* Reuse the vmagent's serviceaccount
* Mount the serviceaccount token instead of manually creating secrets
* Give the kube-rbac-proxy a unique labelset to avoid targeting wrong
pods
Resolves#789
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new proxy component within the monitoring configuration.
- **Refactor**
- Updated resource labeling for improved consistency.
- Revised service account references and authentication settings for a
more streamlined operation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Reuse the vmagent's serviceaccount
* Mount the serviceaccount token instead of manually creating secrets
* Give the kube-rbac-proxy a unique labelset to avoid targeting wrong
pods
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded to a new release version, offering enhanced integration and
secure client configuration options.
- Expanded realm settings now support advanced user profile
customization and robust email configuration for streamlined operations.
- Improved administrative views deliver clearer insights for managing
your system.
- **Documentation**
- Installation and release details have been updated to accurately
reflect the latest version.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded the Cluster API Operator release to version 0.18.1 with an
updated manager image.
- Introduced a new configuration option that enables conditional
deployment hooks, allowing for custom post-install and post-upgrade
actions.
- Enhanced resource synchronization with dynamic feature gate settings,
providing more flexible and coordinated deployments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sometimes DRBD devices get stuck in "Connecting" state, probably due to
some
race conditions. This scriptlet provides a workaround for such
situations.
Sometimes DRBD devices get stuck in "Connecting" state, probably due to some
race conditions. This scriptlet provides a workaround for such situations.
Signed-off-by: Denis Seleznev <kto.3decb@gmail.com>
The WorkloadMonitor controller now also watches PVCs, just like it has been watching Pods and creates Workloads per PVC according to the `spec.selector` field to track the used storage space.
this PR fixes problem
```
* admission webhook "vlinstorcluster.kb.io" denied the request: LinstorCluster.piraeus.io "linstorcluster" is invalid: spec.patches.0.patch: Invalid value: "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n annotations:\n secret.reloader.stakater.com/auto: \"true\"\n": Failed to parse patch as either Strategic Merge Patch (missing metadata.name in object {{apps/v1 Deployment} {{ } map[] map[secret.reloader.stakater.com/auto:true]}}) or JSON Patch (json: cannot unmarshal object into Go value of type jsonpatch.Patch)
```
used solution from
-
https://github.com/piraeusdatastore/piraeus-operator/issues/701#issuecomment-2377702085
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Streamlined the asset release process to automatically replace
existing files during uploads.
- **Container Image Updates**
- Upgraded versions across multiple components—including backup,
caching, autoscaling, API, dashboard, monitoring, and more—to align with
the latest release (e.g., updating from v0.28.0 to v0.29.0 and other
minor version increments).
- Updated specific images for Grafana, PostgreSQL, MariaDB, ClickHouse,
and others to their latest versions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit enables Cilium's host firewall feature and makes use of it
to deny external connections to two exporters running as daemonset pods
in the host network namespace.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Co-authored-by: Timofei Larkin <lllamnyp@gmail.com>
This commit enables Cilium's host firewall feature and makes use of it
to deny external connections to two exporters running as daemonset pods
in the host network namespace.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Host firewall is now enabled by default, adding an extra layer of
security.
- Enhanced network traffic management with new policies:
- One policy tightens access to critical service ports.
- Another secures monitoring endpoints by restricting unauthorized
external access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
* Add stakater/Reloader to the storage-enabled bundles.
* Add annotations to Linstor components to reload when secrets change.
Closes#456
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Introduced a new reloader component that triggers automatic rolling
updates when configuration or secret changes are detected.
- Delivered a fully customizable Helm chart and configuration schema,
including a reload strategy based on annotations for enhanced deployment
control.
- **Tests**
- Added test cases to validate container security settings and
environment variable propagation, ensuring robust high-availability
configurations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Do not restart the container if something goes wrong while plunger tries
to fix the linstor state.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved error notifications during system operations to ensure any
issues are promptly reported.
- **Documentation**
- Updated descriptive information on secondary volume management to help
clarify operational conditions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Denis Seleznev <kto.3decb@gmail.com>
I just noticed that many devices are still attached to `/`, they are not
deleted but still blocking DRBD operations
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Bug Fixes**
- Improved detection of inactive loop devices by broadening the
filtering criteria, ensuring more accurate identification in various
scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Due to upstream compat issues we backport the security patches to
v1.11.2 of the ingress controller and do not rebuild the existing
protobuf exporter.
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
Makefile was copied from VictoriaMetrics Operator, some lines were not
changed.
Follow-up to #676Resolves#705
Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>
The mounting of /run parts was fixed in a consistent way upstream.
fixes#699
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Streamlined satellite configurations by removing an unnecessary volume
setting from a container.
- Eliminated an unneeded container entry along with its related
configuration, reducing overall complexity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Denis Seleznev <kto.3decb@gmail.com>
Released early this week
https://github.com/controlplaneio-fluxcd/flux-operator/releases/tag/v0.18.0
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Upgraded the charts to version 0.18.0.
- Added options for custom pod scheduling using node selectors.
- Introduced a reporting configuration with a customizable interval
through an environment variable.
- **Documentation**
- Updated release information and configuration details to reflect the
new options and version update.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Kingdon B <kingdon@urmanac.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the remote write configuration to support multiple endpoints,
allowing data ingestion from both short-term and long-term services for
improved flexibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: kklinch0 <kklinch0@gmail.com>
We have common-instance-types deployed by kubevirt-operator and separate
helm-chart.
In this case operator always overrides the resource by default ones.
This PR disables common-instance-types deployment for kubevirt-operator
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated the package’s internal identifier to enhance consistency
across integration points.
- **New Features**
- Introduced a new configuration option that enables a deployment toggle
for managing instance types (disabled by default).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The Linstor satellite creates problems with admin privileges, so the
plunger needs the same privileges to fix those problems.
Also, use the native `losetup`. The Linstor image has a wrapper with an
additional function that we do not need here.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Improved the management of unused loop devices with clearer feedback
and refined error handling.
- **New Features**
- Enhanced container configuration by adding elevated system
permissions, allowing the container to perform higher-level operations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
