[feat] end-user environment setup

Add script to automatically install all required packages on end-user system Linux distro independent, MacOS ready Signed-off-by: Ahmad Murzahmatov <gwynbleidd2106@yandex.com>
[docs] Add backup and restore instructions for PostgreSQL (#1141 )
2026-01-28 18:18:41 +00:00 · 2025-07-09 20:10:58 +06:00 · 2025-07-09 11:24:10 +02:00 · 2025-07-09 12:18:35 +03:00 · 2025-07-09 11:52:44 +03:00 · 2025-07-09 10:47:09 +02:00
51 changed files with 348 additions and 146 deletions
--- a/1
+++ b/1
@@ -6,6 +6,7 @@ build-deps:
 	@tar --version | grep -q GNU || (echo "GNU tar is required" && exit 1)
 	@sed --version | grep -q GNU || (echo "GNU sed is required" && exit 1)
 	@awk --version | grep -q GNU || (echo "GNU awk is required" && exit 1)
+	@./hack/user_setup_env.sh

 build: build-deps
 	make -C packages/apps/http-cache image
--- a/hack/user_setup_env.sh
+++ b/hack/user_setup_env.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+
+#### variables list
+cozypkg_version="v1.1.0"
+talm_version="v0.13.0"
+kubectl_version="v1.33.1"
+krew_version="v0.4.5"
+helm_version="v3.18.2"
+virtctl_version="v1.4.0"
+fluxcd_version="2.6.1"
+ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')"
+echo $ARCH
+OS="$(uname | tr '[:upper:]' '[:lower:]')"
+
+
+function user_setup_env() {
+    log "Start setuping user environment"
+
+    install_cozypkg
+    install_talm
+    install_kubectl
+    install_krew
+    install_krew_plugins
+    install_virtctl
+    install_helm
+    install_helm_plugins
+    install_fluxcd
+}
+
+function log() {
+    echo "$(date '+%d-%m-%Y %H:%M:%S') - $1"
+}
+
+function install_cozypkg() {
+    log "Installing cozypkg"
+
+	curl -sSL https://github.com/cozystack/cozypkg/releases/download/${cozypkg_version}/cozypkg-${OS}-${ARCH}.tar.gz | \
+	tar xzvf - cozypkg
+    sudo mv /tmp/cozypkg /usr/local/bin/cozypkg
+    sudo chown 0:0 /usr/local/bin/cozypkg
+    sudo chmod 0755 /usr/local/bin/cozypkg
+}
+
+function install_talm() {
+    log "Installing talm"
+
+    curl -o /tmp/talm -fsL "https://github.com/cozystack/talm/releases/download/${talm_version}/talm-${OS}-${ARCH}"
+    sudo mv /tmp/talm /usr/local/bin/talm
+    sudo chown 0:0 /usr/local/bin/talm
+    sudo chmod 0755 /usr/local/bin/talm
+}
+
+function install_kubectl() {
+    log "Installing kubectl"
+
+    curl -o /tmp/kubectl -fsLO "https://dl.k8s.io/release/${kubectl_version}/bin/${OS}/${ARCH}/kubectl"
+    sudo mv /tmp/kubectl /usr/local/bin/kubectl
+    sudo chown 0:0 /usr/local/bin/kubectl
+    sudo chmod 0755 /usr/local/bin/kubectl
+}
+
+install_krew() {
+    log "Installing krew"
+
+    KREW="krew-${OS}_${ARCH}"
+    curl -o "/tmp/${KREW}.tar.gz" -fsLO "https://github.com/kubernetes-sigs/krew/releases/download/${krew_version}/${KREW}.tar.gz"
+    mkdir /tmp/krew && tar -xzf "/tmp/${KREW}.tar.gz" -C /tmp/krew/
+    "/tmp/krew/${KREW}" install krew
+    log "configure .bashrc for krew"
+    printf '# krew\nexport PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"\n' >> ~/.bashrc
+    source ~/.bashrc
+}
+
+function install_krew_plugins() {
+    log "Installing krew plugins..."
+
+    if [[ ! $(kubectl krew version) ]]; then
+        log "krew is not installed, install it first!"
+        return 1
+    fi
+
+    log "Installing krew plugin: node-shell"
+    kubectl krew install node-shell
+
+    log "Installing krew plugin: virt"
+    kubectl krew install virt
+
+    log "Installing krew plugin: oidc-login"
+    kubectl krew install oidc-login
+}
+
+function install_virtctl() {
+    log "Installing virtctl"
+
+    curl -o /tmp/virtctl -fsL "https://github.com/kubevirt/kubevirt/releases/download/${virtctl_version}/virtctl-${virtctl_version}-${OS}-${ARCH}"
+    sudo mv /tmp/virtctl /usr/local/bin/virtctl
+    sudo chown 0:0 /usr/local/bin/virtctl
+    sudo chmod 0755 /usr/local/bin/virtctl
+}
+
+function install_helm() {
+    log "Installing Helm"
+
+    curl -o /tmp/helm.tar.gz -fsL "https://get.helm.sh/helm-${helm_version}-${OS}-${ARCH}.tar.gz"
+    mkdir /tmp/helm && tar -xzf /tmp/helm.tar.gz -C /tmp/helm/
+    sudo mv "/tmp/helm/${OS}-${ARCH}/helm" /usr/local/bin/helm
+    sudo chown 0:0 /usr/local/bin/helm
+    sudo chmod 0755 /usr/local/bin/helm
+}
+
+function install_helm_plugins() {
+    log "Installing Helm plugins..."
+
+    log "Installing Helm plugin: diff"
+    helm plugin install https://github.com/databus23/helm-diff
+}
+
+function install_fluxcd() {
+    log "Installing FluxCD"
+
+    curl -o /tmp/flux.tar.gz -fsL "https://github.com/fluxcd/flux2/releases/download/v${fluxcd_version}/flux_${fluxcd_version}_${OS}_${ARCH}.tar.gz"
+    mkdir /tmp/flux && tar -xzf /tmp/flux.tar.gz -C /tmp/flux/
+    sudo mv /tmp/flux/flux /usr/local/bin/flux
+    sudo chown 0:0 /usr/local/bin/flux
+    sudo chmod 0755 /usr/local/bin/flux
+}
+
+
+user_setup_env
--- a/packages/apps/clickhouse/README.md
+++ b/packages/apps/clickhouse/README.md
@@ -75,6 +75,6 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |
--- a/packages/apps/ferretdb/README.md
+++ b/packages/apps/ferretdb/README.md
@@ -62,6 +62,6 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |
--- a/packages/apps/http-cache/README.md
+++ b/packages/apps/http-cache/README.md
@@ -100,7 +100,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/apps/kafka/README.md
+++ b/packages/apps/kafka/README.md
@@ -46,7 +46,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.25.0
+version: 0.25.2

