Update release images

Fix kubernetes chart post-rendering
Add basic topologySpreadConstraints
2026-02-05 00:15:51 +00:00 · 2024-05-06 13:51:30 +02:00 · 2024-05-06 13:42:11 +02:00 · 2024-05-06 12:58:33 +02:00 · 2024-05-06 12:58:32 +02:00 · 2024-05-06 09:25:39 +02:00
225 changed files with 9062 additions and 6528 deletions
--- a/hack/gen_versions_map.sh
+++ b/hack/gen_versions_map.sh
@@ -20,9 +20,28 @@ miss_map=$(echo "$new_map" | awk 'NR==FNR { new_map[$1 " " $2] = $3; next } { if
 resolved_miss_map=$(
  echo "$miss_map" | while read chart version commit; do
    if [ "$commit" = HEAD ]; then
-      line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
+      line=$(awk '/^version:/ {print NR; exit}' "./$chart/Chart.yaml")
-      change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
+      change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
-      commit=$(git describe --always "$change_commit~1")
+       
      if [ "$change_commit" = "00000000" ]; then
        # Not commited yet, use previus commit
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $commit | cut -c1) = "^" ]; then
          # Previus commit not exists
          commit=$(echo $commit | cut -c2-)
        fi
      else
        # Commited, but version_map wasn't updated
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $change_commit | cut -c1) = "^" ]; then
          # Previus commit not exists
          commit=$(echo $change_commit | cut -c2-)
        else
          commit=$(git describe --always "$change_commit~1")
        fi
      fi
    fi
    echo "$chart $version $commit"
  done
--- a/hack/prepare_release.sh
+++ b/hack/prepare_release.sh
@@ -1,25 +0,0 @@
 #!/bin/sh
 set -e
 if [ -e $1 ]; then
  echo "Please pass version in the first argument"
  echo "Example: $0 0.2.0"
  exit 1
 fi
 version=$1
 talos_version=$(awk '/^version:/ {print $2}' packages/core/installer/images/talos/profiles/installer.yaml)
 set -x
 sed -i "/^TAG / s|=.*|= v${version}|" \
  packages/apps/http-cache/Makefile \
  packages/apps/kubernetes/Makefile \
  packages/core/installer/Makefile \
  packages/system/dashboard/Makefile
 sed -i "/^VERSION / s|=.*|= ${version}|" \
  packages/core/Makefile \
  packages/system/Makefile
 make -C packages/core fix-chartnames
 make -C packages/system fix-chartnames
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -15,13 +15,6 @@ metadata:
  namespace: cozy-system
 ---
 # Source: cozy-installer/templates/cozystack.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: cozystack
  namespace: cozy-system
 ---
 # Source: cozy-installer/templates/cozystack.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -70,7 +63,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.2.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -89,7 +82,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.2.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
--- a/packages/apps/Makefile
+++ b/packages/apps/Makefile
@@ -7,7 +7,7 @@ repo:
 	awk '$$3 != "HEAD" {print "mkdir -p $(TMP)/" $$1 "-" $$2}' versions_map | sh -ex
 	awk '$$3 != "HEAD" {print "git archive " $$3 " " $$1 " | tar -xf- --strip-components=1 -C $(TMP)/" $$1 "-" $$2 }' versions_map | sh -ex
 	helm package -d "$(OUT)" $$(find . $(TMP) -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")' | sort -V)
-	cd "$(OUT)" && helm repo index .
+	cd "$(OUT)" && helm repo index . --url http://cozystack.cozy-system.svc/repos/apps
 	rm -rf "$(TMP)"
 fix-chartnames:
--- a/packages/apps/clickhouse/Chart.yaml
+++ b/packages/apps/clickhouse/Chart.yaml
@@ -0,0 +1,25 @@
 apiVersion: v2
 name: clickhouse
 description: Managed ClickHouse service
 icon: https://cdn.worldvectorlogo.com/logos/clickhouse.svg
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "24.3.0"
--- a/packages/apps/clickhouse/templates/clickhouse.yaml
+++ b/packages/apps/clickhouse/templates/clickhouse.yaml
@@ -0,0 +1,36 @@
 apiVersion: "clickhouse.altinity.com/v1"
 kind: "ClickHouseInstallation"
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  {{- with .Values.size }}
  defaults:
    templates:
      dataVolumeClaimTemplate: data-volume-template
  {{- end }}
  configuration:
    {{- with .Values.users }}
    users:
      {{- range $name, $u := . }}
      {{ $name }}/password_sha256_hex: {{ sha256sum $u.password }}
      {{ $name }}/profile: {{ ternary "readonly" "default" (index $u "readonly" | default false) }}
      {{- end }}
    {{- end }}
    profiles:
      readonly/readonly: "1"
    clusters:
      - name: "clickhouse"
        layout:
          shardsCount: {{ .Values.shards }}
          replicasCount: {{ .Values.replicas }}
  {{- with .Values.size }}
  templates:
    volumeClaimTemplates:
      - name: data-volume-template
        spec:
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: {{ . }}
  {{- end }}
--- a/packages/apps/clickhouse/values.yaml
+++ b/packages/apps/clickhouse/values.yaml
@@ -0,0 +1,10 @@
 size: 10Gi
 shards: 1
 replicas: 2
 users:
  user1:
    password: strongpassword
  user2:
    readonly: true
    password: hackme
--- a/packages/apps/http-cache/Chart.yaml
+++ b/packages/apps/http-cache/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.25.3"
--- a/packages/apps/http-cache/Makefile
+++ b/packages/apps/http-cache/Makefile
@@ -1,22 +1,20 @@
 PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
 NGINX_CACHE_TAG = v0.1.0
-TAG := v0.2.0
+
 include ../../../scripts/common-envs.mk
 image: image-nginx
 image-nginx:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/nginx-cache \
 		--provenance false \
-		--tag $(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG) \
+		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)) \
-		--tag $(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG)-$(TAG) \
+		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)-$(TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG) \
+		--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:latest \
 		--cache-to type=inline \
 		--metadata-file images/nginx-cache.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG)" > images/nginx-cache.tag
+	echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))" > images/nginx-cache.tag
 update:
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/chrislim2888/IP2Location-C-Library | awk -F'[/^]' 'END{print $$3}') && \
--- a/packages/apps/http-cache/images/nginx-cache.json
+++ b/packages/apps/http-cache/images/nginx-cache.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:0487fc50bb5f870720b05e947185424a400fad38b682af8f1ca4b418ed3c5b4b",
+  "containerimage.config.digest": "sha256:9eb68d2d503d7e22afc6fde2635f566fd3456bbdb3caad5dc9f887be1dc2b8ab",
-  "containerimage.digest": "sha256:be12f3834be0e2f129685f682fab83c871610985fc43668ce6a294c9de603798"
+  "containerimage.digest": "sha256:1f44274dbc2c3be2a98e6cef83d68a041ae9ef31abb8ab069a525a2a92702bdd"
 }
--- a/packages/apps/http-cache/templates/haproxy/configmap.yaml
+++ b/packages/apps/http-cache/templates/haproxy/configmap.yaml
@@ -74,7 +74,7 @@ data:
        option redispatch 1
        default-server observe layer7 error-limit 10 on-error mark-down
-        {{- range $i, $e := until (int $.Values.replicas) }}
+        {{- range $i, $e := until (int $.Values.nginx.replicas) }}
        server cache{{ $i }} {{ $.Release.Name }}-nginx-cache-{{ $i }}:80 check
        {{- end }}
        {{- range $i, $e := $.Values.endpoints }} 
--- a/packages/apps/http-cache/templates/haproxy/deployment.yaml
+++ b/packages/apps/http-cache/templates/haproxy/deployment.yaml
