[ci] increase the time for waiting helm releases

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

.github/workflows/pre-commit.yml

@@ -3,6 +3,8 @@ name: Pre-Commit Checks
 on:
   pull_request:
     types: [labeled, opened, synchronize, reopened]
+    paths-ignore:
+      - '**.md'
 
 concurrency:
   group: pre-commit-${{ github.workflow }}-${{ github.event.pull_request.number }}

.github/workflows/pull-requests-release.yaml

@@ -136,13 +136,13 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            const tag = '${{ steps.get_tag.outputs.tag }}';              // v0.31.5-rc.1
+            const tag = '${{ steps.get_tag.outputs.tag }}';              // v0.31.5-rc1
-            const m = tag.match(/^v(\d+\.\d+\.\d+)(-rc\.\d+)?$/);
+            const m = tag.match(/^v(\d+\.\d+\.\d+)(-rc\d+)?$/);
             if (!m) {
-              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-rc.N'`);
+              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-rcN'`);
               return;
             }
-            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc.1
+            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc1
             const isRc    = Boolean(m[2]);
             core.setOutput('is_rc',      isRc);
             const outdated = '${{ steps.semver.outputs.comparison-result }}' === '<';

.github/workflows/tags.yaml

@@ -3,9 +3,7 @@ name: Versioned Tag
 on:
   push:
     tags:
-      - 'v*.*.*' # vX.Y.Z
+      - 'v*.*.*' # vX.Y.Z or vX.Y.Z-rcN
-      - 'v*.*.*-rc.*' # vX.Y.Z-rc.N
-
 
 concurrency:
   group: tags-${{ github.workflow }}-${{ github.ref }}
@@ -19,7 +17,6 @@ jobs:
       contents: write
       packages: write
       pull-requests: write
-      actions: write
 
     steps:
       # Check if a non-draft release with this tag already exists
@@ -49,18 +46,18 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            const ref = context.ref.replace('refs/tags/', '');           // e.g. v0.31.5-rc.1
+            const ref = context.ref.replace('refs/tags/', '');           // e.g. v0.31.5-rc1
-            const m = ref.match(/^v(\d+\.\d+\.\d+)(-rc\.\d+)?$/);        // ['0.31.5', '-rc.1']
+            const m = ref.match(/^v(\d+\.\d+\.\d+)(-rc\d+)?$/);
             if (!m) {
-              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-rc.N'`);
+              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-rcN'`);
               return;
             }
-            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc.1
+            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc1
             const isRc    = Boolean(m[2]);
             const [maj, min] = m[1].split('.');
-            core.setOutput('tag',     ref);                              // v0.31.5-rc.1
+            core.setOutput('tag',     ref);
-            core.setOutput('version', version);                          // 0.31.5-rc.1
+            core.setOutput('version', version);
-            core.setOutput('is_rc',   isRc);                             // true
+            core.setOutput('is_rc',   isRc);
             core.setOutput('line',    `${maj}.${min}`);                  // 0.31
 
       # Detect base branch (main or release‑X.Y) the tag was pushed from

.gitignore

@@ -1,7 +1,6 @@
 _out
 .git
 .idea
-.vscode
 
 # User-specific stuff
 .idea/**/workspace.xml
@@ -76,4 +75,4 @@ fabric.properties
 .idea/caches/build_file_checksums.ser
 
 .DS_Store
-**/.DS_Store
+**/.DS_Store

Makefile

@@ -47,6 +47,7 @@ assets:
 test:
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
+	#make -C packages/core/testing test-applications
 
 generate:
 	hack/update-codegen.sh

cmd/cozystack-controller/main.go

@@ -39,8 +39,6 @@ import (
 	cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 	"github.com/cozystack/cozystack/internal/controller"
 	"github.com/cozystack/cozystack/internal/telemetry"
-
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -53,7 +51,6 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
 	utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme))
-	utilruntime.Must(helmv2.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }
 
@@ -185,14 +182,6 @@ func main() {
 	if err = (&controller.WorkloadReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "WorkloadReconciler")
-		os.Exit(1)
-	}
-
-	if err = (&controller.TenantHelmReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Workload")
 		os.Exit(1)

docs/release.md

@@ -1,37 +1,10 @@
 # Release Workflow
 
-This document describes Cozystack’s release process.
+This section explains how Cozystack builds and releases are made.
-
-## Introduction
-
-Cozystack uses a staged release process to ensure stability and flexibility during development.
-
-There are three types of releases:
-
-- **Release Candidates (RC)** – Preview versions (e.g., `v0.42.0-rc.1`) used for final testing and validation.
-- **Regular Releases** – Final versions (e.g., `v0.42.0`) that are feature-complete and thoroughly tested.
-- **Patch Releases** – Bugfix-only updates (e.g., `v0.42.1`) made after a stable release, based on a dedicated release branch.
-
-Each type plays a distinct role in delivering reliable and tested updates while allowing ongoing development to continue smoothly.
-
-## Release Candidates
-
-Release candidates are Cozystack versions that introduce new features and are published before a stable release.
-Their purpose is to help validate stability before finalizing a new feature release.
-They allow for final rounds of testing and bug fixes without freezing development.
-
-Release candidates are given numbers `vX.Y.0-rc.N`, for example, `v0.42.0-rc.1`.
-They are created directly in the `main` branch.
-An RC is typically tagged when all major features for the upcoming release have been merged into main and the release enters its testing phase.
-However, new features and changes can still be added before the regular release `vX.Y.0`.
-
-Each RC contributes to a cumulative set of release notes that will be finalized when `vX.Y.0` is released.
-After testing, if no critical issues remain, the regular release (`vX.Y.0`) is tagged from the last RC or a later commit in main.
-This begins the regular release process, creates a dedicated `release-X.Y` branch, and opens the way for patch releases.
 
