<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new `Secret` resources for `k8s-client`, `kubeapps-client`,
and `kubeapps-auth-config` to enhance Keycloak configuration.
- Added a new `KeycloakRealmGroup` named `cozystack-cluster-admin` for
improved access management.
- Implemented a new `RoleBinding` for `kubeapps-admin` in the
`cozy-public` namespace, linking it to the `kubeapps-admin` role.
- Created a new `ClusterRoleBinding` named
`cozystack-cluster-admin-group`, providing cluster-level permissions.
- Added new `ClusterRole` named `kubeapps-admin`, granting specific
permissions for resource management.
- **Bug Fixes**
- None
- **Documentation**
- None
- **Refactor**
- None
- **Style**
- None
- **Tests**
- None
- **Chores**
- None
- **Revert**
- None
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Streamlined metadata for monitoring agents by removing specific
Helm-related annotations and labels.
- Updated service scrape configuration to enhance target pod
identification with a new relabeling entry.
- **Bug Fixes**
- Adjusted label selection in the `VMServiceScrape` resource to improve
service scrape functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Enhanced deployment configurations with new init containers for
various components, improving ownership management and initialization
processes.
- Added new properties to Custom Resource Definitions (CRDs) for better
network resource management and flexibility.
- Introduced new configuration options in `values.yaml` for enhanced
functionality.
- Implemented dynamic version-specific fetching for kube-ovn charts,
improving version control.
- Expanded permissions for ClusterRoles related to authentication and
authorization.
- **Bug Fixes**
- Updated command structures and security contexts across multiple
deployments to enhance security and functionality.
- **Documentation**
- Minor formatting adjustments made to improve clarity in configuration
files.
- **Chores**
- Streamlined Dockerfile and Helm chart configurations for better
maintainability and efficiency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced Keycloak client configuration with new secrets for
`k8s-client`, `kubeapps-client`, and `kubeapps-auth-config`.
- Introduced new `ClusterKeycloak` and `ClusterKeycloakRealm` resources
for improved management.
- Updated Keycloak client scopes with additional attributes and protocol
mappers.
- Added multiple CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy
configurations for better traffic control.
- **Improvements**
- Logic added to check for existing Kubernetes secrets and generate new
ones as needed, ensuring seamless configuration management.
- Enhanced network policies to provide comprehensive control over
ingress and egress traffic for various services within the tenant's
namespace.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated container images for various components to their latest
versions, enhancing performance and security.
- **Bug Fixes**
- Addressed potential issues by upgrading image tags and digests for
components such as CozyStack, ClickHouse, PostgreSQL, and others.
- **Documentation**
- Updated `values.yaml` configurations for multiple packages to reflect
the latest image versions and digests.
These updates ensure improved functionality and reliability across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary by CodeRabbit
- **New Features**
- Enhanced management of Keycloak credentials by checking for existing
passwords stored in Kubernetes Secrets.
- Improved password management logic, allowing for the reuse of existing
passwords or the generation of new ones as needed.
- **Bug Fixes**
- Streamlined secret handling to avoid unnecessary random password
generation, improving security and maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Floppy Disk <kklinch0@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced management of Kubernetes secrets for `k8s-client`,
`kubeapps-client`, and `kubeapps-auth-config`.
- Improved handling of client secrets by reusing existing configurations
when available.
- **Bug Fixes**
- Addressed issues with static secret definitions, streamlining the
configuration process.
- **Chores**
- Removed outdated secret and Keycloak client definitions for cleaner
configuration management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new Makefiles for `keycloak`, `keycloak-configure`, and
`keycloak-operator` packages, establishing environment variables for
deployment.
- Each Makefile includes common scripts to streamline build and
environment settings.
- **Bug Fixes**
- No specific bug fixes were mentioned.
- **Documentation**
- No updates to documentation were noted.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated OpenID Connect (OIDC) for enhanced authentication.
- Added dynamic Role resource for tenant-specific access to Kubernetes
secrets.
- Introduced new Keycloak realm groups for improved role management.
- **Improvements**
- Enhanced error handling for service readiness checks.
- Streamlined configuration files for better clarity and management of
OIDC settings.
- Updated handling of API server address and improved configuration
adaptability based on OIDC settings.
- **Bug Fixes**
- Removed deprecated configurations related to Keycloak, simplifying
deployment.
These updates aim to improve security, usability, and overall system
performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced build process for Kubeapps with improved modularity and patch
integration.
- Introduced version specification for Kubeapps builds.