@@ -7,7 +7,7 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: 2
+  replicas: {{ .Values.haproxy.replicas }}
  selector:
    matchLabels:
      app: {{ .Release.Name }}-haproxy
--- a/packages/apps/http-cache/templates/nginx/deployment.yaml
+++ b/packages/apps/http-cache/templates/nginx/deployment.yaml
@@ -11,7 +11,7 @@ spec:
  selector:
    matchLabels:
      app: {{ $.Release.Name }}-nginx-cache
-{{- range $i := until 3 }}
+{{- range $i := until (int $.Values.nginx.replicas) }}
 ---
 apiVersion: apps/v1
 kind: Deployment
--- a/packages/apps/http-cache/values.yaml
+++ b/packages/apps/http-cache/values.yaml
@@ -1,4 +1,10 @@
 external: false
 haproxy:
  replicas: 2
 nginx:
  replicas: 2
 size: 10Gi
 endpoints:
  - 10.100.3.1:80
--- a/packages/apps/kafka/Chart.yaml
+++ b/packages/apps/kafka/Chart.yaml
@@ -0,0 +1,25 @@
 apiVersion: v2
 name: kafka
 description: Managed Kafka service
 icon: https://upload.wikimedia.org/wikipedia/commons/0/05/Apache_kafka.svg
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "3.7.0"
--- a/packages/apps/kafka/templates/kafka.yaml
+++ b/packages/apps/kafka/templates/kafka.yaml
@@ -0,0 +1,53 @@
 apiVersion: kafka.strimzi.io/v1beta2
 kind: Kafka
 metadata:
  name: {{ .Release.Name }}
  labels:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
  kafka:
    replicas: {{ .Values.replicas }}
    listeners:
      - name: plain
        port: 9092
        type: internal
        tls: false
      - name: tls
        port: 9093
        type: internal
        tls: true
      - name: external
        port: 9094
        {{- if .Values.external }}
        type: loadbalancer
        {{- else }}
        type: internal
        {{- end }}
        tls: false
    config:
      offsets.topic.replication.factor: 3
      transaction.state.log.replication.factor: 3
      transaction.state.log.min.isr: 2
      default.replication.factor: 3
      min.insync.replicas: 2
    storage:
      type: jbod
      volumes:
      - id: 0
        type: persistent-claim
        {{- with .Values.kafka.size }}
        size: {{ . }}
        {{- end }}
        deleteClaim: true
  zookeeper:
    replicas: {{ .Values.replicas }}
    storage:
      type: persistent-claim
      {{- with .Values.zookeeper.size }}
      size: {{ . }}
      {{- end }}
      deleteClaim: false
  entityOperator:
    topicOperator: {}
    userOperator: {}
--- a/packages/apps/kafka/templates/topics.yaml
+++ b/packages/apps/kafka/templates/topics.yaml
@@ -0,0 +1,17 @@
 {{- range $topic := .Values.topics }}
 ---
 apiVersion: kafka.strimzi.io/v1beta2
 kind: KafkaTopic
 metadata:
  name: "{{ $.Release.Name }}-{{ kebabcase $topic.name }}"
  labels:
    strimzi.io/cluster: "{{ $.Release.Name }}"
 spec:
  topicName: "{{ $topic.name }}"
  partitions: 10
  replicas: 3
  {{- with $topic.config }}
  config:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/packages/apps/kafka/values.yaml
+++ b/packages/apps/kafka/values.yaml
@@ -0,0 +1,22 @@
 external: false
 kafka:
  size: 10Gi
  replicas: 3
 zookeeper:
  size: 5Gi
  replicas: 3
 topics:
  - name: Results
    partitions: 1
    replicas: 3
    config:
      min.insync.replicas: 2
  - name: Orders
    config:
      cleanup.policy: compact
      segment.ms: 3600000
      max.compaction.lag.ms: 5400000
      min.insync.replicas: 2
    partitions: 1
    replicationFactor: 3
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.19.0"
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,19 +1,17 @@
 PUSH := 1
 LOAD := 0
 REGISTRY := ghcr.io/aenix-io/cozystack
 TAG := v0.2.0
 UBUNTU_CONTAINER_DISK_TAG = v1.29.1
 include ../../../scripts/common-envs.mk
 image: image-ubuntu-container-disk
 image-ubuntu-container-disk:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/ubuntu-container-disk \
 		--provenance false \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)) \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG)-$(TAG) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)-$(TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG) \
+		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
 		--cache-to type=inline \
 		--metadata-file images/ubuntu-container-disk.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG)" > images/ubuntu-container-disk.tag
+	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))" > images/ubuntu-container-disk.tag
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.json
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:43d0bfd01c5e364ba961f1e3dc2c7ccd7fd4ca65bd26bc8c4a5298d7ff2c9f4f",
+  "containerimage.config.digest": "sha256:a7e8e6e35ac07bcf6253c9cfcf21fd3c315bd0653ad0427dd5f0cae95ffd3722",
-  "containerimage.digest": "sha256:908b3c186bee86f1c9476317eb6582d07f19776b291aa068e5642f8fd08fa9e7"
+  "containerimage.digest": "sha256:c03bffeeb70fe7dd680d2eca3021d2405fbcd9961dd38437f5673560c31c72cc"
 }
--- a/packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
+++ b/packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
@@ -15,6 +15,12 @@ spec:
      labels:
        app: {{ .Release.Name }}-cluster-autoscaler
    spec:
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
      - image: ghcr.io/kvaps/test:cluster-autoscaller
        name: cluster-autoscaler
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -64,12 +64,13 @@ metadata:
    cluster.x-k8s.io/managed-by: kamaji
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
 {{- range $groupName, $group := .Values.nodeGroups }}
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: KubeadmConfigTemplate
 metadata:
-  name: {{ .Release.Name }}-md-0
+  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
 spec:
  template:
    spec:
@@ -78,7 +79,7 @@ spec:
          kubeletExtraArgs: {}
        discovery:
          bootstrapToken:
-            apiServerEndpoint: {{ .Release.Name }}.{{ .Release.Namespace }}.svc:6443
+            apiServerEndpoint: {{ $.Release.Name }}.{{ $.Release.Namespace }}.svc:6443
      initConfiguration:
        skipPhases:
        - addon/kube-proxy
@@ -86,8 +87,8 @@ spec:
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtMachineTemplate
 metadata:
-  name: {{ .Release.Name }}-md-0
+  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
 spec:
  template:
    spec:
@@ -95,7 +96,7 @@ spec:
        checkStrategy: ssh
      virtualMachineTemplate:
        metadata:
-          namespace: {{ .Release.Namespace }}
+          namespace: {{ $.Release.Namespace }}
        spec:
          runStrategy: Always
          template:
@@ -103,7 +104,7 @@ spec:
              domain:
                cpu:
                  threads: 1
-                  cores: 2
+                  cores: {{ $group.resources.cpu }}
                  sockets: 1
                devices:
                  disks:
@@ -112,7 +113,7 @@ spec:
                    name: containervolume
                  networkInterfaceMultiqueue: true
                memory:
-                  guest: 1024Mi
+                  guest: {{ $group.resources.memory }}
              evictionStrategy: External
              volumes:
              - containerDisk:
@@ -122,29 +123,28 @@ spec:
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineDeployment
 metadata:
-  name: {{ .Release.Name }}-md-0
+  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
  annotations:
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "2"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ $group.minReplicas }}"
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "0"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ $group.maxReplicas }}"