 ## Regular Releases
 
-When making a regular release, we tag the latest RC or a subsequent minimal-change commit as `vX.Y.0`.
+When making regular releases, we take a commit in `main` and decide to make it a release `x.y.0`.
 In this explanation, we'll use version `v0.42.0` as an example:
 
 ```mermaid

hack/e2e.application.sh

@@ -0,0 +1,165 @@
+#!/bin/bash
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+RESET='\033[0m'
+YELLOW='\033[0;33m'
+
+
+ROOT_NS="tenant-root"
+TEST_TENANT="tenant-e2e"
+
+values_base_path="/hack/testdata/"
+checks_base_path="/hack/testdata/"
+
+function delete_hr() {
+    local release_name="$1"
+    local namespace="$2"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ "$release_name" == "tenant-e2e" ]]; then
+        echo -e "${YELLOW}Skipping deletion for release tenant-e2e.${RESET}"
+        return 0
+    fi
+
+    kubectl delete helmrelease $release_name -n $namespace
+}
+
+function install_helmrelease() {
+    local release_name="$1"
+    local namespace="$2"
+    local chart_path="$3"
+    local repo_name="$4"
+    local repo_ns="$5"
+    local values_file="$6"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$chart_path" ]]; then
+        echo -e "${RED}Error: Chart path name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -n "$values_file" && -f "$values_file" ]]; then
+        local values_section
+        values_section=$(echo "  values:" && sed 's/^/    /' "$values_file")
+    fi
+
+    local helmrelease_file=$(mktemp /tmp/HelmRelease.XXXXXX.yaml)
+    {
+        echo "apiVersion: helm.toolkit.fluxcd.io/v2"
+        echo "kind: HelmRelease"
+        echo "metadata:"
+        echo "  labels:"
+        echo "    cozystack.io/ui: \"true\""
+        echo "  name: \"$release_name\""
+        echo "  namespace: \"$namespace\""
+        echo "spec:"
+        echo "  chart:"
+        echo "    spec:"
+        echo "      chart: \"$chart_path\""
+        echo "      reconcileStrategy: Revision"
+        echo "      sourceRef:"
+        echo "        kind: HelmRepository"
+        echo "        name: \"$repo_name\""
+        echo "        namespace: \"$repo_ns\""
+        echo "      version: '*'"
+        echo "  interval: 1m0s"
+        echo "  timeout: 5m0s"
+        [[ -n "$values_section" ]] && echo "$values_section"
+    } > "$helmrelease_file"
+
+    kubectl apply -f "$helmrelease_file"
+
+    rm -f "$helmrelease_file"
+}
+
+function install_tenant (){
+    local release_name="$1"
+    local namespace="$2"
+    local values_file="${values_base_path}tenant/values.yaml"
+    local repo_name="cozystack-apps"
+    local repo_ns="cozy-public"
+    install_helmrelease "$release_name" "$namespace" "tenant" "$repo_name" "$repo_ns" "$values_file"
+}
+
+function make_extra_checks(){
+    local checks_file="$1"
+    echo "after exec make $checks_file"
+    if [[ -n "$checks_file" && -f "$checks_file" ]]; then
+        echo -e "${YELLOW}Start extra checks with file: ${checks_file}${RESET}"
+
+    fi
+}
+
+function check_helmrelease_status() {
+    local release_name="$1"
+    local namespace="$2"
+    local checks_file="$3"
+    local timeout=300  # Timeout in seconds
+    local interval=5   # Interval between checks in seconds
+    local elapsed=0
+
+
+    while [[ $elapsed -lt $timeout ]]; do
+        local status_output
+        status_output=$(kubectl get helmrelease "$release_name" -n "$namespace" -o json | jq -r '.status.conditions[-1].reason')
+
+        if [[ "$status_output" == "InstallSucceeded" || "$status_output" == "UpgradeSucceeded" ]]; then
+            echo -e "${GREEN}Helm release '$release_name' is ready.${RESET}"
+            make_extra_checks "$checks_file"
+            delete_hr $release_name $namespace
+            return 0
+        elif [[ "$status_output" == "InstallFailed" ]]; then
+          echo -e "${RED}Helm release '$release_name': InstallFailed${RESET}"
+          exit 1
+        else
+            echo -e "${YELLOW}Helm release '$release_name' is not ready. Current status: $status_output${RESET}"
+        fi
+
+        sleep "$interval"
+        elapsed=$((elapsed + interval))
+    done
+
+    echo -e "${RED}Timeout reached. Helm release '$release_name' is still not ready after $timeout seconds.${RESET}"
+    exit 1
+}
+
+chart_name="$1"
+
+if [ -z "$chart_name" ]; then
+    echo -e "${RED}No chart name provided. Exiting...${RESET}"
+    exit 1
+fi
+
+
+checks_file="${checks_base_path}${chart_name}/check.sh"
+repo_name="cozystack-apps"
+repo_ns="cozy-public"
+release_name="$chart_name-e2e"
+values_file="${values_base_path}${chart_name}/values.yaml"
+
+install_tenant $TEST_TENANT $ROOT_NS
+check_helmrelease_status $TEST_TENANT $ROOT_NS "${checks_base_path}tenant/check.sh"
+
+echo -e "${YELLOW}Running tests for chart: $chart_name${RESET}"
+
+install_helmrelease $release_name $TEST_TENANT $chart_name $repo_name $repo_ns $values_file
+check_helmrelease_status $release_name $TEST_TENANT $checks_file

hack/e2e.sh

@@ -60,8 +60,7 @@ done
 
 # Prepare system drive
 if [ ! -f nocloud-amd64.raw ]; then
-  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz \
+  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
-    -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
   rm -f nocloud-amd64.raw
   xz --decompress nocloud-amd64.raw.xz
 fi
@@ -86,8 +85,7 @@ done
 # Start VMs
 for i in 1 2 3; do
   qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 8 -m 16384 \
-    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i \
