Prepare release v0.19.0 (#500)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Release Notes

- **New Features**
- Updated container images for various components to their latest
versions, enhancing performance and security.

- **Bug Fixes**
- Addressed potential issues by upgrading image tags and digests for
components such as CozyStack, ClickHouse, PostgreSQL, and others.

- **Documentation**
- Updated `values.yaml` configurations for multiple packages to reflect
the latest image versions and digests.

These updates ensure improved functionality and reliability across the
application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

.github/workflows/pre-commit.yml

@@ -0,0 +1,47 @@
+name: Pre-Commit Checks
+
+on: [push, pull_request]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install pre-commit
+        run: pip install pre-commit
+
+      - name: Install generate
+        run: |
+          sudo apt update
+          sudo apt install curl -y
+          curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
+          sudo apt install nodejs -y
+          git clone https://github.com/bitnami/readme-generator-for-helm
+          cd ./readme-generator-for-helm
+          npm install
+          npm install -g pkg
+          pkg . -o /usr/local/bin/readme-generator
+
+      - name: Run pre-commit hooks
+        run: |
+          git fetch origin main || git fetch origin master
+          base_commit=$(git rev-parse --verify origin/main || git rev-parse --verify origin/master || echo "")
+
+          if [ -z "$base_commit" ]; then
+            files=$(git ls-files '*.yaml' '*.md')
+          else
+            files=$(git diff --name-only "$base_commit" -- '*.yaml' '*.md')
+          fi
+
+          if [ -n "$files" ]; then
+            echo "$files" | xargs pre-commit run --files
+          else
+            echo "No YAML or Markdown files to lint"
+          fi

.pre-commit-config.yaml

@@ -0,0 +1,23 @@
+repos:
+- repo: local
+  hooks:
+    - id: gen-versions-map
+      name: Generate versions map and check for changes
+      entry: sh -c 'make -C packages/apps check-version-map && make -C packages/extra check-version-map'
+      language: system
+      types: [file]
+      pass_filenames: false
+      description: Run the script and fail if it generates changes
+    - id: run-make-generate
+      name: Run 'make generate' in all app directories
+      entry: |
+        /bin/bash -c '
+          for dir in ./packages/apps/*/; do
+            if [ -d "$dir" ]; then
+              echo "Running make generate in $dir"
+              (cd "$dir" && make generate)
+            fi
+          done
+        '
+      language: script
+      files: ^.*$

Makefile

@@ -6,10 +6,12 @@ build:
 	make -C packages/apps/mysql image
 	make -C packages/apps/clickhouse image
 	make -C packages/apps/kubernetes image
+	make -C packages/system/cozystack-api image
 	make -C packages/system/cilium image
 	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
 	make -C packages/system/kamaji image
+	make -C packages/system/bucket image
 	make -C packages/core/testing image
 	make -C packages/core/installer image
 	make manifests
@@ -34,4 +36,4 @@ assets:
 test:
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
-	make -C packages/core/testing delete
+	make -C packages/core/testing test-applications

api/api-rules/cozystack_api_violation_exceptions.list

@@ -0,0 +1,25 @@
+API rule violation: list_type_missing,github.com/aenix.io/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XEmbeddedResource
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XIntOrString
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XListMapKeys
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XListType
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XMapType
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XPreserveUnknownFields
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XValidations
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrArray,JSONSchemas
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrArray,Schema
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrBool,Allows
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrBool,Schema
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrStringArray,Property
+API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrStringArray,Schema
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Duration,Duration
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Object
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Type
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,MicroTime,Time
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,StatusCause,Type
+API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Time,Time
+API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentEncoding
+API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentType

cmd/cozystack-api/main.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2024 The Cozystack Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/aenix.io/cozystack/pkg/cmd/server"
+	genericapiserver "k8s.io/apiserver/pkg/server"
+	"k8s.io/component-base/cli"
+)
+
+func main() {
+	ctx := genericapiserver.SetupSignalContext()
+	options := server.NewAppsServerOptions(os.Stdout, os.Stderr)
+	cmd := server.NewCommandStartAppsServer(ctx, options)
+	code := cli.Run(cmd)
+	os.Exit(code)
+}

go.mod

@@ -0,0 +1,113 @@
+// This is a generated file. Do not edit directly.
+
+module github.com/aenix.io/cozystack
+
+go 1.23.0
+
+require (
+	github.com/emicklei/go-restful/v3 v3.11.0
+	github.com/google/gofuzz v1.2.0
+	github.com/spf13/cobra v1.8.1
+	github.com/stretchr/testify v1.9.0
+	k8s.io/apiextensions-apiserver v0.31.2
+	k8s.io/apimachinery v0.31.2
+	k8s.io/apiserver v0.31.2
+	k8s.io/client-go v0.31.2
+	k8s.io/code-generator v0.31.2
+	k8s.io/component-base v0.31.2
+	k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
+)
+
+require (
+	github.com/NYTimes/gziphandler v1.1.1 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/coreos/go-semver v0.3.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fluxcd/helm-controller/api v1.1.0 // indirect
+	github.com/fluxcd/pkg/apis/kustomize v1.6.1 // indirect
+	github.com/fluxcd/pkg/apis/meta v1.6.1 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/cel-go v0.21.0 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.16 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.16 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/grpc v1.65.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.31.2 // indirect
+	k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kms v0.31.2 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect
+	sigs.k8s.io/controller-runtime v0.19.0 // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)

go.sum

@@ -0,0 +1,313 @@
+github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
+github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
+github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
+github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
+github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fluxcd/helm-controller/api v1.1.0 h1:NS5Wm3U6Kv4w7Cw2sDOV++vf2ecGfFV00x1+2Y3QcOY=
+github.com/fluxcd/helm-controller/api v1.1.0/go.mod h1:BgHMgMY6CWynzl4KIbHpd6Wpn3FN9BqgkwmvoKCp6iE=
+github.com/fluxcd/pkg/apis/kustomize v1.6.1 h1:22FJc69Mq4i8aCxnKPlddHhSMyI4UPkQkqiAdWFcqe0=
+github.com/fluxcd/pkg/apis/kustomize v1.6.1/go.mod h1:5dvQ4IZwz0hMGmuj8tTWGtarsuxW0rWsxJOwC6i+0V8=
+github.com/fluxcd/pkg/apis/meta v1.6.1 h1:maLhcRJ3P/70ArLCY/LF/YovkxXbX+6sTWZwZQBeNq0=
+github.com/fluxcd/pkg/apis/meta v1.6.1/go.mod h1:YndB/gxgGZmKfqpAfFxyCDNFJFP0ikpeJzs66jwq280=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
+github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI=
+github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k=
+github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
+github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
+github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
+github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
+go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
+go.etcd.io/etcd/api/v3 v3.5.16 h1:WvmyJVbjWqK4R1E+B12RRHz3bRGy9XVfh++MgbN+6n0=
+go.etcd.io/etcd/api/v3 v3.5.16/go.mod h1:1P4SlIP/VwkDmGo3OlOD7faPeP8KDIFhqvciH5EfN28=
+go.etcd.io/etcd/client/pkg/v3 v3.5.16 h1:ZgY48uH6UvB+/7R9Yf4x574uCO3jIx0TRDyetSfId3Q=
+go.etcd.io/etcd/client/pkg/v3 v3.5.16/go.mod h1:V8acl8pcEK0Y2g19YlOV9m9ssUe6MgiDSobSoaBAM0E=
+go.etcd.io/etcd/client/v2 v2.305.13 h1:RWfV1SX5jTU0lbCvpVQe3iPQeAHETWdOTb6pxhd77C8=
+go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg=
+go.etcd.io/etcd/client/v3 v3.5.16 h1:sSmVYOAHeC9doqi0gv7v86oY/BTld0SEFGaxsU9eRhE=
+go.etcd.io/etcd/client/v3 v3.5.16/go.mod h1:X+rExSGkyqxvu276cr2OwPLBaeqFu1cIl4vmRjAD/50=
+go.etcd.io/etcd/pkg/v3 v3.5.13 h1:st9bDWNsKkBNpP4PR1MvM/9NqUPfvYZx/YXegsYEH8M=
+go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0=
+go.etcd.io/etcd/raft/v3 v3.5.13 h1:7r/NKAOups1YnKcfro2RvGGo2PTuizF/xh26Z2CTAzA=
+go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw=
+go.etcd.io/etcd/server/v3 v3.5.13 h1:V6KG+yMfMSqWt+lGnhFpP5z5dRUj1BDRJ5k1fQ9DFok=
+go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
+go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY=
+google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0=
+k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk=
+k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0=
+k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM=
+k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw=
+k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4=
+k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE=
+k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc=
+k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs=
+k8s.io/code-generator v0.31.2 h1:xLWxG0HEpMSHfcM//3u3Ro2Hmc6AyyLINQS//Z2GEOI=
+k8s.io/code-generator v0.31.2/go.mod h1:eEQHXgBU/m7LDaToDoiz3t97dUUVyOblQdwOr8rivqc=
+k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA=
+k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ=
+k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 h1:si3PfKm8dDYxgfbeA6orqrtLkvvIeH8UqffFJDl0bz4=
+k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kms v0.31.2 h1:pyx7l2qVOkClzFMIWMVF/FxsSkgd+OIGH7DecpbscJI=
+k8s.io/kms v0.31.2/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94=
+k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI=
+k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
+sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

hack/boilerplate.go.txt

@@ -0,0 +1,16 @@
+/*
+Copyright 2024 The Cozystack Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+

hack/e2e.application.sh

@@ -0,0 +1,165 @@
+#!/bin/bash
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+RESET='\033[0m'
+YELLOW='\033[0;33m'
+
+
+ROOT_NS="tenant-root"
+TEST_TENANT="tenant-e2e"
+
+values_base_path="/hack/testdata/"
+checks_base_path="/hack/testdata/"
+
+function delete_hr() {
+    local release_name="$1"
+    local namespace="$2"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ "$release_name" == "tenant-e2e" ]]; then
+        echo -e "${YELLOW}Skipping deletion for release tenant-e2e.${RESET}"
+        return 0
+    fi
+
+    kubectl delete helmrelease $release_name -n $namespace
+}
+
+function install_helmrelease() {
+    local release_name="$1"
+    local namespace="$2"
+    local chart_path="$3"
+    local repo_name="$4"
+    local repo_ns="$5"
+    local values_file="$6"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$chart_path" ]]; then
+        echo -e "${RED}Error: Chart path name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -n "$values_file" && -f "$values_file" ]]; then
+        local values_section
+        values_section=$(echo "  values:" && sed 's/^/    /' "$values_file")
+    fi
+
+    local helmrelease_file=$(mktemp /tmp/HelmRelease.XXXXXX.yaml)
+    {
+        echo "apiVersion: helm.toolkit.fluxcd.io/v2"
+        echo "kind: HelmRelease"
+        echo "metadata:"
+        echo "  labels:"
+        echo "    cozystack.io/ui: \"true\""
+        echo "  name: \"$release_name\""
+        echo "  namespace: \"$namespace\""
+        echo "spec:"
+        echo "  chart:"
+        echo "    spec:"
+        echo "      chart: \"$chart_path\""
+        echo "      reconcileStrategy: Revision"
+        echo "      sourceRef:"
+        echo "        kind: HelmRepository"
+        echo "        name: \"$repo_name\""
+        echo "        namespace: \"$repo_ns\""
+        echo "      version: '*'"
+        echo "  interval: 1m0s"
+        echo "  timeout: 5m0s"
+        [[ -n "$values_section" ]] && echo "$values_section"
+    } > "$helmrelease_file"
+
+    kubectl apply -f "$helmrelease_file"
+
+    rm -f "$helmrelease_file"
+}
+
+function install_tenant (){
+    local release_name="$1"
+    local namespace="$2"
+    local values_file="${values_base_path}tenant/values.yaml"
+    local repo_name="cozystack-apps"
+    local repo_ns="cozy-public"
+    install_helmrelease "$release_name" "$namespace" "tenant" "$repo_name" "$repo_ns" "$values_file"
+}
+
+function make_extra_checks(){
+    local checks_file="$1"
+    echo "after exec make $checks_file"
+    if [[ -n "$checks_file" && -f "$checks_file" ]]; then
+        echo -e "${YELLOW}Start extra checks with file: ${checks_file}${RESET}"
+
+    fi
+}
+
+function check_helmrelease_status() {
+    local release_name="$1"
+    local namespace="$2"
+    local checks_file="$3"
+    local timeout=300  # Timeout in seconds
+    local interval=5   # Interval between checks in seconds
+    local elapsed=0
+
+
+    while [[ $elapsed -lt $timeout ]]; do
+        local status_output
+        status_output=$(kubectl get helmrelease "$release_name" -n "$namespace" -o json | jq -r '.status.conditions[-1].reason')
+
+        if [[ "$status_output" == "InstallSucceeded" || "$status_output" == "UpgradeSucceeded" ]]; then
+            echo -e "${GREEN}Helm release '$release_name' is ready.${RESET}"
+            make_extra_checks "$checks_file"
+            delete_hr $release_name $namespace
+            return 0
+        elif [[ "$status_output" == "InstallFailed" ]]; then
+          echo -e "${RED}Helm release '$release_name': InstallFailed${RESET}"
+          exit 1
+        else
+            echo -e "${YELLOW}Helm release '$release_name' is not ready. Current status: $status_output${RESET}"
+        fi
+
+        sleep "$interval"
+        elapsed=$((elapsed + interval))
+    done
+
+    echo -e "${RED}Timeout reached. Helm release '$release_name' is still not ready after $timeout seconds.${RESET}"
+    exit 1
+}
+
+chart_name="$1"
+
+if [ -z "$chart_name" ]; then
+    echo -e "${RED}No chart name provided. Exiting...${RESET}"
+    exit 1
+fi
+
+
+checks_file="${checks_base_path}${chart_name}/check.sh"
+repo_name="cozystack-apps"
+repo_ns="cozy-public"
+release_name="$chart_name-e2e"
+values_file="${values_base_path}${chart_name}/values.yaml"
+
+install_tenant $TEST_TENANT $ROOT_NS
+check_helmrelease_status $TEST_TENANT $ROOT_NS "${checks_base_path}tenant/check.sh"
+
+echo -e "${YELLOW}Running tests for chart: $chart_name${RESET}"
+
+install_helmrelease $release_name $TEST_TENANT $chart_name $repo_name $repo_ns $values_file
+check_helmrelease_status $release_name $TEST_TENANT $checks_file

hack/e2e.sh

@@ -114,7 +114,7 @@ machine:
     - name: zfs
     - name: spl
   install:
-    image: ghcr.io/aenix-io/cozystack/talos:v1.8.0
+    image: ghcr.io/aenix-io/cozystack/talos:v1.8.3
   files:
   - content: |
       [plugins]
@@ -124,6 +124,12 @@ machine:
     op: create
 
 cluster:
+  apiServer:
+    extraArgs:
+      oidc-issuer-url: "https://keycloak.example.org/realms/cozy"
+      oidc-client-id: "kubernetes"
+      oidc-username-claim: "preferred_username"
+      oidc-groups-claim: "groups"
   network:
     cni:
       name: none
@@ -179,10 +185,11 @@ talosctl apply -f controlplane.yaml -n 192.168.123.13 -e 192.168.123.13 -i
 timeout 60 sh -c 'until nc -nzv 192.168.123.11 50000 && nc -nzv 192.168.123.12 50000 && nc -nzv 192.168.123.13 50000; do sleep 1; done'
 
