Many resources created as part of managed apps in cozystack (pods,
secrets, etc) do not carry predictable labels that unambiguously
indicate which app originally triggered their creation. Some resources
are managed by controllers and other custom resources and this
indirection can lead to loss of information. Other controllers sometimes
simply do not allow setting labels on controlled resources and the
latter do not inherit labels from the owner. This patch implements a
webhook that sidesteps this problem with a universal solution. On
creation of a pod/secret/PVC etc it walks through the owner references
until a HelmRelease is found that can be matched with a managed app
dynamically registered in the Cozystack API server. The pod is mutated
with labels identifying the managed app.
```release-note
[cozystack-controller] Add a mutating webhook to identify the Cozystack
managed app that ultimately owns low-level resources created in the
cluster and label these resources with a reference to said app.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This commit enables Cilium's host firewall feature and makes use of it
to deny external connections to two exporters running as daemonset pods
in the host network namespace.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Co-authored-by: Timofei Larkin <lllamnyp@gmail.com>
This commit enables Cilium's host firewall feature and makes use of it
to deny external connections to two exporters running as daemonset pods
in the host network namespace.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Host firewall is now enabled by default, adding an extra layer of
security.
- Enhanced network traffic management with new policies:
- One policy tightens access to critical service ports.
- Another secures monitoring endpoints by restricting unauthorized
external access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a configurable option for adjusting the Envoy access log
buffer size, allowing users to better tune log handling.
- Improved startup feedback with more prompt service restarts.
- **Chores**
- Upgraded all core components to version 1.16.7.
- Updated documentation and configuration settings to reflect the latest
release.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Upgraded multiple system components to the latest version, ensuring
improved performance, stability, and enhanced security.
- Updated deployment and testing configurations across the platform for
a more reliable user experience.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced proxy configuration with dedicated endpoints for metrics,
administration, and health checks.
- **Documentation**
- Updated displayed version number and badge to v1.16.6 for improved
clarity.
- **Chores**
- Upgraded component versions and image digests from v1.16.5 to v1.16.6.
- Streamlined configuration by removing legacy conditional settings and
obsolete CORS directives.
- Refined formatting of tag filters for clearer configuration
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes for Cozystack v0.23.0
- **Image Updates**
- Upgraded core Cozystack components to version v0.23.0
- Updated multiple system and application images across various packages
- Refreshed image digests for components like Kubernetes, backup, and
infrastructure tools
- **Version Bump**
- Incremented overall system version from v0.22.0 to v0.23.0
- Updated configuration and deployment manifests accordingly
- **System Components**
- Updated Cozystack API, Controller, and Dashboard configurations
- Refreshed image references for Kamaji, KubeOVN, and other system
services
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated Cilium package from version 1.16.4 to 1.16.5
- Updated image tags and digests for Cilium agent, Hubble relay, and
Cilium operator
- Modified configuration files to reflect new version
- **New Features**
- Added internal address configuration for Envoy listeners with specific
CIDR ranges
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated container images for various components to their latest
versions, enhancing performance and security.
- **Bug Fixes**
- Addressed potential issues by upgrading image tags and digests for
components such as CozyStack, ClickHouse, PostgreSQL, and others.
- **Documentation**
- Updated `values.yaml` configurations for multiple packages to reflect
the latest image versions and digests.
These updates ensure improved functionality and reliability across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new configuration options for socket-based load balancing
tracing and initial fetch timeout settings in the Cilium deployment.
- Enhanced validation checks for deprecated options to prevent
misconfigurations.
- **Bug Fixes**
- Improved error messaging for deprecated or invalid settings.
- **Documentation**
- Updated version numbers in README and configuration files to reflect
the new version (1.16.4).
- **Chores**
- Updated Dockerfile and image tags to reference the latest version
(1.16.4).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated various container images to newer versions, enhancing
performance and security.
- **Bug Fixes**
- Resolved issues by updating image tags and digests for several
components, ensuring consistency and stability.
- **Documentation**
- Incremented version numbers in configuration files for clarity and
tracking.
- **Chores**
- Updated image tags and digests across multiple services to maintain
up-to-date deployments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR introduces different values files for `cozy-cilium` chart, and
`valuesFiles` for fluxcd.
This might be useful in cases where same chart reused for multiple
configurations
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced multiple values files for enhanced configuration management
in Cilium deployments.
- Added new YAML configurations for Cilium, allowing for tailored
networking settings in Kubernetes.
- **Bug Fixes**
- Removed deprecated configuration parameters to simplify deployment and
management of Cilium.
- **Documentation**
- Updated Helm templates to support conditional inclusion of values
files, improving flexibility in chart rendering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR enables SCTP support in Cilium.
It is required to use with kube-ovn configuration as it is fixes
`externalTrafficPolicy: Local` issues:
- https://github.com/kubeovn/kube-ovn/issues/4457
This change is aimed at improving the development experience.
- The option `make delete` has been added.
- Added check for `NAME` and `NAMESPACE` variables
- Now, any package (not just system ones) can include options such as
make show, make diff, make apply.
- Applications from packages/extra require explicit specification of the
`NAMESPACE`.
- Applications from packages/apps require explicit specification of both
`NAME` and `NAMESPACE`.
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