+    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
-    -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
     -drive file=srv$i/system.img,if=virtio,format=raw \
     -drive file=srv$i/seed.img,if=virtio,format=raw \
     -drive file=srv$i/data.img,if=virtio,format=raw \
@@ -123,7 +121,7 @@ machine:
   files:
   - content: |
       [plugins]
-        [plugins."io.containerd.cri.v1.runtime"]
+        [plugins."io.containerd.grpc.v1.cri"]
           device_ownership_from_security_context = true      
     path: /etc/cri/conf.d/20-customization.part
     op: create
@@ -233,14 +231,7 @@ timeout 60 sh -c 'until kubectl get hr -A | grep cozy; do sleep 1; done'
 
 sleep 5
 
-# Wait for all HelmReleases to be installed
+kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=20m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x
-kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x
-
-failed_hrs=$(kubectl get hr -A | grep -v True)
-if [ -n "$(echo "$failed_hrs" | grep -v NAME)" ]; then
-  printf 'Failed HelmReleases:\n%s\n' "$failed_hrs" >&2
-  exit 1
-fi
 
 # Wait for Cluster-API providers
 timeout 60 sh -c 'until kubectl get deploy -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager; do sleep 1; done'

hack/testdata/http-cache/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/http-cache/values.yaml

@@ -0,0 +1,2 @@
+endpoints:
+  - 8.8.8.8:443

hack/testdata/kubernetes/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/kubernetes/values.yaml

@@ -0,0 +1,62 @@
+## @section Common parameters
+
+## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
+## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
+## @param storageClass StorageClass used to store user data
+##
+host: ""
+controlPlane:
+  replicas: 2
+storageClass: replicated
+
+## @param nodeGroups [object] nodeGroups configuration
+##
+nodeGroups:
+  md0:
+    minReplicas: 0
+    maxReplicas: 10
+    instanceType: "u1.medium"
+    ephemeralStorage: 20Gi
+    roles:
+    - ingress-nginx
+
+    resources:
+      cpu: ""
+      memory: ""
+
+## @section Cluster Addons
+##
+addons:
+
+  ## Cert-manager: automatically creates and manages SSL/TLS certificate
+  ##
+  certManager:
+    ## @param addons.certManager.enabled Enables the cert-manager
+    ## @param addons.certManager.valuesOverride Custom values to override
+    enabled: true
+    valuesOverride: {}
+
+  ## Ingress-NGINX Controller
+  ##
+  ingressNginx:
+    ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
+    ## @param addons.ingressNginx.valuesOverride Custom values to override
+    ##
+    enabled: true
+    ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
+    ## e.g:
+    ## hosts:
+    ## - example.org
+    ## - foo.example.net
+    ##
+    hosts: []
+    valuesOverride: {}
+
+  ## Flux CD
+  ##
+  fluxcd:
+    ## @param addons.fluxcd.enabled Enables Flux CD
+    ## @param addons.fluxcd.valuesOverride Custom values to override
+    ##
+    enabled: true
+    valuesOverride: {}

hack/testdata/nats/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/nats/values.yaml

@@ -0,0 +1,10 @@
+
+## @section Common parameters
+
+## @param external Enable external access from outside the cluster
+## @param replicas Persistent Volume size for NATS
+## @param storageClass StorageClass used to store the data
+##
+external: false
+replicas: 2
+storageClass: ""

hack/testdata/tenant/check.sh

@@ -0,0 +1 @@
+return 0

hack/testdata/tenant/values.yaml

@@ -0,0 +1,6 @@
+host: ""
+etcd: false
+monitoring: false
+ingress: false
+seaweedfs: false
+isolated: true

internal/controller/tenant_helm_reconciler.go

@@ -1,158 +0,0 @@
-package controller
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"time"
-
-	e "errors"
-
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
-	"gopkg.in/yaml.v2"
-	corev1 "k8s.io/api/core/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-)
-
-type TenantHelmReconciler struct {
-	client.Client
-	Scheme *runtime.Scheme
-}
-
-func (r *TenantHelmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	logger := log.FromContext(ctx)
-
-	hr := &helmv2.HelmRelease{}
-	if err := r.Get(ctx, req.NamespacedName, hr); err != nil {
-		if errors.IsNotFound(err) {
-			return ctrl.Result{}, nil
-		}
-		logger.Error(err, "unable to fetch HelmRelease")
-		return ctrl.Result{}, err
-	}
-
-	if !strings.HasPrefix(hr.Name, "tenant-") {
-		return ctrl.Result{}, nil
-	}
-
-	if len(hr.Status.Conditions) == 0 || hr.Status.Conditions[0].Type != "Ready" {
-		return ctrl.Result{}, nil
-	}
-
-	if len(hr.Status.History) == 0 {
-		logger.Info("no history in HelmRelease status", "name", hr.Name)
-		return ctrl.Result{}, nil
-	}
-
-	if hr.Status.History[0].Status != "deployed" {
-		return ctrl.Result{}, nil
-	}
-
-	newDigest := hr.Status.History[0].Digest
-	var hrList helmv2.HelmReleaseList
-	childNamespace := getChildNamespace(hr.Namespace, hr.Name)
-	if childNamespace == "tenant-root" && hr.Name == "tenant-root" {
-		if hr.Spec.Values == nil {
-			logger.Error(e.New("hr.Spec.Values is nil"), "cant annotate tenant-root ns")
-			return ctrl.Result{}, nil
-		}
-		err := annotateTenantRootNs(*hr.Spec.Values, r.Client)
-		if err != nil {
-			logger.Error(err, "cant annotate tenant-root ns")
-			return ctrl.Result{}, nil
-		}
-		logger.Info("namespace 'tenant-root' annotated")
-	}
-
-	if err := r.List(ctx, &hrList, client.InNamespace(childNamespace)); err != nil {
-		logger.Error(err, "unable to list HelmReleases in namespace", "namespace", hr.Name)
-		return ctrl.Result{}, err
