 100644 index 00000000..139af022 --- /dev/null +++ b/packages/system/foundationdb-operator/charts/fdb-operator/values.yaml @@ -0,0 +1,70 @@ +--- +image: + repository: foundationdb/fdb-kubernetes-operator + tag: v2.13.0 + pullPolicy: IfNotPresent +initContainers: + 7.1: + image: + repository: foundationdb/fdb-kubernetes-monitor + tag: 7.1.67 + pullPolicy: IfNotPresent + 7.3: + image: + repository: foundationdb/fdb-kubernetes-monitor + tag: 7.3.63 + pullPolicy: IfNotPresent + 7.4: + image: + repository: foundationdb/fdb-kubernetes-monitor + tag: 7.4.1 + pullPolicy: IfNotPresent +globalMode: + enabled: false +replicas: null +imagePullSecrets: [] +annotations: {} +podAnnotations: {} +podLabels: {} +serviceAccount: + create: true + name: null + imagePullSecrets: [] + annotations: {} +priorityClassName: null +securityContext: + runAsUser: 4059 + runAsGroup: 4059 + fsGroup: 4059 +containerSecurityContext: + allowPrivilegeEscalation: false + privileged: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true +nodeSelector: {} +affinity: {} +tolerations: {} +resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 500m + memory: 256Mi +initContainersResources: + limits: + cpu: 10m + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi +initContainerSecurityContext: + allowPrivilegeEscalation: false + privileged: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true +nodeReadClusterRole: true diff --git a/packages/system/foundationdb-operator/values.yaml b/packages/system/foundationdb-operator/values.yaml new file mode 100644 index 00000000..044e81c7 --- /dev/null +++ b/packages/system/foundationdb-operator/values.yaml @@ -0,0 +1,4 @@ +fdb-operator: + globalMode: + enabled: true + nodeReadClusterRole: true \ No newline at end of file From 076d69a10be3d018d41a09660fe393c3a61519b4 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sat, 13 Sep 2025 16:21:06 -0500 Subject: [PATCH 06/80] Add OpenAPI schema and resource definitions for FoundationDB Signed-off-by: Isaiah Olson --- .../openapi-schemas/foundationdb.json | 1 + .../cozystack-resource-definitions.yaml | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 120000 packages/system/cozystack-api/openapi-schemas/foundationdb.json diff --git a/packages/system/cozystack-api/openapi-schemas/foundationdb.json b/packages/system/cozystack-api/openapi-schemas/foundationdb.json new file mode 120000 index 00000000..12c61ac3 --- /dev/null +++ b/packages/system/cozystack-api/openapi-schemas/foundationdb.json @@ -0,0 +1 @@ +../../../apps/foundationdb/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml index 90d3f629..8044584f 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml @@ -308,6 +308,28 @@ spec: --- apiVersion: cozystack.io/v1alpha1 kind: CozystackResourceDefinition +metadata: + name: foundationdb +spec: + application: + kind: FoundationDB + singular: foundationdb + plural: foundationdbs + openAPISchema: | + {{- .Files.Get "openapi-schemas/foundationdb.json" | fromJson | toJson | nindent 6 }} + release: + prefix: foundationdb- + labels: + cozystack.io/ui: "true" + chart: + name: foundationdb + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public +--- +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition metadata: name: kafka spec: From 147519643786cc38ad71483247d8367c13d71a02 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sat, 13 Sep 2025 20:38:31 -0500 Subject: [PATCH 07/80] Update values schema for FoundationDB app chart Signed-off-by: Isaiah Olson --- packages/apps/foundationdb/values.schema.json | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index d12a605f..039ed241 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -196,6 +196,23 @@ "default": true, "title": "Automatic replacements", "description": "Enable automatic pod replacements" + }, + "securityContext": { + "type": "object", + "title": "Security context", + "description": "Security context for containers", + "properties": { + "runAsUser": { + "type": "integer", + "title": "Run as user", + "description": "User ID to run the container" + }, + "runAsGroup": { + "type": "integer", + "title": "Run as group", + "description": "Group ID to run the container" + } + } } } } From bf38316163bb9d35cec4753397631534cc55eb00 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sat, 13 Sep 2025 21:00:48 -0500 Subject: [PATCH 08/80] Restructure FoundationDB values and flatten them Signed-off-by: Isaiah Olson --- packages/apps/foundationdb/README.md | 51 +- .../apps/foundationdb/templates/cluster.yaml | 16 +- packages/apps/foundationdb/values.schema.json | 474 +++++++++++------- packages/apps/foundationdb/values.yaml | 95 ++-- 4 files changed, 404 insertions(+), 232 deletions(-) diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index b5245013..a6c4c688 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -133,4 +133,53 @@ FoundationDB is designed for high availability: For issues related to FoundationDB itself, refer to the [FoundationDB documentation](https://apple.github.io/foundationdb/). -For Cozystack-specific issues, consult the Cozystack documentation or support channels. \ No newline at end of file +For Cozystack-specific issues, consult the Cozystack documentation or support channels. + +## Parameters + +### Common parameters + +| Name | Description | Type | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ----------------------- | +| `replicas` | Number of FoundationDB replicas (total instances) | `int` | `3` | +| `cluster` | Cluster configuration | `object` | `{}` | +| `cluster.processCounts` | Process counts for different roles | `object` | `{}` | +| `cluster.processCounts.stateless` | Number of stateless processes (-1 for automatic) | `int` | `-1` | +| `cluster.processCounts.storage` | Number of storage processes | `int` | `3` | +| `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | +| `cluster.version` | Version of FoundationDB to use | `string` | `7.4.1` | +| `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | +| `cluster.faultDomain.key` | Fault domain key | `string` | `foundationdb.org/none` | +| `cluster.faultDomain.valueFrom` | Fault domain value source | `string` | `$FDB_ZONE_ID` | +| `storage` | Storage configuration | `object` | `{}` | +| `storage.size` | Size of persistent volumes for each instance | `quantity` | `16Gi` | +| `storage.storageClass` | Storage class (if not set, uses cluster default) | `string` | `""` | +| `resources` | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object` | `{}` | +| `resources.cpu` | CPU available to each instance | `*quantity` | `null` | +| `resources.memory` | Memory (RAM) available to each instance | `*quantity` | `null` | +| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string` | `medium` | +| `backup` | Backup configuration | `object` | `{}` | +| `backup.enabled` | Enable backups | `bool` | `false` | +| `backup.s3` | S3 configuration for backups | `object` | `{}` | +| `backup.s3.bucket` | S3 bucket name | `string` | `""` | +| `backup.s3.endpoint` | S3 endpoint URL | `string` | `""` | +| `backup.s3.region` | S3 region | `string` | `us-east-1` | +| `backup.s3.credentials` | S3 credentials | `object` | `{}` | +| `backup.s3.credentials.accessKeyId` | S3 access key ID | `string` | `""` | +| `backup.s3.credentials.secretAccessKey` | S3 secret access key | `string` | `""` | +| `backup.retentionPolicy` | Retention policy for backups | `string` | `7d` | +| `monitoring` | Monitoring configuration | `object` | `{}` | +| `monitoring.enabled` | Enable WorkloadMonitor integration | `bool` | `true` | + + +### FoundationDB configuration + +| Name | Description | Type | Value | +| ---------------------------- | ------------------------------------------------------------------ | ---------- | ------- | +| `customParameters` | Custom parameters to pass to FoundationDB | `[]string` | `[]` | +| `imageType` | Container image deployment type (split recommended for production) | `string` | `split` | +| `securityContext` | Security context for containers | `object` | `{}` | +| `securityContext.runAsUser` | User ID to run the container | `int` | `0` | +| `securityContext.runAsGroup` | Group ID to run the container | `int` | `0` | +| `automaticReplacements` | Enable automatic pod replacements | `bool` | `true` | + diff --git a/packages/apps/foundationdb/templates/cluster.yaml b/packages/apps/foundationdb/templates/cluster.yaml index 40038a2f..f342054d 100644 --- a/packages/apps/foundationdb/templates/cluster.yaml +++ b/packages/apps/foundationdb/templates/cluster.yaml @@ -15,13 +15,13 @@ spec: automationOptions: replacements: - enabled: {{ .Values.advanced.automaticReplacements }} + enabled: {{ .Values.automaticReplacements }} faultDomain: key: {{ .Values.cluster.faultDomain.key }} {{- if .Values.cluster.faultDomain.valueFrom }} valueFrom: {{ .Values.cluster.faultDomain.valueFrom }} {{- end }} - imageType: {{ .Values.advanced.imageType }} + imageType: {{ .Values.imageType }} labels: filterOnOwnerReference: false matchLabels: @@ -34,9 +34,9 @@ spec: processes: general: - {{- if .Values.advanced.customParameters }} + {{- if .Values.customParameters }} customParameters: - {{- range .Values.advanced.customParameters }} + {{- range .Values.customParameters }} - {{ . }} {{- end }} {{- end }} @@ -44,9 +44,9 @@ spec: spec: containers: - name: foundationdb - resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resources.preset .Values.resources $) | nindent 16 }} + resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 16 }} securityContext: - {{- toYaml .Values.advanced.securityContext | nindent 16 }} + {{- toYaml .Values.securityContext | nindent 16 }} - name: foundationdb-kubernetes-sidecar resources: limits: @@ -56,7 +56,7 @@ spec: cpu: 100m memory: 128Mi securityContext: - {{- toYaml .Values.advanced.securityContext | nindent 16 }} + {{- toYaml .Values.securityContext | nindent 16 }} initContainers: - name: foundationdb-kubernetes-init resources: @@ -67,7 +67,7 @@ spec: cpu: 100m memory: 128Mi securityContext: - {{- toYaml .Values.advanced.securityContext | nindent 16 }} + {{- toYaml .Values.securityContext | nindent 16 }} volumeClaimTemplate: spec: diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index 039ed241..c1a3805f 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -1,218 +1,322 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Chart Values", "type": "object", "properties": { - "replicas": { - "type": "integer", - "minimum": 1, - "default": 3, - "title": "Number of replicas", - "description": "Total number of FoundationDB instances" + "automaticReplacements": { + "description": "Enable automatic pod replacements", + "type": "boolean", + "default": true + }, + "backup": { + "description": "Backup configuration", + "type": "object", + "default": { + "enabled": false, + "retentionPolicy": "7d", + "s3": { + "bucket": "", + "credentials": { + "accessKeyId": "", + "secretAccessKey": "" + }, + "endpoint": "", + "region": "us-east-1" + } + }, + "required": [ + "enabled", + "retentionPolicy", + "s3" + ], + "properties": { + "enabled": { + "description": "Enable backups", + "type": "boolean", + "default": false + }, + "retentionPolicy": { + "description": "Retention policy for backups", + "type": "string", + "default": "7d" + }, + "s3": { + "description": "S3 configuration for backups", + "type": "object", + "default": { + "bucket": "", + "credentials": { + "accessKeyId": "", + "secretAccessKey": "" + }, + "endpoint": "", + "region": "us-east-1" + }, + "required": [ + "bucket", + "credentials", + "endpoint", + "region" + ], + "properties": { + "bucket": { + "description": "S3 bucket name", + "type": "string" + }, + "credentials": { + "description": "S3 credentials", + "type": "object", + "default": { + "accessKeyId": "", + "secretAccessKey": "" + }, + "required": [ + "accessKeyId", + "secretAccessKey" + ], + "properties": { + "accessKeyId": { + "description": "S3 access key ID", + "type": "string" + }, + "secretAccessKey": { + "description": "S3 secret access key", + "type": "string" + } + } + }, + "endpoint": { + "description": "S3 endpoint URL", + "type": "string" + }, + "region": { + "description": "S3 region", + "type": "string", + "default": "us-east-1" + } + } + } + } }, "cluster": { + "description": "Cluster configuration", "type": "object", - "title": "Cluster Configuration", - "properties": { + "default": { + "faultDomain": { + "key": "foundationdb.org/none", + "valueFrom": "$FDB_ZONE_ID" + }, "processCounts": { + "cluster_controller": 1, + "stateless": -1, + "storage": 3 + }, + "version": "7.4.1" + }, + "required": [ + "faultDomain", + "processCounts", + "version" + ], + "properties": { + "faultDomain": { + "description": "Fault domain configuration", "type": "object", - "title": "Process Counts", + "default": { + "key": "foundationdb.org/none", + "valueFrom": "$FDB_ZONE_ID" + }, + "required": [ + "key", + "valueFrom" + ], "properties": { - "stateless": { + "key": { + "description": "Fault domain key", + "type": "string", + "default": "foundationdb.org/none" + }, + "valueFrom": { + "description": "Fault domain value source", + "type": "string", + "default": "$FDB_ZONE_ID" + } + } + }, + "processCounts": { + "description": "Process counts for different roles", + "type": "object", + "default": { + "cluster_controller": 1, + "stateless": -1, + "storage": 3 + }, + "required": [ + "cluster_controller", + "stateless", + "storage" + ], + "properties": { + "cluster_controller": { + "description": "Number of cluster controller processes", "type": "integer", - "default": -1, - "title": "Stateless processes", - "description": "Number of stateless processes (-1 for automatic)" + "default": 1 + }, + "stateless": { + "description": "Number of stateless processes (-1 for automatic)", + "type": "integer", + "default": -1 }, "storage": { + "description": "Number of storage processes", "type": "integer", - "minimum": 1, - "default": 3, - "title": "Storage processes", - "description": "Number of storage processes" - }, - "cluster_controller": { - "type": "integer", - "minimum": 1, - "default": 1, - "title": "Cluster controllers", - "description": "Number of cluster controller processes" + "default": 3 } } }, "version": { + "description": "Version of FoundationDB to use", "type": "string", - "default": "7.4.1", - "title": "FoundationDB Version", - "description": "Version of FoundationDB to deploy" - }, - "faultDomain": { - "type": "object", - "title": "Fault Domain", - "properties": { - "key": { - "type": "string", - "default": "foundationdb.org/none", - "title": "Fault domain key" + "default": "7.4.1" + } + } + }, + "customParameters": { + "description": "Custom parameters to pass to FoundationDB", + "type": "array", + "default": [], + "items": { + "type": "string" + } + }, + "imageType": { + "description": "Container image deployment type (split recommended for production)", + "type": "string", + "default": "split", + "enum": [ + "unified", + "split" + ] + }, + "monitoring": { + "description": "Monitoring configuration", + "type": "object", + "default": { + "enabled": true + }, + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "description": "Enable WorkloadMonitor integration", + "type": "boolean", + "default": true + } + } + }, + "replicas": { + "description": "Number of FoundationDB replicas (total instances)", + "type": "integer", + "default": 3 + }, + "resources": { + "description": "Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.", + "type": "object", + "default": {}, + "properties": { + "cpu": { + "description": "CPU available to each instance", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "anyOf": [ + { + "type": "integer" }, - "valueFrom": { - "type": "string", - "default": "$FDB_ZONE_ID", - "title": "Fault domain value source" + { + "type": "string" } - } + ], + "x-kubernetes-int-or-string": true + }, + "memory": { + "description": "Memory (RAM) available to each instance", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "resourcesPreset": { + "description": "Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.", + "type": "string", + "default": "medium", + "enum": [ + "small", + "medium", + "large", + "xlarge", + "2xlarge" + ] + }, + "securityContext": { + "description": "Security context for containers", + "type": "object", + "default": { + "runAsGroup": 0, + "runAsUser": 0 + }, + "required": [ + "runAsGroup", + "runAsUser" + ], + "properties": { + "runAsGroup": { + "description": "Group ID to run the container", + "type": "integer", + "default": 0 + }, + "runAsUser": { + "description": "User ID to run the container", + "type": "integer", + "default": 0 } } }, "storage": { + "description": "Storage configuration", "type": "object", - "title": "Storage Configuration", + "default": { + "size": "16Gi", + "storageClass": "" + }, + "required": [ + "size", + "storageClass" + ], "properties": { "size": { - "type": "string", + "description": "Size of persistent volumes for each instance", "default": "16Gi", - "title": "Storage size", - "description": "Size of persistent volumes for each instance" + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true }, "storageClass": { - "type": "string", - "title": "Storage class", - "description": "Kubernetes storage class to use (optional)" - } - } - }, - "resources": { - "type": "object", - "title": "Resource Configuration", - "properties": { - "preset": { - "type": "string", - "enum": ["small", "medium", "large", "xlarge"], - "default": "medium", - "title": "Resource preset", - "description": "Predefined resource configuration" - }, - "limits": { - "type": "object", - "title": "Resource limits", - "properties": { - "cpu": {"type": "string"}, - "memory": {"type": "string"} - } - }, - "requests": { - "type": "object", - "title": "Resource requests", - "properties": { - "cpu": {"type": "string"}, - "memory": {"type": "string"} - } - } - } - }, - "backup": { - "type": "object", - "title": "Backup Configuration", - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "Enable backups", - "description": "Enable automatic backups to S3" - }, - "s3": { - "type": "object", - "title": "S3 Configuration", - "properties": { - "bucket": { - "type": "string", - "title": "S3 bucket name" - }, - "endpoint": { - "type": "string", - "title": "S3 endpoint URL" - }, - "region": { - "type": "string", - "default": "us-east-1", - "title": "S3 region" - }, - "credentials": { - "type": "object", - "title": "S3 credentials", - "properties": { - "accessKeyId": { - "type": "string", - "title": "Access key ID" - }, - "secretAccessKey": { - "type": "string", - "title": "Secret access key" - } - } - } - } - }, - "retentionPolicy": { - "type": "string", - "default": "7d", - "title": "Retention policy", - "description": "How long to keep backups" - } - } - }, - "monitoring": { - "type": "object", - "title": "Monitoring", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "Enable monitoring", - "description": "Enable WorkloadMonitor integration" - } - } - }, - "advanced": { - "type": "object", - "title": "Advanced Configuration", - "properties": { - "customParameters": { - "type": "array", - "title": "Custom parameters", - "description": "Custom FoundationDB parameters", - "items": { - "type": "string" - } - }, - "imageType": { - "type": "string", - "enum": ["unified", "split"], - "default": "split", - "title": "Image type", - "description": "Container image deployment type" - }, - "automaticReplacements": { - "type": "boolean", - "default": true, - "title": "Automatic replacements", - "description": "Enable automatic pod replacements" - }, - "securityContext": { - "type": "object", - "title": "Security context", - "description": "Security context for containers", - "properties": { - "runAsUser": { - "type": "integer", - "title": "Run as user", - "description": "User ID to run the container" - }, - "runAsGroup": { - "type": "integer", - "title": "Run as group", - "description": "Group ID to run the container" - } - } + "description": "Storage class (if not set, uses cluster default)", + "type": "string" } } } diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml index 1db095fd..194c69e5 100644 --- a/packages/apps/foundationdb/values.yaml +++ b/packages/apps/foundationdb/values.yaml @@ -2,44 +2,61 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Number of replicas (total instances) +## @section Common parameters +## +## @param replicas {int} Number of FoundationDB replicas (total instances) replicas: 3 -# Cluster configuration +## @param cluster {cluster} Cluster configuration +## @field cluster.processCounts {clusterProcessCounts} Process counts for different roles +## @field clusterProcessCounts.stateless {int} Number of stateless processes (-1 for automatic) +## @field clusterProcessCounts.storage {int} Number of storage processes +## @field clusterProcessCounts.cluster_controller {int} Number of cluster controller processes +## @field cluster.version {string} Version of FoundationDB to use +## @field cluster.faultDomain {clusterFaultDomain} Fault domain configuration +## @field clusterFaultDomain.key {string} Fault domain key +## @field clusterFaultDomain.valueFrom {string} Fault domain value source cluster: - # Process counts for different roles processCounts: stateless: -1 # Automatically calculated storage: 3 # Storage processes cluster_controller: 1 - - # Version of FoundationDB to use + version: "7.4.1" - - # Fault domain configuration + faultDomain: key: "foundationdb.org/none" valueFrom: "$FDB_ZONE_ID" -# Storage configuration +## @param storage {storage} Storage configuration +## @field storage.size {quantity} Size of persistent volumes for each instance +## @field storage.storageClass {string} Storage class (if not set, uses cluster default) storage: - # Size of persistent volumes size: "16Gi" - # Storage class (if not set, uses cluster default) storageClass: "" -# Resource configuration -resources: - # Resource preset (will be used by cozy-lib) - preset: "medium" - # Custom resource overrides - limits: {} - requests: {} +## @param resources {*resources} Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. +## @field resources.cpu {*quantity} CPU available to each instance +## @field resources.memory {*quantity} Memory (RAM) available to each instance +resources: {} + # resources: + # cpu: 2000m + # memory: 4Gi +## @param resourcesPreset {string enum:"small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. +resourcesPreset: "medium" -# Backup configuration +## @param backup {backup} Backup configuration +## @field backup.enabled {bool} Enable backups +## @field backup.s3 {backupS3} S3 configuration for backups +## @field backupS3.bucket {string} S3 bucket name +## @field backupS3.endpoint {string} S3 endpoint URL +## @field backupS3.region {string} S3 region +## @field backupS3.credentials {backupS3Credentials} S3 credentials +## @field backupS3Credentials.accessKeyId {string} S3 access key ID +## @field backupS3Credentials.secretAccessKey {string} S3 secret access key +## @field backup.retentionPolicy {string} Retention policy for backups backup: enabled: false - # S3 configuration for backups s3: bucket: "" endpoint: "" @@ -47,27 +64,29 @@ backup: credentials: accessKeyId: "" secretAccessKey: "" - # Retention policy for backups retentionPolicy: "7d" -# Monitoring +## @param monitoring {monitoring} Monitoring configuration +## @field monitoring.enabled {bool} Enable WorkloadMonitor integration monitoring: enabled: true -# Advanced configuration -advanced: - # Custom parameters to pass to FoundationDB - customParameters: [] - # Example: - # - knob_disable_posix_kernel_aio=1 - - # Image type (split recommended for production) - imageType: "split" - - # Security context for containers - securityContext: - runAsUser: 0 - runAsGroup: 0 - - # Enable automatic replacements - automaticReplacements: true \ No newline at end of file +## @section FoundationDB configuration +## +## @param customParameters {[]string} Custom parameters to pass to FoundationDB +customParameters: [] +# Example: +# - knob_disable_posix_kernel_aio=1 + +## @param imageType {string enum:"unified,split"} Container image deployment type (split recommended for production) +imageType: "split" + +## @param securityContext {securityContext} Security context for containers +## @field securityContext.runAsUser {int} User ID to run the container +## @field securityContext.runAsGroup {int} Group ID to run the container +securityContext: + runAsUser: 0 + runAsGroup: 0 + +## @param automaticReplacements {bool} Enable automatic pod replacements +automaticReplacements: true \ No newline at end of file From 7e622181ed6dcb2cf9ac8956b66873d7d37b02ea Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sun, 14 Sep 2025 03:05:03 -0500 Subject: [PATCH 09/80] Add FoundationDB operator to the bundles Signed-off-by: Isaiah Olson --- packages/core/platform/bundles/distro-full.yaml | 7 +++++++ packages/core/platform/bundles/distro-hosted.yaml | 7 +++++++ packages/core/platform/bundles/paas-full.yaml | 6 ++++++ packages/core/platform/bundles/paas-hosted.yaml | 6 ++++++ 4 files changed, 26 insertions(+) diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index fbcf2ba9..1b7366be 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -155,6 +155,13 @@ releases: optional: true dependsOn: [cilium,victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + optional: true + dependsOn: [cilium,cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index c24232c6..55a8688e 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -116,6 +116,13 @@ releases: optional: true dependsOn: [victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + optional: true + dependsOn: [cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 6947a3a8..c2130eb5 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -230,6 +230,12 @@ releases: namespace: cozy-clickhouse-operator dependsOn: [cilium,kubeovn,victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + dependsOn: [cilium,kubeovn,cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 8ec250de..87a027ef 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -123,6 +123,12 @@ releases: namespace: cozy-clickhouse-operator dependsOn: [victoria-metrics-operator] +- name: foundationdb-operator + releaseName: foundationdb-operator + chart: cozy-foundationdb-operator + namespace: cozy-foundationdb-operator + dependsOn: [cert-manager] + - name: rabbitmq-operator releaseName: rabbitmq-operator chart: cozy-rabbitmq-operator From 5b58ec5cdd1babb182de2f489661b13ea13e207d Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sun, 14 Sep 2025 03:15:59 -0500 Subject: [PATCH 10/80] Update FoundationDB to use latest stable version supported by the operator by default Signed-off-by: Isaiah Olson --- hack/e2e-apps/foundationdb.bats | 2 +- packages/apps/foundationdb/Chart.yaml | 2 +- packages/apps/foundationdb/README.md | 4 ++-- packages/apps/foundationdb/values.schema.json | 4 ++-- packages/apps/foundationdb/values.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/hack/e2e-apps/foundationdb.bats b/hack/e2e-apps/foundationdb.bats index e9e43cad..e39561c8 100644 --- a/hack/e2e-apps/foundationdb.bats +++ b/hack/e2e-apps/foundationdb.bats @@ -11,7 +11,7 @@ metadata: spec: replicas: 3 cluster: - version: "7.4.1" + version: "7.3.63" processCounts: storage: 3 stateless: -1 diff --git a/packages/apps/foundationdb/Chart.yaml b/packages/apps/foundationdb/Chart.yaml index d0463fdf..52fdfa11 100644 --- a/packages/apps/foundationdb/Chart.yaml +++ b/packages/apps/foundationdb/Chart.yaml @@ -22,4 +22,4 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "7.4.1" \ No newline at end of file +appVersion: "7.3.63" \ No newline at end of file diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index a6c4c688..2825fa8e 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -27,7 +27,7 @@ replicas: 3 # Cluster process configuration cluster: - version: "7.4.1" + version: "7.3.63" processCounts: storage: 3 # Storage processes stateless: -1 # Automatically calculated @@ -147,7 +147,7 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch | `cluster.processCounts.stateless` | Number of stateless processes (-1 for automatic) | `int` | `-1` | | `cluster.processCounts.storage` | Number of storage processes | `int` | `3` | | `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | -| `cluster.version` | Version of FoundationDB to use | `string` | `7.4.1` | +| `cluster.version` | Version of FoundationDB to use | `string` | `7.3.63` | | `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | | `cluster.faultDomain.key` | Fault domain key | `string` | `foundationdb.org/none` | | `cluster.faultDomain.valueFrom` | Fault domain value source | `string` | `$FDB_ZONE_ID` | diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index c1a3805f..b29aa2e2 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -110,7 +110,7 @@ "stateless": -1, "storage": 3 }, - "version": "7.4.1" + "version": "7.3.63" }, "required": [ "faultDomain", @@ -176,7 +176,7 @@ "version": { "description": "Version of FoundationDB to use", "type": "string", - "default": "7.4.1" + "default": "7.3.63" } } }, diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml index 194c69e5..d68f4932 100644 --- a/packages/apps/foundationdb/values.yaml +++ b/packages/apps/foundationdb/values.yaml @@ -22,7 +22,7 @@ cluster: storage: 3 # Storage processes cluster_controller: 1 - version: "7.4.1" + version: "7.3.63" faultDomain: key: "foundationdb.org/none" From c6ec3168f7f6554555227c250b617269374f5293 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Sun, 14 Sep 2025 05:28:25 -0500 Subject: [PATCH 11/80] Fix default UID of root in FoundationDB app chart Signed-off-by: Isaiah Olson --- packages/apps/foundationdb/README.md | 66 +++++++++---------- packages/apps/foundationdb/values.schema.json | 29 ++++---- packages/apps/foundationdb/values.yaml | 9 ++- 3 files changed, 50 insertions(+), 54 deletions(-) diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index 2825fa8e..f93c8e06 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -139,37 +139,37 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch ### Common parameters -| Name | Description | Type | Value | -| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ----------------------- | -| `replicas` | Number of FoundationDB replicas (total instances) | `int` | `3` | -| `cluster` | Cluster configuration | `object` | `{}` | -| `cluster.processCounts` | Process counts for different roles | `object` | `{}` | -| `cluster.processCounts.stateless` | Number of stateless processes (-1 for automatic) | `int` | `-1` | -| `cluster.processCounts.storage` | Number of storage processes | `int` | `3` | -| `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | -| `cluster.version` | Version of FoundationDB to use | `string` | `7.3.63` | -| `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | -| `cluster.faultDomain.key` | Fault domain key | `string` | `foundationdb.org/none` | -| `cluster.faultDomain.valueFrom` | Fault domain value source | `string` | `$FDB_ZONE_ID` | -| `storage` | Storage configuration | `object` | `{}` | -| `storage.size` | Size of persistent volumes for each instance | `quantity` | `16Gi` | -| `storage.storageClass` | Storage class (if not set, uses cluster default) | `string` | `""` | -| `resources` | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object` | `{}` | -| `resources.cpu` | CPU available to each instance | `*quantity` | `null` | -| `resources.memory` | Memory (RAM) available to each instance | `*quantity` | `null` | -| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string` | `medium` | -| `backup` | Backup configuration | `object` | `{}` | -| `backup.enabled` | Enable backups | `bool` | `false` | -| `backup.s3` | S3 configuration for backups | `object` | `{}` | -| `backup.s3.bucket` | S3 bucket name | `string` | `""` | -| `backup.s3.endpoint` | S3 endpoint URL | `string` | `""` | -| `backup.s3.region` | S3 region | `string` | `us-east-1` | -| `backup.s3.credentials` | S3 credentials | `object` | `{}` | -| `backup.s3.credentials.accessKeyId` | S3 access key ID | `string` | `""` | -| `backup.s3.credentials.secretAccessKey` | S3 secret access key | `string` | `""` | -| `backup.retentionPolicy` | Retention policy for backups | `string` | `7d` | -| `monitoring` | Monitoring configuration | `object` | `{}` | -| `monitoring.enabled` | Enable WorkloadMonitor integration | `bool` | `true` | +| Name | Description | Type | Value | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ------------------------ | +| `replicas` | Number of FoundationDB replicas (total instances) | `int` | `3` | +| `cluster` | Cluster configuration | `object` | `{}` | +| `cluster.processCounts` | Process counts for different roles | `object` | `{}` | +| `cluster.processCounts.stateless` | Number of stateless processes (-1 for automatic) | `int` | `-1` | +| `cluster.processCounts.storage` | Number of storage processes | `int` | `0` | +| `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | +| `cluster.version` | Version of FoundationDB to use | `string` | `7.3.63` | +| `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | +| `cluster.faultDomain.key` | Fault domain key | `string` | `kubernetes.io/hostname` | +| `cluster.faultDomain.valueFrom` | Fault domain value source | `string` | `spec.nodeName` | +| `storage` | Storage configuration | `object` | `{}` | +| `storage.size` | Size of persistent volumes for each instance | `quantity` | `16Gi` | +| `storage.storageClass` | Storage class (if not set, uses cluster default) | `string` | `""` | +| `resources` | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object` | `{}` | +| `resources.cpu` | CPU available to each instance | `*quantity` | `null` | +| `resources.memory` | Memory (RAM) available to each instance | `*quantity` | `null` | +| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string` | `medium` | +| `backup` | Backup configuration | `object` | `{}` | +| `backup.enabled` | Enable backups | `bool` | `false` | +| `backup.s3` | S3 configuration for backups | `object` | `{}` | +| `backup.s3.bucket` | S3 bucket name | `string` | `""` | +| `backup.s3.endpoint` | S3 endpoint URL | `string` | `""` | +| `backup.s3.region` | S3 region | `string` | `us-east-1` | +| `backup.s3.credentials` | S3 credentials | `object` | `{}` | +| `backup.s3.credentials.accessKeyId` | S3 access key ID | `string` | `""` | +| `backup.s3.credentials.secretAccessKey` | S3 secret access key | `string` | `""` | +| `backup.retentionPolicy` | Retention policy for backups | `string` | `7d` | +| `monitoring` | Monitoring configuration | `object` | `{}` | +| `monitoring.enabled` | Enable WorkloadMonitor integration | `bool` | `true` | ### FoundationDB configuration @@ -179,7 +179,7 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch | `customParameters` | Custom parameters to pass to FoundationDB | `[]string` | `[]` | | `imageType` | Container image deployment type (split recommended for production) | `string` | `split` | | `securityContext` | Security context for containers | `object` | `{}` | -| `securityContext.runAsUser` | User ID to run the container | `int` | `0` | -| `securityContext.runAsGroup` | Group ID to run the container | `int` | `0` | +| `securityContext.runAsUser` | User ID to run the container | `int` | `4059` | +| `securityContext.runAsGroup` | Group ID to run the container | `int` | `4059` | | `automaticReplacements` | Enable automatic pod replacements | `bool` | `true` | diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index b29aa2e2..4b4b9d58 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -102,13 +102,12 @@ "type": "object", "default": { "faultDomain": { - "key": "foundationdb.org/none", - "valueFrom": "$FDB_ZONE_ID" + "key": "kubernetes.io/hostname", + "valueFrom": "spec.nodeName" }, "processCounts": { "cluster_controller": 1, - "stateless": -1, - "storage": 3 + "stateless": -1 }, "version": "7.3.63" }, @@ -122,8 +121,8 @@ "description": "Fault domain configuration", "type": "object", "default": { - "key": "foundationdb.org/none", - "valueFrom": "$FDB_ZONE_ID" + "key": "kubernetes.io/hostname", + "valueFrom": "spec.nodeName" }, "required": [ "key", @@ -133,12 +132,12 @@ "key": { "description": "Fault domain key", "type": "string", - "default": "foundationdb.org/none" + "default": "kubernetes.io/hostname" }, "valueFrom": { "description": "Fault domain value source", "type": "string", - "default": "$FDB_ZONE_ID" + "default": "spec.nodeName" } } }, @@ -147,8 +146,7 @@ "type": "object", "default": { "cluster_controller": 1, - "stateless": -1, - "storage": 3 + "stateless": -1 }, "required": [ "cluster_controller", @@ -168,8 +166,7 @@ }, "storage": { "description": "Number of storage processes", - "type": "integer", - "default": 3 + "type": "integer" } } }, @@ -268,8 +265,8 @@ "description": "Security context for containers", "type": "object", "default": { - "runAsGroup": 0, - "runAsUser": 0 + "runAsGroup": 4059, + "runAsUser": 4059 }, "required": [ "runAsGroup", @@ -279,12 +276,12 @@ "runAsGroup": { "description": "Group ID to run the container", "type": "integer", - "default": 0 + "default": 4059 }, "runAsUser": { "description": "User ID to run the container", "type": "integer", - "default": 0 + "default": 4059 } } }, diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml index d68f4932..55c29752 100644 --- a/packages/apps/foundationdb/values.yaml +++ b/packages/apps/foundationdb/values.yaml @@ -19,14 +19,13 @@ replicas: 3 cluster: processCounts: stateless: -1 # Automatically calculated - storage: 3 # Storage processes cluster_controller: 1 version: "7.3.63" faultDomain: - key: "foundationdb.org/none" - valueFrom: "$FDB_ZONE_ID" + key: "kubernetes.io/hostname" + valueFrom: "spec.nodeName" ## @param storage {storage} Storage configuration ## @field storage.size {quantity} Size of persistent volumes for each instance @@ -85,8 +84,8 @@ imageType: "split" ## @field securityContext.runAsUser {int} User ID to run the container ## @field securityContext.runAsGroup {int} Group ID to run the container securityContext: - runAsUser: 0 - runAsGroup: 0 + runAsUser: 4059 + runAsGroup: 4059 ## @param automaticReplacements {bool} Enable automatic pod replacements automaticReplacements: true \ No newline at end of file From a3be02132d4976ae975202b98f3bfab805921b48 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Mon, 15 Sep 2025 01:10:38 -0500 Subject: [PATCH 12/80] Update Foundation DB tests and update chart to make sure they pass Signed-off-by: Isaiah Olson --- hack/e2e-apps/foundationdb.bats | 102 +++++++++++------- .../apps/foundationdb/templates/cluster.yaml | 9 ++ .../apps/foundationdb/templates/role.yaml | 22 ++++ .../foundationdb/templates/rolebinding.yaml | 17 +++ .../templates/serviceaccount.yaml | 9 ++ 5 files changed, 123 insertions(+), 36 deletions(-) create mode 100644 packages/apps/foundationdb/templates/role.yaml create mode 100644 packages/apps/foundationdb/templates/rolebinding.yaml create mode 100644 packages/apps/foundationdb/templates/serviceaccount.yaml diff --git a/hack/e2e-apps/foundationdb.bats b/hack/e2e-apps/foundationdb.bats index e39561c8..99937a42 100644 --- a/hack/e2e-apps/foundationdb.bats +++ b/hack/e2e-apps/foundationdb.bats @@ -20,10 +20,9 @@ spec: key: "foundationdb.org/none" valueFrom: "\$FDB_ZONE_ID" storage: - size: "8Gi" + size: "1Gi" storageClass: "" - resources: - preset: "nano" + resourcesPreset: "small" backup: enabled: false s3: @@ -36,45 +35,76 @@ spec: retentionPolicy: "7d" monitoring: enabled: true - advanced: - customParameters: - - "knob_disable_posix_kernel_aio=1" - imageType: "split" - automaticReplacements: true + customParameters: + - "knob_disable_posix_kernel_aio=1" + imageType: "split" + automaticReplacements: true EOF - sleep 10 - + sleep 15 + # Wait for HelmRelease to be ready - kubectl -n tenant-test wait hr foundationdb-\$name --timeout=180s --for=condition=ready - - # Wait for FoundationDBCluster to be created - timeout 120 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org \$name; do sleep 10; done" - - # Wait for cluster to become available (this may take some time) - timeout 300 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org \$name -o jsonpath='{.status.databaseConfiguration.usable_regions}' | grep -q '1'; do sleep 15; done" - + kubectl -n tenant-test wait hr foundationdb-$name --timeout=300s --for=condition=ready + + # Wait for FoundationDBCluster to be created (name has foundationdb- prefix) + timeout 300 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name; do sleep 15; done" + + # Wait for cluster to become available (initial reconciliation takes time - allow 5 minutes) + timeout 300 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.usable_regions}' | grep -q '1'; do sleep 30; done" + # Check that storage processes are running - timeout 180 sh -ec "until [ \$(kubectl -n tenant-test get pods -l app=\$name,foundationdb.org/fdb-process-class=storage --field-selector=status.phase=Running --no-headers | wc -l) -eq 3 ]; do sleep 10; done" - - # Check that stateless processes are running - timeout 180 sh -ec "until [ \$(kubectl -n tenant-test get pods -l app=\$name,foundationdb.org/fdb-process-class=stateless --field-selector=status.phase=Running --no-headers | wc -l) -ge 1 ]; do sleep 10; done" - + timeout 300 sh -ec "until [ \$(kubectl -n tenant-test get pods -l foundationdb.org/fdb-cluster-name=foundationdb-$name,foundationdb.org/fdb-process-class=storage --field-selector=status.phase=Running --no-headers | wc -l) -eq 3 ]; do sleep 15; done" + + # Check that log processes are running (these are the stateless processes) + timeout 300 sh -ec "until [ \$(kubectl -n tenant-test get pods -l foundationdb.org/fdb-cluster-name=foundationdb-$name,foundationdb.org/fdb-process-class=log --field-selector=status.phase=Running --no-headers | wc -l) -ge 1 ]; do sleep 15; done" + # Check that cluster controller is running - timeout 180 sh -ec "until [ \$(kubectl -n tenant-test get pods -l app=\$name,foundationdb.org/fdb-process-class=cluster_controller --field-selector=status.phase=Running --no-headers | wc -l) -eq 1 ]; do sleep 10; done" - + timeout 300 sh -ec "until [ \$(kubectl -n tenant-test get pods -l foundationdb.org/fdb-cluster-name=foundationdb-$name,foundationdb.org/fdb-process-class=cluster_controller --field-selector=status.phase=Running --no-headers | wc -l) -eq 1 ]; do sleep 15; done" + # Check WorkloadMonitor is created and configured - kubectl -n tenant-test get workloadmonitor \$name - timeout 60 sh -ec "until kubectl -n tenant-test get workloadmonitor \$name -o jsonpath='{.spec.replicas}' | grep -q '3'; do sleep 5; done" - + timeout 120 sh -ec "until kubectl -n tenant-test get workloadmonitor foundationdb-$name; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get workloadmonitor foundationdb-$name -o jsonpath='{.spec.replicas}' | grep -q '3'; do sleep 5; done" + # Check dashboard resource map is created - kubectl -n tenant-test get configmap \$name-resourcemap - - # Verify cluster is healthy (check cluster status) - timeout 120 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org \$name -o jsonpath='{.status.health.available}' | grep -q 'true'; do sleep 10; done" - + kubectl -n tenant-test get configmap foundationdb-$name-resourcemap + + # Verify cluster is healthy (check cluster status) - allow extra time for initial setup + timeout 300 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.health.available}' | grep -q 'true'; do sleep 20; done" + + # Validate status.configured field + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.configured}' | grep -q 'true'; do sleep 10; done" + + # Validate status.connectionString field exists and contains expected format + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.connectionString}' | grep -q '@.*\.svc\.cozy\.local'; do sleep 10; done" + + # Validate comprehensive status.databaseConfiguration fields + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.logs}' | grep -q '3'; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.proxies}' | grep -q '3'; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.redundancy_mode}' | grep -q 'double'; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.resolvers}' | grep -q '1'; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.storage_engine}' | grep -q 'ssd-2'; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.databaseConfiguration.usable_regions}' | grep -q '1'; do sleep 10; done" + + # Validate status.desiredProcessGroups field + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.desiredProcessGroups}' | grep -q '^[0-9][0-9]*$'; do sleep 10; done" + + # Validate status.generations.reconciled field + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.generations.reconciled}' | grep -q '^[0-9][0-9]*$'; do sleep 10; done" + + # Validate status.hasListenIPsForAllPods field + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.hasListenIPsForAllPods}' | grep -q 'true'; do sleep 10; done" + + # Validate comprehensive status.health fields + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.health.fullReplication}' | grep -q 'true'; do sleep 10; done" + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.status.health.healthy}' | grep -q 'true'; do sleep 10; done" + + # Verify security context is applied correctly (non-root user) + storage_pod=$(kubectl -n tenant-test get pods -l foundationdb.org/fdb-cluster-name=foundationdb-$name,foundationdb.org/fdb-process-class=storage --no-headers | head -n1 | awk '{print $1}') + kubectl -n tenant-test get pod "$storage_pod" -o jsonpath='{.spec.containers[0].securityContext.runAsUser}' | grep -q '4059' + kubectl -n tenant-test get pod "$storage_pod" -o jsonpath='{.spec.containers[0].securityContext.runAsGroup}' | grep -q '4059' + # Clean up - kubectl -n tenant-test delete foundationdb \$name - + kubectl -n tenant-test delete foundationdb $name + # Wait for cleanup to complete - timeout 60 sh -ec "while kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org \$name 2>/dev/null; do sleep 5; done" + timeout 120 sh -ec "while kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name 2>/dev/null; do sleep 10; done" } \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/cluster.yaml b/packages/apps/foundationdb/templates/cluster.yaml index f342054d..209a78f9 100644 --- a/packages/apps/foundationdb/templates/cluster.yaml +++ b/packages/apps/foundationdb/templates/cluster.yaml @@ -1,3 +1,5 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" | default (dict "data" (dict)) }} +{{- $clusterDomain := index $cozyConfig.data "cluster-domain" | default "cozy.local" }} --- apiVersion: apps.foundationdb.org/v1beta2 kind: FoundationDBCluster @@ -41,7 +43,13 @@ spec: {{- end }} {{- end }} podTemplate: + metadata: + labels: + policy.cozystack.io/allow-to-apiserver: "true" spec: + serviceAccountName: {{ .Release.Name }}-foundationdb + securityContext: + fsGroup: {{ .Values.securityContext.runAsGroup }} containers: - name: foundationdb resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 16 }} @@ -79,6 +87,7 @@ spec: storage: {{ .Values.storage.size }} routing: + dnsDomain: {{ $clusterDomain }} defineDNSLocalityFields: true sidecarContainer: diff --git a/packages/apps/foundationdb/templates/role.yaml b/packages/apps/foundationdb/templates/role.yaml new file mode 100644 index 00000000..a391a084 --- /dev/null +++ b/packages/apps/foundationdb/templates/role.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-foundationdb + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - update + - patch + - delete \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/rolebinding.yaml b/packages/apps/foundationdb/templates/rolebinding.yaml new file mode 100644 index 00000000..45b3e123 --- /dev/null +++ b/packages/apps/foundationdb/templates/rolebinding.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-foundationdb + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Release.Name }}-foundationdb +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-foundationdb + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/serviceaccount.yaml b/packages/apps/foundationdb/templates/serviceaccount.yaml new file mode 100644 index 00000000..b53143de --- /dev/null +++ b/packages/apps/foundationdb/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-foundationdb + labels: + app.kubernetes.io/name: foundationdb + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} \ No newline at end of file From 1a4e979e63dab87a62f18ff18f68627b43863796 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Mon, 15 Sep 2025 01:16:11 -0500 Subject: [PATCH 13/80] Fix value for image type to reflect the deprecated status of the split images and use unified by default Signed-off-by: Isaiah Olson --- packages/apps/foundationdb/README.md | 16 ++++++++-------- packages/apps/foundationdb/values.schema.json | 4 ++-- packages/apps/foundationdb/values.yaml | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index f93c8e06..4790e054 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -174,12 +174,12 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch ### FoundationDB configuration -| Name | Description | Type | Value | -| ---------------------------- | ------------------------------------------------------------------ | ---------- | ------- | -| `customParameters` | Custom parameters to pass to FoundationDB | `[]string` | `[]` | -| `imageType` | Container image deployment type (split recommended for production) | `string` | `split` | -| `securityContext` | Security context for containers | `object` | `{}` | -| `securityContext.runAsUser` | User ID to run the container | `int` | `4059` | -| `securityContext.runAsGroup` | Group ID to run the container | `int` | `4059` | -| `automaticReplacements` | Enable automatic pod replacements | `bool` | `true` | +| Name | Description | Type | Value | +| ---------------------------- | ----------------------------------------- | ---------- | --------- | +| `customParameters` | Custom parameters to pass to FoundationDB | `[]string` | `[]` | +| `imageType` | Container image deployment type | `string` | `unified` | +| `securityContext` | Security context for containers | `object` | `{}` | +| `securityContext.runAsUser` | User ID to run the container | `int` | `4059` | +| `securityContext.runAsGroup` | Group ID to run the container | `int` | `4059` | +| `automaticReplacements` | Enable automatic pod replacements | `bool` | `true` | diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index 4b4b9d58..c2734b69 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -186,9 +186,9 @@ } }, "imageType": { - "description": "Container image deployment type (split recommended for production)", + "description": "Container image deployment type", "type": "string", - "default": "split", + "default": "unified", "enum": [ "unified", "split" diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml index 55c29752..4c061409 100644 --- a/packages/apps/foundationdb/values.yaml +++ b/packages/apps/foundationdb/values.yaml @@ -77,8 +77,8 @@ customParameters: [] # Example: # - knob_disable_posix_kernel_aio=1 -## @param imageType {string enum:"unified,split"} Container image deployment type (split recommended for production) -imageType: "split" +## @param imageType {string enum:"unified,split"} Container image deployment type +imageType: "unified" ## @param securityContext {securityContext} Security context for containers ## @field securityContext.runAsUser {int} User ID to run the container From 3f6888a47074ee225edd5ea7838cd8a75b76ecf1 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Mon, 15 Sep 2025 01:23:19 -0500 Subject: [PATCH 14/80] Add FoundationDB instances to dashboard Signed-off-by: Isaiah Olson --- packages/system/dashboard/values.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 51e29985..30398203 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -237,6 +237,20 @@ kubeapps: kind: HelmRepository name: cozystack-apps namespace: cozy-public + - application: + kind: FoundationDB + singular: foundationdb + plural: foundationdbs + release: + prefix: foundationdb- + labels: + cozystack.io/ui: "true" + chart: + name: foundationdb + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public - application: kind: FerretDB singular: ferretdb From 27b06f4fbdecf97863bb34637800fd984bde5090 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Mon, 15 Sep 2025 01:36:55 -0500 Subject: [PATCH 15/80] Update FoundationDB values to properly set cluster size Signed-off-by: Isaiah Olson --- packages/apps/foundationdb/README.md | 49 ++++++++++--------- packages/apps/foundationdb/values.schema.json | 16 +++--- packages/apps/foundationdb/values.yaml | 6 +-- 3 files changed, 34 insertions(+), 37 deletions(-) diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index 4790e054..6b0cb2bc 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -22,16 +22,16 @@ This package provides a managed FoundationDB cluster deployment using the Founda ### Basic Configuration ```yaml -# Number of total instances -replicas: 3 - # Cluster process configuration cluster: version: "7.3.63" processCounts: - storage: 3 # Storage processes + storage: 3 # Number of storage processes (determines cluster size) stateless: -1 # Automatically calculated cluster_controller: 1 + faultDomain: + key: "kubernetes.io/hostname" + valueFrom: "spec.nodeName" ``` ### Storage @@ -45,15 +45,13 @@ storage: ### Resources ```yaml +# Use preset sizing +resourcesPreset: "medium" # small, medium, large, xlarge, 2xlarge + +# Or custom resource configuration resources: - preset: "medium" # small, medium, large, xlarge - # Custom overrides - limits: - cpu: "2000m" - memory: "4Gi" - requests: - cpu: "1000m" - memory: "2Gi" + cpu: "2000m" + memory: "4Gi" ``` ### Backup (Optional) @@ -74,16 +72,20 @@ backup: ### Advanced Configuration ```yaml -advanced: - # Custom FoundationDB parameters - customParameters: - - "knob_disable_posix_kernel_aio=1" - - # Image type (split recommended for production) - imageType: "split" - - # Enable automatic pod replacements - automaticReplacements: true +# Custom FoundationDB parameters +customParameters: + - "knob_disable_posix_kernel_aio=1" + +# Image type (unified is default and recommended for new deployments) +imageType: "unified" + +# Enable automatic pod replacements +automaticReplacements: true + +# Security context configuration +securityContext: + runAsUser: 4059 + runAsGroup: 4059 ``` ## Prerequisites @@ -141,11 +143,10 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch | Name | Description | Type | Value | | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ------------------------ | -| `replicas` | Number of FoundationDB replicas (total instances) | `int` | `3` | | `cluster` | Cluster configuration | `object` | `{}` | | `cluster.processCounts` | Process counts for different roles | `object` | `{}` | | `cluster.processCounts.stateless` | Number of stateless processes (-1 for automatic) | `int` | `-1` | -| `cluster.processCounts.storage` | Number of storage processes | `int` | `0` | +| `cluster.processCounts.storage` | Number of storage processes (determines cluster size) | `int` | `3` | | `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | | `cluster.version` | Version of FoundationDB to use | `string` | `7.3.63` | | `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index c2734b69..c1395a6a 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -107,7 +107,8 @@ }, "processCounts": { "cluster_controller": 1, - "stateless": -1 + "stateless": -1, + "storage": 3 }, "version": "7.3.63" }, @@ -146,7 +147,8 @@ "type": "object", "default": { "cluster_controller": 1, - "stateless": -1 + "stateless": -1, + "storage": 3 }, "required": [ "cluster_controller", @@ -165,8 +167,9 @@ "default": -1 }, "storage": { - "description": "Number of storage processes", - "type": "integer" + "description": "Number of storage processes (determines cluster size)", + "type": "integer", + "default": 3 } } }, @@ -211,11 +214,6 @@ } } }, - "replicas": { - "description": "Number of FoundationDB replicas (total instances)", - "type": "integer", - "default": 3 - }, "resources": { "description": "Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.", "type": "object", diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml index 4c061409..4c5ccfbd 100644 --- a/packages/apps/foundationdb/values.yaml +++ b/packages/apps/foundationdb/values.yaml @@ -4,13 +4,10 @@ ## @section Common parameters ## -## @param replicas {int} Number of FoundationDB replicas (total instances) -replicas: 3 - ## @param cluster {cluster} Cluster configuration ## @field cluster.processCounts {clusterProcessCounts} Process counts for different roles ## @field clusterProcessCounts.stateless {int} Number of stateless processes (-1 for automatic) -## @field clusterProcessCounts.storage {int} Number of storage processes +## @field clusterProcessCounts.storage {int} Number of storage processes (determines cluster size) ## @field clusterProcessCounts.cluster_controller {int} Number of cluster controller processes ## @field cluster.version {string} Version of FoundationDB to use ## @field cluster.faultDomain {clusterFaultDomain} Fault domain configuration @@ -19,6 +16,7 @@ replicas: 3 cluster: processCounts: stateless: -1 # Automatically calculated + storage: 3 # Number of storage processes (determines cluster size) cluster_controller: 1 version: "7.3.63" From edc12e3f7e816d0483787761f1cb5f3b5e325a24 Mon Sep 17 00:00:00 2001 From: Isaiah Olson Date: Mon, 15 Sep 2025 02:27:56 -0500 Subject: [PATCH 16/80] Add FoundationDB configuration values for storage engine and redundancy mode, update tests, and fix workload monitor Signed-off-by: Isaiah Olson --- hack/e2e-apps/foundationdb.bats | 23 ++++++++++++++----- packages/apps/foundationdb/README.md | 9 ++++++++ .../foundationdb/templates/_resources.tpl | 16 ++++++++++++- .../apps/foundationdb/templates/cluster.yaml | 23 +++++++++++-------- .../templates/workloadmonitor.yaml | 8 +++---- packages/apps/foundationdb/values.schema.json | 14 +++++++++++ packages/apps/foundationdb/values.yaml | 4 ++++ 7 files changed, 76 insertions(+), 21 deletions(-) diff --git a/hack/e2e-apps/foundationdb.bats b/hack/e2e-apps/foundationdb.bats index 99937a42..4c8d1b53 100644 --- a/hack/e2e-apps/foundationdb.bats +++ b/hack/e2e-apps/foundationdb.bats @@ -9,13 +9,14 @@ metadata: name: $name namespace: tenant-test spec: - replicas: 3 cluster: version: "7.3.63" processCounts: storage: 3 stateless: -1 cluster_controller: 1 + redundancyMode: "double" + storageEngine: "ssd-2" faultDomain: key: "foundationdb.org/none" valueFrom: "\$FDB_ZONE_ID" @@ -26,18 +27,18 @@ spec: backup: enabled: false s3: - bucket: "s3.example.org/fdb-backups" + bucket: "" endpoint: "" - region: "us-east-1" + region: "" credentials: - accessKeyId: "oobaiRus9pah8PhohL1ThaeTa4UVa7gu" - secretAccessKey: "ju3eum4dekeich9ahM1te8waeGai0oog" + accessKeyId: "" + secretAccessKey: "" retentionPolicy: "7d" monitoring: enabled: true customParameters: - "knob_disable_posix_kernel_aio=1" - imageType: "split" + imageType: "unified" automaticReplacements: true EOF sleep 15 @@ -102,6 +103,16 @@ EOF kubectl -n tenant-test get pod "$storage_pod" -o jsonpath='{.spec.containers[0].securityContext.runAsUser}' | grep -q '4059' kubectl -n tenant-test get pod "$storage_pod" -o jsonpath='{.spec.containers[0].securityContext.runAsGroup}' | grep -q '4059' + # Verify volumeClaimTemplate is properly configured in FoundationDBCluster CRD + timeout 60 sh -ec "until kubectl -n tenant-test get foundationdbclusters.apps.foundationdb.org foundationdb-$name -o jsonpath='{.spec.processes.general.volumeClaimTemplate.spec.resources.requests.storage}' | grep -q '1Gi'; do sleep 10; done" + + # Verify PVCs are created with correct storage size (1Gi as specified in test) + timeout 120 sh -ec "until [ \$(kubectl -n tenant-test get pvc -l foundationdb.org/fdb-cluster-name=foundationdb-$name --no-headers | wc -l) -ge 3 ]; do sleep 10; done" + kubectl -n tenant-test get pvc -l foundationdb.org/fdb-cluster-name=foundationdb-$name -o jsonpath='{.items[*].spec.resources.requests.storage}' | grep -q '1Gi' + + # Verify actual PVC storage capacity matches requested size + kubectl -n tenant-test get pvc -l foundationdb.org/fdb-cluster-name=foundationdb-$name -o jsonpath='{.items[*].status.capacity.storage}' | grep -q '1Gi' + # Clean up kubectl -n tenant-test delete foundationdb $name diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index 6b0cb2bc..fed4acde 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -124,6 +124,13 @@ FoundationDB is designed for high availability: - Configurable fault domains for rack/zone awareness - Transaction log redundancy +The included `WorkloadMonitor` is automatically configured based on the `cluster.redundancyMode` value. It sets the `minReplicas` property on the `WorkloadMonitor` resource to ensure the cluster's health status accurately reflects its fault tolerance level. The number of tolerated failures is as follows: +- `single`: 0 failures +- `double`: 1 failure +- `triple` and datacenter-aware modes: 2 failures + +For example, with the default configuration (`redundancyMode: double` and 3 storage pods), `minReplicas` will be set to 2. + ## Performance Considerations - Use SSD storage for better performance @@ -149,6 +156,8 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch | `cluster.processCounts.storage` | Number of storage processes (determines cluster size) | `int` | `3` | | `cluster.processCounts.cluster_controller` | Number of cluster controller processes | `int` | `1` | | `cluster.version` | Version of FoundationDB to use | `string` | `7.3.63` | +| `cluster.redundancyMode` | Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback) | `string` | `double` | +| `cluster.storageEngine` | Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory) | `string` | `ssd-2` | | `cluster.faultDomain` | Fault domain configuration | `object` | `{}` | | `cluster.faultDomain.key` | Fault domain key | `string` | `kubernetes.io/hostname` | | `cluster.faultDomain.valueFrom` | Fault domain value source | `string` | `spec.nodeName` | diff --git a/packages/apps/foundationdb/templates/_resources.tpl b/packages/apps/foundationdb/templates/_resources.tpl index e21e34e0..c1b4915e 100644 --- a/packages/apps/foundationdb/templates/_resources.tpl +++ b/packages/apps/foundationdb/templates/_resources.tpl @@ -30,4 +30,18 @@ Chart name and version */}} {{- define "foundationdb.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} \ No newline at end of file +{{- end }} + +{{/* +Calculate minReplicas for WorkloadMonitor based on redundancyMode +*/}} +{{- define "foundationdb.minReplicas" -}} +{{- $replicas := .Values.cluster.processCounts.storage -}} +{{- if or (eq .Values.cluster.redundancyMode "triple") (eq .Values.cluster.redundancyMode "three_data_hall") (eq .Values.cluster.redundancyMode "three_datacenter") (eq .Values.cluster.redundancyMode "three_datacenter_fallback") (eq .Values.cluster.redundancyMode "three_data_hall_fallback") }} +{{- print (max 1 (sub $replicas 2)) -}} +{{- else if eq .Values.cluster.redundancyMode "double" }} +{{- print (max 1 (sub $replicas 1)) -}} +{{- else }} +{{- print $replicas -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/packages/apps/foundationdb/templates/cluster.yaml b/packages/apps/foundationdb/templates/cluster.yaml index 209a78f9..06992cb5 100644 --- a/packages/apps/foundationdb/templates/cluster.yaml +++ b/packages/apps/foundationdb/templates/cluster.yaml @@ -11,7 +11,11 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} spec: version: {{ .Values.cluster.version | quote }} - + + databaseConfiguration: + redundancy_mode: {{ .Values.cluster.redundancyMode }} + storage_engine: {{ .Values.cluster.storageEngine }} + processCounts: {{- toYaml .Values.cluster.processCounts | nindent 4 }} @@ -76,15 +80,14 @@ spec: memory: 128Mi securityContext: {{- toYaml .Values.securityContext | nindent 16 }} - - volumeClaimTemplate: - spec: - {{- if .Values.storage.storageClass }} - storageClassName: {{ .Values.storage.storageClass }} - {{- end }} - resources: - requests: - storage: {{ .Values.storage.size }} + volumeClaimTemplate: + spec: + {{- if .Values.storage.storageClass }} + storageClassName: {{ .Values.storage.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.size }} routing: dnsDomain: {{ $clusterDomain }} diff --git a/packages/apps/foundationdb/templates/workloadmonitor.yaml b/packages/apps/foundationdb/templates/workloadmonitor.yaml index b06fe877..306797f3 100644 --- a/packages/apps/foundationdb/templates/workloadmonitor.yaml +++ b/packages/apps/foundationdb/templates/workloadmonitor.yaml @@ -9,12 +9,12 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: - replicas: {{ .Values.replicas }} - minReplicas: 1 + replicas: {{ .Values.cluster.processCounts.storage }} + minReplicas: {{ include "foundationdb.minReplicas" . }} kind: foundationdb type: foundationdb selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: foundationdb + foundationdb.org/fdb-cluster-name: {{ .Release.Name }} + foundationdb.org/fdb-process-class: storage version: {{ .Chart.Version }} {{- end }} \ No newline at end of file diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index c1395a6a..1b0c6577 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -110,11 +110,15 @@ "stateless": -1, "storage": 3 }, + "redundancyMode": "double", + "storageEngine": "ssd-2", "version": "7.3.63" }, "required": [ "faultDomain", "processCounts", + "redundancyMode", + "storageEngine", "version" ], "properties": { @@ -173,6 +177,16 @@ } } }, + "redundancyMode": { + "description": "Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)", + "type": "string", + "default": "double" + }, + "storageEngine": { + "description": "Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)", + "type": "string", + "default": "ssd-2" + }, "version": { "description": "Version of FoundationDB to use", "type": "string", diff --git a/packages/apps/foundationdb/values.yaml b/packages/apps/foundationdb/values.yaml index 4c5ccfbd..902f986a 100644 --- a/packages/apps/foundationdb/values.yaml +++ b/packages/apps/foundationdb/values.yaml @@ -10,6 +10,8 @@ ## @field clusterProcessCounts.storage {int} Number of storage processes (determines cluster size) ## @field clusterProcessCounts.cluster_controller {int} Number of cluster controller processes ## @field cluster.version {string} Version of FoundationDB to use +## @field cluster.redundancyMode {string} Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback) +## @field cluster.storageEngine {string} Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory) ## @field cluster.faultDomain {clusterFaultDomain} Fault domain configuration ## @field clusterFaultDomain.key {string} Fault domain key ## @field clusterFaultDomain.valueFrom {string} Fault domain value source @@ -20,6 +22,8 @@ cluster: cluster_controller: 1 version: "7.3.63" + redundancyMode: "double" # Database redundancy mode + storageEngine: "ssd-2" # Storage engine faultDomain: key: "kubernetes.io/hostname" From b7bebecb643cace4433dcb64ff88132704a39409 Mon Sep 17 00:00:00 2001 From: Nick Volynkin Date: Mon, 8 Sep 2025 13:53:08 +0300 Subject: [PATCH 17/80] [docs] Changelogs for v0.35.* Signed-off-by: Nick Volynkin --- docs/changelogs/v0.35.3.md | 10 ++++++++++ docs/changelogs/v0.35.4.md | 14 ++++++++++++++ docs/changelogs/v0.35.5.md | 11 +++++++++++ 3 files changed, 35 insertions(+) create mode 100644 docs/changelogs/v0.35.3.md create mode 100644 docs/changelogs/v0.35.4.md create mode 100644 docs/changelogs/v0.35.5.md diff --git a/docs/changelogs/v0.35.3.md b/docs/changelogs/v0.35.3.md new file mode 100644 index 00000000..38b31111 --- /dev/null +++ b/docs/changelogs/v0.35.3.md @@ -0,0 +1,10 @@ + + + +## Fixes + +* [seaweedfs] Add a liveness check for the SeaweedFS S3 endpoint to improve health monitoring and enable automatic recovery. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1368) + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.2...v0.35.3 diff --git a/docs/changelogs/v0.35.4.md b/docs/changelogs/v0.35.4.md new file mode 100644 index 00000000..ba16e26d --- /dev/null +++ b/docs/changelogs/v0.35.4.md @@ -0,0 +1,14 @@ + + + +## Fixes + +* [virtual-machine] Fix the regression in VM update hook introduced in https://github.com/cozystack/cozystack/pull/1169 by targeting the correct API resource and avoiding conflicts with KubeVirt resources. (@kvaps in https://github.com/cozystack/cozystack/pull/1376, backported in https://github.com/cozystack/cozystack/pull/1377) +* [cozy-lib] Add the missing template `cozy-lib.resources.flatten`. (@kvaps in https://github.com/cozystack/cozystack/pull/1372, backported in https://github.com/cozystack/cozystack/pull/1375) +* [platform] Fix a boolean override bug in Helm merge. ConfigMap values now correctly take precedence over bundle defaults. (@dyudin0821 in https://github.com/cozystack/cozystack/pull/1385, backported in https://github.com/cozystack/cozystack/pull/1388) +* [seaweedfs] Resolve connectivity issues in SeaweedFS. Increase Nginx ingress timeouts for SeaweedFS S3 endpoint. (@kvaps in https://github.com/cozystack/cozystack/pull/1386, backported in https://github.com/cozystack/cozystack/pull/1390) +* [dx] Remove the BUILDER and PLATFORM autodetect logic in Makefiles. (@kvaps in https://github.com/cozystack/cozystack/pull/1391, backported in https://github.com/cozystack/cozystack/pull/1392) + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.3...v0.35.4 diff --git a/docs/changelogs/v0.35.5.md b/docs/changelogs/v0.35.5.md new file mode 100644 index 00000000..02c744d6 --- /dev/null +++ b/docs/changelogs/v0.35.5.md @@ -0,0 +1,11 @@ + + + +## Fixes + +* [etcd] Ensure that TopologySpreadConstraints consistently target etcd pods. (@kvaps in https://github.com/cozystack/cozystack/pull/1405, backported in https://github.com/cozystack/cozystack/pull/1406) +* [tests] Add resource quota for testing namespaces. (@IvanHunters in https://github.com/cozystack/cozystack/commit/4982cdf5024c8bb9aa794b91d55545ea6b105d17) + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.4...v0.35.5 From 2fcf975e6ac9fdda2459dcf29b685cad583c1416 Mon Sep 17 00:00:00 2001 From: Nick Volynkin Date: Mon, 8 Sep 2025 15:47:30 +0300 Subject: [PATCH 18/80] [docs] Changelogs for v0.36.* Signed-off-by: Nick Volynkin --- docs/changelogs/patch-template.md | 18 +++++ docs/changelogs/template.md | 2 +- docs/changelogs/v0.36.0.md | 117 ++++++++++++++++++++++++++++++ docs/changelogs/v0.36.1.md | 22 ++++++ docs/changelogs/v0.36.2.md | 18 +++++ 5 files changed, 176 insertions(+), 1 deletion(-) create mode 100644 docs/changelogs/patch-template.md create mode 100644 docs/changelogs/v0.36.0.md create mode 100644 docs/changelogs/v0.36.1.md create mode 100644 docs/changelogs/v0.36.2.md diff --git a/docs/changelogs/patch-template.md b/docs/changelogs/patch-template.md new file mode 100644 index 00000000..69ad49ba --- /dev/null +++ b/docs/changelogs/patch-template.md @@ -0,0 +1,18 @@ + + + +## Features and Improvements + +## Security + +## Fixes + +## Dependencies + +## Development, Testing, and CI/CD + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.0...main diff --git a/docs/changelogs/template.md b/docs/changelogs/template.md index 6497b7c0..a939e23a 100644 --- a/docs/changelogs/template.md +++ b/docs/changelogs/template.md @@ -17,4 +17,4 @@ https://github.com/cozystack/cozystack/releases/tag/v0.. --- -**Full Changelog**: **Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.0...v0.35.0 +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.34.0...v0.35.0 diff --git a/docs/changelogs/v0.36.0.md b/docs/changelogs/v0.36.0.md new file mode 100644 index 00000000..c300a852 --- /dev/null +++ b/docs/changelogs/v0.36.0.md @@ -0,0 +1,117 @@ + + + + +## Feature Highlights + +Release v0.36.0 focuses on the stability, observability, and flexible configuration of managed applications. + +### Per-Namespace Resource Limits for Tenants + +Resource management for Cozystack tenants has received a final patch and is now graduated to a stable feature. +Platform administrators can define explicit CPU, memory, and storage limits for each tenant's namespace +via the tenant specification. +This prevents any single tenant from consuming more than their share of cluster resources, +ensuring cluster stability and a guaranteed service level for each tenant. + +### Kube-OVN Cluster Health Monitor + +A new component called the Kube-OVN Plunger continuously monitors the health of the Kube-OVN network's central control cluster. +This external agent gathers OVN cluster status and consensus information, exposing Prometheus metrics and live events stream via SSE. +As a result, it provides much better visibility of the virtual network layer and helps maintain a reliable and observable network in Cozystack. +This change opens the road to automated Kube-OVN database operations and recovery in specific corner cases. + +### Configurable CoreDNS Addon for Kubernetes + +Cozystack introduces a dedicated CoreDNS addon for managing cluster DNS with greater flexibility. +CoreDNS is now deployed via a Helm chart and can be tuned through custom values in the cluster specification, +including autoscaling, replica count, and adjusting service IP. +CoreDNS can now be configured in the dashboard and using Cozystack API. + +### Granular SeaweedFS Service Configuration + +The SeaweedFS S3 storage service in Cozystack is now far more configurable at a component level. +The Helm chart for SeaweedFS now includes independent configuration for each component and its resources. +It includes the master nodes, volume servers with support for multiple zones, filers, the backing database, and the S3 gateway. +Administrators can set per-component parameters such as the number of replicas, available CPU, memory, and storage size. + +### Server-side Encryption for S3 + +Cozystack v0.36.0 includes SeaweedFS 3.97, bringing support for server-side encryption of S3 buckets (SSE-C, SSE-KMS, and SSE-S3). + +**Breaking change:** upon updating Cozystack, SeaweedFS will be updated to a newer version, and the services specification +will be converted to the new format. + +### Custom Resource Profiles for Ingress Controller + +NGINX controller is now configurable on a per-replica basis. +Configurations include the ingress controller pods' CPU and memory requests/limits, either with direct values or using one of the available presets. + +### Cozystack REST API Documentation + +[Cozystack REST API reference](https://cozystack.io/docs/cozystack-api/rest/) is now published on the website. +It includes endpoints and methods for listing, creating, updating, and removing each managed application, defined as Cozystack CRD. + + +### Built-in LLDP-Based Neighbor Discovery in Talos + +Cozystack now includes the LLDPD extension in its Talos OS image, enabling Link Layer Discovery Protocol (LLDP) out of the box. +This means each node can automatically discover and advertise its network neighbors and topology without any manual setup. + +### Use external IP for Egress Traffic in VMs + +When a virtual machine has an external IP assigned to it, it will now always use it for egress traffic, independently of the external method used. + +## Major Features and Improvements + +* [talos] Add LLDPD (`ghcr.io/siderolabs/lldpd`) as a built-in system extension, enabling LLDP-based neighbor discovery out of the box. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1351 and https://github.com/cozystack/cozystack/pull/1360) +* [kubernetes] Add a configurable CoreDNS addon with valuesOverride, packaged chart, and managed deployment (metrics, autoscaling, HPA, customizable Service). (@klinch0 in https://github.com/cozystack/cozystack/pull/1362) +* [kube-ovn] Implement the Kube-OVN plunger, an external monitoring agent for the ovn-central cluster. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1380, patched in https://github.com/cozystack/cozystack/pull/1414 and https://github.com/cozystack/cozystack/pull/1418) +* [tenant] Enable per-namespace resource quota settings in tenants, with explicit cpu, memory, and storage values. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1389) +* [seaweedfs] Add detailed resource configuration for each component of the SeaweedFS service. (@klinch0 and @kvaps in https://github.com/cozystack/cozystack/pull/1415) +* [ingress] Enable per-replica resource configuration to the ingress controller. (@kvaps in https://github.com/cozystack/cozystack/pull/1416) +* [virtual-machine] Use external IP for egress traffic with `PortList` method. (@kvaps in https://github.com/cozystack/cozystack/pull/1349) + + +## Fixes + +* [cozy-lib] Fix malformed retrieval of `cozyConfig` in the cozy-lib template. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1348) +* [cozy-lib] Add the missing template `cozy-lib.resources.flatten`. (@kvaps in https://github.com/cozystack/cozystack/pull/1372) +* [cozystack-api] Sanitize the OpenAPI v2 schema. (@kvaps in https://github.com/cozystack/cozystack/pull/1353) +* [kube-ovn] Improve northd leader detection. Patch the northd leader check to test against all endpoints instead of just the first one marked as ready. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1363) +* [seaweedfs] Add a liveness check for the SeaweedFS S3 endpoint to improve health monitoring and enable automatic recovery. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1368) +* [seaweedfs] Resolve race conditions in SeaweedFS. Increase deployment timeouts and set install/upgrade remediation to unlimited retries to improve deployment resilience. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1371) +* [seaweedfs] Resolve connectivity issues in SeaweedFS. Increase Nginx ingress timeouts for SeaweedFS S3 endpoint. (@kvaps in https://github.com/cozystack/cozystack/pull/1386) +* [virtual-machine] Fix the reg ression in VM update hook introduced in https://github.com/cozystack/cozystack/pull/1169. Target the correct API resource and avoid conflicts with KubeVirt resources. (@kvaps in https://github.com/cozystack/cozystack/pull/1376) +* [virtual-machine] Correct app version references in `virtual-machine` and `vm-instance`, ensuring accurate versioning during migrations. (@kvaps in https://github.com/cozystack/cozystack/pull/1378). +* [cozyreport] Fix an error where cozyreport tried to parse non-existent objects and generated garbage output in CI debug logs. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1383) +* [platform] Fix a boolean override bug in Helm merge. ConfigMap values now correctly take precedence over bundle defaults. (@dyudin0821 in https://github.com/cozystack/cozystack/pull/1385) +* [kubernetes] CoreDNS release now installs and stores state in the `kube-system` namespace. (@kvaps in https://github.com/cozystack/cozystack/pull/1395) +* [kubernetes] Expose configuration for CoreDNS, enabling setting the image repository and replica count via `values.yaml`. (@kvaps in https://github.com/cozystack/cozystack/pull/1410) +* [etcd] Ensure that TopologySpreadConstraints consistently target etcd pods. (@kvaps in https://github.com/cozystack/cozystack/pull/1405) +* [tenant] Use force-upgrade for ingress controller charts. (@klinch0 in https://github.com/cozystack/cozystack/pull/1404) +* [cozystack-controller] Fix an RBAC error that prevented the workload labelling feature from working. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1419) +* [seaweedfs] Remove VerticalPodAutoscaler for SeaweedFS. (@kvaps in https://github.com/cozystack/cozystack/pull/1421) + + +## Dependencies + +* Update LINSTOR to v1.31.3. (@kvaps in https://github.com/cozystack/cozystack/pull/1358) +* Update SeaweedFS to v3.97. (@kvaps in https://github.com/cozystack/cozystack/pull/1361 and https://github.com/cozystack/cozystack/pull/1373) +* Update Kube-OVN to 1.14.5. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1363) +* Replace Bitnami images with alternatives in all charts. (@kvaps in https://github.com/cozystack/cozystack/pull/1374) + +## Documentation + +## Development, Testing, and CI/CD + +* [dx] Remove the BUILDER and PLATFORM autodetect logic in Makefiles. (@kvaps in https://github.com/cozystack/cozystack/pull/1391) +* [ci] Use the host buildx config in CI. (@kvaps in https://github.com/cozystack/cozystack/pull/1015) +* [ci] Add `jq` and `git` to the installer image. (@kvaps in https://github.com/cozystack/cozystack/pull/1417) +* [ci] Source the `REGISTRY` environment variable from actions' variables, not secrets, so external pull requests can work. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1423) + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.35.0...v0.36.0 diff --git a/docs/changelogs/v0.36.1.md b/docs/changelogs/v0.36.1.md new file mode 100644 index 00000000..3bac9e72 --- /dev/null +++ b/docs/changelogs/v0.36.1.md @@ -0,0 +1,22 @@ + + + +## Major Features and Improvements + +* [cozystack-api] Implement recursive, Kubernetes-like defaulting for applications: missing fields in nested objects and arrays are auto-populated safely without mutating shared defaults. (@kvaps in https://github.com/cozystack/cozystack/pull/1432) + +## Fixes + +* [cozystack-api] Update defaulting API schemas. (@kvaps in https://github.com/cozystack/cozystack/pull/1433) +* [dashboard] Fix Bitnami dependencies. (@kvaps in https://github.com/cozystack/cozystack/pull/1431) +* [seaweedfs] Fix SeaweedFS migration. (@kvaps in https://github.com/cozystack/cozystack/pull/1430) + +## Development, Testing, and CI/CD + +* [adopters] Add [Hidora](https://hikube.cloud) to the Cozystack adopters list. (@matthieu-robin in https://github.com/cozystack/cozystack/pull/1429) + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.0...v0.36.1 diff --git a/docs/changelogs/v0.36.2.md b/docs/changelogs/v0.36.2.md new file mode 100644 index 00000000..05e17d2a --- /dev/null +++ b/docs/changelogs/v0.36.2.md @@ -0,0 +1,18 @@ + + + +## Features and Improvements + +## Security + +## Fixes + +## Dependencies + +## Development, Testing, and CI/CD + +--- + +**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.1...main From 1753df590e29be40d941a0bb538d6405f8d2332c Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 26 Sep 2025 15:00:16 +0200 Subject: [PATCH 19/80] Update Cilium v1.17.8 Signed-off-by: Andrei Kvapil --- .../system/cilium/charts/cilium/Chart.yaml | 4 +- .../system/cilium/charts/cilium/README.md | 25 ++++----- .../charts/cilium/templates/_extensions.tpl | 18 ++++++ .../templates/cilium-agent/daemonset.yaml | 6 +- .../cilium/templates/cilium-configmap.yaml | 14 ++--- .../clustermesh-apiserver/deployment.yaml | 6 +- .../cilium/charts/cilium/values.schema.json | 26 +++++---- .../system/cilium/charts/cilium/values.yaml | 55 ++++++++++--------- .../cilium/charts/cilium/values.yaml.tmpl | 11 +++- .../system/cilium/images/cilium/Dockerfile | 2 +- 10 files changed, 98 insertions(+), 69 deletions(-) diff --git a/packages/system/cilium/charts/cilium/Chart.yaml b/packages/system/cilium/charts/cilium/Chart.yaml index b3ac8c21..39cdd18a 100644 --- a/packages/system/cilium/charts/cilium/Chart.yaml +++ b/packages/system/cilium/charts/cilium/Chart.yaml @@ -79,7 +79,7 @@ annotations: Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n" apiVersion: v2 -appVersion: 1.17.5 +appVersion: 1.17.8 description: eBPF-based Networking, Security, and Observability home: https://cilium.io/ icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg @@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0' name: cilium sources: - https://github.com/cilium/cilium -version: 1.17.5 +version: 1.17.8 diff --git a/packages/system/cilium/charts/cilium/README.md b/packages/system/cilium/charts/cilium/README.md index 499d64ef..40a133e6 100644 --- a/packages/system/cilium/charts/cilium/README.md +++ b/packages/system/cilium/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.17.5](https://img.shields.io/badge/Version-1.17.5-informational?style=flat-square) ![AppVersion: 1.17.5](https://img.shields.io/badge/AppVersion-1.17.5-informational?style=flat-square) +![Version: 1.17.8](https://img.shields.io/badge/Version-1.17.8-informational?style=flat-square) ![AppVersion: 1.17.8](https://img.shields.io/badge/AppVersion-1.17.8-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -85,7 +85,7 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:f85340bf132ae937d2c2a763b8335c9bab35d6e8293f70f606b9c6178d84f42b","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | +| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -197,7 +197,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:78dc40b9cb8d7b1ad21a76ff3e11541809acda2ac4ef94150cc832100edc247d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.5","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"sha256:3ac210d94d37a77ec010f9ac4c705edc8f15f22afa2b9a6f0e2a7d64d2360586","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.8","useDigest":true}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -378,7 +378,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.healthPort | int | `9878` | TCP port for the health API. | | envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| envoy.image | object | `{"digest":"sha256:9f69e290a7ea3d4edf9192acd81694089af048ae0d8a67fb63bd62dc1d72203e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626","useDigest":true}` | Envoy container image. | +| envoy.image | object | `{"digest":"sha256:06fbc4e55d926dd82ff2a0049919248dcc6be5354609b09012b01bc9c5b0ee28","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.33.9-1757932127-3c04e8f2f1027d106b96f8ef4a0215e81dbaaece","useDigest":true}` | Envoy container image. | | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | @@ -429,7 +429,6 @@ contributors across the globe, there is almost always someone available to help. | etcd.enabled | bool | `false` | Enable etcd mode for the agent. | | etcd.endpoints | list | `["https://CHANGE-ME:2379"]` | List of etcd endpoints | | etcd.ssl | bool | `false` | Enable use of TLS/SSL for connectivity to etcd. | -| externalIPs.enabled | bool | `false` | Enable ExternalIPs service support. | | externalWorkloads | object | `{"enabled":false}` | Configure external workloads support | | externalWorkloads.enabled | bool | `false` | Enable support for external workloads, such as VMs (false by default). | | extraArgs | list | `[]` | Additional agent container arguments. | @@ -519,7 +518,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:fbb8a6afa8718200fca9381ad274ed695792dbadd2417b0e99c36210ae4964ff","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.5","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"sha256:2e576bf7a02291c07bffbc1ca0a66a6c70f4c3eb155480e5b3ac027bedd2858b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.8","useDigest":true}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -586,7 +585,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. | | hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. | | hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. | -| hubble.ui.backend.image | object | `{"digest":"sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.2","useDigest":true}` | Hubble-ui backend image. | +| hubble.ui.backend.image | object | `{"digest":"sha256:db1454e45dc39ca41fbf7cad31eec95d99e5b9949c39daaad0fa81ef29d56953","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.3","useDigest":true}` | Hubble-ui backend image. | | hubble.ui.backend.livenessProbe.enabled | bool | `false` | Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.readinessProbe.enabled | bool | `false` | Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. | @@ -596,7 +595,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. | | hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. | | hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. | -| hubble.ui.frontend.image | object | `{"digest":"sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.2","useDigest":true}` | Hubble-ui frontend image. | +| hubble.ui.frontend.image | object | `{"digest":"sha256:661d5de7050182d495c6497ff0b007a7a1e379648e60830dd68c4d78ae21761d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.3","useDigest":true}` | Hubble-ui frontend image. | | hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. | | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | @@ -626,7 +625,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.5","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.8","useDigest":true}` | Agent container image. | | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -737,7 +736,7 @@ contributors across the globe, there is almost always someone available to help. | nodeinit.extraEnv | list | `[]` | Additional nodeinit environment variables. | | nodeinit.extraVolumeMounts | list | `[]` | Additional nodeinit volumeMounts. | | nodeinit.extraVolumes | list | `[]` | Additional nodeinit volumes. | -| nodeinit.image | object | `{"digest":"sha256:8d7b41c4ca45860254b3c19e20210462ef89479bb6331d6760c4e609d651b29c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"c54c7edeab7fde4da68e59acd319ab24af242c3f","useDigest":true}` | node-init image. | +| nodeinit.image | object | `{"digest":"sha256:5bdca3c2dec2c79f58d45a7a560bf1098c2126350c901379fe850b7f78d3d757","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"1755531540-60ee83e","useDigest":true}` | node-init image. | | nodeinit.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | nodeinit.podAnnotations | object | `{}` | Annotations to be added to node-init pods. | | nodeinit.podLabels | object | `{}` | Labels to be added to node-init pods. | @@ -764,7 +763,7 @@ contributors across the globe, there is almost always someone available to help. | operator.hostNetwork | bool | `true` | HostNetwork setting | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:654db67929f716b6178a34a15cb8f95e391465085bcf48cdba49819a56fcd259","awsDigest":"sha256:3e189ec1e286f1bf23d47c45bdeac6025ef7ec3d2dc16190ee768eb94708cbc3","azureDigest":"sha256:add78783fdaced7453a324612eeb9ebecf56002b56c14c73596b3b4923321026","genericDigest":"sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.5","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"sha256:72c25a405ad8e58d2cf03f7ea2b6696ed1edcfb51716b5f85e45c6c4fcaa6056","awsDigest":"sha256:28012f7d0f4f23e9f6c7d6a5dd931afa326bbac3e8103f3f6f22b9670847dffa","azureDigest":"sha256:619f9febf3efef2724a26522b253e4595cd33c274f5f49925e29a795fdc2d2d7","genericDigest":"sha256:5468807b9c31997f3a1a14558ec7c20c5b962a2df6db633b7afbe2f45a15da1c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.8","useDigest":true}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -801,7 +800,7 @@ contributors across the globe, there is almost always someone available to help. | pmtuDiscovery.enabled | bool | `false` | Enable path MTU discovery to send ICMP fragmentation-needed replies to the client. | | podAnnotations | object | `{}` | Annotations to be added to agent pods | | podLabels | object | `{}` | Labels to be added to agent pods | -| podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-agent pods. | +| podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"},"seccompProfile":{"type":"Unconfined"}}` | Security Context for cilium-agent pods. | | podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-agent` and init containers | | policyCIDRMatchMode | string | `nil` | policyCIDRMatchMode is a list of entities that may be selected by CIDR selector. The possible value is "nodes". | | policyEnforcementMode | string | `"default"` | The agent can be put into one of the three policy enforcement modes: default, always and never. ref: https://docs.cilium.io/en/stable/security/policy/intro/#policy-enforcement-modes | @@ -814,7 +813,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.5","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.8","useDigest":true}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | diff --git a/packages/system/cilium/charts/cilium/templates/_extensions.tpl b/packages/system/cilium/charts/cilium/templates/_extensions.tpl index 5da57e2e..bd8ba80b 100644 --- a/packages/system/cilium/charts/cilium/templates/_extensions.tpl +++ b/packages/system/cilium/charts/cilium/templates/_extensions.tpl @@ -3,6 +3,24 @@ _extensions.tpl contains template blocks that are intended to allow packagers to modify or extend the default chart behaviors. */}} +{{/* +Allow packagers to add extra volumes to cilium-agent. +*/}} +{{- define "cilium-agent.volumes.extra" }} +{{- end }} + +{{- define "cilium-agent.volumeMounts.extra" }} +{{- end }} + +{{/* +Allow packagers to set dnsPolicy for cilium-agent. +*/}} +{{- define "cilium-agent.dnsPolicy" }} +{{- if .Values.dnsPolicy }} +dnsPolicy: {{ .Values.dnsPolicy }} +{{- end }} +{{- end }} + {{/* Intentionally empty to allow downstream chart packagers to add extra containers to hubble-relay without having to modify the deployment manifest diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml index 486903b8..5d73cb7e 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -399,6 +399,7 @@ spec: {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} + {{- include "cilium-agent.volumeMounts.extra" . | nindent 8 }} {{- if .Values.monitor.enabled }} - name: cilium-monitor image: {{ include "cilium.image" .Values.image | quote }} @@ -768,9 +769,7 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccounts.cilium.automount }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} hostNetwork: true - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- end }} + {{- include "cilium-agent.dnsPolicy" . | nindent 6 }} {{- if (eq .Values.scheduling.mode "anti-affinity") }} {{- with .Values.affinity }} affinity: @@ -1063,4 +1062,5 @@ spec: {{- with .Values.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} + {{- include "cilium-agent.volumes.extra" . | nindent 6 }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml index 1579754f..72c391da 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml @@ -735,7 +735,7 @@ data: kube-proxy-replacement: {{ $kubeProxyReplacement | quote }} -{{- if ne $kubeProxyReplacement "disabled" }} +{{- if eq $kubeProxyReplacement "true" }} kube-proxy-replacement-healthz-bind-address: {{ default "" .Values.kubeProxyReplacementHealthzBindAddr | quote}} {{- end }} @@ -755,17 +755,13 @@ data: {{- end }} {{- if hasKey .Values "hostPort" }} -{{- if eq $kubeProxyReplacement "partial" }} +{{- if eq $kubeProxyReplacement "false" }} enable-host-port: {{ .Values.hostPort.enabled | quote }} {{- end }} {{- end }} -{{- if hasKey .Values "externalIPs" }} -{{- if eq $kubeProxyReplacement "partial" }} - enable-external-ips: {{ .Values.externalIPs.enabled | quote }} -{{- end }} -{{- end }} + {{- if hasKey .Values "nodePort" }} -{{- if or (eq $kubeProxyReplacement "partial") (eq $kubeProxyReplacement "false") }} +{{- if eq $kubeProxyReplacement "false" }} enable-node-port: {{ .Values.nodePort.enabled | quote }} {{- end }} {{- if hasKey .Values.nodePort "range" }} @@ -1031,7 +1027,7 @@ data: hubble-drop-events-interval: {{ .Values.hubble.dropEventEmitter.interval | quote }} hubble-drop-events-reasons: {{ .Values.hubble.dropEventEmitter.reasons | join " " | quote }} {{- end }} -{{- if .Values.hubble.preferIpv6 }} +{{- if or (eq .Values.hubble.preferIpv6 true) (eq .Values.ipv4.enabled false) }} hubble-prefer-ipv6: "true" {{- end }} {{- if (not (kindIs "invalid" .Values.hubble.skipUnknownCGroupIDs)) }} diff --git a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml index 9450ea43..72b41679 100644 --- a/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml +++ b/packages/system/cilium/charts/cilium/templates/clustermesh-apiserver/deployment.yaml @@ -222,6 +222,9 @@ spec: name: cilium-config key: enable-k8s-endpoint-slice optional: true + {{- with .Values.clustermesh.apiserver.extraEnv }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} readinessProbe: httpGet: path: /readyz @@ -229,9 +232,6 @@ spec: {{- with .Values.clustermesh.apiserver.readinessProbe }} {{- toYaml . | trim | nindent 10 }} {{- end }} - {{- with .Values.clustermesh.apiserver.extraEnv }} - {{- toYaml . | trim | nindent 8 }} - {{- end }} ports: - name: apiserv-health containerPort: {{ .Values.clustermesh.apiserver.healthPort }} diff --git a/packages/system/cilium/charts/cilium/values.schema.json b/packages/system/cilium/charts/cilium/values.schema.json index 047838bf..762efbf9 100644 --- a/packages/system/cilium/charts/cilium/values.schema.json +++ b/packages/system/cilium/charts/cilium/values.schema.json @@ -535,10 +535,16 @@ "default": { "properties": { "burstLimit": { - "type": "null" + "type": [ + "null", + "integer" + ] }, "rateLimit": { - "type": "null" + "type": [ + "null", + "integer" + ] } }, "type": "object" @@ -2351,14 +2357,6 @@ }, "type": "object" }, - "externalIPs": { - "properties": { - "enabled": { - "type": "boolean" - } - }, - "type": "object" - }, "externalWorkloads": { "properties": { "enabled": { @@ -4653,6 +4651,14 @@ } }, "type": "object" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" } }, "type": "object" diff --git a/packages/system/cilium/charts/cilium/values.yaml b/packages/system/cilium/charts/cilium/values.yaml index ae4925a0..68f73ee8 100644 --- a/packages/system/cilium/charts/cilium/values.yaml +++ b/packages/system/cilium/charts/cilium/values.yaml @@ -191,10 +191,10 @@ image: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.17.5" + tag: "v1.17.8" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6" + digest: "sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636" useDigest: true # -- Scheduling configurations for cilium pods scheduling: @@ -270,6 +270,8 @@ podSecurityContext: # -- AppArmorProfile options for the `cilium-agent` and init containers appArmorProfile: type: "Unconfined" + seccompProfile: + type: "Unconfined" # -- Annotations to be added to agent pods podAnnotations: {} # -- Labels to be added to agent pods @@ -508,6 +510,9 @@ bpf: events: # -- Default settings for all types of events except dbg and pcap. default: + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the limit of messages per second that can be written to # BPF events map. The number of messages is averaged, meaning that if no messages # were written to the map over 5 seconds, it's possible to write more events @@ -516,6 +521,9 @@ bpf: # and rateLimit to 0 disables BPF events rate limiting. # @default -- `0` rateLimit: ~ + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the maximum number of messages that can be written to BPF events # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must # also be provided lest the configuration is considered invalid. Setting both burstLimit @@ -1071,9 +1079,6 @@ eni: # -- Filter via AWS EC2 Instance tags (k=v) which will dictate which AWS EC2 Instances # are going to be used to create new ENIs instanceTagsFilter: [] -externalIPs: - # -- Enable ExternalIPs service support. - enabled: false # fragmentTracking enables IPv4 fragment tracking support in the datapath. # fragmentTracking: true gke: @@ -1440,9 +1445,9 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.17.5" + tag: "v1.17.8" # hubble-relay-digest - digest: "sha256:fbb8a6afa8718200fca9381ad274ed695792dbadd2417b0e99c36210ae4964ff" + digest: "sha256:2e576bf7a02291c07bffbc1ca0a66a6c70f4c3eb155480e5b3ac027bedd2858b" useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -1691,8 +1696,8 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-ui-backend" - tag: "v0.13.2" - digest: "sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15" + tag: "v0.13.3" + digest: "sha256:db1454e45dc39ca41fbf7cad31eec95d99e5b9949c39daaad0fa81ef29d56953" useDigest: true pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. @@ -1725,8 +1730,8 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-ui" - tag: "v0.13.2" - digest: "sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392" + tag: "v0.13.3" + digest: "sha256:661d5de7050182d495c6497ff0b007a7a1e379648e60830dd68c4d78ae21761d" useDigest: true pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. @@ -2353,9 +2358,9 @@ envoy: # @schema override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626" + tag: "v1.33.9-1757932127-3c04e8f2f1027d106b96f8ef4a0215e81dbaaece" pullPolicy: "IfNotPresent" - digest: "sha256:9f69e290a7ea3d4edf9192acd81694089af048ae0d8a67fb63bd62dc1d72203e" + digest: "sha256:06fbc4e55d926dd82ff2a0049919248dcc6be5354609b09012b01bc9c5b0ee28" useDigest: true # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] @@ -2710,15 +2715,15 @@ operator: # @schema override: ~ repository: "quay.io/cilium/operator" - tag: "v1.17.5" + tag: "v1.17.8" # operator-generic-digest - genericDigest: "sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e" + genericDigest: "sha256:5468807b9c31997f3a1a14558ec7c20c5b962a2df6db633b7afbe2f45a15da1c" # operator-azure-digest - azureDigest: "sha256:add78783fdaced7453a324612eeb9ebecf56002b56c14c73596b3b4923321026" + azureDigest: "sha256:619f9febf3efef2724a26522b253e4595cd33c274f5f49925e29a795fdc2d2d7" # operator-aws-digest - awsDigest: "sha256:3e189ec1e286f1bf23d47c45bdeac6025ef7ec3d2dc16190ee768eb94708cbc3" + awsDigest: "sha256:28012f7d0f4f23e9f6c7d6a5dd931afa326bbac3e8103f3f6f22b9670847dffa" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:654db67929f716b6178a34a15cb8f95e391465085bcf48cdba49819a56fcd259" + alibabacloudDigest: "sha256:72c25a405ad8e58d2cf03f7ea2b6696ed1edcfb51716b5f85e45c6c4fcaa6056" useDigest: true pullPolicy: "IfNotPresent" suffix: "" @@ -2910,8 +2915,8 @@ nodeinit: # @schema override: ~ repository: "quay.io/cilium/startup-script" - tag: "c54c7edeab7fde4da68e59acd319ab24af242c3f" - digest: "sha256:8d7b41c4ca45860254b3c19e20210462ef89479bb6331d6760c4e609d651b29c" + tag: "1755531540-60ee83e" + digest: "sha256:5bdca3c2dec2c79f58d45a7a560bf1098c2126350c901379fe850b7f78d3d757" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the nodeinit pod. @@ -2993,9 +2998,9 @@ preflight: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.17.5" + tag: "v1.17.8" # cilium-digest - digest: "sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6" + digest: "sha256:6d7ea72ed311eeca4c75a1f17617a3d596fb6038d30d00799090679f82a01636" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -3142,9 +3147,9 @@ clustermesh: # @schema override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.17.5" + tag: "v1.17.8" # clustermesh-apiserver-digest - digest: "sha256:78dc40b9cb8d7b1ad21a76ff3e11541809acda2ac4ef94150cc832100edc247d" + digest: "sha256:3ac210d94d37a77ec010f9ac4c705edc8f15f22afa2b9a6f0e2a7d64d2360586" useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. @@ -3653,7 +3658,7 @@ authentication: override: ~ repository: "docker.io/library/busybox" tag: "1.37.0" - digest: "sha256:f85340bf132ae937d2c2a763b8335c9bab35d6e8293f70f606b9c6178d84f42b" + digest: "sha256:d82f458899c9696cb26a7c02d5568f81c8c8223f8661bb2a7988b269c8b9051e" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration diff --git a/packages/system/cilium/charts/cilium/values.yaml.tmpl b/packages/system/cilium/charts/cilium/values.yaml.tmpl index e85d3fa4..9ac96556 100644 --- a/packages/system/cilium/charts/cilium/values.yaml.tmpl +++ b/packages/system/cilium/charts/cilium/values.yaml.tmpl @@ -271,6 +271,8 @@ podSecurityContext: # -- AppArmorProfile options for the `cilium-agent` and init containers appArmorProfile: type: "Unconfined" + seccompProfile: + type: "Unconfined" # -- Annotations to be added to agent pods podAnnotations: {} # -- Labels to be added to agent pods @@ -513,6 +515,9 @@ bpf: events: # -- Default settings for all types of events except dbg and pcap. default: + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the limit of messages per second that can be written to # BPF events map. The number of messages is averaged, meaning that if no messages # were written to the map over 5 seconds, it's possible to write more events @@ -521,6 +526,9 @@ bpf: # and rateLimit to 0 disables BPF events rate limiting. # @default -- `0` rateLimit: ~ + # @schema + # type: [null, integer] + # @schema # -- (int) Configure the maximum number of messages that can be written to BPF events # map in 1 second. If burstLimit is greater than 0, non-zero value for rateLimit must # also be provided lest the configuration is considered invalid. Setting both burstLimit @@ -1084,9 +1092,6 @@ eni: # -- Filter via AWS EC2 Instance tags (k=v) which will dictate which AWS EC2 Instances # are going to be used to create new ENIs instanceTagsFilter: [] -externalIPs: - # -- Enable ExternalIPs service support. - enabled: false # fragmentTracking enables IPv4 fragment tracking support in the datapath. # fragmentTracking: true gke: diff --git a/packages/system/cilium/images/cilium/Dockerfile b/packages/system/cilium/images/cilium/Dockerfile index 6399851c..cd113788 100644 --- a/packages/system/cilium/images/cilium/Dockerfile +++ b/packages/system/cilium/images/cilium/Dockerfile @@ -1,2 +1,2 @@ -ARG VERSION=v1.17.5 +ARG VERSION=v1.17.8 FROM quay.io/cilium/cilium:${VERSION} From 66004c83e2b3df640409d0a40b7a7d3f6ee90fe3 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Tue, 30 Sep 2025 13:05:59 +0300 Subject: [PATCH 20/80] [lineage, controller] Implement name selectors This patch implements name-based selectors for `CozystackResourceDefinitions.spec.secrets`. Application developers may now specify secrets that should or should not be visible to end users by specifying a `resourceNames` field with a string slice of acceptable names. This will, for instance, let developers exclude a secret like `postgres-dbname-superuser` that has a predictable name even if it does not have predictable labels. Simple templates are supported, so `postgres-{{ .name }}-superuser` is also a valid entry under `resourceNames`. ```release-note [lineage, controller] Let application developers determine resource visibility for end users by name, as well as by labels. ``` Signed-off-by: Timofei Larkin --- .../cozystackresourcedefinitions_types.go | 49 +++++++++--- api/v1alpha1/zz_generated.deepcopy.go | 38 +++++++--- hack/update-codegen.sh | 2 +- internal/lineagecontrollerwebhook/matcher.go | 52 +++++++++++-- internal/lineagecontrollerwebhook/webhook.go | 7 +- .../clickhouse/images/clickhouse-backup.tag | 2 +- .../kubernetes/images/cluster-autoscaler.tag | 2 +- .../images/kubevirt-cloud-provider.tag | 2 +- .../kubernetes/images/kubevirt-csi-driver.tag | 2 +- .../images/ubuntu-container-disk.tag | 2 +- packages/apps/mysql/images/mariadb-backup.tag | 2 +- packages/extra/monitoring/images/grafana.tag | 2 +- packages/system/cilium/values.yaml | 2 +- .../bootbox.yaml | 4 +- .../bucket.yaml | 4 +- .../clickhouse.yaml | 4 +- .../etcd.yaml | 4 +- .../ferretdb.yaml | 4 +- .../http-cache.yaml | 4 +- .../info.yaml | 4 +- .../ingress.yaml | 4 +- .../kafka.yaml | 4 +- .../kubernetes.yaml | 4 +- .../monitoring.yaml | 8 +- .../mysql.yaml | 4 +- .../nats.yaml | 4 +- .../postgres.yaml | 8 +- .../rabbitmq.yaml | 4 +- .../redis.yaml | 4 +- .../seaweedfs.yaml | 4 +- .../tcp-balancer.yaml | 4 +- .../tenant.yaml | 4 +- .../virtual-machine.yaml | 4 +- .../vm-disk.yaml | 4 +- .../vm-instance.yaml | 4 +- .../vpn.yaml | 4 +- .../cozyrds.yaml | 4 + ...stack.io_cozystackresourcedefinitions.yaml | 74 ++++++++++++++++--- .../crds/cozystack.io_workloadmonitors.yaml | 0 .../crds/cozystack.io_workloads.yaml | 0 .../dashboard.cozystack.io_breadcrumbs.yaml | 0 ...hboard.cozystack.io_breadcrumbsinside.yaml | 0 ...d.cozystack.io_customcolumnsoverrides.yaml | 0 ...ard.cozystack.io_customformsoverrides.yaml | 0 ...oard.cozystack.io_customformsprefills.yaml | 0 .../dashboard.cozystack.io_factories.yaml | 0 ...hboard.cozystack.io_marketplacepanels.yaml | 0 .../dashboard.cozystack.io_navigations.yaml | 0 .../crds/dashboard.cozystack.io_sidebars.yaml | 0 ...shboard.cozystack.io_tableurimappings.yaml | 0 .../templates/crds/crds.yaml | 4 + packages/system/kubevirt-csi-node/values.yaml | 2 +- packages/system/metallb/values.yaml | 4 +- 53 files changed, 229 insertions(+), 123 deletions(-) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/bootbox.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/bucket.yaml (97%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/clickhouse.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/etcd.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/ferretdb.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/http-cache.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/info.yaml (96%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/ingress.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/kafka.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/kubernetes.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/monitoring.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/mysql.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/nats.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/postgres.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/rabbitmq.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/redis.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/seaweedfs.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/tcp-balancer.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/tenant.yaml (97%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/virtual-machine.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/vm-disk.yaml (98%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/vm-instance.yaml (99%) rename packages/system/cozystack-api/{templates/cozystack-resource-definitions => cozyrds}/vpn.yaml (98%) create mode 100644 packages/system/cozystack-api/templates/cozystack-resource-definitions/cozyrds.yaml rename packages/system/cozystack-controller/{templates => }/crds/cozystack.io_cozystackresourcedefinitions.yaml (76%) rename packages/system/cozystack-controller/{templates => }/crds/cozystack.io_workloadmonitors.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/cozystack.io_workloads.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_breadcrumbs.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_breadcrumbsinside.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_customformsoverrides.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_customformsprefills.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_factories.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_marketplacepanels.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_navigations.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_sidebars.yaml (100%) rename packages/system/cozystack-controller/{templates => }/crds/dashboard.cozystack.io_tableurimappings.yaml (100%) create mode 100644 packages/system/cozystack-controller/templates/crds/crds.yaml diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index 760a5922..c318318f 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -51,7 +51,7 @@ type CozystackResourceDefinitionSpec struct { Release CozystackResourceDefinitionRelease `json:"release"` // Secret selectors - Secrets CozystackResourceDefinitionSecrets `json:"secrets,omitempty"` + Secrets CozystackResourceDefinitionResources `json:"secrets,omitempty"` // Dashboard configuration for this resource Dashboard *CozystackResourceDefinitionDashboard `json:"dashboard,omitempty"` @@ -95,16 +95,45 @@ type CozystackResourceDefinitionRelease struct { Prefix string `json:"prefix"` } -type CozystackResourceDefinitionSecrets struct { - // Exclude contains an array of label selectors that target secrets. - // If a secret matches the selector in any of the elements in the array, it is +// CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. +// A resource matches this selector only if it satisfies ALL criteria: +// - Label selector conditions (matchExpressions and matchLabels) +// - AND has a name that matches one of the names in resourceNames (if specified) +// +// The resourceNames field supports Go templates with the following variables available: +// - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) +// - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) +// +// Example YAML: +// secrets: +// include: +// - matchExpressions: +// - key: badlabel +// operator: DoesNotExist +// matchLabels: +// goodlabel: goodvalue +// resourceNames: +// - "{{ .name }}-secret" +// - "{{ .kind }}-{{ .name }}-tls" +// - "specificname" +type CozystackResourceDefinitionResourceSelector struct { + metav1.LabelSelector `json:",inline"` + // ResourceNames is a list of resource names to match + // If specified, the resource must have one of these exact names to match the selector + // +optional + ResourceNames []string `json:"resourceNames,omitempty"` +} + +type CozystackResourceDefinitionResources struct { + // Exclude contains an array of resource selectors that target resources. + // If a resource matches the selector in any of the elements in the array, it is // hidden from the user, regardless of the matches in the include array. - Exclude []*metav1.LabelSelector `json:"exclude,omitempty"` - // Include contains an array of label selectors that target secrets. - // If a secret matches the selector in any of the elements in the array, and - // matches none of the selectors in the exclude array that secret is marked - // as a tenant secret and is visible to users. - Include []*metav1.LabelSelector `json:"include,omitempty"` + Exclude []*CozystackResourceDefinitionResourceSelector `json:"exclude,omitempty"` + // Include contains an array of resource selectors that target resources. + // If a resource matches the selector in any of the elements in the array, and + // matches none of the selectors in the exclude array that resource is marked + // as a tenant resource and is visible to users. + Include []*CozystackResourceDefinitionResourceSelector `json:"include,omitempty"` } // ---- Dashboard types ---- diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index f8913912..5967707e 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -22,7 +22,6 @@ package v1alpha1 import ( "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -175,38 +174,59 @@ func (in *CozystackResourceDefinitionRelease) DeepCopy() *CozystackResourceDefin } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CozystackResourceDefinitionSecrets) DeepCopyInto(out *CozystackResourceDefinitionSecrets) { +func (in *CozystackResourceDefinitionResourceSelector) DeepCopyInto(out *CozystackResourceDefinitionResourceSelector) { + *out = *in + in.LabelSelector.DeepCopyInto(&out.LabelSelector) + if in.ResourceNames != nil { + in, out := &in.ResourceNames, &out.ResourceNames + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionResourceSelector. +func (in *CozystackResourceDefinitionResourceSelector) DeepCopy() *CozystackResourceDefinitionResourceSelector { + if in == nil { + return nil + } + out := new(CozystackResourceDefinitionResourceSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CozystackResourceDefinitionResources) DeepCopyInto(out *CozystackResourceDefinitionResources) { *out = *in if in.Exclude != nil { in, out := &in.Exclude, &out.Exclude - *out = make([]*v1.LabelSelector, len(*in)) + *out = make([]*CozystackResourceDefinitionResourceSelector, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1.LabelSelector) + *out = new(CozystackResourceDefinitionResourceSelector) (*in).DeepCopyInto(*out) } } } if in.Include != nil { in, out := &in.Include, &out.Include - *out = make([]*v1.LabelSelector, len(*in)) + *out = make([]*CozystackResourceDefinitionResourceSelector, len(*in)) for i := range *in { if (*in)[i] != nil { in, out := &(*in)[i], &(*out)[i] - *out = new(v1.LabelSelector) + *out = new(CozystackResourceDefinitionResourceSelector) (*in).DeepCopyInto(*out) } } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionSecrets. -func (in *CozystackResourceDefinitionSecrets) DeepCopy() *CozystackResourceDefinitionSecrets { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionResources. +func (in *CozystackResourceDefinitionResources) DeepCopy() *CozystackResourceDefinitionResources { if in == nil { return nil } - out := new(CozystackResourceDefinitionSecrets) + out := new(CozystackResourceDefinitionResources) in.DeepCopyInto(out) return out } diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 7067b040..10ad2842 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -53,4 +53,4 @@ kube::codegen::gen_openapi \ "${SCRIPT_ROOT}/pkg/apis" $CONTROLLER_GEN object:headerFile="hack/boilerplate.go.txt" paths="./api/..." -$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=packages/system/cozystack-controller/templates/crds +$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=packages/system/cozystack-controller/crds diff --git a/internal/lineagecontrollerwebhook/matcher.go b/internal/lineagecontrollerwebhook/matcher.go index ff0da8b4..66d88082 100644 --- a/internal/lineagecontrollerwebhook/matcher.go +++ b/internal/lineagecontrollerwebhook/matcher.go @@ -1,33 +1,69 @@ package lineagecontrollerwebhook import ( + "bytes" + "text/template" + + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" ) -func matchLabelsToSelector(l map[string]string, s *metav1.LabelSelector) bool { +// matchName checks if the provided name matches any of the resource names in the array. +// Each entry in resourceNames is treated as a Go template that gets rendered using the passed context. +// A nil resourceNames array matches any string. +func matchName(name string, context map[string]string, resourceNames []string) bool { + if resourceNames == nil { + return true + } + + for _, templateStr := range resourceNames { + tmpl, err := template.New("resourceName").Parse(templateStr) + if err != nil { + // TODO: emit warning if error + continue + } + + var buf bytes.Buffer + err = tmpl.Execute(&buf, context) + if err != nil { + // TODO: emit warning if error + continue + } + + if buf.String() == name { + return true + } + } + + return false +} + +func matchResourceToSelector(name string, ctx, l map[string]string, s *cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { // TODO: emit warning if error - sel, err := metav1.LabelSelectorAsSelector(s) + sel, err := metav1.LabelSelectorAsSelector(&s.LabelSelector) if err != nil { return false } - return sel.Matches(labels.Set(l)) + labelMatches := sel.Matches(labels.Set(l)) + nameMatches := matchName(name, ctx, s.ResourceNames) + return labelMatches && nameMatches } -func matchLabelsToSelectorArray(l map[string]string, ss []*metav1.LabelSelector) bool { +func matchResourceToSelectorArray(name string, ctx, l map[string]string, ss []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { for _, s := range ss { - if matchLabelsToSelector(l, s) { + if matchResourceToSelector(name, ctx, l, s) { return true } } return false } -func matchLabelsToExcludeInclude(l map[string]string, ex, in []*metav1.LabelSelector) bool { - if matchLabelsToSelectorArray(l, ex) { +func matchResourceToExcludeInclude(name string, ctx, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { + if matchResourceToSelectorArray(name, ctx, l, ex) { return false } - if matchLabelsToSelectorArray(l, in) { + if matchResourceToSelectorArray(name, ctx, l, in) { return true } return false diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index 94a0fce4..51a3c107 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "fmt" + "strings" "github.com/cozystack/cozystack/pkg/lineage" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -130,6 +131,10 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "apps.cozystack.io/application.kind": obj.GetKind(), "apps.cozystack.io/application.name": obj.GetName(), } + templateLabels := map[string]string{ + "kind": strings.ToLower(obj.GetKind()), + "name": obj.GetName(), + } if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { return labels, err } @@ -142,7 +147,7 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc return "true" } return "false" - }(matchLabelsToExcludeInclude(o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) + }(matchResourceToExcludeInclude(o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) return labels, err } diff --git a/packages/apps/clickhouse/images/clickhouse-backup.tag b/packages/apps/clickhouse/images/clickhouse-backup.tag index 1633ce80..7a6ada58 100644 --- a/packages/apps/clickhouse/images/clickhouse-backup.tag +++ b/packages/apps/clickhouse/images/clickhouse-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/clickhouse-backup:0.0.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205 +ghcr.io/cozystack/cozystack/clickhouse-backup:latest@sha256:0f8707d348e03bfa7589159a61d781d4eca238bdfff5dc09f4d3a01b31285a55 diff --git a/packages/apps/kubernetes/images/cluster-autoscaler.tag b/packages/apps/kubernetes/images/cluster-autoscaler.tag index d5ab33d1..8117b889 100644 --- a/packages/apps/kubernetes/images/cluster-autoscaler.tag +++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/cluster-autoscaler:0.0.0@sha256:2d39989846c3579dd020b9f6c77e6e314cc81aa344eaac0f6d633e723c17196d +ghcr.io/cozystack/cozystack/cluster-autoscaler:latest@sha256:89f822343654ea66efb3ac50bf72b483a52c1a11d33497fdfac5bbd0f3715c2b diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag index 8120dd48..06b8300e 100644 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag +++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.0.0@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2 +ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:latest@sha256:190b7d231da1dfbded3af77777cc99b93a29a36ea69186170460f09d533fe041 diff --git a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag index a59ba9b8..1ff8329d 100644 --- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag +++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:f0e1d9f9e91be8e4a22be9fbe01a8b0e81aba4230b865fba9608ef7f9fb5745f +ghcr.io/cozystack/cozystack/kubevirt-csi-driver:latest@sha256:7312623d19d9a7dc80da73f53a1aabb769796674e5899aad5c0d6100f351d0e8 diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index 50416e0a..2c9d99ea 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:e53f2394c7aa76ad10818ffb945e40006cd77406999e47e036d41b8b0bf094cc +ghcr.io/cozystack/cozystack/ubuntu-container-disk:latest@sha256:ac91fb70d6a898c8a305522020dbbd1bfa6d073a76e5d696a74307487de47dc5 diff --git a/packages/apps/mysql/images/mariadb-backup.tag b/packages/apps/mysql/images/mariadb-backup.tag index fb7b421d..aa279946 100644 --- a/packages/apps/mysql/images/mariadb-backup.tag +++ b/packages/apps/mysql/images/mariadb-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/mariadb-backup:0.0.0@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b +ghcr.io/cozystack/cozystack/mariadb-backup:latest@sha256:abfc43aed08fbbeed8f090e90158108fe59ed6279db93d169c3b1b1656af0064 diff --git a/packages/extra/monitoring/images/grafana.tag b/packages/extra/monitoring/images/grafana.tag index 9d53b4f1..3919ffdc 100644 --- a/packages/extra/monitoring/images/grafana.tag +++ b/packages/extra/monitoring/images/grafana.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/grafana:0.0.0@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399 +ghcr.io/cozystack/cozystack/grafana:latest@sha256:dc27b9d7ef42e3d59667a203cb94d410c60afc119102ff1b9a081af4ea72f52c diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index 25ed972f..db845e6f 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -14,7 +14,7 @@ cilium: mode: "kubernetes" image: repository: ghcr.io/cozystack/cozystack/cilium - tag: 1.17.5 + tag: latest digest: "sha256:2def2dccfc17870be6e1d63584c25b32e812f21c9cdcfa06deadd2787606654d" envoy: enabled: false diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml b/packages/system/cozystack-api/cozyrds/bootbox.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml rename to packages/system/cozystack-api/cozyrds/bootbox.yaml index 9626f0e4..579d3dec 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bootbox.yaml +++ b/packages/system/cozystack-api/cozyrds/bootbox.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNzEuNTY5OCA3Ni41MzM2QzcxLjIzNzQgNzYuNTMzNiA3MC45MDM2IDc2LjQ4NDcgNzAuNTgyOSA3Ni4zODkyTDM2LjIwNzkgNjYuMDc2N0MzNC4zODg1IDY1LjUzMTEgMzMuMzU2MiA2My42MTQ0IDMzLjkwMTcgNjEuNzk2NkMzNC40NDg5IDU5Ljk3NTUgMzYuMzY1NyA1OC45NDgzIDM4LjE4MTcgNTkuNDkwNEw3MS41Njk4IDY5LjUwNzZMMTA0Ljk1OCA1OS40OTA0QzEwNi43NzYgNTguOTYgMTA4LjY5MSA1OS45NzcyIDEwOS4yMzggNjEuNzk2NkMxMDkuNzgzIDYzLjYxNDQgMTA4Ljc1MSA2NS41MzExIDEwNi45MzIgNjYuMDc2N0w3Mi41NTY3IDc2LjM4OTJDNzIuMjM2IDc2LjQ4NDcgNzEuOTAyMiA3Ni41MzM2IDcxLjU2OTggNzYuNTMzNloiIGZpbGw9IiMyMzFGMjAiLz4KPHBhdGggZD0iTTc0Ljk3MyA1My4wMjE0Qzc0Ljc2NjggNTQuMzI3NiA3My44MDQzIDU1LjM5MzMgNzIuNTY2OCA1NS43NzE0TDM4LjE5MTggNjYuMDgzOUMzNy44NDggNjYuMTg3IDM3LjUzODcgNjYuMjIxNCAzNy4xOTQ5IDY2LjIyMTRDMzYuMzY5OSA2Ni4yMjE0IDM1LjU3OTMgNjUuOTEyIDM0LjkyNjIgNjUuMzYyTDIxLjE3NjIgNTMuMzMwOEMyMC4yNDggNTIuNTQwMSAxOS44MzU1IDUxLjI2ODMgMjAuMDc2MiA1MC4wNjUxQzIwLjMxNjggNDguODYyIDIxLjE3NjIgNDcuODY1MSAyMi4zNDQ5IDQ3LjQ4N0w1My4yODI0IDM3LjE3NDVDNTQuMzEzNyAzNi44MzA4IDU1LjQ0OCAzNy4wMDI2IDU2LjM0MTggMzcuNjIxNEw3My41MjkzIDQ5LjY1MjZDNzQuNjI5MyA1MC40MDg5IDc1LjE3OTMgNTEuNzE1MSA3NC45NzMgNTMuMDIxNFoiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEyMS45NjQgNTMuMzMwOEwxMDguMjE0IDY1LjM2MkMxMDcuNTYgNjUuOTEyIDEwNi43NyA2Ni4yMjE0IDEwNS45NDUgNjYuMjIxNEMxMDUuNjAxIDY2LjIyMTQgMTA1LjI5MiA2Ni4xODcgMTA0Ljk0OCA2Ni4wODM5TDcwLjU3MyA1NS43NzE0QzY5LjMzNTUgNTUuMzkzMyA2OC4zNzMgNTQuMzI3NiA2OC4xNjY3IDUzLjAyMTRDNjcuOTYwNSA1MS43MTUxIDY4LjUxMDUgNTAuNDA4OSA2OS42MTA1IDQ5LjY1MjZMODYuNzk4IDM3LjYyMTRDODcuNjkxNyAzNy4wMDI2IDg4LjgyNjEgMzYuODMwOCA4OS44NTc0IDM3LjE3NDVMMTIwLjc5NSA0Ny40ODdDMTIxLjk2NCA0Ny44NjUxIDEyMi44MjMgNDguODYyIDEyMy4wNjQgNTAuMDY1MUMxMjMuMzA0IDUxLjI2ODMgMTIyLjg5MiA1Mi41NDAxIDEyMS45NjQgNTMuMzMwOFoiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEwOS4zODIgNjMuNjQyNlYxMDcuNDcxQzEwOS4zODIgMTA4Ljg4IDEwOC41MjIgMTEwLjE1MiAxMDcuMjE2IDExMC42NjhMNzIuODQxMiAxMjQuNDE4QzcyLjQyODcgMTI0LjU4OSA3Mi4wMTYyIDEyNC42NTggNzEuNTY5MyAxMjQuNjU4QzcxLjEyMjUgMTI0LjY1OCA3MC43MSAxMjQuNTg5IDcwLjI5NzUgMTI0LjQxOEwzNS45MjI1IDExMC42NjhDMzQuNjE2MiAxMTAuMTUyIDMzLjc1NjggMTA4Ljg4IDMzLjc1NjggMTA3LjQ3MVY2My42NDI2QzMzLjc1NjggNjEuNzUyIDM1LjMwMzcgNjAuMjA1MSAzNy4xOTQzIDYwLjIwNTFIMTA1Ljk0NEMxMDcuODM1IDYwLjIwNTEgMTA5LjM4MiA2MS43NTIgMTA5LjM4MiA2My42NDI2WiIgZmlsbD0iI0VBQkQ0QyIvPgo8cGF0aCBkPSJNMTA3Ljk5OSA2MS40OTU4QzEwNy45OTkgNjIuOTgxMiAxMDcuMDM3IDY0LjI5NzkgMTA1LjY0MyA2NC43MzY4TDcyLjQ2MTMgNzQuODY1QzcyLjEyOTUgNzQuOTY2MiA3MS44MzA4IDc1IDcxLjQ5OSA3NUM3MS4xNjcyIDc1IDcwLjg2ODYgNzQuOTY2MiA3MC41MzY4IDc0Ljg2NUwzNy4zNTQ5IDY0LjczNjhDMzUuOTYxMyA2NC4yOTc5IDM0Ljk5OSA2Mi45ODEyIDM0Ljk5OSA2MS40OTU4QzM0Ljk5OSA2MC4wMTAzIDM1Ljk2MTMgNTguNjkzNyAzNy4zNTQ5IDU4LjI1NDhMNzAuNTM2OCA0OC4xMjY2QzcxLjE2NzIgNDcuOTU3OCA3MS44MzA4IDQ3Ljk1NzggNzIuNDYxMyA0OC4xMjY2TDEwNS42NDMgNTguMjU0OEMxMDcuMDM3IDU4LjY5MzcgMTA3Ljk5OSA2MC4wMTAzIDEwNy45OTkgNjEuNDk1OFoiIGZpbGw9IiM0QzM4MjUiLz4KPHBhdGggZD0iTTc0LjUxMTggNzdDNzUuMzUgNzcgNzYuMTc5NCA3Ni45NjI4IDc3IDc2LjkxMzNWMjEuMDg2N0M3Ni4xNzY1IDIxLjAzNDcgNzUuMzQ3MSAyMSA3NC41MDU5IDIxQzczLjY2NDcgMjEgNzIuODI5NCAyMS4wMzQ3IDcyIDIxLjA4NjdWNzYuOTEwOEM3Mi44MjY1IDc2Ljk2MjggNzMuNjU4OCA3Ni45OTc1IDc0LjUgNzdINzQuNTExOFoiIGZpbGw9InVybCgjcGFpbnQxX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNDQuMDI4MiAzOC4xMTI5TDQzLjIwNzggMzcuMjk1OUM0Mi4wNzczIDM4LjkxMjEgNDEuMDc0NiA0MC42MTQgNDAuMjA4OCA0Mi4zODYxQzUwLjEwMDEgNTIuNDM1NCA1MS4xNDI0IDU3LjI4MzUgNTEuMTI4OSA1OC45MDc0QzUxLjA5MTkgNjMuMDI2IDQ2LjA1MjIgNjkuNDg0NSA0MC4xNDE2IDc1LjQ2NTdDNDAuOTk5NiA3Ny4yMzc1IDQxLjk5MzMgNzguOTQwNSA0My4xMTM3IDgwLjU1OTJDNDMuNDQ5OSA4MC4yMjMgNDMuNzY5MyA3OS45MTM3IDQ0LjA5NTQgNzkuNTg0MkM1Mi42MjUgNzAuOTk3NSA1Ni43OTQgNjQuMjQ5OCA1Ni44NDQ1IDU4Ljk0NzdDNTYuODk0OSA1My42NDU3IDUyLjcwMjQgNDYuODg3OSA0NC4wMjgyIDM4LjExMjlaIiBmaWxsPSJ1cmwoI3BhaW50Ml9saW5lYXJfOTc5Xzc5MikiLz4KPHBhdGggZD0iTTEwNC42OTUgNzkuNTk3NUwxMDUuNjc2IDgwLjU3MjVDMTA2Ljc5NSA3OC45NDkyIDEwNy43ODcgNzcuMjQxNyAxMDguNjQyIDc1LjQ2NTVDMTAyLjczNSA2OS40NzA5IDk3LjY5NDggNjIuOTk1NSA5Ny42NTQ1IDU4Ljg5MzdDOTcuNjE3NSA1NC44OTI4IDEwMi42MjcgNDguNDIwOCAxMDguNTY4IDQyLjM1OUMxMDcuNzAzIDQwLjU5MTcgMTA2LjcwMyAzOC44OTQ0IDEwNS41NzYgMzcuMjgyMkwxMDQuNzU1IDM4LjA5OTJDOTYuMDgxIDQ2Ljg1NzUgOTEuODg4NSA1My42NzkxIDkxLjkzODkgNTguOTQ0MkM5MS45ODk0IDY0LjIwOTIgOTYuMTU4MyA3MS4wMTA3IDEwNC42OTUgNzkuNTk3NVoiIGZpbGw9InVybCgjcGFpbnQzX2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNODcuNDM5NiA1OC45MzQ0Qzg3LjQzOTYgNTEuNTM3OCA5MC43Mzc4IDM5LjIzOTMgOTUuODE3OSAyNy42MTY1Qzk0LjE5NzkgMjYuNTEzOSA5Mi40OTUgMjUuNTM4MiA5MC43MjQ0IDI0LjY5ODJDODUuMTYzNSAzNy4yMjg3IDgxLjcyMDcgNTAuNTU2MSA4MS43MjA3IDU4Ljk0NzhDODEuNzIwNyA2Ny4wNjczIDg1LjQ0OTMgODAuNTQyNSA5MS4xMTEgOTMuMTQwM0M5Mi44NDY4IDkyLjI4NTkgOTQuNTE0NyA5MS4zMDAyIDk2LjEwMDQgOTAuMTkxN0M5MC44NTg5IDc4LjQwMDkgODcuNDM5NiA2Ni4wNzU1IDg3LjQzOTYgNTguOTM0NFoiIGZpbGw9InVybCgjcGFpbnQ0X2xpbmVhcl85NzlfNzkyKSIvPgo8cGF0aCBkPSJNNjcuMDM4NCA1OC45MzUzQzY3LjAzODQgNTAuNDk5OCA2My40NTc4IDM3LjA5ODUgNTcuOTYwOCAyNC43MjI3QzU2LjIxNTggMjUuNTYxMyA1NC41Mzc3IDI2LjUzMjUgNTIuOTQxMiAyNy42Mjc1QzU4LjAzMTQgMzkuMjQzNSA2MS4zMjI4IDUxLjU0NTQgNjEuMzIyOCA1OC45MzUzQzYxLjMyMjggNjYuMDczIDU3LjkwMzYgNzguMzk1IDUyLjY2MjEgOTAuMTcyNEM1NC4yNDgyIDkxLjI4MDIgNTUuOTE2MSA5Mi4yNjU4IDU3LjY1MTQgOTMuMTIxQzYzLjMxOTkgODAuNTI2NiA2Ny4wMzg0IDY3LjA2MTQgNjcuMDM4NCA1OC45MzUzWiIgZmlsbD0idXJsKCNwYWludDVfbGluZWFyXzk3OV83OTIpIi8+CjxwYXRoIGQ9Ik03NC40MjI5IDc0Ljk4N0w2MC42NzI5IDk1LjYxMkM2MC4wMTk3IDk2LjYwODkgNTguOTU0MSA5Ny4xNTg5IDU3LjgxOTcgOTcuMTU4OUM1Ny40MDcyIDk3LjE1ODkgNTYuOTYwNCA5Ny4wOTAxIDU2LjU0NzkgOTYuOTE4M0wyMi4xNzI5IDgzLjE2ODNDMjEuMTQxNiA4Mi43NTU4IDIwLjM4NTQgODEuODk2NCAyMC4xMTA0IDgwLjg2NTFDMTkuODM1NCA3OS43OTk1IDIwLjA3NiA3OC42NjUxIDIwLjc2MzUgNzcuODQwMUwzNC41MTM1IDYwLjY1MjZDMzUuMzcyOSA1OS41NTI2IDMyLjczOTEgNTcuODQwNCAzNC4wNzk3IDU4LjIxODVMNzIuNTY2NiA2OS43OTY0QzczLjU5NzkgNzAuMTA1OCA3NC40MjI5IDcwLjg5NjQgNzQuODAxIDcxLjkyNzZDNzUuMTc5MSA3Mi45NTg5IDc1LjA0MTYgNzQuMDkzMyA3NC40MjI5IDc0Ljk4N1oiIGZpbGw9IiNGRkRDODMiLz4KPHBhdGggZD0iTTEyMy4wMjkgODAuNjI0MkMxMjIuNzU0IDgxLjY1NTUgMTIxLjk5OCA4Mi41NDkyIDEyMS4wMDEgODIuOTI3NEw4Ni42MjYxIDk2LjkxOEM4Ni4xNzkyIDk3LjA4OTkgODUuNzY2NyA5Ny4xNTg2IDg1LjMxOTkgOTcuMTU4NkM4NC4xODU1IDk3LjE1ODYgODMuMTE5OSA5Ni42MDg2IDgyLjQ2NjcgOTUuNjExN0w2OC43MTY3IDc0Ljk4NjdDNjguMDk4IDc0LjA5MyA2Ny45NjA1IDcyLjk1ODYgNjguMzM4NiA3MS45Mjc0QzY4LjcxNjcgNzAuODk2MSA2OS41NDE3IDcwLjEwNTUgNzAuNTczIDY5Ljc5NjFMMTA4LjQ2OSA1OC40MzMxQzEwOS44MSA1OC4wMjA2IDEwNy43MzIgNTkuNTUyNCAxMDguNjI2IDYwLjYxOEwxMjIuMzc2IDc3LjU5OTJDMTIzLjA2NCA3OC40MjQyIDEyMy4zMDQgNzkuNTU4NiAxMjMuMDI5IDgwLjYyNDJaIiBmaWxsPSIjRkZEQzgzIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfOTc5Xzc5MiIgeDE9IjI0IiB5MT0iMy41IiB4Mj0iMTgxIiB5Mj0iMTQ3IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM0ODAwMDAiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjQUUyMzAwIi8+CjwvbGluZWFyR3JhZGllbnQ+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQxX2xpbmVhcl85NzlfNzkyIiB4MT0iNzQuNSIgeTE9IjE3LjIzNjkiIHgyPSI3NC41IiB5Mj0iNzkuOTEzMyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDJfbGluZWFyXzk3OV83OTIiIHgxPSI0OC40OTMiIHkxPSIxNS44OTI4IiB4Mj0iNDguNDkzIiB5Mj0iMTAwLjk1NCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDNfbGluZWFyXzk3OV83OTIiIHgxPSIxMDAuMjkiIHkxPSIxNS44OTI2IiB4Mj0iMTAwLjI5IiB5Mj0iMTAwLjk1MyIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkZEMjAwIi8+CjxzdG9wIG9mZnNldD0iMC4wNiIgc3RvcC1jb2xvcj0iI0ZGQjUwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMTQiIHN0b3AtY29sb3I9IiNGRjhDMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjIxIiBzdG9wLWNvbG9yPSIjRkY3MzAwIi8+CjxzdG9wIG9mZnNldD0iMC4yNiIgc3RvcC1jb2xvcj0iI0ZGNkEwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMzMiIHN0b3AtY29sb3I9IiNGQzRGMEUiLz4KPHN0b3Agb2Zmc2V0PSIwLjQzIiBzdG9wLWNvbG9yPSIjRjkyRjFFIi8+CjxzdG9wIG9mZnNldD0iMC41MSIgc3RvcC1jb2xvcj0iI0Y4MUIyNyIvPgo8c3RvcCBvZmZzZXQ9IjAuNTciIHN0b3AtY29sb3I9IiNGNzE0MkIiLz4KPHN0b3Agb2Zmc2V0PSIwLjY4IiBzdG9wLWNvbG9yPSIjREYxNjJFIi8+CjxzdG9wIG9mZnNldD0iMC43OSIgc3RvcC1jb2xvcj0iI0FGMUEzOCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM0QjIxNEMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDRfbGluZWFyXzk3OV83OTIiIHgxPSI4OC45MTIyIiB5MT0iMTUuODkyOSIgeDI9Ijg4LjkxMjIiIHkyPSIxMDAuOTU0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkQyMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjA2IiBzdG9wLWNvbG9yPSIjRkZCNTAwIi8+CjxzdG9wIG9mZnNldD0iMC4xNCIgc3RvcC1jb2xvcj0iI0ZGOEMwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMjEiIHN0b3AtY29sb3I9IiNGRjczMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjI2IiBzdG9wLWNvbG9yPSIjRkY2QTAwIi8+CjxzdG9wIG9mZnNldD0iMC4zMyIgc3RvcC1jb2xvcj0iI0ZDNEYwRSIvPgo8c3RvcCBvZmZzZXQ9IjAuNDMiIHN0b3AtY29sb3I9IiNGOTJGMUUiLz4KPHN0b3Agb2Zmc2V0PSIwLjUxIiBzdG9wLWNvbG9yPSIjRjgxQjI3Ii8+CjxzdG9wIG9mZnNldD0iMC41NyIgc3RvcC1jb2xvcj0iI0Y3MTQyQiIvPgo8c3RvcCBvZmZzZXQ9IjAuNjgiIHN0b3AtY29sb3I9IiNERjE2MkUiLz4KPHN0b3Agb2Zmc2V0PSIwLjc5IiBzdG9wLWNvbG9yPSIjQUYxQTM4Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzRCMjE0QyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50NV9saW5lYXJfOTc5Xzc5MiIgeDE9IjU5Ljg1NyIgeTE9IjE1Ljg5MzgiIHgyPSI1OS44NTciIHkyPSIxMDAuOTU1IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkQyMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjA2IiBzdG9wLWNvbG9yPSIjRkZCNTAwIi8+CjxzdG9wIG9mZnNldD0iMC4xNCIgc3RvcC1jb2xvcj0iI0ZGOEMwMCIvPgo8c3RvcCBvZmZzZXQ9IjAuMjEiIHN0b3AtY29sb3I9IiNGRjczMDAiLz4KPHN0b3Agb2Zmc2V0PSIwLjI2IiBzdG9wLWNvbG9yPSIjRkY2QTAwIi8+CjxzdG9wIG9mZnNldD0iMC4zMyIgc3RvcC1jb2xvcj0iI0ZDNEYwRSIvPgo8c3RvcCBvZmZzZXQ9IjAuNDMiIHN0b3AtY29sb3I9IiNGOTJGMUUiLz4KPHN0b3Agb2Zmc2V0PSIwLjUxIiBzdG9wLWNvbG9yPSIjRjgxQjI3Ii8+CjxzdG9wIG9mZnNldD0iMC41NyIgc3RvcC1jb2xvcj0iI0Y3MTQyQiIvPgo8c3RvcCBvZmZzZXQ9IjAuNjgiIHN0b3AtY29sb3I9IiNERjE2MkUiLz4KPHN0b3Agb2Zmc2V0PSIwLjc5IiBzdG9wLWNvbG9yPSIjQUYxQTM4Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzRCMjE0QyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "whitelistHTTP"], ["spec", "whitelist"], ["spec", "machines"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml b/packages/system/cozystack-api/cozyrds/bucket.yaml similarity index 97% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml rename to packages/system/cozystack-api/cozyrds/bucket.yaml index d94e67e1..8bb57046 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/bucket.yaml +++ b/packages/system/cozystack-api/cozyrds/bucket.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzA5MSkiLz4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik03MiAzMC4xNjQxTDExNy45ODMgMzYuNzc4OVY0MC42NzM5QzExNy45ODMgNDYuNDY1MyA5Ny4zODYyIDUxLjEzMzIgNzEuOTgyNyA1MS4xMzMyQzQ2LjU3OTIgNTEuMTMzMiAyNiA0Ni40NjUzIDI2IDQwLjY3MzlWMzYuNDQzMUw3MiAzMC4xNjQxWk03MiA1OC4yNjc4QzkxLjIwODQgNTguMjY3OCAxMDcuNjU4IDU1LjU5ODYgMTE0LjU0NyA1MS44MDQ4TDExNi44MDMgNDguMTExTDExNy43MjMgNDQuNzUzVjQ4LjkxNzFMMTAyLjY3OSAxMTEuMDMzQzEwMi42NzkgMTE0Ljg5NSA4OC45NTMzIDExOCA3Mi4wMTcyIDExOEM1NS4wODEyIDExOCA0MS4zNzQzIDExNC44OTUgNDEuMzc0MyAxMTEuMDMzTDI2LjMzIDQ4LjkxNzFWNDQuODM2OUwyOS44MDA3IDUxLjkzODJDMzYuNzA2NSA1NS42NjUzIDUyLjk5OTcgNTguMjY3OCA3MiA1OC4yNjc4WiIgZmlsbD0iIzhDMzEyMyIvPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTcyLjAwMDMgMjZDOTcuNDAzOCAyNiAxMTggMzAuNjgzOSAxMTggMzYuNDQyQzExOCA0Mi4yIDk3LjM4NjYgNDYuODUwNyA3Mi4wMDAzIDQ2Ljg1MDdDNDYuNjE0MSA0Ni44NTA3IDI2LjAxNzYgNDIuMjM0NSAyNi4wMTc2IDM2LjQ0MkMyNi4wMTc2IDMwLjY0OTQgNDYuNTk2OCAyNiA3Mi4wMDAzIDI2Wk03Mi4wMDAzIDU0LjEwMzdDOTUuNjg1NyA1NC4xMDM3IDExNS4xNzIgNTAuMDU4IDExNy43MDYgNDQuODE5N0wxMDIuNjYyIDEwNi45MzdDMTAyLjY2MiAxMTAuNzk5IDg4LjkzNjQgMTEzLjkwNSA3Mi4wMDAzIDExMy45MDVDNTUuMDY0MyAxMTMuOTA1IDQxLjMzOSAxMTAuODE2IDQxLjMzOSAxMDYuOTU0TDI2LjI5NTkgNDQuODM3QzI4Ljg0NjYgNTAuMDU4IDQ4LjMzMzMgNTQuMTAzNyA3Mi4wMDAzIDU0LjEwMzdaIiBmaWxsPSIjRTA1MjQzIi8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNNjEuMTcyNSA2MC4wMjkzSDgxLjA5MjhWNzkuMTY3Nkg2MS4xNzI1VjYwLjAyOTNaTTQ1LjMzMDEgOTUuMzY4OEM0NS4zMzAxIDkwLjE0MiA0OS43MTA0IDg1LjkzNDIgNTUuMTUxMSA4NS45MzQyQzYwLjU5MTcgODUuOTM0MiA2NC45NzIxIDkwLjE0MiA2NC45NzIxIDk1LjM2ODhDNjQuOTcyMSAxMDAuNTk2IDYwLjU5MTcgMTA0LjgwMyA1NS4xNTExIDEwNC44MDNDNDkuNzEwNCAxMDQuODAzIDQ1LjMzMDEgMTAwLjU5NiA0NS4zMzAxIDk1LjM2ODhaTTk2LjQ0ODcgMTA0LjM2OEg3Ni43NzIyTDg2LjYxMDUgODYuNzczN0w5Ni40NDg3IDEwNC4zNjhaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18zMDkxIiB4MT0iMCIgeTE9IjAiIHgyPSIxNTEiIHkyPSIxODAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0ZGRjBFRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNFQzg4N0QiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml b/packages/system/cozystack-api/cozyrds/clickhouse.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml rename to packages/system/cozystack-api/cozyrds/clickhouse.yaml index c1a7ec87..5862326e 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/clickhouse.yaml +++ b/packages/system/cozystack-api/cozyrds/clickhouse.yaml @@ -28,7 +28,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzIwMikiLz4KPHBhdGggZD0iTTIzIDEwNUgzNFYxMTZIMjNWMTA1WiIgZmlsbD0iI0ZGMDAwMCIvPgo8cGF0aCBkPSJNMjMgMjhIMzRWMTA1SDIzVjI4Wk00NSAyOEg1NS45OTk5VjExNkg0NVYyOFpNNjYuOTk5OSAyOEg3Ny45OTk5VjExNkg2Ni45OTk5VjI4Wk04OC45OTk5IDI4SDk5Ljk5OTlWMTE2SDg4Ljk5OTlWMjhaTTExMSA2My43NDk5SDEyMlY4MC4yNDk5SDExMVY2My43NDk5WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMzIwMiIgeDE9Ii0wLjQ5OTk5OCIgeTE9IjEuNSIgeDI9IjE1My41IiB5Mj0iMTYyIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNGRkNDMDAiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjRkY3QTAwIi8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "shards"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "logStorageSize"], ["spec", "logTTL"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"], ["spec", "clickhouseKeeper"], ["spec", "clickhouseKeeper", "enabled"], ["spec", "clickhouseKeeper", "size"], ["spec", "clickhouseKeeper", "resourcesPreset"], ["spec", "clickhouseKeeper", "replicas"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml b/packages/system/cozystack-api/cozyrds/etcd.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml rename to packages/system/cozystack-api/cozyrds/etcd.yaml index 862a2cf6..dc67a07b 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/etcd.yaml +++ b/packages/system/cozystack-api/cozyrds/etcd.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NjMpIi8+CjxwYXRoIGQ9Ik0xMjIuNDQyIDczLjQ3MjlDMTIxLjk1OSA3My41MTM0IDEyMS40NzQgNzMuNTMyMiAxMjAuOTU4IDczLjUzMjJDMTE3Ljk2NSA3My41MzIyIDExNS4wNjEgNzIuODMwNCAxMTIuNDQyIDcxLjU0NTFDMTEzLjMxNCA2Ni41NDIxIDExMy42ODUgNjEuNTAxOSAxMTMuNTg4IDU2LjQ4MDJDMTEwLjc0OCA1Mi4zNzIzIDEwNy41MDIgNDguNDk2NSAxMDMuODM4IDQ0LjkyNTdDMTA1LjQyOCA0MS45NDU0IDEwNy43NzggMzkuMzgxMSAxMTAuNzExIDM3LjU2MjhMMTExLjk3MSAzNi43ODQyTDExMC45ODkgMzUuNjc3NEMxMDUuOTMyIDI5Ljk4MzIgOTkuODk3MSAyNS41ODA5IDkzLjA1NDcgMjIuNTkzN0w5MS42OTAyIDIyTDkxLjM0MzcgMjMuNDQyM0M5MC41Mjc3IDI2LjgwMzYgODguODIyMiAyOS44MzYgODYuNDgwNyAzMi4yNjk1QzgxLjk4MDMgMjkuODc3NCA3Ny4yNzg4IDI3Ljk0NCA3Mi40MzA1IDI2LjQ3OTdDNjcuNTkzNyAyNy45NDA4IDYyLjkwMDUgMjkuODY4NiA1OC40MDIgMzIuMjU3MUM1Ni4wNzAxIDI5LjgyNjggNTQuMzY4OCAyNi44MDE4IDUzLjU1NiAyMy40NTAxTDUzLjIwNzIgMjIuMDA4M0w1MS44NDc3IDIyLjU5OTJDNDUuMDkxNCAyNS41NDMxIDM4Ljg5MDEgMzAuMDY0NyAzMy45MTYyIDM1LjY3NDJMMzIuOTMxOCAzNi43ODMzTDM0LjE5IDM3LjU2MTlDMzcuMTE0MiAzOS4zNzMzIDM5LjQ1NzYgNDEuOTIyNCA0MS4wNDQ0IDQ0Ljg4NjZDMzcuMzkxNyA0OC40NDM1IDM0LjE0OTUgNTIuMzA3IDMxLjMxMTkgNTYuMzk1OUMzMS4yMDE0IDYxLjQxNTQgMzEuNTUzNSA2Ni40OTI0IDMyLjQyOTcgNzEuNTY0NEMyOS44MjMxIDcyLjgzNzggMjYuOTM1OCA3My41MzE4IDIzLjk2MjggNzMuNTMxOEMyMy40NDA5IDczLjUzMTggMjIuOTUyNyA3My41MTI5IDIyLjQ3ODIgNzMuNDczM0wyMSA3My4zNjA2TDIxLjEzODUgNzQuODM2NUMyMS44NjI5IDgyLjMwMzMgMjQuMTgxNCA4OS40MDUzIDI4LjAzMzQgOTUuOTQ3MUwyOC43ODUzIDk3LjIyMzdMMjkuOTE0MiA5Ni4yNjU2QzMyLjUzMDUgOTQuMDQ2NSAzNS42OTE3IDkyLjU3NyAzOS4wNTMgOTEuOTg0N0M0MS4yNjg5IDk2LjUxNTUgNDMuODk1MyAxMDAuNzcyIDQ2Ljg3NDcgMTA0LjcyNUM1MS42Mjg3IDEwNi4zODcgNTYuNTgxOSAxMDcuNjI5IDYxLjY5NzEgMTA4LjM2N0M2Mi4xODc3IDExMS43NSA2MS43OTcgMTE1LjI0OSA2MC40NjI0IDExOC40ODRMNTkuODk5NSAxMTkuODU1TDYxLjM0NjkgMTIwLjE3NEM2NS4wNTI5IDEyMC45ODkgNjguNzkxNyAxMjEuNDA0IDcyLjQ1MjYgMTIxLjQwNEw4My41NTUxIDEyMC4xNzRMODUuMDAzOSAxMTkuODU1TDg0LjQzOTcgMTE4LjQ4MkM4My4xMDg3IDExNS4yNDYgODIuNzE4IDExMS43NDMgODMuMjA4NiAxMDguMzZDODguMzAzNiAxMDcuNjIxIDkzLjIzODQgMTA2LjM4MiA5Ny45NzQ4IDEwNC43MjVDMTAwLjk1NyAxMDAuNzY5IDEwMy41ODYgOTYuNTA5NSAxMDUuODA1IDkxLjk3MjhDMTA5LjE3NyA5Mi41NjE0IDExMi4zNTYgOTQuMDMxNyAxMTQuOTg5IDk2LjI1NzNMMTE2LjExOCA5Ny4yMTQxTDExNi44NjYgOTUuOTQwN0MxMjAuNzI1IDg5LjM5MDUgMTIzLjA0MyA4Mi4yODkxIDEyMy43NTYgNzQuODM0MkwxMjMuODk1IDczLjM2MUwxMjIuNDQyIDczLjQ3MjlaTTg4LjMxOTcgOTEuNTE4MUM4My4wNjczIDkyLjk0NjYgNzcuNzMzIDkzLjY2NzcgNzIuNDMwNSA5My42Njc3QzY3LjExMzcgOTMuNjY3NyA2MS43ODU5IDkyLjk0NyA1Ni41MjkgOTEuNTE4MUM1My42NDQ4IDg3LjAzNjYgNTEuMzY0NSA4Mi4yMzU3IDQ5LjcyMzQgNzcuMTgxMkM0OC4wODkyIDcyLjE1MDIgNDcuMTMyOSA2Ni44Nzk1IDQ2Ljg1NTQgNjEuNDUyMkM1MC4yNTA0IDU3LjI1NDcgNTQuMTExIDUzLjU3NzYgNTguMzc2NyA1MC40ODIzQzYyLjcxMTQgNDcuMzI5NCA2Ny40MjcxIDQ0Ljc2NzkgNzIuNDMwNSA0Mi44NDFDNzcuNDI1NiA0NC43NjgzIDgyLjEzMjYgNDcuMzI2MiA4Ni40NTcyIDUwLjQ2NTdDOTAuNzM5NCA1My41Nzc2IDk0LjYxNzEgNTcuMjgzMiA5OC4wMjg3IDYxLjUwN0M5Ny43Mzc4IDY2LjkwMzQgOTYuNzcgNzIuMTQzOCA5NS4xMzMgNzcuMTY2NUM5My40OTYxIDgyLjIyIDkxLjIwODQgODcuMDM2MSA4OC4zMTk3IDkxLjUxODFaTTc2Ljc2ODQgNjYuMTk3NEM3Ni43Njg0IDY5LjkwODEgNzkuNzc1NCA3Mi45MDk2IDgzLjQ4MSA3Mi45MDk2Qzg3LjE4NTcgNzIuOTA5NiA5MC4xODk1IDY5LjkwODYgOTAuMTg5NSA2Ni4xOTc0QzkwLjE4OTUgNjIuNTAxIDg3LjE4NTcgNTkuNDg4MSA4My40ODEgNTkuNDg4MUM3OS43NzU0IDU5LjQ4ODEgNzYuNzY4NCA2Mi41MDEgNzYuNzY4NCA2Ni4xOTc0Wk02OC4wOTU0IDY2LjE5NzRDNjguMDk1NCA2OS45MDgxIDY1LjA4ODggNzIuOTA5NiA2MS4zODMyIDcyLjkwOTZDNTcuNjc0OSA3Mi45MDk2IDU0LjY3NjYgNjkuOTA4NiA1NC42NzY2IDY2LjE5NzRDNTQuNjc2NiA2Mi41MDI0IDU3LjY3NTMgNTkuNDg5NCA2MS4zODMyIDU5LjQ4OTRDNjUuMDg4OCA1OS40ODk0IDY4LjA5NTQgNjIuNTAyNCA2OC4wOTU0IDY2LjE5NzRaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yOTYzIiB4MT0iNS41IiB5MT0iMTEiIHgyPSIxNDEiIHkyPSIxMjQuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNTNCMkYwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzQxOUVEQSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resources", "cpu"], ["spec", "resources", "memory"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml b/packages/system/cozystack-api/cozyrds/ferretdb.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml rename to packages/system/cozystack-api/cozyrds/ferretdb.yaml index e754aa28..976e35d6 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ferretdb.yaml +++ b/packages/system/cozystack-api/cozyrds/ferretdb.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NTIpIi8+CjxwYXRoIGQ9Ik02OS41OTIzIDIyLjEzMUM1OC4yNjYyIDIzLjY3ODcgNDYuOTAzNyAzMC44NzE0IDQwLjMzMDIgNDAuNjY3OUMzOS4yNzQgNDIuMjUyMSAzNy40NTMxIDQ1LjU0OCAzNy40NTMxIDQ1Ljg3NTdDMzcuNDUzMSA0NS45MTIyIDM4LjMyNzIgNDUuMzg0MSAzOS4zODMzIDQ0LjY5MjFDNTIuMzg0NyAzNi4xMTU2IDY3Ljg5ODkgMzQuNTMxNCA4MC41MTc4IDQwLjQ4NThDODMuMjY3NCA0MS43Nzg3IDg0Ljk5NzMgNDMuMDM1MSA4Ny40NTU1IDQ1LjQ5MzNDOTEuNTg5IDQ5LjY0NSA5NC42MTE3IDU1LjE5ODggOTYuNzA1OCA2Mi41MDA3Qzk3Ljc5ODMgNjYuMjUxOCA5OC43MDg4IDcxLjM2ODYgOTguOTQ1NSA3NC44NDY1Qzk5LjAwMDEgNzUuNzkzNCA5OS4xNDU4IDc2LjYzMSA5OS4yMzY5IDc2LjY4NTZDOTkuNzQ2NyA3Ni45OTUyIDEwMi4wNDEgNzMuNjYyOSAxMDMuNjYyIDcwLjI3NkMxMDYuMjI5IDY0Ljg4NjEgMTA3LjQzMSA1OS41ODcyIDEwNy40MTMgNTMuNzA1N0MxMDcuMzk1IDQ1LjM4NDEgMTA0LjUxOCAzOC4zOTE3IDk4LjcyNyAzMi41NjQ4QzkzLjU5MiAyNy4zOTM0IDg3LjEwOTUgMjMuODQyNiA4MC4zMTc1IDIyLjQ1ODdDNzguNzMzMyAyMi4xNDkyIDc3LjU2NzkgMjIuMDU4MSA3NC41OTk5IDIyLjAwMzVDNzIuNTQyMiAyMS45ODUzIDcwLjMwMjUgMjIuMDM5OSA2OS41OTIzIDIyLjEzMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00NS41MiA0Ni40NDAyQzQ0LjMzNjQgNDcuMDIyOSA0Mi4zNTE2IDQ4Ljg0MzggNDAuNjAzNSA1MC45Mzc5QzM5LjgyMDUgNTEuODY2NiAzOC42MzY5IDUzLjAxMzcgMzcuNzYyOSA1My42NjkzQzM1LjcyMzQgNTUuMTk4OSAzMi4yNDU1IDU4LjYwNCAzMC40NzkyIDYwLjgwNzNDMjEuMjY1NCA3Mi4yMjQ0IDE4LjY5NzkgODUuMjQ0IDIzLjA4NjMgOTguMzE4MkMyNi42OTE3IDEwOS4wMjUgMzUuMDMxNSAxMTYuMTI3IDQ3Ljg1MDggMTE5LjM1QzUyLjg0MDEgMTIwLjYyNCA2MC4zMjQgMTIxLjMzNSA2My40NTYgMTIwLjg0M0w2NC4yNTcyIDEyMC43MTVMNjMuMDE5IDExOS45ODdDNTYuMTkwNiAxMTYuMDE4IDUxLjQxOTggMTA5LjMxNyA1MC4wOTA1IDEwMS44NjlDNDkuNjg5OSA5OS42MTEgNDkuNjcxNyA5NS42MDUgNTAuMDcyMyA5My40MDE3QzUwLjk2NDUgODguNDQ4OCA1My40NTkyIDgzLjg5NjUgNTYuODQ2MSA4MS4wNTU5QzU4LjQzMDMgNzkuNzI2NiA2MS4xOTgxIDc4LjM2MDkgNjMuNDAxNCA3Ny44MzI5QzY2LjcxNTUgNzcuMDMxNyA2OC43MzY3IDc2LjEyMTIgNzAuODMwNyA3NC40NjQyQzcyLjE3ODIgNzMuNDA4IDczLjM2MTggNzEuODA1NiA3NC4zNDUxIDY5LjcyOThDNzUuMTgyNyA2Ny45NjM1IDc2Ljk2NzIgNjIuMzU1MSA3Ni45NjcyIDYxLjQ2MjhDNzYuOTY3MiA2MC44NDM3IDc2LjMyOTkgNjAuMDA2MSA3NS40MTk1IDU5LjQ0MTZDNzQuOTQ2IDU5LjE1MDIgNzQuMTk5NCA1OC45ODY0IDcyLjI4NzUgNTguNzg2MUM2NC4wNTY5IDU3LjkzMDIgNTkuOTU5OSA1Ni40MzcxIDU1LjAwNyA1Mi41MjIxQzU0LjI5NjggNTEuOTU3NiA1My40NDEgNTEuMzIwMyA1My4wOTUgNTEuMTAxOEM1Mi43NDkgNTAuOTAxNSA1Mi4wNTcxIDUwLjEzNjcgNTEuNTgzNiA0OS40MjY1QzUwLjE0NTEgNDcuMzMyNSA0OC4zNjA2IDQ1Ljk4NSA0Ni45OTQ5IDQ1Ljk2NjhDNDYuNzAzNiA0NS45NjY4IDQ2LjAyOTggNDYuMTg1MyA0NS41MiA0Ni40NDAyWk01NC40NjA3IDU0Ljg3MTFDNTUuMDc5OCA1NS4xODA2IDU1Ljc1MzUgNTUuNTgxMiA1NS45NzIgNTUuNzQ1MUw1Ni4zNzI3IDU2LjA3MjlMNTUuNzM1MyA1OC42MjIyQzU1LjE4OTEgNjAuODQzNyA1NS4wOTggNjEuNDA4MiA1NS4xNTI2IDYyLjk5MjRDNTUuMjA3MyA2NC41NTg0IDU1LjI2MTkgNjQuOTA0MyA1NS42MjYxIDY1LjQxNDJDNTYuMjI3IDY2LjIzMzYgNTcuMjY0OSA2Ni43MjUzIDU4LjQzMDMgNjYuNzI1M0M2MC4wODczIDY2LjcyNTMgNjEuMzgwMiA2NS43Nzg0IDYzLjUyODkgNjIuOTU2QzY0LjE0OCA2Mi4xNTQ4IDY0LjYzOTYgNjEuNzE3NyA2NS4zNjggNjEuMzcxOEM2Ni40OTcgNjAuODA3MyA2Ny4yOTgyIDYwLjc1MjcgNjkuODExIDYwLjk3MTJMNzEuNDg2MyA2MS4xMzVWNjIuMTE4M0M3MS40ODYzIDYzLjY2NjEgNzIuMzA1NyA2NC41NTg0IDczLjk4MDkgNjQuODEzM0w3NC43ODIxIDY0LjkyMjZMNzQuNDkwOCA2NS41OTYzQzczLjIxNjEgNjguNjczNiA2OS45Mzg1IDcyLjE1MTYgNjYuODYxMSA3My42OTk0QzY2LjM2OTUgNzMuOTM2MSA2NS4yNTg3IDc0LjM3MzEgNjQuNDAyOSA3NC42NjQ1QzYzLjAwMDggNzUuMTE5NyA2Mi42MTg0IDc1LjE3NDMgNjAuMjE0OCA3NS4xNzQzQzU3LjgyOTQgNzUuMTc0MyA1Ny40Mjg4IDc1LjExOTcgNTYuMTE3NyA3NC42ODI3QzUyLjE2NjMgNzMuMzcxNiA0OS4yMzQ3IDcwLjQ1ODEgNDcuOTA1NCA2Ni41NDMyQzQ3LjQzMTkgNjUuMTU5MyA0Ny40MTM3IDYxLjEzNSA0Ny44ODcyIDU5LjQ1OThDNDguNTI0NSA1Ny4xNDcyIDQ5LjY1MzUgNTUuMjM1MyA1MC44MzcxIDU0LjQ4ODdDNTEuNjAxOCA1My45OTcgNTMuMDIyMiA1NC4xNjA5IDU0LjQ2MDcgNTQuODcxMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTMuMDIyIDYxLjczNjFDMTEzLjAyMiA2Mi41NTU1IDExMi4xMTEgNjYuMzQzMSAxMTEuMzQ3IDY4LjcxMDJDMTA4LjQ3IDc3LjU3ODEgMTAzLjI2MiA4NS41MzU1IDk2LjQ2OTcgOTEuMzQ0M0M5MS42OTg5IDk1LjQ0MTMgODguMzExOSA5Ny4yNDQgODIuOTQwMiA5OC41NzMzQzc5LjQ4MDUgOTkuNDI5MSA3Ny4yMjI2IDk5LjcwMjMgNzIuODM0MSA5OS44MTE1QzY3LjM1MzIgOTkuOTU3MiA2MS45NDUxIDk5LjQ2NTUgNTcuMTAxNCA5OC40MDk0QzU2LjE3MjcgOTguMjA5MSA1NS4zODk4IDk4LjA4MTYgNTUuMzM1MSA5OC4xMzYzQzU1LjExNjYgOTguMzM2NiA1NS45NTQyIDEwMS4xMjMgNTYuNjgyNiAxMDIuNTk4QzU4LjAxMTkgMTA1LjMyOSA1OS41MjMyIDEwNy4zNjggNjIuMjE4MiAxMTAuMDYzQzY1LjA1ODggMTEyLjkwNCA2Ny4xNzExIDExNC40NyA3MC40NDg3IDExNi4xNjNDNzguNTcgMTIwLjM1MSA4Ny44OTMxIDEyMC45MTYgOTcuNDUzIDExNy43NjZDMTA3LjU0MSAxMTQuNDcgMTE0Ljk1MiAxMDguNTE2IDExOC45NCAxMDAuNTAzQzEyMS41OTggOTUuMTg2NCAxMjIuNjkxIDg5LjUwNTEgMTIyLjI5IDgzLjAyMjdDMTIxLjc5OSA3NS4wMjg4IDExOC44NDkgNjcuMTk4OSAxMTQuNTcgNjIuNTczOEMxMTMuODk2IDYxLjg0NTQgMTEzLjI3NyA2MS4yNjI3IDExMy4xODYgNjEuMjYyN0MxMTMuMDk1IDYxLjI2MjcgMTEzLjAyMiA2MS40ODEyIDExMy4wMjIgNjEuNzM2MVoiIGZpbGw9IndoaXRlIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgzXzI5NTIiIHgxPSI1LjUiIHkxPSIxMSIgeDI9IjE0MSIgeTI9IjEyNC41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM0NUFEQzYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMjE2Nzc4Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "schedule"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "endpointURL"], ["spec", "backup", "destinationPath"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml b/packages/system/cozystack-api/cozyrds/http-cache.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml rename to packages/system/cozystack-api/cozyrds/http-cache.yaml index 438105eb..ca05dc81 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/http-cache.yaml +++ b/packages/system/cozystack-api/cozyrds/http-cache.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyNSkiLz4KPHBhdGggZD0iTTI2LjAwMjYgMzcuODU4OEMyNi4wMDI2IDYwLjkxOSAyNi4wMDI2IDgzLjk4MTQgMjYuMDAyNiAxMDcuMDQ2QzI1Ljk3MyAxMDguMzIzIDI2LjE5OTYgMTA5LjU5MyAyNi42NjkyIDExMC43ODNDMjcuMTM4NyAxMTEuOTcyIDI3Ljg0MTggMTEzLjA1NiAyOC43Mzc0IDExMy45NzJDMzAuNDUzOSAxMTUuNjU5IDMyLjcgMTE2LjcwOSAzNS4xMDA5IDExNi45NDhDMzcuNTAxOSAxMTcuMTg3IDM5LjkxMjYgMTE2LjYgNDEuOTMxIDExNS4yODRDNDMuMjgyIDExNC4zNzEgNDQuMzg4MSAxMTMuMTQzIDQ1LjE1MjcgMTExLjcwN0M0NS45MTc0IDExMC4yNzEgNDYuMzE3NSAxMDguNjcxIDQ2LjMxODEgMTA3LjA0NkM0Ni4zMTgxIDkwLjM1MjggNDYuMjg2MSA3My42NTk3IDQ2LjMxODEgNTYuOTY2NkM2MS42MTY4IDc1LjE4ODkgNzYuOTQ3NCA5My4zODU2IDkyLjMxIDExMS41NTdDOTQuNDQ0NCAxMTMuNzA4IDk3LjA4NzUgMTE1LjI5MSA5OS45OTcgMTE2LjE2MkMxMDIuOTA2IDExNy4wMzIgMTA1Ljk4OSAxMTcuMTYyIDEwOC45NjIgMTE2LjUzOUMxMTEuMDYxIDExNi4xMjggMTEyLjk3MyAxMTUuMDU3IDExNC40MTUgMTEzLjQ4NUMxMTUuODU3IDExMS45MTMgMTE2Ljc1NCAxMDkuOTIxIDExNi45NzQgMTA3LjgwNEMxMTcuMDA5IDg0LjI2ODEgMTE3LjAwOSA2MC43MzQzIDExNi45NzQgMzcuMjAyNUMxMTYuNzU0IDM0LjY5MDcgMTE1LjU5NSAzMi4zNTIyIDExMy43MjYgMzAuNjQ4NkMxMTEuODU4IDI4Ljk0NSAxMDkuNDE1IDI4IDEwNi44ODEgMjhDMTA0LjM0NiAyOCAxMDEuOTAzIDI4Ljk0NSAxMDAuMDM1IDMwLjY0ODZDOTguMTY2MyAzMi4zNTIyIDk3LjAwNzQgMzQuNjkwNyA5Ni43ODY5IDM3LjIwMjVDOTYuNzg2OSA1NC4xNjMyIDk2LjY4NDQgNzEuMTA0OCA5Ni43ODY5IDg4LjA1OTFDODEuNzYxNiA3MC40MzU4IDY2LjkyMTkgNTIuNjU5NiA1MS45NTQzIDM0Ljk3MjVDNDkuOTgxIDMyLjQ1NTQgNDcuMzY4NSAzMC41MDczIDQ0LjM4NjMgMjkuMzI5MUM0MS40MDQxIDI4LjE1MDkgMzguMTU5OSAyNy43ODUyIDM0Ljk4ODMgMjguMjY5OEMzMi41ODU3IDI4LjUzNTkgMzAuMzU4MyAyOS42NDkzIDI4LjcwOTkgMzEuNDA4NEMyNy4wNjE1IDMzLjE2NzUgMjYuMTAxIDM1LjQ1NTkgMjYuMDAyNiAzNy44NTg4WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODFfMjgyNSIgeDE9IjEwIiB5MT0iMTUuNSIgeDI9IjE0NCIgeTI9IjEzMS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMwMEM1NEEiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDE5NjM5Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "endpoints"], ["spec", "haproxy"], ["spec", "haproxy", "replicas"], ["spec", "haproxy", "resources"], ["spec", "haproxy", "resourcesPreset"], ["spec", "nginx"], ["spec", "nginx", "replicas"], ["spec", "nginx", "resources"], ["spec", "nginx", "resourcesPreset"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml b/packages/system/cozystack-api/cozyrds/info.yaml similarity index 96% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml rename to packages/system/cozystack-api/cozyrds/info.yaml index 57945cd8..cb17a653 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/info.yaml +++ b/packages/system/cozystack-api/cozyrds/info.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX3JhZGlhbF8xNDRfMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzE0NF8zKSI+CjxwYXRoIGQ9Ik03Ny42NDA3IDk3LjA4NDRMODIuODMzIDk3LjM2MDRWMTA0LjYzN0g2MS4xNzI4Vjk3LjcxOTdMNjQuMTc3MSA5Ny40NDk1QzY1LjgxMDEgOTcuMjY4NCA2Ni44MTA2IDk2LjcxOTMgNjYuODEwNiA5NC41MzQzVjY5LjIzMTRDNjYuODEwNiA2Ny4yMjE3IDY2LjI3MDEgNjYuNTg2NCA2NC41MzY1IDY2LjU4NjRMNjEuMzU2OCA2Ni40MDgxVjU4Ljg1ODRINzcuNjQ2NUw3Ny42NDA3IDk3LjA4NDRaTTcxLjI3MjYgMzkuMzYzQzc1LjI4MDQgMzkuMzYzIDc4LjE4NyA0Mi4zNzMxIDc4LjE4NyA0Ni4xODgzQzc4LjE4NyA1MC4wMTQ5IDc1LjI3MTggNTIuODM4MSA3MS4xNzc4IDUyLjgzODFDNjYuOTk3NSA1Mi44MzgxIDY0LjI2NjMgNTAuMDE0OSA2NC4yNjYzIDQ2LjE4ODNDNjQuMjY2MyA0Mi4zNzMxIDY2Ljk5NzUgMzkuMzYzIDcxLjI3MjYgMzkuMzYzWk03MiAxMThDNDYuNjM2OCAxMTggMjYgOTcuMzYzMiAyNiA3MkMyNiA0Ni42MzY4IDQ2LjYzNjggMjYgNzIgMjZDOTcuMzU3NSAyNiAxMTggNDYuNjM2OCAxMTggNzJDMTE4IDk3LjM2MzIgOTcuMzU3NSAxMTggNzIgMTE4Wk03MiAzNC42MjVDNTEuMzkyIDM0LjYyNSAzNC42MjUgNTEuMzkyIDM0LjYyNSA3MkMzNC42MjUgOTIuNjA4IDUxLjM5MiAxMDkuMzc1IDcyIDEwOS4zNzVDOTIuNjA4IDEwOS4zNzUgMTA5LjM3NSA5Mi42MDggMTA5LjM3NSA3MkMxMDkuMzc1IDUxLjM5MiA5Mi42MDggMzQuNjI1IDcyIDM0LjYyNVoiIGZpbGw9IndoaXRlIi8+CjwvZz4KPGRlZnM+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQwX3JhZGlhbF8xNDRfMyIgY3g9IjAiIGN5PSIwIiByPSIxIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgxLjMyMjk4ZS0wNSAtNy41MDAwMSkgcm90YXRlKDQ0LjcxNzgpIHNjYWxlKDIxNS4zMTcgMzEyLjQ1NSkiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMDBCNUU3Ii8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwMzk4NCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzE0NF8zIj4KPHJlY3Qgd2lkdGg9IjkyIiBoZWlnaHQ9IjkyIiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjYgMjYpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml b/packages/system/cozystack-api/cozyrds/ingress.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml rename to packages/system/cozystack-api/cozyrds/ingress.yaml index a319d3a2..f23ea218 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/ingress.yaml +++ b/packages/system/cozystack-api/cozyrds/ingress.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODRfMzIyOSkiLz4KPHBhdGggZD0iTTg2LjkyNzQgMzcuMTA3NEgxN1YxMDcuMDM1SDg2LjkyNzRWMzcuMTA3NFoiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTEyNy42NDMgMjlIMTA3LjQ1NVY0OS4xODgzSDEyNy42NDNWMjlaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik0xMjcuNjQzIDYxLjcyNjZIMTA3LjQ1NVY4MS45MTQ5SDEyNy42NDNWNjEuNzI2NloiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iNCIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTEyNy42NDMgOTQuNDUyMUgxMDcuNDU1VjExNC42NEgxMjcuNjQzVjk0LjQ1MjFaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik04OC41MTM3IDcyLjA3MTNIMTA2LjI3IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIi8+CjxwYXRoIGQ9Ik04Ny41Njc0IDgwLjQyNDhMMTA3LjczIDk1Ljc4MDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiLz4KPHBhdGggZD0iTTg3LjU2NzQgNjMuNzE4MUwxMDcuNzMgNDguMzYyMyIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4NF8zMjI5IiB4MT0iMTAiIHkxPSIxNS41IiB4Mj0iMTQ0IiB5Mj0iMTMxLjUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzAwREE1MyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMwMDk2MzkiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "whitelist"], ["spec", "cloudflareProxy"], ["spec", "resources"], ["spec", "resourcesPreset"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml b/packages/system/cozystack-api/cozyrds/kafka.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml rename to packages/system/cozystack-api/cozyrds/kafka.yaml index d4891307..5d8c775d 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kafka.yaml +++ b/packages/system/cozystack-api/cozyrds/kafka.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyMCkiLz4KPHBhdGggZD0iTTkxLjAzMDcgNzcuODE4NUM4Ni44NTc3IDc3LjgxODUgODMuMTE2NiA3OS42ODE4IDgwLjU1NDcgODIuNjE1NEw3My45OTAxIDc3LjkzMTVDNzQuNjg2OSA3NS45OTc4IDc1LjA4NyA3My45MjE1IDc1LjA4NyA3MS43NDgyQzc1LjA4NyA2OS42MTI2IDc0LjcwMDggNjcuNTcxMSA3NC4wMjY5IDY1LjY2Nkw4MC41NzY5IDYxLjAzMThDODMuMTM4NSA2My45NTA1IDg2Ljg2OTkgNjUuODAzNyA5MS4wMzA3IDY1LjgwMzdDOTguNzMyOCA2NS44MDM3IDEwNSA1OS40ODg0IDEwNSA1MS43MjQ3QzEwNSA0My45NjEgOTguNzMyOCAzNy42NDU3IDkxLjAzMDcgMzcuNjQ1N0M4My4zMjg1IDM3LjY0NTcgNzcuMDYxNCA0My45NjEgNzcuMDYxNCA1MS43MjQ3Qzc3LjA2MTQgNTMuMTE0MyA3Ny4yNjk3IDU0LjQ1NDMgNzcuNjQzNSA1NS43MjMzTDcxLjA4OTEgNjAuMzU5OEM2OC4zNTEyIDU2LjkzNjUgNjQuNDA5IDU0LjU0NjMgNTkuOTE3NCA1My44MTY2VjQ1Ljg1NTNDNjYuMjQ1MSA0NC41MTU4IDcxLjAxMjggMzguODQ5NSA3MS4wMTI4IDMyLjA3OUM3MS4wMTI4IDI0LjMxNTMgNjQuNzQ1NyAxOCA1Ny4wNDM1IDE4QzQ5LjM0MTQgMTggNDMuMDc0MiAyNC4zMTUzIDQzLjA3NDIgMzIuMDc5QzQzLjA3NDIgMzguNzU4OSA0Ny43MTg0IDQ0LjM1NTIgNTMuOTE5NiA0NS43OTAzVjUzLjg1NTFDNDUuNDU2NyA1NS4zNTIzIDM5IDYyLjc5NjEgMzkgNzEuNzQ4MkMzOSA4MC43NDQgNDUuNTIwNiA4OC4yMTUxIDU0LjA0NDYgODkuNjYxM1Y5OC4xNzcyQzQ3Ljc4MDEgOTkuNTY1IDQzLjA3NDIgMTA1LjE5NiA0My4wNzQyIDExMS45MjFDNDMuMDc0MiAxMTkuNjg1IDQ5LjM0MTQgMTI2IDU3LjA0MzUgMTI2QzY0Ljc0NTcgMTI2IDcxLjAxMjggMTE5LjY4NSA3MS4wMTI4IDExMS45MjFDNzEuMDEyOCAxMDUuMTk2IDY2LjMwNyA5OS41NjUgNjAuMDQyNCA5OC4xNzcyVjg5LjY2MTFDNjQuMzU2OSA4OC45Mjg2IDY4LjI2MDEgODYuNjQwNyA3MS4wMjUyIDgzLjIyMzRMNzcuNjMzNyA4Ny45Mzc2Qzc3LjI2NjkgODkuMTk1MiA3Ny4wNjE0IDkwLjUyMTkgNzcuMDYxNCA5MS44OTc1Qzc3LjA2MTQgOTkuNjYxMiA4My4zMjg1IDEwNS45NzYgOTEuMDMwNyAxMDUuOTc2Qzk4LjczMjggMTA1Ljk3NiAxMDUgOTkuNjYxMiAxMDUgOTEuODk3NUMxMDUgODQuMTMzOCA5OC43MzI4IDc3LjgxODUgOTEuMDMwNyA3Ny44MTg1Wk05MS4wMzA3IDQ0Ljg5ODVDOTQuNzY1NiA0NC44OTg1IDk3LjgwMzQgNDcuOTYxNSA5Ny44MDM0IDUxLjcyNDdDOTcuODAzNCA1NS40ODc5IDk0Ljc2NTYgNTguNTUwNiA5MS4wMzA3IDU4LjU1MDZDODcuMjk1OCA1OC41NTA2IDg0LjI1OCA1NS40ODc5IDg0LjI1OCA1MS43MjQ3Qzg0LjI1OCA0Ny45NjE1IDg3LjI5NTggNDQuODk4NSA5MS4wMzA3IDQ0Ljg5ODVaTTUwLjI3MDUgMzIuMDc5QzUwLjI3MDUgMjguMzE1OCA1My4zMDg2IDI1LjI1MzEgNTcuMDQzNSAyNS4yNTMxQzYwLjc3ODUgMjUuMjUzMSA2My44MTYzIDI4LjMxNTggNjMuODE2MyAzMi4wNzlDNjMuODE2MyAzNS44NDIyIDYwLjc3ODUgMzguOTA0OSA1Ny4wNDM1IDM4LjkwNDlDNTMuMzA4NiAzOC45MDQ5IDUwLjI3MDUgMzUuODQyMiA1MC4yNzA1IDMyLjA3OVpNNjMuODE2MyAxMTEuOTIxQzYzLjgxNjMgMTE1LjY4NCA2MC43Nzg1IDExOC43NDcgNTcuMDQzNSAxMTguNzQ3QzUzLjMwODYgMTE4Ljc0NyA1MC4yNzA1IDExNS42ODQgNTAuMjcwNSAxMTEuOTIxQzUwLjI3MDUgMTA4LjE1OCA1My4zMDg2IDEwNS4wOTUgNTcuMDQzNSAxMDUuMDk1QzYwLjc3ODUgMTA1LjA5NSA2My44MTYzIDEwOC4xNTggNjMuODE2MyAxMTEuOTIxWk01Ny4wNDMgODEuMjY4MUM1MS44MzM5IDgxLjI2ODEgNDcuNTk2MiA3Ni45OTggNDcuNTk2MiA3MS43NDgyQzQ3LjU5NjIgNjYuNDk4MiA1MS44MzM5IDYyLjIyNzMgNTcuMDQzIDYyLjIyNzNDNjIuMjUxOSA2Mi4yMjczIDY2LjQ4OTUgNjYuNDk4MiA2Ni40ODk1IDcxLjc0ODJDNjYuNDg5NSA3Ni45OTggNjIuMjUxOSA4MS4yNjgxIDU3LjA0MyA4MS4yNjgxWk05MS4wMzA3IDk4LjcyMzdDODcuMjk1OCA5OC43MjM3IDg0LjI1OCA5NS42NjA3IDg0LjI1OCA5MS44OTc1Qzg0LjI1OCA4OC4xMzQzIDg3LjI5NTggODUuMDcxNiA5MS4wMzA3IDg1LjA3MTZDOTQuNzY1NiA4NS4wNzE2IDk3LjgwMzQgODguMTM0MyA5Ny44MDM0IDkxLjg5NzVDOTcuODAzNCA5NS42NjA3IDk0Ljc2NTYgOTguNzIzNyA5MS4wMzA3IDk4LjcyMzdaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4MV8yODIwIiB4MT0iMTQwIiB5MT0iMTMwLjUiIHgyPSI0IiB5Mj0iOS40OTk5OSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcC8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzQzNDE0MSIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "topics"], ["spec", "kafka"], ["spec", "kafka", "replicas"], ["spec", "kafka", "resources"], ["spec", "kafka", "resourcesPreset"], ["spec", "kafka", "size"], ["spec", "kafka", "storageClass"], ["spec", "zookeeper"], ["spec", "zookeeper", "replicas"], ["spec", "zookeeper", "resources"], ["spec", "zookeeper", "resourcesPreset"], ["spec", "zookeeper", "size"], ["spec", "zookeeper", "storageClass"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml b/packages/system/cozystack-api/cozyrds/kubernetes.