If ssh key provided - deploy
If cloudinit provided - deploy
If ssh key and cloudinit provided - deploy both
If none provided - init empty to avoid issues w/
network
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Improved handling of SSH keys and cloud-init data in the Virtual
Machine setup, clearly distinguishing cases when SSH keys, cloud-init,
or both are provided.
- Enhanced template readability with added spacing for better clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced granular Helm charts for Cluster API providers: bootstrap,
core, control plane, and infrastructure, each with dedicated
configuration, metadata, and compressed component packaging.
- Added a new configuration option to the Kubernetes app to enable using
a custom secret for patching containerd.
- Enhanced Kubernetes deployment to conditionally manage containerd
registry certificates and configuration using custom or copied secrets.
- **Documentation**
- Updated Kubernetes app documentation to include the new containerd
patching secret configuration option.
- **Chores**
- Updated version mappings and chart versions for Kubernetes and Cluster
API-related components.
- Decomposed the monolithic Cluster API provider release into multiple,
more manageable releases with explicit namespaces and dependencies.
- **Refactor**
- Removed the previous unified Cluster API provider template in favor of
new, separate provider resource definitions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced log monitoring by adding support for Kubernetes events and
audit logs.
- Introduced custom log parsers for improved log format handling.
- Added log source tagging for easier identification of log origins.
- **Improvements**
- Refined log filtering and output formatting for better log
organization and delivery.
- Updated log outputs to support compressed JSON lines and ISO8601 date
formatting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced monitoring resources for HAProxy, NGINX, and generic HTTP
cache workloads, allowing improved workload observability.
- **Enhancements**
- Added standardized labels to MariaDB, Postgres, and Redis resources
for better integration and management within Kubernetes environments.
- Updated label selectors in Postgres resources to use standardized
Kubernetes app labels.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
In current version of Cozystack, flux's HelmRelease will refuse to
install cozy-gateway-api-crds when gatewayAPI enabled, complaining
version '*'not found and breaking install of entire kubernetes app. This
patch adds working version match.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated configuration to allow compatibility with all available
versions of the gateway-api-crds chart.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
With this change a request for a virtual machine with 3 vCPUs will
reserve exactly the same amount of physical compute, as a request for a
Clickhouse instance with `{"resources": {"cpu": "3"}}` in its values,
with the scaling factor being KubeVirt's CPU allocation ratio.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This patch introduces reusable library charts that provide
backward-compatibility for users that specify their resources as
explicit requests and limits for cpu, however this input is processed so
that limits are set equal to requests except for CPU which only gets
requests. Users can now embrace the new form by directly specifying
resources in the first level of nesting (e.g. resources.cpu=100m instead
of .resources.requests.cpu=100m). The order of precedence is top-level,
then requests, then limits, ensuring that nothing will break in terms of
scheduling, however workloads that specified limits much higher than
requests might get a performance hit, now that they cannot use all this
excess capacity. This should only affect memory-hungry workloads in
low-contention environments.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Improved pull request workflow by separating build and test phases,
enhancing reliability and maintainability of automated checks.
- Updated testing process to use a pre-generated installer artifact,
streamlining test execution and environment setup.
- Enhanced release workflow to generate manifests before running tests,
ensuring up-to-date configurations during verification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
There is an issue with wholeIP services: internal communication from
pods doesn't work as expected.
Cilium intercepts pod-to-pod traffic, preventing cozy-proxy from
rewriting the source IP in return packets.
This PR allows Cilium to handle specified ports, enabling hairpin
traffic to work correctly at least for these cases.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved service port configuration to ensure explicit port
definitions are respected when using the "WholeIP" method. Now, custom
external ports will not be overridden, providing more accurate and
expected service exposure.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
We do not build helm charts directly for library, since in run-time they
are useless.
Let's remove version_map for them as well
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Simplified project build scripts by removing obsolete version mapping
and related checks.
- Deleted the outdated versions mapping file for the library package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated default traffic passthrough method for virtual machine and VM
instance apps to use specific port forwarding instead of whole IP
forwarding.
- **Documentation**
- Updated documentation to reflect the new default passthrough method
for both virtual machine and VM instance apps.