-	}
-
-	for _, item := range hrList.Items {
-		if item.Name == hr.Name {
-			continue
-		}
-		oldDigest := item.GetAnnotations()["cozystack.io/tenant-config-digest"]
-		if oldDigest == newDigest {
-			continue
-		}
-		patchTarget := item.DeepCopy()
-
-		if patchTarget.Annotations == nil {
-			patchTarget.Annotations = map[string]string{}
-		}
-		ts := time.Now().Format(time.RFC3339Nano)
-
-		patchTarget.Annotations["cozystack.io/tenant-config-digest"] = newDigest
-		patchTarget.Annotations["reconcile.fluxcd.io/forceAt"] = ts
-		patchTarget.Annotations["reconcile.fluxcd.io/requestedAt"] = ts
-
-		patch := client.MergeFrom(item.DeepCopy())
-		if err := r.Patch(ctx, patchTarget, patch); err != nil {
-			logger.Error(err, "failed to patch HelmRelease", "name", patchTarget.Name)
-			continue
-		}
-
-		logger.Info("patched HelmRelease with new digest", "name", patchTarget.Name, "digest", newDigest, "version", hr.Status.History[0].Version)
-	}
-
-	return ctrl.Result{}, nil
-}
-
-func (r *TenantHelmReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&helmv2.HelmRelease{}).
-		Complete(r)
-}
-
-func getChildNamespace(currentNamespace, hrName string) string {
-	tenantName := strings.TrimPrefix(hrName, "tenant-")
-
-	switch {
-	case currentNamespace == "tenant-root" && hrName == "tenant-root":
-		// 1) root tenant inside root namespace
-		return "tenant-root"
-
-	case currentNamespace == "tenant-root":
-		// 2) any other tenant in root namespace
-		return fmt.Sprintf("tenant-%s", tenantName)
-
-	default:
-		// 3) tenant in a dedicated namespace
-		return fmt.Sprintf("%s-%s", currentNamespace, tenantName)
-	}
-}
-
-func annotateTenantRootNs(values apiextensionsv1.JSON, c client.Client) error {
-	var data map[string]interface{}
-	if err := yaml.Unmarshal(values.Raw, &data); err != nil {
-		return fmt.Errorf("failed to parse HelmRelease values: %w", err)
-	}
-
-	host, ok := data["host"].(string)
-	if !ok || host == "" {
-		return fmt.Errorf("host field not found or not a string")
-	}
-
-	var ns corev1.Namespace
-	if err := c.Get(context.TODO(), client.ObjectKey{Name: "tenant-root"}, &ns); err != nil {
-		return fmt.Errorf("failed to get namespace tenant-root: %w", err)
-	}
-
-	if ns.Annotations == nil {
-		ns.Annotations = map[string]string{}
-	}
-	ns.Annotations["namespace.cozystack.io/host"] = host
-
-	if err := c.Update(context.TODO(), &ns); err != nil {
-		return fmt.Errorf("failed to update namespace: %w", err)
-	}
-
-	return nil
-}

internal/controller/workload_controller.go

@@ -39,15 +39,6 @@ func (r *WorkloadReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	}
 
 	t := getMonitoredObject(w)
-
-	if t == nil {
-		err = r.Delete(ctx, w)
-		if err != nil {
-			logger.Error(err, "failed to delete workload")
-		}
-		return ctrl.Result{}, err
-	}
-
 	err = r.Get(ctx, types.NamespacedName{Name: t.GetName(), Namespace: t.GetNamespace()}, t)
 
 	// found object, nothing to do
@@ -77,23 +68,20 @@ func (r *WorkloadReconciler) SetupWithManager(mgr ctrl.Manager) error {
 }
 
 func getMonitoredObject(w *cozyv1alpha1.Workload) client.Object {
-	switch {
+	if strings.HasPrefix(w.Name, "pvc-") {
-	case strings.HasPrefix(w.Name, "pvc-"):
 		obj := &corev1.PersistentVolumeClaim{}
 		obj.Name = strings.TrimPrefix(w.Name, "pvc-")
 		obj.Namespace = w.Namespace
 		return obj
-	case strings.HasPrefix(w.Name, "svc-"):
+	}
+	if strings.HasPrefix(w.Name, "svc-") {
 		obj := &corev1.Service{}
 		obj.Name = strings.TrimPrefix(w.Name, "svc-")
 		obj.Namespace = w.Namespace
 		return obj
-	case strings.HasPrefix(w.Name, "pod-"):
-		obj := &corev1.Pod{}
-		obj.Name = strings.TrimPrefix(w.Name, "pod-")
-		obj.Namespace = w.Namespace
-		return obj
 	}
-	var obj client.Object
+	obj := &corev1.Pod{}
+	obj.Name = w.Name
+	obj.Namespace = w.Namespace
 	return obj
 }

internal/controller/workload_controller_test.go

@@ -1,26 +0,0 @@
-package controller
-
-import (
-	"testing"
-
-	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
-	corev1 "k8s.io/api/core/v1"
-)
-
-func TestUnprefixedMonitoredObjectReturnsNil(t *testing.T) {
-	w := &cozyv1alpha1.Workload{}
-	w.Name = "unprefixed-name"
-	obj := getMonitoredObject(w)
-	if obj != nil {
-		t.Errorf(`getMonitoredObject(&Workload{Name: "%s"}) == %v, want nil`, w.Name, obj)
-	}
-}
-
-func TestPodMonitoredObject(t *testing.T) {
-	w := &cozyv1alpha1.Workload{}
-	w.Name = "pod-mypod"
-	obj := getMonitoredObject(w)
-	if pod, ok := obj.(*corev1.Pod); !ok || pod.Name != "mypod" {
-		t.Errorf(`getMonitoredObject(&Workload{Name: "%s"}) == %v, want &Pod{Name: "mypod"}`, w.Name, obj)
-	}
-}

internal/controller/workloadmonitor_controller.go

@@ -212,12 +212,15 @@ func (r *WorkloadMonitorReconciler) reconcilePodForMonitor(
 ) error {
 	logger := log.FromContext(ctx)
 
-	// totalResources will store the sum of all container resource requests
+	// Combine both init containers and normal containers to sum resources properly
+	combinedContainers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
+
+	// totalResources will store the sum of all container resource limits
 	totalResources := make(map[string]resource.Quantity)
 
-	// Iterate over all containers to aggregate their requests
+	// Iterate over all containers to aggregate their Limits
-	for _, container := range pod.Spec.Containers {
+	for _, container := range combinedContainers {
-		for name, qty := range container.Resources.Requests {
+		for name, qty := range container.Resources.Limits {
 			if existing, exists := totalResources[name.String()]; exists {
