<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new parameter for Grafana's database size with a default
value of 10Gi.
- **Bug Fixes**
- Updated default values for `alerta.alerts.telegram.token` and
`alerta.alerts.telegram.chatID` to empty strings.
- **Documentation**
- Revised the README to reflect changes in default parameter values and
added new parameters for Grafana.
- **Chores**
- Updated the monitoring application's version from 1.5.2 to 1.5.3.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
upstream issue https://github.com/vmware-tanzu/kubeapps/pull/7847
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for conditional configuration based on OIDC settings.
- Introduced label filtering for Helm releases and repositories.
- Updated reconciliation strategy for Helm releases.
- **Bug Fixes**
- Enhanced error handling and logging in package resource retrieval.
- **Documentation**
- Updated configuration values in `values.yaml` for image tags and
digests.
- **Chores**
- Upgraded application and Go versions in Dockerfiles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new roles and role bindings for enhanced role-based access
control, including specific permissions for viewing, using, and
administering resources.
- Added a new dashboard role for access to helm repositories and charts.
- **Bug Fixes**
- Updated application version from 1.6.2 to 1.6.3.
- **Chores**
- Updated version declarations for the tenant package in the versions
map.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced resource management for the VMCluster resource, specifically
for the `vmstorage` component.
- Added resource specifications including memory limits and CPU
requests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced `authEnabled` parameter for enabling password generation in
Redis.
- Added authentication logic for Redis failover configuration.
- **Bug Fixes**
- Updated version of the Redis chart from `0.3.1` to `0.4.0`.
- **Documentation**
- Updated README to include the new `authEnabled` parameter description.
- **Chores**
- Incremented version numbers for multiple packages in the version map.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced ingress settings for Kubeapps deployment, allowing for
increased timeout and body size limits.
- Added configuration options for handling larger requests and longer
processing times.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved conditional logic for OIDC functionality, ensuring accurate
deployment of related components.
- **Chores**
- Updated dependencies for the `keycloak` release to ensure proper
operation with the `postgres-operator`.
- **New Features**
- Enhanced configuration handling for OIDC, affecting the inclusion of
related components based on strict equality checks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced dynamic registration capabilities for internal API versions
of `Application` and `ApplicationList`.
- Added configuration management for server options, allowing users to
specify a resource configuration path via command line.
- **Bug Fixes**
- Improved error handling for loading resource configurations.
- **Documentation**
- Updated OpenAPI specification handling by removing certain definitions
post-processing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new `Secret` resources for `k8s-client`, `kubeapps-client`,
and `kubeapps-auth-config` to enhance Keycloak configuration.
- Added a new `KeycloakRealmGroup` named `cozystack-cluster-admin` for
improved access management.
- Implemented a new `RoleBinding` for `kubeapps-admin` in the
`cozy-public` namespace, linking it to the `kubeapps-admin` role.
- Created a new `ClusterRoleBinding` named
`cozystack-cluster-admin-group`, providing cluster-level permissions.
- Added new `ClusterRole` named `kubeapps-admin`, granting specific
permissions for resource management.
- **Bug Fixes**
- None
- **Documentation**
- None
- **Refactor**
- None
- **Style**
- None
- **Tests**
- None
- **Chores**
- None
- **Revert**
- None
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new `super-admin` role with comprehensive permissions
across resources, enhancing access control.
- **Version Updates**
- Application version updated from `1.6.1` to `1.6.2`.
- Various packages, including `tenant`, updated to reflect new version
identifiers.
These updates improve user access management and ensure the application
is running on the latest version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Streamlined metadata for monitoring agents by removing specific
Helm-related annotations and labels.
- Updated service scrape configuration to enhance target pod
identification with a new relabeling entry.
- **Bug Fixes**
- Adjusted label selection in the `VMServiceScrape` resource to improve
service scrape functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
We don't need to show alerts from longterm instance, because the alerts
have shorter timeout than metrics collection interval
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the `VMAlert` YAML template to generate only the first
`VMAlert` resource based on metrics storage values.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced Kubernetes configuration template for tenant-specific
context, improving configurability and security.
