Update talos v1.8.1 (#448 )

Prepare release v0.17.0 (#444 )
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>  ## Summary by CodeRabbit ## Release Notes - **New Features** - Updated various container images to newer versions, enhancing performance and security. - **Bug Fixes** - Resolved issues by updating image tags and digests for several components, ensuring consistency and stability. - **Documentation** - Incremented version numbers in configuration files for clarity and tracking. - **Chores** - Updated image tags and digests across multiple services to maintain up-to-date deployments.  Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-01-28 18:18:41 +00:00 · 2024-10-21 17:29:39 +02:00 · 2024-10-21 16:02:11 +02:00 · 2024-10-21 14:27:25 +02:00 · 2024-10-21 13:20:17 +02:00 · 2024-10-21 13:19:00 +02:00
1391 changed files with 178235 additions and 100419 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @kvaps
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,35 @@
+name: Pre-Commit Checks
+
+on: [push, pull_request]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install pre-commit
+        run: pip install pre-commit
+
+      - name: Run pre-commit hooks
+        run: |
+          git fetch origin main || git fetch origin master
+          base_commit=$(git rev-parse --verify origin/main || git rev-parse --verify origin/master || echo "")
+
+          if [ -z "$base_commit" ]; then
+            files=$(git ls-files '*.yaml' '*.md')
+          else
+            files=$(git diff --name-only "$base_commit" -- '*.yaml' '*.md')
+          fi
+
+          if [ -n "$files" ]; then
+            echo "$files" | xargs pre-commit run --files
+          else
+            echo "No YAML or Markdown files to lint"
+          fi
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,78 @@
 _out
 .git
-.idea
+.idea
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+.DS_Store
+**/.DS_Store
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,16 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.5.0
+  hooks:
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+    - id: mixed-line-ending
+      args: [--fix=lf]
+    - id: check-yaml
+      exclude: '^.*templates/.*\.yaml$'
+      args: [--unsafe]
+- repo: https://github.com/igorshubovych/markdownlint-cli
+  rev: v0.41.0
+  hooks:
+  - id: markdownlint
+    args: [--fix, --disable, MD013, MD041, --]
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -26,3 +26,6 @@ This list is sorted in chronological order, based on the submission date.
 | Organization | Contact | Date | Description of Use |
 | ------------ | ------- | ---- | ------------------ |
 | [Ænix](https://aenix.io/) | @kvaps | 2024-02-14 | Ænix provides consulting services for cloud providers and uses Cozystack as the main tool for organizing managed services for them. |
+| [Mediatech](https://mediatech.dev/) | @ugenk | 2024-05-01 | We're developing and hosting software for our and our custmer services. We're using cozystack as a kubernetes distribution for that. |
+| [Bootstack](https://bootstack.app/) | @mrkhachaturov | 2024-08-01| At Bootstack, we utilize a Kubernetes operator specifically designed to simplify and streamline cloud infrastructure creation.|
+| [gohost](https://gohost.kz/) | @karabass_off | 2024-02-01| Our company has been working in the market of Kazakhstan for more than 15 years, providing clients with a standard set of services: VPS/VDC, IaaS, shared hosting, etc. Now we are expanding the lineup by introducing Bare Metal Kubenetes cluster under Cozystack management.|
--- a/15
+++ b/15
@@ -2,8 +2,16 @@

 build:
 	make -C packages/apps/http-cache image
+	make -C packages/apps/postgres image
+	make -C packages/apps/mysql image
+	make -C packages/apps/clickhouse image
 	make -C packages/apps/kubernetes image
+	make -C packages/system/cilium image
+	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
+	make -C packages/system/kamaji image
+	make -C packages/system/bucket image
+	make -C packages/core/testing image
 	make -C packages/core/installer image
 	make manifests

@@ -18,6 +26,13 @@ repos:
 	make -C packages/system repo
 	make -C packages/apps repo
 	make -C packages/extra repo
+	mkdir -p _out/logos
+	cp ./packages/apps/*/logos/*.svg ./packages/extra/*/logos/*.svg _out/logos/

 assets:
 	make -C packages/core/installer/ assets
+
+test:
+	make -C packages/core/testing apply
+	make -C packages/core/testing test
+	make -C packages/core/testing delete
--- a/README.md
+++ b/README.md
@@ -58,6 +58,8 @@ Commits are used to generate the changelog, and their author will be referenced

 In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/aenix-io/cozystack/discussions/categories/feature-requests).

+You can join our weekly community meetings (just add this events to your [Google Calendar](https://calendar.google.com/calendar?cid=ZTQzZDIxZTVjOWI0NWE5NWYyOGM1ZDY0OWMyY2IxZTFmNDMzZTJlNjUzYjU2ZGJiZGE3NGNhMzA2ZjBkMGY2OEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) or [iCal](https://calendar.google.com/calendar/ical/e43d21e5c9b45a95f28c5d649c2cb1e1f433e2e653b56dbbda74ca306f0d0f68%40group.calendar.google.com/public/basic.ics)) or [Telegram group](https://t.me/cozystack).
+
 ## License