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml rename to packages/system/cozystack-api/cozyrds/kubernetes.yaml index 0629b6d4..56aa3ea8 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/kubernetes.yaml +++ b/packages/system/cozystack-api/cozyrds/kubernetes.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjg0NSkiLz4KPHBhdGggZD0iTTcxLjk5NjggMTlDNzAuMzAzOSAxOS4wMDAyIDY4LjkzMTIgMjAuNTMyMiA2OC45MzE0IDIyLjQyMjFDNjguOTMxNCAyMi40NTExIDY4LjkzNzMgMjIuNDc4OCA2OC45Mzc5IDIyLjUwNzZDNjguOTM1NCAyMi43NjQ0IDY4LjkyMzEgMjMuMDczNyA2OC45MzE0IDIzLjI5NzNDNjguOTcxNyAyNC4zODczIDY5LjIwODIgMjUuMjIxNiA2OS4zNTA2IDI2LjIyNThDNjkuNjA4NCAyOC4zNzUyIDY5LjgyNDUgMzAuMTU2OSA2OS42OTEyIDMxLjgxM0M2OS41NjE1IDMyLjQzNzUgNjkuMTAzNyAzMy4wMDg2IDY4LjY5NTYgMzMuNDA1Nkw2OC42MjM1IDM0LjcwODZDNjYuNzgzOSAzNC44NjE3IDY0LjkzMTkgMzUuMTQyMSA2My4wODIxIDM1LjU2NDFDNTUuMTIyNiAzNy4zNzk4IDQ4LjI2OTUgNDEuNDk5MSA0My4wNTIgNDcuMDYwOUM0Mi43MTM0IDQ2LjgyODggNDIuMTIxMSA0Ni40MDE5IDQxLjk0NSA0Ni4yNzEyQzQxLjM5NzcgNDYuMzQ1NCA0MC44NDQ1IDQ2LjUxNTEgNDAuMTI0MSA0Ni4wOTM1QzM4Ljc1MjIgNDUuMTY1NyAzNy41MDI4IDQzLjg4NTEgMzUuOTkxIDQyLjM0MjRDMzUuMjk4MiA0MS42MDQ0IDM0Ljc5NjYgNDAuOTAxOCAzMy45NzM1IDQwLjE5MDRDMzMuNzg2NiA0MC4wMjg5IDMzLjUwMTQgMzkuODEwNCAzMy4yOTIzIDM5LjY0NDJDMzIuNjQ4OSAzOS4xMjg4IDMxLjg5IDM4Ljg2IDMxLjE1NyAzOC44MzQ4QzMwLjIxNDcgMzguODAyNCAyOS4zMDc1IDM5LjE3MjUgMjguNzEzOCAzOS45MjA2QzI3LjY1ODQgNDEuMjUwNiAyNy45OTYzIDQzLjI4MzMgMjkuNDY3MSA0NC40NjE0QzI5LjQ4MiA0NC40NzM0IDI5LjQ5NzkgNDQuNDgyNyAyOS41MTI5IDQ0LjQ5NDNDMjkuNzE1IDQ0LjY1ODkgMjkuOTYyNSA0NC44Njk4IDMwLjE0ODMgNDUuMDA3NkMzMS4wMjE3IDQ1LjY1NTUgMzEuODE5NSA0NS45ODcyIDMyLjY4OTcgNDYuNTAxNUMzNC41MjMxIDQ3LjYzOTEgMzYuMDQzIDQ4LjU4MjMgMzcuMjQ4NiA0OS43MTk2QzM3LjcxOTQgNTAuMjIzNyAzNy44MDE2IDUxLjExMjIgMzcuODY0MyA1MS40OTY0TDM4Ljg0NjggNTIuMzc4MkMzMy41ODcyIDYwLjMzMDggMzEuMTUzIDcwLjE1MzkgMzIuNTkxNSA4MC4xNjI3TDMxLjMwNzcgODAuNTM3OEMzMC45NjkzIDgwLjk3NjggMzAuNDkxMiA4MS42Njc2IDI5Ljk5MTEgODEuODczOEMyOC40MTM4IDgyLjM3MjkgMjYuNjM4NyA4Mi41NTYyIDI0LjQ5NTYgODIuNzgxOUMyMy40ODk0IDgyLjg2NiAyMi42MjEzIDgyLjgxNTggMjEuNTU0NiA4My4wMTg4QzIxLjMxOTggODMuMDYzNSAyMC45OTI3IDgzLjE0OTEgMjAuNzM1OCA4My4yMDk3QzIwLjcyNjkgODMuMjExNiAyMC43MTg2IDgzLjIxNDIgMjAuNzA5NiA4My4yMTYyQzIwLjY5NTYgODMuMjE5NSAyMC42NzcyIDgzLjIyNjMgMjAuNjYzOCA4My4yMjk0QzE4Ljg1NyA4My42NjggMTcuNjk2MyA4NS4zMzY1IDE4LjA2OTkgODYuOTgwNUMxOC40NDM3IDg4LjYyNDggMjAuMjA4NiA4OS42MjQ4IDIyLjAyNjIgODkuMjMxMkMyMi4wMzkzIDg5LjIyODIgMjIuMDU4NCA4OS4yMjc3IDIyLjA3MiA4OS4yMjQ2QzIyLjA5MjYgODkuMjE5OSAyMi4xMTA2IDg5LjIwOTkgMjIuMTMxIDg5LjIwNDlDMjIuMzg0NCA4OS4xNDkgMjIuNzAxOSA4OS4wODY4IDIyLjkyMzYgODkuMDI3MkMyMy45NzIzIDg4Ljc0NTEgMjQuNzMxOCA4OC4zMzA2IDI1LjY3NDYgODcuOTY3N0MyNy43MDI5IDg3LjIzNjggMjkuMzgyOCA4Ni42MjYyIDMxLjAxOTUgODYuMzg4M0MzMS43MDMgODYuMzM0NSAzMi40MjMyIDg2LjgxMiAzMi43ODE0IDg3LjAxMzRMMzQuMTE3NyA4Ni43ODMxQzM3LjE5MjYgOTYuMzYxMyA0My42MzY2IDEwNC4xMDMgNTEuNzk2MyAxMDguOTYxTDUxLjIzOTYgMTEwLjMwM0M1MS40NDAzIDExMC44MjQgNTEuNjYxNiAxMTEuNTMgNTEuNTEyMSAxMTIuMDQ1QzUwLjkxNzEgMTEzLjU5NSA0OS44OTggMTE1LjIzMSA0OC43Mzc0IDExNy4wNTVDNDguMTc1NSAxMTcuODk4IDQ3LjYwMDQgMTE4LjU1MiA0Ny4wOTM0IDExOS41MTZDNDYuOTcyIDExOS43NDcgNDYuODE3NSAxMjAuMTAyIDQ2LjcwMDQgMTIwLjM0NkM0NS45MTI1IDEyMi4wMzkgNDYuNDkwNCAxMjMuOTkgNDguMDAzOCAxMjQuNzIyQzQ5LjUyNjggMTI1LjQ1OSA1MS40MTcxIDEyNC42ODIgNTIuMjM1MiAxMjIuOTg1QzUyLjIzNjQgMTIyLjk4MiA1Mi4yNDA2IDEyMi45OCA1Mi4yNDE3IDEyMi45NzhDNTIuMjQyNiAxMjIuOTc2IDUyLjI0MDkgMTIyLjk3MyA1Mi4yNDE3IDEyMi45NzFDNTIuMzU4MiAxMjIuNzMxIDUyLjUyMzMgMTIyLjQxNSA1Mi42MjE2IDEyMi4xODhDNTMuMDU2IDEyMS4xODkgNTMuMjAwNSAxMjAuMzMyIDUzLjUwNTkgMTE5LjM2NUM1NC4zMTcgMTE3LjMxOCA1NC43NjI2IDExNS4xNyA1NS44NzkxIDExMy44MzJDNTYuMTg0OSAxMTMuNDY2IDU2LjY4MzMgMTEzLjMyNSA1Ny4yMDAxIDExMy4xODZMNTcuODk0NCAxMTEuOTIyQzY1LjAwOCAxMTQuNjY1IDcyLjk3MDUgMTE1LjQwMiA4MC45MjQ1IDExMy41ODdDODIuNzM5MSAxMTMuMTczIDg0LjQ5MDggMTEyLjYzNyA4Ni4xODQzIDExMS45OTRDODYuMzc5NCAxMTIuMzQyIDg2Ljc0MiAxMTMuMDExIDg2LjgzOTMgMTEzLjE3OUM4Ny4zNjQ0IDExMy4zNTEgODcuOTM3NyAxMTMuNDM5IDg4LjQwNDcgMTE0LjEzM0M4OS4yNDAxIDExNS41NjcgODkuODExNCAxMTcuMjYzIDkwLjUwNzMgMTE5LjMxMkM5MC44MTI4IDEyMC4yNzkgOTAuOTYzOCAxMjEuMTM2IDkxLjM5ODEgMTIyLjEzNkM5MS40OTcxIDEyMi4zNjMgOTEuNjYxNCAxMjIuNjg0IDkxLjc3OCAxMjIuOTI1QzkyLjU5NDQgMTI0LjYyOCA5NC40OTA3IDEyNS40MDcgOTYuMDE1OSAxMjQuNjY5Qzk3LjUyOTIgMTIzLjkzNyA5OC4xMDc3IDEyMS45ODYgOTcuMzE5NCAxMjAuMjkzQzk3LjIwMjMgMTIwLjA0OSA5Ny4wNDEyIDExOS42OTUgOTYuOTE5OCAxMTkuNDY0Qzk2LjQxMjcgMTE4LjQ5OSA5NS44Mzc3IDExNy44NTIgOTUuMjc1OCAxMTcuMDA5Qzk0LjExNTIgMTE1LjE4NSA5My4xNTI2IDExMy42NyA5Mi41NTc1IDExMi4xMkM5Mi4zMDg3IDExMS4zMiA5Mi41OTk1IDExMC44MjMgOTIuNzkzMyAxMTAuMzAzQzkyLjY3NzIgMTEwLjE3IDkyLjQyODggMTA5LjQxNCA5Mi4yODI0IDEwOS4wNTlDMTAwLjc2MiAxMDQuMDI5IDEwNy4wMTcgOTUuOTk4NSAxMDkuOTU1IDg2LjcyMzlDMTEwLjM1MSA4Ni43ODY1IDExMS4wNDEgODYuOTA5MSAxMTEuMjY1IDg2Ljk1NDJDMTExLjcyNiA4Ni42NDg3IDExMi4xNDkgODYuMjUwMSAxMTIuOTgxIDg2LjMxNTlDMTE0LjYxNyA4Ni41NTM3IDExNi4yOTcgODcuMTY0NSAxMTguMzI2IDg3Ljg5NTNDMTE5LjI2OCA4OC4yNTgxIDEyMC4wMjggODguNjc5MyAxMjEuMDc3IDg4Ljk2MTRDMTIxLjI5OCA4OS4wMjEgMTIxLjYxNiA4OS4wNzY2IDEyMS44NjkgODkuMTMyNUMxMjEuODg5IDg5LjEzNzUgMTIxLjkwOCA4OS4xNDc1IDEyMS45MjggODkuMTUyMkMxMjEuOTQyIDg5LjE1NTMgMTIxLjk2MSA4OS4xNTU4IDEyMS45NzQgODkuMTU4OEMxMjMuNzkyIDg5LjU1MiAxMjUuNTU3IDg4LjU1MjYgMTI1LjkzIDg2LjkwODFDMTI2LjMwMyA4NS4yNjQxIDEyNS4xNDMgODMuNTk1MiAxMjMuMzM2IDgzLjE1N0MxMjMuMDc0IDgzLjA5NyAxMjIuNzAxIDgyLjk5NSAxMjIuNDQ2IDgyLjk0NjVDMTIxLjM3OSA4Mi43NDM1IDEyMC41MTEgODIuNzkzNSAxMTkuNTA1IDgyLjcwOTVDMTE3LjM2MSA4Mi40ODM5IDExNS41ODYgODIuMzAwNCAxMTQuMDA5IDgxLjgwMTRDMTEzLjM2NiA4MS41NTA3IDExMi45MDggODAuNzgxOSAxMTIuNjg2IDgwLjQ2NTVMMTExLjQ0OCA4MC4xMDM1QzExMi4wOSA3NS40MzggMTExLjkxNyA3MC41ODI1IDExMC44MDYgNjUuNzI0M0MxMDkuNjg1IDYwLjgyMDggMTA3LjcwNCA1Ni4zMzYxIDEwNS4wNjIgNTIuMzg0OEMxMDUuMzc5IDUyLjA5NDggMTA1Ljk3OSA1MS41NjEyIDEwNi4xNDkgNTEuNDA0M0MxMDYuMTk5IDUwLjg1MTcgMTA2LjE1NiA1MC4yNzIyIDEwNi43MjUgNDkuNjYwM0MxMDcuOTMxIDQ4LjUyMyAxMDkuNDUxIDQ3LjU3OTkgMTExLjI4NCA0Ni40NDIzQzExMi4xNTQgNDUuOTI3OSAxMTIuOTU5IDQ1LjU5NjQgMTEzLjgzMiA0NC45NDg0QzExNC4wMyA0NC44MDE5IDExNC4yOTkgNDQuNTY5OSAxMTQuNTA3IDQ0LjQwMjJDMTE1Ljk3NyA0My4yMjM3IDExNi4zMTYgNDEuMTkxMSAxMTUuMjYgMzkuODYxNEMxMTQuMjA0IDM4LjUzMTcgMTEyLjE1OSAzOC40MDY1IDExMC42ODggMzkuNTg1QzExMC40NzkgMzkuNzUxNiAxMTAuMTk1IDM5Ljk2ODggMTEwLjAwNyA0MC4xMzEyQzEwOS4xODQgNDAuODQyNiAxMDguNjc2IDQxLjU0NTIgMTA3Ljk4MyA0Mi4yODMyQzEwNi40NzEgNDMuODI1OSAxMDUuMjIyIDQ1LjExMyAxMDMuODUgNDYuMDQwOUMxMDMuMjU1IDQ2LjM4ODUgMTAyLjM4NSA0Ni4yNjgyIDEwMS45OSA0Ni4yNDQ5TDEwMC44MjQgNDcuMDgwNkM5NC4xNzUzIDQwLjA3NjMgODUuMTIzNSAzNS41OTgyIDc1LjM3NjYgMzQuNzI4M0M3NS4zNDk0IDM0LjMxNzkgNzUuMzEzNyAzMy41NzYxIDc1LjMwNDYgMzMuMzUyOUM3NC45MDU2IDMyLjk2OTMgNzQuNDIzNSAzMi42NDE4IDc0LjMwMjQgMzEuODEzQzc0LjE2OTEgMzAuMTU2OSA3NC4zOTE3IDI4LjM3NTIgNzQuNjQ5NiAyNi4yMjU4Qzc0Ljc5MTkgMjUuMjIxNiA3NS4wMjg0IDI0LjM4NzMgNzUuMDY4OCAyMy4yOTczQzc1LjA3OCAyMy4wNDk1IDc1LjA2MzIgMjIuNjkgNzUuMDYyMiAyMi40MjIxQzc1LjA2MiAyMC41MzIyIDczLjY4OTggMTguOTk5OCA3MS45OTY4IDE5Wk02OC4xNTg1IDQyLjg4ODZMNjcuMjQ4IDU5LjA0NDdMNjcuMTgyNSA1OS4wNzc2QzY3LjEyMTQgNjAuNTIyOSA2NS45Mzc1IDYxLjY3NyA2NC40ODM5IDYxLjY3N0M2My44ODg0IDYxLjY3NyA2My4zMzg4IDYxLjQ4NDkgNjIuODkyMiA2MS4xNTcxTDYyLjg2NiA2MS4xNzAzTDQ5LjY4MDcgNTEuNzc5NEM1My43MzMxIDQ3Ljc3NTkgNTguOTE2NCA0NC44MTcyIDY0Ljg5IDQzLjQ1NDZDNjUuOTgxMiA0My4yMDU2IDY3LjA3MTkgNDMuMDIwOSA2OC4xNTg1IDQyLjg4ODZaTTc1Ljg0MTcgNDIuODg4NkM4Mi44MTU5IDQzLjc1MDQgODkuMjY1NyA0Ni45MjMyIDk0LjIwODEgNTEuNzg2TDgxLjEwOCA2MS4xMTc2TDgxLjA2MjEgNjEuMDk3OUM3OS44OTk0IDYxLjk1MTIgNzguMjYxMSA2MS43Mzk0IDc3LjM1NDggNjAuNTk3OEM3Ni45ODM1IDYwLjEzMDEgNzYuNzg4NyA1OS41ODAxIDc2Ljc2NTMgNTkuMDI0OUw3Ni43NTIyIDU5LjAxODRMNzUuODQxNyA0Mi44ODg2Wk00NC44OTkxIDU3LjgxNEw1Ni45MzgyIDY4LjYzM0w1Ni45MjUxIDY4LjY5ODhDNTguMDExNyA2OS42NDc5IDU4LjE3MiA3MS4yOTQ5IDU3LjI2NTcgNzIuNDM2OEM1Ni44OTQ0IDcyLjkwNDUgNTYuMzk3NSA3My4yMTgyIDU1Ljg2MzkgNzMuMzY0N0w1NS44NTA4IDczLjQxNzNMNDAuNDE4OCA3Ny44OTIzQzM5LjYzMzQgNzAuNjc2NSA0MS4zMjYxIDYzLjY2MjEgNDQuODk5MSA1Ny44MTRaTTk5LjAwOTQgNTcuODIwNkMxMDAuNzk4IDYwLjczMzYgMTAyLjE1MyA2My45ODcxIDEwMi45NTkgNjcuNTE0M0MxMDMuNzU2IDcwLjk5OTEgMTAzLjk1NiA3NC40Nzc4IDEwMy42MjcgNzcuODM5N0w4OC4xMTY2IDczLjM1MTVMODguMTAzNSA3My4yODU3Qzg2LjcxNDUgNzIuOTA0MyA4NS44NjA5IDcxLjQ4NDggODYuMTg0MyA3MC4wNjExQzg2LjMxNjggNjkuNDc3OCA4Ni42MjQ5IDY4Ljk4NDQgODcuMDQyMyA2OC42MTk4TDg3LjAzNTggNjguNTg2OUw5OS4wMDk0IDU3LjgyMDZaTTY5LjUyNzQgNjkuNDY4OEg3NC40NTk2TDc3LjUyNTEgNzMuMzE4Nkw3Ni40MjQ3IDc4LjEyMjZMNzEuOTk2OCA4MC4yNjE0TDY3LjU1NTggNzguMTE2MUw2Ni40NTU0IDczLjMxMkw2OS41Mjc0IDY5LjQ2ODhaTTg1LjMzOTMgODIuNjQzN0M4NS41NDg5IDgyLjYzMzEgODUuNzU3NiA4Mi42NTIgODUuOTYxNiA4Mi42ODk4TDg1Ljk4NzggODIuNjU2OUwxMDEuOTUgODUuMzY4MkM5OS42MTQyIDkxLjk2MjQgOTUuMTQ0IDk3LjY3NSA4OS4xNzExIDEwMS40OThMODIuOTc0NyA4Ni40NjA2TDgyLjk5NDQgODYuNDM0M0M4Mi40MjUyIDg1LjEwNTUgODIuOTk0OCA4My41NDcyIDg0LjMwNDQgODIuOTEzNUM4NC42Mzk3IDgyLjc1MTMgODQuOTkgODIuNjYxNCA4NS4zMzkzIDgyLjY0MzdaTTU4LjUyOTggODIuNzA5NUM1OS43NDggODIuNzI2NyA2MC44NDA2IDgzLjU3NjEgNjEuMTIzNyA4NC44MjJDNjEuMjU2MiA4NS40MDUyIDYxLjE5MTcgODUuOTgzMSA2MC45NzMgODYuNDkzNUw2MS4wMTg5IDg2LjU1MjdMNTQuODg4IDEwMS40MzlDNDkuMTU1OSA5Ny43NDMyIDQ0LjU5MDQgOTIuMjA5OSA0Mi4xNDgxIDg1LjQyMDhMNTcuOTczMSA4Mi43MjI3TDU3Ljk5OTMgODIuNzU1NkM1OC4xNzYzIDgyLjcyMjkgNTguMzU1OCA4Mi43MDcxIDU4LjUyOTggODIuNzA5NVpNNzEuODk4NiA4OS4yMzEyQzcyLjMyMjkgODkuMjE1NSA3Mi43NTM0IDg5LjMwMyA3My4xNjI3IDg5LjUwMUM3My42OTkyIDg5Ljc2MDYgNzQuMTEzNiA5MC4xNjkyIDc0LjM3NDUgOTAuNjU5Mkg3NC40MzM0TDgyLjIzNDYgMTA0LjgyMUM4MS4yMjIxIDEwNS4xNjIgODAuMTgxMyAxMDUuNDU0IDc5LjExNjcgMTA1LjY5N0M3My4xNTA1IDEwNy4wNTggNjcuMjAzMiAxMDYuNjQ1IDYxLjgxOCAxMDQuODAyTDY5LjU5OTUgOTAuNjY1OEg2OS42MTI2QzcwLjA3OTUgODkuNzg4OCA3MC45NjUgODkuMjY1NiA3MS44OTg2IDg5LjIzMTJaIiBmaWxsPSJ3aGl0ZSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjI1Ii8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgxXzI4NDUiIHgxPSIxMCIgeTE9IjE1LjUiIHgyPSIxNDQiIHkyPSIxMzEuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNEQ4N0ZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzA1NDdEMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "storageClass"], ["spec", "version"], ["spec", "host"], ["spec", "nodeGroups"], ["spec", "nodeGroups", "md0"], ["spec", "nodeGroups", "md0", "minReplicas"], ["spec", "nodeGroups", "md0", "maxReplicas"], ["spec", "nodeGroups", "md0", "instanceType"], ["spec", "nodeGroups", "md0", "ephemeralStorage"], ["spec", "nodeGroups", "md0", "roles"], ["spec", "nodeGroups", "md0", "resources"], ["spec", "nodeGroups", "md0", "gpus"], ["spec", "addons"], ["spec", "addons", "certManager"], ["spec", "addons", "certManager", "enabled"], ["spec", "addons", "certManager", "valuesOverride"], ["spec", "addons", "cilium"], ["spec", "addons", "cilium", "valuesOverride"], ["spec", "addons", "gatewayAPI"], ["spec", "addons", "gatewayAPI", "enabled"], ["spec", "addons", "ingressNginx"], ["spec", "addons", "ingressNginx", "enabled"], ["spec", "addons", "ingressNginx", "exposeMethod"], ["spec", "addons", "ingressNginx", "hosts"], ["spec", "addons", "ingressNginx", "valuesOverride"], ["spec", "addons", "gpuOperator"], ["spec", "addons", "gpuOperator", "enabled"], ["spec", "addons", "gpuOperator", "valuesOverride"], ["spec", "addons", "fluxcd"], ["spec", "addons", "fluxcd", "enabled"], ["spec", "addons", "fluxcd", "valuesOverride"], ["spec", "addons", "monitoringAgents"], ["spec", "addons", "monitoringAgents", "enabled"], ["spec", "addons", "monitoringAgents", "valuesOverride"], ["spec", "addons", "verticalPodAutoscaler"], ["spec", "addons", "verticalPodAutoscaler", "valuesOverride"], ["spec", "addons", "velero"], ["spec", "addons", "velero", "enabled"], ["spec", "addons", "velero", "valuesOverride"], ["spec", "addons", "coredns"], ["spec", "addons", "coredns", "valuesOverride"], ["spec", "controlPlane"], ["spec", "controlPlane", "replicas"], ["spec", "controlPlane", "apiServer"], ["spec", "controlPlane", "apiServer", "resources"], ["spec", "controlPlane", "apiServer", "resourcesPreset"], ["spec", "controlPlane", "controllerManager"], ["spec", "controlPlane", "controllerManager", "resourcesPreset"], ["spec", "controlPlane", "controllerManager", "resources"], ["spec", "controlPlane", "scheduler"], ["spec", "controlPlane", "scheduler", "resourcesPreset"], ["spec", "controlPlane", "scheduler", "resources"], ["spec", "controlPlane", "konnectivity"], ["spec", "controlPlane", "konnectivity", "server"], ["spec", "controlPlane", "konnectivity", "server", "resourcesPreset"], ["spec", "controlPlane", "konnectivity", "server", "resources"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml b/packages/system/cozystack-api/cozyrds/monitoring.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml rename to packages/system/cozystack-api/cozyrds/monitoring.yaml index a6908d5e..1bdb271b 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/monitoring.yaml +++ b/packages/system/cozystack-api/cozyrds/monitoring.yaml @@ -30,7 +30,7 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzI2OCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zMjY4KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMzg0NTRGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNNTQuMTcyMiAzOC43NzU3SDMzLjEwMzJDMzIuMTMwNyAzOC43NzU3IDMxLjQ4MjQgMzguMTI3NCAzMS40ODI0IDM3LjE1NDlDMzEuNDgyNCAzNi4xODI0IDMyLjEzMDcgMzUuNTM0MiAzMy4xMDMyIDM1LjUzNDJINTQuMTcyMkM1NS4xNDQ3IDM1LjUzNDIgNTUuNzkzIDM2LjE4MjQgNTUuNzkzIDM3LjE1NDlDNTUuNzkyOCAzOC4xMjc0IDU1LjE0NDUgMzguNzc1NyA1NC4xNzIyIDM4Ljc3NTdaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik02My44OTYzIDQ1LjI1OTFINDEuMjA2N0M0MC4yMzQyIDQ1LjI1OTEgMzkuNTg1OSA0NC42MTA4IDM5LjU4NTkgNDMuNjM4M0MzOS41ODU5IDQyLjY2NTggNDAuMjM0MiA0Mi4wMTc2IDQxLjIwNjcgNDIuMDE3Nkg2My44OTYzQzY0Ljg2ODggNDIuMDE3NiA2NS41MTcxIDQyLjY2NTggNjUuNTE3MSA0My42MzgzQzY1LjUxNzEgNDQuNjEwOCA2NC44Njg4IDQ1LjI1OTEgNjMuODk2MyA0NS4yNTkxWiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMzQuNzI0IDQ1LjI1OTFIMzMuMTAzMkMzMi4xMzA3IDQ1LjI1OTEgMzEuNDgyNCA0NC42MTA4IDMxLjQ4MjQgNDMuNjM4M0MzMS40ODI0IDQyLjY2NTggMzIuMTMwNyA0Mi4wMTc2IDMzLjEwMzIgNDIuMDE3NkgzNC43MjRDMzUuNjk2NCA0Mi4wMTc2IDM2LjM0NDcgNDIuNjY1OCAzNi4zNDQ3IDQzLjYzODNDMzYuMzQ0NyA0NC42MTA4IDM1LjY5NjMgNDUuMjU5MSAzNC43MjQgNDUuMjU5MVoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgMzguNzc1N0g2MC42NTQ5QzU5LjY4MjQgMzguNzc1NyA1OS4wMzQyIDM4LjEyNzQgNTkuMDM0MiAzNy4xNTQ5QzU5LjAzNDIgMzYuMTgyNCA1OS42ODI0IDM1LjUzNDIgNjAuNjU0OSAzNS41MzQySDYzLjg5NjNDNjQuODY4OCAzNS41MzQyIDY1LjUxNzEgMzYuMTgyNCA2NS41MTcxIDM3LjE1NDlDNjUuNTE3MSAzOC4xMjc0IDY0Ljg2ODggMzguNzc1NyA2My44OTYzIDM4Ljc3NTdaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik00Ny42ODkzIDUxLjc0MTNIMzMuMTAzMkMzMi4xMzA3IDUxLjc0MTMgMzEuNDgyNCA1MS4wOTMxIDMxLjQ4MjQgNTAuMTIwNkMzMS40ODI0IDQ5LjE0ODEgMzIuMTMwNyA0OC41IDMzLjEwMzIgNDguNUg0Ny42ODkzQzQ4LjY2MTggNDguNSA0OS4zMTAxIDQ5LjE0ODMgNDkuMzEwMSA1MC4xMjA4QzQ5LjMxMDEgNTEuMDkzMyA0OC42NjE4IDUxLjc0MTMgNDcuNjg5MyA1MS43NDEzWiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNjMuODk2OCA1MS43NDEzSDU0LjE3MjVDNTMuMiA1MS43NDEzIDUyLjU1MTggNTEuMDkzMSA1Mi41NTE4IDUwLjEyMDZDNTIuNTUxOCA0OS4xNDgxIDUzLjIwMDIgNDguNSA1NC4xNzI3IDQ4LjVINjMuODk2OUM2NC44Njk0IDQ4LjUgNjUuNTE3NyA0OS4xNDgzIDY1LjUxNzcgNTAuMTIwOEM2NS41MTc3IDUxLjA5MzMgNjQuODY5MiA1MS43NDEzIDYzLjg5NjggNTEuNzQxM1oiIGZpbGw9IiNFQ0JBMTYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNTguMjI0SDMzLjEwMzJDMzIuMTMwNyA1OC4yMjQgMzEuNDgyNCA1Ny41NzU3IDMxLjQ4MjQgNTYuNjAzMkMzMS40ODI0IDU1LjYzMDcgMzIuMTMwNyA1NC45ODI0IDMzLjEwMzIgNTQuOTgyNEg1NC4xNzIyQzU1LjE0NDcgNTQuOTgyNCA1NS43OTMgNTUuNjMwNyA1NS43OTMgNTYuNjAzMkM1NS43OTMgNTcuNTc1NyA1NS4xNDQ1IDU4LjIyNCA1NC4xNzIyIDU4LjIyNFoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgNjQuNzA3NEg0MS4yMDY3QzQwLjIzNDIgNjQuNzA3NCAzOS41ODU5IDY0LjA1OTEgMzkuNTg1OSA2My4wODY2QzM5LjU4NTkgNjIuMTE0MSA0MC4yMzQyIDYxLjQ2NTggNDEuMjA2NyA2MS40NjU4SDYzLjg5NjNDNjQuODY4OCA2MS40NjU4IDY1LjUxNzEgNjIuMTE0MSA2NS41MTcxIDYzLjA4NjZDNjUuNTE3MSA2NC4wNTkxIDY0Ljg2ODggNjQuNzA3NCA2My44OTYzIDY0LjcwNzRaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik0zNC43MjQgNjQuNzA3NEgzMy4xMDMyQzMyLjEzMDcgNjQuNzA3NCAzMS40ODI0IDY0LjA1OTEgMzEuNDgyNCA2My4wODY2QzMxLjQ4MjQgNjIuMTE0MSAzMi4xMzA3IDYxLjQ2NTggMzMuMTAzMiA2MS40NjU4SDM0LjcyNEMzNS42OTY0IDYxLjQ2NTggMzYuMzQ0NyA2Mi4xMTQxIDM2LjM0NDcgNjMuMDg2NkMzNi4zNDQ3IDY0LjA1OTEgMzUuNjk2MyA2NC43MDc0IDM0LjcyNCA2NC43MDc0WiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNDcuNjg5MyA3MS4xODk4SDMzLjEwMzJDMzIuMTMwNyA3MS4xODk4IDMxLjQ4MjQgNzAuNTQxNSAzMS40ODI0IDY5LjU2OUMzMS40ODI0IDY4LjU5NjUgMzIuMTMwNyA2Ny45NDgyIDMzLjEwMzIgNjcuOTQ4Mkg0Ny42ODkzQzQ4LjY2MTggNjcuOTQ4MiA0OS4zMTAxIDY4LjU5NjUgNDkuMzEwMSA2OS41NjlDNDkuMzEwMSA3MC41NDE1IDQ4LjY2MTggNzEuMTg5OCA0Ny42ODkzIDcxLjE4OThaIiBmaWxsPSIjNDJCMDVDIi8+CjxwYXRoIGQ9Ik02My44OTY4IDcxLjE4OThINTQuMTcyNUM1My4yIDcxLjE4OTggNTIuNTUxOCA3MC41NDE1IDUyLjU1MTggNjkuNTY5QzUyLjU1MTggNjguNTk2NSA1My4yIDY3Ljk0ODIgNTQuMTcyNSA2Ny45NDgySDYzLjg5NjhDNjQuODY5MiA2Ny45NDgyIDY1LjUxNzUgNjguNTk2NSA2NS41MTc1IDY5LjU2OUM2NS41MTc1IDcwLjU0MTUgNjQuODY5MiA3MS4xODk4IDYzLjg5NjggNzEuMTg5OFoiIGZpbGw9IiM3MzgzQkYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNzcuNjcyMkgzMy4xMDMyQzMyLjEzMDcgNzcuNjcyMiAzMS40ODI0IDc3LjAyMzkgMzEuNDgyNCA3Ni4wNTE0QzMxLjQ4MjQgNzUuMDc4OSAzMi4xMzA3IDc0LjQzMDcgMzMuMTAzMiA3NC40MzA3SDU0LjE3MjJDNTUuMTQ0NyA3NC40MzA3IDU1Ljc5MyA3NS4wNzg5IDU1Ljc5MyA3Ni4wNTE0QzU1Ljc5MjggNzcuMDIzOSA1NS4xNDQ1IDc3LjY3MjIgNTQuMTcyMiA3Ny42NzIyWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNNjMuODk2MyA3Ny42NzIySDYwLjY1NDlDNTkuNjgyNCA3Ny42NzIyIDU5LjAzNDIgNzcuMDIzOSA1OS4wMzQyIDc2LjA1MTRDNTkuMDM0MiA3NS4wNzg5IDU5LjY4MjQgNzQuNDMwNyA2MC42NTQ5IDc0LjQzMDdINjMuODk2M0M2NC44Njg4IDc0LjQzMDcgNjUuNTE3MSA3NS4wNzg5IDY1LjUxNzEgNzYuMDUxNEM2NS41MTcxIDc3LjAyMzkgNjQuODY4OCA3Ny42NzIyIDYzLjg5NjMgNzcuNjcyMloiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTEwMS4xNzIgNzcuNjcyMkg4MC4xMDMyQzc5LjEzMDcgNzcuNjcyMiA3OC40ODI0IDc3LjAyMzkgNzguNDgyNCA3Ni4wNTE0Qzc4LjQ4MjQgNzUuMDc4OSA3OS4xMzA3IDc0LjQzMDcgODAuMTAzMiA3NC40MzA3SDEwMS4xNzJDMTAyLjE0NSA3NC40MzA3IDEwMi43OTMgNzUuMDc4OSAxMDIuNzkzIDc2LjA1MTRDMTAyLjc5MyA3Ny4wMjM5IDEwMi4xNDUgNzcuNjcyMiAxMDEuMTcyIDc3LjY3MjJaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik0xMTAuODk2IDc3LjY3MjJIMTA3LjY1NUMxMDYuNjgyIDc3LjY3MjIgMTA2LjAzNCA3Ny4wMjM5IDEwNi4wMzQgNzYuMDUxNEMxMDYuMDM0IDc1LjA3ODkgMTA2LjY4MiA3NC40MzA3IDEwNy42NTUgNzQuNDMwN0gxMTAuODk2QzExMS44NjkgNzQuNDMwNyAxMTIuNTE3IDc1LjA3ODkgMTEyLjUxNyA3Ni4wNTE0QzExMi41MTcgNzcuMDIzOSAxMTEuODY5IDc3LjY3MjIgMTEwLjg5NiA3Ny42NzIyWiIgZmlsbD0iIzQyQjA1QyIvPgo8cGF0aCBkPSJNNjMuODk2MyA1OC4yMjRINjAuNjU0OUM1OS42ODI0IDU4LjIyNCA1OS4wMzQyIDU3LjU3NTcgNTkuMDM0MiA1Ni42MDMyQzU5LjAzNDIgNTUuNjMwNyA1OS42ODI0IDU0Ljk4MjQgNjAuNjU0OSA1NC45ODI0SDYzLjg5NjNDNjQuODY4OCA1NC45ODI0IDY1LjUxNzEgNTUuNjMwNyA2NS41MTcxIDU2LjYwMzJDNjUuNTE3MSA1Ny41NzU3IDY0Ljg2ODggNTguMjI0IDYzLjg5NjMgNTguMjI0WiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMTEyLjUxNyA1MS43NDExQzExMi41MTcgNjAuNjU0OSAxMDUuMjI0IDY3Ljk0OCA5Ni4zMTA0IDY3Ljk0OEM4Ny4zOTY2IDY3Ljk0OCA4MC4xMDM1IDYwLjY1NDkgODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNDIuODI3MyA4Ny4zOTY2IDM1LjUzNDIgOTYuMzEwNCAzNS41MzQyQzEwNS4yMjQgMzUuNTM0MiAxMTIuNTE3IDQyLjgyNzMgMTEyLjUxNyA1MS43NDExWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNTIuMjI3MyA4MC4xMDM1IDUyLjg3NTUgODAuMTAzNSA1My4zNjE5SDk2LjMxMDRWMzUuNTM0MkM4Ny4zOTY2IDM1LjUzNDIgODAuMTAzNSA0Mi44MjczIDgwLjEwMzUgNTEuNzQxMVoiIGZpbGw9IiM0MkIwNUMiLz4KPC9nPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zMjY4IiB4MT0iMS4yMzIzOWUtMDYiIHkxPSItOS41MDAwMSIgeDI9IjE2OCIgeTI9IjE2MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjOEZEREZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNzVGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zMjY4Ij4KPHJlY3Qgd2lkdGg9Ijk0IiBoZWlnaHQ9Ijk0IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjUgMjUpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "metricsStorages"], ["spec", "logsStorages"], ["spec", "alerta"], ["spec", "alerta", "storage"], ["spec", "alerta", "storageClassName"], ["spec", "alerta", "resources"], ["spec", "alerta", "resources", "limits"], ["spec", "alerta", "resources", "limits", "cpu"], ["spec", "alerta", "resources", "limits", "memory"], ["spec", "alerta", "resources", "requests"], ["spec", "alerta", "resources", "requests", "cpu"], ["spec", "alerta", "resources", "requests", "memory"], ["spec", "alerta", "alerts"], ["spec", "alerta", "alerts", "telegram"], ["spec", "alerta", "alerts", "telegram", "token"], ["spec", "alerta", "alerts", "telegram", "chatID"], ["spec", "alerta", "alerts", "telegram", "disabledSeverity"], ["spec", "grafana"], ["spec", "grafana", "db"], ["spec", "grafana", "db", "size"], ["spec", "grafana", "resources"], ["spec", "grafana", "resources", "limits"], ["spec", "grafana", "resources", "limits", "cpu"], ["spec", "grafana", "resources", "limits", "memory"], ["spec", "grafana", "resources", "requests"], ["spec", "grafana", "resources", "requests", "cpu"], ["spec", "grafana", "resources", "requests", "memory"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - grafana-admin-password diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml b/packages/system/cozystack-api/cozyrds/mysql.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml rename to packages/system/cozystack-api/cozyrds/mysql.yaml index 10e4876d..fbfa836b 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/mysql.yaml +++ b/packages/system/cozystack-api/cozyrds/mysql.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5MzApIi8+CjxwYXRoIGQ9Ik0xMzMuMTkxIDI5LjAwMjJDMTMxLjIxMyAyOS4wNjU0IDEzMS44MzkgMjkuNjM1NCAxMjcuNTY0IDMwLjY4NzNDMTIzLjI0OCAzMS43NDk2IDExNy45NzUgMzEuNDIzOSAxMTMuMzI3IDMzLjM3MzNDOTkuNDUxNiAzOS4xOTI0IDk2LjY2NzYgNTkuMDgxMyA4NC4wNTM1IDY2LjIwNTlDNzQuNjI0NyA3MS41MzE4IDY1LjExMiA3MS45NTY1IDU2LjU1OTQgNzQuNjM2NUM1MC45Mzg5IDc2LjM5OSA0NC43OTA2IDgwLjAxMzUgMzkuNjk4MiA4NC40MDE4QzM1Ljc0NTUgODcuODA5MyAzNS42NDIzIDkwLjgwNTQgMzEuNTEyMyA5NS4wNzkxQzI3LjA5NDcgOTkuNjUwNCAxMy45NTUxIDk1LjE1NjQgOCAxMDIuMTUzQzkuOTE4MzUgMTA0LjA5MyAxMC43NTk0IDEwNC42MzYgMTQuNTM5OCAxMDQuMTMzQzEzLjc1NzEgMTA1LjYxNiA5LjE0MzMyIDEwNi44NjYgMTAuMDQ2NSAxMDkuMDQ5QzEwLjk5NjggMTExLjM0NSAyMi4xNTExIDExMi45MDEgMzIuMjkwOCAxMDYuNzhDMzcuMDEzMSAxMDMuOTI5IDQwLjc3NDMgOTkuODE5MyA0OC4xMjg4IDk4LjgzODRDNTcuNjQ1OSA5Ny41Njk5IDY4LjYwOTMgOTkuNjUyIDc5LjYyNjggMTAxLjI0MUM3Ny45OTMyIDEwNi4xMTIgNzQuNzEzMyAxMDkuMzUxIDcyLjA4NiAxMTMuMjMxQzcxLjI3MjQgMTE0LjEwNyA3My43MjAyIDExNC4yMDUgNzYuNTEyNiAxMTMuNjc1QzgxLjUzNTkgMTEyLjQzMyA4NS4xNTYxIDExMS40MzMgODguOTQ3MiAxMDkuMjI3QzkzLjYwNDcgMTA2LjUxNSA5NC4zMTA0IDk5LjU2MzkgMTAwLjAyNSA5OC4wNTk5QzEwMy4yMDkgMTAyLjk1NCAxMTEuODY5IDEwNC4xMSAxMTcuMjQyIDEwMC4xOTVDMTEyLjUyNyA5OC44NjA3IDExMS4yMjQgODguODI0NCAxMTIuODE1IDg0LjQwMThDMTE0LjMyMyA4MC4yMTU2IDExNS44MTMgNzMuNTE5MiAxMTcuMzMxIDY3Ljk4NTVDMTE4Ljk2MSA2Mi4wNDI1IDExOS41NjIgNTQuNTUxOSAxMjEuNTM1IDUxLjUyNDdDMTI0LjUwMyA0Ni45NzAxIDEyNy43ODMgNDUuNDA2IDEzMC42MyA0Mi44Mzc3QzEzMy40NzcgNDAuMjY5NSAxMzYuMDgzIDM3Ljc2OTQgMTM1Ljk5OCAzMS44OTI3QzEzNS45NyAyOS45OTk4IDEzNC45OTIgMjguOTQ0NyAxMzMuMTkxIDI5LjAwMjJaIiBmaWxsPSIjMDQyNDRFIi8+CjxwYXRoIGQ9Ik0xMjguOTUzIDMyLjQ4NDRDMTI5LjQyNyAzNC4xMDA0IDEzMC4xNjggMzQuODQyMSAxMzMuMzc1IDM1LjEzODdDMTMyLjkwNiAzOS4yMDQxIDEzMC4xOTUgNDEuNDI3NiAxMjcuMTU0IDQzLjU2MTFDMTI0LjQ3OSA0NS40Mzc2IDEyMS41NDcgNDcuMjQ0NSAxMTkuNjY0IDUwLjE3NTdDMTE3LjczNCA1My4xNzg1IDExNi41MDkgNjMuNDU1NCAxMTMuNTE3IDczLjYwNDRDMTEwLjkzMSA4Mi4zNzM4IDEwNy4wMjUgOTEuMDQ0NSAxMDAuMjA0IDk0Ljg0MzdDOTkuNDkxOSA5My4wNTAyIDEwMC4yOTUgODkuNzQgOTguODc4IDg4LjY1MkM5Ny45NjExIDkxLjI2NzQgOTYuOTI0MiA5My43NjI3IDk1LjcwOTggOTYuMDgyMUM5MS43MDc3IDEwMy43MzIgODUuNzgyMiAxMDkuNDU5IDc1Ljg4MDEgMTExLjIwOEM4MC41Nzg1IDEwNC44NSA4NS4wNzEgOTguMjg0NCA4NS4xNjgzIDg3LjMyNjJDODEuODYxNyA4OC4wNDE3IDgxLjkzMTkgOTUuODUyMiA3OC41MzQ1IDk3Ljk0MDJDNzYuMzU2MyA5OC4xNzcyIDc0LjE0OTggOTguMTc1OCA3MS45MjkxIDk4LjA0MjRDNjIuODA5MSA5Ny40OTU5IDUzLjQ1MzUgOTQuNzU0OSA0NC45MjE5IDk3LjQ5MjNDMzkuMTEyOCA5OS4zNTY4IDM0LjM2MTkgMTAzLjc1NSAyOS40NDI4IDEwNS44ODhDMjMuNjYxNCAxMDguMzk2IDE5LjI4MzEgMTA5LjQyNyAxMi4wODM2IDEwOC4zOTZDMTEuMTY5NSAxMDcuMTY0IDE3LjM1MjYgMTA1LjU3NSAxNi45ODI5IDEwMi45MDJDMTQuMTY1MyAxMDIuNTkgMTIuNTI5MyAxMDMuMjczIDEwLjA4MDEgMTAyLjE2QzEwLjM1MDUgMTAxLjY2MiAxMC43NDc5IDEwMS4yNDcgMTEuMjQ4MyAxMDAuOTAxQzE1LjczNzMgOTcuNzk0IDI4LjQ4ODIgMTAwLjE2NyAzMS45MDA2IDk2LjgxNjdDMzQuMDA3IDk0Ljc1IDM1LjM4ODkgOTIuNTg2NyAzNi44MTk3IDkwLjQ4MzhDMzguMjA3MiA4OC40NDM0IDM5LjY0MTUgODYuNDU5NyA0MS44MjY4IDg0LjY3MTlDNDIuNjMzNyA4NC4wMTE4IDQzLjUxMSA4My4zNTk2IDQ0LjQ0MjEgODIuNzIzQzQ4LjE2NiA4MC4xNzQzIDUyLjc3MjkgNzcuODYyOCA1Ny4zMDY2IDc2LjI2OTRDNjMuNDgyNiA3NC4wOTg0IDY5Ljc0MSA3My45MTk1IDc2LjMyMzcgNzEuNDA0M0M4MC4zOTA0IDY5Ljg1IDg0LjgxMjcgNjcuOTMwMiA4OC40MTc0IDY1LjI0MzlDODkuMjczMyA2NC42MDUxIDkwLjA4MzEgNjMuOTI0NSA5MC44MzE5IDYzLjE5NDlDMTAxLjEyNSA1My4xNjA4IDEwMy4xNjUgMzUuNDYxIDExOS4yMjQgMzMuODExNkMxMjEuMTY2IDMzLjYxMjEgMTIyLjc1NiAzMy42NzY3IDEyNC4yMDMgMzMuNjMyN0MxMjUuODcxIDMzLjU4MyAxMjcuMzQ3IDMzLjM4OTMgMTI4Ljk1MyAzMi40ODQ0Wk0xMDkuMzc1IDg5LjEzMzlDMTA5LjU2NyA5Mi4yMDEzIDExMS4zNDggOTguMjg3MiAxMTIuOTIgOTkuNzY2M0MxMDkuODQxIDEwMC41MTUgMTA0LjUzNyA5OS4yNzggMTAzLjE3NyA5Ny4xMDYyQzEwMy44NzYgOTMuOTcwNyAxMDcuNTE0IDkxLjEwNDEgMTA5LjM3NSA4OS4xMzM5WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEzMC4xMDkgMzUuOTE4N0MxMjkuNDkgMzcuMjE2OSAxMjguMzA1IDM4Ljg5MDggMTI4LjMwNSA0Mi4xOTU2QzEyOC4zIDQyLjc2MyAxMjcuODc1IDQzLjE1MTcgMTI3Ljg2NyA0Mi4yNzdDMTI3Ljg5OSAzOS4wNDcgMTI4Ljc1NCAzNy42NTA3IDEyOS42NjIgMzUuODE1NUMxMzAuMDg1IDM1LjA2MzYgMTMwLjMzOSAzNS4zNzM4IDEzMC4xMDkgMzUuOTE4N1pNMTI5LjQ4NiAzNS40Mjk3QzEyOC43NTYgMzYuNjY4NCAxMjYuOTk4IDM4LjkyNzggMTI2LjcwNyA0Mi4yMjAzQzEyNi42NTMgNDIuNzg0OCAxMjYuMTk0IDQzLjEzNDMgMTI2LjI2NCA0Mi4yNjE4QzEyNi41ODEgMzkuMDQ3NyAxMjcuOTg2IDM3LjAzNiAxMjkuMDUyIDM1LjI4NzNDMTI5LjUzNiAzNC41NzYxIDEyOS43NjMgMzQuOTA3NCAxMjkuNDg2IDM1LjQyOTdaTTEyOC45MTggMzQuNzgxN0MxMjguMDg2IDM1Ljk1NDMgMTI1LjM4IDM4LjY2NzggMTI0LjgxNCA0MS45MjQ3QzEyNC43MTIgNDIuNDgxOSAxMjQuMjI1IDQyLjc5MjggMTI0LjM2OCA0MS45MjlDMTI0Ljk1NCAzOC43NTIgMTI3LjI4NyAzNi4yNTUgMTI4LjQ5NiAzNC42MDM3QzEyOS4wMzggMzMuOTM0NiAxMjkuMjM3IDM0LjI4NCAxMjguOTE4IDM0Ljc4MTdaTTEyOC40MTEgMzQuMDU4OEwxMjguMTM3IDM0LjM0OTlDMTI2LjkyNyAzNS42NDcyIDEyNC4xMTYgMzguODExNCAxMjMuMTc5IDQxLjcwNzRDMTIyLjk5OSA0Mi4yNDUgMTIyLjQ3NCA0Mi40ODQ4IDEyMi43MzcgNDEuNjQ5M0MxMjMuNzYzIDM4LjU4NjQgMTI2LjU4OSAzNS4yODczIDEyOC4wMTggMzMuODIyN0MxMjguNjUgMzMuMjM2NCAxMjguNzk2IDMzLjYxMDYgMTI4LjQxMSAzNC4wNTg4Wk0xMTMuODg2IDQwLjYxNjJDMTE0LjUxMyAzNy45MjMxIDExNi42MDcgMzYuNjk2IDEyMC4yMjMgMzYuOTk1M0MxMjEuMDk2IDQxLjAxNTEgMTE2LjIxMyA0Mi42MzY2IDExMy44ODYgNDAuNjE2MloiIGZpbGw9IiMwNDI0NEUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMjkzMCIgeDE9IjE0MC41IiB5MT0iMTQxIiB4Mj0iNS45OTk5OSIgeTI9Ii01LjUwMjI4ZS0wNiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjQzQ5QTZDIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U3QkY5MyIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml b/packages/system/cozystack-api/cozyrds/nats.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml rename to packages/system/cozystack-api/cozyrds/nats.yaml index afde7461..3b83f880 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/nats.yaml +++ b/packages/system/cozystack-api/cozyrds/nats.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgyMSkiLz4KPHJlY3Qgd2lkdGg9IjE0NCIgaGVpZ2h0PSIxNDQiIHJ4PSIyNCIgZmlsbD0iYmxhY2siIGZpbGwtb3BhY2l0eT0iMC4zIi8+CjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNMTE3LjQ4IDI1SDI3Vjk4Ljk2OTNINjYuMDY4OUw4Ny43MDc1IDExOVY5OC45NjkzSDExNy40OFYyNVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4xMzUyIDcyLjQ1NTJWNDIuNjI1SDEwMi43NzNWODEuMTk5OUg4Ni42NTE5TDU0LjExNCA1MC44NDE0VjgxLjIzMjJINDMuNDQ0M1Y0Mi42MjVINjAuMTI2Mkw5Mi4xMzUyIDcyLjQ1NTJaIiBmaWxsPSJibGFjayIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4MV8yODIxIiB4MT0iMTAiIHkxPSIxNS41IiB4Mj0iMTQ0IiB5Mj0iMTMxLjUiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzM4NUM5MyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMzMkE1NzQiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "jetstream"], ["spec", "jetstream", "enabled"], ["spec", "jetstream", "size"], ["spec", "config"], ["spec", "config", "merge"], ["spec", "config", "resolver"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml rename to packages/system/cozystack-api/cozyrds/postgres.yaml index d53c7186..f2f98d46 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -37,7 +37,7 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "postgresql"], ["spec", "postgresql", "parameters"], ["spec", "postgresql", "parameters", "max_connections"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "destinationPath"], ["spec", "backup", "endpointURL"], ["spec", "backup", "schedule"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" - include: [{}] + exclude: [] + include: + - resourceNames: + - postgres-{{ .name }}-app diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml rename to packages/system/cozystack-api/cozyrds/rabbitmq.yaml index 87606b4f..2f09d9db 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/rabbitmq.yaml +++ b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHg9Ii0wLjAwMTk1MzEyIiB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgcng9IjI0IiBmaWxsPSJ1cmwoI3BhaW50MF9saW5lYXJfNjgzXzI5NzIpIi8+CjxwYXRoIGQ9Ik0xMTEuNDExIDYyLjhIODIuNDkzOUM4MS43OTY5IDYyLjc5OTcgODEuMTI4NSA2Mi41MjI4IDgwLjYzNTYgNjIuMDMwMUM4MC4xNDI3IDYxLjUzNzMgNzkuODY1NiA2MC44NjkxIDc5Ljg2NTMgNjAuMTcyMlYzMC4wNDEyQzc5Ljg2NTMgMjcuODEgNzguMDU1NiAyNiA3NS44MjQ5IDI2SDY1LjUwMjFDNjMuMjcgMjYgNjEuNDYxNCAyNy44MSA2MS40NjE0IDMwLjA0MTJWNTkuOTg5OEM2MS40NjE0IDYxLjU0MzUgNjAuMjA1IDYyLjgwNjUgNTguNjUwOCA2Mi44MTMzTDQ5LjE3NDMgNjIuODU4NEM0Ny42MDY5IDYyLjg2NjkgNDYuMzMzNiA2MS41OTU1IDQ2LjMzNjYgNjAuMDI5OEw0Ni4zOTU0IDMwLjA0OEM0Ni40MDA1IDI3LjgxMzQgNDQuNTkwMiAyNiA0Mi4zNTUgMjZIMzIuMDQwN0MyOS44MDgzIDI2IDI4IDI3LjgxIDI4IDMwLjA0MTJWMTE0LjQxMkMyOCAxMTYuMzk0IDI5LjYwNjEgMTE4IDMxLjU4NzEgMTE4SDExMS40MTFDMTEzLjM5NCAxMTggMTE1IDExNi4zOTQgMTE1IDExNC40MTJWNjYuMzg4QzExNSA2NC40MDU4IDExMy4zOTQgNjIuOCAxMTEuNDExIDYyLjhaTTk3Ljg1MDggOTQuNDc3OUM5Ny44NTA4IDk3LjA3NTUgOTUuNzQ0NSA5OS4xODE3IDkzLjE0NjQgOTkuMTgxN0g4NC45ODg0QzgyLjM5IDk5LjE4MTcgODAuMjgzNiA5Ny4wNzU1IDgwLjI4MzYgOTQuNDc3OVY4Ni4zMjE3QzgwLjI4MzYgODMuNzIzOCA4Mi4zOSA4MS42MTc5IDg0Ljk4ODQgODEuNjE3OUg5My4xNDY0Qzk1Ljc0NDUgODEuNjE3OSA5Ny44NTA4IDgzLjcyMzggOTcuODUwOCA4Ni4zMjE3Vjk0LjQ3NzlaIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4M18yOTcyIiB4MT0iNSIgeTE9Ii03LjUiIHgyPSIxNDEiIHkyPSIxMjQuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkY4MjJGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0ZGNjYwMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8L2RlZnM+Cjwvc3ZnPgo= keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "vhosts"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml b/packages/system/cozystack-api/cozyrds/redis.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml rename to packages/system/cozystack-api/cozyrds/redis.yaml index 95bee1e7..261da934 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/redis.yaml +++ b/packages/system/cozystack-api/cozyrds/redis.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMzIxMykiLz4KPHBhdGggZD0iTTEyMC4xNDkgOTUuNTQ5MUMxMTQuNTg2IDk4LjQ0ODUgODUuNzcwOSAxMTAuMjk2IDc5LjYzNjMgMTEzLjQ5NUM3My41MDE2IDExNi42OTMgNzAuMDkzNyAxMTYuNjYyIDY1LjI0NzIgMTE0LjM0NkM2MC40MDEyIDExMi4wMjkgMjkuNzM2NCA5OS42NDIzIDI0LjIxMjUgOTcuMDAxOUMyMS40NTE5IDk1LjY4MjcgMjAgOTQuNTY4NyAyMCA5My41MTY2VjgyLjk4MDlDMjAgODIuOTgwOSA1OS45MjIgNzQuMjkwMSA2Ni4zNjY5IDcxLjk3NzhDNzIuODExNSA2OS42NjU2IDc1LjA0NzYgNjkuNTgyMSA4MC41MzIgNzEuNTkxQzg2LjAxNzMgNzMuNjAwOCAxMTguODEyIDc5LjUxNzYgMTI0LjIzMyA4MS41MDI5TDEyNC4yMyA5MS44ODk2QzEyNC4yMzEgOTIuOTMxMSAxMjIuOTggOTQuMDczNiAxMjAuMTQ5IDk1LjU0OTFaIiBmaWxsPSIjOTEyNjI2Ii8+CjxwYXRoIGQ9Ik0xMjAuMTQ3IDg1LjA3NTJDMTE0LjU4NSA4Ny45NzM0IDg1Ljc3IDk5LjgyMTggNzkuNjM1NCAxMDMuMDJDNzMuNTAxMSAxMDYuMjE5IDcwLjA5MzIgMTA2LjE4NyA2NS4yNDcyIDEwMy44NzFDNjAuNDAwNyAxMDEuNTU1IDI5LjczNzEgODkuMTY2OCAyNC4yMTM2IDg2LjUyOEMxOC42OTAxIDgzLjg4NzYgMTguNTc0NCA4Mi4wNzA0IDI0LjAwMDMgNzkuOTQ1OEMyOS40MjYxIDc3LjgyMDUgNTkuOTIxNSA2NS44NTYxIDY2LjM2NzIgNjMuNTQzOEM3Mi44MTE4IDYxLjIzMjQgNzUuMDQ3NSA2MS4xNDgxIDgwLjUzMTkgNjMuMTU3OEM4Ni4wMTY4IDY1LjE2NjggMTE0LjY2IDc2LjU2NzYgMTIwLjA3OSA3OC41NTI1QzEyNS41MDEgODAuNTM5OSAxMjUuNzA5IDgyLjE3NjMgMTIwLjE0NyA4NS4wNzUyWiIgZmlsbD0iI0M2MzAyQiIvPgo8cGF0aCBkPSJNMTIwLjE0OSA3OC41MDJDMTE0LjU4NiA4MS40MDE4IDg1Ljc3MDkgOTMuMjQ5MyA3OS42MzYzIDk2LjQ0ODhDNzMuNTAxNiA5OS42NDYyIDcwLjA5MzcgOTkuNjE1MiA2NS4yNDcyIDk3LjI5ODVDNjAuNDAwOCA5NC45ODMgMjkuNzM2NCA4Mi41OTUyIDI0LjIxMjUgNzkuOTU0N0MyMS40NTE5IDc4LjYzNTUgMjAgNzcuNTIzMiAyMCA3Ni40NzA3VjY1LjkzMzhDMjAgNjUuOTMzOCA1OS45MjIgNTcuMjQzNCA2Ni4zNjY5IDU0LjkzMTFDNzIuODExNSA1Mi42MTg5IDc1LjA0NzYgNTIuNTM1IDgwLjUzMiA1NC41NDQzQzg2LjAxNzcgNTYuNTUzNiAxMTguODEzIDYyLjQ2OTMgMTI0LjIzMyA2NC40NTVMMTI0LjIzIDc0Ljg0MjhDMTI0LjIzMSA3NS44ODQgMTIyLjk4IDc3LjAyNjQgMTIwLjE0OSA3OC41MDJaIiBmaWxsPSIjOTEyNjI2Ii8+CjxwYXRoIGQ9Ik0xMjAuMTQ3IDY4LjAyODJDMTE0LjU4NSA3MC45MjcxIDg1Ljc3IDgyLjc3NDcgNzkuNjM1NCA4NS45NzM3QzczLjUwMTEgODkuMTcxNiA3MC4wOTMyIDg5LjE0MDIgNjUuMjQ3MiA4Ni44MjM1QzYwLjQwMDcgODQuNTA4NCAyOS43MzcxIDcyLjEyMDEgMjQuMjEzNiA2OS40ODA5QzE4LjY5MDEgNjYuODQxMyAxOC41NzQ0IDY1LjAyMzcgMjQuMDAwMyA2Mi44OTg0QzI5LjQyNjEgNjAuNzc0MiA1OS45MjE5IDQ4LjgwOSA2Ni4zNjcyIDQ2LjQ5NzJDNzIuODExOCA0NC4xODUzIDc1LjA0NzUgNDQuMTAxNCA4MC41MzE5IDQ2LjExMDhDODYuMDE2OCA0OC4xMTk3IDExNC42NiA1OS41MTk3IDEyMC4wNzkgNjEuNTA1NUMxMjUuNTAxIDYzLjQ5MjQgMTI1LjcwOSA2NS4xMjkyIDEyMC4xNDcgNjguMDI4MloiIGZpbGw9IiNDNjMwMkIiLz4KPHBhdGggZD0iTTEyMC4xNDkgNjAuODIyNEMxMTQuNTg2IDYzLjcyMTQgODUuNzcwOSA3NS41Njk4IDc5LjYzNjMgNzguNzY5MkM3My41MDE2IDgxLjk2NzEgNzAuMDkzNyA4MS45MzU3IDY1LjI0NzIgNzkuNjE5QzYwLjQwMDggNzcuMzAzNSAyOS43MzY0IDY0LjkxNTIgMjQuMjEyNSA2Mi4yNzZDMjEuNDUxOSA2MC45NTU2IDIwIDU5Ljg0MjggMjAgNTguNzkxNVY0OC4yNTQyQzIwIDQ4LjI1NDIgNTkuOTIyIDM5LjU2NDIgNjYuMzY2OSAzNy4yNTI0QzcyLjgxMTUgMzQuOTM5NyA3NS4wNDc2IDM0Ljg1NjcgODAuNTMyIDM2Ljg2NTZDODYuMDE3NyAzOC44NzQ5IDExOC44MTMgNDQuNzkwNSAxMjQuMjMzIDQ2Ljc3NjNMMTI0LjIzIDU3LjE2MzdDMTI0LjIzMSA1OC4yMDQgMTIyLjk4IDU5LjM0NjUgMTIwLjE0OSA2MC44MjI0WiIgZmlsbD0iIzkxMjYyNiIvPgo8cGF0aCBkPSJNMTIwLjE0NyA1MC4zNDlDMTE0LjU4NSA1My4yNDc5IDg1Ljc2OTggNjUuMDk2MyA3OS42MzUyIDY4LjI5NDFDNzMuNTAwOSA3MS40OTIgNzAuMDkzIDcxLjQ2MDYgNjUuMjQ2OSA2OS4xNDUxQzYwLjQwMDkgNjYuODI4MyAyOS43MzY5IDU0LjQ0MDkgMjQuMjEzOCA1MS44MDEzQzE4LjY4OTkgNDkuMTYyMSAxOC41NzQ2IDQ3LjM0NDEgMjQgNDUuMjE5MkMyOS40MjU5IDQzLjA5NDYgNTkuOTIxNyAzMS4xMzEgNjYuMzY3IDI4LjgxODRDNzIuODExNiAyNi41MDYxIDc1LjA0NzMgMjYuNDIzIDgwLjUzMTcgMjguNDMyNEM4Ni4wMTY2IDMwLjQ0MTcgMTE0LjY1OSA0MS44NDE4IDEyMC4wNzkgNDMuODI3NUMxMjUuNTAxIDQ1LjgxMjggMTI1LjcwOSA0Ny40NSAxMjAuMTQ3IDUwLjM0OVoiIGZpbGw9IiNDNjMwMkIiLz4KPHBhdGggZD0iTTg0Ljg1NDEgNDAuMDk5NEw3NS44OTI2IDQxLjAyOThMNzMuODg2NSA0NS44NTdMNzAuNjQ2MyA0MC40NzAzTDYwLjI5ODMgMzkuNTQwNEw2OC4wMTk3IDM2Ljc1NThMNjUuNzAzIDMyLjQ4MTRMNzIuOTMyMSAzNS4zMDg4TDc5Ljc0NzEgMzMuMDc3NUw3Ny45MDUyIDM3LjQ5NzJMODQuODU0MSA0MC4wOTk0Wk03My4zNTE1IDYzLjUxODRMNTYuNjI2NiA1Ni41ODE2TDgwLjU5MiA1Mi45MDI5TDczLjM1MTUgNjMuNTE4NFpNNTAuMTYzNyA0Mi43ODI2QzU3LjIzODEgNDIuNzgyNiA2Mi45NzMgNDUuMDA1NyA2Mi45NzMgNDcuNzQ3NUM2Mi45NzMgNTAuNDkwMSA1Ny4yMzgxIDUyLjcxMjggNTAuMTYzNyA1Mi43MTI4QzQzLjA4OTMgNTIuNzEyOCAzNy4zNTQ1IDUwLjQ4OTcgMzcuMzU0NSA0Ny43NDc1QzM3LjM1NDUgNDUuMDA1NyA0My4wODkzIDQyLjc4MjYgNTAuMTYzNyA0Mi43ODI2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTk1LjQ0MzQgNDEuNDE3NEwxMDkuNjI3IDQ3LjAyMjRMOTUuNDU1NiA1Mi42MjJMOTUuNDQzNCA0MS40MTc0WiIgZmlsbD0iIzYyMUIxQyIvPgo8cGF0aCBkPSJNNzkuNzUyOSA0Ny42MjYxTDk1LjQ0NDkgNDEuNDE4OUw5NS40NTcxIDUyLjYyMzZMOTMuOTE4NCA1My4yMjU0TDc5Ljc1MjkgNDcuNjI2MVoiIGZpbGw9IiM5QTI5MjgiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMzIxMyIgeDE9IjE4OSIgeTE9IjIxMC41IiB4Mj0iMCIgeTI9IjAiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0E4MDAwMCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRkNGQ0YiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "authEnabled"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml rename to packages/system/cozystack-api/cozyrds/seaweedfs.yaml index f4519c85..fb51db19 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/seaweedfs.yaml +++ b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTEzOC42ODUgMTIxLjA1N0MxMzguNjg1IDEyNi42NTIgMTM2LjQ2MiAxMzIuMDE3IDEzMi41MDQgMTM1Ljk3M0MxMjguNTQ3IDEzOS45MjkgMTIzLjE3OSAxNDIuMTUxIDExNy41ODIgMTQyLjE1MUMxMTEuOTg1IDE0Mi4xNTEgMTA2LjYxOCAxMzkuOTI5IDEwMi42NiAxMzUuOTczQzk4LjcwMjggMTMyLjAxNyA5Ni40Nzk1IDEyNi42NTIgOTYuNDc5NSAxMjEuMDU3Qzk2LjQ3OTUgMTE4LjI4NyA5Ny4wMjUzIDExNS41NDQgOTguMDg1OCAxMTIuOTg1Qzk5LjE0NjMgMTEwLjQyNSAxMDAuNzAxIDEwOC4xIDEwMi42NiAxMDYuMTQxQzEwNC42MiAxMDQuMTgyIDEwNi45NDYgMTAyLjYyOSAxMDkuNTA3IDEwMS41NjlDMTEyLjA2NyAxMDAuNTA5IDExNC44MTEgOTkuOTYyOSAxMTcuNTgyIDk5Ljk2MjlDMTIwLjM1MyA5OS45NjI5IDEyMy4wOTggMTAwLjUwOSAxMjUuNjU4IDEwMS41NjlDMTI4LjIxOCAxMDIuNjI5IDEzMC41NDQgMTA0LjE4MiAxMzIuNTA0IDEwNi4xNDFDMTM0LjQ2NCAxMDguMSAxMzYuMDE4IDExMC40MjUgMTM3LjA3OSAxMTIuOTg1QzEzOC4xMzkgMTE1LjU0NCAxMzguNjg1IDExOC4yODcgMTM4LjY4NSAxMjEuMDU3WiIgZmlsbD0idXJsKCNwYWludDFfcmFkaWFsXzY3OV8xOTEwKSIvPgo8cGF0aCBkPSJNMTEwLjMzNiAxMjYuMTQ3SDEyMy42OFYxMzYuODIzSDExMC4zMzZWMTI2LjE0N1oiIGZpbGw9IiMwRjVFOUMiLz4KPHBhdGggZD0iTTExOS4yNyAxMTIuMjk0QzExOS4yNyAxMTIuNzE0IDExOS4xNzggMTEzLjEzMSAxMTkgMTEzLjUxOUMxMTguODIxIDExMy45MDggMTE4LjU2IDExNC4yNjEgMTE4LjIzIDExNC41NThDMTE3LjkwMSAxMTQuODU1IDExNy41MDkgMTE1LjA5MSAxMTcuMDc5IDExNS4yNTJDMTE2LjY0OCAxMTUuNDEzIDExNi4xODYgMTE1LjQ5NiAxMTUuNzIgMTE1LjQ5NkMxMTQuNzc4IDExNS40OTYgMTEzLjg3NSAxMTUuMTU4IDExMy4yMSAxMTQuNTU4QzExMi41NDQgMTEzLjk1NyAxMTIuMTcgMTEzLjE0MyAxMTIuMTcgMTEyLjI5NEMxMTIuMTcgMTExLjQ0NSAxMTIuNTQ0IDExMC42MyAxMTMuMjEgMTEwLjAzQzExMy44NzUgMTA5LjQyOSAxMTQuNzc4IDEwOS4wOTIgMTE1LjcyIDEwOS4wOTJDMTE2LjE4NiAxMDkuMDkyIDExNi42NDggMTA5LjE3NSAxMTcuMDc5IDEwOS4zMzZDMTE3LjUwOSAxMDkuNDk2IDExNy45MDEgMTA5LjczMiAxMTguMjMgMTEwLjAzQzExOC41NiAxMTAuMzI3IDExOC44MjEgMTEwLjY4IDExOSAxMTEuMDY4QzExOS4xNzggMTExLjQ1NyAxMTkuMjcgMTExLjg3MyAxMTkuMjcgMTEyLjI5NFoiIGZpbGw9IiM1OTY4NkYiLz4KPHBhdGggZD0iTTEyOC4xMSAxMTQuMTAzQzEyOC4xMSAxMTQuOTUzIDEyNy43MzYgMTE1Ljc2NyAxMjcuMDcgMTE2LjM2OEMxMjYuNDA0IDExNi45NjggMTI1LjUwMSAxMTcuMzA1IDEyNC41NiAxMTcuMzA1QzEyNC4wOTQgMTE3LjMwNSAxMjMuNjMyIDExNy4yMjMgMTIzLjIwMSAxMTcuMDYyQzEyMi43NzEgMTE2LjkwMSAxMjIuMzc5IDExNi42NjUgMTIyLjA1IDExNi4zNjhDMTIxLjcyIDExNi4wNyAxMjEuNDU4IDExNS43MTcgMTIxLjI4IDExNS4zMjlDMTIxLjEwMiAxMTQuOTQgMTIxLjAxIDExNC41MjQgMTIxLjAxIDExNC4xMDNDMTIxLjAxIDExMy42ODMgMTIxLjEwMiAxMTMuMjY2IDEyMS4yOCAxMTIuODc4QzEyMS40NTggMTEyLjQ5IDEyMS43MiAxMTIuMTM3IDEyMi4wNSAxMTEuODM5QzEyMi4zNzkgMTExLjU0MiAxMjIuNzcxIDExMS4zMDYgMTIzLjIwMSAxMTEuMTQ1QzEyMy42MzIgMTEwLjk4NCAxMjQuMDk0IDExMC45MDEgMTI0LjU2IDExMC45MDFDMTI1LjUwMSAxMTAuOTAxIDEyNi40MDQgMTExLjIzOSAxMjcuMDcgMTExLjgzOUMxMjcuNzM2IDExMi40NCAxMjguMTEgMTEzLjI1NCAxMjguMTEgMTE0LjEwM1oiIGZpbGw9IiM1OTY4NkYiLz4KPHBhdGggZD0iTTEyMi4zMzMgMTE4Ljk3NkMxMjIuMzMzIDExOS44MjYgMTIxLjk1OCAxMjAuNjQgMTIxLjI5MyAxMjEuMjQxQzEyMC42MjcgMTIxLjg0MSAxMTkuNzI0IDEyMi4xNzggMTE4Ljc4MiAxMjIuMTc4QzExOC4zMTYgMTIyLjE3OCAxMTcuODU1IDEyMi4wOTYgMTE3LjQyNCAxMjEuOTM1QzExNi45OTMgMTIxLjc3NCAxMTYuNjAyIDEyMS41MzggMTE2LjI3MiAxMjEuMjQxQzExNS45NDMgMTIwLjk0MyAxMTUuNjgxIDEyMC41OSAxMTUuNTAzIDEyMC4yMDJDMTE1LjMyNCAxMTkuODEzIDExNS4yMzIgMTE5LjM5NyAxMTUuMjMyIDExOC45NzZDMTE1LjIzMiAxMTguNTU2IDExNS4zMjQgMTE4LjE0IDExNS41MDMgMTE3Ljc1MUMxMTUuNjgxIDExNy4zNjMgMTE1Ljk0MyAxMTcuMDEgMTE2LjI3MiAxMTYuNzEyQzExNi42MDIgMTE2LjQxNSAxMTYuOTkzIDExNi4xNzkgMTE3LjQyNCAxMTYuMDE4QzExNy44NTUgMTE1Ljg1NyAxMTguMzE2IDExNS43NzQgMTE4Ljc4MiAxMTUuNzc0QzExOS43MjQgMTE1Ljc3NCAxMjAuNjI3IDExNi4xMTIgMTIxLjI5MyAxMTYuNzEyQzEyMS45NTggMTE3LjMxMyAxMjIuMzMzIDExOC4xMjcgMTIyLjMzMyAxMTguOTc2WiIgZmlsbD0iIzU5Njg2RiIvPgo8cGF0aCBkPSJNMTE1LjMwOCAxMjEuOTA1QzExMy43MzUgMTIxLjQyNiAxMTUuNzA3IDEyMC42OCAxMTUuNDI5IDEyMC41NzNDMTE0LjY1MyAxMjAuMjc2IDExNS43MyAxMTkuMzMzIDExNi43NCAxMTguNTM5QzExNy42MjggMTE3Ljg0MSAxMTcuNjU5IDExNy44MzkgMTE3Ljg5MiAxMTguNDY4QzExOC4wMjQgMTE4LjgyMyAxMTguMzcxIDExOS4yMDYgMTE4LjY2NSAxMTkuMzE5QzExOS4yODkgMTE5LjU1OCAxMjAuOTUxIDExOS4yNjkgMTIwLjk1MSAxMTguODM1QzEyMC45NTEgMTE4LjIyMyAxMjEuNDE1IDExOC42OTkgMTIxLjc5NCAxMTkuNTMxQzEyMi40NTcgMTIwLjk4NyAxMjIuNDM3IDEyMi40NzIgMTIxLjQ1IDEyMi40NzJDMTIwLjg1OSAxMjIuNDcyIDEyMC4zMSAxMjIuNjkxIDEyMC4xOSAxMjMuMTQ3QzExNS4wNDYgMTI0LjYgMTE2LjQ3MSAxMjMuMjg0IDExNS4zMDggMTIxLjkwNVpNMTIzLjA5NCAxMTguMDU0QzEyMS42MDkgMTE3LjQ2NiAxMjAuNTQ3IDExNC44MzggMTIwLjU0NyAxMTMuMzA5QzEyMC41NDcgMTExLjMyMyAxMjIuNTQxIDEwOS4wOTUgMTI0LjMxNyAxMDkuMDk1QzEyOC4zMTUgMTA5LjA5NSAxMzAuNjg0IDExMi4yNjEgMTI4LjgzOCAxMTguNDA5QzEyOC4zODUgMTE5LjkxOSAxMjMuOTMzIDExOC4zODcgMTIzLjA5NCAxMTguMDU0Wk0xMjUuODY2IDExNS42NDlDMTI3LjU0NCAxMTQuNDc0IDEyNS44NTcgMTExLjc1NSAxMjMuOTgxIDExMi42MUMxMjIuNDc5IDExMy4yOTQgMTIzLjExOSAxMTYuMTE1IDEyNC43NyAxMTYuMTY0QzEyNC45NjEgMTE2LjE2OSAxMjUuNDU0IDExNS45MzggMTI1Ljg2NiAxMTUuNjQ5Wk0xMjQuMzM5IDExNC41NzlDMTIzLjc3MSAxMTQuMzgxIDEyMy44MDMgMTEzLjI1NiAxMjQuMzgzIDExMy4wMzRDMTI0LjkwMiAxMTIuODM1IDEyNS42MDQgMTEzLjM5OCAxMjUuNjA0IDExNC4wMTRDMTI1LjYwNCAxMTQuNDg5IDEyNC45MzYgMTE0Ljc4NyAxMjQuMzM5IDExNC41NzlaTTExMi4zMTkgMTE2Ljk4QzEwOS45NiAxMTUuNjcgMTEwLjI4NiAxMTEuMDA2IDExMi40MTcgMTA4Ljk2NUMxMTQuMzk2IDEwNy4wNjkgMTE4Ljc3OCAxMDcuMTAzIDExOS43NjQgMTA5LjQ2MkMxMjAuNDE1IDExMS4wMjEgMTIwLjIyOCAxMTIuNiAxMTkuMzk4IDExNC4wNzdDMTE4LjE5NCAxMTYuMjE5IDExNC4yNDIgMTE4LjA0OSAxMTIuMzE5IDExNi45OFpNMTE2LjU2IDExMy41OTNDMTE3LjMyNSAxMTIuOTAxIDExNy4yOTcgMTEyLjA2IDExNi41NzIgMTExLjI1OUMxMTUuNzc3IDExMC4zNzkgMTE0LjY5MiAxMTAuMzQ1IDExNC4wMzUgMTExLjM0N0MxMTMuNTI0IDExMi4xMjcgMTEzLjQzMSAxMTIuNTI4IDExMy45NDMgMTEzLjMwOUMxMTQuNTggMTE0LjI4IDExNS42NyAxMTQuMzk5IDExNi41NiAxMTMuNTkzWk0xMTQuMzc0IDExMi4zNEMxMTQuMTI4IDExMS42OTggMTE0Ljk4NSAxMTAuOTgxIDExNS42OCAxMTEuMjQ3QzExNS45NzQgMTExLjM2IDExNi4xNjQgMTExLjcxOCAxMTYuMTAyIDExMi4wNDRDMTE1Ljk2MSAxMTIuNzg1IDExNC42MzIgMTEzLjAxMiAxMTQuMzc0IDExMi4zNFoiIGZpbGw9IiNEM0Q2REEiLz4KPHBhdGggZD0iTTExOC40NjMgMTIxLjAwOEwxMTcuOTQ1IDEyMC43OEMxMTcuNTEgMTIwLjY4NSAxMTcuMjMxIDEyMS4xMDcgMTE3LjEzNiAxMjEuNTQzTDExNi44ODEgMTIyLjcwOUMxMTYuNzg2IDEyMy4xNDUgMTE3LjA2MSAxMjMuNTcxIDExNy40OTYgMTIzLjY2NkwxMTguNDQ3IDEyMy44NzRDMTE4Ljg4MiAxMjMuOTY5IDExOS4zMTEgMTIzLjY5NCAxMTkuNDA2IDEyMy4yNTlMMTE5LjY4NSAxMjEuNTU2QzExOS43OCAxMjEuMTIgMTE5LjQ3OSAxMjEuMjI4IDExOS4wNDMgMTIxLjEzM0wxMTguNjI4IDEyMS4wNDNDMTE4LjU3MyAxMjEuMzIxIDExOC41MTYgMTIxLjYxMyAxMTguNDcxIDEyMS44MzNDMTE4LjQzOCAxMjEuOTk4IDExOC40MDcgMTIyLjE0OCAxMTguMzc5IDEyMi4yODJDMTE4LjM1MSAxMjIuNDE1IDExOC4zMjcgMTIyLjUzMyAxMTguMzA1IDEyMi42MzVDMTE4LjI4MiAxMjIuNzM4IDExOC4yNjIgMTIyLjgyNSAxMTguMjQ1IDEyMi44OTdDMTE4LjIyOCAxMjIuOTY5IDExOC4yMTQgMTIzLjAyNSAxMTguMjAyIDEyMy4wNjhDMTE4LjE5NiAxMjMuMDg5IDExOC4xOTMgMTIzLjEwNyAxMTguMTg4IDEyMy4xMjFDMTE4LjE4MyAxMjMuMTM1IDExOC4xNzggMTIzLjE0NSAxMTguMTc1IDEyMy4xNTJDMTE4LjE3MyAxMjMuMTU1IDExOC4xNzIgMTIzLjE1NiAxMTguMTcxIDEyMy4xNThDMTE4LjE3IDEyMy4xNTkgMTE4LjE2OCAxMjMuMTYgMTE4LjE2NyAxMjMuMTZMMTE4LjE2NSAxMjMuMTU4QzExOC4xNjQgMTIzLjE1NiAxMTguMTYzIDEyMy4xNTIgMTE4LjE2MyAxMjMuMTQ4QzExOC4xNjIgMTIzLjE0IDExOC4xNjIgMTIzLjEyOSAxMTguMTYzIDEyMy4xMTVDMTE4LjE2MyAxMjMuMSAxMTguMTYzIDEyMy4wODMgMTE4LjE2NSAxMjMuMDYxQzExOC4xNjggMTIzLjAxOCAxMTguMTc1IDEyMi45NjEgMTE4LjE4MyAxMjIuODkxQzExOC4xOTIgMTIyLjgyIDExOC4yMDMgMTIyLjczNiAxMTguMjE2IDEyMi42NEMxMTguMjI5IDEyMi41NDMgMTE4LjI0NiAxMjIuNDMxIDExOC4yNjQgMTIyLjMwOEMxMTguMjgxIDEyMi4xODUgMTE4LjMwMSAxMjIuMDUxIDExOC4zMjMgMTIxLjkwM0MxMTguMzQ2IDEyMS43NTUgMTE4LjM3IDEyMS41OTIgMTE4LjM5NyAxMjEuNDE5QzExOC40MTYgMTIxLjI5OSAxMTguNDQyIDEyMS4xNCAxMTguNDYzIDEyMS4wMDhaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDMuNTgxIDExNi4zNjdDMTAzLjQ3OSAxMTYuMTAzIDEwMy42MjIgMTE1LjY5OSAxMDMuODk4IDExNS40NjlDMTA0LjMwMyAxMTUuMTMzIDEwNC41MDQgMTE1LjE1NSAxMDQuOTMgMTE1LjU4MUMxMDUuMjIgMTE1Ljg3MSAxMDUuMzU1IDExNi4yNzYgMTA1LjIzIDExNi40NzlDMTA0LjkwMiAxMTcuMDA5IDEwMy43OTggMTE2LjkzNCAxMDMuNTgxIDExNi4zNjdaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDYuMDM4IDExMi4yODFDMTA1LjY4IDExMS44NDkgMTA1LjcwMiAxMTEuNjYgMTA2LjE2NSAxMTEuMTk3QzEwNi42ODkgMTEwLjY3NCAxMDYuNzY0IDExMC42NzQgMTA3LjI4NyAxMTEuMTk3QzEwNy43NTEgMTExLjY2IDEwNy43NzMgMTExLjg0OSAxMDcuNDE1IDExMi4yODFDMTA3LjE3NiAxMTIuNTY4IDEwNi44NjYgMTEyLjgwMyAxMDYuNzI2IDExMi44MDNDMTA2LjU4NiAxMTIuODAzIDEwNi4yNzcgMTEyLjU2OCAxMDYuMDM4IDExMi4yODFaIiBmaWxsPSIjOThDNkQ4Ii8+CjxwYXRoIGQ9Ik0xMDYuMDM4IDEwNy4yMjRDMTA1LjY4MiAxMDYuNzk1IDEwNS42OTQgMTA2LjYxMiAxMDYuMTA2IDEwNi4yMDFDMTA2LjY1IDEwNS42NTcgMTA3LjczOCAxMDUuODggMTA3LjczOCAxMDYuNTM2QzEwNy43MzggMTA2Ljk3IDEwNy4wNzIgMTA3Ljc0NyAxMDYuNyAxMDcuNzQ3QzEwNi41NzUgMTA3Ljc0NyAxMDYuMjc3IDEwNy41MTIgMTA2LjAzOCAxMDcuMjI0WiIgZmlsbD0iIzk4QzZEOCIvPgo8cGF0aCBkPSJNMTE3Ljk1NSAxMzYuNTQxQzExNC41NzggMTM2LjExMSAxMTAuMDg3IDEzNC44ODEgMTA5LjQxIDEzNC4yNzRDMTA4LjEyMyAxMzMuMTE5IDEwOC45NDIgMTI3Ljg3OSAxMTAuNDY2IDEyNi41NEMxMTEuMzg3IDEyNS43MzEgMTE1LjAzOSAxMjQuNjYzIDExNy4xODIgMTI1LjE2OUMxMTkuNjQyIDEyNS43NDkgMTIzLjkzMiAxMjguNjQ4IDEyNC4yNSAxMjkuNTA4QzEyNC42MjUgMTMwLjUyMiAxMjQuMDQ4IDEzNC41NDEgMTIzLjMyMyAxMzUuNTM2QzEyMi42OTQgMTM2LjM5OSAxMjAuMzI1IDEzNi44NDMgMTE3Ljk1NSAxMzYuNTQxWk0xMjAuNTQgMTM0LjA4NEMxMjEuMjk3IDEzMy4zOTkgMTIxLjM0MiAxMzEuODQyIDEyMC42MjcgMTMxLjEyNkMxMTkuNDkgMTI5Ljk4OSAxMTcuMTEyIDEzMC44NjkgMTE3LjExMiAxMzIuNDI4QzExNy4xMTIgMTM0LjMwNCAxMTkuMTg5IDEzNS4zMDcgMTIwLjU0IDEzNC4wODRaTTExOC41ODIgMTMzLjEyNUMxMTguMzExIDEzMi40MTkgMTE4LjY4IDEzMS42MDggMTE5LjI3MiAxMzEuNjA4QzEyMCAxMzEuNjA4IDEyMC4yMjggMTMyLjE3MyAxMTkuODEyIDEzMi45NDlDMTE5LjM4MSAxMzMuNzU1IDExOC44NTMgMTMzLjgzIDExOC41ODIgMTMzLjEyNVpNMTE2LjQyMiAxMzMuMTQzQzExNy4wOTQgMTMyLjMzMyAxMTYuNzExIDEzMS4xNzYgMTE1LjY4MSAxMzAuOTAyQzExNC41ODEgMTMwLjYxIDExNC4wNTIgMTMxLjE4MyAxMTQuODY5IDEzMS43OEMxMTUuNjgzIDEzMi4zNzUgMTE1LjU1MSAxMzIuNjc5IDExNC41MzMgMTMyLjU1N0MxMTMuMzI3IDEzMi40MTMgMTEyLjgzMyAxMzEuNTY2IDExMy4yNTQgMTMwLjM2MkMxMTMuNjgxIDEyOS4xNDIgMTE1LjE5NyAxMjguODYzIDExNS43NTMgMTI5LjkwMkMxMTYuMTkzIDEzMC43MjUgMTE2LjYyNyAxMzAuNzkzIDExNi45IDEzMC4wODNDMTE3LjIyOSAxMjkuMjI0IDExNS45MTQgMTI4LjIzNyAxMTQuNDQgMTI4LjIzN0MxMTEuOTkzIDEyOC4yMzcgMTEwLjgxNiAxMzEuMDc0IDExMi41NDYgMTMyLjgwM0MxMTMuNSAxMzMuNzU4IDExNS43NDkgMTMzLjk1NSAxMTYuNDIyIDEzMy4xNDNaIiBmaWxsPSIjN0JBOUI5Ii8+CjxwYXRoIGQ9Ik0xMjAuMTE4IDEzOC41OTJDMTE4Ljc1MSAxMzcuMjk3IDEyMS45MTYgMTM2LjA5NiAxMjMuNjA2IDEzOC4yODNDMTI0LjQ2OSAxMzkuMzIyIDEyMi44NTMgMTM5Ljk3NiAxMjAuMTE4IDEzOC41OTJaTTEwNi4xMiAxMzUuNjU4QzEwNC43NTEgMTM0LjI4OSAxMDYuOTYzIDEzMy45MDQgMTA4LjU4MSAxMzUuMjNMMTA5Ljk0MSAxMzUuOTJMMTA4LjA1OSAxMzYuMDYxQzEwNy4yMTUgMTM2LjA2MiAxMDYuMzQzIDEzNS44ODEgMTA2LjEyIDEzNS42NThWMTM1LjY1OFpNMTI1LjM2MyAxMjcuODY2QzEyNS4wODIgMTI3LjQxIDEyOC4zMzMgMTI2LjI2NyAxMjguNjg4IDEyNi40ODZDMTI4Ljg0NiAxMjYuNTg0IDEyOC45NzUgMTI3LjMzNyAxMjguOTc1IDEyOC4xNjFDMTI4Ljk3NSAxMjkuMjM5IDEyOC44NCAxMjkuNjU4IDEyOC40OSAxMjkuNjU4QzEyOC4yMjIgMTI5LjY1OCAxMjUuNDc2IDEyOC4wNDcgMTI1LjM2MyAxMjcuODY2Wk0xMTguNjQxIDEyMS4wOTVDMTE0Ljg3MSAxMjAuNzUzIDExNS4zNzggMTE5LjMyNyAxMTYuMzYxIDExOC40OTlDMTE2LjkyOCAxMTguMDIxIDExNy4zNCAxMTcuNzc5IDExNy45MTMgMTE3LjY2N0MxMTcuOTEzIDExNy42NjcgMTE3Ljg3MiAxMTkuMDQ2IDExOC42NjYgMTE5LjMxOUMxMTkuMjk3IDExOS41MzYgMTIwLjI3OCAxMTkuMDY0IDEyMC40NzEgMTE4LjY3NUMxMjIuMTg4IDExNS4yMDEgMTIxLjQxNSAxMTguNjk5IDEyMS43OTQgMTE5LjUzMkMxMjMuMjM4IDEyNC4wMDcgMTIwLjE4OCAxMjEuNzMgMTE4LjY0MSAxMjEuMDk1Wk0xMDQuOTEyIDEyMS4yM0MxMDQuMjQyIDEyMC40ODcgMTAzLjY5MyAxMTkuNzI5IDEwMy42OTMgMTE5LjU0NEMxMDMuNjkzIDExOS4xMTYgMTA0Ljc0NiAxMTkuMTEyIDEwNS44NjMgMTE5LjUzN0MxMDYuNTkzIDExOS44MTQgMTEwLjM0NyAxMjAuMDA2IDExMC4zNDcgMTIxLjE1M0MxMTAuMzQ3IDEyMS44OTkgMTA4Ljg5IDEyMy43NjIgMTA4LjcyNiAxMjMuNzYyQzEwOC41NjMgMTIzLjc2MiAxMDUuNTgzIDEyMS45NzIgMTA0LjkxMiAxMjEuMjNaIiBmaWxsPSIjQTZCM0MyIi8+CjxwYXRoIGQ9Ik0xMTguNDYzIDEyMS4wMDhDMTE4LjQ0MiAxMjEuMTQgMTE4LjQxNiAxMjEuMjk5IDExOC4zOTcgMTIxLjQxOUMxMTguMzcgMTIxLjU5MiAxMTguMzQ1IDEyMS43NTUgMTE4LjMyMyAxMjEuOTAzQzExOC4zIDEyMi4wNTEgMTE4LjI4MSAxMjIuMTg1IDExOC4yNjMgMTIyLjMwOEMxMTguMjQ1IDEyMi40MzEgMTE4LjIyOSAxMjIuNTQyIDExOC4yMTYgMTIyLjYzOUMxMTguMjAzIDEyMi43MzYgMTE4LjE5MSAxMjIuODIgMTE4LjE4MyAxMjIuODlDMTE4LjE3NSAxMjIuOTYxIDExOC4xNjggMTIzLjAxOCAxMTguMTY1IDEyMy4wNjFDMTE4LjE2MyAxMjMuMDgzIDExOC4xNjQgMTIzLjEgMTE4LjE2MyAxMjMuMTE1QzExOC4xNjIgMTIzLjEyOSAxMTguMTYyIDEyMy4xNCAxMTguMTYzIDEyMy4xNDhDMTE4LjE2MyAxMjMuMTUyIDExOC4xNjQgMTIzLjE1NiAxMTguMTY1IDEyMy4xNThMMTE4LjE2NyAxMjMuMTZDMTE4LjE2OCAxMjMuMTYgMTE4LjE3IDEyMy4xNTkgMTE4LjE3MSAxMjMuMTU4QzExOC4xNzIgMTIzLjE1NyAxMTguMTczIDEyMy4xNTUgMTE4LjE3NSAxMjMuMTUyQzExOC4xNzggMTIzLjE0NSAxMTguMTgyIDEyMy4xMzUgMTE4LjE4NyAxMjMuMTIxQzExOC4xOTIgMTIzLjEwNyAxMTguMTk2IDEyMy4wODkgMTE4LjIwMiAxMjMuMDY3QzExOC4yMTMgMTIzLjAyNSAxMTguMjI4IDEyMi45NjkgMTE4LjI0NSAxMjIuODk3QzExOC4yNjIgMTIyLjgyNSAxMTguMjgyIDEyMi43MzggMTE4LjMwNSAxMjIuNjM1QzExOC4zMjcgMTIyLjUzMyAxMTguMzUxIDEyMi40MTUgMTE4LjM3OSAxMjIuMjgxQzExOC40MDYgMTIyLjE0OCAxMTguNDM4IDEyMS45OTggMTE4LjQ3MSAxMjEuODMzQzExOC41MTYgMTIxLjYxMyAxMTguNTczIDEyMS4zMjEgMTE4LjYyOCAxMjEuMDQzTDExOC40NjMgMTIxLjAwOFoiIGZpbGw9IiM0QzlDQkIiLz4KPHBhdGggZD0iTTMwLjk5ODYgMTQyLjY3M0MyNi40NDg5IDE0MC45MTYgMjEuNDY2NCAxMzYuODA1IDE4Ljc5MjEgMTMyLjYwM0MxNS40MDUzIDEyNy4yODEgMTQuNDA1MiAxMjMuNDE5IDE1LjA2MzYgMTE4LjIwM0MxNS42ODA2IDExMy4zMTUgMTcuMzU1OCAxMTAuNTU3IDIyLjIyMzIgMTA2LjQxM0MyOS4wNDE3IDEwMC42MDggMzQuNDg0NiA5Ny45Nzk5IDQwLjU5NDcgOTcuNTQxNUM0OS44MjEyIDk2Ljg3OTQgNTUuMDk3OCA5OS44MTA5IDU3LjY0NjUgMTA3LjAxNUM1OC41MDQzIDEwOS40MzkgNTguNjg1NiAxMTUuNTcgNTguMDU0NCAxMjAuODA5QzU3LjgzMTEgMTIyLjY2MyA1Ny40Nzg5IDEyNi4wNTUgNTcuMjcxOCAxMjguMzQ4QzU2LjU0NjcgMTM2LjM3NSA1NC40MTQ3IDE0MC40MTcgNDkuNjI1MyAxNDIuODQzQzQ4LjI5NzkgMTQzLjUxNiA0Ny43MTk5IDE0My41NjEgNDAuNjkyNCAxNDMuNTM5QzMzLjUxNTEgMTQzLjUxNiAzMy4wODEgMTQzLjQ3OCAzMC45OTg2IDE0Mi42NzNaTTAuMDc5NTc2NSAxMDQuOTY1QzAuMDgxNTcyMyAxMDMuODUzIDAuMTQ0NDAzIDEwMy40MzggMC4yMTk0MjcgMTA0LjA0NEMwLjI5NDQ1MSAxMDQuNjUgMC4yOTI4OTkgMTA1LjU2IDAuMjE1OTk2IDEwNi4wNjdDMC4xMzkwNzkgMTA2LjU3MyAwLjA3NzY4MzggMTA2LjA3OCAwLjA3OTU3NjUgMTA0Ljk2NVpNMC4wMDE3MzM1MSAxMDIuMjRDMC4wMTc4OTkyIDEwMS44NDggMC4wOTc3ODk3IDEwMS43NjggMC4yMDUzOTggMTAyLjAzN0MwLjMwMjc3MiAxMDIuMjggMC4yOTA3OTcgMTAyLjU3MSAwLjE3ODc4NyAxMDIuNjgzQzAuMDY2Nzc0OCAxMDIuNzk1IC0wLjAxMjkwMjEgMTAyLjU5NiAwLjAwMTczMzUxIDEwMi4yNFpNMC4wMjgzNDQ0IDc1LjEzMjZDMC4wMjgzNDQ0IDc0LjY2OTEgMC4xMDQ4NTcgNzQuNDc5NSAwLjE5ODM2OSA3NC43MTEyQzAuMjkxODg0IDc0Ljk0MyAwLjI5MTg4NCA3NS4zMjIyIDAuMTk4MzY5IDc1LjU1MzlDMC4xMDQ4NTcgNzUuNzg1NyAwLjAyODM0NDQgNzUuNTk2MSAwLjAyODM0NDQgNzUuMTMyNloiIGZpbGw9InVybCgjcGFpbnQyX3JhZGlhbF82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTM1LjMxMzMgMTEyLjU0NEwzNy45IDExMS4wOTFMMzkuMzUxNyAxMjEuNDZMMzkuMjQ4IDEyOC45MjZMMzUuMzcwMyAxMzAuODUxTDMyLjkyMjkgMTI2LjQzN0wzNS4zMTMzIDExMi41NDRaIiBmaWxsPSIjMzA2MEFEIi8+CjxwYXRoIGQ9Ik0zOC43Mjk1IDExNi42OUwzOS4zNTE2IDEyNC41NzFMNDMuMjkxOSAxMjUuOTE5TDQzLjM5NTYgMTA5LjIyNUw0MC4xODEyIDExMC4wNTRMMzguNzI5NSAxMTYuNjlaIiBmaWxsPSIjNjA2MzY4Ii8+CjxwYXRoIGQ9Ik0zNS4zNjk5IDEzMC44NTFDMzMuMDMyNCAxMjkuNzMgMjkuNzMwMSAxMjYuNDA4IDI4LjY2MjEgMTI0LjEwM0MyOC4wMzMyIDEyMi43NDUgMjcuNjM5NyAxMjIuMzEgMjYuODkyMyAxMjIuMTQ2QzI1Ljc4NzkgMTIxLjkwMyAyNS44MDg0IDEyMS45NzEgMjYuMzIxOCAxMjAuMjU4QzI2LjU5MzYgMTE5LjM1IDI2LjkwMzIgMTE4Ljk1NCAyNy4zNDA2IDExOC45NTRDMjcuNjg2MiAxMTguOTU0IDI5LjE1OTcgMTE3Ljg0MSAzMC42MTQ5IDExNi40OEMzMi4wNzAyIDExNS4xMTkgMzMuNzIyNiAxMTMuNjc3IDM0LjI4NjkgMTEzLjI3NUwzNS4zMTI5IDExMi41NDRMMzUuNjc2NyAxMTQuMjQxQzM3LjA0NDMgMTIwLjYxOCAzNy4wMjcgMTI0LjI2NiAzNS42MTk4IDEyNi4yNDNDMzQuNTUyMSAxMjcuNzQ0IDM0Ljg0MTcgMTI4LjM5MyAzNi41NzkxIDEyOC4zOTNDMzcuMzk3IDEyOC4zOTMgMzcuODIyMiAxMjguMTg1IDM4LjEzMDUgMTI3LjYzNEMzOC42NzQ4IDEyNi42NjMgMzguNjMxNSAxMjAuOTY4IDM4LjA0NTQgMTE2LjQyNkMzNy4zNDQ2IDExMC45OTUgMzcuMzEyNyAxMTEuMTY3IDM5LjE1NzggMTEwLjM5OEM0MC4wMzYgMTEwLjAzMSA0MC44MTggMTA5Ljc5NyA0MC44OTU1IDEwOS44NzdDNDAuOTczMSAxMDkuOTU2IDQwLjgxOTEgMTExLjIzNSA0MC41NTM0IDExMi43MThDMzkuNjA2NyAxMTguMDAzIDM5LjkzMTUgMTIzLjIzOCA0MS4yNzUyIDEyNC4zNTNDNDEuNjg1MSAxMjQuNjkzIDQxLjcyMzMgMTIzLjk2OSA0MS41NDUyIDExOS4yMzJDNDEuMzE1NiAxMTMuMTIzIDQxLjUxNzQgMTEwLjkxOSA0Mi40MDc1IDEwOS44MkM0Mi45MTk4IDEwOS4xODggNDMuMjEzIDEwOS4xMTYgNDQuNDk1OSAxMDkuMzFDNDYuOTU2NiAxMDkuNjgyIDQ2Ljk1MDYgMTA5LjY2OCA0Ni4yMDk5IDExMy4yNTRDNDUuODQ5NiAxMTQuOTk5IDQ1LjQ0ODMgMTE3LjIyNCA0NS4zMTggMTE4LjJMNDUuMDgxMiAxMTkuOTczTDQ1Ljk0NDYgMTE5LjY0NUM0Ni40MTk1IDExOS40NjUgNDcuNDQxMyAxMTguOTk0IDQ4LjIxNTMgMTE4LjU5OUw0OS42MjI2IDExNy44ODFMNDkuMzg5MyAxMTguNjdDNDkuMjYxIDExOS4xMDUgNDkuMDY3MiAxMjAuNzAxIDQ4Ljk1ODcgMTIyLjIxOEw0OC43NjE0IDEyNC45NzZMNDcuMTA5NSAxMjQuMzI1QzQ2LjIwMSAxMjMuOTY3IDQ1LjMxMTYgMTIzLjY3NCA0NS4xMzMxIDEyMy42NzRDNDQuOTQxIDEyMy42NzQgNDQuODA4NSAxMjUuNTMyIDQ0LjgwODUgMTI4LjIyNEM0NC44MDg1IDEzMS44OTEgNDQuNzE3MSAxMzIuNzc1IDQ0LjMzODYgMTMyLjc3NUM0MS4wMTk4IDEzMi4yOTUgMzguNzg0MiAxMzIuNDU4IDM1LjM2OTkgMTMwLjg1MVoiIGZpbGw9IiNFRUMyM0IiLz4KPHBhdGggZD0iTTQxLjE2MzkgMTMyLjQxOEM0MS4xNjM5IDEzMi4yODMgNDEuMzQwOCAxMzAuNTE1IDQxLjY2OTIgMTI4LjE0NUM0MS45OTc3IDEyNS43NzUgNDIuMzU3NyAxMjIuOTYxIDQyLjQ2OTIgMTIxLjg5M0M0Mi41ODA4IDEyMC44MjQgNDIuNzk2OSAxMjAuMDI3IDQyLjk0OTUgMTIwLjEyMUM0My42NDQzIDEyMC41NTEgNDQuMjkzOCAxMjkuMzc1IDQ0LjA0NzQgMTMxLjQyQzQzLjg5MDkgMTMyLjcxOSA0My42NTk1IDEzMi43MzcgNDMuMzAxOSAxMzIuNjc3QzQyLjY2MDIgMTMyLjU3IDQxLjkxMDEgMTMyLjUxMyA0MS4xNjM5IDEzMi40MThaTTMyLjU5NjkgMTIyLjczNUMzMS42ODEzIDEyMi41ODMgMzAuODI0MiAxMjEuNDQyIDMwLjgyNDIgMTIwLjM3NEMzMC44MjQyIDExOS40MDcgMzIuMjM4MSAxMTcuOTM3IDMzLjE2ODUgMTE3LjkzN0MzNC42NjY2IDExNy45MzcgMzUuODM5MiAxMjAuNTEzIDM0Ljk0ODQgMTIxLjg0N0MzNC41NTE3IDEyMi40NDEgMzMuNDE0NyAxMjIuODcgMzIuNTk2OSAxMjIuNzM1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExNC4wMjEgMTM3LjQ5OEMxMDcuMzE4IDEzNS43NCAxMDYuMjczIDEzNC4xMDQgMTA2LjYwOSAxMjUuODkxQzEwNi43MTYgMTIzLjI4MSAxMDYuODg1IDEyMC41MzkgMTA2Ljk4NiAxMTkuNzk3QzEwNy41NDUgMTE1LjY2NCAxMDguMzQyIDExMi4xNzMgMTA5LjA4NiAxMTAuNTk5QzEwOS43NDQgMTA5LjIwNiAxMDkuODQyIDEwOC43MTIgMTA5LjUzNSAxMDguMzQyQzEwOC40NSAxMDcuMDM1IDExMC4zNzEgMTA0Ljk5NSAxMTEuOTEgMTA1LjgxOUMxMTIuNDU3IDEwNi4xMTEgMTEyLjkxOCAxMDYuMDc3IDExMy45NDUgMTA1LjY2NUMxMTcuMDYyIDEwNC40MTkgMTIzLjExNyAxMDUuNTcxIDEyNi44MTQgMTA4LjExNUMxMjguMTQ5IDEwOS4wMzMgMTI4LjQ4NSAxMDkuMTM2IDEyOS4wMzggMTA4Ljc5MUMxMzAuNTIzIDEwNy44NjMgMTMyLjQ1MSAxMTAuNTczIDEzMS4yNSAxMTEuOUMxMzAuNzg3IDExMi40MTIgMTMwLjc1NSAxMTIuNzA1IDEzMS4wNjUgMTEzLjU5NkMxMzEuODUgMTE1Ljg0NiAxMzEuNzk0IDExNi4xMDQgMTI4LjAwNiAxMjcuNzE5QzEyNS41OCAxMzUuMTYgMTI0LjU0MyAxMzcuMzY1IDEyMy4yNjQgMTM3LjgxMUMxMjEuNjUzIDEzOC4zNzMgMTE2LjcyMyAxMzguMjA2IDExNC4wMjEgMTM3LjQ5OFpNMTIyLjU0MSAxMzUuMjI5QzEyMy4wMDMgMTM0LjU0MSAxMjMuMzU5IDEzMy4zMTMgMTIzLjUxMyAxMzEuODc4QzEyMy43OTQgMTI5LjI1IDEyMy44MTkgMTI5LjI4MyAxMjAuMzE3IDEyNy42MDFDMTE3LjY4NSAxMjYuMzM4IDExMy44MzMgMTI1Ljk3MiAxMTEuODU1IDEyNi43OThDMTEwLjgyOSAxMjcuMjI3IDExMC41OTUgMTI3LjU1NiAxMTAuMDU5IDEyOS4zMjdDMTA5LjExNiAxMzIuNDQzIDEwOS43MDMgMTM0LjMwOCAxMTEuODMyIDEzNC45NThDMTEzLjEzOSAxMzUuMzU3IDEyMC4wOSAxMzYuNDMgMTIwLjk4IDEzNi4zN0MxMjEuNTA0IDEzNi4zMzUgMTIyLjA4MiAxMzUuOTEyIDEyMi41NDEgMTM1LjIyOVpNMTE5LjQ1MSAxMjIuNDJDMTE5LjYzIDEyMi4wODEgMTE5LjY4NSAxMjEuNTU2IDExOS42ODUgMTIxLjU1NkMxMjAuMTU2IDEyMS42NTQgMTIwLjQ4IDEyMS42ODMgMTIwLjcyNiAxMjEuNzE5QzEyMS4xMDUgMTIxLjc3NCAxMjEuNTY0IDEyMS41ODcgMTIxLjc0NSAxMjEuMzAzQzEyMi4xNDkgMTIwLjY3MSAxMjAuNDc0IDExNy43MDEgMTE5LjU0OCAxMTcuNDA4QzExOC42NjggMTE3LjEyOCAxMTUuOTM1IDExOC44MjcgMTE1LjkzNSAxMTkuNjUzQzExNS45MzUgMTIwLjAyMiAxMTYuNTUzIDEyMC40MTEgMTE2LjgzMSAxMjAuNTE4QzExNi45ODIgMTIwLjU3NiAxMTcuMjUyIDEyMC43MzggMTE3LjU3NiAxMjAuOTM4QzExNy4zOCAxMjEuMzUxIDExNy4zNDYgMTIxLjQ3OCAxMTcuMzEyIDEyMS43MjRDMTE3LjIwNCAxMjIuNDk4IDExNy40MzUgMTIyLjY4NiAxMTguNDE2IDEyMi45MTJDMTE5LjE1MSAxMjIuOTkxIDExOS4yNSAxMjIuODQ1IDExOS40NTEgMTIyLjQyWk0xMjcuMjY1IDExNi44MzZDMTMwLjkzMyAxMTMuNDc1IDEyNy4wNzQgMTA3LjQxIDEyMi43MDUgMTA5LjY3QzEyMS42MjYgMTEwLjIyOCAxMjAuNjU0IDExMi4wMTkgMTIwLjY1NCAxMTMuNDQ5QzEyMC42NTQgMTE1LjY2NCAxMjIuODMxIDExNy45MzcgMTI0Ljk1NyAxMTcuOTQxQzEyNS43MzMgMTE3Ljk0MyAxMjYuNDE0IDExNy42MTcgMTI3LjI2NSAxMTYuODM2Wk0xMTcuMTQxIDExNS42MjJDMTE5LjAzNSAxMTQuNDY4IDExOS44MDQgMTExLjc5NSAxMTguODAyIDEwOS44NTdDMTE4LjA4MiAxMDguNDY0IDExNy4wMDggMTA3LjgzIDExNS4zNjYgMTA3LjgzQzExMS41MDggMTA3LjgzIDEwOS40ODUgMTEzLjIzNCAxMTIuNDY1IDExNS41NzhDMTEzLjU3IDExNi40NDggMTE1Ljc1NCAxMTYuNDY4IDExNy4xNDEgMTE1LjYyMloiIGZpbGw9IiMwOTk2RDEiLz4KPHBhdGggb3BhY2l0eT0iMC45IiBkPSJNMzMuMTc1NyAyNkwzMi4zODEgMjcuMjE5QzMxLjk0NDkgMjcuODg5IDMxLjI4MzYgMjkuMzI0OCAzMC45MDkxIDMwLjQwODhDMzAuNTM0NyAzMS40OTI4IDI5Ljk5MjIgMzIuOTcwMSAyOS43MDQzIDMzLjY5MjhDMjkuNDE2MyAzNC40MTU0IDI5LjE3MzMgMzYuMTE1IDI5LjE2MzggMzcuNDdDMjkuMTQzNiA0MC4zNTMgMjguNzQ5NCA0MS44ODg4IDI3LjYzNjQgNDMuNDIyNUMyNi45MjEyIDQ0LjQwOCAyNi42NzUxIDQ0LjUyMjMgMjUuNDUzMiA0NC40NDFDMjMuODk5NSA0NC4zMzc3IDIyLjgxNTMgNDUuMDgxNSAyMS4yMTcgNDcuMzQ4MUMyMC43MTY1IDQ4LjA1OCAyMC4xMzY3IDQ4LjYzOTMgMTkuOTI4OSA0OC42MzkzQzE5LjcyMTEgNDguNjM5MyAxOS4xODA1IDQ4LjIzMTkgMTguNzI2MiA0Ny43MzUxQzE4LjI3MTkgNDcuMjM4MiAxNy45OTQ0IDQ3LjAxMTUgMTguMTExIDQ3LjIyOThDMTguNDkgNDcuOTM5NiAxNy41OTA0IDUzLjI2MTUgMTYuODM3OCA1NC43NjQyQzE1Ljk2NyA1Ni41MDI4IDE0LjM4NzIgNTcuNzIzMyAxMi41MzU0IDU4LjA4NDNDMTEuMDA1OSA1OC4zODI2IDExLjIyODMgNTguMDkgOC43MTc5NSA2My4wOTQ2QzYuNjYzMzQgNjcuMTkwNyA1Ljk2OTM1IDY3LjgyNjQgMi42NTUzMyA2OC42NTQyQzEuNDk3MTcgNjguOTQzNCAwLjQ1ODc1OSA2OS43MTQyIDAgNzAuNTI4N1Y3Mi44MjYzQzAuMzU2MTkzIDcyLjc0NzMgMC44Mjg3MjggNzIuNjIwMyAxLjYxNDk5IDcyLjM4NzNDMi45OTQ4NiA3MS45NzgyIDQuODIzNDggNzEuNDgwNiA1LjY3ODEgNzEuMjgwNkM3LjcyOTM0IDcwLjgwMDYgOS4zOTM1MSA2OS4yMTk1IDkuOTIyNzkgNjcuMjQ2N0MxMC4yNDI0IDY2LjA1NTQgMTAuNzAzMyA2NS40MjQxIDExLjk5OTIgNjQuNDA1OEMxMy4yODQgNjMuMzk2MiAxMy43NTY1IDYyLjc1NDYgMTQuMDY3MSA2MS41OTY5QzE0LjM3MzkgNjAuNDUzMiAxNC43MDExIDYwLjAwNCAxNS40NDA3IDU5LjcwNjNDMTcuMDE1MyA1OS4wNzI0IDIwLjY0NDQgNTUuODY1NSAyMS4yMzYzIDU0LjU4NThDMjEuNTM3MyA1My45MzQ5IDIyLjExOTggNTIuNTM5OSAyMi41Mjg3IDUxLjQ4NjJDMjMuMjYzNCA0OS41OTMyIDI1LjAxOTUgNDcuMzI2MSAyNS43NTAxIDQ3LjMyNjFDMjUuOTU3NCA0Ny4zMjYxIDI3LjEwOSA0Ni43MjQ4IDI4LjMwOTMgNDUuOTkwOEMzMS4yMzc2IDQ0LjIwMDMgMzEuNTk5MSA0My40MTM2IDMxLjU5OTEgMzguODYxNEMzMS41OTkxIDM1LjY4MTQgMzEuNjg3IDM1LjE1NTcgMzIuMzQ2OCAzNC4zNjg0QzMzLjAwMzcgMzMuNTg0NyAzMy4wOTk3IDMzLjAyNDkgMzMuMTM1MSAyOS43MzkxTDMzLjE3NTcgMjZaTTI0LjMzMzggNjMuNTk1OEMyNC4yMDM3IDYzLjYxMzUgMjQuMDczOCA2My42NjE4IDIzLjkyNTggNjMuNzM2MkMyMi45Mzk3IDY0LjIzMTUgMjIuNjEzNiA2NC45MTAyIDIxLjU5NzMgNjguNTg2QzIxLjAxNzkgNzAuNjgxNSAyMC40MjEyIDcyLjA4MTkgMTkuODc5OCA3Mi42MTc4QzE5LjQyMzUgNzMuMDY5NSAxOC45MzgzIDczLjg4MjMgMTguODAxIDc0LjQyNDJDMTguMTgxIDc2Ljg3MTUgMTYuNzQ1NCA3OC42MDczIDE0LjQ0OTUgNzkuNjg3MUMxMi40NTU1IDgwLjYyNDkgMTAuNjQwNyA4Mi4xMTc5IDkuMTExMDIgODQuMDc5OEM4LjMyMTA5IDg1LjA5MjkgNy40ODc1MiA4Ni4wMjkgNy4yNTY3OCA4Ni4xNjA5QzYuNzYxNjQgODYuNDQ0IDUuNzA4OTkgODguODk0MSA0LjYwNzg1IDkyLjMyOEMzLjcxMDkyIDk1LjEyNSAxLjcxMDY1IDk3LjQ2ODIgMC40Nzg1MTQgOTcuMTY1OEMwLjI1NDkzMSA5Ny4xMTA5IDAuMTA2OTExIDk3LjExMzcgMCA5Ny4yOTAxVjEwNC40OTJDMC41NTY0MTEgMTAzLjY2NCAxLjIzNDIgMTAyLjYyOSAyLjU2MzQ3IDEwMC41NEM0LjM0NTExIDk3LjczOTcgNi40NjM4NSA5NC40ODY3IDcuMjcxNzMgOTMuMzEyNEM4LjA3OTYgOTIuMTM4MSA5LjM1Njg3IDkwLjE0ODggMTAuMTA4NiA4OC44OTE2QzExLjIzNDIgODcuMDA5MiAxMi4xMDE2IDg2LjEyNDMgMTUuMDI4NCA4My44ODMzTDE4LjU4MzEgODEuMTYyN0wyMC40MDUzIDc1Ljk4ODFDMjMuMTg5NSA2OC4wODE3IDIzLjk1ODUgNjcuMTk5NyAyNy43NjI0IDY3LjU1MTVDMjkuNDYwNSA2Ny43MDg1IDMwLjYzMzQgNjcuNjE5NiAzMi4wNzM0IDY3LjIyNjdDMzQuMTgyNiA2Ni42NTEyIDM0LjQ3OTkgNjYuMTg3MiAzMy4zNTUxIDY1LjIzMThDMzIuNjU1NCA2NC42Mzc2IDMxLjMxNTMgNjQuNjQgMjguMjM4OCA2NS4yNDE4QzI3LjMzOTcgNjUuNDE3NyAyNi45MzQzIDY1LjI3NTcgMjUuODkzMiA2NC40MTc4QzI1LjEwNTEgNjMuNzY4NCAyNC43MjQxIDYzLjU0MjYgMjQuMzMzOCA2My41OTU4Wk0zMS43MTY2IDgzLjI1OThDMzEuNjYwNSA4My4yNzQ5IDMxLjU5MjEgODMuMzEyNiAzMS41MTE1IDgzLjM3MjFDMzEuMjcwOSA4My41NSAzMC42NTM2IDgzLjc5IDMwLjEzNzkgODMuOTA1NEMyOS4zODc2IDg0LjA3MzQgMjkuMDQ5OCA4NC40OTMyIDI4LjQ0ODIgODYuMDA0NUMyOC4wMzQ3IDg3LjA0MzIgMjcuNDkxNSA4OC4xMTUzIDI3LjI0MTIgODguMzg2M0MyNi45OTA5IDg4LjY1NzMgMjYuNDc1IDg5LjU1MSAyNi4wOTQxIDkwLjM3MzJDMjQuOTQyMiA5Mi44NTkyIDIzLjUyODIgOTQuMDYxOCAxOS45MDExIDk1LjY0MjFDMTYuNjEwNyA5Ny4wNzU2IDE2LjU2NyA5Ny4xMDg2IDE1LjY2NzEgOTguOTgwMkMxNS4xMDI3IDEwMC4xNTQgMTQuNjc5MiAxMDEuNzU3IDE0LjU0OTkgMTAzLjIwNUMxNC4yNzMxIDEwNi4zMDIgMTMuNTk2MiAxMDcuMDMxIDkuNTIxMTggMTA4LjYxNkM1LjkxNDk3IDExMC4wMTkgMy41NzcwMiAxMTEuNzQ1IDMuNDE1ODMgMTEzLjEyM0MzLjI0MDQxIDExNC42MjMgMi41OTgxMyAxMTUuMDg0IDAuOTI5MjYgMTE0LjkwN0MwLjUzOTUyOSAxMTQuODY2IDAuMjQ0MzMyIDExNC44NTEgMCAxMTQuODgxVjEyMUMxLjAyNjU4IDExOS42NTggMi43MTkyMiAxMTguMzYxIDYuMjI0OTcgMTE2LjIwNkMxMC4zNjA0IDExMy42NjUgMTIuNzA2NSAxMTEuNTc1IDEzLjU3NzkgMTA5LjY1NEMxMy45MjYgMTA4Ljg4NyAxNC42NTQ3IDEwNy4zOTMgMTUuMTk3MSAxMDYuMzM0QzE1LjczOTUgMTA1LjI3NSAxNi4yODQ1IDEwMy45MDEgMTYuNDA4NCAxMDMuMjgxQzE2LjczMjQgMTAxLjY2IDE4LjMwMzIgMTAwLjM0OSAyMC42NjU5IDk5LjcyNkMyNS4xNzcgOTguNTM3MiAyNS43NDYxIDk4LjAxNjMgMjYuMzUyNSA5NC41MzU0QzI2Ljg1NjEgOTEuNjQ1MiAyOC42MTIgODguMDY2MSAzMC41MjY3IDg2LjAyNDZDMzEuMzA5NSA4NS4xOSAzMS45NDk1IDg0LjE4IDMxLjk0OTUgODMuNzc5MUMzMS45NDk1IDgzLjM3NjYgMzEuODg0OSA4My4yMTQ2IDMxLjcxNjYgODMuMjU5OFoiIGZpbGw9IiMzNTkxMzYiLz4KPHBhdGggZD0iTTguMDgxNzcgNzQuNDA4M0M2LjAzNDE5IDczLjg3MDUgNS44OTQ0MyA3My43MzAyIDYuMDQyNzEgNzIuMzYxNUM2LjEzMDI1IDcxLjU1MzMgNi4yNDAxNyA3MC44NTc1IDYuMjg2OTYgNzAuODE1NEM2LjMzMzc2IDcwLjc3MzMgNy43MDQ0MyA3MS4wNjg3IDkuMzMyOTIgNzEuNDcxOUMxMS45NzY4IDcyLjEyNjQgMTIuNDg2NiA3Mi4xMjM4IDE0LjA5NDcgNzEuNDQ3NEMxNi40MDQxIDcwLjQ3NiAxNy4yMzgzIDY4Ljc3NTMgMTYuNDAyMiA2Ni43NDMxQzE1Ljk0MjQgNjUuNjI1NyAxNC45MjA0IDY0LjgyODEgMTIuMjM4NCA2My40OTRDNy42NDE3IDYxLjIwNzUgNi41MzA2MiA1OS45OTkgNi4yNzQ2NSA1Ny4wMDc2QzUuODkzMzcgNTIuNTUxOSA4Ljg0Njg5IDQ5Ljk4MzYgMTQuMzUyMiA0OS45ODM2QzE1Ljk3MzMgNDkuOTgzNiAxNy44NDg3IDUwLjE5MzcgMTguNTE5NiA1MC40NTA1QzE5LjYzNjggNTAuODc4MSAxOS42OTM3IDUxLjAzOTkgMTkuMTk0NSA1Mi4zNzEyQzE4LjcxODIgNTMuNjQxNiAxOC41MDI3IDUzLjc2ODggMTcuNDg2MSA1My4zNzk2QzE1LjUxOTkgNTIuNjI3IDEyLjE5NDggNTIuODU1NCAxMS4wMDU4IDUzLjgyNDdDOS43OTA1OCA1NC44MTUzIDkuNTU3MzYgNTYuOTI1MiAxMC41MzI0IDU4LjEwNzlDMTAuODcyNyA1OC41MjA3IDEyLjkwODcgNTkuNzc5IDE1LjA1NjkgNjAuOTA0MUMxOC40NjI4IDYyLjY4ODEgMTkuMDgyIDYzLjIyMTQgMTkuODk1MSA2NS4wNzE5QzIxLjExNTIgNjcuODQ4NyAyMC42Nzg4IDcwLjM0MzcgMTguNjA3OCA3Mi40MzIzQzE2LjE2MDcgNzQuOTAwMiAxMi41NDEzIDc1LjU3OTYgOC4wODE3NyA3NC40MDgzWk0yOC45MzI4IDc0LjM4MjNDMjUuMjM2NSA3Mi45OTU4IDIzLjcxMzggNzAuNTQwNSAyMy43MTM4IDY1Ljk2NjdDMjMuNzEzOCA2Mi41MDM0IDI0LjU1ODggNjAuNDY5NyAyNi44MzMzIDU4LjQ1OTNDMjguMzk2NCA1Ny4wNzc2IDI4Ljk4NjcgNTYuODY4NiAzMS4zMjY4IDU2Ljg2ODZDMzIuODE2OCA1Ni44Njg2IDM0LjY4MjEgNTcuMjEyOSAzNS41MDA1IDU3LjYzODlDMzcuMzE2OSA1OC41ODQ2IDM4LjgzMTkgNjEuNzQyNiAzOC44NDY2IDY0LjYxNDNMMzguODU3MyA2Ni43MDQ0SDMyLjk0MjNIMjcuMDI3M0wyNy4zNDIgNjguMDU2OUMyNy41MTUgNjguODAwNyAyOC4zMzU0IDcwLjAzOTEgMjkuMTY1IDcwLjgwOUMzMC41NzczIDcyLjExOTYgMzAuODk0OSA3Mi4xOTc5IDM0LjE1NDcgNzIuMDM4NUMzNy4zOTM4IDcxLjg4MDEgMzcuNjQ2MyA3MS45NDA5IDM3Ljc4NCA3Mi45MTIyQzM3Ljk2MjYgNzQuMTcyNSAzNy4xODgyIDc0LjUyMzYgMzMuNTI0MiA3NC44NDM0QzMxLjgwODUgNzQuOTkzMiAzMC4xMDU2IDc0LjgyMjIgMjguOTMyOCA3NC4zODIzWk0zNS4wODgxIDYyLjUyNDJDMzQuOTU1OCA2MC42NzMgMzMuMzY0NCA1OS4zMjc2IDMxLjMwNzIgNTkuMzI3NkMyOS43MDg2IDU5LjMyNzYgMjguNzI4MSA2MC4wOTA5IDI3LjY2MiA2Mi4xNjU1QzI2Ljc0NTcgNjMuOTQ4NiAyNy40MTIgNjQuMjk2NSAzMS40NDg4IDY0LjE0MjVMMzUuMTkzNiA2My45OTk2TDM1LjA4ODEgNjIuNTI0MlpNNDQuMzkxNCA3NC4zNzA4QzQyLjU3MTEgNzMuNTQ2OCA0MS43MDU5IDcyLjEyODYgNDEuNjQyMSA2OS44NjQ3QzQxLjU0MTYgNjYuMjk0NCA0NC4xMTEgNjQuMTQ2OCA0OS4yNTc2IDYzLjQ5OTRDNTEuODQxNCA2My4xNzQ0IDUyLjA0OTUgNjMuMDU3NyA1MS43NTkzIDYyLjA5NjlDNTAuOTY1IDU5LjQ2NjYgNDguMjQyMyA1OC41NjQ0IDQ0LjkyNzYgNTkuODMzMUM0My40MzAzIDYwLjQwNjMgNDMuNDg2OCA2MC40MzEzIDQzLjA1MTQgNTkuMDAzMkM0Mi43ODAxIDU4LjExMzUgNDIuOTk4MiA1Ny44NTExIDQ0LjM5NSA1Ny4zODdDNDYuOTM2NCA1Ni41NDI3IDUxLjM3NDUgNTYuNjM0MiA1Mi43Nzc5IDU3LjU2QzU0LjkzOTIgNTguOTg1NyA1NS4zNzUxIDYwLjYwMTkgNTUuNTQ4NyA2Ny44MzI4TDU1LjcxMDYgNzQuNTc0NUw1NC4xMjMgNzQuNTc0QzUzLjAzNzcgNzQuNTczMyA1Mi41MzUzIDc0LjMzOTYgNTIuNTM1MyA3My44MzU0QzUyLjUzNTMgNzIuOTA2NiA1Mi4wNTI4IDcyLjkwMjQgNTAuNzUyIDczLjgxOTZDNDkuMjAxMyA3NC45MTMgNDYuMTY5NyA3NS4xNzU3IDQ0LjM5MTQgNzQuMzcwOFpNNTAuOTQ3NyA3MC44MTc1QzUxLjcwOTkgNjkuOTczNSA1Mi4wNDY4IDY4Ljk4NiA1Mi4wNDY4IDY3LjU5NjZWNjUuNTkyOUw0OS44MTgyIDY1Ljg0NThDNDUuNzE5IDY2LjMxMSA0My44NzQ5IDY5LjUxMTggNDYuNTA1OCA3MS41OTUzQzQ4LjAzNzEgNzIuODA3OSA0OS4zNTk0IDcyLjU3NjMgNTAuOTQ3NyA3MC44MTc1Wk05Mi4wMDIgNzQuNTc4OEM4OC40MDI0IDczLjQ4NjQgODYuMjQxOSA3MC4yNDY2IDg2LjI0MTkgNjUuOTQxQzg2LjI0MTkgNjAuNDA0MiA4OS41MjExIDU2LjgzMjUgOTQuNjQxIDU2Ljc5MjVDOTguNjk4OSA1Ni43NjA5IDEwMS4yNjMgNTkuNDY3OSAxMDEuNTAzIDY0LjAzNjZMMTAxLjYzIDY2LjQ1ODVMOTYuMjU2MiA2Ni41ODg1QzkzLjMwMDcgNjYuNjYgOTAuNjE1OCA2Ni44MTYgOTAuMjg5NyA2Ni45MzUxQzg5LjM4MTggNjcuMjY2OCA5MC40Nzg4IDY5Ljk0NyA5Mi4wMzA2IDcxLjE4ODZDOTMuMTU5OSA3Mi4wOTIxIDkzLjc3MSA3Mi4xOTEyIDk2LjgxNzggNzEuOTY1QzEwMC4xOTMgNzEuNzE0NCAxMDAuMzE4IDcxLjc0NDkgMTAwLjUzMSA3Mi44Njg0QzEwMC43MyA3My45MTMzIDEwMC41MDkgNzQuMDgzNSA5OC4zNTc5IDc0LjU0OEM5NS42MTAzIDc1LjE0MTIgOTMuODgyOSA3NS4xNDk2IDkyLjAwMiA3NC41Nzg4Wk05Ny45NjU5IDYzLjA4MjNDOTcuOTY1OSA2MS4xMjMxIDk2LjE4NTggNTkuMzI3NiA5NC4yNDM0IDU5LjMyNzZDOTIuMjQ5NCA1OS4zMjc2IDkwLjE0OTkgNjEuMjU2MiA5MC4xNDk5IDYzLjA4NzhDOTAuMTQ5OSA2NC4yMDcgOTAuMjc5NyA2NC4yNDU1IDk0LjA1NzkgNjQuMjQ1NUM5Ny44NDE0IDY0LjI0NTUgOTcuOTY1OSA2NC4yMDg0IDk3Ljk2NTkgNjMuMDgyM1pNMTEwLjA0MiA3NC40N0MxMDYuMTQ5IDczLjQzIDEwMy45MyA2OS40MDI5IDEwNC41NCA2NC40ODYyQzEwNS4xNjYgNTkuNDQ0MiAxMDcuOTUxIDU2Ljg3MzYgMTEyLjc5MiA1Ni44NzA1QzExNS4zNzQgNTYuODY5IDExNS44MDUgNTcuMDI0OSAxMTcuMjYgNTguNDlDMTE4Ljg3OCA2MC4xMTg1IDExOS45NDEgNjIuODM0MyAxMTkuOTQ2IDY1LjM1MkwxMTkuOTQ5IDY2LjcwNDRIMTE0LjA4N0MxMDguNDg4IDY2LjcwNDQgMTA4LjIyNSA2Ni43NTAxIDEwOC4yMjUgNjcuNzIwM0MxMDguMjI1IDcwLjcxMjIgMTEwLjk1MiA3Mi4zNDQyIDExNS4zNTcgNzEuOTg4MkMxMTguMTM2IDcxLjc2MzcgMTE4LjQyMyA3MS44MzE1IDExOC42NjcgNzIuNzY3NEMxMTguOTk4IDc0LjA0NDMgMTE4Ljk2OCA3NC4wNzIgMTE2LjY5IDc0LjYwNDNDMTE0LjM2NyA3NS4xNDcgMTEyLjQzIDc1LjEwNzggMTEwLjA0MiA3NC40N1pNMTE2LjExOSA2Mi43NzAxQzExNS44NjQgNjAuODc4NyAxMTQuMTU5IDU5LjMyNzYgMTEyLjMzNSA1OS4zMjc2QzExMC41NjYgNTkuMzI3NiAxMDguMjI0IDYxLjYwMTQgMTA4LjIyNCA2My4zMTk1QzEwOC4yMjQgNjQuMjEyOCAxMDguNTI3IDY0LjI3NDYgMTEyLjI1NSA2NC4xNDI0QzExNi4yNDEgNjQuMDAxMSAxMTYuMjgzIDYzLjk4NjIgMTE2LjExOSA2Mi43NzAxWk0xMjYuODk0IDc0LjI0N0MxMjQuODI2IDczLjIyMDggMTIzLjUzMiA3MS4zNTg5IDEyMi44OTQgNjguNDg4OUMxMjEuOTc1IDY0LjM2MDUgMTIzLjA3NCA2MC40OTE0IDEyNS44MyA1OC4xNTY3QzEyNy44MjcgNTYuNDY1NyAxMzEuODM4IDU2LjMzMDUgMTMzLjgwNSA1Ny44ODc5TDEzNS4wOTIgNTguOTA3MlY1My45NTM2VjQ5SDEzNy4wNDZIMTM5VjYxLjc4NjVWNzQuNTczMUgxMzcuMjlDMTM1Ljc2MiA3NC41NzMxIDEzNS41OCA3NC40MzMxIDEzNS41OCA3My4yNTc5VjcxLjk0MjdMMTM0LjQ4MSA3Mi45NzkyQzEzMi4yMzMgNzUuMDk5OCAxMjkuNTI1IDc1LjU1MjMgMTI2Ljg5NCA3NC4yNDdaTTEzMy42NjQgNzAuNjc2NkMxMzQuOTc2IDY5LjM1NTcgMTM1LjA5MiA2OC45NTM3IDEzNS4wOTIgNjUuNzIwOUMxMzUuMDkyIDYyLjQ1NzIgMTM0Ljk4NSA2Mi4wOTQ1IDEzMy42MDcgNjAuNzA3NkMxMzIuMzY1IDU5LjQ1NzUgMTMxLjg2NSA1OS4yNjIyIDEzMC41NTQgNTkuNTE1NEMxMjYuMTQ0IDYwLjM2NzIgMTI0LjgzNSA2OC4xNDIzIDEyOC41OTggNzEuMTIyOUMxMzAuMzQ4IDcyLjUwODEgMTMxLjk4OCA3Mi4zNjM1IDEzMy42NjQgNzAuNjc2NlpNNjEuNDEwNyA2Ni4wNTg0QzYwLjAyMiA2MS4zNzU0IDU4Ljg4NTkgNTcuMzkxOSA1OC44ODU5IDU3LjIwNjJDNTguODg1OSA1Ny4wMjA2IDU5LjcyNzQgNTYuODY4NiA2MC43NTU5IDU2Ljg2ODZINjIuNjI1OUw2NC4yNTUxIDYzLjg3NjZDNjUuMTUxMiA2Ny43MzEgNjUuOTU2IDcwLjY2MzMgNjYuMDQzNyA3MC4zOTI5QzY2LjEzMTMgNzAuMTIyNCA2Ny4wNTU3IDY3LjAyNDEgNjguMDk3OCA2My41MDc4TDY5Ljk5MjYgNTcuMTE0NUg3MS41OTY5SDczLjIwMTJMNzQuODg2NSA2My4yNjE5Qzc1LjgxMzQgNjYuNjQzIDc2LjY4MzIgNjkuNzQxMiA3Ni44MTk0IDcwLjE0N0M3Ni45NTU3IDcwLjU1MjcgNzcuODQxOSA2Ny43MzEgNzguNzg5IDYzLjg3NjZMODAuNTEwOSA1Ni44Njg2SDgyLjQ1MTdDODMuOTUxNyA1Ni44Njg2IDg0LjMzMDMgNTcuMDMxNiA4NC4xMTkgNTcuNTg2QzgzLjk2ODYgNTcuOTgwNiA4Mi42OTU2IDYxLjk2NDEgODEuMjkwMiA2Ni40MzgyTDc4LjczNDkgNzQuNTczMUg3Ni45NjM1SDc1LjE5MjFMNzMuNTgxMiA2OC43OTQ1QzcyLjY5NTIgNjUuNjE2MyA3MS44NTg1IDYyLjY4NDEgNzEuNzIxNyA2Mi4yNzgzQzcxLjQ0NjUgNjEuNDYxNiA3MS41OTExIDYxLjA3MzMgNjkuMTExNCA2OS4yODYzTDY3LjUxNTIgNzQuNTczMUg2NS43MjU0SDYzLjkzNTZMNjEuNDEwNyA2Ni4wNTg0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTE5Ljk3NDYgMTE5LjI3NEMxOS4wMTU4IDExOC4xMTkgMjAuMzM4MSAxMTYuMTY2IDIxLjU2MDQgMTE2LjkzMkMyMi43NjMyIDExNy42ODYgMjIuMzMwNSAxMTkuNzYxIDIwLjk3MDQgMTE5Ljc2MUMyMC42NDUgMTE5Ljc2MSAyMC4xOTY5IDExOS41NDIgMTkuOTc0NiAxMTkuMjc0WiIgZmlsbD0idXJsKCNwYWludDNfcmFkaWFsXzY3OV8xOTEwKSIvPgo8cGF0aCBkPSJNMjMuODM2IDExMi42M0MyMi4xMTUyIDExMS42ODkgMjEuODAyOSAxMDkuNzk3IDIzLjE0NjUgMTA4LjQ1M0MyNC4wODU3IDEwNy41MTQgMjUuMjEgMTA3LjM5NCAyNi4yNTA3IDEwOC4xMjNDMjcuODU3MSAxMDkuMjQ5IDI3LjQ2NTUgMTEyLjAxMyAyNS42MDc5IDExMi42NkMyNS42MDc5IDExMi42NiAyNC40NzQ1IDExMi45NzMgMjMuODM2IDExMi42M1oiIGZpbGw9InVybCgjcGFpbnQ0X3JhZGlhbF82NzlfMTkxMCkiLz4KPHBhdGggZD0iTTMzLjc4NTUgMTIwLjAzNkMzMy43ODU1IDEyMC4xODggMzMuNzU1NyAxMjAuMzM4IDMzLjY5NzYgMTIwLjQ3OUMzMy42Mzk1IDEyMC42MTkgMzMuNTU0NCAxMjAuNzQ2IDMzLjQ0NzEgMTIwLjg1M0MzMy4zMzk4IDEyMC45NjEgMzMuMjEyNCAxMjEuMDQ2IDMzLjA3MjMgMTIxLjEwNEMzMi45MzIxIDEyMS4xNjIgMzIuNzgxOCAxMjEuMTkyIDMyLjYzMDEgMTIxLjE5MkMzMi40NzgzIDEyMS4xOTIgMzIuMzI4MSAxMjEuMTYyIDMyLjE4NzkgMTIxLjEwNEMzMi4wNDc3IDEyMS4wNDYgMzEuOTIwMyAxMjAuOTYxIDMxLjgxMyAxMjAuODUzQzMxLjcwNTcgMTIwLjc0NiAzMS42MjA2IDEyMC42MTkgMzEuNTYyNiAxMjAuNDc5QzMxLjUwNDUgMTIwLjMzOCAzMS40NzQ2IDEyMC4xODggMzEuNDc0NiAxMjAuMDM2QzMxLjQ3NDYgMTE5LjczIDMxLjU5NjMgMTE5LjQzNiAzMS44MTMgMTE5LjIxOUMzMi4wMjk3IDExOS4wMDMgMzIuMzIzNiAxMTguODgxIDMyLjYzMDEgMTE4Ljg4MUMzMi45MzY1IDExOC44ODEgMzMuMjMwNCAxMTkuMDAzIDMzLjQ0NzEgMTE5LjIxOUMzMy42NjM4IDExOS40MzYgMzMuNzg1NSAxMTkuNzMgMzMuNzg1NSAxMjAuMDM2WiIgZmlsbD0iYmxhY2siLz4KPHBhdGggZD0iTTEyMC43MjEgMTE4LjI3NkMxMjAuNzIxIDExOC42MjMgMTIwLjU2NSAxMTguOTU2IDEyMC4yODcgMTE5LjIwMUMxMjAuMDA5IDExOS40NDYgMTE5LjYzMiAxMTkuNTg0IDExOS4yMzkgMTE5LjU4NEMxMTguODQ2IDExOS41ODQgMTE4LjQ2OSAxMTkuNDQ2IDExOC4xOTEgMTE5LjIwMUMxMTcuOTEzIDExOC45NTYgMTE3Ljc1NyAxMTguNjIzIDExNy43NTcgMTE4LjI3NkMxMTcuNzU3IDExOC4xMDUgMTE3Ljc5NSAxMTcuOTM1IDExNy44NyAxMTcuNzc2QzExNy45NDQgMTE3LjYxNyAxMTguMDUzIDExNy40NzMgMTE4LjE5MSAxMTcuMzUyQzExOC4zMjkgMTE3LjIzIDExOC40OTIgMTE3LjEzNCAxMTguNjcyIDExNy4wNjhDMTE4Ljg1MSAxMTcuMDAzIDExOS4wNDQgMTE2Ljk2OSAxMTkuMjM5IDExNi45NjlDMTE5LjQzMyAxMTYuOTY5IDExOS42MjYgMTE3LjAwMyAxMTkuODA2IDExNy4wNjhDMTE5Ljk4NiAxMTcuMTM0IDEyMC4xNDkgMTE3LjIzIDEyMC4yODcgMTE3LjM1MkMxMjAuNDI0IDExNy40NzMgMTIwLjUzMyAxMTcuNjE3IDEyMC42MDggMTE3Ljc3NkMxMjAuNjgyIDExNy45MzUgMTIwLjcyMSAxMTguMTA1IDEyMC43MjEgMTE4LjI3NloiIGZpbGw9IiM1OTY4NkYiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82NzlfMTkxMCIgeDE9IjExIiB5MT0iLTQuNzc3NjhlLTA3IiB4Mj0iMTY0LjUiIHkyPSIxNTAuNSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjNjRCN0ZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNURBRCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50MV9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTI0LjkwNCAxMjguNjM2KSByb3RhdGUoLTAuMDQ4NTUyKSBzY2FsZSgzNi4yODAyIDMxLjQwMzIpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzExNzdDRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM3RUM3RkYiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50Ml9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzkuMzUxMiAxMjEuNDYpIHJvdGF0ZSgtMC4wNTczKSBzY2FsZSg1MC4yMjc2IDUxLjMwOTEpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzExNzdDRSIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM3RUM3RkYiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50M19yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjAuOTU0OCAxMTguMjYpIHNjYWxlKDEuMzA5MjkgMS41MDEyNykiPgo8c3RvcCBzdG9wLWNvbG9yPSIjODhBM0QwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzVEODNCRiIvPgo8L3JhZGlhbEdyYWRpZW50Pgo8cmFkaWFsR3JhZGllbnQgaWQ9InBhaW50NF9yYWRpYWxfNjc5XzE5MTAiIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjQuNzg0MyAxMTAuMjIxKSBzY2FsZSgyLjQ3Mjc3IDIuNTY5NTQpIj4KPHN0b3Agc3RvcC1jb2xvcj0iIzg4QTNEMCIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiM1RDgzQkYiLz4KPC9yYWRpYWxHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "topology"], ["spec", "replicationFactor"], ["spec", "db"], ["spec", "db", "replicas"], ["spec", "db", "size"], ["spec", "db", "storageClass"], ["spec", "db", "resources"], ["spec", "db", "resourcesPreset"], ["spec", "master"], ["spec", "master", "replicas"], ["spec", "master", "resources"], ["spec", "master", "resourcesPreset"], ["spec", "filer"], ["spec", "filer", "replicas"], ["spec", "filer", "resources"], ["spec", "filer", "resourcesPreset"], ["spec", "filer", "grpcHost"], ["spec", "filer", "grpcPort"], ["spec", "filer", "whitelist"], ["spec", "volume"], ["spec", "volume", "replicas"], ["spec", "volume", "size"], ["spec", "volume", "storageClass"], ["spec", "volume", "resources"], ["spec", "volume", "resourcesPreset"], ["spec", "volume", "zones"], ["spec", "s3"], ["spec", "s3", "replicas"], ["spec", "s3", "resources"], ["spec", "s3", "resourcesPreset"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml b/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml rename to packages/system/cozystack-api/cozyrds/tcp-balancer.yaml index f4e03aeb..f32eb06a 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tcp-balancer.yaml +++ b/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODNfMjk4NSkiLz4KPHBhdGggZD0iTTcyLjE2NDUgNTkuNDI0M0w2Mi41IDQ4LjQ5OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjI2IiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTQxLjY4NTUgNTEuMDIxNUw0OS4yNDcgNjIuMDY5MyIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTcyLjE2NDYgNTkuNDQxNEw4MS43MjYzIDQ4LjM5MzZNODMuNzE3MSA3MS42Mjk0TDk1LjA2NCA2Mi4wNjc4TTgzLjcxNzEgNzEuNjEwOEw5NS4wNjQgODEuNTkzTTgxLjgyOTEgOTQuMjAxN0w3Mi4xNjQ2IDgzLjQ4MTFNNjIuNTAwMSA5NC4yMDE3TDcyLjE2NDYgODMuNDkwNE00OS4yNTU5IDgxLjE3MjRMNjAuMTgyMSA3MS42MTA4TTYwLjE5MTUgNzEuNjEwOEw0OS4yNjUyIDYyLjA0OTFMNzIuMTY0NiA1OS40MjI3TDk1LjA2NCA2Mi4wNDkxIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMjYiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNODEuNzE2OCA0OC4zOTM2TDgzLjcxNyA3MS42MTA4TDgxLjgyOSA5NC4xOTI0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMjYiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDY0IDgxLjU5MjVMNzIuMTY0NiA4My40ODA1TTQ5LjI1NTkgODEuMTcxOUw3Mi4xNTUzIDgzLjQ5OTIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4yNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik02Mi41MDEyIDk0LjIwMTRMNjAuMTczOCA3MS42MTk4TTYyLjUwMTIgNDguNDk2MUw2MC4xNzM4IDcxLjYxMDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4yNiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0zOC43NSA2NC45OTQ4TDQ5LjI1NTcgNjIuMDUwNk01MS40NjE1IDQwLjYxODdMNjIuNTA5MyA0OC40OTc5TTYyLjQ5MDYgNDguNDk3OUw2NS4wMTQyIDM1LjY4MzZMODEuNzE2OCA0OC4zOTUxIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNzkuMjAzMSAzNS42ODM2TDgxLjcyNjcgNDguMzk1MU05Mi43NTU4IDQwLjYxODdMODEuNzA4IDQ4LjM5NTFNMTAyLjYyNiA1MS4wMjE1TDgxLjcxNzQgNDguMzk1MU0xMDIuNjI2IDUxLjAwMjhMOTUuMDY0NSA2Mi4wNTA2TDEwNS43NzYgNjQuOTk0OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTk1LjA2MzkgNjIuMDUwNkwxMDUuNTcgNzguMDE0OE03OS4yMDI1IDM1LjY4MzZMNjIuNSA0OC40OTc5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDYzNyA2Mi4wNTExTDkyLjczNjMgNDAuNjE5MU05NS4wNjM3IDgxLjU5NTFMMTA1LjU2OSA3OC4wMTUzIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTUuMDY1IDgxLjU5NDlMMTA1Ljc3NiA2NC45OTUxTTk1LjA2NSA4MS41OTQ5TDEwMi42MjYgOTEuNzgyOE05NS4wNjUgODEuNTk0OUw5Mi43Mzc3IDEwMi4xODZNODEuODMwMSA5NC4yMDM1TDkyLjc1NjQgMTAyLjE4NiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTgxLjgyOSA5NC4yMDNMMTAyLjYyNSA5MS43ODIyTTgxLjgyOSA5NC4yMDNMNzkuMzI0MSAxMDcuMTExTTgxLjgyOSA5NC4yMDNMNjUuMDE0MyAxMDcuMTAxTTYyLjUgOTQuMjAzTDY1LjAyMzYgMTA3LjEzOSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTYyLjUwMTIgOTQuMjAzMUw3OS4zMjUzIDEwNy4xMTFNNTEuNDYyOCAxMDIuMTg1TDYyLjUxMDUgOTQuMjAzMUw0MS42NzY4IDkxLjg4NTFMNDkuMjU2OSA4MS4xNzM4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTMiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNTEuNDYxOCAxMDIuMTg1TDQ5LjI1NiA4MS4xNzMxTDM4LjY0NzUgNzcuOTExMUw0OS4yNTYgNjIuMDQ5OCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEzIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTQ5LjI1NTcgODEuMTc0NUwzOC43NSA2NC45OTUzTTUxLjQ2MTUgNDAuNjE5MUw0OS4yNTU3IDYyLjA1MTEiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik00MS42ODU1IDUxLjAyMTdMNjIuNDgxOSA0OC40OTgiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMyIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik00My4zNzYgMzYuODMzOEw1MS40NjA5IDQwLjYxOTJMNTAuODM0NiAzMS43OTU5TDY1LjAxMzYgMzUuNjg0MSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik01OC45Mjg5IDI4LjIyNDRMNjUuMDEzNiAzNS42ODMxTDY3LjUzNzMgMjYuNzM4M0w3OS4yMDE5IDM1LjY4MzFNNTEuNDYwOSA0MC42MTgxTDU4LjkxOTYgMjguMjI0NCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik03Ni41NjY3IDI2LjQ0MDRMNzkuMjAyNSAzNS42ODQzTDg1LjI5NjYgMjguMjI1Nk02NS4wMDQ5IDM1LjY4NDNMNzYuNTU3NCAyNi40NDA0TTkyLjc1NTIgNDAuNjE5NEw4NS4yNzc5IDI4LjIyNTYiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNOTIuNzU0OSA0MC42MTkyTDkzLjQ5MzIgMzEuNzk1OU05Mi43NTQ5IDQwLjYxOTJMMTAxLjAzNiAzNi40MTMyTTkyLjc1NDkgNDAuNjE5MkwxMDcuMTQ5IDQyLjgyNU03OS4yMDIxIDM1LjY4NDFMOTMuNDgzOSAzMS43OTU5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTEwMi42MjUgNTEuMDIxNEwxMDcuMTM5IDQyLjgyNDRNMTAyLjYyNSA1MS4wMjE0TDEwMS4wNDUgMzYuNDIxOU0xMDIuNjI1IDUxLjAyMTRMMTEyLjA4MyA1MC4yODNNMTAyLjYyNSA1MS4wMjE0TDExNS41NiA1OC4zNzczIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTEwNS43NzQgNjQuOTk0OUwxMTIuMDgzIDUwLjI4MzJNMTA1Ljc3NCA2NC45OTQ5TDExNS41NDEgNTguMzc3NE0xMDUuNzc0IDY0Ljk5NDlMMTE2LjcgNjcuMjAwN0wxMDUuNTY4IDc4LjAxNDkiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMTE3LjAxOSA3NS45MTIxTDEwNS41NjkgNzguMDE1MUwxMTUuMzM3IDg0LjUyOTdMMTAyLjYyNSA5MS43ODI3TTEwNS43NzUgNjQuOTk1MUwxMTcuMDE5IDc1LjkyMTQiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMTAyLjYyNSA5MS43ODMzTDExMS45NzEgOTIuNzI3M00xMDUuNTc4IDc4LjAxNTZMMTExLjk3MSA5Mi43MThNMTA3LjA1NSAxMDAuMDY0TDEwMi42NDMgOTEuNzgzM0wxMDAuOTYxIDEwNi4yOCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0xMDAuOTQzIDEwNi4yNzlMOTIuNzQ1OCAxMDIuMTg1TTkyLjc1NTEgMTAyLjE4NUw5My4zODEzIDExMS4zNDVNOTIuNzU1MSAxMDIuMTg1TDEwNy4wMzcgMTAwLjA4Mk05Mi43NTUxIDEwMi4xODVMODUuMjg3MSAxMTQuNzk0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTc5LjMyMzIgMTA3LjEwM0w4NS4yNzcgMTE0Ljc2N003OS4zMjMyIDEwNy4xMDNMOTMuMzk5MyAxMTEuMzA5TTc5LjMyMzIgMTA3LjEwM0w3Ni41NjU5IDExNi41NjFNNzkuMzIzMiAxMDcuMTAzTDY3LjU1NTcgMTE2LjU2MSIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik02NS4wMTM2IDEwNy4xMDJMNjcuNTM3MyAxMTYuNTYxTTY1LjAxMzYgMTA3LjEwMkw3Ni41NTY4IDExNi41NjFNNjUuMDEzNiAxMDcuMTAyTDU5LjAyMjQgMTE0Ljc2Nk01MS40NjA5IDEwMi4xODZMNTkuMDIyNCAxMTQuNzk0IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTY1LjAxMzkgMTA3LjEwMUw1MC43MzIyIDExMS41MTNNNTAuNzIyOCAxMTEuNTMyTDUxLjQ2MTIgMTAyLjE4NUw0My4yNjQyIDEwNi42OTlMNDEuNjg0NiA5MS44ODQ4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTUxLjQ2MSAxMDIuMTg2TDM3LjA2NzEgMTAwLjE5NU00MS42ODQ0IDkxLjg4NkwzNy4wNTc4IDEwMC4xNjdNNDEuNjg0NCA5MS44ODZMMzIuMjI1NSA5Mi44MzAxTTQxLjY4NDQgOTEuODg2TDI4LjY3MzggODQuNjQyM0wzOC42NDY3IDc3LjkxMjdMMjcuMjk5OCA3NS45MjE5IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTM4LjY0NjcgNzcuOTEyM0wzMi4yNTM2IDkyLjgyOTZNMzguNzQ5NSA2NC45OTUxTDI3LjI5OTggNzUuOTIxNCIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik0zOC42NDY3IDc3LjkxMjJMMjcuMjk5OCA2Ny4yMDA5TTM4Ljc1ODkgNjQuOTk1MUwyOC45ODIyIDU4LjQ4MDUiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNMjcuMjk5OCA2Ny4yMDA3TDM4Ljc0OTUgNjQuOTk0OUwzMi4yNDQyIDUwLjI4MzIiIHN0cm9rZT0id2hpdGUiIHN0cm9rZS13aWR0aD0iMC4xMDEiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPgo8cGF0aCBkPSJNNDEuNjgzNiA1MS4wMjE3TDMyLjIyNDcgNTAuMjgzM000MS42ODM2IDUxLjAyMTdMMjguOTgxNCA1OC40ODA0TTQxLjY4MzYgNTEuMDIxN0wzNy4xNzg1IDQzLjI0NTNNNDEuNjgzNiA1MS4wMjE3TDQzLjM2NiAzNi44NDI4IiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjAuMTAxIiBzdHJva2UtbWl0ZXJsaW1pdD0iMTAiLz4KPHBhdGggZD0iTTUxLjQ2MSA0MC42MTkxTDM3LjE2OTkgNDMuMjQ1NiIgc3Ryb2tlPSJ3aGl0ZSIgc3Ryb2tlLXdpZHRoPSIwLjEwMSIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+CjxwYXRoIGQ9Ik01NC41NjQ1IDc3LjA3MDJMNTQuNjM5MiA2Ni4wMjI0TDY1LjY4NyA2Ni4wOTcxTDY1LjYxMjMgNzcuMTQ0OUw1NC41NjQ1IDc3LjA3MDJaTTY2LjUxODkgNjQuOTEwMUw2Ni41OTM3IDUzLjg2MjNMNzcuNjQxNSA1My45MzcxTDc3LjU2NjcgNjQuOTg0OUw2Ni41MTg5IDY0LjkxMDFaTTY2LjUxODkgODkuMTI3NEw2Ni41OTM3IDc4LjA3OTZMNzcuNjQxNSA3OC4xNTQ0TDc3LjU2NjcgODkuMjAyMkw2Ni41MTg5IDg5LjEyNzRaTTc4LjU3NjEgNzYuOTY3M0w3OC42NTA5IDY1LjkxOTVMODkuNjk4NyA2NS45OTQzTDg5LjYyMzkgNzcuMDQyMUw3OC41NzYxIDc2Ljk2NzNaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNzcuOTQwNiA1Mi4yMzY2TDc3Ljk5NjYgNDQuNTcyM0w4NS42OTgzIDQ0LjYyODNMODUuNjQyMiA1Mi4yOTI2TDc3Ljk0MDYgNTIuMjM2NlpNNTguNjg2NCA1Mi4yMzY2TDU4Ljc0MjQgNDQuNTcyM0w2Ni40NDQxIDQ0LjYyODNMNjYuMzg4IDUyLjI5MjZMNTguNjg2NCA1Mi4yMzY2Wk00NS4zNTggNjUuODkyMUw0NS40MTQxIDU4LjIyNzhMNTMuMTE1NyA1OC4yODM5TDUzLjA1OTcgNjUuOTQ4Mkw0NS4zNTggNjUuODkyMVpNNDUuMzQ4NiA4NS4xNjVMNDUuNDMyOCA3Ny41MDA3TDUzLjEzNDQgNzcuNTg0OEw1My4wNTAzIDg1LjI0OTFMNDUuMzQ4NiA4NS4xNjVaTTkxLjI2OSA4NS4wMTU0TDkxLjMyNSA3Ny4zNTExTDk5LjAyNjcgNzcuNDA3Mkw5OC45NzA2IDg1LjA3MTVMOTEuMjY5IDg1LjAxNTRaTTkxLjQxODUgNjUuOTQ4Mkw5MS41MDI2IDU4LjI4MzlMOTkuMjA0MyA1OC4zNjhMOTkuMTIwMiA2Ni4wMzIzTDkxLjQxODUgNjUuOTQ4MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0zOS4xMTQzIDUzLjUyNjNMMzkuMTUxNyA0OC40NzkxTDQ0LjE4MDIgNDguNTE2NUw0NC4xNDI4IDUzLjU2MzdMMzkuMTE0MyA1My41MjYzWk00OC45NTYzIDQzLjI2MzdMNDguOTkzNyAzOC4yMTY0TDU0LjAyMjMgMzguMjUzOEw1My45ODQ5IDQzLjMwMUw0OC45NTYzIDQzLjI2MzdaTTYyLjQ5OTcgMzguMTg4NEw2Mi41MzcxIDMzLjE0MTJMNjcuNTY1NiAzMy4xNzg2TDY3LjUyODIgMzguMjI1OEw2Mi40OTk3IDM4LjE4ODRaTTM2LjE1MTQgNjcuNDkwM0wzNi4xODg4IDYyLjQ0MzFMNDEuMTg5MiA2Mi40ODA1TDQxLjE1MTkgNjcuNTI3N0wzNi4xNTE0IDY3LjQ5MDNaTTEwMC4wODMgNDguNTUzOUwxMDUuMTMgNDguNTE2NUwxMDUuMTY3IDUzLjU0NUwxMDAuMTIgNTMuNTgyNEwxMDAuMDgzIDQ4LjU1MzlaTTkwLjI0MDcgMzguMTEzNkw5NS4yODc5IDM4LjA3NjJMOTUuMzI1MyA0My4xMDQ4TDkwLjI3ODEgNDMuMTQyMUw5MC4yNDA3IDM4LjExMzZaTTc2LjY1MDYgMzMuMTY5Mkw4MS42OTc4IDMzLjEzMThMODEuNzM1MiAzOC4xNjA0TDc2LjY4OCAzOC4xOTc3TDc2LjY1MDYgMzMuMTY5MlpNMTAzLjAxOCA2Mi40OTkyTDEwOC4wNjUgNjIuNDYxOEwxMDguMTAyIDY3LjQ5MDNMMTAzLjA1NSA2Ny41Mjc3TDEwMy4wMTggNjIuNDk5MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik01OC41ODMgOTguMjQwNUw1OC42MzkxIDkwLjU3NjJMNjYuMzQwOCA5MC42MzIzTDY2LjI4NDcgOTguMjk2NUw1OC41ODMgOTguMjQwNVpNNzcuODM3MiA5OC4yNDA1TDc3Ljg5MzMgOTAuNTc2Mkw4NS41OTUgOTAuNjMyM0w4NS41Mzg5IDk4LjI5NjVMNzcuODM3MiA5OC4yNDA1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEwMC4wNDUgOTQuMzYxOUwxMDAuMDgyIDg5LjMxNDdMMTA1LjExMSA4OS4zNTIxTDEwNS4wNzQgOTQuMzk5M0wxMDAuMDQ1IDk0LjM2MTlaTTkwLjMxNTIgMTA0LjcyN0w5MC4zNTI2IDk5LjY4MDJMOTUuMzgxMSA5OS43MTc2TDk1LjM0MzcgMTA0Ljc2NUw5MC4zMTUyIDEwNC43MjdaTTc2Ljc3MTggMTA5LjdMNzYuODA5MiAxMDQuNjUzTDgxLjgzNzcgMTA0LjY5TDgxLjgwMDQgMTA5LjczN0w3Ni43NzE4IDEwOS43Wk0xMDMuMDA4IDgwLjM5NzlMMTAzLjA0NSA3NS4zNTA3TDEwOC4wNzQgNzUuMzg4MUwxMDguMDM3IDgwLjQzNTNMMTAzLjAwOCA4MC4zOTc5Wk0zOS4xMjMzIDg5LjMxNDdMNDQuMTcwNiA4OS4yNzczTDQ0LjIwNzkgOTQuMzA1OEwzOS4xNjA3IDk0LjM0MzJMMzkuMTIzMyA4OS4zMTQ3Wk00OC45NjU0IDk5LjY0MjhMNTQuMDEyNiA5OS42MDU0TDU0LjA1IDEwNC42MzRMNDkuMDAyOCAxMDQuNjcxTDQ4Ljk2NTQgOTkuNjQyOFpNNjIuNDQzMyAxMDQuNTk3TDY3LjQ5MDYgMTA0LjU1OUw2Ny41Mjc5IDEwOS41ODhMNjIuNDgwNyAxMDkuNjI1TDYyLjQ0MzMgMTA0LjU5N1pNMzYuMTg4NSA3NS4zNjk0TDQxLjIzNTcgNzUuMzMyTDQxLjI3MzEgODAuMzYwNkwzNi4yMjU5IDgwLjM5NzlMMzYuMTg4NSA3NS4zNjk0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExMC42MjUgNTEuNjM4NEwxMTAuNjQ0IDQ4LjkwOTJMMTEzLjQyOSA0OC45Mjc5TDExMy40MSA1MS42NTcxTDExMC42MjUgNTEuNjM4NFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTQuMjI0IDU5Ljg5MTNMMTE0LjI0MiA1Ny4xNjIxTDExNy4wMjggNTcuMTgwOEwxMTcuMDA5IDU5LjkxTDExNC4yMjQgNTkuODkxM1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMDUuNzY3IDQ0LjMzNzZMMTA1Ljc4NSA0MS42MDg0TDEwOC41NzEgNDEuNjI3MUwxMDguNTUyIDQ0LjM1NjNMMTA1Ljc2NyA0NC4zMzc2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTQxLjk3MzYgMzguMDk0NUw0MS45OTIzIDM1LjM2NTJMNDQuNzc3NiAzNS4zODM5TDQ0Ljc1ODkgMzguMTEzMkw0MS45NzM2IDM4LjA5NDVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjYgNjguNTU1NEwyNi4wMTg3IDY1LjgyNjJMMjguODA0IDY1Ljg0NDlMMjguNzg1MyA2OC41NzQxTDI2IDY4LjU1NTRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNOTkuNjI0IDM4LjA5NDVMOTkuNjQyNyAzNS4zNjUyTDEwMi40MjggMzUuMzgzOUwxMDIuNDA5IDM4LjExMzJMOTkuNjI0IDM4LjA5NDVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMjcuNTg5OCA1OS44ODE2TDI3LjYwODUgNTcuMTUyM0wzMC4zOTM5IDU3LjE3MUwzMC4zNzUyIDU5LjkwMDNMMjcuNTg5OCA1OS44ODE2WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTU3LjYyOTkgMjkuNjM1NUw1Ny42NDg2IDI2LjkwNjJMNjAuNDMzOSAyNi45MjQ5TDYwLjQxNTIgMjkuNjU0Mkw1Ny42Mjk5IDI5LjYzNTVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzAuOTcyNyA1MS42Mzg0TDMwLjk5MTMgNDguOTA5MkwzMy43NzY3IDQ4LjkyNzlMMzMuNzU4IDUxLjY1NzFMMzAuOTcyNyA1MS42Mzg0WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTM1Ljk0NTMgNDQuMjM2MUwzNS45NjQgNDEuNTA2OEwzOC43NDkzIDQxLjUyNTVMMzguNzMwNiA0NC4yNTQ4TDM1Ljk0NTMgNDQuMjM2MVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00OS40MjI5IDMwLjQyMDRMNTIuMTUyMSAzMC40MDE3TDUyLjE3MDggMzMuMTg3TDQ5LjQ0MTUgMzMuMjA1N0w0OS40MjI5IDMwLjQyMDRaTTY2LjMwMyAyNS4wNDZMNjkuMDMyMiAyNS4wMjczTDY5LjA1MDkgMjcuODEyN0w2Ni4zMjE3IDI3LjgzMTRMNjYuMzAzIDI1LjA0NloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4yMjI3IDMzLjIyNDRMOTIuMjQxNCAzMC40OTUxTDk1LjAyNjcgMzAuNTEzOEw5NS4wMDggMzMuMjQzTDkyLjIyMjcgMzMuMjI0NFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTUuNTk4IDY4LjQ1MjlMMTE1LjYxNiA2NS43MjM2TDExOC40MDIgNjUuNzQyM0wxMTguMzgzIDY4LjQ3MTZMMTE1LjU5OCA2OC40NTI5WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTc1LjE5MTQgMjcuNzI5Mkw3NS4yMTAxIDI1TDc3Ljk5NTQgMjUuMDE4N0w3Ny45NzY3IDI3Ljc0NzlMNzUuMTkxNCAyNy43MjkyWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTgzLjg2NjIgMjkuNTIzMkw4My44ODQ5IDI2Ljc5MzlMODYuNjcwMiAyNi44MTI2TDg2LjY1MTUgMjkuNTQxOUw4My44NjYyIDI5LjUyMzJaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNOTkuNjI0IDEwNy43TDk5LjY0MjcgMTA0Ljk3MUwxMDIuNDI4IDEwNC45ODlMMTAyLjQwOSAxMDcuNzE5TDk5LjYyNCAxMDcuN1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0xMTUuNTk4IDc3LjIzOUwxMTUuNjE2IDc0LjUwOThMMTE4LjQwMiA3NC41Mjg1TDExOC4zODMgNzcuMjU3N0wxMTUuNTk4IDc3LjIzOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik00MS45NzM2IDEwNy43TDQxLjk5MjMgMTA0Ljk3MUw0NC43Nzc2IDEwNC45ODlMNDQuNzU4OSAxMDcuNzE5TDQxLjk3MzYgMTA3LjdaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMTE0LjIyNCA4Ni4wMzI5TDExNC4yNDIgODMuMzAzN0wxMTcuMDI4IDgzLjMyMjRMMTE3LjAwOSA4Ni4wNTE2TDExNC4yMjQgODYuMDMyOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik04My44NjYyIDExNi4yN0w4My44ODQ5IDExMy41NDFMODYuNjcwMiAxMTMuNTZMODYuNjUxNSAxMTYuMjg5TDgzLjg2NjIgMTE2LjI3WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTExMC42MjUgOTQuMjY4M0wxMTAuNjQ0IDkxLjUzOTFMMTEzLjQyOSA5MS41NTc4TDExMy40MSA5NC4yODdMMTEwLjYyNSA5NC4yNjgzWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEwNS43NjcgMTAxLjY3MkwxMDUuNzg1IDk4Ljk0MjRMMTA4LjU3MSA5OC45NjExTDEwOC41NTIgMTAxLjY5TDEwNS43NjcgMTAxLjY3MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik05Mi4xMDk0IDExMC4wNjVMOTQuODM4NiAxMTAuMDQ2TDk0Ljg1NzMgMTEyLjgzMUw5Mi4xMjggMTEyLjg1TDkyLjEwOTQgMTEwLjA2NVpNNzUuMzMyIDExNS4yMTVMNzguMDYxMyAxMTUuMTk2TDc4LjA4IDExNy45ODFMNzUuMzUwNyAxMThMNzUuMzMyIDExNS4yMTVaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNDkuNDc4NSAxMTIuODg2TDQ5LjQ5NzIgMTEwLjE1N0w1Mi4yODI1IDExMC4xNzZMNTIuMjYzOCAxMTIuOTA1TDQ5LjQ3ODUgMTEyLjg4NloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0zMC44NTk0IDk0LjE2NThMMzAuODc4MSA5MS40MzY1TDMzLjY2MzQgOTEuNDU1MkwzMy42NDQ3IDk0LjE4NDVMMzAuODU5NCA5NC4xNjU4WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTI3LjU4MDEgODYuMDE0NEwyNy41OTg4IDgzLjI4NTJMMzAuMzg0MSA4My4zMDM5TDMwLjM2NTQgODYuMDMzMUwyNy41ODAxIDg2LjAxNDRaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzUuODMyIDEwMS42NzJMMzUuODUwNyA5OC45NDI0TDM4LjYzNiA5OC45NjExTDM4LjYxNzMgMTAxLjY5TDM1LjgzMiAxMDEuNjcyWiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTI2IDc3LjIzOUwyNi4wMTg3IDc0LjUwOThMMjguODA0IDc0LjUyODVMMjguNzg1MyA3Ny4yNTc3TDI2IDc3LjIzOVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik02Ni40MDUzIDExNy45NjJMNjYuNDI0IDExNS4yMzJMNjkuMjA5MyAxMTUuMjUxTDY5LjE5MDYgMTE3Ljk4TDY2LjQwNTMgMTE3Ljk2MloiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik01Ny41MTc2IDExNi4xNjhMNTcuNTM2MyAxMTMuNDM4TDYwLjMyMTYgMTEzLjQ1N0w2MC4zMDI5IDExNi4xODZMNTcuNTE3NiAxMTYuMTY4WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODNfMjk4NSIgeDE9IjEwIiB5MT0iMTUuNSIgeDI9IjE0NCIgeTI9IjEzMS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMwMEE4REEiLz4KPHN0b3Agb2Zmc2V0PSIwLjQ5NSIgc3RvcC1jb2xvcj0iIzM1NzlCQyIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMyODZFQTUiLz4KPC9saW5lYXJHcmFkaWVudD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "httpAndHttps"], ["spec", "httpAndHttps", "mode"], ["spec", "httpAndHttps", "targetPorts"], ["spec", "httpAndHttps", "targetPorts", "http"], ["spec", "httpAndHttps", "targetPorts", "https"], ["spec", "httpAndHttps", "endpoints"], ["spec", "whitelistHTTP"], ["spec", "whitelist"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml b/packages/system/cozystack-api/cozyrds/tenant.yaml similarity index 97% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml rename to packages/system/cozystack-api/cozyrds/tenant.yaml index 76aa6365..da4efabf 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/tenant.yaml +++ b/packages/system/cozystack-api/cozyrds/tenant.yaml @@ -27,7 +27,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQwMykiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDAzKSI+CjxwYXRoIGQ9Ik03MiAyOUM2Ni4zOTI2IDI5IDYxLjAxNDggMzEuMjM4OCA1Ny4wNDk3IDM1LjIyNEM1My4wODQ3IDM5LjIwOTEgNTAuODU3MSA0NC42MTQxIDUwLjg1NzEgNTAuMjVDNTAuODU3MSA1NS44ODU5IDUzLjA4NDcgNjEuMjkwOSA1Ny4wNDk3IDY1LjI3NkM2MS4wMTQ4IDY5LjI2MTIgNjYuMzkyNiA3MS41IDcyIDcxLjVDNzcuNjA3NCA3MS41IDgyLjk4NTIgNjkuMjYxMiA4Ni45NTAzIDY1LjI3NkM5MC45MTUzIDYxLjI5MDkgOTMuMTQyOSA1NS44ODU5IDkzLjE0MjkgNTAuMjVDOTMuMTQyOSA0NC42MTQxIDkwLjkxNTMgMzkuMjA5MSA4Ni45NTAzIDM1LjIyNEM4Mi45ODUyIDMxLjIzODggNzcuNjA3NCAyOSA3MiAyOVpNNjAuOTgyNiA4My4zMDM3QzYwLjQ1NCA4Mi41ODk4IDU5LjU5NTEgODIuMTkxNCA1OC43MTk2IDgyLjI3NDRDNDUuMzg5NyA4My43MzU0IDM1IDk1LjEwNzQgMzUgMTA4LjkwM0MzNSAxMTEuNzI2IDM3LjI3OTUgMTE0IDQwLjA3MSAxMTRIMTAzLjkyOUMxMDYuNzM3IDExNCAxMDkgMTExLjcwOSAxMDkgMTA4LjkwM0MxMDkgOTUuMTA3NCA5OC42MTAzIDgzLjc1MiA4NS4yNjM4IDgyLjI5MUM4NC4zODg0IDgyLjE5MTQgODMuNTI5NSA4Mi42MDY0IDgzLjAwMDkgODMuMzIwM0w3NC4wOTc4IDk1LjI0MDJDNzMuMDQwNiA5Ni42NTE0IDcwLjkyNjMgOTYuNjUxNCA2OS44NjkyIDk1LjI0MDJMNjAuOTY2MSA4My4zMjAzTDYwLjk4MjYgODMuMzAzN1oiIGZpbGw9ImJsYWNrIi8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl82ODdfMzQwMyIgeDE9IjcyIiB5MT0iMTQ0IiB4Mj0iLTEuMjgxN2UtMDUiIHkyPSI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNDMEQ2RkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjMiIHN0b3AtY29sb3I9IiNDNERBRkYiLz4KPHN0b3Agb2Zmc2V0PSIwLjY1IiBzdG9wLWNvbG9yPSIjRDNFOUZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0U5RkZGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zNDAzIj4KPHJlY3Qgd2lkdGg9Ijc0IiBoZWlnaHQ9Ijg1IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzUgMjkpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "isolated"], ["spec", "resourceQuotas"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml b/packages/system/cozystack-api/cozyrds/virtual-machine.