Prepare release v0.30.5

Signed-off-by: github-actions <github-actions@github.com>
Fix virtual machine resource tracking (#904 ) (#916 )
2026-01-29 18:19:00 +00:00 · 2025-05-05 14:22:08 +00:00 · 2025-05-05 18:16:50 +04:00 · 2025-05-05 13:55:06 +03:00 · 2025-04-24 15:16:14 +02:00 · 2025-04-24 12:50:06 +00:00
138 changed files with 1006 additions and 1996 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-* @kvaps @lllamnyp @klinch0
+* @kvaps @lllamnyp
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -4,10 +4,6 @@ on:
  pull_request_target:
    types: [closed]   # fires when PR is closed (merged)

-concurrency:
-  group: backport-${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
 permissions:
  contents: write
  pull-requests: write
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -1,13 +1,12 @@
 name: Pre-Commit Checks

 on:
+  push:
+    branches:
+      - main
  pull_request:
-    types: [labeled, opened, synchronize, reopened]
-
-concurrency:
-  group: pre-commit-${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
+    paths-ignore:
+      - '**.md'
 jobs:
  pre-commit:
    runs-on: ubuntu-22.04
--- a/.github/workflows/pull-requests-release.yaml
+++ b/.github/workflows/pull-requests-release.yaml
@@ -4,10 +4,6 @@ on:
  pull_request:
    types: [labeled, opened, synchronize, reopened, closed]

-concurrency:
-  group: pull-requests-release-${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
 jobs:
  verify:
    name: Test Release
@@ -16,8 +12,8 @@ jobs:
      contents: read
      packages: write

-    # Run only when the PR carries the "release" label and not closed.
    if: |
+      contains(github.event.pull_request.labels.*.name, 'ok-to-test') &&
      contains(github.event.pull_request.labels.*.name, 'release') &&
      github.event.action != 'closed'

@@ -76,36 +72,6 @@ jobs:
          git tag -f ${{ steps.get_tag.outputs.tag }} ${{ github.sha }}
          git push -f origin ${{ steps.get_tag.outputs.tag }}

-      # Ensure maintenance branch release-X.Y
-      - name: Ensure maintenance branch release-X.Y
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const tag = '${{ steps.get_tag.outputs.tag }}';  // e.g. v0.1.3 or v0.1.3-rc3
-            const match = tag.match(/^v(\d+)\.(\d+)\.\d+(?:[-\w\.]+)?$/);
-            if (!match) {
-              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-suffix'`);
-              return;
-            }
-            const line = `${match[1]}.${match[2]}`;
-            const branch = `release-${line}`;
-            try {
-              await github.rest.repos.getBranch({
-                owner: context.repo.owner,
-                repo:  context.repo.repo,
-                branch
-              });
-              console.log(`Branch '${branch}' already exists`);
-            } catch (_) {
-              await github.rest.git.createRef({
-                owner: context.repo.owner,
-                repo:  context.repo.repo,
-                ref:   `refs/heads/${branch}`,
-                sha:   context.sha
-              });
-              console.log(`✅ Branch '${branch}' created at ${context.sha}`);
-            }
-
      # Get the latest published release
      - name: Get the latest published release
        id: latest_release
@@ -136,13 +102,13 @@ jobs:
        uses: actions/github-script@v7
        with:
          script: |
-            const tag = '${{ steps.get_tag.outputs.tag }}';              // v0.31.5-rc.1
-            const m = tag.match(/^v(\d+\.\d+\.\d+)(-rc\.\d+)?$/);
+            const tag = '${{ steps.get_tag.outputs.tag }}';              // v0.31.5-rc1
+            const m = tag.match(/^v(\d+\.\d+\.\d+)(-rc\d+)?$/);
            if (!m) {
-              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-rc.N'`);
+              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-rcN'`);
              return;
            }
-            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc.1
+            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc1
            const isRc    = Boolean(m[2]);
            core.setOutput('is_rc',      isRc);
            const outdated = '${{ steps.semver.outputs.comparison-result }}' === '<';
--- a/.github/workflows/pull-requests.yaml
+++ b/.github/workflows/pull-requests.yaml
@@ -4,10 +4,6 @@ on:
  pull_request:
    types: [labeled, opened, synchronize, reopened]

-concurrency:
-  group: pull-requests-${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
 jobs:
  e2e:
    name: Build and Test
@@ -16,9 +12,20 @@ jobs:
      contents: read
      packages: write

+    # ─────────────────────────────────────────────────────────────
+    # Run automatically for internal PRs (same repo).
+    # For external PRs (forks) require the "ok‑to‑test" label.
    # Never run when the PR carries the "release" label.
+    # ─────────────────────────────────────────────────────────────
    if: |
-      !contains(github.event.pull_request.labels.*.name, 'release')
+      !contains(github.event.pull_request.labels.*.name, 'release') &&
+      (
+        github.event.pull_request.head.repo.full_name == github.repository ||
+        (
+          github.event.pull_request.head.repo.full_name != github.repository &&
+          contains(github.event.pull_request.labels.*.name, 'ok-to-test')
+        )
+      )

    steps:
      - name: Checkout code
--- a/.github/workflows/tags.yaml
+++ b/.github/workflows/tags.yaml
@@ -3,13 +3,7 @@ name: Versioned Tag
 on:
  push:
    tags:
-      - 'v*.*.*' # vX.Y.Z
-      - 'v*.*.*-rc.*' # vX.Y.Z-rc.N
-
-
-concurrency:
-  group: tags-${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+      - 'v*.*.*' # vX.Y.Z or vX.Y.Z-rcN

 jobs:
  prepare-release:
@@ -19,7 +13,6 @@ jobs:
      contents: write
      packages: write
      pull-requests: write
-      actions: write

    steps:
      # Check if a non-draft release with this tag already exists
@@ -49,18 +42,18 @@ jobs:
        uses: actions/github-script@v7
        with:
          script: |
-            const ref = context.ref.replace('refs/tags/', '');           // e.g. v0.31.5-rc.1
-            const m = ref.match(/^v(\d+\.\d+\.\d+)(-rc\.\d+)?$/);        // ['0.31.5', '-rc.1']
+            const ref = context.ref.replace('refs/tags/', '');           // e.g. v0.31.5-rc1
+            const m = ref.match(/^v(\d+\.\d+\.\d+)(-rc\d+)?$/);
            if (!m) {
-              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-rc.N'`);
+              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-rcN'`);
              return;
            }
-            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc.1
+            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc1
            const isRc    = Boolean(m[2]);
            const [maj, min] = m[1].split('.');
-            core.setOutput('tag',     ref);                              // v0.31.5-rc.1
-            core.setOutput('version', version);                          // 0.31.5-rc.1
-            core.setOutput('is_rc',   isRc);                             // true
+            core.setOutput('tag',     ref);
+            core.setOutput('version', version);
+            core.setOutput('is_rc',   isRc);
            core.setOutput('line',    `${maj}.${min}`);                  // 0.31

      # Detect base branch (main or release‑X.Y) the tag was pushed from
@@ -181,6 +174,32 @@ jobs:
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

+      # Ensure long‑lived maintenance branch release‑X.Y
+      - name: Ensure maintenance branch release‑${{ steps.tag.outputs.line }}
+        if: |
+          steps.check_release.outputs.skip == 'false' &&
+          steps.get_base.outputs.branch == 'main'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const branch = `release-${'${{ steps.tag.outputs.line }}'}`;
+            try {
+              await github.rest.repos.getBranch({
+                owner: context.repo.owner,
+                repo:  context.repo.repo,
+                branch
+              });
+              console.log(`Branch '${branch}' already exists`);
+            } catch (_) {
+              await github.git.createRef({
+                owner: context.repo.owner,
+                repo:  context.repo.repo,
+                ref:   `refs/heads/${branch}`,
+                sha:   context.sha
+              });
+              console.log(`Branch '${branch}' created at ${context.sha}`);
+            }
+
      # Create release‑X.Y.Z branch and push (force‑update)
      - name: Create release branch
        if: steps.check_release.outputs.skip == 'false'
@@ -225,3 +244,8 @@ jobs:
            } else {
              console.log(`PR already exists from ${head} to ${base}`);
            }
+
+      # Run tests 
+      - name: Test
+        if: steps.check_release.outputs.skip == 'false'
+        run: make test
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,6 @@
 _out
 .git
 .idea
-.vscode

 # User-specific stuff
 .idea/**/workspace.xml
@@ -76,4 +75,4 @@ fabric.properties
 .idea/caches/build_file_checksums.ser

 .DS_Store
-**/.DS_Store
+**/.DS_Store
--- a/1
+++ b/1
@@ -47,6 +47,7 @@ assets:
 test:
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
+	#make -C packages/core/testing test-applications

 generate:
 	hack/update-codegen.sh
--- a/cmd/cozystack-controller/main.go
+++ b/cmd/cozystack-controller/main.go
@@ -39,8 +39,6 @@ import (
 	cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 	"github.com/cozystack/cozystack/internal/controller"
 	"github.com/cozystack/cozystack/internal/telemetry"
-
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
 	// +kubebuilder:scaffold:imports
 )

@@ -53,7 +51,6 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))

 	utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme))
-	utilruntime.Must(helmv2.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }

@@ -185,14 +182,6 @@ func main() {
 	if err = (&controller.WorkloadReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "WorkloadReconciler")
-		os.Exit(1)
-	}
-
-	if err = (&controller.TenantHelmReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Workload")
 		os.Exit(1)
--- a/docs/release.md
+++ b/docs/release.md
@@ -1,166 +0,0 @@
-# Release Workflow
-
-This document describes Cozystack’s release process.
-
-## Introduction
-
-Cozystack uses a staged release process to ensure stability and flexibility during development.
-
-There are three types of releases:
-
- **Release Candidates (RC)** – Preview versions (e.g., `v0.42.0-rc.1`) used for final testing and validation.
- **Regular Releases** – Final versions (e.g., `v0.42.0`) that are feature-complete and thoroughly tested.
- **Patch Releases** – Bugfix-only updates (e.g., `v0.42.1`) made after a stable release, based on a dedicated release branch.
-
-Each type plays a distinct role in delivering reliable and tested updates while allowing ongoing development to continue smoothly.
-
-## Release Candidates
-
-Release candidates are Cozystack versions that introduce new features and are published before a stable release.
-Their purpose is to help validate stability before finalizing a new feature release.
-They allow for final rounds of testing and bug fixes without freezing development.
-
-Release candidates are given numbers `vX.Y.0-rc.N`, for example, `v0.42.0-rc.1`.
-They are created directly in the `main` branch.
-An RC is typically tagged when all major features for the upcoming release have been merged into main and the release enters its testing phase.
-However, new features and changes can still be added before the regular release `vX.Y.0`.
-
-Each RC contributes to a cumulative set of release notes that will be finalized when `vX.Y.0` is released.
-After testing, if no critical issues remain, the regular release (`vX.Y.0`) is tagged from the last RC or a later commit in main.
-This begins the regular release process, creates a dedicated `release-X.Y` branch, and opens the way for patch releases.
-
-## Regular Releases
-
-When making a regular release, we tag the latest RC or a subsequent minimal-change commit as `vX.Y.0`.
-In this explanation, we'll use version `v0.42.0` as an example:
-
-```mermaid
-gitGraph
-    commit id: "feature"
-    commit id: "feature 2"
-    commit id: "feature 3" tag: "v0.42.0"
-```
-
-A regular release sequence starts in the following way:
-
-1. Maintainer tags a commit in `main` with `v0.42.0` and pushes it to GitHub.
-2. CI workflow triggers on tag push:
-   1. Creates a draft page for release `v0.42.0`, if it wasn't created before.
-   2. Takes code from tag `v0.42.0`, builds images, and pushes them to ghcr.io.
-   3. Makes a new commit `Prepare release v0.42.0` with updated digests, pushes it to the new branch `release-0.42.0`, and opens a PR to `main`.
-   4. Builds Cozystack release assets from the new commit `Prepare release v0.42.0` and uploads them to the release draft page.
-3. Maintainer reviews PR, tests build artifacts, and edits changelogs on the release draft page.
-
-   ```mermaid
-   gitGraph
-       commit id: "feature"
-       commit id: "feature 2"
-       commit id: "feature 3" tag: "v0.42.0"
-       branch release-0.42.0
-       checkout release-0.42.0
-       commit id: "Prepare release v0.42.0"
-       checkout main
-       merge release-0.42.0 id: "Pull Request"
-   ```
-
-   When testing and editing are completed, the sequence goes on.
-
-4. Maintainer merges the PR. GitHub removes the merged branch `release-0.42.0`.
-5. CI workflow triggers on merge:
-   1. Moves the tag `v0.42.0` to the newly created merge commit by force-pushing a tag to GitHub.
-   2. Publishes the release page (`draft` → `latest`).
-6. The maintainer can now announce the release to the community.
-
-```mermaid
-gitGraph
-    commit id: "feature"
-    commit id: "feature 2"
-    commit id: "feature 3"
-    branch release-0.42.0
-    checkout release-0.42.0
-    commit id: "Prepare release v0.42.0"
-    checkout main
-    merge release-0.42.0 id: "Release v0.42.0" tag: "v0.42.0"
-```
-
-## Patch Releases
-
-Making a patch release has a lot in common with a regular release, with a couple of differences:
-
-* A release branch is used instead of `main`
-* Patch commits are cherry-picked to the release branch.
-* A pull request is opened against the release branch.
-
-
-Let's assume that we've released `v0.42.0` and that development is ongoing.
-We have introduced a couple of new features and some fixes to features that we have released 
-in `v0.42.0`.
-
-Once problems were found and fixed, a patch release is due.
-
-```mermaid
-gitGraph
-   commit id: "Release v0.42.0" tag: "v0.42.0"
-    checkout main
-    commit id: "feature 4"
-    commit id: "patch 1"
-    commit id: "feature 5"
-    commit id: "patch 2"
-```
-
-
-1. The maintainer creates a release branch, `release-0.42,` and cherry-picks patch commits from `main` to `release-0.42`.
-   These must be only patches to features that were present in version `v0.42.0`.
-
-   Cherry-picking can be done as soon as each patch is merged into `main`,
-   or directly before the release.
-
-   ```mermaid
-   gitGraph
-       commit id: "Release v0.42.0" tag: "v0.42.0"
-       branch release-0.42
-       checkout main
-       commit id: "feature 4"
-       commit id: "patch 1"
-       commit id: "feature 5"
-       commit id: "patch 2"
-       checkout release-0.42
-       cherry-pick id: "patch 1"
-       cherry-pick id: "patch 2"
-   ```
-
-   When all relevant patch commits are cherry-picked, the branch is ready for release.
-
-2. The maintainer tags the `HEAD` commit of branch `release-0.42` as `v0.42.1` and then pushes it to GitHub.
-3. CI workflow triggers on tag push:
-    1. Creates a draft page for release `v0.42.1`, if it wasn't created before.
-    2. Takes code from tag `v0.42.1`, builds images, and pushes them to ghcr.io.
-    3. Makes a new commit `Prepare release v0.42.1` with updated digests, pushes it to the new branch `release-0.42.1`, and opens a PR to `release-0.42`.
-    4. Builds Cozystack release assets from the new commit `Prepare release v0.42.1` and uploads them to the release draft page.
-4. Maintainer reviews PR, tests build artifacts, and edits changelogs on the release draft page.
-   
-   ```mermaid
-   gitGraph
-       commit id: "Release v0.42.0" tag: "v0.42.0"
-       branch release-0.42
-       checkout main
-       commit id: "feature 4"
-       commit id: "patch 1"
-       commit id: "feature 5"
-       commit id: "patch 2"
-       checkout release-0.42
-       cherry-pick id: "patch 1"
-       cherry-pick id: "patch 2" tag: "v0.42.1"
-       branch release-0.42.1
-       commit id: "Prepare release v0.42.1"
-       checkout release-0.42
-       merge release-0.42.1 id: "Pull request"
-   ```
-
-   Finally, when release is confirmed, the release sequence goes on.
-
-5. Maintainer merges the PR. GitHub removes the merged branch `release-0.42.1`.
-6. CI workflow triggers on merge:
-   1. Moves the tag `v0.42.1` to the newly created merge commit by force-pushing a tag to GitHub.
-   2. Publishes the release page (`draft` → `latest`).
-7. The maintainer can now announce the release to the community.
--- a/hack/e2e.application.sh
+++ b/hack/e2e.application.sh
@@ -0,0 +1,165 @@
+#!/bin/bash
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+RESET='\033[0m'
+YELLOW='\033[0;33m'
+
+
+ROOT_NS="tenant-root"
+TEST_TENANT="tenant-e2e"
+
+values_base_path="/hack/testdata/"
+checks_base_path="/hack/testdata/"
+
+function delete_hr() {
+    local release_name="$1"
+    local namespace="$2"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ "$release_name" == "tenant-e2e" ]]; then
+        echo -e "${YELLOW}Skipping deletion for release tenant-e2e.${RESET}"
+        return 0
+    fi
+
+    kubectl delete helmrelease $release_name -n $namespace
+}
+
+function install_helmrelease() {
+    local release_name="$1"
+    local namespace="$2"
+    local chart_path="$3"
+    local repo_name="$4"
+    local repo_ns="$5"
+    local values_file="$6"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$chart_path" ]]; then
+        echo -e "${RED}Error: Chart path name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -n "$values_file" && -f "$values_file" ]]; then
+        local values_section
+        values_section=$(echo "  values:" && sed 's/^/    /' "$values_file")
+    fi
+
+    local helmrelease_file=$(mktemp /tmp/HelmRelease.XXXXXX.yaml)
+    {
+        echo "apiVersion: helm.toolkit.fluxcd.io/v2"
+        echo "kind: HelmRelease"
+        echo "metadata:"
+        echo "  labels:"
+        echo "    cozystack.io/ui: \"true\""
+        echo "  name: \"$release_name\""
+        echo "  namespace: \"$namespace\""
+        echo "spec:"
+        echo "  chart:"
+        echo "    spec:"
+        echo "      chart: \"$chart_path\""
+        echo "      reconcileStrategy: Revision"
+        echo "      sourceRef:"
+        echo "        kind: HelmRepository"
+        echo "        name: \"$repo_name\""
+        echo "        namespace: \"$repo_ns\""
+        echo "      version: '*'"
+        echo "  interval: 1m0s"
+        echo "  timeout: 5m0s"
+        [[ -n "$values_section" ]] && echo "$values_section"
+    } > "$helmrelease_file"
+
+    kubectl apply -f "$helmrelease_file"
+
+    rm -f "$helmrelease_file"
+}
+
+function install_tenant (){
+    local release_name="$1"
+    local namespace="$2"
+    local values_file="${values_base_path}tenant/values.yaml"
+    local repo_name="cozystack-apps"
+    local repo_ns="cozy-public"
+    install_helmrelease "$release_name" "$namespace" "tenant" "$repo_name" "$repo_ns" "$values_file"
+}
+
+function make_extra_checks(){
+    local checks_file="$1"
+    echo "after exec make $checks_file"
+    if [[ -n "$checks_file" && -f "$checks_file" ]]; then
+        echo -e "${YELLOW}Start extra checks with file: ${checks_file}${RESET}"
+
+    fi
+}
+
+function check_helmrelease_status() {
+    local release_name="$1"
+    local namespace="$2"
+    local checks_file="$3"
+    local timeout=300  # Timeout in seconds
+    local interval=5   # Interval between checks in seconds
+    local elapsed=0
+
+
+    while [[ $elapsed -lt $timeout ]]; do
+        local status_output
+        status_output=$(kubectl get helmrelease "$release_name" -n "$namespace" -o json | jq -r '.status.conditions[-1].reason')
+
+        if [[ "$status_output" == "InstallSucceeded" || "$status_output" == "UpgradeSucceeded" ]]; then
+            echo -e "${GREEN}Helm release '$release_name' is ready.${RESET}"
+            make_extra_checks "$checks_file"
+            delete_hr $release_name $namespace
+            return 0
+        elif [[ "$status_output" == "InstallFailed" ]]; then
+          echo -e "${RED}Helm release '$release_name': InstallFailed${RESET}"
+          exit 1
+        else
+            echo -e "${YELLOW}Helm release '$release_name' is not ready. Current status: $status_output${RESET}"
+        fi
+
+        sleep "$interval"
+        elapsed=$((elapsed + interval))
+    done
+
+    echo -e "${RED}Timeout reached. Helm release '$release_name' is still not ready after $timeout seconds.${RESET}"
+    exit 1
+}
+
+chart_name="$1"
+
+if [ -z "$chart_name" ]; then
+    echo -e "${RED}No chart name provided. Exiting...${RESET}"
+    exit 1
+fi
+
+
+checks_file="${checks_base_path}${chart_name}/check.sh"
+repo_name="cozystack-apps"
+repo_ns="cozy-public"
+release_name="$chart_name-e2e"
+values_file="${values_base_path}${chart_name}/values.yaml"
+
+install_tenant $TEST_TENANT $ROOT_NS
+check_helmrelease_status $TEST_TENANT $ROOT_NS "${checks_base_path}tenant/check.sh"
+
+echo -e "${YELLOW}Running tests for chart: $chart_name${RESET}"
+
+install_helmrelease $release_name $TEST_TENANT $chart_name $repo_name $repo_ns $values_file
+check_helmrelease_status $release_name $TEST_TENANT $checks_file
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -60,8 +60,7 @@ done

