Release v0.30.6 (#955 )

This PR prepares the release `v0.30.6`.
Prepare release v0.30.6
2026-02-05 00:15:51 +00:00 · 2025-05-16 18:25:24 +03:00 · 2025-05-16 13:52:29 +00:00 · 2025-05-16 16:44:06 +03:00 · 2025-05-16 16:34:50 +03:00 · 2025-05-16 15:39:49 +03:00
154 changed files with 1261 additions and 2037 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-* @kvaps @lllamnyp @klinch0
+* @kvaps @lllamnyp
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -4,10 +4,6 @@ on:
  pull_request_target:
    types: [closed]   # fires when PR is closed (merged)
 concurrency:
  group: backport-${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true
 permissions:
  contents: write
  pull-requests: write
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -1,13 +1,12 @@
 name: Pre-Commit Checks
 on:
  push:
    branches:
      - main
  pull_request:
-    types: [labeled, opened, synchronize, reopened]
+    paths-ignore:
-
+      - '**.md'
 concurrency:
  group: pre-commit-${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true
 jobs:
  pre-commit:
    runs-on: ubuntu-22.04
--- a/.github/workflows/pull-requests-release.yaml
+++ b/.github/workflows/pull-requests-release.yaml
@@ -4,10 +4,6 @@ on:
  pull_request:
    types: [labeled, opened, synchronize, reopened, closed]
 concurrency:
  group: pull-requests-release-${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true
 jobs:
  verify:
    name: Test Release
@@ -16,8 +12,8 @@ jobs:
      contents: read
      packages: write
    # Run only when the PR carries the "release" label and not closed.
    if: |
      contains(github.event.pull_request.labels.*.name, 'ok-to-test') &&
      contains(github.event.pull_request.labels.*.name, 'release') &&
      github.event.action != 'closed'
@@ -76,36 +72,6 @@ jobs:
          git tag -f ${{ steps.get_tag.outputs.tag }} ${{ github.sha }}
          git push -f origin ${{ steps.get_tag.outputs.tag }}
      # Ensure maintenance branch release-X.Y
      - name: Ensure maintenance branch release-X.Y
        uses: actions/github-script@v7
        with:
          script: |
            const tag = '${{ steps.get_tag.outputs.tag }}';  // e.g. v0.1.3 or v0.1.3-rc3
            const match = tag.match(/^v(\d+)\.(\d+)\.\d+(?:[-\w\.]+)?$/);
            if (!match) {
              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-suffix'`);
              return;
            }
            const line = `${match[1]}.${match[2]}`;
            const branch = `release-${line}`;
            try {
              await github.rest.repos.getBranch({
                owner: context.repo.owner,
                repo:  context.repo.repo,
                branch
              });
              console.log(`Branch '${branch}' already exists`);
            } catch (_) {
              await github.rest.git.createRef({
                owner: context.repo.owner,
                repo:  context.repo.repo,
                ref:   `refs/heads/${branch}`,
                sha:   context.sha
              });
              console.log(`✅ Branch '${branch}' created at ${context.sha}`);
            }
      # Get the latest published release
      - name: Get the latest published release
        id: latest_release
@@ -136,13 +102,13 @@ jobs:
        uses: actions/github-script@v7
        with:
          script: |
-            const tag = '${{ steps.get_tag.outputs.tag }}';              // v0.31.5-rc.1
+            const tag = '${{ steps.get_tag.outputs.tag }}';              // v0.31.5-rc1
-            const m = tag.match(/^v(\d+\.\d+\.\d+)(-rc\.\d+)?$/);
+            const m = tag.match(/^v(\d+\.\d+\.\d+)(-rc\d+)?$/);
            if (!m) {
-              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-rc.N'`);
+              core.setFailed(`❌ tag '${tag}' must match 'vX.Y.Z' or 'vX.Y.Z-rcN'`);
              return;
            }
-            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc.1
+            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc1
            const isRc    = Boolean(m[2]);
            core.setOutput('is_rc',      isRc);
            const outdated = '${{ steps.semver.outputs.comparison-result }}' === '<';
--- a/.github/workflows/pull-requests.yaml
+++ b/.github/workflows/pull-requests.yaml
@@ -4,10 +4,6 @@ on:
  pull_request:
    types: [labeled, opened, synchronize, reopened]
 concurrency:
  group: pull-requests-${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true
 jobs:
  e2e:
    name: Build and Test
@@ -16,9 +12,20 @@ jobs:
      contents: read
      packages: write
    # ─────────────────────────────────────────────────────────────
    # Run automatically for internal PRs (same repo).
    # For external PRs (forks) require the "ok‑to‑test" label.
    # Never run when the PR carries the "release" label.
    # ─────────────────────────────────────────────────────────────
    if: |
-      !contains(github.event.pull_request.labels.*.name, 'release')
+      !contains(github.event.pull_request.labels.*.name, 'release') &&
      (
        github.event.pull_request.head.repo.full_name == github.repository ||
        (
          github.event.pull_request.head.repo.full_name != github.repository &&
          contains(github.event.pull_request.labels.*.name, 'ok-to-test')
        )
      )
    steps:
      - name: Checkout code
--- a/.github/workflows/tags.yaml
+++ b/.github/workflows/tags.yaml
@@ -3,13 +3,7 @@ name: Versioned Tag
 on:
  push:
    tags:
-      - 'v*.*.*' # vX.Y.Z
+      - 'v*.*.*' # vX.Y.Z or vX.Y.Z-rcN
      - 'v*.*.*-rc.*' # vX.Y.Z-rc.N
 concurrency:
  group: tags-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  prepare-release:
@@ -19,7 +13,6 @@ jobs:
      contents: write
      packages: write
      pull-requests: write
      actions: write
    steps:
      # Check if a non-draft release with this tag already exists
@@ -49,18 +42,18 @@ jobs:
        uses: actions/github-script@v7
        with:
          script: |
-            const ref = context.ref.replace('refs/tags/', '');           // e.g. v0.31.5-rc.1
+            const ref = context.ref.replace('refs/tags/', '');           // e.g. v0.31.5-rc1
-            const m = ref.match(/^v(\d+\.\d+\.\d+)(-rc\.\d+)?$/);        // ['0.31.5', '-rc.1']
+            const m = ref.match(/^v(\d+\.\d+\.\d+)(-rc\d+)?$/);
            if (!m) {
-              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-rc.N'`);
+              core.setFailed(`❌ tag '${ref}' must match 'vX.Y.Z' or 'vX.Y.Z-rcN'`);
              return;
            }
-            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc.1
+            const version = m[1] + (m[2] ?? '');                         // 0.31.5‑rc1
            const isRc    = Boolean(m[2]);
            const [maj, min] = m[1].split('.');
-            core.setOutput('tag',     ref);                              // v0.31.5-rc.1
+            core.setOutput('tag',     ref);
-            core.setOutput('version', version);                          // 0.31.5-rc.1
+            core.setOutput('version', version);
-            core.setOutput('is_rc',   isRc);                             // true
+            core.setOutput('is_rc',   isRc);
            core.setOutput('line',    `${maj}.${min}`);                  // 0.31
      # Detect base branch (main or release‑X.Y) the tag was pushed from
@@ -181,6 +174,32 @@ jobs:
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      # Ensure long‑lived maintenance branch release‑X.Y
      - name: Ensure maintenance branch release‑${{ steps.tag.outputs.line }}
        if: |
          steps.check_release.outputs.skip == 'false' &&
          steps.get_base.outputs.branch == 'main'
        uses: actions/github-script@v7
        with:
          script: |
            const branch = `release-${'${{ steps.tag.outputs.line }}'}`;
            try {
              await github.rest.repos.getBranch({
                owner: context.repo.owner,
                repo:  context.repo.repo,
                branch
              });
              console.log(`Branch '${branch}' already exists`);
            } catch (_) {
              await github.git.createRef({
                owner: context.repo.owner,
                repo:  context.repo.repo,
                ref:   `refs/heads/${branch}`,
                sha:   context.sha
              });
              console.log(`Branch '${branch}' created at ${context.sha}`);
            }
      # Create release‑X.Y.Z branch and push (force‑update)
      - name: Create release branch
        if: steps.check_release.outputs.skip == 'false'
@@ -225,3 +244,8 @@ jobs:
            } else {
              console.log(`PR already exists from ${head} to ${base}`);
            }
      # Run tests 
      - name: Test
        if: steps.check_release.outputs.skip == 'false'
        run: make test
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,6 @@
 _out
 .git
 .idea
 .vscode
 # User-specific stuff
 .idea/**/workspace.xml
@@ -76,4 +75,4 @@ fabric.properties
 .idea/caches/build_file_checksums.ser
 .DS_Store
-**/.DS_Store
+**/.DS_Store
--- a/2
+++ b/2
@@ -20,6 +20,7 @@ build: build-deps
 	make -C packages/system/kubeovn image
 	make -C packages/system/kubeovn-webhook image
 	make -C packages/system/dashboard image
 	make -C packages/system/metallb image
 	make -C packages/system/kamaji image
 	make -C packages/system/bucket image
 	make -C packages/core/testing image
@@ -47,6 +48,7 @@ assets:
 test:
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
 	#make -C packages/core/testing test-applications
 generate:
 	hack/update-codegen.sh
--- a/cmd/cozystack-controller/main.go
+++ b/cmd/cozystack-controller/main.go
@@ -39,8 +39,6 @@ import (
 	cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 	"github.com/cozystack/cozystack/internal/controller"
 	"github.com/cozystack/cozystack/internal/telemetry"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2"
 	// +kubebuilder:scaffold:imports
 )
@@ -53,7 +51,6 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme))
 	utilruntime.Must(helmv2.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
 }
@@ -185,14 +182,6 @@ func main() {
 	if err = (&controller.WorkloadReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "WorkloadReconciler")
 		os.Exit(1)
 	}
 	if err = (&controller.TenantHelmReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Workload")
 		os.Exit(1)
--- a/docs/release.md
+++ b/docs/release.md
@@ -1,166 +0,0 @@
 # Release Workflow
 This document describes Cozystack’s release process.
 ## Introduction
 Cozystack uses a staged release process to ensure stability and flexibility during development.
 There are three types of releases:
 - **Release Candidates (RC)** – Preview versions (e.g., `v0.42.0-rc.1`) used for final testing and validation.
 - **Regular Releases** – Final versions (e.g., `v0.42.0`) that are feature-complete and thoroughly tested.
 - **Patch Releases** – Bugfix-only updates (e.g., `v0.42.1`) made after a stable release, based on a dedicated release branch.
 Each type plays a distinct role in delivering reliable and tested updates while allowing ongoing development to continue smoothly.
 ## Release Candidates
 Release candidates are Cozystack versions that introduce new features and are published before a stable release.
 Their purpose is to help validate stability before finalizing a new feature release.
 They allow for final rounds of testing and bug fixes without freezing development.
 Release candidates are given numbers `vX.Y.0-rc.N`, for example, `v0.42.0-rc.1`.
 They are created directly in the `main` branch.
 An RC is typically tagged when all major features for the upcoming release have been merged into main and the release enters its testing phase.
 However, new features and changes can still be added before the regular release `vX.Y.0`.
 Each RC contributes to a cumulative set of release notes that will be finalized when `vX.Y.0` is released.
 After testing, if no critical issues remain, the regular release (`vX.Y.0`) is tagged from the last RC or a later commit in main.
 This begins the regular release process, creates a dedicated `release-X.Y` branch, and opens the way for patch releases.
 ## Regular Releases
 When making a regular release, we tag the latest RC or a subsequent minimal-change commit as `vX.Y.0`.
 In this explanation, we'll use version `v0.42.0` as an example:
 ```mermaid
 gitGraph
    commit id: "feature"
    commit id: "feature 2"
    commit id: "feature 3" tag: "v0.42.0"
 ```
 A regular release sequence starts in the following way:
 1. Maintainer tags a commit in `main` with `v0.42.0` and pushes it to GitHub.
 2. CI workflow triggers on tag push:
   1. Creates a draft page for release `v0.42.0`, if it wasn't created before.
   2. Takes code from tag `v0.42.0`, builds images, and pushes them to ghcr.io.
   3. Makes a new commit `Prepare release v0.42.0` with updated digests, pushes it to the new branch `release-0.42.0`, and opens a PR to `main`.
   4. Builds Cozystack release assets from the new commit `Prepare release v0.42.0` and uploads them to the release draft page.
 3. Maintainer reviews PR, tests build artifacts, and edits changelogs on the release draft page.
   ```mermaid
   gitGraph
       commit id: "feature"
       commit id: "feature 2"
       commit id: "feature 3" tag: "v0.42.0"
       branch release-0.42.0
       checkout release-0.42.0
       commit id: "Prepare release v0.42.0"
       checkout main
       merge release-0.42.0 id: "Pull Request"
   ```
   When testing and editing are completed, the sequence goes on.
 4. Maintainer merges the PR. GitHub removes the merged branch `release-0.42.0`.
 5. CI workflow triggers on merge:
   1. Moves the tag `v0.42.0` to the newly created merge commit by force-pushing a tag to GitHub.
   2. Publishes the release page (`draft` → `latest`).
 6. The maintainer can now announce the release to the community.
 ```mermaid
 gitGraph
    commit id: "feature"
    commit id: "feature 2"
    commit id: "feature 3"
    branch release-0.42.0
    checkout release-0.42.0
    commit id: "Prepare release v0.42.0"
    checkout main
    merge release-0.42.0 id: "Release v0.42.0" tag: "v0.42.0"
 ```
 ## Patch Releases
 Making a patch release has a lot in common with a regular release, with a couple of differences:
 * A release branch is used instead of `main`
 * Patch commits are cherry-picked to the release branch.
 * A pull request is opened against the release branch.
 Let's assume that we've released `v0.42.0` and that development is ongoing.
 We have introduced a couple of new features and some fixes to features that we have released 
 in `v0.42.0`.
 Once problems were found and fixed, a patch release is due.
 ```mermaid
 gitGraph
   commit id: "Release v0.42.0" tag: "v0.42.0"
    checkout main
    commit id: "feature 4"
    commit id: "patch 1"
    commit id: "feature 5"
    commit id: "patch 2"
 ```
 1. The maintainer creates a release branch, `release-0.42,` and cherry-picks patch commits from `main` to `release-0.42`.