- **Version Updates**
- Updated application version from 1.6.1 to 1.6.2.
- Incremented version references for multiple packages, ensuring
alignment with the latest commits.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Upstream fixes:
- https://github.com/kubevirt/cloud-provider-kubevirt/pull/335
- https://github.com/kubevirt/cloud-provider-kubevirt/pull/336
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Incremented Kubernetes chart version to 0.14.1.
- Introduced a new cloud provider controller for managing EndpointSlices
in KubeVirt, enhancing responsiveness to service changes.
- **Improvements**
- Updated Docker image tag for kubevirt-cloud-provider to use the latest
version.
- Enhanced handling of EndpointSlices for LoadBalancer services,
improving service management.
- **Bug Fixes**
- Improved error handling and logging for service retrieval and
EndpointSlice management.
- **Documentation**
- Updated version mappings in the versions map file for clarity and
tracking.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Enhanced deployment configurations with new init containers for
various components, improving ownership management and initialization
processes.
- Added new properties to Custom Resource Definitions (CRDs) for better
network resource management and flexibility.
- Introduced new configuration options in `values.yaml` for enhanced
functionality.
- Implemented dynamic version-specific fetching for kube-ovn charts,
improving version control.
- Expanded permissions for ClusterRoles related to authentication and
authorization.
- **Bug Fixes**
- Updated command structures and security contexts across multiple
deployments to enhance security and functionality.
- **Documentation**
- Minor formatting adjustments made to improve clarity in configuration
files.
- **Chores**
- Streamlined Dockerfile and Helm chart configurations for better
maintainability and efficiency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced new configuration parameters for Jetstream, including
`jetstream.size` and `jetstream.enabled`, enhancing storage and
functionality options.
- Added support for merging additional configurations with
`config.merge` and `config.resolver`.
- **Bug Fixes**
- Improved password generation and configuration merging logic for
better flexibility in deployments.
- **Version Updates**
- NATS application version updated from `0.3.1` to `0.4.0`.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced Keycloak client configuration with new secrets for
`k8s-client`, `kubeapps-client`, and `kubeapps-auth-config`.
- Introduced new `ClusterKeycloak` and `ClusterKeycloakRealm` resources
for improved management.
- Updated Keycloak client scopes with additional attributes and protocol
mappers.
- Added multiple CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy
configurations for better traffic control.
- **Improvements**
- Logic added to check for existing Kubernetes secrets and generate new
ones as needed, ensuring seamless configuration management.
- Enhanced network policies to provide comprehensive control over
ingress and egress traffic for various services within the tenant's
namespace.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
I saw your call for adopters - I am sort of in production now, but not
with any services that I can advertise.
This Urmanac is something I'm testing on WASM workloads. I also have
hosted some Ruby services on my cluster. I am still in the
proof-of-concept phase with my production workloads, working towards a
service level of 99.5% or better. I am running SpinKube on Cozystack,
with my own Talos Linux image that I have built to add the Spin and
Tailscale extensions.
(The urmanac is in beta at: https://beta.urmanac.com - urmanac.com is a
dead link for now.)
What's holding me back currently is hardware, not so much the software
stack. I have deployed Cozystack on some severely under-powered
machines. Every time I push it to the limit, my load averages shoot up
into the 100's and I unfortunately bring my control plane and services
down. I will probably get better results when I am able to separate the
KubeVirt clusters from the data plane and control plane. When the load
rises too high, etcd becomes unresponsive, and it goes downhill from
there.
I am very impressed with the architecture of Cozystack and I have made
some contributions to Cozystack on behalf of the FluxCD community! I am
in firm support of your goal to join the CNCF.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added "Urmanac" to the Cozystack Adopters list, including contact
information and a description of its use of Cozystack.
- **Documentation**
- Reformatted the existing entry for "gohost" for consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated container images for various components to their latest
versions, enhancing performance and security.
- **Bug Fixes**
- Addressed potential issues by upgrading image tags and digests for
components such as CozyStack, ClickHouse, PostgreSQL, and others.
- **Documentation**
- Updated `values.yaml` configurations for multiple packages to reflect
the latest image versions and digests.