 # Bootstrap
-talosctl bootstrap -n 192.168.123.11 -e 192.168.123.11
+timeout 10 sh -c 'until talosctl bootstrap -n 192.168.123.11 -e 192.168.123.11; do sleep 1; done'
 
 # Wait for etcd
-timeout 180 sh -c 'while talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1 | grep "rpc error"; do sleep 1; done'
+timeout 180 sh -c 'until timeout -s 9 2 talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1; do sleep 1; done'
+timeout 60 sh -c 'while talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1 | grep "rpc error"; do sleep 1; done'
 
 rm -f kubeconfig
 talosctl kubeconfig kubeconfig -e 192.168.123.10 -n 192.168.123.10
@@ -190,7 +197,7 @@ export KUBECONFIG=$PWD/kubeconfig
 
 # Wait for kubernetes nodes appear
 timeout 60 sh -c 'until [ $(kubectl get node -o name | wc -l) = 3 ]; do sleep 1; done'
-kubectl create ns cozy-system
+kubectl create ns cozy-system -o yaml | kubectl apply -f -
 kubectl create -f - <<\EOT
 apiVersion: v1
 kind: ConfigMap
@@ -203,6 +210,8 @@ data:
   ipv4-pod-gateway: "10.244.0.1"
   ipv4-svc-cidr: "10.96.0.0/16"
   ipv4-join-cidr: "100.64.0.0/16"
+  root-host: example.org
+  api-server-endpoint: https://192.168.123.10:6443
 EOT
 
 #
@@ -217,6 +226,10 @@ timeout 60 sh -c 'until kubectl get hr -A | grep cozy; do sleep 1; done'
 sleep 5
 
 kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x
+
+# Wait for Cluster-API providers
+kubectl wait deploy --timeout=30s --for=condition=available -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager
+
 # Wait for linstor controller
 kubectl wait deploy --timeout=5m --for=condition=available -n cozy-linstor linstor-controller
 
@@ -283,13 +296,13 @@ spec:
   avoidBuggyIPs: false
 EOT
 
-kubectl patch -n tenant-root hr/tenant-root --type=merge -p '{"spec":{ "values":{
+kubectl patch -n tenant-root tenants.apps.cozystack.io root --type=merge -p '{"spec":{
   "host": "example.org",
   "ingress": true,
   "monitoring": true,
   "etcd": true,
   "isolated": true
-}}}'
+}}'
 
 # Wait for HelmRelease be created
 timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root; do sleep 1; done'
@@ -297,9 +310,9 @@ timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring te
 # Wait for HelmReleases be installed
 kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress monitoring tenant-root
 
-kubectl patch -n tenant-root hr/ingress --type=merge -p '{"spec":{ "values":{
+kubectl patch -n tenant-root ingresses.apps.cozystack.io ingress --type=merge -p '{"spec":{
   "dashboard": true
-}}}'
+}}'
 
 # Wait for nginx-ingress-controller
 timeout 60 sh -c 'until kubectl get deploy -n tenant-root root-ingress-controller; do sleep 1; done'
@@ -322,3 +335,12 @@ ip=$(kubectl get svc -n tenant-root root-ingress-controller -o jsonpath='{.statu
 
 # Check Grafana
 curl -sS -k "https://$ip" -H 'Host: grafana.example.org' | grep Found
+
+
+# Test OIDC
+kubectl patch -n cozy-system cm/cozystack --type=merge -p '{"data":{
+  "oidc-enabled": "true"
+}}'
+
+timeout 60 sh -c 'until kubectl get hr -n cozy-keycloak keycloak keycloak-configure keycloak-operator; do sleep 1; done'
+kubectl wait --timeout=10m --for=condition=ready -n cozy-keycloak hr keycloak keycloak-configure keycloak-operator

hack/pre-checks.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+YQ_VERSION="v4.35.1"
+RED='\033[31m'
+RESET='\033[0m'
+
+check-yq-version() {
+    current_version=$(yq -V | awk '$(NF-1) == "version" {print $NF}')
+    if [ -z "$current_version" ]; then
+        echo "yq is not installed or version cannot be determined."
+        exit 1
+    fi
+    echo "Current yq version: $current_version"
+
+    if [ "$(printf '%s\n' "$YQ_VERSION" "$current_version" | sort -V | head -n1)" = "$YQ_VERSION" ]; then
+        echo "Greater than or equal to $YQ_VERSION"
+    else
+        echo -e "${RED}ERROR: yq version less than $YQ_VERSION${RESET}"
+        exit 1
+    fi
+}
+
+check-yq-version

hack/testdata/http-cache/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/http-cache/values.yaml

@@ -0,0 +1,2 @@
+endpoints:
+  - 8.8.8.8:443

hack/testdata/kubernetes/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/kubernetes/values.yaml

@@ -0,0 +1,62 @@
+## @section Common parameters
+
+## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
+## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
+## @param storageClass StorageClass used to store user data
+##
+host: ""
+controlPlane:
+  replicas: 2
+storageClass: replicated
+
+## @param nodeGroups [object] nodeGroups configuration
+##
+nodeGroups:
+  md0:
+    minReplicas: 0
+    maxReplicas: 10
+    instanceType: "u1.medium"
+    ephemeralStorage: 20Gi
+    roles:
+    - ingress-nginx
+
+    resources:
+      cpu: ""
+      memory: ""
+
+## @section Cluster Addons
+##
+addons:
+
+  ## Cert-manager: automatically creates and manages SSL/TLS certificate
+  ##
+  certManager:
+    ## @param addons.certManager.enabled Enables the cert-manager
+    ## @param addons.certManager.valuesOverride Custom values to override
+    enabled: true
+    valuesOverride: {}
+
+  ## Ingress-NGINX Controller
+  ##
+  ingressNginx:
+    ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
+    ## @param addons.ingressNginx.valuesOverride Custom values to override
+    ##
+    enabled: true
+    ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
+    ## e.g:
+    ## hosts:
+    ## - example.org
+    ## - foo.example.net
+    ##
+    hosts: []
+    valuesOverride: {}
+
+  ## Flux CD
+  ##
+  fluxcd:
+    ## @param addons.fluxcd.enabled Enables Flux CD
+    ## @param addons.fluxcd.valuesOverride Custom values to override
+    ##
+    enabled: true
+    valuesOverride: {}

hack/testdata/nats/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/nats/values.yaml

@@ -0,0 +1,10 @@
+
+## @section Common parameters
+
+## @param external Enable external access from outside the cluster
+## @param replicas Persistent Volume size for NATS
+## @param storageClass StorageClass used to store the data
+##
+external: false
+replicas: 2
+storageClass: ""

hack/testdata/tenant/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/tenant/values.yaml

@@ -0,0 +1,6 @@
+host: ""
+etcd: false
+monitoring: false
+ingress: false
+seaweedfs: false
+isolated: true

hack/update-codegen.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 The Cozystack Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
+API_KNOWN_VIOLATIONS_DIR="${API_KNOWN_VIOLATIONS_DIR:-"${SCRIPT_ROOT}/api/api-rules"}"
+UPDATE_API_KNOWN_VIOLATIONS="${UPDATE_API_KNOWN_VIOLATIONS:-true}"
+
+source "${CODEGEN_PKG}/kube_codegen.sh"
+
+THIS_PKG="k8s.io/sample-apiserver"
+
+kube::codegen::gen_helpers \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    "${SCRIPT_ROOT}/pkg/apis"
+
+if [[ -n "${API_KNOWN_VIOLATIONS_DIR:-}" ]]; then
+    report_filename="${API_KNOWN_VIOLATIONS_DIR}/cozystack_api_violation_exceptions.list"
+    if [[ "${UPDATE_API_KNOWN_VIOLATIONS:-}" == "true" ]]; then
+        update_report="--update-report"
+    fi
+fi
+
+kube::codegen::gen_openapi \
+    --extra-pkgs "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" \
+    --output-dir "${SCRIPT_ROOT}/pkg/generated/openapi" \
+    --output-pkg "${THIS_PKG}/pkg/generated/openapi" \
+    --report-filename "${report_filename:-"/dev/null"}" \
+    ${update_report:+"${update_report}"} \
+    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
+    "${SCRIPT_ROOT}/pkg/apis"

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.16.3"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.19.0"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.16.3"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.19.0"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/README.md

@@ -0,0 +1,9 @@
+### How to test packages local
+
+```bash
+cd packages/core/installer
+make image-cozystack REGISTRY=YOUR_CUSTOM_REGISTRY
+make apply
+kubectl delete pod dashboard-redis-master-0 -n cozy-dashboard
+kubectl delete po -l app=source-controller -n cozy-fluxcd
+```

packages/apps/bucket/templates/dashboard-resourcemap.yaml

@@ -9,4 +9,12 @@ rules:
   - secrets
   resourceNames:
   - {{ .Release.Name }}
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  resourceNames:
+  - {{ .Release.Name }}-ui
   verbs: ["get", "list", "watch"]

packages/apps/bucket/templates/helmrelease.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-system
+spec:
+  chart:
+    spec:
+      chart: cozy-bucket
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    bucketName: {{ .Release.Name }}

packages/apps/clickhouse/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.6.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "24.3.0"
+appVersion: "24.9.2"

packages/apps/clickhouse/README.md

@@ -19,12 +19,14 @@ more details:
 
 ### Common parameters
 
-| Name           | Description                         | Value  |
-| -------------- | ----------------------------------- | ------ |
-| `size`         | Persistent Volume size              | `10Gi` |
-| `shards`       | Number of Clickhouse replicas       | `1`    |
-| `replicas`     | Number of Clickhouse shards         | `2`    |
-| `storageClass` | StorageClass used to store the data | `""`   |
+| Name             | Description                         | Value  |
+| ---------------- | ----------------------------------- | ------ |
+| `size`           | Persistent Volume size              | `10Gi` |
+| `logStorageSize` | Persistent Volume for logs size     | `2Gi`  |
+| `shards`         | Number of Clickhouse replicas       | `1`    |
+| `replicas`       | Number of Clickhouse shards         | `2`    |
+| `storageClass`   | StorageClass used to store the data | `""`   |
+| `logTTL`         | for query_log and query_thread_log  | `15`   |
 
 ### Configuration parameters
 

packages/apps/clickhouse/images/clickhouse-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/clickhouse-backup:0.5.0@sha256:dda84420cb8648721299221268a00d72a05c7af5b7fb452619bac727068b9e61
+ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.1@sha256:3f76662144e31acf75f9495879da0c358a6729d08cfa0a4721cf495ff9a4c659