 # Prepare system drive
 if [ ! -f nocloud-amd64.raw ]; then
-  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz \
-    -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
+  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
  rm -f nocloud-amd64.raw
  xz --decompress nocloud-amd64.raw.xz
 fi
@@ -86,8 +85,7 @@ done
 # Start VMs
 for i in 1 2 3; do
  qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 8 -m 16384 \
-    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i \
-    -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
+    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
    -drive file=srv$i/system.img,if=virtio,format=raw \
    -drive file=srv$i/seed.img,if=virtio,format=raw \
    -drive file=srv$i/data.img,if=virtio,format=raw \
@@ -123,7 +121,7 @@ machine:
  files:
  - content: |
      [plugins]
-        [plugins."io.containerd.cri.v1.runtime"]
+        [plugins."io.containerd.grpc.v1.cri"]
          device_ownership_from_security_context = true      
    path: /etc/cri/conf.d/20-customization.part
    op: create
@@ -233,15 +231,8 @@ timeout 60 sh -c 'until kubectl get hr -A | grep cozy; do sleep 1; done'

 sleep 5

-# Wait for all HelmReleases to be installed
 kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x

-failed_hrs=$(kubectl get hr -A | grep -v True)
-if [ -n "$(echo "$failed_hrs" | grep -v NAME)" ]; then
-  printf 'Failed HelmReleases:\n%s\n' "$failed_hrs" >&2
-  exit 1
-fi
-
 # Wait for Cluster-API providers
 timeout 60 sh -c 'until kubectl get deploy -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager; do sleep 1; done'
 kubectl wait deploy --timeout=1m --for=condition=available -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager
--- a/hack/testdata/http-cache/check.sh
+++ b/hack/testdata/http-cache/check.sh
@@ -0,0 +1 @@
+return 0
--- a/hack/testdata/http-cache/values.yaml
+++ b/hack/testdata/http-cache/values.yaml
@@ -0,0 +1,2 @@
+endpoints:
+  - 8.8.8.8:443
--- a/hack/testdata/kubernetes/check.sh
+++ b/hack/testdata/kubernetes/check.sh
@@ -0,0 +1 @@
+return 0
--- a/hack/testdata/kubernetes/values.yaml
+++ b/hack/testdata/kubernetes/values.yaml
@@ -0,0 +1,62 @@
+## @section Common parameters
+
+## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
+## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
+## @param storageClass StorageClass used to store user data
+##
+host: ""
+controlPlane:
+  replicas: 2
+storageClass: replicated
+
+## @param nodeGroups [object] nodeGroups configuration
+##
+nodeGroups:
+  md0:
+    minReplicas: 0
+    maxReplicas: 10
+    instanceType: "u1.medium"
+    ephemeralStorage: 20Gi
+    roles:
+    - ingress-nginx
+
+    resources:
+      cpu: ""
+      memory: ""
+
+## @section Cluster Addons
+##
+addons:
+
+  ## Cert-manager: automatically creates and manages SSL/TLS certificate
+  ##
+  certManager:
+    ## @param addons.certManager.enabled Enables the cert-manager
+    ## @param addons.certManager.valuesOverride Custom values to override
+    enabled: true
+    valuesOverride: {}
+
+  ## Ingress-NGINX Controller
+  ##
+  ingressNginx:
+    ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
+    ## @param addons.ingressNginx.valuesOverride Custom values to override
+    ##
+    enabled: true
+    ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
+    ## e.g:
+    ## hosts:
+    ## - example.org
+    ## - foo.example.net
+    ##
+    hosts: []
+    valuesOverride: {}
+
+  ## Flux CD
+  ##
+  fluxcd:
+    ## @param addons.fluxcd.enabled Enables Flux CD
+    ## @param addons.fluxcd.valuesOverride Custom values to override
+    ##
+    enabled: true
+    valuesOverride: {}
--- a/hack/testdata/nats/check.sh
+++ b/hack/testdata/nats/check.sh
@@ -0,0 +1 @@
+return 0
--- a/hack/testdata/nats/values.yaml
+++ b/hack/testdata/nats/values.yaml
@@ -0,0 +1,10 @@
+
+## @section Common parameters
+
+## @param external Enable external access from outside the cluster
+## @param replicas Persistent Volume size for NATS
+## @param storageClass StorageClass used to store the data
+##
+external: false
+replicas: 2
+storageClass: ""
--- a/hack/testdata/tenant/check.sh
+++ b/hack/testdata/tenant/check.sh
@@ -0,0 +1 @@
+return 0
--- a/hack/testdata/tenant/values.yaml
+++ b/hack/testdata/tenant/values.yaml
@@ -0,0 +1,6 @@
+host: ""
+etcd: false
+monitoring: false
+ingress: false
+seaweedfs: false
+isolated: true
--- a/internal/controller/tenant_helm_reconciler.go
+++ b/internal/controller/tenant_helm_reconciler.go
@@ -1,158 +0,0 @@
-package controller
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"time"
-
-	e "errors"
-
-	helmv2 "github.com/fluxcd/helm-controller/api/v2"
-	"gopkg.in/yaml.v2"
-	corev1 "k8s.io/api/core/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-)
-
-type TenantHelmReconciler struct {
-	client.Client
-	Scheme *runtime.Scheme
-}
-
-func (r *TenantHelmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	logger := log.FromContext(ctx)
-
-	hr := &helmv2.HelmRelease{}
-	if err := r.Get(ctx, req.NamespacedName, hr); err != nil {
-		if errors.IsNotFound(err) {
-			return ctrl.Result{}, nil
-		}
-		logger.Error(err, "unable to fetch HelmRelease")
-		return ctrl.Result{}, err
-	}
-
-	if !strings.HasPrefix(hr.Name, "tenant-") {
-		return ctrl.Result{}, nil
-	}
-
-	if len(hr.Status.Conditions) == 0 || hr.Status.Conditions[0].Type != "Ready" {
-		return ctrl.Result{}, nil
-	}
-
-	if len(hr.Status.History) == 0 {
-		logger.Info("no history in HelmRelease status", "name", hr.Name)
-		return ctrl.Result{}, nil
-	}
-
-	if hr.Status.History[0].Status != "deployed" {
-		return ctrl.Result{}, nil
-	}
-
-	newDigest := hr.Status.History[0].Digest
-	var hrList helmv2.HelmReleaseList
-	childNamespace := getChildNamespace(hr.Namespace, hr.Name)
-	if childNamespace == "tenant-root" && hr.Name == "tenant-root" {
-		if hr.Spec.Values == nil {
-			logger.Error(e.New("hr.Spec.Values is nil"), "cant annotate tenant-root ns")
-			return ctrl.Result{}, nil
-		}
-		err := annotateTenantRootNs(*hr.Spec.Values, r.Client)
-		if err != nil {
-			logger.Error(err, "cant annotate tenant-root ns")
-			return ctrl.Result{}, nil
-		}
-		logger.Info("namespace 'tenant-root' annotated")
-	}
-
-	if err := r.List(ctx, &hrList, client.InNamespace(childNamespace)); err != nil {
-		logger.Error(err, "unable to list HelmReleases in namespace", "namespace", hr.Name)
-		return ctrl.Result{}, err
-	}
-
-	for _, item := range hrList.Items {
-		if item.Name == hr.Name {
-			continue
-		}
-		oldDigest := item.GetAnnotations()["cozystack.io/tenant-config-digest"]
-		if oldDigest == newDigest {
-			continue
-		}
-		patchTarget := item.DeepCopy()
-
-		if patchTarget.Annotations == nil {
-			patchTarget.Annotations = map[string]string{}
-		}
-		ts := time.Now().Format(time.RFC3339Nano)
-
-		patchTarget.Annotations["cozystack.io/tenant-config-digest"] = newDigest
-		patchTarget.Annotations["reconcile.fluxcd.io/forceAt"] = ts
-		patchTarget.Annotations["reconcile.fluxcd.io/requestedAt"] = ts
-
-		patch := client.MergeFrom(item.DeepCopy())
-		if err := r.Patch(ctx, patchTarget, patch); err != nil {
-			logger.Error(err, "failed to patch HelmRelease", "name", patchTarget.Name)
-			continue
-		}
-
-		logger.Info("patched HelmRelease with new digest", "name", patchTarget.Name, "digest", newDigest, "version", hr.Status.History[0].Version)
-	}
-
-	return ctrl.Result{}, nil
-}
-
-func (r *TenantHelmReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&helmv2.HelmRelease{}).
-		Complete(r)
-}
-
-func getChildNamespace(currentNamespace, hrName string) string {
-	tenantName := strings.TrimPrefix(hrName, "tenant-")
-
-	switch {
-	case currentNamespace == "tenant-root" && hrName == "tenant-root":
-		// 1) root tenant inside root namespace
-		return "tenant-root"
-
-	case currentNamespace == "tenant-root":
-		// 2) any other tenant in root namespace
-		return fmt.Sprintf("tenant-%s", tenantName)
-
-	default:
-		// 3) tenant in a dedicated namespace
-		return fmt.Sprintf("%s-%s", currentNamespace, tenantName)
-	}
-}
-
-func annotateTenantRootNs(values apiextensionsv1.JSON, c client.Client) error {
-	var data map[string]interface{}
-	if err := yaml.Unmarshal(values.Raw, &data); err != nil {
-		return fmt.Errorf("failed to parse HelmRelease values: %w", err)
-	}
-
-	host, ok := data["host"].(string)
-	if !ok || host == "" {
-		return fmt.Errorf("host field not found or not a string")
-	}
-
-	var ns corev1.Namespace
-	if err := c.Get(context.TODO(), client.ObjectKey{Name: "tenant-root"}, &ns); err != nil {
-		return fmt.Errorf("failed to get namespace tenant-root: %w", err)
-	}
-
-	if ns.Annotations == nil {
-		ns.Annotations = map[string]string{}
-	}
-	ns.Annotations["namespace.cozystack.io/host"] = host
-
-	if err := c.Update(context.TODO(), &ns); err != nil {
-		return fmt.Errorf("failed to update namespace: %w", err)
-	}
-
-	return nil
-}
--- a/internal/controller/workloadmonitor_controller.go
+++ b/internal/controller/workloadmonitor_controller.go
@@ -116,24 +116,15 @@ func (r *WorkloadMonitorReconciler) reconcileServiceForMonitor(

 	resources := make(map[string]resource.Quantity)