-    capacity.cluster-autoscaler.kubernetes.io/memory: "1024Mi"
+    capacity.cluster-autoscaler.kubernetes.io/memory: "{{ $group.resources.memory }}"
-    capacity.cluster-autoscaler.kubernetes.io/cpu: "2"
+    capacity.cluster-autoscaler.kubernetes.io/cpu: "{{ $group.resources.cpu }}"
 spec:
-  clusterName: {{ .Release.Name }}
+  clusterName: {{ $.Release.Name }}
  selector:
    matchLabels: null
  template:
    spec:
      bootstrap:
        configRef:
          apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
          kind: KubeadmConfigTemplate
-          name: {{ .Release.Name }}-md-0
+          name: {{ $.Release.Name }}-{{ $groupName }}
          namespace: default
-      clusterName: {{ .Release.Name }}
+      clusterName: {{ $.Release.Name }}
      infrastructureRef:
        apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
        kind: KubevirtMachineTemplate
-        name: {{ .Release.Name }}-md-0
+        name: {{ $.Release.Name }}-{{ $groupName }}
        namespace: default
-      version: v1.23.10
+      version: v1.29.0
 {{- end }}
--- a/packages/apps/kubernetes/templates/csi/deploy.yaml
+++ b/packages/apps/kubernetes/templates/csi/deploy.yaml
@@ -16,12 +16,10 @@ spec:
    spec:
      serviceAccountName: {{ .Release.Name }}-kcsi
      priorityClassName: system-cluster-critical
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
-        - key: node-role.kubernetes.io/master
+        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -12,6 +12,12 @@ spec:
    spec:
      serviceAccountName: {{ .Release.Name }}-flux-teardown
      restartPolicy: Never
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
        - name: kubectl
          image: docker.io/clastix/kubectl:v1.29.1
--- a/packages/apps/kubernetes/templates/kccm/manager.yaml
+++ b/packages/apps/kubernetes/templates/kccm/manager.yaml
@@ -14,6 +14,12 @@ spec:
      labels:
        k8s-app: {{ .Release.Name }}-kccm
    spec:
      tolerations:
        - key: CriticalAddonsOnly
          operator: Exists
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
          effect: "NoSchedule"
      containers:
      - name: kubevirt-cloud-controller-manager
        args:
@@ -44,6 +50,4 @@ spec:
      - secret:
          secretName: {{ .Release.Name }}-admin-kubeconfig
        name: kubeconfig
      tolerations:
      - operator: Exists
      serviceAccountName: {{ .Release.Name }}-kccm
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -1,11 +0,0 @@
 {
  "$schema": "http://json-schema.org/schema#",
  "type": "object",
  "properties": {
    "host": {
      "type": "string",
      "title": "Domain name for this kubernetes cluster",
      "description": "This host will be used for all apps deployed in this tenant"
    }
  }
 }
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1 +1,10 @@
 host: ""
 controlPlane:
  replicas: 2
 nodeGroups:
  md0:
    minReplicas: 0
    maxReplicas: 10
    resources:
      cpu: 2
      memory: 1024Mi
--- a/packages/apps/mysql/Chart.yaml
+++ b/packages/apps/mysql/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "11.0.2"
--- a/packages/apps/mysql/templates/mariadb.yaml
+++ b/packages/apps/mysql/templates/mariadb.yaml
@@ -12,7 +12,7 @@ spec:
  port: 3306
-  replicas: 2
+  replicas: {{ .Values.replicas }}
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
@@ -28,11 +28,13 @@ spec:
            - {{ .Release.Name }}
        topologyKey: "kubernetes.io/hostname"
  {{- if gt (int .Values.replicas) 1 }}
  replication:
    enabled: true
    #primary:
    #  podIndex: 0
    #  automaticFailover: true
  {{- end }}
  metrics:
    enabled: true
--- a/packages/apps/mysql/values.yaml
+++ b/packages/apps/mysql/values.yaml
@@ -1,6 +1,8 @@
 external: false
 size: 10Gi
 replicas: 2
 users:
  root:
    password: strongpassword
--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "16.2"
--- a/packages/apps/postgres/templates/db.yaml
+++ b/packages/apps/postgres/templates/db.yaml
@@ -4,7 +4,7 @@ kind: Cluster
 metadata:
  name: {{ .Release.Name }}
 spec:
-  instances: 2
+  instances: {{ .Values.replicas }}
  enableSuperuserAccess: true
  postgresql:
--- a/packages/apps/postgres/values.yaml
+++ b/packages/apps/postgres/values.yaml
@@ -1,5 +1,6 @@
 external: false
 size: 10Gi
 replicas: 2
 users:
  user1:
--- a/packages/apps/rabbitmq/Chart.yaml
+++ b/packages/apps/rabbitmq/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "3.12.2"
--- a/packages/apps/rabbitmq/templates/rabbitmq.yaml
+++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml
@@ -6,7 +6,7 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: 3
+  replicas: {{ .Values.replicas }}
  {{- if .Values.external }}
  service:
    type: LoadBalancer
--- a/packages/apps/rabbitmq/values.schema.json
+++ b/packages/apps/rabbitmq/values.schema.json
@@ -5,6 +5,10 @@
    "external": {
      "type": "boolean",
      "title": "Enable external Access"
    },
    "replicas": {
      "type": "integer",
      "title": "Replicas"
    }
  }
 }
--- a/packages/apps/rabbitmq/values.yaml
+++ b/packages/apps/rabbitmq/values.yaml
@@ -1 +1,2 @@
 replicas: 3
 external: false
--- a/packages/apps/redis/Chart.yaml
+++ b/packages/apps/redis/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "6.2.6"
--- a/packages/apps/redis/templates/redisfailover.yaml
+++ b/packages/apps/redis/templates/redisfailover.yaml
@@ -14,7 +14,7 @@ spec:
      limits:
        memory: 100Mi
  redis:
-    replicas: 3
+    replicas: {{ .Values.replicas }}
    resources:
      requests:
        cpu: 150m
--- a/packages/apps/redis/values.schema.json
+++ b/packages/apps/redis/values.schema.json
@@ -9,6 +9,10 @@
    "size": {
      "type": "string",
      "title": "Disk Size"
    },
    "replicas": {
      "type": "integer",
      "title": "Replicas"
    }
  }
 }
--- a/packages/apps/redis/values.yaml
+++ b/packages/apps/redis/values.yaml
@@ -1,2 +1,3 @@
 replicas: 2
 external: false
 size: 5Gi
--- a/packages/apps/tcp-balancer/Chart.yaml
+++ b/packages/apps/tcp-balancer/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "2.9.7"
--- a/packages/apps/tcp-balancer/templates/deployment.yaml
+++ b/packages/apps/tcp-balancer/templates/deployment.yaml
@@ -7,7 +7,7 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: 2
+  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: {{ .Release.Name }}-haproxy
--- a/packages/apps/tcp-balancer/values.yaml
+++ b/packages/apps/tcp-balancer/values.yaml
@@ -1,4 +1,5 @@
 external: false
 replicas: 2
 httpAndHttps:
  mode: tcp
  targetPorts:
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -1,15 +1,26 @@
-http-cache 0.1.0 HEAD
+clickhouse 0.1.0 ca79f72
-kubernetes 0.1.0 HEAD
+clickhouse 0.2.0 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 HEAD
 kafka 0.1.0 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 HEAD
 mysql 0.1.0 f642698
-mysql 0.2.0 HEAD
+mysql 0.2.0 8b975ff0
-postgres 0.1.0 HEAD
+mysql 0.3.0 HEAD
-rabbitmq 0.1.0 HEAD
+postgres 0.1.0 f642698
-redis 0.1.1 HEAD
+postgres 0.2.0 HEAD
-tcp-balancer 0.1.0 HEAD
+rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
 tenant 0.1.4 d200480
 tenant 0.1.5 e3ab858
 tenant 1.0.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 HEAD
-vpn 0.1.0 HEAD
+vpn 0.1.0 f642698
 vpn 0.2.0 HEAD
--- a/packages/apps/vpn/Chart.yaml
+++ b/packages/apps/vpn/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vpn
-description: Establish a connection from your computer
+description: Managed VPN service
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Outline_VPN_icon.png/600px-Outline_VPN_icon.png
