Overview
This pull request introduces the integration of External-DNS into the
full bundles and adds support for a dns01 ClusterIssuer using
Cloudflare. It enhances the DNS management capabilities for our
deployments by allowing dynamic DNS record management directly from
Kubernetes resources.
Changes Made
1. **External-DNS Integration:**
- Added External-DNS to the full deployment bundles.
- Configured External-DNS to automatically manage DNS records for
services within the Kubernetes cluster ( we must discuss how to
configure external-dns via configmap or create an application in tenant
`external-dns` where we can define values).
We must define some additional annotations for ingresses in order to
make external-dns work , so we must discuss this also which is best
method to configure it ( from configmap or dashboard ).
**2. dns01 ClusterIssuer for Cloudflare:**
- Implemented support for a dns01 ClusterIssuer using Cloudflare.
- This allows for automated certificate issuance via DNS challenge,
leveraging Cloudflare as the DNS provider.
- The configuration can be defined in the Cozystack ConfigMap
3. Default Ingress Configuration:
- Updated the default Ingress resources to use Cloudflare for DNS
challenges.
- Ensured that if the Cloudflare issuer is defined in the Cozystack
ConfigMap, it will be utilized for all default Ingresses, streamlining
the deployment process and improving reliability.
**Benefits**
- Automated DNS Management: With External-DNS, DNS entries will be
created and updated automatically based on the state of Kubernetes
resources, reducing manual overhead.
- Seamless Certificate Management: The dns01 ClusterIssuer integration
allows for automated SSL/TLS certificate issuance, enhancing security
for deployed applications.
- Flexibility in Configuration: Users can easily switch between
different issuers by updating the Cozystack ConfigMap, providing
flexibility in the choice of DNS and certificate management solutions.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced a new `external-dns` release with support for managing DNS
records in Kubernetes.
- Added configuration options for DNS synchronization policies and
provider settings.
- Implemented a new lookup for issuer types in Ingress configurations.
- Expanded configuration with new entries for `external-dns` in multiple
deployment files, enhancing deployment flexibility.
- **Documentation**
- Comprehensive README and configuration schema for the `external-dns`
Helm chart added, detailing installation and customization options.
- **Improvements**
- Enhanced RBAC configuration for flexible permissions management.
- Updated annotations and health check configurations for better service
monitoring.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
This pull request adds the external-secrets-operator to our main
bundles. By integrating the external-secrets-operator, we enable
seamless connectivity to external hosted secret management services such
as HashiCorp Vault, 1Password, AWS Secrets Manager, and more.
Benefits:
Unified Secret Management: Allows the application to securely fetch
secrets from external providers without hardcoding them into
configurations.
Flexibility: Supports multiple external secret stores, giving users the
freedom to choose their preferred secret management solution.
Enhanced Security: Reduces the risk of exposing sensitive information by
leveraging established secret management platforms.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the `external-secrets-operator` for managing external
secrets in Kubernetes.
- Added a Helm chart for the `external-secrets` application, including
configuration options and dependencies.
- Implemented a certificate controller within the
external-secrets-operator.
- **Documentation**
- Added README.md with installation instructions and configuration
options for the External Secrets Operator.
- Included success message and setup instructions in NOTES.txt for the
external-secrets deployment.
- **Chores**
- Created .helmignore to streamline Helm packaging by excluding
unnecessary files.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated Flux Operator Helm chart to version 0.10.0, introducing new
configuration options: `extraArgs` for additional command-line arguments
and `logLevel` for logging verbosity.
- **Bug Fixes**
- Corrected formatting in the annotations section of the Helm chart.
- **Documentation**
- Updated README to reflect new version and configuration options.
- **Chores**
- Updated FluxCD instance configuration to version 2.4.x with refined
deployment specifications for improved functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
Now that Cozystack 0.16 is out with flux-operator 0.9.0, users that need
it can easily upgrade to Flux 2.4.0
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded FluxCD version from 2.3.x to 2.4.x.
- Enhanced configuration for several controllers with new command-line
arguments for improved performance and functionality.
- **Bug Fixes**
- Updated resource limits for containers to ensure optimal resource
allocation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the `cozystack` application with necessary Kubernetes
resources, including a new namespace, service account, and deployment.
- Updated container images for `cozystack` and associated services to
version `v0.16.1`.
- **Bug Fixes**
- Resolved issues related to image versioning across various components,
ensuring consistency and reliability.