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml rename to packages/system/cozystack-api/cozyrds/virtual-machine.yaml index 0a0d4821..0c4377b6 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/virtual-machine.yaml +++ b/packages/system/cozystack-api/cozyrds/virtual-machine.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQ1NCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDU0KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMDBCM0ZGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8L2c+CjxwYXRoIGQ9Ik03Mi41Mjc1IDUzLjgzNjdDNzIuNDQzMSA1My44MzUxIDcyLjM2MDUgNTMuODEyMiA3Mi4yODczIDUzLjc3MDFMNTYuNDY5OSA0NC43OTM0QzU2LjM5ODMgNDQuNzUxOSA1Ni4zMzg4IDQ0LjY5MjMgNTYuMjk3MyA0NC42MjA3QzU2LjI1NTkgNDQuNTQ5IDU2LjIzMzggNDQuNDY3OCA1Ni4yMzM0IDQ0LjM4NUM1Ni4yMzM0IDQ0LjIxNjkgNTYuMzI1OCA0NC4wNjE3IDU2LjQ2OTkgNDMuOTc4NUw3Mi4xOTEyIDM1LjA2MDlDNzIuMjYzNyAzNS4wMjEgNzIuMzQ1IDM1IDcyLjQyNzcgMzVDNzIuNTEwNSAzNSA3Mi41OTE4IDM1LjAyMSA3Mi42NjQzIDM1LjA2MDlMODguNDg3MiA0NC4wMzk1Qzg4LjU1OTEgNDQuMDgwMSA4OC42MTg4IDQ0LjEzOTIgODguNjYgNDQuMjEwN0M4OC43MDEzIDQ0LjI4MjIgODguNzIyNyA0NC4zNjM1IDg4LjcyMTkgNDQuNDQ2Qzg4LjcyMjUgNDQuNTI4NSA4OC43MDEgNDQuNjA5NyA4OC42NTk4IDQ0LjY4MTJDODguNjE4NSA0NC43NTI2IDg4LjU1ODkgNDQuODExOCA4OC40ODcyIDQ0Ljg1MjVMNzIuNzcxNCA1My43NjgzQzcyLjY5NzIgNTMuODExNCA3Mi42MTMzIDUzLjgzNDkgNzIuNTI3NSA1My44MzY3IiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBvcGFjaXR5PSIwLjciIGQ9Ik03MC4yNTUzIDc1LjY1MTdDNzAuMTcxIDc1LjY1MzUgNzAuMDg3OCA3NS42MzE3IDcwLjAxNTEgNzUuNTg4OEw1NC4yNDU4IDY2LjY0MTdDNTQuMTcxNSA2Ni42MDI0IDU0LjEwOTUgNjYuNTQzNiA1NC4wNjYxIDY2LjQ3MTZDNTQuMDIyOCA2Ni4zOTk3IDU0IDY2LjMxNzMgNTQgNjYuMjMzM1Y0OC4yNzhDNTQgNDguMTA4IDU0LjA5MjQgNDcuOTU0NiA1NC4yNDM5IDQ3Ljg2OTZDNTQuMzE3MiA0Ny44MjcxIDU0LjQwMDQgNDcuODA0NyA1NC40ODUxIDQ3LjgwNDdDNTQuNTY5NyA0Ny44MDQ3IDU0LjY1MjkgNDcuODI3MSA1NC43MjYyIDQ3Ljg2OTZMNzAuNDkzNyA1Ni44MTMxQzcwLjU2NDIgNTYuODU2NSA3MC42MjI1IDU2LjkxNyA3MC42NjMyIDU2Ljk4OTFDNzAuNzAzOSA1Ny4wNjEyIDcwLjcyNTcgNTcuMTQyNCA3MC43MjY1IDU3LjIyNTFWNzUuMTgwNUM3MC43MjU5IDc1LjI2MjggNzAuNzA0MiA3NS4zNDM2IDcwLjY2MzUgNzUuNDE1MUM3MC42MjI3IDc1LjQ4NjYgNzAuNTY0MiA3NS41NDY0IDcwLjQ5MzcgNzUuNTg4OEM3MC40MjA2IDc1LjYyOTEgNzAuMzM4NyA3NS42NTA3IDcwLjI1NTMgNzUuNjUxNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggb3BhY2l0eT0iMC40IiBkPSJNNzQuNzE5OCA3NS42NTExQzc0LjYzMzMgNzUuNjUxMiA3NC41NDgyIDc1LjYyOTYgNzQuNDcyMiA3NS41ODgzQzc0LjQwMTYgNzUuNTQ2MSA3NC4zNDMyIDc1LjQ4NjIgNzQuMzAyNyA3NS40MTQ3Qzc0LjI2MjMgNzUuMzQzMSA3NC4yNDExIDc1LjI2MjIgNzQuMjQxMiA3NS4xOFY1Ny4zMzczQzc0LjI0MTIgNTcuMTcxIDc0LjMzMzYgNTcuMDE1OCA3NC40NzIyIDU2LjkyOUw5MC4yMzk3IDQ3Ljk4NTVDOTAuMzExOSA0Ny45NDM4IDkwLjM5MzggNDcuOTIxOSA5MC40NzcxIDQ3LjkyMTlDOTAuNTYwNSA0Ny45MjE5IDkwLjY0MjQgNDcuOTQzOCA5MC43MTQ2IDQ3Ljk4NTVDOTAuNzg3NiA0OC4wMjU1IDkwLjg0ODUgNDguMDg0MiA5MC44OTExIDQ4LjE1NTdDOTAuOTMzNyA0OC4yMjcyIDkwLjk1NjMgNDguMzA4OCA5MC45NTY2IDQ4LjM5MlY2Ni4yMzI4QzkwLjk1NyA2Ni4zMTY0IDkwLjkzNDcgNjYuMzk4NSA5MC44OTIxIDY2LjQ3MDRDOTAuODQ5NSA2Ni41NDI0IDkwLjc4ODEgNjYuNjAxNCA5MC43MTQ2IDY2LjY0MTFMNzQuOTUyNiA3NS41ODgzQzc0Ljg4MjUgNzUuNjMwNyA3NC44MDE4IDc1LjY1MjUgNzQuNzE5OCA3NS42NTExIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zNDU0IiB4MT0iMTYxIiB5MT0iMTgwIiB4Mj0iMy41OTI4NGUtMDciIHkyPSI0Ljk5OTk4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNTk1NjU2Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjg3XzM0NTQiPgo8cmVjdCB3aWR0aD0iOTQiIGhlaWdodD0iOTQiIGZpbGw9IndoaXRlIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNSAyNSkiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "systemDisk"], ["spec", "systemDisk", "image"], ["spec", "systemDisk", "storage"], ["spec", "systemDisk", "storageClass"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml b/packages/system/cozystack-api/cozyrds/vm-disk.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml rename to packages/system/cozystack-api/cozyrds/vm-disk.yaml index 0f3d4754..a9893506 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-disk.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-disk.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8zMzBfNDg5NjMpIi8+CjxnIGZpbHRlcj0idXJsKCNmaWx0ZXIwX2lfMzMwXzQ4OTYzKSI+CjxwYXRoIGQ9Ik03Mi4wMDAxIDI2LjYzNjdDNDYuODc3MiAyNi42MzY3IDI2LjUxMTIgNDcuMDAyNyAyNi41MTEyIDcyLjEyNTZDMjYuNTExMiA5Ny4yNDg0IDQ2Ljg3NzIgMTE3LjYxNCA3Mi4wMDAxIDExNy42MTRDOTcuMTIyOSAxMTcuNjE0IDExNy40ODkgOTcuMjQ4MiAxMTcuNDg5IDcyLjEyNTRDMTE3LjQ4OSA0Ny4wMDI1IDk3LjEyMjkgMjYuNjM2NyA3Mi4wMDAxIDI2LjYzNjdaTTcyLjAwMDEgODEuNjIxMkM2Ni43NTU3IDgxLjYyMTIgNjIuNTA0NCA3Ny4zNjk5IDYyLjUwNDQgNzIuMTI1NkM2Mi41MDQ0IDY2Ljg4MTIgNjYuNzU1NyA2Mi42Mjk5IDcyLjAwMDEgNjIuNjI5OUM3Ny4yNDQ0IDYyLjYyOTkgODEuNDk1NyA2Ni44ODEyIDgxLjQ5NTcgNzIuMTI1NkM4MS40OTU3IDc3LjM2OTkgNzcuMjQ0NCA4MS42MjEyIDcyLjAwMDEgODEuNjIxMloiIGZpbGw9IiNCQUQ5RkYiLz4KPC9nPgo8cGF0aCBkPSJNNTIuMDA3NSA2NS43MjA5TDMyLjI5NzYgNTkuMDQ5OEMzNi4yODQyIDQ3LjI3MTEgNDUuMzI4NSAzNy42MzE1IDU2LjQ5MSAzMy4yNjRMNjQuMDcyOCA1Mi42NDE5QzU4LjY0MiA1NC43NjY3IDU0LjAxOSA1OS43NzgzIDUyLjAwNzUgNjUuNzIwOVpNOTEuOTkyNiA3OC41M0wxMTEuNzAzIDg1LjIwMTFDMTA3LjcxNiA5Ni45Nzk5IDk4LjY3MTggMTA2LjYxOSA4Ny41MDkzIDExMC45ODdMNzkuOTI3NSA5MS42MDlDODUuMzU4MSA4OS40ODQyIDg5Ljk4MTMgODQuNDcyNiA5MS45OTI2IDc4LjUzWiIgZmlsbD0iI0VERjZGRiIvPgo8cGF0aCBkPSJNNTUuOTMyNCA1OC43MDI4QzU3LjY1MTQgNTYuNjE0IDU5LjcxOTQgNTQuODYzMiA2MS45ODk0IDUzLjYxODNDNjMuMTQ5IDUyLjk4MjQgNjQuMjYzMyA1My4xMjk2IDYzLjc4MTQgNTEuODk3OUw1Ny4yMDk1IDM1LjEwMDlDNTYuMjkwOSAzMi43NTI5IDU1LjI4MTQgMzMuNzI4NSA1My45MDYgMzQuMzg2OEM0OC45NzM0IDM2Ljc0NzYgNDQuNTM0OSA0MC4xNTkgNDAuODYwMSA0NC4zMTU0TDU1LjkzMjQgNTguNzAyOFpNODguMDY3NiA4NS41NDgxQzg1LjgzNTIgODguMjYwNSA4My4wMTQ4IDkwLjQwMjkgNzkuOTI2OSA5MS42MDhMODcuNTA4OSAxMTAuOTg2QzkzLjQ3ODUgMTA4LjY1NCA5OC44MzM2IDEwNC44MDYgMTAzLjE0IDk5LjkzNTVMODguMDY3NiA4NS41NDgxWiIgZmlsbD0iI0NERTNGRiIvPgo8cGF0aCBkPSJNNzIgODkuNDM4OEM2Mi40NTM0IDg5LjQzODggNTQuNjg2NSA4MS42NzIxIDU0LjY4NjUgNzIuMTI1NEM1NC42ODY1IDYyLjU3ODYgNjIuNDUzNCA1NC44MTE5IDcyIDU0LjgxMTlDODEuNTQ2OCA1NC44MTE5IDg5LjMxMzQgNjIuNTc4OCA4OS4zMTM0IDcyLjEyNTRDODkuMzEzNCA4MS42NzIgODEuNTQ2OCA4OS40Mzg4IDcyIDg5LjQzODhaTTcyIDU5LjExMDVDNjQuODIzNCA1OS4xMTA1IDU4Ljk4NDkgNjQuOTQ5IDU4Ljk4NDkgNzIuMTI1NkM1OC45ODQ5IDc5LjMwMjIgNjQuODIzNCA4NS4xNDA2IDcyIDg1LjE0MDZDNzkuMTc2NiA4NS4xNDA2IDg1LjAxNSA3OS4zMDIyIDg1LjAxNSA3Mi4xMjU2Qzg1LjAxNSA2NC45NDkgNzkuMTc2NiA1OS4xMTA1IDcyIDU5LjExMDVaIiBmaWxsPSIjMDBCNEZGIi8+CjxkZWZzPgo8ZmlsdGVyIGlkPSJmaWx0ZXIwX2lfMzMwXzQ4OTYzIiB4PSIyNi41MTEyIiB5PSIyNi42MzY3IiB3aWR0aD0iOTIuOTc3OCIgaGVpZ2h0PSI5Mi45Nzc1IiBmaWx0ZXJVbml0cz0idXNlclNwYWNlT25Vc2UiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CjxmZUZsb29kIGZsb29kLW9wYWNpdHk9IjAiIHJlc3VsdD0iQmFja2dyb3VuZEltYWdlRml4Ii8+CjxmZUJsZW5kIG1vZGU9Im5vcm1hbCIgaW49IlNvdXJjZUdyYXBoaWMiIGluMj0iQmFja2dyb3VuZEltYWdlRml4IiByZXN1bHQ9InNoYXBlIi8+CjxmZUNvbG9yTWF0cml4IGluPSJTb3VyY2VBbHBoYSIgdHlwZT0ibWF0cml4IiB2YWx1ZXM9IjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDEyNyAwIiByZXN1bHQ9ImhhcmRBbHBoYSIvPgo8ZmVPZmZzZXQgZHg9IjIiIGR5PSIyIi8+CjxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuNSIvPgo8ZmVDb21wb3NpdGUgaW4yPSJoYXJkQWxwaGEiIG9wZXJhdG9yPSJhcml0aG1ldGljIiBrMj0iLTEiIGszPSIxIi8+CjxmZUNvbG9yTWF0cml4IHR5cGU9Im1hdHJpeCIgdmFsdWVzPSIwIDAgMCAwIDEgMCAwIDAgMCAxIDAgMCAwIDAgMSAwIDAgMCAwLjIxIDAiLz4KPGZlQmxlbmQgbW9kZT0ibm9ybWFsIiBpbjI9InNoYXBlIiByZXN1bHQ9ImVmZmVjdDFfaW5uZXJTaGFkb3dfMzMwXzQ4OTYzIi8+CjwvZmlsdGVyPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfMzMwXzQ4OTYzIiB4MT0iLTE1LjUiIHkxPSItMTIiIHgyPSIyMTYuNSIgeTI9IjE4NS41IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiM2NUNDRkYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDQ0Mzc0Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "source"], ["spec", "optical"], ["spec", "storage"], ["spec", "storageClass"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml b/packages/system/cozystack-api/cozyrds/vm-instance.yaml similarity index 99% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml rename to packages/system/cozystack-api/cozyrds/vm-instance.yaml index 1c019265..384a7cf8 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vm-instance.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-instance.yaml @@ -30,7 +30,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzQ1NCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zNDU0KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMDBCM0ZGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8L2c+CjxwYXRoIGQ9Ik03Mi41Mjc1IDUzLjgzNjdDNzIuNDQzMSA1My44MzUxIDcyLjM2MDUgNTMuODEyMiA3Mi4yODczIDUzLjc3MDFMNTYuNDY5OSA0NC43OTM0QzU2LjM5ODMgNDQuNzUxOSA1Ni4zMzg4IDQ0LjY5MjMgNTYuMjk3MyA0NC42MjA3QzU2LjI1NTkgNDQuNTQ5IDU2LjIzMzggNDQuNDY3OCA1Ni4yMzM0IDQ0LjM4NUM1Ni4yMzM0IDQ0LjIxNjkgNTYuMzI1OCA0NC4wNjE3IDU2LjQ2OTkgNDMuOTc4NUw3Mi4xOTEyIDM1LjA2MDlDNzIuMjYzNyAzNS4wMjEgNzIuMzQ1IDM1IDcyLjQyNzcgMzVDNzIuNTEwNSAzNSA3Mi41OTE4IDM1LjAyMSA3Mi42NjQzIDM1LjA2MDlMODguNDg3MiA0NC4wMzk1Qzg4LjU1OTEgNDQuMDgwMSA4OC42MTg4IDQ0LjEzOTIgODguNjYgNDQuMjEwN0M4OC43MDEzIDQ0LjI4MjIgODguNzIyNyA0NC4zNjM1IDg4LjcyMTkgNDQuNDQ2Qzg4LjcyMjUgNDQuNTI4NSA4OC43MDEgNDQuNjA5NyA4OC42NTk4IDQ0LjY4MTJDODguNjE4NSA0NC43NTI2IDg4LjU1ODkgNDQuODExOCA4OC40ODcyIDQ0Ljg1MjVMNzIuNzcxNCA1My43NjgzQzcyLjY5NzIgNTMuODExNCA3Mi42MTMzIDUzLjgzNDkgNzIuNTI3NSA1My44MzY3IiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBvcGFjaXR5PSIwLjciIGQ9Ik03MC4yNTUzIDc1LjY1MTdDNzAuMTcxIDc1LjY1MzUgNzAuMDg3OCA3NS42MzE3IDcwLjAxNTEgNzUuNTg4OEw1NC4yNDU4IDY2LjY0MTdDNTQuMTcxNSA2Ni42MDI0IDU0LjEwOTUgNjYuNTQzNiA1NC4wNjYxIDY2LjQ3MTZDNTQuMDIyOCA2Ni4zOTk3IDU0IDY2LjMxNzMgNTQgNjYuMjMzM1Y0OC4yNzhDNTQgNDguMTA4IDU0LjA5MjQgNDcuOTU0NiA1NC4yNDM5IDQ3Ljg2OTZDNTQuMzE3MiA0Ny44MjcxIDU0LjQwMDQgNDcuODA0NyA1NC40ODUxIDQ3LjgwNDdDNTQuNTY5NyA0Ny44MDQ3IDU0LjY1MjkgNDcuODI3MSA1NC43MjYyIDQ3Ljg2OTZMNzAuNDkzNyA1Ni44MTMxQzcwLjU2NDIgNTYuODU2NSA3MC42MjI1IDU2LjkxNyA3MC42NjMyIDU2Ljk4OTFDNzAuNzAzOSA1Ny4wNjEyIDcwLjcyNTcgNTcuMTQyNCA3MC43MjY1IDU3LjIyNTFWNzUuMTgwNUM3MC43MjU5IDc1LjI2MjggNzAuNzA0MiA3NS4zNDM2IDcwLjY2MzUgNzUuNDE1MUM3MC42MjI3IDc1LjQ4NjYgNzAuNTY0MiA3NS41NDY0IDcwLjQ5MzcgNzUuNTg4OEM3MC40MjA2IDc1LjYyOTEgNzAuMzM4NyA3NS42NTA3IDcwLjI1NTMgNzUuNjUxNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggb3BhY2l0eT0iMC40IiBkPSJNNzQuNzE5OCA3NS42NTExQzc0LjYzMzMgNzUuNjUxMiA3NC41NDgyIDc1LjYyOTYgNzQuNDcyMiA3NS41ODgzQzc0LjQwMTYgNzUuNTQ2MSA3NC4zNDMyIDc1LjQ4NjIgNzQuMzAyNyA3NS40MTQ3Qzc0LjI2MjMgNzUuMzQzMSA3NC4yNDExIDc1LjI2MjIgNzQuMjQxMiA3NS4xOFY1Ny4zMzczQzc0LjI0MTIgNTcuMTcxIDc0LjMzMzYgNTcuMDE1OCA3NC40NzIyIDU2LjkyOUw5MC4yMzk3IDQ3Ljk4NTVDOTAuMzExOSA0Ny45NDM4IDkwLjM5MzggNDcuOTIxOSA5MC40NzcxIDQ3LjkyMTlDOTAuNTYwNSA0Ny45MjE5IDkwLjY0MjQgNDcuOTQzOCA5MC43MTQ2IDQ3Ljk4NTVDOTAuNzg3NiA0OC4wMjU1IDkwLjg0ODUgNDguMDg0MiA5MC44OTExIDQ4LjE1NTdDOTAuOTMzNyA0OC4yMjcyIDkwLjk1NjMgNDguMzA4OCA5MC45NTY2IDQ4LjM5MlY2Ni4yMzI4QzkwLjk1NyA2Ni4zMTY0IDkwLjkzNDcgNjYuMzk4NSA5MC44OTIxIDY2LjQ3MDRDOTAuODQ5NSA2Ni41NDI0IDkwLjc4ODEgNjYuNjAxNCA5MC43MTQ2IDY2LjY0MTFMNzQuOTUyNiA3NS41ODgzQzc0Ljg4MjUgNzUuNjMwNyA3NC44MDE4IDc1LjY1MjUgNzQuNzE5OCA3NS42NTExIiBmaWxsPSJ3aGl0ZSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zNDU0IiB4MT0iMTYxIiB5MT0iMTgwIiB4Mj0iMy41OTI4NGUtMDciIHkyPSI0Ljk5OTk4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNTk1NjU2Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjxjbGlwUGF0aCBpZD0iY2xpcDBfNjg3XzM0NTQiPgo8cmVjdCB3aWR0aD0iOTQiIGhlaWdodD0iOTQiIGZpbGw9IndoaXRlIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNSAyNSkiLz4KPC9jbGlwUGF0aD4KPC9kZWZzPgo8L3N2Zz4K keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "disks"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml b/packages/system/cozystack-api/cozyrds/vpn.yaml similarity index 98% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml rename to packages/system/cozystack-api/cozyrds/vpn.yaml index ce4ccc01..723ae66c 100644 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions/vpn.yaml +++ b/packages/system/cozystack-api/cozyrds/vpn.yaml @@ -29,7 +29,5 @@ spec: icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxwYXRoIGQ9Ik0xNDMuOTkyIDMwLjM2OTdDMTQzLjk5MiAyOS4yNTU2IDE0My45OTIgMjguMTUxNyAxNDMuOTkyIDI3LjA0NzdDMTQzLjk0NSAyNC42Mjg3IDE0My43MTcgMjIuMjE2NiAxNDMuMzA5IDE5LjgzMTZDMTQyLjkxMiAxNy40NDczIDE0Mi4xNTcgMTUuMTM2NSAxNDEuMDcyIDEyLjk3NjlDMTM5Ljk3IDEwLjgxOCAxMzguNTM0IDguODQ2NjUgMTM2LjgxNyA3LjEzNTc3TDEzMC45OTcgMi44OTA0NEMxMjguODM3IDEuODAyODkgMTI2LjUyNyAxLjA0MTg5IDEyNC4xNDQgMC42MzIyODNDMTIxLjc1NiAwLjIzNDgwOCAxMTkuMzQgMC4wMjM0MTEzIDExNi45MTkgMEMxMTUuODE1IDAgMjguMTQ2MSAwIDI3LjAzMjMgMEMyNC42MDQ3IDAuMDI0MjIxMSAyMi4xODI2IDAuMjM1NjA5IDE5Ljc4NzYgMC42MzIyODNDMTcuNDEyOCAxLjAzODUxIDE1LjExMjYgMS43OTk3NCAxMi45NjQzIDIuODkwNDRDMTAuODEzIDMuOTk1MTkgOC44NDYyNSA1LjQyNzM2IDcuMTM0MzYgNy4xMzU3N0M1LjQxNzY4IDguODQ0NCAzLjk4NDggMTAuODE2MyAyLjg4OTg3IDEyLjk3NjlDMS44MDA4NiAxNS4xMzYgMS4wNDMxMyAxNy40NDY4IDAuNjQyMTkzIDE5LjgzMTZDMC4yNDM0OTcgMjIuMjE2OSAwLjAyODc5OTggMjQuNjI5NCAwIDI3LjA0NzdDMCAyOC4xNTE3IDAgMTE1LjgzOCAwIDExNi45NTJDMC4wMjYxNzU1IDExOS4zODQgMC4yNDA4ODQgMTIxLjgxIDAuNjQyMTkzIDEyNC4yMDlDMS4wNDA0NCAxMjYuNTk0IDEuNzk4MjkgMTI4LjkwNSAyLjg4OTg3IDEzMS4wNjNDMy45ODUxNSAxMzMuMjE4IDUuNDE4MSAxMzUuMTgzIDcuMTM0MzYgMTM2Ljg4NEM4Ljg0MDk1IDEzOC41OTkgMTAuODA4NyAxNDAuMDMyIDEyLjk2NDMgMTQxLjEzQzE1LjExNDcgMTQyLjIwOSAxNy40MTQ2IDE0Mi45NiAxOS43ODc2IDE0My4zNThDMjIuMTczMSAxNDMuNzUxIDI0LjU4NDcgMTQzLjk2NiAyNy4wMDIyIDE0NEMyOC4xMTYgMTQ0IDExNS43ODUgMTQ0IDExNi44ODkgMTQ0QzExOS4zMDMgMTQzLjk2NyAxMjEuNzEyIDE0My43NTIgMTI0LjA5NCAxNDMuMzU4QzEyNi40ODUgMTQyLjk0NiAxMjguODAxIDE0Mi4xODIgMTMwLjk2NyAxNDEuMDg5QzEzMy4xMjEgMTM5Ljk5NCAxMzUuMDg2IDEzOC41NjEgMTM2Ljc4NyAxMzYuODQ0QzEzOC41MDMgMTM1LjE0IDEzOS45MzkgMTMzLjE3NiAxNDEuMDQyIDEzMS4wMjNDMTQyLjEzNyAxMjguODc5IDE0Mi45MDEgMTI2LjU4MSAxNDMuMzA5IDEyNC4yMDlDMTQzLjcxIDEyMS44MjMgMTQzLjkzMiAxMTkuNDExIDE0My45NzIgMTE2Ljk5MkMxNDMuOTkyIDExNS44MzggMTQ0LjAxMiAzMS42NzQ0IDE0My45OTIgMzAuMzY5N1oiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODFfMjgxOCkiLz4KPHBhdGggZD0iTTExNS45NTUgNjcuNDIzMUMxMTQuOTQxIDU3LjgyMzQgMTEwLjcwMSA0OC44NTE4IDEwMy45MjggNDEuOTc1MkM5Ny4xNTQ5IDM1LjA5ODYgODguMjQ5NSAzMC43MjM5IDc4LjY2OCAyOS41NjY0VjQ2Ljc3ODZDODQuNDg4NyA0Ny45MTI3IDg5LjczMzggNTEuMDM2MiA5My41MDQ5IDU1LjYxMzdDOTcuMjc2IDYwLjE5MTIgOTkuMzM4MSA2NS45Mzc5IDk5LjMzODEgNzEuODY5MkM5OS4zMzgxIDc3LjgwMDQgOTcuMjc2IDgzLjU0NzEgOTMuNTA0OSA4OC4xMjQ2Qzg5LjczMzggOTIuNzAyMiA4NC40ODg3IDk1LjgyNTYgNzguNjY4IDk2Ljk1OThWMTE0LjIyMkM4OS43ODAxIDExMi44NzcgOTkuOTE3OCAxMDcuMjE1IDEwNi44OTQgOTguNDYwMUMxMTMuODY5IDg5LjcwNDggMTE3LjEyNCA3OC41NTczIDExNS45NTUgNjcuNDIzMVoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yOC4wMTU1IDc2LjM2NTRDMjkuMDMxMSA4NS45NjQ0IDMzLjI3MTggOTQuOTM1MSA0MC4wNDQ3IDEwMS44MTFDNDYuODE3NSAxMDguNjg4IDU1LjcyMiAxMTMuMDYzIDY1LjMwMjggMTE0LjIyMlYyOS41NjY0QzU0LjE5MDcgMzAuOTExOSA0NC4wNTMgMzYuNTczMSAzNy4wNzcyIDQ1LjMyODRDMzAuMTAxMyA1NC4wODM3IDI2Ljg0NjcgNjUuMjMxMiAyOC4wMTU1IDc2LjM2NTRaIiBmaWxsPSIjNUJCMTkzIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfNjgxXzI4MTgiIHgxPSIxMzIuNSIgeTE9IjEzMi41IiB4Mj0iLTI0IiB5Mj0iLTE5IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMxODM3MjkiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjNDU5RDc1Ii8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "host"], ["spec", "users"], ["spec", "externalIPs"]] secrets: - exclude: - - matchLabels: - apps.cozystack.io/tenantresource: "false" + exclude: [] include: [{}] diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/cozyrds.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions/cozyrds.yaml new file mode 100644 index 00000000..e079ddcf --- /dev/null +++ b/packages/system/cozystack-api/templates/cozystack-resource-definitions/cozyrds.yaml @@ -0,0 +1,4 @@ +{{- range $path, $_ := .Files.Glob "cozyrds/*" }} +--- +{{ $.Files.Get $path }} +{{- end }} diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml similarity index 76% rename from packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml rename to packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml index a02a8b2a..13aaf89d 100644 --- a/packages/system/cozystack-controller/templates/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml @@ -175,14 +175,32 @@ spec: properties: exclude: description: |- - Exclude contains an array of label selectors that target secrets. - If a secret matches the selector in any of the elements in the array, it is + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is hidden from the user, regardless of the matches in the include array. items: description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" properties: matchExpressions: description: matchExpressions is a list of label selector @@ -225,20 +243,45 @@ spec: map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array type: object x-kubernetes-map-type: atomic type: array include: description: |- - Include contains an array of label selectors that target secrets. - If a secret matches the selector in any of the elements in the array, and - matches none of the selectors in the exclude array that secret is marked - as a tenant secret and is visible to users. + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. items: description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" properties: matchExpressions: description: matchExpressions is a list of label selector @@ -281,6 +324,13 @@ spec: map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array type: object x-kubernetes-map-type: atomic type: array diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_workloadmonitors.yaml b/packages/system/cozystack-controller/crds/cozystack.io_workloadmonitors.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/cozystack.io_workloadmonitors.yaml rename to packages/system/cozystack-controller/crds/cozystack.io_workloadmonitors.yaml diff --git a/packages/system/cozystack-controller/templates/crds/cozystack.io_workloads.yaml b/packages/system/cozystack-controller/crds/cozystack.io_workloads.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/cozystack.io_workloads.yaml rename to packages/system/cozystack-controller/crds/cozystack.io_workloads.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbs.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbs.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbs.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbsinside.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_breadcrumbsinside.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_breadcrumbsinside.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_customcolumnsoverrides.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsoverrides.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsoverrides.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsoverrides.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsprefills.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_customformsprefills.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_customformsprefills.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_factories.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_factories.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_factories.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_marketplacepanels.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_marketplacepanels.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_marketplacepanels.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_navigations.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_navigations.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_navigations.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_sidebars.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_sidebars.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_sidebars.yaml diff --git a/packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml b/packages/system/cozystack-controller/crds/dashboard.cozystack.io_tableurimappings.yaml similarity index 100% rename from packages/system/cozystack-controller/templates/crds/dashboard.cozystack.io_tableurimappings.yaml rename to packages/system/cozystack-controller/crds/dashboard.cozystack.io_tableurimappings.yaml diff --git a/packages/system/cozystack-controller/templates/crds/crds.yaml b/packages/system/cozystack-controller/templates/crds/crds.yaml new file mode 100644 index 00000000..0a98dd32 --- /dev/null +++ b/packages/system/cozystack-controller/templates/crds/crds.yaml @@ -0,0 +1,4 @@ +{{- range $path, $_ := .Files.Glob "crds/*" }} +--- +{{ $.Files.Get $path }} +{{- end }} diff --git a/packages/system/kubevirt-csi-node/values.yaml b/packages/system/kubevirt-csi-node/values.yaml index 9218254f..47ba4b4d 100644 --- a/packages/system/kubevirt-csi-node/values.yaml +++ b/packages/system/kubevirt-csi-node/values.yaml @@ -1,3 +1,3 @@ storageClass: replicated csiDriver: - image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:f0e1d9f9e91be8e4a22be9fbe01a8b0e81aba4230b865fba9608ef7f9fb5745f + image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:latest@sha256:7312623d19d9a7dc80da73f53a1aabb769796674e5899aad5c0d6100f351d0e8 diff --git a/packages/system/metallb/values.yaml b/packages/system/metallb/values.yaml index d392f4c4..d7d8c136 100644 --- a/packages/system/metallb/values.yaml +++ b/packages/system/metallb/values.yaml @@ -4,8 +4,8 @@ metallb: controller: image: repository: ghcr.io/cozystack/cozystack/metallb-controller - tag: v0.15.2@sha256:0e9080234fc8eedab78ad2831fb38df375c383e901a752d72b353c8d13b9605f + tag: v0.15.2@sha256:5106869c470fcce9e1ef1e07efe5224190ad19e8006d5889230a75df4988b68d speaker: image: repository: ghcr.io/cozystack/cozystack/metallb-speaker - tag: v0.15.2@sha256:e14d4c328c3ab91a6eadfeea90da96388503492d165e7e8582f291b1872e53b2 + tag: v0.15.2@sha256:2b837031e3c693c0fa0de0ad5a9036e2aabb5e90a7a235e19b089be73af11160 From c16e37e07997d425f9064c8d04afd8d44d1cf942 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Wed, 1 Oct 2025 13:24:37 +0300 Subject: [PATCH 21/80] [controller,api] Refactor tenant resource label This patch refactors the secret selectors to use the `internal.cozystack.io/tenantresource` label for managing secret visibility and removes any selectors based on it or the previous `apps.cozystack.io/tenantresource` label, the idea being that this label will only ever be set by the controller. ``` [controller,api] Refactor labels for the secret selector. ``` Signed-off-by: Timofei Larkin --- internal/lineagecontrollerwebhook/webhook.go | 8 +++++--- packages/apps/clickhouse/templates/backup-script.yaml | 2 -- packages/apps/mysql/templates/backup-script.yaml | 2 -- packages/apps/postgres/templates/init-script.yaml | 4 ---- packages/apps/vpn/templates/secret.yaml | 2 -- packages/extra/monitoring/templates/alerta/alerta.yaml | 2 -- packages/system/cozystack-api/cozyrds/postgres.yaml | 1 + pkg/apis/core/v1alpha1/tenantresource_types.go | 4 ++++ pkg/registry/core/tenantmodule/rest.go | 2 +- pkg/registry/core/tenantsecret/rest.go | 6 +++--- pkg/registry/core/tenantsecretstable/rest.go | 6 +++--- 11 files changed, 17 insertions(+), 22 deletions(-) create mode 100644 pkg/apis/core/v1alpha1/tenantresource_types.go diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index 51a3c107..aa41089d 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -18,6 +18,8 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) var ( @@ -132,7 +134,7 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "apps.cozystack.io/application.name": obj.GetName(), } templateLabels := map[string]string{ - "kind": strings.ToLower(obj.GetKind()), + "kind": strings.ToLower(obj.GetKind()), "name": obj.GetName(), } if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { @@ -142,9 +144,9 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc crd := cfg.appCRDMap[appRef{gv.Group, obj.GetKind()}] // TODO: expand this to work with other resources than Secrets - labels["apps.cozystack.io/tenantresource"] = func(b bool) string { + labels[corev1alpha1.TenantResourceLabelKey] = func(b bool) string { if b { - return "true" + return corev1alpha1.TenantResourceLabelValue } return "false" }(matchResourceToExcludeInclude(o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) diff --git a/packages/apps/clickhouse/templates/backup-script.yaml b/packages/apps/clickhouse/templates/backup-script.yaml index d8156792..29e4b727 100644 --- a/packages/apps/clickhouse/templates/backup-script.yaml +++ b/packages/apps/clickhouse/templates/backup-script.yaml @@ -4,8 +4,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-backup-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: backup.sh: | #!/bin/sh diff --git a/packages/apps/mysql/templates/backup-script.yaml b/packages/apps/mysql/templates/backup-script.yaml index c5fc8ce7..b261cdea 100644 --- a/packages/apps/mysql/templates/backup-script.yaml +++ b/packages/apps/mysql/templates/backup-script.yaml @@ -4,8 +4,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-backup-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: backup.sh: | #!/bin/sh diff --git a/packages/apps/postgres/templates/init-script.yaml b/packages/apps/postgres/templates/init-script.yaml index 8d306789..80f7c4c7 100644 --- a/packages/apps/postgres/templates/init-script.yaml +++ b/packages/apps/postgres/templates/init-script.yaml @@ -20,8 +20,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-credentials -labels: - internal.cozystack.io/tenantsecret: "true" stringData: {{- range $user, $u := .Values.users }} {{ quote $user }}: {{ quote (index $passwords $user) }} @@ -32,8 +30,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-init-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: init.sh: | #!/bin/bash diff --git a/packages/apps/vpn/templates/secret.yaml b/packages/apps/vpn/templates/secret.yaml index b703a903..79960096 100644 --- a/packages/apps/vpn/templates/secret.yaml +++ b/packages/apps/vpn/templates/secret.yaml @@ -22,8 +22,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-vpn - labels: - apps.cozystack.io/tenantresource: "false" type: Opaque stringData: shadowbox_server_config.json: | diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index 750e4140..bec7b825 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -192,8 +192,6 @@ apiVersion: v1 kind: Secret metadata: name: alertmanager - labels: - apps.cozystack.io/tenantresource: "false" type: Opaque stringData: alertmanager.yaml: | diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml index f2f98d46..eebd3e3a 100644 --- a/packages/system/cozystack-api/cozyrds/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -41,3 +41,4 @@ spec: include: - resourceNames: - postgres-{{ .name }}-app + - postgres-{{ .name }}-credentials diff --git a/pkg/apis/core/v1alpha1/tenantresource_types.go b/pkg/apis/core/v1alpha1/tenantresource_types.go new file mode 100644 index 00000000..172d9eb1 --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantresource_types.go @@ -0,0 +1,4 @@ +package v1alpha1 + +const TenantResourceLabelKey = "internal.cozystack.io/tenantresource" +const TenantResourceLabelValue = "true" diff --git a/pkg/registry/core/tenantmodule/rest.go b/pkg/registry/core/tenantmodule/rest.go index d77f23a7..aa7d4eeb 100644 --- a/pkg/registry/core/tenantmodule/rest.go +++ b/pkg/registry/core/tenantmodule/rest.go @@ -55,7 +55,7 @@ var ( // Define constants for label filtering const ( - TenantModuleLabelKey = "apps.cozystack.io/tenantmodule" + TenantModuleLabelKey = "internal.cozystack.io/tenantmodule" TenantModuleLabelValue = "true" singularName = "tenantmodule" ) diff --git a/pkg/registry/core/tenantsecret/rest.go b/pkg/registry/core/tenantsecret/rest.go index 6e26b524..ad477527 100644 --- a/pkg/registry/core/tenantsecret/rest.go +++ b/pkg/registry/core/tenantsecret/rest.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // TenantSecret registry – namespaced view over Secrets labelled -// "internal.cozystack.io/tenantsecret=true". Internal tenant secret labels are hidden. +// "internal.cozystack.io/tenantresource=true". Internal tenant secret labels are hidden. package tenantsecret @@ -35,8 +35,8 @@ import ( // ----------------------------------------------------------------------------- const ( - tsLabelKey = "apps.cozystack.io/tenantresource" - tsLabelValue = "true" + tsLabelKey = corev1alpha1.TenantResourceLabelKey + tsLabelValue = corev1alpha1.TenantResourceLabelValue singularName = "tenantsecret" kindTenantSecret = "TenantSecret" kindTenantSecretList = "TenantSecretList" diff --git a/pkg/registry/core/tenantsecretstable/rest.go b/pkg/registry/core/tenantsecretstable/rest.go index 644f2c98..841bfa32 100644 --- a/pkg/registry/core/tenantsecretstable/rest.go +++ b/pkg/registry/core/tenantsecretstable/rest.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // TenantSecretsTable registry – namespaced, read-only flattened view over -// Secrets labelled "internal.cozystack.io/tenantsecret=true". Each data key is a separate object. +// Secrets labelled "internal.cozystack.io/tenantresource=true". Each data key is a separate object. package tenantsecretstable @@ -29,8 +29,8 @@ import ( ) const ( - tsLabelKey = "apps.cozystack.io/tenantresource" - tsLabelValue = "true" + tsLabelKey = corev1alpha1.TenantResourceLabelKey + tsLabelValue = corev1alpha1.TenantResourceLabelValue kindObj = "TenantSecretsTable" kindObjList = "TenantSecretsTableList" singularName = "tenantsecretstable" From 8d50dfb73f145670070b58b4cabcb5bae1c48999 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Wed, 1 Oct 2025 14:02:21 +0300 Subject: [PATCH 22/80] [controller,api] Specify visible secrets This patch carries the selectors for secrets to be shown to end users over from the legacy dashboard-resourcemap roles into the new CozystackResourceDefinition selectors. Also a {{ .namespace }} template variable is added to the variables supported in the `resourceNames` field in the selector. ```release-note [controller,api] Support {{ .namespace }} in `resourceNames` resource selectors, add whitelist of secrets to show to end-users. ``` Signed-off-by: Timofei Larkin --- .../cozystackresourcedefinitions_types.go | 1 + internal/lineagecontrollerwebhook/matcher.go | 27 ++++++++++--------- internal/lineagecontrollerwebhook/webhook.go | 7 ++--- .../apps/rabbitmq/templates/rabbitmq.yaml | 2 ++ .../info/templates/dashboard-resourcemap.yaml | 10 +++---- .../system/cozystack-api/cozyrds/bootbox.yaml | 2 +- .../system/cozystack-api/cozyrds/bucket.yaml | 5 +++- .../cozystack-api/cozyrds/clickhouse.yaml | 4 ++- .../system/cozystack-api/cozyrds/etcd.yaml | 2 +- .../cozystack-api/cozyrds/ferretdb.yaml | 4 ++- .../cozystack-api/cozyrds/http-cache.yaml | 2 +- .../system/cozystack-api/cozyrds/info.yaml | 5 +++- .../system/cozystack-api/cozyrds/ingress.yaml | 2 +- .../system/cozystack-api/cozyrds/kafka.yaml | 4 ++- .../cozystack-api/cozyrds/kubernetes.yaml | 4 ++- .../system/cozystack-api/cozyrds/mysql.yaml | 4 ++- .../system/cozystack-api/cozyrds/nats.yaml | 4 ++- .../cozystack-api/cozyrds/postgres.yaml | 1 - .../cozystack-api/cozyrds/rabbitmq.yaml | 6 ++++- .../system/cozystack-api/cozyrds/redis.yaml | 4 ++- .../cozystack-api/cozyrds/seaweedfs.yaml | 2 +- .../cozystack-api/cozyrds/tcp-balancer.yaml | 2 +- .../system/cozystack-api/cozyrds/tenant.yaml | 2 +- .../cozyrds/virtual-machine.yaml | 2 +- .../system/cozystack-api/cozyrds/vm-disk.yaml | 2 +- .../cozystack-api/cozyrds/vm-instance.yaml | 2 +- .../system/cozystack-api/cozyrds/vpn.yaml | 4 ++- ...stack.io_cozystackresourcedefinitions.yaml | 2 ++ .../dashboard/templates/keycloakclient.yaml | 3 +++ pkg/lineage/lineage_test.go | 2 +- 30 files changed, 80 insertions(+), 43 deletions(-) diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index c318318f..989440ee 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -103,6 +103,7 @@ type CozystackResourceDefinitionRelease struct { // The resourceNames field supports Go templates with the following variables available: // - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) // - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) +// - {{ .namespace }}: The namespace of the resource being processed // // Example YAML: // secrets: diff --git a/internal/lineagecontrollerwebhook/matcher.go b/internal/lineagecontrollerwebhook/matcher.go index 66d88082..1a21f5ca 100644 --- a/internal/lineagecontrollerwebhook/matcher.go +++ b/internal/lineagecontrollerwebhook/matcher.go @@ -2,32 +2,35 @@ package lineagecontrollerwebhook import ( "bytes" + "context" "text/template" cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "sigs.k8s.io/controller-runtime/pkg/log" ) // matchName checks if the provided name matches any of the resource names in the array. // Each entry in resourceNames is treated as a Go template that gets rendered using the passed context. // A nil resourceNames array matches any string. -func matchName(name string, context map[string]string, resourceNames []string) bool { +func matchName(ctx context.Context, name string, templateContext map[string]string, resourceNames []string) bool { if resourceNames == nil { return true } + logger := log.FromContext(ctx) for _, templateStr := range resourceNames { tmpl, err := template.New("resourceName").Parse(templateStr) if err != nil { - // TODO: emit warning if error + logger.Error(err, "failed to parse resource name template", "template", templateStr) continue } var buf bytes.Buffer - err = tmpl.Execute(&buf, context) + err = tmpl.Execute(&buf, templateContext) if err != nil { - // TODO: emit warning if error + logger.Error(err, "failed to execute resource name template", "template", templateStr, "context", templateContext) continue } @@ -39,31 +42,31 @@ func matchName(name string, context map[string]string, resourceNames []string) b return false } -func matchResourceToSelector(name string, ctx, l map[string]string, s *cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { - // TODO: emit warning if error +func matchResourceToSelector(ctx context.Context, name string, templateContext, l map[string]string, s *cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { sel, err := metav1.LabelSelectorAsSelector(&s.LabelSelector) if err != nil { + log.FromContext(ctx).Error(err, "failed to convert label selector to selector") return false } labelMatches := sel.Matches(labels.Set(l)) - nameMatches := matchName(name, ctx, s.ResourceNames) + nameMatches := matchName(ctx, name, templateContext, s.ResourceNames) return labelMatches && nameMatches } -func matchResourceToSelectorArray(name string, ctx, l map[string]string, ss []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { +func matchResourceToSelectorArray(ctx context.Context, name string, templateContext, l map[string]string, ss []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { for _, s := range ss { - if matchResourceToSelector(name, ctx, l, s) { + if matchResourceToSelector(ctx, name, templateContext, l, s) { return true } } return false } -func matchResourceToExcludeInclude(name string, ctx, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { - if matchResourceToSelectorArray(name, ctx, l, ex) { +func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { + if matchResourceToSelectorArray(ctx, name, templateContext, l, ex) { return false } - if matchResourceToSelectorArray(name, ctx, l, in) { + if matchResourceToSelectorArray(ctx, name, templateContext, l, in) { return true } return false diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index aa41089d..fb7647fd 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -134,8 +134,9 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "apps.cozystack.io/application.name": obj.GetName(), } templateLabels := map[string]string{ - "kind": strings.ToLower(obj.GetKind()), - "name": obj.GetName(), + "kind": strings.ToLower(obj.GetKind()), + "name": obj.GetName(), + "namespace": o.GetNamespace(), } if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { return labels, err @@ -149,7 +150,7 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc return corev1alpha1.TenantResourceLabelValue } return "false" - }(matchResourceToExcludeInclude(o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) + }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) return labels, err } diff --git a/packages/apps/rabbitmq/templates/rabbitmq.yaml b/packages/apps/rabbitmq/templates/rabbitmq.yaml index 7708a3af..b111285e 100644 --- a/packages/apps/rabbitmq/templates/rabbitmq.yaml +++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml @@ -58,6 +58,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials + labels: + apps.cozystack.io/user-secret: "true" type: Opaque stringData: username: {{ $user }} diff --git a/packages/extra/info/templates/dashboard-resourcemap.yaml b/packages/extra/info/templates/dashboard-resourcemap.yaml index fda98c9f..39da1b37 100644 --- a/packages/extra/info/templates/dashboard-resourcemap.yaml +++ b/packages/extra/info/templates/dashboard-resourcemap.yaml @@ -10,11 +10,11 @@ rules: resources: - secrets resourceNames: - - {{- if eq $oidcEnabled "true" -}} - kubeconfig-{{ .Release.Namespace }} - {{- else -}} - tenant-{{ .Release.Namespace }} - {{- end }} + {{- if eq $oidcEnabled "true" }} + - kubeconfig-{{ .Release.Namespace }} + {{- else }} + - {{ .Release.Namespace }} + {{- end }} verbs: ["get", "list", "watch"] --- kind: RoleBinding diff --git a/packages/system/cozystack-api/cozyrds/bootbox.yaml b/packages/system/cozystack-api/cozyrds/bootbox.yaml index 579d3dec..3235e3cc 100644 --- a/packages/system/cozystack-api/cozyrds/bootbox.yaml +++ b/packages/system/cozystack-api/cozyrds/bootbox.yaml @@ -30,4 +30,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "whitelistHTTP"], ["spec", "whitelist"], ["spec", "machines"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/bucket.yaml b/packages/system/cozystack-api/cozyrds/bucket.yaml index 8bb57046..d8f5b20b 100644 --- a/packages/system/cozystack-api/cozyrds/bucket.yaml +++ b/packages/system/cozystack-api/cozyrds/bucket.yaml @@ -31,4 +31,7 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - bucket-{{ .name }} + - bucket-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/clickhouse.yaml b/packages/system/cozystack-api/cozyrds/clickhouse.yaml index 5862326e..b41d44e8 100644 --- a/packages/system/cozystack-api/cozyrds/clickhouse.yaml +++ b/packages/system/cozystack-api/cozyrds/clickhouse.yaml @@ -29,4 +29,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "shards"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "logStorageSize"], ["spec", "logTTL"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"], ["spec", "clickhouseKeeper"], ["spec", "clickhouseKeeper", "enabled"], ["spec", "clickhouseKeeper", "size"], ["spec", "clickhouseKeeper", "resourcesPreset"], ["spec", "clickhouseKeeper", "replicas"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - clickhouse-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/etcd.yaml b/packages/system/cozystack-api/cozyrds/etcd.yaml index dc67a07b..e27aba33 100644 --- a/packages/system/cozystack-api/cozyrds/etcd.yaml +++ b/packages/system/cozystack-api/cozyrds/etcd.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resources", "cpu"], ["spec", "resources", "memory"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/ferretdb.yaml b/packages/system/cozystack-api/cozyrds/ferretdb.yaml index 976e35d6..9afce618 100644 --- a/packages/system/cozystack-api/cozyrds/ferretdb.yaml +++ b/packages/system/cozystack-api/cozyrds/ferretdb.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "quorum"], ["spec", "quorum", "minSyncReplicas"], ["spec", "quorum", "maxSyncReplicas"], ["spec", "users"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "schedule"], ["spec", "backup", "retentionPolicy"], ["spec", "backup", "endpointURL"], ["spec", "backup", "destinationPath"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "bootstrap"], ["spec", "bootstrap", "enabled"], ["spec", "bootstrap", "recoveryTime"], ["spec", "bootstrap", "oldName"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - ferretdb-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/http-cache.yaml b/packages/system/cozystack-api/cozyrds/http-cache.yaml index ca05dc81..583d8fa8 100644 --- a/packages/system/cozystack-api/cozyrds/http-cache.yaml +++ b/packages/system/cozystack-api/cozyrds/http-cache.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "endpoints"], ["spec", "haproxy"], ["spec", "haproxy", "replicas"], ["spec", "haproxy", "resources"], ["spec", "haproxy", "resourcesPreset"], ["spec", "nginx"], ["spec", "nginx", "replicas"], ["spec", "nginx", "resources"], ["spec", "nginx", "resourcesPreset"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/info.yaml b/packages/system/cozystack-api/cozyrds/info.yaml index cb17a653..43cda091 100644 --- a/packages/system/cozystack-api/cozyrds/info.yaml +++ b/packages/system/cozystack-api/cozyrds/info.yaml @@ -31,4 +31,7 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - kubeconfig-{{ .namespace }} + - "{{ .namespace }}" diff --git a/packages/system/cozystack-api/cozyrds/ingress.yaml b/packages/system/cozystack-api/cozyrds/ingress.yaml index f23ea218..84263b43 100644 --- a/packages/system/cozystack-api/cozyrds/ingress.yaml +++ b/packages/system/cozystack-api/cozyrds/ingress.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "whitelist"], ["spec", "cloudflareProxy"], ["spec", "resources"], ["spec", "resourcesPreset"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/kafka.yaml b/packages/system/cozystack-api/cozyrds/kafka.yaml index 5d8c775d..7c4820cb 100644 --- a/packages/system/cozystack-api/cozyrds/kafka.yaml +++ b/packages/system/cozystack-api/cozyrds/kafka.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "topics"], ["spec", "kafka"], ["spec", "kafka", "replicas"], ["spec", "kafka", "resources"], ["spec", "kafka", "resourcesPreset"], ["spec", "kafka", "size"], ["spec", "kafka", "storageClass"], ["spec", "zookeeper"], ["spec", "zookeeper", "replicas"], ["spec", "zookeeper", "resources"], ["spec", "zookeeper", "resourcesPreset"], ["spec", "zookeeper", "size"], ["spec", "zookeeper", "storageClass"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - kafka-{{ .name }}-clients-ca diff --git a/packages/system/cozystack-api/cozyrds/kubernetes.yaml b/packages/system/cozystack-api/cozyrds/kubernetes.yaml index 56aa3ea8..f7f32be7 100644 --- a/packages/system/cozystack-api/cozyrds/kubernetes.yaml +++ b/packages/system/cozystack-api/cozyrds/kubernetes.yaml @@ -31,4 +31,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "storageClass"], ["spec", "version"], ["spec", "host"], ["spec", "nodeGroups"], ["spec", "nodeGroups", "md0"], ["spec", "nodeGroups", "md0", "minReplicas"], ["spec", "nodeGroups", "md0", "maxReplicas"], ["spec", "nodeGroups", "md0", "instanceType"], ["spec", "nodeGroups", "md0", "ephemeralStorage"], ["spec", "nodeGroups", "md0", "roles"], ["spec", "nodeGroups", "md0", "resources"], ["spec", "nodeGroups", "md0", "gpus"], ["spec", "addons"], ["spec", "addons", "certManager"], ["spec", "addons", "certManager", "enabled"], ["spec", "addons", "certManager", "valuesOverride"], ["spec", "addons", "cilium"], ["spec", "addons", "cilium", "valuesOverride"], ["spec", "addons", "gatewayAPI"], ["spec", "addons", "gatewayAPI", "enabled"], ["spec", "addons", "ingressNginx"], ["spec", "addons", "ingressNginx", "enabled"], ["spec", "addons", "ingressNginx", "exposeMethod"], ["spec", "addons", "ingressNginx", "hosts"], ["spec", "addons", "ingressNginx", "valuesOverride"], ["spec", "addons", "gpuOperator"], ["spec", "addons", "gpuOperator", "enabled"], ["spec", "addons", "gpuOperator", "valuesOverride"], ["spec", "addons", "fluxcd"], ["spec", "addons", "fluxcd", "enabled"], ["spec", "addons", "fluxcd", "valuesOverride"], ["spec", "addons", "monitoringAgents"], ["spec", "addons", "monitoringAgents", "enabled"], ["spec", "addons", "monitoringAgents", "valuesOverride"], ["spec", "addons", "verticalPodAutoscaler"], ["spec", "addons", "verticalPodAutoscaler", "valuesOverride"], ["spec", "addons", "velero"], ["spec", "addons", "velero", "enabled"], ["spec", "addons", "velero", "valuesOverride"], ["spec", "addons", "coredns"], ["spec", "addons", "coredns", "valuesOverride"], ["spec", "controlPlane"], ["spec", "controlPlane", "replicas"], ["spec", "controlPlane", "apiServer"], ["spec", "controlPlane", "apiServer", "resources"], ["spec", "controlPlane", "apiServer", "resourcesPreset"], ["spec", "controlPlane", "controllerManager"], ["spec", "controlPlane", "controllerManager", "resourcesPreset"], ["spec", "controlPlane", "controllerManager", "resources"], ["spec", "controlPlane", "scheduler"], ["spec", "controlPlane", "scheduler", "resourcesPreset"], ["spec", "controlPlane", "scheduler", "resources"], ["spec", "controlPlane", "konnectivity"], ["spec", "controlPlane", "konnectivity", "server"], ["spec", "controlPlane", "konnectivity", "server", "resourcesPreset"], ["spec", "controlPlane", "konnectivity", "server", "resources"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - kubernetes-{{ .name }}-admin-kubeconfig diff --git a/packages/system/cozystack-api/cozyrds/mysql.yaml b/packages/system/cozystack-api/cozyrds/mysql.yaml index fbfa836b..ed1d20a7 100644 --- a/packages/system/cozystack-api/cozyrds/mysql.yaml +++ b/packages/system/cozystack-api/cozyrds/mysql.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "databases"], ["spec", "backup"], ["spec", "backup", "enabled"], ["spec", "backup", "s3Region"], ["spec", "backup", "s3Bucket"], ["spec", "backup", "schedule"], ["spec", "backup", "cleanupStrategy"], ["spec", "backup", "s3AccessKey"], ["spec", "backup", "s3SecretKey"], ["spec", "backup", "resticPassword"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - mysql-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/nats.yaml b/packages/system/cozystack-api/cozyrds/nats.yaml index 3b83f880..b406b439 100644 --- a/packages/system/cozystack-api/cozyrds/nats.yaml +++ b/packages/system/cozystack-api/cozyrds/nats.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "jetstream"], ["spec", "jetstream", "enabled"], ["spec", "jetstream", "size"], ["spec", "config"], ["spec", "config", "merge"], ["spec", "config", "resolver"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - nats-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml index eebd3e3a..12e3c9a8 100644 --- a/packages/system/cozystack-api/cozyrds/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -40,5 +40,4 @@ spec: exclude: [] include: - resourceNames: - - postgres-{{ .name }}-app - postgres-{{ .name }}-credentials diff --git a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml index 2f09d9db..28844a4b 100644 --- a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml +++ b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml @@ -30,4 +30,8 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "users"], ["spec", "vhosts"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - rabbitmq-{{ .name }}-default-user + - matchLabels: + apps.cozystack.io/user-secret: "true" diff --git a/packages/system/cozystack-api/cozyrds/redis.yaml b/packages/system/cozystack-api/cozyrds/redis.yaml index 261da934..0c502370 100644 --- a/packages/system/cozystack-api/cozyrds/redis.yaml +++ b/packages/system/cozystack-api/cozyrds/redis.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "size"], ["spec", "storageClass"], ["spec", "external"], ["spec", "authEnabled"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - redis-{{ .name }}-auth diff --git a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml index fb51db19..3d3119e1 100644 --- a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml +++ b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "topology"], ["spec", "replicationFactor"], ["spec", "db"], ["spec", "db", "replicas"], ["spec", "db", "size"], ["spec", "db", "storageClass"], ["spec", "db", "resources"], ["spec", "db", "resourcesPreset"], ["spec", "master"], ["spec", "master", "replicas"], ["spec", "master", "resources"], ["spec", "master", "resourcesPreset"], ["spec", "filer"], ["spec", "filer", "replicas"], ["spec", "filer", "resources"], ["spec", "filer", "resourcesPreset"], ["spec", "filer", "grpcHost"], ["spec", "filer", "grpcPort"], ["spec", "filer", "whitelist"], ["spec", "volume"], ["spec", "volume", "replicas"], ["spec", "volume", "size"], ["spec", "volume", "storageClass"], ["spec", "volume", "resources"], ["spec", "volume", "resourcesPreset"], ["spec", "volume", "zones"], ["spec", "s3"], ["spec", "s3", "replicas"], ["spec", "s3", "resources"], ["spec", "s3", "resourcesPreset"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml b/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml index f32eb06a..a8544ff4 100644 --- a/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml +++ b/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml @@ -30,4 +30,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "httpAndHttps"], ["spec", "httpAndHttps", "mode"], ["spec", "httpAndHttps", "targetPorts"], ["spec", "httpAndHttps", "targetPorts", "http"], ["spec", "httpAndHttps", "targetPorts", "https"], ["spec", "httpAndHttps", "endpoints"], ["spec", "whitelistHTTP"], ["spec", "whitelist"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/tenant.yaml b/packages/system/cozystack-api/cozyrds/tenant.yaml index da4efabf..25c3a92a 100644 --- a/packages/system/cozystack-api/cozyrds/tenant.yaml +++ b/packages/system/cozystack-api/cozyrds/tenant.yaml @@ -28,4 +28,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "etcd"], ["spec", "monitoring"], ["spec", "ingress"], ["spec", "seaweedfs"], ["spec", "isolated"], ["spec", "resourceQuotas"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/virtual-machine.yaml b/packages/system/cozystack-api/cozyrds/virtual-machine.yaml index 0c4377b6..f786678e 100644 --- a/packages/system/cozystack-api/cozyrds/virtual-machine.yaml +++ b/packages/system/cozystack-api/cozyrds/virtual-machine.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "systemDisk"], ["spec", "systemDisk", "image"], ["spec", "systemDisk", "storage"], ["spec", "systemDisk", "storageClass"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/vm-disk.yaml b/packages/system/cozystack-api/cozyrds/vm-disk.yaml index a9893506..66a2e940 100644 --- a/packages/system/cozystack-api/cozyrds/vm-disk.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-disk.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "source"], ["spec", "optical"], ["spec", "storage"], ["spec", "storageClass"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/vm-instance.yaml b/packages/system/cozystack-api/cozyrds/vm-instance.yaml index 384a7cf8..b120c720 100644 --- a/packages/system/cozystack-api/cozyrds/vm-instance.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-instance.yaml @@ -31,4 +31,4 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "external"], ["spec", "externalMethod"], ["spec", "externalPorts"], ["spec", "running"], ["spec", "instanceType"], ["spec", "instanceProfile"], ["spec", "disks"], ["spec", "gpus"], ["spec", "resources"], ["spec", "sshKeys"], ["spec", "cloudInit"], ["spec", "cloudInitSeed"]] secrets: exclude: [] - include: [{}] + include: [] diff --git a/packages/system/cozystack-api/cozyrds/vpn.yaml b/packages/system/cozystack-api/cozyrds/vpn.yaml index 723ae66c..ca9e187d 100644 --- a/packages/system/cozystack-api/cozyrds/vpn.yaml +++ b/packages/system/cozystack-api/cozyrds/vpn.yaml @@ -30,4 +30,6 @@ spec: keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "replicas"], ["spec", "resources"], ["spec", "resourcesPreset"], ["spec", "external"], ["spec", "host"], ["spec", "users"], ["spec", "externalIPs"]] secrets: exclude: [] - include: [{}] + include: + - resourceNames: + - vpn-{{ .name }}-urls diff --git a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml index 13aaf89d..4c221281 100644 --- a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml @@ -188,6 +188,7 @@ spec: The resourceNames field supports Go templates with the following variables available: - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed Example YAML: secrets: @@ -269,6 +270,7 @@ spec: The resourceNames field supports Go templates with the following variables available: - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed Example YAML: secrets: diff --git a/packages/system/dashboard/templates/keycloakclient.yaml b/packages/system/dashboard/templates/keycloakclient.yaml index 2779b2d8..55ebc5d5 100644 --- a/packages/system/dashboard/templates/keycloakclient.yaml +++ b/packages/system/dashboard/templates/keycloakclient.yaml @@ -45,6 +45,8 @@ data: --- +{{- if .Capabilities.APIVersions.Has "v1.edp.epam.com/v1" }} +--- apiVersion: v1.edp.epam.com/v1 kind: KeycloakClient metadata: @@ -71,3 +73,4 @@ spec: {{- range $i, $v := $extraRedirectUris }} - "{{ $v }}" {{- end }} +{{- end }} diff --git a/pkg/lineage/lineage_test.go b/pkg/lineage/lineage_test.go index 7ae2a00c..a705f26c 100644 --- a/pkg/lineage/lineage_test.go +++ b/pkg/lineage/lineage_test.go @@ -46,7 +46,7 @@ func TestWalkingOwnershipGraph(t *testing.T) { if err != nil { t.Fatal(err) } - nodes := WalkOwnershipGraph(ctx, dynClient, mapper, obj) + nodes := WalkOwnershipGraph(ctx, dynClient, mapper, &stubMapper{}, obj) for _, node := range nodes { fmt.Printf("%#v\n", node) } From 408b8dde3ac38cd2b92a1a77b7fda86128857d87 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Thu, 2 Oct 2025 12:26:13 +0200 Subject: [PATCH 23/80] [seaweedfs] Fix timeout while uploading hude files Signed-off-by: Andrei Kvapil --- .../charts/seaweedfs/templates/s3/s3-deployment.yaml | 5 ++++- packages/system/seaweedfs/values.yaml | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml index d710fecb..0c6d52c3 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-deployment.yaml @@ -152,7 +152,10 @@ spec: {{- if .Values.s3.auditLogConfig }} -auditLogConfig=/etc/sw/s3_auditLogConfig.json \ {{- end }} - -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} + -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} \ + {{- range .Values.s3.extraArgs }} + {{ . }} \ + {{- end }} volumeMounts: {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }} - name: logs diff --git a/packages/system/seaweedfs/values.yaml b/packages/system/seaweedfs/values.yaml index 80460a49..7bf87f01 100644 --- a/packages/system/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/values.yaml @@ -84,6 +84,8 @@ seaweedfs: auditLogConfig: {} s3: enabled: true + extraArgs: + - -idleTimeout=60 enableAuth: false readinessProbe: scheme: HTTPS From 670341f6bde973de6edef0e0e2de23a29d821506 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 3 Oct 2025 09:07:14 +0300 Subject: [PATCH 24/80] feat/impruvement-kubernetes-tests Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 35 ++++++++++++++++++++++++++++--- packages/apps/kubernetes/Makefile | 2 +- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 3988a264..fe783d5c 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -79,22 +79,51 @@ EOF # Wait for the machine deployment to scale to 2 replicas (timeout after 1 minute) kubectl wait machinedeployment kubernetes-${test_name}-md0 -n tenant-test --timeout=1m --for=jsonpath='{.status.replicas}'=2 - # Get the admin kubeconfig and save it to a file kubectl get secret kubernetes-${test_name}-admin-kubeconfig -ojsonpath='{.data.super-admin\.conf}' -n tenant-test | base64 -d > tenantkubeconfig # Update the kubeconfig to use localhost for the API server yq -i ".clusters[0].cluster.server = \"https://localhost:${port}\"" tenantkubeconfig - # Set up port forwarding to the Kubernetes API server for a 40 second timeout - bash -c 'timeout 40s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' + # Set up port forwarding to the Kubernetes API server for a 40 second timeout + bash -c 'timeout 150s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' # Verify the Kubernetes version matches what we expect (retry for up to 20 seconds) timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -Fq "Server Version: ${k8s_version}"; do sleep 5; done' + # Wait for the nodes to be ready (timeout after 2 minutes) + timeout 2m bash -c ' + until [ "$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath="{.items[*].metadata.name}" | wc -w)" -eq 2 ]; do + sleep 3 + done + ' + # Verify the nodes are ready + kubectl --kubeconfig tenantkubeconfig get nodes -o wide + + # Verify the kubelet version matches what we expect + versions=$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}') + node_ok=true + for v in $versions; do + if [[ ! "$v" =~ ^"${k8s_version}"[^$]+ ]]; then + node_ok=false + fi + done + + if ! $node_ok; then + echo "Kubelet versions did not match expected ${k8s_version}" >&2 + exit 1 + fi + # Wait for all machine deployment replicas to be ready (timeout after 10 minutes) kubectl wait machinedeployment kubernetes-${test_name}-md0 -n tenant-test --timeout=10m --for=jsonpath='{.status.v1beta2.readyReplicas}'=2 + # Wait for all required HelmReleases to be ready (timeout after 1 minute) + kubectl wait hr kubernetes-${test_name}-cilium -n tenant-test --timeout=1m --for=condition=ready + kubectl wait hr kubernetes-${test_name}-coredns -n tenant-test --timeout=1m --for=condition=ready + kubectl wait hr kubernetes-${test_name}-csi -n tenant-test --timeout=1m --for=condition=ready + kubectl wait hr kubernetes-${test_name}-ingress-nginx -n tenant-test --timeout=1m --for=condition=ready + kubectl wait hr kubernetes-${test_name}-vsnap-crd -n tenant-test --timeout=1m --for=condition=ready + # Clean up by deleting the Kubernetes resource kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name diff --git a/packages/apps/kubernetes/Makefile b/packages/apps/kubernetes/Makefile index b40d8b36..799a19bc 100644 --- a/packages/apps/kubernetes/Makefile +++ b/packages/apps/kubernetes/Makefile @@ -1,4 +1,4 @@ -KUBERNETES_VERSION = v1.32 +KUBERNETES_VERSION = v1.33 KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml) include ../../../scripts/common-envs.mk From 2383bc9f136958a2f402ea892f1676b5fe889ea1 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 3 Oct 2025 09:30:58 +0300 Subject: [PATCH 25/80] feat/impruvement-kubernetes-tests Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index fe783d5c..6796a497 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -104,11 +104,17 @@ EOF versions=$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}') node_ok=true for v in $versions; do - if [[ ! "$v" =~ ^"${k8s_version}"[^$]+ ]]; then - node_ok=false - fi + case "$v" in + "${k8s_version}" | "${k8s_version}".* | "${k8s_version}"-*) + ;; + *) + node_ok=false + break + ;; + esac done + if ! $node_ok; then echo "Kubelet versions did not match expected ${k8s_version}" >&2 exit 1 @@ -117,12 +123,9 @@ EOF # Wait for all machine deployment replicas to be ready (timeout after 10 minutes) kubectl wait machinedeployment kubernetes-${test_name}-md0 -n tenant-test --timeout=10m --for=jsonpath='{.status.v1beta2.readyReplicas}'=2 - # Wait for all required HelmReleases to be ready (timeout after 1 minute) - kubectl wait hr kubernetes-${test_name}-cilium -n tenant-test --timeout=1m --for=condition=ready - kubectl wait hr kubernetes-${test_name}-coredns -n tenant-test --timeout=1m --for=condition=ready - kubectl wait hr kubernetes-${test_name}-csi -n tenant-test --timeout=1m --for=condition=ready - kubectl wait hr kubernetes-${test_name}-ingress-nginx -n tenant-test --timeout=1m --for=condition=ready - kubectl wait hr kubernetes-${test_name}-vsnap-crd -n tenant-test --timeout=1m --for=condition=ready + for component in cilium coredns csi ingress-nginx vsnap-crd; do + kubectl wait hr kubernetes-${test_name}-${component} -n tenant-test --timeout=1m --for=condition=ready + done # Clean up by deleting the Kubernetes resource kubectl -n tenant-test delete kuberneteses.apps.cozystack.io $test_name From a8562f03d1ba53cc28a48445dcb3cf478a9c0b4d Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 3 Oct 2025 10:25:34 +0300 Subject: [PATCH 26/80] feat/impruvement-kubernetes-tests Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 34 +++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 6796a497..51ca6512 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -87,7 +87,7 @@ EOF # Set up port forwarding to the Kubernetes API server for a 40 second timeout - bash -c 'timeout 150s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' + bash -c 'timeout 200s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' # Verify the Kubernetes version matches what we expect (retry for up to 20 seconds) timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -Fq "Server Version: ${k8s_version}"; do sleep 5; done' @@ -103,21 +103,39 @@ EOF # Verify the kubelet version matches what we expect versions=$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}') node_ok=true + + if [ "$k8s_version" = "v1.32" ]; then + echo "⚠️ TODO: Temporary stub — allowing nodes with v1.33 while k8s_version is v1.32" + fi + for v in $versions; do - case "$v" in - "${k8s_version}" | "${k8s_version}".* | "${k8s_version}"-*) + case "$k8s_version" in + v1.32) + case "$v" in + v1.32 | v1.32.* | v1.32-* | v1.33 | v1.33.* | v1.33-*) + ;; + *) + node_ok=false + break + ;; + esac ;; *) - node_ok=false - break + case "$v" in + "${k8s_version}" | "${k8s_version}".* | "${k8s_version}"-*) + ;; + *) + node_ok=false + break + ;; + esac ;; esac done - if ! $node_ok; then - echo "Kubelet versions did not match expected ${k8s_version}" >&2 - exit 1 + echo "Kubelet versions did not match expected ${k8s_version}" >&2 + exit 1 fi # Wait for all machine deployment replicas to be ready (timeout after 10 minutes) From 6937b8e2b605509532477b278429af7b38e44214 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 3 Oct 2025 10:33:28 +0300 Subject: [PATCH 27/80] feat/impruvement-kubernetes-tests Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 51ca6512..97286ce1 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -98,6 +98,7 @@ EOF done ' # Verify the nodes are ready + kubectl --kubeconfig tenantkubeconfig wait node --all --timeout=2m --for=condition=Ready kubectl --kubeconfig tenantkubeconfig get nodes -o wide # Verify the kubelet version matches what we expect From f2cd585b450e1bdc65dbe615ebd98e9cceaecc84 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 3 Oct 2025 10:42:28 +0300 Subject: [PATCH 28/80] feat/impruvement-kubernetes-tests Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 97286ce1..4fb0f11b 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -86,7 +86,7 @@ EOF yq -i ".clusters[0].cluster.server = \"https://localhost:${port}\"" tenantkubeconfig - # Set up port forwarding to the Kubernetes API server for a 40 second timeout + # Set up port forwarding to the Kubernetes API server for a 200 second timeout bash -c 'timeout 200s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &' # Verify the Kubernetes version matches what we expect (retry for up to 20 seconds) timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -Fq "Server Version: ${k8s_version}"; do sleep 5; done' From 012906cd591e41d2e90d459c8c167597a9829756 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 3 Oct 2025 10:54:09 +0300 Subject: [PATCH 29/80] feat/impruvement-kubernetes-tests Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 4fb0f11b..7c7f347a 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -105,13 +105,13 @@ EOF versions=$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}') node_ok=true - if [ "$k8s_version" = "v1.32" ]; then + if [[ "$k8s_version" == v1.32* ]]; then echo "⚠️ TODO: Temporary stub — allowing nodes with v1.33 while k8s_version is v1.32" fi for v in $versions; do case "$k8s_version" in - v1.32) + v1.32|v1.32.*) case "$v" in v1.32 | v1.32.* | v1.32-* | v1.33 | v1.33.* | v1.33-*) ;; From 9b0f919052374331dec4ccbfb7428bcb4d83de0e Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Fri, 3 Oct 2025 18:04:31 +0300 Subject: [PATCH 30/80] [controller, api] Select ingresses and services This patch extends the resource-selecting function of the webhook to also apply selectors to ingresses and services, like has been already done for secrets. The Cozystack resource definitions have been upgraded to contain two more fields: `ingresses` and `services` and populated with counterparts of the legacy selectors from the dashboard roles. ```release-note [controller, api] Enable marking ingresses and services as user-facing and implement selectors for existing CozystackResourceDefinitions. ``` Signed-off-by: Timofei Larkin --- .../cozystackresourcedefinitions_types.go | 4 + api/v1alpha1/zz_generated.deepcopy.go | 2 + internal/lineagecontrollerwebhook/matcher.go | 10 +- internal/lineagecontrollerwebhook/webhook.go | 22 +- .../virtual-machine/templates/service.yaml | 1 + .../apps/vm-instance/templates/service.yaml | 1 + .../system/cozystack-api/cozyrds/bootbox.yaml | 10 + .../system/cozystack-api/cozyrds/bucket.yaml | 5 + .../cozystack-api/cozyrds/clickhouse.yaml | 5 + .../system/cozystack-api/cozyrds/etcd.yaml | 5 + .../cozystack-api/cozyrds/ferretdb.yaml | 5 + .../system/cozystack-api/cozyrds/ingress.yaml | 5 + .../system/cozystack-api/cozyrds/kafka.yaml | 5 + .../cozystack-api/cozyrds/kubernetes.yaml | 10 + .../cozystack-api/cozyrds/monitoring.yaml | 12 + .../system/cozystack-api/cozyrds/mysql.yaml | 6 + .../system/cozystack-api/cozyrds/nats.yaml | 5 + .../cozystack-api/cozyrds/postgres.yaml | 8 + .../cozystack-api/cozyrds/rabbitmq.yaml | 5 + .../system/cozystack-api/cozyrds/redis.yaml | 8 + .../cozystack-api/cozyrds/seaweedfs.yaml | 10 + .../cozystack-api/cozyrds/vm-instance.yaml | 5 + .../system/cozystack-api/cozyrds/vpn.yaml | 5 + ...stack.io_cozystackresourcedefinitions.yaml | 334 ++++++++++++++++++ 24 files changed, 478 insertions(+), 10 deletions(-) diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index 989440ee..b2baee85 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -52,6 +52,10 @@ type CozystackResourceDefinitionSpec struct { // Secret selectors Secrets CozystackResourceDefinitionResources `json:"secrets,omitempty"` + // Service selectors + Services CozystackResourceDefinitionResources `json:"services,omitempty"` + // Ingress selectors + Ingresses CozystackResourceDefinitionResources `json:"ingresses,omitempty"` // Dashboard configuration for this resource Dashboard *CozystackResourceDefinitionDashboard `json:"dashboard,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 5967707e..42cf4c4a 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -237,6 +237,8 @@ func (in *CozystackResourceDefinitionSpec) DeepCopyInto(out *CozystackResourceDe out.Application = in.Application in.Release.DeepCopyInto(&out.Release) in.Secrets.DeepCopyInto(&out.Secrets) + in.Services.DeepCopyInto(&out.Services) + in.Ingresses.DeepCopyInto(&out.Ingresses) if in.Dashboard != nil { in, out := &in.Dashboard, &out.Dashboard *out = new(CozystackResourceDefinitionDashboard) diff --git a/internal/lineagecontrollerwebhook/matcher.go b/internal/lineagecontrollerwebhook/matcher.go index 1a21f5ca..7c756a49 100644 --- a/internal/lineagecontrollerwebhook/matcher.go +++ b/internal/lineagecontrollerwebhook/matcher.go @@ -62,12 +62,12 @@ func matchResourceToSelectorArray(ctx context.Context, name string, templateCont return false } -func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { - if matchResourceToSelectorArray(ctx, name, templateContext, l, ex) { +func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, resources *cozyv1alpha1.CozystackResourceDefinitionResources) bool { + if resources == nil { return false } - if matchResourceToSelectorArray(ctx, name, templateContext, l, in) { - return true + if matchResourceToSelectorArray(ctx, name, templateContext, l, resources.Exclude) { + return false } - return false + return matchResourceToSelectorArray(ctx, name, templateContext, l, resources.Include) } diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index fb7647fd..b368ea1a 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -19,6 +19,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -27,6 +28,20 @@ var ( AncestryAmbiguous = fmt.Errorf("object ancestry is ambiguous") ) +// getResourceSelectors returns the appropriate CozystackResourceDefinitionResources for a given GroupKind +func (h *LineageControllerWebhook) getResourceSelectors(gk schema.GroupKind, crd *cozyv1alpha1.CozystackResourceDefinition) *cozyv1alpha1.CozystackResourceDefinitionResources { + switch { + case gk.Group == "" && gk.Kind == "Secret": + return &crd.Spec.Secrets + case gk.Group == "" && gk.Kind == "Service": + return &crd.Spec.Services + case gk.Group == "networking.k8s.io" && gk.Kind == "Ingress": + return &crd.Spec.Ingresses + default: + return nil + } +} + // SetupWithManager registers the handler with the webhook server. func (h *LineageControllerWebhook) SetupWithManagerAsWebhook(mgr ctrl.Manager) error { cfg := rest.CopyConfig(mgr.GetConfig()) @@ -138,19 +153,16 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "name": obj.GetName(), "namespace": o.GetNamespace(), } - if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { - return labels, err - } cfg := h.config.Load().