   These must be only patches to features that were present in version `v0.42.0`.
   Cherry-picking can be done as soon as each patch is merged into `main`,
   or directly before the release.
   ```mermaid
   gitGraph
       commit id: "Release v0.42.0" tag: "v0.42.0"
       branch release-0.42
       checkout main
       commit id: "feature 4"
       commit id: "patch 1"
       commit id: "feature 5"
       commit id: "patch 2"
       checkout release-0.42
       cherry-pick id: "patch 1"
       cherry-pick id: "patch 2"
   ```
   When all relevant patch commits are cherry-picked, the branch is ready for release.
 2. The maintainer tags the `HEAD` commit of branch `release-0.42` as `v0.42.1` and then pushes it to GitHub.
 3. CI workflow triggers on tag push:
    1. Creates a draft page for release `v0.42.1`, if it wasn't created before.
    2. Takes code from tag `v0.42.1`, builds images, and pushes them to ghcr.io.
    3. Makes a new commit `Prepare release v0.42.1` with updated digests, pushes it to the new branch `release-0.42.1`, and opens a PR to `release-0.42`.
    4. Builds Cozystack release assets from the new commit `Prepare release v0.42.1` and uploads them to the release draft page.
 4. Maintainer reviews PR, tests build artifacts, and edits changelogs on the release draft page.
   ```mermaid
   gitGraph
       commit id: "Release v0.42.0" tag: "v0.42.0"
       branch release-0.42
       checkout main
       commit id: "feature 4"
       commit id: "patch 1"
       commit id: "feature 5"
       commit id: "patch 2"
       checkout release-0.42
       cherry-pick id: "patch 1"
       cherry-pick id: "patch 2" tag: "v0.42.1"
       branch release-0.42.1
       commit id: "Prepare release v0.42.1"
       checkout release-0.42
       merge release-0.42.1 id: "Pull request"
   ```
   Finally, when release is confirmed, the release sequence goes on.
 5. Maintainer merges the PR. GitHub removes the merged branch `release-0.42.1`.
 6. CI workflow triggers on merge:
   1. Moves the tag `v0.42.1` to the newly created merge commit by force-pushing a tag to GitHub.
   2. Publishes the release page (`draft` → `latest`).
 7. The maintainer can now announce the release to the community.
--- a/hack/e2e.application.sh
+++ b/hack/e2e.application.sh
@@ -0,0 +1,165 @@
 #!/bin/bash
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 RESET='\033[0m'
 YELLOW='\033[0;33m'
 ROOT_NS="tenant-root"
 TEST_TENANT="tenant-e2e"
 values_base_path="/hack/testdata/"
 checks_base_path="/hack/testdata/"
 function delete_hr() {
    local release_name="$1"
    local namespace="$2"
    if [[ -z "$release_name" ]]; then
        echo -e "${RED}Error: Release name is required.${RESET}"
        exit 1
    fi
    if [[ -z "$namespace" ]]; then
        echo -e "${RED}Error: Namespace name is required.${RESET}"
        exit 1
    fi
    if [[ "$release_name" == "tenant-e2e" ]]; then
        echo -e "${YELLOW}Skipping deletion for release tenant-e2e.${RESET}"
        return 0
    fi
    kubectl delete helmrelease $release_name -n $namespace
 }
 function install_helmrelease() {
    local release_name="$1"
    local namespace="$2"
    local chart_path="$3"
    local repo_name="$4"
    local repo_ns="$5"
    local values_file="$6"
    if [[ -z "$release_name" ]]; then
        echo -e "${RED}Error: Release name is required.${RESET}"
        exit 1
    fi
    if [[ -z "$namespace" ]]; then
        echo -e "${RED}Error: Namespace name is required.${RESET}"
        exit 1
    fi
    if [[ -z "$chart_path" ]]; then
        echo -e "${RED}Error: Chart path name is required.${RESET}"
        exit 1
    fi
    if [[ -n "$values_file" && -f "$values_file" ]]; then
        local values_section
        values_section=$(echo "  values:" && sed 's/^/    /' "$values_file")
    fi
    local helmrelease_file=$(mktemp /tmp/HelmRelease.XXXXXX.yaml)
    {
        echo "apiVersion: helm.toolkit.fluxcd.io/v2"
        echo "kind: HelmRelease"
        echo "metadata:"
        echo "  labels:"
        echo "    cozystack.io/ui: \"true\""
        echo "  name: \"$release_name\""
        echo "  namespace: \"$namespace\""
        echo "spec:"
        echo "  chart:"
        echo "    spec:"
        echo "      chart: \"$chart_path\""
        echo "      reconcileStrategy: Revision"
        echo "      sourceRef:"
        echo "        kind: HelmRepository"
        echo "        name: \"$repo_name\""
        echo "        namespace: \"$repo_ns\""
        echo "      version: '*'"
        echo "  interval: 1m0s"
        echo "  timeout: 5m0s"
        [[ -n "$values_section" ]] && echo "$values_section"
    } > "$helmrelease_file"
    kubectl apply -f "$helmrelease_file"
    rm -f "$helmrelease_file"
 }
 function install_tenant (){
    local release_name="$1"
    local namespace="$2"
    local values_file="${values_base_path}tenant/values.yaml"
    local repo_name="cozystack-apps"
    local repo_ns="cozy-public"
    install_helmrelease "$release_name" "$namespace" "tenant" "$repo_name" "$repo_ns" "$values_file"
 }
 function make_extra_checks(){
    local checks_file="$1"
    echo "after exec make $checks_file"
    if [[ -n "$checks_file" && -f "$checks_file" ]]; then
        echo -e "${YELLOW}Start extra checks with file: ${checks_file}${RESET}"
    fi
 }
 function check_helmrelease_status() {
    local release_name="$1"
    local namespace="$2"
    local checks_file="$3"
    local timeout=300  # Timeout in seconds
    local interval=5   # Interval between checks in seconds
    local elapsed=0
    while [[ $elapsed -lt $timeout ]]; do
        local status_output
        status_output=$(kubectl get helmrelease "$release_name" -n "$namespace" -o json | jq -r '.status.conditions[-1].reason')
        if [[ "$status_output" == "InstallSucceeded" || "$status_output" == "UpgradeSucceeded" ]]; then
            echo -e "${GREEN}Helm release '$release_name' is ready.${RESET}"
            make_extra_checks "$checks_file"
            delete_hr $release_name $namespace
            return 0
        elif [[ "$status_output" == "InstallFailed" ]]; then
          echo -e "${RED}Helm release '$release_name': InstallFailed${RESET}"
          exit 1
        else
            echo -e "${YELLOW}Helm release '$release_name' is not ready. Current status: $status_output${RESET}"
        fi
        sleep "$interval"
        elapsed=$((elapsed + interval))
    done
    echo -e "${RED}Timeout reached. Helm release '$release_name' is still not ready after $timeout seconds.${RESET}"
    exit 1
 }
 chart_name="$1"
 if [ -z "$chart_name" ]; then
    echo -e "${RED}No chart name provided. Exiting...${RESET}"
    exit 1
 fi
 checks_file="${checks_base_path}${chart_name}/check.sh"
 repo_name="cozystack-apps"
 repo_ns="cozy-public"
 release_name="$chart_name-e2e"
 values_file="${values_base_path}${chart_name}/values.yaml"
 install_tenant $TEST_TENANT $ROOT_NS
 check_helmrelease_status $TEST_TENANT $ROOT_NS "${checks_base_path}tenant/check.sh"
 echo -e "${YELLOW}Running tests for chart: $chart_name${RESET}"
 install_helmrelease $release_name $TEST_TENANT $chart_name $repo_name $repo_ns $values_file
 check_helmrelease_status $release_name $TEST_TENANT $checks_file
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -60,8 +60,7 @@ done
 # Prepare system drive
 if [ ! -f nocloud-amd64.raw ]; then
-  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz \
+  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
    -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
  rm -f nocloud-amd64.raw
  xz --decompress nocloud-amd64.raw.xz
 fi
@@ -86,8 +85,7 @@ done
 # Start VMs
 for i in 1 2 3; do
  qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 8 -m 16384 \
-    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i \
+    -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
    -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
    -drive file=srv$i/system.img,if=virtio,format=raw \
    -drive file=srv$i/seed.img,if=virtio,format=raw \
    -drive file=srv$i/data.img,if=virtio,format=raw \
@@ -123,7 +121,7 @@ machine:
  files:
  - content: |
      [plugins]
-        [plugins."io.containerd.cri.v1.runtime"]
+        [plugins."io.containerd.grpc.v1.cri"]
          device_ownership_from_security_context = true      
    path: /etc/cri/conf.d/20-customization.part
    op: create
@@ -233,15 +231,8 @@ timeout 60 sh -c 'until kubectl get hr -A | grep cozy; do sleep 1; done'
 sleep 5
 # Wait for all HelmReleases to be installed
 kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x
 failed_hrs=$(kubectl get hr -A | grep -v True)
 if [ -n "$(echo "$failed_hrs" | grep -v NAME)" ]; then
  printf 'Failed HelmReleases:\n%s\n' "$failed_hrs" >&2
  exit 1
 fi
 # Wait for Cluster-API providers
 timeout 60 sh -c 'until kubectl get deploy -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager; do sleep 1; done'
 kubectl wait deploy --timeout=1m --for=condition=available -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager
--- a/hack/testdata/http-cache/check.sh
+++ b/hack/testdata/http-cache/check.sh
@@ -0,0 +1 @@
 return 0
--- a/hack/testdata/http-cache/values.yaml
+++ b/hack/testdata/http-cache/values.yaml
@@ -0,0 +1,2 @@
 endpoints:
  - 8.8.8.8:443
--- a/hack/testdata/kubernetes/check.sh
+++ b/hack/testdata/kubernetes/check.sh
@@ -0,0 +1 @@
 return 0
--- a/hack/testdata/kubernetes/values.yaml
+++ b/hack/testdata/kubernetes/values.yaml
@@ -0,0 +1,62 @@
 ## @section Common parameters
 ## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
 ## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
 ## @param storageClass StorageClass used to store user data
 ##
 host: ""
 controlPlane:
  replicas: 2
 storageClass: replicated
 ## @param nodeGroups [object] nodeGroups configuration
 ##
 nodeGroups:
  md0:
    minReplicas: 0
    maxReplicas: 10
    instanceType: "u1.medium"
    ephemeralStorage: 20Gi
    roles:
    - ingress-nginx
    resources:
      cpu: ""
      memory: ""
 ## @section Cluster Addons
 ##
 addons:
  ## Cert-manager: automatically creates and manages SSL/TLS certificate
  ##
  certManager:
    ## @param addons.certManager.enabled Enables the cert-manager
    ## @param addons.certManager.valuesOverride Custom values to override
    enabled: true
    valuesOverride: {}
  ## Ingress-NGINX Controller
  ##
  ingressNginx:
    ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
    ## @param addons.ingressNginx.valuesOverride Custom values to override
    ##
    enabled: true
    ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
    ## e.g:
    ## hosts:
    ## - example.org
    ## - foo.example.net
    ##
    hosts: []
    valuesOverride: {}
  ## Flux CD
  ##
  fluxcd:
    ## @param addons.fluxcd.enabled Enables Flux CD
    ## @param addons.fluxcd.valuesOverride Custom values to override
    ##
    enabled: true
    valuesOverride: {}
--- a/hack/testdata/nats/check.sh
+++ b/hack/testdata/nats/check.sh
@@ -0,0 +1 @@
 return 0
--- a/hack/testdata/nats/values.yaml
+++ b/hack/testdata/nats/values.yaml
@@ -0,0 +1,10 @@
 ## @section Common parameters
 ## @param external Enable external access from outside the cluster
 ## @param replicas Persistent Volume size for NATS
 ## @param storageClass StorageClass used to store the data
 ##
 external: false
 replicas: 2
 storageClass: ""
--- a/hack/testdata/tenant/check.sh
+++ b/hack/testdata/tenant/check.sh
@@ -0,0 +1 @@
 return 0
--- a/hack/testdata/tenant/values.yaml
+++ b/hack/testdata/tenant/values.yaml
@@ -0,0 +1,6 @@
 host: ""
 etcd: false
 monitoring: false
 ingress: false
 seaweedfs: false
 isolated: true
--- a/internal/controller/tenant_helm_reconciler.go
+++ b/internal/controller/tenant_helm_reconciler.go
@@ -1,158 +0,0 @@
 package controller
 import (
 	"context"
 	"fmt"
 	"strings"
 	"time"
 	e "errors"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2"
 	"gopkg.in/yaml.v2"
 	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 type TenantHelmReconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
 }
 func (r *TenantHelmReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	hr := &helmv2.HelmRelease{}
 	if err := r.Get(ctx, req.NamespacedName, hr); err != nil {
 		if errors.IsNotFound(err) {
 			return ctrl.Result{}, nil
 		}
 		logger.Error(err, "unable to fetch HelmRelease")
 		return ctrl.Result{}, err
 	}
 	if !strings.HasPrefix(hr.Name, "tenant-") {
 		return ctrl.Result{}, nil
 	}
 	if len(hr.Status.Conditions) == 0 || hr.Status.Conditions[0].Type != "Ready" {
 		return ctrl.Result{}, nil
 	}
 	if len(hr.Status.History) == 0 {
 		logger.Info("no history in HelmRelease status", "name", hr.Name)
 		return ctrl.Result{}, nil
 	}
 	if hr.Status.History[0].Status != "deployed" {
 		return ctrl.Result{}, nil
 	}
 	newDigest := hr.Status.History[0].Digest
 	var hrList helmv2.HelmReleaseList
 	childNamespace := getChildNamespace(hr.Namespace, hr.Name)
 	if childNamespace == "tenant-root" && hr.Name == "tenant-root" {
 		if hr.Spec.Values == nil {
 			logger.Error(e.New("hr.Spec.Values is nil"), "cant annotate tenant-root ns")
 			return ctrl.Result{}, nil
 		}
 		err := annotateTenantRootNs(*hr.Spec.Values, r.Client)
 		if err != nil {
 			logger.Error(err, "cant annotate tenant-root ns")
 			return ctrl.Result{}, nil
 		}
 		logger.Info("namespace 'tenant-root' annotated")
 	}
 	if err := r.List(ctx, &hrList, client.InNamespace(childNamespace)); err != nil {
 		logger.Error(err, "unable to list HelmReleases in namespace", "namespace", hr.Name)
 		return ctrl.Result{}, err
 	}
 	for _, item := range hrList.Items {
 		if item.Name == hr.Name {
 			continue
 		}
 		oldDigest := item.GetAnnotations()["cozystack.io/tenant-config-digest"]
 		if oldDigest == newDigest {
 			continue
 		}
 		patchTarget := item.DeepCopy()
 		if patchTarget.Annotations == nil {
 			patchTarget.Annotations = map[string]string{}
 		}
 		ts := time.Now().Format(time.RFC3339Nano)
 		patchTarget.Annotations["cozystack.io/tenant-config-digest"] = newDigest
 		patchTarget.Annotations["reconcile.fluxcd.io/forceAt"] = ts
 		patchTarget.Annotations["reconcile.fluxcd.io/requestedAt"] = ts
 		patch := client.MergeFrom(item.DeepCopy())
 		if err := r.Patch(ctx, patchTarget, patch); err != nil {
 			logger.Error(err, "failed to patch HelmRelease", "name", patchTarget.Name)
 			continue
 		}
 		logger.Info("patched HelmRelease with new digest", "name", patchTarget.Name, "digest", newDigest, "version", hr.Status.History[0].Version)
 	}
 	return ctrl.Result{}, nil
 }
 func (r *TenantHelmReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&helmv2.HelmRelease{}).
