## What this PR does
The recent patch introducing VPCs in Cozystack did not include enabling
Multus, which is a dependency for this feature. This patch enables
Multus by default in the paas-full bundles.
### Release-note
```release-note
[vpc] Enable Multus by default as a necessary dependency for VPCs.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
## What this PR does
It was observed during upgrades to the `cozystack-api` Helm release that
when enabling the local endpoint for the traffic locality feature, hence
switching from a deployment to a daemonset, the deployment may remain
unpruned and the pods of the deployment will continue to run
indefinitely. This patch adds a post-upgrade hook that explicitly deletes
the deployment in case it exists and was not pruned.
### Release-note
```release-note
[api] Delete the cozystack-api deployment in a post-upgrade hook when
migrating to a daemonset and vice-versa.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
The lineage-controller-webhook makes a lot of outgoing API calls for
every event it handles, contributing to a high API server latency,
increasing the number of in-flight requests and generally degrading
performance. This patch remedies this by separating the lineage
component from the cozystack-controller and deploying it as a separate
component on all control-plane nodes. Additionally, a new internal label
is introduced to track if a resource has already been handled by the
webhook. This label is used to exclude such resources from
consideration. Addresses #1513.
```release-note
[lineage] Break webhook out into a separate daemonset. Reduce
unnecessary webhook calls by marking handled resources and excluding
them from consideration by the webhook's object selector.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This commit patches the Cozystack API server to tolerate an absence of
Cozystack Resource Definitions either registered as CRDs on the k8s API
or simply as an absence of CozyRDs persisted to etcd. This decouples the
upgrade of the CozyRD CRD from the upgrade of the Cozystack API.
```release-note
[api,platform] Decouple the Cozystack API from the Cozystack Resource
Definitions, allowing independent upgrades of either one and a more
reliable migration from 0.36 to 0.37.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
[cozystack-controller] Introduce new dashboard-controller
[dashboard] Introduce new dashboard based on openapi-ui
Co-authored-by: kklinch0 <kklinch0@gmail.com>
Signed-off-by: kklinch0 <kklinch0@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This patch implements external monitoring of the Kube-OVN cluster. A new
reconciler timed to run its reconcile loop at a fixed interval execs
into the ovn-central pods and collects their cluster info. If the
members' opinions about the cluster disagree, an alert is raised. Other
issues with the distributed consensus are also highlighted.
```release-note
[kubeovn,cozystack-controller] Implement the KubeOVN plunger, an
external monitoring agent for the ovn-central cluster.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated dependency configuration so that piraeus-operator no longer
depends on victoria-metrics-operator.
- **Refactor**
- Improved compatibility by ensuring certain resources (VMPodScrape and
alert definitions) are only rendered if the required API versions are
available in the Kubernetes cluster.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Kubevirt's default cpu-to-vcpu ration is 1:10, which might be a bit
extreme for some users. This patch introduces a new key in the Cozystack
configmap, "cpu-allocation-ratio" where admins of Cozystack can specify
an alternative value, if needed.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
* Add stakater/Reloader to the storage-enabled bundles.
* Add annotations to Linstor components to reload when secrets change.
Closes#456
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new reloader component that triggers automatic rolling
updates when configuration or secret changes are detected.
- Delivered a fully customizable Helm chart and configuration schema,
including a reload strategy based on annotations for enhanced deployment
control.
- **Tests**
- Added test cases to validate container security settings and
environment variable propagation, ensuring robust high-availability
configurations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced dashboard and identity management displays with updated
branding and localization settings, ensuring a refreshed user interface
and experience.
- **Style**
- Streamlined dashboard appearance by removing legacy custom styling,
resulting in a more consistent and contemporary look.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a comprehensive Grafana dashboard for Goldpinger, offering
real-time insights into node health, error occurrences, and response
times with intuitive filtering.
- Expanded deployment configurations to include Goldpinger across
environments, streamlining release management and dependency handling.
- Launched a dedicated deployment package featuring customizable
templates for secure, efficient Kubernetes deployments—including
workloads, services, ingress, and monitoring integrations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced system monitoring with a new configuration option to collect
etcd metrics. Users can now enable the scraping of etcd metrics via
updated settings, which improves observability.
- Introduced a secure proxy mechanism that conditionally routes metrics
data from etcd, offering administrators greater control over monitoring
capabilities.
- New configuration sections added to various bundles to support etcd
metrics scraping.
- **Bug Fixes**
- Removed outdated configuration for VMNodeScrape resource, ensuring
clarity and accuracy in monitoring configurations.
- **Chores**
- Added new service accounts, roles, and bindings to facilitate secure
access for monitoring etcd metrics.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added a new proxy component to enhance deployment orchestration and
dependency management.
- Introduced dynamic update capabilities for fetching and deploying the
latest assets.
- Enabled configurable settings for container images, networking, and
access control.
- Incorporated streamlined resource naming and labeling for improved
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
- Introduce tinkerbell essentials
- Introduce bootbox
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
# Release Notes: BootBox Package (v0.1.0)
## New Features
- Added BootBox, a PXE hardware provisioning service.
- Introduced network boot configuration with Matchbox and Smee.
- Enabled hardware management through Kubernetes Custom Resource
Definitions.
- Added support for managing physical machine specifications and
configurations.
- New HelmRelease configuration for streamlined deployment.
- Added new application entry for BootBox in the configuration.
## Configuration
- Supports configuring physical machine instances.
