[cozystack-controller] Introduce new dashboard-controller
[dashboard] Introduce new dashboard based on openapi-ui
Co-authored-by: kklinch0 <kklinch0@gmail.com>
Signed-off-by: kklinch0 <kklinch0@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This patch populates existing CozystackResourceDefinitions with minimal
working examples of secret selectors to take advantage of the newest
revision of the ancestor tracking webhook.
```release-note
[platform] Specify secret selectors for existing managed apps in their
respective CozystackResourceDefinitions, which provides the last bit of
information necessary for the lineage webhook to correctly mark secrets
as user-facing or not.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Many resources created as part of managed apps in cozystack (pods,
secrets, etc) do not carry predictable labels that unambiguously
indicate which app originally triggered their creation. Some resources
are managed by controllers and other custom resources and this
indirection can lead to loss of information. Other controllers sometimes
simply do not allow setting labels on controlled resources and the
latter do not inherit labels from the owner. This patch implements a
webhook that sidesteps this problem with a universal solution. On
creation of a pod/secret/PVC etc it walks through the owner references
until a HelmRelease is found that can be matched with a managed app
dynamically registered in the Cozystack API server. The pod is mutated
with labels identifying the managed app.
```release-note
[cozystack-controller] Add a mutating webhook to identify the Cozystack
managed app that ultimately owns low-level resources created in the
cluster and label these resources with a reference to said app.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
## What this PR does
Some k8s secrets created when deploying managed applications are
unhelpful to the end user or are outright not meant to be shown, because
they contain internal credentials not meant to be presented to the user.
This patch adds an `apps.cozystack.io/tenantresource=false` label to
such resources which will be later used to filter out such secrets in
the web UI.
### Release note
```release-note
[platform] Mark non-user-facing secrets as such to avoid clutter in the
dashboard and leaking internal credentials.
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Automatic creation of a ServiceAccount token Secret via the Info
add-on.
* **Improvements**
* VPN TLS Secret CA field standardized to ca.crt for consistency.
* **Removals**
* Removed the explicit ServiceAccount token Secret from the Tenant app
(token now managed by Info).
* **Chores**
* Added non-functional metadata labels to several Secrets.
* Bumped chart/package metadata versions and updated version mappings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
- add expanding persistent volumes in tenant clusters
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Enabled PersistentVolumeClaim expansion in the KubeVirt CSI
StorageClass.
- Added CSI resizer sidecar to the controller for online volume
resizing.
- Introduced cluster-scoped RBAC to allow required access to
PersistentVolumes.
- Chores
- Updated Kubernetes app chart to 0.29.2 and set app version to 1.32.6.
- Upgraded KubeVirt CSI driver image to 0.37.0.
- Refreshed versions map entries for the new release.
- Simplified CoreDNS configuration to use the default image repository.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Some k8s secrets created when deploying managed applications are
unhelpful to the end user or are outright not meant to be shown, because
they contain internal credentials not meant to be presented to the user.
This patch adds an `apps.cozystack.io/tenantresource=false` label to
such resources which will be later used to filter out such secrets in
the web UI.
```release-note
[platform] Mark non-user-facing secrets as such to avoid clutter in the
dashboard and leaking internal credentials.
```
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
Feat/tests with resource quota
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Tenant resource quotas now accept explicit cpu, memory, and storage
values per namespace.
- Default container limits and requests added via a LimitRange (CPU,
memory, ephemeral storage).
- **Behavior Changes**
- Resource quota output simplified: quotas emitted at the root and
storage limit entries omitted from flattened output.
- **Tests**
- Increased timeouts for VM disk readiness and PVC binding; added
runtime checks validating ResourceQuota and LimitRange defaults.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
fix race conditions for seaweedfs and fix tests preparing
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* Chores
* Increased deployment timeouts to 10 minutes and set install/upgrade
remediation to unlimited retries for SeaweedFS, ingress, and monitoring
components to improve deployment resilience.
* Tests
* Extended end-to-end readiness waits for alerting components from 5 to
15 minutes for more stable test runs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
Fix regression introduced by
https://github.com/cozystack/cozystack/pull/1169, now we have correct
singular names for virtualmachines which are conflictiing with KubeVirt
ones.
Solution: explicitly specify apiversion
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
[virtual-machine] Fix vm update hook
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved reliability of VM update hooks by targeting the correct API
resource, preventing occasional patch failures when updating
instancetype and preference.
* Ensures VM updates apply consistently across environments without
changing existing behavior.
* **Chores**
* Aligned resource references with fully qualified API names to enhance
compatibility with current cluster configurations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
This PR removes bitnami images from all charts. Bitnami has deprecated
their free images, see details here:
- https://github.com/bitnami/charts/issues/35164
Also dashboard has moved helper images to `bitnamilegacy`, we will fully
replace it by our new dashboard soon:
- https://github.com/cozystack/cozystack/pull/1269
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
Get rid of bitnami images
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* New Features
* Added configurable image overrides for Kubeapps components (frontend,
auth proxy, Redis, kubectl).
