Prepare release v0.28.2

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>

manifests/cozystack-installer.yaml

@@ -69,7 +69,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/cozystack/cozystack/installer:v0.28.0"
+        image: "ghcr.io/cozystack/cozystack/installer:v0.28.2"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -88,7 +88,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: assets
-        image: "ghcr.io/cozystack/cozystack/installer:v0.28.0"
+        image: "ghcr.io/cozystack/cozystack/installer:v0.28.2"
         command:
         - /usr/bin/cozystack-assets-server
         - "-dir=/cozystack/assets"

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.15.2@sha256:967e51702102d0dbd97f9847de4159d62681b31eb606322d2c29755393c2236e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.15.2@sha256:ea5cd225dbd1233afe2bfd727b9f90847f198f5d231871141d494d491fdee795

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.15.2@sha256:5e054eae6274963b6e84f87bf3330c94325103c6407b08bfb1189da721333b5c
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.15.2@sha256:de98b18691cbd1e0d7d886c57873c2ecdae7a5ab2e3c4c59f9a24bdc321622a9

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.15.2@sha256:cb4ab74099662f73e058f7c7495fb403488622c3425c06ad23b687bfa8bc805b
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.15.2@sha256:fdfa71edcb8a9f537926963fa11ad959fa2a20c08ba757c253b9587e8625b700

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.28.0@sha256:71ae2037ca44d49bbcf8be56c127ee92f2486089a8ea1cdd6508af49705956ac
+  image: ghcr.io/cozystack/cozystack/installer:v0.28.2@sha256:f13bad3220695e206ed5142228f37bd3afa49db2913a1fd52ab91f809c3a017b

packages/core/platform/bundles/paas-full.yaml

@@ -205,7 +205,7 @@ releases:
   releaseName: piraeus-operator
   chart: cozy-piraeus-operator
   namespace: cozy-linstor
-  dependsOn: [cilium,kubeovn,cert-manager]
+  dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator]
 
 - name: linstor
   releaseName: linstor

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.28.0@sha256:bb5e8f5d92e2e4305ea1cc7f007b3e98769645ab845f632b4788b9373cd207eb
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.28.2@sha256:bb5e8f5d92e2e4305ea1cc7f007b3e98769645ab845f632b4788b9373cd207eb

packages/extra/bootbox/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.28.0@sha256:b2002815727b71e2657a6f5b8ed558cc38fc21e81a39b9699266e558be03561f
+ghcr.io/cozystack/cozystack/matchbox:v0.28.2@sha256:d63d18eb6f10dc298339523f9bbf22127a874b340111df129028a83e3ea94fef

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:218d0c017ae556e5afd074366d9a3124f954c5aefc6474844942420cca8b7640
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:6965cf844afc34950bdcbd626cb8751a0556c87aa6dbaa20150ec6d5f0c428b5

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.28.0@sha256:718d6fbbb9806e3704c42b48ab28547da0618539761c5b2fa8740043966d7073
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.28.2@sha256:69b09f1416def58d9f556d80318e35d77fad6287a75d42ad47587b6fde12e5ba

packages/system/cozystack-controller/values.yaml

@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.28.0@sha256:6f6d356c4efcbb4faa1e636d3bda129626773894ce0c4d55a80a552ab9dbd06a
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.28.2@sha256:ec3888832affb2cb657774a64a9929aa0d2b5f92b064f7a4dd55540a0d93324e
   debug: false
   disableTelemetry: false
-  cozystackVersion: "v0.28.0"
+  cozystackVersion: "v0.28.2"

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.28.0",
+      "appVersion": "v0.28.2",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/values.yaml

@@ -18,14 +18,14 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: dashboard
-      tag: v0.28.0
+      tag: v0.28.2
       digest: "sha256:ebef6a0c4b0c9f0857fc82699abcaa7a135d18b5dafe129febc0bf90707f2f48"
   kubeappsapis:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: kubeapps-apis
-      tag: v0.28.0
+      tag: v0.28.2
-      digest: "sha256:281093b1e80221074188fdfea97775494de1cdef16974ee1f3c3d47b313eee0e"
+      digest: "sha256:54ca0e1381a5a42201ab7fa5c08eaa54c88491375773a3fb842bb9c09a252b97"
     pluginConfig:
       flux:
         packages:

packages/system/ingress-nginx/charts/ingress-nginx/Chart.yaml

@@ -1,9 +1,9 @@
 annotations:
   artifacthub.io/changes: |
-    - Update Ingress-Nginx version controller-v1.11.1
+    - Update Ingress-Nginx version controller-v1.11.2
   artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 1.11.1
+appVersion: 1.11.2
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
   load balancer
 home: https://github.com/kubernetes/ingress-nginx
@@ -22,4 +22,4 @@ maintainers:
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
-version: 4.11.1
+version: 4.11.2

packages/system/ingress-nginx/charts/ingress-nginx/README.md

@@ -2,7 +2,7 @@
 
 [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
 
-![Version: 4.11.1](https://img.shields.io/badge/Version-4.11.1-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square)
+![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square)
 
