fix: tolerate node.cilium.io/agent-not-ready

packages/core/fluxcd/Makefile

@@ -1,13 +0,0 @@
-NAMESPACE=cozy-fluxcd
-NAME=fluxcd
-
-API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
-
-show:
-	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS)
-
-apply:
-	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f-
-
-diff:
-	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-

packages/core/installer/Makefile

@@ -1,4 +1,4 @@
-NAMESPACE=cozy-system
+NAMESPACE=cozy-installer
 NAME=installer
 PUSH := 1
 LOAD := 0
@@ -21,7 +21,6 @@ update:
 image: image-cozystack image-talos image-matchbox
 
 image-cozystack:
-	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
 		--tag $(REGISTRY)/cozystack:$(TAG) \

packages/core/platform/Makefile

@@ -13,7 +13,7 @@ namespaces-show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml
 
 namespaces-apply:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -n $(NAMESPACE) -f-
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -f-
 
 diff:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -f-

packages/core/platform/bundles/full-distro.yaml

@@ -7,13 +7,12 @@ releases:
   namespace: cozy-cilium
   privileged: true
   dependsOn: []
-  values:
-    cilium:
-      cni:
-        chainingMode: ~
-        customConf: false
-        configMap: ""
-      enableIPv4Masquerade: true
+
+- name: fluxcd
+  releaseName: fluxcd
+  chart: cozy-fluxcd
+  namespace: cozy-fluxcd
+  dependsOn: [cilium]
 
 - name: cert-manager
   releaseName: cert-manager
@@ -94,4 +93,4 @@ releases:
   releaseName: traffic-manager
   chart: cozy-telepresence
   namespace: cozy-telepresence
-  dependsOn: []
+  dependsOn: [kubeovn]

packages/core/platform/bundles/full-paas.yaml

@@ -24,6 +24,12 @@ releases:
         SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}"
         JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}"
 
+- name: fluxcd
+  releaseName: fluxcd
+  chart: cozy-fluxcd
+  namespace: cozy-fluxcd
+  dependsOn: [cilium,kubeovn]
+
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/bundles/hosted-distro.yaml

@@ -1,6 +1,12 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 
 releases:
+- name: fluxcd
+  releaseName: fluxcd
+  chart: cozy-fluxcd
+  namespace: cozy-fluxcd
+  dependsOn: []
+
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/bundles/hosted-paas.yaml

@@ -1,6 +1,12 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 
 releases:
+- name: fluxcd
+  releaseName: fluxcd
+  chart: cozy-fluxcd
+  namespace: cozy-fluxcd
+  dependsOn: []
+
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/templates/apps.yaml

@@ -1,10 +1,7 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $bundleName := index $cozyConfig.data "bundle-name" }}
-{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }}
 {{- $host := "example.org" }}
 {{- $tenantRoot := list }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta2" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "tenant-root" "tenant-root" }}
+{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2beta1" }}
+{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- end }}
 {{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
 {{- $host = $tenantRoot.spec.values.host }}
@@ -22,7 +19,7 @@ metadata:
     namespace.cozystack.io/host: "{{ $host }}"
   name: tenant-root
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: tenant-root
@@ -48,9 +45,7 @@ spec:
   values:
     host: "{{ $host }}"
   dependsOn:
-  {{- range $x := $bundle.releases }}
-  {{- if has $x.name (list "cilium" "kubeovn") }}
-  - name: {{ $x.name }}
-    namespace: {{ $x.namespace }}
-  {{- end }}
-  {{- end }}
+  - name: cilium
+    namespace: cozy-cilium
+  - name: kubeovn
+    namespace: cozy-kubeovn

packages/core/platform/templates/namespaces.yaml

@@ -14,8 +14,6 @@
 {{- end }}
 {{- end }}
 
-{{- $_ := set $namespaces "cozy-fluxcd" false }}
-
 {{- range $namespace, $privileged := $namespaces }}
 ---
 apiVersion: v1