-	quantity := resource.MustParse("0")
+	q := resource.MustParse("0")

 	for _, ing := range svc.Status.LoadBalancer.Ingress {
 		if ing.IP != "" {
-			quantity.Add(resource.MustParse("1"))
+			q.Add(resource.MustParse("1"))
 		}
 	}

-	var resourceLabel string
-	if svc.Annotations != nil {
-		var ok bool
-		resourceLabel, ok = svc.Annotations["metallb.universe.tf/ip-allocated-from-pool"]
-		if !ok {
-			resourceLabel = "default"
-		}
-	}
-	resourceLabel = fmt.Sprintf("%s.ipaddresspool.metallb.io/requests.ipaddresses", resourceLabel)
-	resources[resourceLabel] = quantity
+	resources["public-ips"] = q

 	_, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error {
 		// Update owner references with the new monitor
@@ -174,12 +165,7 @@ func (r *WorkloadMonitorReconciler) reconcilePVCForMonitor(
 	resources := make(map[string]resource.Quantity)

 	for resourceName, resourceQuantity := range pvc.Status.Capacity {
-		storageClass := "default"
-		if pvc.Spec.StorageClassName != nil || *pvc.Spec.StorageClassName == "" {
-			storageClass = *pvc.Spec.StorageClassName
-		}
-		resourceLabel := fmt.Sprintf("%s.storageclass.storage.k8s.io/requests.%s", storageClass, resourceName.String())
-		resources[resourceLabel] = resourceQuantity
+		resources[resourceName.String()] = resourceQuantity
 	}

 	_, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error {
--- a/packages/apps/bucket/README.md
+++ b/packages/apps/bucket/README.md
@@ -1,3 +0,0 @@
-# S3 bucket
-
-## Parameters
--- a/packages/apps/bucket/templates/helmrelease.yaml
+++ b/packages/apps/bucket/templates/helmrelease.yaml
@@ -11,7 +11,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/apps/bucket/values.schema.json
+++ b/packages/apps/bucket/values.schema.json
@@ -1,5 +0,0 @@
-{
-    "title": "Chart Values",
-    "type": "object",
-    "properties": {}
-}
--- a/packages/apps/bucket/values.yaml
+++ b/packages/apps/bucket/values.yaml
@@ -1 +0,0 @@
-{}
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:4e1f5153d2673a399b315252238f4dc3eb5d6c59295aef594691710cc5b72eb4
+ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:529650c1aa6ee4ceba74af35b526e4e6f4ad44d9a8a75d1f2f2dbb015cbf194c
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.20.0
+version: 0.18.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,4 +1,4 @@
-KUBERNETES_VERSION = v1.32
+UBUNTU_CONTAINER_DISK_TAG = v1.30.1
 KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)

 include ../../../scripts/common-envs.mk
@@ -6,26 +6,21 @@ include ../../../scripts/package.mk

 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md
-	yq -o json -i '.properties.controlPlane.properties.apiServer.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.controllerManager.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.scheduler.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
-	yq -o json -i '.properties.controlPlane.properties.konnectivity.properties.server.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json

 image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler

 image-ubuntu-container-disk:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/ubuntu-container-disk \
 		--provenance false \
-		--build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)) \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)-$(TAG)) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
 		--cache-to type=inline \
 		--metadata-file images/ubuntu-container-disk.json \
 		--push=$(PUSH) \
 		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
+	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
 		> images/ubuntu-container-disk.tag
 	rm -f images/ubuntu-container-disk.json