 				existing.Add(qty)
 				totalResources[name.String()] = existing
@@ -246,7 +249,7 @@ func (r *WorkloadMonitorReconciler) reconcilePodForMonitor(
 
 	workload := &cozyv1alpha1.Workload{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      fmt.Sprintf("pod-%s", pod.Name),
+			Name:      pod.Name,
 			Namespace: pod.Namespace,
 		},
 	}

packages/apps/bucket/README.md

@@ -1,3 +0,0 @@
-# S3 bucket
-
-## Parameters

packages/apps/bucket/templates/helmrelease.yaml

@@ -11,7 +11,7 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
   interval: 1m0s
   timeout: 5m0s
   values:

packages/apps/bucket/values.schema.json

@@ -1,5 +0,0 @@
-{
-    "title": "Chart Values",
-    "type": "object",
-    "properties": {}
-}

packages/apps/bucket/values.yaml

@@ -1 +0,0 @@
-{}

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.10.1@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
+ghcr.io/cozystack/cozystack/postgres-backup:0.10.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:4e1f5153d2673a399b315252238f4dc3eb5d6c59295aef594691710cc5b72eb4
+ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:bef7344da098c4dc400a9e20ffad10ac991df67d09a30026207454abbc91f28b

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.20.0
+version: 0.19.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/README.md

@@ -44,7 +44,6 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
 | `addons.certManager.enabled`                  | Enables the cert-manager                                                                                                                                          | `false` |
 | `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.ingressNginx.enabled`                 | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)                                                                                          | `false` |
 | `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.ingressNginx.hosts`                   | List of domain names that should be passed through to the cluster by upper cluster                                                                                | `[]`    |

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.19.0@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.18.0@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.19.0@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.18.0@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.19.0@sha256:5717919c75e609902c6d67138311a2a8fd07be822e2173f3802b67cf5f3486e9
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.18.0@sha256:6f9091c3e7e4951c5e43fdafd505705fcc9f1ead290ee3ae42e97e9ec2b87b20

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:4a4f8bee150e04d1efcd5ff1ea83e12f495a98851cc5fd47ef41ac7aebce9b74
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:07392e7a87a3d4ef1c86c1b146e6c5de5c2b524aed5a53bf48870dc8a296f99a

packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml

@@ -16,7 +16,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml

@@ -17,7 +17,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/cilium.yaml

@@ -1,12 +1,3 @@
-{{- define "cozystack.defaultCiliumValues" -}}
-cilium:
-  k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
-  k8sServicePort: 6443
-  routingMode: tunnel
-  enableIPv4Masquerade: true
-  ipv4NativeRoutingCIDR: ""
-{{- end }}
-
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@@ -25,7 +16,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig
@@ -40,7 +30,12 @@ spec:
     remediation:
       retries: -1
   values:
-    {{- toYaml (deepCopy .Values.addons.cilium.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCiliumValues" .))) | nindent 4 }}
+    cilium:
+      k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
+      k8sServicePort: 6443
+      routingMode: tunnel
+      enableIPv4Masquerade: true
+      ipv4NativeRoutingCIDR: ""
   dependsOn:
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}

packages/apps/kubernetes/templates/helmreleases/csi.yaml

@@ -16,7 +16,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml

@@ -17,7 +17,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig
@@ -62,7 +61,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-kubeconfig

packages/apps/kubernetes/templates/helmreleases/gpu-operator.yaml

@@ -17,7 +17,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml

@@ -29,7 +29,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml

@@ -19,7 +19,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler-crds.yaml

@@ -17,7 +17,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml

@@ -42,7 +42,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml

@@ -17,7 +17,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
   kubeConfig:
     secretRef:
       name: {{ .Release.Name }}-admin-kubeconfig

packages/apps/kubernetes/values.schema.json

@@ -145,16 +145,6 @@
             }
           }
         },
-        "cilium": {
-          "type": "object",
-          "properties": {
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        },
         "ingressNginx": {
           "type": "object",
           "properties": {

packages/apps/kubernetes/values.yaml

@@ -42,12 +42,6 @@ addons:
     enabled: false
     valuesOverride: {}
 
-  ## Cilium CNI plugin
-  ##
-  cilium:
-    ## @param addons.cilium.valuesOverride Custom values to override
-    valuesOverride: {}
-
   ## Ingress-NGINX Controller
   ##
   ingressNginx:

packages/apps/nats/templates/nats.yaml