 		Complete(r)
 }
 func getChildNamespace(currentNamespace, hrName string) string {
 	tenantName := strings.TrimPrefix(hrName, "tenant-")
 	switch {
 	case currentNamespace == "tenant-root" && hrName == "tenant-root":
 		// 1) root tenant inside root namespace
 		return "tenant-root"
 	case currentNamespace == "tenant-root":
 		// 2) any other tenant in root namespace
 		return fmt.Sprintf("tenant-%s", tenantName)
 	default:
 		// 3) tenant in a dedicated namespace
 		return fmt.Sprintf("%s-%s", currentNamespace, tenantName)
 	}
 }
 func annotateTenantRootNs(values apiextensionsv1.JSON, c client.Client) error {
 	var data map[string]interface{}
 	if err := yaml.Unmarshal(values.Raw, &data); err != nil {
 		return fmt.Errorf("failed to parse HelmRelease values: %w", err)
 	}
 	host, ok := data["host"].(string)
 	if !ok || host == "" {
 		return fmt.Errorf("host field not found or not a string")
 	}
 	var ns corev1.Namespace
 	if err := c.Get(context.TODO(), client.ObjectKey{Name: "tenant-root"}, &ns); err != nil {
 		return fmt.Errorf("failed to get namespace tenant-root: %w", err)
 	}
 	if ns.Annotations == nil {
 		ns.Annotations = map[string]string{}
 	}
 	ns.Annotations["namespace.cozystack.io/host"] = host
 	if err := c.Update(context.TODO(), &ns); err != nil {
 		return fmt.Errorf("failed to update namespace: %w", err)
 	}
 	return nil
 }
--- a/internal/controller/workloadmonitor_controller.go
+++ b/internal/controller/workloadmonitor_controller.go
@@ -116,24 +116,15 @@ func (r *WorkloadMonitorReconciler) reconcileServiceForMonitor(
 	resources := make(map[string]resource.Quantity)
-	quantity := resource.MustParse("0")
+	q := resource.MustParse("0")
 	for _, ing := range svc.Status.LoadBalancer.Ingress {
 		if ing.IP != "" {
-			quantity.Add(resource.MustParse("1"))
+			q.Add(resource.MustParse("1"))
 		}
 	}
-	var resourceLabel string
+	resources["public-ips"] = q
 	if svc.Annotations != nil {
 		var ok bool
 		resourceLabel, ok = svc.Annotations["metallb.universe.tf/ip-allocated-from-pool"]
 		if !ok {
 			resourceLabel = "default"
 		}
 	}
 	resourceLabel = fmt.Sprintf("%s.ipaddresspool.metallb.io/requests.ipaddresses", resourceLabel)
 	resources[resourceLabel] = quantity
 	_, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error {
 		// Update owner references with the new monitor
@@ -174,12 +165,7 @@ func (r *WorkloadMonitorReconciler) reconcilePVCForMonitor(
 	resources := make(map[string]resource.Quantity)
 	for resourceName, resourceQuantity := range pvc.Status.Capacity {
-		storageClass := "default"
+		resources[resourceName.String()] = resourceQuantity
 		if pvc.Spec.StorageClassName != nil || *pvc.Spec.StorageClassName == "" {
 			storageClass = *pvc.Spec.StorageClassName
 		}
 		resourceLabel := fmt.Sprintf("%s.storageclass.storage.k8s.io/requests.%s", storageClass, resourceName.String())
 		resources[resourceLabel] = resourceQuantity
 	}
 	_, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error {
--- a/packages/apps/bucket/templates/helmrelease.yaml
+++ b/packages/apps/bucket/templates/helmrelease.yaml
@@ -11,7 +11,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/apps/bucket/values.schema.json
+++ b/packages/apps/bucket/values.schema.json
@@ -2,4 +2,4 @@
    "title": "Chart Values",
    "type": "object",
    "properties": {}
-}
+}
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:4e1f5153d2673a399b315252238f4dc3eb5d6c59295aef594691710cc5b72eb4
+ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:2e72835a1dcf222038fb5cb343d59f7e60b5c1adf1bf93ca123a8a660e27bcbc
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.20.0
+version: 0.18.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,4 +1,4 @@
-KUBERNETES_VERSION = v1.32
+UBUNTU_CONTAINER_DISK_TAG = v1.30.1
 KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
 include ../../../scripts/common-envs.mk
@@ -6,26 +6,21 @@ include ../../../scripts/package.mk
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md
 	yq -o json -i '.properties.controlPlane.properties.apiServer.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
 	yq -o json -i '.properties.controlPlane.properties.controllerManager.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
 	yq -o json -i '.properties.controlPlane.properties.scheduler.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
 	yq -o json -i '.properties.controlPlane.properties.konnectivity.properties.server.properties.resourcesPreset.enum = ["none","nano","micro","small","medium","large","xlarge","2xlarge"]' values.schema.json
 image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler
 image-ubuntu-container-disk:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/ubuntu-container-disk \
 		--provenance false \
-		--build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)) \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)-$(TAG)) \
 		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
 		--cache-to type=inline \
 		--metadata-file images/ubuntu-container-disk.json \
 		--push=$(PUSH) \
 		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
+	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
 		> images/ubuntu-container-disk.tag
 	rm -f images/ubuntu-container-disk.json
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -34,7 +34,7 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 | Name                    | Description                                                                                                                            | Value        |
 | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
 | `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`         |
-| `controlPlane.replicas` | Number of replicas for Kubernetes control-plane components                                                                             | `2`          |
+| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`          |
 | `storageClass`          | StorageClass used to store user data                                                                                                   | `replicated` |
 | `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`         |
@@ -44,30 +44,27 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
 | `addons.certManager.enabled`                  | Enables the cert-manager                                                                                                                                          | `false` |
 | `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.ingressNginx.enabled`                 | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)                                                                                          | `false` |
 | `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.ingressNginx.hosts`                   | List of domain names that should be passed through to the cluster by upper cluster                                                                                | `[]`    |
 | `addons.gpuOperator.enabled`                  | Enables the gpu-operator                                                                                                                                          | `false` |
 | `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.fluxcd.enabled`                       | Enables Flux CD                                                                                                                                                   | `false` |
 | `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.monitoringAgents.enabled`             | Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage | `false` |
 | `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                         | `{}`    |
-### Kubernetes control plane configuration
+### Kamaji control plane
-| Name                                               | Description                                                                                                                                                                                                       | Value   |
+| Name                                                            | Description                                                                                                                                                                                                       | Value   |
-| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `controlPlane.apiServer.resourcesPreset`           | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
+| `kamajiControlPlane.apiServer.resources`                        | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.apiServer.resources`                 | Resources                                                                                                                                                                                                         | `{}`    |
+| `kamajiControlPlane.apiServer.resourcesPreset`                  | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
-| `controlPlane.controllerManager.resources`         | Resources                                                                                                                                                                                                         | `{}`    |
+| `kamajiControlPlane.controllerManager.resources`                | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.controllerManager.resourcesPreset`   | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `kamajiControlPlane.controllerManager.resourcesPreset`          | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
-| `controlPlane.scheduler.resourcesPreset`           | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `kamajiControlPlane.scheduler.resources`                        | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.scheduler.resources`                 | Resources                                                                                                                                                                                                         | `{}`    |
+| `kamajiControlPlane.scheduler.resourcesPreset`                  | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
-| `controlPlane.konnectivity.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `kamajiControlPlane.addons.konnectivity.server.resources`       | Resources                                                                                                                                                                                                         | `{}`    |
-| `controlPlane.konnectivity.server.resources`       | Resources                                                                                                                                                                                                         | `{}`    |
+| `kamajiControlPlane.addons.konnectivity.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
 ## U Series
--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.19.0@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.18.1@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.19.0@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.18.1@sha256:af456f75b9bda2ca23e114dcf7f3ba6d4da6a4cf83105c92c9ab2b1ac3615f63
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.19.0@sha256:5717919c75e609902c6d67138311a2a8fd07be822e2173f3802b67cf5f3486e9
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.18.1@sha256:5f59b1987bdbd1b7271c4d46552bb0780d60cabfef02c29abb962b06f1386f35
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:4a4f8bee150e04d1efcd5ff1ea83e12f495a98851cc5fd47ef41ac7aebce9b74
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:fb5e09edf7b3fa5849b0c0f3f4ff5657a41fcbd97444704254deafd6b36f0992
--- a/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk/Dockerfile
@@ -1,4 +1,3 @@
 # TODO: Here we use ubuntu:22.04, as guestfish has some network issues running in ubuntu:24.04
 FROM ubuntu:22.04 as guestfish
 ARG DEBIAN_FRONTEND=noninteractive
@@ -6,7 +5,6 @@ RUN apt-get update \
 && apt-get -y install \
     libguestfs-tools \
     linux-image-generic \
     wget \
     make \
     bash-completion \
 && apt-get clean
@@ -15,10 +13,7 @@ WORKDIR /build
 FROM guestfish as builder
-# noble is a code name for the Ubuntu 24.04 LTS release
+RUN wget -O image.img https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
 RUN wget -O image.img https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
 ARG KUBERNETES_VERSION
 RUN qemu-img resize image.img 5G \
 && eval "$(guestfish --listen --network)" \
@@ -31,8 +26,8 @@ RUN qemu-img resize image.img 5G \
 && guestfish --remote sh "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg" \
 && guestfish --remote sh 'echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list' \
 # kubernetes repo
- && guestfish --remote sh "curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" \
+ && guestfish --remote sh "curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg" \
- && guestfish --remote sh "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list" \
+ && guestfish --remote sh "echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list" \
 # install containerd
 && guestfish --remote command "apt-get update -y" \
 && guestfish --remote command "apt-get install -y containerd.io" \
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -39,13 +39,6 @@ spec:
              sockets: 1
            {{- end }}
            devices:
              {{- if .group.gpus }}
              gpus:
              {{- range $i, $gpu := .group.gpus }}
              - name: gpu{{ add $i 1 }}
                deviceName: {{ $gpu.name }}
              {{- end }}
              {{- end }}
              disks:
              - name: system
                disk:
@@ -110,22 +103,22 @@ metadata:
    kamaji.clastix.io/kubeconfig-secret-key: "super-admin.svc"
 spec:
  apiServer:
-    {{- if .Values.controlPlane.apiServer.resources }}
+    {{- if .Values.kamajiControlPlane.apiServer.resources }}
-    resources: {{- toYaml .Values.controlPlane.apiServer.resources | nindent 6 }}
+    resources: {{- toYaml .Values.kamajiControlPlane.apiServer.resources | nindent 6 }}
-    {{- else if ne .Values.controlPlane.apiServer.resourcesPreset "none" }}
+    {{- else if ne .Values.kamajiControlPlane.apiServer.resourcesPreset "none" }}
-    resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.apiServer.resourcesPreset "Release" .Release) | nindent 6 }}
+    resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.apiServer.resourcesPreset "Release" .Release) | nindent 6 }}
    {{- end }}
  controllerManager:
-    {{- if .Values.controlPlane.controllerManager.resources }}
+    {{- if .Values.kamajiControlPlane.controllerManager.resources }}
-    resources: {{- toYaml .Values.controlPlane.controllerManager.resources | nindent 6 }}
+    resources: {{- toYaml .Values.kamajiControlPlane.controllerManager.resources | nindent 6 }}
-    {{- else if ne .Values.controlPlane.controllerManager.resourcesPreset "none" }}
+    {{- else if ne .Values.kamajiControlPlane.controllerManager.resourcesPreset "none" }}
-    resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.controllerManager.resourcesPreset "Release" .Release) | nindent 6 }}
+    resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.controllerManager.resourcesPreset "Release" .Release) | nindent 6 }}
    {{- end }}
  scheduler:
-    {{- if .Values.controlPlane.scheduler.resources }}
+    {{- if .Values.kamajiControlPlane.scheduler.resources }}
-    resources: {{- toYaml .Values.controlPlane.scheduler.resources | nindent 6 }}
+    resources: {{- toYaml .Values.kamajiControlPlane.scheduler.resources | nindent 6 }}
-    {{- else if ne .Values.controlPlane.scheduler.resourcesPreset "none" }}
+    {{- else if ne .Values.kamajiControlPlane.scheduler.resourcesPreset "none" }}
-    resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.scheduler.resourcesPreset "Release" .Release) | nindent 6 }}
+    resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.scheduler.resourcesPreset "Release" .Release) | nindent 6 }}
    {{- end }}
  dataStoreName: "{{ $etcd }}"
  addons:
@@ -135,10 +128,10 @@ spec:
    konnectivity:
      server:
        port: 8132
-        {{- if .Values.controlPlane.konnectivity.server.resources }}
+        {{- if .Values.kamajiControlPlane.addons.konnectivity.server.resources }}
-        resources: {{- toYaml .Values.controlPlane.konnectivity.server.resources | nindent 10 }}
+        resources: {{- toYaml .Values.kamajiControlPlane.addons.konnectivity.server.resources | nindent 10 }}
-        {{- else if ne .Values.controlPlane.konnectivity.server.resourcesPreset "none" }}
+        {{- else if ne .Values.kamajiControlPlane.addons.konnectivity.server.resourcesPreset "none" }}
-        resources: {{- include "resources.preset" (dict "type" .Values.controlPlane.konnectivity.server.resourcesPreset "Release" .Release) | nindent 10 }}
+        resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.addons.konnectivity.server.resourcesPreset "Release" .Release) | nindent 10 }}