--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -27,47 +27,20 @@ How to access to deployed cluster:
 kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o go-template='{{ printf "%s\n" (index .data "super-admin.conf" | base64decode) }}' > test
 ```

-## Parameters
+# Series

-### Common parameters
+<!-- source: https://github.com/kubevirt/common-instancetypes/blob/main/README.md -->

-| Name                    | Description                                                                                                                            | Value        |
-| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
-| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`         |
-| `controlPlane.replicas` | Number of replicas for Kubernetes control-plane components                                                                             | `2`          |
-| `storageClass`          | StorageClass used to store user data                                                                                                   | `replicated` |
-| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`         |
-
-### Cluster Addons
-
-| Name                                          | Description                                                                                                                                                       | Value   |
-| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `addons.certManager.enabled`                  | Enables the cert-manager                                                                                                                                          | `false` |
-| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.ingressNginx.enabled`                 | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)                                                                                          | `false` |
-| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.ingressNginx.hosts`                   | List of domain names that should be passed through to the cluster by upper cluster                                                                                | `[]`    |
-| `addons.gpuOperator.enabled`                  | Enables the gpu-operator                                                                                                                                          | `false` |
-| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.fluxcd.enabled`                       | Enables Flux CD                                                                                                                                                   | `false` |
-| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.monitoringAgents.enabled`             | Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage | `false` |
-| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                         | `{}`    |
-| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                         | `{}`    |
-
-### Kubernetes control plane configuration
-
-| Name                                               | Description                                                                                                                                                                                                       | Value   |
-| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `controlPlane.apiServer.resourcesPreset`           | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
-| `controlPlane.apiServer.resources`                 | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.controllerManager.resources`         | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.controllerManager.resourcesPreset`   | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
-| `controlPlane.scheduler.resourcesPreset`           | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
-| `controlPlane.scheduler.resources`                 | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.konnectivity.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
-| `controlPlane.konnectivity.server.resources`       | Resources                                                                                                                                                                                                         | `{}`    |
+.                           |  U  |  O  |  CX  |  M  |  RT
+----------------------------|-----|-----|------|-----|------
+*Has GPUs*                  |     |     |      |     |
+*Hugepages*                 |     |     |  ✓   |  ✓  |  ✓
+*Overcommitted Memory*      |     |  ✓  |      |     |
+*Dedicated CPU*             |     |     |  ✓   |     |  ✓
+*Burstable CPU performance* |  ✓  |  ✓  |      |  ✓  |
+*Isolated emulator threads* |     |     |  ✓   |     |  ✓
+*vNUMA*                     |     |     |  ✓   |     |  ✓
+*vCPU-To-Memory Ratio*      | 1:4 | 1:4 |  1:2 | 1:8 | 1:4


 ## U Series
--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.19.0@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.18.1@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.19.0@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.18.1@sha256:20d1ed52aadfeb71732cdd5060c76f322d147a5102b11d69ff0e7adf42698d79
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.19.0@sha256:5717919c75e609902c6d67138311a2a8fd07be822e2173f3802b67cf5f3486e9
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.18.1@sha256:14e887aab7cb40fb500135db7121e621a6086e578fbbc2b389ea672d3651caf5
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:4a4f8bee150e04d1efcd5ff1ea83e12f495a98851cc5fd47ef41ac7aebce9b74
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:6359b7877f04c6ac6641c0ebcc2a1d03cabfe1718464cd43f82e97724ad6aad8
--- a/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile
@@ -1,4 +1,3 @@
-# TODO: Here we use ubuntu:22.04, as guestfish has some network issues running in ubuntu:24.04
 FROM ubuntu:22.04 as guestfish

 ARG DEBIAN_FRONTEND=noninteractive
@@ -6,7 +5,6 @@ RUN apt-get update \
 && apt-get -y install \
     libguestfs-tools \
     linux-image-generic \
-     wget \
     make \
     bash-completion \
 && apt-get clean
@@ -15,10 +13,7 @@ WORKDIR /build

 FROM guestfish as builder

-# noble is a code name for the Ubuntu 24.04 LTS release
-RUN wget -O image.img https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
-
-ARG KUBERNETES_VERSION
+RUN wget -O image.img https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img

 RUN qemu-img resize image.img 5G \
 && eval "$(guestfish --listen --network)" \
@@ -31,8 +26,8 @@ RUN qemu-img resize image.img 5G \
 && guestfish --remote sh "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg" \
 && guestfish --remote sh 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list' \
 # kubernetes repo
- && guestfish --remote sh "curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" \
- && guestfish --remote sh "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list" \
+ && guestfish --remote sh "curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" \
+ && guestfish --remote sh "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list" \
 # install containerd
 && guestfish --remote command "apt-get update -y" \
 && guestfish --remote command "apt-get install -y containerd.io" \
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -39,13 +39,6 @@ spec:
              sockets: 1
            {{- end }}
            devices:
-              {{- if .group.gpus }}
-              gpus:
-              {{- range $i, $gpu := .group.gpus }}
-              - name: gpu{{ add $i 1 }}
-                deviceName: {{ $gpu.name }}
-              {{- end }}
-              {{- end }}
              disks:
              - name: system
                disk:
@@ -110,22 +103,22 @@ metadata:
    kamaji.clastix.io/kubeconfig-secret-key: "super-admin.svc"
 spec:
  apiServer:
-    {{- if .Values.controlPlane.apiServer.resources }}
-    resources: {{- toYaml .Values.controlPlane.apiServer.resources | nindent 6 }}
-    {{- else if ne .Values.controlPlane.apiServer.resourcesPreset "none" }}
-    resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.apiServer.resourcesPreset "Release" .Release) | nindent 6 }}
+    {{- if .Values.kamajiControlPlane.apiServer.resources }}
+    resources: {{- toYaml .Values.kamajiControlPlane.apiServer.resources | nindent 6 }}
+    {{- else if ne .Values.kamajiControlPlane.apiServer.resourcesPreset "none" }}
+    resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.apiServer.resourcesPreset "Release" .Release) | nindent 6 }}
    {{- end }}
  controllerManager:
-    {{- if .Values.controlPlane.controllerManager.resources }}
-    resources: {{- toYaml .Values.controlPlane.controllerManager.resources | nindent 6 }}
-    {{- else if ne .Values.controlPlane.controllerManager.resourcesPreset "none" }}
-    resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.controllerManager.resourcesPreset "Release" .Release) | nindent 6 }}
+    {{- if .Values.kamajiControlPlane.controllerManager.resources }}
+    resources: {{- toYaml .Values.kamajiControlPlane.controllerManager.resources | nindent 6 }}
+    {{- else if ne .Values.kamajiControlPlane.controllerManager.resourcesPreset "none" }}
+    resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.controllerManager.resourcesPreset "Release" .Release) | nindent 6 }}
    {{- end }}
  scheduler:
-    {{- if .Values.controlPlane.scheduler.resources }}
-    resources: {{- toYaml .Values.controlPlane.scheduler.resources | nindent 6 }}
-    {{- else if ne .Values.controlPlane.scheduler.resourcesPreset "none" }}
-    resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.scheduler.resourcesPreset "Release" .Release) | nindent 6 }}
+    {{- if .Values.kamajiControlPlane.scheduler.resources }}
+    resources: {{- toYaml .Values.kamajiControlPlane.scheduler.resources | nindent 6 }}
+    {{- else if ne .Values.kamajiControlPlane.scheduler.resourcesPreset "none" }}
+    resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.scheduler.resourcesPreset "Release" .Release) | nindent 6 }}
    {{- end }}
  dataStoreName: "{{ $etcd }}"
  addons:
@@ -135,10 +128,10 @@ spec:
    konnectivity:
      server:
        port: 8132
-        {{- if .Values.controlPlane.konnectivity.server.resources }}
-        resources: {{- toYaml .Values.controlPlane.konnectivity.server.resources | nindent 10 }}
-        {{- else if ne .Values.controlPlane.konnectivity.server.resourcesPreset "none" }}
-        resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.konnectivity.server.resourcesPreset "Release" .Release) | nindent 10 }}
+        {{- if .Values.kamajiControlPlane.addons.konnectivity.server.resources }}
+        resources: {{- toYaml .Values.kamajiControlPlane.addons.konnectivity.server.resources | nindent 10 }}
+        {{- else if ne .Values.kamajiControlPlane.addons.konnectivity.server.resourcesPreset "none" }}
+        resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.addons.konnectivity.server.resourcesPreset "Release" .Release) | nindent 10 }}
        {{- end }}
  kubelet:
    cgroupfs: systemd
@@ -283,7 +276,7 @@ spec:
        kind: KubevirtMachineTemplate
        name: {{ $.Release.Name }}-{{ $groupName }}-{{ $kubevirtmachinetemplateHash }}
        namespace: {{ $.Release.Namespace }}
-      version: v1.32.3
+      version: v1.30.1
 ---
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineHealthCheck
--- a/packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml
@@ -4,7 +4,7 @@ metadata:
  name: {{ .Release.Name }}-cert-manager-crds
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cert-manager-crds
@@ -16,7 +16,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-cert-manager
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cert-manager
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -31,9 +30,11 @@ spec:
  upgrade:
    remediation:
      retries: -1
-  {{- with .Values.addons.certManager.valuesOverride }}
-  values:
-    {{- toYaml . | nindent 4 }}
+  {{- if .Values.addons.certManager.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-cert-manager-values-override
+    valuesKey: values
  {{- end }}

  dependsOn:
@@ -46,3 +47,13 @@ spec:
  - name: {{ .Release.Name }}-cert-manager-crds
    namespace: {{ .Release.Namespace }}
 {{- end }}
+{{- if .Values.addons.certManager.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-cert-manager-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.certManager.valuesOverride | nindent 4 }}
+{{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
@@ -1,19 +1,10 @@
-{{- define "cozystack.defaultCiliumValues" -}}
-cilium:
-  k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
-  k8sServicePort: 6443
-  routingMode: tunnel
-  enableIPv4Masquerade: true
-  ipv4NativeRoutingCIDR: ""
-{{- end }}
-
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: {{ .Release.Name }}-cilium
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cilium
@@ -25,7 +16,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -40,7 +30,12 @@ spec:
    remediation:
      retries: -1
  values:
-    {{- toYaml (deepCopy .Values.addons.cilium.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCiliumValues" .))) | nindent 4 }}
+    cilium:
+      k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
+      k8sServicePort: 6443
+      routingMode: tunnel
+      enableIPv4Masquerade: true
+      ipv4NativeRoutingCIDR: ""
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
--- a/packages/apps/kubernetes/templates/helmreleases/csi.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/csi.yaml
@@ -4,7 +4,7 @@ metadata:
  name: {{ .Release.Name }}-csi
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: csi
@@ -16,7 +16,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -20,7 +20,7 @@ spec:
          effect: "NoSchedule"
      containers:
        - name: kubectl
-          image: docker.io/clastix/kubectl:v1.32
+          image: docker.io/clastix/kubectl:v1.30.1
          command:
            - /bin/sh
            - -c
@@ -38,7 +38,6 @@ spec:
                {{ .Release.Name }}-ingress-nginx
                {{ .Release.Name }}-fluxcd-operator
                {{ .Release.Name }}-fluxcd
-                {{ .Release.Name }}-gpu-operator
                -p '{"spec": {"suspend": true}}'
                --type=merge --field-manager=flux-client-side-apply || true
 ---
@@ -77,7 +76,6 @@ rules:
      - {{ .Release.Name }}-ingress-nginx
      - {{ .Release.Name }}-fluxcd-operator
      - {{ .Release.Name }}-fluxcd
-      - {{ .Release.Name }}-gpu-operator
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
--- a/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-fluxcd-operator
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: fluxcd-operator
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -50,7 +49,7 @@ metadata:
  name: {{ .Release.Name }}-fluxcd
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: fluxcd
@@ -62,7 +61,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-kubeconfig
@@ -75,9 +73,11 @@ spec:
  upgrade:
    remediation:
      retries: -1
-  {{- with .Values.addons.fluxcd.valuesOverride }}
-  values:
-    {{- toYaml . | nindent 4 }}
+  {{- if .Values.addons.fluxcd.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-fluxcd-values-override
+    valuesKey: values
  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
@@ -89,3 +89,14 @@ spec:
  - name: {{ .Release.Name }}-fluxcd-operator
    namespace: {{ .Release.Namespace }}
 {{- end }}
+
+{{- if .Values.addons.fluxcd.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-fluxcd-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.fluxcd.valuesOverride | nindent 4 }}
+{{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/gpu-operator.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/gpu-operator.yaml
@@ -1,46 +0,0 @@
-{{- if .Values.addons.gpuOperator.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: {{ .Release.Name }}-gpu-operator
-  labels:
-    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
-spec:
-  interval: 5m
-  releaseName: gpu-operator
-  chart:
-    spec:
-      chart: cozy-gpu-operator
-      reconcileStrategy: Revision
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-system
-        namespace: cozy-system
-      version: '>= 0.0.0-0'
-  kubeConfig:
-    secretRef:
-      name: {{ .Release.Name }}-admin-kubeconfig
-      key: super-admin.svc
-  targetNamespace: cozy-gpu-operator
-  storageNamespace: cozy-gpu-operator
-  install:
-    createNamespace: true
-    remediation:
-      retries: -1
-  upgrade:
-    remediation:
-      retries: -1
-  {{- with .Values.addons.gpuOperator.valuesOverride }}
-  values:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-
-  dependsOn:
-  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
-  - name: {{ .Release.Name }}
-    namespace: {{ .Release.Namespace }}
-  {{- end }}
-  - name: {{ .Release.Name }}-cilium
-    namespace: {{ .Release.Namespace }}
-{{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml
@@ -1,15 +1,3 @@
-{{- define "cozystack.defaultIngressValues" -}}
-ingress-nginx:
-  fullnameOverride: ingress-nginx
-  controller:
-    kind: DaemonSet
-    hostNetwork: true
-    service:
-      enabled: false
-  nodeSelector:
-    node-role.kubernetes.io/ingress-nginx: ""
-{{- end }}
-
 {{- if .Values.addons.ingressNginx.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -17,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-ingress-nginx
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: ingress-nginx
@@ -29,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -44,7 +31,21 @@ spec:
    remediation:
      retries: -1
  values:
-    {{- toYaml (deepCopy .Values.addons.ingressNginx.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultIngressValues" .))) | nindent 4 }}
+    ingress-nginx:
+      fullnameOverride: ingress-nginx
+      controller:
+        kind: DaemonSet
+        hostNetwork: true
+        service:
+          enabled: false
+      nodeSelector:
+        node-role.kubernetes.io/ingress-nginx: ""
+  {{- if .Values.addons.ingressNginx.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-ingress-nginx-values-override
+    valuesKey: values
+  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
@@ -53,3 +54,14 @@ spec:
  - name: {{ .Release.Name }}-cilium
    namespace: {{ .Release.Namespace }}
 {{- end }}
+
+{{- if .Values.addons.ingressNginx.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-ingress-nginx-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.ingressNginx.valuesOverride | nindent 4 }}
+{{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
@@ -7,7 +7,7 @@ metadata:
  name: {{ .Release.Name }}-monitoring-agents
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cozy-monitoring-agents
@@ -19,7 +19,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler-crds.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler-crds.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-vertical-pod-autoscaler-crds
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: vertical-pod-autoscaler-crds
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
@@ -1,28 +1,5 @@
-{{- define "cozystack.defaultVPAValues" -}}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
-vertical-pod-autoscaler:
-  recommender:
-    extraArgs:
-      container-name-label: container
-      container-namespace-label: namespace