packages/system/cilium/Makefile

@@ -2,13 +2,13 @@ NAMESPACE=cozy-cilium
 NAME=cilium
 
 show:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm template --dry-run=server -n $(NAMESPACE) $(NAME) . -f -
+	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 
 apply:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm upgrade -i -n $(NAMESPACE) $(NAME) . -f -
+	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 
 diff:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) . -f -
+	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 
 update:
 	rm -rf charts

packages/system/fluxcd/Makefile

@@ -0,0 +1,15 @@
+NAMESPACE=cozy-fluxcd
+NAME=fluxcd
+
+show:
+	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
+
+apply:
+	helm upgrade -i -n $(NAMESPACE) $(NAME) .
+
+diff:
+	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
+
+update:
+	rm -rf charts
+	helm pull oci://ghcr.io/fluxcd-community/charts/flux2 --untar --untardir charts

packages/system/kubeovn/Makefile

@@ -2,13 +2,13 @@ NAMESPACE=cozy-kubeovn
 NAME=kubeovn
 
 show:
-	kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | helm template --dry-run=server -n $(NAMESPACE) $(NAME) . -f -
+	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 
 apply:
-	kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | helm upgrade -i -n $(NAMESPACE) $(NAME) . -f -
+	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 
 diff:
-	kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) . -f -
+	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
 
 update:
 	rm -rf charts && mkdir -p charts/kube-ovn

scripts/installer.sh

@@ -20,13 +20,9 @@ flux_is_ok() {
 }
 
 install_basic_charts() {
-  bundle=$(kubectl get configmap -n cozy-system cozystack -o 'go-template={{index .data "bundle-name"}}')
-  if [ "$bundle" = "full-paas" ] || [ "$bundle" = "full-distro" ]; then
   make -C packages/system/cilium apply
-  fi
-  if [ "$bundle" = "full-paas" ]; then
-    make -C packages/system/kubeovn apply
-  fi
+  make -C packages/system/kubeovn apply
+  make -C packages/system/fluxcd apply
 }
 
 cd "$(dirname "$0")/.."
@@ -37,8 +33,10 @@ run_migrations
 # Install namespaces
 make -C packages/core/platform namespaces-apply
 
-# Install fluxcd
-make -C packages/core/fluxcd apply
+# Install basic system charts
+if ! flux_is_ok; then
+  install_basic_charts
+fi
 
 # Reconcile Helm repositories
 kubectl annotate helmrepositories.source.toolkit.fluxcd.io -A -l cozystack.io/repository reconcile.fluxcd.io/requestedAt=$(date +"%Y-%m-%dT%H:%M:%SZ") --overwrite
@@ -46,11 +44,6 @@ kubectl annotate helmrepositories.source.toolkit.fluxcd.io -A -l cozystack.io/re
 # Install platform chart
 make -C packages/core/platform apply
 
-# Install basic system charts (should be after platform chart applied)
-if ! flux_is_ok; then
-  install_basic_charts
-fi
-
 # Reconcile platform chart
 trap 'exit' INT TERM
 while true; do

scripts/migrations/1

@@ -1,18 +1,8 @@
 #!/bin/sh
-# Migration 1 --> 2
 
-# Fix mariadb-operator secrets
 if kubectl get -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert; then
   kubectl annotate -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert meta.helm.sh/release-namespace=cozy-mariadb-operator meta.helm.sh/release-name=mariadb-operator
   kubectl label -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert app.kubernetes.io/managed-by=Helm
 fi
 
-# Gratefully remove fluxcd release and keep resources
-if kubectl get hr -n cozy-fluxcd cozy-fluxcd 2>/dev/null; then
-  kubectl patch hr -n cozy-fluxcd cozy-fluxcd  -p '{"spec": {"suspend": true}, "metadata": {"finalizers": null}}' --type=merge
-  kubectl delete hr -n cozy-fluxcd cozy-fluxcd
-fi
-kubectl delete secret -n cozy-fluxcd -l name=fluxcd
-
-# Write version to cozystack-version config
 kubectl create configmap -n cozy-system cozystack-version --from-literal=version=2 --dry-run=client -o yaml | kubectl apply -f-