        {{- end }}
  kubelet:
    cgroupfs: systemd
@@ -283,7 +276,7 @@ spec:
        kind: KubevirtMachineTemplate
        name: {{ $.Release.Name }}-{{ $groupName }}-{{ $kubevirtmachinetemplateHash }}
        namespace: {{ $.Release.Namespace }}
-      version: v1.32.3
+      version: v1.30.1
 ---
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineHealthCheck
--- a/packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml
@@ -4,7 +4,7 @@ metadata:
  name: {{ .Release.Name }}-cert-manager-crds
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cert-manager-crds
@@ -16,7 +16,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-cert-manager
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cert-manager
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -31,9 +30,11 @@ spec:
  upgrade:
    remediation:
      retries: -1
-  {{- with .Values.addons.certManager.valuesOverride }}
+  {{- if .Values.addons.certManager.valuesOverride }}
-  values:
+  valuesFrom:
-    {{- toYaml . | nindent 4 }}
+  - kind: Secret
    name: {{ .Release.Name }}-cert-manager-values-override
    valuesKey: values
  {{- end }}
  dependsOn:
@@ -46,3 +47,13 @@ spec:
  - name: {{ .Release.Name }}-cert-manager-crds
    namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- if .Values.addons.certManager.valuesOverride }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ .Release.Name }}-cert-manager-values-override
 stringData:
  values: |
    {{- toYaml .Values.addons.certManager.valuesOverride | nindent 4 }}
 {{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
@@ -1,19 +1,10 @@
 {{- define "cozystack.defaultCiliumValues" -}}
 cilium:
  k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
  k8sServicePort: 6443
  routingMode: tunnel
  enableIPv4Masquerade: true
  ipv4NativeRoutingCIDR: ""
 {{- end }}
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: {{ .Release.Name }}-cilium
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cilium
@@ -25,7 +16,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -40,7 +30,12 @@ spec:
    remediation:
      retries: -1
  values:
-    {{- toYaml (deepCopy .Values.addons.cilium.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCiliumValues" .))) | nindent 4 }}
+    cilium:
      k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
      k8sServicePort: 6443
      routingMode: tunnel
      enableIPv4Masquerade: true
      ipv4NativeRoutingCIDR: ""
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
--- a/packages/apps/kubernetes/templates/helmreleases/csi.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/csi.yaml
@@ -4,7 +4,7 @@ metadata:
  name: {{ .Release.Name }}-csi
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: csi
@@ -16,7 +16,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -20,7 +20,7 @@ spec:
          effect: "NoSchedule"
      containers:
        - name: kubectl
-          image: docker.io/clastix/kubectl:v1.32
+          image: docker.io/clastix/kubectl:v1.30.1
          command:
            - /bin/sh
            - -c
@@ -38,7 +38,6 @@ spec:
                {{ .Release.Name }}-ingress-nginx
                {{ .Release.Name }}-fluxcd-operator
                {{ .Release.Name }}-fluxcd
                {{ .Release.Name }}-gpu-operator
                -p '{"spec": {"suspend": true}}'
                --type=merge --field-manager=flux-client-side-apply || true
 ---
@@ -77,7 +76,6 @@ rules:
      - {{ .Release.Name }}-ingress-nginx
      - {{ .Release.Name }}-fluxcd-operator
      - {{ .Release.Name }}-fluxcd
      - {{ .Release.Name }}-gpu-operator
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
--- a/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-fluxcd-operator
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: fluxcd-operator
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -50,7 +49,7 @@ metadata:
  name: {{ .Release.Name }}-fluxcd
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: fluxcd
@@ -62,7 +61,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-kubeconfig
@@ -75,9 +73,11 @@ spec:
  upgrade:
    remediation:
      retries: -1
-  {{- with .Values.addons.fluxcd.valuesOverride }}
+  {{- if .Values.addons.fluxcd.valuesOverride }}
-  values:
+  valuesFrom:
-    {{- toYaml . | nindent 4 }}
+  - kind: Secret
    name: {{ .Release.Name }}-fluxcd-values-override
    valuesKey: values
  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
@@ -89,3 +89,14 @@ spec:
  - name: {{ .Release.Name }}-fluxcd-operator
    namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- if .Values.addons.fluxcd.valuesOverride }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ .Release.Name }}-fluxcd-values-override
 stringData:
  values: |
    {{- toYaml .Values.addons.fluxcd.valuesOverride | nindent 4 }}
 {{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/gpu-operator.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/gpu-operator.yaml
@@ -1,46 +0,0 @@
 {{- if .Values.addons.gpuOperator.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: {{ .Release.Name }}-gpu-operator
  labels:
    cozystack.io/repository: system
    cozystack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: gpu-operator
  chart:
    spec:
      chart: cozy-gpu-operator
      reconcileStrategy: Revision
      sourceRef:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
      key: super-admin.svc
  targetNamespace: cozy-gpu-operator
  storageNamespace: cozy-gpu-operator
  install:
    createNamespace: true
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: -1
  {{- with .Values.addons.gpuOperator.valuesOverride }}
  values:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
    namespace: {{ .Release.Namespace }}
  {{- end }}
  - name: {{ .Release.Name }}-cilium
    namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml
@@ -1,15 +1,3 @@
 {{- define "cozystack.defaultIngressValues" -}}
 ingress-nginx:
  fullnameOverride: ingress-nginx
  controller:
    kind: DaemonSet
    hostNetwork: true
    service:
      enabled: false
  nodeSelector:
    node-role.kubernetes.io/ingress-nginx: ""
 {{- end }}
 {{- if .Values.addons.ingressNginx.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -17,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-ingress-nginx
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: ingress-nginx
@@ -29,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -44,7 +31,21 @@ spec:
    remediation:
      retries: -1
  values:
-    {{- toYaml (deepCopy .Values.addons.ingressNginx.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultIngressValues" .))) | nindent 4 }}
+    ingress-nginx:
      fullnameOverride: ingress-nginx
      controller:
        kind: DaemonSet
        hostNetwork: true
        service:
          enabled: false
      nodeSelector:
        node-role.kubernetes.io/ingress-nginx: ""
  {{- if .Values.addons.ingressNginx.valuesOverride }}
  valuesFrom:
  - kind: Secret
    name: {{ .Release.Name }}-ingress-nginx-values-override
    valuesKey: values
  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
@@ -53,3 +54,14 @@ spec:
  - name: {{ .Release.Name }}-cilium
    namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- if .Values.addons.ingressNginx.valuesOverride }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ .Release.Name }}-ingress-nginx-values-override
 stringData:
  values: |
    {{- toYaml .Values.addons.ingressNginx.valuesOverride | nindent 4 }}
 {{- end }}
--- a/packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
@@ -7,7 +7,7 @@ metadata:
  name: {{ .Release.Name }}-monitoring-agents
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cozy-monitoring-agents
@@ -19,7 +19,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler-crds.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler-crds.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-vertical-pod-autoscaler-crds
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: vertical-pod-autoscaler-crds
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/vertical-pod-autoscaler.yaml
@@ -1,28 +1,5 @@
 {{- define "cozystack.defaultVPAValues" -}}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $targetTenant := index $myNS.metadata.annotations "namespace.cozystack.io/monitoring" }}
 vertical-pod-autoscaler:
  recommender:
    extraArgs:
      container-name-label: container
      container-namespace-label: namespace
      container-pod-name-label: pod
      storage: prometheus
      memory-saver: true
      pod-label-prefix: label_
      metric-for-pod-labels: kube_pod_labels{job="kube-state-metrics", tenant="{{ .Release.Namespace }}", cluster="{{ .Release.Name }}"}[8d]
      pod-name-label: pod
      pod-namespace-label: namespace
      prometheus-address: http://vmselect-shortterm.{{ $targetTenant }}.svc.cozy.local:8481/select/0/prometheus/
      prometheus-cadvisor-job-name: cadvisor
    resources:
      limits:
        memory: 1600Mi
      requests:
        cpu: 100m
        memory: 1600Mi
 {{- end }}
 {{- if .Values.addons.monitoringAgents.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -30,7 +7,7 @@ metadata:
  name: {{ .Release.Name }}-vertical-pod-autoscaler
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: vertical-pod-autoscaler
@@ -42,7 +19,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
@@ -57,7 +33,32 @@ spec:
    remediation:
      retries: -1
  values:
-    {{- toYaml (deepCopy .Values.addons.verticalPodAutoscaler.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultVPAValues" .))) | nindent 4 }}
+    vertical-pod-autoscaler:
      recommender:
        extraArgs:
          container-name-label: container
          container-namespace-label: namespace
          container-pod-name-label: pod
          storage: prometheus
          memory-saver: true
          pod-label-prefix: label_
          metric-for-pod-labels: kube_pod_labels{job="kube-state-metrics", tenant="{{ .Release.Namespace }}", cluster="{{ .Release.Name }}"}[8d]
          pod-name-label: pod
          pod-namespace-label: namespace
          prometheus-address: http://vmselect-shortterm.{{ $targetTenant }}.svc.cozy.local:8481/select/0/prometheus/
          prometheus-cadvisor-job-name: cadvisor
        resources:
          limits:
            memory: 1600Mi
          requests:
            cpu: 100m
            memory: 1600Mi
  {{- if .Values.addons.verticalPodAutoscaler.valuesOverride }}
  valuesFrom:
  - kind: Secret
    name: {{ .Release.Name }}-vertical-pod-autoscaler-values-override
    valuesKey: values
  {{- end }}
  dependsOn:
  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
  - name: {{ .Release.Name }}
--- a/packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml
@@ -5,7 +5,7 @@ metadata:
  name: {{ .Release.Name }}-cozy-victoria-metrics-operator
  labels:
    cozystack.io/repository: system
-    cozystack.io/target-cluster-name: {{ .Release.Name }}
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
 spec:
  interval: 5m
  releaseName: cozy-victoria-metrics-operator
@@ -17,7 +17,6 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
  kubeConfig:
    secretRef:
      name: {{ .Release.Name }}-admin-kubeconfig
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -1,237 +1,182 @@
 {
-  "title": "Chart Values",
+    "title": "Chart Values",
-  "type": "object",
+    "type": "object",
-  "properties": {
+    "properties": {
-    "host": {
+        "host": {
-      "type": "string",
+            "type": "string",
-      "description": "The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).",
+            "description": "The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).",
-      "default": ""
+            "default": ""
    },
    "controlPlane": {
      "type": "object",
      "properties": {
        "replicas": {
          "type": "number",
          "description": "Number of replicas for Kubernetes control-plane components",
          "default": 2
        },
-        "apiServer": {
+        "controlPlane": {
-          "type": "object",
+            "type": "object",
-          "properties": {
+            "properties": {
-            "resourcesPreset": {
+                "replicas": {
-              "type": "string",
+                    "type": "number",
-              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
+                    "description": "Number of replicas for Kubernetes contorl-plane components",
-              "default": "small",
+                    "default": 2
-              "enum": [
+                }
-                "none",
+            }
-                "nano",
+        },
-                "micro",
+        "storageClass": {
-                "small",
+            "type": "string",
-                "medium",
+            "description": "StorageClass used to store user data",
-                "large",
+            "default": "replicated"
-                "xlarge",
+        },
-                "2xlarge"
+        "addons": {
-              ]
+            "type": "object",
-            },
+            "properties": {
-            "resources": {
+                "certManager": {
-              "type": "object",
+                    "type": "object",
-              "description": "Resources",
+                    "properties": {
-              "default": {}
+                        "enabled": {
-            }
+                            "type": "boolean",
-          }
+                            "description": "Enables the cert-manager",
-        },
+                            "default": false
-        "controllerManager": {
+                        },
-          "type": "object",
+                        "valuesOverride": {
-          "properties": {
+                            "type": "object",
-            "resources": {
+                            "description": "Custom values to override",
-              "type": "object",
+                            "default": {}
-              "description": "Resources",
+                        }
-              "default": {}
+                    }
-            },
+                },
-            "resourcesPreset": {
+                "ingressNginx": {
-              "type": "string",
+                    "type": "object",
-              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
+                    "properties": {
-              "default": "micro",
+                        "enabled": {
-              "enum": [
+                            "type": "boolean",
-                "none",
+                            "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
-                "nano",
+                            "default": false
-                "micro",
+                        },
-                "small",
+                        "valuesOverride": {
-                "medium",
+                            "type": "object",
-                "large",
+                            "description": "Custom values to override",
-                "xlarge",
+                            "default": {}
-                "2xlarge"
+                        },
-              ]
+                        "hosts": {
-            }
+                            "type": "array",
-          }
+                            "description": "List of domain names that should be passed through to the cluster by upper cluster",
-        },
+                            "default": [],
-        "scheduler": {
+                            "items": {}
-          "type": "object",
+                        }
-          "properties": {
+                    }
-            "resourcesPreset": {
+                },
-              "type": "string",
+                "fluxcd": {
-              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
+                    "type": "object",
-              "default": "micro",
+                    "properties": {
-              "enum": [
+                        "enabled": {
-                "none",
+                            "type": "boolean",
-                "nano",
+                            "description": "Enables Flux CD",
-                "micro",
+                            "default": false
-                "small",
+                        },
-                "medium",
+                        "valuesOverride": {
-                "large",
+                            "type": "object",
-                "xlarge",
+                            "description": "Custom values to override",
-                "2xlarge"
+                            "default": {}
-              ]
+                        }
-            },
+                    }
-            "resources": {
+                },
-              "type": "object",
+                "monitoringAgents": {
-              "description": "Resources",
+                    "type": "object",
-              "default": {}
+                    "properties": {
-            }
+                        "enabled": {
-          }
+                            "type": "boolean",
-        },
+                            "description": "Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage",
-        "konnectivity": {
+                            "default": false