@@ -33,7 +33,7 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
   interval: 1m0s
   timeout: 5m0s
   values:

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.10.1@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
+ghcr.io/cozystack/cozystack/postgres-backup:0.10.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f

packages/apps/versions_map

@@ -59,8 +59,7 @@ kubernetes 0.16.0 077045b0
 kubernetes 0.17.0 1fbbfcd0
 kubernetes 0.17.1 fd240701
 kubernetes 0.18.0 721c12a7
-kubernetes 0.19.0 93bdf411
+kubernetes 0.19.0 HEAD
-kubernetes 0.20.0 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.31.0-rc.1@sha256:ab0e8fd97632ba784a42a3d0714806ea327440f82ffa5c4896a87c5fb7c1ec6e
+  image: ghcr.io/cozystack/cozystack/installer:v0.30.2@sha256:59996588b5d59b5593fb34442b2f2ed8ef466d138b229a8d37beb6f70141a690

packages/core/platform/bundles/distro-full.yaml

@@ -161,7 +161,7 @@ releases:
   releaseName: piraeus-operator
   chart: cozy-piraeus-operator
   namespace: cozy-linstor
-  dependsOn: [cilium,cert-manager]
+  dependsOn: [cilium,cert-manager,victoria-metrics-operator]
 
 - name: snapshot-controller
   releaseName: snapshot-controller

packages/core/platform/bundles/paas-full.yaml

@@ -134,11 +134,6 @@ releases:
   namespace: cozy-kubevirt
   privileged: true
   dependsOn: [cilium,kubeovn,kubevirt-operator]
-  {{- $cpuAllocationRatio := index $cozyConfig.data "cpu-allocation-ratio" }}
-  {{- if $cpuAllocationRatio }}
-  values:
-    cpuAllocationRatio: {{ $cpuAllocationRatio }}
-  {{- end }}
 
 - name: kubevirt-instancetypes
   releaseName: kubevirt-instancetypes

packages/core/platform/templates/apps.yaml

@@ -8,7 +8,7 @@
     {{- $host = index $cozyConfig.data "root-host" }}
   {{- end }}
 {{- end }}
-{{- $tenantRoot := dict }}
+{{- $tenantRoot := list }}
 {{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
 {{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- end }}
@@ -37,7 +37,7 @@ metadata:
   labels:
     cozystack.io/ui: "true"
 spec:
-  interval: 0s
+  interval: 1m
   releaseName: tenant-root
   install:
     remediation:

packages/core/platform/templates/helmreleases.yaml

@@ -55,7 +55,6 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
       {{- with $x.valuesFiles }}
       valuesFiles:
       {{- toYaml $x.valuesFiles | nindent 6 }}

packages/core/testing/Makefile

@@ -11,6 +11,14 @@ include ../../../scripts/common-envs.mk
 
 help: ## Show this help.
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+show:
+	helm template -n $(NAMESPACE) $(NAME) .
+
+apply: ## Create sandbox in existing Kubernetes cluster.
+	helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f -
+
+diff:
+	helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f -
 
 image: image-e2e-sandbox
 
@@ -31,11 +39,26 @@ image-e2e-sandbox:
 test: ## Run the end-to-end tests in existing sandbox.
 	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/e2e.sh'
 
+test-applications: ## Run the end-to-end tests in existing sandbox for applications.
+	for app in $(TESTING_APPS); do \
+		docker exec ${SANDBOX_NAME} bash -c "/hack/e2e.application.sh $${app}"; \
+	done
+	docker exec  ${SANDBOX_NAME} bash -c "kubectl get hr -A | grep -v 'True'"
+
 delete: ## Remove sandbox from existing Kubernetes cluster.
 	docker rm -f "${SANDBOX_NAME}" || true
 
 exec:  ## Opens an interactive shell in the sandbox container.
-	docker exec -ti "${SANDBOX_NAME}" bash
+	docker exec -ti "${SANDBOX_NAME}" -- bash
+
+proxy: sync-hosts ## Enable a SOCKS5 proxy server; mirrord and gost must be installed.
+	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- gost -L=127.0.0.1:10080
+
+login: ## Downloads the kubeconfig into a temporary directory and runs a shell with the sandbox environment; mirrord must be installed.
+	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- "$$SHELL"
+
+sync-hosts:
+	kubectl exec -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'kubectl get ing -A -o go-template='\''{{ "127.0.0.1 localhost\n"}}{{ range .items }}{{ range .status.loadBalancer.ingress }}{{ .ip }}{{ end }} {{ range .spec.rules }}{{ .host }}{{ end }}{{ "\n" }}{{ end }}'\'' > /etc/hosts'
 
 apply: delete
 	docker run -d --rm --name "${SANDBOX_NAME}" --privileged "$$(yq .e2e.image values.yaml)" sleep infinity

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.0-rc.1@sha256:a20a6834527ccfc8daf7413a15234f3f7dbbd7774810c8e1966736d487ef7d0c
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.2@sha256:31273d6b42dc88c2be2ff9ba64564d1b12e70ae8a5480953341b0d113ac7d4bd

packages/extra/bootbox/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.31.0-rc.1@sha256:de69166fd6efec988cad7ad5be41bbb57c8134508c531d7496fc7f15772e4993
+ghcr.io/cozystack/cozystack/matchbox:v0.30.2@sha256:307d382f75f1dcb39820c73b93b2ce576cdb6d58032679bda7d926999c677900

packages/extra/info/Chart.yaml

@@ -3,4 +3,4 @@ name: info
 description: Info
 icon: /logos/info.svg
 type: application
-version: 1.0.1
+version: 1.0.0

packages/extra/info/templates/kubeconfig.yaml

@@ -11,13 +11,6 @@
 {{- $k8sClient := index $k8sClientSecret.data "client-secret-key" | b64dec }}
 {{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }}
 {{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }}
-
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- end }}
-{{- end }}
 ---
 apiVersion: v1
 kind: Secret

packages/extra/ingress/Chart.yaml

@@ -3,4 +3,4 @@ name: ingress
 description: NGINX Ingress Controller
 icon: /logos/ingress-nginx.svg
 type: application
-version: 1.6.0
+version: 1.5.0

