<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated dependency configuration so that piraeus-operator no longer
depends on victoria-metrics-operator.
- **Refactor**
- Improved compatibility by ensuring certain resources (VMPodScrape and
alert definitions) are only rendered if the required API versions are
available in the Kubernetes cluster.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new controller to synchronize tenant HelmReleases and
propagate configuration changes.
- Added dynamic host value overrides in multiple Helm templates by
conditionally retrieving values from the "tenant-root" HelmRelease.
- Updated RBAC permissions to allow management of HelmRelease resources.
- **Improvements**
- Added support for Helm v2 API integration.
- Enhanced HelmRelease reconciliation logic and configuration
propagation for tenant environments.
- **Bug Fixes**
- Fixed periodic reconciliation for the "tenant-root" HelmRelease by
setting its interval to zero.
- **Version Updates**
- Incremented version numbers for the "info" and "ingress" packages.
- **Chores**
- Updated version mappings and commit references.
- Improved .gitignore to exclude the .vscode directory.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Kubevirt's default cpu-to-vcpu ration is 1:10, which might be a bit
extreme for some users. This patch introduces a new key in the Cozystack
configmap, "cpu-allocation-ratio" where admins of Cozystack can specify
an alternative value, if needed.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Every tenant now creates a configmap in its __tenant__ namespace with a
sha256 of its values. Tenants (and eventually all other apps), watch the
configmap in their __release__ namespace, by referencing it in the
valuesFrom part of the HelmRelease. `tenant-root` is an exception, since
it is the only tenant where the release namespace is the same as the
tenant namespace. It references a different configmap in its valesFrom,
created and reconciled by the cozystack installer script. Part of #802.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced automated resource management for dashboard components
using Kubernetes VerticalPodAutoscaler, enabling dynamic adjustment of
CPU and memory resources.
- **Chores**
- Updated configuration to explicitly set resource presets to "none" for
dashboard, frontend, and related components.
- Added a migration script to ensure Keycloak configuration is properly
reconciled in managed environments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Add stakater/Reloader to the storage-enabled bundles.
* Add annotations to Linstor components to reload when secrets change.
Closes#456
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new reloader component that triggers automatic rolling
updates when configuration or secret changes are detected.
- Delivered a fully customizable Helm chart and configuration schema,
including a reload strategy based on annotations for enhanced deployment
control.
- **Tests**
- Added test cases to validate container security settings and
environment variable propagation, ensuring robust high-availability
configurations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced dashboard and identity management displays with updated
branding and localization settings, ensuring a refreshed user interface
and experience.
- **Style**
- Streamlined dashboard appearance by removing legacy custom styling,
resulting in a more consistent and contemporary look.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a comprehensive Grafana dashboard for Goldpinger, offering
real-time insights into node health, error occurrences, and response
times with intuitive filtering.
- Expanded deployment configurations to include Goldpinger across
environments, streamlining release management and dependency handling.
- Launched a dedicated deployment package featuring customizable
templates for secure, efficient Kubernetes deployments—including
workloads, services, ingress, and monitoring integrations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced system monitoring with a new configuration option to collect
etcd metrics. Users can now enable the scraping of etcd metrics via
updated settings, which improves observability.
- Introduced a secure proxy mechanism that conditionally routes metrics
data from etcd, offering administrators greater control over monitoring
capabilities.
- New configuration sections added to various bundles to support etcd
metrics scraping.
- **Bug Fixes**
- Removed outdated configuration for VMNodeScrape resource, ensuring
clarity and accuracy in monitoring configurations.
- **Chores**
- Added new service accounts, roles, and bindings to facilitate secure
access for monitoring etcd metrics.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added a new proxy component to enhance deployment orchestration and
dependency management.
- Introduced dynamic update capabilities for fetching and deploying the
latest assets.
- Enabled configurable settings for container images, networking, and
access control.
- Incorporated streamlined resource naming and labeling for improved
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
- Introduce tinkerbell essentials
- Introduce bootbox
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
# Release Notes: BootBox Package (v0.1.0)
## New Features
- Added BootBox, a PXE hardware provisioning service.
- Introduced network boot configuration with Matchbox and Smee.
- Enabled hardware management through Kubernetes Custom Resource
Definitions.
- Added support for managing physical machine specifications and
configurations.
- New HelmRelease configuration for streamlined deployment.
- Added new application entry for BootBox in the configuration.
## Configuration
- Supports configuring physical machine instances.
- Provides flexible network boot and DHCP settings.
- Includes role-based access control (RBAC) configurations.
- New parameters for trusted proxies and syslog settings.
- Enhanced configuration options for deployment parameters and resource
allocations.