-          "type": "object",
+                        },
-          "properties": {
+                        "valuesOverride": {
-            "server": {
+                            "type": "object",
-              "type": "object",
+                            "description": "Custom values to override",
-              "properties": {
+                            "default": {}
-                "resourcesPreset": {
+                        }
-                  "type": "string",
+                    }
-                  "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
+                },
-                  "default": "micro",
+                "verticalPodAutoscaler": {
-                  "enum": [
+                    "type": "object",
-                    "none",
+                    "properties": {
-                    "nano",
+                        "valuesOverride": {
-                    "micro",
+                            "type": "object",
-                    "small",
+                            "description": "Custom values to override",
-                    "medium",
+                            "default": {}
-                    "large",
+                        }
-                    "xlarge",
+                    }
-                    "2xlarge"
+                }
-                  ]
+            }
-                },
+        },
-                "resources": {
+        "kamajiControlPlane": {
-                  "type": "object",
+            "type": "object",
-                  "description": "Resources",
+            "properties": {
-                  "default": {}
+                "apiServer": {
                    "type": "object",
                    "properties": {
                        "resources": {
                            "type": "object",
                            "description": "Resources",
                            "default": {}
                        },
                        "resourcesPreset": {
                            "type": "string",
                            "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
                            "default": "small"
                        }
                    }
                },
                "controllerManager": {
                    "type": "object",
                    "properties": {
                        "resources": {
                            "type": "object",
                            "description": "Resources",
                            "default": {}
                        },
                        "resourcesPreset": {
                            "type": "string",
                            "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
                            "default": "micro"
                        }
                    }
                },
                "scheduler": {
                    "type": "object",
                    "properties": {
                        "resources": {
                            "type": "object",
                            "description": "Resources",
                            "default": {}
                        },
                        "resourcesPreset": {
                            "type": "string",
                            "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
                            "default": "micro"
                        }
                    }
                },
                "addons": {
                    "type": "object",
                    "properties": {
                        "konnectivity": {
                            "type": "object",
                            "properties": {
                                "server": {
                                    "type": "object",
                                    "properties": {
                                        "resources": {
                                            "type": "object",
                                            "description": "Resources",
                                            "default": {}
                                        },
                                        "resourcesPreset": {
                                            "type": "string",
                                            "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
                                            "default": "micro"
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
              }
            }
          }
        }
      }
    },
    "storageClass": {
      "type": "string",
      "description": "StorageClass used to store user data",
      "default": "replicated"
    },
    "addons": {
      "type": "object",
      "properties": {
        "certManager": {
          "type": "object",
          "properties": {
            "enabled": {
              "type": "boolean",
              "description": "Enables the cert-manager",
              "default": false
            },
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            }
          }
        },
        "cilium": {
          "type": "object",
          "properties": {
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            }
          }
        },
        "ingressNginx": {
          "type": "object",
          "properties": {
            "enabled": {
              "type": "boolean",
              "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
              "default": false
            },
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            },
            "hosts": {
              "type": "array",
              "description": "List of domain names that should be passed through to the cluster by upper cluster",
              "default": [],
              "items": {}
            }
          }
        },
        "gpuOperator": {
          "type": "object",
          "properties": {
            "enabled": {
              "type": "boolean",
              "description": "Enables the gpu-operator",
              "default": false
            },
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            }
          }
        },
        "fluxcd": {
          "type": "object",
          "properties": {
            "enabled": {
              "type": "boolean",
              "description": "Enables Flux CD",
              "default": false
            },
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            }
          }
        },
        "monitoringAgents": {
          "type": "object",
          "properties": {
            "enabled": {
              "type": "boolean",
              "description": "Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage",
              "default": false
            },
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            }
          }
        },
        "verticalPodAutoscaler": {
          "type": "object",
          "properties": {
            "valuesOverride": {
              "type": "object",
              "description": "Custom values to override",
              "default": {}
            }
          }
        }
      }
    }
-  }
+}
 }
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1,10 +1,12 @@
 ## @section Common parameters
 ## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
-## @param controlPlane.replicas Number of replicas for Kubernetes control-plane components
+## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
 ## @param storageClass StorageClass used to store user data
 ##
 host: ""
 controlPlane:
  replicas: 2
 storageClass: replicated
 ## @param nodeGroups [object] nodeGroups configuration
@@ -22,14 +24,6 @@ nodeGroups:
      cpu: ""
      memory: ""
    ## List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
    ## e.g:
    ## instanceType: "u1.xlarge"
    ## gpus:
    ## - name: nvidia.com/AD102GL_L40S
    gpus: []
 ## @section Cluster Addons
 ##
 addons:
@@ -42,12 +36,6 @@ addons:
    enabled: false
    valuesOverride: {}
  ## Cilium CNI plugin
  ##
  cilium:
    ## @param addons.cilium.valuesOverride Custom values to override
    valuesOverride: {}
  ## Ingress-NGINX Controller
  ##
  ingressNginx:
@@ -64,14 +52,6 @@ addons:
    hosts: []
    valuesOverride: {}
  ## GPU-operator: NVIDIA GPU Operator
  ##
  gpuOperator:
    ## @param addons.gpuOperator.enabled Enables the gpu-operator
    ## @param addons.gpuOperator.valuesOverride Custom values to override
    enabled: false
    valuesOverride: {}
  ## Flux CD
  ##
  fluxcd:
@@ -97,42 +77,62 @@ addons:
    ##
    valuesOverride: {}
-## @section Kubernetes control plane configuration
+## @section Kamaji control plane
 ##
-
+kamajiControlPlane:
 controlPlane:
  replicas: 2
  apiServer:
-    ## @param controlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    ## @param kamajiControlPlane.apiServer.resources Resources
    ## @param controlPlane.apiServer.resources Resources
    ## e.g:
    ## resources:
    ##   limits:
    ##     cpu: 4000m
    ##     memory: 4Gi
    ##   requests:
    ##     cpu: 100m
    ##     memory: 512Mi
    ##
    resourcesPreset: "small"
    resources: {}
    # resources:
    #   limits:
    #     cpu: 4000m
    #     memory: 4Gi
    #   requests:
    #     cpu: 100m
    #     memory: 512Mi
    ## @param kamajiControlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
    resourcesPreset: "small"
  controllerManager:
-    ## @param controlPlane.controllerManager.resources Resources
+    ## @param kamajiControlPlane.controllerManager.resources Resources
    ## @param controlPlane.controllerManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
    resourcesPreset: "micro"
    resources: {}
-
+    # resources:
    #   limits:
    #     cpu: 4000m
    #     memory: 4Gi
    #   requests:
    #     cpu: 100m
    #     memory: 512Mi
    ## @param kamajiControlPlane.controllerManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
    resourcesPreset: "micro"
  scheduler:
-    ## @param controlPlane.scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    ## @param kamajiControlPlane.scheduler.resources Resources
    ## @param controlPlane.scheduler.resources Resources
    resourcesPreset: "micro"
    resources: {}
-
+    # resources:
-  konnectivity:
+    #   limits:
-    server:
+    #     cpu: 4000m
-      ## @param controlPlane.konnectivity.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    #     memory: 4Gi
-      ## @param controlPlane.konnectivity.server.resources Resources
+    #   requests:
-      resourcesPreset: "micro"
+    #     cpu: 100m
-      resources: {}
+    #     memory: 512Mi
    ## @param kamajiControlPlane.scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
    resourcesPreset: "micro"
  addons:
    konnectivity:
      server:
        ## @param kamajiControlPlane.addons.konnectivity.server.resources Resources
        resources: {}
        # resources:
        #   limits:
        #     cpu: 4000m
        #     memory: 4Gi
        #   requests:
        #     cpu: 100m
        #     memory: 512Mi
        ## @param kamajiControlPlane.addons.konnectivity.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
        resourcesPreset: "micro"
--- a/packages/apps/nats/templates/nats.yaml
+++ b/packages/apps/nats/templates/nats.yaml
@@ -33,7 +33,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -59,8 +59,7 @@ kubernetes 0.16.0 077045b0
 kubernetes 0.17.0 1fbbfcd0
 kubernetes 0.17.1 fd240701
 kubernetes 0.18.0 721c12a7
-kubernetes 0.19.0 93bdf411
+kubernetes 0.18.1 HEAD
 kubernetes 0.20.0 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
--- a/packages/core/installer/images/cozystack/Dockerfile
+++ b/packages/core/installer/images/cozystack/Dockerfile
@@ -30,8 +30,6 @@ FROM alpine:3.21
 RUN apk add --no-cache make
 RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
 RUN apk add yq
 RUN apk add coreutils
 COPY scripts /cozystack/scripts
 COPY --from=builder /src/packages/core /cozystack/packages/core
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.31.0-rc.1@sha256:ab0e8fd97632ba784a42a3d0714806ea327440f82ffa5c4896a87c5fb7c1ec6e
+  image: ghcr.io/cozystack/cozystack/installer:v0.30.6@sha256:d16944b050f044b4bd95d396b9a2c07933d40a8285dc286a6b989b57a58a3999
--- a/packages/core/platform/Makefile
+++ b/packages/core/platform/Makefile
@@ -7,11 +7,7 @@ show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS)
 apply:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) \
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -f-
 		| kubectl apply -f-
 	kubectl delete helmreleases.helm.toolkit.fluxcd.io -l cozystack.io/marked-for-deletion=true -A
 reconcile: apply
 namespaces-show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -161,7 +161,7 @@ releases:
  releaseName: piraeus-operator
  chart: cozy-piraeus-operator
  namespace: cozy-linstor
-  dependsOn: [cilium,cert-manager]
+  dependsOn: [cilium,cert-manager,victoria-metrics-operator]
 - name: snapshot-controller
  releaseName: snapshot-controller
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -134,11 +134,6 @@ releases:
  namespace: cozy-kubevirt
  privileged: true
  dependsOn: [cilium,kubeovn,kubevirt-operator]
  {{- $cpuAllocationRatio := index $cozyConfig.data "cpu-allocation-ratio" }}
  {{- if $cpuAllocationRatio }}
  values:
    cpuAllocationRatio: {{ $cpuAllocationRatio }}
  {{- end }}
 - name: kubevirt-instancetypes
  releaseName: kubevirt-instancetypes
@@ -275,10 +270,7 @@ releases:
            {{- end }}
    {{- end }}
    {{- end }}
      frontend:
        resourcesPreset: "none"
      dashboard:
        resourcesPreset: "none"
        {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }}
        {{- $branding := dig "data" "branding" "" $cozystackBranding }}
        {{- if $branding }}
--- a/packages/core/platform/bundles/paas-hosted.yaml
+++ b/packages/core/platform/bundles/paas-hosted.yaml
@@ -168,10 +168,7 @@ releases:
            {{- end }}
    {{- end }}
    {{- end }}
      frontend:
        resourcesPreset: "none"
      dashboard:
        resourcesPreset: "none"
        {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }}
        {{- $branding := dig "data" "branding" "" $cozystackBranding }}
        {{- if $branding }}
--- a/packages/core/platform/templates/apps.yaml
+++ b/packages/core/platform/templates/apps.yaml
@@ -8,7 +8,7 @@
    {{- $host = index $cozyConfig.data "root-host" }}
  {{- end }}
 {{- end }}
-{{- $tenantRoot := dict }}
+{{- $tenantRoot := list }}
 {{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
 {{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- end }}
@@ -37,7 +37,7 @@ metadata:
  labels:
    cozystack.io/ui: "true"
 spec:
-  interval: 0s
+  interval: 1m
  releaseName: tenant-root
  install:
    remediation:
--- a/packages/core/platform/templates/helmreleases.yaml
+++ b/packages/core/platform/templates/helmreleases.yaml
@@ -7,23 +7,12 @@
 {{/* collect dependency namespaces from releases */}}
 {{- range $x := $bundle.releases }}
-{{-   $_ := set $dependencyNamespaces $x.name $x.namespace }}
+{{- $_ := set $dependencyNamespaces $x.name $x.namespace }}
 {{- end }}
 {{- range $x := $bundle.releases }}
-
+{{- if not (has $x.name $disabledComponents) }}
-{{- $shouldInstall := true }}
+{{- if or (not $x.optional) (and ($x.optional) (has $x.name $enabledComponents)) }}
 {{- $shouldDelete := false }}
 {{- if or (has $x.name $disabledComponents) (and ($x.optional) (not (has $x.name $enabledComponents))) }}
 {{-   $shouldInstall = false }}
 {{-   if $.Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
 {{-     if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" $x.namespace $x.name }}
 {{-       $shouldDelete = true }}
 {{-     end }}
 {{-   end }}
 {{- end }}
 {{- if or $shouldInstall $shouldDelete }}
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
@@ -33,9 +22,6 @@ metadata:
  labels:
    cozystack.io/repository: system
    cozystack.io/system-app: "true"
    {{- if $shouldDelete }}
    cozystack.io/marked-for-deletion: "true"
    {{- end }}
 spec:
  interval: 5m
  releaseName: {{ $x.releaseName | default $x.name }}
@@ -55,17 +41,16 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
      version: '>= 0.0.0-0'
      {{- with $x.valuesFiles }}
      valuesFiles:
      {{- toYaml $x.valuesFiles | nindent 6 }}
      {{- end }}
  {{- $values := dict }}
  {{- with $x.values }}
-  {{-   $values = merge . $values }}
+  {{- $values = merge . $values }}
  {{- end }}
  {{- with index $cozyConfig.data (printf "values-%s" $x.name) }}
-  {{-   $values = merge (fromYaml .) $values }}
+  {{- $values = merge (fromYaml .) $values }}
  {{- end }}
  {{- with $values }}
  values:
@@ -85,12 +70,13 @@ spec:
  {{- with $x.dependsOn }}
  dependsOn:
-  {{-   range $dep := . }}
+  {{- range $dep := . }}
-  {{-     if not (has $dep $disabledComponents) }}
+  {{- if not (has $dep $disabledComponents) }}
  - name: {{ $dep }}
    namespace: {{ index $dependencyNamespaces $dep }}
-  {{-     end }}
+  {{- end }}
-  {{-   end }}
+  {{- end }}
  {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/packages/core/testing/Makefile
+++ b/packages/core/testing/Makefile
@@ -11,6 +11,14 @@ include ../../../scripts/common-envs.mk
 help: ## Show this help.