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -64,6 +64,8 @@ image-kubevirt-csi-driver:
 		--load=$(LOAD)
 	echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \
 		> images/kubevirt-csi-driver.tag
+	IMAGE=$$(cat images/kubevirt-csi-driver.tag) \
+		yq -i '.csiDriver.image = strenv(IMAGE)' ../../system/kubevirt-csi-node/values.yaml
 	rm -f images/kubevirt-csi-driver.json


--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -146,7 +146,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.25.0@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.25.1@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.25.0@sha256:412ed2b3c77249bd1b973e6dc9c87976d31863717fb66ba74ccda573af737eb1
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.25.1@sha256:412ed2b3c77249bd1b973e6dc9c87976d31863717fb66ba74ccda573af737eb1
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.25.0@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.25.1@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
--- a/packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml
+++ b/packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml
@@ -13,11 +13,17 @@ rules:
  resources: ["datavolumes"]
  verbs: ["get", "create", "delete"]
 - apiGroups: ["kubevirt.io"]
-  resources: ["virtualmachineinstances"]
+  resources: ["virtualmachineinstances", "virtualmachines"]
  verbs: ["list", "get"]
 - apiGroups: ["subresources.kubevirt.io"]
-  resources: ["virtualmachineinstances/addvolume", "virtualmachineinstances/removevolume"]
+  resources: ["virtualmachines/addvolume", "virtualmachines/removevolume"]
  verbs: ["update"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshots"]
+  verbs: ["get", "create", "delete"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -40,6 +40,7 @@ spec:
                {{ .Release.Name }}-fluxcd-operator
                {{ .Release.Name }}-fluxcd
                {{ .Release.Name }}-gpu-operator
+                {{ .Release.Name }}-velero
                -p '{"spec": {"suspend": true}}'
                --type=merge --field-manager=flux-client-side-apply || true
 ---
@@ -79,6 +80,8 @@ rules:
      - {{ .Release.Name }}-fluxcd-operator
      - {{ .Release.Name }}-fluxcd
      - {{ .Release.Name }}-gpu-operator
+      - {{ .Release.Name }}-velero
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
--- a/packages/apps/mysql/README.md
+++ b/packages/apps/mysql/README.md
@@ -119,7 +119,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/apps/nats/README.md
+++ b/packages/apps/nats/README.md
@@ -42,7 +42,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.16.0
+version: 0.17.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/postgres/README.md
+++ b/packages/apps/postgres/README.md
@@ -11,7 +11,50 @@ This managed service is controlled by the CloudNativePG operator, ensuring effic
 - Docs: <https://cloudnative-pg.io/docs/>
 - Github: <https://github.com/cloudnative-pg/cloudnative-pg>

-## HowTos
+## Operations
+
+### How to enable backups
+
+To back up a PostgreSQL application, an external S3-compatible storage is required.
+
+To start regular backups, update the application, setting `backup.enabled` to `true`, and fill in the path and credentials to an  `backup.*`:
+
+```yaml
+## @param backup.enabled Enable regular backups
+## @param backup.schedule Cron schedule for automated backups
+## @param backup.retentionPolicy Retention policy
+## @param backup.destinationPath Path to store the backup (i.e. s3://bucket/path/to/folder)
+## @param backup.endpointURL S3 Endpoint used to upload data to the cloud
+## @param backup.s3AccessKey Access key for S3, used for authentication
+## @param backup.s3SecretKey Secret key for S3, used for authentication
+backup:
+  enabled: false
+  retentionPolicy: 30d
+  destinationPath: s3://bucket/path/to/folder/
+  endpointURL: http://minio-gateway-service:9000
+  schedule: "0 2 * * * *"
+  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
+  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
+```
+
+### How to recover a backup
+
+CloudNativePG supports point-in-time-recovery.
+Recovering a backup is done by creating a new database instance and restoring the data in it.
+
+Create a new PostgreSQL application with a different name, but identical configuration.
+Set `bootstrap.enabled` to `true` and fill in the name of the database instance to recover from and the recovery time:
+
+```yaml
+## @param bootstrap.enabled Restore database cluster from a backup
+## @param bootstrap.recoveryTime Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
+## @param bootstrap.oldName Name of database cluster before deleting
+##
+bootstrap:
+  enabled: false
+  recoveryTime: ""  # leave empty for latest or exact timestamp; example: 2020-11-26 15:22:00.00000+00
+  oldName: "<previous-postgres-instance>"
+```

 ### How to switch primary/secondary replica

@@ -19,24 +62,6 @@ See:

 - <https://cloudnative-pg.io/documentation/1.15/rolling_update/#manual-updates-supervised>

-### How to restore backup
-
-find snapshot:
-
-```bash
-restic -r s3:s3.example.org/postgres-backups/database_name snapshots
-```
-
-restore:
-
-```bash
-restic -r s3:s3.example.org/postgres-backups/database_name restore latest --target /tmp/
-```
-
-more details:
-
- <https://blog.aenix.io/restic-effective-backup-from-stdin-4bc1e8f083c1>
-
 ## Parameters