-      container-pod-name-label: pod
-      storage: prometheus
-      memory-saver: true
-      pod-label-prefix: label_
-      metric-for-pod-labels: kube_pod_labels{job="kube-state-metrics", tenant="{{ .Release.Namespace }}", cluster="{{ .Release.Name }}"}[8d]
-      pod-name-label: pod
-      pod-namespace-label: namespace
-      prometheus-address: http://vmselect-shortterm.{{ $targetTenant }}.svc.cozy.local:8481/select/0/prometheus/
-      prometheus-cadvisor-job-name: cadvisor
-    resources:
-      limits:
-        memory: 1600Mi
-      requests:
-        cpu: 100m
-        memory: 1600Mi
-{{- end }}
-
 {{- if .Values.addons.monitoringAgents.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -30,7 +7,7 @@ metadata:
  name: {{ .Release.Name }}-vertical-pod-autoscaler
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: vertical-pod-autoscaler
@@ -42,7 +19,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -57,7 +33,32 @@ spec:
    remediation:
      retries: -1
  values:
-    {{- toYaml (deepCopy .Values.addons.verticalPodAutoscaler.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultVPAValues" .))) | nindent 4 }}
+    vertical-pod-autoscaler:
+      recommender:
+        extraArgs:
+          container-name-label: container
+          container-namespace-label: namespace
+          container-pod-name-label: pod
+          storage: prometheus
+          memory-saver: true
+          pod-label-prefix: label_
+          metric-for-pod-labels: kube_pod_labels{job="kube-state-metrics", tenant="{{ .Release.Namespace }}", cluster="{{ .Release.Name }}"}[8d]
+          pod-name-label: pod
+          pod-namespace-label: namespace
+          prometheus-address: http://vmselect-shortterm.{{ $targetTenant }}.svc.cozy.local:8481/select/0/prometheus/
+          prometheus-cadvisor-job-name: cadvisor
+        resources:
+          limits:
+            memory: 1600Mi
+          requests:
+            cpu: 100m
+            memory: 1600Mi
+  {{- if .Values.addons.verticalPodAutoscaler.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-vertical-pod-autoscaler-values-override
+    valuesKey: values
+  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
--- a/packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-cozy-victoria-metrics-operator
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cozy-victoria-metrics-operator
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -1,237 +1,97 @@
 {
-  "title": "Chart Values",
-  "type": "object",
-  "properties": {
-    "host": {
-      "type": "string",
-      "description": "The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).",
-      "default": ""
-    },
-    "controlPlane": {
-      "type": "object",
-      "properties": {
-        "replicas": {
-          "type": "number",
-          "description": "Number of replicas for Kubernetes control-plane components",
-          "default": 2
+    "title": "Chart Values",
+    "type": "object",
+    "properties": {
+        "host": {
+            "type": "string",
+            "description": "The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).",
+            "default": ""
        },
-        "apiServer": {
-          "type": "object",
-          "properties": {
-            "resourcesPreset": {
-              "type": "string",
-              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
-              "default": "small",
-              "enum": [
-                "none",
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-              ]
-            },
-            "resources": {
-              "type": "object",
-              "description": "Resources",
-              "default": {}
-            }
-          }
-        },
-        "controllerManager": {
-          "type": "object",
-          "properties": {
-            "resources": {
-              "type": "object",
-              "description": "Resources",
-              "default": {}
-            },
-            "resourcesPreset": {
-              "type": "string",
-              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
-              "default": "micro",
-              "enum": [
-                "none",
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-              ]
-            }
-          }
-        },
-        "scheduler": {
-          "type": "object",
-          "properties": {
-            "resourcesPreset": {
-              "type": "string",
-              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
-              "default": "micro",
-              "enum": [
-                "none",
-                "nano",
-                "micro",
-                "small",
-                "medium",
-                "large",
-                "xlarge",
-                "2xlarge"
-              ]
-            },
-            "resources": {
-              "type": "object",
-              "description": "Resources",
-              "default": {}
-            }
-          }
-        },
-        "konnectivity": {
-          "type": "object",
-          "properties": {
-            "server": {
-              "type": "object",
-              "properties": {
-                "resourcesPreset": {
-                  "type": "string",
-                  "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
-                  "default": "micro",
-                  "enum": [
-                    "none",
-                    "nano",
-                    "micro",
-                    "small",
-                    "medium",
-                    "large",
-                    "xlarge",
-                    "2xlarge"
-                  ]
-                },
-                "resources": {
-                  "type": "object",
-                  "description": "Resources",
-                  "default": {}
+        "controlPlane": {
+            "type": "object",
+            "properties": {
+                "replicas": {
+                    "type": "number",
+                    "description": "Number of replicas for Kubernetes contorl-plane components",
+                    "default": 2
+                }
+            }
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store user data",
+            "default": "replicated"
+        },
+        "addons": {
+            "type": "object",
+            "properties": {
+                "certManager": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean",
+                            "description": "Enables the cert-manager",
+                            "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
+                        }
+                    }
+                },
+                "ingressNginx": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean",
+                            "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
+                            "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "description": "List of domain names that should be passed through to the cluster by upper cluster",
+                            "default": [],
+                            "items": {}
+                        }
+                    }
+                },
+                "fluxcd": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean",
+                            "description": "Enables Flux CD",
+                            "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
+                        }
+                    }
+                },
+                "monitoringAgents": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean",
+                            "description": "Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage",
+                            "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
+                        }
+                    }
                }
-              }
            }
-          }
        }
-      }
-    },
-    "storageClass": {
-      "type": "string",
-      "description": "StorageClass used to store user data",
-      "default": "replicated"
-    },
-    "addons": {
-      "type": "object",
-      "properties": {
-        "certManager": {
-          "type": "object",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enables the cert-manager",
-              "default": false
-            },
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        },
-        "cilium": {
-          "type": "object",
-          "properties": {
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        },
-        "ingressNginx": {
-          "type": "object",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
-              "default": false
-            },
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            },
-            "hosts": {
-              "type": "array",
-              "description": "List of domain names that should be passed through to the cluster by upper cluster",
-              "default": [],
-              "items": {}
-            }
-          }
-        },
-        "gpuOperator": {
-          "type": "object",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enables the gpu-operator",
-              "default": false
-            },
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        },
-        "fluxcd": {
-          "type": "object",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enables Flux CD",
-              "default": false
-            },
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        },
-        "monitoringAgents": {
-          "type": "object",
-          "properties": {
-            "enabled": {
-              "type": "boolean",
-              "description": "Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage",
-              "default": false
-            },
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        },
-        "verticalPodAutoscaler": {
-          "type": "object",
-          "properties": {
-            "valuesOverride": {
-              "type": "object",
-              "description": "Custom values to override",
-              "default": {}
-            }
-          }
-        }
-      }
    }
-  }
 }
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1,10 +1,12 @@
 ## @section Common parameters

 ## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
-## @param controlPlane.replicas Number of replicas for Kubernetes control-plane components
+## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
 ## @param storageClass StorageClass used to store user data
 ##
 host: ""
+controlPlane:
+  replicas: 2
 storageClass: replicated

 ## @param nodeGroups [object] nodeGroups configuration
@@ -22,14 +24,6 @@ nodeGroups:
      cpu: ""
      memory: ""

-    ## List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
-    ## e.g:
-    ## instanceType: "u1.xlarge"
-    ## gpus:
-    ## - name: nvidia.com/AD102GL_L40S
-    gpus: []
-
-
 ## @section Cluster Addons
 ##
 addons:
@@ -42,12 +36,6 @@ addons:
    enabled: false
    valuesOverride: {}

-  ## Cilium CNI plugin
-  ##
-  cilium:
-    ## @param addons.cilium.valuesOverride Custom values to override
-    valuesOverride: {}
-
  ## Ingress-NGINX Controller
  ##
  ingressNginx:
@@ -64,14 +52,6 @@ addons:
    hosts: []
    valuesOverride: {}

-  ## GPU-operator: NVIDIA GPU Operator
-  ##
-  gpuOperator:
-    ## @param addons.gpuOperator.enabled Enables the gpu-operator
-    ## @param addons.gpuOperator.valuesOverride Custom values to override
-    enabled: false
-    valuesOverride: {}
-
  ## Flux CD
  ##
  fluxcd:
@@ -97,42 +77,62 @@ addons:
    ##
    valuesOverride: {}

-## @section Kubernetes control plane configuration
+## @section Kamaji control plane
 ##
-
-controlPlane:
-  replicas: 2
-
+kamajiControlPlane:
  apiServer:
-    ## @param controlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-    ## @param controlPlane.apiServer.resources Resources
-    ## e.g:
-    ## resources:
-    ##   limits:
-    ##     cpu: 4000m
-    ##     memory: 4Gi
-    ##   requests:
-    ##     cpu: 100m
-    ##     memory: 512Mi
-    ##
-    resourcesPreset: "small"
+    ## @param kamajiControlPlane.apiServer.resources Resources
    resources: {}
+    # resources:
+    #   limits:
+    #     cpu: 4000m
+    #     memory: 4Gi
+    #   requests:
+    #     cpu: 100m
+    #     memory: 512Mi
+    
+    ## @param kamajiControlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    resourcesPreset: "small"

  controllerManager:
-    ## @param controlPlane.controllerManager.resources Resources
-    ## @param controlPlane.controllerManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-    resourcesPreset: "micro"
+    ## @param kamajiControlPlane.controllerManager.resources Resources
    resources: {}
-
+    # resources:
+    #   limits:
+    #     cpu: 4000m
+    #     memory: 4Gi
+    #   requests:
+    #     cpu: 100m
+    #     memory: 512Mi
+    
+    ## @param kamajiControlPlane.controllerManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    resourcesPreset: "micro"
  scheduler:
-    ## @param controlPlane.scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-    ## @param controlPlane.scheduler.resources Resources
-    resourcesPreset: "micro"
+    ## @param kamajiControlPlane.scheduler.resources Resources
    resources: {}
-
-  konnectivity:
-    server:
-      ## @param controlPlane.konnectivity.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-      ## @param controlPlane.konnectivity.server.resources Resources
-      resourcesPreset: "micro"
-      resources: {}
+    # resources:
+    #   limits:
+    #     cpu: 4000m
+    #     memory: 4Gi
+    #   requests:
+    #     cpu: 100m
+    #     memory: 512Mi
+    
+    ## @param kamajiControlPlane.scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    resourcesPreset: "micro"
+  addons:
+    konnectivity:
+      server:
+        ## @param kamajiControlPlane.addons.konnectivity.server.resources Resources
+        resources: {}
+        # resources:
+        #   limits:
+        #     cpu: 4000m
+        #     memory: 4Gi
+        #   requests:
+        #     cpu: 100m
+        #     memory: 512Mi
+        
+        ## @param kamajiControlPlane.addons.konnectivity.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+        resourcesPreset: "micro"
+            
--- a/packages/apps/nats/templates/nats.yaml
+++ b/packages/apps/nats/templates/nats.yaml
@@ -33,7 +33,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -59,8 +59,7 @@ kubernetes 0.16.0 077045b0
 kubernetes 0.17.0 1fbbfcd0
 kubernetes 0.17.1 fd240701
 kubernetes 0.18.0 721c12a7
-kubernetes 0.19.0 93bdf411
-kubernetes 0.20.0 HEAD
+kubernetes 0.18.1 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
--- a/packages/core/installer/images/cozystack/Dockerfile
+++ b/packages/core/installer/images/cozystack/Dockerfile
@@ -30,8 +30,6 @@ FROM alpine:3.21

 RUN apk add --no-cache make
 RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
-RUN apk add yq
-RUN apk add coreutils

 COPY scripts /cozystack/scripts
 COPY --from=builder /src/packages/core /cozystack/packages/core
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.31.0-rc.1@sha256:ab0e8fd97632ba784a42a3d0714806ea327440f82ffa5c4896a87c5fb7c1ec6e
+  image: ghcr.io/cozystack/cozystack/installer:v0.30.5@sha256:e13c08b9e1adb90dc9e607a36018daef45942c4f9186710a6e37d1214bb9adfb
--- a/packages/core/platform/Makefile
+++ b/packages/core/platform/Makefile
@@ -7,11 +7,7 @@ show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS)

 apply:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) \
-		| kubectl apply -f-
-	kubectl delete helmreleases.helm.toolkit.fluxcd.io -l cozystack.io/marked-for-deletion=true -A
-
-reconcile: apply
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -f-

 namespaces-show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -161,7 +161,7 @@ releases:
  releaseName: piraeus-operator
  chart: cozy-piraeus-operator
  namespace: cozy-linstor
-  dependsOn: [cilium,cert-manager]
+  dependsOn: [cilium,cert-manager,victoria-metrics-operator]

 - name: snapshot-controller
  releaseName: snapshot-controller
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -134,11 +134,6 @@ releases:
  namespace: cozy-kubevirt
  privileged: true
  dependsOn: [cilium,kubeovn,kubevirt-operator]
-  {{- $cpuAllocationRatio := index $cozyConfig.data "cpu-allocation-ratio" }}
-  {{- if $cpuAllocationRatio }}
-  values:
-    cpuAllocationRatio: {{ $cpuAllocationRatio }}
-  {{- end }}

 - name: kubevirt-instancetypes
  releaseName: kubevirt-instancetypes
@@ -275,10 +270,7 @@ releases:
            {{- end }}
    {{- end }}
    {{- end }}
-      frontend:
-        resourcesPreset: "none"
      dashboard:
-        resourcesPreset: "none"
        {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }}
        {{- $branding := dig "data" "branding" "" $cozystackBranding }}
        {{- if $branding }}
--- a/packages/core/platform/bundles/paas-hosted.yaml
+++ b/packages/core/platform/bundles/paas-hosted.yaml
@@ -168,10 +168,7 @@ releases:
            {{- end }}
    {{- end }}
    {{- end }}
-      frontend:
-        resourcesPreset: "none"
      dashboard:
-        resourcesPreset: "none"
        {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }}
        {{- $branding := dig "data" "branding" "" $cozystackBranding }}
        {{- if $branding }}
--- a/packages/core/platform/templates/apps.yaml
+++ b/packages/core/platform/templates/apps.yaml
@@ -8,7 +8,7 @@
    {{- $host = index $cozyConfig.data "root-host" }}
  {{- end }}
 {{- end }}
-{{- $tenantRoot := dict }}
+{{- $tenantRoot := list }}
 {{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
 {{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- end }}
@@ -37,7 +37,7 @@ metadata:
  labels:
    cozystack.io/ui: "true"
 spec:
-  interval: 0s
+  interval: 1m
  releaseName: tenant-root
  install:
    remediation:
--- a/packages/core/platform/templates/helmreleases.yaml
+++ b/packages/core/platform/templates/helmreleases.yaml
@@ -7,23 +7,12 @@

 {{/* collect dependency namespaces from releases */}}
 {{- range $x := $bundle.releases }}
-{{-   $_ := set $dependencyNamespaces $x.name $x.namespace }}
+{{- $_ := set $dependencyNamespaces $x.name $x.namespace }}
 {{- end }}

 {{- range $x := $bundle.releases }}
-
-{{- $shouldInstall := true }}
-{{- $shouldDelete := false }}
-{{- if or (has $x.name $disabledComponents) (and ($x.optional) (not (has $x.name $enabledComponents))) }}
-{{-   $shouldInstall = false }}
-{{-   if $.Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{-     if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" $x.namespace $x.name }}
-{{-       $shouldDelete = true }}
-{{-     end }}
-{{-   end }}
-{{- end }}
-
-{{- if or $shouldInstall $shouldDelete }}
+{{- if not (has $x.name $disabledComponents) }}
+{{- if or (not $x.optional) (and ($x.optional) (has $x.name $enabledComponents)) }}
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -33,9 +22,6 @@ metadata:
  labels:
    cozystack.io/repository: system
    cozystack.io/system-app: "true"
-    {{- if $shouldDelete }}
-    cozystack.io/marked-for-deletion: "true"
-    {{- end }}
 spec:
  interval: 5m
  releaseName: {{ $x.releaseName | default $x.name }}
@@ -55,17 +41,16 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
      {{- with $x.valuesFiles }}
      valuesFiles:
      {{- toYaml $x.valuesFiles | nindent 6 }}
      {{- end }}
  {{- $values := dict }}
  {{- with $x.values }}
-  {{-   $values = merge . $values }}