These updates ensure improved functionality and reliability across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary by CodeRabbit
- **New Features**
- Enhanced management of Keycloak credentials by checking for existing
passwords stored in Kubernetes Secrets.
- Improved password management logic, allowing for the reuse of existing
passwords or the generation of new ones as needed.
- **Bug Fixes**
- Streamlined secret handling to avoid unnecessary random password
generation, improving security and maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Floppy Disk <kklinch0@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced management of Kubernetes secrets for `k8s-client`,
`kubeapps-client`, and `kubeapps-auth-config`.
- Improved handling of client secrets by reusing existing configurations
when available.
- **Bug Fixes**
- Addressed issues with static secret definitions, streamlining the
configuration process.
- **Chores**
- Removed outdated secret and Keycloak client definitions for cleaner
configuration management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new Makefiles for `keycloak`, `keycloak-configure`, and
`keycloak-operator` packages, establishing environment variables for
deployment.
- Each Makefile includes common scripts to streamline build and
environment settings.
- **Bug Fixes**
- No specific bug fixes were mentioned.
- **Documentation**
- No updates to documentation were noted.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated OpenID Connect (OIDC) for enhanced authentication.
- Added dynamic Role resource for tenant-specific access to Kubernetes
secrets.
- Introduced new Keycloak realm groups for improved role management.
- **Improvements**
- Enhanced error handling for service readiness checks.
- Streamlined configuration files for better clarity and management of
OIDC settings.
- Updated handling of API server address and improved configuration
adaptability based on OIDC settings.
- **Bug Fixes**
- Removed deprecated configurations related to Keycloak, simplifying
deployment.
These updates aim to improve security, usability, and overall system
performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced build process for Kubeapps with improved modularity and patch
integration.
- Introduced version specification for Kubeapps builds.
- **Bug Fixes**
- Streamlined plugin build commands for better performance and clarity.
- **Refactor**
- Restructured Dockerfile to utilize different base images and optimize
the build stages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new pre-commit hook (`run-make-generate`) to automate the
generation process in application directories.
- **Documentation**
- Enhanced readability of the Managed NATS Service README by adjusting
formatting and removing unnecessary headers.
- **Bug Fixes**
- Corrected JSON structure in the Postgres values schema to ensure
validity.
- **Chores**
- Updated pre-commit configuration for improved consistency and
functionality.
- Reorganized properties in the NATS values schema, removing the `users`
property to reflect changes in user management capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated Piraeus Operator chart to version 2.7.1.
- Introduced new Custom Resource Definitions (CRDs) for enhanced
management of LINSTOR resources.
- **Improvements**
- Updated image tags for various components to their latest versions.
- Added `nodeSelector` and `affinity` fields for improved pod scheduling
in deployments.
These enhancements provide users with better resource management and
operational capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new configuration options for socket-based load balancing
tracing and initial fetch timeout settings in the Cilium deployment.
- Enhanced validation checks for deprecated options to prevent
misconfigurations.
- **Bug Fixes**
- Improved error messaging for deprecated or invalid settings.
- **Documentation**
- Updated version numbers in README and configuration files to reflect
the new version (1.16.4).
- **Chores**
- Updated Dockerfile and image tags to reference the latest version
(1.16.4).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded MetalLB application version to `v0.14.8`.
- Introduced a new `frr-k8s` dependency for enhanced BGP management.
- Added new configuration options for TLS settings and extra containers
in the controller.
- Implemented new Custom Resource Definitions (CRDs) for managing FRR
configurations and node states.
- **Bug Fixes**
- Improved validation logic for service account names to ensure
consistency.
- **Documentation**
- Updated README files for the MetalLB and `frr-k8s` charts to reflect
new features and configuration options.
- **Refactor**
- Enhanced RBAC configurations for better resource management and
security.
- Improved webhook configurations for better validation and consistency.
- **Chores**
- Updated various YAML configuration files to include namespace
specifications for clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced a new variable `$host` for improved configuration
management.
- Added a `valuesFrom` section to the `dashboard` release, allowing
external value sourcing.