 ### Common parameters
@@ -60,23 +85,23 @@ more details:

 ### Backup parameters

-| Name                     | Description                                                          | Value                               |
-| ------------------------ | -------------------------------------------------------------------- | ----------------------------------- |
-| `backup.enabled`         | Enable pereiodic backups                                             | `false`                             |
-| `backup.schedule`        | Cron schedule for automated backups                                  | `0 2 * * * *`                       |
-| `backup.retentionPolicy` | The retention policy                                                 | `30d`                               |
-| `backup.destinationPath` | The path where to store the backup (i.e. s3://bucket/path/to/folder) | `s3://BUCKET_NAME/`                 |
-| `backup.endpointURL`     | Endpoint to be used to upload data to the cloud                      | `http://minio-gateway-service:9000` |
-| `backup.s3AccessKey`     | The access key for S3, used for authentication                       | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`  |
-| `backup.s3SecretKey`     | The secret key for S3, used for authentication                       | `ju3eum4dekeich9ahM1te8waeGai0oog`  |
+| Name                     | Description                                                | Value                               |
+| ------------------------ | ---------------------------------------------------------- | ----------------------------------- |
+| `backup.enabled`         | Enable regular backups                                     | `false`                             |
+| `backup.schedule`        | Cron schedule for automated backups                        | `0 2 * * * *`                       |
+| `backup.retentionPolicy` | Retention policy                                           | `30d`                               |
+| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `s3://bucket/path/to/folder/`       |
+| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `http://minio-gateway-service:9000` |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`  |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `ju3eum4dekeich9ahM1te8waeGai0oog`  |

 ### Bootstrap parameters

 | Name                     | Description                                                                                                                             | Value   |
 | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `bootstrap.enabled`      | Restore cluster from backup                                                                                                             | `false` |
-| `bootstrap.recoveryTime` | Time stamp up to which recovery will proceed, expressed in RFC 3339 format, if empty, will restore latest                               | `""`    |
-| `bootstrap.oldName`      | Name of cluster before deleting                                                                                                         | `""`    |
+| `bootstrap.enabled`      | Restore database cluster from a backup                                                                                                  | `false` |
+| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest                    | `""`    |
+| `bootstrap.oldName`      | Name of database cluster before deleting                                                                                                | `""`    |
 | `resources`              | Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
 | `resourcesPreset`        | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.       | `micro` |

@@ -103,7 +128,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/apps/postgres/templates/init-script.yaml
+++ b/packages/apps/postgres/templates/init-script.yaml
@@ -38,7 +38,7 @@ stringData:
    until pg_isready ; do sleep 5; done

    echo "== create users"
-    {{- if .Values.users }}
+    {{- if and .Values.users (not (hasKey .Values.users "postgres")) }}
    psql -v ON_ERROR_STOP=1 <<\EOT
    {{- range $user, $u := .Values.users }}
    SELECT 'CREATE ROLE "{{ $user }}" LOGIN INHERIT;'
@@ -47,6 +47,8 @@ stringData:
    COMMENT ON ROLE "{{ $user }}" IS 'user managed by helm';
    {{- end }}
    EOT
+    {{- else if and .Values.users (hasKey .Values.users "postgres") }}
+    {{- fail "`users.postgres` is forbidden by policy. Use a different username." }}
    {{- end }}

    echo "== delete users"
--- a/packages/apps/postgres/values.schema.json
+++ b/packages/apps/postgres/values.schema.json
@@ -62,7 +62,7 @@
            "properties": {
                "enabled": {
                    "type": "boolean",
-                    "description": "Enable pereiodic backups",
+                    "description": "Enable regular backups",
                    "default": false
                },
                "schedule": {
@@ -72,27 +72,27 @@
                },
                "retentionPolicy": {
                    "type": "string",
-                    "description": "The retention policy",
+                    "description": "Retention policy",
                    "default": "30d"
                },
                "destinationPath": {
                    "type": "string",
-                    "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)",
-                    "default": "s3://BUCKET_NAME/"
+                    "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
+                    "default": "s3://bucket/path/to/folder/"
                },
                "endpointURL": {
                    "type": "string",
-                    "description": "Endpoint to be used to upload data to the cloud",
+                    "description": "S3 Endpoint used to upload data to the cloud",
                    "default": "http://minio-gateway-service:9000"
                },
                "s3AccessKey": {
                    "type": "string",
-                    "description": "The access key for S3, used for authentication",
+                    "description": "Access key for S3, used for authentication",
                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
                },
                "s3SecretKey": {
                    "type": "string",
-                    "description": "The secret key for S3, used for authentication",
+                    "description": "Secret key for S3, used for authentication",
                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog"
                }
            }
@@ -102,17 +102,17 @@
            "properties": {
                "enabled": {
                    "type": "boolean",
-                    "description": "Restore cluster from backup",
+                    "description": "Restore database cluster from a backup",
                    "default": false
                },
                "recoveryTime": {
                    "type": "string",
-                    "description": "Time stamp up to which recovery will proceed, expressed in RFC 3339 format, if empty, will restore latest",
+                    "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest",
                    "default": ""
                },
                "oldName": {
                    "type": "string",
-                    "description": "Name of cluster before deleting",
+                    "description": "Name of database cluster before deleting",
                    "default": ""
                }
            }
--- a/packages/apps/postgres/values.yaml
+++ b/packages/apps/postgres/values.yaml
@@ -59,17 +59,17 @@ databases: {}

 ## @section Backup parameters

-## @param backup.enabled Enable pereiodic backups
+## @param backup.enabled Enable regular backups
 ## @param backup.schedule Cron schedule for automated backups
-## @param backup.retentionPolicy The retention policy
-## @param backup.destinationPath The path where to store the backup (i.e. s3://bucket/path/to/folder)
-## @param backup.endpointURL Endpoint to be used to upload data to the cloud
-## @param backup.s3AccessKey The access key for S3, used for authentication
-## @param backup.s3SecretKey The secret key for S3, used for authentication
+## @param backup.retentionPolicy Retention policy
+## @param backup.destinationPath Path to store the backup (i.e. s3://bucket/path/to/folder)
+## @param backup.endpointURL S3 Endpoint used to upload data to the cloud
+## @param backup.s3AccessKey Access key for S3, used for authentication
+## @param backup.s3SecretKey Secret key for S3, used for authentication
 backup:
  enabled: false
  retentionPolicy: 30d
-  destinationPath: s3://BUCKET_NAME/
+  destinationPath: s3://bucket/path/to/folder/
  endpointURL: http://minio-gateway-service:9000
  schedule: "0 2 * * * *"
  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
@@ -77,9 +77,9 @@ backup:

 ## @section Bootstrap parameters

-## @param bootstrap.enabled Restore cluster from backup
-## @param bootstrap.recoveryTime Time stamp up to which recovery will proceed, expressed in RFC 3339 format, if empty, will restore latest
-## @param bootstrap.oldName Name of cluster before deleting
+## @param bootstrap.enabled Restore database cluster from a backup
+## @param bootstrap.recoveryTime Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
+## @param bootstrap.oldName Name of database cluster before deleting
 ##
 bootstrap:
  enabled: false
--- a/packages/apps/redis/README.md
+++ b/packages/apps/redis/README.md
@@ -45,6 +45,6 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |
--- a/packages/apps/tcp-balancer/README.md
+++ b/packages/apps/tcp-balancer/README.md
@@ -52,6 +52,6 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -54,7 +54,9 @@ kafka 0.7.0 6358fd7a
 kafka 0.7.1 4369b031
 kafka 0.8.0 HEAD
 kubernetes 0.24.0 62cb694d
-kubernetes 0.25.0 HEAD
+kubernetes 0.25.0 70f82667
+kubernetes 0.25.1 acd4663a
+kubernetes 0.25.2 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
@@ -101,7 +103,9 @@ postgres 0.12.0 6130f43d
 postgres 0.12.1 632224a3
 postgres 0.14.0 62cb694d
 postgres 0.15.1 4369b031
-postgres 0.16.0 HEAD
+postgres 0.16.0 70f82667
+postgres 0.17.0 acd4663a
+postgres 0.17.1 HEAD
 rabbitmq 0.1.0 263e47be
 rabbitmq 0.2.0 53f2365e
 rabbitmq 0.3.0 6c5cf5bf
@@ -153,7 +157,8 @@ virtual-machine 0.9.1 93bdf411
 virtual-machine 0.10.0 6130f43d
 virtual-machine 0.10.2 632224a3
 virtual-machine 0.11.0 4369b031
-virtual-machine 0.12.0 HEAD
+virtual-machine 0.12.0 70f82667
+virtual-machine 0.12.1 HEAD
 vm-disk 0.1.0 d971f2ff
 vm-disk 0.1.1 6130f43d
 vm-disk 0.1.2 632224a3
@@ -170,7 +175,8 @@ vm-instance 0.6.0 721c12a7
 vm-instance 0.7.0 6130f43d
 vm-instance 0.7.2 632224a3
 vm-instance 0.8.0 4369b031
-vm-instance 0.9.0 HEAD
+vm-instance 0.9.0 70f82667
+vm-instance 0.10.0 HEAD
 vpn 0.1.0 263e47be
 vpn 0.2.0 53f2365e
 vpn 0.3.0 6c5cf5bf
--- a/packages/apps/virtual-machine/Chart.yaml
+++ b/packages/apps/virtual-machine/Chart.yaml
@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.0
+version: 0.12.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml
@@ -3,6 +3,13 @@ kind: Role
 metadata:
  name: {{ .Release.Name }}-dashboard-resources
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ include "virtual-machine.fullname" . }}
+  verbs: ["get", "list", "watch"]
 - apiGroups:
  - cozystack.io
  resources:
--- a/packages/apps/virtual-machine/templates/secret.yaml
+++ b/packages/apps/virtual-machine/templates/secret.yaml
@@ -9,7 +9,7 @@ stringData:
  key{{ $k }}: {{ quote $v }} 
  {{- end }}
 {{- end }}
-{{- if .Values.cloudInit }}
+{{- if or .Values.cloudInit .Values.sshKeys }}
 ---
 apiVersion: v1
 kind: Secret
@@ -17,5 +17,17 @@ metadata:
  name: {{ include "virtual-machine.fullname" . }}-cloud-init
 stringData:
  userdata: |
-    {{- .Values.cloudInit | nindent 4 }}
+    {{- if .Values.cloudInit }}
+    {{-   .Values.cloudInit | nindent 4 }}
+    {{- else if and (.Values.sshKeys) (not .Values.cloudInit) }}
+    {{- /*
+      We usually provide ssh keys in cloud-init metadata, because userdata it not typed and can be used for any purpose.
+      However, if user provides ssh keys but not cloud-init, we still need to provide a minimal cloud-init config to avoid errors.
+    */}}
+    #cloud-config
+    ssh_authorized_keys:
+      {{- range .Values.sshKeys }}
+      - {{ quote . }} 
+      {{- end }}
+    {{- end }}
 {{- end }}
--- a/packages/apps/virtual-machine/templates/vm.yaml
+++ b/packages/apps/virtual-machine/templates/vm.yaml
@@ -92,7 +92,7 @@ spec:
          - disk:
              bus: scsi
            name: systemdisk
-          {{- if .Values.sshKeys }}
+          {{- if or .Values.cloudInit .Values.sshKeys }}
          - disk:
              bus: virtio
            name: cloudinitdisk
@@ -122,28 +122,11 @@ spec:
        - name: systemdisk
          dataVolume:
            name: {{ include "virtual-machine.fullname" . }}
-
-        {{- if and .Values.sshKeys .Values.cloudInit }}
+        {{- if or .Values.cloudInit .Values.sshKeys }}
        - name: cloudinitdisk
          cloudInitNoCloud:
            secretRef:
              name: {{ include "virtual-machine.fullname" . }}-cloud-init
-        {{- else if .Values.sshKeys }}
-        - name: cloudinitdisk
-          cloudInitNoCloud:
-            userData: |
-              {{ printf "%s" "#cloud-config" }}
-              ssh_authorized_keys:
-                {{- range .Values.sshKeys }}
-                - {{ . }}
-                {{- end }}
-              chpasswd:
-                expire: false
-        {{- else }}
-        - name: cloudinitdisk
-          cloudInitNoCloud:
-            userData: |
-              {{ printf "%s" "#cloud-config" }}
        {{- end }}