- Introduced new schema for validating configuration values.
## Deployment
- Deployed in `tenant-root` namespace.
- Optional and privileged installation.
- Depends on Cilium and KubeOVN networking components.
- Configurable deployment strategies and resource allocations.
- Introduced new Service and Ingress resources for improved traffic
management.
- Added support for host networking and public IP configurations.
## Compatibility
- Supports single-node and multi-node cluster configurations.
- Compatible with Kubernetes environments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Configuration Update**
- Added a new `configHash` field in the `keycloak-configure` release for
both `paas-full` and `paas-hosted` configurations.
- Introduced a SHA256 checksum mechanism for the `cozyConfig` data to
enhance configuration integrity checks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
Based on the comprehensive summary of changes, here are the release
notes:
- **New Features**
- Added a new Kubernetes controller for managing workload monitoring
- Introduced telemetry collection capabilities with configurable options
- Added new Custom Resource Definitions (CRDs) for Workload and
WorkloadMonitor
- **Improvements**
- Enhanced API infrastructure with new API group and version
- Improved deployment configurations for various system components
- Added development container and workflow configurations
- **Bug Fixes**
- Updated import paths to correct domain naming
- **Chores**
- Updated copyright years
- Refined module dependencies
- Standardized code linting and testing configurations
- **Infrastructure**
- Increased `cozystack-api` deployment replicas from 1 to 2 for improved
availability
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
upstream issue https://github.com/vmware-tanzu/kubeapps/pull/7847
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for conditional configuration based on OIDC settings.
- Introduced label filtering for Helm releases and repositories.
- Updated reconciliation strategy for Helm releases.
- **Bug Fixes**
- Enhanced error handling and logging in package resource retrieval.
- **Documentation**
- Updated configuration values in `values.yaml` for image tags and
digests.
- **Chores**
- Upgraded application and Go versions in Dockerfiles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved conditional logic for OIDC functionality, ensuring accurate
deployment of related components.
- **Chores**
- Updated dependencies for the `keycloak` release to ensure proper
operation with the `postgres-operator`.
- **New Features**
- Enhanced configuration handling for OIDC, affecting the inclusion of
related components based on strict equality checks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated OpenID Connect (OIDC) for enhanced authentication.
- Added dynamic Role resource for tenant-specific access to Kubernetes
secrets.
- Introduced new Keycloak realm groups for improved role management.
- **Improvements**
- Enhanced error handling for service readiness checks.
- Streamlined configuration files for better clarity and management of
OIDC settings.
- Updated handling of API server address and improved configuration
adaptability based on OIDC settings.
- **Bug Fixes**
- Removed deprecated configurations related to Keycloak, simplifying
deployment.
These updates aim to improve security, usability, and overall system
performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced a new variable `$host` for improved configuration
management.
- Added a `valuesFrom` section to the `dashboard` release, allowing
external value sourcing.
- Enhanced Keycloak integration with new client scopes, roles, and
configurations for Kubeapps.
- Added support for custom pod specifications and environment variables
in Redis configurations.
- Introduced a new Kubernetes configuration file for managing access to
resources via Role and Secret.
- Updated image versions across various components to ensure
compatibility and leverage new features.
- **Bug Fixes**
- Implemented error handling to ensure required configurations are
present.
- Improved handling of request headers for the `/logos` endpoint in
Nginx configuration.
- Adjusted security context configurations to enhance deployment
security.
- **Documentation**
- Updated configuration files to reflect new dependencies and structures
for better clarity.
- Enhanced README documentation with upgrade instructions and security
defaults.
- Expanded notes on handling persistent volumes and data migration
during upgrades.
These enhancements improve the overall functionality and reliability of
the platform.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated application version from 1.5.0 to 1.6.0.
- Introduced new role-based access control (RBAC) roles: view, use,
admin, and super-admin, enhancing security and permissions management.
- Added new Keycloak realm groups for view, use, admin, and super-admin
roles, streamlining user management within the application.
- Integrated `keycloak-configure` release into the deployment structure,
establishing dependencies for improved configuration management.
- **Bug Fixes**
- Resolved versioning discrepancies in the tenant package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the `keycloak-operator` as an optional component in
multiple deployment configurations.
- Added a Helm chart for the `keycloak-operator`, enabling streamlined
deployment and management of Keycloak instances.
- Enhanced documentation with a new README file for the Keycloak
Operator Helm chart, detailing installation and usage instructions.
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
- **Bug Fixes**
- Improved handling of user credentials and realm configurations in the
Keycloak operator.
- **Documentation**
- Comprehensive updates to the README and configuration files to assist
users in deploying and managing Keycloak.
