From 21ca1349c489beeb73352d1056206b6ba118b176 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 25 Sep 2025 10:53:31 +0300 Subject: [PATCH 1/2] [monitoring] Add lineage labels to VM components Since the VictoriaMetrics operator aggressively manages the metadata on all owned components, the addition of labels by the lineage webhook causes non-stop updates sent to the k8s API server. We mitigate this by modifying the Monitoring Helm chart to set the `managedMetadata` field on all VictoriaMetrics custom resources, where applicable. ```release-note [monitoring] Explicitly set lineage labels on VictoriaMetrics' resources known not to play nice when something modifies their owned resources in flight. ``` Signed-off-by: Timofei Larkin --- packages/extra/monitoring/templates/alerta/alerta.yaml | 5 +++++ packages/extra/monitoring/templates/vlogs/vlogs.yaml | 5 +++++ packages/extra/monitoring/templates/vm/vmalert.yaml | 5 +++++ packages/extra/monitoring/templates/vm/vmcluster.yaml | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index 58664e49..750e4140 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -232,6 +232,11 @@ kind: VMAlertmanager metadata: name: alertmanager spec: + managedMetadata: + labels: + apps.cozystack.io/application.group: apps.cozystack.io + apps.cozystack.io/application.kind: Monitoring + apps.cozystack.io/application.name: {{ $.Release.Name }} replicaCount: 3 configSecret: alertmanager podMetadata: diff --git a/packages/extra/monitoring/templates/vlogs/vlogs.yaml b/packages/extra/monitoring/templates/vlogs/vlogs.yaml index 08d8d82b..a82bca00 100644 --- a/packages/extra/monitoring/templates/vlogs/vlogs.yaml +++ b/packages/extra/monitoring/templates/vlogs/vlogs.yaml @@ -4,6 +4,11 @@ kind: VLogs metadata: name: {{ .name }} spec: + managedMetadata: + labels: + apps.cozystack.io/application.group: apps.cozystack.io + apps.cozystack.io/application.kind: Monitoring + apps.cozystack.io/application.name: {{ $.Release.Name }} image: tag: v1.17.0-victorialogs storage: diff --git a/packages/extra/monitoring/templates/vm/vmalert.yaml b/packages/extra/monitoring/templates/vm/vmalert.yaml index 8db6a2ed..d66fc42c 100644 --- a/packages/extra/monitoring/templates/vm/vmalert.yaml +++ b/packages/extra/monitoring/templates/vm/vmalert.yaml @@ -5,6 +5,11 @@ kind: VMAlert metadata: name: vmalert-{{ .name }} spec: + managedMetadata: + labels: + apps.cozystack.io/application.group: apps.cozystack.io + apps.cozystack.io/application.kind: Monitoring + apps.cozystack.io/application.name: {{ $.Release.Name }} datasource: url: http://vmselect-{{ .name }}.{{ $.Release.Namespace }}.svc:8481/select/0/prometheus evaluationInterval: 15s diff --git a/packages/extra/monitoring/templates/vm/vmcluster.yaml b/packages/extra/monitoring/templates/vm/vmcluster.yaml index 344afff1..5f86afa3 100644 --- a/packages/extra/monitoring/templates/vm/vmcluster.yaml +++ b/packages/extra/monitoring/templates/vm/vmcluster.yaml @@ -5,6 +5,11 @@ kind: VMCluster metadata: name: {{ .name }} spec: + managedMetadata: + labels: + apps.cozystack.io/application.group: apps.cozystack.io + apps.cozystack.io/application.kind: Monitoring + apps.cozystack.io/application.name: {{ $.Release.Name }} replicationFactor: 2 retentionPeriod: {{ .retentionPeriod | quote }} vminsert: From 0f8a9ac9ef53465625232936d2d3262d6c2ede61 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Thu, 25 Sep 2025 11:10:13 +0300 Subject: [PATCH 2/2] [installer] Update cozypkg and improve migration 20 This patch makes sure that migration #20 really uses the very latest chart versions by forcing a reconcile with cozypkg, instead of annotating the underlying HelmRelease. ```release-note [installer] Update cozypkg in installer and use it to bulletproof the 20th migration script by reconciling the HelmReleases with the --with-source flag. ``` Signed-off-by: Timofei Larkin --- packages/core/installer/images/cozystack/Dockerfile | 2 +- scripts/migrations/20 | 11 ++++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/packages/core/installer/images/cozystack/Dockerfile b/packages/core/installer/images/cozystack/Dockerfile index a268c401..85ae9c08 100644 --- a/packages/core/installer/images/cozystack/Dockerfile +++ b/packages/core/installer/images/cozystack/Dockerfile @@ -32,7 +32,7 @@ RUN make repos FROM alpine:3.22 -RUN wget -O- https://github.com/cozystack/cozypkg/raw/refs/heads/main/hack/install.sh | sh -s -- -v 1.1.0 +RUN wget -O- https://github.com/cozystack/cozypkg/raw/refs/heads/main/hack/install.sh | sh -s -- -v 1.2.0 RUN apk add --no-cache make kubectl coreutils git jq diff --git a/scripts/migrations/20 b/scripts/migrations/20 index dc99c6c4..411bb517 100755 --- a/scripts/migrations/20 +++ b/scripts/migrations/20 @@ -9,13 +9,10 @@ kubectl delete crd cozystackresourcedefinitions.cozystack.io --ignore-not-found timestamp=$(date --rfc-3339=ns) # Make sure webhook is upgraded first, then run migration -if kubectl get helmrelease cozystack-controller -n cozy-system; then - kubectl annotate helmrelease cozystack-controller -n cozy-system \ - reconcile.fluxcd.io/forceAt="$timestamp" \ - reconcile.fluxcd.io/requestedAt="$timestamp" \ - --overwrite - kubectl wait hr/cozystack-controller -n cozy-system --timeout=4m --for=condition=ready || exit 1 -fi +cozypkg -C packages/system/cozystack-controller -n cozy-system reconcile cozystack-controller --force --with-source +kubectl wait hr/cozystack-controller -n cozy-system --timeout=4m --for=condition=ready || exit 1 +cozypkg -C packages/system/cozystack-api -n cozy-system reconcile cozystack-api --force --with-source +kubectl wait hr/cozystack-api -n cozy-system --timeout=4m --for=condition=ready || exit 1 kubectl get namespace -o custom-columns=NAME:.metadata.name --no-headers | grep '^tenant-' | while read namespace ; do