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -32,11 +32,12 @@ kind: "ClickHouseInstallation"
 metadata:
   name: "{{ .Release.Name }}"
 spec:
-  {{- with .Values.size }}
+  namespaceDomainPattern:  "%s.svc.cozy.local"
   defaults:
     templates:
       dataVolumeClaimTemplate: data-volume-template
-  {{- end }}
+      podTemplate: clickhouse-per-host
+      serviceTemplate: svc-template
   configuration:
     {{- with $users }}
     users:
@@ -46,6 +47,41 @@ spec:
       {{ $name }}/networks/ip: ["::/0"]
       {{- end }}
     {{- end }}
+    files:
+      config.d/z_log_disable.xml: |
+        <clickhouse>
+            <asynchronous_metric_log remove="1"/>
+            <metric_log remove="1"/>
+            <query_views_log remove="1" />
+            <part_log remove="1"/>
+            <session_log remove="1"/>
+            <text_log remove="1" />
+            <trace_log remove="1"/>
+            <crash_log remove="1"/>
+            <opentelemetry_span_log remove="1"/>
+            <processors_profile_log remove="1"/>
+        </clickhouse>
+      config.d/query_log_ttl.xml: |
+        <clickhouse>
+            <query_log replace="1">
+                <database>system</database>
+                <table>query_log</table>
+                <engine>ENGINE = MergeTree PARTITION BY (event_date)
+                        ORDER BY (event_time)
+                        TTL event_date + INTERVAL {{ .Values.logTTL }} DAY DELETE
+                </engine>
+                <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+            </query_log>
+            <query_thread_log replace="1">
+                <database>system</database>
+                <table>query_thread_log</table>
+                <engine>ENGINE = MergeTree PARTITION BY (event_date)
+                        ORDER BY (event_time)
+                        TTL event_date + INTERVAL {{ .Values.logTTL }} DAY DELETE
+                </engine>
+                <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+            </query_thread_log>
+        </clickhouse>
     profiles:
       readonly/readonly: "1"
     clusters:
@@ -53,17 +89,49 @@ spec:
         layout:
           shardsCount: {{ .Values.shards }}
           replicasCount: {{ .Values.replicas }}
-  {{- with .Values.size }}
   templates:
     volumeClaimTemplates:
       - name: data-volume-template
         spec:
           accessModes:
             - ReadWriteOnce
-          {{- with $.Values.storageClass }}
-          storageClassName: {{ . }}
-          {{- end }}
           resources:
             requests:
-              storage: {{ . }}
-  {{- end }}
+              storage: {{ .Values.size }}
+      - name: log-volume-template
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: {{ .Values.logStorageSize }}
+    podTemplates:
+      - name: clickhouse-per-host
+        spec:
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchExpressions:
+                      - key: "clickhouse.altinity.com/chi"
+                        operator: In
+                        values:
+                          - "{{ .Release.Name }}"
+                  topologyKey: "kubernetes.io/hostname"
+          containers:
+            - name: clickhouse
+              image: clickhouse/clickhouse-server:24.9.2.42
+              volumeMounts:
+                - name: data-volume-template
+                  mountPath: /var/lib/clickhouse
+                - name: log-volume-template
+                  mountPath: /var/log/clickhouse-server
+    serviceTemplates:
+      - name: svc-template
+        generateName: chendpoint-{chi}
+        spec:
+          ports:
+            - name: http
+              port: 8123
+            - name: tcp
+              port: 9000

packages/apps/clickhouse/templates/dashboard-resourcemap.yaml

@@ -8,7 +8,7 @@ rules:
   resources:
   - services
   resourceNames:
-  - chi-clickhouse-test-clickhouse-0-0
+  - chendpoint-{{ .Release.Name }}
   verbs: ["get", "list", "watch"]
 - apiGroups:
   - ""

packages/apps/clickhouse/values.schema.json

@@ -7,6 +7,11 @@
             "description": "Persistent Volume size",
             "default": "10Gi"
         },
+        "logStorageSize": {
+            "type": "string",
+            "description": "Persistent Volume for logs size",
+            "default": "2Gi"
+        },
         "shards": {
             "type": "number",
             "description": "Number of Clickhouse replicas",
@@ -22,6 +27,11 @@
             "description": "StorageClass used to store the data",
             "default": ""
         },
+        "logTTL": {
+            "type": "number",
+            "description": "for query_log and query_thread_log",
+            "default": 15
+        },
         "backup": {
             "type": "object",
             "properties": {

packages/apps/clickhouse/values.yaml

@@ -1,14 +1,18 @@
 ## @section Common parameters
 
 ## @param size Persistent Volume size
+## @param logStorageSize Persistent Volume for logs size
 ## @param shards Number of Clickhouse replicas
 ## @param replicas Number of Clickhouse shards
 ## @param storageClass StorageClass used to store the data
+## @param logTTL for query_log and query_thread_log
 ##
 size: 10Gi
+logStorageSize: 2Gi
 shards: 1
 replicas: 2
 storageClass: ""
+logTTL: 15
 
 ## @section Configuration parameters
 

packages/apps/ferretdb/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.4.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.7.0@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:034a480a119986da8a8e0532f09f66c58ed919e18612987b1a847fe8a59b6f3c

packages/apps/ferretdb/templates/init-script.yaml

@@ -34,6 +34,9 @@ stringData:
   init.sh: |
     #!/bin/bash
     set -e
+
+    until pg_isready ; do sleep 5; done
+
     echo "== create users"
     {{- if .Values.users }}
     psql -v ON_ERROR_STOP=1 <<\EOT
@@ -60,7 +63,7 @@ stringData:
     DROP USER $user;
     EOT
     done
-    
+
     echo "== create roles"
     psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
     SELECT 'CREATE ROLE app_admin NOINHERIT;'
@@ -80,7 +83,7 @@ stringData:
         FOR schema_record IN SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT IN ('pg_catalog', 'information_schema') LOOP
             -- Changing Schema Ownership
             EXECUTE format('ALTER SCHEMA %I OWNER TO %I', schema_record.schema_name, 'app_admin');
-    
+
             -- Add rights for the admin role
             EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');
             EXECUTE format('GRANT ALL ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:cd744b2d1d50191f4908f2db83079b32973d1c009fe9468627be72efbfa0a107
+ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:3030c5b58dcb38dab3892fb1b4241381fc04707b2aa66550ef446231077add6e

packages/apps/kafka/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.3.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kafka/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}-kafka-bootstrap
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-clients-ca
+  verbs: ["get", "list", "watch"]

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.0
+version: 0.14.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/README.md