- **Bug Fixes**
- Streamlined plugin build commands for better performance and clarity.
- **Refactor**
- Restructured Dockerfile to utilize different base images and optimize
the build stages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated Piraeus Operator chart to version 2.7.1.
- Introduced new Custom Resource Definitions (CRDs) for enhanced
management of LINSTOR resources.
- **Improvements**
- Updated image tags for various components to their latest versions.
- Added `nodeSelector` and `affinity` fields for improved pod scheduling
in deployments.
These enhancements provide users with better resource management and
operational capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new configuration options for socket-based load balancing
tracing and initial fetch timeout settings in the Cilium deployment.
- Enhanced validation checks for deprecated options to prevent
misconfigurations.
- **Bug Fixes**
- Improved error messaging for deprecated or invalid settings.
- **Documentation**
- Updated version numbers in README and configuration files to reflect
the new version (1.16.4).
- **Chores**
- Updated Dockerfile and image tags to reference the latest version
(1.16.4).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded MetalLB application version to `v0.14.8`.
- Introduced a new `frr-k8s` dependency for enhanced BGP management.
- Added new configuration options for TLS settings and extra containers
in the controller.
- Implemented new Custom Resource Definitions (CRDs) for managing FRR
configurations and node states.
- **Bug Fixes**
- Improved validation logic for service account names to ensure
consistency.
- **Documentation**
- Updated README files for the MetalLB and `frr-k8s` charts to reflect
new features and configuration options.
- **Refactor**
- Enhanced RBAC configurations for better resource management and
security.
- Improved webhook configurations for better validation and consistency.
- **Chores**
- Updated various YAML configuration files to include namespace
specifications for clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced a new variable `$host` for improved configuration
management.
- Added a `valuesFrom` section to the `dashboard` release, allowing
external value sourcing.
- Enhanced Keycloak integration with new client scopes, roles, and
configurations for Kubeapps.
- Added support for custom pod specifications and environment variables
in Redis configurations.
- Introduced a new Kubernetes configuration file for managing access to
resources via Role and Secret.
- Updated image versions across various components to ensure
compatibility and leverage new features.
- **Bug Fixes**
- Implemented error handling to ensure required configurations are
present.
- Improved handling of request headers for the `/logos` endpoint in
Nginx configuration.
- Adjusted security context configurations to enhance deployment
security.
- **Documentation**
- Updated configuration files to reflect new dependencies and structures
for better clarity.
- Enhanced README documentation with upgrade instructions and security
defaults.
- Expanded notes on handling persistent volumes and data migration
during upgrades.
These enhancements improve the overall functionality and reliability of
the platform.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new patch application step in the update process for
KubeOVN.
- Enhanced flexibility in the `kube-ovn-cni` configuration by allowing
users to specify the Maximum Transmission Unit (MTU) for improved
network performance.
- **Bug Fixes**
- Applied a patch to ensure the new MTU configuration is properly
integrated into the deployment process.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated application version from 1.5.0 to 1.6.0.
- Introduced new role-based access control (RBAC) roles: view, use,
admin, and super-admin, enhancing security and permissions management.
- Added new Keycloak realm groups for view, use, admin, and super-admin
roles, streamlining user management within the application.
- Integrated `keycloak-configure` release into the deployment structure,
establishing dependencies for improved configuration management.
- **Bug Fixes**
- Resolved versioning discrepancies in the tenant package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced the `keycloak-operator` as an optional component in
multiple deployment configurations.
- Added a Helm chart for the `keycloak-operator`, enabling streamlined
deployment and management of Keycloak instances.
- Enhanced documentation with a new README file for the Keycloak
Operator Helm chart, detailing installation and usage instructions.
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
- **Bug Fixes**
- Improved handling of user credentials and realm configurations in the
Keycloak operator.
- **Documentation**
- Comprehensive updates to the README and configuration files to assist
users in deploying and managing Keycloak.
- **Chores**
- Added various Custom Resource Definitions (CRDs) for managing Keycloak
resources effectively within Kubernetes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced OpenAPI schema handling for the Apps API server.
- Introduced a method for deep copying schema structures to improve
resource definition management.
- **Bug Fixes**
- Improved error handling during server configuration to ensure proper
reporting of setup issues.
- **Refactor**
- Removed dynamic type registration for the `v1alpha1` API version to
simplify server initialization.
- **Chores**
- Updated image tag for the CozyStack API to the latest version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated Keycloak service into deployment configurations across
multiple files, enhancing user authentication capabilities.