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 show:
 	helm template -n $(NAMESPACE) $(NAME) .
 apply: ## Create sandbox in existing Kubernetes cluster.
 	helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f -
 diff:
 	helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f -
 image: image-e2e-sandbox
@@ -31,11 +39,26 @@ image-e2e-sandbox:
 test: ## Run the end-to-end tests in existing sandbox.
 	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/e2e.sh'
 test-applications: ## Run the end-to-end tests in existing sandbox for applications.
 	for app in $(TESTING_APPS); do \
 		docker exec ${SANDBOX_NAME} bash -c "/hack/e2e.application.sh $${app}"; \
 	done
 	docker exec  ${SANDBOX_NAME} bash -c "kubectl get hr -A | grep -v 'True'"
 delete: ## Remove sandbox from existing Kubernetes cluster.
 	docker rm -f "${SANDBOX_NAME}" || true
 exec:  ## Opens an interactive shell in the sandbox container.
-	docker exec -ti "${SANDBOX_NAME}" bash
+	docker exec -ti "${SANDBOX_NAME}" -- bash
 proxy: sync-hosts ## Enable a SOCKS5 proxy server; mirrord and gost must be installed.
 	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- gost -L=127.0.0.1:10080
 login: ## Downloads the kubeconfig into a temporary directory and runs a shell with the sandbox environment; mirrord must be installed.
 	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- "$$SHELL"
 sync-hosts:
 	kubectl exec -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'kubectl get ing -A -o go-template='\''{{ "127.0.0.1 localhost\n"}}{{ range .items }}{{ range .status.loadBalancer.ingress }}{{ .ip }}{{ end }} {{ range .spec.rules }}{{ .host }}{{ end }}{{ "\n" }}{{ end }}'\'' > /etc/hosts'
 apply: delete
 	docker run -d --rm --name "${SANDBOX_NAME}" --privileged "$$(yq .e2e.image values.yaml)" sleep infinity
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.0-rc.1@sha256:a20a6834527ccfc8daf7413a15234f3f7dbbd7774810c8e1966736d487ef7d0c
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.6@sha256:3e6fe802702a59f495f75415863a8a3b075971e4e6a62dbb0bfd41300e357485
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.31.0-rc.1@sha256:de69166fd6efec988cad7ad5be41bbb57c8134508c531d7496fc7f15772e4993
+ghcr.io/cozystack/cozystack/matchbox:v0.30.6@sha256:5cfcc7501be3088657a77796e3871e896953d0a8b825c301fb56dfa93e93586c
--- a/packages/extra/info/Chart.yaml
+++ b/packages/extra/info/Chart.yaml
@@ -3,4 +3,4 @@ name: info
 description: Info
 icon: /logos/info.svg
 type: application
-version: 1.0.1
+version: 1.0.0
--- a/packages/extra/info/templates/kubeconfig.yaml
+++ b/packages/extra/info/templates/kubeconfig.yaml
@@ -11,13 +11,6 @@
 {{- $k8sClient := index $k8sClientSecret.data "client-secret-key" | b64dec }}
 {{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }}
 {{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }}
 {{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
 {{- $tenantRoot := lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
 {{- $host = $tenantRoot.spec.values.host }}
 {{- end }}
 {{- end }}
 ---
 apiVersion: v1
 kind: Secret
--- a/packages/extra/ingress/Chart.yaml
+++ b/packages/extra/ingress/Chart.yaml
@@ -3,4 +3,4 @@ name: ingress
 description: NGINX Ingress Controller
 icon: /logos/ingress-nginx.svg
 type: application
-version: 1.6.0
+version: 1.4.0
--- a/packages/extra/ingress/README.md
+++ b/packages/extra/ingress/README.md
@@ -4,14 +4,12 @@
 ### Common parameters
-| Name              | Description                                                       | Value   |
+| Name             | Description                                                       | Value   |
-| ----------------- | ----------------------------------------------------------------- | ------- |
+| ---------------- | ----------------------------------------------------------------- | ------- |
-| `replicas`        | Number of ingress-nginx replicas                                  | `2`     |
+| `replicas`       | Number of ingress-nginx replicas                                  | `2`     |
-| `externalIPs`     | List of externalIPs for service.                                  | `[]`    |
+| `externalIPs`    | List of externalIPs for service.                                  | `[]`    |
-| `whitelist`       | List of client networks                                           | `[]`    |
+| `whitelist`      | List of client networks                                           | `[]`    |
-| `clouflareProxy`  | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` |
+| `clouflareProxy` | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` |
-| `dashboard`       | Should ingress serve Cozystack service dashboard                  | `false` |
+| `dashboard`      | Should ingress serve Cozystack service dashboard                  | `false` |
-| `cdiUploadProxy`  | Should ingress serve CDI upload proxy                             | `false` |
+| `cdiUploadProxy` | Should ingress serve CDI upload proxy                             | `false` |
 | `virtExportProxy` | Should ingress serve KubeVirt export proxy                        | `false` |
 | `api`             | Should ingress serve Cozystack API                                | `true`  |
--- a/packages/extra/ingress/templates/api.yaml
+++ b/packages/extra/ingress/templates/api.yaml
@@ -1,29 +0,0 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 {{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
 {{- if .Values.api }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  name: api-{{ .Release.Namespace }}
  namespace: default
 spec:
  ingressClassName: {{ .Release.Namespace }}
  rules:
  - host: api.{{ $host }}
    http:
      paths:
      - backend:
          service:
            name: kubernetes
            port:
              number: 443
        path: /
        pathType: Prefix
 {{- end }}
--- a/packages/extra/ingress/templates/cdi-uploadproxy.yaml
+++ b/packages/extra/ingress/templates/cdi-uploadproxy.yaml
@@ -10,7 +10,11 @@ kind: Ingress
 metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
    {{- if eq $issuerType "cloudflare" }} 
    {{- else }}
    acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }}
    {{- end }}
  name: cdi-uploadproxy-{{ .Release.Namespace }}
  namespace: cozy-kubevirt-cdi
 spec:
@@ -26,4 +30,8 @@ spec:
              number: 443
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - cdi-uploadproxy.{{ $host }}
    secretName: cdi-uploadproxy-{{ .Release.Namespace }}-tls
 {{- end }}
--- a/packages/extra/ingress/templates/dashboard.yaml
+++ b/packages/extra/ingress/templates/dashboard.yaml
@@ -4,15 +4,6 @@
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
 {{- $tenantRoot := dict }}
 {{- if .Capabilities.APIVersions.Has "helm.toolkit.fluxcd.io/v2" }}
 {{- $tenantRoot = lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "tenant-root" "tenant-root" }}
 {{- end }}
 {{- if and $tenantRoot $tenantRoot.spec $tenantRoot.spec.values $tenantRoot.spec.values.host }}
 {{- $host = $tenantRoot.spec.values.host }}
 {{- else }}
 {{- end }}
 {{- if .Values.dashboard }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
--- a/packages/extra/ingress/templates/nginx-ingress.yaml
+++ b/packages/extra/ingress/templates/nginx-ingress.yaml
@@ -11,7 +11,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/extra/ingress/templates/vm-exportproxy.yaml
+++ b/packages/extra/ingress/templates/vm-exportproxy.yaml
@@ -1,29 +0,0 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 {{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
 {{- if .Values.virtExportProxy }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  name: virt-exportproxy-{{ .Release.Namespace }}
  namespace: cozy-kubevirt
 spec:
  ingressClassName: {{ .Release.Namespace }}
  rules:
  - host: virt-exportproxy.{{ $host }}
    http:
      paths:
      - backend:
          service:
            name: virt-exportproxy
            port:
              number: 443
        path: /
        pathType: ImplementationSpecific
 {{- end }}
--- a/packages/extra/ingress/values.schema.json
+++ b/packages/extra/ingress/values.schema.json
@@ -35,16 +35,6 @@
            "type": "boolean",
            "description": "Should ingress serve CDI upload proxy",
            "default": false
        },
        "virtExportProxy": {
            "type": "boolean",
            "description": "Should ingress serve KubeVirt export proxy",
            "default": false
        },
        "api": {
            "type": "boolean",
            "description": "Should ingress serve Cozystack API",
            "default": true
        }
    }
 }
--- a/packages/extra/ingress/values.yaml
+++ b/packages/extra/ingress/values.yaml
@@ -30,9 +30,3 @@ dashboard: false
 ## @param cdiUploadProxy Should ingress serve CDI upload proxy
 cdiUploadProxy: false
 ## @param virtExportProxy Should ingress serve KubeVirt export proxy
 virtExportProxy: false
 ## @param api Should ingress serve Cozystack API
 api: true
--- a/packages/extra/monitoring/images/grafana.tag
+++ b/packages/extra/monitoring/images/grafana.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:66c4547efd18b4d7475ff73b2c4e2f39e9b4471d55e85237e2fe3e87af05c302
+ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:fb48d37f1a9386e0023df9ac067ec2e03953b7b8c9d6abf2d12716e084f846a4
--- a/packages/extra/seaweedfs/templates/seaweedfs.yaml
+++ b/packages/extra/seaweedfs/templates/seaweedfs.yaml
@@ -14,7 +14,7 @@ spec:
        kind: HelmRepository
        name: cozystack-system
        namespace: cozy-system
-      version: '>= 0.0.0-0'
+      version: '*'
  interval: 1m0s
  timeout: 5m0s
  values:
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -11,15 +11,12 @@ etcd 2.5.0 24fa7222
 etcd 2.6.0 8c460528
 etcd 2.6.1 45a7416c
 etcd 2.7.0 HEAD
-info 1.0.0 93bdf411
+info 1.0.0 HEAD
 info 1.0.1 HEAD
 ingress 1.0.0 d7cfa53c
 ingress 1.1.0 5bbc488e
 ingress 1.2.0 28fca4ef
 ingress 1.3.0 fde4bcfa
-ingress 1.4.0 fd240701
+ingress 1.4.0 HEAD
 ingress 1.5.0 93bdf411
 ingress 1.6.0 HEAD
 monitoring 1.0.0 d7cfa53c
 monitoring 1.1.0 25221fdc
 monitoring 1.2.0 f81be075
--- a/packages/system/Makefile
+++ b/packages/system/Makefile
@@ -5,7 +5,7 @@ include ../../scripts/common-envs.mk
 repo:
 	rm -rf "$(OUT)"
 	mkdir -p "$(OUT)"
-	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(COZYSTACK_VERSION)
+	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(VERSION)
 	cd "$(OUT)" && helm repo index .