- Enhanced Keycloak integration with new client scopes, roles, and
configurations for Kubeapps.
- Added support for custom pod specifications and environment variables
in Redis configurations.
- Introduced a new Kubernetes configuration file for managing access to
resources via Role and Secret.
- Updated image versions across various components to ensure
compatibility and leverage new features.
- **Bug Fixes**
- Implemented error handling to ensure required configurations are
present.
- Improved handling of request headers for the `/logos` endpoint in
Nginx configuration.
- Adjusted security context configurations to enhance deployment
security.
- **Documentation**
- Updated configuration files to reflect new dependencies and structures
for better clarity.
- Enhanced README documentation with upgrade instructions and security
defaults.
- Expanded notes on handling persistent volumes and data migration
during upgrades.
These enhancements improve the overall functionality and reliability of
the platform.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new patch application step in the update process for
KubeOVN.
- Enhanced flexibility in the `kube-ovn-cni` configuration by allowing
users to specify the Maximum Transmission Unit (MTU) for improved
network performance.
- **Bug Fixes**
- Applied a patch to ensure the new MTU configuration is properly
integrated into the deployment process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated application version from 1.5.0 to 1.6.0.
- Introduced new role-based access control (RBAC) roles: view, use,
admin, and super-admin, enhancing security and permissions management.
- Added new Keycloak realm groups for view, use, admin, and super-admin
roles, streamlining user management within the application.
- Integrated `keycloak-configure` release into the deployment structure,
establishing dependencies for improved configuration management.
- **Bug Fixes**
- Resolved versioning discrepancies in the tenant package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the `keycloak-operator` as an optional component in
multiple deployment configurations.
- Added a Helm chart for the `keycloak-operator`, enabling streamlined
deployment and management of Keycloak instances.
- Enhanced documentation with a new README file for the Keycloak
Operator Helm chart, detailing installation and usage instructions.
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
- **Bug Fixes**
- Improved handling of user credentials and realm configurations in the
Keycloak operator.
- **Documentation**
- Comprehensive updates to the README and configuration files to assist
users in deploying and managing Keycloak.
- **Chores**
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced OpenAPI schema handling for the Apps API server.
- Introduced a method for deep copying schema structures to improve
resource definition management.
- **Bug Fixes**
- Improved error handling during server configuration to ensure proper
reporting of setup issues.
- **Refactor**
- Removed dynamic type registration for the `v1alpha1` API version to
simplify server initialization.
- **Chores**
- Updated image tag for the CozyStack API to the latest version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new Kubernetes Roles for managing access control to
dashboard resources in the Redis, Kafka, and NATS applications.
- **Version Updates**
- Updated Redis application version from `0.3.0` to `0.3.1`.
- Updated ClickHouse application version from `0.6.0` to `0.6.1`.
- Updated Kafka application version from `0.3.0` to `0.3.1`.
- Updated NATS application version from `0.3.0` to `0.3.1`.
- Revised versioning for multiple packages, indicating specific commit
references.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated Keycloak service into deployment configurations across
multiple files, enhancing user authentication capabilities.
- Introduced a new Helm chart for Keycloak, facilitating easier
deployment and management.
- Added Kubernetes Ingress and Service resources for Keycloak to manage
external access and internal service routing.
- Configured a PostgreSQL cluster specifically for Keycloak, ensuring
data persistence.
- **Bug Fixes**
- Updated versioning in the installer script to ensure compatibility
with the latest configurations.
- **Documentation**
- Added detailed configuration options for Keycloak deployment,
including resource limits and ingress settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced username and password parameters for NATS authentication,
enhancing security options.
- Added a new configuration for specifying the Kubernetes cluster domain
for routing.
- Implemented a new Role in Kubernetes RBAC for managing secrets related
to the NATS dashboard.
- **Bug Fixes**
- Updated versioning information for the NATS application to reflect the
latest changes.
- **Documentation**
- Enhanced the README with details on new authentication parameters and
configuration options.
- Updated the JSON schema to include new properties for user
configuration.
- **Chores**
- Incremented the NATS application version from 0.2.0 to 0.3.0.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
