Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Version Update**
- Upgraded Cozystack from v0.21.0 to v0.21.1
- Updated multiple system component images to the new version
- Updated image references across various configuration files and
packages
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated images for various components to version `v0.21.0`, enhancing
overall functionality and performance.
- Introduced specific version tags for services, ensuring stability and
predictability in deployments.
- **Bug Fixes**
- Updated image digests for several components, reflecting improvements
or fixes in the underlying images.
- **Documentation**
- Updated URLs in documentation to direct users to the latest CozyStack
resources.
- **Chores**
- Removed outdated patch applications from the build process,
streamlining the Dockerfile configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new secrets for enhanced security management.
- Added a new realm group for streamlined administrative roles.
- Implemented a new cluster role binding for improved access control.
- **Bug Fixes**
- Removed outdated role bindings to reflect updated permissions.
- **Refactor**
- Transitioned from a broad cluster role to a more focused
namespace-specific role, enhancing role granularity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the Docker image reference for `cozystackAPI` to the latest
version.
- Enhanced OpenAPI schema generation for the Apps API server, improving
flexibility and correctness.
- **Bug Fixes**
- Streamlined OpenAPI definitions by removing outdated Application and
ApplicationList definitions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<img width="1675" alt="Screenshot 2024-12-23 at 13 40 30"
src="https://github.com/user-attachments/assets/cc123697-4efd-4a4f-909c-793cec8d91bd"
/>
<img width="1673" alt="Screenshot 2024-12-23 at 13 40 45"
src="https://github.com/user-attachments/assets/3be63e8d-9ee6-487d-90d0-3583dc968dfc"
/>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new `pluginConfig` section in the Kubeapps dashboard
configuration for managing a broader range of applications.
- **Bug Fixes**
- Enhanced URL generation logic to ensure proper encoding of package
identifiers.
- **Chores**
- Updated image digests in the configuration for both the dashboard and
kubeappsapis sections.
- Removed unnecessary patch application steps from the build process.
- Upgraded the Go version used for building the application.
- Updated the application version for the tenant package from `1.6.3` to
`1.6.4`.
- Added a new version `1.6.4 HEAD` for the tenant package.
- Adjusted RBAC configuration to streamline permissions and enhance
group-based access management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Co-authored-by: klinch0 <68821526+klinch0@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a HelmRelease configuration for monitoring agents in
Kubernetes.
- Added a new section for `fluent-bit` with configurations for readiness
probes, volumes, and log processing.
- **Bug Fixes**
- Enhanced monitoring capabilities with detailed configurations for log
management and external integrations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated monitoring application version to 1.5.3.
- Changed the data source type in Grafana configuration to
`victoriametrics-logs-datasource`.
- **Bug Fixes**
- Corrected plugin loading configuration in Grafana.
- **Chores**
- Updated version mapping for the monitoring package in the versions
map.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new parameter for Grafana's database size with a default
value of 10Gi.
- **Bug Fixes**
- Updated default values for `alerta.alerts.telegram.token` and
`alerta.alerts.telegram.chatID` to empty strings.
- **Documentation**
- Revised the README to reflect changes in default parameter values and
added new parameters for Grafana.
- **Chores**
- Updated the monitoring application's version from 1.5.2 to 1.5.3.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
upstream issue https://github.com/vmware-tanzu/kubeapps/pull/7847
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for conditional configuration based on OIDC settings.
- Introduced label filtering for Helm releases and repositories.
- Updated reconciliation strategy for Helm releases.
- **Bug Fixes**
- Enhanced error handling and logging in package resource retrieval.
- **Documentation**
- Updated configuration values in `values.yaml` for image tags and
digests.
- **Chores**
- Upgraded application and Go versions in Dockerfiles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new roles and role bindings for enhanced role-based access
control, including specific permissions for viewing, using, and
administering resources.
- Added a new dashboard role for access to helm repositories and charts.
- **Bug Fixes**
- Updated application version from 1.6.2 to 1.6.3.
- **Chores**
- Updated version declarations for the tenant package in the versions
map.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced resource management for the VMCluster resource, specifically
for the `vmstorage` component.
- Added resource specifications including memory limits and CPU
requests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced `authEnabled` parameter for enabling password generation in
Redis.
- Added authentication logic for Redis failover configuration.
- **Bug Fixes**
- Updated version of the Redis chart from `0.3.1` to `0.4.0`.
- **Documentation**
- Updated README to include the new `authEnabled` parameter description.
- **Chores**
- Incremented version numbers for multiple packages in the version map.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced ingress settings for Kubeapps deployment, allowing for
increased timeout and body size limits.