+  {{- $values = merge . $values }}
  {{- end }}
  {{- with index $cozyConfig.data (printf "values-%s" $x.name) }}
-  {{-   $values = merge (fromYaml .) $values }}
+  {{- $values = merge (fromYaml .) $values }}
  {{- end }}
  {{- with $values }}
  values:
@@ -85,12 +70,13 @@ spec:

  {{- with $x.dependsOn }}
  dependsOn:
-  {{-   range $dep := . }}
-  {{-     if not (has $dep $disabledComponents) }}
+  {{- range $dep := . }}
+  {{- if not (has $dep $disabledComponents) }}
  - name: {{ $dep }}
    namespace: {{ index $dependencyNamespaces $dep }}
-  {{-     end }}
-  {{-   end }}
+  {{- end }}
+  {{- end }}
  {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
--- a/packages/core/testing/Makefile
+++ b/packages/core/testing/Makefile
@@ -11,6 +11,14 @@ include ../../../scripts/common-envs.mk

 help: ## Show this help.
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+show:
+	helm template -n $(NAMESPACE) $(NAME) .
+
+apply: ## Create sandbox in existing Kubernetes cluster.
+	helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f -
+
+diff:
+	helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f -

 image: image-e2e-sandbox

@@ -31,11 +39,26 @@ image-e2e-sandbox:
 test: ## Run the end-to-end tests in existing sandbox.
 	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/e2e.sh'

+test-applications: ## Run the end-to-end tests in existing sandbox for applications.
+	for app in $(TESTING_APPS); do \
+		docker exec ${SANDBOX_NAME} bash -c "/hack/e2e.application.sh $${app}"; \
+	done
+	docker exec  ${SANDBOX_NAME} bash -c "kubectl get hr -A | grep -v 'True'"
+
 delete: ## Remove sandbox from existing Kubernetes cluster.
 	docker rm -f "${SANDBOX_NAME}" || true

 exec:  ## Opens an interactive shell in the sandbox container.
-	docker exec -ti "${SANDBOX_NAME}" bash
+	docker exec -ti "${SANDBOX_NAME}" -- bash
+
+proxy: sync-hosts ## Enable a SOCKS5 proxy server; mirrord and gost must be installed.
+	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- gost -L=127.0.0.1:10080
+
+login: ## Downloads the kubeconfig into a temporary directory and runs a shell with the sandbox environment; mirrord must be installed.
+	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- "$$SHELL"
+
+sync-hosts:
+	kubectl exec -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'kubectl get ing -A -o go-template='\''{{ "127.0.0.1 localhost\n"}}{{ range .items }}{{ range .status.loadBalancer.ingress }}{{ .ip }}{{ end }} {{ range .spec.rules }}{{ .host }}{{ end }}{{ "\n" }}{{ end }}'\'' > /etc/hosts'

 apply: delete
 	docker run -d --rm --name "${SANDBOX_NAME}" --privileged "$$(yq .e2e.image values.yaml)" sleep infinity
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.0-rc.1@sha256:a20a6834527ccfc8daf7413a15234f3f7dbbd7774810c8e1966736d487ef7d0c
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.5@sha256:c887410f9004805522594680fd05d5454953613fd568c527589952294d9793e9
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.31.0-rc.1@sha256:de69166fd6efec988cad7ad5be41bbb57c8134508c531d7496fc7f15772e4993
+ghcr.io/cozystack/cozystack/matchbox:v0.30.5@sha256:167b592b12273150ae3182004fcd40fbdf5471119ac8ce0b18e6934af5b3e08e
--- a/packages/extra/info/Chart.yaml
+++ b/packages/extra/info/Chart.yaml
@@ -3,4 +3,4 @@ name: info
 description: Info
 icon: /logos/info.svg
 type: application
-version: 1.0.1
+version: 1.0.0
--- a/packages/extra/info/templates/kubeconfig.yaml
+++ b/packages/extra/info/templates/kubeconfig.yaml
@@ -11,13 +11,6 @@
 {{- $k8sClient := index $k8sClientSecret.data "client-secret-key" | b64dec }}
 {{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }}
 {{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }}
-
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- end }}
-{{- end }}
 ---
 apiVersion: v1
 kind: Secret
--- a/packages/extra/ingress/Chart.yaml
+++ b/packages/extra/ingress/Chart.yaml
@@ -3,4 +3,4 @@ name: ingress
 description: NGINX Ingress Controller
 icon: /logos/ingress-nginx.svg
 type: application
-version: 1.6.0
+version: 1.4.0
--- a/packages/extra/ingress/README.md
+++ b/packages/extra/ingress/README.md
@@ -4,14 +4,12 @@

 ### Common parameters

-| Name              | Description                                                       | Value   |
-| ----------------- | ----------------------------------------------------------------- | ------- |
-| `replicas`        | Number of ingress-nginx replicas                                  | `2`     |
-| `externalIPs`     | List of externalIPs for service.                                  | `[]`    |
-| `whitelist`       | List of client networks                                           | `[]`    |
-| `clouflareProxy`  | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` |
-| `dashboard`       | Should ingress serve Cozystack service dashboard                  | `false` |
-| `cdiUploadProxy`  | Should ingress serve CDI upload proxy                             | `false` |
-| `virtExportProxy` | Should ingress serve KubeVirt export proxy                        | `false` |
-| `api`             | Should ingress serve Cozystack API                                | `true`  |
+| Name             | Description                                                       | Value   |
+| ---------------- | ----------------------------------------------------------------- | ------- |
+| `replicas`       | Number of ingress-nginx replicas                                  | `2`     |
+| `externalIPs`    | List of externalIPs for service.                                  | `[]`    |
+| `whitelist`      | List of client networks                                           | `[]`    |
+| `clouflareProxy` | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` |
+| `dashboard`      | Should ingress serve Cozystack service dashboard                  | `false` |
+| `cdiUploadProxy` | Should ingress serve CDI upload proxy                             | `false` |

--- a/packages/extra/ingress/templates/api.yaml
+++ b/packages/extra/ingress/templates/api.yaml
@@ -1,29 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
-
-{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
-{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
-
-{{- if .Values.api }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-  name: api-{{ .Release.Namespace }}
-  namespace: default
-spec:
-  ingressClassName: {{ .Release.Namespace }}
-  rules:
-  - host: api.{{ $host }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: kubernetes
-            port:
-              number: 443
-        path: /
-        pathType: Prefix
-{{- end }}
--- a/packages/extra/ingress/templates/cdi-uploadproxy.yaml
+++ b/packages/extra/ingress/templates/cdi-uploadproxy.yaml
@@ -10,7 +10,11 @@ kind: Ingress
 metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    {{- if eq $issuerType "cloudflare" }} 
+    {{- else }}
+    acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }}
+    {{- end }}
  name: cdi-uploadproxy-{{ .Release.Namespace }}
  namespace: cozy-kubevirt-cdi
 spec:
@@ -26,4 +30,8 @@ spec:
              number: 443
        path: /
        pathType: Prefix
+  tls:
+  - hosts:
+    - cdi-uploadproxy.{{ $host }}
+    secretName: cdi-uploadproxy-{{ .Release.Namespace }}-tls
 {{- end }}
--- a/packages/extra/ingress/templates/dashboard.yaml
+++ b/packages/extra/ingress/templates/dashboard.yaml
@@ -4,15 +4,6 @@
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}

-{{- $tenantRoot := dict }}
-{{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
-{{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
-{{- end }}
-{{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
-{{- $host = $tenantRoot.spec.values.host }}
-{{- else }}
-{{- end }}
-
 {{- if .Values.dashboard }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
--- a/packages/extra/ingress/templates/nginx-ingress.yaml
+++ b/packages/extra/ingress/templates/nginx-ingress.yaml
@@ -11,7 +11,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/extra/ingress/templates/vm-exportproxy.yaml
+++ b/packages/extra/ingress/templates/vm-exportproxy.yaml
@@ -1,29 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
-
-{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
-{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
-
-{{- if .Values.virtExportProxy }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-  name: virt-exportproxy-{{ .Release.Namespace }}
-  namespace: cozy-kubevirt
-spec:
-  ingressClassName: {{ .Release.Namespace }}
-  rules:
-  - host: virt-exportproxy.{{ $host }}
-    http:
-      paths:
-      - backend:
-          service:
-            name: virt-exportproxy
-            port:
-              number: 443
-        path: /
-        pathType: ImplementationSpecific
-{{- end }}
--- a/packages/extra/ingress/values.schema.json
+++ b/packages/extra/ingress/values.schema.json
@@ -35,16 +35,6 @@
            "type": "boolean",
            "description": "Should ingress serve CDI upload proxy",
            "default": false
-        },
-        "virtExportProxy": {
-            "type": "boolean",
-            "description": "Should ingress serve KubeVirt export proxy",
-            "default": false
-        },
-        "api": {
-            "type": "boolean",
-            "description": "Should ingress serve Cozystack API",
-            "default": true
        }
    }
 }
--- a/packages/extra/ingress/values.yaml
+++ b/packages/extra/ingress/values.yaml
@@ -30,9 +30,3 @@ dashboard: false

 ## @param cdiUploadProxy Should ingress serve CDI upload proxy
 cdiUploadProxy: false
-
-## @param virtExportProxy Should ingress serve KubeVirt export proxy
-virtExportProxy: false
-
-## @param api Should ingress serve Cozystack API
-api: true
--- a/packages/extra/monitoring/images/grafana.tag
+++ b/packages/extra/monitoring/images/grafana.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:66c4547efd18b4d7475ff73b2c4e2f39e9b4471d55e85237e2fe3e87af05c302
+ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:24382d445bf7a39ed988ef4dc7a0d9f084db891fcb5f42fd2e64622710b9457e
--- a/packages/extra/seaweedfs/templates/seaweedfs.yaml
+++ b/packages/extra/seaweedfs/templates/seaweedfs.yaml
@@ -14,7 +14,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -11,15 +11,12 @@ etcd 2.5.0 24fa7222
 etcd 2.6.0 8c460528
 etcd 2.6.1 45a7416c
 etcd 2.7.0 HEAD
-info 1.0.0 93bdf411
-info 1.0.1 HEAD
+info 1.0.0 HEAD
 ingress 1.0.0 d7cfa53c
 ingress 1.1.0 5bbc488e
 ingress 1.2.0 28fca4ef
 ingress 1.3.0 fde4bcfa
-ingress 1.4.0 fd240701
-ingress 1.5.0 93bdf411
-ingress 1.6.0 HEAD
+ingress 1.4.0 HEAD
 monitoring 1.0.0 d7cfa53c
 monitoring 1.1.0 25221fdc
 monitoring 1.2.0 f81be075
--- a/packages/system/Makefile
+++ b/packages/system/Makefile
@@ -5,7 +5,7 @@ include ../../scripts/common-envs.mk
 repo:
 	rm -rf "$(OUT)"
 	mkdir -p "$(OUT)"
-	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(COZYSTACK_VERSION)
+	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(VERSION)
 	cd "$(OUT)" && helm repo index .

 fix-chartnames:
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:67e4a5da0ab43d93e8b75094d5a2db8159cb927a47b94f945f80d0ffb93d3301
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:31da347157adc2e05e280b958eae8b027eda75be4c2db0bf608197c0b3b30d2e
--- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.19.0
+appVersion: 0.18.1
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.19.0
+version: 0.18.1
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml
@@ -1,8 +1,26 @@
 # Addon provider
-{{- range $name, $addon := $.Values.addon }}
-  {{- $addonNamespace := default ( printf "%s-%s" $name "addon-system" ) (get $addon "namespace") }}
-  {{- $addonName := $name }}
-  {{- $addonVersion := get $addon "version" }}
+{{- if .Values.addon }}
+{{- $addons := split ";" .Values.addon }}
+{{- $addonNamespace := "" }}
+{{- $addonName := "" }}
+{{- $addonVersion := "" }}
+{{- range $addon := $addons }}
+{{- $addonArgs := split ":" $addon }}
+{{- $addonArgsLen :=  len $addonArgs }}
+{{-  if eq $addonArgsLen 3 }}
+  {{- $addonNamespace = $addonArgs._0 }}
+  {{- $addonName = $addonArgs._1 }}
+  {{- $addonVersion = $addonArgs._2 }}
+{{-  else if eq $addonArgsLen 2 }}
+  {{- $addonNamespace = print $addonArgs._0 "-addon-system" }}
+  {{- $addonName = $addonArgs._0 }}
+  {{- $addonVersion = $addonArgs._1 }}
+{{-  else if eq $addonArgsLen 1 }}
+  {{- $addonNamespace = print $addonArgs._0 "-addon-system" }}
+  {{- $addonName = $addonArgs._0 }}
+{{- else }}
+  {{- fail "addon provider argument should have the following format helm:v1.0.0 or mynamespace:helm:v1.0.0" }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -38,24 +56,5 @@ spec:
 {{- if $.Values.secretNamespace }}
  secretNamespace: {{ $.Values.secretNamespace }}
 {{- end }}
-{{- if $addon.manifestPatches }}
-  manifestPatches: {{ toYaml $addon.manifestPatches | nindent 4 }}
 {{- end }}
-{{- if $addon.additionalManifests }}
-  additionalManifests:
-    name: {{ $addon.additionalManifests.name }}
-    {{- if $addon.additionalManifests.namespace }}
-    namespace: {{ $addon.additionalManifests.namespace }}
-    {{- end }} {{/* if $addon.additionalManifests.namespace */}}
 {{- end }}
-{{- if $addon.additionalManifests }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $addon.additionalManifests.name }}
-  namespace: {{ default $addonNamespace $addon.additionalManifests.namespace }}
-data:
-  manifests: {{- toYaml $addon.additionalManifests.manifests | nindent 4 }}
-{{- end }}
-{{- end }} {{/* range $name, $addon := .Values.addon */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml
@@ -1,8 +1,26 @@
 # Bootstrap provider
-{{- range $name, $bootstrap := $.Values.bootstrap }}
-  {{- $bootstrapNamespace := default ( printf "%s-%s" $name "bootstrap-system" ) (get $bootstrap "namespace") }}
-  {{- $bootstrapName := $name }}
-  {{- $bootstrapVersion := get $bootstrap "version" }}
+{{- if .Values.bootstrap }}
+{{- $bootstraps := split ";" .Values.bootstrap }}
+{{- $bootstrapNamespace := "" }}
+{{- $bootstrapName := "" }}
+{{- $bootstrapVersion := "" }}
+{{- range $bootstrap := $bootstraps }}
+{{- $bootstrapArgs := split ":" $bootstrap }}
+{{- $bootstrapArgsLen :=  len $bootstrapArgs }}
+{{-  if eq $bootstrapArgsLen 3 }}
+  {{- $bootstrapNamespace = $bootstrapArgs._0 }}
+  {{- $bootstrapName = $bootstrapArgs._1 }}
+  {{- $bootstrapVersion = $bootstrapArgs._2 }}
+{{-  else if eq $bootstrapArgsLen 2 }}
+  {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }}
+  {{- $bootstrapName = $bootstrapArgs._0 }}
+  {{- $bootstrapVersion = $bootstrapArgs._1 }}
+{{-  else if eq $bootstrapArgsLen 1 }}
+  {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }}
+  {{- $bootstrapName = $bootstrapArgs._0 }}
+{{- else }}
+  {{- fail "bootstrap provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -39,24 +57,5 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
-{{- if $bootstrap.manifestPatches }}
-  manifestPatches: {{ toYaml $bootstrap.manifestPatches | nindent 4 }}
 {{- end }}
-{{- if $bootstrap.additionalManifests }}
-  additionalManifests:
-    name: {{ $bootstrap.additionalManifests.name }}
-    {{- if $bootstrap.additionalManifests.namespace }}
-    namespace: {{ $bootstrap.additionalManifests.namespace }}
-    {{- end }} {{/* if $bootstrap.additionalManifests.namespace */}}
 {{- end }}
-{{- if $bootstrap.additionalManifests }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $bootstrap.additionalManifests.name }}
-  namespace: {{ default $bootstrapNamespace $bootstrap.additionalManifests.namespace }}
-data:
-  manifests: {{- toYaml $bootstrap.additionalManifests.manifests | nindent 4 }}
-{{- end }}
-{{- end }} {{/* range $name, $bootstrap := .Values.bootstrap */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml
@@ -1,8 +1,26 @@
 # Control plane provider
-{{- range $name, $controlPlane := $.Values.controlPlane }}
-  {{- $controlPlaneNamespace := default ( printf "%s-%s" $name "control-plane-system" ) (get $controlPlane "namespace") }}
-  {{- $controlPlaneName := $name }}
-  {{- $controlPlaneVersion := get $controlPlane "version" }}
+{{- if .Values.controlPlane }}
+{{- $controlPlanes := split ";" .Values.controlPlane }}
+{{- $controlPlaneNamespace := "" }}
+{{- $controlPlaneName := "" }}
+{{- $controlPlaneVersion := "" }}
+{{- range $controlPlane := $controlPlanes }}
+{{- $controlPlaneArgs := split ":" $controlPlane }}
+{{- $controlPlaneArgsLen :=  len $controlPlaneArgs }}
+{{-  if eq $controlPlaneArgsLen 3 }}
+  {{- $controlPlaneNamespace = $controlPlaneArgs._0 }}
+  {{- $controlPlaneName = $controlPlaneArgs._1 }}
+  {{- $controlPlaneVersion = $controlPlaneArgs._2 }}
+{{-  else if eq $controlPlaneArgsLen 2 }}
+  {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }}
+  {{- $controlPlaneName = $controlPlaneArgs._0 }}
+  {{- $controlPlaneVersion = $controlPlaneArgs._1 }}
+{{-  else if eq $controlPlaneArgsLen 1 }}
+  {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }}
+  {{- $controlPlaneName = $controlPlaneArgs._0 }}
+{{- else }}
+  {{- fail "controlplane provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }}
+{{-  end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -52,24 +70,5 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
-{{- if $controlPlane.manifestPatches }}
-  manifestPatches: {{ toYaml $controlPlane.manifestPatches | nindent 4 }}
 {{- end }}
-{{- if $controlPlane.additionalManifests }}
-  additionalManifests:
-    name: {{ $controlPlane.additionalManifests.name }}
-    {{- if $controlPlane.additionalManifests.namespace }}
-    namespace: {{ $controlPlane.additionalManifests.namespace }}
-    {{- end }} {{/* if $controlPlane.additionalManifests.namespace */}}
 {{- end }}
-{{- if $controlPlane.additionalManifests }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $controlPlane.additionalManifests.name }}
-  namespace: {{ default $controlPlaneNamespace $controlPlane.additionalManifests.namespace }}
-data:
-  manifests: {{- toYaml $controlPlane.additionalManifests.manifests | nindent 4 }}
-{{- end }}
-{{- end }} {{/* range $name, $controlPlane := .Values.controlPlane */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml
@@ -1,8 +1,25 @@
 # Core provider
-{{- range $name, $core := $.Values.core }}
-  {{- $coreNamespace := default "capi-system" (get $core "namespace") }}
-  {{- $coreName := $name }}
-  {{- $coreVersion := get $core "version" }}
+{{- if .Values.core }}
+{{- $coreArgs := split ":" .Values.core }}
+{{- $coreArgsLen :=  len $coreArgs }}
+{{- $coreVersion := "" }}
+{{- $coreNamespace := "" }}
+{{- $coreName := "" }}
+{{- $coreVersion := "" }}
+{{-  if eq $coreArgsLen 3 }}
+  {{- $coreNamespace = $coreArgs._0 }}
+  {{- $coreName = $coreArgs._1 }}
+  {{- $coreVersion = $coreArgs._2 }}
+{{-  else if eq $coreArgsLen 2 }}
+  {{- $coreNamespace = "capi-system" }}
+  {{- $coreName = $coreArgs._0 }}
+  {{- $coreVersion = $coreArgs._1 }}
+{{-  else if eq $coreArgsLen 1 }}
+  {{- $coreNamespace = "capi-system" }}
+  {{- $coreName = $coreArgs._0 }}
+{{- else }}
+  {{- fail "core provider argument should have the following format cluster-api:v1.0.0 or mynamespace:cluster-api:v1.0.0" }}
+{{-  end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -48,24 +65,4 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
-{{- if $core.manifestPatches }}
-  manifestPatches: {{ toYaml $core.manifestPatches | nindent 4 }}
 {{- end }}
-{{- if $core.additionalManifests }}
-  additionalManifests:
-    name: {{ $core.additionalManifests.name }}