- **Chores**
- Incremented version numbers for virtual machine and VM instance apps
to reflect recent updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced separate end-to-end test scripts for cluster and
application provisioning, improving test clarity and modularity.
- Added a new test runner script with enhanced output formatting and
live tracing for easier debugging of test runs.
- **Bug Fixes**
- None.
- **Chores**
- Removed the legacy end-to-end test automation script.
- Updated testing workflow to use new modular test scripts and runner
for improved maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for specifying a literal password in keystore
configurations, alongside existing secret reference options.
- Introduced a new optional tenant ID field for Azure DNS managed
identity in ACME DNS01 solver configuration.
- **Improvements**
- Updated cert-manager Helm chart and documentation to version 1.17.2.
- Expanded feature gate configuration options with detailed default
values and stability levels.
- Enhanced documentation and examples for templating service account
annotations.
- Improved conditional logic for resource creation and image pull
secrets handling in deployments and services.
- **Bug Fixes**
- Made password fields in keystore configurations mutually exclusive and
optional, improving flexibility and clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Add support for metallb multiarch build.
Part of #519 and a follow-up to PR #945 (issue #909)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Improved Docker build process for image-controller and image-speaker
to allow dynamic control over image loading and enhanced build
configuration consistency. No changes to user-facing features.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved configuration to automatically disable admission webhooks for
cert-manager when the cert-manager addon is not enabled, preventing
unnecessary webhook setup.
- **Chores**
- Updated Kubernetes chart version to 0.20.1.
- Updated version mapping for the Kubernetes package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
remove specification:
```
pvc:
volumeMode: Block
accessModes:
- ReadWriteMany
```
with `storage` it will be filled automatcially from storageprofile for
specific storage provider
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the virtual machine app to version 0.9.2.
- **Refactor**
- Changed the data volume configuration to use a simplified storage
specification instead of a persistent volume claim.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Documentation**
- Improved and reorganized tenant documentation for better clarity.
- Added explicit rules for tenant naming, including restrictions on
dashes and required alphanumeric names.
- Clarified how tenant domains are structured and inherited.
- Expanded explanations on nesting tenants and sharing parent services,
with updated examples and clearer formatting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
It was updated:
4ecf492cd4
Then partially reverted during merge:
d550a67f19
Please take a look if it should be updated.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated the Kamaji component to use version edge-25.4.1.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This patch introduces reusable library charts that provide
backward-compatibility for users that specify their resources as
explicit requests and limits for cpu, however this input is processed so
that limits are set equal to requests except for CPU which only gets
requests. Users can now embrace the new form by directly specifying
resources in the first level of nesting (e.g. resources.cpu=100m instead
of .resources.requests.cpu=100m). The order of precedence is top-level,
then requests, then limits, ensuring that nothing will break in terms of
scheduling, however workloads that specified limits much higher than
requests might get a performance hit, now that they cannot use all this
excess capacity. This should only affect memory-hungry workloads in
low-contention environments.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a reusable Helm library chart, "cozy-lib", providing common
templates and resource helpers for other charts.
- Added resource preset and sanitization templates to standardize
Kubernetes resource configurations.
- ClickHouse chart now depends on "cozy-lib" for improved resource
handling.
- Added a new packaging script and streamlined Helm chart packaging
processes across multiple packages.
- **Bug Fixes**
- Resource configuration logic in the ClickHouse deployment was updated
to use the new library templates, ensuring more consistent resource
definitions.
- **Chores**
- Added new Makefiles and version mapping for streamlined Helm chart
packaging and validation.
- Updated ClickHouse chart version to 0.9.0 and reflected this in
version mapping files.
- Refactored Makefile targets to consolidate packaging logic and improve
maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This patch introduces reusable library charts that provide
backward-compatibility for users that specify their resources as
explicit requests and limits for cpu, however this input is processed so
that limits are set equal to requests except for CPU which only gets
requests. Users can now embrace the new form by directly specifying
resources in the first level of nesting (e.g. resources.cpu=100m instead
of .resources.requests.cpu=100m). The order of precedence is top-level,
then requests, then limits, ensuring that nothing will break in terms of
scheduling, however workloads that specified limits much higher than
requests might get a performance hit, now that they cannot use all this
excess capacity. This should only affect memory-hungry workloads in
low-contention environments.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