- **Documentation**
- Updated configuration files to reflect new image tags and versions for
multiple components, enhancing clarity for users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
fix regression introduced by
https://github.com/aenix-io/cozystack/pull/376
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced flexibility in PostgreSQL configuration with conditional
handling of the `max_connections` parameter.
- **Bug Fixes**
- Improved parameter assignment logic for better configuration
management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the `max_connections` parameter to accept numeric values for
improved clarity and correctness in PostgreSQL configurations.
- **Bug Fixes**
- Corrected the data type for `max_connections` from string to number in
both schema and configuration files to ensure proper interpretation by
the PostgreSQL server.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Kirill Klinchenkov <Kirill.Klinchenkov@mvideo.ru>
Builds on #362
The main issue we will have to solve (maybe with a patch) is that
`cluster.domain` is always specified in this chart;
I'm reading to try to recall how we solved this last time.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated the Flux Operator Helm chart to version 0.9.0, introducing
enhanced configuration options for service monitoring and resource
management.
- Added a new `ServiceMonitor` resource for Prometheus integration.
- Introduced a `serviceMonitor` configuration option with default values
for scraping settings.
- New `FluxInstance` resource configuration file added for deploying a
Flux instance.
- **Documentation**
- Updated README files to reflect new version and provide installation
instructions for the Flux instance.
- Added a `NOTES.txt` file directing users to Flux CD operator
documentation.
- **Bug Fixes**
- Corrected links in documentation and ensured proper metadata for the
new chart.
- **Chores**
- Restructured configuration files for improved organization and
clarity.
- Introduced a `.helmignore` file to streamline package building.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
- Update Kubernetes service
- Build kubevirt-cloud-provider, kubevirt-csi-driver,
ubuntu-container-disk
- Enable support for `externalTrafficPolicy: Local`
This PR includes patch from upstream project
https://github.com/kubevirt/cloud-provider-kubevirt/pull/330
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new version (2.0.0) for the Kamaji project with updated
dependencies and configuration options.
- Added support for a new `kamaji-etcd` dependency, enhancing datastore
functionality.
- Implemented comprehensive access control with a new Kubernetes
ClusterRole.
- Added webhook configurations for validating and mutating resources.
- **Bug Fixes**
- Streamlined configuration by removing outdated etcd settings and
consolidating datastore configurations.
- **Documentation**
- Updated README.md to reflect new version and configuration options.
- **Chores**
- Simplified Dockerfile by using a pre-built image instead of a
multi-stage build process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated to version 0.9.0 of the Flux Operator Helm chart.
- Introduced a new `ServiceMonitor` resource for Prometheus metrics
scraping.
- Added configuration options for the `serviceMonitor`, including scrape
interval and timeout settings.
- **Bug Fixes**
- Corrected the GitHub repository URL in the README.
- **Documentation**
- Updated README to reflect new version and added details for the
`serviceMonitor` settings.
- **Chores**
- Updated maintainer information in the chart configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new configuration parameter `max_connections` for
PostgreSQL, allowing users to specify the maximum number of concurrent
connections.
- Added a "Server Configuration" section in the settings for easier
management of PostgreSQL parameters.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: Andrei Gumilev <andrey.gumilev@aenix.io>
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added a new data source configuration for Prometheus.
- Introduced new panels for network metrics in Kubernetes dashboards.
- New "Bar gauge" panel type added to the Kubernetes global views.
- Enhanced visualizations with new properties for displaying metrics.
- **Bug Fixes**
- Updated Prometheus expressions to improve data filtering and accuracy.
- **Version Updates**
- Upgraded Grafana and plugin versions across multiple dashboard
configurations.
- **Improvements**
- Enhanced dashboard layouts and usability with new visualization
options.
- Adjusted configurations for better performance and clarity in
monitoring metrics.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
- Remove grafana-oncall
- Add Alerta
- Configure basic alerts
- Update grafana 10 --> 11
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added new configuration options for the Alerta service, enhancing user
customization.
- Introduced a new Helm chart for the VictoriaMetrics Kubernetes stack,
enabling comprehensive monitoring solutions.
- Added VMAuth feature for enhanced authentication in the Kubernetes
stack.
- **Bug Fixes**
- Fixed issues with the ETCD dashboard and improved ingress path prefix
handling.
- **Documentation**
- Updated README and release guide for the VictoriaMetrics stack with
installation and configuration instructions.