-    {{- if $core.additionalManifests.namespace }}
-    namespace: {{ $core.additionalManifests.namespace }}
-    {{- end }}
-{{- end }}
-{{- if $core.additionalManifests }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $core.additionalManifests.name }}
-  namespace: {{ default $coreNamespace $core.additionalManifests.namespace }}
-data:
-  manifests: {{- toYaml $core.additionalManifests.manifests | nindent 4 }}
-{{- end }}
-{{- end }} {{/* range $name, $core := .Values.core */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml
@@ -1,8 +1,26 @@
 # Infrastructure providers
-{{- range $name, $infra := $.Values.infrastructure }}
-  {{- $infrastructureNamespace := default ( printf "%s-%s" $name "infrastructure-system" ) (get $infra "namespace") }}
-  {{- $infrastructureName := $name }}
-  {{- $infrastructureVersion := get $infra "version" }}
+{{- if .Values.infrastructure }}
+{{- $infrastructures := split ";" .Values.infrastructure }}
+{{- $infrastructureNamespace := "" }}
+{{- $infrastructureName := "" }}
+{{- $infrastructureVersion := "" }}
+{{- range $infrastructure := $infrastructures }}
+{{- $infrastructureArgs := split ":" $infrastructure }}
+{{- $infrastructureArgsLen := len $infrastructureArgs }}
+{{-  if eq $infrastructureArgsLen 3 }}
+  {{- $infrastructureNamespace = $infrastructureArgs._0 }}
+  {{- $infrastructureName = $infrastructureArgs._1 }}
+  {{- $infrastructureVersion = $infrastructureArgs._2 }}
+{{-  else if eq $infrastructureArgsLen 2 }}
+  {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }}
+  {{- $infrastructureName = $infrastructureArgs._0 }}
+  {{- $infrastructureVersion = $infrastructureArgs._1 }}
+{{-  else if eq $infrastructureArgsLen 1 }}
+  {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }}
+  {{- $infrastructureName = $infrastructureArgs._0 }}
+{{- else }}
+  {{- fail "infrastructure provider argument should have the following format aws:v1.0.0 or mynamespace:aws:v1.0.0" }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -65,24 +83,5 @@ spec:
 {{- if $.Values.additionalDeployments }}
  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
 {{- end }}
-{{- if $infra.manifestPatches }}
-  manifestPatches: {{- toYaml $infra.manifestPatches | nindent 4 }}
-{{- end }} {{/* if $infra.manifestPatches */}}
-{{- if $infra.additionalManifests }}
-  additionalManifests:
-    name: {{ $infra.additionalManifests.name }}
-    {{- if $infra.additionalManifests.namespace }}
-    namespace: {{ $infra.additionalManifests.namespace }}
-    {{- end }} {{/* if $infra.additionalManifests.namespace */}}
-{{- end }} {{/* if $infra.additionalManifests */}}
-{{- if $infra.additionalManifests }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $infra.additionalManifests.name }}
-  namespace: {{ default $infrastructureNamespace $infra.additionalManifests.namespace }}
-data:
-  manifests: {{- toYaml $infra.additionalManifests.manifests | nindent 4 }}
 {{- end }}
-{{- end }} {{/* range $name, $infra := .Values.infrastructure */}}
+{{- end }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml
@@ -1,8 +1,26 @@
 # IPAM providers
-{{- range $name, $ipam := $.Values.ipam }}
-  {{- $ipamNamespace := default ( printf "%s-%s" $name "ipam-system" ) (get $ipam "namespace") }}
-  {{- $ipamName := $name }}
-  {{- $ipamVersion := get $ipam "version" }}
+{{- if .Values.ipam }}
+{{- $ipams := split ";" .Values.ipam }}
+{{- $ipamNamespace := "" }}
+{{- $ipamName := "" }}
+{{- $ipamVersion := "" }}
+{{- range $ipam := $ipams }}
+{{- $ipamArgs := split ":" $ipam }}
+{{- $ipamArgsLen := len $ipamArgs }}
+{{-  if eq $ipamArgsLen 3 }}
+  {{- $ipamNamespace = $ipamArgs._0 }}
+  {{- $ipamName = $ipamArgs._1 }}
+  {{- $ipamVersion = $ipamArgs._2 }}
+{{-  else if eq $ipamArgsLen 2 }}
+  {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
+  {{- $ipamName = $ipamArgs._0 }}
+  {{- $ipamVersion = $ipamArgs._1 }}
+{{-  else if eq $ipamArgsLen 1 }}
+  {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
+  {{- $ipamName = $ipamArgs._0 }}
+{{- else }}
+  {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -52,27 +70,8 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
-{{- if $ipam.manifestPatches }}
-  manifestPatches: {{ toYaml $ipam.manifestPatches | nindent 4 }}
-{{- end }}
 {{- if $.Values.additionalDeployments }}
  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
 {{- end }}
-{{- if $ipam.additionalManifests }}
-  additionalManifests:
-    name: {{ $ipam.additionalManifests.name }}
-    {{- if $ipam.additionalManifests.namespace }}
-    namespace: {{ $ipam.additionalManifests.namespace }}
-    {{- end }} {{/* if $ipam.additionalManifests.namespace */}}
 {{- end }}
-{{- if $ipam.additionalManifests }}
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $ipam.additionalManifests.name }}
-  namespace: {{ default $ipamNamespace $ipam.additionalManifests.namespace }}
-data:
-  manifests: {{- toYaml $ipam.additionalManifests.manifests | nindent 4 }}
 {{- end }}
-{{- end }} {{/* range $name, $ipam := .Values.ipam */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml
@@ -1305,13 +1305,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -2843,13 +2836,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -3062,32 +3048,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -3097,8 +3078,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -4732,32 +4711,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -4767,8 +4741,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -6071,13 +6043,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -7609,13 +7574,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -7828,32 +7786,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -7863,8 +7816,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -9499,32 +9450,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -9534,8 +9480,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -10839,13 +10783,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -12377,13 +12314,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -12597,32 +12527,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -12632,8 +12557,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -14267,32 +14190,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -14302,8 +14220,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -15606,13 +15522,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -17144,13 +17053,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -17363,32 +17265,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -17398,8 +17295,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -19034,32 +18929,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -19069,8 +18959,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -20374,13 +20262,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -21912,13 +21793,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -22132,32 +22006,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -22167,8 +22036,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -23504,13 +23371,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -25042,13 +24902,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -25261,32 +25114,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -25296,8 +25144,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -26635,13 +26481,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
-                        additionalArgs:
-                          additionalProperties:
-                            type: string
-                          description: |-
-                            AdditionalArgs is a map of additional options that will be passed
-                            in as container args to the provider's controller manager.
-                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -28173,13 +28012,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
-                  additionalArgs:
-                    additionalProperties:
-                      type: string
-                    description: |-
-                      AdditionalArgs is a map of additional options that will be passed
-                      in as container args to the provider's controller manager.
-                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -28393,32 +28225,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
-                      maxLength: 10240
-                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
-                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -28428,8 +28255,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      maxLength: 256
-                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
--- a/packages/system/capi-operator/charts/cluster-api-operator/values.schema.json
+++ b/packages/system/capi-operator/charts/cluster-api-operator/values.schema.json
@@ -1,47 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "type": "object",
-  "properties": {
-    "core": {
-      "oneOf": [
-        { "type": "object" },
-        { "type": "null" }
-      ]
-    },
-    "bootstrap": {
-      "type": "object",
-      "oneOf": [
-        { "type": "object" },
-        { "type": "null" }
-      ]
-    },
-    "controlPlane": {
-      "type": "object",
-      "oneOf": [
-        { "type": "object" },
-        { "type": "null" }
-      ]
-    },
-    "infrastructure": {
-      "type": "object",
-      "oneOf": [
-        { "type": "object" },
-        { "type": "null" }
-      ]
-    },
-    "addon": {
-      "type": "object",
-      "oneOf": [
-        { "type": "object" },
-        { "type": "null" }
-      ]
-    },
-    "ipam": {
-      "type": "object",
-      "oneOf": [
-        { "type": "object" },
-        { "type": "null" }
-      ]
-    }
-  }
-}
--- a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml
@@ -1,30 +1,12 @@
 ---
 # ---
 # Cluster API provider options
-core: {}
-# cluster-api: {}  # Name, required
-#   namespace: ""  # Optional
-#   version: ""    # Optional
-bootstrap: {}
-# kubeadm: {}      # Name, required
-#   namespace: ""  # Optional
-#   version: ""    # Optional
-controlPlane: {}
-# kubeadm: {}      # Name, required
-#   namespace: ""  # Optional
-#   version: ""    # Optional
-infrastructure: {}
-# docker: {}  # Name, required
-#   namespace: ""  # Optional
-#   version: ""    # Optional
-addon: {}
-# helm: {}         # Name, required
-#   namespace: ""  # Optional
-#   version: ""    # Optional
-ipam: {}
-# in-cluster: {}   # Name, required
-#   namespace: ""  # Optional
-#   version: ""    # Optional
+core: ""
+bootstrap: ""
+controlPlane: ""
+infrastructure: ""
+ipam: ""
+addon: ""
 manager.featureGates: {}
 fetchConfig: {}
 # ---
@@ -39,7 +21,7 @@ leaderElection:
 image:
  manager:
    repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.19.0
+    tag: v0.18.1
    pullPolicy: IfNotPresent
 env:
  manager: []
--- a/packages/system/capi-providers/templates/providers.yaml
+++ b/packages/system/capi-providers/templates/providers.yaml
@@ -5,7 +5,7 @@ metadata:
  name: cluster-api
 spec:
  # https://github.com/kubernetes-sigs/cluster-api
-  version: v1.10.0
+  version: v1.9.5
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: ControlPlaneProvider
@@ -13,7 +13,7 @@ metadata:
  name: kamaji
 spec:
  # https://github.com/clastix/cluster-api-control-plane-provider-kamaji
-  version: v0.14.2
+  version: v0.14.1
  deployment:
    containers:
    - name: manager
@@ -31,7 +31,7 @@ metadata:
  name: kubeadm
 spec:
  # https://github.com/kubernetes-sigs/cluster-api
-  version: v1.10.0
+  version: v1.9.5
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: InfrastructureProvider
@@ -39,4 +39,4 @@ metadata:
  name: kubevirt
 spec:
  # https://github.com/kubernetes-sigs/cluster-api-provider-kubevirt
-  version: v0.1.10
+  version: v0.1.9
--- a/packages/system/cilium/charts/cilium/Chart.yaml
+++ b/packages/system/cilium/charts/cilium/Chart.yaml
@@ -79,7 +79,7 @@ annotations:
    Pod IP Pool\n  description: |\n    CiliumPodIPPool defines an IP pool that can
    be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
 apiVersion: v2
-appVersion: 1.17.3
+appVersion: 1.17.2
 description: eBPF-based Networking, Security, and Observability
 home: https://cilium.io/
 icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
@@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0'
 name: cilium
 sources:
 - https://github.com/cilium/cilium
-version: 1.17.3
+version: 1.17.2
--- a/packages/system/cilium/charts/cilium/README.md
+++ b/packages/system/cilium/charts/cilium/README.md
@@ -1,6 +1,6 @@
 # cilium

-![Version: 1.17.3](https://img.shields.io/badge/Version-1.17.3-informational?style=flat-square) ![AppVersion: 1.17.3](https://img.shields.io/badge/AppVersion-1.17.3-informational?style=flat-square)
+![Version: 1.17.2](https://img.shields.io/badge/Version-1.17.2-informational?style=flat-square) ![AppVersion: 1.17.2](https://img.shields.io/badge/AppVersion-1.17.2-informational?style=flat-square)

 Cilium is open source software for providing and transparently securing
 network connectivity and loadbalancing between application workloads such as
@@ -85,7 +85,7 @@ contributors across the globe, there is almost always someone available to help.
 | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true |
 | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. |
-| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server |
+| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server |
 | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into |
 | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration |
 | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations |
@@ -197,7 +197,7 @@ contributors across the globe, there is almost always someone available to help.
 | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
 | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
 | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. |
-| clustermesh.apiserver.image | object | `{"digest":"sha256:98d5feaf67dd9b5d8d219ff5990de10539566eedc5412bcf52df75920896ad42","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.3","useDigest":true}` | Clustermesh API server image. |
+| clustermesh.apiserver.image | object | `{"digest":"sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.2","useDigest":true}` | Clustermesh API server image. |
 | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. |
 | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. |
 | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. |
@@ -377,7 +377,7 @@ contributors across the globe, there is almost always someone available to help.
 | envoy.healthPort | int | `9878` | TCP port for the health API. |
 | envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request |
 | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s |
-| envoy.image | object | `{"digest":"sha256:a01cadf7974409b5c5c92ace3d6afa298408468ca24cab1cb413c04f89d3d1f9","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.32.5-1744305768-f9ddca7dcd91f7ca25a505560e655c47d3dec2cf","useDigest":true}` | Envoy container image. |
+| envoy.image | object | `{"digest":"sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211","useDigest":true}` | Envoy container image. |
 | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out |
 | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
 | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
@@ -518,7 +518,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. |
 | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay |
 | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay |
-| hubble.relay.image | object | `{"digest":"sha256:f8674b5139111ac828a8818da7f2d344b4a5bfbaeb122c5dc9abed3e74000c55","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.3","useDigest":true}` | Hubble-relay container image. |
+| hubble.relay.image | object | `{"digest":"sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.2","useDigest":true}` | Hubble-relay container image. |
 | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
 | hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
 | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
@@ -625,7 +625,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
 | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). |
 | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. |
-| image | object | `{"digest":"sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.3","useDigest":true}` | Agent container image. |
+| image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Agent container image. |
 | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images |
 | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set |
 | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. |
@@ -762,7 +762,7 @@ contributors across the globe, there is almost always someone available to help.
 | operator.hostNetwork | bool | `true` | HostNetwork setting |
 | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
 | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
-| operator.image | object | `{"alibabacloudDigest":"sha256:e9a9ab227c6e833985bde6537b4d1540b0907f21a84319de4b7d62c5302eed5c","awsDigest":"sha256:40f235111fb2bca209ee65b12f81742596e881a0a3ee4d159776d78e3091ba7f","azureDigest":"sha256:6a3294ec8a2107048254179c3ac5121866f90d20fccf12f1d70960e61f304713","genericDigest":"sha256:8bd38d0e97a955b2d725929d60df09d712fb62b60b930551a29abac2dd92e597","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.3","useDigest":true}` | cilium-operator image. |
+| operator.image | object | `{"alibabacloudDigest":"sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe","awsDigest":"sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c","azureDigest":"sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0","genericDigest":"sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.2","useDigest":true}` | cilium-operator image. |
 | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
 | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
@@ -812,7 +812,7 @@ contributors across the globe, there is almost always someone available to help.
 | preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
 | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
 | preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
-| preflight.image | object | `{"digest":"sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.3","useDigest":true}` | Cilium pre-flight image. |
+| preflight.image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Cilium pre-flight image. |
 | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
 | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
--- a/packages/system/cilium/charts/cilium/values.yaml
+++ b/packages/system/cilium/charts/cilium/values.yaml
@@ -191,10 +191,10 @@ image:
  # @schema
  override: ~
  repository: "quay.io/cilium/cilium"
-  tag: "v1.17.3"
+  tag: "v1.17.2"
  pullPolicy: "IfNotPresent"
  # cilium-digest
-  digest: "sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873"
+  digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1"
  useDigest: true
 # -- Scheduling configurations for cilium pods
 scheduling:
@@ -1440,9 +1440,9 @@ hubble:
      # @schema
      override: ~
      repository: "quay.io/cilium/hubble-relay"
-      tag: "v1.17.3"
+      tag: "v1.17.2"
      # hubble-relay-digest
-      digest: "sha256:f8674b5139111ac828a8818da7f2d344b4a5bfbaeb122c5dc9abed3e74000c55"
+      digest: "sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc"