@@ -27,26 +27,181 @@ How to access to deployed cluster:
 kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o go-template='{{ printf "%s\n" (index .data "super-admin.conf" | base64decode) }}' > test
 ```
 
-## Parameters
+# Series
 
-### Common parameters
+<!-- source: https://github.com/kubevirt/common-instancetypes/blob/main/README.md -->
 
-| Name                    | Description                                                                                                                            | Value        |
-| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
-| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`         |
-| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`          |
-| `storageClass`          | StorageClass used to store user data                                                                                                   | `replicated` |
-| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`         |
+.                           |  U  |  O  |  CX  |  M  |  RT
+----------------------------|-----|-----|------|-----|------
+*Has GPUs*                  |     |     |      |     |
+*Hugepages*                 |     |     |  ✓   |  ✓  |  ✓
+*Overcommitted Memory*      |     |  ✓  |      |     |
+*Dedicated CPU*             |     |     |  ✓   |     |  ✓
+*Burstable CPU performance* |  ✓  |  ✓  |      |  ✓  |
+*Isolated emulator threads* |     |     |  ✓   |     |  ✓
+*vNUMA*                     |     |     |  ✓   |     |  ✓
+*vCPU-To-Memory Ratio*      | 1:4 | 1:4 |  1:2 | 1:8 | 1:4
 
-### Cluster Addons
 
-| Name                                 | Description                                                                        | Value   |
-| ------------------------------------ | ---------------------------------------------------------------------------------- | ------- |
-| `addons.certManager.enabled`         | Enables the cert-manager                                                           | `false` |
-| `addons.certManager.valuesOverride`  | Custom values to override                                                          | `{}`    |
-| `addons.ingressNginx.enabled`        | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)           | `false` |
-| `addons.ingressNginx.valuesOverride` | Custom values to override                                                          | `{}`    |
-| `addons.ingressNginx.hosts`          | List of domain names that should be passed through to the cluster by upper cluster | `[]`    |
-| `addons.fluxcd.enabled`              | Enables Flux CD                                                                    | `false` |
-| `addons.fluxcd.valuesOverride`       | Custom values to override                                                          | `{}`    |
+## U Series
 
+The U Series is quite neutral and provides resources for
+general purpose applications.
+
+*U* is the abbreviation for "Universal", hinting at the universal
+attitude towards workloads.
+
+VMs of instance types will share physical CPU cores on a
+time-slice basis with other VMs.
+
+### U Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## O Series
+
+The O Series is based on the U Series, with the only difference
+being that memory is overcommitted.
+
+*O* is the abbreviation for "Overcommitted".
+
+### UO Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *Overcommitted Memory* - Memory is over-committed in order to achieve
+  a higher workload density.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## CX Series
+
+The CX Series provides exclusive compute resources for compute
+intensive applications.
+
+*CX* is the abbreviation of "Compute Exclusive".
+
+The exclusive resources are given to the compute threads of the
+VM. In order to ensure this, some additional cores (depending
+on the number of disks and NICs) will be requested to offload
+the IO threading from cores dedicated to the workload.
+In addition, in this series, the NUMA topology of the used
+cores is provided to the VM.
+
+### CX Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vNUMA* - Physical NUMA topology is reflected in the guest in order to
+  optimize guest sided cache utilization.
+- *vCPU-To-Memory Ratio (1:2)* - A vCPU-to-Memory ratio of 1:2.
+
+## M Series
+
+The M Series provides resources for memory intensive
+applications.
+
+*M* is the abbreviation of "Memory".
+
+### M Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:8)* - A vCPU-to-Memory ratio of 1:8, for much
+  less noise per node.
+
+## RT Series
+
+The RT Series provides resources for realtime applications, like Oslat.
+
+*RT* is the abbreviation for "realtime".
+
+This series of instance types requires nodes capable of running
+realtime applications.
+
+### RT Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4 starting from
+  the medium size.
+
+## Resources
+
+The following instancetype resources are provided by Cozystack:
+
+Name | vCPUs | Memory
+-----|-------|-------
+cx1.2xlarge  |  8  |  16Gi
+cx1.4xlarge  |  16  |  32Gi
+cx1.8xlarge  |  32  |  64Gi
+cx1.large  |  2  |  4Gi
+cx1.medium  |  1  |  2Gi
+cx1.xlarge  |  4  |  8Gi
+gn1.2xlarge  |  8  |  32Gi
+gn1.4xlarge  |  16  |  64Gi
+gn1.8xlarge  |  32  |  128Gi
+gn1.xlarge  |  4  |  16Gi
+m1.2xlarge  |  8  |  64Gi
+m1.4xlarge  |  16  |  128Gi
+m1.8xlarge  |  32  |  256Gi
+m1.large  |  2  |  16Gi
+m1.xlarge  |  4  |  32Gi
+n1.2xlarge  |  16  |  32Gi
+n1.4xlarge  |  32  |  64Gi
+n1.8xlarge  |  64  |  128Gi
+n1.large  |  4  |  8Gi
+n1.medium  |  4  |  4Gi
+n1.xlarge  |  8  |  16Gi
+o1.2xlarge  |  8  |  32Gi
+o1.4xlarge  |  16  |  64Gi
+o1.8xlarge  |  32  |  128Gi
+o1.large  |  2  |  8Gi
+o1.medium  |  1  |  4Gi
+o1.micro  |  1  |  1Gi
+o1.nano  |  1  |  512Mi
+o1.small  |  1  |  2Gi
+o1.xlarge  |  4  |  16Gi
+rt1.2xlarge  |  8  |  32Gi
+rt1.4xlarge  |  16  |  64Gi
+rt1.8xlarge  |  32  |  128Gi
+rt1.large  |  2  |  8Gi
+rt1.medium  |  1  |  4Gi
+rt1.micro  |  1  |  1Gi
+rt1.small  |  1  |  2Gi
+rt1.xlarge  |  4  |  16Gi
+u1.2xlarge  |  8  |  32Gi
+u1.2xmedium  |  2  |  4Gi
+u1.4xlarge  |  16  |  64Gi
+u1.8xlarge  |  32  |  128Gi
+u1.large  |  2  |  8Gi
+u1.medium  |  1  |  4Gi
+u1.micro  |  1  |  1Gi
+u1.nano  |  1  |  512Mi
+u1.small  |  1  |  2Gi
+u1.xlarge  |  4  |  16Gi

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.12.0@sha256:7f617de5a24de790a15d9e97c6287ff2b390922e6e74c7a665cbf498f634514d
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.0@sha256:c80c305a7c0ff5d64664eea9aefc9a2e68c3bd500cf341d820ef8dd460f3174b

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.12.0@sha256:b9dc8e5f0296146b37b332b07b8cd74d1b0308786160b161c670c55005d3dbe9
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.0@sha256:55b78220b60773eefb7b7d3451d7ab9fe89fb6b989e8fe2ae214aab164f00293

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.12.0@sha256:bd9175e1307c0afa828974df40edaa4ab905b869e1260a09675ceb1c1b248f1f
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.0@sha256:bc61dba787ca79f9b8d7288a631cbaecf8de9f87b6a2ad44e1513f730362621f

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:1f249fbe52821a62f706c6038b13401234e1b758ac498e53395b8f9a642b015f
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:8258747003f40f0f8dd54317e52e98baf4674c5ac14ad851ac6b2871d29e4b2d

packages/apps/kubernetes/templates/cluster.yaml

@@ -15,6 +15,11 @@ spec:
         node-role.kubernetes.io/{{ . }}: ""
         {{- end }}
     spec:
+      {{- with .group.instanceType }}
+      instancetype:
+        kind: VirtualMachineClusterInstancetype
+        name: {{ . }}
+      {{- end }}
       runStrategy: Always
       template:
         metadata:
@@ -26,10 +31,12 @@ spec:
             {{- end }}
         spec:
           domain:
+            {{- if and .group.resources .group.resources.cpu }}
             cpu:
               threads: 1
               cores: {{ .group.resources.cpu }}
               sockets: 1
+            {{- end }}
             devices:
               disks:
               - name: system
@@ -43,8 +50,10 @@ spec:
               interfaces:
               - name: default
                 bridge: {}
+            {{- if and .group.resources .group.resources.memory }}
             memory:
               guest: {{ .group.resources.memory }}
+            {{- end }}
           evictionStrategy: External
           volumes:
           - name: system
@@ -176,6 +185,14 @@ spec:
   template:
     {{- $kubevirtmachinetemplate | nindent 4 }}
 ---
+{{- $instanceType := dict }}
+{{- if $group.instanceType }}
+{{-   $instanceType = (lookup "instancetype.kubevirt.io/v1beta1" "VirtualMachineClusterInstancetype" "" $group.instanceType) }}
+{{-   if not $instanceType }}
+{{-     fail (printf "Specified instancetype not exists in cluster: %s" $group.instanceType) }}
+{{-   end }}
+{{- end }}
+
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineDeployment
 metadata:
@@ -184,8 +201,16 @@ metadata:
   annotations:
     cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ $group.minReplicas }}"
     cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ $group.maxReplicas }}"
+    {{- if and $group.resources $group.resources.memory }}
     capacity.cluster-autoscaler.kubernetes.io/memory: "{{ $group.resources.memory }}"
+    {{- else }}
+    capacity.cluster-autoscaler.kubernetes.io/memory: "{{ $instanceType.spec.memory.guest }}"
+    {{- end }}
+    {{- if and $group.resources $group.resources.cpu }}
     capacity.cluster-autoscaler.kubernetes.io/cpu: "{{ $group.resources.cpu }}"
+    {{- else }}
+    capacity.cluster-autoscaler.kubernetes.io/cpu: "{{ $instanceType.spec.cpu.guest }}"
+    {{- end }}
 spec:
   clusterName: {{ $.Release.Name }}
   template:
@@ -229,7 +254,7 @@ spec:
     timeout: 30s
   - type: Ready
     status: "False"
-    timeout: 30s
+    timeout: 300s
 {{- end }}
 ---
 {{- /*

packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml

@@ -0,0 +1,54 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-cert-manager-crds
+  labels:
+    cozystack.io/repository: system
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
+spec:
+  interval: 5m
+  releaseName: cert-manager-crds
+  chart:
+    spec:
+      chart: cozy-cert-manager-crds
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  kubeConfig:
+    secretRef:
+      name: {{ .Release.Name }}-kubeconfig
+  targetNamespace: cozy-cert-manager-crds
+  storageNamespace: cozy-cert-manager-crds
+  install:
+    createNamespace: true
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  {{- if .Values.addons.certManager.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-cert-manager-crds-values-override
+    valuesKey: values
+  {{- end }}
+
+  dependsOn:
+  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
+  - name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  - name: {{ .Release.Name }}-cilium
+    namespace: {{ .Release.Namespace }}
+{{- if .Values.addons.certManager.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-cert-manager-crds-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.certManager.valuesOverride | nindent 4 }}
+{{- end }}

packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml

@@ -43,6 +43,8 @@ spec:
   {{- end }}
   - name: {{ .Release.Name }}-cilium
     namespace: {{ .Release.Namespace }}
+  - name: {{ .Release.Name }}-cert-manager-crds
+    namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- if .Values.addons.certManager.valuesOverride }}
 ---

packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml

@@ -0,0 +1,105 @@
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
+{{- if .Values.addons.monitoringAgents.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-monitoring-agents
+  labels:
+    cozystack.io/repository: system
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
+spec:
+  interval: 5m
+  releaseName: cozy-monitoring-agents
+  chart:
+    spec:
+      chart: cozy-monitoring-agents
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  kubeConfig:
+    secretRef:
+      name: {{ .Release.Name }}-kubeconfig
+  targetNamespace: cozy-monitoring-agents
+  storageNamespace: cozy-monitoring-agents
+  install:
+    createNamespace: true
+    timeout: "300s"
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  dependsOn:
+  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
+  - name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  - name: {{ .Release.Name }}-cilium
+    namespace: {{ .Release.Namespace }}
+  - name: {{ .Release.Name }}-cozy-victoria-metrics-operator
+    namespace: {{ .Release.Namespace }}
+  values:
+    vmagent:
+      externalLabels:
+        cluster: {{ .Release.Name }}
+        tenant: {{ .Release.Namespace }}
+      remoteWrite:
+        url: http://vminsert-shortterm.{{ $targetTenant }}.svc:8480/insert/0/prometheus
+
+    fluent-bit:
+      readinessProbe:
+        httpGet:
+          path: /
+      daemonSetVolumes:
+        - name: varlog
+          hostPath:
+            path: /var/log
+        - name: varlibdockercontainers
+          hostPath:
+            path: /var/lib/docker/containers
+      daemonSetVolumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      config:
+        outputs: |
+          [OUTPUT]
+              Name http
+              Match kube.*
+              Host vlogs-generic.{{ $targetTenant }}.svc
+              port 9428
+              compress gzip
+              uri /insert/jsonline?_stream_fields=stream,kubernetes_pod_name,kubernetes_container_name,kubernetes_namespace_name&_msg_field=log&_time_field=date
+              format json_lines
+              json_date_format iso8601
+              header AccountID 0
+              header ProjectID 0
+        filters: |
+          [FILTER]
+              Name kubernetes
+              Match kube.*
+              Merge_Log On
+              Keep_Log On
+              K8S-Logging.Parser On
+              K8S-Logging.Exclude On
+          [FILTER]
+              Name                nest
+              Match               *
+              Wildcard            pod_name
+              Operation lift
+              Nested_under kubernetes
+              Add_prefix   kubernetes_
+          [FILTER]
+              Name modify
+              Match *
+              Add tenant {{ .Release.Namespace }}
+          [FILTER]
+              Name modify
+              Match *
+              Add cluster {{ .Release.Name }}
+{{- end }}

packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.addons.monitoringAgents.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-cozy-victoria-metrics-operator
+  labels:
+    cozystack.io/repository: system
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
+spec:
+  interval: 5m
+  releaseName: cozy-victoria-metrics-operator
+  chart:
+    spec:
+      chart: cozy-victoria-metrics-operator
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  kubeConfig:
+    secretRef:
+      name: {{ .Release.Name }}-kubeconfig
+  targetNamespace: cozy-victoria-metrics-operator
+  storageNamespace: cozy-victoria-metrics-operator
+  install:
+    createNamespace: true
+    remediation:
+      retries: -1
+  upgrade:
+    remediation:
+      retries: -1
+  dependsOn:
+  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
+  - name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  - name: {{ .Release.Name }}-cilium
+    namespace: {{ .Release.Namespace }}
+  - name: {{ .Release.Name }}-cert-manager-crds
+    namespace: {{ .Release.Namespace }}
+{{- end }}

packages/apps/kubernetes/values.schema.json

@@ -75,8 +75,23 @@
                             "default": {}
                         }
                     }
+                },
+                "monitoringAgents": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean",
+                            "description": "Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage",
+                            "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
+                        }
+                    }
                 }
             }
         }
     }
-}
+}

packages/apps/kubernetes/values.yaml

@@ -15,13 +15,15 @@ nodeGroups:
   md0:
     minReplicas: 0
     maxReplicas: 10
-    resources:
-      cpu: 2
-      memory: 1024Mi
+    instanceType: "u1.medium"
     ephemeralStorage: 20Gi
     roles:
     - ingress-nginx
 
+    resources:
+      cpu: ""
+      memory: ""
+
 ## @section Cluster Addons
 ##
 addons:
@@ -58,3 +60,12 @@ addons:
     ##
     enabled: false
     valuesOverride: {}
+
+  ## MonitoringAgents
+  ##
+  monitoringAgents:
+    ## @param addons.monitoringAgents.enabled Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage
+    ## @param addons.monitoringAgents.valuesOverride Custom values to override
+    ##
+    enabled: false
+    valuesOverride: {}

packages/apps/mysql/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.1
+version: 0.5.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/mysql/images/mariadb-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.1@sha256:793edb25a29cbc00781e40af883815ca36937e736e2b0d202ea9c9619fb6ca11
+ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:c14e21d439600caf6239b767d204b2fd75146e782e35991c6d803490197660bf

packages/apps/mysql/templates/mariadb.yaml

@@ -13,6 +13,7 @@ spec:
   port: 3306
 
   replicas: {{ .Values.replicas }}
+  replicasAllowEvenNumber: true
   affinity:
     podAntiAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:

packages/apps/mysql/templates/secret.yaml

@@ -8,7 +8,7 @@
 {{- end }}
 
 {{- $usersWithRoot := .Values.users }}
-{{- if (and .Values.users.root .Values.users.root.password) }}
+{{- if not (and .Values.users.root .Values.users.root.password) }}
   {{- $_ := set $usersWithRoot "root" dict }}
 {{- end }}
 

packages/apps/nats/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/nats/README.md

@@ -9,4 +9,4 @@
 | `external`     | Enable external access from outside the cluster | `false` |
 | `replicas`     | Persistent Volume size for NATS                 | `2`     |
 | `storageClass` | StorageClass used to store the data             | `""`    |
-
+| `users`        | Users configuration                             | `{}`    |

packages/apps/nats/templates/nats.yaml

@@ -1,3 +1,25 @@
+{{- $passwords := dict }}
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
+
+---
+
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@@ -18,6 +40,16 @@ spec:
     nats:
       fullnameOverride: {{ .Release.Name }}
       config:
+        {{- if gt (len $passwords) 0 }}
+        merge:
+          accounts:
+            A:
+              users:
+                {{- range $username, $password := $passwords }}
+                - user: "{{ $username }}"
+                  password: "{{ $password }}"
+                {{- end }}
+        {{- end }}
         cluster:
           enabled: true
           replicas: {{ .Values.replicas }}

packages/apps/nats/templates/resourcemap.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]

packages/apps/nats/values.yaml

@@ -8,3 +8,10 @@
 external: false
 replicas: 2
 storageClass: ""
+## @param users [object] Users configuration
+## Example:
+## users:
+##   user1:
+##     password: strongpassword
+##   user2: {}
+users: {}

packages/apps/postgres/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.0
+version: 0.7.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/postgres/README.md

@@ -6,30 +6,34 @@ PostgreSQL is currently the leading choice among relational databases, known for
 
 This managed service is controlled by the CloudNativePG operator, ensuring efficient management and seamless operation.
 
-- Docs: https://cloudnative-pg.io/docs/
-- Github: https://github.com/cloudnative-pg/cloudnative-pg
+- Docs: <https://cloudnative-pg.io/docs/>
+- Github: <https://github.com/cloudnative-pg/cloudnative-pg>
 
 ## HowTos
 
 ### How to switch master/slave replica
 
 See:
-- https://cloudnative-pg.io/documentation/1.15/rolling_update/#manual-updates-supervised
 
-### How to restore backup:
+- <https://cloudnative-pg.io/documentation/1.15/rolling_update/#manual-updates-supervised>
+
+### How to restore backup
 
 find snapshot:
-```
+
+```bash
 restic -r s3:s3.example.org/postgres-backups/database_name snapshots
 ```
 