 fix-chartnames:
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:67e4a5da0ab43d93e8b75094d5a2db8159cb927a47b94f945f80d0ffb93d3301
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:30fd3277ef61566688a87b34d2d3f401abb205a6fb2547bdd99a7dcf1a3a2e7e
--- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.19.0
+appVersion: 0.18.1
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.19.0
+version: 0.18.1
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml
@@ -1,8 +1,26 @@
 # Addon provider
-{{- range $name, $addon := $.Values.addon }}
+{{- if .Values.addon }}
-  {{- $addonNamespace := default ( printf "%s-%s" $name "addon-system" ) (get $addon "namespace") }}
+{{- $addons := split ";" .Values.addon }}
-  {{- $addonName := $name }}
+{{- $addonNamespace := "" }}
-  {{- $addonVersion := get $addon "version" }}
+{{- $addonName := "" }}
 {{- $addonVersion := "" }}
 {{- range $addon := $addons }}
 {{- $addonArgs := split ":" $addon }}
 {{- $addonArgsLen :=  len $addonArgs }}
 {{-  if eq $addonArgsLen 3 }}
  {{- $addonNamespace = $addonArgs._0 }}
  {{- $addonName = $addonArgs._1 }}
  {{- $addonVersion = $addonArgs._2 }}
 {{-  else if eq $addonArgsLen 2 }}
  {{- $addonNamespace = print $addonArgs._0 "-addon-system" }}
  {{- $addonName = $addonArgs._0 }}
  {{- $addonVersion = $addonArgs._1 }}
 {{-  else if eq $addonArgsLen 1 }}
  {{- $addonNamespace = print $addonArgs._0 "-addon-system" }}
  {{- $addonName = $addonArgs._0 }}
 {{- else }}
  {{- fail "addon provider argument should have the following format helm:v1.0.0 or mynamespace:helm:v1.0.0" }}
 {{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -38,24 +56,5 @@ spec:
 {{- if $.Values.secretNamespace }}
  secretNamespace: {{ $.Values.secretNamespace }}
 {{- end }}
 {{- if $addon.manifestPatches }}
  manifestPatches: {{ toYaml $addon.manifestPatches | nindent 4 }}
 {{- end }}
 {{- if $addon.additionalManifests }}
  additionalManifests:
    name: {{ $addon.additionalManifests.name }}
    {{- if $addon.additionalManifests.namespace }}
    namespace: {{ $addon.additionalManifests.namespace }}
    {{- end }} {{/* if $addon.additionalManifests.namespace */}}
 {{- end }}
 {{- if $addon.additionalManifests }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $addon.additionalManifests.name }}
  namespace: {{ default $addonNamespace $addon.additionalManifests.namespace }}
 data:
  manifests: {{- toYaml $addon.additionalManifests.manifests | nindent 4 }}
 {{- end }}
 {{- end }} {{/* range $name, $addon := .Values.addon */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml
@@ -1,8 +1,26 @@
 # Bootstrap provider
-{{- range $name, $bootstrap := $.Values.bootstrap }}
+{{- if .Values.bootstrap }}
-  {{- $bootstrapNamespace := default ( printf "%s-%s" $name "bootstrap-system" ) (get $bootstrap "namespace") }}
+{{- $bootstraps := split ";" .Values.bootstrap }}
-  {{- $bootstrapName := $name }}
+{{- $bootstrapNamespace := "" }}
-  {{- $bootstrapVersion := get $bootstrap "version" }}
+{{- $bootstrapName := "" }}
 {{- $bootstrapVersion := "" }}
 {{- range $bootstrap := $bootstraps }}
 {{- $bootstrapArgs := split ":" $bootstrap }}
 {{- $bootstrapArgsLen :=  len $bootstrapArgs }}
 {{-  if eq $bootstrapArgsLen 3 }}
  {{- $bootstrapNamespace = $bootstrapArgs._0 }}
  {{- $bootstrapName = $bootstrapArgs._1 }}
  {{- $bootstrapVersion = $bootstrapArgs._2 }}
 {{-  else if eq $bootstrapArgsLen 2 }}
  {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }}
  {{- $bootstrapName = $bootstrapArgs._0 }}
  {{- $bootstrapVersion = $bootstrapArgs._1 }}
 {{-  else if eq $bootstrapArgsLen 1 }}
  {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }}
  {{- $bootstrapName = $bootstrapArgs._0 }}
 {{- else }}
  {{- fail "bootstrap provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }}
 {{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -39,24 +57,5 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
 {{- if $bootstrap.manifestPatches }}
  manifestPatches: {{ toYaml $bootstrap.manifestPatches | nindent 4 }}
 {{- end }}
 {{- if $bootstrap.additionalManifests }}
  additionalManifests:
    name: {{ $bootstrap.additionalManifests.name }}
    {{- if $bootstrap.additionalManifests.namespace }}
    namespace: {{ $bootstrap.additionalManifests.namespace }}
    {{- end }} {{/* if $bootstrap.additionalManifests.namespace */}}
 {{- end }}
 {{- if $bootstrap.additionalManifests }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $bootstrap.additionalManifests.name }}
  namespace: {{ default $bootstrapNamespace $bootstrap.additionalManifests.namespace }}
 data:
  manifests: {{- toYaml $bootstrap.additionalManifests.manifests | nindent 4 }}
 {{- end }}
 {{- end }} {{/* range $name, $bootstrap := .Values.bootstrap */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml
@@ -1,8 +1,26 @@
 # Control plane provider
-{{- range $name, $controlPlane := $.Values.controlPlane }}
+{{- if .Values.controlPlane }}
-  {{- $controlPlaneNamespace := default ( printf "%s-%s" $name "control-plane-system" ) (get $controlPlane "namespace") }}
+{{- $controlPlanes := split ";" .Values.controlPlane }}
-  {{- $controlPlaneName := $name }}
+{{- $controlPlaneNamespace := "" }}
-  {{- $controlPlaneVersion := get $controlPlane "version" }}
+{{- $controlPlaneName := "" }}
 {{- $controlPlaneVersion := "" }}
 {{- range $controlPlane := $controlPlanes }}
 {{- $controlPlaneArgs := split ":" $controlPlane }}
 {{- $controlPlaneArgsLen :=  len $controlPlaneArgs }}
 {{-  if eq $controlPlaneArgsLen 3 }}
  {{- $controlPlaneNamespace = $controlPlaneArgs._0 }}
  {{- $controlPlaneName = $controlPlaneArgs._1 }}
  {{- $controlPlaneVersion = $controlPlaneArgs._2 }}
 {{-  else if eq $controlPlaneArgsLen 2 }}
  {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }}
  {{- $controlPlaneName = $controlPlaneArgs._0 }}
  {{- $controlPlaneVersion = $controlPlaneArgs._1 }}
 {{-  else if eq $controlPlaneArgsLen 1 }}
  {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }}
  {{- $controlPlaneName = $controlPlaneArgs._0 }}
 {{- else }}
  {{- fail "controlplane provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }}
 {{-  end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -52,24 +70,5 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
 {{- if $controlPlane.manifestPatches }}
  manifestPatches: {{ toYaml $controlPlane.manifestPatches | nindent 4 }}
 {{- end }}
 {{- if $controlPlane.additionalManifests }}
  additionalManifests:
    name: {{ $controlPlane.additionalManifests.name }}
    {{- if $controlPlane.additionalManifests.namespace }}
    namespace: {{ $controlPlane.additionalManifests.namespace }}
    {{- end }} {{/* if $controlPlane.additionalManifests.namespace */}}
 {{- end }}
 {{- if $controlPlane.additionalManifests }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $controlPlane.additionalManifests.name }}
  namespace: {{ default $controlPlaneNamespace $controlPlane.additionalManifests.namespace }}
 data:
  manifests: {{- toYaml $controlPlane.additionalManifests.manifests | nindent 4 }}
 {{- end }}
 {{- end }} {{/* range $name, $controlPlane := .Values.controlPlane */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml
@@ -1,8 +1,25 @@
 # Core provider
-{{- range $name, $core := $.Values.core }}
+{{- if .Values.core }}
-  {{- $coreNamespace := default "capi-system" (get $core "namespace") }}
+{{- $coreArgs := split ":" .Values.core }}
-  {{- $coreName := $name }}
+{{- $coreArgsLen :=  len $coreArgs }}
-  {{- $coreVersion := get $core "version" }}
+{{- $coreVersion := "" }}
 {{- $coreNamespace := "" }}
 {{- $coreName := "" }}
 {{- $coreVersion := "" }}
 {{-  if eq $coreArgsLen 3 }}
  {{- $coreNamespace = $coreArgs._0 }}
  {{- $coreName = $coreArgs._1 }}
  {{- $coreVersion = $coreArgs._2 }}
 {{-  else if eq $coreArgsLen 2 }}
  {{- $coreNamespace = "capi-system" }}
  {{- $coreName = $coreArgs._0 }}
  {{- $coreVersion = $coreArgs._1 }}
 {{-  else if eq $coreArgsLen 1 }}
  {{- $coreNamespace = "capi-system" }}
  {{- $coreName = $coreArgs._0 }}
 {{- else }}
  {{- fail "core provider argument should have the following format cluster-api:v1.0.0 or mynamespace:cluster-api:v1.0.0" }}
 {{-  end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -48,24 +65,4 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
 {{- if $core.manifestPatches }}
  manifestPatches: {{ toYaml $core.manifestPatches | nindent 4 }}
 {{- end }}
 {{- if $core.additionalManifests }}
  additionalManifests:
    name: {{ $core.additionalManifests.name }}
    {{- if $core.additionalManifests.namespace }}
    namespace: {{ $core.additionalManifests.namespace }}
    {{- end }}
 {{- end }}
 {{- if $core.additionalManifests }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $core.additionalManifests.name }}
  namespace: {{ default $coreNamespace $core.additionalManifests.namespace }}
 data:
  manifests: {{- toYaml $core.additionalManifests.manifests | nindent 4 }}
 {{- end }}
 {{- end }} {{/* range $name, $core := .Values.core */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml
@@ -1,8 +1,26 @@
 # Infrastructure providers
-{{- range $name, $infra := $.Values.infrastructure }}
+{{- if .Values.infrastructure }}
-  {{- $infrastructureNamespace := default ( printf "%s-%s" $name "infrastructure-system" ) (get $infra "namespace") }}
+{{- $infrastructures := split ";" .Values.infrastructure }}
-  {{- $infrastructureName := $name }}
+{{- $infrastructureNamespace := "" }}
-  {{- $infrastructureVersion := get $infra "version" }}
+{{- $infrastructureName := "" }}
 {{- $infrastructureVersion := "" }}
 {{- range $infrastructure := $infrastructures }}
 {{- $infrastructureArgs := split ":" $infrastructure }}
 {{- $infrastructureArgsLen := len $infrastructureArgs }}
 {{-  if eq $infrastructureArgsLen 3 }}
  {{- $infrastructureNamespace = $infrastructureArgs._0 }}
  {{- $infrastructureName = $infrastructureArgs._1 }}
  {{- $infrastructureVersion = $infrastructureArgs._2 }}
 {{-  else if eq $infrastructureArgsLen 2 }}
  {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }}
  {{- $infrastructureName = $infrastructureArgs._0 }}
  {{- $infrastructureVersion = $infrastructureArgs._1 }}
 {{-  else if eq $infrastructureArgsLen 1 }}
  {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }}
  {{- $infrastructureName = $infrastructureArgs._0 }}
 {{- else }}
  {{- fail "infrastructure provider argument should have the following format aws:v1.0.0 or mynamespace:aws:v1.0.0" }}
 {{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -65,24 +83,5 @@ spec:
 {{- if $.Values.additionalDeployments }}
  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
 {{- end }}
 {{- if $infra.manifestPatches }}
  manifestPatches: {{- toYaml $infra.manifestPatches | nindent 4 }}
 {{- end }} {{/* if $infra.manifestPatches */}}
 {{- if $infra.additionalManifests }}
  additionalManifests:
    name: {{ $infra.additionalManifests.name }}
    {{- if $infra.additionalManifests.namespace }}
    namespace: {{ $infra.additionalManifests.namespace }}
    {{- end }} {{/* if $infra.additionalManifests.namespace */}}
 {{- end }} {{/* if $infra.additionalManifests */}}
 {{- if $infra.additionalManifests }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $infra.additionalManifests.name }}
  namespace: {{ default $infrastructureNamespace $infra.additionalManifests.namespace }}
 data:
  manifests: {{- toYaml $infra.additionalManifests.manifests | nindent 4 }}
 {{- end }}
-{{- end }} {{/* range $name, $infra := .Values.infrastructure */}}
+{{- end }}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml
@@ -1,8 +1,26 @@
 # IPAM providers
-{{- range $name, $ipam := $.Values.ipam }}
+{{- if .Values.ipam }}
-  {{- $ipamNamespace := default ( printf "%s-%s" $name "ipam-system" ) (get $ipam "namespace") }}
+{{- $ipams := split ";" .Values.ipam }}
-  {{- $ipamName := $name }}
+{{- $ipamNamespace := "" }}
-  {{- $ipamVersion := get $ipam "version" }}
+{{- $ipamName := "" }}
 {{- $ipamVersion := "" }}
 {{- range $ipam := $ipams }}
 {{- $ipamArgs := split ":" $ipam }}
 {{- $ipamArgsLen := len $ipamArgs }}
 {{-  if eq $ipamArgsLen 3 }}
  {{- $ipamNamespace = $ipamArgs._0 }}
  {{- $ipamName = $ipamArgs._1 }}
  {{- $ipamVersion = $ipamArgs._2 }}
 {{-  else if eq $ipamArgsLen 2 }}
  {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
  {{- $ipamName = $ipamArgs._0 }}
  {{- $ipamVersion = $ipamArgs._1 }}
 {{-  else if eq $ipamArgsLen 1 }}
  {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
  {{- $ipamName = $ipamArgs._0 }}
 {{- else }}
  {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }}
 {{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -52,27 +70,8 @@ spec:
    namespace: {{ $.Values.configSecret.namespace }}
    {{- end }}
 {{- end }}
 {{- if $ipam.manifestPatches }}
  manifestPatches: {{ toYaml $ipam.manifestPatches | nindent 4 }}
 {{- end }}
 {{- if $.Values.additionalDeployments }}
  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
 {{- end }}
 {{- if $ipam.additionalManifests }}
  additionalManifests:
    name: {{ $ipam.additionalManifests.name }}
    {{- if $ipam.additionalManifests.namespace }}
    namespace: {{ $ipam.additionalManifests.namespace }}
    {{- end }} {{/* if $ipam.additionalManifests.namespace */}}
 {{- end }}
 {{- if $ipam.additionalManifests }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ $ipam.additionalManifests.name }}
  namespace: {{ default $ipamNamespace $ipam.additionalManifests.namespace }}
 data:
  manifests: {{- toYaml $ipam.additionalManifests.manifests | nindent 4 }}
 {{- end }}
 {{- end }} {{/* range $name, $ipam := .Values.ipam */}}
--- a/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/operator-components.yaml
@@ -1305,13 +1305,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -2843,13 +2836,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -3062,32 +3048,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -3097,8 +3078,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -4732,32 +4711,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -4767,8 +4741,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -6071,13 +6043,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -7609,13 +7574,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -7828,32 +7786,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -7863,8 +7816,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -9499,32 +9450,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -9534,8 +9480,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -10839,13 +10783,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -12377,13 +12314,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -12597,32 +12527,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -12632,8 +12557,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -14267,32 +14190,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -14302,8 +14220,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -15606,13 +15522,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -17144,13 +17053,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -17363,32 +17265,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -17398,8 +17295,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -19034,32 +18929,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -19069,8 +18959,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -20374,13 +20262,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -21912,13 +21793,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -22132,32 +22006,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -22167,8 +22036,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -23504,13 +23371,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -25042,13 +24902,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -25261,32 +25114,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -25296,8 +25144,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
@@ -26635,13 +26481,6 @@ spec:
                      description: Manager defines the properties that can be enabled
                        on the controller manager for the additional provider deployment.
                      properties:
                        additionalArgs:
                          additionalProperties:
                            type: string
                          description: |-
                            AdditionalArgs is a map of additional options that will be passed
                            in as container args to the provider's controller manager.
                          type: object
                        cacheNamespace:
                          description: |-
                            CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -28173,13 +28012,6 @@ spec:
                description: Manager defines the properties that can be enabled on
                  the controller manager for the provider.
                properties:
                  additionalArgs:
                    additionalProperties:
                      type: string
                    description: |-
                      AdditionalArgs is a map of additional options that will be passed
                      in as container args to the provider's controller manager.
                    type: object
                  cacheNamespace:
                    description: |-
                      CacheNamespace if specified restricts the manager's cache to watch objects in
@@ -28393,32 +28225,27 @@ spec:
                  properties:
                    lastTransitionTime:
                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        Last time the condition transitioned from one status to another.
                        This should be when the underlying condition changed. If that is not known, then using the time when
                        the API field changed is acceptable.
                      format: date-time
                      type: string
                    message:
                      description: |-
-                        message is a human readable message indicating details about the transition.
+                        A human readable message indicating details about the transition.
                        This field may be empty.
                      maxLength: 10240
                      minLength: 1
                      type: string
                    reason:
                      description: |-
-                        reason is the reason for the condition's last transition in CamelCase.
+                        The reason for the condition's last transition in CamelCase.
                        The specific API may choose whether or not this field is considered a guaranteed API.
                        This field may be empty.
                      maxLength: 256
                      minLength: 1
                      type: string
                    severity:
                      description: |-
                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                        understand the current situation and act accordingly.
                        The Severity field MUST be set only when Status=False.
                      maxLength: 32
                      type: string
                    status:
                      description: status of the condition, one of True, False, Unknown.
@@ -28428,8 +28255,6 @@ spec:
                        type of condition in CamelCase or in foo.example.com/CamelCase.
