This commit enables Cilium's host firewall feature and makes use of it
to deny external connections to two exporters running as daemonset pods
in the host network namespace.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Co-authored-by: Timofei Larkin <lllamnyp@gmail.com>
This commit enables Cilium's host firewall feature and makes use of it
to deny external connections to two exporters running as daemonset pods
in the host network namespace.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Host firewall is now enabled by default, adding an extra layer of
security.
- Enhanced network traffic management with new policies:
- One policy tightens access to critical service ports.
- Another secures monitoring endpoints by restricting unauthorized
external access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a configurable option for adjusting the Envoy access log
buffer size, allowing users to better tune log handling.
- Improved startup feedback with more prompt service restarts.
- **Chores**
- Upgraded all core components to version 1.16.7.
- Updated documentation and configuration settings to reflect the latest
release.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Upgraded multiple system components to the latest version, ensuring
improved performance, stability, and enhanced security.
- Updated deployment and testing configurations across the platform for
a more reliable user experience.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced proxy configuration with dedicated endpoints for metrics,
administration, and health checks.
- **Documentation**
- Updated displayed version number and badge to v1.16.6 for improved
clarity.
- **Chores**
- Upgraded component versions and image digests from v1.16.5 to v1.16.6.
- Streamlined configuration by removing legacy conditional settings and
obsolete CORS directives.
- Refined formatting of tag filters for clearer configuration
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes for Cozystack v0.23.0
- **Image Updates**
- Upgraded core Cozystack components to version v0.23.0
- Updated multiple system and application images across various packages
- Refreshed image digests for components like Kubernetes, backup, and
infrastructure tools
- **Version Bump**
- Incremented overall system version from v0.22.0 to v0.23.0
- Updated configuration and deployment manifests accordingly
- **System Components**
- Updated Cozystack API, Controller, and Dashboard configurations
- Refreshed image references for Kamaji, KubeOVN, and other system
services
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated Cilium package from version 1.16.4 to 1.16.5
- Updated image tags and digests for Cilium agent, Hubble relay, and
Cilium operator
- Modified configuration files to reflect new version
- **New Features**
- Added internal address configuration for Envoy listeners with specific
CIDR ranges
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated container images for various components to their latest
versions, enhancing performance and security.
- **Bug Fixes**
- Addressed potential issues by upgrading image tags and digests for
components such as CozyStack, ClickHouse, PostgreSQL, and others.
- **Documentation**
- Updated `values.yaml` configurations for multiple packages to reflect
the latest image versions and digests.
These updates ensure improved functionality and reliability across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new configuration options for socket-based load balancing
tracing and initial fetch timeout settings in the Cilium deployment.
- Enhanced validation checks for deprecated options to prevent
misconfigurations.
- **Bug Fixes**
- Improved error messaging for deprecated or invalid settings.
- **Documentation**
- Updated version numbers in README and configuration files to reflect
the new version (1.16.4).
- **Chores**
- Updated Dockerfile and image tags to reference the latest version
(1.16.4).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated various container images to newer versions, enhancing
performance and security.
- **Bug Fixes**
- Resolved issues by updating image tags and digests for several
components, ensuring consistency and stability.
- **Documentation**
- Incremented version numbers in configuration files for clarity and
tracking.
- **Chores**
- Updated image tags and digests across multiple services to maintain
up-to-date deployments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR introduces different values files for `cozy-cilium` chart, and
`valuesFiles` for fluxcd.
This might be useful in cases where same chart reused for multiple
configurations
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced multiple values files for enhanced configuration management
in Cilium deployments.
- Added new YAML configurations for Cilium, allowing for tailored
networking settings in Kubernetes.
- **Bug Fixes**
- Removed deprecated configuration parameters to simplify deployment and
management of Cilium.
- **Documentation**
- Updated Helm templates to support conditional inclusion of values
files, improving flexibility in chart rendering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR enables SCTP support in Cilium.
It is required to use with kube-ovn configuration as it is fixes
`externalTrafficPolicy: Local` issues:
- https://github.com/kubeovn/kube-ovn/issues/4457
This change is aimed at improving the development experience.
- The option `make delete` has been added.
- Added check for `NAME` and `NAMESPACE` variables
- Now, any package (not just system ones) can include options such as
make show, make diff, make apply.
- Applications from packages/extra require explicit specification of the
`NAMESPACE`.
- Applications from packages/apps require explicit specification of both
`NAME` and `NAMESPACE`.
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
