Following a [recent update](0171916b01),
the KubeVirt CSI controller now needs new permissions to manage volumes
for tenant k8s clusters.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
This patch passes Java heap parameters to Keycloak to prevent OOM errors
when the JVM lacks compatibility with cgroups v2 and fails to recognize
container memory requests and limits. A new function is introduced in
cozy-lib to calculate the heap parameters from requests and limits,
setting Xmx to 75% of the memory limit and Xms to the lesser of the
memory request or 25% of the memory limits.
Change log:
[keycloak] Calculate and pass Java heap parameters explicitly to prevent
OOM errors.
[cozy-lib] Introduce helper function to calculate Java heap params based
on memory requests and limits.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Removed the memory limit for Keycloak deployment, retaining only
resource requests for memory and CPU.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added new configuration options for workload identity, storage
selection, and scheduling in Flux operator CRDs.
- Enhanced support for semantic version filtering and new input provider
types.
- **Bug Fixes**
- Improved default values and descriptions for several configuration
fields.
- **Chores**
- Updated Helm chart and documentation versions to 0.23.0.
- Upgraded CRDs to use the latest controller-gen version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added configurable DRBD network options to the cluster resource,
allowing adjustment of connection and timeout settings.
- **Bug Fixes**
- Removed automatic reconnection attempts for DRBD devices stuck in the
"Connecting" state to improve stability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Improved flexibility for VMAgent configuration by allowing users to
override default extra arguments through Helm values.
- **Chores**
- Centralized default argument definitions for VMAgent to simplify
configuration management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This change includes the following commit
6856b66f92
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated the version of a core dependency used in the dashboard and
related services to a newer commit. No user-facing changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added a new template to automatically create a self-signed
ClusterIssuer for certificate management if one does not already exist.
- **Chores**
- Updated dependency configuration for the snapshot-controller to
simplify its setup process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the use of the CozyPkg tool for package deployment and
management, replacing previous Helm-based workflows across installer,
platform, and system components.
- **Refactor**
- Updated Makefiles and scripts to use CozyPkg commands for showing,
applying, diffing, suspending, resuming, and deleting packages.
- Removed dynamic API version handling and simplified deployment command
structures.
- **Chores**
- Updated Docker images to newer base versions and included CozyPkg
installation steps.
- Changed installer image references to use the latest available build.
- Removed obsolete scripts and dependencies related to Helm and
Kustomize.
- Consolidated package installations and updated tooling in Dockerfiles
for improved efficiency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added new configuration options to exclude specific address pools from
Prometheus alerts for address pool exhaustion and usage.
- Introduced a new CRD for ServiceBGPStatus to provide detailed BGP peer
status per service and node.
- Added new status fields to track assigned and available IPv4/IPv6
addresses in IPAddressPool.
- **Improvements**
- Updated Helm chart and dependency versions to the latest releases.
- Enhanced validation for speaker configuration to prevent invalid
settings.
- Clarified configuration descriptions for easier understanding.
- Increased file descriptor limits for FRR daemons to improve
reliability.
- Simplified Docker image handling by using pre-built MetalLB images
instead of local builds.
- **Bug Fixes**
- Updated RBAC roles to grant necessary permissions for new resources
and status updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added a new configuration option to require Kubernetes connectivity in
liveness probes.
- Enabled Kafka API key redaction by default in Hubble settings.
- **Bug Fixes**
- Improved conditional logic for resource creation to prevent
unnecessary resources during preflight mode.
- Corrected YAML indentation and formatting in configuration files.
- **Chores**
- Upgraded Cilium and related component images from version 1.17.3 to
1.17.4.
- Updated documentation and default configuration values to reflect new
versions and settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Flux 2.6.1 is the latest Flux release now
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced validation for custom resources to ensure consistent naming
and conditional field requirements.
- Added support for referencing input providers using label selectors,
and expanded input provider types.
- Extended reporting with new cluster information fields.
- **Bug Fixes**
- Improved schema constraints to prevent invalid or inconsistent
resource configurations.
- **Documentation**
- Updated version information in documentation and Helm chart metadata
to reflect the latest release.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Expanded permissions for managing namespaces, now allowing patch and
update actions in addition to viewing and listing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced granular Helm charts for Cluster API providers: bootstrap,
core, control plane, and infrastructure, each with dedicated
configuration, metadata, and compressed component packaging.
- Added a new configuration option to the Kubernetes app to enable using
a custom secret for patching containerd.
- Enhanced Kubernetes deployment to conditionally manage containerd
registry certificates and configuration using custom or copied secrets.
- **Documentation**
- Updated Kubernetes app documentation to include the new containerd
patching secret configuration option.
- **Chores**
- Updated version mappings and chart versions for Kubernetes and Cluster
API-related components.
- Decomposed the monolithic Cluster API provider release into multiple,
more manageable releases with explicit namespaces and dependencies.
- **Refactor**
- Removed the previous unified Cluster API provider template in favor of
new, separate provider resource definitions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