- Introduced a new Helm chart for Keycloak, facilitating easier
deployment and management.
- Added Kubernetes Ingress and Service resources for Keycloak to manage
external access and internal service routing.
- Configured a PostgreSQL cluster specifically for Keycloak, ensuring
data persistence.
- **Bug Fixes**
- Updated versioning in the installer script to ensure compatibility
with the latest configurations.
- **Documentation**
- Added detailed configuration options for Keycloak deployment,
including resource limits and ingress settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced username and password parameters for NATS authentication,
enhancing security options.
- Added a new configuration for specifying the Kubernetes cluster domain
for routing.
- Implemented a new Role in Kubernetes RBAC for managing secrets related
to the NATS dashboard.
- **Bug Fixes**
- Updated versioning information for the NATS application to reflect the
latest changes.
- **Documentation**
- Enhanced the README with details on new authentication parameters and
configuration options.
- Updated the JSON schema to include new properties for user
configuration.
- **Chores**
- Incremented the NATS application version from 0.2.0 to 0.3.0.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Expanded build process to include the `cozystack-api` component.
- Updated image versions for `cozystack`, `darkhttpd`, and other
components to improve performance and stability.
- **Bug Fixes**
- Updated image digests for various components, ensuring the latest
updates and security patches are applied.
- **Documentation**
- Incremented version numbers across multiple configuration files for
clarity and consistency.
- **Chores**
- Updated various package versions in the version map for better
dependency management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new HelmRelease configurations for cert-manager, monitoring
agents, and Victoria Metrics Operator in Kubernetes.
- Added resource specifications for `vmselect` in the VMCluster
configuration.
- Enhanced resource management for `vmselect` with defined limits and
requests for memory and CPU.
- **Bug Fixes**
- Adjusted resource limits for Redis failover memory allocation.
- **Documentation**
- Updated README and release notes for various components, enhancing
clarity and usability.
- **Chores**
- Updated image versions across multiple components for consistency and
performance improvements.
- Modified migration scripts to facilitate transitions and manage
resources effectively.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a RESTful API for managing `Application` resources,
enabling CRUD operations with HelmRelease integration.
- Added validation functions for `Application` and `ApplicationSpec`,
laying the groundwork for future validation rules.
- Implemented configuration management for resources, allowing for
structured application and release settings.
- **Bug Fixes**
- Addressed API rule violations related to naming conventions and
missing types in the CozyStack API definitions.
- **Tests**
- Added comprehensive tests for round-trip functionality and version
compatibility within the Apps API server.
- **Documentation**
- Introduced documentation for the `v1alpha1` API version, including
licensing and code generation annotations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated various container images to newer versions, enhancing
performance and security.
- **Bug Fixes**
- Resolved issues by updating image tags and digests for several
components, ensuring consistency and stability.
- **Documentation**
- Incremented version numbers in configuration files for clarity and
tracking.
- **Chores**
- Updated image tags and digests across multiple services to maintain
up-to-date deployments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a local hook to generate a versions map and check for
changes.
- Added new configuration options for ClickHouse, including enhanced
logging, user management, and structured templates.
- New parameters for persistent volume size and Docker image
specifications in ClickHouse configuration.
- Added hostname matching capabilities in ClickHouse operator
configuration.
- **Bug Fixes**
- Updated exclusion patterns for YAML files in pre-commit hooks.
- **Version Updates**
- Incremented ClickHouse chart version from 0.5.0 to 0.6.0.
- Updated versioning for several packages, including `clickhouse` and
`tenant`.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
Upstream fix:
https://github.com/kubevirt/containerized-data-importer/pull/3461
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new version (`v1beta1`) for the CDI operator alongside
the existing version, enhancing configuration options.
- Expanded `spec` section with detailed descriptions for various
configurations including data volume management and TLS security
profiles.
- Added a new Ingress resource for the `cdi-uploadproxy` service,
improving traffic routing capabilities.
- Introduced new configuration parameters for dynamic upload proxy URL
management.
- **Improvements**
- Updated permissions for the CDI operator to manage additional
resources, improving its data handling capabilities.
- Refined deployment configuration with updated container image
references and environment variables for better operational control.
- Enhanced network policy definitions by adding specific rules for new
services while maintaining existing policies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced ingress configuration with conditional logic for ingress
class.
- Added TLS settings for improved security, including a dynamically
constructed host name.
- **Bug Fixes**
- Default value for issuer type set to "http01" to prevent
misconfigurations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