 # A chart can be either an 'application' or a 'library' chart.
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.8.1"
--- a/packages/apps/vpn/templates/deployment.yaml
+++ b/packages/apps/vpn/templates/deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  name: {{ .Release.Name }}-vpn
 spec:
-  replicas: 2
+  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      app: {{ .Release.Name }}-vpn
--- a/packages/apps/vpn/values.yaml
+++ b/packages/apps/vpn/values.yaml
@@ -1,4 +1,5 @@
 external: false
 replicas: 2
 users:
  user1:
--- a/packages/core/Makefile
+++ b/packages/core/Makefile
@@ -1,6 +0,0 @@
 VERSION := 0.2.0
 gen: fix-chartnames
 fix-chartnames:
 	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: $(VERSION)\n" "$$i" > "$$i/Chart.yaml"; done
--- a/packages/core/fluxcd/Chart.yaml
+++ b/packages/core/fluxcd/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-fluxcd
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/core/fluxcd/Makefile
+++ b/packages/core/fluxcd/Makefile
@@ -1,5 +1,5 @@
 NAMESPACE=cozy-fluxcd
 NAME=fluxcd
 NAMESPACE=cozy-$(NAME)
 API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
--- a/packages/core/installer/Chart.yaml
+++ b/packages/core/installer/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-installer
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/core/installer/Makefile
+++ b/packages/core/installer/Makefile
@@ -1,11 +1,10 @@
 NAMESPACE=cozy-system
 NAME=installer
-PUSH := 1
+NAMESPACE=cozy-system
-LOAD := 0
+
 REGISTRY := ghcr.io/aenix-io/cozystack
 TAG := v0.2.0
 TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml)
 include ../../../scripts/common-envs.mk
 show:
 	helm template -n $(NAMESPACE) $(NAME) .
@@ -24,37 +23,37 @@ image-cozystack:
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
-		--tag $(REGISTRY)/cozystack:$(TAG) \
+		--tag $(REGISTRY)/cozystack:$(call settag,$(TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/cozystack:$(TAG) \
+		--cache-from type=registry,ref=$(REGISTRY)/cozystack:latest \
 		--cache-to type=inline \
 		--metadata-file images/cozystack.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/cozystack:$(TAG)" > images/cozystack.tag
+	echo "$(REGISTRY)/cozystack:$(call settag,$(TAG))" > images/cozystack.tag
 image-talos:
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
 	docker load -i ../../../_out/assets/installer-amd64.tar
-	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) ghcr.io/aenix-io/cozystack/talos:$(TALOS_VERSION)
+	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION))
-	docker push ghcr.io/aenix-io/cozystack/talos:$(TALOS_VERSION)
+	docker push ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION))
 image-matchbox:
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
 	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
 		--provenance false \
-		--tag $(REGISTRY)/matchbox:$(TAG) \
+		--tag $(REGISTRY)/matchbox:$(call settag,$(TAG)) \
-		--tag $(REGISTRY)/matchbox:$(TALOS_VERSION)-$(TAG) \
+		--tag $(REGISTRY)/matchbox:$(call settag,$(TALOS_VERSION)-$(TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/matchbox:$(TALOS_VERSION) \
+		--cache-from type=registry,ref=$(REGISTRY)/matchbox:latest \
 		--cache-to type=inline \
 		--metadata-file images/matchbox.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/matchbox:$(TALOS_VERSION)" > images/matchbox.tag
+	echo "$(REGISTRY)/matchbox:$(call settag,$(TALOS_VERSION))" > images/matchbox.tag
-assets: talos-iso
+assets: talos-iso talos-nocloud
-talos-initramfs talos-kernel talos-installer talos-iso:
+talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud:
 	mkdir -p ../../../_out/assets
 	cat images/talos/profiles/$(subst talos-,,$@).yaml | \
 		docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
--- a/packages/core/installer/hack/gen-profiles.sh
+++ b/packages/core/installer/hack/gen-profiles.sh
@@ -2,7 +2,7 @@
 set -e
 set -u
-PROFILES="initramfs kernel iso installer"
+PROFILES="initramfs kernel iso installer nocloud"
 FIRMWARES="amd-ucode amdgpu-firmware bnx2-bnx2x i915-ucode intel-ice-firmware intel-ucode qlogic-firmware"
 EXTENSIONS="drbd zfs"
@@ -32,6 +32,14 @@ done
 for profile in $PROFILES; do
  echo "writing profile images/talos/profiles/$profile.yaml"
  if [ "$profile" = "nocloud" ]; then
    image_options="{ diskSize: 1306525696, diskFormat: raw }"
    out_format=".xz"
  else
    image_options="{}"
    out_format="raw"
  fi
  cat > images/talos/profiles/$profile.yaml <<EOT
 # this file generated by hack/gen-profiles.sh
 # do not edit it
@@ -58,6 +66,7 @@ input:
    - imageRef: ghcr.io/siderolabs/zfs:${ZFS_VERSION}
 output:
  kind: ${profile}
-  outFormat: raw
+  imageOptions: ${image_options}
  outFormat: ${out_format}
 EOT
 done
--- a/packages/core/installer/images/cozystack.json
+++ b/packages/core/installer/images/cozystack.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:326a169fb5d4277a5c3b0359e0c885b31d1360b58475bbc316be1971c710cd8d",
+  "containerimage.config.digest": "sha256:aefc3ca9f56f69270d7ce6f56a1ce5b531332d5641481eb54c8e74b66b0f3341",
-  "containerimage.digest": "sha256:a608bdb75b3e06f6365f5f0b3fea82ac93c564d11f316f17e3d46e8a497a321d"
+  "containerimage.digest": "sha256:a2bf43cb7eb812166edfeb1a4fae6a76a4ddba93be2c0ba9040a804ccb53c261"
 }
--- a/packages/core/installer/images/cozystack.tag
+++ b/packages/core/installer/images/cozystack.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cozystack:v0.2.0
+ghcr.io/aenix-io/cozystack/cozystack:v0.4.0
--- a/packages/core/installer/images/matchbox.json
+++ b/packages/core/installer/images/matchbox.json
@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:dc584f743bb73e04dcbebca7ab4f602f2c067190fd9609c3fd84412e83c20445",
+  "containerimage.config.digest": "sha256:68ea72fcc581352fabfd87fa6fd482968cc85ee520cab7a614f1244d7ae36eb0",
-  "containerimage.digest": "sha256:39ab0bf769b269a8082eeb31a9672e39caa61dd342ba2157b954c642f54a32ff"
+  "containerimage.digest": "sha256:cea915e08a19eb6892f3facf3b3648368cd4a05abefc49bc2616ba3340c27e82"
 }
--- a/packages/core/installer/images/matchbox.tag
+++ b/packages/core/installer/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/matchbox:v1.6.4
+ghcr.io/aenix-io/cozystack/matchbox:v1.7.1
--- a/packages/core/installer/images/talos/profiles/initramfs.yaml
+++ b/packages/core/installer/images/talos/profiles/initramfs.yaml
@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
  kind: initramfs