(*runtimeConfig) crd := cfg.appCRDMap[appRef{gv.Group, obj.GetKind()}] + resourceSelectors := h.getResourceSelectors(o.GroupVersionKind().GroupKind(), crd) - // TODO: expand this to work with other resources than Secrets labels[corev1alpha1.TenantResourceLabelKey] = func(b bool) string { if b { return corev1alpha1.TenantResourceLabelValue } return "false" - }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) + }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), resourceSelectors)) return labels, err } diff --git a/packages/apps/virtual-machine/templates/service.yaml b/packages/apps/virtual-machine/templates/service.yaml index 77698a2d..d9d77825 100644 --- a/packages/apps/virtual-machine/templates/service.yaml +++ b/packages/apps/virtual-machine/templates/service.yaml @@ -5,6 +5,7 @@ kind: Service metadata: name: {{ include "virtual-machine.fullname" . }} labels: + apps.cozystack.io/user-service: "true" {{- include "virtual-machine.labels" . | nindent 4 }} annotations: networking.cozystack.io/wholeIP: "true" diff --git a/packages/apps/vm-instance/templates/service.yaml b/packages/apps/vm-instance/templates/service.yaml index 009062fd..d1ef4df9 100644 --- a/packages/apps/vm-instance/templates/service.yaml +++ b/packages/apps/vm-instance/templates/service.yaml @@ -5,6 +5,7 @@ kind: Service metadata: name: {{ include "virtual-machine.fullname" . }} labels: + apps.cozystack.io/user-service: "true" {{- include "virtual-machine.labels" . | nindent 4 }} annotations: networking.cozystack.io/wholeIP: "true" diff --git a/packages/system/cozystack-api/cozyrds/bootbox.yaml b/packages/system/cozystack-api/cozyrds/bootbox.yaml index 3235e3cc..87e35626 100644 --- a/packages/system/cozystack-api/cozyrds/bootbox.yaml +++ b/packages/system/cozystack-api/cozyrds/bootbox.yaml @@ -31,3 +31,13 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - bootbox + ingresses: + exclude: [] + include: + - resourceNames: + - bootbox diff --git a/packages/system/cozystack-api/cozyrds/bucket.yaml b/packages/system/cozystack-api/cozyrds/bucket.yaml index d8f5b20b..889a36b5 100644 --- a/packages/system/cozystack-api/cozyrds/bucket.yaml +++ b/packages/system/cozystack-api/cozyrds/bucket.yaml @@ -35,3 +35,8 @@ spec: - resourceNames: - bucket-{{ .name }} - bucket-{{ .name }}-credentials + ingresses: + exclude: [] + include: + - resourceNames: + - bucket-{{ .name }}-ui diff --git a/packages/system/cozystack-api/cozyrds/clickhouse.yaml b/packages/system/cozystack-api/cozyrds/clickhouse.yaml index b41d44e8..49cf575f 100644 --- a/packages/system/cozystack-api/cozyrds/clickhouse.yaml +++ b/packages/system/cozystack-api/cozyrds/clickhouse.yaml @@ -32,3 +32,8 @@ spec: include: - resourceNames: - clickhouse-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - chendpoint-clickhouse-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/etcd.yaml b/packages/system/cozystack-api/cozyrds/etcd.yaml index e27aba33..5f7d3fef 100644 --- a/packages/system/cozystack-api/cozyrds/etcd.yaml +++ b/packages/system/cozystack-api/cozyrds/etcd.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - etcd diff --git a/packages/system/cozystack-api/cozyrds/ferretdb.yaml b/packages/system/cozystack-api/cozyrds/ferretdb.yaml index 9afce618..853d5d22 100644 --- a/packages/system/cozystack-api/cozyrds/ferretdb.yaml +++ b/packages/system/cozystack-api/cozyrds/ferretdb.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - ferretdb-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - ferretdb-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/ingress.yaml b/packages/system/cozystack-api/cozyrds/ingress.yaml index 84263b43..80d52549 100644 --- a/packages/system/cozystack-api/cozyrds/ingress.yaml +++ b/packages/system/cozystack-api/cozyrds/ingress.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - "{{ slice .namespace 7 }}-ingress-controller" diff --git a/packages/system/cozystack-api/cozyrds/kafka.yaml b/packages/system/cozystack-api/cozyrds/kafka.yaml index 7c4820cb..05594e07 100644 --- a/packages/system/cozystack-api/cozyrds/kafka.yaml +++ b/packages/system/cozystack-api/cozyrds/kafka.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - kafka-{{ .name }}-clients-ca + services: + exclude: [] + include: + - resourceNames: + - kafka-{{ .name }}-kafka-bootstrap diff --git a/packages/system/cozystack-api/cozyrds/kubernetes.yaml b/packages/system/cozystack-api/cozyrds/kubernetes.yaml index f7f32be7..db9ec9dc 100644 --- a/packages/system/cozystack-api/cozyrds/kubernetes.yaml +++ b/packages/system/cozystack-api/cozyrds/kubernetes.yaml @@ -34,3 +34,13 @@ spec: include: - resourceNames: - kubernetes-{{ .name }}-admin-kubeconfig + services: + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }} + ingresses: + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/monitoring.yaml b/packages/system/cozystack-api/cozyrds/monitoring.yaml index 1bdb271b..af99f73c 100644 --- a/packages/system/cozystack-api/cozyrds/monitoring.yaml +++ b/packages/system/cozystack-api/cozyrds/monitoring.yaml @@ -34,3 +34,15 @@ spec: include: - resourceNames: - grafana-admin-password + services: + exclude: [] + include: + - resourceNames: + - grafana-service + - alerta + ingresses: + exclude: [] + include: + - resourceNames: + - grafana-ingress + - alerta diff --git a/packages/system/cozystack-api/cozyrds/mysql.yaml b/packages/system/cozystack-api/cozyrds/mysql.yaml index ed1d20a7..6f78b077 100644 --- a/packages/system/cozystack-api/cozyrds/mysql.yaml +++ b/packages/system/cozystack-api/cozyrds/mysql.yaml @@ -33,3 +33,9 @@ spec: include: - resourceNames: - mysql-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - mysql-{{ .name }}-primary + - mysql-{{ .name }}-secondary diff --git a/packages/system/cozystack-api/cozyrds/nats.yaml b/packages/system/cozystack-api/cozyrds/nats.yaml index b406b439..692075a9 100644 --- a/packages/system/cozystack-api/cozyrds/nats.yaml +++ b/packages/system/cozystack-api/cozyrds/nats.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - nats-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - nats-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml index 12e3c9a8..17363553 100644 --- a/packages/system/cozystack-api/cozyrds/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -41,3 +41,11 @@ spec: include: - resourceNames: - postgres-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - postgres-{{ .name }}-r + - postgres-{{ .name }}-ro + - postgres-{{ .name }}-rw + - postgres-{{ .name }}-external-write diff --git a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml index 28844a4b..5e646959 100644 --- a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml +++ b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml @@ -35,3 +35,8 @@ spec: - rabbitmq-{{ .name }}-default-user - matchLabels: apps.cozystack.io/user-secret: "true" + services: + exclude: [] + include: + - resourceNames: + - rabbitmq-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/redis.yaml b/packages/system/cozystack-api/cozyrds/redis.yaml index 0c502370..29c33a26 100644 --- a/packages/system/cozystack-api/cozyrds/redis.yaml +++ b/packages/system/cozystack-api/cozyrds/redis.yaml @@ -33,3 +33,11 @@ spec: include: - resourceNames: - redis-{{ .name }}-auth + services: + exclude: [] + include: + - resourceNames: + - rfs-redis-{{ .name }} + - rfrm-redis-{{ .name }} + - rfrs-redis-{{ .name }} + - redis-{{ .name }}-external-lb diff --git a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml index 3d3119e1..2d027491 100644 --- a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml +++ b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml @@ -32,3 +32,13 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - seaweedfs-{{ .name }}-s3 + ingresses: + exclude: [] + include: + - resourceNames: + - ingress-seaweedfs-{{ .name }}-s3 diff --git a/packages/system/cozystack-api/cozyrds/vm-instance.yaml b/packages/system/cozystack-api/cozyrds/vm-instance.yaml index b120c720..7d5ec69a 100644 --- a/packages/system/cozystack-api/cozyrds/vm-instance.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-instance.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - matchLabels: + apps.cozystack.io/user-service: "true" diff --git a/packages/system/cozystack-api/cozyrds/vpn.yaml b/packages/system/cozystack-api/cozyrds/vpn.yaml index ca9e187d..2d067fd1 100644 --- a/packages/system/cozystack-api/cozyrds/vpn.yaml +++ b/packages/system/cozystack-api/cozyrds/vpn.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - vpn-{{ .name }}-urls + services: + exclude: [] + include: + - resourceNames: + - vpn-{{ .name }}-vpn diff --git a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml index 4c221281..685d4ac5 100644 --- a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml @@ -126,6 +126,173 @@ spec: - plural - singular type: object + ingresses: + description: Ingress selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object release: description: Release configuration properties: @@ -337,6 +504,173 @@ spec: x-kubernetes-map-type: atomic type: array type: object + services: + description: Service selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object required: - application - release From 13dba1b8b48c96c1ee08dad60e54dceef5680eb4 Mon Sep 17 00:00:00 2001 From: Nikita <166552198+nbykov0@users.noreply.github.com> Date: Mon, 6 Oct 2025 12:17:48 +0300 Subject: [PATCH 31/80] Add me to MAINTAINERS.md Signed-off-by: Nikita <166552198+nbykov0@users.noreply.github.com> --- MAINTAINERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS.md b/MAINTAINERS.md index ba191681..0591f0ee 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -10,3 +10,4 @@ | Andrei Gumilev | [@chumkaska](https://github.com/chumkaska) | Ænix | Platform Documentation | | Timur Tukaev | [@tym83](https://github.com/tym83) | Ænix | Cozystack Website, Marketing, Community Management | | Kirill Klinchenkov | [@klinch0](https://github.com/klinch0) | Ænix | Core Maintainer | +| Nikita Bykov | [@nbykov0](https://github.com/nbykov0) | Ænix | Maintainer of ARM and stuff | From 1f158fa909dde065774e87d64d0146657126cbb4 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Mon, 6 Oct 2025 12:23:05 +0300 Subject: [PATCH 32/80] [kafka] Disable noisy alerts The alerts deployed with the Kafka Strimzi operator are noisy and not useful, when a given namespace does not deploy any kafka clusters. This patch removes them. ```release-note [kafka] Disable useless alerts for Kafka which fire when not called for, e.g. when Kafka isn't deployed. ``` Signed-off-by: Timofei Larkin --- .../kafka-operator/templates/alerts.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/packages/system/kafka-operator/templates/alerts.yaml b/packages/system/kafka-operator/templates/alerts.yaml index 70d47014..1988991e 100644 --- a/packages/system/kafka-operator/templates/alerts.yaml +++ b/packages/system/kafka-operator/templates/alerts.yaml @@ -1,7 +1,11 @@ -{{- $files := .Files.Glob "alerts/*.yaml" -}} -{{- range $path, $file := $files }} ---- -# from: {{ $path }} -{{ toString $file }} - -{{- end -}} +{{- /* +# Disabled due to https://github.com/cozystack/cozystack/issues/790 +# {{- $files := .Files.Glob "alerts/*.yaml" -}} +# {{- range $path, $file := $files }} +# --- +# # from: {{ $path }} +# {{ toString $file }} +# +# {{- end -}} +# +*/ -}} From 4afda63440890b43e966915bdff7e264f5c50737 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Thu, 2 Oct 2025 18:45:43 +0200 Subject: [PATCH 33/80] Upd Velero v1.17.0 Signed-off-by: Andrei Kvapil --- .../system/velero/charts/velero/Chart.yaml | 4 +- .../system/velero/charts/velero/README.md | 101 +++++++++++++ .../velero/crds/backuprepositories.yaml | 3 +- .../velero/charts/velero/crds/backups.yaml | 4 + .../charts/velero/crds/datauploads.yaml | 3 + .../charts/velero/crds/podvolumebackups.yaml | 59 +++++--- .../charts/velero/crds/podvolumerestores.yaml | 76 ++++++---- .../velero/charts/velero/crds/schedules.yaml | 4 + .../velero/charts/velero/templates/NOTES.txt | 16 ++ .../charts/velero/templates/deployment.yaml | 31 ++-- .../label-namespace/labelnamespace.yaml | 4 +- .../templates/node-agent-daemonset.yaml | 8 +- .../templates/repo-maintenance-configmap.yaml | 21 +++ .../charts/velero/templates/service.yaml | 6 + .../velero/charts/velero/values.schema.json | 92 ++++++++++-- .../system/velero/charts/velero/values.yaml | 138 +++++++++++++----- packages/system/velero/values.yaml | 6 +- 17 files changed, 450 insertions(+), 126 deletions(-) create mode 100644 packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml diff --git a/packages/system/velero/charts/velero/Chart.yaml b/packages/system/velero/charts/velero/Chart.yaml index 8b740531..2f303004 100644 --- a/packages/system/velero/charts/velero/Chart.yaml +++ b/packages/system/velero/charts/velero/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.1 +appVersion: 1.17.0 description: A Helm chart for velero home: https://github.com/vmware-tanzu/velero icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png @@ -14,4 +14,4 @@ maintainers: name: velero sources: - https://github.com/vmware-tanzu/velero -version: 10.0.5 +version: 11.0.0 diff --git a/packages/system/velero/charts/velero/README.md b/packages/system/velero/charts/velero/README.md index 61d584ab..088b7f7c 100644 --- a/packages/system/velero/charts/velero/README.md +++ b/packages/system/velero/charts/velero/README.md @@ -102,6 +102,107 @@ CSI plugin has been merged into velero repo in v1.14 release. It will be install This version removes the `nodeAgent.privileged` field, you should use `nodeAgent.containerSecurityContext.privileged` instead +## Repository Maintenance Configuration + +Starting from Velero v1.15, you can configure repository maintenance jobs with different resource limits and node affinity settings per repository using a ConfigMap. This feature is supported through the Helm chart. + +### Basic Usage + +To enable per-repository maintenance configuration, provide repository-specific configurations and provide global configurations that will be applied across all repositories: + +```yaml +configuration: + repositoryMaintenanceJob: + repositoryConfigData: + name: "my-repo-maintenance-config" # Optional, defaults to "velero-repo-maintenance" + global: + podResources: + cpuRequest: "100m" + cpuLimit: "200m" + memoryRequest: "100Mi" + memoryLimit: "200Mi" + keepLatestMaintenanceJobs: 1 +``` + +### Per-Repository Configuration + +You can configure specific settings for individual repositories using repository keys. Repository keys are formed as: `{namespace}-{storageLocation}-{repositoryType}`. + +For example, if you have a BackupRepository for namespace `prod` using storage location `s3-backup` with repository type `kopia`, the key would be `prod-s3-backup-kopia`. + +```yaml +configuration: + repositoryMaintenanceJob: + repositoryConfigData: + global: + podResources: + cpuRequest: "100m" + cpuLimit: "200m" + memoryRequest: "100Mi" + memoryLimit: "200Mi" + repositories: + "prod-s3-backup-kopia": + podResources: + cpuRequest: "500m" + cpuLimit: "1000m" + memoryRequest: "512Mi" + memoryLimit: "1024Mi" + loadAffinity: + - nodeSelector: + matchLabels: + dedicated: "backup" +``` + +### Node Affinity and Priority Class + +You can specify node affinity and priority class for maintenance jobs: + +```yaml +configuration: + repositoryMaintenanceJob: + repositoryConfigData: + global: + podResources: + cpuRequest: "100m" + cpuLimit: "200m" + memoryRequest: "100Mi" + memoryLimit: "200Mi" + loadAffinity: + - nodeSelector: + matchExpressions: + - key: "cloud.google.com/machine-family" + operator: "In" + values: ["e2"] + - nodeSelector: + matchExpressions: + - key: "topology.kubernetes.io/zone" + operator: "In" + values: ["us-central1-a", "us-central1-b", "us-central1-c"] + priorityClassName: "low-priority" +``` + +**Note**: `priorityClassName` is only supported in the global configuration section and applies to all maintenance jobs. + +### Backward Compatibility + +When `repositoryConfigData.global` and `repositoryConfigData.repositories` are not provided (default), the chart continues to use the legacy global settings: + +```yaml +configuration: + repositoryMaintenanceJob: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + latestJobsCount: 3 +``` + +Note: The legacy parameters (`--maintenance-job-cpu-request`, `--maintenance-job-mem-request`, `--maintenance-job-cpu-limit`, `--maintenance-job-mem-limit`) are deprecated in Velero v1.15 and will be removed in v1.17. + +For more information, see the [Velero Repository Maintenance documentation](https://velero.io/docs/main/repository-maintenance/). + ## Upgrading Velero ### Upgrading to v1.16 diff --git a/packages/system/velero/charts/velero/crds/backuprepositories.yaml b/packages/system/velero/charts/velero/crds/backuprepositories.yaml index 73da6eaa..7714f73a 100644 --- a/packages/system/velero/charts/velero/crds/backuprepositories.yaml +++ b/packages/system/velero/charts/velero/crds/backuprepositories.yaml @@ -73,7 +73,7 @@ spec: resticIdentifier: description: |- ResticIdentifier is the full restic-compatible string for identifying - this repository. + this repository. This field is only used when RepositoryType is "restic". type: string volumeNamespace: description: |- @@ -83,7 +83,6 @@ spec: required: - backupStorageLocation - maintenanceFrequency - - resticIdentifier - volumeNamespace type: object status: diff --git a/packages/system/velero/charts/velero/crds/backups.yaml b/packages/system/velero/charts/velero/crds/backups.yaml index f36d7b43..a6768029 100644 --- a/packages/system/velero/charts/velero/crds/backups.yaml +++ b/packages/system/velero/charts/velero/crds/backups.yaml @@ -512,6 +512,10 @@ spec: uploads to perform when using the uploader. type: integer type: object + volumeGroupSnapshotLabelKey: + description: VolumeGroupSnapshotLabelKey specifies the label key + to group PVCs under a VGS. + type: string volumeSnapshotLocations: description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. diff --git a/packages/system/velero/charts/velero/crds/datauploads.yaml b/packages/system/velero/charts/velero/crds/datauploads.yaml index d17bd138..5a9fc2a6 100644 --- a/packages/system/velero/charts/velero/crds/datauploads.yaml +++ b/packages/system/velero/charts/velero/crds/datauploads.yaml @@ -89,6 +89,9 @@ spec: of the CSI snapshot. nullable: true properties: + driver: + description: Driver is the driver used by the VolumeSnapshotContent + type: string snapshotClass: description: SnapshotClass is the name of the snapshot class that the volume snapshot is created with diff --git a/packages/system/velero/charts/velero/crds/podvolumebackups.yaml b/packages/system/velero/charts/velero/crds/podvolumebackups.yaml index f83ff45f..a232b945 100644 --- a/packages/system/velero/charts/velero/crds/podvolumebackups.yaml +++ b/packages/system/velero/charts/velero/crds/podvolumebackups.yaml @@ -17,38 +17,41 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress + - description: PodVolumeBackup status such as New/InProgress jsonPath: .status.phase name: Status type: string - - description: Time when this backup was started + - description: Time duration since this PodVolumeBackup was started jsonPath: .status.startTimestamp - name: Created + name: Started type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer - description: Name of the Backup Storage Location where this backup should be stored jsonPath: .spec.backupStorageLocation name: Storage Location type: string - - jsonPath: .metadata.creationTimestamp + - description: Time duration since this PodVolumeBackup was created + jsonPath: .metadata.creationTimestamp name: Age type: date + - description: Name of the node where the PodVolumeBackup is processed + jsonPath: .status.node + name: Node + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader + type: string name: v1 schema: openAPIV3Schema: @@ -78,6 +81,11 @@ spec: BackupStorageLocation is the name of the backup storage location where the backup repository is stored. type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing PodVolumeBackup. It can be set + when the PodVolumeBackup is in InProgress phase + type: boolean node: description: Node is the name of the node that the Pod is running on. @@ -167,6 +175,13 @@ spec: status: description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. properties: + acceptedTimestamp: + description: |- + AcceptedTimestamp records the time the pod volume backup is to be prepared. + The server's time is used for AcceptedTimestamp + format: date-time + nullable: true + type: string completionTimestamp: description: |- CompletionTimestamp records the time a backup was completed. @@ -188,7 +203,11 @@ spec: description: Phase is the current state of the PodVolumeBackup. enum: - New + - Accepted + - Prepared - InProgress + - Canceling + - Canceled - Completed - Failed type: string diff --git a/packages/system/velero/charts/velero/crds/podvolumerestores.yaml b/packages/system/velero/charts/velero/crds/podvolumerestores.yaml index 7bc5edad..1521ec96 100644 --- a/packages/system/velero/charts/velero/crds/podvolumerestores.yaml +++ b/packages/system/velero/charts/velero/crds/podvolumerestores.yaml @@ -17,39 +17,41 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace + - description: PodVolumeRestore status such as New/InProgress + jsonPath: .status.phase + name: Status type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod + - description: Time duration since this PodVolumeRestore was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where the backup data is + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this PodVolumeRestore was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the PodVolumeRestore is processed + jsonPath: .status.node + name: Node type: string - description: The type of the uploader to handle data transfer jsonPath: .spec.uploaderType name: Uploader Type type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date name: v1 schema: openAPIV3Schema: @@ -79,6 +81,11 @@ spec: BackupStorageLocation is the name of the backup storage location where the backup repository is stored. type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing PodVolumeRestore. It can be set + when the PodVolumeRestore is in InProgress phase + type: boolean pod: description: Pod is a reference to the pod containing the volume to be restored. @@ -164,6 +171,13 @@ spec: status: description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. properties: + acceptedTimestamp: + description: |- + AcceptedTimestamp records the time the pod volume restore is to be prepared. + The server's time is used for AcceptedTimestamp + format: date-time + nullable: true + type: string completionTimestamp: description: |- CompletionTimestamp records the time a restore was completed. @@ -176,11 +190,19 @@ spec: description: Message is a message about the pod volume restore's status. type: string + node: + description: Node is name of the node where the pod volume restore + is processed. + type: string phase: description: Phase is the current state of the PodVolumeRestore. enum: - New + - Accepted + - Prepared - InProgress + - Canceling + - Canceled - Completed - Failed type: string diff --git a/packages/system/velero/charts/velero/crds/schedules.yaml b/packages/system/velero/charts/velero/crds/schedules.yaml index f09bdb1a..ed521799 100644 --- a/packages/system/velero/charts/velero/crds/schedules.yaml +++ b/packages/system/velero/charts/velero/crds/schedules.yaml @@ -553,6 +553,10 @@ spec: parallel uploads to perform when using the uploader. type: integer type: object + volumeGroupSnapshotLabelKey: + description: VolumeGroupSnapshotLabelKey specifies the label + key to group PVCs under a VGS. + type: string volumeSnapshotLocations: description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. diff --git a/packages/system/velero/charts/velero/templates/NOTES.txt b/packages/system/velero/charts/velero/templates/NOTES.txt index d2f0fb79..ea193341 100644 --- a/packages/system/velero/charts/velero/templates/NOTES.txt +++ b/packages/system/velero/charts/velero/templates/NOTES.txt @@ -75,6 +75,22 @@ More info on the official site: https://velero.io/docs {{- end }} {{- end }} +{{- if eq .Values.configuration.uploaderType "restic" }} +{{- $breaking = print $breaking "\n\nERROR: restic uploaderType was removed, please use a different one" }} +{{- end }} + +{{- if hasKey .Values.configuration.repositoryMaintenanceJob "requests" }} +{{- $breaking = print $breaking "\n\nREMOVED: configuration.repositoryMaintenanceJob.requests has been removed, please use the configmap" }} +{{- end }} + +{{- if hasKey .Values.configuration.repositoryMaintenanceJob "limits" }} +{{- $breaking = print $breaking "\n\nREMOVED: configuration.repositoryMaintenanceJob.limits has been removed, please use the configmap" }} +{{- end }} + +{{- if hasKey .Values.configuration.repositoryMaintenanceJob "latestJobsCount" }} +{{- $breaking = print $breaking "\n\nREMOVED: configuration.repositoryMaintenanceJob.latestJobsCount has been removed, please use the configmap" }} +{{- end }} + {{- if $breaking }} {{- fail (print $breaking_title $breaking) }} {{- end }} diff --git a/packages/system/velero/charts/velero/templates/deployment.yaml b/packages/system/velero/charts/velero/templates/deployment.yaml index 5789542b..d2a72639 100644 --- a/packages/system/velero/charts/velero/templates/deployment.yaml +++ b/packages/system/velero/charts/velero/templates/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "velero.fullname" . }} + name: velero namespace: {{ .Release.Namespace }} {{- with .Values.annotations }} annotations: @@ -21,7 +21,7 @@ metadata: {{- end }} spec: replicas: 1 - {{- if .Values.revisionHistoryLimit }} + {{- if hasKey .Values "revisionHistoryLimit" }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- end }} strategy: @@ -57,7 +57,7 @@ spec: {{- end }} {{- end }} spec: - {{- with .Values.hostAliases -}} + {{- with .Values.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} @@ -180,24 +180,9 @@ spec: - --namespace={{ . }} {{- end }} {{- with .repositoryMaintenanceJob }} - {{- with .requests }} - {{- with .cpu }} - - --maintenance-job-cpu-request={{ . }} - {{- end }} - {{- with .memory }} - - --maintenance-job-mem-request={{ . }} - {{- end }} - {{- end }} - {{- with .limits }} - {{- with .cpu }} - - --maintenance-job-cpu-limit={{ . }} - {{- end }} - {{- with .memory }} - - --maintenance-job-mem-limit={{ . }} - {{- end }} - {{- end }} - {{- with .latestJobsCount }} - - --keep-latest-maintenance-jobs={{ . }} + {{- if and .repositoryConfigData (or .repositoryConfigData.global .repositoryConfigData.repositories) }} + - --repo-maintenance-job-configmap={{ default "velero-repo-maintenance" .repositoryConfigData.name }} + {{- else }} {{- end }} {{- end }} {{- with .extraArgs }} @@ -209,6 +194,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.resizePolicy }} + resizePolicy: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.metrics.enabled }} {{- with .Values.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} diff --git a/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml b/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml index de64ce67..2c78fa53 100644 --- a/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml +++ b/packages/system/velero/charts/velero/templates/label-namespace/labelnamespace.yaml @@ -31,8 +31,8 @@ spec: - /bin/sh - -c - | - {{- range .Values.namespace.labels }} - kubectl label namespace {{ $.Release.Namespace }} {{ .key }}={{ .value }} + {{- range $key, $value := .Values.namespace.labels }} + kubectl label namespace {{ $.Release.Namespace }} {{ $key }}={{ $value }} {{- end }} {{- if .Values.kubectl.extraVolumeMounts }} volumeMounts: diff --git a/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml b/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml index 03e5cdd0..597ca459 100644 --- a/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml +++ b/packages/system/velero/charts/velero/templates/node-agent-daemonset.yaml @@ -49,7 +49,7 @@ spec: {{- end }} {{- end }} spec: - {{ with .Values.hostAliases -}} + {{- with .Values.nodeAgent.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} @@ -68,7 +68,7 @@ spec: {{- if .Values.nodeAgent.priorityClassName }} priorityClassName: {{ include "velero.nodeAgent.priorityClassName" . }} {{- end }} - {{- if .Values.runtimeClassName }} + {{- if .Values.nodeAgent.runtimeClassName }} runtimeClassName: {{ include "velero.nodeAgent.runtimeClassName" . }} {{- end }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} @@ -197,6 +197,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.nodeAgent.resizePolicy }} + resizePolicy: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.nodeAgent.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml b/packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml new file mode 100644 index 00000000..25c0c373 --- /dev/null +++ b/packages/system/velero/charts/velero/templates/repo-maintenance-configmap.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.configuration .Values.configuration.repositoryMaintenanceJob .Values.configuration.repositoryMaintenanceJob.repositoryConfigData (or .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.global .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.repositories) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ default "velero-repo-maintenance" .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.name }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "velero.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "velero.chart" . }} +data: + {{- with .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.global }} + global: | + {{- . | toPrettyJson | nindent 4 }} + {{- end }} + {{- range $repoKey, $repoConfig := .Values.configuration.repositoryMaintenanceJob.repositoryConfigData.repositories }} + {{ $repoKey }}: | + {{- $repoConfig | toPrettyJson | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/velero/charts/velero/templates/service.yaml b/packages/system/velero/charts/velero/templates/service.yaml index 7cccbc54..662ca646 100644 --- a/packages/system/velero/charts/velero/templates/service.yaml +++ b/packages/system/velero/charts/velero/templates/service.yaml @@ -23,6 +23,12 @@ spec: {{- if .Values.metrics.service.internalTrafficPolicy }} internalTrafficPolicy: {{ .Values.metrics.service.internalTrafficPolicy }} {{- end }} + {{- if .Values.metrics.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.metrics.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.metrics.service.ipFamilies }} + ipFamilies: {{ toYaml .Values.metrics.service.ipFamilies | nindent 4 }} + {{- end }} type: {{ .Values.metrics.service.type }} ports: - name: http-monitoring diff --git a/packages/system/velero/charts/velero/values.schema.json b/packages/system/velero/charts/velero/values.schema.json index d23009d4..367e0d8c 100644 --- a/packages/system/velero/charts/velero/values.schema.json +++ b/packages/system/velero/charts/velero/values.schema.json @@ -105,7 +105,7 @@ "type": "string" }, "initContainers": { - "type": ["array", "null"], + "type": ["array", "string", "null"], "items": {} }, "podSecurityContext": { @@ -367,10 +367,10 @@ "type": ["string", "null"] }, "provider": { - "type": ["string", "null"] + "type": ["string"] }, "bucket": { - "type": ["string", "null"] + "type": ["string"] }, "caCert": { "type": ["string", "null"] @@ -405,8 +405,7 @@ }, "required": [ "provider", - "bucket", - "config" + "bucket" ] } }, @@ -419,7 +418,7 @@ "type": ["string", "null"] }, "provider": { - "type": ["string", "null"] + "type": ["string"] }, "credential": { "type": "object", @@ -438,9 +437,7 @@ } }, "required": [ - "name", - "provider", - "config" + "provider" ] } }, @@ -473,6 +470,80 @@ }, "latestJobsCount": { "type": "number" + }, + "repositoryConfigData": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the ConfigMap to create for per-repository maintenance configuration" + }, + "global": { + "type": "object", + "description": "Global configuration applied to all repositories when no specific repository configuration is found", + "properties": { + "podResources": { + "type": "object", + "properties": { + "cpuRequest": {"type": "string"}, + "cpuLimit": {"type": "string"}, + "memoryRequest": {"type": "string"}, + "memoryLimit": {"type": "string"} + } + }, + "keepLatestMaintenanceJobs": { + "type": "number" + }, + "priorityClassName": { + "type": "string" + }, + "loadAffinity": { + "type": "array", + "items": { + "type": "object", + "properties": { + "nodeSelector": { + "type": "object" + } + } + } + } + } + }, + "repositories": { + "type": "object", + "description": "Repository-specific configurations keyed by repository identifier (namespace-storageLocation-repositoryType)", + "additionalProperties": { + "type": "object", + "properties": { + "podResources": { + "type": "object", + "properties": { + "cpuRequest": {"type": "string"}, + "cpuLimit": {"type": "string"}, + "memoryRequest": {"type": "string"}, + "memoryLimit": {"type": "string"} + } + }, + "keepLatestMaintenanceJobs": { + "type": "number" + }, + "loadAffinity": { + "type": "array", + "items": { + "type": "object", + "properties": { + "nodeSelector": { + "type": "object" + } + } + } + } + } + } + } + }, + "required": [] } }, "required": [] @@ -688,7 +759,6 @@ }, "required": [ "podVolumePath", - "pluginVolumePath", "dnsPolicy" ] }, @@ -732,4 +802,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/system/velero/charts/velero/values.yaml b/packages/system/velero/charts/velero/values.yaml index 659d0034..30eb7b5f 100644 --- a/packages/system/velero/charts/velero/values.yaml +++ b/packages/system/velero/charts/velero/values.yaml @@ -7,18 +7,12 @@ namespace: labels: {} # Enforce Pod Security Standards with Namespace Labels # https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/ - # - key: pod-security.kubernetes.io/enforce - # value: privileged - # - key: pod-security.kubernetes.io/enforce-version - # value: latest - # - key: pod-security.kubernetes.io/audit - # value: privileged - # - key: pod-security.kubernetes.io/audit-version - # value: latest - # - key: pod-security.kubernetes.io/warn - # value: privileged - # - key: pod-security.kubernetes.io/warn-version - # value: latest + # pod-security.kubernetes.io/enforce: privileged + # pod-security.kubernetes.io/enforce-version: latest + # pod-security.kubernetes.io/audit: privileged + # pod-security.kubernetes.io/audit-version: latest + # pod-security.kubernetes.io/warn: privileged + # pod-security.kubernetes.io/warn-version: latest ## ## End of namespace-related settings. @@ -33,7 +27,7 @@ namespace: # enabling node-agent). Required. image: repository: velero/velero - tag: v1.16.1 + tag: v1.17.0 # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. # If used, it will take precedence over the image.tag. # digest: @@ -81,6 +75,14 @@ resources: {} # cpu: 1000m # memory: 512Mi +# Container resize policy for the Velero deployment. +# See: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/ +resizePolicy: [] + # - resourceName: cpu + # restartPolicy: NotRequired + # - resourceName: memory + # restartPolicy: RestartContainer + # Configure hostAliases for Velero deployment. Optional # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ hostAliases: [] @@ -128,7 +130,7 @@ dnsPolicy: ClusterFirst # If the value is a string then it is evaluated as a template. initContainers: # - name: velero-plugin-for-aws - # image: velero/velero-plugin-for-aws:v1.12.1 + # image: velero/velero-plugin-for-aws:v1.13.0 # imagePullPolicy: IfNotPresent # volumeMounts: # - mountPath: /target @@ -247,6 +249,11 @@ metrics: externalTrafficPolicy: "" internalTrafficPolicy: "" + # the IP family policy for the metrics Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + ipFamilyPolicy: "" + # a list of IP families for the metrics Service that should be supported, in the order in which they should be applied to ClusterIP. Can be "IPv4" and/or "IPv6". + ipFamilies: [] + # Pod annotations for Prometheus podAnnotations: prometheus.io/scrape: "true" @@ -291,26 +298,47 @@ metrics: # namespace: "" # Rules to be deployed spec: [] - # - alert: VeleroBackupPartialFailures + # - alert: VeleroBackupFailed # annotations: - # message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups. + # message: Velero backup {{ $labels.schedule }} has failed # expr: |- - # velero_backup_partial_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25 + # velero_backup_last_status{schedule!=""} != 1 # for: 15m # labels: # severity: warning - # - alert: VeleroBackupFailures + # - alert: VeleroBackupFailing # annotations: - # message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} failed backups. + # message: Velero backup {{ $labels.schedule }} has been failing for the last 12h # expr: |- - # velero_backup_failure_total{schedule!=""} / velero_backup_attempt_total{schedule!=""} > 0.25 + # velero_backup_last_status{schedule!=""} != 1 + # for: 12h + # labels: + # severity: critical + # - alert: VeleroNoNewBackup + # annotations: + # message: Velero backup {{ $labels.schedule }} has not run successfuly in the last 30h + # expr: |- + # ( + # rate(velero_backup_last_successful_timestamp{schedule!=""}[15m]) <=bool 0 + # or + # absent(velero_backup_last_successful_timestamp{schedule!=""}) + # ) == 1 + # for: 30h + # labels: + # severity: critical + # - alert: VeleroBackupPartialFailures + # annotations: + # message: Velero backup {{ $labels.schedule }} has {{ $value | humanizePercentage }} partialy failed backups + # expr: |- + # rate(velero_backup_partial_failure_total{schedule!=""}[25m]) + # / rate(velero_backup_attempt_total{schedule!=""}[25m]) > 0.5 # for: 15m # labels: # severity: warning kubectl: image: - repository: docker.io/bitnami/kubectl + repository: docker.io/bitnamilegacy/kubectl # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. # If used, it will take precedence over the kubectl.image.tag. # digest: @@ -354,9 +382,9 @@ configuration: # a backup storage location will be created with the name "default". Optional. - name: # provider is the name for the backup storage location provider. - provider: + provider: "" # bucket is the name of the bucket to store backups in. Required. - bucket: + bucket: "" # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. caCert: # prefix is the directory under which all Velero data should be stored within the bucket. Optional. @@ -398,10 +426,11 @@ configuration: # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ volumeSnapshotLocation: - # name is the name of the volume snapshot location where snapshots are being taken. Required. + # name is the name of the volume snapshot location where snapshots are being taken. If a name is not provided, + # a volume snapshot location will be created with the name "default". Optional. - name: # provider is the name for the volume snapshot provider. - provider: + provider: "" credential: # name of the secret used by this volumeSnapshotLocation. name: @@ -483,14 +512,48 @@ configuration: # Resource requests/limits to specify for the repository-maintenance job. Optional. # https://velero.io/docs/v1.14/repository-maintenance/#resource-limitation repositoryMaintenanceJob: - requests: - # cpu: 500m - # memory: 512Mi - limits: - # cpu: 1000m - # memory: 1024Mi - # Number of latest maintenance jobs to keep for each repository - latestJobsCount: 3 + # Per-repository resource settings ConfigMap + # This ConfigMap allows specifying different settings for different repositories + # See: https://velero.io/docs/main/repository-maintenance/ + repositoryConfigData: + # Name of the ConfigMap to create. If not provided, will use "velero-repo-maintenance" + name: "velero-repo-maintenance" + # Global configuration applied to all repositories + # This configuration is used when no specific repository configuration is found + # global: + # podResources: + # cpuRequest: "100m" + # cpuLimit: "200m" + # memoryRequest: "100Mi" + # memoryLimit: "200Mi" + # keepLatestMaintenanceJobs: 1 + # loadAffinity: + # - nodeSelector: + # matchExpressions: + # - key: "cloud.google.com/machine-family" + # operator: "In" + # values: ["e2"] + # - nodeSelector: + # matchExpressions: + # - key: "topology.kubernetes.io/zone" + # operator: "In" + # values: ["us-central1-a", "us-central1-b", "us-central1-c"] + # priorityClassName: "low-priority" # Note: priorityClassName is only supported in global configuration + global: + keepLatestMaintenanceJobs: 3 + # Repository-specific configurations + # Repository keys are formed as: "{namespace}-{storageLocation}-{repositoryType}" + # For example: "default-default-kopia" or "prod-s3-backup-kopia" + # Note: priorityClassName is NOT supported in repository-specific configurations + # repositories: + # "kibishii-default-kopia": + # podResources: + # cpuRequest: "200m" + # cpuLimit: "400m" + # memoryRequest: "200Mi" + # memoryLimit: "400Mi" + # keepLatestMaintenanceJobs: 2 + repositories: {} # `velero server` default: velero namespace: # additional command-line arguments that will be passed to the `velero server` @@ -601,6 +664,13 @@ nodeAgent: # limits: # cpu: 1000m # memory: 1024Mi + # Container resize policy for the node-agent daemonset. + # See: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/ + resizePolicy: [] + # - resourceName: cpu + # restartPolicy: NotRequired + # - resourceName: memory + # restartPolicy: RestartContainer # Tolerations to use for the node-agent daemonset. Optional. tolerations: [] @@ -714,7 +784,7 @@ schedules: {} # velero.io/plugin-config: "" # velero.io/pod-volume-restore: RestoreItemAction # data: -# image: velero/velero-restore-helper:v1.10.2 +# image: velero/velero:v1.17.0 # cpuRequest: 200m # memRequest: 128Mi # cpuLimit: 200m diff --git a/packages/system/velero/values.yaml b/packages/system/velero/values.yaml index bf980e4b..d78a69c5 100644 --- a/packages/system/velero/values.yaml +++ b/packages/system/velero/values.yaml @@ -6,14 +6,10 @@ velero: volumeMounts: - mountPath: /target name: plugins - # deployNodeAgent: true + deployNodeAgent: true configuration: # defaultVolumesToFsBackup: true backupStorageLocation: null volumeSnapshotLocation: null namespace: cozy-velero features: EnableCSI - kubectl: - image: - repository: docker.io/alpine/k8s - tag: 1.33.4 From 42c9d65c7c31003e4b105c018877fb57a19757b8 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Mon, 6 Oct 2025 20:19:01 +0300 Subject: [PATCH 34/80] [etcd] Add VPA for etcd The etcd tenant module deploys by default with a large resource limit/request and these values are not exposed at deploy time. This patch lowers the default resources and adds a VPA to autoconfigure them according to the real needs. ```release-note [etcd] Attach VPA to etcd and lower initial default resource requests. ``` Signed-off-by: Timofei Larkin --- hack/update-crd.sh | 2 +- packages/extra/etcd/README.md | 16 +++++++------- packages/extra/etcd/templates/vpa.yaml | 21 +++++++++++++++++++ packages/extra/etcd/values.schema.json | 4 ++-- packages/extra/etcd/values.yaml | 4 ++-- .../system/cozystack-api/cozyrds/etcd.yaml | 2 +- 6 files changed, 35 insertions(+), 14 deletions(-) create mode 100644 packages/extra/etcd/templates/vpa.yaml diff --git a/hack/update-crd.sh b/hack/update-crd.sh index 5c78292e..ab9a59b7 100755 --- a/hack/update-crd.sh +++ b/hack/update-crd.sh @@ -8,7 +8,7 @@ need yq; need jq; need base64 CHART_YAML="${CHART_YAML:-Chart.yaml}" VALUES_YAML="${VALUES_YAML:-values.yaml}" SCHEMA_JSON="${SCHEMA_JSON:-values.schema.json}" -CRD_DIR="../../system/cozystack-api/templates/cozystack-resource-definitions" +CRD_DIR="../../system/cozystack-api/cozyrds" [[ -f "$CHART_YAML" ]] || { echo "No $CHART_YAML found"; exit 1; } [[ -f "$SCHEMA_JSON" ]] || { echo "No $SCHEMA_JSON found"; exit 1; } diff --git a/packages/extra/etcd/README.md b/packages/extra/etcd/README.md index 8b2253ae..3bdb920b 100644 --- a/packages/extra/etcd/README.md +++ b/packages/extra/etcd/README.md @@ -4,12 +4,12 @@ ### Common parameters -| Name | Description | Type | Value | -| ------------------ | ----------------------------------- | ----------- | ------ | -| `size` | Persistent Volume size | `*quantity` | `4Gi` | -| `storageClass` | StorageClass used to store the data | `*string` | `""` | -| `replicas` | Number of etcd replicas | `*int` | `3` | -| `resources` | Resource configuration for etcd | `*object` | `null` | -| `resources.cpu` | The number of CPU cores allocated | `*quantity` | `4` | -| `resources.memory` | The amount of memory allocated | `*quantity` | `1Gi` | +| Name | Description | Type | Value | +| ------------------ | ----------------------------------- | ----------- | ------- | +| `size` | Persistent Volume size | `*quantity` | `4Gi` | +| `storageClass` | StorageClass used to store the data | `*string` | `""` | +| `replicas` | Number of etcd replicas | `*int` | `3` | +| `resources` | Resource configuration for etcd | `*object` | `null` | +| `resources.cpu` | The number of CPU cores allocated | `*quantity` | `1000m` | +| `resources.memory` | The amount of memory allocated | `*quantity` | `512Mi` | diff --git a/packages/extra/etcd/templates/vpa.yaml b/packages/extra/etcd/templates/vpa.yaml new file mode 100644 index 00000000..57055cbd --- /dev/null +++ b/packages/extra/etcd/templates/vpa.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: etcd +spec: + targetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: etcd + updatePolicy: + updateMode: Auto + resourcePolicy: + containerPolicies: + - containerName: etcd + {{- with dict "cpu" "250m" "memory" "256Mi" }} + minAllowed: {{- get (include "cozy-lib.resources.sanitize" (list . $) | fromYaml) "requests" | toYaml | nindent 8 }} + {{- end }} + {{- with dict "cpu" "5000m" "memory" "8Gi" }} + maxAllowed: {{- get (include "cozy-lib.resources.sanitize" (list . $) | fromYaml) "requests" | toYaml | nindent 8 }} + {{- end }} diff --git a/packages/extra/etcd/values.schema.json b/packages/extra/etcd/values.schema.json index 57c5fee1..ee6960de 100644 --- a/packages/extra/etcd/values.schema.json +++ b/packages/extra/etcd/values.schema.json @@ -14,7 +14,7 @@ "properties": { "cpu": { "description": "The number of CPU cores allocated", - "default": 4, + "default": "1000m", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -28,7 +28,7 @@ }, "memory": { "description": "The amount of memory allocated", - "default": "1Gi", + "default": "512Mi", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { diff --git a/packages/extra/etcd/values.yaml b/packages/extra/etcd/values.yaml index 816cd5a7..43214f6d 100644 --- a/packages/extra/etcd/values.yaml +++ b/packages/extra/etcd/values.yaml @@ -12,5 +12,5 @@ replicas: 3 ## @field resources.cpu {*quantity} The number of CPU cores allocated ## @field resources.memory {*quantity} The amount of memory allocated resources: - cpu: 4 - memory: 1Gi + cpu: 1000m + memory: 512Mi diff --git a/packages/system/cozystack-api/cozyrds/etcd.yaml b/packages/system/cozystack-api/cozyrds/etcd.yaml index 5f7d3fef..eeece147 100644 --- a/packages/system/cozystack-api/cozyrds/etcd.yaml +++ b/packages/system/cozystack-api/cozyrds/etcd.yaml @@ -8,7 +8,7 @@ spec: plural: etcds singular: etcd openAPISchema: |- - {"title":"Chart Values","type":"object","properties":{"replicas":{"description":"Number of etcd replicas","type":"integer","default":3},"resources":{"description":"Resource configuration for etcd","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","default":4,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"size":{"description":"Persistent Volume size","default":"4Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} + {"title":"Chart Values","type":"object","properties":{"replicas":{"description":"Number of etcd replicas","type":"integer","default":3},"resources":{"description":"Resource configuration for etcd","type":"object","default":{},"properties":{"cpu":{"description":"The number of CPU cores allocated","default":"1000m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"The amount of memory allocated","default":"512Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"size":{"description":"Persistent Volume size","default":"4Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"StorageClass used to store the data","type":"string"}}} release: prefix: "" labels: From 458ca63729a60fded7f6be5c462300fd0a5d5087 Mon Sep 17 00:00:00 2001 From: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com> Date: Mon, 6 Oct 2025 20:18:29 +0000 Subject: [PATCH 35/80] Prepare release v0.37.0-beta.1 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com> --- packages/apps/clickhouse/images/clickhouse-backup.tag | 2 +- packages/apps/http-cache/images/nginx-cache.tag | 2 +- packages/apps/kubernetes/images/cluster-autoscaler.tag | 2 +- packages/apps/kubernetes/images/kubevirt-cloud-provider.tag | 2 +- packages/apps/kubernetes/images/kubevirt-csi-driver.tag | 2 +- packages/apps/kubernetes/images/ubuntu-container-disk.tag | 2 +- packages/apps/mysql/images/mariadb-backup.tag | 2 +- packages/core/installer/values.yaml | 2 +- packages/core/testing/values.yaml | 2 +- packages/extra/bootbox/images/matchbox.tag | 2 +- packages/extra/monitoring/images/grafana.tag | 2 +- packages/extra/seaweedfs/images/objectstorage-sidecar.tag | 2 +- packages/system/bucket/images/s3manager.tag | 2 +- packages/system/cilium/values.yaml | 4 ++-- packages/system/cozystack-api/values.yaml | 2 +- packages/system/cozystack-controller/values.yaml | 4 ++-- packages/system/dashboard/templates/configmap.yaml | 2 +- packages/system/dashboard/values.yaml | 6 +++--- packages/system/kamaji/values.yaml | 4 ++-- packages/system/kubeovn-plunger/values.yaml | 2 +- packages/system/kubeovn-webhook/values.yaml | 2 +- packages/system/kubeovn/values.yaml | 2 +- packages/system/kubevirt-csi-node/values.yaml | 2 +- packages/system/metallb/values.yaml | 4 ++-- packages/system/objectstorage-controller/values.yaml | 2 +- packages/system/seaweedfs/values.yaml | 4 ++-- 26 files changed, 33 insertions(+), 33 deletions(-) diff --git a/packages/apps/clickhouse/images/clickhouse-backup.tag b/packages/apps/clickhouse/images/clickhouse-backup.tag index 7a6ada58..1633ce80 100644 --- a/packages/apps/clickhouse/images/clickhouse-backup.tag +++ b/packages/apps/clickhouse/images/clickhouse-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/clickhouse-backup:latest@sha256:0f8707d348e03bfa7589159a61d781d4eca238bdfff5dc09f4d3a01b31285a55 +ghcr.io/cozystack/cozystack/clickhouse-backup:0.0.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205 diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index a5e4ca7b..a3c72b69 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5 +ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:c1944c60a449e36e29153a38db6feee41139d38b02fe3670efb673feb3bc0ee6 diff --git a/packages/apps/kubernetes/images/cluster-autoscaler.tag b/packages/apps/kubernetes/images/cluster-autoscaler.tag index 8117b889..d5ab33d1 100644 --- a/packages/apps/kubernetes/images/cluster-autoscaler.tag +++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/cluster-autoscaler:latest@sha256:89f822343654ea66efb3ac50bf72b483a52c1a11d33497fdfac5bbd0f3715c2b +ghcr.io/cozystack/cozystack/cluster-autoscaler:0.0.0@sha256:2d39989846c3579dd020b9f6c77e6e314cc81aa344eaac0f6d633e723c17196d diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag index 06b8300e..8120dd48 100644 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag +++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:latest@sha256:190b7d231da1dfbded3af77777cc99b93a29a36ea69186170460f09d533fe041 +ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.0.0@sha256:5335c044313b69ee13b30ca4941687e509005e55f4ae25723861edbf2fbd6dd2 diff --git a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag index 1ff8329d..36a17c70 100644 --- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag +++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-csi-driver:latest@sha256:7312623d19d9a7dc80da73f53a1aabb769796674e5899aad5c0d6100f351d0e8 +ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:6d3fc4246928f65e784cd8822457c505a8a3742b51a072ebdb43d9570ec10b39 diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index 2c9d99ea..a35d1278 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/ubuntu-container-disk:latest@sha256:ac91fb70d6a898c8a305522020dbbd1bfa6d073a76e5d696a74307487de47dc5 +ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.33@sha256:a09724a7f95283f9130b3da2a89d81c4c6051c6edf0392a81b6fc90f404b76b6 diff --git a/packages/apps/mysql/images/mariadb-backup.tag b/packages/apps/mysql/images/mariadb-backup.tag index aa279946..fb7b421d 100644 --- a/packages/apps/mysql/images/mariadb-backup.tag +++ b/packages/apps/mysql/images/mariadb-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/mariadb-backup:latest@sha256:abfc43aed08fbbeed8f090e90158108fe59ed6279db93d169c3b1b1656af0064 +ghcr.io/cozystack/cozystack/mariadb-backup:0.0.0@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b diff --git a/packages/core/installer/values.yaml b/packages/core/installer/values.yaml index ffdb65af..d3b6637a 100644 --- a/packages/core/installer/values.yaml +++ b/packages/core/installer/values.yaml @@ -1,2 +1,2 @@ cozystack: - image: ghcr.io/cozystack/cozystack/installer:v0.37.0-alpha.2@sha256:ee9fa3a0c7599bb66be2842050aba58660fe497f6878b6ebd3ca0047c349b3ad + image: ghcr.io/cozystack/cozystack/installer:v0.37.0-beta.1@sha256:483be4c95989fd8090f7817e87096e477b719f651aa6bbea73a6ff5672b2e6c8 diff --git a/packages/core/testing/values.yaml b/packages/core/testing/values.yaml index d4c20ba1..179ec977 100755 --- a/packages/core/testing/values.yaml +++ b/packages/core/testing/values.yaml @@ -1,2 +1,2 @@ e2e: - image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0-alpha.2@sha256:de82519817d9f7447c7f5e957df590cf3150c24c8d048ccbf954550bb0999123 + image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0-beta.1@sha256:7c8d0e1e25b0fd414411e61cd82701bc23d2499e5c6e8c63e53744ead780d8c9 diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag index c46ae808..cb90dd5f 100644 --- a/packages/extra/bootbox/images/matchbox.tag +++ b/packages/extra/bootbox/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/matchbox:v0.37.0-alpha.2@sha256:868c37a32d767ed75a1ec9ae1a2a0d26a08f89b7b149dd095cb27b94f3d385df +ghcr.io/cozystack/cozystack/matchbox:v0.37.0-beta.1@sha256:fd93ee7f233cd7a3ba4e6cd8558a77485336adfcc4375fc1601f8a5ac0778438 diff --git a/packages/extra/monitoring/images/grafana.tag b/packages/extra/monitoring/images/grafana.tag index 3919ffdc..9d53b4f1 100644 --- a/packages/extra/monitoring/images/grafana.tag +++ b/packages/extra/monitoring/images/grafana.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/grafana:latest@sha256:dc27b9d7ef42e3d59667a203cb94d410c60afc119102ff1b9a081af4ea72f52c +ghcr.io/cozystack/cozystack/grafana:0.0.0@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399 diff --git a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag index 1d9a7afa..693c2005 100644 --- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag +++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-alpha.2@sha256:3bde5040e9e6ef1afa000a8cfdb7a2ed2e503d4913fffc992fccf48f0e61057c +ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.1@sha256:8d01f34214e10f078675640b93966f387fe6fc0b62d8e6ffde4689d7c532e75e diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag index 778c438c..2d6ef009 100644 --- a/packages/system/bucket/images/s3manager.tag +++ b/packages/system/bucket/images/s3manager.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:40da96d516d4400366c2f451d8b87a57fa8dc3cb5ce2d958318bd18cd2514528 +ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:66054d80946d0184203532873ac638aa9ea3b37856619e5ff444fcabd63eaa0f diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index db845e6f..72263556 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -14,7 +14,7 @@ cilium: mode: "kubernetes" image: repository: ghcr.io/cozystack/cozystack/cilium - tag: latest - digest: "sha256:2def2dccfc17870be6e1d63584c25b32e812f21c9cdcfa06deadd2787606654d" + tag: 1.17.8 + digest: "sha256:81262986a41487bfa3d0465091d3a386def5bd1ab476350bd4af2fdee5846fe6" envoy: enabled: false diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index 503862fd..3aeeec72 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0-alpha.2@sha256:5276b7da4c56855ad19490056e82aafe5263646963b428a53f031facfb9641f3 + image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0-beta.1@sha256:7f7c4a6253cc5eb416f2baa93337a53da700f49fd85ced915712bb24e0e25b03 diff --git a/packages/system/cozystack-controller/values.yaml b/packages/system/cozystack-controller/values.yaml index c3dee2bb..7ae16059 100644 --- a/packages/system/cozystack-controller/values.yaml +++ b/packages/system/cozystack-controller/values.yaml @@ -1,5 +1,5 @@ cozystackController: - image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0-alpha.2@sha256:9380ba4134428beee1e81a6f04843b87b8a160e4dd26f5e8f2c783ff343751ae + image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0-beta.1@sha256:e048a79186912f8406f6cb1c4a26bd79ea94ed11d5dbd0b53e2fb3c384cc933c debug: false disableTelemetry: false - cozystackVersion: "v0.37.0-alpha.2" + cozystackVersion: "v0.37.0-beta.1" diff --git a/packages/system/dashboard/templates/configmap.yaml b/packages/system/dashboard/templates/configmap.yaml index 09e292b0..d982ebf9 100644 --- a/packages/system/dashboard/templates/configmap.yaml +++ b/packages/system/dashboard/templates/configmap.yaml @@ -1,6 +1,6 @@ {{- $brandingConfig:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} -{{- $tenantText := "v0.37.0-alpha.2" }} +{{- $tenantText := "v0.37.0-beta.1" }} {{- $footerText := "Cozystack" }} {{- $titleText := "Cozystack Dashboard" }} {{- $logoText := "false" }} diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 97cdc798..bfa06c84 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -1,6 +1,6 @@ openapiUI: - image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0-alpha.2@sha256:13b168f3f1601b068b37614837fce36c96505dc683e1080f56ae46dd027d48df + image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0-beta.1@sha256:5438e45b3c57996bac711ebfac8121e8e667624bc2101bda9c3eb273684ac423 openapiUIK8sBff: - image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0-alpha.2@sha256:0a08136a9f9feb8d143b53bc597639aecd53fe5383e76fb4d44d7f9ad59c8ff4 + image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0-beta.1@sha256:4d01796d6a9cf1f97c28fadca2270bd8504adccf09dde029f305434c17273a08 tokenProxy: - image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0-alpha.2@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b + image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0-beta.1@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 33971be2..966034cf 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -3,7 +3,7 @@ kamaji: deploy: false image: pullPolicy: IfNotPresent - tag: v0.37.0-alpha.2@sha256:434c36dfd6a28beab5df1c26c377c7db477b13548a9bd385e71b62aee2a8304c + tag: v0.37.0-beta.1@sha256:7b88e2534912ac4b32b6fd9b51eb4571193d95ee696fa35a8dcd1ae2913e970b repository: ghcr.io/cozystack/cozystack/kamaji resources: limits: @@ -13,4 +13,4 @@ kamaji: cpu: 100m memory: 100Mi extraArgs: - - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0-alpha.2@sha256:434c36dfd6a28beab5df1c26c377c7db477b13548a9bd385e71b62aee2a8304c + - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0-beta.1@sha256:7b88e2534912ac4b32b6fd9b51eb4571193d95ee696fa35a8dcd1ae2913e970b diff --git a/packages/system/kubeovn-plunger/values.yaml b/packages/system/kubeovn-plunger/values.yaml index 1272d698..7d55f76c 100644 --- a/packages/system/kubeovn-plunger/values.yaml +++ b/packages/system/kubeovn-plunger/values.yaml @@ -1,4 +1,4 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0-alpha.2@sha256:42a81b19ac24779d5248ad57ce493f86bf6efda24cbd37671d167eeed9b83aed +image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0-beta.1@sha256:c4137bfb039fd1eb4f31cb7f44d1051a751944c3dd7e0ace26e7fda36b403fc7 ovnCentralName: ovn-central diff --git a/packages/system/kubeovn-webhook/values.yaml b/packages/system/kubeovn-webhook/values.yaml index ab4cf35d..c862ca02 100644 --- a/packages/system/kubeovn-webhook/values.yaml +++ b/packages/system/kubeovn-webhook/values.yaml @@ -1,3 +1,3 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0-alpha.2@sha256:d5023bbfe524ec97bc499d853a3fe67affa9b37dd849eac521f38c651d50382c +image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0-beta.1@sha256:fc777726120350e5bdf4b864f49826b89983eb07a63c768d4907ce1330b35049 diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 4e19551a..392619b9 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -64,4 +64,4 @@ global: images: kubeovn: repository: kubeovn - tag: v1.14.5@sha256:4be1987a8893cdd77fd2b07486b21838650220a650c9adf7c52395405f48716c + tag: v1.14.5@sha256:a2e999db65e040566dee55ddb1ce6a89de02cba375932312984db7d72876dfe6 diff --git a/packages/system/kubevirt-csi-node/values.yaml b/packages/system/kubevirt-csi-node/values.yaml index 47ba4b4d..7cad4dab 100644 --- a/packages/system/kubevirt-csi-node/values.yaml +++ b/packages/system/kubevirt-csi-node/values.yaml @@ -1,3 +1,3 @@ storageClass: replicated csiDriver: - image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:latest@sha256:7312623d19d9a7dc80da73f53a1aabb769796674e5899aad5c0d6100f351d0e8 + image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:6d3fc4246928f65e784cd8822457c505a8a3742b51a072ebdb43d9570ec10b39 diff --git a/packages/system/metallb/values.yaml b/packages/system/metallb/values.yaml index d7d8c136..d392f4c4 100644 --- a/packages/system/metallb/values.yaml +++ b/packages/system/metallb/values.yaml @@ -4,8 +4,8 @@ metallb: controller: image: repository: ghcr.io/cozystack/cozystack/metallb-controller - tag: v0.15.2@sha256:5106869c470fcce9e1ef1e07efe5224190ad19e8006d5889230a75df4988b68d + tag: v0.15.2@sha256:0e9080234fc8eedab78ad2831fb38df375c383e901a752d72b353c8d13b9605f speaker: image: repository: ghcr.io/cozystack/cozystack/metallb-speaker - tag: v0.15.2@sha256:2b837031e3c693c0fa0de0ad5a9036e2aabb5e90a7a235e19b089be73af11160 + tag: v0.15.2@sha256:e14d4c328c3ab91a6eadfeea90da96388503492d165e7e8582f291b1872e53b2 diff --git a/packages/system/objectstorage-controller/values.yaml b/packages/system/objectstorage-controller/values.yaml index f71064cf..2ccec783 100644 --- a/packages/system/objectstorage-controller/values.yaml +++ b/packages/system/objectstorage-controller/values.yaml @@ -1,3 +1,3 @@ objectstorage: controller: - image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0-alpha.2@sha256:aa0000265ae58155aebefedac72d0a6acc45437b8668bb9739bf11edefec067a" + image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0-beta.1@sha256:28c12248a0e9a9e5c1a5e12a6bb4558e87d9113f1b1af004aa057bbaeb5b0371" diff --git a/packages/system/seaweedfs/values.yaml b/packages/system/seaweedfs/values.yaml index 7bf87f01..b03a1168 100644 --- a/packages/system/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/values.yaml @@ -85,7 +85,7 @@ seaweedfs: s3: enabled: true extraArgs: - - -idleTimeout=60 + - -idleTimeout=60 enableAuth: false readinessProbe: scheme: HTTPS @@ -120,7 +120,7 @@ seaweedfs: bucketClassName: "seaweedfs" region: "" sidecar: - image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-alpha.2@sha256:3bde5040e9e6ef1afa000a8cfdb7a2ed2e503d4913fffc992fccf48f0e61057c" + image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.1@sha256:8d01f34214e10f078675640b93966f387fe6fc0b62d8e6ffde4689d7c532e75e" certificates: commonName: "SeaweedFS CA" ipAddresses: [] From 7f62e14e86203ddbeb6af16c7c8619d96685125b Mon Sep 17 00:00:00 2001 From: Timur Tukaev <90071493+tym83@users.noreply.github.com> Date: Wed, 8 Oct 2025 09:16:26 +0500 Subject: [PATCH 36/80] Update MAINTAINERS.md Exclude Andrei Gumilev Signed-off-by: Timur Tukaev <90071493+tym83@users.noreply.github.com> --- MAINTAINERS.md | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 0591f0ee..9c44daab 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -7,7 +7,6 @@ | Kingdon Barrett | [@kingdonb](https://github.com/kingdonb) | Urmanac | FluxCD and flux-operator | | Timofei Larkin | [@lllamnyp](https://github.com/lllamnyp) | 3commas | Etcd-operator Lead | | Artem Bortnikov | [@aobort](https://github.com/aobort) | Timescale | Etcd-operator Lead | -| Andrei Gumilev | [@chumkaska](https://github.com/chumkaska) | Ænix | Platform Documentation | | Timur Tukaev | [@tym83](https://github.com/tym83) | Ænix | Cozystack Website, Marketing, Community Management | | Kirill Klinchenkov | [@klinch0](https://github.com/klinch0) | Ænix | Core Maintainer | | Nikita Bykov | [@nbykov0](https://github.com/nbykov0) | Ænix | Maintainer of ARM and stuff | From 6b6cee8103cde6e2f735214c73c146f7621e9a4d Mon Sep 17 00:00:00 2001 From: Timur Tukaev <90071493+tym83@users.noreply.github.com> Date: Wed, 8 Oct 2025 09:28:27 +0500 Subject: [PATCH 37/80] Update CONTRIBUTOR_LADDER.md Signed-off-by: Timur Tukaev <90071493+tym83@users.noreply.github.com> --- CONTRIBUTOR_LADDER.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTOR_LADDER.md b/CONTRIBUTOR_LADDER.md index 9e2f2d38..e41f6a93 100644 --- a/CONTRIBUTOR_LADDER.md +++ b/CONTRIBUTOR_LADDER.md @@ -1,6 +1,6 @@ -# Contributor Ladder Template +# Contributor Ladder -* [Contributor Ladder](#contributor-ladder-template) +* [Contributor Ladder](#contributor-ladder) * [Community Participant](#community-participant) * [Contributor](#contributor) * [Reviewer](#reviewer) From d42f4b10978422352881718928ba686cf7f5a8b7 Mon Sep 17 00:00:00 2001 From: Timur Tukaev <90071493+tym83@users.noreply.github.com> Date: Wed, 8 Oct 2025 09:43:34 +0500 Subject: [PATCH 38/80] Update CODE_OF_CONDUCT.md Signed-off-by: Timur Tukaev <90071493+tym83@users.noreply.github.com> --- CODE_OF_CONDUCT.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index fcc2428d..47ffec55 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,3 +1,22 @@ # Code of Conduct Cozystack follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). + +# Cozystack Vendor Neutrality Manifesto + +Cozystack exists for the cloud-native community. We are committed to a project culture where no single company, product, or commercial agenda directs our roadmap, governance, brand, or releases. Our North Star is user value, technical excellence, and open collaboration under the CNCF umbrella. + +## Our Commitments + +- **Community-first:** Decisions prioritize the broader community over any vendor interest. +- **Open collaboration:** Ideas, discussions, and outcomes happen in public spaces; contributions are welcomed from all. +- **Merit over affiliation:** Proposals are evaluated on technical merit and user impact, not on who submits them. +- **Inclusive stewardship:** Leadership and maintenance are open to contributors who demonstrate sustained, constructive impact. +- **Technology choice:** We prefer open, pluggable designs that interoperate with multiple ecosystems and providers. +- **Neutral brand & voice:** Our name, logo, website, and documentation do not imply endorsement or preference for any vendor. +- **Transparent practices:** Funding acknowledgments, partnerships, and potential conflicts are communicated openly. +- **User trust:** Security handling, releases, and communications aim to be timely, transparent, and fair to all users. + +By contributing to Cozystack, we affirm these principles and work together to keep the project open, welcoming, and vendor-neutral. + +*— The Cozystack community* From 4e766ed82e5772fda14a5112a6ded6f41e73eedb Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Wed, 8 Oct 2025 16:18:44 +0300 Subject: [PATCH 39/80] [api,platform] Decouple CozyRDs from API HR This commit patches the Cozystack API server to tolerate an absence of Cozystack Resource Definitions either registered as CRDs on the k8s API or simply as an absence of CozyRDs persisted to etcd. This decouples the upgrade of the CozyRD CRD from the upgrade of the Cozystack API. ```release-note [api,platform] Decouple the Cozystack API from the Cozystack Resource Definitions, allowing independent upgrades of either one and a more reliable migration from 0.36 to 0.37. ``` Signed-off-by: Timofei Larkin --- hack/update-crd.sh | 2 +- packages/core/platform/bundles/paas-full.yaml | 12 + .../core/platform/bundles/paas-hosted.yaml | 12 + .../Chart.yaml | 3 + .../Makefile | 4 + ...stack.io_cozystackresourcedefinitions.yaml | 680 ++++++++++++++++++ .../templates/crd.yaml | 2 + .../values.yaml | 1 + .../cozystack-resource-definitions/Chart.yaml | 3 + .../cozystack-resource-definitions/Makefile | 4 + .../cozyrds/bootbox.yaml | 0 .../cozyrds/bucket.yaml | 0 .../cozyrds/clickhouse.yaml | 0 .../cozyrds/etcd.yaml | 0 .../cozyrds/ferretdb.yaml | 0 .../cozyrds/http-cache.yaml | 0 .../cozyrds/info.yaml | 0 .../cozyrds/ingress.yaml | 0 .../cozyrds/kafka.yaml | 0 .../cozyrds/kubernetes.yaml | 0 .../cozyrds/monitoring.yaml | 0 .../cozyrds/mysql.yaml | 0 .../cozyrds/nats.yaml | 0 .../cozyrds/postgres.yaml | 0 .../cozyrds/rabbitmq.yaml | 0 .../cozyrds/redis.yaml | 0 .../cozyrds/seaweedfs.yaml | 0 .../cozyrds/tcp-balancer.yaml | 0 .../cozyrds/tenant.yaml | 0 .../cozyrds/virtual-machine.yaml | 0 .../cozyrds/vm-disk.yaml | 0 .../cozyrds/vm-instance.yaml | 0 .../cozyrds/vpn.yaml | 0 .../templates}/cozyrds.yaml | 0 .../values.yaml | 1 + pkg/cmd/server/openapi.go | 4 +- pkg/cmd/server/start.go | 30 +- 37 files changed, 753 insertions(+), 5 deletions(-) create mode 100644 packages/system/cozystack-resource-definition-crd/Chart.yaml create mode 100644 packages/system/cozystack-resource-definition-crd/Makefile create mode 100644 packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml create mode 100644 packages/system/cozystack-resource-definition-crd/templates/crd.yaml create mode 100644 packages/system/cozystack-resource-definition-crd/values.yaml create mode 100644 packages/system/cozystack-resource-definitions/Chart.yaml create mode 100644 packages/system/cozystack-resource-definitions/Makefile rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/bootbox.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/bucket.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/clickhouse.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/etcd.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/ferretdb.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/http-cache.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/info.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/ingress.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/kafka.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/kubernetes.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/monitoring.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/mysql.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/nats.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/postgres.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/rabbitmq.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/redis.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/seaweedfs.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/tcp-balancer.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/tenant.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/virtual-machine.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/vm-disk.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/vm-instance.yaml (100%) rename packages/system/{cozystack-api => cozystack-resource-definitions}/cozyrds/vpn.yaml (100%) rename packages/system/{cozystack-api/templates/cozystack-resource-definitions => cozystack-resource-definitions/templates}/cozyrds.yaml (100%) create mode 100644 packages/system/cozystack-resource-definitions/values.yaml diff --git a/hack/update-crd.sh b/hack/update-crd.sh index ab9a59b7..456bf842 100755 --- a/hack/update-crd.sh +++ b/hack/update-crd.sh @@ -8,7 +8,7 @@ need yq; need jq; need base64 CHART_YAML="${CHART_YAML:-Chart.yaml}" VALUES_YAML="${VALUES_YAML:-values.yaml}" SCHEMA_JSON="${SCHEMA_JSON:-values.schema.json}" -CRD_DIR="../../system/cozystack-api/cozyrds" +CRD_DIR="../../system/cozystack-resource-definitions/cozyrds" [[ -f "$CHART_YAML" ]] || { echo "No $CHART_YAML found"; exit 1; } [[ -f "$SCHEMA_JSON" ]] || { echo "No $SCHEMA_JSON found"; exit 1; } diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 2343e97e..f4274eda 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -105,6 +105,18 @@ releases: disableTelemetry: true {{- end }} +- name: cozystack-resource-definition-crd + releaseName: cozystack-resource-definition-crd + chart: cozystack-resource-definition-crd + namespace: cozy-system + dependsOn: [cilium,kubeovn,cozystack-api,cozystack-controller] + +- name: cozystack-resource-definitions + releaseName: cozystack-resource-definitions + chart: cozystack-resource-definitions + namespace: cozy-system + dependsOn: [cilium,kubeovn,cozystack-api,cozystack-controller,cozystack-resource-definition-crd] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 710dd439..5526d2a7 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -52,6 +52,18 @@ releases: disableTelemetry: true {{- end }} +- name: cozystack-resource-definition-crd + releaseName: cozystack-resource-definition-crd + chart: cozystack-resource-definition-crd + namespace: cozy-system + dependsOn: [cozystack-api,cozystack-controller] + +- name: cozystack-resource-definitions + releaseName: cozystack-resource-definitions + chart: cozystack-resource-definitions + namespace: cozy-system + dependsOn: [cozystack-api,cozystack-controller,cozystack-resource-definition-crd] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager diff --git a/packages/system/cozystack-resource-definition-crd/Chart.yaml b/packages/system/cozystack-resource-definition-crd/Chart.yaml new file mode 100644 index 00000000..9924c7fa --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozystack-resource-definition-crd +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/cozystack-resource-definition-crd/Makefile b/packages/system/cozystack-resource-definition-crd/Makefile new file mode 100644 index 00000000..ddb24aef --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/Makefile @@ -0,0 +1,4 @@ +export NAME=cozystack-resource-definition-crd +export NAMESPACE=cozy-system + +include ../../../scripts/package.mk diff --git a/packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml new file mode 100644 index 00000000..685d4ac5 --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml @@ -0,0 +1,680 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.4 + name: cozystackresourcedefinitions.cozystack.io +spec: + group: cozystack.io + names: + kind: CozystackResourceDefinition + listKind: CozystackResourceDefinitionList + plural: cozystackresourcedefinitions + singular: cozystackresourcedefinition + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + application: + description: Application configuration + properties: + kind: + description: Kind of the application, used for UI and API + type: string + openAPISchema: + description: OpenAPI schema for the application, used for API + validation + type: string + plural: + description: Plural name of the application, used for UI and API + type: string + singular: + description: Singular name of the application, used for UI and + API + type: string + required: + - kind + - openAPISchema + - plural + - singular + type: object + dashboard: + description: Dashboard configuration for this resource + properties: + category: + description: Category used to group resources in the UI (e.g., + "Storage", "Networking") + type: string + description: + description: Short description shown in catalogs or headers (e.g., + "S3 compatible storage") + type: string + icon: + description: Icon encoded as a string (e.g., inline SVG, base64, + or data URI) + type: string + keysOrder: + description: Order of keys in the YAML view + items: + items: + type: string + type: array + type: array + module: + description: Whether this resource is a module (tenant module) + type: boolean + name: + description: Hard-coded name used in the UI (e.g., "bucket") + type: string + plural: + description: Plural human-readable name (e.g., "Buckets") + type: string + singular: + description: Human-readable name shown in the UI (e.g., "Bucket") + type: string + singularResource: + description: Whether this resource is singular (not a collection) + in the UI + type: boolean + tabs: + description: Which tabs to show for this resource + items: + description: DashboardTab enumerates allowed UI tabs. + enum: + - workloads + - ingresses + - services + - secrets + - yaml + type: string + type: array + tags: + description: Free-form tags for search and filtering + items: + type: string + type: array + weight: + description: Order weight for sorting resources in the UI (lower + first) + type: integer + required: + - category + - plural + - singular + type: object + ingresses: + description: Ingress selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object + release: + description: Release configuration + properties: + chart: + description: Helm chart configuration + properties: + name: + description: Name of the Helm chart + type: string + sourceRef: + description: Source reference for the Helm chart + properties: + kind: + default: HelmRepository + description: Kind of the source reference + type: string + name: + description: Name of the source reference + type: string + namespace: + default: cozy-public + description: Namespace of the source reference + type: string + required: + - kind + - name + - namespace + type: object + required: + - name + - sourceRef + type: object + labels: + additionalProperties: + type: string + description: Labels for the release + type: object + prefix: + description: Prefix for the release name + type: string + required: + - chart + - prefix + type: object + secrets: + description: Secret selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object + services: + description: Service selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - application + - release + type: object + type: object + served: true + storage: true diff --git a/packages/system/cozystack-resource-definition-crd/templates/crd.yaml b/packages/system/cozystack-resource-definition-crd/templates/crd.yaml new file mode 100644 index 00000000..40a93ad3 --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/templates/crd.yaml @@ -0,0 +1,2 @@ +--- +{{ .Files.Get "definition/cozystack.io_cozystackresourcedefinitions.yaml" }} diff --git a/packages/system/cozystack-resource-definition-crd/values.yaml b/packages/system/cozystack-resource-definition-crd/values.yaml new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/packages/system/cozystack-resource-definition-crd/values.yaml @@ -0,0 +1 @@ +{} diff --git a/packages/system/cozystack-resource-definitions/Chart.yaml b/packages/system/cozystack-resource-definitions/Chart.yaml new file mode 100644 index 00000000..39cb9431 --- /dev/null +++ b/packages/system/cozystack-resource-definitions/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozystack-resource-definitions +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/cozystack-resource-definitions/Makefile b/packages/system/cozystack-resource-definitions/Makefile new file mode 100644 index 00000000..00e8bece --- /dev/null +++ b/packages/system/cozystack-resource-definitions/Makefile @@ -0,0 +1,4 @@ +export NAME=cozystack-resource-definitions +export NAMESPACE=cozy-system + +include ../../../scripts/package.mk diff --git a/packages/system/cozystack-api/cozyrds/bootbox.yaml b/packages/system/cozystack-resource-definitions/cozyrds/bootbox.