packages/extra/ingress/README.md

@@ -13,5 +13,4 @@
 | `dashboard`       | Should ingress serve Cozystack service dashboard                  | `false` |
 | `cdiUploadProxy`  | Should ingress serve CDI upload proxy                             | `false` |
 | `virtExportProxy` | Should ingress serve KubeVirt export proxy                        | `false` |
-| `api`             | Should ingress serve Cozystack API                                | `true`  |
 

packages/extra/ingress/templates/api.yaml

@@ -1,29 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
-
-{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
-{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
-
-{{- if .Values.api }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-  name: api-{{ .Release.Namespace }}
-  namespace: default
-spec:
-  ingressClassName: {{ .Release.Namespace }}
-  rules:
-  - host: api.{{ $host }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: kubernetes
-            port:
-              number: 443
-        path: /
-        pathType: Prefix
-{{- end }}

packages/extra/ingress/templates/cdi-uploadproxy.yaml

@@ -10,7 +10,11 @@ kind: Ingress
 metadata:
   annotations:
     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    {{- if eq $issuerType "cloudflare" }} 
+    {{- else }}
+    acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }}
+    {{- end }}
   name: cdi-uploadproxy-{{ .Release.Namespace }}
   namespace: cozy-kubevirt-cdi
 spec:
@@ -26,4 +30,8 @@ spec:
               number: 443
         path: /
         pathType: Prefix
+  tls:
+  - hosts:
+    - cdi-uploadproxy.{{ $host }}
+    secretName: cdi-uploadproxy-{{ .Release.Namespace }}-tls
 {{- end }}

packages/extra/ingress/templates/dashboard.yaml

@@ -4,15 +4,6 @@
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
 
-{{- $tenantRoot := dict }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- end }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- else }}
-{{- end }}
-
 {{- if .Values.dashboard }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress

packages/extra/ingress/templates/nginx-ingress.yaml

@@ -11,7 +11,7 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
   interval: 1m0s
   timeout: 5m0s
   values:

packages/extra/ingress/values.schema.json

@@ -40,11 +40,6 @@
             "type": "boolean",
             "description": "Should ingress serve KubeVirt export proxy",
             "default": false
-        },
-        "api": {
-            "type": "boolean",
-            "description": "Should ingress serve Cozystack API",
-            "default": true
         }
     }
 }

packages/extra/ingress/values.yaml

@@ -33,6 +33,3 @@ cdiUploadProxy: false
 
 ## @param virtExportProxy Should ingress serve KubeVirt export proxy
 virtExportProxy: false
-
-## @param api Should ingress serve Cozystack API
-api: true

packages/extra/ingress/vm-exportproxy.yaml

@@ -10,7 +10,11 @@ kind: Ingress
 metadata:
   annotations:
     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    {{- if eq $issuerType "cloudflare" }} 
+    {{- else }}
+    acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }}
+    {{- end }}
   name: virt-exportproxy-{{ .Release.Namespace }}
   namespace: cozy-kubevirt
 spec:
@@ -26,4 +30,8 @@ spec:
               number: 443
         path: /
         pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    virt-exportproxy.{{ $host }}
+    secretName: virt-exportproxy-{{ .Release.Namespace }}-tls
 {{- end }}

packages/extra/monitoring/images/grafana.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:66c4547efd18b4d7475ff73b2c4e2f39e9b4471d55e85237e2fe3e87af05c302
+ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399

packages/extra/seaweedfs/templates/seaweedfs.yaml

@@ -14,7 +14,7 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
   interval: 1m0s
   timeout: 5m0s
   values:

packages/extra/versions_map

@@ -11,15 +11,13 @@ etcd 2.5.0 24fa7222
 etcd 2.6.0 8c460528
 etcd 2.6.1 45a7416c
 etcd 2.7.0 HEAD
-info 1.0.0 93bdf411
+info 1.0.0 HEAD
-info 1.0.1 HEAD
 ingress 1.0.0 d7cfa53c
 ingress 1.1.0 5bbc488e
 ingress 1.2.0 28fca4ef
 ingress 1.3.0 fde4bcfa
 ingress 1.4.0 fd240701
-ingress 1.5.0 93bdf411
+ingress 1.5.0 HEAD
-ingress 1.6.0 HEAD
 monitoring 1.0.0 d7cfa53c
 monitoring 1.1.0 25221fdc
 monitoring 1.2.0 f81be075

packages/system/Makefile

@@ -5,7 +5,7 @@ include ../../scripts/common-envs.mk
 repo:
 	rm -rf "$(OUT)"
 	mkdir -p "$(OUT)"
-	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(COZYSTACK_VERSION)
+	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(VERSION)
 	cd "$(OUT)" && helm repo index .
 
 fix-chartnames:

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:67e4a5da0ab43d93e8b75094d5a2db8159cb927a47b94f945f80d0ffb93d3301
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a47d2743d01bff0ce60aa745fdff54f9b7184dff8679b11ab4ecd08ac663012b

packages/system/cilium/values.yaml

@@ -14,7 +14,7 @@ cilium:
     mode: "kubernetes"
   image:
     repository: ghcr.io/cozystack/cozystack/cilium
-    tag: 1.17.3
+    tag: 1.17.2
-    digest: "sha256:f95e30fd8e7608f61c38344bb9f558f60f4d81bccb8e399836911e4feec2b40a"
+    digest: "sha256:bc6a8ec326188960ac36584873e07801bcbc56cb862e2ec8bf87a7926f66abf1"
   envoy:
     enabled: false

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.0-rc.1@sha256:1dd9f3ec9d5630d5b49ffe9380d6a0131bf04e7e9bddcc3fd6f59089c6563b1c
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.30.2@sha256:7ef370dc8aeac0a6b2a50b7d949f070eb21d267ba0a70e7fc7c1564bfe6d4f83