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/installer.yaml
+++ b/packages/core/installer/images/talos/profiles/installer.yaml
@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
  kind: installer
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/iso.yaml
+++ b/packages/core/installer/images/talos/profiles/iso.yaml
@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
  kind: iso
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/kernel.yaml
+++ b/packages/core/installer/images/talos/profiles/kernel.yaml
@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
  kind: kernel
  imageOptions: {}
  outFormat: raw
--- a/packages/core/installer/images/talos/profiles/nocloud.yaml
+++ b/packages/core/installer/images/talos/profiles/nocloud.yaml
@@ -0,0 +1,27 @@
 # this file generated by hack/gen-profiles.sh
 # do not edit it
 arch: amd64
 platform: metal
 secureboot: false
 version: v1.7.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
    imageRef: ghcr.io/siderolabs/installer:v1.7.1
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
  kind: nocloud
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
  outFormat: .xz
--- a/packages/core/installer/templates/cozystack.yaml
+++ b/packages/core/installer/templates/cozystack.yaml
@@ -12,12 +12,6 @@ metadata:
  name: cozystack
  namespace: cozy-system
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: cozystack
  namespace: cozy-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
--- a/packages/core/platform/Chart.yaml
+++ b/packages/core/platform/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-platform
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/core/platform/Makefile
+++ b/packages/core/platform/Makefile
@@ -1,5 +1,5 @@
 NAMESPACE=cozy-system
 NAME=platform
 NAMESPACE=cozy-system
 API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -52,6 +52,12 @@ releases:
  privileged: true
  dependsOn: [cilium]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cilium,cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/bundles/distro-hosted.yaml
+++ b/packages/core/platform/bundles/distro-hosted.yaml
@@ -26,6 +26,12 @@ releases:
  privileged: true
  dependsOn: [victoria-metrics-operator]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -81,6 +81,12 @@ releases:
  privileged: true
  dependsOn: [cilium,kubeovn]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cilium,kubeovn,cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/bundles/paas-hosted.yaml
+++ b/packages/core/platform/bundles/paas-hosted.yaml
@@ -26,6 +26,12 @@ releases:
  privileged: true
  dependsOn: [victoria-metrics-operator]
 - name: etcd-operator
  releaseName: etcd-operator
  chart: cozy-etcd-operator
  namespace: cozy-etcd-operator
  dependsOn: [cert-manager]
 - name: grafana-operator
  releaseName: grafana-operator
  chart: cozy-grafana-operator
--- a/packages/core/platform/templates/helmreleases.yaml
+++ b/packages/core/platform/templates/helmreleases.yaml
@@ -23,9 +23,11 @@ spec:
  interval: 1m
  releaseName: {{ $x.releaseName | default $x.name }}
  install:
    crds: CreateReplace
    remediation:
      retries: -1
  upgrade:
    crds: CreateReplace
    remediation:
      retries: -1
  chart:
--- a/packages/extra/Makefile
+++ b/packages/extra/Makefile
@@ -7,7 +7,7 @@ repo:
 	awk '$$3 != "HEAD" {print "mkdir -p $(TMP)/" $$1 "-" $$2}' versions_map | sh -ex
 	awk '$$3 != "HEAD" {print "git archive " $$3 " " $$1 " | tar -xf- --strip-components=1 -C $(TMP)/" $$1 "-" $$2 }' versions_map | sh -ex
 	helm package -d "$(OUT)" $$(find . $(TMP) -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")' | sort -V)
-	cd "$(OUT)" && helm repo index .
+	cd "$(OUT)" && helm repo index . --url http://cozystack.cozy-system.svc/repos/extra
 	rm -rf "$(TMP)"
 fix-chartnames:
--- a/packages/extra/etcd/Chart.yaml
+++ b/packages/extra/etcd/Chart.yaml
@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: https://www.svgrepo.com/show/353714/etcd.svg
 type: application
-version: 1.0.0
+version: 2.0.0
--- a/packages/extra/etcd/templates/datastore.yaml
+++ b/packages/extra/etcd/templates/datastore.yaml
@@ -0,0 +1,50 @@
 ---
 apiVersion: kamaji.clastix.io/v1alpha1
 kind: DataStore
 metadata:
  name: {{ .Release.Namespace }}
 spec:
  driver: etcd
  endpoints:
  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc:2379
  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc:2379
  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc:2379
  tlsConfig:
    certificateAuthority:
      certificate:
        secretReference:
          keyPath: tls.crt
          name: etcd-ca-tls
          namespace: {{ .Release.Namespace }}
      privateKey:
        secretReference:
          keyPath: tls.key
          name: etcd-ca-tls
          namespace: {{ .Release.Namespace }}
    clientCertificate:
      certificate:
        secretReference:
          keyPath: tls.crt
          name: etcd-client-tls
          namespace: {{ .Release.Namespace }}
      privateKey:
        secretReference:
          keyPath: tls.key
          name: etcd-client-tls
          namespace: {{ .Release.Namespace }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: etcd-ca-tls
  annotations:
    helm.sh/hook: pre-install
    helm.sh/resource-policy: keep
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: etcd-client-tls
  annotations:
    helm.sh/hook: pre-install
    helm.sh/resource-policy: keep
--- a/packages/extra/etcd/templates/etcd-cluster.yaml
+++ b/packages/extra/etcd/templates/etcd-cluster.yaml
@@ -0,0 +1,176 @@
 ---
 apiVersion: etcd.aenix.io/v1alpha1
 kind: EtcdCluster
 metadata:
  name: etcd
 spec:
  storage: {}
  security:
    tls:
      peerTrustedCASecret: etcd-peer-ca-tls
      peerSecret: etcd-peer-tls
      serverSecret: etcd-server-tls
      clientTrustedCASecret: etcd-ca-tls
      clientSecret: etcd-client-tls
  podTemplate:
    spec:
      topologySpreadConstraints:
      - maxSkew: 1
        topologyKey: "kubernetes.io/hostname"
        whenUnsatisfiable: ScheduleAnyway
        labelSelector:
          matchLabels:
            app.kubernetes.io/instance: etcd
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: etcd-selfsigning-issuer
 spec:
  selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-peer-ca
 spec:
  isCA: true
  usages:
  - "signing"
  - "key encipherment"
  - "cert sign"
  commonName: etcd-peer-ca
  subject:
    organizations:
      - ACME Inc.