- Introduced a changelog for organized tracking of changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated Helm chart and application versions for Grafana Operator.
- Introduced new Custom Resource Definitions (CRDs) for managing alert
rules, contact points, notification policies, and more.
- Added support for ServiceMonitor to enhance Prometheus scraping
capabilities.
- New configuration options for better customization, including
`watchNamespaceSelector`, `isOpenShift`, and `namespaceOverride`.
- **Documentation**
- Expanded README with Terraform installation instructions and upgrade
guidelines.
- Enhanced descriptions for configuration options to improve clarity.
- **Bug Fixes**
- Improved RBAC configurations to ensure proper permissions in
Kubernetes environments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: George Gaál <gb12335@gmail.com>
Currently ingress have rule to allow access from outside cluster, but
have no rule to access from within cluster.
This PR introduces fix for allow ingress access from any namespace by
default.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new network policy for managing ingress traffic,
enhancing security and traffic management capabilities.
- The policy is dynamically configured based on the tenant's settings,
allowing for tailored network access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
kafka zookeeper error after installation:
```
2024-09-15 02:44:33,289 ERROR Failed to verify hostname: kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc.cozy.local (org.apache.zookeeper.common.ZKTrustManager) [ListenerHandler-/0.0.0.0:3888]
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc.cozy.local> doesn't match any of the subject alternative names: [kafka-service-zookeeper-client, *.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, *.kafka-service-zookeeper-nodes.tenant-stage.svc, kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc, kafka-service-zookeeper-client.tenant-stage.svc.cluster.local, kafka-service-zookeeper-client.tenant-stage.svc, kafka-service-zookeeper-2, kafka-service-zookeeper-2.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, *.kafka-service-zookeeper-client.tenant-stage.svc, kafka-service-zookeeper-client.tenant-stage, *.kafka-service-zookeeper-client.tenant-stage.svc.cluster.local]
```
certs sans by default:
```
klin@asus:~/cozy$ openssl x509 -in zookeeper.crt -text -noout | grep -A1 "Subject Alternative Name"
X509v3 Subject Alternative Name:
DNS:kafka-service-zookeeper-0.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, DNS:*.kafka-service-zookeeper-nodes.tenant-stage.svc.cluster.local, DNS:kafka-service-zookeeper-client, DNS:kafka-service-zookeeper-0, DNS:kafka-service-zookeeper-client.tenant-stage.svc.cluster.local, DNS:kafka-service-zookeeper-client.tenant-stage.svc, DNS:kafka-service-zookeeper-client.tenant-stage, DNS:*.kafka-service-zookeeper-nodes.tenant-stage.svc, DNS:*.kafka-service-zookeeper-client.tenant-stage.svc, DNS:kafka-service-zookeeper-0.kafka-service-zookeeper-nodes.tenant-stage.svc, DNS:*.kafka-service-zookeeper-client.tenant-stage.svc.cluster.local
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new configuration option for specifying a custom DNS
domain for Kubernetes services within the Kafka operator, enhancing
service discovery and networking capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sometimes Kamaji can be killed due to defult limits let's expand them a
little
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced resource management configurations for the `kamaji`
service, enhancing control over CPU and memory allocation.
- Added specifications for resource limits and requests to improve
stability and performance in a Kubernetes environment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Expanded the `.gitignore` file to include additional user-specific and
generated files, improving version control management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: George Gaál <gb12335@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded various container images to version `v0.14.0`, enhancing
application performance and potentially introducing new features and bug
fixes.
- **Bug Fixes**
- Improved version tracking for packages by updating commit hashes,
enhancing clarity and traceability.
- **Chores**
- Updated configuration files to reflect the new image versions for
components, ensuring the latest updates are utilized across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated Clickhouse application to version 0.4.0, indicating new
enhancements.
- Improved user credential management by dynamically generating
passwords or using provided ones, enhancing security.
- Introduced a new Kubernetes Role for managing access to services and
secrets, ensuring better control over resource interactions.
- **Bug Fixes**
- Corrected the reference for accessing the storage class value to
ensure proper retrieval.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated application version from 0.3.0 to 0.4.0, indicating a new
release.
- Introduced a new Kubernetes Role for managing access to
dashboard-related resources, enhancing security.
- Improved user credential management with dynamic password generation
in the initialization script, enhancing security practices.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