packages/system/cozystack-controller/templates/rbac.yaml

@@ -9,6 +9,3 @@ rules:
 - apiGroups: ['cozystack.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources: ["helmreleases"]
-  verbs: ["get", "list", "watch", "patch", "update"]

packages/system/cozystack-controller/values.yaml

@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.0-rc.1@sha256:96492f384c07619c091764c759adde6ef91054b1223f03f7ddd62a56c40b06ac
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.30.2@sha256:5b87a8ea0dcde1671f44532c1ee6db11a5dd922d1a009078ecf6495ec193e52a
   debug: false
   disableTelemetry: false
-  cozystackVersion: "v0.31.0-rc.1"
+  cozystackVersion: "v0.30.2"

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.31.0-rc.1",
+      "appVersion": "v0.30.2",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/values.yaml

@@ -19,15 +19,15 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: dashboard
-      tag: v0.31.0-rc.1
+      tag: v0.30.2
       digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
   kubeappsapis:
     resourcesPreset: "none"
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: kubeapps-apis
-      tag: v0.31.0-rc.1
+      tag: v0.30.2
-      digest: "sha256:ca65949e84c9a92436f47525ae92861984406644779cbb2ecdb8e2a1a133fabf"
+      digest: "sha256:3b5805b56f2fb9fd25f4aa389cdfbbb28a3f2efb02245c52085a45d1dc62bf92"
     pluginConfig:
       flux:
         packages:

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.31.0-rc.1@sha256:3ae6f1b2e42dcb9dcfbf8213029eb731197ccdbf27fdc30539d975caf32184d4
+    tag: v0.30.2@sha256:e04f68e4cc5b023ed39ce2242b32aee51f97235371602239d0c4a9cea97c8d0d
     repository: ghcr.io/cozystack/cozystack/kamaji
   resources:
     limits:

packages/system/keycloak-configure/templates/configure-kk.yaml

@@ -4,15 +4,6 @@
 {{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }}
 {{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }}
 
-{{- $tenantRoot := dict }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- end }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- else }}
-{{- end }}
-
 {{- $existingK8sSecret := lookup "v1" "Secret" .Release.Namespace "k8s-client" }}
 {{- $existingKubeappsSecret := lookup "v1" "Secret" .Release.Namespace "kubeapps-client" }}
 {{- $existingAuthConfig := lookup "v1" "Secret" "cozy-dashboard" "kubeapps-auth-config" }}

packages/system/keycloak/templates/ingress.yaml

@@ -5,15 +5,6 @@
 {{- $rootns := lookup "v1" "Namespace" "" "tenant-root" }}
 {{- $ingress := index $rootns.metadata.annotations "namespace.cozystack.io/ingress" }}
 
-{{- $tenantRoot := dict }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- end }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- else }}
-{{- end }}
-
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:

packages/system/keycloak/templates/sts.yaml

@@ -7,15 +7,6 @@
   {{- $password = index $existingPassword.data "password" | b64dec }}
 {{- end }}
 
-{{- $tenantRoot := dict }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- end }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- else }}
-{{- end }}
-
 apiVersion: v1
 kind: Secret
 metadata:

packages/system/kubeovn-webhook/values.yaml

@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.0-rc.1@sha256:fa14fa7a0ffa628eb079ddcf6ce41d75b43de92e50f489422f8fb15c4dab2dbf
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.30.2@sha256:fa14fa7a0ffa628eb079ddcf6ce41d75b43de92e50f489422f8fb15c4dab2dbf

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.10@sha256:cc490d549353e2ee432568eb32631f8213e0f208193594b2f59de312607c9782
+      tag: v1.13.8@sha256:071a93df2dce484b347bbace75934ca9e1743668bfe6f1161ba307dee204767d

packages/system/kubevirt/templates/kubevirt-cr.yaml

@@ -10,9 +10,6 @@ spec:
     commonInstancetypesDeployment:
       enabled: false
     developerConfiguration:
-      {{- if .Values.cpuAllocationRatio }}
-      cpuAllocationRatio: {{ .Values.cpuAllocationRatio }}
-      {{- end }}
       featureGates:
       - HotplugVolumes
       - ExpandDisks

packages/system/linstor/templates/podscrape.yaml

@@ -1,4 +1,3 @@
-{{- if .Capabilities.APIVersions.Has "operator.victoriametrics.com/v1beta1" }}
 apiVersion: operator.victoriametrics.com/v1beta1
 kind: VMPodScrape
 metadata:
@@ -43,4 +42,3 @@ spec:
   selector:
     matchLabels:
       app.kubernetes.io/component: linstor-controller
-{{- end }}

packages/system/piraeus-operator/templates/alerts.yaml

@@ -1,8 +1,7 @@
 {{- $files := .Files.Glob "alerts/*.yaml" -}}
-{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" }}
 {{- range $path, $file := $files }}
 ---
 # from: {{ $path }}
 {{ toString $file }}
-{{- end }}
+
 {{- end -}}

scripts/common-envs.mk

@@ -1,7 +1,7 @@
 REGISTRY := ghcr.io/cozystack/cozystack
 PUSH := 1
 LOAD := 0
-COZYSTACK_VERSION = $(patsubst v%,%,$(shell git describe --tags))
+VERSION = $(patsubst v%,%,$(shell git describe --tags --abbrev=0))
 TAG = $(shell git describe --tags --exact-match 2>/dev/null || echo latest)
 
 # Returns 'latest' if the git tag is not assigned, otherwise returns the provided value
@@ -9,8 +9,8 @@ define settag
 $(if $(filter $(TAG),latest),latest,$(1))
 endef
 
-ifeq ($(COZYSTACK_VERSION),)
+ifeq ($(VERSION),)
     $(shell git remote add upstream https://github.com/cozystack/cozystack.git || true)
     $(shell git fetch upstream --tags)
-    COZYSTACK_VERSION = $(patsubst v%,%,$(shell git describe --tags))
+    VERSION = $(patsubst v%,%,$(shell git describe --tags --abbrev=0))
 endif