* Introduced image settings for Velero’s kubectl helper.
* Added image configuration for Vertical Pod Autoscaler components.
* Added a configurable resize hook image for SeaweedFS volumes.
* Chores
* Standardized kubectl-related images to alpine/k8s:1.33.4 across
multiple operational hooks (VM update, PVC resize, etcd maintenance,
SeaweedFS pre-upgrade), with no behavioral changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Remove duplicate values from rabbitmq README
- Use placeholders for passwords and secrets
- Fix copy-pasted postgres reference in mysql
- Fix links to cloud-init docs
- Explain CPU and memory consistently
Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added explicit type information to parameter tables in README files
for improved clarity.
* Enhanced and clarified parameter descriptions, including nested and
pointer types.
* Expanded documentation for complex structures such as machine and zone
configurations.
* Updated parameter default values and type annotations in YAML
documentation comments.
* **Schema Improvements**
* Strengthened JSON schema validation with stricter typing, required
fields adjustments, regex patterns, and Kubernetes-specific extensions.
* Added metadata, default values, and detailed property descriptions to
schemas.
* Restructured schemas for consistency and improved type safety.
* Broadened accepted types for resource properties to allow integer or
string values.
* **Chores**
* Simplified Makefile commands by consolidating multi-step README and
schema generation into a single tool invocation.
* Updated GitHub Actions workflow to use a newer version of the schema
and README generation tool.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The earlier PR was erroneously merged without including an amendment to
the existing commits, so now this amendment must be included as a
separate patch. See #1301 for details.
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
[]
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated configuration structure by moving the `vpaForVPA` setting to a
top-level key in the default values for Vertical Pod Autoscaler. No
changes to configuration values or functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The earlier PR was erroneously merged without including an amendment to
the existing commits, so now this amendment must be included as a
separate patch. See #1301 for details.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* All application parameter documentation was enhanced with explicit
type annotations and structured field descriptions for improved clarity.
* README files now include detailed parameter tables with type columns
and refined default values.
* Helm values.yaml files feature consistent type annotations and
hierarchical field documentation.
* **Schema Enhancements**
* JSON schemas for Postgres, Tenant, Virtual Machine, and Monitoring
apps were comprehensively restructured with explicit types, defaults,
validation patterns, and richer nested configuration options.
* **Chores**
* Switched documentation and schema generation tools to a unified
command (`cozyvalues-gen`) across all relevant Makefiles and CI
workflows for consistency and simplification.
* **Bug Fixes**
* Updated resource specifications in virtual machine tests for improved
accuracy.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
[monitoring] more retries
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Increased the timeout for the monitoring component deployment from 5
to 10 minutes.
* Added remediation retry settings, allowing up to 10 retries for both
install and upgrade phases of the monitoring component.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Thank you for making a contribution! Here are some tips for you:
- Start the PR title with the [label] of Cozystack component:
- For system components: [platform], [system], [linstor], [cilium],
[kube-ovn], [dashboard], [cluster-api], etc.
- For managed apps: [apps], [tenant], [kubernetes], [postgres],
[virtual-machine] etc.
- For development and maintenance: [tests], [ci], [docs], [maintenance].
- If it's a work in progress, consider creating this PR as a draft.
- Don't hesistate to ask for opinion and review in the community chats,
even if it's still a draft.
- Add the label `backport` if it's a bugfix that needs to be backported
to a previous version.
-->
## What this PR does
### Release note
<!-- Write a release note:
- Explain what has changed internally and for users.
- Start with the same [label] as in the PR title
- Follow the guidelines at
https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md.
-->
```release-note
- update ch operator
- add chk
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for deploying ClickHouse Keeper for cluster
coordination, with configurable enablement, resource presets, and
storage size.
* Introduced new Kubernetes resources and monitoring for ClickHouse
Keeper, including metrics integration and workload monitoring.
* Enhanced configuration flexibility with new parameters for Keeper in
both values and schema files.
* **Documentation**
* Updated documentation to describe new ClickHouse Keeper parameters and
deployment options.
* Improved Helm chart and CRD documentation for ClickHouse Operator,
including new features, configuration options, and secret integration.
* **Bug Fixes**
* Updated Grafana dashboards for compatibility with latest versions and
improved metric queries.
* **Chores**
* Incremented chart and operator versions.
* Updated test scripts to include ClickHouse Keeper scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Use https://github.com/cozystack/cozyvalues-gen for three apps:
- apps/postgres
- apps/virtual-machine
- extra/monitoring
Changes:
- Add type and enum definitions to values.yaml.
- Update READMEs with new information.
- Update values.schema.json with definitions for children objects,
allowing precise UI customization. Add regexp for specific types
such as resources: CPU like `500m` and RAM like `4GiB`.
- Remove direct injections with `yq` from Makefiles where they're not
needed anymore.
Co-authored-by: Nick Volynkin <nick.volynkin@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