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/bootbox.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/bootbox.yaml diff --git a/packages/system/cozystack-api/cozyrds/bucket.yaml b/packages/system/cozystack-resource-definitions/cozyrds/bucket.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/bucket.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/bucket.yaml diff --git a/packages/system/cozystack-api/cozyrds/clickhouse.yaml b/packages/system/cozystack-resource-definitions/cozyrds/clickhouse.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/clickhouse.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/clickhouse.yaml diff --git a/packages/system/cozystack-api/cozyrds/etcd.yaml b/packages/system/cozystack-resource-definitions/cozyrds/etcd.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/etcd.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/etcd.yaml diff --git a/packages/system/cozystack-api/cozyrds/ferretdb.yaml b/packages/system/cozystack-resource-definitions/cozyrds/ferretdb.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/ferretdb.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/ferretdb.yaml diff --git a/packages/system/cozystack-api/cozyrds/http-cache.yaml b/packages/system/cozystack-resource-definitions/cozyrds/http-cache.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/http-cache.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/http-cache.yaml diff --git a/packages/system/cozystack-api/cozyrds/info.yaml b/packages/system/cozystack-resource-definitions/cozyrds/info.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/info.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/info.yaml diff --git a/packages/system/cozystack-api/cozyrds/ingress.yaml b/packages/system/cozystack-resource-definitions/cozyrds/ingress.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/ingress.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/ingress.yaml diff --git a/packages/system/cozystack-api/cozyrds/kafka.yaml b/packages/system/cozystack-resource-definitions/cozyrds/kafka.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/kafka.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/kafka.yaml diff --git a/packages/system/cozystack-api/cozyrds/kubernetes.yaml b/packages/system/cozystack-resource-definitions/cozyrds/kubernetes.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/kubernetes.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/kubernetes.yaml diff --git a/packages/system/cozystack-api/cozyrds/monitoring.yaml b/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/monitoring.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml diff --git a/packages/system/cozystack-api/cozyrds/mysql.yaml b/packages/system/cozystack-resource-definitions/cozyrds/mysql.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/mysql.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/mysql.yaml diff --git a/packages/system/cozystack-api/cozyrds/nats.yaml b/packages/system/cozystack-resource-definitions/cozyrds/nats.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/nats.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/nats.yaml diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-resource-definitions/cozyrds/postgres.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/postgres.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/postgres.yaml diff --git a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml b/packages/system/cozystack-resource-definitions/cozyrds/rabbitmq.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/rabbitmq.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/rabbitmq.yaml diff --git a/packages/system/cozystack-api/cozyrds/redis.yaml b/packages/system/cozystack-resource-definitions/cozyrds/redis.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/redis.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/redis.yaml diff --git a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml b/packages/system/cozystack-resource-definitions/cozyrds/seaweedfs.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/seaweedfs.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/seaweedfs.yaml diff --git a/packages/system/cozystack-api/cozyrds/tcp-balancer.yaml b/packages/system/cozystack-resource-definitions/cozyrds/tcp-balancer.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/tcp-balancer.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/tcp-balancer.yaml diff --git a/packages/system/cozystack-api/cozyrds/tenant.yaml b/packages/system/cozystack-resource-definitions/cozyrds/tenant.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/tenant.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/tenant.yaml diff --git a/packages/system/cozystack-api/cozyrds/virtual-machine.yaml b/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/virtual-machine.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml diff --git a/packages/system/cozystack-api/cozyrds/vm-disk.yaml b/packages/system/cozystack-resource-definitions/cozyrds/vm-disk.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/vm-disk.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/vm-disk.yaml diff --git a/packages/system/cozystack-api/cozyrds/vm-instance.yaml b/packages/system/cozystack-resource-definitions/cozyrds/vm-instance.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/vm-instance.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/vm-instance.yaml diff --git a/packages/system/cozystack-api/cozyrds/vpn.yaml b/packages/system/cozystack-resource-definitions/cozyrds/vpn.yaml similarity index 100% rename from packages/system/cozystack-api/cozyrds/vpn.yaml rename to packages/system/cozystack-resource-definitions/cozyrds/vpn.yaml diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions/cozyrds.yaml b/packages/system/cozystack-resource-definitions/templates/cozyrds.yaml similarity index 100% rename from packages/system/cozystack-api/templates/cozystack-resource-definitions/cozyrds.yaml rename to packages/system/cozystack-resource-definitions/templates/cozyrds.yaml diff --git a/packages/system/cozystack-resource-definitions/values.yaml b/packages/system/cozystack-resource-definitions/values.yaml new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/packages/system/cozystack-resource-definitions/values.yaml @@ -0,0 +1 @@ +{} diff --git a/pkg/cmd/server/openapi.go b/pkg/cmd/server/openapi.go index aade9a80..e6a659c5 100644 --- a/pkg/cmd/server/openapi.go +++ b/pkg/cmd/server/openapi.go @@ -224,7 +224,7 @@ func buildPostProcessV3(kindSchemas map[string]string) func(*spec3.OpenAPI) (*sp base, ok1 := doc.Components.Schemas[baseRef] list, ok2 := doc.Components.Schemas[baseListRef] stat, ok3 := doc.Components.Schemas[baseStatusRef] - if !(ok1 && ok2 && ok3) { + if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 { return doc, fmt.Errorf("base Application* schemas not found") } @@ -339,7 +339,7 @@ func buildPostProcessV2(kindSchemas map[string]string) func(*spec.Swagger) (*spe base, ok1 := defs[baseRef] list, ok2 := defs[baseListRef] stat, ok3 := defs[baseStatusRef] - if !(ok1 && ok2 && ok3) { + if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 { return sw, fmt.Errorf("base Application* schemas not found") } diff --git a/pkg/cmd/server/start.go b/pkg/cmd/server/start.go index 25449ece..c6fd23a1 100644 --- a/pkg/cmd/server/start.go +++ b/pkg/cmd/server/start.go @@ -24,6 +24,7 @@ import ( "fmt" "io" "net" + "time" v1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" @@ -161,8 +162,33 @@ func (o *CozyServerOptions) Complete() error { crdList := &v1alpha1.CozystackResourceDefinitionList{} - if err := o.Client.List(context.Background(), crdList); err != nil { - return fmt.Errorf("failed to list CozystackResourceDefinitions: %w", err) + // Retry with exponential backoff for at least 30 minutes + const maxRetryDuration = 30 * time.Minute + const initialDelay = time.Second + const maxDelay = 2 * time.Minute + + startTime := time.Now() + delay := initialDelay + + for { + err := o.Client.List(context.Background(), crdList) + if err == nil { + break + } + + // Check if we've exceeded the maximum retry duration + if time.Since(startTime) >= maxRetryDuration { + return fmt.Errorf("failed to list CozystackResourceDefinitions after %v: %w", maxRetryDuration, err) + } + + // Log the error and wait before retrying + fmt.Printf("Failed to list CozystackResourceDefinitions (retrying in %v): %v\n", delay, err) + time.Sleep(delay) + + delay = time.Duration(float64(delay) * 1.5) + if delay > maxDelay { + delay = maxDelay + } } // Convert to ResourceConfig From 8076f120d8f047a7b60f3af7505e50c73b03dfa7 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Wed, 8 Oct 2025 17:30:56 +0300 Subject: [PATCH 40/80] Update .github/ISSUE_TEMPLATE/bug_report.md Signed-off-by: Timofei Larkin --- .github/ISSUE_TEMPLATE/bug_report.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 609163c9..1a119259 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -24,6 +24,9 @@ Steps to reproduce the behavior: 3. Scroll down to '....' 4. See error +**Expected behaviour** +When taking the steps to reproduce, what should have happened differently? + **Actual behaviour** A clear and concise description of what happens when the bug occurs. Explain how the system currently behaves, including error messages, unexpected results, or incorrect functionality observed during execution. From 45036ff249ac3573b99680bf11fd3e660cba653f Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Wed, 8 Oct 2025 20:37:08 +0300 Subject: [PATCH 41/80] [oidc] Check APIVersions before deploying When enabling OIDC, the Tenant applications may try to deploy KeycloakRealmGroups before the Keycloak operator is live. This may lead to a race where neither HelmRelease is able to progress. This patch addresses this. ```release-note [oidc] Do not deploy KeycloakRealmGroup resources as part of the Tenant application if the v1.edp.epam.com API is not yet available. ``` Signed-off-by: Timofei Larkin --- packages/apps/tenant/templates/keycloakgroups.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/apps/tenant/templates/keycloakgroups.yaml b/packages/apps/tenant/templates/keycloakgroups.yaml index 1f4cc957..59288ca4 100644 --- a/packages/apps/tenant/templates/keycloakgroups.yaml +++ b/packages/apps/tenant/templates/keycloakgroups.yaml @@ -1,6 +1,7 @@ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} {{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }} {{- if eq $oidcEnabled "true" }} +{{- if .Capabilities.APIVersions.Has "v1.edp.epam.com/v1" }} apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmGroup metadata: @@ -51,3 +52,4 @@ spec: name: keycloakrealm-cozy kind: ClusterKeycloakRealm {{- end }} +{{- end }} From e2b4cd8bd0ef7e8145d435851d0dd8e79979cca7 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 9 Oct 2025 12:58:22 +0300 Subject: [PATCH 42/80] [lineage] Use an auto-refreshing RESTMapper Since the Cozystack extension API can now change dynamically while there are live clients (the lineage webhook) querying this API, the REST mapper of the client should "expect" that things may change and refresh their discovery information when they get a cache miss to see if new kinds have been registered. ```release-note [lineage] Use an auto-refreshing RESTMapper in the webhook's API client that tries to update its API discovery info when it fails to GET a resource kind that was previously not registered in its schema. ``` Signed-off-by: Timofei Larkin --- internal/lineagecontrollerwebhook/webhook.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index b368ea1a..1e7739b7 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -10,12 +10,10 @@ import ( "github.com/cozystack/cozystack/pkg/lineage" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/discovery" - "k8s.io/client-go/discovery/cached/memory" "k8s.io/client-go/dynamic" "k8s.io/client-go/rest" - "k8s.io/client-go/restmapper" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -52,13 +50,15 @@ func (h *LineageControllerWebhook) SetupWithManagerAsWebhook(mgr ctrl.Manager) e return err } - discoClient, err := discovery.NewDiscoveryClientForConfig(cfg) + httpClient, err := rest.HTTPClientFor(cfg) if err != nil { return err } - cachedDisco := memory.NewMemCacheClient(discoClient) - h.mapper = restmapper.NewDeferredDiscoveryRESTMapper(cachedDisco) + h.mapper, err = apiutil.NewDynamicRESTMapper(cfg, httpClient) + if err != nil { + return err + } h.initConfig() // Register HTTP path -> handler. From 43c222decfe17ba188f0dd6242bf66b3d84deee4 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 9 Oct 2025 17:42:16 +0300 Subject: [PATCH 43/80] [installer] Even more rigorous migration Due to a deficiency of cozypkg (--with-source reconciles the HelmChart, but not the HelmRepository), we have to use workarounds to bulletproof the latest migration, by applying directly from the assets server. ```release-note [installer] Run 20th migration using helm charts directly from the assets server instead of relying on cozypkg to reconcile its resources properly. ``` Signed-off-by: Timofei Larkin --- hack/update-codegen.sh | 2 + .../installer/images/cozystack/Dockerfile | 2 +- ...stack.io_cozystackresourcedefinitions.yaml | 680 ------------------ .../mutatingwebhookconfiguration.yaml | 1 + scripts/migrations/20 | 34 +- 5 files changed, 31 insertions(+), 688 deletions(-) delete mode 100644 packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 10ad2842..e181fc76 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -54,3 +54,5 @@ kube::codegen::gen_openapi \ $CONTROLLER_GEN object:headerFile="hack/boilerplate.go.txt" paths="./api/..." $CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=packages/system/cozystack-controller/crds +mv packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml \ + packages/system/cozystack-resource-definition-crd/definition/cozystack.io_cozystackresourcedefinitions.yaml diff --git a/packages/core/installer/images/cozystack/Dockerfile b/packages/core/installer/images/cozystack/Dockerfile index 85ae9c08..7327698e 100644 --- a/packages/core/installer/images/cozystack/Dockerfile +++ b/packages/core/installer/images/cozystack/Dockerfile @@ -34,7 +34,7 @@ FROM alpine:3.22 RUN wget -O- https://github.com/cozystack/cozypkg/raw/refs/heads/main/hack/install.sh | sh -s -- -v 1.2.0 -RUN apk add --no-cache make kubectl coreutils git jq +RUN apk add --no-cache make kubectl helm coreutils git jq COPY --from=builder /src/scripts /cozystack/scripts COPY --from=builder /src/packages/core /cozystack/packages/core diff --git a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml deleted file mode 100644 index 685d4ac5..00000000 --- a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ /dev/null @@ -1,680 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.4 - name: cozystackresourcedefinitions.cozystack.io -spec: - group: cozystack.io - names: - kind: CozystackResourceDefinition - listKind: CozystackResourceDefinitionList - plural: cozystackresourcedefinitions - singular: cozystackresourcedefinition - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CozystackResourceDefinition is the Schema for the cozystackresourcedefinitions - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - application: - description: Application configuration - properties: - kind: - description: Kind of the application, used for UI and API - type: string - openAPISchema: - description: OpenAPI schema for the application, used for API - validation - type: string - plural: - description: Plural name of the application, used for UI and API - type: string - singular: - description: Singular name of the application, used for UI and - API - type: string - required: - - kind - - openAPISchema - - plural - - singular - type: object - dashboard: - description: Dashboard configuration for this resource - properties: - category: - description: Category used to group resources in the UI (e.g., - "Storage", "Networking") - type: string - description: - description: Short description shown in catalogs or headers (e.g., - "S3 compatible storage") - type: string - icon: - description: Icon encoded as a string (e.g., inline SVG, base64, - or data URI) - type: string - keysOrder: - description: Order of keys in the YAML view - items: - items: - type: string - type: array - type: array - module: - description: Whether this resource is a module (tenant module) - type: boolean - name: - description: Hard-coded name used in the UI (e.g., "bucket") - type: string - plural: - description: Plural human-readable name (e.g., "Buckets") - type: string - singular: - description: Human-readable name shown in the UI (e.g., "Bucket") - type: string - singularResource: - description: Whether this resource is singular (not a collection) - in the UI - type: boolean - tabs: - description: Which tabs to show for this resource - items: - description: DashboardTab enumerates allowed UI tabs. - enum: - - workloads - - ingresses - - services - - secrets - - yaml - type: string - type: array - tags: - description: Free-form tags for search and filtering - items: - type: string - type: array - weight: - description: Order weight for sorting resources in the UI (lower - first) - type: integer - required: - - category - - plural - - singular - type: object - ingresses: - description: Ingress selectors - properties: - exclude: - description: |- - Exclude contains an array of resource selectors that target resources. - If a resource matches the selector in any of the elements in the array, it is - hidden from the user, regardless of the matches in the include array. - items: - description: |- - CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. - A resource matches this selector only if it satisfies ALL criteria: - - Label selector conditions (matchExpressions and matchLabels) - - AND has a name that matches one of the names in resourceNames (if specified) - - The resourceNames field supports Go templates with the following variables available: - - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) - - {{ .namespace }}: The namespace of the resource being processed - - Example YAML: - secrets: - include: - - matchExpressions: - - key: badlabel - operator: DoesNotExist - matchLabels: - goodlabel: goodvalue - resourceNames: - - "{{ .name }}-secret" - - "{{ .kind }}-{{ .name }}-tls" - - "specificname" - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - resourceNames: - description: |- - ResourceNames is a list of resource names to match - If specified, the resource must have one of these exact names to match the selector - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - include: - description: |- - Include contains an array of resource selectors that target resources. - If a resource matches the selector in any of the elements in the array, and - matches none of the selectors in the exclude array that resource is marked - as a tenant resource and is visible to users. - items: - description: |- - CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. - A resource matches this selector only if it satisfies ALL criteria: - - Label selector conditions (matchExpressions and matchLabels) - - AND has a name that matches one of the names in resourceNames (if specified) - - The resourceNames field supports Go templates with the following variables available: - - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) - - {{ .namespace }}: The namespace of the resource being processed - - Example YAML: - secrets: - include: - - matchExpressions: - - key: badlabel - operator: DoesNotExist - matchLabels: - goodlabel: goodvalue - resourceNames: - - "{{ .name }}-secret" - - "{{ .kind }}-{{ .name }}-tls" - - "specificname" - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - resourceNames: - description: |- - ResourceNames is a list of resource names to match - If specified, the resource must have one of these exact names to match the selector - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - type: object - release: - description: Release configuration - properties: - chart: - description: Helm chart configuration - properties: - name: - description: Name of the Helm chart - type: string - sourceRef: - description: Source reference for the Helm chart - properties: - kind: - default: HelmRepository - description: Kind of the source reference - type: string - name: - description: Name of the source reference - type: string - namespace: - default: cozy-public - description: Namespace of the source reference - type: string - required: - - kind - - name - - namespace - type: object - required: - - name - - sourceRef - type: object - labels: - additionalProperties: - type: string - description: Labels for the release - type: object - prefix: - description: Prefix for the release name - type: string - required: - - chart - - prefix - type: object - secrets: - description: Secret selectors - properties: - exclude: - description: |- - Exclude contains an array of resource selectors that target resources. - If a resource matches the selector in any of the elements in the array, it is - hidden from the user, regardless of the matches in the include array. - items: - description: |- - CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. - A resource matches this selector only if it satisfies ALL criteria: - - Label selector conditions (matchExpressions and matchLabels) - - AND has a name that matches one of the names in resourceNames (if specified) - - The resourceNames field supports Go templates with the following variables available: - - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) - - {{ .namespace }}: The namespace of the resource being processed - - Example YAML: - secrets: - include: - - matchExpressions: - - key: badlabel - operator: DoesNotExist - matchLabels: - goodlabel: goodvalue - resourceNames: - - "{{ .name }}-secret" - - "{{ .kind }}-{{ .name }}-tls" - - "specificname" - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - resourceNames: - description: |- - ResourceNames is a list of resource names to match - If specified, the resource must have one of these exact names to match the selector - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - include: - description: |- - Include contains an array of resource selectors that target resources. - If a resource matches the selector in any of the elements in the array, and - matches none of the selectors in the exclude array that resource is marked - as a tenant resource and is visible to users. - items: - description: |- - CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. - A resource matches this selector only if it satisfies ALL criteria: - - Label selector conditions (matchExpressions and matchLabels) - - AND has a name that matches one of the names in resourceNames (if specified) - - The resourceNames field supports Go templates with the following variables available: - - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) - - {{ .namespace }}: The namespace of the resource being processed - - Example YAML: - secrets: - include: - - matchExpressions: - - key: badlabel - operator: DoesNotExist - matchLabels: - goodlabel: goodvalue - resourceNames: - - "{{ .name }}-secret" - - "{{ .kind }}-{{ .name }}-tls" - - "specificname" - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - resourceNames: - description: |- - ResourceNames is a list of resource names to match - If specified, the resource must have one of these exact names to match the selector - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - type: object - services: - description: Service selectors - properties: - exclude: - description: |- - Exclude contains an array of resource selectors that target resources. - If a resource matches the selector in any of the elements in the array, it is - hidden from the user, regardless of the matches in the include array. - items: - description: |- - CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. - A resource matches this selector only if it satisfies ALL criteria: - - Label selector conditions (matchExpressions and matchLabels) - - AND has a name that matches one of the names in resourceNames (if specified) - - The resourceNames field supports Go templates with the following variables available: - - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) - - {{ .namespace }}: The namespace of the resource being processed - - Example YAML: - secrets: - include: - - matchExpressions: - - key: badlabel - operator: DoesNotExist - matchLabels: - goodlabel: goodvalue - resourceNames: - - "{{ .name }}-secret" - - "{{ .kind }}-{{ .name }}-tls" - - "specificname" - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - resourceNames: - description: |- - ResourceNames is a list of resource names to match - If specified, the resource must have one of these exact names to match the selector - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - include: - description: |- - Include contains an array of resource selectors that target resources. - If a resource matches the selector in any of the elements in the array, and - matches none of the selectors in the exclude array that resource is marked - as a tenant resource and is visible to users. - items: - description: |- - CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. - A resource matches this selector only if it satisfies ALL criteria: - - Label selector conditions (matchExpressions and matchLabels) - - AND has a name that matches one of the names in resourceNames (if specified) - - The resourceNames field supports Go templates with the following variables available: - - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) - - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) - - {{ .namespace }}: The namespace of the resource being processed - - Example YAML: - secrets: - include: - - matchExpressions: - - key: badlabel - operator: DoesNotExist - matchLabels: - goodlabel: goodvalue - resourceNames: - - "{{ .name }}-secret" - - "{{ .kind }}-{{ .name }}-tls" - - "specificname" - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - resourceNames: - description: |- - ResourceNames is a list of resource names to match - If specified, the resource must have one of these exact names to match the selector - items: - type: string - type: array - type: object - x-kubernetes-map-type: atomic - type: array - type: object - required: - - application - - release - type: object - type: object - served: true - storage: true diff --git a/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml b/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml index 80dbcc1d..f246865c 100644 --- a/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml +++ b/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml @@ -39,3 +39,4 @@ webhooks: operator: NotIn values: - kube-system + - default diff --git a/scripts/migrations/20 b/scripts/migrations/20 index 68e22cf2..77abec8e 100755 --- a/scripts/migrations/20 +++ b/scripts/migrations/20 @@ -3,15 +3,35 @@ set -euo pipefail -kubectl delete ingresses.networking.k8s.io --all -n cozy-dashboard --ignore-not-found -kubectl delete crd cozystackresourcedefinitions.cozystack.io --ignore-not-found +kubectl -n cozy-system delete helmrelease cozystack-api \ + || kubectl -n cozy-system delete deployment cozystack-api --ignore-not-found # fallback to help migration progress if it failed first time +while [ $( kubectl -n cozy-system get po -l app=cozystack-api --no-headers | wc -l ) != 0 ] ; +do + echo "Waiting for Cozystack API pods to be deleted"; + sleep 1 +done + +kubectl -n cozy-system delete helmrelease cozystack-controller \ + || kubectl -n cozy-system delete deployment cozystack-controller --ignore-not-found # same fallback +kubectl delete customresourcedefinitions.apiextensions.k8s.io cozystackresourcedefinitions.cozystack.io --ignore-not-found +while [ $( kubectl -n cozy-system get po -l app=cozystack-controller --no-headers | wc -l ) != 0 ] ; +do + echo "Waiting for Cozystack controller pods to be deleted"; + sleep 1 +done + +kubectl delete helmrelease -n cozy-dashboard dashboard --ignore-not-found +sleep 5 +cozypkg -n cozy-system -C packages/system/cozystack-resource-definition-crd apply cozystack-resource-definition-crd --plain +cozypkg -n cozy-system -C packages/system/cozystack-resource-definitions apply cozystack-resource-definitions --plain +cozypkg -n cozy-system -C packages/system/cozystack-api apply cozystack-api --plain +helm upgrade --install -n cozy-system cozystack-controller ./packages/system/cozystack-controller/ --take-ownership + +sleep 5 +kubectl wait deployment/cozystack-api -n cozy-system --timeout=4m --for=condition=available || exit 1 +kubectl wait deployment/cozystack-controller -n cozy-system --timeout=4m --for=condition=available || exit 1 timestamp=$(date --rfc-3339=ns || date) -# Make sure webhook is upgraded first, then run migration -cozypkg -C packages/system/cozystack-controller -n cozy-system reconcile cozystack-controller --force --with-source -kubectl wait hr/cozystack-controller -n cozy-system --timeout=4m --for=condition=ready || exit 1 -cozypkg -C packages/system/cozystack-api -n cozy-system reconcile cozystack-api --force --with-source -kubectl wait hr/cozystack-api -n cozy-system --timeout=4m --for=condition=ready || exit 1 kubectl get namespace -o custom-columns=NAME:.metadata.name --no-headers | grep '^tenant-' | while read namespace ; do From 7eb701d8468b5d9d348daae1dd3358c88cfa34bf Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Thu, 9 Oct 2025 23:33:10 +0200 Subject: [PATCH 44/80] [dashboard] fix yaml highlighting and handle x-preserve-unknown-fields Signed-off-by: Andrei Kvapil --- packages/system/dashboard/images/openapi-ui/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/system/dashboard/images/openapi-ui/Dockerfile b/packages/system/dashboard/images/openapi-ui/Dockerfile index d9d38533..319e6deb 100644 --- a/packages/system/dashboard/images/openapi-ui/Dockerfile +++ b/packages/system/dashboard/images/openapi-ui/Dockerfile @@ -4,7 +4,7 @@ ARG NODE_VERSION=20.18.1 # imported from https://github.com/cozystack/openapi-k8s-toolkit FROM node:${NODE_VERSION}-alpine AS openapi-k8s-toolkit-builder WORKDIR /src -ARG COMMIT=393fd84a3b9283e93c047b744b53f1ae65465df8 +ARG COMMIT=a72ef72afa9bc822572c3cd0d76fb7ea872853ec RUN wget -O- https://github.com/cozystack/openapi-k8s-toolkit/archive/${COMMIT}.tar.gz | tar -xzvf- --strip-components=1 RUN npm install RUN npm install --build-from-source @swc/core From 19c91071d83e4c8a161034cb90c1b3ce585f09e3 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Thu, 9 Oct 2025 23:40:54 +0200 Subject: [PATCH 45/80] [dashboard] Add filter for tenantresources Signed-off-by: Andrei Kvapil --- internal/controller/dashboard/factory.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/internal/controller/dashboard/factory.go b/internal/controller/dashboard/factory.go index 2d89cc0e..798d338c 100644 --- a/internal/controller/dashboard/factory.go +++ b/internal/controller/dashboard/factory.go @@ -248,9 +248,10 @@ func servicesTab(kind string) map[string]any { "customizationId": "factory-details-v1.services", "pathToItems": []any{"items"}, "labelsSelector": map[string]any{ - "apps.cozystack.io/application.group": "apps.cozystack.io", - "apps.cozystack.io/application.kind": kind, - "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "internal.cozystack.io/tenantresource": "true", }, }, }, @@ -273,9 +274,10 @@ func ingressesTab(kind string) map[string]any { "customizationId": "factory-details-networking.k8s.io.v1.ingresses", "pathToItems": []any{"items"}, "labelsSelector": map[string]any{ - "apps.cozystack.io/application.group": "apps.cozystack.io", - "apps.cozystack.io/application.kind": kind, - "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "apps.cozystack.io/application.group": "apps.cozystack.io", + "apps.cozystack.io/application.kind": kind, + "apps.cozystack.io/application.name": "{reqs[0]['metadata','name']}", + "internal.cozystack.io/tenantresource": "true", }, }, }, From 2ae926d04e99e6497981134c86e8f9a93286b919 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 10 Oct 2025 01:24:10 +0200 Subject: [PATCH 46/80] [dashboard] Fix listing modules Signed-off-by: Andrei Kvapil --- internal/controller/dashboard/static_helpers.go | 9 +++++++++ internal/controller/dashboard/static_refactored.go | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/internal/controller/dashboard/static_helpers.go b/internal/controller/dashboard/static_helpers.go index 03003f6d..469e9f8f 100644 --- a/internal/controller/dashboard/static_helpers.go +++ b/internal/controller/dashboard/static_helpers.go @@ -998,6 +998,15 @@ func createBoolColumn(name, jsonPath string) map[string]any { } } +// createReadyColumn creates a Ready column with Boolean type and condition check +func createReadyColumn() map[string]any { + return map[string]any{ + "name": "Ready", + "type": "Boolean", + "jsonPath": `.status.conditions[?(@.type=="Ready")].status`, + } +} + // createConverterBytesColumn creates a column with ConverterBytes component func createConverterBytesColumn(name, jsonPath string) map[string]any { return map[string]any{ diff --git a/internal/controller/dashboard/static_refactored.go b/internal/controller/dashboard/static_refactored.go index 67ea72ed..24a602d3 100644 --- a/internal/controller/dashboard/static_refactored.go +++ b/internal/controller/dashboard/static_refactored.go @@ -149,9 +149,9 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid // Stock namespace core cozystack io v1alpha1 tenantmodules createCustomColumnsOverride("stock-namespace-/core.cozystack.io/v1alpha1/tenantmodules", []any{ createCustomColumnWithJsonPath("Name", ".metadata.name", "M", "module", getColorForType("module"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/{reqsJsonPath[0]['.metadata.name']['-']}-details/{reqsJsonPath[0]['.metadata.name']['-']}"), - createStringColumn("Version", ".spec.version"), - createStringColumn("Status", ".status.phase"), + createReadyColumn(), createTimestampColumn("Created", ".metadata.creationTimestamp"), + createStringColumn("Version", ".status.version"), }), // Factory service details port mapping From 9184450b396c87cdf3040695f4b7944daae76c9d Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 10 Oct 2025 02:01:21 +0200 Subject: [PATCH 47/80] [kubernetes] fix: spec.selector: Required value Signed-off-by: Andrei Kvapil --- packages/apps/kubernetes/templates/cluster.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index 7b21c07c..f275c979 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -266,6 +266,10 @@ metadata: {{- end }} spec: clusterName: {{ $.Release.Name }} + selector: + matchLabels: + cluster.x-k8s.io/cluster-name: {{ $.Release.Name }} + cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ $groupName }} template: metadata: labels: From 3b9fa332400423d29de3ce6d5fcfcffb59aec195 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 10 Oct 2025 02:12:09 +0200 Subject: [PATCH 48/80] [dashboard] Remove Tenant resource from Marketplace; fix field override when typing Signed-off-by: Andrei Kvapil --- internal/controller/dashboard/marketplacepanel.go | 4 ++-- packages/system/dashboard/images/openapi-ui/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/controller/dashboard/marketplacepanel.go b/internal/controller/dashboard/marketplacepanel.go index a6900737..e58232f5 100644 --- a/internal/controller/dashboard/marketplacepanel.go +++ b/internal/controller/dashboard/marketplacepanel.go @@ -38,8 +38,8 @@ func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1. return reconcile.Result{}, nil } - // Skip module resources (they don't need MarketplacePanel) - if crd.Spec.Dashboard.Module { + // Skip module and tenant resources (they don't need MarketplacePanel) + if crd.Spec.Dashboard.Module || crd.Spec.Application.Kind == "Tenant" { err := m.client.Get(ctx, client.ObjectKey{Name: mp.Name}, mp) if apierrors.IsNotFound(err) { return reconcile.Result{}, nil diff --git a/packages/system/dashboard/images/openapi-ui/Dockerfile b/packages/system/dashboard/images/openapi-ui/Dockerfile index 319e6deb..ea10ac8a 100644 --- a/packages/system/dashboard/images/openapi-ui/Dockerfile +++ b/packages/system/dashboard/images/openapi-ui/Dockerfile @@ -4,7 +4,7 @@ ARG NODE_VERSION=20.18.1 # imported from https://github.com/cozystack/openapi-k8s-toolkit FROM node:${NODE_VERSION}-alpine AS openapi-k8s-toolkit-builder WORKDIR /src -ARG COMMIT=a72ef72afa9bc822572c3cd0d76fb7ea872853ec +ARG COMMIT=4f57ab295b2a886eb294b0b987554194fbe67dcd RUN wget -O- https://github.com/cozystack/openapi-k8s-toolkit/archive/${COMMIT}.tar.gz | tar -xzvf- --strip-components=1 RUN npm install RUN npm install --build-from-source @swc/core From a50f53de2e1aa72c7b0248d8f88a43ee8abbead9 Mon Sep 17 00:00:00 2001 From: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com> Date: Fri, 10 Oct 2025 00:21:12 +0000 Subject: [PATCH 49/80] Prepare release v0.37.0-beta.2 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com> --- packages/apps/http-cache/images/nginx-cache.tag | 2 +- packages/apps/kubernetes/images/kubevirt-csi-driver.tag | 2 +- packages/apps/mysql/images/mariadb-backup.tag | 2 +- packages/core/installer/values.yaml | 2 +- packages/core/testing/values.yaml | 2 +- packages/extra/bootbox/images/matchbox.tag | 2 +- packages/extra/seaweedfs/images/objectstorage-sidecar.tag | 2 +- packages/system/bucket/images/s3manager.tag | 2 +- packages/system/cozystack-api/values.yaml | 2 +- packages/system/cozystack-controller/values.yaml | 4 ++-- packages/system/dashboard/templates/configmap.yaml | 2 +- packages/system/dashboard/values.yaml | 6 +++--- packages/system/kamaji/values.yaml | 4 ++-- packages/system/kubeovn-plunger/values.yaml | 2 +- packages/system/kubeovn-webhook/values.yaml | 2 +- packages/system/kubeovn/values.yaml | 2 +- packages/system/kubevirt-csi-node/values.yaml | 2 +- packages/system/objectstorage-controller/values.yaml | 2 +- packages/system/seaweedfs/values.yaml | 2 +- 19 files changed, 23 insertions(+), 23 deletions(-) diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index a3c72b69..a5e4ca7b 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:c1944c60a449e36e29153a38db6feee41139d38b02fe3670efb673feb3bc0ee6 +ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5 diff --git a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag index 36a17c70..d0e37aee 100644 --- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag +++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:6d3fc4246928f65e784cd8822457c505a8a3742b51a072ebdb43d9570ec10b39 +ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:c8b08084a86251cdd18e237de89b695bca0e4f7eb1f1f6ddc2b903b4d74ea5ff diff --git a/packages/apps/mysql/images/mariadb-backup.tag b/packages/apps/mysql/images/mariadb-backup.tag index fb7b421d..af6247da 100644 --- a/packages/apps/mysql/images/mariadb-backup.tag +++ b/packages/apps/mysql/images/mariadb-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/mariadb-backup:0.0.0@sha256:a3789db9e9e065ff60cbac70771b4a8aa1460db3194307cf5ca5d4fe1b412b6b +ghcr.io/cozystack/cozystack/mariadb-backup:0.0.0@sha256:1c0beb1b23a109b0e13727b4c73d2c74830e11cede92858ab20101b66f45a858 diff --git a/packages/core/installer/values.yaml b/packages/core/installer/values.yaml index d3b6637a..2636492d 100644 --- a/packages/core/installer/values.yaml +++ b/packages/core/installer/values.yaml @@ -1,2 +1,2 @@ cozystack: - image: ghcr.io/cozystack/cozystack/installer:v0.37.0-beta.1@sha256:483be4c95989fd8090f7817e87096e477b719f651aa6bbea73a6ff5672b2e6c8 + image: ghcr.io/cozystack/cozystack/installer:v0.37.0-beta.2@sha256:c6fa029cdfe1174815a08c279e2db1fd80e51b1241e78ffd1967c3377eb18522 diff --git a/packages/core/testing/values.yaml b/packages/core/testing/values.yaml index 179ec977..3b8f4376 100755 --- a/packages/core/testing/values.yaml +++ b/packages/core/testing/values.yaml @@ -1,2 +1,2 @@ e2e: - image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0-beta.1@sha256:7c8d0e1e25b0fd414411e61cd82701bc23d2499e5c6e8c63e53744ead780d8c9 + image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0-beta.2@sha256:84be9e42bc2c04b0765c8b89e0a9728c49ebf4676a92522b007af96ae9aec68d diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag index cb90dd5f..6abcea87 100644 --- a/packages/extra/bootbox/images/matchbox.tag +++ b/packages/extra/bootbox/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/matchbox:v0.37.0-beta.1@sha256:fd93ee7f233cd7a3ba4e6cd8558a77485336adfcc4375fc1601f8a5ac0778438 +ghcr.io/cozystack/cozystack/matchbox:v0.37.0-beta.2@sha256:33dab53714113dd24dd3b6112ae0baab20d870b793ca52635e4ac12860bfb369 diff --git a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag index 693c2005..c2253be7 100644 --- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag +++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.1@sha256:8d01f34214e10f078675640b93966f387fe6fc0b62d8e6ffde4689d7c532e75e +ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.2@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847 diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag index 2d6ef009..1b1a6598 100644 --- a/packages/system/bucket/images/s3manager.tag +++ b/packages/system/bucket/images/s3manager.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:66054d80946d0184203532873ac638aa9ea3b37856619e5ff444fcabd63eaa0f +ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:6a2bd31ef69d4e609c702c166b0a0d4e56af1ee2f9e68841d2c7952660e70f66 diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index 3aeeec72..4351a44c 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0-beta.1@sha256:7f7c4a6253cc5eb416f2baa93337a53da700f49fd85ced915712bb24e0e25b03 + image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0-beta.2@sha256:55a66fed1242eac8626648cc40f1bdf4c64a53c2c133b3a7f7a83c03530eda68 diff --git a/packages/system/cozystack-controller/values.yaml b/packages/system/cozystack-controller/values.yaml index 7ae16059..d32d731a 100644 --- a/packages/system/cozystack-controller/values.yaml +++ b/packages/system/cozystack-controller/values.yaml @@ -1,5 +1,5 @@ cozystackController: - image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0-beta.1@sha256:e048a79186912f8406f6cb1c4a26bd79ea94ed11d5dbd0b53e2fb3c384cc933c + image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0-beta.2@sha256:8f8b721153778699b50b0221609e15b76d696a8e745db81cb6fc6164907d83b7 debug: false disableTelemetry: false - cozystackVersion: "v0.37.0-beta.1" + cozystackVersion: "v0.37.0-beta.2" diff --git a/packages/system/dashboard/templates/configmap.yaml b/packages/system/dashboard/templates/configmap.yaml index d982ebf9..4553d062 100644 --- a/packages/system/dashboard/templates/configmap.yaml +++ b/packages/system/dashboard/templates/configmap.yaml @@ -1,6 +1,6 @@ {{- $brandingConfig:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} -{{- $tenantText := "v0.37.0-beta.1" }} +{{- $tenantText := "v0.37.0-beta.2" }} {{- $footerText := "Cozystack" }} {{- $titleText := "Cozystack Dashboard" }} {{- $logoText := "false" }} diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index bfa06c84..15fca12b 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -1,6 +1,6 @@ openapiUI: - image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0-beta.1@sha256:5438e45b3c57996bac711ebfac8121e8e667624bc2101bda9c3eb273684ac423 + image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0-beta.2@sha256:67e40cdfb693234325814976cb4f5dcb6cba45e4db847e1150f8ccc562fa9c2e openapiUIK8sBff: - image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0-beta.1@sha256:4d01796d6a9cf1f97c28fadca2270bd8504adccf09dde029f305434c17273a08 + image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0-beta.2@sha256:9a9535745acbb455f42b9066bed8ecf76f6a74e5d09ecb33f00e3407a935d436 tokenProxy: - image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0-beta.1@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b + image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0-beta.2@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 966034cf..62495e9c 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -3,7 +3,7 @@ kamaji: deploy: false image: pullPolicy: IfNotPresent - tag: v0.37.0-beta.1@sha256:7b88e2534912ac4b32b6fd9b51eb4571193d95ee696fa35a8dcd1ae2913e970b + tag: v0.37.0-beta.2@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 repository: ghcr.io/cozystack/cozystack/kamaji resources: limits: @@ -13,4 +13,4 @@ kamaji: cpu: 100m memory: 100Mi extraArgs: - - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0-beta.1@sha256:7b88e2534912ac4b32b6fd9b51eb4571193d95ee696fa35a8dcd1ae2913e970b + - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0-beta.2@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 diff --git a/packages/system/kubeovn-plunger/values.yaml b/packages/system/kubeovn-plunger/values.yaml index 7d55f76c..57efaf04 100644 --- a/packages/system/kubeovn-plunger/values.yaml +++ b/packages/system/kubeovn-plunger/values.yaml @@ -1,4 +1,4 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0-beta.1@sha256:c4137bfb039fd1eb4f31cb7f44d1051a751944c3dd7e0ace26e7fda36b403fc7 +image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0-beta.2@sha256:2c26289aee50796ffd5a9859447449f820221cb0a12ca1980be9988a4a643cc8 ovnCentralName: ovn-central diff --git a/packages/system/kubeovn-webhook/values.yaml b/packages/system/kubeovn-webhook/values.yaml index c862ca02..82ced1e5 100644 --- a/packages/system/kubeovn-webhook/values.yaml +++ b/packages/system/kubeovn-webhook/values.yaml @@ -1,3 +1,3 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0-beta.1@sha256:fc777726120350e5bdf4b864f49826b89983eb07a63c768d4907ce1330b35049 +image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0-beta.2@sha256:a2cc2a66239bbe35db9e137abb07d0f2fa013ae33b46a91a18d61f0d21c8e15a diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 392619b9..1c5d5b5d 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -64,4 +64,4 @@ global: images: kubeovn: repository: kubeovn - tag: v1.14.5@sha256:a2e999db65e040566dee55ddb1ce6a89de02cba375932312984db7d72876dfe6 + tag: v1.14.5@sha256:1ea54414b9115bdcd1a4abb8735bb6efa7430fbf90e2fbf85d24dfd7cd9171dc diff --git a/packages/system/kubevirt-csi-node/values.yaml b/packages/system/kubevirt-csi-node/values.yaml index 7cad4dab..a7fb1e67 100644 --- a/packages/system/kubevirt-csi-node/values.yaml +++ b/packages/system/kubevirt-csi-node/values.yaml @@ -1,3 +1,3 @@ storageClass: replicated csiDriver: - image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:6d3fc4246928f65e784cd8822457c505a8a3742b51a072ebdb43d9570ec10b39 + image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.0.0@sha256:c8b08084a86251cdd18e237de89b695bca0e4f7eb1f1f6ddc2b903b4d74ea5ff diff --git a/packages/system/objectstorage-controller/values.yaml b/packages/system/objectstorage-controller/values.yaml index 2ccec783..abe67b71 100644 --- a/packages/system/objectstorage-controller/values.yaml +++ b/packages/system/objectstorage-controller/values.yaml @@ -1,3 +1,3 @@ objectstorage: controller: - image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0-beta.1@sha256:28c12248a0e9a9e5c1a5e12a6bb4558e87d9113f1b1af004aa057bbaeb5b0371" + image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0-beta.2@sha256:5f2eed05d19ba971806374834cb16ca49282aac76130194c00b213c79ce3e10d" diff --git a/packages/system/seaweedfs/values.yaml b/packages/system/seaweedfs/values.yaml index b03a1168..81b10651 100644 --- a/packages/system/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/values.yaml @@ -120,7 +120,7 @@ seaweedfs: bucketClassName: "seaweedfs" region: "" sidecar: - image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.1@sha256:8d01f34214e10f078675640b93966f387fe6fc0b62d8e6ffde4689d7c532e75e" + image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.2@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847" certificates: commonName: "SeaweedFS CA" ipAddresses: [] From aff8b0c30a777dbe04ac783e4051a7fa478edc55 Mon Sep 17 00:00:00 2001 From: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com> Date: Fri, 10 Oct 2025 07:46:34 +0000 Subject: [PATCH 50/80] Prepare release v0.37.0 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com> --- packages/apps/http-cache/images/nginx-cache.tag | 2 +- packages/core/installer/values.yaml | 2 +- packages/core/testing/values.yaml | 2 +- packages/extra/bootbox/images/matchbox.tag | 2 +- packages/extra/seaweedfs/images/objectstorage-sidecar.tag | 2 +- packages/system/bucket/images/s3manager.tag | 2 +- packages/system/cozystack-api/values.yaml | 2 +- packages/system/cozystack-controller/values.yaml | 4 ++-- packages/system/dashboard/templates/configmap.yaml | 2 +- packages/system/dashboard/values.yaml | 6 +++--- packages/system/kamaji/values.yaml | 4 ++-- packages/system/kubeovn-plunger/values.yaml | 2 +- packages/system/kubeovn-webhook/values.yaml | 2 +- packages/system/kubeovn/values.yaml | 2 +- packages/system/objectstorage-controller/values.yaml | 2 +- packages/system/seaweedfs/values.yaml | 2 +- 16 files changed, 20 insertions(+), 20 deletions(-) diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index a5e4ca7b..0970e11c 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5 +ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:50ac1581e3100bd6c477a71161cb455a341ffaf9e5e2f6086802e4e25271e8af diff --git a/packages/core/installer/values.yaml b/packages/core/installer/values.yaml index 2636492d..fc7c81fa 100644 --- a/packages/core/installer/values.yaml +++ b/packages/core/installer/values.yaml @@ -1,2 +1,2 @@ cozystack: - image: ghcr.io/cozystack/cozystack/installer:v0.37.0-beta.2@sha256:c6fa029cdfe1174815a08c279e2db1fd80e51b1241e78ffd1967c3377eb18522 + image: ghcr.io/cozystack/cozystack/installer:v0.37.0@sha256:256c5a0f0ae2fc3ad6865b9fda74c42945b38a5384240fa29554617185b60556 diff --git a/packages/core/testing/values.yaml b/packages/core/testing/values.yaml index 3b8f4376..bcc94ce3 100755 --- a/packages/core/testing/values.yaml +++ b/packages/core/testing/values.yaml @@ -1,2 +1,2 @@ e2e: - image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0-beta.2@sha256:84be9e42bc2c04b0765c8b89e0a9728c49ebf4676a92522b007af96ae9aec68d + image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.37.0@sha256:10afd0a6c39248ec41d0e59ff1bc6c29bd0075b7cc9a512b01cf603ef39c33ea diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag index 6abcea87..6060afa4 100644 --- a/packages/extra/bootbox/images/matchbox.tag +++ b/packages/extra/bootbox/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/matchbox:v0.37.0-beta.2@sha256:33dab53714113dd24dd3b6112ae0baab20d870b793ca52635e4ac12860bfb369 +ghcr.io/cozystack/cozystack/matchbox:v0.37.0@sha256:5cca5f56b755285aefa11b1052fe55e1aa83b25bae34aef80cdb77ff63091044 diff --git a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag index c2253be7..e16a832d 100644 --- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag +++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.2@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847 +ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847 diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag index 1b1a6598..96054223 100644 --- a/packages/system/bucket/images/s3manager.tag +++ b/packages/system/bucket/images/s3manager.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:6a2bd31ef69d4e609c702c166b0a0d4e56af1ee2f9e68841d2c7952660e70f66 +ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:7348bec610f08bd902c88c9a9f28fdd644727e2728a1e4103f88f0c99febd5e7 diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index 4351a44c..1b68eff4 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0-beta.2@sha256:55a66fed1242eac8626648cc40f1bdf4c64a53c2c133b3a7f7a83c03530eda68 + image: ghcr.io/cozystack/cozystack/cozystack-api:v0.37.0@sha256:19d89e8afb90ce38ab7e42ecedfc28402f7c0b56f30957db957c5415132ff6ca diff --git a/packages/system/cozystack-controller/values.yaml b/packages/system/cozystack-controller/values.yaml index d32d731a..f651807e 100644 --- a/packages/system/cozystack-controller/values.yaml +++ b/packages/system/cozystack-controller/values.yaml @@ -1,5 +1,5 @@ cozystackController: - image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0-beta.2@sha256:8f8b721153778699b50b0221609e15b76d696a8e745db81cb6fc6164907d83b7 + image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.37.0@sha256:845b8e68cbc277c2303080bcd55597e4334610d396dad258ad56fd906530acc3 debug: false disableTelemetry: false - cozystackVersion: "v0.37.0-beta.2" + cozystackVersion: "v0.37.0" diff --git a/packages/system/dashboard/templates/configmap.yaml b/packages/system/dashboard/templates/configmap.yaml index 4553d062..5c541dff 100644 --- a/packages/system/dashboard/templates/configmap.yaml +++ b/packages/system/dashboard/templates/configmap.yaml @@ -1,6 +1,6 @@ {{- $brandingConfig:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} -{{- $tenantText := "v0.37.0-beta.2" }} +{{- $tenantText := "v0.37.0" }} {{- $footerText := "Cozystack" }} {{- $titleText := "Cozystack Dashboard" }} {{- $logoText := "false" }} diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 15fca12b..4cb8571b 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -1,6 +1,6 @@ openapiUI: - image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0-beta.2@sha256:67e40cdfb693234325814976cb4f5dcb6cba45e4db847e1150f8ccc562fa9c2e + image: ghcr.io/cozystack/cozystack/openapi-ui:v0.37.0@sha256:13f38cf56830e899eb5e3d9dc8184965dd8dba9f8cd3c5ca10df0970355842d6 openapiUIK8sBff: - image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0-beta.2@sha256:9a9535745acbb455f42b9066bed8ecf76f6a74e5d09ecb33f00e3407a935d436 + image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.37.0@sha256:2b626dbbf87241e8621ac5b0285f402edbc2c2069ba254ca2ace2dd5c9248ac8 tokenProxy: - image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0-beta.2@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b + image: ghcr.io/cozystack/cozystack/token-proxy:v0.37.0@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 62495e9c..906d20bf 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -3,7 +3,7 @@ kamaji: deploy: false image: pullPolicy: IfNotPresent - tag: v0.37.0-beta.2@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 + tag: v0.37.0@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 repository: ghcr.io/cozystack/cozystack/kamaji resources: limits: @@ -13,4 +13,4 @@ kamaji: cpu: 100m memory: 100Mi extraArgs: - - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0-beta.2@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 + - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.37.0@sha256:9f4fd5045ede2909fbaf2572e4138fcbd8921071ecf8f08446257fddd0e6f655 diff --git a/packages/system/kubeovn-plunger/values.yaml b/packages/system/kubeovn-plunger/values.yaml index 57efaf04..11595d48 100644 --- a/packages/system/kubeovn-plunger/values.yaml +++ b/packages/system/kubeovn-plunger/values.yaml @@ -1,4 +1,4 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0-beta.2@sha256:2c26289aee50796ffd5a9859447449f820221cb0a12ca1980be9988a4a643cc8 +image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.37.0@sha256:9950614571ea77a55925eba0839b6b12c8e5a7a30b8858031a8c6050f261af1a ovnCentralName: ovn-central diff --git a/packages/system/kubeovn-webhook/values.yaml b/packages/system/kubeovn-webhook/values.yaml index 82ced1e5..116f077a 100644 --- a/packages/system/kubeovn-webhook/values.yaml +++ b/packages/system/kubeovn-webhook/values.yaml @@ -1,3 +1,3 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0-beta.2@sha256:a2cc2a66239bbe35db9e137abb07d0f2fa013ae33b46a91a18d61f0d21c8e15a +image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.37.0@sha256:7e63205708e607ce2cedfe2a2cafd323ca51e3ebc71244a21ff6f9016c6c87bc diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 1c5d5b5d..74f21b52 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -64,4 +64,4 @@ global: images: kubeovn: repository: kubeovn - tag: v1.14.5@sha256:1ea54414b9115bdcd1a4abb8735bb6efa7430fbf90e2fbf85d24dfd7cd9171dc + tag: v1.14.5@sha256:af10da442a0c6dc7df47a0ef752e2eb5c247bb0b43069fdfcb2aa51511185ea2 diff --git a/packages/system/objectstorage-controller/values.yaml b/packages/system/objectstorage-controller/values.yaml index abe67b71..489052ac 100644 --- a/packages/system/objectstorage-controller/values.yaml +++ b/packages/system/objectstorage-controller/values.yaml @@ -1,3 +1,3 @@ objectstorage: controller: - image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0-beta.2@sha256:5f2eed05d19ba971806374834cb16ca49282aac76130194c00b213c79ce3e10d" + image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.37.0@sha256:5f2eed05d19ba971806374834cb16ca49282aac76130194c00b213c79ce3e10d" diff --git a/packages/system/seaweedfs/values.yaml b/packages/system/seaweedfs/values.yaml index 81b10651..e12102e7 100644 --- a/packages/system/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/values.yaml @@ -120,7 +120,7 @@ seaweedfs: bucketClassName: "seaweedfs" region: "" sidecar: - image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0-beta.2@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847" + image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847" certificates: commonName: "SeaweedFS CA" ipAddresses: [] From 2d9dc9fe01e131b3818df576ee153ac3d2748af3 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Fri, 10 Oct 2025 12:44:59 +0300 Subject: [PATCH 51/80] [foundationdb] Upgrade FDB app for latest Cozy Since this contribution was made, the layout of the repository changed significantly. This patch addresses these updates and brings the FoundationDB managed app into harmony with the new structure. ```release-note [foundationdb, maintenance] Harmonize FoundationDB repo layout with v0.37.0 repository structure. ``` Signed-off-by: Timofei Larkin --- packages/apps/foundationdb/README.md | 2 +- packages/apps/foundationdb/values.schema.json | 69 +-- packages/apps/versions_map | 190 ------- .../openapi-schemas/foundationdb.json | 1 - .../cozystack-resource-definitions.yaml | 527 ------------------ .../cozyrds/foundationdb.yaml | 30 + 6 files changed, 40 insertions(+), 779 deletions(-) delete mode 100644 packages/apps/versions_map delete mode 120000 packages/system/cozystack-api/openapi-schemas/foundationdb.json delete mode 100644 packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml create mode 100644 packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml diff --git a/packages/apps/foundationdb/README.md b/packages/apps/foundationdb/README.md index fed4acde..ceebf571 100644 --- a/packages/apps/foundationdb/README.md +++ b/packages/apps/foundationdb/README.md @@ -164,7 +164,7 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch | `storage` | Storage configuration | `object` | `{}` | | `storage.size` | Size of persistent volumes for each instance | `quantity` | `16Gi` | | `storage.storageClass` | Storage class (if not set, uses cluster default) | `string` | `""` | -| `resources` | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object` | `{}` | +| `resources` | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object` | `null` | | `resources.cpu` | CPU available to each instance | `*quantity` | `null` | | `resources.memory` | Memory (RAM) available to each instance | `*quantity` | `null` | | `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string` | `medium` | diff --git a/packages/apps/foundationdb/values.schema.json b/packages/apps/foundationdb/values.schema.json index 1b0c6577..675d20c6 100644 --- a/packages/apps/foundationdb/values.schema.json +++ b/packages/apps/foundationdb/values.schema.json @@ -10,19 +10,7 @@ "backup": { "description": "Backup configuration", "type": "object", - "default": { - "enabled": false, - "retentionPolicy": "7d", - "s3": { - "bucket": "", - "credentials": { - "accessKeyId": "", - "secretAccessKey": "" - }, - "endpoint": "", - "region": "us-east-1" - } - }, + "default": {}, "required": [ "enabled", "retentionPolicy", @@ -42,15 +30,7 @@ "s3": { "description": "S3 configuration for backups", "type": "object", - "default": { - "bucket": "", - "credentials": { - "accessKeyId": "", - "secretAccessKey": "" - }, - "endpoint": "", - "region": "us-east-1" - }, + "default": {}, "required": [ "bucket", "credentials", @@ -65,10 +45,7 @@ "credentials": { "description": "S3 credentials", "type": "object", - "default": { - "accessKeyId": "", - "secretAccessKey": "" - }, + "default": {}, "required": [ "accessKeyId", "secretAccessKey" @@ -100,20 +77,7 @@ "cluster": { "description": "Cluster configuration", "type": "object", - "default": { - "faultDomain": { - "key": "kubernetes.io/hostname", - "valueFrom": "spec.nodeName" - }, - "processCounts": { - "cluster_controller": 1, - "stateless": -1, - "storage": 3 - }, - "redundancyMode": "double", - "storageEngine": "ssd-2", - "version": "7.3.63" - }, + "default": {}, "required": [ "faultDomain", "processCounts", @@ -125,10 +89,7 @@ "faultDomain": { "description": "Fault domain configuration", "type": "object", - "default": { - "key": "kubernetes.io/hostname", - "valueFrom": "spec.nodeName" - }, + "default": {}, "required": [ "key", "valueFrom" @@ -149,11 +110,7 @@ "processCounts": { "description": "Process counts for different roles", "type": "object", - "default": { - "cluster_controller": 1, - "stateless": -1, - "storage": 3 - }, + "default": {}, "required": [ "cluster_controller", "stateless", @@ -214,9 +171,7 @@ "monitoring": { "description": "Monitoring configuration", "type": "object", - "default": { - "enabled": true - }, + "default": {}, "required": [ "enabled" ], @@ -276,10 +231,7 @@ "securityContext": { "description": "Security context for containers", "type": "object", - "default": { - "runAsGroup": 4059, - "runAsUser": 4059 - }, + "default": {}, "required": [ "runAsGroup", "runAsUser" @@ -300,10 +252,7 @@ "storage": { "description": "Storage configuration", "type": "object", - "default": { - "size": "16Gi", - "storageClass": "" - }, + "default": {}, "required": [ "size", "storageClass" diff --git a/packages/apps/versions_map b/packages/apps/versions_map deleted file mode 100644 index 81f467d7..00000000 --- a/packages/apps/versions_map +++ /dev/null @@ -1,190 +0,0 @@ -bucket 0.1.0 632224a3 -bucket 0.2.0 HEAD -clickhouse 0.1.0 f7eaab0a -clickhouse 0.2.0 53f2365e -clickhouse 0.2.1 dfbc210b -clickhouse 0.3.0 6c5cf5bf -clickhouse 0.4.0 b40e1b09 -clickhouse 0.5.0 0f312d5c -clickhouse 0.6.0 1ec10165 -clickhouse 0.6.1 c62a83a7 -clickhouse 0.6.2 8267072d -clickhouse 0.7.0 93bdf411 -clickhouse 0.9.0 6130f43d -clickhouse 0.9.2 632224a3 -clickhouse 0.10.0 6358fd7a -clickhouse 0.10.1 4369b031 -clickhouse 0.11.0 08cb7c0f -clickhouse 0.11.1 0e47e1e8 -clickhouse 0.12.0 c02a3818 -clickhouse 0.13.0 HEAD -ferretdb 0.1.0 e9716091 -ferretdb 0.1.1 91b0499a -ferretdb 0.2.0 6c5cf5bf -ferretdb 0.3.0 b8e33d19 -ferretdb 0.4.0 b40e1b09 -ferretdb 0.4.1 1ec10165 -ferretdb 0.4.2 8267072d -ferretdb 0.5.0 93bdf411 -ferretdb 0.6.0 6130f43d -ferretdb 0.6.1 632224a3 -ferretdb 0.7.0 62cb694d -ferretdb 0.7.1 4369b031 -ferretdb 0.8.0 08cb7c0f -ferretdb 1.0.0 c02a3818 -ferretdb 1.1.0 HEAD -foundationdb 0.1.0 HEAD -http-cache 0.1.0 263e47be -http-cache 0.2.0 53f2365e -http-cache 0.3.0 6c5cf5bf -http-cache 0.3.1 0f312d5c -http-cache 0.4.0 93bdf411 -http-cache 0.5.0 6130f43d -http-cache 0.5.1 62cb694d -http-cache 0.5.2 4369b031 -http-cache 0.6.0 08cb7c0f -http-cache 0.6.1 c02a3818 -http-cache 0.7.0 HEAD -kafka 0.1.0 f7eaab0a -kafka 0.2.0 c0685f43 -kafka 0.2.1 dfbc210b -kafka 0.2.2 e9716091 -kafka 0.2.3 91b0499a -kafka 0.3.0 6c5cf5bf -kafka 0.3.1 c62a83a7 -kafka 0.3.2 93c46161 -kafka 0.3.3 8267072d -kafka 0.4.0 85ec09b8 -kafka 0.5.0 93bdf411 -kafka 0.6.0 6130f43d -kafka 0.6.1 632224a3 -kafka 0.7.0 6358fd7a -kafka 0.7.1 4369b031 -kafka 0.8.0 08cb7c0f -kafka 0.8.1 HEAD -kubernetes 0.24.0 62cb694d -kubernetes 0.25.0 70f82667 -kubernetes 0.25.1 acd4663a -kubernetes 0.25.2 08cb7c0f -kubernetes 0.26.0 9584e5f5 -kubernetes 0.26.1 0e47e1e8 -kubernetes 0.26.2 8ddbe32e -kubernetes 0.26.3 c02a3818 -kubernetes 0.27.0 6cd5e746 -kubernetes 0.28.0 7f477eec -kubernetes 0.29.0 HEAD -mysql 0.1.0 263e47be -mysql 0.2.0 c24a103f -mysql 0.3.0 53f2365e -mysql 0.4.0 6c5cf5bf -mysql 0.5.0 b40e1b09 -mysql 0.5.1 0f312d5c -mysql 0.5.2 1ec10165 -mysql 0.5.3 8267072d -mysql 0.6.0 93bdf411 -mysql 0.7.0 6130f43d -mysql 0.7.1 632224a3 -mysql 0.8.0 62cb694d -mysql 0.8.1 4369b031 -mysql 0.9.0 08cb7c0f -mysql 0.9.1 c02a3818 -mysql 0.10.0 HEAD -nats 0.1.0 e9716091 -nats 0.2.0 6c5cf5bf -nats 0.3.0 78366f19 -nats 0.3.1 c62a83a7 -nats 0.4.0 898374b5 -nats 0.4.1 8267072d -nats 0.5.0 93bdf411 -nats 0.6.0 6130f43d -nats 0.6.1 632224a3 -nats 0.7.0 62cb694d -nats 0.7.1 4369b031 -nats 0.8.0 08cb7c0f -nats 0.8.1 c02a3818 -nats 0.9.0 HEAD -postgres 0.1.0 263e47be -postgres 0.2.0 53f2365e -postgres 0.2.1 d7cfa53c -postgres 0.3.0 dfbc210b -postgres 0.4.0 e9716091 -postgres 0.4.1 91b0499a -postgres 0.5.0 6c5cf5bf -postgres 0.6.0 b40e1b09 -postgres 0.6.2 0f312d5c -postgres 0.7.0 4b90bf5a -postgres 0.7.1 1ec10165 -postgres 0.8.0 4e68e65c -postgres 0.9.0 8267072d -postgres 0.10.0 721c12a7 -postgres 0.10.1 93bdf411 -postgres 0.11.0 f9f8bb2f -postgres 0.12.0 6130f43d -postgres 0.12.1 632224a3 -postgres 0.14.0 62cb694d -postgres 0.15.1 4369b031 -postgres 0.16.0 70f82667 -postgres 0.17.0 acd4663a -postgres 0.17.1 08cb7c0f -postgres 0.17.3 c02a3818 -postgres 0.18.0 HEAD -rabbitmq 0.1.0 263e47be -rabbitmq 0.2.0 53f2365e -rabbitmq 0.3.0 6c5cf5bf -rabbitmq 0.4.0 b40e1b09 -rabbitmq 0.4.1 1128d0cb -rabbitmq 0.4.2 4b90bf5a -rabbitmq 0.4.3 1ec10165 -rabbitmq 0.4.4 8267072d -rabbitmq 0.5.0 93bdf411 -rabbitmq 0.6.0 632224a3 -rabbitmq 0.7.0 62cb694d -rabbitmq 0.7.1 4369b031 -rabbitmq 0.8.0 08cb7c0f -rabbitmq 0.8.1 c02a3818 -rabbitmq 0.9.0 HEAD -redis 0.1.1 263e47be -redis 0.2.0 53f2365e -redis 0.3.0 6c5cf5bf -redis 0.3.1 c62a83a7 -redis 0.4.0 84f3ccc0 -redis 0.5.0 4e68e65c -redis 0.6.0 93bdf411 -redis 0.7.0 6130f43d -redis 0.7.1 632224a3 -redis 0.8.0 62cb694d -redis 0.8.1 4369b031 -redis 0.9.0 08cb7c0f -redis 0.9.1 c02a3818 -redis 0.10.0 HEAD -tcp-balancer 0.1.0 263e47be -tcp-balancer 0.2.0 53f2365e -tcp-balancer 0.3.0 93bdf411 -tcp-balancer 0.4.0 6130f43d -tcp-balancer 0.4.1 62cb694d -tcp-balancer 0.4.2 4369b031 -tcp-balancer 0.5.0 08cb7c0f -tcp-balancer 0.5.1 c02a3818 -tcp-balancer 0.6.0 HEAD -tenant 1.13.0 8f1975d1 -tenant 1.14.0 HEAD -virtual-machine 0.14.0 HEAD -vm-disk 0.1.0 d971f2ff -vm-disk 0.1.1 6130f43d -vm-disk 0.1.2 632224a3 -vm-disk 0.2.0 4369b031 -vm-disk 0.3.0 c02a3818 -vm-disk 0.4.0 HEAD -vm-instance 0.12.0 HEAD -vpn 0.1.0 263e47be -vpn 0.2.0 53f2365e -vpn 0.3.0 6c5cf5bf -vpn 0.3.1 1ec10165 -vpn 0.4.0 93bdf411 -vpn 0.5.0 6130f43d -vpn 0.5.1 632224a3 -vpn 0.6.1 62cb694d -vpn 0.6.2 4369b031 -vpn 0.7.0 08cb7c0f -vpn 0.7.1 c02a3818 -vpn 0.8.0 HEAD diff --git a/packages/system/cozystack-api/openapi-schemas/foundationdb.json b/packages/system/cozystack-api/openapi-schemas/foundationdb.json deleted file mode 120000 index 12c61ac3..00000000 --- a/packages/system/cozystack-api/openapi-schemas/foundationdb.json +++ /dev/null @@ -1 +0,0 @@ -../../../apps/foundationdb/values.schema.json \ No newline at end of file diff --git a/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml b/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml deleted file mode 100644 index 8044584f..00000000 --- a/packages/system/cozystack-api/templates/cozystack-resource-definitions.yaml +++ /dev/null @@ -1,527 +0,0 @@ -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: bucket -spec: - application: - kind: Bucket - singular: bucket - plural: buckets - openAPISchema: | - {{- .Files.Get "openapi-schemas/bucket.json" | fromJson | toJson | nindent 6 }} - release: - prefix: bucket- - labels: - cozystack.io/ui: "true" - chart: - name: bucket - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: clickhouse -spec: - application: - kind: ClickHouse - singular: clickhouse - plural: clickhouses - openAPISchema: | - {{- .Files.Get "openapi-schemas/clickhouse.json" | fromJson | toJson | nindent 6 }} - release: - prefix: clickhouse- - labels: - cozystack.io/ui: "true" - chart: - name: clickhouse - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: httpcache -spec: - application: - kind: HTTPCache - singular: httpcache - plural: httpcaches - openAPISchema: | - {{- .Files.Get "openapi-schemas/http-cache.json" | fromJson | toJson | nindent 6 }} - release: - prefix: http-cache- - labels: - cozystack.io/ui: "true" - chart: - name: http-cache - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: nats -spec: - application: - kind: NATS - singular: nats - plural: natses - openAPISchema: | - {{- .Files.Get "openapi-schemas/nats.json" | fromJson | toJson | nindent 6 }} - release: - prefix: nats- - labels: - cozystack.io/ui: "true" - chart: - name: nats - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: tcpbalancer -spec: - application: - kind: TCPBalancer - singular: tcpbalancer - plural: tcpbalancers - openAPISchema: | - {{- .Files.Get "openapi-schemas/tcp-balancer.json" | fromJson | toJson | nindent 6 }} - release: - prefix: tcp-balancer- - labels: - cozystack.io/ui: "true" - chart: - name: tcp-balancer - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: virtualmachine -spec: - application: - kind: VirtualMachine - singular: virtualmachine - plural: virtualmachines - openAPISchema: | - {{- .Files.Get "openapi-schemas/virtual-machine.json" | fromJson | toJson | nindent 6 }} - release: - prefix: virtual-machine- - labels: - cozystack.io/ui: "true" - chart: - name: virtual-machine - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: vpn -spec: - application: - kind: VPN - singular: vpn - plural: vpns - openAPISchema: | - {{- .Files.Get "openapi-schemas/vpn.json" | fromJson | toJson | nindent 6 }} - release: - prefix: vpn- - labels: - cozystack.io/ui: "true" - chart: - name: vpn - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: mysql -spec: - application: - kind: MySQL - singular: mysql - plural: mysqls - openAPISchema: | - {{- .Files.Get "openapi-schemas/mysql.json" | fromJson | toJson | nindent 6 }} - release: - prefix: mysql- - labels: - cozystack.io/ui: "true" - chart: - name: mysql - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: tenant -spec: - application: - kind: Tenant - singular: tenant - plural: tenants - openAPISchema: | - {{- .Files.Get "openapi-schemas/tenant.json" | fromJson | toJson | nindent 6 }} - release: - prefix: tenant- - labels: - cozystack.io/ui: "true" - chart: - name: tenant - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: kubernetes -spec: - application: - kind: Kubernetes - singular: kubernetes - plural: kuberneteses - openAPISchema: | - {{- .Files.Get "openapi-schemas/kubernetes.json" | fromJson | toJson | nindent 6 }} - release: - prefix: kubernetes- - labels: - cozystack.io/ui: "true" - chart: - name: kubernetes - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: redis -spec: - application: - kind: Redis - singular: redis - plural: redises - openAPISchema: | - {{- .Files.Get "openapi-schemas/redis.json" | fromJson | toJson | nindent 6 }} - release: - prefix: redis- - labels: - cozystack.io/ui: "true" - chart: - name: redis - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: rabbitmq -spec: - application: - kind: RabbitMQ - singular: rabbitmq - plural: rabbitmqs - openAPISchema: | - {{- .Files.Get "openapi-schemas/rabbitmq.json" | fromJson | toJson | nindent 6 }} - release: - prefix: rabbitmq- - labels: - cozystack.io/ui: "true" - chart: - name: rabbitmq - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: postgres -spec: - application: - kind: Postgres - singular: postgres - plural: postgreses - openAPISchema: | - {{- .Files.Get "openapi-schemas/postgres.json" | fromJson | toJson | nindent 6 }} - release: - prefix: postgres- - labels: - cozystack.io/ui: "true" - chart: - name: postgres - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: ferretdb -spec: - application: - kind: FerretDB - singular: ferretdb - plural: ferretdbs - openAPISchema: | - {{- .Files.Get "openapi-schemas/ferretdb.json" | fromJson | toJson | nindent 6 }} - release: - prefix: ferretdb- - labels: - cozystack.io/ui: "true" - chart: - name: ferretdb - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: foundationdb -spec: - application: - kind: FoundationDB - singular: foundationdb - plural: foundationdbs - openAPISchema: | - {{- .Files.Get "openapi-schemas/foundationdb.json" | fromJson | toJson | nindent 6 }} - release: - prefix: foundationdb- - labels: - cozystack.io/ui: "true" - chart: - name: foundationdb - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: kafka -spec: - application: - kind: Kafka - singular: kafka - plural: kafkas - openAPISchema: | - {{- .Files.Get "openapi-schemas/kafka.json" | fromJson | toJson | nindent 6 }} - release: - prefix: kafka- - labels: - cozystack.io/ui: "true" - chart: - name: kafka - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: vmdisk -spec: - application: - kind: VMDisk - singular: vmdisk - plural: vmdisks - openAPISchema: | - {{- .Files.Get "openapi-schemas/vm-disk.json" | fromJson | toJson | nindent 6 }} - release: - prefix: vm-disk- - labels: - cozystack.io/ui: "true" - chart: - name: vm-disk - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: vminstance -spec: - application: - kind: VMInstance - singular: vminstance - plural: vminstances - openAPISchema: | - {{- .Files.Get "openapi-schemas/vm-instance.json" | fromJson | toJson | nindent 6 }} - release: - prefix: vm-instance- - labels: - cozystack.io/ui: "true" - chart: - name: vm-instance - sourceRef: - kind: HelmRepository - name: cozystack-apps - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: monitoring -spec: - application: - kind: Monitoring - singular: monitoring - plural: monitorings - openAPISchema: | - {{- .Files.Get "openapi-schemas/monitoring.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: monitoring - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: etcd -spec: - application: - kind: Etcd - singular: etcd - plural: etcds - openAPISchema: | - {{- .Files.Get "openapi-schemas/etcd.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: etcd - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: ingress -spec: - application: - kind: Ingress - singular: ingress - plural: ingresses - openAPISchema: | - {{- .Files.Get "openapi-schemas/ingress.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: ingress - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: seaweedfs -spec: - application: - kind: SeaweedFS - singular: seaweedfs - plural: seaweedfses - openAPISchema: | - {{- .Files.Get "openapi-schemas/seaweedfs.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: seaweedfs - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: bootbox -spec: - application: - kind: BootBox - singular: bootbox - plural: bootboxes - openAPISchema: | - {{- .Files.Get "openapi-schemas/bootbox.