      networks:
--- a/packages/apps/vm-instance/Chart.yaml
+++ b/packages/apps/vm-instance/Chart.yaml
@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.0
+version: 0.10.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.8.0
+appVersion: 0.10.0
--- a/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml
@@ -3,6 +3,13 @@ kind: Role
 metadata:
  name: {{ .Release.Name }}-dashboard-resources
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ include "virtual-machine.fullname" . }}
+  verbs: ["get", "list", "watch"]
 - apiGroups:
  - cozystack.io
  resources:
--- a/packages/apps/vm-instance/templates/secret.yaml
+++ b/packages/apps/vm-instance/templates/secret.yaml
@@ -9,7 +9,7 @@ stringData:
  key{{ $k }}: {{ quote $v }} 
  {{- end }}
 {{- end }}
-{{- if .Values.cloudInit }}
+{{- if or .Values.cloudInit .Values.sshKeys }}
 ---
 apiVersion: v1
 kind: Secret
@@ -17,5 +17,17 @@ metadata:
  name: {{ include "virtual-machine.fullname" . }}-cloud-init
 stringData:
  userdata: |
-    {{- .Values.cloudInit | nindent 4 }}
+    {{- if .Values.cloudInit }}
+    {{-   .Values.cloudInit | nindent 4 }}
+    {{- else if and (.Values.sshKeys) (not .Values.cloudInit) }}
+    {{- /*
+      We usually provide ssh keys in cloud-init metadata, because userdata it not typed and can be used for any purpose.
+      However, if user provides ssh keys but not cloud-init, we still need to provide a minimal cloud-init config to avoid errors.
+    */}}
+    #cloud-config
+    ssh_authorized_keys:
+      {{- range .Values.sshKeys }}
+      - {{ quote . }} 
+      {{- end }}
+    {{- end }}
 {{- end }}
--- a/packages/apps/vm-instance/templates/vm.yaml
+++ b/packages/apps/vm-instance/templates/vm.yaml
@@ -54,24 +54,24 @@ spec:
          disks:
          {{- range $i, $disk := .Values.disks }}
          - name: disk-{{ $disk.name }}
-            {{- $disk := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" $disk.name) }}
-            {{- if $disk }}
-            {{- if and (hasKey $disk.metadata.annotations "vm-disk.cozystack.io/optical") (eq (index $disk.metadata.annotations "vm-disk.cozystack.io/optical") "true") }}
-            cdrom: {}
+            {{- $dv := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" $disk.name) }}
+            {{- if $dv }}
+            {{- if and (hasKey $dv.metadata.annotations "vm-disk.cozystack.io/optical") (eq (index $dv.metadata.annotations "vm-disk.cozystack.io/optical") "true") }}
+            cdrom:
            {{- else }}
-            disk: {}
-            {{- end }}
-            {{- if eq $i 0 }}
-            bootOrder: 1
+            disk:
            {{- end }}
+              {{- with $disk.bus }}
+              bus: {{ . }}
+              {{- end }}
+            bootOrder: {{ add $i 1 }}
            {{- else }}
            {{-   fail (printf "Specified disk not exists in cluster: %s" .name) }}
            {{- end }}
          {{- end }}
-          {{- if or .Values.sshKeys .Values.cloudInit }}
+          {{- if or .Values.cloudInit .Values.sshKeys }}
          - name: cloudinitdisk
-            disk:
-              bus: virtio
+            disk: {}
          {{- end }}
          interfaces:
          - name: default
@@ -95,27 +95,11 @@ spec:
        dataVolume:
          name: vm-disk-{{ .name }}
      {{- end }}
-      {{- if and .Values.sshKeys .Values.cloudInit }}
+      {{- if or .Values.cloudInit .Values.sshKeys }}
      - name: cloudinitdisk
        cloudInitNoCloud:
          secretRef:
            name: {{ include "virtual-machine.fullname" . }}-cloud-init
-      {{- else if .Values.sshKeys }}
-      - name: cloudinitdisk
-        cloudInitNoCloud:
-          userData: |
-            {{ printf "%s" "#cloud-config" }}
-            ssh_authorized_keys:
-              {{- range .Values.sshKeys }}
-              - {{ . }}
-              {{- end }}
-            chpasswd:
-              expire: false
-      {{- else }}
-      - name: cloudinitdisk
-        cloudInitNoCloud:
-          userData: |
-            {{ printf "%s" "#cloud-config" }}
      {{- end }}
      networks:
      - name: default
--- a/packages/apps/vm-instance/values.yaml
+++ b/packages/apps/vm-instance/values.yaml
@@ -22,6 +22,7 @@ instanceProfile: ubuntu
 ## disks:
 ## - name: example-system
 ## - name: example-data
+##   bus: sata
 disks: []

 ## @param gpus [array] List of GPUs to attach
--- a/packages/apps/vpn/README.md
+++ b/packages/apps/vpn/README.md
@@ -56,7 +56,7 @@ This setting is ignored if the corresponding `resources` value is set.
 | `micro`     | `500m` | `256Mi` |
 | `small`     | `1`    | `512Mi` |
 | `medium`    | `1`    | `1Gi`   |
-| `large`     | `3`    | `2Gi`   |
+| `large`     | `2`    | `2Gi`   |
 | `xlarge`    | `4`    | `4Gi`   |
 | `2xlarge`   | `8`    | `8Gi`   |