 Cozystack is licensed under Apache 2.0.  
--- a/dashboards/control-plane/deprecated-resources.json
+++ b/dashboards/control-plane/deprecated-resources.json
@@ -590,6 +590,25 @@
        "skipUrlSync": false,
        "sort": 0,
        "type": "query"
+      },
+      {
+        "current": {
+          "selected": false,
+          "text": "default",
+          "value": "default"
+        },
+        "hide": 2,
+        "includeAll": false,
+        "label": "Prometheus",
+        "multi": false,
+        "name": "ds_prometheus",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
      }
    ]
  },
--- a/dashboards/dotdc/k8s-system-coredns.json
+++ b/dashboards/dotdc/k8s-system-coredns.json
@@ -120,9 +120,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "value_and_name"
+        "showPercentChange": false,
+        "textMode": "value_and_name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.0.1",
+      "pluginVersion": "10.4.1",
      "targets": [
        {
          "datasource": {
@@ -130,7 +132,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "up{job=\"coredns\", instance=~\"$instance\"}",
+          "expr": "up{job=~\"$job\", instance=~\"$instance\", cluster=~\"$cluster\"}",
          "interval": "",
          "legendFormat": "{{ instance }}",
          "refId": "A"
@@ -150,6 +152,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -163,6 +166,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -225,7 +229,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "rate(process_cpu_seconds_total{job=\"coredns\", instance=~\"$instance\"}[$__rate_interval])",
+          "expr": "rate(process_cpu_seconds_total{job=~\"$job\", instance=~\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])",
          "interval": "$resolution",
          "legendFormat": "{{ instance }}",
          "refId": "A"
@@ -245,6 +249,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -258,6 +263,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -319,7 +325,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "process_resident_memory_bytes{job=\"coredns\", instance=~\"$instance\"}",
+          "expr": "process_resident_memory_bytes{job=~\"$job\", instance=~\"$instance\", cluster=~\"$cluster\"}",
          "interval": "",
          "legendFormat": "{{ instance }}",
          "refId": "A"
@@ -339,6 +345,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -352,6 +359,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -413,7 +421,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_dns_requests_total{instance=~\"$instance\",proto=\"$protocol\"}[$__rate_interval]))",
+          "expr": "sum(rate(coredns_dns_requests_total{instance=~\"$instance\",proto=\"$protocol\", cluster=~\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "total $protocol requests",
          "refId": "A"
@@ -433,6 +441,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -446,6 +455,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -507,7 +517,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_dns_request_size_bytes_sum{instance=~\"$instance\",proto=\"$protocol\"}[$__rate_interval])) by (proto) / sum(rate(coredns_dns_request_size_bytes_count{instance=~\"$instance\",proto=\"$protocol\"}[$__rate_interval])) by (proto)",
+          "expr": "sum(rate(coredns_dns_request_size_bytes_sum{instance=~\"$instance\",proto=\"$protocol\", cluster=~\"$cluster\"}[$__rate_interval])) by (proto) / sum(rate(coredns_dns_request_size_bytes_count{instance=~\"$instance\",proto=\"$protocol\", cluster=~\"$cluster\"}[$__rate_interval])) by (proto)",
          "interval": "$resolution",
          "legendFormat": "average $protocol packet size",
          "refId": "A"
@@ -527,6 +537,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -540,6 +551,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -601,7 +613,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[$__rate_interval])) by (type)",
+          "expr": "sum(rate(coredns_dns_requests_total{instance=~\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])) by (type)",
          "interval": "$resolution",
          "legendFormat": "{{ type }}",
          "refId": "A"
@@ -621,6 +633,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -634,6 +647,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -695,7 +709,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_dns_responses_total{instance=~\"$instance\"}[$__rate_interval])) by (rcode)",
+          "expr": "sum(rate(coredns_dns_responses_total{instance=~\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])) by (rcode)",
          "interval": "$resolution",
          "legendFormat": "{{ rcode }}",
          "refId": "A"
@@ -715,6 +729,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -728,6 +743,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -789,7 +805,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_forward_requests_total[$__rate_interval]))",
+          "expr": "sum(rate(coredns_forward_requests_total{cluster=~\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "total forward requests",
          "refId": "A"
@@ -809,6 +825,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -822,6 +839,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -883,7 +901,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_forward_responses_total{rcode=~\"SERVFAIL|REFUSED\"}[$__rate_interval])) by (rcode)",
+          "expr": "sum(rate(coredns_forward_responses_total{rcode=~\"SERVFAIL|REFUSED\", cluster=~\"$cluster\"}[$__rate_interval])) by (rcode)",
          "interval": "$resolution",
          "legendFormat": "{{ rcode }}",
          "refId": "A"
@@ -903,6 +921,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -916,6 +935,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -977,7 +997,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_cache_hits_total{instance=~\"$instance\"}[$__rate_interval])) by (type)",
+          "expr": "sum(rate(coredns_cache_hits_total{instance=~\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])) by (type)",
          "interval": "$resolution",
          "legendFormat": "{{ type }}",
          "refId": "A"
@@ -988,7 +1008,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(coredns_cache_misses_total{instance=~\"$instance\"}[$__rate_interval])) by (type)",
+          "expr": "sum(rate(coredns_cache_misses_total{instance=~\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])) by (type)",
          "interval": "$resolution",
          "legendFormat": "misses",
          "refId": "B"
@@ -1008,6 +1028,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -1021,6 +1042,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "smooth",
            "lineWidth": 2,
            "pointSize": 5,
@@ -1082,7 +1104,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(coredns_cache_entries) by (type)",
+          "expr": "sum(coredns_cache_entries{cluster=~\"$cluster\"}) by (type)",
          "interval": "",
          "legendFormat": "{{ type }}",
          "refId": "A"
@@ -1143,7 +1165,8 @@
          "layout": "auto"
        },
        "tooltip": {
-          "show": true,
+          "mode": "single",
+          "showColorScale": false,
          "yHistogram": false
        },
        "yAxis": {
@@ -1152,7 +1175,7 @@
          "unit": "s"
        }
      },
-      "pluginVersion": "10.0.1",
+      "pluginVersion": "10.4.1",
      "targets": [
        {
          "datasource": {
@@ -1160,7 +1183,7 @@
            "uid": "${datasource}"
          },
          "editorMode": "code",
-          "expr": "sum(increase(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[$__rate_interval])) by (le)",
+          "expr": "sum(increase(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\", cluster=~\"$cluster\"}[$__rate_interval])) by (le)",
          "format": "heatmap",
          "legendFormat": "{{le}}",
          "range": true,
@@ -1196,85 +1219,6 @@
        "x": 12,
        "y": 43
      },
-      "id": 30,
-      "options": {
-        "calculate": false,
-        "cellGap": 1,
-        "color": {
-          "exponent": 0.5,
-          "fill": "dark-orange",
-          "mode": "scheme",
-          "reverse": false,
-          "scale": "exponential",
-          "scheme": "RdYlBu",
-          "steps": 64
-        },
-        "exemplars": {
-          "color": "rgba(255,0,255,0.7)"
-        },
-        "filterValues": {
-          "le": 1e-9
-        },
-        "legend": {
-          "show": true
-        },
-        "rowsFrame": {
-          "layout": "auto"
-        },
-        "tooltip": {
-          "show": true,
-          "yHistogram": false
-        },
-        "yAxis": {
-          "axisPlacement": "left",
-          "reverse": false,
-          "unit": "s"
-        }
-      },
-      "pluginVersion": "10.0.1",
-      "targets": [
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "${datasource}"
-          },
-          "editorMode": "code",
-          "expr": "sum(increase(coredns_forward_request_duration_seconds_bucket{instance=~\"$instance\"}[$__rate_interval])) by (le)",
-          "format": "heatmap",
-          "legendFormat": "{{le}}",
-          "range": true,
-          "refId": "A"
-        }
-      ],
-      "title": "CoreDNS - Forward request duration",
-      "type": "heatmap"
-    },
-    {
-      "datasource": {
-        "type": "prometheus",
-        "uid": "${datasource}"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "custom": {
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            },
-            "scaleDistribution": {
-              "type": "linear"
-            }
-          }
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 10,
-        "w": 12,
-        "x": 0,
-        "y": 53
-      },
      "id": 28,
      "options": {
        "calculate": false,
@@ -1301,7 +1245,8 @@
          "layout": "auto"
        },
        "tooltip": {
-          "show": true,
+          "mode": "single",
+          "showColorScale": false,
          "yHistogram": false
        },
        "yAxis": {
@@ -1310,7 +1255,7 @@
          "unit": "decbytes"
        }
      },
-      "pluginVersion": "10.0.1",
+      "pluginVersion": "10.4.1",
      "targets": [
        {
          "datasource": {
@@ -1318,7 +1263,7 @@
            "uid": "${datasource}"
          },
          "editorMode": "code",
-          "expr": "sum(increase(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\", le!=\"0\"}[$__rate_interval])) by (le)",
+          "expr": "sum(increase(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\", le!=\"0\", cluster=~\"$cluster\"}[$__rate_interval])) by (le)",
          "format": "heatmap",
          "legendFormat": "{{le}}",
          "range": true,
@@ -1351,7 +1296,7 @@
      "gridPos": {
        "h": 10,
        "w": 12,
-        "x": 12,
+        "x": 0,
        "y": 53
      },
      "id": 29,
@@ -1380,7 +1325,8 @@
          "layout": "auto"
        },
        "tooltip": {
-          "show": true,
+          "mode": "single",
+          "showColorScale": false,
          "yHistogram": false
        },
        "yAxis": {
@@ -1389,7 +1335,7 @@
          "unit": "decbytes"
        }
      },
-      "pluginVersion": "10.0.1",
+      "pluginVersion": "10.4.1",
      "targets": [
        {
          "datasource": {
@@ -1397,7 +1343,7 @@
            "uid": "${datasource}"
          },
          "editorMode": "code",
-          "expr": "sum(increase(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\", le!=\"0\"}[$__rate_interval])) by (le)",
+          "expr": "sum(increase(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\", le!=\"0\", cluster=~\"$cluster\"}[$__rate_interval])) by (le)",
          "format": "heatmap",
          "legendFormat": "{{le}}",
          "range": true,
@@ -1409,8 +1355,7 @@
    }
  ],
  "refresh": "30s",
-  "schemaVersion": 38,
-  "style": "dark",
+  "schemaVersion": 39,
  "tags": [
    "Kubernetes",
    "Prometheus"
@@ -1435,6 +1380,34 @@
        "skipUrlSync": false,
        "type": "datasource"
      },
+      {
+        "current": {
+          "isNone": true,
+          "selected": false,
+          "text": "None",
+          "value": ""
+        },
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info,cluster)",
+        "hide": 0,
+        "includeAll": false,
+        "multi": false,
+        "name": "cluster",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(kube_node_info,cluster)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
      {
        "current": {
          "selected": false,
@@ -1445,7 +1418,7 @@
          "type": "prometheus",
          "uid": "${datasource}"
        },
-        "definition": "label_values(up{job=\"coredns\"}, instance)",
+        "definition": "label_values(up{job=\"$job\", cluster=\"$cluster\"},instance)",
        "hide": 0,
        "includeAll": true,
        "label": "",
@@ -1453,8 +1426,9 @@
        "name": "instance",
        "options": [],
        "query": {
-          "query": "label_values(up{job=\"coredns\"}, instance)",
-          "refId": "StandardVariableQuery"
+          "qryType": 1,
+          "query": "label_values(up{job=\"$job\", cluster=\"$cluster\"},instance)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
        },
        "refresh": 1,
        "regex": "",
@@ -1476,7 +1450,7 @@
          "type": "prometheus",
          "uid": "${datasource}"
        },
-        "definition": "label_values(coredns_dns_requests_total, proto)",
+        "definition": "label_values(coredns_dns_requests_total{cluster=\"$cluster\"}, proto)",
        "hide": 0,
        "includeAll": false,
        "label": "",
@@ -1484,7 +1458,7 @@
        "name": "protocol",
        "options": [],
        "query": {
-          "query": "label_values(coredns_dns_requests_total, proto)",
+          "query": "label_values(coredns_dns_requests_total{cluster=\"$cluster\"}, proto)",
          "refId": "StandardVariableQuery"
        },
        "refresh": 1,
@@ -1498,7 +1472,7 @@
      },
      {
        "current": {
-          "selected": true,
+          "selected": false,
          "text": "30s",
          "value": "30s"
        },
@@ -1542,6 +1516,37 @@
        "queryValue": "",
        "skipUrlSync": false,
        "type": "custom"
+      },
+      {
+        "current": {
+          "selected": true,
+          "text": [
+            "coredns"
+          ],
+          "value": [
+            "coredns"
+          ]
+        },
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(coredns_build_info{cluster=\"$cluster\"},job)",
+        "hide": 0,
+        "includeAll": false,
+        "multi": true,
+        "name": "job",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(coredns_build_info{cluster=\"$cluster\"},job)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
      }
    ]
  },
@@ -1553,6 +1558,6 @@
  "timezone": "",
  "title": "Kubernetes / System / CoreDNS",
  "uid": "k8s_system_coredns",
-  "version": 13,
+  "version": 18,
  "weekStart": ""
 }
--- a/dashboards/dotdc/k8s-views-global.json
+++ b/dashboards/dotdc/k8s-views-global.json
--- a/dashboards/dotdc/k8s-views-namespaces.json
+++ b/dashboards/dotdc/k8s-views-namespaces.json
--- a/dashboards/dotdc/k8s-views-pods.json
+++ b/dashboards/dotdc/k8s-views-pods.json
@@ -108,6 +108,7 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "mappings": [],
@@ -136,6 +137,7 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [
            "mean"
@@ -143,17 +145,20 @@
          "fields": "",
          "values": false
        },
-        "textMode": "name"
+        "showPercentChange": false,
+        "textMode": "name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${datasource}"
          },
+          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\"}",
+          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}",
          "instant": true,
          "interval": "",
          "legendFormat": "{{ created_by_kind }}: {{ created_by_name }}",
@@ -168,12 +173,13 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "links": [
            {
              "title": "",
-              "url": "/d/k8s_views_nodes/kubernetes-views-nodes?var-datasource=${datasource}&var-node=${__data.fields.node}"
+              "url": "/d/k8s_views_nodes/kubernetes-views-nodes?var-datasource=${datasource}&var-node=${__field.labels.node}"
            }
          ],
          "mappings": [],
@@ -202,6 +208,7 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [
            "mean"
@@ -209,17 +216,20 @@
          "fields": "",
          "values": false
        },
-        "textMode": "name"
+        "showPercentChange": false,
+        "textMode": "name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${datasource}"
          },
+          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\"}",
+          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}",
          "instant": true,
          "interval": "",
          "legendFormat": "{{ node }}",
@@ -234,6 +244,7 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "mappings": [],
@@ -262,6 +273,7 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [
            "mean"
@@ -269,17 +281,20 @@
          "fields": "",
          "values": false
        },
-        "textMode": "name"
+        "showPercentChange": false,
+        "textMode": "name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${datasource}"
          },
+          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\"}",
+          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}",
          "instant": true,
          "interval": "",
          "legendFormat": "{{ pod_ip }}",
@@ -294,6 +309,7 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "mappings": [],
@@ -322,6 +338,7 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [
            "mean"
@@ -329,9 +346,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "name"
+        "showPercentChange": false,
+        "textMode": "name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -340,7 +359,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\", priority_class!=\"\"}",
+          "expr": "kube_pod_info{namespace=\"$namespace\", pod=\"$pod\", priority_class!=\"\", cluster=\"$cluster\"}",
          "format": "time_series",
          "instant": true,
          "interval": "",
@@ -357,6 +376,7 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -419,14 +439,17 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [],
          "fields": "",
          "values": false
        },
-        "textMode": "name"
+        "showPercentChange": false,
+        "textMode": "name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -435,7 +458,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_status_qos_class{namespace=\"$namespace\", pod=\"$pod\"} > 0",
+          "expr": "kube_pod_status_qos_class{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"} > 0",
          "instant": true,
          "interval": "",
          "legendFormat": "{{ qos_class }}",
@@ -450,6 +473,7 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "mappings": [],
@@ -482,14 +506,17 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [],
          "fields": "",
          "values": false
        },
-        "textMode": "name"
+        "showPercentChange": false,
+        "textMode": "name",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -498,7 +525,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_container_status_last_terminated_reason{namespace=\"$namespace\", pod=\"$pod\"}",
+          "expr": "kube_pod_container_status_last_terminated_reason{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}",
          "instant": true,
          "interval": "",
          "legendFormat": "{{ reason }}",
@@ -513,6 +540,7 @@
        "type": "prometheus",
        "uid": "${datasource}"
      },
+      "description": "Panel only works when a single pod is selected.",
      "fieldConfig": {
        "defaults": {
          "mappings": [],
@@ -549,14 +577,17 @@
        "graphMode": "none",
        "justifyMode": "auto",
        "orientation": "auto",
+        "percentChangeColorMode": "standard",
        "reduceOptions": {
          "calcs": [],
          "fields": "",
          "values": true
        },
-        "textMode": "value"
+        "showPercentChange": false,
+        "textMode": "value",
+        "wideLayout": true
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -565,7 +596,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "kube_pod_container_status_last_terminated_exitcode{namespace=\"$namespace\", pod=\"$pod\"}",
+          "expr": "kube_pod_container_status_last_terminated_exitcode{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}",
          "instant": true,
          "interval": "",
          "legendFormat": "__auto",
@@ -646,6 +677,8 @@
      },
      "id": 39,
      "options": {
+        "minVizHeight": 75,
+        "minVizWidth": 75,
        "orientation": "auto",
        "reduceOptions": {
          "calcs": [
@@ -655,9 +688,10 @@
          "values": false
        },
        "showThresholdLabels": false,
-        "showThresholdMarkers": true
+        "showThresholdMarkers": true,
+        "sizing": "auto"
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -666,7 +700,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}[$__rate_interval])) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"})",
+          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}[$__rate_interval])) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=~\"$pod\", resource=\"cpu\", job=~\"$job\", cluster=\"$cluster\"})",
          "instant": true,
          "interval": "$resolution",
          "legendFormat": "Requests",
@@ -716,6 +750,8 @@
      },
      "id": 48,
      "options": {
+        "minVizHeight": 75,
+        "minVizWidth": 75,
        "orientation": "auto",
        "reduceOptions": {
          "calcs": [
@@ -725,9 +761,10 @@
          "values": false
        },
        "showThresholdLabels": false,
-        "showThresholdMarkers": true
+        "showThresholdMarkers": true,
+        "sizing": "auto"
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -736,7 +773,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}[$__rate_interval])) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"})",
+          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}[$__rate_interval])) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=~\"$pod\", resource=\"cpu\", job=~\"$job\", cluster=\"$cluster\"})",
          "instant": true,
          "interval": "$resolution",
          "legendFormat": "Limits",
@@ -790,6 +827,8 @@
      },
      "id": 40,
      "options": {
+        "minVizHeight": 75,
+        "minVizWidth": 75,
        "orientation": "auto",
        "reduceOptions": {
          "calcs": [
@@ -799,17 +838,19 @@
          "values": false
        },
        "showThresholdLabels": false,
-        "showThresholdMarkers": true
+        "showThresholdMarkers": true,
+        "sizing": "auto"
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${datasource}"
          },
+          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"})",
+          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=~\"$pod\", resource=\"memory\", job=~\"$job\", cluster=\"$cluster\"})",
          "instant": true,
          "interval": "$resolution",
          "legendFormat": "Requests",
@@ -859,6 +900,8 @@
      },
      "id": 49,
      "options": {
+        "minVizHeight": 75,
+        "minVizWidth": 75,
        "orientation": "auto",
        "reduceOptions": {
          "calcs": [
@@ -868,17 +911,19 @@
          "values": false
        },
        "showThresholdLabels": false,
-        "showThresholdMarkers": true
+        "showThresholdMarkers": true,
+        "sizing": "auto"
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${datasource}"
          },
+          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) ",
+          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=~\"$pod\", resource=\"memory\", job=~\"$job\", cluster=\"$cluster\"}) ",
          "instant": true,
          "interval": "$resolution",
          "legendFormat": "Limits",
@@ -988,7 +1033,7 @@
        "showHeader": true,
        "sortBy": []
      },
-      "pluginVersion": "10.1.0",
+      "pluginVersion": "11.2.0",
      "targets": [
        {
          "datasource": {
@@ -997,7 +1042,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)",
+          "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=~\"$pod\", resource=\"cpu\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "format": "table",
          "instant": true,
          "interval": "",
@@ -1012,7 +1057,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)",
+          "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=~\"$pod\", resource=\"cpu\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "format": "table",
          "instant": true,
          "interval": "",
@@ -1027,7 +1072,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)",
+          "expr": "sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=~\"$pod\", resource=\"memory\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "format": "table",
          "instant": true,
          "interval": "",
@@ -1041,7 +1086,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)",
+          "expr": "sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=~\"$pod\", resource=\"memory\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "format": "table",
          "instant": true,
          "interval": "",
@@ -1055,7 +1100,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=\"$pod\", image!=\"\", container!=\"\"}[$__rate_interval])) by (container)",
+          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)",
          "format": "table",
          "hide": false,
          "instant": true,
@@ -1070,7 +1115,7 @@
          },
          "editorMode": "code",
          "exemplar": false,
-          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=\"$pod\", image!=\"\", container!=\"\"}) by (container)",
+          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", container!=\"\", cluster=\"$cluster\"}) by (container)",
          "format": "table",
          "hide": false,
          "instant": true,
@@ -1181,11 +1226,13 @@
            "mode": "thresholds"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "Percent",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1271,7 +1318,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}[$__rate_interval])) by (container) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)",
+          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=~\"$pod\", resource=\"cpu\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "interval": "$resolution",
          "legendFormat": "{{ container }}  REQUESTS",
          "range": true,
@@ -1283,7 +1330,7 @@
            "uid": "${datasource}"
          },
          "editorMode": "code",
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}[$__rate_interval])) by (container) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)",
+          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=~\"$pod\", resource=\"cpu\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "hide": false,
          "legendFormat": "{{ container }}  LIMITS",
          "range": true,
@@ -1305,11 +1352,13 @@
            "mode": "thresholds"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "Percent",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1398,7 +1447,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)",
+          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}) by (container) / sum(kube_pod_container_resource_requests{namespace=\"$namespace\", pod=~\"$pod\", resource=\"memory\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "interval": "",
          "legendFormat": "{{ container }} REQUESTS",
          "range": true,
@@ -1410,7 +1459,7 @@
            "uid": "${datasource}"
          },
          "editorMode": "code",
-          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)",
+          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", cluster=\"$cluster\"}) by (container) / sum(kube_pod_container_resource_limits{namespace=\"$namespace\", pod=~\"$pod\", resource=\"memory\", job=~\"$job\", cluster=\"$cluster\"}) by (container)",
          "hide": false,
          "legendFormat": "{{ container }} LIMITS",
          "range": true,
@@ -1431,11 +1480,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "CPU Cores",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1532,7 +1583,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=\"$pod\", image!=\"\", container!=\"\"}[$__rate_interval])) by (container)",
+          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)",
          "interval": "$resolution",
          "legendFormat": "{{ container }}",
          "range": true,
@@ -1553,11 +1604,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "Bytes",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1637,7 +1690,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=\"$pod\", image!=\"\", container!=\"\"}) by (container)",
+          "expr": "sum(container_memory_working_set_bytes{namespace=\"$namespace\", pod=~\"$pod\", image!=\"\", container!=\"\", cluster=\"$cluster\"}) by (container)",
          "interval": "",
          "legendFormat": "{{ container }}",
          "range": true,
@@ -1659,11 +1712,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "SECONDS",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1745,7 +1800,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\", pod=\"$pod\", image!=\"\", container!=\"\"}[$__rate_interval])) by (container)",
+          "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\", pod=~\"$pod\", image!=\"\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)",
          "interval": "$resolution",
          "legendFormat": "{{ container }}",
          "range": true,
@@ -1780,11 +1835,13 @@
            "mode": "thresholds"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "Percent",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1873,7 +1930,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(increase(container_oom_events_total{namespace=\"${namespace}\", pod=\"${pod}\", container!=\"\"}[$__rate_interval])) by (container)",
+          "expr": "sum(increase(container_oom_events_total{namespace=\"${namespace}\", pod=\"${pod}\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)",
          "interval": "",
          "legendFormat": "{{ container }}",
          "range": true,
@@ -1895,11 +1952,13 @@
            "mode": "thresholds"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "Percent",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -1988,7 +2047,7 @@
          },
          "editorMode": "code",
          "exemplar": true,
-          "expr": "sum(increase(kube_pod_container_status_restarts_total{namespace=~\"${namespace}\", pod=\"${pod}\", container!=\"\"}[$__rate_interval])) by (container)",
+          "expr": "sum(increase(kube_pod_container_status_restarts_total{namespace=~\"${namespace}\", pod=\"${pod}\", container!=\"\", job=~\"$job\", cluster=\"$cluster\"}[$__rate_interval])) by (container)",
          "interval": "",
          "legendFormat": "{{ container }}",
          "range": true,
@@ -2035,11 +2094,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -2079,7 +2140,7 @@
              }
            ]
          },
-          "unit": "bytes"
+          "unit": "binBps"
        },
        "overrides": []
      },
@@ -2110,7 +2171,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(container_network_receive_bytes_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "sum(rate(container_network_receive_bytes_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Received",
          "refId": "A"
@@ -2121,7 +2182,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "- sum(rate(container_network_transmit_bytes_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "- sum(rate(container_network_transmit_bytes_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Transmitted",
          "refId": "B"
@@ -2141,11 +2202,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -2216,7 +2279,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(container_network_receive_packets_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "sum(rate(container_network_receive_packets_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Received",
          "refId": "A"
@@ -2227,7 +2290,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "- sum(rate(container_network_transmit_packets_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "- sum(rate(container_network_transmit_packets_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Transmitted",
          "refId": "B"
@@ -2247,11 +2310,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -2282,7 +2347,8 @@
            "mode": "absolute",
            "steps": [
              {
-                "color": "green"
+                "color": "green",
+                "value": null
              },
              {
                "color": "red",
@@ -2321,7 +2387,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Received",
          "refId": "A"
@@ -2332,7 +2398,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "- sum(rate(container_network_transmit_packets_dropped_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "- sum(rate(container_network_transmit_packets_dropped_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Transmitted",
          "refId": "B"
@@ -2352,11 +2418,13 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "barAlignment": 0,
+            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 25,
            "gradientMode": "opacity",
@@ -2387,7 +2455,8 @@
            "mode": "absolute",
            "steps": [
              {
-                "color": "green"
+                "color": "green",
+                "value": null
              },
              {
                "color": "red",
@@ -2426,7 +2495,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "sum(rate(container_network_receive_errors_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "sum(rate(container_network_receive_errors_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Received",
          "refId": "A"
@@ -2437,7 +2506,7 @@
            "uid": "${datasource}"
          },
          "exemplar": true,
-          "expr": "- sum(rate(container_network_transmit_errors_total{namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))",
+          "expr": "- sum(rate(container_network_transmit_errors_total{namespace=\"$namespace\", pod=~\"$pod\", cluster=\"$cluster\"}[$__rate_interval]))",
          "interval": "$resolution",
          "legendFormat": "Transmitted",
          "refId": "B"
@@ -2448,8 +2517,7 @@
    }
  ],
  "refresh": "30s",
-  "schemaVersion": 38,
-  "style": "dark",
+  "schemaVersion": 39,
  "tags": [
    "Kubernetes",
    "Prometheus"
@@ -2459,8 +2527,8 @@
      {
        "current": {
          "selected": false,
-          "text": "Prometheus",
-          "value": "Prometheus"
+          "text": "",
+          "value": ""
        },
        "hide": 0,
        "includeAll": false,
@@ -2474,6 +2542,34 @@
        "skipUrlSync": false,
        "type": "datasource"
      },
+      {
+        "current": {
+          "isNone": true,
+          "selected": false,
+          "text": "None",
+          "value": ""
+        },
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_node_info,cluster)",
+        "hide": 0,
+        "includeAll": false,
+        "multi": false,
+        "name": "cluster",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(kube_node_info,cluster)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
+      },
      {
        "current": {
          "selected": false,
@@ -2484,14 +2580,14 @@
          "type": "prometheus",
          "uid": "${datasource}"
        },
-        "definition": "label_values(kube_pod_info, namespace)",
+        "definition": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)",
        "hide": 0,
        "includeAll": false,
        "multi": false,
        "name": "namespace",
        "options": [],
        "query": {
-          "query": "label_values(kube_pod_info, namespace)",
+          "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)",
          "refId": "Prometheus-namespace-Variable-Query"
        },
        "refresh": 1,
@@ -2513,14 +2609,14 @@
          "type": "prometheus",
          "uid": "${datasource}"
        },
-        "definition": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)",
+        "definition": "label_values(kube_pod_info{namespace=\"$namespace\", cluster=\"$cluster\"}, pod)",
        "hide": 0,
-        "includeAll": false,
-        "multi": false,
+        "includeAll": true,
+        "multi": true,
        "name": "pod",
        "options": [],
        "query": {
-          "query": "label_values(kube_pod_info{namespace=\"$namespace\"}, pod)",
+          "query": "label_values(kube_pod_info{namespace=\"$namespace\", cluster=\"$cluster\"}, pod)",
          "refId": "Prometheus-pod-Variable-Query"
        },
        "refresh": 2,
@@ -2534,7 +2630,7 @@
      },
      {
        "current": {
-          "selected": true,
+          "selected": false,
          "text": "30s",
          "value": "30s"
        },
@@ -2578,6 +2674,33 @@
        "queryValue": "",
        "skipUrlSync": false,
        "type": "custom"
+      },
+      {
+        "current": {
+          "selected": false,
+          "text": "kube-state-metrics",
+          "value": "kube-state-metrics"
+        },
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${datasource}"
+        },
+        "definition": "label_values(kube_pod_info{namespace=\"$namespace\", cluster=\"$cluster\"},job)",
+        "hide": 0,
+        "includeAll": false,
+        "multi": true,
+        "name": "job",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(kube_pod_info{namespace=\"$namespace\", cluster=\"$cluster\"},job)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 1,
+        "type": "query"
      }
    ]
  },
@@ -2589,6 +2712,6 @@
  "timezone": "",
  "title": "Kubernetes / Views / Pods",
  "uid": "k8s_views_pods",
-  "version": 22,
+  "version": 30,
  "weekStart": ""
 }
--- a/dashboards/ingress/namespace-detail.json
+++ b/dashboards/ingress/namespace-detail.json
@@ -1339,11 +1339,7 @@
              },
              {
                "id": "unit",
-                "value": "short"
-              },
-              {
-                "id": "decimals",
-                "value": 2
+                "value": "none"
              },
              {
                "id": "custom.align",
--- a/dashboards/main/controller.json
+++ b/dashboards/main/controller.json
--- a/dashboards/main/namespace.json
+++ b/dashboards/main/namespace.json
--- a/dashboards/main/namespaces.json
+++ b/dashboards/main/namespaces.json
--- a/dashboards/main/node.json
+++ b/dashboards/main/node.json
--- a/dashboards/main/pod.json
+++ b/dashboards/main/pod.json
--- a/dashboards/victoria-metrics/backupmanager.json
+++ b/dashboards/victoria-metrics/backupmanager.json
@@ -12,7 +12,7 @@
      "type": "grafana",
      "id": "grafana",
      "name": "Grafana",
-      "version": "9.0.4"
+      "version": "10.4.0"
    },
    {
      "type": "datasource",
@@ -124,9 +124,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -198,9 +200,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -260,9 +264,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -323,9 +329,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -399,9 +407,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -471,9 +481,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -546,9 +558,11 @@
          "fields": "",
          "values": false
        },
-        "textMode": "auto"
+        "showPercentChange": false,
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -577,7 +591,9 @@
          },
          "custom": {
            "align": "auto",
-            "displayMode": "auto",
+            "cellOptions": {
+              "type": "auto"
+            },
            "inspect": false
          },
          "mappings": [],
@@ -630,7 +646,9 @@
      },
      "id": 22,
      "options": {
+        "cellHeight": "sm",
        "footer": {
+          "countRows": false,
          "fields": "",
          "reducer": [
            "sum"
@@ -645,7 +663,7 @@
          }
        ]
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -700,7 +718,9 @@
          },
          "custom": {
            "align": "auto",
-            "displayMode": "auto",
+            "cellOptions": {
+              "type": "auto"
+            },
            "inspect": false
          },
          "mappings": [],
@@ -753,7 +773,9 @@
      },
      "id": 21,
      "options": {
+        "cellHeight": "sm",
        "footer": {
+          "countRows": false,
          "fields": "",
          "reducer": [
            "sum"
@@ -768,7 +790,7 @@
          }
        ]
      },
-      "pluginVersion": "9.0.4",
+      "pluginVersion": "10.4.0",
      "targets": [
        {
          "datasource": {
@@ -885,7 +907,7 @@
                "min",
                "mean"
              ],
-              "displayMode": "table",
+              "displayMode": "list",
              "placement": "bottom",
              "showLegend": false
            },
@@ -1106,7 +1128,9 @@
              },
              "custom": {
                "align": "auto",
-                "displayMode": "auto",
+                "cellOptions": {
+                  "type": "auto"
+                },
                "inspect": false
              },
              "mappings": [],
@@ -1251,7 +1275,8 @@
            "legend": {
              "calcs": [],
              "displayMode": "list",
-              "placement": "bottom"
+              "placement": "bottom",
+              "showLegend": true
            },
            "orientation": "auto",
            "showValue": "auto",
@@ -1343,7 +1368,7 @@
                "max",
                "mean"
              ],
-              "displayMode": "table",
+              "displayMode": "list",
              "placement": "right",
              "showLegend": false
            },
@@ -1436,7 +1461,8 @@
            "legend": {
              "calcs": [],
              "displayMode": "list",
-              "placement": "bottom"
+              "placement": "bottom",
+              "showLegend": true
            },
            "orientation": "auto",
            "showValue": "auto",
@@ -1657,8 +1683,7 @@
    }
  ],
  "refresh": "1m",
-  "schemaVersion": 36,
-  "style": "dark",
+  "schemaVersion": 39,
  "tags": [],
  "templating": {
    "list": [
--- a/dashboards/victoria-metrics/operator.json
+++ b/dashboards/victoria-metrics/operator.json
--- a/dashboards/victoria-metrics/victoriametrics-cluster.json
+++ b/dashboards/victoria-metrics/victoriametrics-cluster.json
--- a/dashboards/victoria-metrics/victoriametrics.json
+++ b/dashboards/victoria-metrics/victoriametrics.json
--- a/dashboards/victoria-metrics/vmagent.json
+++ b/dashboards/victoria-metrics/vmagent.json
--- a/dashboards/victoria-metrics/vmalert.json
+++ b/dashboards/victoria-metrics/vmalert.json
@@ -6,7 +6,7 @@
      "type": "grafana",
      "id": "grafana",
      "name": "Grafana",
-      "version": "9.2.7"
+      "version": "10.4.2"
    },
    {
      "type": "datasource",
@@ -59,7 +59,7 @@
          "uid": "$ds"
        },
        "enable": true,
-        "expr": "sum(vm_app_version{job=~\"$job\", instance=~\"$instance\"}) by(short_version) unless (sum(vm_app_version{job=~\"$job\", instance=~\"$instance\"} offset 20m) by(short_version))",
+        "expr": "sum(vm_app_version{job=~\"$job\", instance=~\"$instance\"}) by(short_version) unless (sum(vm_app_version{job=~\"$job\", instance=~\"$instance\"} offset $__interval) by(short_version))",
        "hide": true,
        "iconColor": "dark-blue",
        "name": "version",
@@ -72,15 +72,14 @@
          "uid": "$ds"
        },
        "enable": true,
-        "expr": "sum(changes(vm_app_start_timestamp{job=~\"$job\", instance=~\"$instance\"})) by(job, instance)",
-        "hide": true,
+        "expr": "sum(changes(vm_app_start_timestamp{job=~\"$job\", instance=~\"$instance\"}[$__interval])) by(job, instance)",
        "iconColor": "dark-yellow",
        "name": "restarts",
        "textFormat": "{{job}}:{{instance}} restarted"
      }
    ]
  },
-  "description": "Overview for VictoriaMetrics vmalert v1.96.0 or higher",
+  "description": "Overview for VictoriaMetrics vmalert v1.102.0 or higher",
  "editable": true,
  "fiscalYearStartMonth": 0,
  "graphTooltip": 1,
@@ -96,7 +95,7 @@
      "title": "vmalert docs",
      "tooltip": "",
      "type": "link",
-      "url": "https://docs.victoriametrics.com/vmalert.html"
+      "url": "https://docs.victoriametrics.com/vmalert/"
    },
    {
      "asDropdown": false,
@@ -201,10 +200,12 @@
          "fields": "",
          "values": false
        },
+        "showPercentChange": false,
        "text": {},
-        "textMode": "auto"
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.2.7",
+      "pluginVersion": "10.4.2",
      "targets": [
        {
          "datasource": {
@@ -261,10 +262,12 @@
          "fields": "",
          "values": false
        },
+        "showPercentChange": false,
        "text": {},
-        "textMode": "auto"
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.2.7",
+      "pluginVersion": "10.4.2",
      "targets": [
        {
          "datasource": {
@@ -321,10 +324,12 @@
          "fields": "",
          "values": false
        },
+        "showPercentChange": false,
        "text": {},
-        "textMode": "auto"
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.2.7",
+      "pluginVersion": "10.4.2",
      "targets": [
        {
          "datasource": {
@@ -385,10 +390,12 @@
          "fields": "",
          "values": false
        },
+        "showPercentChange": false,
        "text": {},
-        "textMode": "auto"
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.2.7",
+      "pluginVersion": "10.4.2",
      "targets": [
        {
          "datasource": {
@@ -449,10 +456,12 @@
          "fields": "",
          "values": false
        },
+        "showPercentChange": false,
        "text": {},
-        "textMode": "auto"
+        "textMode": "auto",
+        "wideLayout": true
      },
-      "pluginVersion": "9.2.7",
+      "pluginVersion": "10.4.2",
      "targets": [
        {
          "datasource": {
@@ -483,7 +492,9 @@
          },
          "custom": {
            "align": "auto",
-            "displayMode": "auto",
+            "cellOptions": {
+              "type": "auto"
+            },
            "inspect": false,
            "minWidth": 50
          },
@@ -537,7 +548,9 @@
      },
      "id": 45,
      "options": {
+        "cellHeight": "sm",
        "footer": {
+          "countRows": false,
          "fields": "",
          "reducer": [
            "sum"
@@ -546,7 +559,7 @@
        },
        "showHeader": true
      },
-      "pluginVersion": "9.2.7",
+      "pluginVersion": "10.4.2",
      "targets": [
        {
          "datasource": {
@@ -575,6 +588,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -588,6 +602,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "stepAfter",
            "lineWidth": 1,
            "pointSize": 5,
@@ -706,6 +721,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -719,6 +735,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "linear",
            "lineWidth": 1,
            "pointSize": 5,
@@ -809,6 +826,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -822,6 +840,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "linear",
            "lineWidth": 1,
            "pointSize": 5,
@@ -912,6 +931,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -925,6 +945,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "linear",
            "lineWidth": 1,
            "pointSize": 5,
@@ -1013,6 +1034,7 @@
            "mode": "palette-classic"
          },
          "custom": {
+            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
@@ -1026,6 +1048,7 @@
              "tooltip": false,
              "viz": false
            },
+            "insertNulls": false,
            "lineInterpolation": "linear",
            "lineWidth": 1,
            "pointSize": 5,
@@ -1114,7 +1137,9 @@
          },
          "custom": {
            "align": "auto",
-            "displayMode": "auto",
+            "cellOptions": {
+              "type": "auto"
+            },
            "inspect": false
          },
          "mappings": [],
@@ -1122,8 +1147,7 @@
            "mode": "absolute",
            "steps": [
              {
-                "color": "green",
-                "value": null
+                "color": "green"
              },
              {
                "color": "red",
@@ -1234,7 +1258,7 @@
        "type": "prometheus",
        "uid": "$ds"
      },
-      "description": "Missed evaluation means that group evaluation time takes longer than the configured evaluation interval. \nThis may result in missed alerting notifications or recording rules samples. Try increasing evaluation interval or concurrency for such groups. See https://docs.victoriametrics.com/vmalert.html#groups\n\nIf rule expressions are taking longer than expected, please see https://docs.victoriametrics.com/Troubleshooting.html#slow-queries.\"",
+      "description": "Missed evaluation means that group evaluation time takes longer than the configured evaluation interval. \nThis may result in missed alerting notifications or recording rules samples. Try increasing evaluation interval or concurrency for such groups. See https://docs.victoriametrics.com/vmalert/#groups\n\nIf rule expressions are taking longer than expected, please see https://docs.victoriametrics.com/troubleshooting/#slow-queries.\"",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1275,8 +1299,7 @@
            "mode": "absolute",
            "steps": [
              {
-                "color": "green",
-                "value": null
+                "color": "green"
              },
              {
                "color": "red",
@@ -1356,6 +1379,7 @@
                "mode": "palette-classic"
              },
              "custom": {
+                "axisBorderShow": false,
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
@@ -1369,6 +1393,7 @@
                  "tooltip": false,
                  "viz": false
                },
+                "insertNulls": false,
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
@@ -1400,7 +1425,8 @@
                  }
                ]
              },
-              "unit": "percentunit"
+              "unit": "percentunit",
+              "unitScale": true
            },
            "overrides": []
          },
@@ -1408,14 +1434,14 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 33
+            "y": 3
          },
          "id": 37,
          "links": [
            {
              "targetBlank": true,
              "title": "Profiling",
-              "url": "https://docs.victoriametrics.com/vmagent.html#profiling"
+              "url": "https://docs.victoriametrics.com/vmagent/#profiling"
            }
          ],
          "options": {
@@ -1467,6 +1493,7 @@
                "mode": "palette-classic"
              },
              "custom": {
+                "axisBorderShow": false,
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
@@ -1480,6 +1507,7 @@
                  "tooltip": false,
                  "viz": false
                },
+                "insertNulls": false,
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
@@ -1511,7 +1539,8 @@
                  }
                ]
              },
-              "unit": "bytes"
+              "unit": "bytes",
+              "unitScale": true
            },
            "overrides": []
          },
@@ -1519,14 +1548,14 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 33
+            "y": 3
          },
          "id": 57,
          "links": [
            {
              "targetBlank": true,
              "title": "Profiling",
-              "url": "https://docs.victoriametrics.com/vmagent.html#profiling"
+              "url": "https://docs.victoriametrics.com/vmagent/#profiling"
            }
          ],
          "options": {
@@ -1578,6 +1607,7 @@
                "mode": "palette-classic"
              },
              "custom": {
+                "axisBorderShow": false,
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
@@ -1591,6 +1621,7 @@
                  "tooltip": false,
                  "viz": false
                },
+                "insertNulls": false,
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
@@ -1622,7 +1653,8 @@
                  }
                ]
              },
-              "unit": "percentunit"
+              "unit": "percentunit",
+              "unitScale": true
            },
            "overrides": []
          },
@@ -1630,14 +1662,14 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 41
+            "y": 11
          },
          "id": 35,
          "links": [
            {
              "targetBlank": true,
              "title": "Profiling",
-              "url": "https://docs.victoriametrics.com/vmagent.html#profiling"
+              "url": "https://docs.victoriametrics.com/vmagent/#profiling"
            }
          ],
          "options": {
@@ -1691,6 +1723,7 @@
                "mode": "palette-classic"
              },
              "custom": {
+                "axisBorderShow": false,
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
@@ -1704,6 +1737,7 @@
                  "tooltip": false,
                  "viz": false
                },
+                "insertNulls": false,
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
@@ -1735,7 +1769,8 @@
                  }
                ]
              },
-              "unit": "short"
+              "unit": "short",
+              "unitScale": true
            },
            "overrides": []
          },
@@ -1743,14 +1778,14 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 41
+            "y": 11
          },
          "id": 56,
          "links": [
            {
              "targetBlank": true,
              "title": "Profiling",
-              "url": "https://docs.victoriametrics.com/vmagent.html#profiling"
+              "url": "https://docs.victoriametrics.com/vmagent/#profiling"
            }
          ],
          "options": {
@@ -1820,6 +1855,7 @@
                "mode": "palette-classic"
              },
              "custom": {
+                "axisBorderShow": false,
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
@@ -1833,6 +1869,7 @@
                  "tooltip": false,
                  "viz": false
                },
+                "insertNulls": false,
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
@@ -1865,7 +1902,8 @@
                  }
                ]
              },
-              "unit": "percentunit"
+              "unit": "percentunit",
+              "unitScale": true
            },
            "overrides": []
          },
@@ -1873,7 +1911,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 49
+            "y": 19
          },
          "id": 39,
          "links": [],
@@ -1925,6 +1963,7 @@
                "mode": "palette-classic"
              },
              "custom": {
+                "axisBorderShow": false,
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
@@ -1938,6 +1977,7 @@
                  "tooltip": false,
                  "viz": false
                },
+                "insertNulls": false,
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
@@ -1970,7 +2010,8 @@
                  }
                ]
              },
-              "unit": "short"
+              "unit": "short",
+              "unitScale": true
            },
            "overrides": []
          },
@@ -1978,7 +2019,7 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 49
+            "y": 19
          },
          "id": 41,
          "links": [],
@@ -2017,6 +2058,114 @@
          ],
          "title": "Goroutines ($instance)",
          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "$ds"
+          },
+          "description": "Shows the percent of CPU spent on garbage collection.\n\nIf % is high, then CPU usage can be decreased by changing GOGC to higher values. Increasing GOGC value will increase memory usage, and decrease CPU usage.\n\nTry searching for keyword `GOGC` at https://docs.victoriametrics.com/troubleshooting/ ",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisBorderShow": false,
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "insertNulls": false,
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "decimals": 0,
+              "links": [],
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "percentunit",
+              "unitScale": true
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 27
+          },
+          "id": 59,
+          "links": [],
+          "options": {
+            "legend": {
+              "calcs": [
+                "mean",
+                "lastNotNull",
+                "max"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "multi",
+              "sort": "desc"
+            }
+          },
+          "pluginVersion": "9.2.6",
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "$ds"
+              },
+              "editorMode": "code",
+              "expr": "max(\n  rate(go_gc_cpu_seconds_total{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval]) \n / rate(process_cpu_seconds_total{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])\n ) by(job)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 2,
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "CPU spent on GC ($instance)",
+          "type": "timeseries"
        }
      ],
      "targets": [
@@ -2107,7 +2256,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 28
+            "y": 36
          },
          "id": 14,
          "options": {
@@ -2209,7 +2358,7 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 28
+            "y": 36
          },
          "id": 13,
          "options": {
@@ -2311,7 +2460,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 36
+            "y": 44
          },
          "id": 20,
          "options": {
@@ -2414,7 +2563,7 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 36
+            "y": 44
          },
          "id": 32,
          "options": {
@@ -2513,7 +2662,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 44
+            "y": 52
          },
          "id": 26,
          "options": {
@@ -2583,7 +2732,7 @@
            "type": "prometheus",
            "uid": "$ds"
          },
-          "description": "Shows the top $topk recording rules which generate the most of samples. Each generated sample is basically a time series which then ingested into configured remote storage. Rules with high numbers may cause the most pressure on the remote database and become a source of too high cardinality.\n\nThe panel uses MetricsQL functions and may not work with Prometheus.",
+          "description": "Shows the top $topk recording rules which generate the most of [samples](https://docs.victoriametrics.com/keyconcepts/#raw-samples). Each generated sample is basically a time series which then ingested into configured remote storage. Rules with high numbers may cause the most pressure on the remote database and become a source of too high cardinality.\n\nThe panel uses MetricsQL functions and may not work with Prometheus.",
          "fieldConfig": {
            "defaults": {
              "color": {
@@ -2640,7 +2789,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 43
+            "y": 51
          },
          "id": 31,
          "options": {
@@ -2685,7 +2834,7 @@
            "type": "prometheus",
            "uid": "$ds"
          },
-          "description": "Shows the rules which do not produce any samples during the evaluation. Usually it means that such rules are misconfigured, since they give no output during the evaluation.\nPlease check if rule's expression is correct and it is working as expected.",
+          "description": "Shows the rules which do not produce any [samples](https://docs.victoriametrics.com/keyconcepts/#raw-samples) during the evaluation. Usually it means that such rules are misconfigured, since they give no output during the evaluation.\nPlease check if rule's expression is correct and it is working as expected.",
          "fieldConfig": {
            "defaults": {
              "color": {
@@ -2742,7 +2891,7 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 43
+            "y": 51
          },
          "id": 33,
          "options": {
@@ -2843,7 +2992,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 51
+            "y": 59
          },
          "id": 30,
          "options": {
@@ -2964,7 +3113,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 9
+            "y": 17
          },
          "id": 52,
          "options": {
@@ -3056,7 +3205,7 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 9
+            "y": 17
          },
          "id": 53,
          "options": {
@@ -3086,15 +3235,221 @@
          ],
          "title": "Datapoints drop rate ($instance)",
          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "$ds"
+          },
+          "description": "Shows current number of established connections to remote write endpoints.\n\n",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisBorderShow": false,
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "insertNulls": false,
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "links": [],
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green"
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "short"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 0,
+            "y": 44
+          },
+          "id": 54,
+          "options": {
+            "legend": {
+              "calcs": [
+                "mean",
+                "lastNotNull",
+                "max"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "multi",
+              "sort": "desc"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "$ds"
+              },
+              "editorMode": "code",
+              "exemplar": true,
+              "expr": "sum(max_over_time(vmalert_remotewrite_conns{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])) by(job)",
+              "interval": "",
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Connections ($instance)",
+          "type": "timeseries"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "$ds"
+          },
+          "description": "Shows the global rate for number of written bytes via remote write connections.",
+          "fieldConfig": {
+            "defaults": {
+              "color": {
+                "mode": "palette-classic"
+              },
+              "custom": {
+                "axisBorderShow": false,
+                "axisCenteredZero": false,
+                "axisColorMode": "text",
+                "axisLabel": "",
+                "axisPlacement": "auto",
+                "barAlignment": 0,
+                "drawStyle": "line",
+                "fillOpacity": 0,
+                "gradientMode": "none",
+                "hideFrom": {
+                  "legend": false,
+                  "tooltip": false,
+                  "viz": false
+                },
+                "insertNulls": false,
+                "lineInterpolation": "linear",
+                "lineWidth": 1,
+                "pointSize": 5,
+                "scaleDistribution": {
+                  "type": "linear"
+                },
+                "showPoints": "never",
+                "spanNulls": false,
+                "stacking": {
+                  "group": "A",
+                  "mode": "none"
+                },
+                "thresholdsStyle": {
+                  "mode": "off"
+                }
+              },
+              "links": [],
+              "mappings": [],
+              "min": 0,
+              "thresholds": {
+                "mode": "absolute",
+                "steps": [
+                  {
+                    "color": "green",
+                    "value": null
+                  },
+                  {
+                    "color": "red",
+                    "value": 80
+                  }
+                ]
+              },
+              "unit": "decbytes"
+            },
+            "overrides": []
+          },
+          "gridPos": {
+            "h": 8,
+            "w": 12,
+            "x": 12,
+            "y": 44
+          },
+          "id": 55,
+          "options": {
+            "legend": {
+              "calcs": [
+                "mean",
+                "lastNotNull",
+                "max"
+              ],
+              "displayMode": "table",
+              "placement": "bottom",
+              "showLegend": true
+            },
+            "tooltip": {
+              "mode": "multi",
+              "sort": "desc"
+            }
+          },
+          "targets": [
+            {
+              "datasource": {
+                "type": "prometheus",
+                "uid": "$ds"
+              },
+              "editorMode": "code",
+              "exemplar": true,
+              "expr": "sum(rate(vmalert_remotewrite_conn_bytes_written_total{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])) by(job) > 0",
+              "interval": "",
+              "legendFormat": "__auto",
+              "range": true,
+              "refId": "A"
+            }
+          ],
+          "title": "Bytes write rate ($instance)",
+          "type": "timeseries"
        }
      ],
      "title": "Remote write",
      "type": "row"
    }
  ],
-  "refresh": false,
-  "schemaVersion": 37,
-  "style": "dark",
+  "refresh": "",
+  "schemaVersion": 39,
  "tags": [
    "victoriametrics",
    "vmalert"
@@ -3104,8 +3459,8 @@
      {
        "current": {
          "selected": false,
-          "text": "VictoriaMetrics - cluster",
-          "value": "VictoriaMetrics - cluster"
+          "text": "VictoriaMetrics",
+          "value": "P4169E866C3094E38"
        },
        "hide": 0,
        "includeAll": false,
@@ -3171,14 +3526,14 @@
          "type": "prometheus",
          "uid": "$ds"
        },
-        "definition": "label_values(vmalert_iteration_duration_seconds{job=~\"$job\", instance=~\"$instance\"}, group)",
+        "definition": "label_values(vmalert_iteration_total{job=~\"$job\", instance=~\"$instance\"}, group)",
        "hide": 0,
        "includeAll": true,
        "multi": true,
        "name": "group",
        "options": [],
        "query": {
-          "query": "label_values(vmalert_iteration_duration_seconds{job=~\"$job\", instance=~\"$instance\"}, group)",
+          "query": "label_values(vmalert_iteration_total{job=~\"$job\", instance=~\"$instance\"}, group)",
          "refId": "StandardVariableQuery"
        },
        "refresh": 1,
--- a/hack/download-dashboards.sh
+++ b/hack/download-dashboards.sh
@@ -1,6 +1,6 @@
 #https://github.com/deckhouse/deckhouse/blob/main/modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/control-plane-status.json
 base=https://github.com/deckhouse/deckhouse/raw/main/
-dir="grafana-dashboards"
+dir="dashboards"
 mkdir -p "$dir"