 restore:
-```
+
+```bash
 restic -r s3:s3.example.org/postgres-backups/database_name restore latest --target /tmp/
 ```
 
 more details:
-- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
+
+- <https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1>
 
 ## Parameters
 
@@ -64,5 +68,3 @@ more details:
 | `backup.s3AccessKey`     | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
 | `backup.s3SecretKey`     | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
 | `backup.resticPassword`  | The password for Restic backup encryption      | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
-
-

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.7.0@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:034a480a119986da8a8e0532f09f66c58ed919e18612987b1a847fe8a59b6f3c

packages/apps/postgres/templates/init-script.yaml

@@ -34,6 +34,9 @@ stringData:
   init.sh: |
     #!/bin/bash
     set -e
+
+    until pg_isready ; do sleep 5; done
+
     echo "== create users"
     {{- if .Values.users }}
     psql -v ON_ERROR_STOP=1 <<\EOT
@@ -60,7 +63,7 @@ stringData:
     DROP USER $user;
     EOT
     done
-    
+
     echo "== create databases and roles"
     {{- if .Values.databases }}
     psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
@@ -92,7 +95,7 @@ stringData:
         FOR schema_record IN SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT IN ('pg_catalog', 'information_schema') LOOP
             -- Changing Schema Ownership
             EXECUTE format('ALTER SCHEMA %I OWNER TO %I', schema_record.schema_name, '{{ $database }}_admin');
-    
+
             -- Add rights for the admin role
             EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_admin');
             EXECUTE format('GRANT ALL ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_admin');
@@ -101,7 +104,7 @@ stringData:
             EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON TABLES TO %I', schema_record.schema_name, '{{ $database }}_admin');
             EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON SEQUENCES TO %I', schema_record.schema_name, '{{ $database }}_admin');
             EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON FUNCTIONS TO %I', schema_record.schema_name, '{{ $database }}_admin');
-    
+
             -- Add rights for the readonly role
             EXECUTE format('GRANT USAGE ON SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_readonly');
             EXECUTE format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_readonly');
@@ -119,9 +122,9 @@ stringData:
     CREATE OR REPLACE FUNCTION auto_grant_schema_privileges()
     RETURNS event_trigger LANGUAGE plpgsql AS $$
     DECLARE
-      obj record;
+        obj record;
     BEGIN
-      FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands() WHERE command_tag = 'CREATE SCHEMA' LOOP
+        FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands() WHERE command_tag = 'CREATE SCHEMA' LOOP
         EXECUTE format('ALTER SCHEMA %I OWNER TO %I', obj.object_identity, '{{ $database }}_admin');
         EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', obj.object_identity, '{{ $database }}_admin');
         EXECUTE format('GRANT USAGE ON SCHEMA %I TO %I', obj.object_identity, '{{ $database }}_readonly');
@@ -146,7 +149,7 @@ stringData:
         EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT SELECT ON TABLES TO %I', obj.object_identity, '{{ $database }}_readonly');
         EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT USAGE ON SEQUENCES TO %I', obj.object_identity, '{{ $database }}_readonly');
         EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT EXECUTE ON FUNCTIONS TO %I', obj.object_identity, '{{ $database }}_readonly');
-      END LOOP;
+        END LOOP;
     END;
     $$;
 

packages/apps/postgres/values.schema.json

@@ -103,4 +103,4 @@
             }
         }
     }
-}
+}

packages/apps/rabbitmq/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.2
+version: 0.4.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -18,6 +18,7 @@ spec:
         template:
           spec:
             enableServiceLinks: false
+            containers: []
           metadata:
             labels:
               policy.cozystack.io/allow-to-apiserver: "true"

packages/apps/redis/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.3.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/redis/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - rfs-{{ .Release.Name }}
+  - rfrm-{{ .Release.Name }}
+  - rfrs-{{ .Release.Name }}
+  - "{{ .Release.Name }}-external-lb"
+  verbs: ["get", "list", "watch"]

packages/apps/redis/templates/redisfailover.yaml

@@ -20,7 +20,6 @@ spec:
         cpu: 150m
         memory: 400Mi
       limits:
-        cpu: 2
         memory: 1000Mi
     {{- with .Values.size }}
     storage:
@@ -37,7 +36,7 @@ spec:
           storageClassName: {{ . }}
           {{- end }}
     {{- end }}
-    exporter: 
+    exporter:
       enabled: true
       image: oliver006/redis_exporter:v1.55.0-alpine
       args:

packages/apps/tenant/Chart.yaml

@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg
 
 type: application
-version: 1.4.0
+version: 1.6.1

packages/apps/tenant/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}-dashboard-resources
+  namespace: {{ .Release.namespace }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - kubeconfig-{{ include "tenant.name" . }}
+  verbs: ["get", "list", "watch"]

packages/apps/tenant/templates/keycloakgroups.yaml

@@ -0,0 +1,53 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }}
+{{- if $oidcEnabled }}
+apiVersion: v1.edp.epam.com/v1
+kind: KeycloakRealmGroup
+metadata:
+  name: {{ include "tenant.name" . }}-view
+  namespace: {{ include "tenant.name" . }}
+spec:
+  name: {{ include "tenant.name" . }}-view
+  realmRef:
+    name: keycloakrealm-cozy
+    kind: ClusterKeycloakRealm
+
+---
+
+apiVersion: v1.edp.epam.com/v1
+kind: KeycloakRealmGroup
+metadata:
+  name: {{ include "tenant.name" . }}-use
+  namespace: {{ include "tenant.name" . }}
+spec:
+  name: {{ include "tenant.name" . }}-use
+  realmRef:
+    name: keycloakrealm-cozy
+    kind: ClusterKeycloakRealm
+
+---
+
+apiVersion: v1.edp.epam.com/v1
+kind: KeycloakRealmGroup
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: {{ include "tenant.name" . }}
+spec:
+  name: {{ include "tenant.name" . }}-admin
+  realmRef:
+    name: keycloakrealm-cozy
+    kind: ClusterKeycloakRealm
+
+---
+
+apiVersion: v1.edp.epam.com/v1
+kind: KeycloakRealmGroup
+metadata:
+  name: {{ include "tenant.name" . }}-super-admin
+  namespace: {{ include "tenant.name" . }}
+spec:
+  name: {{ include "tenant.name" . }}-super-admin
+  realmRef:
+    name: keycloakrealm-cozy
+    kind: ClusterKeycloakRealm
+{{- end }}

packages/apps/tenant/templates/kubeconfig.yaml

@@ -0,0 +1,45 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $host := index $cozyConfig.data "root-host" }}
+{{- $k8sClientSecret := lookup "v1" "Secret" "cozy-keycloak" "k8s-client" }}
+
+{{- if $k8sClientSecret }}
+{{- $apiServerEndpoint := index $cozyConfig.data "api-server-endpoint" }}
+{{- $k8sClient := index $k8sClientSecret.data "client-secret-key" | b64dec }}
+{{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }}
+{{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc  }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kubeconfig-{{ include "tenant.name" . }}
+  namespace: tenant-root
+stringData:
+  kubeconfig: |
+    apiVersion: v1
+    clusters:
+    - cluster:
+        server: {{ $apiServerEndpoint }}
+        certificate-authority-data: {{ $k8sCa }}
+      name: cluster
+    contexts:
+    - context:
+        cluster: cluster
+        namespace: {{ include "tenant.name" . }}
+        user: keycloak
+      name: {{ include "tenant.name" . }}
+    current-context: default
+    users:
+    - name: keycloak
+      user:
+        exec:
+          apiVersion: client.authentication.k8s.io/v1beta1
+          args:
+          - oidc-login
+          - get-token
+          - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy
+          - --oidc-client-id=kubernetes
+          - --oidc-client-secret={{ $k8sClient }}
+          - --skip-open-browser
+          - --grant-type=password
+          command: kubectl
+{{- end }}

packages/apps/tenant/templates/networkpolicy.yaml

@@ -159,6 +159,30 @@ spec:
 ---
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
+metadata:
+  name: allow-to-keycloak
+  namespace: {{ include "tenant.name" . }}
+spec:
+  endpointSelector: {}
+  egress:
+  - toEndpoints:
+      - matchLabels:
+          "k8s:io.kubernetes.pod.namespace": cozy-keycloak
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-to-cdi-upload-proxy
+  namespace: {{ include "tenant.name" . }}
+spec:
+  endpointSelector: {}
+  egress:
+  - toEndpoints:
+      - matchLabels:
+          "k8s:io.kubernetes.pod.namespace": cozy-kubevirt-cdi
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
 metadata:
   name: allow-to-ingress
   namespace: {{ include "tenant.name" . }}
@@ -168,4 +192,16 @@ spec:
   - toEndpoints:
     - matchLabels:
         cozystack.io/service: ingress
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-to-keycloak
+  namespace: {{ include "tenant.name" . }}
+spec:
+  endpointSelector: {}
+  egress:
+  - toEndpoints:
+      - matchLabels:
+          "k8s:io.kubernetes.pod.namespace": cozy-keycloak
 {{- end }}

packages/apps/tenant/templates/tenant.yaml

@@ -43,6 +43,9 @@ subjects:
 - kind: ServiceAccount
   name: tenant-root
   namespace: tenant-root
+- kind: Group
+  name: tenant-root-super-admin
+  apiGroup: rbac.authorization.k8s.io
 {{- end }}
 {{- if hasPrefix "tenant-" .Release.Namespace }}
 {{- $parts := splitList "-" .Release.Namespace }}
@@ -51,12 +54,18 @@ subjects:
 - kind: ServiceAccount
   name: {{ join "-" (slice $parts 0 (add $i 1)) }}
   namespace: {{ join "-" (slice $parts 0 (add $i 1)) }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 {{- end }}
 {{- end }}
 {{- end }}
 - kind: ServiceAccount
   name: {{ include "tenant.name" . }}
   namespace: {{ include "tenant.name" . }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}
@@ -84,7 +93,271 @@ subjects:
 - kind: ServiceAccount
   name: {{ include "tenant.name" . }}
   namespace: {{ include "tenant.name" . }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}
   apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "tenant.name" . }}-view
+  namespace: {{ include "tenant.name" . }}
+rules:
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+    verbs:
+      - get
+  - apiGroups:
+      - apps.cozystack.io
+    resources:
+      - "*"
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - helm.toolkit.fluxcd.io
+    resources:
+      - helmreleases
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - "*"
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+
+---
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "tenant.name" . }}-view
+  namespace: {{ include "tenant.name" . }}
+subjects:
+  - kind: Group
+    name: {{ include "tenant.name" . }}-view
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}-view
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "tenant.name" . }}-use
+  namespace: {{ include "tenant.name" . }}
+rules:
+  - apiGroups: [rbac.authorization.k8s.io]
+    resources:
+    - roles
+    verbs:
+    - get
+  - apiGroups: ["apps.cozystack.io"]
+    resources:
+    - "*"
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups: ["helm.toolkit.fluxcd.io"]
+    resources:
+    - helmreleases
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups: [""]
+    resources:
+    - "*"
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+    - ingresses
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups: ["subresources.kubevirt.io"]
+    resources:
+    - virtualmachineinstances/console
+    - virtualmachineinstances/vnc
+    verbs:
+    - get
+    - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "tenant.name" . }}-use
+  namespace: {{ include "tenant.name" . }}
+subjects:
+  - kind: Group
+    name: {{ include "tenant.name" . }}-use
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}-use
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: {{ include "tenant.name" . }}
+rules:
+  - apiGroups: [rbac.authorization.k8s.io]
+    resources:
+    - roles
+    verbs:
+    - get
+  - apiGroups: [""]
+    resources:
+    - "*"
+    verbs:
+    - get
+    - list
+    - watch
+    - delete
+  - apiGroups: ["helm.toolkit.fluxcd.io"]
+    resources:
+    - helmreleases
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups: ["kubevirt.io"]
+    resources:
+    - virtualmachines
+    verbs:
+    - get
+    - list
+  - apiGroups: ["subresources.kubevirt.io"]
+    resources:
+    - virtualmachineinstances/console
+    - virtualmachineinstances/vnc
+    verbs:
+    - get
+    - list
+  - apiGroups: ["apps.cozystack.io"]
+    resources:
+    - buckets
+    - clickhouses
+    - ferretdb
+    - foos
+    - httpcaches
+    - kafkas
+    - kuberneteses
+    - mysqls
+    - natses
+    - postgreses
+    - rabbitmqs
+    - redises
+    - seaweedfses
+    - tcpbalancers
+    - virtualmachines
+    - vmdisks
+    - vminstances
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - patch
+    - delete
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: cozy-public
+rules:
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: ["helmrepositories"]
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - source.toolkit.fluxcd.io
+    resources:
+    - helmcharts
+    verbs:
+    - get
+    - list
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources:
+    - helmcharts
+    verbs: ["*"]
+    resourceNames:
+    - bucket
+    - clickhouse
+    - ferretdb
+    - foo
+    - httpcache
+    - kafka
+    - kubernetes
+    - mysql
+    - nats
+    - postgres
+    - rabbitmq
+    - redis
+    - seaweedfs
+    - tcpbalancer
+    - virtualmachine
+    - vmdisk
+    - vminstance