- Provides flexible network boot and DHCP settings.
- Includes role-based access control (RBAC) configurations.
- New parameters for trusted proxies and syslog settings.
- Enhanced configuration options for deployment parameters and resource
allocations.
- Introduced new schema for validating configuration values.
## Deployment
- Deployed in `tenant-root` namespace.
- Optional and privileged installation.
- Depends on Cilium and KubeOVN networking components.
- Configurable deployment strategies and resource allocations.
- Introduced new Service and Ingress resources for improved traffic
management.
- Added support for host networking and public IP configurations.
## Compatibility
- Supports single-node and multi-node cluster configurations.
- Compatible with Kubernetes environments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Configuration Update**
- Added a new `configHash` field in the `keycloak-configure` release for
both `paas-full` and `paas-hosted` configurations.
- Introduced a SHA256 checksum mechanism for the `cozyConfig` data to
enhance configuration integrity checks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
Based on the comprehensive summary of changes, here are the release
notes:
- **New Features**
- Added a new Kubernetes controller for managing workload monitoring
- Introduced telemetry collection capabilities with configurable options
- Added new Custom Resource Definitions (CRDs) for Workload and
WorkloadMonitor
- **Improvements**
- Enhanced API infrastructure with new API group and version
- Improved deployment configurations for various system components
- Added development container and workflow configurations
- **Bug Fixes**
- Updated import paths to correct domain naming
- **Chores**
- Updated copyright years
- Refined module dependencies
- Standardized code linting and testing configurations
- **Infrastructure**
- Increased `cozystack-api` deployment replicas from 1 to 2 for improved
availability
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
upstream issue https://github.com/vmware-tanzu/kubeapps/pull/7847
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for conditional configuration based on OIDC settings.
- Introduced label filtering for Helm releases and repositories.
- Updated reconciliation strategy for Helm releases.
- **Bug Fixes**
- Enhanced error handling and logging in package resource retrieval.
- **Documentation**
- Updated configuration values in `values.yaml` for image tags and
digests.
- **Chores**
- Upgraded application and Go versions in Dockerfiles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved conditional logic for OIDC functionality, ensuring accurate
deployment of related components.
- **Chores**
- Updated dependencies for the `keycloak` release to ensure proper
operation with the `postgres-operator`.
- **New Features**
- Enhanced configuration handling for OIDC, affecting the inclusion of
related components based on strict equality checks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated OpenID Connect (OIDC) for enhanced authentication.
- Added dynamic Role resource for tenant-specific access to Kubernetes
secrets.
- Introduced new Keycloak realm groups for improved role management.
- **Improvements**
- Enhanced error handling for service readiness checks.
- Streamlined configuration files for better clarity and management of
OIDC settings.
- Updated handling of API server address and improved configuration
adaptability based on OIDC settings.
- **Bug Fixes**
- Removed deprecated configurations related to Keycloak, simplifying
deployment.
These updates aim to improve security, usability, and overall system
performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced a new variable `$host` for improved configuration
management.
- Added a `valuesFrom` section to the `dashboard` release, allowing
external value sourcing.
- Enhanced Keycloak integration with new client scopes, roles, and
configurations for Kubeapps.
- Added support for custom pod specifications and environment variables
in Redis configurations.
- Introduced a new Kubernetes configuration file for managing access to
resources via Role and Secret.
- Updated image versions across various components to ensure
compatibility and leverage new features.
- **Bug Fixes**
- Implemented error handling to ensure required configurations are
present.
- Improved handling of request headers for the `/logos` endpoint in
Nginx configuration.
- Adjusted security context configurations to enhance deployment
security.
- **Documentation**
- Updated configuration files to reflect new dependencies and structures
for better clarity.
- Enhanced README documentation with upgrade instructions and security
defaults.
- Expanded notes on handling persistent volumes and data migration
during upgrades.
These enhancements improve the overall functionality and reliability of
the platform.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated application version from 1.5.0 to 1.6.0.
- Introduced new role-based access control (RBAC) roles: view, use,
admin, and super-admin, enhancing security and permissions management.
- Added new Keycloak realm groups for view, use, admin, and super-admin
roles, streamlining user management within the application.
- Integrated `keycloak-configure` release into the deployment structure,
establishing dependencies for improved configuration management.
- **Bug Fixes**
- Resolved versioning discrepancies in the tenant package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the `keycloak-operator` as an optional component in
multiple deployment configurations.
- Added a Helm chart for the `keycloak-operator`, enabling streamlined
deployment and management of Keycloak instances.
- Enhanced documentation with a new README file for the Keycloak
Operator Helm chart, detailing installation and usage instructions.
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
- **Bug Fixes**
- Improved handling of user credentials and realm configurations in the
Keycloak operator.
- **Documentation**
- Comprehensive updates to the README and configuration files to assist
users in deploying and managing Keycloak.
- **Chores**
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated Keycloak service into deployment configurations across
multiple files, enhancing user authentication capabilities.
- Introduced a new Helm chart for Keycloak, facilitating easier
deployment and management.
- Added Kubernetes Ingress and Service resources for Keycloak to manage
external access and internal service routing.
- Configured a PostgreSQL cluster specifically for Keycloak, ensuring
data persistence.
- **Bug Fixes**
- Updated versioning in the installer script to ensure compatibility
with the latest configurations.
- **Documentation**
- Added detailed configuration options for Keycloak deployment,
including resource limits and ingress settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