    organizationalUnits:
      - Widgets
  secretName: etcd-peer-ca-tls
  privateKey:
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-selfsigning-issuer
    kind: Issuer
    group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-ca
 spec:
  isCA: true
  usages:
  - "signing"
  - "key encipherment"
  - "cert sign"
  commonName: etcd-ca
  subject:
    organizations:
      - ACME Inc.
    organizationalUnits:
      - Widgets
  secretName: etcd-ca-tls
  privateKey:
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-selfsigning-issuer
    kind: Issuer
    group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: etcd-peer-issuer
 spec:
  ca:
    secretName: etcd-peer-ca-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: etcd-issuer
 spec:
  ca:
    secretName: etcd-ca-tls
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-server
 spec:
  secretName: etcd-server-tls
  isCA: false
  usages:
    - "server auth"
    - "signing"
    - "key encipherment"
  dnsNames:
  - etcd-0
  - etcd-0.etcd-headless
  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-1
  - etcd-1.etcd-headless
  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-2
  - etcd-2.etcd-headless
  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
  - localhost
  - "127.0.0.1"
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-issuer
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-peer
 spec:
  secretName: etcd-peer-tls
  isCA: false
  usages:
    - "server auth"
    - "client auth"
    - "signing"
    - "key encipherment"
  dnsNames:
  - etcd-0
  - etcd-0.etcd-headless
  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-1
  - etcd-1.etcd-headless
  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
  - etcd-2
  - etcd-2.etcd-headless
  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
  - localhost
  - "127.0.0.1"
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-peer-issuer
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: etcd-client
 spec:
  commonName: root
  secretName: etcd-client-tls
  usages:
  - "signing"
  - "key encipherment"
  - "client auth"
  privateKey:
    rotationPolicy: Always
    algorithm: RSA
    size: 4096
  issuerRef:
    name: etcd-issuer
    kind: Issuer
--- a/packages/extra/etcd/templates/kamaji-etcd.yaml
+++ b/packages/extra/etcd/templates/kamaji-etcd.yaml
@@ -1,19 +0,0 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: kamaji-etcd
 spec:
  chart:
    spec:
      chart: cozy-kamaji-etcd
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
    kamaji-etcd:
      fullnameOverride: etcd
--- a/packages/extra/monitoring/templates/grafana/grafana.yaml
+++ b/packages/extra/monitoring/templates/grafana/grafana.yaml
@@ -67,7 +67,7 @@ spec:
  ingress:
    metadata:
      annotations:
-        kubernetes.io/ingress.class: "{{ $ingress }}"
+        acme.cert-manager.io/http01-ingress-class: "{{ $ingress }}"
        cert-manager.io/cluster-issuer: letsencrypt-prod
    spec:
      ingressClassName: "{{ $ingress }}"
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -1,3 +1,4 @@
-etcd 1.0.0 HEAD
+etcd 1.0.0 f7eaab0
 etcd 2.0.0 HEAD
 ingress 1.0.0 HEAD
 monitoring 1.0.0 HEAD
--- a/packages/system/Makefile
+++ b/packages/system/Makefile
@@ -1,13 +1,12 @@
 OUT=../../_out/repos/system
 VERSION := 0.2.0
-gen: fix-chartnames
+include ../../scripts/common-envs.mk
-repo: fix-chartnames
+repo:
 	rm -rf "$(OUT)"
 	mkdir -p "$(OUT)"
-	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")')
+	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(VERSION)
 	cd "$(OUT)" && helm repo index .
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: $(VERSION)\n" "$$i" > "$$i/Chart.yaml"; done
+	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done
--- a/packages/system/capi-operator/Chart.yaml
+++ b/packages/system/capi-operator/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-capi-operator
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/capi-operator/Makefile
+++ b/packages/system/capi-operator/Makefile
@@ -1,14 +1,7 @@
 NAME=capi-operator
 NAMESPACE=cozy-cluster-api
-show:
+include ../../../scripts/package-system.mk
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 apply:
 	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
 	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 update:
 	rm -rf charts
--- a/packages/system/capi-providers/Chart.yaml
+++ b/packages/system/capi-providers/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-capi-providers
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/capi-providers/Makefile
+++ b/packages/system/capi-providers/Makefile
@@ -1,11 +1,4 @@
 NAME=capi-providers
 NAMESPACE=cozy-cluster-api
-show:
+include ../../../scripts/package-system.mk
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 apply:
 	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
 	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
--- a/packages/system/capi-providers/templates/providers.yaml
+++ b/packages/system/capi-providers/templates/providers.yaml
@@ -13,7 +13,7 @@ spec:
  deployment:
    containers:
    - name: manager
-      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.6.0-fix7
+      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.7.1-fix
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: BootstrapProvider
--- a/packages/system/cert-manager-issuers/Chart.yaml
+++ b/packages/system/cert-manager-issuers/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-cert-manager-issuers
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/cert-manager-issuers/Makefile
+++ b/packages/system/cert-manager-issuers/Makefile
@@ -1,11 +1,4 @@
 NAME=cert-manager-issuers
 NAMESPACE=cozy-cert-manager
-show:
+include ../../../scripts/package-system.mk
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 apply:
 	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
 	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
--- a/packages/system/cert-manager/Chart.yaml
+++ b/packages/system/cert-manager/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-cert-manager
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/cert-manager/Makefile
+++ b/packages/system/cert-manager/Makefile
@@ -1,14 +1,7 @@
 NAME=cert-manager
-NAMESPACE=cozy-cert-manager
+NAMESPACE=cozy-$(NAME)
-show:
+include ../../../scripts/package-system.mk
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 apply:
 	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
 	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 update:
 	rm -rf charts
--- a/packages/system/cilium/Chart.yaml
+++ b/packages/system/cilium/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-cilium
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/cilium/Makefile