--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.33.0@sha256:6cdc5d9062b536929152214e8a6a6b8096b64a17592e04a3633f58d21ff43a63
+  image: ghcr.io/cozystack/cozystack/installer:v0.33.1@sha256:03a0002be9cf5926643c295bbf05c3e250401b0f0595b9fcd147d53534f368f5
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.33.0@sha256:fd169ae7ee7b0b10ee34f02353ae96c182ca7b6cede771c8fc6539894416104f
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.33.1@sha256:eed183a4104b1c142f6c4a358338749efe73baefddd53d7fe4c7149ecb892ce1
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.33.0@sha256:adc133234a48f3496441334348aeab400ee29b8514129c110b892fa1e0dff1d8
+ghcr.io/cozystack/cozystack/matchbox:v0.33.1@sha256:ca3638c620215ace26ace3f7e8b27391847ab2158b5a67f070f43dcbea071532
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:2759763d35ba35144ba10ba4d2b9effd875f4f0d01d9694b010f491ba6eb6d46
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:b748d9add5fc4080b143d8690ca1ad851d911948ac8eb296dd9005d53d153c05
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.33.0@sha256:d9bee0e9f73a950784e43d907552c21044d01eed728e1185455308e49d00c00d
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.33.1@sha256:ee6b71d3ab1c1484490ff1dc57a7df82813c4f18d6393f149d32acf656aa779d
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.33.0@sha256:a1fceb277007846bc85ceee0afd1f5d1122496174203c718c1275a1038cb07f6
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.33.1@sha256:4777488e14f0313b153b153388c78ab89e3a39582c30266f2321704df1976922
  debug: false
  disableTelemetry: false
-  cozystackVersion: "v0.33.0"
+  cozystackVersion: "v0.33.1"
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
@@ -76,7 +76,7 @@ data:
      "kubeappsNamespace": {{ .Release.Namespace | quote }},
      "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
      "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.33.0",
+      "appVersion": "v0.33.1",
      "authProxyEnabled": {{ .Values.authProxy.enabled }},
      "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
      "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
--- a/packages/system/dashboard/images/dashboard/Dockerfile
+++ b/packages/system/dashboard/images/dashboard/Dockerfile
@@ -1,7 +1,7 @@
 FROM bitnami/node:20.15.1 AS build
 WORKDIR /app

-ARG COMMIT_REF=6856b66f9244ef1b2703a2f30899366e0ba040de
+ARG COMMIT_REF=e1382f51c6db1bca0a8ecd454407c8e282fe0243
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard

 RUN yarn install --frozen-lockfile
--- a/packages/system/dashboard/images/kubeapps-apis/Dockerfile
+++ b/packages/system/dashboard/images/kubeapps-apis/Dockerfile
@@ -4,7 +4,7 @@
 # syntax = docker/dockerfile:1

 FROM alpine AS source
-ARG COMMIT_REF=6856b66f9244ef1b2703a2f30899366e0ba040de
+ARG COMMIT_REF=e1382f51c6db1bca0a8ecd454407c8e282fe0243
 RUN apk add --no-cache patch
 WORKDIR /source
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -19,7 +19,7 @@ kubeapps:
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: dashboard
-      tag: v0.33.0
+      tag: v0.33.1
      digest: "sha256:5e514516bd3dc0c693bb346ddeb9740e0439a59deb2a56b87317286e3ce79ac9"
  redis:
    master:
@@ -37,8 +37,8 @@ kubeapps:
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: kubeapps-apis
-      tag: v0.33.0
-      digest: "sha256:8c60134b9216e0cd8ffc044c14c872b76c1a95879b4cf7887541980ade9e8c65"
+      tag: v0.33.1
+      digest: "sha256:ea5b21a27c97b14880042d2a642670e3461e7d946c65b5b557d2eb8df9f03a87"
    pluginConfig:
      flux:
        packages:
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,7 +3,7 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v0.33.0@sha256:afaf5f003eb990377c21623d17bb00e7a95a1021e1c36b318cb451b80c8d37a2
+    tag: v0.33.1@sha256:09fc5c9aeb97880780abfc6d82c216725d6f79e13494bf2399766c882b88f66b
    repository: ghcr.io/cozystack/cozystack/kamaji
  resources:
    limits:
--- a/packages/system/kubeovn-webhook/values.yaml
+++ b/packages/system/kubeovn-webhook/values.yaml
@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.33.0@sha256:926fa45edd2149e4bc4bb54710832c8fb7aa46c85cf6adb7cd486e0b956cdbfa
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.33.1@sha256:595851560856e3ba7f408f259acf84599494984a9f0252de289bcb1a7fc5b9da
--- a/packages/system/kubeovn/values.yaml
+++ b/packages/system/kubeovn/values.yaml
@@ -64,4 +64,4 @@ global:
  images:
    kubeovn:
      repository: kubeovn
-      tag: v1.13.13@sha256:6315d11876b78f3c24e54a73063d05c63137c4210dcd7620bd983db5fedf469a
+      tag: v1.13.13@sha256:c0ffc9a0498b6f8fc392f8fc6ea43d0c7eedeeabda8ef96bca004ec4466a6bf2
--- a/packages/system/kubevirt-csi-node/templates/deploy.yaml
+++ b/packages/system/kubevirt-csi-node/templates/deploy.yaml
@@ -163,7 +163,7 @@ spec:
            privileged: true
            allowPrivilegeEscalation: true
          imagePullPolicy: Always
-          image: ghcr.io/kvaps/test:kubevirt-csi-driver
+          image: {{ .Values.csiDriver.image }}
          args:
            - "--endpoint=unix:/csi/csi.sock"
            - "--node-name=$(KUBE_NODE_NAME)"
--- a/packages/system/kubevirt-csi-node/values.yaml
+++ b/packages/system/kubevirt-csi-node/values.yaml
@@ -1 +1,3 @@
 storageClass: replicated
+csiDriver:
+  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.25.1@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036
--- a/pkg/cmd/server/start.go
+++ b/pkg/cmd/server/start.go
@@ -236,6 +236,15 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 				},
 			}