- **Chores**
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated Keycloak service into deployment configurations across
multiple files, enhancing user authentication capabilities.
- Introduced a new Helm chart for Keycloak, facilitating easier
deployment and management.
- Added Kubernetes Ingress and Service resources for Keycloak to manage
external access and internal service routing.
- Configured a PostgreSQL cluster specifically for Keycloak, ensuring
data persistence.
- **Bug Fixes**
- Updated versioning in the installer script to ensure compatibility
with the latest configurations.
- **Documentation**
- Added detailed configuration options for Keycloak deployment,
including resource limits and ingress settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new HelmRelease configurations for cert-manager, monitoring
agents, and Victoria Metrics Operator in Kubernetes.
- Added resource specifications for `vmselect` in the VMCluster
configuration.
- Enhanced resource management for `vmselect` with defined limits and
requests for memory and CPU.
- **Bug Fixes**
- Adjusted resource limits for Redis failover memory allocation.
- **Documentation**
- Updated README and release notes for various components, enhancing
clarity and usability.
- **Chores**
- Updated image versions across multiple components for consistency and
performance improvements.
- Modified migration scripts to facilitate transitions and manage
resources effectively.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a RESTful API for managing `Application` resources,
enabling CRUD operations with HelmRelease integration.
- Added validation functions for `Application` and `ApplicationSpec`,
laying the groundwork for future validation rules.
- Implemented configuration management for resources, allowing for
structured application and release settings.
- **Bug Fixes**
- Addressed API rule violations related to naming conventions and
missing types in the CozyStack API definitions.
- **Tests**
- Added comprehensive tests for round-trip functionality and version
compatibility within the Apps API server.
- **Documentation**
- Introduced documentation for the `v1alpha1` API version, including
licensing and code generation annotations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This PR introduces an extra option to cozystack configmap. It allows to
enable components that are optional to specific bundle name, example
usage:
```yaml
bundle-enable: telepresence,external-dns,external-secrets-operator
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added optional attributes to several release entries, allowing for
more flexible deployment configurations.
- Enhanced Helm release generation logic to consider both enabled and
disabled states for components.
- Improved namespace management by incorporating checks for optional
components based on enablement and disablement.
- **Bug Fixes**
- Updated dependencies for `external-dns` to include `cilium` and
`kubeovn`.
- **Documentation**
- Clarified the configurability of deployment components with the
introduction of optional attributes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Overview
This pull request introduces the integration of External-DNS into the
full bundles and adds support for a dns01 ClusterIssuer using
Cloudflare. It enhances the DNS management capabilities for our
deployments by allowing dynamic DNS record management directly from
Kubernetes resources.
Changes Made
1. **External-DNS Integration:**
- Added External-DNS to the full deployment bundles.
- Configured External-DNS to automatically manage DNS records for
services within the Kubernetes cluster ( we must discuss how to
configure external-dns via configmap or create an application in tenant
`external-dns` where we can define values).
We must define some additional annotations for ingresses in order to
make external-dns work , so we must discuss this also which is best
method to configure it ( from configmap or dashboard ).
**2. dns01 ClusterIssuer for Cloudflare:**
- Implemented support for a dns01 ClusterIssuer using Cloudflare.
- This allows for automated certificate issuance via DNS challenge,
leveraging Cloudflare as the DNS provider.
- The configuration can be defined in the Cozystack ConfigMap
3. Default Ingress Configuration:
- Updated the default Ingress resources to use Cloudflare for DNS
challenges.
- Ensured that if the Cloudflare issuer is defined in the Cozystack
ConfigMap, it will be utilized for all default Ingresses, streamlining
the deployment process and improving reliability.
**Benefits**
- Automated DNS Management: With External-DNS, DNS entries will be
created and updated automatically based on the state of Kubernetes
resources, reducing manual overhead.
- Seamless Certificate Management: The dns01 ClusterIssuer integration
allows for automated SSL/TLS certificate issuance, enhancing security
for deployed applications.
- Flexibility in Configuration: Users can easily switch between
different issuers by updating the Cozystack ConfigMap, providing
flexibility in the choice of DNS and certificate management solutions.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced a new `external-dns` release with support for managing DNS
records in Kubernetes.
- Added configuration options for DNS synchronization policies and
provider settings.
- Implemented a new lookup for issuer types in Ingress configurations.
- Expanded configuration with new entries for `external-dns` in multiple
deployment files, enhancing deployment flexibility.
- **Documentation**
- Comprehensive README and configuration schema for the `external-dns`
Helm chart added, detailing installation and customization options.
- **Improvements**
- Enhanced RBAC configuration for flexible permissions management.
- Updated annotations and health check configurations for better service
monitoring.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