--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -0,0 +1,328 @@
+#!/bin/bash
+if [ "$COZYSTACK_INSTALLER_YAML" = "" ]; then
+  echo 'COZYSTACK_INSTALLER_YAML variable is not set!' >&2
+  echo 'please set it with following command:' >&2
+  echo >&2
+  echo 'export COZYSTACK_INSTALLER_YAML=$(helm template -n cozy-system installer packages/core/installer)' >&2
+  echo >&2
+  exit 1
+fi
+
+if [ "$(cat /proc/sys/net/ipv4/ip_forward)" != 1 ]; then
+  echo "IPv4 forwarding is not enabled!" >&2
+  echo 'please enable forwarding with the following command:' >&2
+  echo >&2
+  echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >&2
+  echo >&2
+  exit 1
+fi
+
+set -x
+set -e
+
+kill `cat srv1/qemu.pid srv2/qemu.pid srv3/qemu.pid` || true
+
+ip link del cozy-br0 || true
+ip link add cozy-br0 type bridge
+ip link set cozy-br0 up
+ip addr add 192.168.123.1/24 dev cozy-br0
+
+# Enable masquerading
+iptables -t nat -D POSTROUTING -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE 2>/dev/null || true
+iptables -t nat -A POSTROUTING -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE
+
+rm -rf srv1 srv2 srv3
+mkdir -p srv1 srv2 srv3
+
+# Prepare cloud-init
+for i in 1 2 3; do
+  echo "hostname: srv$i" > "srv$i/meta-data"
+  echo '#cloud-config' > "srv$i/user-data"
+  cat > "srv$i/network-config" <<EOT
+version: 2
+ethernets:
+  eth0:
+    dhcp4: false
+    addresses:
+      - "192.168.123.1$i/26"
+    gateway4: "192.168.123.1"
+    nameservers:
+      search: [cluster.local]
+      addresses: [8.8.8.8]
+EOT
+
+  ( cd srv$i && genisoimage \
+      -output seed.img \
+      -volid cidata -rational-rock -joliet \
+      user-data meta-data network-config
+  )
+done
+
+# Prepare system drive
+if [ ! -f nocloud-amd64.raw ]; then
+  wget https://github.com/aenix-io/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz
+  rm -f nocloud-amd64.raw
+  xz --decompress nocloud-amd64.raw.xz
+fi
+for i in 1 2 3; do
+  cp nocloud-amd64.raw srv$i/system.img
+  qemu-img resize srv$i/system.img 20G
+done
+
+# Prepare data drives
+for i in 1 2 3; do
+  qemu-img create srv$i/data.img 100G
+done
+
+# Prepare networking
+for i in 1 2 3; do
+  ip link del cozy-srv$i || true
+  ip tuntap add dev cozy-srv$i mode tap
+  ip link set cozy-srv$i up
+  ip link set cozy-srv$i master cozy-br0
+done
+
+# Start VMs
+for i in 1 2 3; do
+  qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \
+    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
+    -drive file=srv$i/system.img,if=virtio,format=raw \
+    -drive file=srv$i/seed.img,if=virtio,format=raw \
+    -drive file=srv$i/data.img,if=virtio,format=raw \
+    -display none -daemonize -pidfile srv$i/qemu.pid
+done
+
+sleep 5
+
+# Wait for VM to start up
+timeout 60 sh -c 'until nc -nzv 192.168.123.11 50000 && nc -nzv 192.168.123.12 50000 && nc -nzv 192.168.123.13 50000; do sleep 1; done'
+
+cat > patch.yaml <<\EOT
+machine:
+  kubelet:
+    nodeIP:
+      validSubnets:
+      - 192.168.123.0/24
+    extraConfig:
+      maxPods: 512
+  kernel:
+    modules:
+    - name: openvswitch
+    - name: drbd
+      parameters:
+        - usermode_helper=disabled
+    - name: zfs
+    - name: spl
+  install:
+    image: ghcr.io/aenix-io/cozystack/talos:v1.8.1
+  files:
+  - content: |
+      [plugins]
+        [plugins."io.containerd.grpc.v1.cri"]
+          device_ownership_from_security_context = true      
+    path: /etc/cri/conf.d/20-customization.part
+    op: create
+
+cluster:
+  network:
+    cni:
+      name: none
+    dnsDomain: cozy.local
+    podSubnets:
+    - 10.244.0.0/16
+    serviceSubnets:
+    - 10.96.0.0/16
+EOT
+
+cat > patch-controlplane.yaml <<\EOT
+machine:
+  network:
+    interfaces:
+    - interface: eth0
+      vip:
+        ip: 192.168.123.10
+cluster:
+  allowSchedulingOnControlPlanes: true
+  controllerManager:
+    extraArgs:
+      bind-address: 0.0.0.0
+  scheduler:
+    extraArgs:
+      bind-address: 0.0.0.0
+  apiServer:
+    certSANs:
+    - 127.0.0.1
+  proxy:
+    disabled: true
+  discovery:
+    enabled: false
+  etcd:
+    advertisedSubnets:
+    - 192.168.123.0/24
+EOT
+
+# Gen configuration
+if [ ! -f secrets.yaml ]; then
+  talosctl gen secrets
+fi
+
+rm -f controlplane.yaml worker.yaml talosconfig kubeconfig
+talosctl gen config --with-secrets secrets.yaml cozystack https://192.168.123.10:6443 --config-patch=@patch.yaml --config-patch-control-plane @patch-controlplane.yaml
+export TALOSCONFIG=$PWD/talosconfig
+
+# Apply configuration
+talosctl apply -f controlplane.yaml -n 192.168.123.11 -e 192.168.123.11 -i
+talosctl apply -f controlplane.yaml -n 192.168.123.12 -e 192.168.123.12 -i
+talosctl apply -f controlplane.yaml -n 192.168.123.13 -e 192.168.123.13 -i
+
+# Wait for VM to be configured
+timeout 60 sh -c 'until nc -nzv 192.168.123.11 50000 && nc -nzv 192.168.123.12 50000 && nc -nzv 192.168.123.13 50000; do sleep 1; done'
+
+# Bootstrap
+talosctl bootstrap -n 192.168.123.11 -e 192.168.123.11
+
+# Wait for etcd
+timeout 180 sh -c 'while talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1 | grep "rpc error"; do sleep 1; done'
+
+rm -f kubeconfig
+talosctl kubeconfig kubeconfig -e 192.168.123.10 -n 192.168.123.10
+export KUBECONFIG=$PWD/kubeconfig
+
+# Wait for kubernetes nodes appear
+timeout 60 sh -c 'until [ $(kubectl get node -o name | wc -l) = 3 ]; do sleep 1; done'
+kubectl create ns cozy-system
+kubectl create -f - <<\EOT
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cozystack
+  namespace: cozy-system
+data:
+  bundle-name: "paas-full"
+  ipv4-pod-cidr: "10.244.0.0/16"
+  ipv4-pod-gateway: "10.244.0.1"
+  ipv4-svc-cidr: "10.96.0.0/16"
+  ipv4-join-cidr: "100.64.0.0/16"
+EOT
+
+#
+echo "$COZYSTACK_INSTALLER_YAML" | kubectl apply -f -
+
+# wait for cozystack pod to start
+kubectl wait deploy  --timeout=1m --for=condition=available -n cozy-system cozystack
+
+# wait for helmreleases appear
+timeout 60 sh -c 'until kubectl get hr -A | grep cozy; do sleep 1; done'
+
+sleep 5
+
+kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x
+
+# Wait for Cluster-API providers
+kubectl wait deploy --timeout=30s --for=condition=available -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager
+
+# Wait for linstor controller
+kubectl wait deploy --timeout=5m --for=condition=available -n cozy-linstor linstor-controller
+
+# Wait for all linstor nodes become Online
+timeout 60 sh -c 'until [ $(kubectl exec -n cozy-linstor deploy/linstor-controller -- linstor node list | grep -c Online) = 3 ]; do sleep 1; done'
+
+kubectl exec -n cozy-linstor deploy/linstor-controller -- linstor ps cdp zfs srv1 /dev/vdc --pool-name data --storage-pool data
+kubectl exec -n cozy-linstor deploy/linstor-controller -- linstor ps cdp zfs srv2 /dev/vdc --pool-name data --storage-pool data
+kubectl exec -n cozy-linstor deploy/linstor-controller -- linstor ps cdp zfs srv3 /dev/vdc --pool-name data --storage-pool data
+
+kubectl create -f- <<EOT
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: local
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: linstor.csi.linbit.com
+parameters:
+  linstor.csi.linbit.com/storagePool: "data"
+  linstor.csi.linbit.com/layerList: "storage"
+  linstor.csi.linbit.com/allowRemoteVolumeAccess: "false"
+volumeBindingMode: WaitForFirstConsumer
+allowVolumeExpansion: true
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: replicated
+provisioner: linstor.csi.linbit.com
+parameters:
+  linstor.csi.linbit.com/storagePool: "data"
+  linstor.csi.linbit.com/autoPlace: "3"
+  linstor.csi.linbit.com/layerList: "drbd storage"
+  linstor.csi.linbit.com/allowRemoteVolumeAccess: "true"
+  property.linstor.csi.linbit.com/DrbdOptions/auto-quorum: suspend-io
+  property.linstor.csi.linbit.com/DrbdOptions/Resource/on-no-data-accessible: suspend-io
+  property.linstor.csi.linbit.com/DrbdOptions/Resource/on-suspended-primary-outdated: force-secondary
+  property.linstor.csi.linbit.com/DrbdOptions/Net/rr-conflict: retry-connect
+volumeBindingMode: WaitForFirstConsumer
+allowVolumeExpansion: true
+EOT
+kubectl create -f- <<EOT
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: cozystack
+  namespace: cozy-metallb
+spec:
+  ipAddressPools:
+  - cozystack
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: cozystack
+  namespace: cozy-metallb
+spec:
+  addresses:
+  - 192.168.123.200-192.168.123.250
+  autoAssign: true
+  avoidBuggyIPs: false
+EOT
+
+kubectl patch -n tenant-root hr/tenant-root --type=merge -p '{"spec":{ "values":{
+  "host": "example.org",
+  "ingress": true,
+  "monitoring": true,
+  "etcd": true,
+  "isolated": true
+}}}'
+
+# Wait for HelmRelease be created
+timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root; do sleep 1; done'
+
+# Wait for HelmReleases be installed
+kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress monitoring tenant-root
+
+kubectl patch -n tenant-root hr/ingress --type=merge -p '{"spec":{ "values":{
+  "dashboard": true
+}}}'
+
+# Wait for nginx-ingress-controller
+timeout 60 sh -c 'until kubectl get deploy -n tenant-root root-ingress-controller; do sleep 1; done'
+kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy root-ingress-controller
+
+# Wait for etcd
+kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=3 -n tenant-root sts etcd
+
+# Wait for Victoria metrics
+kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vmalert/vmalert-longterm vmalert/vmalert-shortterm vmalertmanager/alertmanager
+kubectl wait --timeout=5m --for=jsonpath=.status.status=operational -n tenant-root vlogs/generic
+kubectl wait --timeout=5m --for=jsonpath=.status.clusterStatus=operational -n tenant-root vmcluster/shortterm vmcluster/longterm
+
+# Wait for grafana
+kubectl wait --timeout=5m --for=condition=ready -n tenant-root clusters.postgresql.cnpg.io grafana-db
+kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy grafana-deployment 
+
+# Get IP of nginx-ingress
+ip=$(kubectl get svc -n tenant-root root-ingress-controller -o jsonpath='{.status.loadBalancer.ingress..ip}')
+
+# Check Grafana
+curl -sS -k "https://$ip" -H 'Host: grafana.example.org' | grep Found
--- a/hack/gen_versions_map.sh
+++ b/hack/gen_versions_map.sh
@@ -24,24 +24,36 @@ resolved_miss_map=$(
      change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
       