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: bootbox - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public ---- -apiVersion: cozystack.io/v1alpha1 -kind: CozystackResourceDefinition -metadata: - name: info -spec: - application: - kind: Info - singular: info - plural: infos - openAPISchema: | - {{- .Files.Get "openapi-schemas/info.json" | fromJson | toJson | nindent 6 }} - release: - prefix: "" - labels: - cozystack.io/ui: "true" - chart: - name: info - sourceRef: - kind: HelmRepository - name: cozystack-extra - namespace: cozy-public diff --git a/packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml b/packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml new file mode 100644 index 00000000..e7759380 --- /dev/null +++ b/packages/system/cozystack-resource-definitions/cozyrds/foundationdb.yaml @@ -0,0 +1,30 @@ +apiVersion: cozystack.io/v1alpha1 +kind: CozystackResourceDefinition +metadata: + name: foundationdb +spec: + application: + kind: FoundationDB + singular: foundationdb + plural: foundationdbs + openAPISchema: |- + {"title":"Chart Values","type":"object","properties":{"automaticReplacements":{"description":"Enable automatic pod replacements","type":"boolean","default":true},"backup":{"description":"Backup configuration","type":"object","default":{"enabled":false,"retentionPolicy":"7d","s3":{"bucket":"","credentials":{"accessKeyId":"","secretAccessKey":""},"endpoint":"","region":"us-east-1"}},"required":["enabled","retentionPolicy","s3"],"properties":{"enabled":{"description":"Enable backups","type":"boolean","default":false},"retentionPolicy":{"description":"Retention policy for backups","type":"string","default":"7d"},"s3":{"description":"S3 configuration for backups","type":"object","default":{"bucket":"","credentials":{"accessKeyId":"","secretAccessKey":""},"endpoint":"","region":"us-east-1"},"required":["bucket","credentials","endpoint","region"],"properties":{"bucket":{"description":"S3 bucket name","type":"string"},"credentials":{"description":"S3 credentials","type":"object","default":{"accessKeyId":"","secretAccessKey":""},"required":["accessKeyId","secretAccessKey"],"properties":{"accessKeyId":{"description":"S3 access key ID","type":"string"},"secretAccessKey":{"description":"S3 secret access key","type":"string"}}},"endpoint":{"description":"S3 endpoint URL","type":"string"},"region":{"description":"S3 region","type":"string","default":"us-east-1"}}}}},"cluster":{"description":"Cluster configuration","type":"object","default":{"faultDomain":{"key":"kubernetes.io/hostname","valueFrom":"spec.nodeName"},"processCounts":{"cluster_controller":1,"stateless":-1,"storage":3},"redundancyMode":"double","storageEngine":"ssd-2","version":"7.3.63"},"required":["faultDomain","processCounts","redundancyMode","storageEngine","version"],"properties":{"faultDomain":{"description":"Fault domain configuration","type":"object","default":{"key":"kubernetes.io/hostname","valueFrom":"spec.nodeName"},"required":["key","valueFrom"],"properties":{"key":{"description":"Fault domain key","type":"string","default":"kubernetes.io/hostname"},"valueFrom":{"description":"Fault domain value source","type":"string","default":"spec.nodeName"}}},"processCounts":{"description":"Process counts for different roles","type":"object","default":{"cluster_controller":1,"stateless":-1,"storage":3},"required":["cluster_controller","stateless","storage"],"properties":{"cluster_controller":{"description":"Number of cluster controller processes","type":"integer","default":1},"stateless":{"description":"Number of stateless processes (-1 for automatic)","type":"integer","default":-1},"storage":{"description":"Number of storage processes (determines cluster size)","type":"integer","default":3}}},"redundancyMode":{"description":"Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)","type":"string","default":"double"},"storageEngine":{"description":"Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)","type":"string","default":"ssd-2"},"version":{"description":"Version of FoundationDB to use","type":"string","default":"7.3.63"}}},"customParameters":{"description":"Custom parameters to pass to FoundationDB","type":"array","default":[],"items":{"type":"string"}},"imageType":{"description":"Container image deployment type","type":"string","default":"unified","enum":["unified","split"]},"monitoring":{"description":"Monitoring configuration","type":"object","default":{"enabled":true},"required":["enabled"],"properties":{"enabled":{"description":"Enable WorkloadMonitor integration","type":"boolean","default":true}}},"resources":{"description":"Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.","type":"object","default":{},"properties":{"cpu":{"description":"CPU available to each instance","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory (RAM) available to each instance","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"resourcesPreset":{"description":"Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.","type":"string","default":"medium","enum":["small","medium","large","xlarge","2xlarge"]},"securityContext":{"description":"Security context for containers","type":"object","default":{"runAsGroup":4059,"runAsUser":4059},"required":["runAsGroup","runAsUser"],"properties":{"runAsGroup":{"description":"Group ID to run the container","type":"integer","default":4059},"runAsUser":{"description":"User ID to run the container","type":"integer","default":4059}}},"storage":{"description":"Storage configuration","type":"object","default":{"size":"16Gi","storageClass":""},"required":["size","storageClass"],"properties":{"size":{"description":"Size of persistent volumes for each instance","default":"16Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"storageClass":{"description":"Storage class (if not set, uses cluster default)","type":"string"}}}}} + release: + prefix: foundationdb- + labels: + cozystack.io/ui: "true" + chart: + name: foundationdb + sourceRef: + kind: HelmRepository + name: cozystack-apps + namespace: cozy-public + dashboard: + category: PaaS + singular: FoundationDB + plural: FoundationDB + description: Managed FoundationDB service + tags: + - database + icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX3JhZGlhbF84NThfMzA3MikiLz4KPHBhdGggZD0iTTEzNS43ODQgNzUuNjQ0NkwxMzUuOTM5IDg3Ljc2MzhMODkuNjg0NiA4MS41MzYyTDYyLjA4NjggODQuNTA3OUwzNS4zNDE3IDgxLjQzMjlMOC43NTE2NyA4NC41ODU0TDguNzI1ODMgODEuNTEwNEwzNS4zNjc2IDc3LjU4MjZWNjQuMTcxM0w2Mi4yOTM1IDcwLjczNDhMNjIuMzQ1MiA4MS4yNzc4TDg5LjQ3NzkgNzcuNjg2TDg5LjQwMDQgNjQuMTk3MkwxMzUuNzg0IDc1LjY0NDZaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNODkuNDc3OCA4Ni4wMzI1TDEzNS44ODggOTAuODM4OFYxMDIuNzI2SDguNjQ4MjVMOC41MTkwNCA5OS41NzNIMzUuMjY0MUMzNS4yNjQxIDk5LjU3MyAzNS4yNjQxIDkwLjczNTUgMzUuMjY0MSA4Ni4wNTgzQzQ0LjI1NjcgODYuOTM2OSA2Mi4wODY3IDg4LjY5NDEgNjIuMDg2NyA4OC42OTQxVjk5LjI2MjlIODkuNDc3OFY4Ni4wMzI1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTYyLjI5MzQgNjYuODg0Nkw2Mi4yMTU4IDYzLjYyODZDNjIuMjE1OCA2My42Mjg2IDc5LjgxMzMgNTguMzU3MSA4OC45MDkyIDU1LjY2OTdDODguOTA5MiA1MS4zMDI2IDg4LjkwOTIgNDcuMDkwNiA4OC45MDkyIDQyQzEwNC44NzkgNDguNDA4NSAxMjAuMjI4IDU0LjYxMDIgMTM1LjczMyA2MC44Mzc4QzEzNS43MzMgNjQuNzEzOSAxMzUuNzMzIDY4LjQzNSAxMzUuNzMzIDcyLjU2OTVDMTE5Ljg0MSA2OC4yMDI0IDEwNC4yODQgNjMuOTEyOSA4OS4xNjc2IDU5Ljc1MjVDNzkuOTY4NCA2Mi4yMDc0IDYyLjI5MzQgNjYuODg0NiA2Mi4yOTM0IDY2Ljg4NDZaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNMzUuMzk2MiA4MS43MDczTDguODA2MTIgODQuODU5OEw4Ljc4MDI3IDgxLjc4NDhMMzUuNDIyIDc3Ljg1N1Y2NC40NDU3TDYyLjM0OCA3MS4wMDkzTDYyLjM5OTYgODEuNTUyMkw4OS41MzIzIDc3Ljk2MDRMODkuNDU0OCA2NC40NzE2TDEzNS44MzkgNzUuOTE5TDEzNS45OTQgODguMDM4Mkw4OS43MzkxIDgxLjgxMDZMNjIuMTQxMiA4NC43ODIzTDM1LjM5NjIgODEuNzA3M1oiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik04OS41MzIzIDg2LjMwNjlMMTM1Ljk0MiA5MS4xMTMzVjEwM0g4LjcwMjdMOC41NzM0OSA5OS44NDc0SDM1LjMxODZDMzUuMzE4NiA5OS44NDc0IDM1LjMxODYgOTEuMDA5OSAzNS4zMTg2IDg2LjMzMjhDNDQuMzExMSA4Ny4yMTE0IDYyLjE0MTIgODguOTY4NSA2Mi4xNDEyIDg4Ljk2ODVWOTkuNTM3M0g4OS41MzIzVjg2LjMwNjlaIiBmaWxsPSJ3aGl0ZSIvPgo8cGF0aCBkPSJNNjIuMzQ4MyA2Ny4xNTlMNjIuMjcwOCA2My45MDMxQzYyLjI3MDggNjMuOTAzMSA3OS44NjgyIDU4LjYzMTYgODguOTY0MiA1NS45NDQyQzg4Ljk2NDIgNTEuNTc3MSA4OC45NjQyIDQ3LjM2NTEgODguOTY0MiA0Mi4yNzQ0QzEwNC45MzQgNDguNjgyOSAxMjAuMjgzIDU0Ljg4NDcgMTM1Ljc4NyA2MS4xMTIzQzEzNS43ODcgNjQuOTg4NCAxMzUuNzg3IDY4LjcwOTQgMTM1Ljc4NyA3Mi44NDM5QzExOS44OTUgNjguNDc2OSAxMDQuMzM5IDY0LjE4NzMgODkuMjIyNiA2MC4wMjdDODAuMDIzMyA2Mi40ODE4IDYyLjM0ODMgNjcuMTU5IDYyLjM0ODMgNjcuMTU5WiIgZmlsbD0id2hpdGUiLz4KPGRlZnM+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQwX3JhZGlhbF84NThfMzA3MiIgY3g9IjAiIGN5PSIwIiByPSIxIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgtMjkuNSAtMTgpIHJvdGF0ZSgzOS42OTYzKSBzY2FsZSgzMDIuMTY4IDI3NS4yNzEpIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JFRERGRiIvPgo8c3RvcCBvZmZzZXQ9IjAuMjU5NjE1IiBzdG9wLWNvbG9yPSIjOUVDQ0ZEIi8+CjxzdG9wIG9mZnNldD0iMC41OTEzNDYiIHN0b3AtY29sb3I9IiMzRjlBRkIiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMEI3MEUwIi8+CjwvcmFkaWFsR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg== + # keysOrder: [] From 4d8dca8049a3ac707707e27e5cc057477a71ae95 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 13 Oct 2025 10:39:32 +0200 Subject: [PATCH 52/80] Add addtional check to wait for lineage-webhook Signed-off-by: Andrei Kvapil --- scripts/migrations/20 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/migrations/20 b/scripts/migrations/20 index 77abec8e..7e306126 100755 --- a/scripts/migrations/20 +++ b/scripts/migrations/20 @@ -28,6 +28,8 @@ cozypkg -n cozy-system -C packages/system/cozystack-api apply cozystack-api --pl helm upgrade --install -n cozy-system cozystack-controller ./packages/system/cozystack-controller/ --take-ownership sleep 5 +timeout 60 sh -c 'until kubectl create service clusterip lineage-webhook-test --clusterip="None" --dry-run=server; do sleep 1; done' + kubectl wait deployment/cozystack-api -n cozy-system --timeout=4m --for=condition=available || exit 1 kubectl wait deployment/cozystack-controller -n cozy-system --timeout=4m --for=condition=available || exit 1 From 346dce83d4b6c99ea32bdb88fbf648352627a8c7 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Mon, 13 Oct 2025 12:29:32 +0300 Subject: [PATCH 53/80] [api] Efficient listing of TenantNamespaces The Cozystack API server lists TenantNamespaces by running a SubjectAccessReview against every single requested namespace to see if the user can create a WorkloadMonitor there. Will this is robust in terms of permissions, delegating the authorization decision to the k8s API, this is incredibly inefficient and has caused high latency to the API. This patch simplifies the logic by instead getting the user's groups and checking if the namespace contains a rolebinding for that group. That way listing TenantNamespaces is reduced to a list call to the k8s API for namespaces and another list call for rolebindings across all namespaces, while authorization is done on the Cozystack API server instead of making further calls to the k8s API. ```release-note [api] Optimize listing of TenantNamespaces, fixes a bug causing very high latency to the k8s API. ``` Signed-off-by: Timofei Larkin --- pkg/apiserver/apiserver.go | 3 +- pkg/registry/core/tenantnamespace/rest.go | 117 ++++++++-------------- 2 files changed, 43 insertions(+), 77 deletions(-) diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 80220964..e829d336 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -138,8 +138,7 @@ func (c completedConfig) New() (*CozyServer, error) { coreV1alpha1Storage["tenantnamespaces"] = cozyregistry.RESTInPeace( tenantnamespacestorage.NewREST( clientset.CoreV1(), - clientset.AuthorizationV1(), - 20, + clientset.RbacV1(), ), ) coreV1alpha1Storage["tenantsecrets"] = cozyregistry.RESTInPeace( diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go index 3b18f3e3..a0b68357 100644 --- a/pkg/registry/core/tenantnamespace/rest.go +++ b/pkg/registry/core/tenantnamespace/rest.go @@ -7,13 +7,10 @@ package tenantnamespace import ( "context" "fmt" - "math" "net/http" "strings" - "sync" "time" - authorizationv1 "k8s.io/api/authorization/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" @@ -24,9 +21,8 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/klog/v2" + rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -50,21 +46,18 @@ var ( ) type REST struct { - core corev1client.CoreV1Interface - authClient authorizationv1client.AuthorizationV1Interface - maxWorkers int - gvr schema.GroupVersionResource + core corev1client.CoreV1Interface + rbac rbacv1client.RbacV1Interface + gvr schema.GroupVersionResource } func NewREST( coreCli corev1client.CoreV1Interface, - authCli authorizationv1client.AuthorizationV1Interface, - maxWorkers int, + rbacCli rbacv1client.RbacV1Interface, ) *REST { return &REST{ - core: coreCli, - authClient: authCli, - maxWorkers: maxWorkers, + core: coreCli, + rbac: rbacCli, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -271,76 +264,50 @@ func (r *REST) filterAccessible( ctx context.Context, names []string, ) ([]string, error) { - workers := int(math.Min(float64(r.maxWorkers), float64(len(names)))) - type job struct{ name string } - type res struct { - name string - allowed bool - err error + u, ok := request.UserFrom(ctx) + if !ok { + return []string{}, fmt.Errorf("user missing in context") } - jobs := make(chan job, workers) - out := make(chan res, workers) - - var wg sync.WaitGroup - for i := 0; i < workers; i++ { - wg.Add(1) - go func() { - defer wg.Done() - for j := range jobs { - ok, err := r.sar(ctx, j.name) - out <- res{j.name, ok, err} - } - }() + groups := make(map[string]struct{}) + for _, group := range u.GetGroups() { + groups[group] = struct{}{} } - go func() { wg.Wait(); close(out) }() - - go func() { - for _, n := range names { - jobs <- job{n} - } - close(jobs) - }() - - var allowed []string - for r := range out { - if r.err != nil { - klog.Errorf("SAR failed for %s: %v", r.name, r.err) + if _, ok = groups["cozystack-cluster-admin"]; ok { + return names, nil + } + nameSet := make(map[string]struct{}) + for _, name := range names { + nameSet[name] = struct{}{} + } + rbs, err := r.rbac.RoleBindings("").List(ctx, metav1.ListOptions{}) + if err != nil { + return []string{}, fmt.Errorf("failed to list rolebindings") + } + allowedNameSet := make(map[string]struct{}) + for i := range rbs.Items { + if _, ok := allowedNameSet[rbs.Items[i].Namespace]; ok { continue } - if r.allowed { - allowed = append(allowed, r.name) + if _, ok := nameSet[rbs.Items[i].Namespace]; !ok { + continue + } + for j := range rbs.Items[i].Subjects { + if rbs.Items[i].Subjects[j].Kind != "Group" { + continue + } + if _, ok = groups[rbs.Items[i].Subjects[j].Name]; ok { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break + } } } + allowed := make([]string, 0, len(allowedNameSet)) + for name := range allowedNameSet { + allowed = append(allowed, name) + } return allowed, nil } -func (r *REST) sar(ctx context.Context, ns string) (bool, error) { - u, ok := request.UserFrom(ctx) - if !ok || u == nil { - return false, fmt.Errorf("user missing in context") - } - - sar := &authorizationv1.SubjectAccessReview{ - Spec: authorizationv1.SubjectAccessReviewSpec{ - User: u.GetName(), - Groups: u.GetGroups(), - ResourceAttributes: &authorizationv1.ResourceAttributes{ - Group: "cozystack.io", - Resource: "workloadmonitors", - Verb: "get", - Namespace: ns, - }, - }, - } - - rsp, err := r.authClient.SubjectAccessReviews(). - Create(ctx, sar, metav1.CreateOptions{}) - if err != nil { - return false, err - } - return rsp.Status.Allowed, nil -} - // ----------------------------------------------------------------------------- // Boiler-plate // ----------------------------------------------------------------------------- From 1a49cbef2d681d3f48344afe8cbebed344035edf Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Mon, 13 Oct 2025 14:15:29 +0300 Subject: [PATCH 54/80] The Cozystack Kubernetes tests are now POSIX-compatible and more robust. This patch replaces bash-specific [[ ... ]] expressions in the run_kubernetes_test function with POSIX-compliant case and test constructs. It ensures that the Kubernetes version on each worker node is verified correctly and that required components (CoreDNS, Cilium, ingress-nginx, vsnap-crd) are ready before proceeding. Now the tests work reliably even when executed with /bin/sh, such as in Bats. ```release-note [tests] Make Kubernetes tests POSIX-compliant and more reliable: verify worker node versions and ensure required releases (CoreDNS, Cilium, ingress-nginx, vsnap-crd) are installed and ready. ``` Signed-off-by: IvanHunters --- hack/e2e-apps/run-kubernetes.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/hack/e2e-apps/run-kubernetes.sh b/hack/e2e-apps/run-kubernetes.sh index 7c7f347a..716b40dc 100644 --- a/hack/e2e-apps/run-kubernetes.sh +++ b/hack/e2e-apps/run-kubernetes.sh @@ -64,19 +64,19 @@ spec: EOF # Wait for the tenant-test namespace to be active kubectl wait namespace tenant-test --timeout=20s --for=jsonpath='{.status.phase}'=Active - + # Wait for the Kamaji control plane to be created (retry for up to 10 seconds) timeout 10 sh -ec 'until kubectl get kamajicontrolplane -n tenant-test kubernetes-'"${test_name}"'; do sleep 1; done' # Wait for the tenant control plane to be fully created (timeout after 4 minutes) kubectl wait --for=condition=TenantControlPlaneCreated kamajicontrolplane -n tenant-test kubernetes-${test_name} --timeout=4m - + # Wait for Kubernetes resources to be ready (timeout after 2 minutes) kubectl wait tcp -n tenant-test kubernetes-${test_name} --timeout=2m --for=jsonpath='{.status.kubernetesResources.version.status}'=Ready - + # Wait for all required deployments to be available (timeout after 4 minutes) kubectl wait deploy --timeout=4m --for=condition=available -n tenant-test kubernetes-${test_name} kubernetes-${test_name}-cluster-autoscaler kubernetes-${test_name}-kccm kubernetes-${test_name}-kcsi-controller - + # Wait for the machine deployment to scale to 2 replicas (timeout after 1 minute) kubectl wait machinedeployment kubernetes-${test_name}-md0 -n tenant-test --timeout=1m --for=jsonpath='{.status.replicas}'=2 # Get the admin kubeconfig and save it to a file @@ -105,9 +105,11 @@ EOF versions=$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}') node_ok=true - if [[ "$k8s_version" == v1.32* ]]; then - echo "⚠️ TODO: Temporary stub — allowing nodes with v1.33 while k8s_version is v1.32" - fi + case "$k8s_version" in + v1.32*) + echo "⚠️ TODO: Temporary stub — allowing nodes with v1.33 while k8s_version is v1.32" + ;; + esac for v in $versions; do case "$k8s_version" in @@ -134,7 +136,7 @@ EOF esac done - if ! $node_ok; then + if [ "$node_ok" != true ]; then echo "Kubelet versions did not match expected ${k8s_version}" >&2 exit 1 fi From f2a8e2d45db16bcbe0b47da30642954bbd769cdd Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 13 Oct 2025 14:49:46 +0200 Subject: [PATCH 55/80] [dashboard] Fix logout Signed-off-by: Andrei Kvapil --- packages/system/dashboard/templates/gatekeeper.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/system/dashboard/templates/gatekeeper.yaml b/packages/system/dashboard/templates/gatekeeper.yaml index 0bf20b02..b4503f4f 100644 --- a/packages/system/dashboard/templates/gatekeeper.yaml +++ b/packages/system/dashboard/templates/gatekeeper.yaml @@ -55,6 +55,8 @@ spec: - --http-address=0.0.0.0:8000 - --redirect-url=https://dashboard.{{ $host }}/oauth2/callback - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy + - --backend-logout-url=https://keycloak.{{ $host }}/realms/cozy/protocol/openid-connect/logout?id_token_hint={id_token} + - --whitelist-domain=keycloak.{{ $host }} - --email-domain=* - --pass-access-token=true - --pass-authorization-header=true From 2a508c4f29a87afa8fa32145bd5cbb6414bf3f70 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 13 Oct 2025 15:15:39 +0200 Subject: [PATCH 56/80] [api] Fix RBAC for listing of TenantNamespaces and handle system:masters Signed-off-by: Andrei Kvapil --- packages/system/cozystack-api/templates/rbac.yaml | 3 +++ pkg/registry/core/tenantnamespace/rest.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/packages/system/cozystack-api/templates/rbac.yaml b/packages/system/cozystack-api/templates/rbac.yaml index 1a169d86..e4b3aca9 100644 --- a/packages/system/cozystack-api/templates/rbac.yaml +++ b/packages/system/cozystack-api/templates/rbac.yaml @@ -6,6 +6,9 @@ rules: - apiGroups: [""] resources: ["namespaces", "secrets"] verbs: ["get", "watch", "list"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["rolebindings"] + verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["secrets"] verbs: ["create", "update", "patch", "delete"] diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go index a0b68357..f5196cad 100644 --- a/pkg/registry/core/tenantnamespace/rest.go +++ b/pkg/registry/core/tenantnamespace/rest.go @@ -272,6 +272,9 @@ func (r *REST) filterAccessible( for _, group := range u.GetGroups() { groups[group] = struct{}{} } + if _, ok = groups["system:masters"]; ok { + return names, nil + } if _, ok = groups["cozystack-cluster-admin"]; ok { return names, nil } From 2a82273902de0ba52e2c084a86bc1a95a3a34328 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Mon, 13 Oct 2025 19:03:40 +0300 Subject: [PATCH 57/80] [lineage] Separate webhook from cozy controller The lineage-controller-webhook makes a lot of outgoing API calls for every event it handles, contributing to a high API server latency, increasing the number of in-flight requests and generally degrading performance. This patch remedies this by separating the lineage component from the cozystack-controller and deploying it as a separate component on all control-plane nodes. Additionally, a new internal label is introduced to track if a resource has already been handled by the webhook. This label is used to exclude such resources from consideration. Addresses #1513. ```release-note [lineage] Break webhook out into a separate daemonset. Reduce unnecessary webhook calls by marking handled resources and excluding them from consideration by the webhook's object selector. ``` Signed-off-by: Timofei Larkin --- Makefile | 1 + cmd/cozystack-controller/main.go | 15 -- cmd/lineage-controller-webhook/main.go | 179 ++++++++++++++++++ docs/changelogs/unreleased.md | 3 + internal/lineagecontrollerwebhook/webhook.go | 18 +- .../core/platform/bundles/distro-full.yaml | 6 + .../core/platform/bundles/distro-hosted.yaml | 6 + packages/core/platform/bundles/paas-full.yaml | 6 + .../core/platform/bundles/paas-hosted.yaml | 6 + .../templates/certmanager.yaml | 45 ----- .../templates/deployment.yaml | 12 -- .../lineage-controller-webhook/.gitignore | 27 +++ .../lineage-controller-webhook/Chart.yaml | 3 + .../lineage-controller-webhook/Makefile | 18 ++ .../lineage-controller-webhook/Dockerfile | 23 +++ .../templates/certmanager.yaml | 45 +++++ .../templates/daemonset.yaml | 46 +++++ .../mutatingwebhookconfiguration.yaml | 8 +- .../templates/rbac-bind.yaml | 12 ++ .../templates/rbac.yaml | 8 + .../templates/sa.yaml | 4 + .../templates/service.yaml | 7 +- .../lineage-controller-webhook/values.yaml | 3 + 23 files changed, 419 insertions(+), 82 deletions(-) create mode 100644 cmd/lineage-controller-webhook/main.go create mode 100644 docs/changelogs/unreleased.md delete mode 100644 packages/system/cozystack-controller/templates/certmanager.yaml create mode 100644 packages/system/lineage-controller-webhook/.gitignore create mode 100644 packages/system/lineage-controller-webhook/Chart.yaml create mode 100644 packages/system/lineage-controller-webhook/Makefile create mode 100644 packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile create mode 100644 packages/system/lineage-controller-webhook/templates/certmanager.yaml create mode 100644 packages/system/lineage-controller-webhook/templates/daemonset.yaml rename packages/system/{cozystack-controller => lineage-controller-webhook}/templates/mutatingwebhookconfiguration.yaml (81%) create mode 100644 packages/system/lineage-controller-webhook/templates/rbac-bind.yaml create mode 100644 packages/system/lineage-controller-webhook/templates/rbac.yaml create mode 100644 packages/system/lineage-controller-webhook/templates/sa.yaml rename packages/system/{cozystack-controller => lineage-controller-webhook}/templates/service.yaml (55%) create mode 100644 packages/system/lineage-controller-webhook/values.yaml diff --git a/Makefile b/Makefile index c941a9ff..bb5eb40e 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,7 @@ build: build-deps make -C packages/extra/monitoring image make -C packages/system/cozystack-api image make -C packages/system/cozystack-controller image + make -C packages/system/lineage-controller-webhook image make -C packages/system/cilium image make -C packages/system/kubeovn image make -C packages/system/kubeovn-webhook image diff --git a/cmd/cozystack-controller/main.go b/cmd/cozystack-controller/main.go index f774284a..c2ceb451 100644 --- a/cmd/cozystack-controller/main.go +++ b/cmd/cozystack-controller/main.go @@ -39,7 +39,6 @@ import ( cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" "github.com/cozystack/cozystack/internal/controller" "github.com/cozystack/cozystack/internal/controller/dashboard" - lcw "github.com/cozystack/cozystack/internal/lineagecontrollerwebhook" "github.com/cozystack/cozystack/internal/telemetry" helmv2 "github.com/fluxcd/helm-controller/api/v2" @@ -222,20 +221,6 @@ func main() { os.Exit(1) } - // special one that's both a webhook and a reconciler - lineageControllerWebhook := &lcw.LineageControllerWebhook{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), - } - if err := lineageControllerWebhook.SetupWithManagerAsController(mgr); err != nil { - setupLog.Error(err, "unable to setup controller", "controller", "LineageController") - os.Exit(1) - } - if err := lineageControllerWebhook.SetupWithManagerAsWebhook(mgr); err != nil { - setupLog.Error(err, "unable to setup webhook", "webhook", "LineageWebhook") - os.Exit(1) - } - // +kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/cmd/lineage-controller-webhook/main.go b/cmd/lineage-controller-webhook/main.go new file mode 100644 index 00000000..ffe0942b --- /dev/null +++ b/cmd/lineage-controller-webhook/main.go @@ -0,0 +1,179 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + "os" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" + lcw "github.com/cozystack/cozystack/internal/lineagecontrollerwebhook" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + var probeAddr string + var secureMetrics bool + var enableHTTP2 bool + var tlsOpts []func(*tls.Config) + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+ + "Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", true, + "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") + flag.BoolVar(&enableHTTP2, "enable-http2", false, + "If set, HTTP/2 will be enabled for the metrics and webhook servers") + opts := zap.Options{ + Development: false, + } + opts.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + setupLog.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + if !enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: tlsOpts, + }) + + // Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server. + // More info: + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/server + // - https://book.kubebuilder.io/reference/metrics.html + metricsServerOptions := metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: secureMetrics, + TLSOpts: tlsOpts, + } + + if secureMetrics { + // FilterProvider is used to protect the metrics endpoint with authn/authz. + // These configurations ensure that only authorized users and service accounts + // can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info: + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/filters#WithAuthenticationAndAuthorization + metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization + + // TODO(user): If CertDir, CertName, and KeyName are not specified, controller-runtime will automatically + // generate self-signed certificates for the metrics server. While convenient for development and testing, + // this setup is not recommended for production. + } + + // Configure rate limiting for the Kubernetes client + config := ctrl.GetConfigOrDie() + config.QPS = 50.0 // Increased from default 5.0 + config.Burst = 100 // Increased from default 10 + + mgr, err := ctrl.NewManager(config, ctrl.Options{ + Scheme: scheme, + Metrics: metricsServerOptions, + WebhookServer: webhookServer, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "8796f12d.cozystack.io", + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + // LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + + lineageControllerWebhook := &lcw.LineageControllerWebhook{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + } + if err := lineageControllerWebhook.SetupWithManagerAsController(mgr); err != nil { + setupLog.Error(err, "unable to setup controller", "controller", "LineageController") + os.Exit(1) + } + if err := lineageControllerWebhook.SetupWithManagerAsWebhook(mgr); err != nil { + setupLog.Error(err, "unable to setup webhook", "webhook", "LineageWebhook") + os.Exit(1) + } + + // +kubebuilder:scaffold:builder + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/docs/changelogs/unreleased.md b/docs/changelogs/unreleased.md new file mode 100644 index 00000000..1ea38313 --- /dev/null +++ b/docs/changelogs/unreleased.md @@ -0,0 +1,3 @@ +# Changes after v0.37.0 + +* [lineage] Break webhook out into a separate daemonset. Reduce unnecessary webhook calls by marking handled resources and excluding them from consideration by the webhook's object selector (@lllamnyp in #1515). diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index 1e7739b7..0841c891 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -26,6 +26,13 @@ var ( AncestryAmbiguous = fmt.Errorf("object ancestry is ambiguous") ) +const ( + ManagedObjectKey = "internal.cozystack.io/managed-by-cozystack" + ManagerGroupKey = "apps.cozystack.io/application.group" + ManagerKindKey = "apps.cozystack.io/application.kind" + ManagerNameKey = "apps.cozystack.io/application.name" +) + // getResourceSelectors returns the appropriate CozystackResourceDefinitionResources for a given GroupKind func (h *LineageControllerWebhook) getResourceSelectors(gk schema.GroupKind, crd *cozyv1alpha1.CozystackResourceDefinition) *cozyv1alpha1.CozystackResourceDefinitionResources { switch { @@ -91,7 +98,7 @@ func (h *LineageControllerWebhook) Handle(ctx context.Context, req admission.Req labels, err := h.computeLabels(ctx, obj) for { if err != nil && errors.Is(err, NoAncestors) { - return admission.Allowed("object not managed by app") + break // not a problem, mark object as unmanaged } if err != nil && errors.Is(err, AncestryAmbiguous) { warn = append(warn, "object ancestry ambiguous, using first ancestor found") @@ -119,7 +126,7 @@ func (h *LineageControllerWebhook) Handle(ctx context.Context, req admission.Req func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstructured.Unstructured) (map[string]string, error) { owners := lineage.WalkOwnershipGraph(ctx, h.dynClient, h.mapper, h, o) if len(owners) == 0 { - return nil, NoAncestors + return map[string]string{ManagedObjectKey: "false"}, NoAncestors } obj, err := owners[0].GetUnstructured(ctx, h.dynClient, h.mapper) if err != nil { @@ -135,7 +142,8 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc } labels := map[string]string{ // truncate apigroup to first 63 chars - "apps.cozystack.io/application.group": func(s string) string { + ManagedObjectKey: "true", + ManagerGroupKey: func(s string) string { if len(s) < 63 { return s } @@ -145,8 +153,8 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc } return s }(gv.Group), - "apps.cozystack.io/application.kind": obj.GetKind(), - "apps.cozystack.io/application.name": obj.GetName(), + ManagerKindKey: obj.GetKind(), + ManagerNameKey: obj.GetName(), } templateLabels := map[string]string{ "kind": strings.ToLower(obj.GetKind()), diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index 1b7366be..ed52a83a 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -68,6 +68,12 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cilium,cert-manager] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index 55a8688e..83aa81d9 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -36,6 +36,12 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cert-manager] + - name: cert-manager releaseName: cert-manager chart: cozy-cert-manager diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 556847ff..2322aee2 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -105,6 +105,12 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cilium,kubeovn,cert-manager] + - name: cozystack-resource-definition-crd releaseName: cozystack-resource-definition-crd chart: cozystack-resource-definition-crd diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 055c29cf..93593673 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -52,6 +52,12 @@ releases: disableTelemetry: true {{- end }} +- name: lineage-controller-webhook + releaseName: lineage-controller-webhook + chart: cozy-lineage-controller-webhook + namespace: cozy-system + dependsOn: [cozystack-controller,cert-manager] + - name: cozystack-resource-definition-crd releaseName: cozystack-resource-definition-crd chart: cozystack-resource-definition-crd diff --git a/packages/system/cozystack-controller/templates/certmanager.yaml b/packages/system/cozystack-controller/templates/certmanager.yaml deleted file mode 100644 index 6d9bce7d..00000000 --- a/packages/system/cozystack-controller/templates/certmanager.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: cozystack-controller-webhook-selfsigned - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: cozystack-controller-webhook-ca - namespace: {{ .Release.Namespace }} -spec: - secretName: cozystack-controller-webhook-ca - duration: 43800h # 5 years - commonName: cozystack-controller-webhook-ca - issuerRef: - name: cozystack-controller-webhook-selfsigned - isCA: true ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: cozystack-controller-webhook-ca - namespace: {{ .Release.Namespace }} -spec: - ca: - secretName: cozystack-controller-webhook-ca ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: cozystack-controller-webhook - namespace: {{ .Release.Namespace }} -spec: - secretName: cozystack-controller-webhook-cert - duration: 8760h - renewBefore: 720h - issuerRef: - name: cozystack-controller-webhook-ca - commonName: cozystack-controller - dnsNames: - - cozystack-controller - - cozystack-controller.{{ .Release.Namespace }}.svc diff --git a/packages/system/cozystack-controller/templates/deployment.yaml b/packages/system/cozystack-controller/templates/deployment.yaml index 318ec3b2..bac865ef 100644 --- a/packages/system/cozystack-controller/templates/deployment.yaml +++ b/packages/system/cozystack-controller/templates/deployment.yaml @@ -28,15 +28,3 @@ spec: {{- if .Values.cozystackController.disableTelemetry }} - --disable-telemetry {{- end }} - ports: - - name: webhook - containerPort: 9443 - volumeMounts: - - name: webhook-certs - mountPath: /tmp/k8s-webhook-server/serving-certs - readOnly: true - volumes: - - name: webhook-certs - secret: - secretName: cozystack-controller-webhook-cert - defaultMode: 0400 diff --git a/packages/system/lineage-controller-webhook/.gitignore b/packages/system/lineage-controller-webhook/.gitignore new file mode 100644 index 00000000..ada68ff0 --- /dev/null +++ b/packages/system/lineage-controller-webhook/.gitignore @@ -0,0 +1,27 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Go workspace file +go.work + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +.vscode +*.swp +*.swo +*~ diff --git a/packages/system/lineage-controller-webhook/Chart.yaml b/packages/system/lineage-controller-webhook/Chart.yaml new file mode 100644 index 00000000..5b262f05 --- /dev/null +++ b/packages/system/lineage-controller-webhook/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-lineage-controller-webhook +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/lineage-controller-webhook/Makefile b/packages/system/lineage-controller-webhook/Makefile new file mode 100644 index 00000000..04d81a12 --- /dev/null +++ b/packages/system/lineage-controller-webhook/Makefile @@ -0,0 +1,18 @@ +NAME=lineage-controller-webhook +NAMESPACE=cozy-system + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk + +image: image-lineage-controller-webhook + +image-lineage-controller-webhook: + docker buildx build -f images/lineage-controller-webhook/Dockerfile ../../.. \ + --tag $(REGISTRY)/lineage-controller-webhook:$(call settag,$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/lineage-controller-webhook:latest \ + --cache-to type=inline \ + --metadata-file images/lineage-controller-webhook.json \ + $(BUILDX_ARGS) + IMAGE="$(REGISTRY)/lineage-controller-webhook:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/lineage-controller-webhook.json -o json -r)" \ + yq -i '.lineageControllerWebhook.image = strenv(IMAGE)' values.yaml + rm -f images/lineage-controller-webhook.json diff --git a/packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile b/packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile new file mode 100644 index 00000000..e043e472 --- /dev/null +++ b/packages/system/lineage-controller-webhook/images/lineage-controller-webhook/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.24-alpine AS builder + +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace + +COPY go.mod go.sum ./ +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go mod download + +COPY api api/ +COPY pkg pkg/ +COPY cmd cmd/ +COPY internal internal/ + +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -ldflags="-extldflags=-static" -o /lineage-controller-webhook cmd/lineage-controller-webhook/main.go + +FROM scratch + +COPY --from=builder /lineage-controller-webhook /lineage-controller-webhook +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +ENTRYPOINT ["/lineage-controller-webhook"] diff --git a/packages/system/lineage-controller-webhook/templates/certmanager.yaml b/packages/system/lineage-controller-webhook/templates/certmanager.yaml new file mode 100644 index 00000000..c2dc18d2 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/certmanager.yaml @@ -0,0 +1,45 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: lineage-controller-webhook-selfsigned + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: lineage-controller-webhook-ca + namespace: {{ .Release.Namespace }} +spec: + secretName: lineage-controller-webhook-ca + duration: 43800h # 5 years + commonName: lineage-controller-webhook-ca + issuerRef: + name: lineage-controller-webhook-selfsigned + isCA: true +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: lineage-controller-webhook-ca + namespace: {{ .Release.Namespace }} +spec: + ca: + secretName: lineage-controller-webhook-ca +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: lineage-controller-webhook + namespace: {{ .Release.Namespace }} +spec: + secretName: lineage-controller-webhook-cert + duration: 8760h + renewBefore: 720h + issuerRef: + name: lineage-controller-webhook-ca + commonName: lineage-controller-webhook + dnsNames: + - lineage-controller-webhook + - lineage-controller-webhook.{{ .Release.Namespace }}.svc diff --git a/packages/system/lineage-controller-webhook/templates/daemonset.yaml b/packages/system/lineage-controller-webhook/templates/daemonset.yaml new file mode 100644 index 00000000..177bcd8b --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/daemonset.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: lineage-controller-webhook + labels: + app: lineage-controller-webhook +spec: + selector: + matchLabels: + app: lineage-controller-webhook + template: + metadata: + labels: + app: lineage-controller-webhook + spec: + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + serviceAccountName: lineage-controller-webhook + containers: + - name: lineage-controller-webhook + image: "{{ .Values.lineageControllerWebhook.image }}" + args: + {{- if .Values.lineageControllerWebhook.debug }} + - --zap-log-level=debug + {{- else }} + - --zap-log-level=info + {{- end }} + ports: + - name: webhook + containerPort: 9443 + volumeMounts: + - name: webhook-certs + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + volumes: + - name: webhook-certs + secret: + secretName: lineage-controller-webhook-cert + defaultMode: 0400 diff --git a/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml b/packages/system/lineage-controller-webhook/templates/mutatingwebhookconfiguration.yaml similarity index 81% rename from packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml rename to packages/system/lineage-controller-webhook/templates/mutatingwebhookconfiguration.yaml index f246865c..88b62a21 100644 --- a/packages/system/cozystack-controller/templates/mutatingwebhookconfiguration.yaml +++ b/packages/system/lineage-controller-webhook/templates/mutatingwebhookconfiguration.yaml @@ -3,7 +3,7 @@ kind: MutatingWebhookConfiguration metadata: name: lineage annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/cozystack-controller-webhook + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/lineage-controller-webhook labels: app: cozystack-controller webhooks: @@ -12,7 +12,7 @@ webhooks: sideEffects: None clientConfig: service: - name: cozystack-controller + name: lineage-controller-webhook namespace: {{ .Release.Namespace }} path: /mutate-lineage rules: @@ -40,3 +40,7 @@ webhooks: values: - kube-system - default + objectSelector: + matchExpressions: + - key: internal.cozystack.io/managed-by-cozystack + operator: DoesNotExist diff --git a/packages/system/lineage-controller-webhook/templates/rbac-bind.yaml b/packages/system/lineage-controller-webhook/templates/rbac-bind.yaml new file mode 100644 index 00000000..9a509d08 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/rbac-bind.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: lineage-controller-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: lineage-controller-webhook +subjects: +- kind: ServiceAccount + name: lineage-controller-webhook + namespace: {{ .Release.Namespace }} diff --git a/packages/system/lineage-controller-webhook/templates/rbac.yaml b/packages/system/lineage-controller-webhook/templates/rbac.yaml new file mode 100644 index 00000000..d8b3f871 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/rbac.yaml @@ -0,0 +1,8 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lineage-controller-webhook +rules: +- apiGroups: ['*'] + resources: ['*'] + verbs: ["get", "list", "watch"] diff --git a/packages/system/lineage-controller-webhook/templates/sa.yaml b/packages/system/lineage-controller-webhook/templates/sa.yaml new file mode 100644 index 00000000..a17761f0 --- /dev/null +++ b/packages/system/lineage-controller-webhook/templates/sa.yaml @@ -0,0 +1,4 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lineage-controller-webhook diff --git a/packages/system/cozystack-controller/templates/service.yaml b/packages/system/lineage-controller-webhook/templates/service.yaml similarity index 55% rename from packages/system/cozystack-controller/templates/service.yaml rename to packages/system/lineage-controller-webhook/templates/service.yaml index 8cc0eb61..c5df90fb 100644 --- a/packages/system/cozystack-controller/templates/service.yaml +++ b/packages/system/lineage-controller-webhook/templates/service.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: cozystack-controller + name: lineage-controller-webhook labels: - app: cozystack-controller + app: lineage-controller-webhook spec: + internalTrafficPolicy: Local type: ClusterIP ports: - port: 443 @@ -12,4 +13,4 @@ spec: protocol: TCP name: webhook selector: - app: cozystack-controller + app: lineage-controller-webhook diff --git a/packages/system/lineage-controller-webhook/values.yaml b/packages/system/lineage-controller-webhook/values.yaml new file mode 100644 index 00000000..068de2d6 --- /dev/null +++ b/packages/system/lineage-controller-webhook/values.yaml @@ -0,0 +1,3 @@ +lineageControllerWebhook: + image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v0.37.0@sha256:845b8e68cbc277c2303080bcd55597e4334610d396dad258ad56fd906530acc3 + debug: false From 671e13df7021663a721407f81fa496e195365865 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Tue, 14 Oct 2025 12:37:47 +0200 Subject: [PATCH 58/80] [api] Fix listing tenantnamespaces for non-oidc users Signed-off-by: Andrei Kvapil --- pkg/registry/core/tenantnamespace/rest.go | 24 +++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go index f5196cad..56098740 100644 --- a/pkg/registry/core/tenantnamespace/rest.go +++ b/pkg/registry/core/tenantnamespace/rest.go @@ -294,13 +294,25 @@ func (r *REST) filterAccessible( if _, ok := nameSet[rbs.Items[i].Namespace]; !ok { continue } + subjectLoop: for j := range rbs.Items[i].Subjects { - if rbs.Items[i].Subjects[j].Kind != "Group" { - continue - } - if _, ok = groups[rbs.Items[i].Subjects[j].Name]; ok { - allowedNameSet[rbs.Items[i].Namespace] = struct{}{} - break + subj := rbs.Items[i].Subjects[j] + switch subj.Kind { + case "Group": + if _, ok = groups[subj.Name]; ok { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break subjectLoop + } + case "User": + if subj.Name == u.GetName() { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break subjectLoop + } + case "ServiceAccount": + if u.GetName() == fmt.Sprintf("system:serviceaccount:%s:%s", subj.Namespace, subj.Name) { + allowedNameSet[rbs.Items[i].Namespace] = struct{}{} + break subjectLoop + } } } } From fe8ec75ac79e3ccc7ce24f160beef60ed1b35796 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Tue, 14 Oct 2025 15:55:04 +0300 Subject: [PATCH 59/80] [bucket] Expose bucket name in secrets. The object storage controller creates secrets with bucket credentials that have no reference to the parent BucketAccess object. Because of this they cannot be linked to the managing app (buckets.apps.cozystack.io) and are not displayed in the new dashboard. This change patches the auxiliary helm release -system to include the bucket name in __its__ secret, so that the necessary secret values is still presented to the user. ```release-note [bucket] Expose bucket name in tenant secret. ``` Signed-off-by: Timofei Larkin --- packages/system/bucket/templates/secret.yaml | 2 ++ packages/system/seaweedfs/values.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/system/bucket/templates/secret.yaml b/packages/system/bucket/templates/secret.yaml index 9c5442ce..15474569 100644 --- a/packages/system/bucket/templates/secret.yaml +++ b/packages/system/bucket/templates/secret.yaml @@ -3,6 +3,7 @@ {{- $accessKeyID := index $bucketInfo.spec.secretS3 "accessKeyID" }} {{- $accessSecretKey := index $bucketInfo.spec.secretS3 "accessSecretKey" }} {{- $endpoint := index $bucketInfo.spec.secretS3 "endpoint" }} +{{- $bucketName := index $bucketInfo.spec "bucketName" }} apiVersion: v1 kind: Secret @@ -13,6 +14,7 @@ stringData: accessKey: {{ $accessKeyID | quote }} secretKey: {{ $accessSecretKey | quote }} endpoint: {{ trimPrefix "https://" $endpoint }} + bucketName: {{ $bucketName | quote }} --- apiVersion: v1 kind: Secret diff --git a/packages/system/seaweedfs/values.yaml b/packages/system/seaweedfs/values.yaml index e12102e7..05792a48 100644 --- a/packages/system/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/values.yaml @@ -120,7 +120,7 @@ seaweedfs: bucketClassName: "seaweedfs" region: "" sidecar: - image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.37.0@sha256:f166f09cdc9cdbb758209883819ab8261a3793bc1d7a6b6685efd5a2b2930847" + image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:latest@sha256:f4ec2b5ec8183870e710b32fa11b3af5d97fa664572df5edcff4b593b00f9a7b" certificates: commonName: "SeaweedFS CA" ipAddresses: [] From 1f0edc5f79d6f83fdf23bc6e343277d5ffb28907 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Tue, 14 Oct 2025 08:21:10 +0300 Subject: [PATCH 60/80] [docs] Changelog for v0.37 Signed-off-by: Timofei Larkin --- docs/changelogs/v0.37.0.md | 117 +++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 docs/changelogs/v0.37.0.md diff --git a/docs/changelogs/v0.37.0.md b/docs/changelogs/v0.37.0.md new file mode 100644 index 00000000..87dd3c9d --- /dev/null +++ b/docs/changelogs/v0.37.0.md @@ -0,0 +1,117 @@ +# Cozystack v0.37 — “OpenAPI Dashboard & Lineage Everywhere” + +We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven dashboard**, lineage labeling across core resource types, and several reliability improvements to smooth upgrades from 0.36→ 0.37. Below are the highlights and the full categorized lists. + +## Highlights + +* **New OpenAPI-based Dashboard** replaces the old UI, adds module-aware navigation, dynamic branding, and richer Kubernetes resource views ([**@kvaps**](https://github.com/kvaps) in #1269, #1463, #1460). +* **Lineage Webhook** tags Pods, PVCs, Services, Ingresses, and Secrets, adding labels referencing the managing Cozystack application ([**@lllamnyp**](https://github.com/lllamnyp) in #1448, #1452, #1477, #1486, #1497; [**@kvaps**](https://github.com/kvaps) in #1454). +* **Smoother upgrades** with installer and migration hardening, decoupled CRDs vs. API server ([**@lllamnyp**](https://github.com/lllamnyp) in #1494, #1498; [**@kvaps**](https://github.com/kvaps) in #1506). +* **Operations quality**: Kubernetes tests with smarter waits/readiness checks ([**@IvanHunters**](https://github.com/IvanHunters) in #1485). + +--- + +## New features + +### Dashboard + +* Introduce the OpenAPI-based dashboard and controller; implement TenantNamespace, TenantModules, TenantSecret/SecretsTable resources ([**@kvaps**](https://github.com/kvaps) in #1269). +* Module-aware navigation, richer detail views (Services/Secrets/Ingresses), improved sidebars; “Tenant Modules” grouping ([**@kvaps**](https://github.com/kvaps) in #1463). +* Dynamic branding via cluster config (tenant name, footer/title, logo/icon SVGs) ([**@kvaps**](https://github.com/kvaps) in #1460). +* Dashboard: fix namespace listing for unprivileged users and stabilize streamed requests; build-time patching ([**@kvaps**](https://github.com/kvaps) in #1456). +* Dashboard UX set: marketplace hides module resources; consistent navigation/links; prefill “name” in forms; ingress factory; formatted TenantNamespaces tables ([**@kvaps**](https://github.com/kvaps) in #1463). +* **Dashboard**: list modules reliably; remove Tenant from Marketplace; fix field override while typing ([**@kvaps**](https://github.com/kvaps) in #1501, #1503). +* **Dashboard**: correct API group for applications; sidebars; disable auto-expand; fix `/docs` redirect ([**@kvaps**](https://github.com/kvaps) in #1463, #1465, #1462). +* **Dashboard**: show Secrets with empty values correctly ([**@kvaps**](https://github.com/kvaps) in #1480). +* Dashboard configuration refactor: generate static resources at startup; auto-cleanup stale objects; higher controller client throughput ([**@kvaps**](https://github.com/kvaps) in #1457). + +### Migration to v0.37 +* **Installer/Migrations**: prevent unintended deletion of platform resource definitions; resilient timestamping; tolerant annotations; stronger migrate-then-reconcile flow ([**@kvaps**](https://github.com/kvaps) in #1475; Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498). +* Installer hardening for **migration #20**: packaged apply, ordered waits/readiness checks, RFC3339(nano) stamping; Helm in installer image (Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498). +* **Decoupled API & CozyRDs**: You can now upgrade the Cozystack API server independently of CRDs/CozyRD instances, easing 0.36 → 0.37 migrations ([**@lllamnyp**](https://github.com/lllamnyp) in #1494). +* **Migration #20**: The installer runs migration from packaged Helm charts with ordered waits/readiness checks; annotations are tolerant; timestamps are environment-robust (Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498; [**@kvaps**](https://github.com/kvaps) in #1475). + +### Webhook / Lineage + +* Add a lineage mutating webhook to auto-label Pods/Secrets/PVCs/Ingresses/WorkloadMonitors with owning app ([**@lllamnyp**](https://github.com/lllamnyp) in #1448, #1497, [**@kvaps**](https://github.com/kvaps) in #1454). +* **Name-based** selectors for Secret visibility (templates supported) ([**@lllamnyp**](https://github.com/lllamnyp) in #1477). +* Select **Services** and **Ingresses** in CRDs/API; treat them as user-facing when configured ([**@lllamnyp**](https://github.com/lllamnyp) in #1486). +* **VictoriaMetrics integration**: Lineage labels are explicitly set on VM resources; `managedMetadata` is configured to avoid controller “fights” over labels ([**@lllamnyp**](https://github.com/lllamnyp) in #1452). +* Webhook **excludes** `default` and `kube-system` to avoid unintended mutations (part of the installer/migration hardening by Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498). + +### API / Platform + +* Decouple the Cozystack API from Cozystack Resource Definitions to allow independent upgrades ([**@lllamnyp**](https://github.com/lllamnyp) in #1494). +* Add **label selectors** to app definitions for Secret include/exclude ([**@lllamnyp**](https://github.com/lllamnyp) in #1447). + +### Monitoring & Ops + +* Reduce node labelsets in target relabeling configs on cadvisor/kubelet metrics to reduce cardinality while keeping useful CPU metrics ([**@IvanHunters**](https://github.com/IvanHunters) in #1455). + +### Storage & Backups + +* PVC expansion in tenant clusters via KubeVirt CSI resizer; RBAC updates (Klinch0 in #1438). +* Velero upgraded to **v1.17.0**; node agent enabled by default and a raft of usability features ([**@kvaps**](https://github.com/kvaps) in #1484). + +### Kubernetes/tests & Tooling + +* Smarter Kubernetes test flows: node readiness checks, kubelet version validation, longer rollout waits, per-component readiness ([**@IvanHunters**](https://github.com/IvanHunters) in #1485). + +### UI/Icons + +* New **VM-Disk** SVG icon ([**@kvapsova**](https://github.com/kvapsova) in #1435). + +--- + +## Improvements (minor) + +* Make the **Info** app deploy irrespective of OIDC settings ([**klinch0**](https://github.com/klinch0) in #1474). +* Move SA token Secret creation to **Info** app ([**@lllamnyp**](https://github.com/lllamnyp) in #1446). +* Explicitly set lineage labels for VictoriaMetrics resources ([**@lllamnyp**](https://github.com/lllamnyp) in #1452). + +--- + +## Bug fixes + +* **Kubernetes**: fix MachineDeployment `spec.selector` mismatch to ensure proper targeting ([**@kvaps**](https://github.com/kvaps) in #1502). +* **Old dashboard**: FerretDB spec typo prevented deploy/display ([**@lllamnyp**](https://github.com/lllamnyp) in #1440). +* **SeaweedFS**: fix per-zone size fallback for multi-DC volumes; make migrations more robust ([**@kvaps**](https://github.com/kvaps) in #1476, #1430). +* **CoreDNS**: pin tag to v1.12.4 ([**@kvaps**](https://github.com/kvaps) in #1469). +* **OIDC**: avoid creating KeycloakRealmGroup before operator API is available ([**@lllamnyp**](https://github.com/lllamnyp) in #1495). +* **Kafka**: disable noisy alerts when Kafka isn’t deployed ([**@lllamnyp**](https://github.com/lllamnyp) in #1488). + +--- + +## Dependency & version updates + +* **Velero → v1.17.0**; Helm chart v11; node agent default-on ([**@kvaps**](https://github.com/kvaps) in #1484). +* **Cilium → v1.17.8** ([**@kvaps**](https://github.com/kvaps) in #1473). +* **Flux Operator → v0.29.0** (Kingdon Barrett in #1466). + +--- + +## Refactors & chores + +* Remove legacy `versions_map`; unify packaging targets; tighten HelmRelease defaults; replace many chart versions with build-time placeholders ([**@kvaps**](https://github.com/kvaps) in #1453). +* Pin CoreDNS image and refresh numerous images ([**@kvaps**](https://github.com/kvaps) in #1469; related image refreshes across #1448 work). + +--- + +## Documentation & governance + +* **Contributor Ladder** created and later updated (Timur Tukaev in #1224; Andrei Kvapil & Timur Tukaev in #1492). +* **Code of Conduct** updated with a Vendor Neutrality Manifesto (Timur Tukaev in #1493). +* **Adopters**: add Hidora (Matthieu Robin in #1429). +* **MAINTAINERS**: add/remove entries (Nikita Bykov in #1487; Timur Tukaev in #1491). +* **Issue templates**: new bug-report template and tweaks (Moriarti). +* **README**: updated dark-theme screenshot ([**@kvaps**](https://github.com/kvaps) in #1459). + +--- + +## Breaking changes & upgrade notes + + +--- + +## Security & stability + From c3f70abc9922e2eb211e2cd521252b6c1e8127c4 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 13 Oct 2025 17:33:00 +0200 Subject: [PATCH 61/80] Update Kube-OVN v1.14.11 Signed-off-by: Andrei Kvapil --- .../system/kubeovn/charts/kube-ovn/Chart.yaml | 4 +-- .../kube-ovn/templates/kube-ovn-crd.yaml | 32 ++++++++++++------- .../charts/kube-ovn/templates/ovncni-ds.yaml | 2 +- .../kubeovn/charts/kube-ovn/values.yaml | 3 +- .../system/kubeovn/images/kubeovn/Dockerfile | 6 ++-- 5 files changed, 28 insertions(+), 19 deletions(-) diff --git a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml index 44744459..f7be2d3b 100644 --- a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v1.14.5 +version: v1.14.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.14.5" +appVersion: "1.14.11" kubeVersion: ">= 1.29.0-0" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml index 1f45c50c..3bddfbe1 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml @@ -257,8 +257,9 @@ spec: type: array type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - preference - weight @@ -349,8 +350,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -437,8 +439,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -593,8 +596,9 @@ spec: type: array type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - preference - weight @@ -685,8 +689,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -773,8 +778,9 @@ spec: - topologyKey type: object weight: - format: int32 type: integer + minimum: 1 + maximum: 100 required: - podAffinityTerm - weight @@ -891,7 +897,8 @@ spec: properties: replicas: type: integer - format: int32 + minimum: 0 + maximum: 10 labelSelector: type: string conditions: @@ -907,7 +914,6 @@ spec: maxLength: 32768 type: string observedGeneration: - format: int64 minimum: 0 type: integer reason: @@ -988,7 +994,6 @@ spec: properties: replicas: type: integer - format: int32 default: 1 minimum: 0 maximum: 10 @@ -1036,16 +1041,19 @@ spec: default: false minRX: type: integer - format: int32 default: 1000 + minimum: 1 + maximum: 3600000 minTX: type: integer - format: int32 default: 1000 + minimum: 1 + maximum: 3600000 multiplier: type: integer - format: int32 default: 3 + minimum: 1 + maximum: 3600000 selectors: type: array items: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index 3a749f84..947ec454 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -272,5 +272,5 @@ spec: {{- if .Values.func.ENABLE_OVN_IPSEC }} - name: ovs-ipsec-keys hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} + path: {{ .Values.OVN_IPSEC_KEY_DIR }} {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index 74a69133..3652386d 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -9,7 +9,7 @@ global: kubeovn: repository: kube-ovn vpcRepository: vpc-nat-gateway - tag: v1.14.5 + tag: v1.14.11 support_arm: true thirdparty: true @@ -123,6 +123,7 @@ log_conf: LOG_DIR: "/var/log" OPENVSWITCH_DIR: "/etc/origin/openvswitch" +OVN_IPSEC_KEY_DIR: "/etc/origin/ovs_ipsec_keys" OVN_DIR: "/etc/origin/ovn" DISABLE_MODULES_MANAGEMENT: false diff --git a/packages/system/kubeovn/images/kubeovn/Dockerfile b/packages/system/kubeovn/images/kubeovn/Dockerfile index f4d1267c..5ea19c93 100644 --- a/packages/system/kubeovn/images/kubeovn/Dockerfile +++ b/packages/system/kubeovn/images/kubeovn/Dockerfile @@ -1,10 +1,10 @@ # syntax = docker/dockerfile:experimental -ARG VERSION=v1.14.5 +ARG VERSION=v1.14.11 ARG BASE_TAG=$VERSION -FROM golang:1.24-bookworm as builder +FROM golang:1.25-bookworm as builder -ARG TAG=v1.14.5 +ARG TAG=v1.14.11 RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source WORKDIR /source From bf1ece5f7c4b8259d8be664607e64a52b07a501d Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Wed, 15 Oct 2025 11:37:24 +0300 Subject: [PATCH 62/80] [platform] Better migration for 0.36.2->0.37.2+ For users upgrading from 0.36.2 directly to 0.37.2+, where the lineage-controller-webhook is broken out of the Cozystack controller into a separate daemonset, the existing migration script of 0.36->0.37.0 is insufficient. This patch ensures the presence of the new version of the lineage webhook and fixes a bug in the migration script where the readiness of the webhook was not appropriately verified. ```release-note [platform] Improved migration script when skipping versions 0.37.0 and 0.37.1 during upgrades. ``` Signed-off-by: Timofei Larkin --- scripts/migrations/20 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/migrations/20 b/scripts/migrations/20 index 7e306126..1a262ea7 100755 --- a/scripts/migrations/20 +++ b/scripts/migrations/20 @@ -26,9 +26,16 @@ cozypkg -n cozy-system -C packages/system/cozystack-resource-definition-crd appl cozypkg -n cozy-system -C packages/system/cozystack-resource-definitions apply cozystack-resource-definitions --plain cozypkg -n cozy-system -C packages/system/cozystack-api apply cozystack-api --plain helm upgrade --install -n cozy-system cozystack-controller ./packages/system/cozystack-controller/ --take-ownership +helm upgrade --install -n cozy-system lineage-controller-webhook ./packages/system/lineage-controller-webhook/ --take-ownership sleep 5 -timeout 60 sh -c 'until kubectl create service clusterip lineage-webhook-test --clusterip="None" --dry-run=server; do sleep 1; done' +kubectl delete ns cozy-lineage-webhook-test --ignore-not-found && kubectl create ns cozy-lineage-webhook-test +cleanup_test_ns() { + kubectl delete ns cozy-lineage-webhook-test --ignore-not-found +} +trap cleanup_test_ns ERR +timeout 60 sh -c 'until kubectl -n cozy-lineage-webhook-test create service clusterip lineage-webhook-test --clusterip="None" --dry-run=server; do sleep 1; done' +cleanup_test_ns kubectl wait deployment/cozystack-api -n cozy-system --timeout=4m --for=condition=available || exit 1 kubectl wait deployment/cozystack-controller -n cozy-system --timeout=4m --for=condition=available || exit 1 From b1d5de1006f51afa8909e6fc3d064db4ca09de32 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Wed, 15 Oct 2025 18:16:15 +0200 Subject: [PATCH 63/80] Update Talos Linux v1.11.3 Signed-off-by: Andrei Kvapil --- .../images/talos/profiles/initramfs.yaml | 24 +++++++++---------- .../images/talos/profiles/installer.yaml | 24 +++++++++---------- .../installer/images/talos/profiles/iso.yaml | 24 +++++++++---------- .../images/talos/profiles/kernel.yaml | 24 +++++++++---------- .../images/talos/profiles/metal.yaml | 24 +++++++++---------- .../images/talos/profiles/nocloud.yaml | 24 +++++++++---------- 6 files changed, 72 insertions(+), 72 deletions(-) diff --git a/packages/core/installer/images/talos/profiles/initramfs.yaml b/packages/core/installer/images/talos/profiles/initramfs.yaml index 7e2bdf1d..8bd0bf39 100644 --- a/packages/core/installer/images/talos/profiles/initramfs.yaml +++ b/packages/core/installer/images/talos/profiles/initramfs.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: initramfs imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/installer.yaml b/packages/core/installer/images/talos/profiles/installer.yaml index 7ad604a2..554423ee 100644 --- a/packages/core/installer/images/talos/profiles/installer.yaml +++ b/packages/core/installer/images/talos/profiles/installer.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: installer imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/iso.yaml b/packages/core/installer/images/talos/profiles/iso.yaml index 326917e4..9f148153 100644 --- a/packages/core/installer/images/talos/profiles/iso.yaml +++ b/packages/core/installer/images/talos/profiles/iso.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: iso imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/kernel.yaml b/packages/core/installer/images/talos/profiles/kernel.yaml index 89cf5371..b4dfe053 100644 --- a/packages/core/installer/images/talos/profiles/kernel.yaml +++ b/packages/core/installer/images/talos/profiles/kernel.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: kernel imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/metal.yaml b/packages/core/installer/images/talos/profiles/metal.yaml index 8e1f1ebb..3b200e76 100644 --- a/packages/core/installer/images/talos/profiles/metal.yaml +++ b/packages/core/installer/images/talos/profiles/metal.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: metal secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: image imageOptions: { diskSize: 1306525696, diskFormat: raw } diff --git a/packages/core/installer/images/talos/profiles/nocloud.yaml b/packages/core/installer/images/talos/profiles/nocloud.yaml index c9604759..f3f3f31a 100644 --- a/packages/core/installer/images/talos/profiles/nocloud.yaml +++ b/packages/core/installer/images/talos/profiles/nocloud.yaml @@ -3,25 +3,25 @@ arch: amd64 platform: nocloud secureboot: false -version: v1.10.6 +version: v1.11.3 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: "ghcr.io/siderolabs/installer:v1.10.6" + imageRef: "ghcr.io/siderolabs/installer:v1.11.3" systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250708@sha256:83fdaaf4a44e8574f792f2fb9d0dc5f1ff4817179cbba9ebcb4bc3249b732556 - - imageRef: ghcr.io/siderolabs/amdgpu:20250708-v1.10.6@sha256:5e67db022f62ae9157d19cbcbcf8c96f19a040e26cfe7e0d5709a15b90413c43 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250708@sha256:f0fc731f3ff1bf417e9bd4dd3f7281e25a6f4e849358a1b46eb41a15066c4bd3 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250708@sha256:9f4c41baa3795fd1457bbb0826a3618e7425f465e99c4647a459217c8b723e6d - - imageRef: ghcr.io/siderolabs/i915:20250708-v1.10.6@sha256:c7d17f6e4e87c8d344f54a02af20631b6cea0f3053d182649b9977857100ce79 - - imageRef: ghcr.io/siderolabs/intel-ucode:20250512@sha256:67a0e0de018229a0d44d950fb730f62311cf7fbf4e267978ebbbc42b5e6a32ae - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250708@sha256:97124ee3594ab1529c8153b633f85f2d2de1252ee8222a77f81904dcabd76815 - - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.10.6@sha256:ca7fba878c5acb8fdfe130a39472a6c0a5c9dd74d65ba7507c09780a873b29c7 - - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.10.6@sha256:4952ef7306cf014823b6a66cf6d29840f4c6b7b362e36f9d6e853846c7dd0025 - - imageRef: ghcr.io/siderolabs/lldpd:1.0.19@sha256:73caa3c3a6c325970d0f527963f982698154d5f39c8c045b0fc2eb51d7da7b85 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250917@sha256:ff11ee9f1565d9f9b095a3dc41fb7962b211169b2ef05d658a488398cb98e2d2 + - imageRef: ghcr.io/siderolabs/amdgpu:20250917-v1.11.3@sha256:527b694ddbc4b40e9529d736bfe9874cc786773aa5a1070bbefe77feb9a8a304 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250917@sha256:ac6aaaa0d3312e72279a5cde7de0d71fb61774aa2f97a4e56dd914a9f1dde4d1 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250917@sha256:c25225c371e81485c64f339864ede410b560f07eb0fc2702a73315e977a6323d + - imageRef: ghcr.io/siderolabs/i915:20250917-v1.11.3@sha256:e8db985ff2ef702d5f3989b0138e1b9dd5ac5e885a3adefa5b42ee6fa32b7027 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250812@sha256:31142ac037235e6779eea9f638e6399080a1f09e7c323ffa30b37488004057a5 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250917@sha256:7094e5db6931a1b68240416b65ddc0f3b546bd9b8520e3cfb1ddebcbfc83e890 + - imageRef: ghcr.io/siderolabs/drbd:9.2.14-v1.11.3@sha256:4393756875751e2664a04e96c1ccff84c99958ca819dd93b46b82ad8f3b4be67 + - imageRef: ghcr.io/siderolabs/zfs:2.3.3-v1.11.3@sha256:3c0b34a760914980ac234e66f130d829e428018e46420b7bca33219b1cc2dd87 + - imageRef: ghcr.io/siderolabs/lldpd:1.0.20@sha256:4c6370518f5b2e1f03214a6ed54778eaea663fda8850e3f4da174ed69b636172 output: kind: image imageOptions: { diskSize: 1306525696, diskFormat: raw } From 85c9da58deedcff1bb0a412c68d335312f3e7dbb Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 16 Oct 2025 14:43:52 +0300 Subject: [PATCH 64/80] [dashboard] Show service LB IP Fix an incorrect JSON path that prevented Service LoadBalancer IPs from rendering in the table view. Signed-off-by: Timofei Larkin --- internal/controller/dashboard/static_refactored.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/controller/dashboard/static_refactored.go b/internal/controller/dashboard/static_refactored.go index 24a602d3..3caf8edb 100644 --- a/internal/controller/dashboard/static_refactored.go +++ b/internal/controller/dashboard/static_refactored.go @@ -142,7 +142,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid createCustomColumnsOverride("stock-namespace-/v1/services", []any{ createCustomColumnWithJsonPath("Name", ".metadata.name", "S", "service", getColorForType("service"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.metadata.name']['-']}"), createStringColumn("ClusterIP", ".spec.clusterIP"), - createStringColumn("LoadbalancerIP", ".spec.loadBalancerIP"), + createStringColumn("LoadbalancerIP", ".status.loadBalancer.ingress[0].ip"), createTimestampColumn("Created", ".metadata.creationTimestamp"), }), From a9c2bfb33b27530cb4248fac82d19149c069d3fe Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 16 Oct 2025 12:49:27 +0300 Subject: [PATCH 65/80] [apps] Make VM service user facing Signed-off-by: Timofei Larkin --- .../cozyrds/virtual-machine.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml b/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml index f786678e..7a2a054a 100644 --- a/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/virtual-machine.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - virtual-machine-{{ .name }} From 354507a4ea753878a6ebaff89cf4bee261117106 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 16 Oct 2025 15:52:08 +0300 Subject: [PATCH 66/80] [lineage] Check for nil chart in HelmRelease Some HelmReleases use `chartRef` instead of `chart`. If the lineage webhook finds such a HelmRelease, a nil pointer dereference happens. This patch adds a nil check to guard against this. ```release-note [lineage] Add a nil check to guard against HelmReleases with a nil .spec.chart field when traversing the ownership tree. ``` Signed-off-by: Timofei Larkin --- internal/lineagecontrollerwebhook/config.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/lineagecontrollerwebhook/config.go b/internal/lineagecontrollerwebhook/config.go index c10c5a77..4ca45c13 100644 --- a/internal/lineagecontrollerwebhook/config.go +++ b/internal/lineagecontrollerwebhook/config.go @@ -38,6 +38,9 @@ func (l *LineageControllerWebhook) Map(hr *helmv2.HelmRelease) (string, string, if !ok { return "", "", "", fmt.Errorf("failed to load chart-app mapping from config") } + if hr.Spec.Chart == nil { + return "", "", "", fmt.Errorf("cannot map helm release %s/%s to dynamic app", hr.Namespace, hr.Name) + } s := hr.Spec.Chart.Spec val, ok := cfg.chartAppMap[chartRef{s.SourceRef.Name, s.Chart}] if !ok { From 1a977bd4b43ca0e59ba30284bbcd5bc5e222dbaf Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Thu, 16 Oct 2025 20:16:48 +0200 Subject: [PATCH 67/80] [ci] Fix build from external forks Signed-off-by: Andrei Kvapil --- .github/workflows/pull-requests.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml index 42ac1949..a4dc1a4b 100644 --- a/.github/workflows/pull-requests.yaml +++ b/.github/workflows/pull-requests.yaml @@ -1,7 +1,8 @@ name: Pull Request env: - REGISTRY: ${{ vars.OCIR_REPO }} + # TODO: unhardcode this + REGISTRY: iad.ocir.io/idyksih5sir9/cozystack on: pull_request: types: [opened, synchronize, reopened] From 2791e3e96a0be0a09a35c62ad266e94c5e26eaa6 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Fri, 17 Oct 2025 09:13:27 +0300 Subject: [PATCH 68/80] add ferretdb tests Signed-off-by: IvanHunters --- hack/e2e-apps/ferretdb.bats | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 hack/e2e-apps/ferretdb.bats diff --git a/hack/e2e-apps/ferretdb.bats b/hack/e2e-apps/ferretdb.bats new file mode 100644 index 00000000..eaadf045 --- /dev/null +++ b/hack/e2e-apps/ferretdb.bats @@ -0,0 +1,46 @@ +#!/usr/bin/env bats + +@test "Create DB FerretDB" { + name='test' + kubectl apply -f - <" + s3SecretKey: "" + schedule: "0 2 * * * *" + bootstrap: + enabled: false + external: false + quorum: + maxSyncReplicas: 0 + minSyncReplicas: 0 + replicas: 2 + resources: {} + resourcesPreset: "micro" + size: "10Gi" + users: + testuser: + password: xai7Wepo +EOF + sleep 5 + kubectl -n tenant-test wait hr ferretdb-$name --timeout=100s --for=condition=ready + kubectl -n tenant-test wait job.batch postgres-$name-init-job --timeout=50s --for=condition=Complete + timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-r -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" + timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-ro -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" + timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-rw -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" + timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-r -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" + # for some reason it takes longer for the read-only endpoint to be ready + #timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-ro -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" + timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-rw -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" + kubectl -n tenant-test delete ferretdb.apps.cozystack.io $name + kubectl -n tenant-test delete job.batch/postgres-$name-init-job +} From b858745cdd94733accdfed69d60df24ff80be80e Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Fri, 17 Oct 2025 14:10:58 +0300 Subject: [PATCH 69/80] [kamaji] Respect 3rd party labels The Kamaji controller overwrites labels on many of the resources it owns (clastix/kamaji#991). This change applies PR clastix/kamaji#992 to Cozystack's build of Kamaji, so the lineage webhook doesn't fight the Kamaji controller, causing a non-stop reconciliation loop. ```release-note [kamaji] Do not clobber third party labels on resources controlled by Kamaji. ``` Signed-off-by: Timofei Larkin --- .../kamaji/images/kamaji/patches/992.diff | 156 ++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 packages/system/kamaji/images/kamaji/patches/992.diff diff --git a/packages/system/kamaji/images/kamaji/patches/992.diff b/packages/system/kamaji/images/kamaji/patches/992.diff new file mode 100644 index 00000000..cd9c2ad3 --- /dev/null +++ b/packages/system/kamaji/images/kamaji/patches/992.diff @@ -0,0 +1,156 @@ +diff --git a/internal/resources/api_server_certificate.go b/internal/resources/api_server_certificate.go +index 436cdf9..4702b6c 100644 +--- a/internal/resources/api_server_certificate.go ++++ b/internal/resources/api_server_certificate.go +@@ -108,6 +108,7 @@ func (r *APIServerCertificate) mutate(ctx context.Context, tenantControlPlane *k + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/api_server_kubelet_client_certificate.go b/internal/resources/api_server_kubelet_client_certificate.go +index 85b4d42..da18db4 100644 +--- a/internal/resources/api_server_kubelet_client_certificate.go ++++ b/internal/resources/api_server_kubelet_client_certificate.go +@@ -95,6 +95,7 @@ func (r *APIServerKubeletClientCertificate) mutate(ctx context.Context, tenantCo + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/ca_certificate.go b/internal/resources/ca_certificate.go +index 5425b0b..625273f 100644 +--- a/internal/resources/ca_certificate.go ++++ b/internal/resources/ca_certificate.go +@@ -137,7 +137,7 @@ func (r *CACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 + corev1.TLSPrivateKeyKey: ca.PrivateKey, + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + +diff --git a/internal/resources/datastore/datastore_certificate.go b/internal/resources/datastore/datastore_certificate.go +index dea45ae..8492a5e 100644 +--- a/internal/resources/datastore/datastore_certificate.go ++++ b/internal/resources/datastore/datastore_certificate.go +@@ -94,6 +94,7 @@ func (r *Certificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1al + r.resource.Data["ca.crt"] = ca + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/datastore/datastore_storage_config.go b/internal/resources/datastore/datastore_storage_config.go +index 7d03420..4ea9e64 100644 +--- a/internal/resources/datastore/datastore_storage_config.go ++++ b/internal/resources/datastore/datastore_storage_config.go +@@ -181,7 +181,7 @@ func (r *Config) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1. + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + return ctrl.SetControllerReference(tenantControlPlane, r.resource, r.Client.Scheme()) + } +diff --git a/internal/resources/front-proxy-client-certificate.go b/internal/resources/front-proxy-client-certificate.go +index f5ed67c..2dd4eda 100644 +--- a/internal/resources/front-proxy-client-certificate.go ++++ b/internal/resources/front-proxy-client-certificate.go +@@ -95,6 +95,7 @@ func (r *FrontProxyClientCertificate) mutate(ctx context.Context, tenantControlP + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "x509", +diff --git a/internal/resources/front_proxy_ca_certificate.go b/internal/resources/front_proxy_ca_certificate.go +index d410720..ccadc70 100644 +--- a/internal/resources/front_proxy_ca_certificate.go ++++ b/internal/resources/front_proxy_ca_certificate.go +@@ -114,7 +114,7 @@ func (r *FrontProxyCACertificate) mutate(ctx context.Context, tenantControlPlane + kubeadmconstants.FrontProxyCAKeyName: ca.PrivateKey, + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + +diff --git a/internal/resources/k8s_ingress_resource.go b/internal/resources/k8s_ingress_resource.go +index f2e014f..e1aef59 100644 +--- a/internal/resources/k8s_ingress_resource.go ++++ b/internal/resources/k8s_ingress_resource.go +@@ -147,7 +147,7 @@ func (r *KubernetesIngressResource) Define(_ context.Context, tenantControlPlane + + func (r *KubernetesIngressResource) mutate(tenantControlPlane *kamajiv1alpha1.TenantControlPlane) controllerutil.MutateFn { + return func() error { +- labels := utilities.MergeMaps(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), tenantControlPlane.Spec.ControlPlane.Ingress.AdditionalMetadata.Labels) ++ labels := utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), tenantControlPlane.Spec.ControlPlane.Ingress.AdditionalMetadata.Labels) + r.resource.SetLabels(labels) + + annotations := utilities.MergeMaps(r.resource.GetAnnotations(), tenantControlPlane.Spec.ControlPlane.Ingress.AdditionalMetadata.Annotations) +diff --git a/internal/resources/k8s_service_resource.go b/internal/resources/k8s_service_resource.go +index 7e7f11f..9c30145 100644 +--- a/internal/resources/k8s_service_resource.go ++++ b/internal/resources/k8s_service_resource.go +@@ -76,7 +76,12 @@ func (r *KubernetesServiceResource) mutate(ctx context.Context, tenantControlPla + address, _ := tenantControlPlane.DeclaredControlPlaneAddress(ctx, r.Client) + + return func() error { +- labels := utilities.MergeMaps(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), tenantControlPlane.Spec.ControlPlane.Service.AdditionalMetadata.Labels) ++ labels := utilities.MergeMaps( ++ r.resource.GetLabels(), ++ utilities.KamajiLabels( ++ tenantControlPlane.GetName(), r.GetName()), ++ tenantControlPlane.Spec.ControlPlane.Service.AdditionalMetadata.Labels, ++ ) + r.resource.SetLabels(labels) + + annotations := utilities.MergeMaps(r.resource.GetAnnotations(), tenantControlPlane.Spec.ControlPlane.Service.AdditionalMetadata.Annotations) +diff --git a/internal/resources/kubeadm_config.go b/internal/resources/kubeadm_config.go +index ae4cfc0..98dc36d 100644 +--- a/internal/resources/kubeadm_config.go ++++ b/internal/resources/kubeadm_config.go +@@ -89,7 +89,7 @@ func (r *KubeadmConfigResource) mutate(ctx context.Context, tenantControlPlane * + return err + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + params := kubeadm.Parameters{ + TenantControlPlaneAddress: address, +diff --git a/internal/resources/kubeconfig.go b/internal/resources/kubeconfig.go +index a87da7f..bd77676 100644 +--- a/internal/resources/kubeconfig.go ++++ b/internal/resources/kubeconfig.go +@@ -163,6 +163,7 @@ func (r *KubeconfigResource) mutate(ctx context.Context, tenantControlPlane *kam + } + + r.resource.SetLabels(utilities.MergeMaps( ++ r.resource.GetLabels(), + utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()), + map[string]string{ + constants.ControllerLabelResource: "kubeconfig", +diff --git a/internal/resources/sa_certificate.go b/internal/resources/sa_certificate.go +index b53c7b0..4001eca 100644 +--- a/internal/resources/sa_certificate.go ++++ b/internal/resources/sa_certificate.go +@@ -113,7 +113,7 @@ func (r *SACertificate) mutate(ctx context.Context, tenantControlPlane *kamajiv1 + kubeadmconstants.ServiceAccountPrivateKeyName: sa.PrivateKey, + } + +- r.resource.SetLabels(utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName())) ++ r.resource.SetLabels(utilities.MergeMaps(r.resource.GetLabels(), utilities.KamajiLabels(tenantControlPlane.GetName(), r.GetName()))) + + utilities.SetObjectChecksum(r.resource, r.resource.Data) + From b163a5913f7568dfd77fbc52a10953519e31d3d4 Mon Sep 17 00:00:00 2001 From: nbykov0 <166552198+nbykov0@users.noreply.github.com> Date: Thu, 16 Oct 2025 17:39:00 +0300 Subject: [PATCH 70/80] packages/system: add multus Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com> --- packages/system/multus/Chart.yaml | 3 + packages/system/multus/Makefile | 14 + .../templates/multus-daemonset-thick.yml | 254 ++++++++++++++++++ packages/system/multus/values.yaml | 0 4 files changed, 271 insertions(+) create mode 100644 packages/system/multus/Chart.yaml create mode 100644 packages/system/multus/Makefile create mode 100644 packages/system/multus/templates/multus-daemonset-thick.yml create mode 100644 packages/system/multus/values.yaml diff --git a/packages/system/multus/Chart.yaml b/packages/system/multus/Chart.yaml new file mode 100644 index 00000000..a019fc25 --- /dev/null +++ b/packages/system/multus/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-multus +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/multus/Makefile b/packages/system/multus/Makefile new file mode 100644 index 00000000..7825bd5e --- /dev/null +++ b/packages/system/multus/Makefile @@ -0,0 +1,14 @@ +export NAME=multus +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk + +update: + rm -rf templates + mkdir templates + $(eval RELEASE := $(shell curl -s https://api.github.com/repos/k8snetworkplumbingwg/multus-cni/releases/latest?per_page=1 | jq -r '.name')) + wget -q https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/refs/tags/$(RELEASE)/deployments/multus-daemonset-thick.yml -O templates/multus-daemonset-thick.yml + sed -i 's/namespace: kube-system/namespace: $(NAMESPACE)/;/multus-cni/s/snapshot-thick/$(RELEASE)-thick/' templates/multus-daemonset-thick.yml && \ + sed -i '/name:/s/kube-multus-ds/cozy-multus/;/memory:/s/"50Mi"/"100Mi"/' templates/multus-daemonset-thick.yml + diff --git a/packages/system/multus/templates/multus-daemonset-thick.yml b/packages/system/multus/templates/multus-daemonset-thick.yml new file mode 100644 index 00000000..099b5ef3 --- /dev/null +++ b/packages/system/multus/templates/multus-daemonset-thick.yml @@ -0,0 +1,254 @@ +# Note: +# This deployment file is designed for 'quickstart' of multus, easy installation to test it, +# hence this deployment yaml does not care about following things intentionally. +# - various configuration options +# - minor deployment scenario +# - upgrade/update/uninstall scenario +# Multus team understand users deployment scenarios are diverse, hence we do not cover +# comprehensive deployment scenario. We expect that it is covered by each platform deployment. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: + - kind: ServiceAccount + name: multus + namespace: cozy-multus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: cozy-multus +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-daemon-config + namespace: cozy-multus + labels: + tier: node + app: multus +data: + daemon-config.json: | + { + "chrootDir": "/hostroot", + "cniVersion": "0.3.1", + "logLevel": "verbose", + "logToStderr": true, + "cniConfigDir": "/host/etc/cni/net.d", + "multusAutoconfigDir": "/host/etc/cni/net.d", + "multusConfigFile": "auto", + "socketDir": "/host/run/multus/" + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: cozy-multus + namespace: cozy-multus + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + hostPID: true + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: multus + containers: + - name: kube-multus + image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.2.2-thick + command: [ "/usr/src/multus-cni/bin/multus-daemon" ] + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "100m" + memory: "100Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + # multus-daemon expects that cnibin path must be identical between pod and container host. + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + # not to any other directory, like '/opt/bin' or '/usr/bin'. + - name: cnibin + mountPath: /opt/cni/bin + - name: host-run + mountPath: /host/run + - name: host-var-lib-cni-multus + mountPath: /var/lib/cni/multus + - name: host-var-lib-kubelet + mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + - name: host-run-k8s-cni-cncf-io + mountPath: /run/k8s.cni.cncf.io + - name: host-run-netns + mountPath: /run/netns + mountPropagation: HostToContainer + - name: multus-daemon-config + mountPath: /etc/cni/net.d/multus.d + readOnly: true + - name: hostroot + mountPath: /hostroot + mountPropagation: HostToContainer + - mountPath: /etc/cni/multus/net.d + name: multus-conf-dir + env: + - name: MULTUS_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + initContainers: + - name: install-multus-binary + image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.2.2-thick + command: + - "sh" + - "-c" + - "cp /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim && cp /usr/src/multus-cni/bin/passthru /host/opt/cni/bin/passthru" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: hostroot + hostPath: + path: / + - name: multus-daemon-config + configMap: + name: multus-daemon-config + items: + - key: daemon-config.json + path: daemon-config.json + - name: host-run + hostPath: + path: /run + - name: host-var-lib-cni-multus + hostPath: + path: /var/lib/cni/multus + - name: host-var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: host-run-k8s-cni-cncf-io + hostPath: + path: /run/k8s.cni.cncf.io + - name: host-run-netns + hostPath: + path: /run/netns/ + - name: multus-conf-dir + hostPath: + path: /etc/cni/multus/net.d diff --git a/packages/system/multus/values.yaml b/packages/system/multus/values.yaml new file mode 100644 index 00000000..e69de29b From 840c264e86cef128e7f3b1469c93bd812fa3e387 Mon Sep 17 00:00:00 2001 From: Nikita <166552198+nbykov0@users.noreply.github.com> Date: Mon, 20 Oct 2025 14:46:10 +0300 Subject: [PATCH 71/80] Update CODEOWNERS - klinch0 + nbykov0 Signed-off-by: Nikita <166552198+nbykov0@users.noreply.github.com> --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 83e427c1..1530cb1c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @kvaps @lllamnyp @klinch0 +* @kvaps @lllamnyp @nbykov0 From 06f68d28d99edfaf6c40b63c89f8af13e4644d39 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Tue, 21 Oct 2025 11:48:09 +0200 Subject: [PATCH 72/80] [velero] Set defaultItemOperationTimeout=24h Signed-off-by: Andrei Kvapil --- packages/system/velero/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/system/velero/values.yaml b/packages/system/velero/values.yaml index d78a69c5..62f13c1f 100644 --- a/packages/system/velero/values.yaml +++ b/packages/system/velero/values.yaml @@ -13,3 +13,6 @@ velero: volumeSnapshotLocation: null namespace: cozy-velero features: EnableCSI + # Increase timeout for item operations to 24 hours to prevent timeouts + # during backups of very large volumes. The Velero default is 4 hours. + defaultItemOperationTimeout: 24h From 766f6e9a9e4d39684bfe7e3d30bbd694f3b1a6f3 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Tue, 21 Oct 2025 09:42:07 +0300 Subject: [PATCH 73/80] fix tests Signed-off-by: IvanHunters --- hack/e2e-apps/ferretdb.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/e2e-apps/ferretdb.bats b/hack/e2e-apps/ferretdb.bats index eaadf045..550067f8 100644 --- a/hack/e2e-apps/ferretdb.bats +++ b/hack/e2e-apps/ferretdb.bats @@ -33,7 +33,7 @@ spec: EOF sleep 5 kubectl -n tenant-test wait hr ferretdb-$name --timeout=100s --for=condition=ready - kubectl -n tenant-test wait job.batch postgres-$name-init-job --timeout=50s --for=condition=Complete + kubectl -n tenant-test wait job.batch postgres-$name-init-job --timeout=250s --for=condition=Complete timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-r -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-ro -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-rw -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" From 8e57ac487ee2faf9e54cd1f18a58031e654d1f70 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Tue, 21 Oct 2025 23:57:02 +0300 Subject: [PATCH 74/80] fix tests Signed-off-by: IvanHunters --- hack/e2e-apps/ferretdb.bats | 1 - 1 file changed, 1 deletion(-) diff --git a/hack/e2e-apps/ferretdb.bats b/hack/e2e-apps/ferretdb.bats index 550067f8..54d67829 100644 --- a/hack/e2e-apps/ferretdb.bats +++ b/hack/e2e-apps/ferretdb.bats @@ -42,5 +42,4 @@ EOF #timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-ro -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" timeout 120 sh -ec "until kubectl -n tenant-test get endpoints ferretdb-$name-postgres-rw -o jsonpath='{.subsets[*].addresses[*].ip}' | grep -q '[0-9]'; do sleep 10; done" kubectl -n tenant-test delete ferretdb.apps.cozystack.io $name - kubectl -n tenant-test delete job.batch/postgres-$name-init-job } From ebbc76582ce37d3719c988dc50692faa4b1db182 Mon Sep 17 00:00:00 2001 From: IvanHunters Date: Wed, 22 Oct 2025 02:03:33 +0300 Subject: [PATCH 75/80] fix tests Signed-off-by: IvanHunters --- hack/e2e-apps/ferretdb.bats | 1 - 1 file changed, 1 deletion(-) diff --git a/hack/e2e-apps/ferretdb.bats b/hack/e2e-apps/ferretdb.bats index 54d67829..a8eb7cf1 100644 --- a/hack/e2e-apps/ferretdb.bats +++ b/hack/e2e-apps/ferretdb.bats @@ -33,7 +33,6 @@ spec: EOF sleep 5 kubectl -n tenant-test wait hr ferretdb-$name --timeout=100s --for=condition=ready - kubectl -n tenant-test wait job.batch postgres-$name-init-job --timeout=250s --for=condition=Complete timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-r -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-ro -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" timeout 40 sh -ec "until kubectl -n tenant-test get svc ferretdb-$name-postgres-rw -o jsonpath='{.spec.ports[0].port}' | grep -q '5432'; do sleep 10; done" From 82cebe3ad7e0cb7370d9ed434fafa678b669890c Mon Sep 17 00:00:00 2001 From: Alexey Artamonov Date: Tue, 21 Oct 2025 20:50:58 +0300 Subject: [PATCH 76/80] add settings alert for slack Signed-off-by: Alexey Artamonov --- packages/extra/monitoring/README.md | 2 ++ .../monitoring/templates/alerta/alerta.yaml | 18 +++++++++++++++++- packages/extra/monitoring/values.schema.json | 11 +++++++++++ packages/extra/monitoring/values.yaml | 5 +++++ .../cozyrds/monitoring.yaml | 4 ++-- 5 files changed, 37 insertions(+), 3 deletions(-) diff --git a/packages/extra/monitoring/README.md b/packages/extra/monitoring/README.md index c97b13de..06dbc97e 100644 --- a/packages/extra/monitoring/README.md +++ b/packages/extra/monitoring/README.md @@ -72,6 +72,8 @@ | `alerta.alerts.telegram.token` | Telegram token for your bot | `string` | `""` | | `alerta.alerts.telegram.chatID` | Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot | `string` | `""` | | `alerta.alerts.telegram.disabledSeverity` | List of severity without alerts, separated by comma like: "informational,warning" | `string` | `""` | +| `alerta.alerts.slack` | Configuration for Slack alerts | `*object` | `null` | +| `alerta.alerts.slack.url` | Configuration uri for Slack alerts | `*string` | `""` | ### Grafana configuration diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index bec7b825..71336286 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -109,9 +109,20 @@ spec: - name: AUTH_REQUIRED value: "True" + {{- $plugins := list }} {{- if and .Values.alerta.alerts.telegram.chatID .Values.alerta.alerts.telegram.token }} + {{- $plugins = append $plugins "telegram" }} + {{- end }} + {{- if .Values.alerta.alerts.slack.url }} + {{- $plugins = append $plugins "slack" }} + {{- end }} + + {{- if gt (len $plugins) 0 }} - name: "PLUGINS" - value: "telegram" + value: "{{ default "" (join "," $plugins) }}" + {{- end }} + + {{- if and .Values.alerta.alerts.telegram.chatID .Values.alerta.alerts.telegram.token }} - name: TELEGRAM_CHAT_ID value: "{{ .Values.alerta.alerts.telegram.chatID }}" - name: TELEGRAM_TOKEN @@ -122,6 +133,11 @@ spec: value: "{{ .Values.alerta.alerts.telegram.disabledSeverity }}" {{- end }} + {{- if .Values.alerta.alerts.slack.url }} + - name: "SLACK_WEBHOOK_URL" + value: "{{ .Values.alerta.alerts.slack.url }}" + {{- end }} + ports: - name: http containerPort: 8080 diff --git a/packages/extra/monitoring/values.schema.json b/packages/extra/monitoring/values.schema.json index 36f1c0c3..505b5bef 100644 --- a/packages/extra/monitoring/values.schema.json +++ b/packages/extra/monitoring/values.schema.json @@ -12,6 +12,17 @@ "type": "object", "default": {}, "properties": { + "slack": { + "description": "Configuration for Slack alerts", + "type": "object", + "default": {}, + "properties": { + "url": { + "description": "Configuration uri for Slack alerts", + "type": "string" + } + } + }, "telegram": { "description": "Configuration for Telegram alerts", "type": "object", diff --git a/packages/extra/monitoring/values.yaml b/packages/extra/monitoring/values.yaml index 02155ce0..72aab9a9 100644 --- a/packages/extra/monitoring/values.yaml +++ b/packages/extra/monitoring/values.yaml @@ -90,6 +90,8 @@ logsStorages: ## @field telegramAlerts.token {string} Telegram token for your bot ## @field telegramAlerts.chatID {string} Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot ## @field telegramAlerts.disabledSeverity {string} List of severity without alerts, separated by comma like: "informational,warning" +## @field alerts.slack {*slackAlerts} Configuration for Slack alerts +## @field slackAlerts.url {*string} Configuration uri for Slack alerts alerta: storage: 10Gi storageClassName: "" @@ -112,6 +114,9 @@ alerta: chatID: "" disabledSeverity: "" + slack: + url: "" + ## @section Grafana configuration ## @param grafana {grafana} Configuration for Grafana diff --git a/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml b/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml index af99f73c..82271a35 100644 --- a/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml +++ b/packages/system/cozystack-resource-definitions/cozyrds/monitoring.yaml @@ -8,7 +8,7 @@ spec: singular: monitoring plural: monitorings openAPISchema: |- - {"title":"Chart Values","type":"object","properties":{"alerta":{"description":"Configuration for Alerta service","type":"object","default":{},"properties":{"alerts":{"description":"Configuration for alerts","type":"object","default":{},"properties":{"telegram":{"description":"Configuration for Telegram alerts","type":"object","default":{},"required":["chatID","disabledSeverity","token"],"properties":{"chatID":{"description":"Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot","type":"string"},"disabledSeverity":{"description":"List of severity without alerts, separated by comma like: \"informational,warning\"","type":"string"},"token":{"description":"Telegram token for your bot","type":"string"}}}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"storage":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"}}},"grafana":{"description":"Configuration for Grafana","type":"object","default":{},"properties":{"db":{"description":"Database configuration","type":"object","default":{},"properties":{"size":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}},"host":{"description":"The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host).","type":"string"},"logsStorages":{"description":"Configuration of logs storage instances","type":"array","default":[{"name":"generic","retentionPeriod":"1","storage":"10Gi","storageClassName":"replicated"}],"items":{"type":"object","required":["name","retentionPeriod","storage"],"properties":{"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the logs in the storage instance","type":"string","default":"1"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}}},"metricsStorages":{"description":"Configuration of metrics storage instances","type":"array","default":[{"deduplicationInterval":"15s","name":"shortterm","retentionPeriod":"3d","storage":"10Gi","storageClassName":""},{"deduplicationInterval":"5m","name":"longterm","retentionPeriod":"14d","storage":"10Gi","storageClassName":""}],"items":{"type":"object","required":["deduplicationInterval","name","retentionPeriod","storage"],"properties":{"deduplicationInterval":{"description":"Deduplication interval for the metrics in the storage instance","type":"string"},"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the metrics in the storage instance","type":"string"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"},"vminsert":{"description":"Configuration for vminsert component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmselect":{"description":"Configuration for vmselect component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmstorage":{"description":"Configuration for vmstorage component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}}}}} + {"title":"Chart Values","type":"object","properties":{"alerta":{"description":"Configuration for Alerta service","type":"object","default":{},"properties":{"alerts":{"description":"Configuration for alerts","type":"object","default":{},"properties":{"slack":{"description":"Configuration for Slack alerts","type":"object","default":{},"properties":{"url":{"description":"Configuration uri for Slack alerts","type":"string"}}},"telegram":{"description":"Configuration for Telegram alerts","type":"object","default":{},"required":["chatID","disabledSeverity","token"],"properties":{"chatID":{"description":"Specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot","type":"string"},"disabledSeverity":{"description":"List of severity without alerts, separated by comma like: \"informational,warning\"","type":"string"},"token":{"description":"Telegram token for your bot","type":"string"}}}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"storage":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"}}},"grafana":{"description":"Configuration for Grafana","type":"object","default":{},"properties":{"db":{"description":"Database configuration","type":"object","default":{},"properties":{"size":{"description":"Persistent Volume size for the database","type":"string","default":"10Gi"}}},"resources":{"description":"Resources configuration","type":"object","default":{},"properties":{"limits":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"requests":{"type":"object","default":{},"properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}},"host":{"description":"The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host).","type":"string"},"logsStorages":{"description":"Configuration of logs storage instances","type":"array","default":[{"name":"generic","retentionPeriod":"1","storage":"10Gi","storageClassName":"replicated"}],"items":{"type":"object","required":["name","retentionPeriod","storage"],"properties":{"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the logs in the storage instance","type":"string","default":"1"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string","default":"replicated"}}}},"metricsStorages":{"description":"Configuration of metrics storage instances","type":"array","default":[{"deduplicationInterval":"15s","name":"shortterm","retentionPeriod":"3d","storage":"10Gi","storageClassName":""},{"deduplicationInterval":"5m","name":"longterm","retentionPeriod":"14d","storage":"10Gi","storageClassName":""}],"items":{"type":"object","required":["deduplicationInterval","name","retentionPeriod","storage"],"properties":{"deduplicationInterval":{"description":"Deduplication interval for the metrics in the storage instance","type":"string"},"name":{"description":"Name of the storage instance","type":"string"},"retentionPeriod":{"description":"Retention period for the metrics in the storage instance","type":"string"},"storage":{"description":"Persistent Volume size for the storage instance","type":"string","default":"10Gi"},"storageClassName":{"description":"StorageClass used to store the data","type":"string"},"vminsert":{"description":"Configuration for vminsert component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmselect":{"description":"Configuration for vmselect component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}},"vmstorage":{"description":"Configuration for vmstorage component of the storage instance","type":"object","properties":{"maxAllowed":{"description":"Limits (maximum allowed/available resources )","type":"object","properties":{"cpu":{"description":"CPU limit (maximum available CPU)","default":1,"pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory limit (maximum available memory)","default":"1Gi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}},"minAllowed":{"description":"Requests (minimum allowed/available resources)","type":"object","properties":{"cpu":{"description":"CPU request (minimum available CPU)","default":"100m","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true},"memory":{"description":"Memory request (minimum available memory)","default":"256Mi","pattern":"^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$","anyOf":[{"type":"integer"},{"type":"string"}],"x-kubernetes-int-or-string":true}}}}}}}}}} release: prefix: "" labels: @@ -28,7 +28,7 @@ spec: description: Monitoring and observability stack module: true icon: PHN2ZyB3aWR0aD0iMTQ0IiBoZWlnaHQ9IjE0NCIgdmlld0JveD0iMCAwIDE0NCAxNDQiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxyZWN0IHdpZHRoPSIxNDQiIGhlaWdodD0iMTQ0IiByeD0iMjQiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl82ODdfMzI2OCkiLz4KPGcgY2xpcC1wYXRoPSJ1cmwoI2NsaXAwXzY4N18zMjY4KSI+CjxwYXRoIGQ9Ik04OS41MDM5IDExMS43MDdINTQuNDk3QzU0LjE3MjcgMTExLjcwNyA1NC4wMTA4IDExMS4yMjEgNTQuMzM0OSAxMTEuMDU5TDU3LjI1MjIgMTA4Ljk1MkM2MC4zMzE0IDEwNi42ODMgNjEuOTUyMiAxMDIuNjMxIDYwLjk3OTcgOTguNzQxMkg4My4wMjFDODIuMDQ4NSAxMDIuNjMxIDgzLjY2OTMgMTA2LjY4MyA4Ni43NDg1IDEwOC45NTJMODkuNjY1OCAxMTEuMDU5Qzg5Ljk5IDExMS4yMjEgODkuODI3OSAxMTEuNzA3IDg5LjUwMzkgMTExLjcwN1oiIGZpbGw9IiNCMEI2QkIiLz4KPHBhdGggZD0iTTExMy4zMjggOTguNzQxSDMwLjY3MjVDMjcuNTkzMSA5OC43NDEgMjUgOTYuMTQ4IDI1IDkzLjA2ODdWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJWOTMuMDY4N0MxMTkgOTYuMTQ4IDExNi40MDcgOTguNzQxIDExMy4zMjggOTguNzQxWiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNMTE5IDg0LjE1NDlIMjVWMzMuMTAzMkMyNSAzMC4wMjM5IDI3LjU5MzEgMjcuNDMwNyAzMC42NzI1IDI3LjQzMDdIMTEzLjMyOEMxMTYuNDA3IDI3LjQzMDcgMTE5IDMwLjAyMzcgMTE5IDMzLjEwMzJMMTE5IDg0LjE1NDlaIiBmaWxsPSIjMzg0NTRGIi8+CjxwYXRoIGQ9Ik05MC42Mzc0IDExNi41NjlINTMuMzYxNkM1Mi4wNjUxIDExNi41NjkgNTAuOTMwNyAxMTUuNDM1IDUwLjkzMDcgMTE0LjEzOEM1MC45MzA3IDExMi44NDEgNTIuMDY1MSAxMTEuNzA3IDUzLjM2MTYgMTExLjcwN0g5MC42Mzc0QzkxLjkzMzkgMTExLjcwNyA5My4wNjg0IDExMi44NDEgOTMuMDY4NCAxMTQuMTM4QzkzLjA2ODQgMTE1LjQzNSA5MS45MzM5IDExNi41NjkgOTAuNjM3NCAxMTYuNTY5WiIgZmlsbD0iI0U4RURFRSIvPgo8cGF0aCBkPSJNNTQuMTcyMiAzOC43NzU3SDMzLjEwMzJDMzIuMTMwNyAzOC43NzU3IDMxLjQ4MjQgMzguMTI3NCAzMS40ODI0IDM3LjE1NDlDMzEuNDgyNCAzNi4xODI0IDMyLjEzMDcgMzUuNTM0MiAzMy4xMDMyIDM1LjUzNDJINTQuMTcyMkM1NS4xNDQ3IDM1LjUzNDIgNTUuNzkzIDM2LjE4MjQgNTUuNzkzIDM3LjE1NDlDNTUuNzkyOCAzOC4xMjc0IDU1LjE0NDUgMzguNzc1NyA1NC4xNzIyIDM4Ljc3NTdaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik02My44OTYzIDQ1LjI1OTFINDEuMjA2N0M0MC4yMzQyIDQ1LjI1OTEgMzkuNTg1OSA0NC42MTA4IDM5LjU4NTkgNDMuNjM4M0MzOS41ODU5IDQyLjY2NTggNDAuMjM0MiA0Mi4wMTc2IDQxLjIwNjcgNDIuMDE3Nkg2My44OTYzQzY0Ljg2ODggNDIuMDE3NiA2NS41MTcxIDQyLjY2NTggNjUuNTE3MSA0My42MzgzQzY1LjUxNzEgNDQuNjEwOCA2NC44Njg4IDQ1LjI1OTEgNjMuODk2MyA0NS4yNTkxWiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMzQuNzI0IDQ1LjI1OTFIMzMuMTAzMkMzMi4xMzA3IDQ1LjI1OTEgMzEuNDgyNCA0NC42MTA4IDMxLjQ4MjQgNDMuNjM4M0MzMS40ODI0IDQyLjY2NTggMzIuMTMwNyA0Mi4wMTc2IDMzLjEwMzIgNDIuMDE3NkgzNC43MjRDMzUuNjk2NCA0Mi4wMTc2IDM2LjM0NDcgNDIuNjY1OCAzNi4zNDQ3IDQzLjYzODNDMzYuMzQ0NyA0NC42MTA4IDM1LjY5NjMgNDUuMjU5MSAzNC43MjQgNDUuMjU5MVoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgMzguNzc1N0g2MC42NTQ5QzU5LjY4MjQgMzguNzc1NyA1OS4wMzQyIDM4LjEyNzQgNTkuMDM0MiAzNy4xNTQ5QzU5LjAzNDIgMzYuMTgyNCA1OS42ODI0IDM1LjUzNDIgNjAuNjU0OSAzNS41MzQySDYzLjg5NjNDNjQuODY4OCAzNS41MzQyIDY1LjUxNzEgMzYuMTgyNCA2NS41MTcxIDM3LjE1NDlDNjUuNTE3MSAzOC4xMjc0IDY0Ljg2ODggMzguNzc1NyA2My44OTYzIDM4Ljc3NTdaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik00Ny42ODkzIDUxLjc0MTNIMzMuMTAzMkMzMi4xMzA3IDUxLjc0MTMgMzEuNDgyNCA1MS4wOTMxIDMxLjQ4MjQgNTAuMTIwNkMzMS40ODI0IDQ5LjE0ODEgMzIuMTMwNyA0OC41IDMzLjEwMzIgNDguNUg0Ny42ODkzQzQ4LjY2MTggNDguNSA0OS4zMTAxIDQ5LjE0ODMgNDkuMzEwMSA1MC4xMjA4QzQ5LjMxMDEgNTEuMDkzMyA0OC42NjE4IDUxLjc0MTMgNDcuNjg5MyA1MS43NDEzWiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNjMuODk2OCA1MS43NDEzSDU0LjE3MjVDNTMuMiA1MS43NDEzIDUyLjU1MTggNTEuMDkzMSA1Mi41NTE4IDUwLjEyMDZDNTIuNTUxOCA0OS4xNDgxIDUzLjIwMDIgNDguNSA1NC4xNzI3IDQ4LjVINjMuODk2OUM2NC44Njk0IDQ4LjUgNjUuNTE3NyA0OS4xNDgzIDY1LjUxNzcgNTAuMTIwOEM2NS41MTc3IDUxLjA5MzMgNjQuODY5MiA1MS43NDEzIDYzLjg5NjggNTEuNzQxM1oiIGZpbGw9IiNFQ0JBMTYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNTguMjI0SDMzLjEwMzJDMzIuMTMwNyA1OC4yMjQgMzEuNDgyNCA1Ny41NzU3IDMxLjQ4MjQgNTYuNjAzMkMzMS40ODI0IDU1LjYzMDcgMzIuMTMwNyA1NC45ODI0IDMzLjEwMzIgNTQuOTgyNEg1NC4xNzIyQzU1LjE0NDcgNTQuOTgyNCA1NS43OTMgNTUuNjMwNyA1NS43OTMgNTYuNjAzMkM1NS43OTMgNTcuNTc1NyA1NS4xNDQ1IDU4LjIyNCA1NC4xNzIyIDU4LjIyNFoiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTYzLjg5NjMgNjQuNzA3NEg0MS4yMDY3QzQwLjIzNDIgNjQuNzA3NCAzOS41ODU5IDY0LjA1OTEgMzkuNTg1OSA2My4wODY2QzM5LjU4NTkgNjIuMTE0MSA0MC4yMzQyIDYxLjQ2NTggNDEuMjA2NyA2MS40NjU4SDYzLjg5NjNDNjQuODY4OCA2MS40NjU4IDY1LjUxNzEgNjIuMTE0MSA2NS41MTcxIDYzLjA4NjZDNjUuNTE3MSA2NC4wNTkxIDY0Ljg2ODggNjQuNzA3NCA2My44OTYzIDY0LjcwNzRaIiBmaWxsPSIjRUNCQTE2Ii8+CjxwYXRoIGQ9Ik0zNC43MjQgNjQuNzA3NEgzMy4xMDMyQzMyLjEzMDcgNjQuNzA3NCAzMS40ODI0IDY0LjA1OTEgMzEuNDgyNCA2My4wODY2QzMxLjQ4MjQgNjIuMTE0MSAzMi4xMzA3IDYxLjQ2NTggMzMuMTAzMiA2MS40NjU4SDM0LjcyNEMzNS42OTY0IDYxLjQ2NTggMzYuMzQ0NyA2Mi4xMTQxIDM2LjM0NDcgNjMuMDg2NkMzNi4zNDQ3IDY0LjA1OTEgMzUuNjk2MyA2NC43MDc0IDM0LjcyNCA2NC43MDc0WiIgZmlsbD0iI0REMzQyRSIvPgo8cGF0aCBkPSJNNDcuNjg5MyA3MS4xODk4SDMzLjEwMzJDMzIuMTMwNyA3MS4xODk4IDMxLjQ4MjQgNzAuNTQxNSAzMS40ODI0IDY5LjU2OUMzMS40ODI0IDY4LjU5NjUgMzIuMTMwNyA2Ny45NDgyIDMzLjEwMzIgNjcuOTQ4Mkg0Ny42ODkzQzQ4LjY2MTggNjcuOTQ4MiA0OS4zMTAxIDY4LjU5NjUgNDkuMzEwMSA2OS41NjlDNDkuMzEwMSA3MC41NDE1IDQ4LjY2MTggNzEuMTg5OCA0Ny42ODkzIDcxLjE4OThaIiBmaWxsPSIjNDJCMDVDIi8+CjxwYXRoIGQ9Ik02My44OTY4IDcxLjE4OThINTQuMTcyNUM1My4yIDcxLjE4OTggNTIuNTUxOCA3MC41NDE1IDUyLjU1MTggNjkuNTY5QzUyLjU1MTggNjguNTk2NSA1My4yIDY3Ljk0ODIgNTQuMTcyNSA2Ny45NDgySDYzLjg5NjhDNjQuODY5MiA2Ny45NDgyIDY1LjUxNzUgNjguNTk2NSA2NS41MTc1IDY5LjU2OUM2NS41MTc1IDcwLjU0MTUgNjQuODY5MiA3MS4xODk4IDYzLjg5NjggNzEuMTg5OFoiIGZpbGw9IiM3MzgzQkYiLz4KPHBhdGggZD0iTTU0LjE3MjIgNzcuNjcyMkgzMy4xMDMyQzMyLjEzMDcgNzcuNjcyMiAzMS40ODI0IDc3LjAyMzkgMzEuNDgyNCA3Ni4wNTE0QzMxLjQ4MjQgNzUuMDc4OSAzMi4xMzA3IDc0LjQzMDcgMzMuMTAzMiA3NC40MzA3SDU0LjE3MjJDNTUuMTQ0NyA3NC40MzA3IDU1Ljc5MyA3NS4wNzg5IDU1Ljc5MyA3Ni4wNTE0QzU1Ljc5MjggNzcuMDIzOSA1NS4xNDQ1IDc3LjY3MjIgNTQuMTcyMiA3Ny42NzIyWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNNjMuODk2MyA3Ny42NzIySDYwLjY1NDlDNTkuNjgyNCA3Ny42NzIyIDU5LjAzNDIgNzcuMDIzOSA1OS4wMzQyIDc2LjA1MTRDNTkuMDM0MiA3NS4wNzg5IDU5LjY4MjQgNzQuNDMwNyA2MC42NTQ5IDc0LjQzMDdINjMuODk2M0M2NC44Njg4IDc0LjQzMDcgNjUuNTE3MSA3NS4wNzg5IDY1LjUxNzEgNzYuMDUxNEM2NS41MTcxIDc3LjAyMzkgNjQuODY4OCA3Ny42NzIyIDYzLjg5NjMgNzcuNjcyMloiIGZpbGw9IiM0MkIwNUMiLz4KPHBhdGggZD0iTTEwMS4xNzIgNzcuNjcyMkg4MC4xMDMyQzc5LjEzMDcgNzcuNjcyMiA3OC40ODI0IDc3LjAyMzkgNzguNDgyNCA3Ni4wNTE0Qzc4LjQ4MjQgNzUuMDc4OSA3OS4xMzA3IDc0LjQzMDcgODAuMTAzMiA3NC40MzA3SDEwMS4xNzJDMTAyLjE0NSA3NC40MzA3IDEwMi43OTMgNzUuMDc4OSAxMDIuNzkzIDc2LjA1MTRDMTAyLjc5MyA3Ny4wMjM5IDEwMi4xNDUgNzcuNjcyMiAxMDEuMTcyIDc3LjY3MjJaIiBmaWxsPSIjREQzNDJFIi8+CjxwYXRoIGQ9Ik0xMTAuODk2IDc3LjY3MjJIMTA3LjY1NUMxMDYuNjgyIDc3LjY3MjIgMTA2LjAzNCA3Ny4wMjM5IDEwNi4wMzQgNzYuMDUxNEMxMDYuMDM0IDc1LjA3ODkgMTA2LjY4MiA3NC40MzA3IDEwNy42NTUgNzQuNDMwN0gxMTAuODk2QzExMS44NjkgNzQuNDMwNyAxMTIuNTE3IDc1LjA3ODkgMTEyLjUxNyA3Ni4wNTE0QzExMi41MTcgNzcuMDIzOSAxMTEuODY5IDc3LjY3MjIgMTEwLjg5NiA3Ny42NzIyWiIgZmlsbD0iIzQyQjA1QyIvPgo8cGF0aCBkPSJNNjMuODk2MyA1OC4yMjRINjAuNjU0OUM1OS42ODI0IDU4LjIyNCA1OS4wMzQyIDU3LjU3NTcgNTkuMDM0MiA1Ni42MDMyQzU5LjAzNDIgNTUuNjMwNyA1OS42ODI0IDU0Ljk4MjQgNjAuNjU0OSA1NC45ODI0SDYzLjg5NjNDNjQuODY4OCA1NC45ODI0IDY1LjUxNzEgNTUuNjMwNyA2NS41MTcxIDU2LjYwMzJDNjUuNTE3MSA1Ny41NzU3IDY0Ljg2ODggNTguMjI0IDYzLjg5NjMgNTguMjI0WiIgZmlsbD0iIzczODNCRiIvPgo8cGF0aCBkPSJNMTEyLjUxNyA1MS43NDExQzExMi41MTcgNjAuNjU0OSAxMDUuMjI0IDY3Ljk0OCA5Ni4zMTA0IDY3Ljk0OEM4Ny4zOTY2IDY3Ljk0OCA4MC4xMDM1IDYwLjY1NDkgODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNDIuODI3MyA4Ny4zOTY2IDM1LjUzNDIgOTYuMzEwNCAzNS41MzQyQzEwNS4yMjQgMzUuNTM0MiAxMTIuNTE3IDQyLjgyNzMgMTEyLjUxNyA1MS43NDExWiIgZmlsbD0iI0VDQkExNiIvPgo8cGF0aCBkPSJNODAuMTAzNSA1MS43NDExQzgwLjEwMzUgNTIuMjI3MyA4MC4xMDM1IDUyLjg3NTUgODAuMTAzNSA1My4zNjE5SDk2LjMxMDRWMzUuNTM0MkM4Ny4zOTY2IDM1LjUzNDIgODAuMTAzNSA0Mi44MjczIDgwLjEwMzUgNTEuNzQxMVoiIGZpbGw9IiM0MkIwNUMiLz4KPC9nPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzY4N18zMjY4IiB4MT0iMS4yMzIzOWUtMDYiIHkxPSItOS41MDAwMSIgeDI9IjE2OCIgeTI9IjE2MiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjOEZEREZGIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzAwNzVGRiIvPgo8L2xpbmVhckdyYWRpZW50Pgo8Y2xpcFBhdGggaWQ9ImNsaXAwXzY4N18zMjY4Ij4KPHJlY3Qgd2lkdGg9Ijk0IiBoZWlnaHQ9Ijk0IiBmaWxsPSJ3aGl0ZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMjUgMjUpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== - keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "metricsStorages"], ["spec", "logsStorages"], ["spec", "alerta"], ["spec", "alerta", "storage"], ["spec", "alerta", "storageClassName"], ["spec", "alerta", "resources"], ["spec", "alerta", "resources", "limits"], ["spec", "alerta", "resources", "limits", "cpu"], ["spec", "alerta", "resources", "limits", "memory"], ["spec", "alerta", "resources", "requests"], ["spec", "alerta", "resources", "requests", "cpu"], ["spec", "alerta", "resources", "requests", "memory"], ["spec", "alerta", "alerts"], ["spec", "alerta", "alerts", "telegram"], ["spec", "alerta", "alerts", "telegram", "token"], ["spec", "alerta", "alerts", "telegram", "chatID"], ["spec", "alerta", "alerts", "telegram", "disabledSeverity"], ["spec", "grafana"], ["spec", "grafana", "db"], ["spec", "grafana", "db", "size"], ["spec", "grafana", "resources"], ["spec", "grafana", "resources", "limits"], ["spec", "grafana", "resources", "limits", "cpu"], ["spec", "grafana", "resources", "limits", "memory"], ["spec", "grafana", "resources", "requests"], ["spec", "grafana", "resources", "requests", "cpu"], ["spec", "grafana", "resources", "requests", "memory"]] + keysOrder: [["apiVersion"], ["appVersion"], ["kind"], ["metadata"], ["metadata", "name"], ["spec", "host"], ["spec", "metricsStorages"], ["spec", "logsStorages"], ["spec", "alerta"], ["spec", "alerta", "storage"], ["spec", "alerta", "storageClassName"], ["spec", "alerta", "resources"], ["spec", "alerta", "resources", "limits"], ["spec", "alerta", "resources", "limits", "cpu"], ["spec", "alerta", "resources", "limits", "memory"], ["spec", "alerta", "resources", "requests"], ["spec", "alerta", "resources", "requests", "cpu"], ["spec", "alerta", "resources", "requests", "memory"], ["spec", "alerta", "alerts"], ["spec", "alerta", "alerts", "telegram"], ["spec", "alerta", "alerts", "telegram", "token"], ["spec", "alerta", "alerts", "telegram", "chatID"], ["spec", "alerta", "alerts", "telegram", "disabledSeverity"], ["spec", "alerta", "alerts", "slack"], ["spec", "alerta", "alerts", "slack", "url"], ["spec", "grafana"], ["spec", "grafana", "db"], ["spec", "grafana", "db", "size"], ["spec", "grafana", "resources"], ["spec", "grafana", "resources", "limits"], ["spec", "grafana", "resources", "limits", "cpu"], ["spec", "grafana", "resources", "limits", "memory"], ["spec", "grafana", "resources", "requests"], ["spec", "grafana", "resources", "requests", "cpu"], ["spec", "grafana", "resources", "requests", "memory"]] secrets: exclude: [] include: From a545ff3781f2afe0b0b3286a3d0237662a0d5998 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 23 Oct 2025 16:57:09 +0300 Subject: [PATCH 77/80] [redis-operator] Build patched operator in-tree This patch moves the build of the Redis operator into the Cozystack organization and patches it to prevent overwriting third-party labels on owned resources. ```release-note [redis-operator] Move operator into tree and patch it to retain third-party labels on owned resources, reducing noisy traffic to the API server. ``` Signed-off-by: Timofei Larkin --- packages/system/redis-operator/Makefile | 15 +++++++++++ .../images/redis-operator/Dockerfile | 27 +++++++++++++++++++ .../images/redis-operator/patches/labels.diff | 23 ++++++++++++++++ packages/system/redis-operator/values.yaml | 3 ++- 4 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 packages/system/redis-operator/images/redis-operator/Dockerfile create mode 100644 packages/system/redis-operator/images/redis-operator/patches/labels.diff diff --git a/packages/system/redis-operator/Makefile b/packages/system/redis-operator/Makefile index 9ea964dd..650cbc72 100644 --- a/packages/system/redis-operator/Makefile +++ b/packages/system/redis-operator/Makefile @@ -1,6 +1,8 @@ +REDIS_OPERATOR_TAG=$(shell grep -F 'ARG VERSION=' images/redis-operator/Dockerfile | cut -f2 -d=) export NAME=redis-operator export NAMESPACE=cozy-$(NAME) +include ../../../scripts/common-envs.mk include ../../../scripts/package.mk update: @@ -9,3 +11,16 @@ update: helm repo update redis-operator helm pull redis-operator/redis-operator --untar --untardir charts sed -i '/{{/d' charts/redis-operator/crds/databases.spotahome.com_redisfailovers.yaml + +image: + docker buildx build images/redis-operator \ + --tag $(REGISTRY)/redis-operator:$(REDIS_OPERATOR_TAG) \ + --cache-from type=registry,ref=$(REGISTRY)/redis-operator:latest \ + --cache-to type=inline \ + --metadata-file images/redis-operator.json \ + $(BUILDX_ARGS) + REPOSITORY="$(REGISTRY)/redis-operator" \ + yq -i '.redis-operator.image.repository = strenv(REPOSITORY)' values.yaml + TAG=$(REDIS_OPERATOR_TAG)@$$(yq e '."containerimage.digest"' images/redis-operator.json -o json -r) \ + yq -i '.redis-operator.image.tag = strenv(TAG)' values.yaml + rm -f images/redis-operator.json diff --git a/packages/system/redis-operator/images/redis-operator/Dockerfile b/packages/system/redis-operator/images/redis-operator/Dockerfile new file mode 100644 index 00000000..d0d6b682 --- /dev/null +++ b/packages/system/redis-operator/images/redis-operator/Dockerfile @@ -0,0 +1,27 @@ +FROM golang:1.20 AS builder + +ARG VERSION=v1.3.0-rc1 + +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace + +RUN curl -sSL https://github.com/spotahome/redis-operator/archive/refs/tags/${VERSION}.tar.gz | tar -xzvf- --strip=1 + +COPY patches /patches +RUN git apply /patches/*.diff + +RUN GOOS=$TARGETOS GOARCH=$TARGETARCH VERSION=$VERSION ./scripts/build.sh + +FROM alpine:latest +RUN apk --no-cache add \ + ca-certificates +COPY --from=builder /workspace/bin/redis-operator /usr/local/bin +RUN addgroup -g 1000 rf && \ + adduser -D -u 1000 -G rf rf && \ + chown rf:rf /usr/local/bin/redis-operator +USER rf + +ENTRYPOINT ["/usr/local/bin/redis-operator"] + diff --git a/packages/system/redis-operator/images/redis-operator/patches/labels.diff b/packages/system/redis-operator/images/redis-operator/patches/labels.diff new file mode 100644 index 00000000..fe4c4254 --- /dev/null +++ b/packages/system/redis-operator/images/redis-operator/patches/labels.diff @@ -0,0 +1,23 @@ +diff --git a/service/k8s/service.go b/service/k8s/service.go +index 712cc4c0..e84afc92 100644 +--- a/service/k8s/service.go ++++ b/service/k8s/service.go +@@ -10,6 +10,7 @@ import ( + + "github.com/spotahome/redis-operator/log" + "github.com/spotahome/redis-operator/metrics" ++ "github.com/spotahome/redis-operator/operator/redisfailover/util" + ) + + // Service the ServiceAccount service that knows how to interact with k8s to manage them +@@ -95,6 +96,10 @@ func (s *ServiceService) CreateOrUpdateService(namespace string, service *corev1 + // namespace is our spec(https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#concurrency-control-and-consistency), + // we will replace the current namespace state. + service.ResourceVersion = storedService.ResourceVersion ++ newLabels := util.MergeLabels(storedService.GetLabels(), service.GetLabels()) ++ newAnnotations := util.MergeAnnotations(storedService.GetAnnotations(), service.GetAnnotations()) ++ service.SetLabels(newLabels) ++ service.SetAnnotations(newAnnotations) + return s.UpdateService(namespace, service) + } + diff --git a/packages/system/redis-operator/values.yaml b/packages/system/redis-operator/values.yaml index eb8c61a9..77e91011 100644 --- a/packages/system/redis-operator/values.yaml +++ b/packages/system/redis-operator/values.yaml @@ -1,3 +1,4 @@ redis-operator: image: - tag: v1.3.0-rc1 + repository: ghcr.io/cozystack/cozystack/redis-operator + tag: v1.3.0-rc1@sha256:a4012e6a1b5daaedb57cc27edfdbff52124de4164b5ec0ee53c5ce5710ef4c25 From dc0eebd81e9aa9d6ad535a18e38fc10a572d69dc Mon Sep 17 00:00:00 2001 From: nbykov0 <166552198+nbykov0@users.noreply.github.com> Date: Thu, 23 Oct 2025 18:51:46 +0300 Subject: [PATCH 78/80] [system] kube-ovn: enableLb -> false Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com> --- packages/system/kubeovn/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 74f21b52..33d59db2 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -2,6 +2,7 @@ kube-ovn: namespace: cozy-kubeovn func: ENABLE_NP: false + ENABLE_LB: false ipv4: POD_CIDR: "10.244.0.0/16" POD_GATEWAY: "10.244.0.1" From 5a20693d675376bc20e61deb928e575cb9660866 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Fri, 24 Oct 2025 09:52:16 +0300 Subject: [PATCH 79/80] Update docs/changelogs/v0.36.2.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Signed-off-by: Timofei Larkin --- docs/changelogs/v0.36.2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelogs/v0.36.2.md b/docs/changelogs/v0.36.2.md index 05e17d2a..9e912e69 100644 --- a/docs/changelogs/v0.36.2.md +++ b/docs/changelogs/v0.36.2.md @@ -15,4 +15,4 @@ https://github.com/cozystack/cozystack/releases/tag/v0.36.2 --- -**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.1...main +**Full Changelog**: [v0.36.1...v0.36.2](https://github.com/cozystack/cozystack/compare/v0.36.1...v0.36.2) From f4e0145c1c79939312cebd664440ac2e09b38607 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Mon, 20 Oct 2025 17:23:37 +0300 Subject: [PATCH 80/80] [api] Use shared informer cache This patch changes all clients in the Cozystack API server to typed ones from the controller runtime. This should improve the performance of the API server and simplifies the code by removing work with unstructured objects and dynamic clients. ```release-note [api] Use typed and cache-backed k8s clients in the Cozystack API to improve performance. Get rid of operations on unstructured objects and use of dynamic clients. ``` Signed-off-by: Timofei Larkin --- .../system/cozystack-api/templates/rbac.yaml | 2 +- pkg/apiserver/apiserver.go | 86 +++++--- pkg/registry/apps/application/rest.go | 187 ++++++++---------- pkg/registry/core/tenantmodule/rest.go | 98 ++++----- pkg/registry/core/tenantnamespace/rest.go | 44 ++--- pkg/registry/core/tenantsecret/rest.go | 70 ++++--- pkg/registry/core/tenantsecretstable/rest.go | 36 +++- 7 files changed, 283 insertions(+), 240 deletions(-) diff --git a/packages/system/cozystack-api/templates/rbac.yaml b/packages/system/cozystack-api/templates/rbac.yaml index e4b3aca9..0429b9ef 100644 --- a/packages/system/cozystack-api/templates/rbac.yaml +++ b/packages/system/cozystack-api/templates/rbac.yaml @@ -4,7 +4,7 @@ metadata: name: cozystack-api rules: - apiGroups: [""] - resources: ["namespaces", "secrets"] + resources: ["namespaces", "secrets", "services"] verbs: ["get", "watch", "list"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["rolebindings"] diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index e829d336..d5814ee7 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -17,18 +17,22 @@ limitations under the License. package apiserver import ( + "context" "fmt" + "time" helmv2 "github.com/fluxcd/helm-controller/api/v2" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apiserver/pkg/registry/rest" genericapiserver "k8s.io/apiserver/pkg/server" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/kubernetes" - restclient "k8s.io/client-go/rest" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/client" "github.com/cozystack/cozystack/pkg/apis/apps" appsinstall "github.com/cozystack/cozystack/pkg/apis/apps/install" @@ -50,6 +54,7 @@ var ( // versions and content types. Codecs = serializer.NewCodecFactory(Scheme) CozyComponentName = "cozy" + syncPeriod = 5 * time.Minute ) func init() { @@ -58,9 +63,15 @@ func init() { // Register HelmRelease types. if err := helmv2.AddToScheme(Scheme); err != nil { - panic(fmt.Sprintf("Failed to add HelmRelease types to scheme: %v", err)) + panic(fmt.Errorf("Failed to add HelmRelease types to scheme: %w", err)) } + if err := corev1.AddToScheme(Scheme); err != nil { + panic(fmt.Errorf("Failed to add core types to scheme: %w", err)) + } + if err := rbacv1.AddToScheme(Scheme); err != nil { + panic(fmt.Errorf("Failed to add RBAC types to scheme: %w", err)) + } // Add unversioned types. metav1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) @@ -118,43 +129,59 @@ func (c completedConfig) New() (*CozyServer, error) { } // Create a dynamic client for HelmRelease using InClusterConfig. - inClusterConfig, err := restclient.InClusterConfig() + cfg, err := ctrl.GetConfig() if err != nil { - return nil, fmt.Errorf("unable to get in-cluster config: %v", err) + return nil, fmt.Errorf("failed to get kubeconfig: %w", err) } - dynamicClient, err := dynamic.NewForConfig(inClusterConfig) + mgr, err := ctrl.NewManager(cfg, ctrl.Options{ + Scheme: Scheme, + Cache: cache.Options{SyncPeriod: &syncPeriod}, + }) if err != nil { - return nil, fmt.Errorf("unable to create dynamic client: %v", err) + return nil, fmt.Errorf("failed to build manager: %w", err) } - clientset, err := kubernetes.NewForConfig(inClusterConfig) - if err != nil { - return nil, fmt.Errorf("create kube clientset: %v", err) + ctx := ctrl.SetupSignalHandler() + + if err = mustGetInformers(ctx, mgr, + &helmv2.HelmRelease{}, + &corev1.Secret{}, + &corev1.Namespace{}, + &corev1.Service{}, + &rbacv1.RoleBinding{}, + ); err != nil { + return nil, fmt.Errorf("failed to get informers: %w", err) } + go func() { + if err := mgr.Start(ctx); err != nil { + panic(fmt.Errorf("manager start failed: %w", err)) + } + }() + + if ok := mgr.GetCache().WaitForCacheSync(ctx); !ok { + return nil, fmt.Errorf("cache sync failed") + } + + cli := mgr.GetClient() + watchCli, err := client.NewWithWatch(cfg, client.Options{Scheme: Scheme}) + if err != nil { + return nil, fmt.Errorf("failed to build watch client: %w", err) + } // --- static, cluster-scoped resource for core group --- coreV1alpha1Storage := map[string]rest.Storage{} coreV1alpha1Storage["tenantnamespaces"] = cozyregistry.RESTInPeace( - tenantnamespacestorage.NewREST( - clientset.CoreV1(), - clientset.RbacV1(), - ), + tenantnamespacestorage.NewREST(cli, watchCli), ) coreV1alpha1Storage["tenantsecrets"] = cozyregistry.RESTInPeace( - tenantsecretstorage.NewREST( - clientset.CoreV1(), - ), + tenantsecretstorage.NewREST(cli, watchCli), ) coreV1alpha1Storage["tenantsecretstables"] = cozyregistry.RESTInPeace( - tenantsecretstablestorage.NewREST( - clientset.CoreV1(), - ), + tenantsecretstablestorage.NewREST(cli, watchCli), ) coreV1alpha1Storage["tenantmodules"] = cozyregistry.RESTInPeace( - tenantmodulestorage.NewREST( - dynamicClient, - ), + tenantmodulestorage.NewREST(cli, watchCli), ) coreApiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(core.GroupName, Scheme, metav1.ParameterCodec, Codecs) @@ -166,7 +193,7 @@ func (c completedConfig) New() (*CozyServer, error) { // --- dynamically-configured, per-tenant resources --- appsV1alpha1Storage := map[string]rest.Storage{} for _, resConfig := range c.ResourceConfig.Resources { - storage := applicationstorage.NewREST(dynamicClient, &resConfig) + storage := applicationstorage.NewREST(cli, watchCli, &resConfig) appsV1alpha1Storage[resConfig.Application.Plural] = cozyregistry.RESTInPeace(storage) } appsApiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apps.GroupName, Scheme, metav1.ParameterCodec, Codecs) @@ -177,3 +204,12 @@ func (c completedConfig) New() (*CozyServer, error) { return s, nil } + +func mustGetInformers(ctx context.Context, mgr ctrl.Manager, types ...client.Object) error { + for i := range types { + if _, err := mgr.GetCache().GetInformer(ctx, types[i]); err != nil { + return fmt.Errorf("failed to get informer for %T: %w", types[i], err) + } + } + return nil +} diff --git a/pkg/registry/apps/application/rest.go b/pkg/registry/apps/application/rest.go index 388d741f..37a5d9a5 100644 --- a/pkg/registry/apps/application/rest.go +++ b/pkg/registry/apps/application/rest.go @@ -37,8 +37,8 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/client-go/dynamic" "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" appsv1alpha1 "github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1" "github.com/cozystack/cozystack/pkg/config" @@ -76,7 +76,8 @@ var helmReleaseGVR = schema.GroupVersionResource{ // REST implements the RESTStorage interface for Application resources type REST struct { - dynamicClient dynamic.Interface + c client.Client + w client.WithWatch gvr schema.GroupVersionResource gvk schema.GroupVersionKind kindName string @@ -86,7 +87,7 @@ type REST struct { } // NewREST creates a new REST storage for Application with specific configuration -func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST { +func NewREST(c client.Client, w client.WithWatch, config *config.Resource) *REST { var specSchema *structuralschema.Structural if raw := strings.TrimSpace(config.Application.OpenAPISchema); raw != "" { @@ -110,7 +111,8 @@ func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST { } return &REST{ - dynamicClient: dynamicClient, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: appsv1alpha1.GroupName, Version: "v1alpha1", @@ -158,30 +160,23 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation helmRelease.Labels = mergeMaps(helmRelease.Labels, addPrefixedMap(app.Labels, LabelPrefix)) // Note: Annotations from config are not handled as r.releaseConfig.Annotations is undefined - // Convert HelmRelease to unstructured format - unstructuredHR, err := runtime.DefaultUnstructuredConverter.ToUnstructured(helmRelease) - if err != nil { - klog.Errorf("Failed to convert HelmRelease to unstructured: %v", err) - return nil, fmt.Errorf("failed to convert HelmRelease to unstructured: %v", err) - } - klog.V(6).Infof("Creating HelmRelease %s in namespace %s", helmRelease.Name, app.Namespace) // Create HelmRelease in Kubernetes - createdHR, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(app.Namespace).Create(ctx, &unstructured.Unstructured{Object: unstructuredHR}, *options) + err = r.c.Create(ctx, helmRelease, &client.CreateOptions{Raw: options}) if err != nil { klog.Errorf("Failed to create HelmRelease %s: %v", helmRelease.Name, err) return nil, fmt.Errorf("failed to create HelmRelease: %v", err) } // Convert the created HelmRelease back to Application - convertedApp, err := r.ConvertHelmReleaseToApplication(createdHR) + convertedApp, err := r.ConvertHelmReleaseToApplication(helmRelease) if err != nil { - klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", createdHR.GetName(), err) + klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", helmRelease.GetName(), err) return nil, fmt.Errorf("conversion error: %v", err) } - klog.V(6).Infof("Successfully created and converted HelmRelease %s to Application", createdHR.GetName()) + klog.V(6).Infof("Successfully created and converted HelmRelease %s to Application", helmRelease.GetName()) // Convert Application to unstructured format unstructuredApp, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&convertedApp) @@ -206,7 +201,8 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) // Get the corresponding HelmRelease using the new prefix helmReleaseName := r.releaseConfig.Prefix + name - hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, helmReleaseName, *options) + helmRelease := &helmv2.HelmRelease{} + err = r.c.Get(ctx, client.ObjectKey{Namespace: namespace, Name: helmReleaseName}, helmRelease, &client.GetOptions{Raw: options}) if err != nil { klog.Errorf("Error retrieving HelmRelease for resource %s: %v", name, err) @@ -221,14 +217,14 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) } // Check if HelmRelease meets the required chartName and sourceRef criteria - if !r.shouldIncludeHelmRelease(hr) { + if !r.shouldIncludeHelmRelease(helmRelease) { klog.Errorf("HelmRelease %s does not match the required chartName and sourceRef criteria", helmReleaseName) // Return a NotFound error for the Application resource return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) } // Convert HelmRelease to Application - convertedApp, err := r.ConvertHelmReleaseToApplication(hr) + convertedApp, err := r.ConvertHelmReleaseToApplication(helmRelease) if err != nil { klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", name, err) return nil, fmt.Errorf("conversion error: %v", err) @@ -325,7 +321,11 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption } // List HelmReleases with mapped selectors - hrList, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).List(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + err = r.c.List(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error listing HelmReleases: %v", err) return nil, err @@ -335,14 +335,14 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption items := make([]unstructured.Unstructured, 0) // Iterate over HelmReleases and convert to Applications - for _, hr := range hrList.Items { - if !r.shouldIncludeHelmRelease(&hr) { + for i := range hrList.Items { + if !r.shouldIncludeHelmRelease(&hrList.Items[i]) { continue } - app, err := r.ConvertHelmReleaseToApplication(&hr) + app, err := r.ConvertHelmReleaseToApplication(&hrList.Items[i]) if err != nil { - klog.Errorf("Error converting HelmRelease %s to Application: %v", hr.GetName(), err) + klog.Errorf("Error converting HelmRelease %s to Application: %v", hrList.Items[i].GetName(), err) continue } @@ -457,7 +457,8 @@ func (r *REST) Update(ctx context.Context, name string, objInfo rest.UpdatedObje // Ensure ResourceVersion if helmRelease.ResourceVersion == "" { - cur, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(helmRelease.Namespace).Get(ctx, helmRelease.Name, metav1.GetOptions{}) + cur := &helmv2.HelmRelease{} + err := r.c.Get(ctx, client.ObjectKey{Namespace: helmRelease.Namespace, Name: helmRelease.Name}, cur, &client.GetOptions{Raw: &metav1.GetOptions{}}) if err != nil { return nil, false, fmt.Errorf("failed to fetch current HelmRelease: %w", err) } @@ -470,53 +471,38 @@ func (r *REST) Update(ctx context.Context, name string, objInfo rest.UpdatedObje helmRelease.Labels = mergeMaps(helmRelease.Labels, addPrefixedMap(app.Labels, LabelPrefix)) // Note: Annotations from config are not handled as r.releaseConfig.Annotations is undefined - // Convert HelmRelease to unstructured format - unstructuredHR, err := runtime.DefaultUnstructuredConverter.ToUnstructured(helmRelease) - if err != nil { - klog.Errorf("Failed to convert HelmRelease to unstructured: %v", err) - return nil, false, fmt.Errorf("failed to convert HelmRelease to unstructured: %v", err) - } - - // Retrieve metadata from unstructured object - metadata, found, err := unstructured.NestedMap(unstructuredHR, "metadata") - if err != nil || !found { - klog.Errorf("Failed to retrieve metadata from HelmRelease: %v, found: %v", err, found) - return nil, false, fmt.Errorf("failed to retrieve metadata from HelmRelease: %v", err) - } - klog.V(6).Infof("HelmRelease Metadata: %+v", metadata) - klog.V(6).Infof("Updating HelmRelease %s in namespace %s", helmRelease.Name, helmRelease.Namespace) // Before updating, ensure the HelmRelease meets the inclusion criteria // This prevents updating HelmReleases that should not be managed as Applications - if !r.shouldIncludeHelmRelease(&unstructured.Unstructured{Object: unstructuredHR}) { + if !r.shouldIncludeHelmRelease(helmRelease) { klog.Errorf("HelmRelease %s does not match the required chartName and sourceRef criteria", helmRelease.Name) // Return a NotFound error for the Application resource return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) } // Update the HelmRelease in Kubernetes - resultHR, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(helmRelease.Namespace).Update(ctx, &unstructured.Unstructured{Object: unstructuredHR}, metav1.UpdateOptions{}) + err = r.c.Update(ctx, helmRelease, &client.UpdateOptions{Raw: &metav1.UpdateOptions{}}) if err != nil { klog.Errorf("Failed to update HelmRelease %s: %v", helmRelease.Name, err) return nil, false, fmt.Errorf("failed to update HelmRelease: %v", err) } // After updating, ensure the updated HelmRelease still meets the inclusion criteria - if !r.shouldIncludeHelmRelease(resultHR) { - klog.Errorf("Updated HelmRelease %s does not match the required chartName and sourceRef criteria", resultHR.GetName()) + if !r.shouldIncludeHelmRelease(helmRelease) { + klog.Errorf("Updated HelmRelease %s does not match the required chartName and sourceRef criteria", helmRelease.GetName()) // Return a NotFound error for the Application resource return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) } // Convert the updated HelmRelease back to Application - convertedApp, err := r.ConvertHelmReleaseToApplication(resultHR) + convertedApp, err := r.ConvertHelmReleaseToApplication(helmRelease) if err != nil { - klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", resultHR.GetName(), err) + klog.Errorf("Conversion error from HelmRelease to Application for resource %s: %v", helmRelease.GetName(), err) return nil, false, fmt.Errorf("conversion error: %v", err) } - klog.V(6).Infof("Successfully updated and converted HelmRelease %s to Application", resultHR.GetName()) + klog.V(6).Infof("Successfully updated and converted HelmRelease %s to Application", helmRelease.GetName()) // Explicitly set apiVersion and kind for Application convertedApp.TypeMeta = metav1.TypeMeta{ @@ -554,7 +540,8 @@ func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.Va helmReleaseName := r.releaseConfig.Prefix + name // Retrieve the HelmRelease before attempting to delete - hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, helmReleaseName, metav1.GetOptions{}) + helmRelease := &helmv2.HelmRelease{} + err = r.c.Get(ctx, client.ObjectKey{Namespace: namespace, Name: helmReleaseName}, helmRelease, &client.GetOptions{Raw: &metav1.GetOptions{}}) if err != nil { if apierrors.IsNotFound(err) { // If HelmRelease does not exist, return NotFound error for Application @@ -567,7 +554,7 @@ func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.Va } // Validate that the HelmRelease meets the inclusion criteria - if !r.shouldIncludeHelmRelease(hr) { + if !r.shouldIncludeHelmRelease(helmRelease) { klog.Errorf("HelmRelease %s does not match the required chartName and sourceRef criteria", helmReleaseName) // Return NotFound error for Application resource return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) @@ -576,7 +563,7 @@ func (r *REST) Delete(ctx context.Context, name string, deleteValidation rest.Va klog.V(6).Infof("Deleting HelmRelease %s in namespace %s", helmReleaseName, namespace) // Delete the HelmRelease corresponding to the Application - err = r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Delete(ctx, helmReleaseName, *options) + err = r.c.Delete(ctx, helmRelease, &client.DeleteOptions{Raw: options}) if err != nil { klog.Errorf("Failed to delete HelmRelease %s: %v", helmReleaseName, err) return nil, false, fmt.Errorf("failed to delete HelmRelease: %v", err) @@ -659,7 +646,11 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio } // Start watch on HelmRelease with mapped selectors - helmWatcher, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Watch(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + helmWatcher, err := r.w.Watch(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error setting up watch for HelmReleases: %v", err) return nil, err @@ -669,13 +660,15 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio customW := &customWatcher{ resultChan: make(chan watch.Event), stopChan: make(chan struct{}), + underlying: helmWatcher, } go func() { defer close(customW.resultChan) + defer customW.underlying.Stop() for { select { - case event, ok := <-helmWatcher.ResultChan(): + case event, ok := <-customW.underlying.ResultChan(): if !ok { // The watcher has been closed, attempt to re-establish the watch klog.Warning("HelmRelease watcher closed, attempting to re-establish") @@ -689,19 +682,19 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio continue // Skip processing this event } - // Proceed with processing Unstructured objects - matches, err := r.isRelevantHelmRelease(&event) - if err != nil { - klog.V(4).Infof("Non-critical error filtering HelmRelease event: %v", err) + // Proceed with processing HelmRelease objects + hr, ok := event.Object.(*helmv2.HelmRelease) + if !ok { + klog.V(4).Infof("Expected HelmRelease object, got %T", event.Object) continue } - if !matches { + if !r.shouldIncludeHelmRelease(hr) { continue } // Convert HelmRelease to Application - app, err := r.ConvertHelmReleaseToApplication(event.Object.(*unstructured.Unstructured)) + app, err := r.ConvertHelmReleaseToApplication(hr) if err != nil { klog.Errorf("Error converting HelmRelease to Application: %v", err) continue @@ -771,12 +764,16 @@ type customWatcher struct { resultChan chan watch.Event stopChan chan struct{} stopOnce sync.Once + underlying watch.Interface } // Stop terminates the watch func (cw *customWatcher) Stop() { cw.stopOnce.Do(func() { close(cw.stopChan) + if cw.underlying != nil { + cw.underlying.Stop() + } }) } @@ -785,34 +782,18 @@ func (cw *customWatcher) ResultChan() <-chan watch.Event { return cw.resultChan } -// isRelevantHelmRelease checks if the HelmRelease meets the sourceRef and prefix criteria -func (r *REST) isRelevantHelmRelease(event *watch.Event) (bool, error) { - if event.Object == nil { - return false, nil - } - - // Check if the object is a *v1.Status - if status, ok := event.Object.(*metav1.Status); ok { - // Log at a less severe level or handle specific status errors if needed - klog.V(4).Infof("Received Status object in HelmRelease watch: %v", status.Message) - return false, nil // Not relevant for processing as a HelmRelease - } - - // Proceed if it's an Unstructured object - hr, ok := event.Object.(*unstructured.Unstructured) - if !ok { - return false, fmt.Errorf("expected Unstructured object, got %T", event.Object) - } - - return r.shouldIncludeHelmRelease(hr), nil -} - // shouldIncludeHelmRelease determines if a HelmRelease should be included based on filtering criteria -func (r *REST) shouldIncludeHelmRelease(hr *unstructured.Unstructured) bool { +func (r *REST) shouldIncludeHelmRelease(hr *helmv2.HelmRelease) bool { + // Nil check for Chart field + if hr.Spec.Chart == nil { + klog.V(6).Infof("HelmRelease %s has nil spec.chart field", hr.GetName()) + return false + } + // Filter by Chart Name - chartName, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "chart") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.chart field: %v", hr.GetName(), err) + chartName := hr.Spec.Chart.Spec.Chart + if chartName == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.chart field", hr.GetName()) return false } if chartName != r.releaseConfig.Chart.Name { @@ -825,21 +806,29 @@ func (r *REST) shouldIncludeHelmRelease(hr *unstructured.Unstructured) bool { } // matchesSourceRefAndPrefix checks both SourceRefConfig and Prefix criteria -func (r *REST) matchesSourceRefAndPrefix(hr *unstructured.Unstructured) bool { +func (r *REST) matchesSourceRefAndPrefix(hr *helmv2.HelmRelease) bool { + // Nil check for Chart field (defensive) + if hr.Spec.Chart == nil { + klog.V(6).Infof("HelmRelease %s has nil spec.chart field", hr.GetName()) + return false + } + // Extract SourceRef fields - sourceRefKind, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "sourceRef", "kind") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.kind field: %v", hr.GetName(), err) + sourceRef := hr.Spec.Chart.Spec.SourceRef + sourceRefKind := sourceRef.Kind + sourceRefName := sourceRef.Name + sourceRefNamespace := sourceRef.Namespace + + if sourceRefKind == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.kind field", hr.GetName()) return false } - sourceRefName, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "sourceRef", "name") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.name field: %v", hr.GetName(), err) + if sourceRefName == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.name field", hr.GetName()) return false } - sourceRefNamespace, found, err := unstructured.NestedString(hr.Object, "spec", "chart", "spec", "sourceRef", "namespace") - if err != nil || !found { - klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.namespace field: %v", hr.GetName(), err) + if sourceRefNamespace == "" { + klog.V(6).Infof("HelmRelease %s missing spec.chart.spec.sourceRef.namespace field", hr.GetName()) return false } @@ -930,19 +919,11 @@ func filterPrefixedMap(original map[string]string, prefix string) map[string]str } // ConvertHelmReleaseToApplication converts a HelmRelease to an Application -func (r *REST) ConvertHelmReleaseToApplication(hr *unstructured.Unstructured) (appsv1alpha1.Application, error) { +func (r *REST) ConvertHelmReleaseToApplication(hr *helmv2.HelmRelease) (appsv1alpha1.Application, error) { klog.V(6).Infof("Converting HelmRelease to Application for resource %s", hr.GetName()) - var helmRelease helmv2.HelmRelease - // Convert unstructured to HelmRelease struct - err := runtime.DefaultUnstructuredConverter.FromUnstructured(hr.Object, &helmRelease) - if err != nil { - klog.Errorf("Error converting from unstructured to HelmRelease: %v", err) - return appsv1alpha1.Application{}, err - } - // Convert HelmRelease struct to Application struct - app, err := r.convertHelmReleaseToApplication(&helmRelease) + app, err := r.convertHelmReleaseToApplication(hr) if err != nil { klog.Errorf("Error converting from HelmRelease to Application: %v", err) return appsv1alpha1.Application{}, err diff --git a/pkg/registry/core/tenantmodule/rest.go b/pkg/registry/core/tenantmodule/rest.go index aa7d4eeb..852a0b64 100644 --- a/pkg/registry/core/tenantmodule/rest.go +++ b/pkg/registry/core/tenantmodule/rest.go @@ -32,12 +32,13 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/duration" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - "k8s.io/client-go/dynamic" "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -69,17 +70,19 @@ var helmReleaseGVR = schema.GroupVersionResource{ // REST implements the RESTStorage interface for TenantModule resources type REST struct { - dynamicClient dynamic.Interface - gvr schema.GroupVersionResource - gvk schema.GroupVersionKind - kindName string - singularName string + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource + gvk schema.GroupVersionKind + kindName string + singularName string } // NewREST creates a new REST storage for TenantModule -func NewREST(dynamicClient dynamic.Interface) *REST { +func NewREST(c client.Client, w client.WithWatch) *REST { return &REST{ - dynamicClient: dynamicClient, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -115,7 +118,8 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) klog.V(6).Infof("Attempting to retrieve TenantModule %s in namespace %s", name, namespace) // Get the corresponding HelmRelease - hr, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Get(ctx, name, *options) + hr := &helmv2.HelmRelease{} + err = r.c.Get(ctx, types.NamespacedName{Namespace: namespace, Name: name}, hr, &client.GetOptions{Raw: options}) if err != nil { klog.Errorf("Error retrieving HelmRelease for TenantModule %s: %v", name, err) @@ -231,7 +235,11 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption } // List HelmReleases with mapped selectors - hrList, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).List(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + err = r.c.List(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error listing HelmReleases: %v", err) return nil, err @@ -241,15 +249,15 @@ func (r *REST) List(ctx context.Context, options *metainternalversion.ListOption items := make([]unstructured.Unstructured, 0) // Iterate over HelmReleases and convert to TenantModules - for _, hr := range hrList.Items { + for i := range hrList.Items { // Double-check the label requirement - if !r.hasTenantModuleLabel(&hr) { + if !r.hasTenantModuleLabel(&hrList.Items[i]) { continue } - module, err := r.ConvertHelmReleaseToTenantModule(&hr) + module, err := r.ConvertHelmReleaseToTenantModule(&hrList.Items[i]) if err != nil { - klog.Errorf("Error converting HelmRelease %s to TenantModule: %v", hr.GetName(), err) + klog.Errorf("Error converting HelmRelease %s to TenantModule: %v", hrList.Items[i].GetName(), err) continue } @@ -376,7 +384,11 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio } // Start watch on HelmRelease with mapped selectors - helmWatcher, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(namespace).Watch(ctx, metaOptions) + hrList := &helmv2.HelmReleaseList{} + helmWatcher, err := r.w.Watch(ctx, hrList, &client.ListOptions{ + Namespace: namespace, + Raw: &metaOptions, + }) if err != nil { klog.Errorf("Error setting up watch for HelmReleases: %v", err) return nil, err @@ -386,13 +398,15 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio customW := &customWatcher{ resultChan: make(chan watch.Event), stopChan: make(chan struct{}), + underlying: helmWatcher, } go func() { defer close(customW.resultChan) + defer customW.underlying.Stop() for { select { - case event, ok := <-helmWatcher.ResultChan(): + case event, ok := <-customW.underlying.ResultChan(): if !ok { // The watcher has been closed, attempt to re-establish the watch klog.Warning("HelmRelease watcher closed, attempting to re-establish") @@ -406,19 +420,19 @@ func (r *REST) Watch(ctx context.Context, options *metainternalversion.ListOptio continue // Skip processing this event } - // Proceed with processing Unstructured objects - matches, err := r.isRelevantHelmRelease(&event) - if err != nil { - klog.V(4).Infof("Non-critical error filtering HelmRelease event: %v", err) + // Proceed with processing HelmRelease objects + hr, ok := event.Object.(*helmv2.HelmRelease) + if !ok { + klog.V(4).Infof("Expected HelmRelease object, got %T", event.Object) continue } - if !matches { + if !r.hasTenantModuleLabel(hr) { continue } // Convert HelmRelease to TenantModule - module, err := r.ConvertHelmReleaseToTenantModule(event.Object.(*unstructured.Unstructured)) + module, err := r.ConvertHelmReleaseToTenantModule(hr) if err != nil { klog.Errorf("Error converting HelmRelease to TenantModule: %v", err) continue @@ -480,12 +494,16 @@ type customWatcher struct { resultChan chan watch.Event stopChan chan struct{} stopOnce sync.Once + underlying watch.Interface } // Stop terminates the watch func (cw *customWatcher) Stop() { cw.stopOnce.Do(func() { close(cw.stopChan) + if cw.underlying != nil { + cw.underlying.Stop() + } }) } @@ -494,30 +512,8 @@ func (cw *customWatcher) ResultChan() <-chan watch.Event { return cw.resultChan } -// isRelevantHelmRelease checks if the HelmRelease has the tenant module label -func (r *REST) isRelevantHelmRelease(event *watch.Event) (bool, error) { - if event.Object == nil { - return false, nil - } - - // Check if the object is a *v1.Status - if status, ok := event.Object.(*metav1.Status); ok { - // Log at a less severe level or handle specific status errors if needed - klog.V(4).Infof("Received Status object in HelmRelease watch: %v", status.Message) - return false, nil // Not relevant for processing as a HelmRelease - } - - // Proceed if it's an Unstructured object - hr, ok := event.Object.(*unstructured.Unstructured) - if !ok { - return false, fmt.Errorf("expected Unstructured object, got %T", event.Object) - } - - return r.hasTenantModuleLabel(hr), nil -} - // hasTenantModuleLabel checks if a HelmRelease has the required tenant module label -func (r *REST) hasTenantModuleLabel(hr *unstructured.Unstructured) bool { +func (r *REST) hasTenantModuleLabel(hr *helmv2.HelmRelease) bool { labels := hr.GetLabels() if labels == nil { return false @@ -554,19 +550,11 @@ func (r *REST) getNamespace(ctx context.Context) (string, error) { } // ConvertHelmReleaseToTenantModule converts a HelmRelease to a TenantModule -func (r *REST) ConvertHelmReleaseToTenantModule(hr *unstructured.Unstructured) (corev1alpha1.TenantModule, error) { +func (r *REST) ConvertHelmReleaseToTenantModule(hr *helmv2.HelmRelease) (corev1alpha1.TenantModule, error) { klog.V(6).Infof("Converting HelmRelease to TenantModule for resource %s", hr.GetName()) - var helmRelease helmv2.HelmRelease - // Convert unstructured to HelmRelease struct - err := runtime.DefaultUnstructuredConverter.FromUnstructured(hr.Object, &helmRelease) - if err != nil { - klog.Errorf("Error converting from unstructured to HelmRelease: %v", err) - return corev1alpha1.TenantModule{}, err - } - // Convert HelmRelease struct to TenantModule struct - module, err := r.convertHelmReleaseToTenantModule(&helmRelease) + module, err := r.convertHelmReleaseToTenantModule(hr) if err != nil { klog.Errorf("Error converting from HelmRelease to TenantModule: %v", err) return corev1alpha1.TenantModule{}, err diff --git a/pkg/registry/core/tenantnamespace/rest.go b/pkg/registry/core/tenantnamespace/rest.go index 56098740..68d9fe3c 100644 --- a/pkg/registry/core/tenantnamespace/rest.go +++ b/pkg/registry/core/tenantnamespace/rest.go @@ -12,17 +12,18 @@ import ( "time" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/duration" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -46,18 +47,18 @@ var ( ) type REST struct { - core corev1client.CoreV1Interface - rbac rbacv1client.RbacV1Interface - gvr schema.GroupVersionResource + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource } func NewREST( - coreCli corev1client.CoreV1Interface, - rbacCli rbacv1client.RbacV1Interface, + c client.Client, + w client.WithWatch, ) *REST { return &REST{ - core: coreCli, - rbac: rbacCli, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -89,7 +90,8 @@ func (r *REST) List( ctx context.Context, _ *metainternal.ListOptions, ) (runtime.Object, error) { - nsList, err := r.core.Namespaces().List(ctx, metav1.ListOptions{}) + nsList := &corev1.NamespaceList{} + err := r.c.List(ctx, nsList) if err != nil { return nil, err } @@ -118,7 +120,8 @@ func (r *REST) Get( return nil, apierrors.NewNotFound(r.gvr.GroupResource(), name) } - ns, err := r.core.Namespaces().Get(ctx, name, *opts) + ns := &corev1.Namespace{} + err := r.c.Get(ctx, types.NamespacedName{Namespace: "", Name: name}, ns, &client.GetOptions{Raw: opts}) if err != nil { return nil, err } @@ -128,14 +131,7 @@ func (r *REST) Get( APIVersion: corev1alpha1.SchemeGroupVersion.String(), Kind: "TenantNamespace", }, - ObjectMeta: metav1.ObjectMeta{ - Name: ns.Name, - UID: ns.UID, - ResourceVersion: ns.ResourceVersion, - CreationTimestamp: ns.CreationTimestamp, - Labels: ns.Labels, - Annotations: ns.Annotations, - }, + ObjectMeta: ns.ObjectMeta, }, nil } @@ -144,10 +140,11 @@ func (r *REST) Get( // ----------------------------------------------------------------------------- func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch.Interface, error) { - nsWatch, err := r.core.Namespaces().Watch(ctx, metav1.ListOptions{ + nsList := &corev1.NamespaceList{} + nsWatch, err := r.w.Watch(ctx, nsList, &client.ListOptions{Raw: &metav1.ListOptions{ Watch: true, ResourceVersion: opts.ResourceVersion, - }) + }}) if err != nil { return nil, err } @@ -282,9 +279,10 @@ func (r *REST) filterAccessible( for _, name := range names { nameSet[name] = struct{}{} } - rbs, err := r.rbac.RoleBindings("").List(ctx, metav1.ListOptions{}) + rbs := &rbacv1.RoleBindingList{} + err := r.c.List(ctx, rbs) if err != nil { - return []string{}, fmt.Errorf("failed to list rolebindings") + return []string{}, fmt.Errorf("failed to list rolebindings: %w", err) } allowedNameSet := make(map[string]struct{}) for i := range rbs.Items { diff --git a/pkg/registry/core/tenantsecret/rest.go b/pkg/registry/core/tenantsecret/rest.go index ad477527..a13426e6 100644 --- a/pkg/registry/core/tenantsecret/rest.go +++ b/pkg/registry/core/tenantsecret/rest.go @@ -25,7 +25,7 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -157,13 +157,15 @@ var ( ) type REST struct { - core corev1client.CoreV1Interface - gvr schema.GroupVersionResource + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource } -func NewREST(coreCli corev1client.CoreV1Interface) *REST { +func NewREST(c client.Client, w client.WithWatch) *REST { return &REST{ - core: coreCli, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -203,11 +205,11 @@ func (r *REST) Create( } sec := tenantToSecret(in, nil) - out, err := r.core.Secrets(sec.Namespace).Create(ctx, sec, *opts) + err := r.c.Create(ctx, sec, &client.CreateOptions{Raw: opts}) if err != nil { return nil, err } - return secretToTenant(out), nil + return secretToTenant(sec), nil } func (r *REST) Get( @@ -219,7 +221,8 @@ func (r *REST) Get( if err != nil { return nil, err } - sec, err := r.core.Secrets(ns).Get(ctx, name, *opts) + sec := &corev1.Secret{} + err = r.c.Get(ctx, types.NamespacedName{Namespace: ns, Name: name}, sec, &client.GetOptions{Raw: opts}) if err != nil { return nil, err } @@ -247,10 +250,14 @@ func (r *REST) List(ctx context.Context, opts *metainternal.ListOptions) (runtim fieldSel = opts.FieldSelector.String() } - list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{ - LabelSelector: ls.String(), - FieldSelector: fieldSel, - }) + list := &corev1.SecretList{} + err = r.c.List(ctx, list, + &client.ListOptions{ + Namespace: ns, + Raw: &metav1.ListOptions{ + LabelSelector: ls.String(), + FieldSelector: fieldSel, + }}) if err != nil { return nil, err } @@ -284,7 +291,8 @@ func (r *REST) Update( return nil, false, err } - cur, err := r.core.Secrets(ns).Get(ctx, name, metav1.GetOptions{}) + cur := &corev1.Secret{} + err = r.c.Get(ctx, types.NamespacedName{Namespace: ns, Name: name}, cur, &client.GetOptions{Raw: &metav1.GetOptions{}}) if err != nil && !apierrors.IsNotFound(err) { return nil, false, err } @@ -296,17 +304,18 @@ func (r *REST) Update( in := newObj.(*corev1alpha1.TenantSecret) newSec := tenantToSecret(in, cur) + newSec.Namespace = ns if cur == nil { if !forceCreate && err == nil { return nil, false, apierrors.NewNotFound(r.gvr.GroupResource(), name) } - out, err := r.core.Secrets(ns).Create(ctx, newSec, metav1.CreateOptions{}) - return secretToTenant(out), true, err + err := r.c.Create(ctx, newSec, &client.CreateOptions{Raw: &metav1.CreateOptions{}}) + return secretToTenant(newSec), true, err } newSec.ResourceVersion = cur.ResourceVersion - out, err := r.core.Secrets(ns).Update(ctx, newSec, *opts) - return secretToTenant(out), false, err + err = r.c.Update(ctx, newSec, &client.UpdateOptions{Raw: opts}) + return secretToTenant(newSec), false, err } func (r *REST) Delete( @@ -319,7 +328,7 @@ func (r *REST) Delete( if err != nil { return nil, false, err } - err = r.core.Secrets(ns).Delete(ctx, name, *opts) + err = r.c.Delete(ctx, &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Namespace: ns, Name: name}}, &client.DeleteOptions{Raw: opts}) return nil, err == nil, err } @@ -331,21 +340,33 @@ func (r *REST) Patch( opts *metav1.PatchOptions, subresources ...string, ) (runtime.Object, error) { + if len(subresources) > 0 { + return nil, fmt.Errorf("TenantSecret does not have subresources") + } ns, err := nsFrom(ctx) if err != nil { return nil, err } - - out, err := r.core.Secrets(ns). - Patch(ctx, name, pt, data, *opts, subresources...) + out := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: ns, + Name: name, + }, + } + patch := client.RawPatch(pt, data) + err = r.c.Patch(ctx, out, patch, &client.PatchOptions{Raw: opts}) if err != nil { return nil, err } // Ensure tenant secret label is preserved + if out.Labels == nil { + out.Labels = make(map[string]string) + } + if out.Labels[tsLabelKey] != tsLabelValue { out.Labels[tsLabelKey] = tsLabelValue - out, _ = r.core.Secrets(ns).Update(ctx, out, metav1.UpdateOptions{}) + _ = r.c.Update(ctx, out, &client.UpdateOptions{Raw: &metav1.UpdateOptions{}}) } return secretToTenant(out), nil @@ -361,12 +382,13 @@ func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch return nil, err } + secList := &corev1.SecretList{} ls := labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String() - base, err := r.core.Secrets(ns).Watch(ctx, metav1.ListOptions{ + base, err := r.w.Watch(ctx, secList, &client.ListOptions{Namespace: ns, Raw: &metav1.ListOptions{ Watch: true, LabelSelector: ls, ResourceVersion: opts.ResourceVersion, - }) + }}) if err != nil { return nil, err } diff --git a/pkg/registry/core/tenantsecretstable/rest.go b/pkg/registry/core/tenantsecretstable/rest.go index 841bfa32..de2604ca 100644 --- a/pkg/registry/core/tenantsecretstable/rest.go +++ b/pkg/registry/core/tenantsecretstable/rest.go @@ -23,7 +23,7 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -38,13 +38,15 @@ const ( ) type REST struct { - core corev1client.CoreV1Interface - gvr schema.GroupVersionResource + c client.Client + w client.WithWatch + gvr schema.GroupVersionResource } -func NewREST(coreCli corev1client.CoreV1Interface) *REST { +func NewREST(c client.Client, w client.WithWatch) *REST { return &REST{ - core: coreCli, + c: c, + w: w, gvr: schema.GroupVersionResource{ Group: corev1alpha1.GroupName, Version: "v1alpha1", @@ -95,7 +97,14 @@ func (r *REST) Get(ctx context.Context, name string, opts *metav1.GetOptions) (r // We need to identify secret name and key. Iterate secrets in namespace with tenant secret label // and return the matching composed object. - list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String()}) + list := &corev1.SecretList{} + err = r.c.List(ctx, list, + &client.ListOptions{ + Namespace: ns, + Raw: &metav1.ListOptions{ + LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String(), + }, + }) if err != nil { return nil, err } @@ -130,7 +139,15 @@ func (r *REST) List(ctx context.Context, opts *metainternal.ListOptions) (runtim fieldSel = opts.FieldSelector.String() } - list, err := r.core.Secrets(ns).List(ctx, metav1.ListOptions{LabelSelector: sel.String(), FieldSelector: fieldSel}) + list := &corev1.SecretList{} + err = r.c.List(ctx, list, + &client.ListOptions{ + Namespace: ns, + Raw: &metav1.ListOptions{ + LabelSelector: labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String(), + FieldSelector: fieldSel, + }, + }) if err != nil { return nil, err } @@ -169,12 +186,13 @@ func (r *REST) Watch(ctx context.Context, opts *metainternal.ListOptions) (watch return nil, err } + secList := &corev1.SecretList{} ls := labels.Set{tsLabelKey: tsLabelValue}.AsSelector().String() - base, err := r.core.Secrets(ns).Watch(ctx, metav1.ListOptions{ + base, err := r.w.Watch(ctx, secList, &client.ListOptions{Namespace: ns, Raw: &metav1.ListOptions{ Watch: true, LabelSelector: ls, ResourceVersion: opts.ResourceVersion, - }) + }}) if err != nil { return nil, err }