+++ b/packages/system/cilium/Makefile
@@ -1,14 +1,7 @@
 NAMESPACE=cozy-cilium
 NAME=cilium
 NAMESPACE=cozy-$(NAME)
-show:
+include ../../../scripts/package-system.mk
 	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm template --dry-run=server -n $(NAMESPACE) $(NAME) . -f -
 apply:
 	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm upgrade -i -n $(NAMESPACE) $(NAME) . -f -
 diff:
 	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) . -f -
 update:
 	rm -rf charts
--- a/packages/system/clickhouse-operator/Chart.yaml
+++ b/packages/system/clickhouse-operator/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-clickhouse-operator
-version: 0.3.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/clickhouse-operator/Makefile
+++ b/packages/system/clickhouse-operator/Makefile
@@ -1,14 +1,7 @@
 NAME=clickhouse-operator
 NAMESPACE=cozy-clickhouse-operator
-show:
+include ../../../scripts/package-system.mk
 	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 apply:
 	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
 	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 update:
 	rm -rf charts
--- a/packages/system/clickhouse-operator/values.yaml
+++ b/packages/system/clickhouse-operator/values.yaml
@@ -0,0 +1,6 @@
 altinity-clickhouse-operator:
  configs:
    files:
      config.yaml:
        watch:
          namespaces: [".*"]
--- a/packages/system/dashboard/Chart.yaml
+++ b/packages/system/dashboard/Chart.yaml
@@ -1,2 +1,3 @@
 apiVersion: v2
 name: cozy-dashboard
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/system/dashboard/Makefile
+++ b/packages/system/dashboard/Makefile
@@ -1,18 +1,8 @@
 NAME=dashboard
-NAMESPACE=cozy-dashboard
+NAMESPACE=cozy-$(NAME)
 PUSH := 1
 LOAD := 0
 REPOSITORY := ghcr.io/aenix-io/cozystack
 TAG := v0.2.0
-show:
+include ../../../scripts/common-envs.mk
-	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
+include ../../../scripts/package-system.mk
 apply:
 	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 diff:
 	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 update: update-chart update-dockerfiles
 image: image-dashboard image-kubeapps-apis
@@ -37,21 +27,21 @@ update-dockerfiles:
 image-dashboard:
 	docker buildx build images/dashboard \
 		--provenance false \
-		--tag $(REPOSITORY)/dashboard:$(TAG) \
+		--tag $(REGISTRY)/dashboard:$(call settag,$(TAG)) \
-		--cache-from type=registry,ref=$(REPOSITORY)/dashboard:$(TAG) \
+		--cache-from type=registry,ref=$(REGISTRY)/dashboard:latest \
 		--cache-to type=inline \
 		--metadata-file images/dashboard.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REPOSITORY)/dashboard:$(TAG)" > images/dashboard.tag
+	echo "$(REGISTRY)/dashboard:$(call settag,$(TAG))" > images/dashboard.tag
 image-kubeapps-apis:
 	docker buildx build images/kubeapps-apis \
 		--provenance false \
-		--tag $(REPOSITORY)/kubeapps-apis:$(TAG) \
+		--tag $(REGISTRY)/kubeapps-apis:$(call settag,$(TAG)) \
-		--cache-from type=registry,ref=$(REPOSITORY)/kubeapps-apis:$(TAG) \
+		--cache-from type=registry,ref=$(REGISTRY)/kubeapps-apis:latest \
 		--cache-to type=inline \
 		--metadata-file images/kubeapps-apis.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REPOSITORY)/kubeapps-apis:$(TAG)" > images/kubeapps-apis.tag
+	echo "$(REGISTRY)/kubeapps-apis:$(call settag,$(TAG))" > images/kubeapps-apis.tag
--- a/packages/system/dashboard/charts/kubeapps/Chart.lock
+++ b/packages/system/dashboard/charts/kubeapps/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.19.2
+  version: 19.0.2
 - name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.4.6
+  version: 15.2.4
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.19.0
+  version: 2.19.1
-digest: sha256:b4965a22517e61212e78abb8d1cbe86e800c8664b3139e2047f4bd62b3e55b24
+digest: sha256:2ff034d67cb1b9c11f0243b3ab9a6a8642bf12142df2f86043f9006adf6dbba1
-generated: "2024-03-13T11:51:34.216594+01:00"
+generated: "2024-04-08T09:01:34.727544997Z"
--- a/packages/system/dashboard/charts/kubeapps/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/Chart.yaml
@@ -2,33 +2,33 @@ annotations:
  category: Infrastructure
  images: |
    - name: kubeapps-apis
-      image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r19
+      image: docker.io/bitnami/kubeapps-apis:2.10.0-debian-12-r0
    - name: kubeapps-apprepository-controller
-      image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r18
+      image: docker.io/bitnami/kubeapps-apprepository-controller:2.10.0-debian-12-r0
    - name: kubeapps-asset-syncer
-      image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r19
+      image: docker.io/bitnami/kubeapps-asset-syncer:2.10.0-debian-12-r0
    - name: kubeapps-dashboard
-      image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r18
+      image: docker.io/bitnami/kubeapps-dashboard:2.10.0-debian-12-r0
    - name: kubeapps-oci-catalog
-      image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r17
+      image: docker.io/bitnami/kubeapps-oci-catalog:2.10.0-debian-12-r0
    - name: kubeapps-pinniped-proxy
-      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r17
+      image: docker.io/bitnami/kubeapps-pinniped-proxy:2.10.0-debian-12-r0
    - name: nginx
-      image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
+      image: docker.io/bitnami/nginx:1.25.4-debian-12-r7
    - name: oauth2-proxy
-      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r4
+      image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r7
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.9.0
+appVersion: 2.10.0
 dependencies:
 - condition: packaging.flux.enabled
  name: redis
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.x.x
+  version: 19.x.x
 - condition: packaging.helm.enabled
  name: postgresql
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 13.x.x
+  version: 15.x.x
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
  tags:
@@ -51,4 +51,4 @@ maintainers:
 name: kubeapps
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps
-version: 14.7.2
+version: 15.0.2
--- a/packages/system/dashboard/charts/kubeapps/README.md
+++ b/packages/system/dashboard/charts/kubeapps/README.md
--- a/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
+++ b/packages/system/dashboard/charts/kubeapps/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.19.0
+appVersion: 2.19.1
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.19.0
+version: 2.19.1
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andrei Kvapil	9efbf5d22e	Update release images	2024-05-06 13:51:30 +02:00
Andrei Kvapil	662f12e0ce	Fix kubernetes chart post-rendering	2024-05-06 13:42:11 +02:00
Andrei Kvapil	3439cf39dd	Add basic topologySpreadConstraints	2024-05-06 12:58:33 +02:00