      if [ "$change_commit" = "00000000" ]; then
-        # Not commited yet, use previus commit
+        # Not committed yet, use previous commit
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
+          # Previous commit not exists
          commit=$(echo $commit | cut -c2-)
        fi
      else
-        # Commited, but version_map wasn't updated
+        # Committed, but version_map wasn't updated
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $change_commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
+          # Previous commit not exists
          commit=$(echo $change_commit | cut -c2-)
        else
          commit=$(git describe --always "$change_commit~1")
        fi
      fi
+
+      # Check if the commit belongs to the main branch
+      if ! git merge-base --is-ancestor "$commit" main; then
+        # Find the closest parent commit that belongs to main
+        commit_in_main=$(git log --pretty=format:"%h" main -- "$chart" | head -n 1)
+        if [ -n "$commit_in_main" ]; then
+          commit="$commit_in_main"
+        else
+          # No valid commit found in main branch for $chart, skipping..."
+          continue
+        fi
+      fi
    fi
    echo "$chart $version $commit"
  done
--- a/hack/pre-checks.sh
+++ b/hack/pre-checks.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+YQ_VERSION="v4.35.1"
+RED='\033[31m'
+RESET='\033[0m'
+
+check-yq-version() {
+    current_version=$(yq -V | awk '$(NF-1) == "version" {print $NF}')
+    if [ -z "$current_version" ]; then
+        echo "yq is not installed or version cannot be determined."
+        exit 1
+    fi
+    echo "Current yq version: $current_version"
+
+    if [ "$(printf '%s\n' "$YQ_VERSION" "$current_version" | sort -V | head -n1)" = "$YQ_VERSION" ]; then
+        echo "Greater than or equal to $YQ_VERSION"
+    else
+        echo -e "${RED}ERROR: yq version less than $YQ_VERSION${RESET}"
+        exit 1
+    fi
+}
+
+check-yq-version
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -68,7 +68,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.6.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.17.0"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -87,7 +87,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.6.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.17.0"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
--- a/packages/apps/Makefile
+++ b/packages/apps/Makefile
@@ -11,7 +11,7 @@ repo:
 	rm -rf "$(TMP)"