+			// make `.spec` schemaless so any keys are accepted
+			if specProp, ok := newDef.Properties["spec"]; ok {
+				specProp.AdditionalProperties = &spec.SchemaOrBool{
+					Allows: true,
+					Schema: &spec.Schema{},
+				}
+				newDef.Properties["spec"] = specProp
+			}
+
 			// 3. Save the new resource definition under the correct name
 			defs[resourceName] = *newDef
 			klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", resourceName)
--- a/pkg/registry/apps/application/rest.go
+++ b/pkg/registry/apps/application/rest.go
@@ -76,6 +76,7 @@ type REST struct {
 	gvr           schema.GroupVersionResource
 	gvk           schema.GroupVersionKind
 	kindName      string
+	singularName  string
 	releaseConfig config.ReleaseConfig
 }

@@ -93,6 +94,7 @@ func NewREST(dynamicClient dynamic.Interface, config *config.Resource) *REST {
 			Version: "v1alpha1",
 		}.WithKind(config.Application.Kind),
 		kindName:      config.Application.Kind,
+		singularName:  config.Application.Singular,
 		releaseConfig: config.Release,
 	}
 }
@@ -104,7 +106,7 @@ func (r *REST) NamespaceScoped() bool {

 // GetSingularName returns the singular name of the resource
 func (r *REST) GetSingularName() string {
-	return r.gvr.Resource
+	return r.singularName
 }

 // Create handles the creation of a new Application by converting it to a HelmRelease
@@ -423,6 +425,15 @@ func (r *REST) Update(ctx context.Context, name string, objInfo rest.UpdatedObje
 		return nil, false, fmt.Errorf("conversion error: %v", err)
 	}