      useDigest: true
      pullPolicy: "IfNotPresent"
    # -- Specifies the resources for the hubble-relay pods
@@ -2351,9 +2351,9 @@ envoy:
    # @schema
    override: ~
    repository: "quay.io/cilium/cilium-envoy"
-    tag: "v1.32.5-1744305768-f9ddca7dcd91f7ca25a505560e655c47d3dec2cf"
+    tag: "v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211"
    pullPolicy: "IfNotPresent"
-    digest: "sha256:a01cadf7974409b5c5c92ace3d6afa298408468ca24cab1cb413c04f89d3d1f9"
+    digest: "sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b"
    useDigest: true
  # -- Additional containers added to the cilium Envoy DaemonSet.
  extraContainers: []
@@ -2708,15 +2708,15 @@ operator:
    # @schema
    override: ~
    repository: "quay.io/cilium/operator"
-    tag: "v1.17.3"
+    tag: "v1.17.2"
    # operator-generic-digest
-    genericDigest: "sha256:8bd38d0e97a955b2d725929d60df09d712fb62b60b930551a29abac2dd92e597"
+    genericDigest: "sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249"
    # operator-azure-digest
-    azureDigest: "sha256:6a3294ec8a2107048254179c3ac5121866f90d20fccf12f1d70960e61f304713"
+    azureDigest: "sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0"
    # operator-aws-digest
-    awsDigest: "sha256:40f235111fb2bca209ee65b12f81742596e881a0a3ee4d159776d78e3091ba7f"
+    awsDigest: "sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c"
    # operator-alibabacloud-digest
-    alibabacloudDigest: "sha256:e9a9ab227c6e833985bde6537b4d1540b0907f21a84319de4b7d62c5302eed5c"
+    alibabacloudDigest: "sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe"
    useDigest: true
    pullPolicy: "IfNotPresent"
    suffix: ""
@@ -2991,9 +2991,9 @@ preflight:
    # @schema
    override: ~
    repository: "quay.io/cilium/cilium"
-    tag: "v1.17.3"
+    tag: "v1.17.2"
    # cilium-digest
-    digest: "sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873"
+    digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1"
    useDigest: true
    pullPolicy: "IfNotPresent"
  # -- The priority class to use for the preflight pod.
@@ -3140,9 +3140,9 @@ clustermesh:
      # @schema
      override: ~
      repository: "quay.io/cilium/clustermesh-apiserver"
-      tag: "v1.17.3"
+      tag: "v1.17.2"
      # clustermesh-apiserver-digest
-      digest: "sha256:98d5feaf67dd9b5d8d219ff5990de10539566eedc5412bcf52df75920896ad42"
+      digest: "sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398"
      useDigest: true
      pullPolicy: "IfNotPresent"
    # -- TCP port for the clustermesh-apiserver health API.
@@ -3649,7 +3649,7 @@ authentication:
          override: ~
          repository: "docker.io/library/busybox"
          tag: "1.37.0"
-          digest: "sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f"
+          digest: "sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0"
          useDigest: true
          pullPolicy: "IfNotPresent"
        # SPIRE agent configuration
--- a/packages/system/cilium/images/cilium/Dockerfile
+++ b/packages/system/cilium/images/cilium/Dockerfile
@@ -1,2 +1,2 @@
-ARG VERSION=v1.17.3
+ARG VERSION=v1.17.2
 FROM quay.io/cilium/cilium:${VERSION}
--- a/packages/system/cilium/values.yaml
+++ b/packages/system/cilium/values.yaml
@@ -14,7 +14,7 @@ cilium:
    mode: "kubernetes"
  image:
    repository: ghcr.io/cozystack/cozystack/cilium
-    tag: 1.17.3
-    digest: "sha256:f95e30fd8e7608f61c38344bb9f558f60f4d81bccb8e399836911e4feec2b40a"
+    tag: 1.17.2
+    digest: "sha256:bc6a8ec326188960ac36584873e07801bcbc56cb862e2ec8bf87a7926f66abf1"
  envoy:
    enabled: false
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.0-rc.1@sha256:1dd9f3ec9d5630d5b49ffe9380d6a0131bf04e7e9bddcc3fd6f59089c6563b1c
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.30.5@sha256:1c7985bb9d3dbb3b058581f218f82f22252a7bcd028e592ec371089362bf6757
--- a/packages/system/cozystack-controller/templates/rbac.yaml
+++ b/packages/system/cozystack-controller/templates/rbac.yaml
@@ -9,6 +9,3 @@ rules:
 - apiGroups: ['cozystack.io']
  resources: ['*']
  verbs: ['*']
- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources: ["helmreleases"]
-  verbs: ["get", "list", "watch", "patch", "update"]
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.0-rc.1@sha256:96492f384c07619c091764c759adde6ef91054b1223f03f7ddd62a56c40b06ac
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.30.5@sha256:3140019eb7ffa521da226400558b421cb2395fc00fd5a65f3a60ab7ee868f240
  debug: false
  disableTelemetry: false
-  cozystackVersion: "v0.31.0-rc.1"
+  cozystackVersion: "v0.30.5"
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
@@ -76,7 +76,7 @@ data:
      "kubeappsNamespace": {{ .Release.Namespace | quote }},
      "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
      "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.31.0-rc.1",
+      "appVersion": "v0.30.5",
      "authProxyEnabled": {{ .Values.authProxy.enabled }},
      "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
      "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
--- a/packages/system/dashboard/templates/vpa.yaml
+++ b/packages/system/dashboard/templates/vpa.yaml
@@ -1,80 +0,0 @@
-apiVersion: autoscaling.k8s.io/v1
-kind: VerticalPodAutoscaler
-metadata:
-  name: dashboard-internal-dashboard
-  namespace: cozy-dashboard
-spec:
-  targetRef:
-    apiVersion: "apps/v1"
-    kind: Deployment
-    name: dashboard-internal-dashboard
-  updatePolicy:
-    updateMode: "Auto"
-  resourcePolicy:
-    containerPolicies:
-    - containerName: dashboard
-      controlledResources: ["cpu", "memory"]
-      minAllowed:
-        cpu: 50m
-        memory: 64Mi
-      maxAllowed:
-        cpu: 500m
-        memory: 512Mi
---
-apiVersion: autoscaling.k8s.io/v1
-kind: VerticalPodAutoscaler
-metadata:
-  name: dashboard-internal-kubeappsapis
-  namespace: cozy-dashboard
-spec:
-  targetRef:
-    apiVersion: "apps/v1"
-    kind: Deployment
-    name: dashboard-internal-kubeappsapis
-  updatePolicy:
-    updateMode: "Auto"
-  resourcePolicy:
-    containerPolicies:
-      - containerName: kubeappsapis
-        controlledResources: ["cpu", "memory"]
-        minAllowed:
-          cpu: 50m
-          memory: 100Mi
-        maxAllowed:
-          cpu: 1000m
-          memory: 1Gi
---
-apiVersion: autoscaling.k8s.io/v1
-kind: VerticalPodAutoscaler
-metadata:
-  name: dashboard-vpa
-  namespace: cozy-dashboard
-spec:
-  targetRef:
-    apiVersion: "apps/v1"
-    kind: Deployment
-    name: dashboard
-  updatePolicy:
-    updateMode: "Auto"
-  resourcePolicy:
-    containerPolicies:
-    - containerName: nginx
-      controlledResources: ["cpu", "memory"]
-      minAllowed:
-        cpu: "50m"
-        memory: "64Mi"
-      maxAllowed:
-        cpu: "500m"
-        memory: "512Mi"
-    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
-    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
-    {{- if $dashboardKCValues }}
-    - containerName: auth-proxy
-      controlledResources: ["cpu", "memory"]
-      minAllowed:
-        cpu: "50m"
-        memory: "64Mi"
-      maxAllowed:
-        cpu: "500m"
-        memory: "512Mi"
-    {{- end }}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
github-actions	46a59f52ac	Prepare release v0.30.5 Signed-off-by: github-actions <github-actions@github.com>	2025-05-05 14:22:08 +00:00
Timofei Larkin	69c3bff41d	Fix virtual machine resource tracking (#904 ) (#916 ) * Count Workload resources for pods by requests, not limits * Do not count init container requests * Prefix Workloads for pods with `pod-`, just like the other types to prevent possible name collisions (closes #787) The previous version of the WorkloadMonitor controller incorrectly summed resource limits on pods, rather than requests. This prevented it from tracking the resource allocation for pods, which only had requests specified, which is particularly the case for kubevirt's virtual machine pods. Additionally, it counted the limits for all containers, including init containers, which are short-lived and do not contribute much to the total resource usage. (cherry picked from commit `1e59e5fbb6`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-05 18:16:50 +04:00
Timofei Larkin	34991d2cdb	Fix virtual machine resource tracking (#904 ) * Count Workload resources for pods by requests, not limits * Do not count init container requests * Prefix Workloads for pods with `pod-`, just like the other types to prevent possible name collisions (closes #787) The previous version of the WorkloadMonitor controller incorrectly summed resource limits on pods, rather than requests. This prevented it from tracking the resource allocation for pods, which only had requests specified, which is particularly the case for kubevirt's virtual machine pods. Additionally, it counted the limits for all containers, including init containers, which are short-lived and do not contribute much to the total resource usage. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Improved handling of workloads with unrecognized prefixes by ensuring they are properly deleted and not processed further. - Corrected resource aggregation for Pods to sum container resource requests instead of limits, and now only includes normal containers. - New Features - Added support for monitoring workloads with names prefixed by "pod-". - Tests - Introduced unit tests to verify correct handling of workload name prefixes and monitored object creation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> (cherry picked from commit `1e59e5fbb6`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-05 13:55:06 +03:00
Andrei Kvapil	32c12ae8f7	Release v0.30.4 (#881 ) This PR prepares the release `v0.30.4`.	2025-04-24 15:16:14 +02:00
github-actions	75f9aacecc	Prepare release v0.30.4 Signed-off-by: github-actions <github-actions@github.com>	2025-04-24 12:50:06 +00:00
Andrei Kvapil	630bd55b1a	[Backport release-0.30] [ci] Fix uploading assets to release (#877 ) Backport of #876 to branch `release-0.30`	2025-04-24 14:25:08 +02:00
Andrei Kvapil	7627b1e47e	[ci] Fix uploading assets to release Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `59ef3296f0`)	2025-04-24 15:03:32 +03:00
Andrei Kvapil	d70cdfd854	[Backport release-0.30] [postgres] remove douplicated template from backup manifest (#874 ) # Description Backport of #872 to `release-0.30`.	2025-04-24 11:40:08 +02:00
Ian Simon	dfe5b937ac	[postgres] remove douplicated template from backup manifest Signed-off-by: Ian Simon <cheatmaster114@gmail.com> (cherry picked from commit `19409d801d`)	2025-04-24 09:34:46 +00:00
Andrei Kvapil	cde49eb055	[Backport release-0.30] [ci,dx] Suppress wget progress bar (#868 ) Backport of #865 to release 0.30	2025-04-23 18:08:26 +02:00
Timofei Larkin	77648f1716	Suppress wget progress bar (#865 ) In our CI wget spams thousands of lines of the progress bar into the output, making it hard to read. Turns out, it doesn't have an option to just remove the progress bar, but explicitly directing wget's log to stdout and invoking --show-progress sends that to stderr which we redirect to dev/null. The downloaded size is still reported at regular intervals, but --progress=dot:giga shortens that to one line per 32M which is manageable. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Improved file download process to display clearer progress updates during downloads. <!-- end of auto-generated comment: release notes by coderabbit.ai --> (cherry picked from commit `07d7fadb1a`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 19:01:19 +03:00
Andrei Kvapil	a9cbed9617	[Backport release-0.30] [virtual-machine] Fix: Add GPU names to virtual machines spec (#864 ) # Description Backport of #862 to `release-0.30`.	2025-04-23 16:41:10 +02:00
Nick Volynkin	05729ebb07	[backport] Backport several patches to 0.30.x (#852 ) Cherry-picking patches that came before https://github.com/cozystack/cozystack/pull/841 was merged. * Used `git cherry-pick -x -m1 <sha1>` on merge commits of respective pull requests. * Added `Co-authored-by` where the author of the changes was not the one who merged the PR (and authored the merge commit). Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:34:37 +03:00
Andrei Kvapil	baf1bd9bfe	[virtual-machine] Fix: Add GPU names to virtual machines spec Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `8547dc3b21`)	2025-04-23 14:26:23 +00:00
klinch0	6f3aa9abbe	[kubernetes] Fix tenant addons removal (#835 ) Backport of #835 New Features - Expanded the pre-delete operation to target additional components, including cert-manager and vertical pod autoscaler resources. Chores - Updated chart version to 0.18.1 and revised version mappings for improved tracking. (cherry picked from commit `ccedcb7419`) Co-authored-by: Andrei Kvapil <kvapss@gmail.com> Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:56 +03:00
Andrei Kvapil	b70df68a5d	[monitoring] Drop legacy label condition. (#826 ) Backport of #826 Updated dashboard metrics filters to exclude containers with empty names instead of specifically excluding containers named "POD". This change applies to all relevant CPU, memory, network, and storage metrics across capacity planning, controller, namespace, namespaces, and pod dashboards. No other dashboard functionality or structure was changed. (cherry picked from commit `277b438f68`) Co-authored-by: Denis Seleznev <kto.3decb@gmail.com> Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:56 +03:00
Andrei Kvapil	9257dfe230	[ci] Fix checkout and improve error output for gen_versions_map.sh (#845 ) Backport of #845 to release-v0.30 Third attempt to fix https://github.com/cozystack/cozystack/pull/842 and https://github.com/cozystack/cozystack/pull/836 tested in https://github.com/cozystack/cozystack/actions/runs/14599981710/job/40955508728?pr=808 Signed-off-by: Andrei Kvapil <kvapss@gmail.com> Chores - Improved GitHub Actions workflow to fetch full git history and tags during pre-commit checks. Refactor - Updated script behavior to display error messages when version extraction from git fails, making troubleshooting easier. (cherry picked from commit `a6b02bf381`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:56 +03:00
Andrei Kvapil	4a72cc4fa6	[ci] Fix escaping for gen_versions_map.sh script (#842 ) Backport of #842 to release-v0.30 second attept of https://github.com/cozystack/cozystack/pull/836 - Improved reliability of version generation by handling empty or special values safely in the process. (cherry picked from commit `e505857832`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:55 +03:00
klinch0	9ca2595bab	[ci] Fix escaping for gen_versions_map.sh script (#836 ) Backport of #836 fixes errors like this: ``` make: Entering directory '/home/runner/work/cozystack/cozystack/packages/apps' find . -maxdepth 2 -name Chart.yaml \| awk -F/ '{print $2}' \| while read i; do sed -i "s/^name: ./name: $i/" "$i/Chart.yaml"; done ../../hack/gen_versions_map.sh ../../hack/gen_versions_map.sh: 34: [: !=: unexpected operator fatal: Needed a single revision make: ** [Makefile:17: gen-versions-map] Error 128 make: Leaving directory '/home/runner/work/cozystack/cozystack/packages/apps' ``` https://github.com/cozystack/cozystack/actions/runs/14591720553/job/40928276862?pr=835 Improved reliability of version generation by handling empty or special values safely in the process. (cherry picked from commit `7a9a1fcba4`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:52 +03:00
Andrei Kvapil	2ba6059dbe	[Backport release-0.30] [tenant] Fix networkpolicy for accessing externalIPs from the cluster (#861 ) # Description Backport of #854 to `release-0.30`.	2025-04-23 14:48:40 +02:00
Andrei Kvapil	6f5e307415	Fix: networkpolicy for tenant to access from cluster Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `7bfad655c2`)	2025-04-23 12:48:04 +00:00
Andrei Kvapil	6c8d1138cd	[Backport release-0.30] [e2e] fix timeouts for capi and keycloak (#860 ) # Description Backport of #858 to `release-0.30`.	2025-04-23 14:26:51 +02:00
Andrei Kvapil	2c4bd23f9f	[e2e] fix timeouts for capi and keycloak Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `1c53a6f9f6`)	2025-04-23 12:26:27 +00:00
Andrei Kvapil	3445e2d23f	[Backport release-0.30] [ci] Enable release-candidates and backport functionality (#853 ) # Description Backport of #841 to `release-0.30`.	2025-04-23 12:23:54 +02:00
Andrei Kvapil	abddefb1b0	[ci] Enable release-candidates and backport functionality Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `63ebab5c2a`)	2025-04-23 10:07:01 +00:00
Andrei Kvapil	f78aefda8f	[platform]: make lower resource request for capi-kamaji-controller-manager (#839 ) Backport of #825 cherry picked from commit `a14bcf98dd`	2025-04-22 17:47:47 +02:00
Andrei Kvapil	ad3684508f	[platform]: make lower resource request for capi-kamaji-controller-manager (#825 ) (cherry picked from commit `a14bcf98dd`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-22 15:09:37 +03:00
Andrei Kvapil	7ca8ff0e69	[ci] Fix matching tag for release branch (#805 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated the automated release process to format version tags with a "v" prefix for consistent version naming. - Performed minor cleanup to improve overall code clarity. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-04-18 00:49:09 +02:00
Andrei Kvapil	721c12a758	Release v0.30.3 (#821 ) This PR prepares the release `v0.30.3`. (Please merge it before releasing draft)	2025-04-18 00:44:01 +02:00
kvaps	9f63cbbb5a	Prepare release v0.30.3 Signed-off-by: github-actions <github-actions@github.com>	2025-04-17 21:59:15 +00:00
Andrei Kvapil	e8e911fea1	[ci] Fix: do not run tests in case of release skipped (#822 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-04-17 23:32:25 +02:00
Andrei Kvapil	2b23300f25	[ci] Revert: Workflows: Use real username to commit changes and fix assets (#823 ) Let's revert `3c511023f3`, because DCO don't like such commits	2025-04-17 23:32:21 +02:00
Andrei Kvapil	53c5c8223c	[ci] Update pipeline for patch releases (#816 ) This PR includes the following changes: * Do not remove version tag as part of releasing pipeline * Overwrite tag only by fact of merging releasing pull request * Automatically detect merge base and prepare pull request for this base * Allow to run pipeline only for tags created on `main` and `release-X.Y` branches Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Improved workflow reliability by forcing Git tag creation and push to overwrite existing tags if necessary. - Enhanced workflow documentation with detailed, numbered comments for greater clarity. - Updated tag-based workflow to dynamically determine the base branch, ensuring only valid branches are used. - Removed the automatic deletion of pushed tags in the workflow. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-04-17 23:32:09 +02:00
Andrei Kvapil	96ea3a5d1f	[monitoring] fix vpa for vmagent delete resources (#820 ) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated resource allocation settings for monitoring agents by removing predefined CPU and memory limits. - Added an option to specify separate resource settings for the config reloader component. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-04-17 23:20:16 +02:00
Andrei Kvapil	159b87d593	Release v0.30.2 (#813 ) This PR prepares the release `v0.30.2`. (Please merge it before releasing draft)	2025-04-17 23:19:03 +02:00