 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done
+	find . -maxdepth 2 -name Chart.yaml  | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done

 gen-versions-map: fix-chartnames
 	../../hack/gen_versions_map.sh
--- a/packages/apps/README.md
+++ b/packages/apps/README.md
@@ -0,0 +1,9 @@
+### How to test packages local
+
+```bash
+cd packages/core/installer
+make image-cozystack REGISTRY=YOUR_CUSTOM_REGISTRY
+make apply
+kubectl delete pod dashboard-redis-master-0 -n cozy-dashboard
+kubectl delete po -l app=source-controller -n cozy-fluxcd
+```
--- a/packages/apps/bucket/Chart.yaml
+++ b/packages/apps/bucket/Chart.yaml
@@ -0,0 +1,25 @@
+apiVersion: v2
+name: bucket
+description: S3 compatible storage
+icon: /logos/bucket.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- a/packages/apps/bucket/Makefile
+++ b/packages/apps/bucket/Makefile
@@ -0,0 +1,4 @@
+include ../../../scripts/package.mk
+
+generate:
+	readme-generator -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/bucket/logos/bucket.svg
+++ b/packages/apps/bucket/logos/bucket.svg
@@ -0,0 +1,12 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="144" height="144" rx="24" fill="url(#paint0_linear_683_3091)"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M72 30.1641L117.983 36.7789V40.6739C117.983 46.4653 97.3862 51.1332 71.9827 51.1332C46.5792 51.1332 26 46.4653 26 40.6739V36.4431L72 30.1641ZM72 58.2678C91.2084 58.2678 107.658 55.5986 114.547 51.8048L116.803 48.111L117.723 44.753V48.9171L102.679 111.033C102.679 114.895 88.9533 118 72.0172 118C55.0812 118 41.3743 114.895 41.3743 111.033L26.33 48.9171V44.8369L29.8007 51.9382C36.7065 55.6653 52.9997 58.2678 72 58.2678Z" fill="#8C3123"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M72.0003 26C97.4038 26 118 30.6839 118 36.442C118 42.2 97.3866 46.8507 72.0003 46.8507C46.6141 46.8507 26.0176 42.2345 26.0176 36.442C26.0176 30.6494 46.5968 26 72.0003 26ZM72.0003 54.1037C95.6857 54.1037 115.172 50.058 117.706 44.8197L102.662 106.937C102.662 110.799 88.9364 113.905 72.0003 113.905C55.0643 113.905 41.339 110.816 41.339 106.954L26.2959 44.837C28.8466 50.058 48.3333 54.1037 72.0003 54.1037Z" fill="#E05243"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M61.1725 60.0293H81.0928V79.1676H61.1725V60.0293ZM45.3301 95.3688C45.3301 90.142 49.7104 85.9342 55.1511 85.9342C60.5917 85.9342 64.9721 90.142 64.9721 95.3688C64.9721 100.596 60.5917 104.803 55.1511 104.803C49.7104 104.803 45.3301 100.596 45.3301 95.3688ZM96.4487 104.368H76.7722L86.6105 86.7737L96.4487 104.368Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_683_3091" x1="0" y1="0" x2="151" y2="180" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FFF0EE"/>
+<stop offset="1" stop-color="#EC887D"/>
+</linearGradient>
+</defs>
+</svg>
--- a/packages/apps/bucket/templates/bucketclaim.yaml
+++ b/packages/apps/bucket/templates/bucketclaim.yaml
@@ -0,0 +1,20 @@
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $seaweedfs := index $myNS.metadata.annotations "namespace.cozystack.io/seaweedfs" }}
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketClaim
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  bucketClassName: {{ $seaweedfs }}
+  protocols:
+    - s3
+---
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketAccess
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  bucketAccessClassName: {{ $seaweedfs }}
+  bucketClaimName: {{ .Release.Name }}
+  credentialsSecretName: {{ .Release.Name }}
+  protocol: s3
--- a/packages/apps/bucket/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/bucket/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  resourceNames:
+  - {{ .Release.Name }}-ui
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/bucket/templates/helmrelease.yaml
+++ b/packages/apps/bucket/templates/helmrelease.yaml
@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-system
+spec:
+  chart:
+    spec:
+      chart: cozy-bucket
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    bucketName: {{ .Release.Name }}
--- a/packages/apps/clickhouse/.helmignore
+++ b/packages/apps/clickhouse/.helmignore
@@ -0,0 +1,3 @@
+.helmignore
+/logos
+/Makefile
--- a/packages/apps/clickhouse/Chart.yaml
+++ b/packages/apps/clickhouse/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: clickhouse
 description: Managed ClickHouse service
-icon: https://cdn.worldvectorlogo.com/logos/clickhouse.svg
+icon: /logos/clickhouse.svg

 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.6.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "24.3.0"
+appVersion: "24.9.2"
--- a/packages/apps/clickhouse/Makefile
+++ b/packages/apps/clickhouse/Makefile
@@ -1,2 +1,20 @@
+CLICKHOUSE_BACKUP_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
+
+include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md
+
+image:
+	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/clickhouse-backup \
+		--provenance false \
+		--tag $(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/clickhouse-backup:latest \
+		--cache-to type=inline \
+		--metadata-file images/clickhouse-backup.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/clickhouse-backup.json -o json -r)" \
+		> images/clickhouse-backup.tag
+	rm -f images/clickhouse-backup.json
--- a/packages/apps/clickhouse/README.md
+++ b/packages/apps/clickhouse/README.md
@@ -1,17 +1,48 @@
 # Managed Clickhouse Service

+### How to restore backup:
+
+find snapshot:
+```
+restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
+```
+
+restore:
+```
+restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
+```
+
+more details:
+- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
+
 ## Parameters

 ### Common parameters

-| Name       | Description                   | Value  |
-| ---------- | ----------------------------- | ------ |
-| `size`     | Persistent Volume size        | `10Gi` |
-| `shards`   | Number of Clickhouse replicas | `1`    |
-| `replicas` | Number of Clickhouse shards   | `2`    |
+| Name             | Description                         | Value  |
+| ---------------- | ----------------------------------- | ------ |
+| `size`           | Persistent Volume size              | `10Gi` |
+| `logStorageSize` | Persistent Volume for logs size     | `2Gi`  |
+| `shards`         | Number of Clickhouse replicas       | `1`    |
+| `replicas`       | Number of Clickhouse shards         | `2`    |
+| `storageClass`   | StorageClass used to store the data | `""`   |
+| `logTTL`         | for query_log and query_thread_log  | `15`   |

 ### Configuration parameters

 | Name    | Description         | Value |
 | ------- | ------------------- | ----- |
 | `users` | Users configuration | `{}`  |
+
+### Backup parameters
+
+| Name                     | Description                                    | Value                                                  |
+| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ |
+| `backup.enabled`         | Enable pereiodic backups                       | `false`                                                |
+| `backup.s3Region`        | The AWS S3 region where backups are stored     | `us-east-1`                                            |
+| `backup.s3Bucket`        | The S3 bucket used for storing backups         | `s3.example.org/clickhouse-backups`                    |
+| `backup.schedule`        | Cron schedule for automated backups            | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | The strategy for cleaning up old backups       | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
+| `backup.s3SecretKey`     | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
+| `backup.resticPassword`  | The password for Restic backup encryption      | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
--- a/packages/apps/clickhouse/images/clickhouse-backup.tag
+++ b/packages/apps/clickhouse/images/clickhouse-backup.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.0@sha256:dda84420cb8648721299221268a00d72a05c7af5b7fb452619bac727068b9e61
--- a/packages/apps/clickhouse/images/clickhouse-backup/Dockerfile
+++ b/packages/apps/clickhouse/images/clickhouse-backup/Dockerfile
@@ -0,0 +1,2 @@
+FROM clickhouse/clickhouse-server:24.8.4-alpine
+RUN apk add --no-cache restic uuidgen
--- a/packages/apps/clickhouse/logos/clickhouse.svg
+++ b/packages/apps/clickhouse/logos/clickhouse.svg
@@ -0,0 +1,11 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="144" height="144" rx="24" fill="url(#paint0_linear_683_3202)"/>
+<path d="M23 105H34V116H23V105Z" fill="#FF0000"/>
+<path d="M23 28H34V105H23V28ZM45 28H55.9999V116H45V28ZM66.9999 28H77.9999V116H66.9999V28ZM88.9999 28H99.9999V116H88.9999V28ZM111 63.7499H122V80.2499H111V63.7499Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_683_3202" x1="-0.499998" y1="1.5" x2="153.5" y2="162" gradientUnits="userSpaceOnUse">
+<stop stop-color="#FFCC00"/>
+<stop offset="1" stop-color="#FF7A00"/>
+</linearGradient>
+</defs>
+</svg>
--- a/packages/apps/clickhouse/templates/backup-cronjob.yaml
+++ b/packages/apps/clickhouse/templates/backup-cronjob.yaml
@@ -0,0 +1,95 @@
+{{- if .Values.backup.enabled }}
+{{ $image := .Files.Get "images/backup.json" | fromJson }}
+
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}-backup
+spec:
+  schedule: "{{ .Values.backup.schedule }}"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      backoffLimit: 2
+      template:
+        spec:
+          restartPolicy: OnFailure
+      template:
+        metadata:
+          annotations:
+            checksum/config: {{ include (print $.Template.BasePath "/backup-script.yaml") . | sha256sum }}
+            checksum/secret: {{ include (print $.Template.BasePath "/backup-secret.yaml") . | sha256sum }}
+        spec:
+          imagePullSecrets:
+          - name: {{ .Release.Name }}-regsecret
+          restartPolicy: Never
+          containers:
+          - name: clickhouse-backup
+            image: "{{ $.Files.Get "images/clickhouse-backup.tag" | trim }}"
+            command:
+            - /bin/sh
+            - -x
+            - /scripts/backup.sh
+            env:
+            - name: REPO_PREFIX
+              value: {{ required "s3Bucket is not specified!" .Values.backup.s3Bucket | quote }}
+            - name: CLEANUP_STRATEGY
+              value: {{ required "cleanupPolicy is not specified!" .Values.backup.cleanupStrategy | quote }}
+            - name: CLICKHOUSE_USER
+              value: backup
+            - name: CLICKHOUSE_HOST
+              value: chi-{{ .Release.Name }}-clickhouse-0-0
+            - name: CLICKHOUSE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-credentials
+                  key: backup
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-backup
+                  key: s3AccessKey
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-backup
+                  key: s3SecretKey
+            - name: AWS_DEFAULT_REGION
+              value: {{ .Values.backup.s3Region }}
+            - name: RESTIC_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-backup
+                  key: resticPassword
+            volumeMounts:
+            - mountPath: /scripts
+              name: scripts
+            - mountPath: /tmp
+              name: tmp
+            - mountPath: /.cache
+              name: cache
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              privileged: false
+              readOnlyRootFilesystem: true
+              runAsNonRoot: true
+          volumes:
+          - name: scripts
+            secret:
+              secretName: {{ .Release.Name }}-backup-script
+          - name: tmp
+            emptyDir: {}
+          - name: cache
+            emptyDir: {}
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 9000
+            runAsGroup: 9000
+            seccompProfile:
+              type: RuntimeDefault
+{{- end }}
--- a/packages/apps/clickhouse/templates/backup-script.yaml
+++ b/packages/apps/clickhouse/templates/backup-script.yaml
@@ -0,0 +1,55 @@
+{{- if .Values.backup.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-backup-script
+stringData:
+  backup.sh: |
+    #!/bin/sh
+    set -e
+    set -o pipefail
+    
+    JOB_ID="job-$(uuidgen|cut -f1 -d-)"
+    TABLE_LIST=$(clickhouse-client --host "$CLICKHOUSE_HOST" -q 'SHOW TABLES;' | grep -v '^.inner.' || true)
+    echo DB_LIST=$(echo "$TABLE_LIST" | shuf) # shuffle list
+    echo "Job ID: $JOB_ID"
+    echo "Target repo: $REPO_PREFIX"
+    echo "Cleanup strategy: $CLEANUP_STRATEGY"
+    echo "Start backup for:"
+    echo "$TABLE_LIST"
+    echo
+    echo "Backup started at `date +%Y-%m-%d\ %H:%M:%S`"
+    for table in $TABLE_LIST; do
+      (
+        set -x
+        restic -r "s3:${REPO_PREFIX}/$table" cat config >/dev/null 2>&1 || \
+          restic -r "s3:${REPO_PREFIX}/$table" init --repository-version 2
+        restic -r "s3:${REPO_PREFIX}/$table" unlock --remove-all >/dev/null 2>&1 || true # no locks, k8s takes care of it
+        clickhouse-client --host "$CLICKHOUSE_HOST" -q "SHOW CREATE TABLE ${table}" | awk '{gsub(/\\n/, "\n")} {gsub(/\\'\''/, "'\''")} 1' | \
+          restic -r "s3:${REPO_PREFIX}/$table" backup --tag "$JOB_ID" --tag index --stdin --stdin-filename index.sql
+        clickhouse-client --host "$CLICKHOUSE_HOST" -q "SELECT * FROM ${table} FORMAT TabSeparated" | \
+          restic -r "s3:${REPO_PREFIX}/$table" backup --tag "$JOB_ID" --tag data --stdin --stdin-filename data.tsv
+        restic -r "s3:${REPO_PREFIX}/$table" tag --tag "$JOB_ID" --set "completed"
+      )
+    done
+    echo "Backup finished at `date +%Y-%m-%d\ %H:%M:%S`"
+    
+    echo
+    echo "Run cleanup:"
+    echo
+    
+    echo "Cleanup started at `date +%Y-%m-%d\ %H:%M:%S`"
+    for db in $DB_LIST; do
+      (
+        set -x
+        # keep completed snapshots only
+        restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" --tag index
+        restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" --tag data
+        restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY --tag index
+        restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY --tag data
+        restic prune -r "s3:${REPO_PREFIX}/$db"
+      )
+    done
+    echo "Cleanup finished at `date +%Y-%m-%d\ %H:%M:%S`"
+{{- end }}
--- a/packages/apps/clickhouse/templates/backup-secret.yaml
+++ b/packages/apps/clickhouse/templates/backup-secret.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.backup.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-backup
+stringData:
+  s3AccessKey: {{ required "s3AccessKey is not specified!" .Values.backup.s3AccessKey }}
+  s3SecretKey: {{ required "s3SecretKey is not specified!" .Values.backup.s3SecretKey }}
+  resticPassword: {{ required "resticPassword is not specified!" .Values.backup.resticPassword }}
+{{- end }}
--- a/packages/apps/clickhouse/templates/clickhouse.yaml
+++ b/packages/apps/clickhouse/templates/clickhouse.yaml
@@ -1,21 +1,87 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+{{- $users := .Values.users }}
+{{- $_ := set $users "backup" dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := $users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+
+---
 apiVersion: "clickhouse.altinity.com/v1"
 kind: "ClickHouseInstallation"
 metadata:
  name: "{{ .Release.Name }}"
 spec:
-  {{- with .Values.size }}
+  namespaceDomainPattern:  "%s.svc.cozy.local"
  defaults:
    templates:
      dataVolumeClaimTemplate: data-volume-template
-  {{- end }}
+      podTemplate: clickhouse-per-host
+      serviceTemplate: svc-template
  configuration:
-    {{- with .Values.users }}
+    {{- with $users }}
    users:
      {{- range $name, $u := . }}
-      {{ $name }}/password_sha256_hex: {{ sha256sum $u.password }}
+      {{ $name }}/password_sha256_hex: {{ sha256sum (index $passwords $name) }}
      {{ $name }}/profile: {{ ternary "readonly" "default" (index $u "readonly" | default false) }}
+      {{ $name }}/networks/ip: ["::/0"]
      {{- end }}
    {{- end }}
+    files:
+      config.d/z_log_disable.xml: |
+        <clickhouse>
+            <asynchronous_metric_log remove="1"/>
+            <metric_log remove="1"/>
+            <query_views_log remove="1" />
+            <part_log remove="1"/>
+            <session_log remove="1"/>
+            <text_log remove="1" />
+            <trace_log remove="1"/>
+            <crash_log remove="1"/>
+            <opentelemetry_span_log remove="1"/>
+            <processors_profile_log remove="1"/>
+        </clickhouse>
+      config.d/query_log_ttl.xml: |
+        <clickhouse>
+            <query_log replace="1">
+                <database>system</database>
+                <table>query_log</table>
+                <engine>ENGINE = MergeTree PARTITION BY (event_date)
+                        ORDER BY (event_time)
+                        TTL event_date + INTERVAL {{ .Values.logTTL }} DAY DELETE
+                </engine>
+                <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+            </query_log>
+            <query_thread_log replace="1">
+                <database>system</database>
+                <table>query_thread_log</table>
+                <engine>ENGINE = MergeTree PARTITION BY (event_date)
+                        ORDER BY (event_time)
+                        TTL event_date + INTERVAL {{ .Values.logTTL }} DAY DELETE
+                </engine>
+                <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+            </query_thread_log>
+        </clickhouse>
    profiles:
      readonly/readonly: "1"
    clusters:
@@ -23,7 +89,6 @@ spec:
        layout:
          shardsCount: {{ .Values.shards }}
          replicasCount: {{ .Values.replicas }}
-  {{- with .Values.size }}
  templates:
    volumeClaimTemplates:
      - name: data-volume-template
@@ -32,5 +97,41 @@ spec:
            - ReadWriteOnce
          resources:
            requests:
-              storage: {{ . }}
-  {{- end }}
+              storage: {{ .Values.size }}
+      - name: log-volume-template
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: {{ .Values.logStorageSize }}
+    podTemplates:
+      - name: clickhouse-per-host
+        spec:
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchExpressions:
+                      - key: "clickhouse.altinity.com/chi"
+                        operator: In
+                        values:
+                          - "{{ .Release.Name }}"
+                  topologyKey: "kubernetes.io/hostname"
+          containers:
+            - name: clickhouse
+              image: clickhouse/clickhouse-server:24.9.2.42
+              volumeMounts:
+                - name: data-volume-template
+                  mountPath: /var/lib/clickhouse
+                - name: log-volume-template
+                  mountPath: /var/log/clickhouse-server
+    serviceTemplates:
+      - name: svc-template
+        generateName: chendpoint-{chi}
+        spec:
+          ports:
+            - name: http
+              port: 8123
+            - name: tcp
+              port: 9000
--- a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - chi-clickhouse-test-clickhouse-0-0
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/clickhouse/values.schema.json
+++ b/packages/apps/clickhouse/values.schema.json
@@ -7,6 +7,11 @@
            "description": "Persistent Volume size",
            "default": "10Gi"
        },
+        "logStorageSize": {
+            "type": "string",
+            "description": "Persistent Volume for logs size",
+            "default": "2Gi"
+        },
        "shards": {
            "type": "number",
            "description": "Number of Clickhouse replicas",
@@ -16,6 +21,61 @@
            "type": "number",
            "description": "Number of Clickhouse shards",
            "default": 2
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
+        "logTTL": {
+            "type": "number",
+            "description": "for query_log and query_thread_log",
+            "default": 15
+        },
+        "backup": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean",
+                    "description": "Enable pereiodic backups",
+                    "default": false
+                },
+                "s3Region": {
+                    "type": "string",
+                    "description": "The AWS S3 region where backups are stored",
+                    "default": "us-east-1"
+                },
+                "s3Bucket": {
+                    "type": "string",
+                    "description": "The S3 bucket used for storing backups",
+                    "default": "s3.example.org/clickhouse-backups"
+                },
+                "schedule": {
+                    "type": "string",
+                    "description": "Cron schedule for automated backups",
+                    "default": "0 2 * * *"
+                },
+                "cleanupStrategy": {
+                    "type": "string",
+                    "description": "The strategy for cleaning up old backups",
+                    "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
+                },
+                "s3AccessKey": {
+                    "type": "string",
+                    "description": "The access key for S3, used for authentication",
+                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
+                },
+                "s3SecretKey": {
+                    "type": "string",
+                    "description": "The secret key for S3, used for authentication",
+                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog"
+                },
+                "resticPassword": {
+                    "type": "string",
+                    "description": "The password for Restic backup encryption",
+                    "default": "ChaXoveekoh6eigh4siesheeda2quai0"
+                }
+            }
        }
    }
 }
--- a/packages/apps/clickhouse/values.yaml
+++ b/packages/apps/clickhouse/values.yaml
@@ -1,12 +1,18 @@
 ## @section Common parameters

 ## @param size Persistent Volume size
+## @param logStorageSize Persistent Volume for logs size
 ## @param shards Number of Clickhouse replicas
 ## @param replicas Number of Clickhouse shards
+## @param storageClass StorageClass used to store the data
+## @param logTTL for query_log and query_thread_log
 ##
 size: 10Gi
+logStorageSize: 2Gi
 shards: 1
 replicas: 2
+storageClass: ""
+logTTL: 15