- Added configuration options for handling larger requests and longer
processing times.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved conditional logic for OIDC functionality, ensuring accurate
deployment of related components.
- **Chores**
- Updated dependencies for the `keycloak` release to ensure proper
operation with the `postgres-operator`.
- **New Features**
- Enhanced configuration handling for OIDC, affecting the inclusion of
related components based on strict equality checks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced dynamic registration capabilities for internal API versions
of `Application` and `ApplicationList`.
- Added configuration management for server options, allowing users to
specify a resource configuration path via command line.
- **Bug Fixes**
- Improved error handling for loading resource configurations.
- **Documentation**
- Updated OpenAPI specification handling by removing certain definitions
post-processing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new `Secret` resources for `k8s-client`, `kubeapps-client`,
and `kubeapps-auth-config` to enhance Keycloak configuration.
- Added a new `KeycloakRealmGroup` named `cozystack-cluster-admin` for
improved access management.
- Implemented a new `RoleBinding` for `kubeapps-admin` in the
`cozy-public` namespace, linking it to the `kubeapps-admin` role.
- Created a new `ClusterRoleBinding` named
`cozystack-cluster-admin-group`, providing cluster-level permissions.
- Added new `ClusterRole` named `kubeapps-admin`, granting specific
permissions for resource management.
- **Bug Fixes**
- None
- **Documentation**
- None
- **Refactor**
- None
- **Style**
- None
- **Tests**
- None
- **Chores**
- None
- **Revert**
- None
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new `super-admin` role with comprehensive permissions
across resources, enhancing access control.
- **Version Updates**
- Application version updated from `1.6.1` to `1.6.2`.
- Various packages, including `tenant`, updated to reflect new version
identifiers.
These updates improve user access management and ensure the application
is running on the latest version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Streamlined metadata for monitoring agents by removing specific
Helm-related annotations and labels.
- Updated service scrape configuration to enhance target pod
identification with a new relabeling entry.
- **Bug Fixes**
- Adjusted label selection in the `VMServiceScrape` resource to improve
service scrape functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
We don't need to show alerts from longterm instance, because the alerts
have shorter timeout than metrics collection interval
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the `VMAlert` YAML template to generate only the first
`VMAlert` resource based on metrics storage values.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced Kubernetes configuration template for tenant-specific
context, improving configurability and security.
- **Version Updates**
- Updated application version from 1.6.1 to 1.6.2.
- Incremented version references for multiple packages, ensuring
alignment with the latest commits.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Upstream fixes:
- https://github.com/kubevirt/cloud-provider-kubevirt/pull/335
- https://github.com/kubevirt/cloud-provider-kubevirt/pull/336
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Incremented Kubernetes chart version to 0.14.1.
- Introduced a new cloud provider controller for managing EndpointSlices
in KubeVirt, enhancing responsiveness to service changes.
- **Improvements**
- Updated Docker image tag for kubevirt-cloud-provider to use the latest
version.
- Enhanced handling of EndpointSlices for LoadBalancer services,
improving service management.
- **Bug Fixes**
- Improved error handling and logging for service retrieval and
EndpointSlice management.
- **Documentation**
- Updated version mappings in the versions map file for clarity and
tracking.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Enhanced deployment configurations with new init containers for
various components, improving ownership management and initialization
processes.
- Added new properties to Custom Resource Definitions (CRDs) for better
network resource management and flexibility.
- Introduced new configuration options in `values.yaml` for enhanced
functionality.
- Implemented dynamic version-specific fetching for kube-ovn charts,
improving version control.
- Expanded permissions for ClusterRoles related to authentication and
authorization.
- **Bug Fixes**
- Updated command structures and security contexts across multiple
deployments to enhance security and functionality.
- **Documentation**
- Minor formatting adjustments made to improve clarity in configuration
files.
- **Chores**
- Streamlined Dockerfile and Helm chart configurations for better
maintainability and efficiency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Introduced new configuration parameters for Jetstream, including
`jetstream.size` and `jetstream.enabled`, enhancing storage and
functionality options.
- Added support for merging additional configurations with
`config.merge` and `config.resolver`.
- **Bug Fixes**
- Improved password generation and configuration merging logic for
better flexibility in deployments.
- **Version Updates**
- NATS application version updated from `0.3.1` to `0.4.0`.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced Keycloak client configuration with new secrets for
`k8s-client`, `kubeapps-client`, and `kubeapps-auth-config`.