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: cozy-public
+subjects:
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: {{ include "tenant.name" . }}
+subjects:
+  - kind: Group
+    name: {{ include "tenant.name" . }}-admin
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io

packages/apps/versions_map

@@ -4,12 +4,15 @@ clickhouse 0.2.0 7cd7de73
 clickhouse 0.2.1 5ca8823
 clickhouse 0.3.0 b00621e
 clickhouse 0.4.0 320fc32
-clickhouse 0.5.0 HEAD
+clickhouse 0.5.0 2a4768a5
+clickhouse 0.6.0 18bbdb67
+clickhouse 0.6.1 HEAD
 ferretdb 0.1.0 4ffa8615
 ferretdb 0.1.1 5ca8823
 ferretdb 0.2.0 adaf603
 ferretdb 0.3.0 aa2f553
-ferretdb 0.4.0 HEAD
+ferretdb 0.4.0 def2eb0f
+ferretdb 0.4.1 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 5ca8823
 http-cache 0.3.0 fab5940
@@ -19,7 +22,8 @@ kafka 0.2.0 a2cc83d
 kafka 0.2.1 3ac17018
 kafka 0.2.2 d0758692
 kafka 0.2.3 5ca8823
-kafka 0.3.0 HEAD
+kafka 0.3.0 c07c4bbd
+kafka 0.3.1 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 7cd7de73
 kubernetes 0.3.0 7caccec1
@@ -34,15 +38,21 @@ kubernetes 0.9.0 9b6dd19
 kubernetes 0.10.0 ac5c38b
 kubernetes 0.11.0 4eaca42
 kubernetes 0.11.1 4f430a90
-kubernetes 0.12.0 HEAD
+kubernetes 0.12.0 74649f8
+kubernetes 0.12.1 28fca4e
+kubernetes 0.13.0 ced8e5b9
+kubernetes 0.14.0 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 5ca8823
 mysql 0.4.0 93018c4
 mysql 0.5.0 4b84798
-mysql 0.5.1 HEAD
+mysql 0.5.1 fab5940b
+mysql 0.5.2 HEAD
 nats 0.1.0 5ca8823
-nats 0.2.0 HEAD
+nats 0.2.0 c07c4bbd
+nats 0.3.0 78366f19
+nats 0.3.1 HEAD
 postgres 0.1.0 f642698
 postgres 0.2.0 7cd7de73
 postgres 0.2.1 4a97e297
@@ -52,16 +62,19 @@ postgres 0.4.1 5ca8823
 postgres 0.5.0 c07c4bbd
 postgres 0.6.0 2a4768a
 postgres 0.6.2 54fd61c
-postgres 0.7.0 HEAD
+postgres 0.7.0 dc9d8bb
+postgres 0.7.1 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 5ca8823
 rabbitmq 0.3.0 9e33dc0
 rabbitmq 0.4.0 36d8855
 rabbitmq 0.4.1 35536bb
-rabbitmq 0.4.2 HEAD
+rabbitmq 0.4.2 00b2834e
+rabbitmq 0.4.3 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 5ca8823
-redis 0.3.0 HEAD
+redis 0.3.0 c07c4bbd
+redis 0.3.1 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
@@ -72,12 +85,19 @@ tenant 1.1.0 4da8ac3b
 tenant 1.2.0 15478a88
 tenant 1.3.0 ceefae03
 tenant 1.3.1 c56e5769
-tenant 1.4.0 HEAD
+tenant 1.4.0 94c688f7
+tenant 1.5.0 48128743
+tenant 1.6.0 df448b99
+tenant 1.6.1 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
 virtual-machine 0.2.0 5ca8823
 virtual-machine 0.3.0 b908400
-virtual-machine 0.4.0 HEAD
+virtual-machine 0.4.0 4746d51
+virtual-machine 0.5.0 HEAD
+vm-disk 0.1.0 HEAD
+vm-instance 0.1.0 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
-vpn 0.3.0 HEAD
+vpn 0.3.0 a2bcf100
+vpn 0.3.1 HEAD

packages/apps/virtual-machine/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 #name: Virtual Machine
 name: virtual-machine
-description: Virtual machine instance
+description: Virtual Machine (simple)
 icon: /logos/vm.svg
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.5.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/virtual-machine/Makefile

@@ -1,10 +1,10 @@
 include ../../../scripts/package.mk
 
 generate:
-	readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
-	cat values.schema.json.tmp | \
-		jq '.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' | \
-		jq '.properties.resources.properties.memory["x-display"] = "slider"' | \
-		jq '.properties.externalPorts.items.type = "integer"' \
-		> values.schema.json
-	rm -f values.schema.json.tmp
+	readme-generator -v values.yaml -s values.schema.json -r README.md
+	INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
+	  && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
+	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
+	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
+	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
+	yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json

packages/apps/virtual-machine/README.md

@@ -1,4 +1,4 @@
-# Virtual Machine
+# Virtual Machine (simple)
 
 A Virtual Machine (VM) simulates computer hardware, enabling various operating systems and applications to run in an isolated environment.
 
@@ -36,40 +36,233 @@ virtctl ssh <user>@<vm>
 
 ### Common parameters
 
-| Name               | Description                                                                                                | Value            |
-| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- |
-| `external`         | Enable external access from outside the cluster                                                            | `false`          |
-| `externalPorts`    | Specify ports to forward from outside the cluster                                                          | `[]`             |
-| `running`          | Determines if the virtual machine should be running                                                        | `true`           |
-| `image`            | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos` | `ubuntu`         |
-| `storageClass`     | StorageClass used to store the data                                                                        | `replicated`     |
-| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                                   | `1`              |
-| `resources.memory` | The amount of memory allocated to the virtual machine                                                      | `1024M`          |
-| `resources.disk`   | The size of the disk allocated for the virtual machine                                                     | `5Gi`            |
-| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`             |
-| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.                                | `#cloud-config
+| Name                      | Description                                                                                                | Value            |
+| ------------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------- |
+| `external`                | Enable external access from outside the cluster                                                            | `false`          |
+| `externalPorts`           | Specify ports to forward from outside the cluster                                                          | `[]`             |
+| `running`                 | Determines if the virtual machine should be running                                                        | `true`           |
+| `instanceType`            | Virtual Machine instance type                                                                              | `u1.medium`      |
+| `instanceProfile`         | Virtual Machine prefferences profile                                                                       | `ubuntu`         |
+| `systemDisk.image`        | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos` | `ubuntu`         |
+| `systemDisk.storage`      | The size of the disk allocated for the virtual machine                                                     | `5Gi`            |
+| `systemDisk.storageClass` | StorageClass used to store the data                                                                        | `replicated`     |
+| `resources.cpu`           | The number of CPU cores allocated to the virtual machine                                                   | `""`             |
+| `resources.memory`        | The amount of memory allocated to the virtual machine                                                      | `""`             |
+| `sshKeys`                 | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`             |
+| `cloudInit`               | cloud-init user data config. See cloud-init documentation for more details.                                | `#cloud-config
 ` |
 
-You can customize the exposed ports by specifying them under `service.ports` in the `values.yaml` file.
+## U Series
 
-## Example virtual machine:
+The U Series is quite neutral and provides resources for
+general purpose applications.
 
-```yaml
-running: true
-image: fedora
-storageClass: replicated
-resources:
-  cpu: 1
-  memory: 1024M
-  disk: 10Gi
+*U* is the abbreviation for "Universal", hinting at the universal
+attitude towards workloads.
 
-sshKeys:
-- ssh-rsa ...
+VMs of instance types will share physical CPU cores on a
+time-slice basis with other VMs.
 
-cloudInit: |
-  #cloud-config
-  user: fedora
-  password: fedora
-  chpasswd: { expire: False }
-  ssh_pwauth: True
-```
+### U Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## O Series
+
+The O Series is based on the U Series, with the only difference
+being that memory is overcommitted.
+
+*O* is the abbreviation for "Overcommitted".
+
+### UO Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *Overcommitted Memory* - Memory is over-committed in order to achieve
+  a higher workload density.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## CX Series
+
+The CX Series provides exclusive compute resources for compute
+intensive applications.
+
+*CX* is the abbreviation of "Compute Exclusive".
+
+The exclusive resources are given to the compute threads of the
+VM. In order to ensure this, some additional cores (depending
+on the number of disks and NICs) will be requested to offload
+the IO threading from cores dedicated to the workload.
+In addition, in this series, the NUMA topology of the used
+cores is provided to the VM.
+
+### CX Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vNUMA* - Physical NUMA topology is reflected in the guest in order to
+  optimize guest sided cache utilization.
+- *vCPU-To-Memory Ratio (1:2)* - A vCPU-to-Memory ratio of 1:2.
+
+## M Series
+
+The M Series provides resources for memory intensive
+applications.
+
+*M* is the abbreviation of "Memory".
+
+### M Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:8)* - A vCPU-to-Memory ratio of 1:8, for much
+  less noise per node.
+
+## RT Series
+
+The RT Series provides resources for realtime applications, like Oslat.
+
+*RT* is the abbreviation for "realtime".
+
+This series of instance types requires nodes capable of running
+realtime applications.
+
+### RT Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4 starting from
+  the medium size.
+
+## Development
+
+To get started with customizing or creating your own instancetypes and preferences
+see [DEVELOPMENT.md](./DEVELOPMENT.md).
+
+## Resources
+
+The following instancetype resources are provided by Cozystack:
+
+Name | vCPUs | Memory
+-----|-------|-------
+cx1.2xlarge  |  8  |  16Gi
+cx1.4xlarge  |  16  |  32Gi
+cx1.8xlarge  |  32  |  64Gi
+cx1.large  |  2  |  4Gi
+cx1.medium  |  1  |  2Gi
+cx1.xlarge  |  4  |  8Gi
+gn1.2xlarge  |  8  |  32Gi
+gn1.4xlarge  |  16  |  64Gi
+gn1.8xlarge  |  32  |  128Gi
+gn1.xlarge  |  4  |  16Gi
+m1.2xlarge  |  8  |  64Gi
+m1.4xlarge  |  16  |  128Gi
+m1.8xlarge  |  32  |  256Gi
+m1.large  |  2  |  16Gi
+m1.xlarge  |  4  |  32Gi
+n1.2xlarge  |  16  |  32Gi
+n1.4xlarge  |  32  |  64Gi
+n1.8xlarge  |  64  |  128Gi
+n1.large  |  4  |  8Gi
+n1.medium  |  4  |  4Gi
+n1.xlarge  |  8  |  16Gi
+o1.2xlarge  |  8  |  32Gi
+o1.4xlarge  |  16  |  64Gi
+o1.8xlarge  |  32  |  128Gi
+o1.large  |  2  |  8Gi
+o1.medium  |  1  |  4Gi
+o1.micro  |  1  |  1Gi
+o1.nano  |  1  |  512Mi
+o1.small  |  1  |  2Gi
+o1.xlarge  |  4  |  16Gi
+rt1.2xlarge  |  8  |  32Gi
+rt1.4xlarge  |  16  |  64Gi
+rt1.8xlarge  |  32  |  128Gi
+rt1.large  |  2  |  8Gi
+rt1.medium  |  1  |  4Gi
+rt1.micro  |  1  |  1Gi
+rt1.small  |  1  |  2Gi
+rt1.xlarge  |  4  |  16Gi
+u1.2xlarge  |  8  |  32Gi
+u1.2xmedium  |  2  |  4Gi
+u1.4xlarge  |  16  |  64Gi
+u1.8xlarge  |  32  |  128Gi
+u1.large  |  2  |  8Gi
+u1.medium  |  1  |  4Gi
+u1.micro  |  1  |  1Gi
+u1.nano  |  1  |  512Mi
+u1.small  |  1  |  2Gi
+u1.xlarge  |  4  |  16Gi
+
+The following preference resources are provided by Cozystack:
+
+Name | Guest OS
+-----|---------
+alpine | Alpine
+centos.7 | CentOS 7
+centos.7.desktop | CentOS 7
+centos.stream10 | CentOS Stream 10
+centos.stream10.desktop | CentOS Stream 10
+centos.stream8 | CentOS Stream 8
+centos.stream8.desktop | CentOS Stream 8
+centos.stream8.dpdk | CentOS Stream 8
+centos.stream9 | CentOS Stream 9
+centos.stream9.desktop | CentOS Stream 9
+centos.stream9.dpdk | CentOS Stream 9
+cirros | Cirros
+fedora | Fedora (amd64)
+fedora.arm64 | Fedora (arm64)
+opensuse.leap | OpenSUSE Leap
+opensuse.tumbleweed | OpenSUSE Tumbleweed
+rhel.10 | Red Hat Enterprise Linux 10 Beta (amd64)
+rhel.10.arm64 | Red Hat Enterprise Linux 10 Beta (arm64)
+rhel.7 | Red Hat Enterprise Linux 7
+rhel.7.desktop | Red Hat Enterprise Linux 7
+rhel.8 | Red Hat Enterprise Linux 8
+rhel.8.desktop | Red Hat Enterprise Linux 8
+rhel.8.dpdk | Red Hat Enterprise Linux 8
+rhel.9 | Red Hat Enterprise Linux 9 (amd64)
+rhel.9.arm64 | Red Hat Enterprise Linux 9 (arm64)
+rhel.9.desktop | Red Hat Enterprise Linux 9 Desktop (amd64)
+rhel.9.dpdk | Red Hat Enterprise Linux 9 DPDK (amd64)
+rhel.9.realtime | Red Hat Enterprise Linux 9 Realtime (amd64)
+sles | SUSE Linux Enterprise Server
+ubuntu | Ubuntu
+windows.10 | Microsoft Windows 10
+windows.10.virtio | Microsoft Windows 10 (virtio)
+windows.11 | Microsoft Windows 11
+windows.11.virtio | Microsoft Windows 11 (virtio)
+windows.2k16 | Microsoft Windows Server 2016
+windows.2k16.virtio | Microsoft Windows Server 2016 (virtio)
+windows.2k19 | Microsoft Windows Server 2019
+windows.2k19.virtio | Microsoft Windows Server 2019 (virtio)
+windows.2k22 | Microsoft Windows Server 2022
+windows.2k22.virtio | Microsoft Windows Server 2022 (virtio)
+windows.2k25 | Microsoft Windows Server 2025
+windows.2k25.virtio | Microsoft Windows Server 2025 (virtio)

packages/apps/virtual-machine/hack/update-instance-types.sh

@@ -0,0 +1 @@
+#!/bin/sh

packages/apps/virtual-machine/templates/vm.yaml

@@ -1,3 +1,10 @@
+{{- if and .Values.instanceType (not (lookup "instancetype.kubevirt.io/v1beta1" "VirtualMachineClusterInstancetype" "" .Values.instanceType)) }}