 ## @section Configuration parameters

@@ -20,3 +26,23 @@ replicas: 2
 ##     password: hackme
 ##
 users: {}
+
+## @section Backup parameters
+
+## @param backup.enabled Enable pereiodic backups
+## @param backup.s3Region The AWS S3 region where backups are stored
+## @param backup.s3Bucket The S3 bucket used for storing backups
+## @param backup.schedule Cron schedule for automated backups
+## @param backup.cleanupStrategy The strategy for cleaning up old backups
+## @param backup.s3AccessKey The access key for S3, used for authentication
+## @param backup.s3SecretKey The secret key for S3, used for authentication
+## @param backup.resticPassword The password for Restic backup encryption
+backup:
+  enabled: false
+  s3Region: us-east-1
+  s3Bucket: s3.example.org/clickhouse-backups
+  schedule: "0 2 * * *"
+  cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
+  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
+  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
+  resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
--- a/packages/apps/ferretdb/.helmignore
+++ b/packages/apps/ferretdb/.helmignore
@@ -0,0 +1,3 @@
+.helmignore
+/logos
+/Makefile
--- a/packages/apps/ferretdb/Chart.yaml
+++ b/packages/apps/ferretdb/Chart.yaml
@@ -0,0 +1,25 @@
+apiVersion: v2
+name: ferretdb
+description: Managed FerretDB service
+icon: /logos/ferretdb.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.4.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.24.0"
--- a/packages/apps/ferretdb/Makefile
+++ b/packages/apps/ferretdb/Makefile
@@ -0,0 +1,4 @@
+include ../../../scripts/package.mk
+
+generate:
+	readme-generator -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/ferretdb/README.md
+++ b/packages/apps/ferretdb/README.md
@@ -0,0 +1,35 @@
+# Managed FerretDB Service
+
+## Parameters
+
+### Common parameters
+
+| Name                     | Description                                                                                                             | Value   |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | ------- |
+| `external`               | Enable external access from outside the cluster                                                                         | `false` |
+| `size`                   | Persistent Volume size                                                                                                  | `10Gi`  |
+| `replicas`               | Number of Postgres replicas                                                                                             | `2`     |
+| `storageClass`           | StorageClass used to store the data                                                                                     | `""`    |
+| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.           | `0`     |
+| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances). | `0`     |
+
+### Configuration parameters
+
+| Name    | Description         | Value |
+| ------- | ------------------- | ----- |
+| `users` | Users configuration | `{}`  |
+
+### Backup parameters
+
+| Name                     | Description                                    | Value                                                  |
+| ------------------------ | ---------------------------------------------- | ------------------------------------------------------ |
+| `backup.enabled`         | Enable pereiodic backups                       | `false`                                                |
+| `backup.s3Region`        | The AWS S3 region where backups are stored     | `us-east-1`                                            |
+| `backup.s3Bucket`        | The S3 bucket used for storing backups         | `s3.example.org/postgres-backups`                      |
+| `backup.schedule`        | Cron schedule for automated backups            | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | The strategy for cleaning up old backups       | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
+| `backup.s3SecretKey`     | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
+| `backup.resticPassword`  | The password for Restic backup encryption      | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+
+
--- a/packages/apps/ferretdb/images/postgres-backup.tag
+++ b/packages/apps/ferretdb/images/postgres-backup.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1
--- a/packages/apps/ferretdb/logos/ferretdb.svg
+++ b/packages/apps/ferretdb/logos/ferretdb.svg
@@ -0,0 +1,12 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="-0.00195312" width="144" height="144" rx="24" fill="url(#paint0_linear_683_2952)"/>
+<path d="M69.5923 22.131C58.2662 23.6787 46.9037 30.8714 40.3302 40.6679C39.274 42.2521 37.4531 45.548 37.4531 45.8757C37.4531 45.9122 38.3272 45.3841 39.3833 44.6921C52.3847 36.1156 67.8989 34.5314 80.5178 40.4858C83.2674 41.7787 84.9973 43.0351 87.4555 45.4933C91.589 49.645 94.6117 55.1988 96.7058 62.5007C97.7983 66.2518 98.7088 71.3686 98.9455 74.8465C99.0001 75.7934 99.1458 76.631 99.2369 76.6856C99.7467 76.9952 102.041 73.6629 103.662 70.276C106.229 64.8861 107.431 59.5872 107.413 53.7057C107.395 45.3841 104.518 38.3917 98.727 32.5648C93.592 27.3934 87.1095 23.8426 80.3175 22.4587C78.7333 22.1492 77.5679 22.0581 74.5999 22.0035C72.5422 21.9853 70.3025 22.0399 69.5923 22.131Z" fill="white"/>
+<path d="M45.52 46.4402C44.3364 47.0229 42.3516 48.8438 40.6035 50.9379C39.8205 51.8666 38.6369 53.0137 37.7629 53.6693C35.7234 55.1989 32.2455 58.604 30.4792 60.8073C21.2654 72.2244 18.6979 85.244 23.0863 98.3182C26.6917 109.025 35.0315 116.127 47.8508 119.35C52.8401 120.624 60.324 121.335 63.456 120.843L64.2572 120.715L63.019 119.987C56.1906 116.018 51.4198 109.317 50.0905 101.869C49.6899 99.611 49.6717 95.605 50.0723 93.4017C50.9645 88.4488 53.4592 83.8965 56.8461 81.0559C58.4303 79.7266 61.1981 78.3609 63.4014 77.8329C66.7155 77.0317 68.7367 76.1212 70.8307 74.4642C72.1782 73.408 73.3618 71.8056 74.3451 69.7298C75.1827 67.9635 76.9672 62.3551 76.9672 61.4628C76.9672 60.8437 76.3299 60.0061 75.4195 59.4416C74.946 59.1502 74.1994 58.9864 72.2875 58.7861C64.0569 57.9302 59.9599 56.4371 55.007 52.5221C54.2968 51.9576 53.441 51.3203 53.095 51.1018C52.749 50.9015 52.0571 50.1367 51.5836 49.4265C50.1451 47.3325 48.3606 45.985 46.9949 45.9668C46.7036 45.9668 46.0298 46.1853 45.52 46.4402ZM54.4607 54.8711C55.0798 55.1806 55.7535 55.5812 55.972 55.7451L56.3727 56.0729L55.7353 58.6222C55.1891 60.8437 55.098 61.4082 55.1526 62.9924C55.2073 64.5584 55.2619 64.9043 55.6261 65.4142C56.227 66.2336 57.2649 66.7253 58.4303 66.7253C60.0873 66.7253 61.3802 65.7784 63.5289 62.956C64.148 62.1548 64.6396 61.7177 65.368 61.3718C66.497 60.8073 67.2982 60.7527 69.811 60.9712L71.4863 61.135V62.1183C71.4863 63.6661 72.3057 64.5584 73.9809 64.8133L74.7821 64.9226L74.4908 65.5963C73.2161 68.6736 69.9385 72.1516 66.8611 73.6994C66.3695 73.9361 65.2587 74.3731 64.4029 74.6645C63.0008 75.1197 62.6184 75.1743 60.2148 75.1743C57.8294 75.1743 57.4288 75.1197 56.1177 74.6827C52.1663 73.3716 49.2347 70.4581 47.9054 66.5432C47.4319 65.1593 47.4137 61.135 47.8872 59.4598C48.5245 57.1472 49.6535 55.2353 50.8371 54.4887C51.6018 53.997 53.0222 54.1609 54.4607 54.8711Z" fill="white"/>
+<path d="M113.022 61.7361C113.022 62.5555 112.111 66.3431 111.347 68.7102C108.47 77.5781 103.262 85.5355 96.4697 91.3443C91.6989 95.4413 88.3119 97.244 82.9402 98.5733C79.4805 99.4291 77.2226 99.7023 72.8341 99.8115C67.3532 99.9572 61.9451 99.4655 57.1014 98.4094C56.1727 98.2091 55.3898 98.0816 55.3351 98.1363C55.1166 98.3366 55.9542 101.123 56.6826 102.598C58.0119 105.329 59.5232 107.368 62.2182 110.063C65.0588 112.904 67.1711 114.47 70.4487 116.163C78.57 120.351 87.8931 120.916 97.453 117.766C107.541 114.47 114.952 108.516 118.94 100.503C121.598 95.1864 122.691 89.5051 122.29 83.0227C121.799 75.0288 118.849 67.1989 114.57 62.5738C113.896 61.8454 113.277 61.2627 113.186 61.2627C113.095 61.2627 113.022 61.4812 113.022 61.7361Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_683_2952" x1="5.5" y1="11" x2="141" y2="124.5" gradientUnits="userSpaceOnUse">
+<stop stop-color="#45ADC6"/>
+<stop offset="1" stop-color="#216778"/>
+</linearGradient>
+</defs>
+</svg>
--- a/packages/apps/ferretdb/templates/.gitkeep
+++ b/packages/apps/ferretdb/templates/.gitkeep
--- a/packages/apps/ferretdb/templates/backup-cronjob.yaml
+++ b/packages/apps/ferretdb/templates/backup-cronjob.yaml
@@ -0,0 +1,99 @@
+{{- if .Values.backup.enabled }}
+{{ $image := .Files.Get "images/backup.json" | fromJson }}
+
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}-backup
+spec:
+  schedule: "{{ .Values.backup.schedule }}"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      backoffLimit: 2
+      template:
+        spec:
+          restartPolicy: OnFailure
+      template:
+        metadata:
+          annotations:
+            checksum/config: {{ include (print $.Template.BasePath "/backup-script.yaml") . | sha256sum }}
+            checksum/secret: {{ include (print $.Template.BasePath "/backup-secret.yaml") . | sha256sum }}
+        spec:
+          restartPolicy: Never
+          containers:
+          - name: pgdump
+            image: "{{ $.Files.Get "images/postgres-backup.tag" | trim }}"
+            command:
+            - /bin/sh
+            - /scripts/backup.sh
+            env:
+            - name: REPO_PREFIX
+              value: {{ required "s3Bucket is not specified!" .Values.backup.s3Bucket | quote }}
+            - name: CLEANUP_STRATEGY
+              value: {{ required "cleanupStrategy is not specified!" .Values.backup.cleanupStrategy | quote }}
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-postgres-superuser
+                  key: username
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-postgres-superuser
+                  key: password
+            - name: PGHOST
+              value: {{ .Release.Name }}-postgres-rw
+            - name: PGPORT
+              value: "5432"
+            - name: PGDATABASE
+              value: postgres
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-backup
+                  key: s3AccessKey
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-backup
+                  key: s3SecretKey
+            - name: AWS_DEFAULT_REGION
+              value: {{ .Values.backup.s3Region }}
+            - name: RESTIC_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}-backup
+                  key: resticPassword
+            volumeMounts:
+            - mountPath: /scripts
+              name: scripts
+            - mountPath: /tmp
+              name: tmp
+            - mountPath: /.cache
+              name: cache
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              privileged: false
+              readOnlyRootFilesystem: true
+              runAsNonRoot: true
+          volumes:
+          - name: scripts
+            secret:
+              secretName: {{ .Release.Name }}-backup-script
+          - name: tmp
+            emptyDir: {}
+          - name: cache
+            emptyDir: {}
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 9000
+            runAsGroup: 9000
+            seccompProfile:
+              type: RuntimeDefault
+{{- end }}
--- a/packages/apps/ferretdb/templates/backup-script.yaml
+++ b/packages/apps/ferretdb/templates/backup-script.yaml
@@ -0,0 +1,50 @@
+{{- if .Values.backup.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-backup-script
+stringData:
+  backup.sh: |
+    #!/bin/sh
+    set -e
+    set -o pipefail
+
+    JOB_ID="job-$(uuidgen|cut -f1 -d-)"
+    DB_LIST=$(psql -Atq -c 'SELECT datname FROM pg_catalog.pg_database;' | grep -v '^\(postgres\|app\|template.*\)$')
+    echo DB_LIST=$(echo "$DB_LIST" | shuf) # shuffle list
+    echo "Job ID: $JOB_ID"
+    echo "Target repo: $REPO_PREFIX"
+    echo "Cleanup strategy: $CLEANUP_STRATEGY"
+    echo "Start backup for:"
+    echo "$DB_LIST"
+    echo
+    echo "Backup started at `date +%Y-%m-%d\ %H:%M:%S`"
+    for db in $DB_LIST; do
+      (
+        set -x
+        restic -r "s3:${REPO_PREFIX}/$db" cat config >/dev/null 2>&1 || \
+          restic -r "s3:${REPO_PREFIX}/$db" init --repository-version 2
+        restic -r "s3:${REPO_PREFIX}/$db" unlock --remove-all >/dev/null 2>&1 || true # no locks, k8s takes care of it
+        pg_dump -Z0 -Ft -d "$db" | \
+          restic -r "s3:${REPO_PREFIX}/$db" backup --tag "$JOB_ID" --stdin --stdin-filename dump.tar
+        restic -r "s3:${REPO_PREFIX}/$db" tag --tag "$JOB_ID" --set "completed"
+      )
+    done
+    echo "Backup finished at `date +%Y-%m-%d\ %H:%M:%S`"
+
+    echo
+    echo "Run cleanup:"
+    echo
+
+    echo "Cleanup started at `date +%Y-%m-%d\ %H:%M:%S`"
+    for db in $DB_LIST; do
+      (
+        set -x
+        restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags --keep-tag "completed" # keep completed snapshots only
+        restic forget -r "s3:${REPO_PREFIX}/$db" --group-by=tags $CLEANUP_STRATEGY
+        restic prune -r "s3:${REPO_PREFIX}/$db"
+      )
+    done
+    echo "Cleanup finished at `date +%Y-%m-%d\ %H:%M:%S`"
+{{- end }}
--- a/packages/apps/ferretdb/templates/backup-secret.yaml
+++ b/packages/apps/ferretdb/templates/backup-secret.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.backup.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-backup
+stringData:
+  s3AccessKey: {{ required "s3AccessKey is not specified!" .Values.backup.s3AccessKey }}
+  s3SecretKey: {{ required "s3SecretKey is not specified!" .Values.backup.s3SecretKey }}
+  resticPassword: {{ required "resticPassword is not specified!" .Values.backup.resticPassword }}
+{{- end }}
--- a/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/ferretdb/templates/external-svc.yaml
+++ b/packages/apps/ferretdb/templates/external-svc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
+  {{- if .Values.external }}
+  externalTrafficPolicy: Local
+  allocateLoadBalancerNodePorts: false
+  {{- end }}
+  ports:
+  - name: ferretdb
+    port: 27017
+  selector:
+    app: {{ .Release.Name }}
--- a/packages/apps/ferretdb/templates/ferretdb.yaml
+++ b/packages/apps/ferretdb/templates/ferretdb.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+    spec:
+      containers:
+      - name: ferretdb
+        image: ghcr.io/ferretdb/ferretdb:1.24.0
+        ports:
+        - containerPort: 27017
+        env:
+          - name: FERRETDB_POSTGRESQL_URL
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-postgres-app
+                key: uri
--- a/packages/apps/ferretdb/templates/init-job.yaml
+++ b/packages/apps/ferretdb/templates/init-job.yaml
@@ -0,0 +1,66 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-init-job
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  template:
+    metadata:
+      name: {{ .Release.Name }}-init-job
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/init-script.yaml") . | sha256sum }}
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: postgres
+        image: ghcr.io/cloudnative-pg/postgresql:15.3
+        command:
+        - bash
+        - /scripts/init.sh
+        env:
+        - name: PGUSER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name }}-postgres-superuser
+              key: username
+        - name: PGPASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name }}-postgres-superuser
+              key: password
+        - name: PGHOST
+          value: {{ .Release.Name }}-postgres-rw
+        - name: PGPORT
+          value: "5432"
+        - name: PGDATABASE
+          value: postgres
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+        volumeMounts:
+        - mountPath: /etc/secret
+          name: secret
+        - mountPath: /scripts
+          name: scripts
+      securityContext:
+        fsGroup: 26
+        runAsGroup: 26
+        runAsNonRoot: true
+        runAsUser: 26
+        seccompProfile:
+          type: RuntimeDefault
+      volumes:
+      - name: secret
+        secret:
+          secretName: {{ .Release.Name }}-postgres-superuser
+      - name: scripts
+        secret:
+          secretName: {{ .Release.Name }}-init-script
--- a/packages/apps/ferretdb/templates/init-script.yaml
+++ b/packages/apps/ferretdb/templates/init-script.yaml
@@ -0,0 +1,131 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-init-script
+stringData:
+  init.sh: |
+    #!/bin/bash
+    set -e
+
+    until pg_isready ; do sleep 5; done
+
+    echo "== create users"
+    {{- if .Values.users }}
+    psql -v ON_ERROR_STOP=1 <<\EOT
+    {{- range $user, $u := .Values.users }}
+    SELECT 'CREATE ROLE {{ $user }} LOGIN INHERIT;'
+    WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $user }}')\gexec
+    ALTER ROLE {{ $user }} WITH PASSWORD '{{ index $passwords $user }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
+    COMMENT ON ROLE {{ $user }} IS 'user managed by helm';
+    {{- end }}
+    EOT
+    {{- end }}
+
+    echo "== delete users"
+    MANAGED_USERS=$(echo '\du+' | psql | awk -F'|' '$4 == " user managed by helm" {print $1}' | awk NF=NF RS= OFS=' ')
+    DEFINED_USERS="{{ join " " (keys .Values.users) }}"
+    DELETE_USERS=$(for user in $MANAGED_USERS; do case " $DEFINED_USERS " in *" $user "*) :;; *) echo $user;; esac; done)
+
+    echo "users to delete: $DELETE_USERS"
+    for user in $DELETE_USERS; do
+    # https://stackoverflow.com/a/51257346/2931267
+    psql -v ON_ERROR_STOP=1 --echo-all <<EOT
+    REASSIGN OWNED BY $user TO postgres;
+    DROP OWNED BY $user;
+    DROP USER $user;
+    EOT
+    done
+    
+    echo "== create roles"
+    psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
+    SELECT 'CREATE ROLE app_admin NOINHERIT;'
+    WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'app_admin')\gexec
+    COMMENT ON ROLE app_admin IS 'role managed by helm';
+    EOT
+
+    echo "== grant privileges on databases to roles"
+    psql -v ON_ERROR_STOP=1 --echo-all -d "app" <<\EOT
+    ALTER DATABASE app OWNER TO app_admin;
+
+    DO $$
+    DECLARE
+        schema_record record;
+    BEGIN
+        -- Loop over all schemas
+        FOR schema_record IN SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT IN ('pg_catalog', 'information_schema') LOOP
+            -- Changing Schema Ownership
+            EXECUTE format('ALTER SCHEMA %I OWNER TO %I', schema_record.schema_name, 'app_admin');
+    
+            -- Add rights for the admin role
+            EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');
+            EXECUTE format('GRANT ALL ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');
+            EXECUTE format('GRANT ALL ON ALL SEQUENCES IN SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');
+            EXECUTE format('GRANT ALL ON ALL FUNCTIONS IN SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');
+            EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON TABLES TO %I', schema_record.schema_name, 'app_admin');
+            EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON SEQUENCES TO %I', schema_record.schema_name, 'app_admin');
+            EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON FUNCTIONS TO %I', schema_record.schema_name, 'app_admin');
+        END LOOP;
+    END$$;
+    EOT
+
+    echo "== setup event trigger for schema creation"
+    psql -v ON_ERROR_STOP=1 --echo-all -d "app" <<\EOT
+    CREATE OR REPLACE FUNCTION auto_grant_schema_privileges()
+    RETURNS event_trigger LANGUAGE plpgsql AS $$
+    DECLARE
+      obj record;
+    BEGIN
+      FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands() WHERE command_tag = 'CREATE SCHEMA' LOOP
+        -- Set owner for schema
+        EXECUTE format('ALTER SCHEMA %I OWNER TO %I', obj.object_identity, 'app_admin');
+
+        -- Set privileges for admin role
+        EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', obj.object_identity, 'app_admin');
+        EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON TABLES TO %I', obj.object_identity, 'app_admin');
+        EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON SEQUENCES TO %I', obj.object_identity, 'app_admin');
+        EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON FUNCTIONS TO %I', obj.object_identity, 'app_admin');
+      END LOOP;
+    END;
+    $$;
+
+    DROP EVENT TRIGGER IF EXISTS trigger_auto_grant;
+    CREATE EVENT TRIGGER trigger_auto_grant ON ddl_command_end
+    WHEN TAG IN ('CREATE SCHEMA')
+    EXECUTE PROCEDURE auto_grant_schema_privileges();
+    EOT
+
+    echo "== assign roles to users"
+    psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
+    GRANT app_admin TO app;
+    {{- range $user, $u := $.Values.users }}
+    GRANT app_admin TO {{ $user }};
+    {{- end }}
+    EOT
--- a/packages/apps/ferretdb/templates/postgres.yaml
+++ b/packages/apps/ferretdb/templates/postgres.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: {{ .Release.Name }}-postgres
+spec:
+  instances: {{ .Values.replicas }}
+  enableSuperuserAccess: true
+
+  minSyncReplicas: {{ .Values.quorum.minSyncReplicas }}
+  maxSyncReplicas: {{ .Values.quorum.maxSyncReplicas }}
+
+  monitoring:
+    enablePodMonitor: true
+
+  storage:
+    size: {{ required ".Values.size is required" .Values.size }}
+    {{- with .Values.storageClass }}
+    storageClass: {{ . }}
+    {{- end }}
+
+  inheritedMetadata:
+    labels:
+      policy.cozystack.io/allow-to-apiserver: "true"
+
+  {{- if .Values.users }}
+  managed:
+    roles:
+    {{- range $user, $config := .Values.users }}
+    - name: {{ $user }}
+      ensure: present
+      passwordSecret:
+        name: {{ printf "%s-user-%s" $.Release.Name $user }}
+      login: true
+      inRoles:
+      - app
+    {{- end }}
+  {{- end }}
+
+{{- range $user, $config := .Values.users }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-user-%s" $.Release.Name $user }}
+  labels:
+    cnpg.io/reload: "true"
+type: kubernetes.io/basic-auth
+data:
+  username: {{ $user | b64enc }}
+  password: {{ $config.password | b64enc }}
+{{- end }}
--- a/packages/apps/ferretdb/values.schema.json
+++ b/packages/apps/ferretdb/values.schema.json
@@ -0,0 +1,86 @@
+{
+    "title": "Chart Values",
+    "type": "object",
+    "properties": {
+        "external": {
+            "type": "boolean",
+            "description": "Enable external access from outside the cluster",
+            "default": false
+        },
+        "size": {
+            "type": "string",
+            "description": "Persistent Volume size",
+            "default": "10Gi"
+        },
+        "replicas": {
+            "type": "number",
+            "description": "Number of Postgres replicas",
+            "default": 2
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
+        "quorum": {
+            "type": "object",
+            "properties": {
+                "minSyncReplicas": {
+                    "type": "number",
+                    "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.",
+                    "default": 0
+                },
+                "maxSyncReplicas": {
+                    "type": "number",
+                    "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).",
+                    "default": 0
+                }
+            }
+        },
+        "backup": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean",
+                    "description": "Enable pereiodic backups",
+                    "default": false
+                },
+                "s3Region": {
+                    "type": "string",
+                    "description": "The AWS S3 region where backups are stored",
+                    "default": "us-east-1"
+                },
+                "s3Bucket": {
+                    "type": "string",
+                    "description": "The S3 bucket used for storing backups",
+                    "default": "s3.example.org/postgres-backups"
+                },
+                "schedule": {
+                    "type": "string",
+                    "description": "Cron schedule for automated backups",
+                    "default": "0 2 * * *"
+                },
+                "cleanupStrategy": {
+                    "type": "string",
+                    "description": "The strategy for cleaning up old backups",
+                    "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
+                },
+                "s3AccessKey": {
+                    "type": "string",
+                    "description": "The access key for S3, used for authentication",
+                    "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
+                },
+                "s3SecretKey": {
+                    "type": "string",
+                    "description": "The secret key for S3, used for authentication",
+                    "default": "ju3eum4dekeich9ahM1te8waeGai0oog"
+                },
+                "resticPassword": {
+                    "type": "string",
+                    "description": "The password for Restic backup encryption",
+                    "default": "ChaXoveekoh6eigh4siesheeda2quai0"
+                }
+            }
+        }
+    }
+}
--- a/packages/apps/ferretdb/values.yaml
+++ b/packages/apps/ferretdb/values.yaml
@@ -0,0 +1,50 @@
+## @section Common parameters
+
+## @param external Enable external access from outside the cluster
+## @param size Persistent Volume size
+## @param replicas Number of Postgres replicas
+## @param storageClass StorageClass used to store the data
+##
+external: false
+size: 10Gi
+replicas: 2
+storageClass: ""
+
+## Configuration for the quorum-based synchronous replication
+## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
+## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
+quorum:
+  minSyncReplicas: 0
+  maxSyncReplicas: 0
+
+## @section Configuration parameters
+
+## @param users [object] Users configuration
+## Example:
+## users:
+##   user1:
+##     password: strongpassword
+##   user2:
+##     password: hackme
+##
+users: {}
+
+## @section Backup parameters
+
+## @param backup.enabled Enable pereiodic backups
+## @param backup.s3Region The AWS S3 region where backups are stored
+## @param backup.s3Bucket The S3 bucket used for storing backups
+## @param backup.schedule Cron schedule for automated backups
+## @param backup.cleanupStrategy The strategy for cleaning up old backups
+## @param backup.s3AccessKey The access key for S3, used for authentication
+## @param backup.s3SecretKey The secret key for S3, used for authentication
+## @param backup.resticPassword The password for Restic backup encryption
+backup:
+  enabled: false
+  s3Region: us-east-1
+  s3Bucket: s3.example.org/postgres-backups
+  schedule: "0 2 * * *"
+  cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
+  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
+  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
+  resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
--- a/packages/apps/http-cache/.helmignore
+++ b/packages/apps/http-cache/.helmignore
@@ -1,23 +1,3 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
+.helmignore
+/logos
+/Makefile
--- a/packages/apps/http-cache/Chart.yaml
+++ b/packages/apps/http-cache/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: http-cache
-description: Layer7 load balacner and caching service
-icon: https://www.svgrepo.com/show/373924/nginx.svg
+description: Layer7 load balancer and caching service
+icon: /logos/nginx.svg