Andrei Kvapil	965e1be283	Fix datastore creation depends on created secrets	2024-05-06 12:58:32 +02:00
Marian Koreniuk	9145be14c1	Merge pull request #117 from aenix-io/release-0.1.0v2 Prepare release v0.4.0	2024-05-06 09:25:39 +02:00
Andrei Kvapil	fca349c641	Update Talos v1.7.1	2024-05-04 07:32:08 +02:00
Andrei Kvapil	0b38599394	Prepare release v0.4.0 Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-05-03 23:12:35 +02:00
Andrei Kvapil	0a33950a40	Prepare release v0.4.0 (#115 )	2024-05-03 23:02:41 +02:00
Andrei Kvapil	e3376a223e	Fix tolerations in Kubernetes chart (#116 )	2024-05-03 13:26:02 +02:00
Marian Koreniuk	dee190ad4f	Merge pull request #95 from aenix-io/etcd-operator Replace kamaji-etcd with aenix-io/etcd-operator	2024-05-02 22:42:52 +02:00
Marian Koreniuk	66f963bfd0	Merge pull request #104 from aenix-io/replicas Introduce replicas options	2024-04-26 16:03:09 +02:00
Andrei Kvapil	7cd7de73ee	Introduce replicas options Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-26 15:19:25 +02:00
Andrei Kvapil	4f2757731a	Fix: dashboard colors for dark mode (#108 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-26 12:12:00 +02:00
Andrei Kvapil	372c3cbd17	Update Kamaji v0.5.0 (#99 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-26 11:00:06 +02:00
Andrei Kvapil	ff9ab5ba85	Fix older versions in dashboard (#102 ) Workaround for https://github.com/vmware-tanzu/kubeapps/issues/7740 Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-26 10:41:05 +02:00
Andrei Kvapil	c7568d2312	Update kubeapps-15.0.2 (#103 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-26 10:18:22 +02:00
Marian Koreniuk	f4778abb3f	Merge pull request #105 from aenix-io/upd-linstor Update LISNTOR v1.27.1	2024-04-25 20:49:14 +02:00
Andrei Kvapil	68a7cc52c3	Update LISNTOR v1.27.1 Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-25 18:29:23 +02:00
Marian Koreniuk	be508fd107	Fix etcd-operator Makefile	2024-04-24 16:21:06 +03:00
Andrei Kvapil	a6d0f7cfd4	Add etcd-operator Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-24 12:29:05 +02:00
Andrei Kvapil	a95671391f	fix: Flux does not tolerate kubectl edits (#101 ) https://fluxcd.io/flux/faq/#why-are-kubectl-edits-rolled-back-by-flux Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-24 11:31:32 +02:00
Andrei Kvapil	20fcd25d64	Calculate tags and version automatically (#100 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-24 11:31:22 +02:00
Andrei Kvapil	ca79f725a3	Prepare release v0.3.1 (#97 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-23 12:55:45 +03:00
Marian Koreniuk	be0603f139	Merge pull request #96 from aenix-io/missing-makefile fix: missing package-system.mk	2024-04-23 12:53:00 +03:00
Andrei Kvapil	f8b87197d0	fix: flux dependency Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-23 09:43:04 +02:00
Andrei Kvapil	5d58e5ce7d	fix: missing package-system.mk	2024-04-23 09:32:32 +02:00
Andrei Kvapil	a1340c1839	fix: clickhouse-operator watch namespaces (#93 )	2024-04-23 08:50:45 +02:00
Marian Koreniuk	b838ee5729	Merge pull request #91 from artarik/main remove duplicated entry for creating sa	2024-04-18 11:54:57 +03:00
Artem Starik	2baf532e1f	HOTFIX: byump chart version	2024-04-18 11:10:14 +03:00
Artem Starik	7713e7de6b	HOTFIX: remove duplicated sa from template	2024-04-18 11:07:21 +03:00
Artem Starik	aef38b6dec	Merge pull request #1 from artarik/artarik-patch-1 HOTFIX: remove duplicated entry for sa	2024-04-18 11:02:12 +03:00
Artem Starik	b02c608d6c	HOTFIX: remove duplicated entry for sa	2024-04-18 11:00:06 +03:00
Andrei Kvapil	f7eaab0aaa	Prepare release v0.3.0 (#90 )	2024-04-18 09:00:22 +02:00
Marian Koreniuk	05813c06dd	Fix incorrect path to include in Makefiles (#89 ) fix regression introduced by https://github.com/aenix-io/cozystack/pull/86 Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 23:58:56 +02:00
Andrei Kvapil	038b3c08f4	fix: remove plus in kamaji-etcd image tag (#87 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 22:59:15 +02:00
Andrei Kvapil	5dd8d41907	fix: clickhouse-operator watch namespaces (#88 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 22:59:05 +02:00
Andrei Kvapil	2d21ed6ac9	fix: grafana ingress class (#85 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 22:51:54 +02:00
Marian Koreniuk	fe5d607cad	Merge pull request #86 from aenix-io/83-refactor-makefiles Refactor Makefiles #83	2024-04-17 22:39:14 +02:00
Marian Koreniuk	12b70d8f26	Fix victoria-metrics-operator Makefile	2024-04-17 23:30:19 +03:00
Marian Koreniuk	bc414d648d	Fix redis-operator Makefile	2024-04-17 23:29:40 +03:00
Marian Koreniuk	9d4aacc832	Fix metallb Makefile	2024-04-17 23:28:40 +03:00
Marian Koreniuk	23ce7480c2	Fix mariadb-operator Makefile	2024-04-17 23:27:47 +03:00
Marian Koreniuk	994b5d97bd	Fix kubevirt-operator Makefile	2024-04-17 23:26:48 +03:00
Marian Koreniuk	871f053e00	Fix kamaji Makefile	2024-04-17 23:25:37 +03:00
Marian Koreniuk	d3485eb0a3	Fix ingress-nginx Makefile	2024-04-17 23:25:06 +03:00
Marian Koreniuk	f3f65e9f9c	Fix dashboard Makefile	2024-04-17 23:24:02 +03:00
Marian Koreniuk	1ef7d219de	Fix cilium Makefile	2024-04-17 23:22:00 +03:00
Marian Koreniuk	3d0f65ff98	Fix cert-manager Makefile	2024-04-17 23:20:41 +03:00
Marian Koreniuk	451e124c56	Update hack/package-system.mk Co-authored-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 23:02:27 +03:00
Marian Koreniuk	d86c1269eb	Update hack/package-system.mk Co-authored-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 23:02:14 +03:00
Marian Koreniuk	f4cf1af349	Update hack/package-system.mk Co-authored-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 23:01:47 +03:00
Marian Koreniuk	758079520c	fix case tabs in package-system.mk	2024-04-17 22:36:13 +03:00
Marian Koreniuk	fcebfdff24	Refactor Makefiles #83	2024-04-17 22:24:59 +03:00
Andrei Kvapil	8a2ad90882	Update clickhouse app (#82 ) * Add users management * Remove logs volume Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 20:09:16 +02:00
Andrei Kvapil	760f86d2ce	Add application for Kafka (#78 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-17 14:23:56 +02:00
Andrei Kvapil	ad7d65f471	Add application for Clickhouse (#81 )	2024-04-17 11:21:51 +02:00
Andrei Kvapil	c42dbcafc3	Add NoCloud asset for Hetzner installation (#80 )	2024-04-16 21:52:50 +02:00
Andrei Kvapil	238061efbc	Add clickhouse-operator (#75 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-04-13 08:57:49 +02:00
`@@ -1 +1,2 @@`
		`replicas: 3`
	`external: false`	`external: false`
`@@ -1 +1 @@`
	`ghcr.io/aenix-io/cozystack/cozystack:v0.2.0`	`ghcr.io/aenix-io/cozystack/cozystack:v0.4.0`
`@@ -1 +1 @@`
	`ghcr.io/aenix-io/cozystack/matchbox:v1.6.4`	`ghcr.io/aenix-io/cozystack/matchbox:v1.7.1`