+	// Ensure ResourceVersion
+	if helmRelease.ResourceVersion == "" {
+		cur, err := r.dynamicClient.Resource(helmReleaseGVR).Namespace(helmRelease.Namespace).Get(ctx, helmRelease.Name, metav1.GetOptions{})
+		if err != nil {
+			return nil, false, fmt.Errorf("failed to fetch current HelmRelease: %w", err)
+		}
+		helmRelease.SetResourceVersion(cur.GetResourceVersion())
+	}
+
 	// Merge system labels (from config) directly
 	helmRelease.Labels = mergeMaps(r.releaseConfig.Labels, helmRelease.Labels)
 	// Merge user labels with prefix
Author	SHA1	Message	Date
Ahmad Murzahmatov	c5ead0c48b	[feat] end-user environment setup Add script to automatically install all required packages on end-user system Linux distro independent, MacOS ready Signed-off-by: Ahmad Murzahmatov <gwynbleidd2106@yandex.com>	2025-07-09 20:10:58 +06:00
Andrei Kvapil	f628e7d9c7	[docs] Add backup and restore instructions for PostgreSQL (#1141 ) ## What this PR does Rephrase the descriptions for backup and restore variables ### Release note ```release-note [docs] Add backup and restore instructions for PostgreSQL ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Documentation * Updated PostgreSQL backup restore instructions to use a YAML configuration approach for bootstrapping from a backup, replacing previous shell command examples. * Clarified and restructured backup and recovery documentation, including detailed configuration examples for enabling backups with S3-compatible storage. * Improved descriptions and default values for backup-related configuration parameters for better clarity and consistency. * Chores * Incremented the PostgreSQL app chart version. * Updated version mapping for the PostgreSQL package. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-09 11:24:10 +02:00
klinch0	68d1646ae7	make velero deletable (#1176 ) <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note - make velero deletable ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Bug Fixes * Included the Velero Helm release in the pre-delete suspension process to ensure proper cleanup during teardown. * Chores * Updated the Kubernetes application chart version to 0.25.2. * Adjusted version mapping for improved tracking of releases. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-09 12:18:35 +03:00
kklinch0	8fde834e39	make velero addon deletable Signed-off-by: kklinch0 <kklinch0@gmail.com>	2025-07-09 11:52:44 +03:00
kklinch0	e99d238647	[docs] Add backup and restore instructions for PostgreSQL Rephrase the descriptions for backup and restore variables Co-authored-by: Nick Volynkin <nick.volynkin@gmail.com> Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-07-09 10:47:09 +02:00
Andrei Kvapil	e9435c2d3d	[docs] Fix a typo in preset resource tables in the README's (#1172 ) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Documentation * Updated documentation across multiple applications to reflect a change in the CPU allocation for the "large" resource preset from 3 CPUs to 2 CPUs. Memory allocation for this preset remains unchanged at 2Gi. No other documentation changes were made. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-09 10:42:39 +02:00
Andrei Kvapil	da3ee5d0ea	[virtual-machine] add comment about sshKeys logic Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-09 10:37:39 +02:00
Andrei Kvapil	411a465b14	[virtual-machine] Fix cloudInit and sshKeys (#1175 ) <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does fixes https://github.com/cozystack/cozystack/issues/1148 This PR does two things: 1. Fixes the cloud-init shebang (`e1382f51c6`) Dashboard comments were removed unintentionally, which also stripped out the cloud-init shebang. This fix puts it back. 2. Improves cloudInit option handling The update refines how various cloudInit options are processed, whether or not sshKeys are provided. ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [dashboard] Fix removing shebang for cloud init [virtual-machine] Fix cloudInit and sshKeys processing ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Cloud-init configuration now supports providing SSH keys even when explicit cloud-init data is not set, allowing for easier SSH access setup. * Refactor * Simplified and unified the logic for handling cloud-init and SSH key configuration in virtual machine templates, reducing complexity and improving maintainability. * Chores * Updated the default commit reference for Kubeapps components to a newer version in the dashboard build process. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-09 10:21:37 +02:00
Andrei Kvapil	cad57cd922	[cozystack-api] Fix updaing lists (#1171 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does When you update lists in cozystack objects, you might face with the error: ``` Warning: resource vminstances/mikrotik-demo is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used o n resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. warning: error calculating patch from openapi v3 spec: unable to find api field "disks" Error from server: error when applying patch: {"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"apps.cozystack.io/v1alpha1\",\"kind\":\"VMInstance\",\"metadata\":{\"annotations\":{},\"name \":\"mikrotik-demo\",\"namespace\":\"tenant-vasya\"},\"spec\":{\"disks\":[{\"bus\":\"sata\",\"name\":\"mikrotik-system\"},{\"name\":\"mikrotik-iso\"}],\"instanceProfile\":\"ubuntu\",\"instan ceType\":\"u1.medium\",\"running\":true}}\n"}},"spec":{"disks":[{"bus":"sata","name":"mikrotik-system"},{"name":"mikrotik-iso"}]}} to: Resource: "apps.cozystack.io/v1alpha1, Resource=vminstances", GroupVersionKind: "apps.cozystack.io/v1alpha1, Kind=VMInstance" Name: "mikrotik-demo", Namespace: "tenant-vasya" for: "/tmp/2": error when patching "/tmp/2": unable to find api field in struct JSON for the json field "disks" ``` This PR workarounds this. Related to https://github.com/cozystack/cozystack/pull/1168 ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [cozystack-api] Fix updaing lists on cozystack objects ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Enhancements * Made resource specifications more flexible by allowing any content under the specification property for dynamically registered resource kinds. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-09 10:20:30 +02:00
Andrei Kvapil	fe1776b4c8	[cozystack-api] Fix resourceVersion error (#1170 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does This PR fixes error: ``` failed to update HelmRelease: helmreleases.helm.toolkit.fluxcd.io "xxx" is invalid: metadata.resourceVersion: Invalid value: 0x0: must be specified for an update ``` ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [cozystack-api] Fix resourceVersion error ```	2025-07-09 10:20:14 +02:00
Andrei Kvapil	d9779d55ea	[cozystack-api] Fix singular name for cozystack resources (#1169 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [cozystack-api] Fix singular name for cozystack resources ```	2025-07-09 10:19:57 +02:00
Andrei Kvapil	74d3c89235	[vm-instance] Add bus option; Always specify bootOrder (#1168 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [vm-instance] Add bus option [vm-instance] Always specify bootOrder for all disks ```	2025-07-09 10:19:38 +02:00
Andrei Kvapil	c831f53444	[virtual-machine] Fix cloudInit and sshKeys Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-09 08:41:40 +02:00
Andrei Kvapil	2c68eee9f8	[cozystack-api] Fix updaing lists Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-08 20:23:06 +02:00
Andrei Kvapil	e6ffb4f4e5	[cozystack-api] Fix resourceVersion error Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-08 18:45:19 +02:00
Andrei Kvapil	e63cc1890e	[cozystack-api] Fix singular name for cozystack resources Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-08 18:09:12 +02:00
Andrei Kvapil	1079472a2a	[vm-instance] Add bus option; Always specify bootOrder Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-08 17:47:34 +02:00
Nick Volynkin	1609931e3f	[docs] Fix a typo in preset resource tables in the README's Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-07-08 16:17:23 +03:00
Andrei Kvapil	699d38d8b9	bugfix: vm and vmi add svc to dashboard (#1161 ) <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note - vm and vmi add svc to dashboard ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * New Features * Enhanced dashboard permissions to allow viewing and monitoring of specific service resources in both the virtual-machine and vm-instance applications. * Chores * Updated chart versions for virtual-machine (to 0.12.1) and vm-instance (to 0.9.1). * Refreshed version mappings for virtual-machine and vm-instance components. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-08 10:49:27 +02:00
Andrei Kvapil	acd4663aee	Release v0.33.1 (#1166 ) This PR prepares the release `v0.33.1`. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Chores * Updated container image tags and digests across multiple components to newer patch versions, including cluster-autoscaler, kubevirt-cloud-provider, kubevirt-csi-driver, cozystack installer, e2e testing service, matchbox, s3manager, cozystackAPI, cozystack-controller, dashboard, kubeapps, Kamaji, kubeovn-webhook, kubeovn, and kubevirt-csi-node. * Updated related configuration files to reflect the new image versions and digests. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-08 11:48:09 +03:00
kklinch0	f251cba363	bugfix: vm and vmi add svc to dashboard Signed-off-by: kklinch0 <kklinch0@gmail.com>	2025-07-08 10:02:34 +03:00
Andrei Kvapil	91a07dcda6	[postgres] Restrict password change for user postgres (#1164 ) Restrict password change for user postgres <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Chores * Updated the chart version for Postgres from 0.16.0 to 0.17.0. * Updated the versions map to reference the latest commit and added the new version. * Bug Fixes * Enhanced initialization script to forbid creating a user named "postgres," providing clear error messaging. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-08 09:25:11 +03:00
cozystack-bot	99552bf792	Prepare release v0.33.1 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-07-08 06:24:09 +00:00
Andrei Kvapil	45031055f8	[kubevirt-csi] Update Role of CSI controller (#1165 ) ## What this PR does Following a [recent update](`0171916b01`), the KubeVirt CSI controller now needs new permissions to manage volumes for tenant k8s clusters. This patch updates the role granted to the kcsi-controller deployment of each tenant k8s cluster. ### Release note ```release-note [kubevirt-csi] Update kcsi-controller role to align with the requirements of the version of the controller in use. ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Expanded permissions for Kubernetes infrastructure service accounts, including enhanced access to virtual machines, volume snapshots, and persistent volume claims. * Chores * Updated chart version to 0.25.1. * Refreshed version mapping for the Kubernetes package. * Made the CSI driver container image configurable via deployment settings. * Integrated CSI driver image reference into deployment configuration automatically. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-07-08 09:20:02 +03:00
Andrei Kvapil	d200017f74	Automatically set image for kubevirt-csi-node Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-07-08 09:19:03 +03:00
Ahmad Murzahmatov	f6eaca3843	[postgres] do not allow change postgres pwd Signed-off-by: Ahmad Murzahmatov <gwynbleidd2106@yandex.com>	2025-07-08 08:52:29 +06:00
Timofei Larkin	8d3324f958	[kubevirt-csi] Update Role of CSI controller Following a [recent update](`0171916b01`), the KubeVirt CSI controller now needs new permissions to manage volumes for tenant k8s clusters. Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-07-07 19:12:51 +03:00