 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/http-cache/Makefile
+++ b/packages/apps/http-cache/Makefile
@@ -1,6 +1,7 @@
-NGINX_CACHE_TAG = v0.1.0
+NGINX_CACHE_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)

 include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk

 image: image-nginx

@@ -8,13 +9,14 @@ image-nginx:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/nginx-cache \
 		--provenance false \
 		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)) \
-		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:latest \
 		--cache-to type=inline \
 		--metadata-file images/nginx-cache.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))" > images/nginx-cache.tag
+	echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))@$$(yq e '."containerimage.digest"' images/nginx-cache.json -o json -r)" \
+		> images/nginx-cache.tag
+	rm -f images/nginx-cache.json

 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/http-cache/README.md
+++ b/packages/apps/http-cache/README.md
@@ -64,6 +64,7 @@ VTS module shows wrong upstream resonse time
 | ------------------ | ----------------------------------------------- | ------- |
 | `external`         | Enable external access from outside the cluster | `false` |
 | `size`             | Persistent Volume size                          | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data             | `""`    |
 | `haproxy.replicas` | Number of HAProxy replicas                      | `2`     |
 | `nginx.replicas`   | Number of Nginx replicas                        | `2`     |

--- a/packages/apps/http-cache/images/nginx-cache.json
+++ b/packages/apps/http-cache/images/nginx-cache.json
@@ -1,4 +0,0 @@
-{
-  "containerimage.config.digest": "sha256:aa7a9874c35d7fac8668a623744acbf376b48aed2ef1dc4b3a19054fdcff99cf",
-  "containerimage.digest": "sha256:d825427d433dda95db40264c6559b44c7bbb726e69279e90fe73fe8fc9265abb"
-}
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0
+ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:7aed2ce1909a4f8faf1de93c4c17fec76ce7a593632ef5ab9ed1b66c3e83bf58
--- a/packages/apps/http-cache/images/nginx.json
+++ b/packages/apps/http-cache/images/nginx.json
@@ -1,4 +0,0 @@
-{
-  "containerimage.config.digest": "sha256:b1916dbacb372ed89ea3f920f08ee68730be2edc016f2caa373a7bbfbad25845",
-  "containerimage.digest": "sha256:f77d5b63f1ed9dfda4725696d9170130939219a2465260b6ba941947460de2da"
-}
--- a/packages/apps/http-cache/logos/nginx.svg
+++ b/packages/apps/http-cache/logos/nginx.svg
@@ -0,0 +1,10 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="144" height="144" rx="24" fill="url(#paint0_linear_681_2825)"/>
+<path d="M26.0026 37.8588C26.0026 60.919 26.0026 83.9814 26.0026 107.046C25.973 108.323 26.1996 109.593 26.6692 110.783C27.1387 111.972 27.8418 113.056 28.7374 113.972C30.4539 115.659 32.7 116.709 35.1009 116.948C37.5019 117.187 39.9126 116.6 41.931 115.284C43.282 114.371 44.3881 113.143 45.1527 111.707C45.9174 110.271 46.3175 108.671 46.3181 107.046C46.3181 90.3528 46.2861 73.6597 46.3181 56.9666C61.6168 75.1889 76.9474 93.3856 92.31 111.557C94.4444 113.708 97.0875 115.291 99.997 116.162C102.906 117.032 105.989 117.162 108.962 116.539C111.061 116.128 112.973 115.057 114.415 113.485C115.857 111.913 116.754 109.921 116.974 107.804C117.009 84.2681 117.009 60.7343 116.974 37.2025C116.754 34.6907 115.595 32.3522 113.726 30.6486C111.858 28.945 109.415 28 106.881 28C104.346 28 101.903 28.945 100.035 30.6486C98.1663 32.3522 97.0074 34.6907 96.7869 37.2025C96.7869 54.1632 96.6844 71.1048 96.7869 88.0591C81.7616 70.4358 66.9219 52.6596 51.9543 34.9725C49.981 32.4554 47.3685 30.5073 44.3863 29.3291C41.4041 28.1509 38.1599 27.7852 34.9883 28.2698C32.5857 28.5359 30.3583 29.6493 28.7099 31.4084C27.0615 33.1675 26.101 35.4559 26.0026 37.8588Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_681_2825" x1="10" y1="15.5" x2="144" y2="131.5" gradientUnits="userSpaceOnUse">
+<stop stop-color="#00C54A"/>
+<stop offset="1" stop-color="#019639"/>
+</linearGradient>
+</defs>
+</svg>
--- a/packages/apps/http-cache/templates/nginx/deployment.yaml
+++ b/packages/apps/http-cache/templates/nginx/deployment.yaml
@@ -52,7 +52,7 @@ spec:
      shareProcessNamespace: true
      containers:
      - name: nginx
-        image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}@{{ index ($.Files.Get "images/nginx-cache.json" | fromJson) "containerimage.digest" }}"
+        image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}"
        readinessProbe:
          httpGet:
            path: /healthz
@@ -81,7 +81,7 @@ spec:
        - mountPath: /run
          name: run
      - name: reloader
-        image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}@{{ index ($.Files.Get "images/nginx-cache.json" | fromJson) "containerimage.digest" }}"
+        image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}"
        command: ["/usr/bin/nginx-reloader.sh"]
        #command: ["sleep", "infinity"]
        volumeMounts:
@@ -114,6 +114,9 @@ spec:
  resources:
    requests:
      storage: "{{ $.Values.size }}"
+  {{- with $.Values.storageClass }}
+  storageClassName: {{ . }}
+  {{- end }}
 ---
 apiVersion: v1
 kind: Service
--- a/packages/apps/http-cache/values.schema.json
+++ b/packages/apps/http-cache/values.schema.json
@@ -12,6 +12,11 @@
            "description": "Persistent Volume size",
            "default": "10Gi"
        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
        "haproxy": {
            "type": "object",
            "properties": {
--- a/packages/apps/http-cache/values.yaml
+++ b/packages/apps/http-cache/values.yaml
@@ -3,11 +3,13 @@

 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
+## @param storageClass StorageClass used to store the data
 ## @param haproxy.replicas Number of HAProxy replicas
 ## @param nginx.replicas Number of Nginx replicas
 ##
 external: false
 size: 10Gi
+storageClass: ""
 haproxy:
  replicas: 2
 nginx:
--- a/packages/apps/kafka/.helmignore
+++ b/packages/apps/kafka/.helmignore
@@ -0,0 +1,3 @@
+.helmignore
+/logos
+/Makefile
--- a/packages/apps/kafka/Chart.yaml
+++ b/packages/apps/kafka/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: kafka
 description: Managed Kafka service
-icon: https://upload.wikimedia.org/wikipedia/commons/0/05/Apache_kafka.svg
+icon: /logos/kafka.svg

 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kafka/Makefile
+++ b/packages/apps/kafka/Makefile
@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md
--- a/packages/apps/kafka/README.md
+++ b/packages/apps/kafka/README.md
@@ -4,13 +4,15 @@

 ### Common parameters

-| Name                 | Description                                     | Value   |
-| -------------------- | ----------------------------------------------- | ------- |
-| `external`           | Enable external access from outside the cluster | `false` |
-| `kafka.size`         | Persistent Volume size for Kafka                | `10Gi`  |
-| `kafka.replicas`     | Number of Kafka replicas                        | `3`     |
-| `zookeeper.size`     | Persistent Volume size for ZooKeeper            | `5Gi`   |
-| `zookeeper.replicas` | Number of ZooKeeper replicas                    | `3`     |
+| Name                     | Description                                     | Value   |
+| ------------------------ | ----------------------------------------------- | ------- |
+| `external`               | Enable external access from outside the cluster | `false` |
+| `kafka.size`             | Persistent Volume size for Kafka                | `10Gi`  |
+| `kafka.replicas`         | Number of Kafka replicas                        | `3`     |
+| `kafka.storageClass`     | StorageClass used to store the Kafka data       | `""`    |
+| `zookeeper.size`         | Persistent Volume size for ZooKeeper            | `5Gi`   |
+| `zookeeper.replicas`     | Number of ZooKeeper replicas                    | `3`     |
+| `zookeeper.storageClass` | StorageClass used to store the ZooKeeper data   | `""`    |

