The object storage controller creates secrets with bucket credentials
that have no reference to the parent BucketAccess object. Because of
this they cannot be linked to the managing app
(buckets.apps.cozystack.io) and are not displayed in the new dashboard.
This change patches the auxiliary helm release <bucket_name>-system to
include the bucket name in __its__ secret, so that the necessary secret
values is still presented to the user.
```release-note
[bucket] Expose bucket name in tenant secret.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Many resources created as part of managed apps in cozystack (pods,
secrets, etc) do not carry predictable labels that unambiguously
indicate which app originally triggered their creation. Some resources
are managed by controllers and other custom resources and this
indirection can lead to loss of information. Other controllers sometimes
simply do not allow setting labels on controlled resources and the
latter do not inherit labels from the owner. This patch implements a
webhook that sidesteps this problem with a universal solution. On
creation of a pod/secret/PVC etc it walks through the owner references
until a HelmRelease is found that can be matched with a managed app
dynamically registered in the Cozystack API server. The pod is mutated
with labels identifying the managed app.
```release-note
[cozystack-controller] Add a mutating webhook to identify the Cozystack
managed app that ultimately owns low-level resources created in the
cluster and label these resources with a reference to said app.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
[seaweedfs] Fix connectivity issues for SeaweedFS
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Increased Nginx Ingress timeouts for the SeaweedFS S3 endpoint
(read/send: 3600s, client body: 3600s, client header: 120s). This
enhances stability for long-running S3 operations, reducing premature
disconnects and timeout errors.
* Users should experience more reliable large uploads/downloads and
fewer interruptions, especially over slower or inconsistent networks.
* No other behavior changes; existing S3 access and routing remain the
same.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
This PR removes bitnami images from all charts. Bitnami has deprecated
their free images, see details here:
- https://github.com/bitnami/charts/issues/35164
Also dashboard has moved helper images to `bitnamilegacy`, we will fully
replace it by our new dashboard soon:
- https://github.com/cozystack/cozystack/pull/1269
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
Get rid of bitnami images
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* New Features
* Added configurable image overrides for Kubeapps components (frontend,
auth proxy, Redis, kubectl).
* Introduced image settings for Velero’s kubectl helper.
* Added image configuration for Vertical Pod Autoscaler components.
* Added a configurable resize hook image for SeaweedFS volumes.
* Chores
* Standardized kubectl-related images to alpine/k8s:1.33.4 across
multiple operational hooks (VM update, PVC resize, etcd maintenance,
SeaweedFS pre-upgrade), with no behavioral changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
