- Remove grafana-oncall
- Add Alerta
- Configure basic alerts
- Update grafana 10 --> 11
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added new configuration options for the Alerta service, enhancing user
customization.
- Introduced a new Helm chart for the VictoriaMetrics Kubernetes stack,
enabling comprehensive monitoring solutions.
- Added VMAuth feature for enhanced authentication in the Kubernetes
stack.
- **Bug Fixes**
- Fixed issues with the ETCD dashboard and improved ingress path prefix
handling.
- **Documentation**
- Updated README and release guide for the VictoriaMetrics stack with
installation and configuration instructions.
- Introduced a changelog for organized tracking of changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated Helm chart and application versions for Grafana Operator.
- Introduced new Custom Resource Definitions (CRDs) for managing alert
rules, contact points, notification policies, and more.
- Added support for ServiceMonitor to enhance Prometheus scraping
capabilities.
- New configuration options for better customization, including
`watchNamespaceSelector`, `isOpenShift`, and `namespaceOverride`.
- **Documentation**
- Expanded README with Terraform installation instructions and upgrade
guidelines.
- Enhanced descriptions for configuration options to improve clarity.
- **Bug Fixes**
- Improved RBAC configurations to ensure proper permissions in
Kubernetes environments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: George Gaál <gb12335@gmail.com>
Currently ingress have rule to allow access from outside cluster, but
have no rule to access from within cluster.
This PR introduces fix for allow ingress access from any namespace by
default.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new network policy for managing ingress traffic,
enhancing security and traffic management capabilities.
- The policy is dynamically configured based on the tenant's settings,
allowing for tailored network access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
kafka zookeeper error after installation:
```
2024-09-15 02:44:33,289 ERROR Failed to verify hostname: kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc.cozy.local (org.apache.zookeeper.common.ZKTrustManager) [ListenerHandler-/0.0.0.0:3888]
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc.cozy.local> doesn't match any of the subject alternative names: [kafka-service-zookeeper-client, *.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, *.kafka-service-zookeeper-nodes.tenant-stage.svc, kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc, kafka-service-zookeeper-client.tenant-stage.svc.cluster.local, kafka-service-zookeeper-client.tenant-stage.svc, kafka-service-zookeeper-2, kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, *.kafka-service-zookeeper-client.tenant-stage.svc, kafka-service-zookeeper-client.tenant-stage, *.kafka-service-zookeeper-client.tenant-stage.svc.cluster.local]
```
certs sans by default:
```
klin@asus:~/cozy$ openssl x509 -in zookeeper.crt -text -noout | grep -A1 "Subject Alternative Name"
X509v3 Subject Alternative Name:
DNS:kafka-service-zookeeper-0.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, DNS:*.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, DNS:kafka-service-zookeeper-client, DNS:kafka-service-zookeeper-0, DNS:kafka-service-zookeeper-client.tenant-stage.svc.cluster.local, DNS:kafka-service-zookeeper-client.tenant-stage.svc, DNS:kafka-service-zookeeper-client.tenant-stage, DNS:*.kafka-service-zookeeper-nodes.tenant-stage.svc, DNS:*.kafka-service-zookeeper-client.tenant-stage.svc, DNS:kafka-service-zookeeper-0.kafka-service-zookeeper-nodes.tenant-stage.svc, DNS:*.kafka-service-zookeeper-client.tenant-stage.svc.cluster.local
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new configuration option for specifying a custom DNS
domain for Kubernetes services within the Kafka operator, enhancing
service discovery and networking capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sometimes Kamaji can be killed due to defult limits let's expand them a
little
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced resource management configurations for the `kamaji`
service, enhancing control over CPU and memory allocation.
- Added specifications for resource limits and requests to improve
stability and performance in a Kubernetes environment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded various container images to version `v0.14.0`, enhancing
application performance and potentially introducing new features and bug
fixes.
- **Bug Fixes**
- Improved version tracking for packages by updating commit hashes,
enhancing clarity and traceability.
- **Chores**
- Updated configuration files to reflect the new image versions for
components, ensuring the latest updates are utilized across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated Clickhouse application to version 0.4.0, indicating new
enhancements.
- Improved user credential management by dynamically generating
passwords or using provided ones, enhancing security.
- Introduced a new Kubernetes Role for managing access to services and
secrets, ensuring better control over resource interactions.
