Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated version constraints for multiple HelmRelease resources to use
an explicit semantic version range (>= 0.0.0-0) instead of a wildcard or
unspecified value, clarifying eligible chart versions for deployment.
- Renamed and updated version variable in build scripts to improve
version tagging and packaging consistency.
- Enhanced deployment verification by adding readiness checks for
HelmReleases, with failure detection and reporting for non-ready
releases.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated release workflows to ensure maintenance branches are created
during release finalization instead of during tag creation.
- Removed maintenance branch creation from the tag workflow and added it
to the release finalization process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Removed the "Test" step from the release workflow, so tests will no
longer run as part of this process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced configurable API priority and fairness settings for the
Flux Operator, allowing prioritization of API requests and inclusion of
extra service accounts.
- Added support for a new `skip` field in the `ResourceSetInputProvider`
CRD to control update skipping based on label conditions.
- **Bug Fixes**
- Updated service account reference in admin ClusterRoleBinding to use
the dedicated service account name for improved accuracy.
- **Documentation**
- Updated Helm chart and app version numbers to 0.19.0 in documentation
and metadata.
- Added documentation for the new `apiPriority` configuration option in
the Flux Operator Helm chart.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR also updates ubuntu-container-disk image to latest 24.04 LTS
(Noble Numbat)
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated Kubernetes version references from v1.30.1 to v1.32 in build
and deployment configurations.
- Changed the base image for Ubuntu container disk to Ubuntu 24.04.
- Made the Kubernetes version configurable during build processes.
- Updated the kubectl container image in pre-delete jobs to use the
latest tag.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated release workflow to use the full tag string when uploading
assets.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Documentation**
- Updated documentation to rename and restructure the control plane
resource configuration section, replacing the old naming with a unified
"Kubernetes control plane configuration" and updated parameter prefixes.
- **Refactor**
- Consolidated and renamed control plane configuration from
`kamajiControlPlane` to `controlPlane` across configuration files.
- Flattened configuration structure and updated all related parameter
references and hierarchy for improved clarity and consistency.
- **New Features**
- Enhanced resource preset options with expanded enum values for control
plane components.
- **Bug Fixes**
- Simplified HelmRelease manifests by embedding override values inline,
removing dependency on external Secret resources for addons including
cert-manager, GPU operator, ingress-nginx, and vertical-pod-autoscaler.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Improved reliability of GitHub Actions workflows by ensuring only one
job per pull request or branch runs at a time. If a new workflow run is
triggered, any previous in-progress runs for the same group will be
automatically canceled, preventing overlapping executions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Github requires approval for external users anyway:
https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Simplified conditions for running GitHub Actions workflows on pull
requests, removing dependencies on the "ok-to-test" label and repository
origin.
- Updated comments to reflect the new workflow logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Update Cluster API operator to v0.19.0
- Update Cluster API Kamaji control-plane provider to v0.14.2.
- This change includes [upstream
fix](https://github.com/clastix/cluster-api-control-plane-provider-kamaji/pull/175),
so our workaround get removed
- Update Cluster API KubeVirt infrastructure provider to v0.1.10
- Update Cluster API core provider to v1.10.0
- Update Cluster API kubeadm config provider to v1.10.0
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Resolves https://github.com/cozystack/cozystack/issues/869
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Updated backup cron job configuration for improved clarity and
structure. No changes to backup behavior or scheduling.
- **Chores**
- Incremented the application chart version to 0.10.1.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated kube-ovn chart and container image to version v1.13.10.
- **Bug Fixes**
- Adjusted volume mount paths in the ovncni DaemonSet for improved
configuration consistency.
- **Chores**
- Streamlined Dockerfile to use the official kube-ovn image directly.
- Automated version synchronization between chart files and Dockerfile
for better maintainability.