+{{-   fail (printf "Specified instancetype not exists in cluster: %s" .Values.instanceType) }}
+{{- end }}
+{{- if and .Values.instanceProfile (not (lookup "instancetype.kubevirt.io/v1beta1" "VirtualMachineClusterPreference" "" .Values.instanceProfile)) }}
+{{-   fail (printf "Specified profile not exists in cluster: %s" .Values.instanceProfile) }}
+{{- end }}
+
 apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
@@ -6,6 +13,16 @@ metadata:
     {{- include "virtual-machine.labels" . | nindent 4 }}
 spec:
   running: {{ .Values.running | default "true" }}
+  {{- with .Values.instanceType }}
+  instancetype:
+    kind: VirtualMachineClusterInstancetype
+    name: {{ . }}
+  {{- end }}
+  {{- with .Values.instanceProfile }}
+  preference:
+    kind: VirtualMachineClusterPreference
+    name: {{ . }}
+  {{- end }}
   dataVolumeTemplates:
   - metadata:
       name: {{ include "virtual-machine.fullname" . }}
@@ -16,23 +33,24 @@ spec:
         - ReadWriteMany
         resources:
           requests:
-            storage: {{ .Values.resources.disk | quote }}
-        {{- with $.Values.storageClass }}
+            storage: {{ .Values.systemDisk.storage | quote }}
+        {{- with .Values.systemDisk.storageClass }}
         storageClassName: {{ . }}
         {{- end }}
       source:
         http:
-          {{- if eq .Values.image "cirros" }}
+          {{- if eq .Values.systemDisk.image "cirros" }}
           url: https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
-          {{- else if eq .Values.image "ubuntu" }}
+          {{- else if eq .Values.systemDisk.image "ubuntu" }}
           url: https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img
-          {{- else if eq .Values.image "fedora" }}
+          {{- else if eq .Values.systemDisk.image "fedora" }}
           url: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2
-          {{- else if eq .Values.image "alpine" }}
+          {{- else if eq .Values.systemDisk.image "alpine" }}
           url: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.2-x86_64-bios-tiny-r0.qcow2
-          {{- else if eq .Values.image "talos" }}
+          {{- else if eq .Values.systemDisk.image "talos" }}
           url: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
           {{- end }}
+
   template:
     metadata:
       annotations:
@@ -41,8 +59,15 @@ spec:
         {{- include "virtual-machine.labels" . | nindent 8 }}
     spec:
       domain:
+        {{- if and .Values.resources .Values.resources.cpu }}
         cpu:
           cores: {{ .Values.resources.cpu }}
+        {{- end }}
+        {{- if and .Values.resources .Values.resources.memory }}
+        resources:
+          requests:
+            memory: {{ .Values.resources.memory | quote }}
+        {{- end }}
         devices:
           disks:
           - disk:
@@ -58,9 +83,6 @@ spec:
             bridge: {}
         machine:
           type: ""
-        resources:
-          requests:
-            memory: {{ .Values.resources.memory | quote }}
       {{- with .Values.sshKeys }}
       accessCredentials:
       - sshPublicKey:

packages/apps/virtual-machine/values.schema.json

@@ -20,41 +20,153 @@
       "description": "Determines if the virtual machine should be running",
       "default": true
     },
-    "image": {
+    "instanceType": {
       "type": "string",
-      "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`",
-      "default": "ubuntu",
+      "description": "Virtual Machine instance type",
+      "default": "u1.medium",
+      "optional": true,
       "enum": [
-        "ubuntu",
-        "cirros",
-        "alpine",
-        "fedora",
-        "talos"
+        "cx1.2xlarge",
+        "cx1.4xlarge",
+        "cx1.8xlarge",
+        "cx1.large",
+        "cx1.medium",
+        "cx1.xlarge",
+        "gn1.2xlarge",
+        "gn1.4xlarge",
+        "gn1.8xlarge",
+        "gn1.xlarge",
+        "m1.2xlarge",
+        "m1.4xlarge",
+        "m1.8xlarge",
+        "m1.large",
+        "m1.xlarge",
+        "n1.2xlarge",
+        "n1.4xlarge",
+        "n1.8xlarge",
+        "n1.large",
+        "n1.medium",
+        "n1.xlarge",
+        "o1.2xlarge",
+        "o1.4xlarge",
+        "o1.8xlarge",
+        "o1.large",
+        "o1.medium",
+        "o1.micro",
+        "o1.nano",
+        "o1.small",
+        "o1.xlarge",
+        "rt1.2xlarge",
+        "rt1.4xlarge",
+        "rt1.8xlarge",
+        "rt1.large",
+        "rt1.medium",
+        "rt1.micro",
+        "rt1.small",
+        "rt1.xlarge",
+        "u1.2xlarge",
+        "u1.2xmedium",
+        "u1.4xlarge",
+        "u1.8xlarge",
+        "u1.large",
+        "u1.medium",
+        "u1.micro",
+        "u1.nano",
+        "u1.small",
+        "u1.xlarge",
+        ""
       ]
     },
-    "storageClass": {
+    "instanceProfile": {
       "type": "string",
-      "description": "StorageClass used to store the data",
-      "default": "replicated"
+      "description": "Virtual Machine prefferences profile",
+      "default": "ubuntu",
+      "optional": true,
+      "enum": [
+        "alpine",
+        "centos.7",
+        "centos.7.desktop",
+        "centos.stream10",
+        "centos.stream10.desktop",
+        "centos.stream8",
+        "centos.stream8.desktop",
+        "centos.stream8.dpdk",
+        "centos.stream9",
+        "centos.stream9.desktop",
+        "centos.stream9.dpdk",
+        "cirros",
+        "fedora",
+        "fedora.arm64",
+        "opensuse.leap",
+        "opensuse.tumbleweed",
+        "rhel.10",
+        "rhel.10.arm64",
+        "rhel.7",
+        "rhel.7.desktop",
+        "rhel.8",
+        "rhel.8.desktop",
+        "rhel.8.dpdk",
+        "rhel.9",
+        "rhel.9.arm64",
+        "rhel.9.desktop",
+        "rhel.9.dpdk",
+        "rhel.9.realtime",
+        "sles",
+        "ubuntu",
+        "windows.10",
+        "windows.10.virtio",
+        "windows.11",
+        "windows.11.virtio",
+        "windows.2k16",
+        "windows.2k16.virtio",
+        "windows.2k19",
+        "windows.2k19.virtio",
+        "windows.2k22",
+        "windows.2k22.virtio",
+        "windows.2k25",
+        "windows.2k25.virtio",
+        ""
+      ]
+    },
+    "systemDisk": {
+      "type": "object",
+      "properties": {
+        "image": {
+          "type": "string",
+          "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`",
+          "default": "ubuntu",
+          "enum": [
+            "ubuntu",
+            "cirros",
+            "alpine",
+            "fedora",
+            "talos"
+          ]
+        },
+        "storage": {
+          "type": "string",
+          "description": "The size of the disk allocated for the virtual machine",
+          "default": "5Gi"
+        },
+        "storageClass": {
+          "type": "string",
+          "description": "StorageClass used to store the data",
+          "default": "replicated"
+        }
+      }
     },
     "resources": {
       "type": "object",
       "properties": {
         "cpu": {
-          "type": "number",
+          "type": "string",
           "description": "The number of CPU cores allocated to the virtual machine",
-          "default": 1
+          "default": ""
         },
         "memory": {
           "type": "string",
           "description": "The amount of memory allocated to the virtual machine",
-          "default": "1024M",
-          "x-display": "slider"
-        },
-        "disk": {
-          "type": "string",
-          "description": "The size of the disk allocated for the virtual machine",
-          "default": "5Gi"
+          "default": ""
         }
       }
     },

packages/apps/virtual-machine/values.yaml

@@ -2,24 +2,33 @@
 
 ## @param external Enable external access from outside the cluster
 ## @param externalPorts [array] Specify ports to forward from outside the cluster
-## @param running Determines if the virtual machine should be running
-## @param image The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`
-## @param storageClass StorageClass used to store the data
-## @param resources.cpu The number of CPU cores allocated to the virtual machine
-## @param resources.memory The amount of memory allocated to the virtual machine
-## @param resources.disk The size of the disk allocated for the virtual machine
-
 external: false
 externalPorts:
 - 22
 
+## @param running Determines if the virtual machine should be running
 running: true
-image: ubuntu
-storageClass: replicated
+
+## @param instanceType Virtual Machine instance type
+## @param instanceProfile Virtual Machine prefferences profile
+##
+instanceType: "u1.medium"
+instanceProfile: ubuntu
+
+## @param systemDisk.image The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`
+## @param systemDisk.storage The size of the disk allocated for the virtual machine
+## @param systemDisk.storageClass StorageClass used to store the data
+## 
+systemDisk:
+  image: ubuntu
+  storage: 5Gi
+  storageClass: replicated
+
+## @param resources.cpu The number of CPU cores allocated to the virtual machine
+## @param resources.memory The amount of memory allocated to the virtual machine
 resources:
-  cpu: 1
-  memory: 1024M
-  disk: 5Gi
+  cpu: ""
+  memory: ""
 
 ## @param sshKeys [array] List of SSH public keys for authentication. Can be a single key or a list of keys.
 ## Example:
@@ -40,4 +49,3 @@ sshKeys: []
 ##
 cloudInit: |
   #cloud-config
-

packages/apps/vm-disk/.helmignore

@@ -0,0 +1,3 @@
+.helmignore
+/logos
+/Makefile

packages/apps/vm-disk/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: vm-disk
+description: Virtual Machine disk
+icon: /logos/disk.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: 0.1.0

packages/apps/vm-disk/Makefile

@@ -0,0 +1,4 @@
+include ../../../scripts/package.mk
+
+generate:
+	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/vm-disk/README.md

@@ -0,0 +1,14 @@
+# Virtual Machine Disk
+
+A Virtual Machine Disk
+
+## Parameters
+
+### Common parameters
+
+| Name           | Description                                            | Value        |
+| -------------- | ------------------------------------------------------ | ------------ |
+| `source`       | The source image location used to create a disk        | `{}`         |
+| `optical`      | Defines is disk should be considered as optical        | `false`      |
+| `storage`      | The size of the disk allocated for the virtual machine | `5Gi`        |
+| `storageClass` | StorageClass used to store the data                    | `replicated` |

packages/apps/vm-disk/templates/NOTES.txt

@@ -0,0 +1,5 @@
+{{- if and .Values.source (hasKey .Values.source "upload") }}
+To upload your disk run:
+
+virtctl image-upload dv -n {{ .Release.Namespace }} {{ .Release.Name }} --image-path <path_to_image>
+{{- end }}

packages/apps/vm-disk/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - cdi.kubevirt.io
+  resources:
+  - datavolumes
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/vm-disk/templates/dv.yaml

@@ -0,0 +1,36 @@
+{{- $existingDV := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" .Release.Namespace .Release.Name }}
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+  annotations:
+    cdi.kubevirt.io/storage.bind.immediate.requested: ""
+    vm-disk.cozystack.io/optical: "{{ .Values.optical }}"
+  name: {{ .Release.Name }}
+spec:
+  {{- if $existingDV }}
+    {{- toYaml $existingDV.spec | nindent 2 }}
+  {{- else }} 
+  contentType: kubevirt
+  {{- if .Values.source }}
+  {{- if gt (len .Values.source) 1 }}
+    {{- fail "Exactly one type of source is expected!" }}
+  {{- end }}
+  source:
+    {{- if hasKey .Values.source "http" }}
+    http:
+      url: {{ required "A valid .Values.source.http.url entry required!" .Values.source.http.url }}
+    {{- else if hasKey .Values.source "upload" }}
+    upload: {}
+    {{- end }}
+  {{- else }}
+  source:
+    blank: {}
+  {{- end }}
+  storage:
+    resources:
+      requests:
+        storage: {{ .Values.storage }}
+    {{- with .Values.storageClass }}
+    storageClassName: {{ . }}
+    {{- end }}
+  {{- end }}

packages/apps/vm-disk/templates/pvc-resize-hook.yaml

@@ -0,0 +1,68 @@
+{{- $existingPVC := lookup "v1" "PersistentVolumeClaim" .Release.Namespace .Release.Name }}
+{{- if and $existingPVC (ne ($existingPVC.spec.resources.requests.storage | toString) .Values.storage) -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: "{{ .Release.Name }}-volume-resize-hook"
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "0"
+    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        policy.cozystack.io/allow-to-apiserver: "true"
+    spec:
+      serviceAccountName: {{ .Release.Name }}-volume-resize-hook
+      restartPolicy: Never
+      backoffLimit: 1
+      containers:
+        - name: resize
+          image: bitnami/kubectl
+          command: ["sh", "-xec"]
+          args:
+            - |
+              kubectl patch pvc {{ .Release.Name }} -p '{"spec":{"resources":{"requests":{"storage":"{{ .Values.storage }}"}}}}'
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}-volume-resize-hook
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-5"
+    helm.sh/hook-delete-policy: before-hook-creation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-volume-resize-hook
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-5"
+    helm.sh/hook-delete-policy: before-hook-creation
+rules:
+  - apiGroups: ["apps"]
+    resources: ["statefulsets"]
+    verbs: ["delete", "get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["patch", "get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-volume-resize-hook
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-5"
+    helm.sh/hook-delete-policy: before-hook-creation
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}-volume-resize-hook
+roleRef:
+  kind: Role
+  name: {{ .Release.Name }}-volume-resize-hook
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