- Introduced new `ClusterKeycloak` and `ClusterKeycloakRealm` resources
for improved management.
- Updated Keycloak client scopes with additional attributes and protocol
mappers.
- Added multiple CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy
configurations for better traffic control.
- **Improvements**
- Logic added to check for existing Kubernetes secrets and generate new
ones as needed, ensuring seamless configuration management.
- Enhanced network policies to provide comprehensive control over
ingress and egress traffic for various services within the tenant's
namespace.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
I saw your call for adopters - I am sort of in production now, but not
with any services that I can advertise.
This Urmanac is something I'm testing on WASM workloads. I also have
hosted some Ruby services on my cluster. I am still in the
proof-of-concept phase with my production workloads, working towards a
service level of 99.5% or better. I am running SpinKube on Cozystack,
with my own Talos Linux image that I have built to add the Spin and
Tailscale extensions.
(The urmanac is in beta at: https://beta.urmanac.com - urmanac.com is a
dead link for now.)
What's holding me back currently is hardware, not so much the software
stack. I have deployed Cozystack on some severely under-powered
machines. Every time I push it to the limit, my load averages shoot up
into the 100's and I unfortunately bring my control plane and services
down. I will probably get better results when I am able to separate the
KubeVirt clusters from the data plane and control plane. When the load
rises too high, etcd becomes unresponsive, and it goes downhill from
there.
I am very impressed with the architecture of Cozystack and I have made
some contributions to Cozystack on behalf of the FluxCD community! I am
in firm support of your goal to join the CNCF.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added "Urmanac" to the Cozystack Adopters list, including contact
information and a description of its use of Cozystack.
- **Documentation**
- Reformatted the existing entry for "gohost" for consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Kingdon Barrett <kingdon+github@tuesdaystudios.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Updated container images for various components to their latest
versions, enhancing performance and security.
- **Bug Fixes**
- Addressed potential issues by upgrading image tags and digests for
components such as CozyStack, ClickHouse, PostgreSQL, and others.
- **Documentation**
- Updated `values.yaml` configurations for multiple packages to reflect
the latest image versions and digests.
These updates ensure improved functionality and reliability across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary by CodeRabbit
- **New Features**
- Enhanced management of Keycloak credentials by checking for existing
passwords stored in Kubernetes Secrets.
- Improved password management logic, allowing for the reuse of existing
passwords or the generation of new ones as needed.
- **Bug Fixes**
- Streamlined secret handling to avoid unnecessary random password
generation, improving security and maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Floppy Disk <kklinch0@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced management of Kubernetes secrets for `k8s-client`,
`kubeapps-client`, and `kubeapps-auth-config`.
- Improved handling of client secrets by reusing existing configurations
when available.
- **Bug Fixes**
- Addressed issues with static secret definitions, streamlining the
configuration process.
- **Chores**
- Removed outdated secret and Keycloak client definitions for cleaner
configuration management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced new Makefiles for `keycloak`, `keycloak-configure`, and
`keycloak-operator` packages, establishing environment variables for
deployment.
- Each Makefile includes common scripts to streamline build and
environment settings.
- **Bug Fixes**
- No specific bug fixes were mentioned.
- **Documentation**
- No updates to documentation were noted.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
- **New Features**
- Integrated OpenID Connect (OIDC) for enhanced authentication.
- Added dynamic Role resource for tenant-specific access to Kubernetes
secrets.
- Introduced new Keycloak realm groups for improved role management.
- **Improvements**
- Enhanced error handling for service readiness checks.
- Streamlined configuration files for better clarity and management of
OIDC settings.
- Updated handling of API server address and improved configuration
adaptability based on OIDC settings.
- **Bug Fixes**
- Removed deprecated configurations related to Keycloak, simplifying
deployment.
These updates aim to improve security, usability, and overall system
performance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced build process for Kubeapps with improved modularity and patch
integration.
- Introduced version specification for Kubeapps builds.
- **Bug Fixes**
- Streamlined plugin build commands for better performance and clarity.
- **Refactor**
- Restructured Dockerfile to utilize different base images and optimize
the build stages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new pre-commit hook (`run-make-generate`) to automate the
generation process in application directories.
- **Documentation**
- Enhanced readability of the Managed NATS Service README by adjusting
formatting and removing unnecessary headers.
- **Bug Fixes**
- Corrected JSON structure in the Postgres values schema to ensure
validity.
- **Chores**
- Updated pre-commit configuration for improved consistency and
functionality.
- Reorganized properties in the NATS values schema, removing the `users`
property to reflect changes in user management capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