 To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
 
@@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.admissionWebhooks.namespaceSelector | object | `{}` |  |
 | controller.admissionWebhooks.objectSelector | object | `{}` |  |
 | controller.admissionWebhooks.patch.enabled | bool | `true` |  |
-| controller.admissionWebhooks.patch.image.digest | string | `"sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366"` |  |
+| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` |  |
 | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` |  |
 | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` |  |
-| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.1"` |  |
+| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` |  |
 | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
 | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
 | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` |  |
@@ -325,8 +325,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.hostname | object | `{}` | Optionally customize the pod hostname. |
 | controller.image.allowPrivilegeEscalation | bool | `false` |  |
 | controller.image.chroot | bool | `false` |  |
-| controller.image.digest | string | `"sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a"` |  |
+| controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` |  |
-| controller.image.digestChroot | string | `"sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d"` |  |
+| controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` |  |
 | controller.image.image | string | `"ingress-nginx/controller"` |  |
 | controller.image.pullPolicy | string | `"IfNotPresent"` |  |
 | controller.image.readOnlyRootFilesystem | bool | `false` |  |
@@ -334,7 +334,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.image.runAsNonRoot | bool | `true` |  |
 | controller.image.runAsUser | int | `101` |  |
 | controller.image.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| controller.image.tag | string | `"v1.11.1"` |  |
+| controller.image.tag | string | `"v1.11.2"` |  |
 | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
 | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
 | controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
@@ -400,11 +400,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
 | controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
 | controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | controller.opentelemetry.enabled | bool | `false` |  |
-| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` |  |
+| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` |  |
 | controller.opentelemetry.image.distroless | bool | `true` |  |
-| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` |  |
+| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` |  |
 | controller.opentelemetry.image.registry | string | `"registry.k8s.io"` |  |
-| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` |  |
+| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` |  |
 | controller.opentelemetry.name | string | `"opentelemetry"` |  |
 | controller.opentelemetry.resources | object | `{}` |  |
 | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |

packages/system/ingress-nginx/charts/ingress-nginx/templates/_helpers.tpl

@@ -244,15 +244,6 @@ Return the appropriate apiGroup for PodSecurityPolicy.
 {{- end -}}
 {{- end -}}
 
-{{/*
-Check the ingress controller version tag is at most three versions behind the last release
-*/}}
-{{- define "isControllerTagValid" -}}
-{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
-{{- fail "Controller container image tag should be 0.27.0 or higher" -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Extra modules.
 */}}

packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-daemonset.yaml

@@ -1,5 +1,4 @@
 {{- if eq .Values.controller.kind "DaemonSet" -}}
-{{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:

packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-deployment.yaml

@@ -1,5 +1,4 @@
 {{- if eq .Values.controller.kind "Deployment" -}}
-{{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-daemonset_test.yaml

@@ -138,3 +138,13 @@ tests:
                         values:
                           - controller
                   topologyKey: kubernetes.io/hostname
+
+  - it: should create a DaemonSet with a custom tag if `controller.image.tag` is set
+    set:
+      controller.kind: DaemonSet
+      controller.image.tag: my-little-custom-tag
+      controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd

packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-deployment_test.yaml

@@ -160,3 +160,12 @@ tests:
                         values:
                           - controller
                   topologyKey: kubernetes.io/hostname
+
+  - it: should create a Deployment with a custom tag if `controller.image.tag` is set
+    set:
+      controller.image.tag: my-little-custom-tag
+      controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd

packages/system/ingress-nginx/charts/ingress-nginx/values.yaml

@@ -26,9 +26,9 @@ controller:
     ## for backwards compatibility consider setting the full image url via the repository value below
     ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
     ## repository:
-    tag: "v1.11.1"
+    tag: "v1.11.2"
-    digest: sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
+    digest: sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
-    digestChroot: sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
+    digestChroot: sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
     pullPolicy: IfNotPresent
     runAsNonRoot: true
     # www-data -> uid 101
@@ -706,12 +706,12 @@ controller:
     name: opentelemetry
     image:
       registry: registry.k8s.io
-      image: ingress-nginx/opentelemetry
+      image: ingress-nginx/opentelemetry-1.25.3
       ## for backwards compatibility consider setting the full image url via the repository value below
       ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
       ## repository:
-      tag: "v20230721-3e2062ee5"
+      tag: v20240813-b933310d
-      digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
+      digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
       distroless: true
     containerSecurityContext:
       runAsNonRoot: true
@@ -804,8 +804,8 @@ controller:
         ## for backwards compatibility consider setting the full image url via the repository value below
         ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
         ## repository:
-        tag: v1.4.1
+        tag: v1.4.3
-        digest: sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366
+        digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
         pullPolicy: IfNotPresent
       # -- Provide a priority class name to the webhook patching job
       ##

packages/system/ingress-nginx/values.yaml

@@ -4,9 +4,9 @@ ingress-nginx:
       enable-ssl-passthrough: ""
     image:
       registry: ghcr.io
-      image: kvaps/ingress-nginx-with-protobuf-exporter/controller
+      image: cozystack/ingress-nginx-with-protobuf-exporter/controller
       tag: v1.11.2
-      digest: sha256:e80856ece4e30e9646d65c8d92c25a3446a0bba1c2468cd026f17df9e60d2c0f
+      digest: sha256:beba8869ee370599e1f26557a9669ebdc9481c07b34059f348eb3e17b647e7e0
     allowSnippetAnnotations: true
     replicaCount: 2
     admissionWebhooks:
@@ -16,10 +16,17 @@ ingress-nginx:
       enabled: true
     extraContainers:
     - name: protobuf-exporter
-      image: ghcr.io/kvaps/ingress-nginx-with-protobuf-exporter/protobuf-exporter:v1.11.2@sha256:25ed6a5f508bbc59134ad786f1e765d1c2187742075a4e828d68ef3f07a78e52
+      image: ghcr.io/kvaps/ingress-nginx-with-protobuf-exporter/protobuf-exporter:v1.11.2@sha256:6d9235a9ee6f2be1921db4687afbdcd85d145b087dd916b5a96455bdb5cff560
       args:
       - --server.telemetry-address=0.0.0.0:9090
       - --server.exporter-address=0.0.0.0:9091
+      resources:
+        limits:
+          cpu: 100m
+          memory: 90Mi
+        requests:
+          cpu: 100m
+          memory: 90Mi
     service:
       #type: NodePort # ClusterIP
       externalTrafficPolicy: "Local"
@@ -40,8 +47,22 @@ ingress-nginx:
       upstream-keepalive-timeout: "60"
       upstream-keepalive-connections: "320"
       ssl-session-tickets: "true"
-
+    resources:
+      limits:
+        cpu: "1"
+        memory: 2048Mi
+      requests:
+        cpu: 100m
+        memory: 90Mi
 
   defaultBackend:
     ##
     enabled: true
+    resources:
+      limits:
+        cpu: 10m
+        memory: 20Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.28.0@sha256:a08dfd9be67e0dc089be14a9d29cdd65e6301b3a43d1fa01ff479d43d384c2a7
+    tag: v0.28.2@sha256:20fda048d6097b59bdb4d2b036d2890ca85f1ba1ec7051182831e4559edfa226
     repository: ghcr.io/cozystack/cozystack/kamaji
   resources:
     limits:

packages/system/kubeovn-webhook/values.yaml

@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.28.0@sha256:7412c1e3f5a1f0bc27b1d4a91c4715a88017fcbf758f838b51ea2005ec3cf7b2
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.28.2@sha256:587f25f7005d68f2e46f1fc135b35eabdb5bc43c7d60f617eb75bd608d876bab

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.3@sha256:1ce5fb7d596d2a6a52982e3d7541d56d75e14e8b0a1331c262bcbb9793a317af
+      tag: v1.13.3@sha256:8c4d665b67562286ded1fa796a747c4c621bc59d77f2854615fd66fd572fffcb

packages/system/vertical-pod-autoscaler/Makefile

@@ -1,11 +1,11 @@
-export NAME=victoria-metrics-operator
+export NAME=vertical-pod-autoscaler
 export NAMESPACE=cozy-$(NAME)
 
 include ../../../scripts/package.mk
 
 update:
 	rm -rf charts
-	# VictoriaMetrics operator
+	# VirtualPodAutoscaler operator
 	helm repo add cowboysysop https://cowboysysop.github.io/charts/
 	helm repo update cowboysysop
 	helm pull cowboysysop/vertical-pod-autoscaler --untar --untardir charts