packages/apps/vm-disk/values.schema.json

@@ -0,0 +1,26 @@
+{
+    "title": "Chart Values",
+    "type": "object",
+    "properties": {
+        "source": {
+            "type": "object",
+            "description": "The source image location used to create a disk",
+            "default": {}
+        },
+        "optical": {
+            "type": "boolean",
+            "description": "Defines is disk should be considered as optical",
+            "default": false
+        },
+        "storage": {
+            "type": "string",
+            "description": "The size of the disk allocated for the virtual machine",
+            "default": "5Gi"
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": "replicated"
+        }
+    }
+}

packages/apps/vm-disk/values.yaml

@@ -0,0 +1,28 @@
+## @section Common parameters
+
+## @param source The source image location used to create a disk
+## Example upload local image:
+## source:
+##   upload: {}
+##
+## Example download image from http source:
+## source:
+##   http:
+##     url: "https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img"
+##
+## Well known public images:
+## ubuntu: https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img
+## fedora: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2
+## cirros: https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
+## alpine: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.2-x86_64-bios-tiny-r0.qcow2
+## talos: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
+
+source: {}
+
+## @param optical Defines is disk should be considered as optical
+optical: false
+
+## @param storage The size of the disk allocated for the virtual machine
+## @param storageClass StorageClass used to store the data
+storage: 5Gi
+storageClass: replicated

packages/apps/vm-instance/.helmignore

@@ -0,0 +1,3 @@
+.helmignore
+/logos
+/Makefile

packages/apps/vm-instance/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+#name: Virtual Machine
+name: vm-instance
+description: Virtual machine instance
+icon: /logos/vmi.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"

packages/apps/vm-instance/Makefile

@@ -0,0 +1,10 @@
+include ../../../scripts/package.mk
+
+generate:
+	readme-generator -v values.yaml -s values.schema.json -r README.md
+	yq -o json -i '.properties.disks.items.type = "object" | .properties.disks.default = []' values.schema.json
+	INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \
+	  && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json
+	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
+	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
+	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json

packages/apps/vm-instance/README.md

@@ -0,0 +1,266 @@
+# Virtual Machine
+
+A Virtual Machine (VM) simulates computer hardware, enabling various operating systems and applications to run in an isolated environment.
+
+## Deployment Details
+
+The virtual machine is managed and hosted through KubeVirt, allowing you to harness the benefits of virtualization within your Kubernetes ecosystem.
+
+- Docs: [KubeVirt User Guide](https://kubevirt.io/user-guide/)
+- GitHub: [KubeVirt Repository](https://github.com/kubevirt/kubevirt)
+
+## Accessing virtual machine
+
+You can access the virtual machine using the virtctl tool:
+- [KubeVirt User Guide - Virtctl Client Tool](https://kubevirt.io/user-guide/user_workloads/virtctl_client_tool/)
+
+To access the serial console:
+
+```
+virtctl console <vm>
+```
+
+To access the VM using VNC:
+
+```
+virtctl vnc <vm>
+```
+
+To SSH into the VM:
+
+```
+virtctl ssh <user>@<vm>
+```
+
+## Parameters
+
+### Common parameters
+
+| Name               | Description                                                                        | Value            |
+| ------------------ | ---------------------------------------------------------------------------------- | ---------------- |
+| `external`         | Enable external access from outside the cluster                                    | `false`          |
+| `externalPorts`    | Specify ports to forward from outside the cluster                                  | `[]`             |
+| `running`          | Determines if the virtual machine should be running                                | `true`           |
+| `instanceType`     | Virtual Machine instance type                                                      | `u1.medium`      |
+| `instanceProfile`  | Virtual Machine prefferences profile                                               | `ubuntu`         |
+| `disks`            | List of disks to attach                                                            | `[]`             |
+| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                           | `""`             |
+| `resources.memory` | The amount of memory allocated to the virtual machine                              | `""`             |
+| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]`             |
+| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.        | `#cloud-config
+` |
+
+## U Series
+
+The U Series is quite neutral and provides resources for
+general purpose applications.
+
+*U* is the abbreviation for "Universal", hinting at the universal
+attitude towards workloads.
+
+VMs of instance types will share physical CPU cores on a
+time-slice basis with other VMs.
+
+### U Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## O Series
+
+The O Series is based on the U Series, with the only difference
+being that memory is overcommitted.
+
+*O* is the abbreviation for "Overcommitted".
+
+### UO Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *Overcommitted Memory* - Memory is over-committed in order to achieve
+  a higher workload density.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## CX Series
+
+The CX Series provides exclusive compute resources for compute
+intensive applications.
+
+*CX* is the abbreviation of "Compute Exclusive".
+
+The exclusive resources are given to the compute threads of the
+VM. In order to ensure this, some additional cores (depending
+on the number of disks and NICs) will be requested to offload
+the IO threading from cores dedicated to the workload.
+In addition, in this series, the NUMA topology of the used
+cores is provided to the VM.
+
+### CX Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vNUMA* - Physical NUMA topology is reflected in the guest in order to
+  optimize guest sided cache utilization.
+- *vCPU-To-Memory Ratio (1:2)* - A vCPU-to-Memory ratio of 1:2.
+
+## M Series
+
+The M Series provides resources for memory intensive
+applications.
+
+*M* is the abbreviation of "Memory".
+
+### M Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:8)* - A vCPU-to-Memory ratio of 1:8, for much
+  less noise per node.
+
+## RT Series
+
+The RT Series provides resources for realtime applications, like Oslat.
+
+*RT* is the abbreviation for "realtime".
+
+This series of instance types requires nodes capable of running
+realtime applications.
+
+### RT Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4 starting from
+  the medium size.
+
+## Development
+
+To get started with customizing or creating your own instancetypes and preferences
+see [DEVELOPMENT.md](./DEVELOPMENT.md).
+
+## Resources
+
+The following instancetype resources are provided by Cozystack:
+
+Name | vCPUs | Memory
+-----|-------|-------
+cx1.2xlarge  |  8  |  16Gi
+cx1.4xlarge  |  16  |  32Gi
+cx1.8xlarge  |  32  |  64Gi
+cx1.large  |  2  |  4Gi
+cx1.medium  |  1  |  2Gi
+cx1.xlarge  |  4  |  8Gi
+gn1.2xlarge  |  8  |  32Gi
+gn1.4xlarge  |  16  |  64Gi
+gn1.8xlarge  |  32  |  128Gi
+gn1.xlarge  |  4  |  16Gi
+m1.2xlarge  |  8  |  64Gi
+m1.4xlarge  |  16  |  128Gi
+m1.8xlarge  |  32  |  256Gi
+m1.large  |  2  |  16Gi
+m1.xlarge  |  4  |  32Gi
+n1.2xlarge  |  16  |  32Gi
+n1.4xlarge  |  32  |  64Gi
+n1.8xlarge  |  64  |  128Gi
+n1.large  |  4  |  8Gi
+n1.medium  |  4  |  4Gi
+n1.xlarge  |  8  |  16Gi
+o1.2xlarge  |  8  |  32Gi
+o1.4xlarge  |  16  |  64Gi
+o1.8xlarge  |  32  |  128Gi
+o1.large  |  2  |  8Gi
+o1.medium  |  1  |  4Gi
+o1.micro  |  1  |  1Gi
+o1.nano  |  1  |  512Mi
+o1.small  |  1  |  2Gi
+o1.xlarge  |  4  |  16Gi
+rt1.2xlarge  |  8  |  32Gi
+rt1.4xlarge  |  16  |  64Gi
+rt1.8xlarge  |  32  |  128Gi
+rt1.large  |  2  |  8Gi
+rt1.medium  |  1  |  4Gi
+rt1.micro  |  1  |  1Gi
+rt1.small  |  1  |  2Gi
+rt1.xlarge  |  4  |  16Gi
+u1.2xlarge  |  8  |  32Gi
+u1.2xmedium  |  2  |  4Gi
+u1.4xlarge  |  16  |  64Gi
+u1.8xlarge  |  32  |  128Gi
+u1.large  |  2  |  8Gi
+u1.medium  |  1  |  4Gi
+u1.micro  |  1  |  1Gi
+u1.nano  |  1  |  512Mi
+u1.small  |  1  |  2Gi
+u1.xlarge  |  4  |  16Gi
+
+The following preference resources are provided by Cozystack:
+
+Name | Guest OS
+-----|---------
+alpine | Alpine
+centos.7 | CentOS 7
+centos.7.desktop | CentOS 7
+centos.stream10 | CentOS Stream 10
+centos.stream10.desktop | CentOS Stream 10
+centos.stream8 | CentOS Stream 8
+centos.stream8.desktop | CentOS Stream 8
+centos.stream8.dpdk | CentOS Stream 8
+centos.stream9 | CentOS Stream 9
+centos.stream9.desktop | CentOS Stream 9
+centos.stream9.dpdk | CentOS Stream 9
+cirros | Cirros
+fedora | Fedora (amd64)
+fedora.arm64 | Fedora (arm64)
+opensuse.leap | OpenSUSE Leap
+opensuse.tumbleweed | OpenSUSE Tumbleweed
+rhel.10 | Red Hat Enterprise Linux 10 Beta (amd64)
+rhel.10.arm64 | Red Hat Enterprise Linux 10 Beta (arm64)
+rhel.7 | Red Hat Enterprise Linux 7
+rhel.7.desktop | Red Hat Enterprise Linux 7
+rhel.8 | Red Hat Enterprise Linux 8
+rhel.8.desktop | Red Hat Enterprise Linux 8
+rhel.8.dpdk | Red Hat Enterprise Linux 8
+rhel.9 | Red Hat Enterprise Linux 9 (amd64)
+rhel.9.arm64 | Red Hat Enterprise Linux 9 (arm64)
+rhel.9.desktop | Red Hat Enterprise Linux 9 Desktop (amd64)
+rhel.9.dpdk | Red Hat Enterprise Linux 9 DPDK (amd64)
+rhel.9.realtime | Red Hat Enterprise Linux 9 Realtime (amd64)
+sles | SUSE Linux Enterprise Server
+ubuntu | Ubuntu
+windows.10 | Microsoft Windows 10
+windows.10.virtio | Microsoft Windows 10 (virtio)
+windows.11 | Microsoft Windows 11
+windows.11.virtio | Microsoft Windows 11 (virtio)
+windows.2k16 | Microsoft Windows Server 2016
+windows.2k16.virtio | Microsoft Windows Server 2016 (virtio)
+windows.2k19 | Microsoft Windows Server 2019
+windows.2k19.virtio | Microsoft Windows Server 2019 (virtio)
+windows.2k22 | Microsoft Windows Server 2022
+windows.2k22.virtio | Microsoft Windows Server 2022 (virtio)
+windows.2k25 | Microsoft Windows Server 2025
+windows.2k25.virtio | Microsoft Windows Server 2025 (virtio)

packages/apps/vm-instance/hack/update-instance-types.sh

@@ -0,0 +1 @@
+#!/bin/sh

packages/apps/vm-instance/logos/vmi.svg

@@ -0,0 +1,21 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="144" height="144" rx="24" fill="url(#paint0_linear_687_3454)"/>
+<g clip-path="url(#clip0_687_3454)">
+<path d="M89.5039 111.707H54.497C54.1727 111.707 54.0108 111.221 54.3349 111.059L57.2522 108.952C60.3314 106.683 61.9522 102.631 60.9797 98.7412H83.021C82.0485 102.631 83.6693 106.683 86.7485 108.952L89.6658 111.059C89.99 111.221 89.8279 111.707 89.5039 111.707Z" fill="#B0B6BB"/>
+<path d="M113.328 98.741H30.6725C27.5931 98.741 25 96.148 25 93.0687V33.1032C25 30.0239 27.5931 27.4307 30.6725 27.4307H113.328C116.407 27.4307 119 30.0237 119 33.1032V93.0687C119 96.148 116.407 98.741 113.328 98.741Z" fill="#E8EDEE"/>
+<path d="M119 84.1549H25V33.1032C25 30.0239 27.5931 27.4307 30.6725 27.4307H113.328C116.407 27.4307 119 30.0237 119 33.1032L119 84.1549Z" fill="#00B3FF"/>
+<path d="M90.6374 116.569H53.3616C52.0651 116.569 50.9307 115.435 50.9307 114.138C50.9307 112.841 52.0651 111.707 53.3616 111.707H90.6374C91.9339 111.707 93.0684 112.841 93.0684 114.138C93.0684 115.435 91.9339 116.569 90.6374 116.569Z" fill="#E8EDEE"/>
+</g>
+<path d="M72.5275 53.8367C72.4431 53.8351 72.3605 53.8122 72.2873 53.7701L56.4699 44.7934C56.3983 44.7519 56.3388 44.6923 56.2973 44.6207C56.2559 44.549 56.2338 44.4678 56.2334 44.385C56.2334 44.2169 56.3258 44.0617 56.4699 43.9785L72.1912 35.0609C72.2637 35.021 72.345 35 72.4277 35C72.5105 35 72.5918 35.021 72.6643 35.0609L88.4872 44.0395C88.5591 44.0801 88.6188 44.1392 88.66 44.2107C88.7013 44.2822 88.7227 44.3635 88.7219 44.446C88.7225 44.5285 88.701 44.6097 88.6598 44.6812C88.6185 44.7526 88.5589 44.8118 88.4872 44.8525L72.7714 53.7683C72.6972 53.8114 72.6133 53.8349 72.5275 53.8367" fill="white"/>
+<path opacity="0.7" d="M70.2553 75.6517C70.171 75.6535 70.0878 75.6317 70.0151 75.5888L54.2458 66.6417C54.1715 66.6024 54.1095 66.5436 54.0661 66.4716C54.0228 66.3997 54 66.3173 54 66.2333V48.278C54 48.108 54.0924 47.9546 54.2439 47.8696C54.3172 47.8271 54.4004 47.8047 54.4851 47.8047C54.5697 47.8047 54.6529 47.8271 54.7262 47.8696L70.4937 56.8131C70.5642 56.8565 70.6225 56.917 70.6632 56.9891C70.7039 57.0612 70.7257 57.1424 70.7265 57.2251V75.1805C70.7259 75.2628 70.7042 75.3436 70.6635 75.4151C70.6227 75.4866 70.5642 75.5464 70.4937 75.5888C70.4206 75.6291 70.3387 75.6507 70.2553 75.6517" fill="white"/>
+<path opacity="0.4" d="M74.7198 75.6511C74.6333 75.6512 74.5482 75.6296 74.4722 75.5883C74.4016 75.5461 74.3432 75.4862 74.3027 75.4147C74.2623 75.3431 74.2411 75.2622 74.2412 75.18V57.3373C74.2412 57.171 74.3336 57.0158 74.4722 56.929L90.2397 47.9855C90.3119 47.9438 90.3938 47.9219 90.4771 47.9219C90.5605 47.9219 90.6424 47.9438 90.7146 47.9855C90.7876 48.0255 90.8485 48.0842 90.8911 48.1557C90.9337 48.2272 90.9563 48.3088 90.9566 48.392V66.2328C90.957 66.3164 90.9347 66.3985 90.8921 66.4704C90.8495 66.5424 90.7881 66.6014 90.7146 66.6411L74.9526 75.5883C74.8825 75.6307 74.8018 75.6525 74.7198 75.6511" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_687_3454" x1="161" y1="180" x2="3.59284e-07" y2="4.99998" gradientUnits="userSpaceOnUse">
+<stop/>
+<stop offset="1" stop-color="#595656"/>
+</linearGradient>
+<clipPath id="clip0_687_3454">
+<rect width="94" height="94" fill="white" transform="translate(25 25)"/>
+</clipPath>
+</defs>
+</svg>