- **Bug Fixes**
- Corrected the reference for accessing the storage class value to
ensure proper retrieval.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated application version from 0.3.0 to 0.4.0, indicating a new
release.
- Introduced a new Kubernetes Role for managing access to
dashboard-related resources, enhancing security.
- Improved user credential management with dynamic password generation
in the initialization script, enhancing security practices.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced database user management with role definitions for `admin`
and `readonly` users.
- Introduced support for additional environment variables in the MariaDB
operator deployment.
- Added new RBAC roles for viewing and editing MariaDB resources.
- **Changes**
- Updated configuration structure for database and user management,
shifting from arrays to objects.
- Improved webhook certificate management with revision history control.
- Updated image repository for the MariaDB operator.
- **Bug Fixes**
- Adjusted permissions in RBAC configuration for better security and
resource management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated RabbitMQ chart version to 0.4.0 and application version to
3.13.2.
- Added new configuration options for users and virtual hosts in the
application.
- Introduced a new Kubernetes Role for managing access to secrets and
services.
- Enhanced RabbitMQ configuration for automated user and permission
management.
- **Documentation**
- Improved README with a section on configuration parameters for better
user guidance.
- **Chores**
- Added a new YAML configuration file for comprehensive RabbitMQ cluster
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Changed tls host to be the same as ingress host
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the default host value in the SeaweedFS configuration to
support S3-compatible endpoints.
- **Bug Fixes**
- Corrected the hostname configuration to reflect the new service access
method.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced monitoring capabilities for Kubernetes deployments, including
checks for `vmalert`, `vlogs`, and `vmcluster`.
- **Updates**
- Updated container images for `cozystack` and `darkhttpd` to version
`v0.13.0`.
- Version mapping updates for `ferretdb`, `kubernetes`, and
`virtual-machine` packages.
- Updated image tags and digests for Kubeapps components to version
`v0.13.0`.
- Updated image tag for Kamaji to version `v0.13.0`.
- Added new pod metadata labels to the `vmalertmanager` configuration.
- **Bug Fixes**
- Improved operational status checks for Kubernetes resources using
JSONPath expressions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR introduces different values files for `cozy-cilium` chart, and
`valuesFiles` for fluxcd.
This might be useful in cases where same chart reused for multiple
configurations
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced multiple values files for enhanced configuration management
in Cilium deployments.
- Added new YAML configurations for Cilium, allowing for tailored
networking settings in Kubernetes.
- **Bug Fixes**
- Removed deprecated configuration parameters to simplify deployment and
management of Cilium.
- **Documentation**
- Updated Helm templates to support conditional inclusion of values
files, improving flexibility in chart rendering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR enables SCTP support in Cilium.
It is required to use with kube-ovn configuration as it is fixes
`externalTrafficPolicy: Local` issues:
- https://github.com/kubeovn/kube-ovn/issues/4457
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated version of the Kubernetes application to 0.10.0.
- Enhanced network configuration for improved pod performance, including
support for live migration.
- Introduced a new network section for better integration with
Kubernetes networking features.
- **Bug Fixes**
- Improved network interface management for better flexibility and
control.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated version identifiers for the `ferretdb`, `virtual-machine`,
`monitoring`, and `seaweedfs` packages to enhance clarity and
traceability.
- Added new version entry for `monitoring` version `1.4.0`.
- **Improvements**
- Upgraded the `cozystack` component to a newer image version
(`v0.13.0`), potentially including bug fixes and performance
enhancements.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This release includes fix for C# library
https://github.com/FerretDB/FerretDB/issues/4475#issuecomment-2315663589
as well many other improovments
https://github.com/FerretDB/FerretDB/releases/tag/v1.24.0
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the application to version 1.24.0, bringing enhancements and
improvements.
- Upgraded the container image to version 1.24.0 for the `ferretdb`
application, ensuring access to the latest features and fixes.
- **Chores**
- Incremented the chart version from 0.2.0 to 0.3.0 to reflect the new
release.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR introduces new functionality for running e2e-tests in
k8s-cluster.
`make test` from a root invokes deploying of new sandbox for testing
cozystack.
from `packages/core/testing`:
`make test` - runs the end-to-end tests.
`make exec` - opens an interactive shell in the sandbox container.
`make login` - downloads the kubeconfig into a temporary directory and
runs a shell with the sandbox environment; mirrord must be installed.
`make proxy` - enables a SOCKS5 proxy; mirrord and gost must be
installed.
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
