There's no point in installing the CRDs if cert-manager itself is
disabled.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- cert-manager CRDs are now only installed when the cert-manager addon
is enabled, providing more control over addon management.
- **Chores**
- Updated the Kubernetes chart version to 0.24.1.
- Adjusted version mapping to reflect the new chart version and
associated commit.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced support for cluster restoration from backup with new
bootstrap configuration options.
- Added a ScheduledBackup resource for automated PostgreSQL backups
using a more flexible backup configuration.
- **Improvements**
- Simplified and modernized backup configuration with new parameters for
retention policy, destination path, and endpoint URL.
- Updated backup scheduling to use a 6-field cron expression for more
precise timing.
- Changed default resource preset from "nano" to "micro" for improved
performance.
- **Removals**
- Removed legacy backup scripts, Docker image, and Kubernetes CronJob
templates related to the old backup system.
- **Documentation**
- Updated documentation to reflect the new backup and bootstrap
parameters, and revised backup instructions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced advanced Helm template helpers for managing Kubernetes RBAC
(Role-Based Access Control), including access level mapping,
hierarchy-aware group subject generation, and tenant parsing.
- Added dynamic RoleBinding resources across multiple applications to
bind roles to appropriate subjects based on access levels and tenant
namespaces.
- **Bug Fixes**
- Refined tenant application roles by restricting resource permissions
to specific core Kubernetes resources, enhancing security and access
control granularity.
- **Chores**
- Updated chart versions across numerous applications to reflect new
releases.
- Added reference files linking to the shared library in multiple
application chart directories.
- Pinned package versions to specific commits for improved version
stability and tracking.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added default resource specifications for PostgreSQL jobs to ensure
consistent CPU and memory allocation.
- **Chores**
- Updated the chart version for the PostgreSQL application.
- Refreshed version mapping to reflect the latest release.
- Improved Node.js setup and package installation in the pre-commit
workflow.
- **Tests**
- Increased memory allocation for QEMU virtual machines in end-to-end
tests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Made same changes as in
[PR](https://github.com/cozystack/cozystack/pull/1019)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for defining a system disk with customizable storage and
image sources for virtual machines.
- **Improvements**
- Enhanced cloud-init configuration to require both SSH keys and
cloud-init data for certain volume setups, improving user data handling.
- Simplified disk configuration for virtual machines, making setup more
straightforward.
- Shortened and clarified error messages for missing configuration
fields.
- **Chores**
- Updated chart and package versions for virtual-machine and vm-instance
applications.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
If ssh key provided - deploy
If cloudinit provided - deploy
If ssh key and cloudinit provided - deploy both
If none provided - init empty to avoid issues w/
network
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Improved handling of SSH keys and cloud-init data in the Virtual
Machine setup, clearly distinguishing cases when SSH keys, cloud-init,
or both are provided.
- Enhanced template readability with added spacing for better clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced granular Helm charts for Cluster API providers: bootstrap,
core, control plane, and infrastructure, each with dedicated
configuration, metadata, and compressed component packaging.
- Added a new configuration option to the Kubernetes app to enable using
a custom secret for patching containerd.
- Enhanced Kubernetes deployment to conditionally manage containerd
registry certificates and configuration using custom or copied secrets.
- **Documentation**
- Updated Kubernetes app documentation to include the new containerd
patching secret configuration option.
- **Chores**
- Updated version mappings and chart versions for Kubernetes and Cluster
API-related components.
- Decomposed the monolithic Cluster API provider release into multiple,
more manageable releases with explicit namespaces and dependencies.
- **Refactor**
- Removed the previous unified Cluster API provider template in favor of
new, separate provider resource definitions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced monitoring resources for HAProxy, NGINX, and generic HTTP
cache workloads, allowing improved workload observability.
- **Enhancements**
- Added standardized labels to MariaDB, Postgres, and Redis resources
for better integration and management within Kubernetes environments.
- Updated label selectors in Postgres resources to use standardized
Kubernetes app labels.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
In current version of Cozystack, flux's HelmRelease will refuse to
install cozy-gateway-api-crds when gatewayAPI enabled, complaining
version '*'not found and breaking install of entire kubernetes app. This
patch adds working version match.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated configuration to allow compatibility with all available
versions of the gateway-api-crds chart.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
With this change a request for a virtual machine with 3 vCPUs will
reserve exactly the same amount of physical compute, as a request for a
Clickhouse instance with `{"resources": {"cpu": "3"}}` in its values,
with the scaling factor being KubeVirt's CPU allocation ratio.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This patch introduces reusable library charts that provide
backward-compatibility for users that specify their resources as
explicit requests and limits for cpu, however this input is processed so
that limits are set equal to requests except for CPU which only gets
requests. Users can now embrace the new form by directly specifying
resources in the first level of nesting (e.g. resources.cpu=100m instead
of .resources.requests.cpu=100m). The order of precedence is top-level,
then requests, then limits, ensuring that nothing will break in terms of
scheduling, however workloads that specified limits much higher than
requests might get a performance hit, now that they cannot use all this
excess capacity. This should only affect memory-hungry workloads in
low-contention environments.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
There is an issue with wholeIP services: internal communication from
pods doesn't work as expected.
Cilium intercepts pod-to-pod traffic, preventing cozy-proxy from
rewriting the source IP in return packets.
This PR allows Cilium to handle specified ports, enabling hairpin
traffic to work correctly at least for these cases.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved service port configuration to ensure explicit port
definitions are respected when using the "WholeIP" method. Now, custom
external ports will not be overridden, providing more accurate and
expected service exposure.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated default traffic passthrough method for virtual machine and VM
instance apps to use specific port forwarding instead of whole IP
forwarding.
- **Documentation**
- Updated documentation to reflect the new default passthrough method
for both virtual machine and VM instance apps.
- **Chores**
- Incremented version numbers for virtual machine and VM instance apps
to reflect recent updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