 ### Configuration parameters

--- a/packages/apps/kafka/logos/kafka.svg
+++ b/packages/apps/kafka/logos/kafka.svg
@@ -0,0 +1,10 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="144" height="144" rx="24" fill="url(#paint0_linear_681_2820)"/>
+<path d="M91.0307 77.8185C86.8577 77.8185 83.1166 79.6818 80.5547 82.6154L73.9901 77.9315C74.6869 75.9978 75.087 73.9215 75.087 71.7482C75.087 69.6126 74.7008 67.5711 74.0269 65.666L80.5769 61.0318C83.1385 63.9505 86.8699 65.8037 91.0307 65.8037C98.7328 65.8037 105 59.4884 105 51.7247C105 43.961 98.7328 37.6457 91.0307 37.6457C83.3285 37.6457 77.0614 43.961 77.0614 51.7247C77.0614 53.1143 77.2697 54.4543 77.6435 55.7233L71.0891 60.3598C68.3512 56.9365 64.409 54.5463 59.9174 53.8166V45.8553C66.2451 44.5158 71.0128 38.8495 71.0128 32.079C71.0128 24.3153 64.7457 18 57.0435 18C49.3414 18 43.0742 24.3153 43.0742 32.079C43.0742 38.7589 47.7184 44.3552 53.9196 45.7903V53.8551C45.4567 55.3523 39 62.7961 39 71.7482C39 80.744 45.5206 88.2151 54.0446 89.6613V98.1772C47.7801 99.565 43.0742 105.196 43.0742 111.921C43.0742 119.685 49.3414 126 57.0435 126C64.7457 126 71.0128 119.685 71.0128 111.921C71.0128 105.196 66.307 99.565 60.0424 98.1772V89.6611C64.3569 88.9286 68.2601 86.6407 71.0252 83.2234L77.6337 87.9376C77.2669 89.1952 77.0614 90.5219 77.0614 91.8975C77.0614 99.6612 83.3285 105.976 91.0307 105.976C98.7328 105.976 105 99.6612 105 91.8975C105 84.1338 98.7328 77.8185 91.0307 77.8185ZM91.0307 44.8985C94.7656 44.8985 97.8034 47.9615 97.8034 51.7247C97.8034 55.4879 94.7656 58.5506 91.0307 58.5506C87.2958 58.5506 84.258 55.4879 84.258 51.7247C84.258 47.9615 87.2958 44.8985 91.0307 44.8985ZM50.2705 32.079C50.2705 28.3158 53.3086 25.2531 57.0435 25.2531C60.7785 25.2531 63.8163 28.3158 63.8163 32.079C63.8163 35.8422 60.7785 38.9049 57.0435 38.9049C53.3086 38.9049 50.2705 35.8422 50.2705 32.079ZM63.8163 111.921C63.8163 115.684 60.7785 118.747 57.0435 118.747C53.3086 118.747 50.2705 115.684 50.2705 111.921C50.2705 108.158 53.3086 105.095 57.0435 105.095C60.7785 105.095 63.8163 108.158 63.8163 111.921ZM57.043 81.2681C51.8339 81.2681 47.5962 76.998 47.5962 71.7482C47.5962 66.4982 51.8339 62.2273 57.043 62.2273C62.2519 62.2273 66.4895 66.4982 66.4895 71.7482C66.4895 76.998 62.2519 81.2681 57.043 81.2681ZM91.0307 98.7237C87.2958 98.7237 84.258 95.6607 84.258 91.8975C84.258 88.1343 87.2958 85.0716 91.0307 85.0716C94.7656 85.0716 97.8034 88.1343 97.8034 91.8975C97.8034 95.6607 94.7656 98.7237 91.0307 98.7237Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_681_2820" x1="140" y1="130.5" x2="4" y2="9.49999" gradientUnits="userSpaceOnUse">
+<stop/>
+<stop offset="1" stop-color="#434141"/>
+</linearGradient>
+</defs>
+</svg>
--- a/packages/apps/kafka/templates/kafka.yaml
+++ b/packages/apps/kafka/templates/kafka.yaml
@@ -26,11 +26,25 @@ spec:
        {{- end }}
        tls: false
    config:
+      {{- if eq (int .Values.kafka.replicas) 1 }}
+      offsets.topic.replication.factor: 1
+      transaction.state.log.replication.factor: 1
+      transaction.state.log.min.isr: 1
+      default.replication.factor: 1
+      min.insync.replicas: 1
+      {{- else if eq (int .Values.kafka.replicas) 2 }}
+      offsets.topic.replication.factor: 2
+      transaction.state.log.replication.factor: 2
+      transaction.state.log.min.isr: 2
+      default.replication.factor: 2
+      min.insync.replicas: 2
+      {{- else }}
      offsets.topic.replication.factor: 3
      transaction.state.log.replication.factor: 3
      transaction.state.log.min.isr: 2
      default.replication.factor: 3
      min.insync.replicas: 2
+      {{- end }}
    storage:
      type: jbod
      volumes:
@@ -39,6 +53,9 @@ spec:
        {{- with .Values.kafka.size }}
        size: {{ . }}
        {{- end }}
+        {{- with .Values.kafka.storageClass }}
+        class: {{ . }}
+        {{- end }}
        deleteClaim: true
  zookeeper:
    replicas: {{ .Values.zookeeper.replicas }}
@@ -47,7 +64,17 @@ spec:
      {{- with .Values.zookeeper.size }}
      size: {{ . }}
      {{- end }}
+      {{- with .Values.kafka.storageClass }}
+      class: {{ . }}
+      {{- end }}
      deleteClaim: false
  entityOperator:
    topicOperator: {}
    userOperator: {}
+    template:
+      pod:
+        metadata:
+         labels:
+           policy.cozystack.io/allow-to-apiserver: "true"
+      spec:
+        enableServiceLinks: false
--- a/packages/apps/kafka/templates/topics.yaml
+++ b/packages/apps/kafka/templates/topics.yaml
@@ -8,8 +8,12 @@ metadata:
    strimzi.io/cluster: "{{ $.Release.Name }}"
 spec:
  topicName: "{{ $topic.name }}"
-  partitions: 10
-  replicas: 3
+  {{- with $topic.partitions }}
+  partitions: {{ . }}
+  {{- end }}
+  {{- with $topic.replicas }}
+  replicas: {{ . }}
+  {{- end }}
  {{- with $topic.config }}
  config:
    {{- toYaml . | nindent 4 }}
--- a/packages/apps/kafka/values.schema.json
+++ b/packages/apps/kafka/values.schema.json
@@ -19,6 +19,11 @@
                    "type": "number",
                    "description": "Number of Kafka replicas",
                    "default": 3
+                },
+                "storageClass": {
+                    "type": "string",
+                    "description": "StorageClass used to store the Kafka data",
+                    "default": ""
                }
            }
        },
@@ -34,6 +39,11 @@
                    "type": "number",
                    "description": "Number of ZooKeeper replicas",
                    "default": 3
+                },
+                "storageClass": {
+                    "type": "string",
+                    "description": "StorageClass used to store the ZooKeeper data",
+                    "default": ""
                }
            }
        },
--- a/packages/apps/kafka/values.yaml
+++ b/packages/apps/kafka/values.yaml
@@ -4,16 +4,20 @@
 ## @param external Enable external access from outside the cluster
 ## @param kafka.size Persistent Volume size for Kafka
 ## @param kafka.replicas Number of Kafka replicas
+## @param kafka.storageClass StorageClass used to store the Kafka data
 ## @param zookeeper.size Persistent Volume size for ZooKeeper
 ## @param zookeeper.replicas Number of ZooKeeper replicas
+## @param zookeeper.storageClass StorageClass used to store the ZooKeeper data
 ##
 external: false
 kafka:
  size: 10Gi
  replicas: 3
+  storageClass: ""
 zookeeper:
  size: 5Gi
  replicas: 3
+  storageClass: ""

 ## @section Configuration parameters

@@ -32,6 +36,6 @@ zookeeper:
 ##       max.compaction.lag.ms: 5400000
 ##       min.insync.replicas: 2
 ##     partitions: 1
-##     replicationFactor: 3
+##     replicas: 3
 ##
 topics: []
--- a/packages/apps/kubernetes/.helmignore
+++ b/packages/apps/kubernetes/.helmignore
@@ -1,23 +1,3 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
+.helmignore
+/logos
+/Makefile
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: kubernetes
 description: Managed Kubernetes service
-icon: https://upload.wikimedia.org/wikipedia/commons/thumb/3/39/Kubernetes_logo_without_workmark.svg/723px-Kubernetes_logo_without_workmark.svg.png
+icon: /logos/kubernetes.svg

 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.13.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.19.4"
+appVersion: "1.30.1"
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,11 +1,13 @@
-UBUNTU_CONTAINER_DISK_TAG = v1.29.1
+UBUNTU_CONTAINER_DISK_TAG = v1.30.1
+KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)

 include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk

 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

-image: image-ubuntu-container-disk
+image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler

 image-ubuntu-container-disk:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/ubuntu-container-disk \
@@ -17,4 +19,49 @@ image-ubuntu-container-disk:
 		--metadata-file images/ubuntu-container-disk.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))" > images/ubuntu-container-disk.tag
+	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
+		> images/ubuntu-container-disk.tag
+	rm -f images/ubuntu-container-disk.json
+
+image-kubevirt-cloud-provider:
+	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/kubevirt-cloud-provider \
+		--provenance false \
+		--tag $(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG)) \
+		--tag $(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/kubevirt-cloud-provider:latest \
+		--cache-to type=inline \
+		--metadata-file images/kubevirt-cloud-provider.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-cloud-provider.json -o json -r)" \
+		> images/kubevirt-cloud-provider.tag
+	rm -f images/kubevirt-cloud-provider.json
+
+image-kubevirt-csi-driver:
+	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/kubevirt-csi-driver \
+		--provenance false \
+		--tag $(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG)) \
+		--tag $(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/kubevirt-csi-driver:latest \
+		--cache-to type=inline \
+		--metadata-file images/kubevirt-csi-driver.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \
+		> images/kubevirt-csi-driver.tag
+	rm -f images/kubevirt-csi-driver.json
+
+
+image-cluster-autoscaler:
+	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/cluster-autoscaler \
+		--provenance false \
+		--tag $(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG)) \
+		--tag $(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/cluster-autoscaler:latest \
+		--cache-to type=inline \
+		--metadata-file images/cluster-autoscaler.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/cluster-autoscaler.json -o json -r)" \
+		> images/cluster-autoscaler.tag
+	rm -f images/cluster-autoscaler.json
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -27,12 +27,181 @@ How to access to deployed cluster:
 kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o go-template='{{ printf "%s\n" (index .data "super-admin.conf" | base64decode) }}' > test
 ```

-## Parameters
+# Series

-### Common parameters
+<!-- source: https://github.com/kubevirt/common-instancetypes/blob/main/README.md -->

-| Name                    | Description                                                                                                                            | Value |
-| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ----- |
-| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`  |
-| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`   |
-| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`  |
+.                           |  U  |  O  |  CX  |  M  |  RT
+----------------------------|-----|-----|------|-----|------
+*Has GPUs*                  |     |     |      |     |
+*Hugepages*                 |     |     |  ✓   |  ✓  |  ✓
+*Overcommitted Memory*      |     |  ✓  |      |     |
+*Dedicated CPU*             |     |     |  ✓   |     |  ✓
+*Burstable CPU performance* |  ✓  |  ✓  |      |  ✓  |
+*Isolated emulator threads* |     |     |  ✓   |     |  ✓
+*vNUMA*                     |     |     |  ✓   |     |  ✓
+*vCPU-To-Memory Ratio*      | 1:4 | 1:4 |  1:2 | 1:8 | 1:4
+
+
+## U Series
+
+The U Series is quite neutral and provides resources for
+general purpose applications.
+
+*U* is the abbreviation for "Universal", hinting at the universal
+attitude towards workloads.
+
+VMs of instance types will share physical CPU cores on a
+time-slice basis with other VMs.
+
+### U Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## O Series
+
+The O Series is based on the U Series, with the only difference
+being that memory is overcommitted.
+
+*O* is the abbreviation for "Overcommitted".
+
+### UO Series Characteristics
+
+Specific characteristics of this series are:
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *Overcommitted Memory* - Memory is over-committed in order to achieve
+  a higher workload density.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
+  noise per node.
+
+## CX Series
+
+The CX Series provides exclusive compute resources for compute
+intensive applications.
+
+*CX* is the abbreviation of "Compute Exclusive".
+
+The exclusive resources are given to the compute threads of the
+VM. In order to ensure this, some additional cores (depending
+on the number of disks and NICs) will be requested to offload
+the IO threading from cores dedicated to the workload.
+In addition, in this series, the NUMA topology of the used
+cores is provided to the VM.
+
+### CX Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vNUMA* - Physical NUMA topology is reflected in the guest in order to
+  optimize guest sided cache utilization.
+- *vCPU-To-Memory Ratio (1:2)* - A vCPU-to-Memory ratio of 1:2.
+
+## M Series
+
+The M Series provides resources for memory intensive
+applications.
+
+*M* is the abbreviation of "Memory".
+
+### M Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Burstable CPU performance* - The workload has a baseline compute
+  performance but is permitted to burst beyond this baseline, if
+  excess compute resources are available.
+- *vCPU-To-Memory Ratio (1:8)* - A vCPU-to-Memory ratio of 1:8, for much
+  less noise per node.
+
+## RT Series
+
+The RT Series provides resources for realtime applications, like Oslat.
+
+*RT* is the abbreviation for "realtime".
+
+This series of instance types requires nodes capable of running
+realtime applications.
+
+### RT Series Characteristics
+
+Specific characteristics of this series are:
+- *Hugepages* - Hugepages are used in order to improve memory
+  performance.
+- *Dedicated CPU* - Physical cores are exclusively assigned to every
+  vCPU in order to provide fixed and high compute guarantees to the
+  workload.
+- *Isolated emulator threads* - Hypervisor emulator threads are isolated
+  from the vCPUs in order to reduce emaulation related impact on the
+  workload.
+- *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4 starting from
+  the medium size.
+
+## Resources
+
+The following instancetype resources are provided by Cozystack:
+
+Name | vCPUs | Memory
+-----|-------|-------
+cx1.2xlarge  |  8  |  16Gi
+cx1.4xlarge  |  16  |  32Gi
+cx1.8xlarge  |  32  |  64Gi
+cx1.large  |  2  |  4Gi
+cx1.medium  |  1  |  2Gi
+cx1.xlarge  |  4  |  8Gi
+gn1.2xlarge  |  8  |  32Gi
+gn1.4xlarge  |  16  |  64Gi
+gn1.8xlarge  |  32  |  128Gi
+gn1.xlarge  |  4  |  16Gi
+m1.2xlarge  |  8  |  64Gi
+m1.4xlarge  |  16  |  128Gi
+m1.8xlarge  |  32  |  256Gi
+m1.large  |  2  |  16Gi
+m1.xlarge  |  4  |  32Gi
+n1.2xlarge  |  16  |  32Gi
+n1.4xlarge  |  32  |  64Gi
+n1.8xlarge  |  64  |  128Gi
+n1.large  |  4  |  8Gi
+n1.medium  |  4  |  4Gi
+n1.xlarge  |  8  |  16Gi
+o1.2xlarge  |  8  |  32Gi
+o1.4xlarge  |  16  |  64Gi
+o1.8xlarge  |  32  |  128Gi
+o1.large  |  2  |  8Gi
+o1.medium  |  1  |  4Gi
+o1.micro  |  1  |  1Gi
+o1.nano  |  1  |  512Mi
+o1.small  |  1  |  2Gi
+o1.xlarge  |  4  |  16Gi
+rt1.2xlarge  |  8  |  32Gi
+rt1.4xlarge  |  16  |  64Gi
+rt1.8xlarge  |  32  |  128Gi
+rt1.large  |  2  |  8Gi
+rt1.medium  |  1  |  4Gi
+rt1.micro  |  1  |  1Gi
+rt1.small  |  1  |  2Gi
+rt1.xlarge  |  4  |  16Gi
+u1.2xlarge  |  8  |  32Gi
+u1.2xmedium  |  2  |  4Gi
+u1.4xlarge  |  16  |  64Gi
+u1.8xlarge  |  32  |  128Gi
+u1.large  |  2  |  8Gi
+u1.medium  |  1  |  4Gi
+u1.micro  |  1  |  1Gi
+u1.nano  |  1  |  512Mi
+u1.small  |  1  |  2Gi
+u1.xlarge  |  4  |  16Gi
--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.13.0@sha256:7f617de5a24de790a15d9e97c6287ff2b390922e6e74c7a665cbf498f634514d
--- a/packages/apps/kubernetes/images/cluster-autoscaler/Dockerfile
+++ b/packages/apps/kubernetes/images/cluster-autoscaler/Dockerfile
@@ -0,0 +1,17 @@
+# Source: https://raw.githubusercontent.com/kubernetes/autoscaler/refs/heads/master/cluster-autoscaler/Dockerfile.amd64
+ARG builder_image=docker.io/library/golang:1.22.5
+ARG BASEIMAGE=gcr.io/distroless/static:nonroot-amd64
+FROM ${builder_image} AS builder
+RUN git clone https://github.com/kubernetes/autoscaler /src/autoscaler \
+ && cd /src/autoscaler/cluster-autoscaler \
+ && git checkout cluster-autoscaler-1.31.0
+
+WORKDIR /src/autoscaler/cluster-autoscaler
+RUN make build
+
+FROM $BASEIMAGE
+LABEL maintainer="Marcin Wielgus <mwielgus@google.com>"
+
+COPY --from=builder /src/autoscaler/cluster-autoscaler/cluster-autoscaler-amd64 /cluster-autoscaler
+WORKDIR /
+CMD ["/cluster-autoscaler"]
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.13.0@sha256:be18ed8370a390d64a830b7829ff06e98544716e03b956b26537baf1198e0c8d
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile
@@ -0,0 +1,21 @@
+# Source: https://github.com/kubevirt/cloud-provider-kubevirt/blob/main/build/images/kubevirt-cloud-controller-manager/Dockerfile
+FROM --platform=linux/amd64 golang:1.20.6 AS builder
+
+RUN git clone https://github.com/kubevirt/cloud-provider-kubevirt /go/src/kubevirt.io/cloud-provider-kubevirt \
+ && cd /go/src/kubevirt.io/cloud-provider-kubevirt \
+ && git checkout adbd6c27468b86b020cf38490e84f124ef24ab62
+
+WORKDIR /go/src/kubevirt.io/cloud-provider-kubevirt
+
+# see: https://github.com/kubevirt/cloud-provider-kubevirt/pull/291
+ADD patches /patches
+RUN git apply /patches/external-traffic-policy-local.diff
+RUN go get 'k8s.io/endpointslice/util@v0.28' 'k8s.io/apiserver@v0.28'
+RUN go mod tidy
+RUN go mod vendor
+
+RUN	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o bin/kubevirt-cloud-controller-manager ./cmd/kubevirt-cloud-controller-manager
+
+FROM registry.access.redhat.com/ubi9/ubi-micro
+COPY --from=builder /go/src/kubevirt.io/cloud-provider-kubevirt/bin/kubevirt-cloud-controller-manager /bin/kubevirt-cloud-controller-manager
+ENTRYPOINT [ "/bin/kubevirt-cloud-controller-manager" ]
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/external-traffic-policy-local.diff
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/external-traffic-policy-local.diff
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.13.0@sha256:1c96280e10becb858cb5f781a278f383319514f803c8e5fe401e0ef291f65821
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver/Dockerfile
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver/Dockerfile
@@ -0,0 +1,25 @@
+# Source: https://github.com/kubevirt/csi-driver/blob/main/Dockerfile
+ARG builder_image=docker.io/library/golang:1.22.5
+FROM ${builder_image} AS builder
+RUN git clone https://github.com/kubevirt/csi-driver /src/kubevirt-csi-driver \
+ && cd /src/kubevirt-csi-driver \
+ && git checkout 35836e0c8b68d9916d29a838ea60cdd3fc6199cf
+
+WORKDIR /src/kubevirt-csi-driver
+RUN make build
+
+FROM quay.io/centos/centos:stream9
+ARG git_url=https://github.com/kubevirt/csi-driver.git
+
+LABEL maintainers="The KubeVirt Project <kubevirt-dev@googlegroups.com>" \
+      description="KubeVirt CSI Driver" \
+      multi.GIT_URL=${git_url}
+
+ENTRYPOINT ["./kubevirt-csi-driver"]
+
+RUN dnf install -y e2fsprogs xfsprogs && dnf clean all
+
+ARG git_sha=NONE
+LABEL multi.GIT_SHA=${git_sha}
+
+COPY --from=builder /src/kubevirt-csi-driver/kubevirt-csi-driver .
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.0@sha256:dda84420cb8648721299221268a00d72a05c7af5b7fb452619bac727068b9e61`
				`@@ -0,0 +1 @@`
				`ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:d2015c6dba92293bda652d055e97d1be80e8414c2dc78037c12812d1a2e2cba1`
				`@@ -0,0 +1 @@`
				`ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.13.0@sha256:7f617de5a24de790a15d9e97c6287ff2b390922e6e74c7a665cbf498f634514d`
				`@@ -0,0 +1 @@`
				`ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.13.0@sha256:be18ed8370a390d64a830b7829ff06e98544716e03b956b26537baf1198e0c8d`
				`@@ -0,0 +1 @@`
				`ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.13.0@sha256:1c96280e10becb858cb5f781a278f383319514f803c8e5fe401e0ef291f65821`