- **Improvements**
- Removed NetworkManager synchronization to optimize controller runtime
behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
In our CI wget spams thousands of lines of the progress bar into the
output, making it hard to read. Turns out, it doesn't have an option to
just remove the progress bar, but explicitly directing wget's log to
stdout and invoking --show-progress sends that to stderr which we
redirect to dev/null. The downloaded size is still reported at regular
intervals, but --progress=dot:giga shortens that to one line per 32M
which is manageable.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Improved file download process to display clearer progress updates
during downloads.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for GPU resources in Kubernetes clusters, including the
ability to specify GPUs per node group and deploy the NVIDIA GPU
Operator as an optional addon.
- Introduced new configuration options for customizing Kamaji control
plane resources and presets.
- Added support for vertical pod autoscaler customization via override
values.
- **Bug Fixes**
- Corrected typographical errors in label keys across multiple
HelmRelease manifests to ensure consistent labeling.
- **Documentation**
- Updated documentation to describe new GPU and control plane
configuration options, removed the instance type feature matrix, and
added detailed parameter explanations.
- **Chores**
- Incremented Kubernetes app chart version to 0.19.0 and updated version
mappings.
- Fixed typos in parameter descriptions and comments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
In our CI wget spams thousands of lines of the progress bar into the
output, making it hard to read. Turns out, it doesn't have an option to
just remove the progress bar, but explicitly directing wget's log to
stdout and invoking --show-progress sends that to stderr which we
redirect to dev/null. The downloaded size is still reported at regular
intervals, but --progress=dot:giga shortens that to one line per 32M
which is manageable.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Each GPU device entry now includes a unique identifier alongside its
device name in both VirtualMachine and VM Instance templates.
- **Configuration**
- The default GPU configuration now includes a specific GPU entry by
default, instead of being empty.
- **Version Updates**
- Chart versions for VirtualMachine and VM Instance applications have
been incremented.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR fixes an issue with accessing external IPs of cluster from
cluster itself
```
Policy verdict log: flow 0x6c9bf32e local EP ID 1155, remote ID remote-node, proto 6, ingress, action deny, auth: disabled, match none, 172.27.88.13:46124 -> 10.244.4.174:30274 tcp SYN
xx drop (Policy denied) flow 0x6c9bf32e to endpoint 1155, ifindex 247, file bpf_lxc.c:2181, , identity remote-node->56986: 172.27.88.13:46124 -> 10.244.4.174:30274 tcp SYN
```
related doc:
https://docs.cilium.io/en/stable/security/policy/language/#entities-based
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Expanded network access for the tenant application to allow
connections from both external sources and within the cluster.
- **Chores**
- Updated the tenant application to version 1.9.2.
- Adjusted version mappings to reflect the latest release.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Increased timeout durations for waiting on certain Kubernetes
resources to improve reliability during environment setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for Vertical Pod Autoscaler (VPA) configuration in the
etcd-operator Helm chart, allowing automatic scaling of CPU and memory
resources for both the operator and kube-rbac-proxy components.
- Introduced new configuration options for enabling VPA, setting
resource limits, and specifying update policies.
- **Documentation**
- Updated documentation to describe the new VPA configuration options
and usage.
- **Chores**
- Incremented chart version to 0.4.2.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reverts cozystack/cozystack#818, according to decicion made in
https://github.com/cozystack/cozystack/issues/802#issuecomment-2823950243
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Removed configuration hash ConfigMaps and related logic from the
system.
- Updated resource templates to no longer reference configuration hash
values.
- Cleaned up internal constants and code related to configuration hash
handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR includes refactored pipeline:
- Automatcially create long-term releasing branch `release-X.Y` after
any tag `vX.Y.*` has publushed
- Allow only tags with names `vX.Y.Z` or `vX.Y.Z-rcN`
- Automatically set `prerelease` option for the release if release is
candidate
- Automatically set `latest` option for the release according to semver
- Add a new workflow to backport PRs with `backport` label into current
feature release
- Do not requrie `ok-to-test` label for internal PRs