                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                      maxLength: 256
                      minLength: 1
                      type: string
                  required:
                  - lastTransitionTime
--- a/packages/system/capi-operator/charts/cluster-api-operator/values.schema.json
+++ b/packages/system/capi-operator/charts/cluster-api-operator/values.schema.json
@@ -1,47 +0,0 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "type": "object",
  "properties": {
    "core": {
      "oneOf": [
        { "type": "object" },
        { "type": "null" }
      ]
    },
    "bootstrap": {
      "type": "object",
      "oneOf": [
        { "type": "object" },
        { "type": "null" }
      ]
    },
    "controlPlane": {
      "type": "object",
      "oneOf": [
        { "type": "object" },
        { "type": "null" }
      ]
    },
    "infrastructure": {
      "type": "object",
      "oneOf": [
        { "type": "object" },
        { "type": "null" }
      ]
    },
    "addon": {
      "type": "object",
      "oneOf": [
        { "type": "object" },
        { "type": "null" }
      ]
    },
    "ipam": {
      "type": "object",
      "oneOf": [
        { "type": "object" },
        { "type": "null" }
      ]
    }
  }
 }
--- a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml
+++ b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml
@@ -1,30 +1,12 @@
 ---
 # ---
 # Cluster API provider options
-core: {}
+core: ""
-# cluster-api: {}  # Name, required
+bootstrap: ""
-#   namespace: ""  # Optional
+controlPlane: ""
-#   version: ""    # Optional
+infrastructure: ""
-bootstrap: {}
+ipam: ""
-# kubeadm: {}      # Name, required
+addon: ""
 #   namespace: ""  # Optional
 #   version: ""    # Optional
 controlPlane: {}
 # kubeadm: {}      # Name, required
 #   namespace: ""  # Optional
 #   version: ""    # Optional
 infrastructure: {}
 # docker: {}  # Name, required
 #   namespace: ""  # Optional
 #   version: ""    # Optional
 addon: {}
 # helm: {}         # Name, required
 #   namespace: ""  # Optional
 #   version: ""    # Optional
 ipam: {}
 # in-cluster: {}   # Name, required
 #   namespace: ""  # Optional
 #   version: ""    # Optional
 manager.featureGates: {}
 fetchConfig: {}
 # ---
@@ -39,7 +21,7 @@ leaderElection:
 image:
  manager:
    repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.19.0
+    tag: v0.18.1
    pullPolicy: IfNotPresent
 env:
  manager: []
--- a/packages/system/capi-providers/templates/providers.yaml
+++ b/packages/system/capi-providers/templates/providers.yaml
@@ -5,7 +5,7 @@ metadata:
  name: cluster-api
 spec:
  # https://github.com/kubernetes-sigs/cluster-api
-  version: v1.10.0
+  version: v1.9.5
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: ControlPlaneProvider
@@ -13,7 +13,7 @@ metadata:
  name: kamaji
 spec:
  # https://github.com/clastix/cluster-api-control-plane-provider-kamaji
-  version: v0.14.2
+  version: v0.14.1
  deployment:
    containers:
    - name: manager
@@ -31,7 +31,7 @@ metadata:
  name: kubeadm
 spec:
  # https://github.com/kubernetes-sigs/cluster-api
-  version: v1.10.0
+  version: v1.9.5
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: InfrastructureProvider
@@ -39,4 +39,4 @@ metadata:
  name: kubevirt
 spec:
  # https://github.com/kubernetes-sigs/cluster-api-provider-kubevirt
-  version: v0.1.10
+  version: v0.1.9
--- a/packages/system/cilium/charts/cilium/Chart.yaml
+++ b/packages/system/cilium/charts/cilium/Chart.yaml
@@ -79,7 +79,7 @@ annotations:
    Pod IP Pool\n  description: |\n    CiliumPodIPPool defines an IP pool that can
    be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
 apiVersion: v2
-appVersion: 1.17.3
+appVersion: 1.17.2
 description: eBPF-based Networking, Security, and Observability
 home: https://cilium.io/
 icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
@@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0'
 name: cilium
 sources:
 - https://github.com/cilium/cilium
-version: 1.17.3
+version: 1.17.2
--- a/packages/system/cilium/charts/cilium/README.md
+++ b/packages/system/cilium/charts/cilium/README.md
@@ -1,6 +1,6 @@
 # cilium
-![Version: 1.17.3](https://img.shields.io/badge/Version-1.17.3-informational?style=flat-square) ![AppVersion: 1.17.3](https://img.shields.io/badge/AppVersion-1.17.3-informational?style=flat-square)
+![Version: 1.17.2](https://img.shields.io/badge/Version-1.17.2-informational?style=flat-square) ![AppVersion: 1.17.2](https://img.shields.io/badge/AppVersion-1.17.2-informational?style=flat-square)
 Cilium is open source software for providing and transparently securing
 network connectivity and loadbalancing between application workloads such as
@@ -85,7 +85,7 @@ contributors across the globe, there is almost always someone available to help.
 | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true |
 | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. |
-| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server |
+| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server |
 | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into |
 | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration |
 | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations |
@@ -197,7 +197,7 @@ contributors across the globe, there is almost always someone available to help.
 | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
 | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
 | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. |
-| clustermesh.apiserver.image | object | `{"digest":"sha256:98d5feaf67dd9b5d8d219ff5990de10539566eedc5412bcf52df75920896ad42","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.3","useDigest":true}` | Clustermesh API server image. |
+| clustermesh.apiserver.image | object | `{"digest":"sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.2","useDigest":true}` | Clustermesh API server image. |
 | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. |
 | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. |
 | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. |
@@ -377,7 +377,7 @@ contributors across the globe, there is almost always someone available to help.
 | envoy.healthPort | int | `9878` | TCP port for the health API. |
 | envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request |
 | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s |
-| envoy.image | object | `{"digest":"sha256:a01cadf7974409b5c5c92ace3d6afa298408468ca24cab1cb413c04f89d3d1f9","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.32.5-1744305768-f9ddca7dcd91f7ca25a505560e655c47d3dec2cf","useDigest":true}` | Envoy container image. |
+| envoy.image | object | `{"digest":"sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211","useDigest":true}` | Envoy container image. |
 | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out |
 | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
 | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
@@ -518,7 +518,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. |
 | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay |
 | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay |
-| hubble.relay.image | object | `{"digest":"sha256:f8674b5139111ac828a8818da7f2d344b4a5bfbaeb122c5dc9abed3e74000c55","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.3","useDigest":true}` | Hubble-relay container image. |
+| hubble.relay.image | object | `{"digest":"sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.2","useDigest":true}` | Hubble-relay container image. |
 | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
 | hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
 | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
@@ -625,7 +625,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
 | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). |
 | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. |
-| image | object | `{"digest":"sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.3","useDigest":true}` | Agent container image. |
+| image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Agent container image. |
 | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images |
 | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set |
 | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. |
@@ -762,7 +762,7 @@ contributors across the globe, there is almost always someone available to help.
 | operator.hostNetwork | bool | `true` | HostNetwork setting |
 | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
 | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
-| operator.image | object | `{"alibabacloudDigest":"sha256:e9a9ab227c6e833985bde6537b4d1540b0907f21a84319de4b7d62c5302eed5c","awsDigest":"sha256:40f235111fb2bca209ee65b12f81742596e881a0a3ee4d159776d78e3091ba7f","azureDigest":"sha256:6a3294ec8a2107048254179c3ac5121866f90d20fccf12f1d70960e61f304713","genericDigest":"sha256:8bd38d0e97a955b2d725929d60df09d712fb62b60b930551a29abac2dd92e597","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.3","useDigest":true}` | cilium-operator image. |
+| operator.image | object | `{"alibabacloudDigest":"sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe","awsDigest":"sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c","azureDigest":"sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0","genericDigest":"sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.2","useDigest":true}` | cilium-operator image. |
 | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
 | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
@@ -812,7 +812,7 @@ contributors across the globe, there is almost always someone available to help.
 | preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
 | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
 | preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
-| preflight.image | object | `{"digest":"sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.3","useDigest":true}` | Cilium pre-flight image. |
+| preflight.image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Cilium pre-flight image. |
 | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
 | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
--- a/packages/system/cilium/charts/cilium/values.yaml
+++ b/packages/system/cilium/charts/cilium/values.yaml
@@ -191,10 +191,10 @@ image:
  # @schema
  override: ~
  repository: "quay.io/cilium/cilium"
-  tag: "v1.17.3"
+  tag: "v1.17.2"
  pullPolicy: "IfNotPresent"
  # cilium-digest
-  digest: "sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873"
+  digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1"
  useDigest: true
 # -- Scheduling configurations for cilium pods
 scheduling:
@@ -1440,9 +1440,9 @@ hubble:
      # @schema
      override: ~
      repository: "quay.io/cilium/hubble-relay"
-      tag: "v1.17.3"
+      tag: "v1.17.2"
      # hubble-relay-digest
-      digest: "sha256:f8674b5139111ac828a8818da7f2d344b4a5bfbaeb122c5dc9abed3e74000c55"
+      digest: "sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc"
      useDigest: true
      pullPolicy: "IfNotPresent"
    # -- Specifies the resources for the hubble-relay pods
@@ -2351,9 +2351,9 @@ envoy:
    # @schema
    override: ~
    repository: "quay.io/cilium/cilium-envoy"
-    tag: "v1.32.5-1744305768-f9ddca7dcd91f7ca25a505560e655c47d3dec2cf"
+    tag: "v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211"
    pullPolicy: "IfNotPresent"
-    digest: "sha256:a01cadf7974409b5c5c92ace3d6afa298408468ca24cab1cb413c04f89d3d1f9"
+    digest: "sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b"
    useDigest: true
  # -- Additional containers added to the cilium Envoy DaemonSet.
  extraContainers: []
@@ -2708,15 +2708,15 @@ operator:
    # @schema
    override: ~
    repository: "quay.io/cilium/operator"
-    tag: "v1.17.3"
+    tag: "v1.17.2"
    # operator-generic-digest
-    genericDigest: "sha256:8bd38d0e97a955b2d725929d60df09d712fb62b60b930551a29abac2dd92e597"
+    genericDigest: "sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249"
    # operator-azure-digest
-    azureDigest: "sha256:6a3294ec8a2107048254179c3ac5121866f90d20fccf12f1d70960e61f304713"
+    azureDigest: "sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0"
    # operator-aws-digest
-    awsDigest: "sha256:40f235111fb2bca209ee65b12f81742596e881a0a3ee4d159776d78e3091ba7f"
+    awsDigest: "sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c"
    # operator-alibabacloud-digest
-    alibabacloudDigest: "sha256:e9a9ab227c6e833985bde6537b4d1540b0907f21a84319de4b7d62c5302eed5c"
+    alibabacloudDigest: "sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe"
    useDigest: true
    pullPolicy: "IfNotPresent"
    suffix: ""
@@ -2991,9 +2991,9 @@ preflight:
    # @schema
    override: ~
    repository: "quay.io/cilium/cilium"
-    tag: "v1.17.3"
+    tag: "v1.17.2"
    # cilium-digest
-    digest: "sha256:1782794aeac951af139315c10eff34050aa7579c12827ee9ec376bb719b82873"
+    digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1"
    useDigest: true
    pullPolicy: "IfNotPresent"
  # -- The priority class to use for the preflight pod.
@@ -3140,9 +3140,9 @@ clustermesh:
      # @schema
      override: ~
      repository: "quay.io/cilium/clustermesh-apiserver"
-      tag: "v1.17.3"
+      tag: "v1.17.2"
      # clustermesh-apiserver-digest
-      digest: "sha256:98d5feaf67dd9b5d8d219ff5990de10539566eedc5412bcf52df75920896ad42"
+      digest: "sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398"
      useDigest: true
      pullPolicy: "IfNotPresent"
    # -- TCP port for the clustermesh-apiserver health API.
@@ -3649,7 +3649,7 @@ authentication:
          override: ~
          repository: "docker.io/library/busybox"
          tag: "1.37.0"
-          digest: "sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f"
+          digest: "sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0"
          useDigest: true
          pullPolicy: "IfNotPresent"
        # SPIRE agent configuration
--- a/packages/system/cilium/images/cilium/Dockerfile
+++ b/packages/system/cilium/images/cilium/Dockerfile
@@ -1,2 +1,2 @@
-ARG VERSION=v1.17.3
+ARG VERSION=v1.17.2
 FROM quay.io/cilium/cilium:${VERSION}
--- a/packages/system/cilium/values.yaml
+++ b/packages/system/cilium/values.yaml
@@ -14,7 +14,7 @@ cilium:
    mode: "kubernetes"
  image:
    repository: ghcr.io/cozystack/cozystack/cilium
-    tag: 1.17.3
+    tag: 1.17.2
-    digest: "sha256:f95e30fd8e7608f61c38344bb9f558f60f4d81bccb8e399836911e4feec2b40a"
+    digest: "sha256:bc6a8ec326188960ac36584873e07801bcbc56cb862e2ec8bf87a7926f66abf1"
  envoy:
    enabled: false
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.0-rc.1@sha256:1dd9f3ec9d5630d5b49ffe9380d6a0131bf04e7e9bddcc3fd6f59089c6563b1c
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.30.6@sha256:fc321690bb822498dc7c62818a9cd40d344b3646bbc007a46bbfb06d1c6d0bd7
--- a/packages/system/cozystack-controller/templates/rbac.yaml
+++ b/packages/system/cozystack-controller/templates/rbac.yaml
@@ -9,6 +9,3 @@ rules:
 - apiGroups: ['cozystack.io']
  resources: ['*']
  verbs: ['*']
 - apiGroups: ["helm.toolkit.fluxcd.io"]
  resources: ["helmreleases"]
  verbs: ["get", "list", "watch", "patch", "update"]
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.0-rc.1@sha256:96492f384c07619c091764c759adde6ef91054b1223f03f7ddd62a56c40b06ac
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.30.6@sha256:5128ef094e55e082ab514f4026876a78b8903612aa1722acf3fe3c132481d4bb
  debug: false
  disableTelemetry: false
-  cozystackVersion: "v0.31.0-rc.1"
+  cozystackVersion: "v0.30.6"
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
@@ -76,7 +76,7 @@ data:
      "kubeappsNamespace": {{ .Release.Namespace | quote }},
      "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
      "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.31.0-rc.1",
+      "appVersion": "v0.30.6",
      "authProxyEnabled": {{ .Values.authProxy.enabled }},
      "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
      "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
--- a/packages/system/dashboard/templates/vpa.yaml
+++ b/packages/system/dashboard/templates/vpa.yaml
@@ -1,80 +0,0 @@
 apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
  name: dashboard-internal-dashboard
  namespace: cozy-dashboard
 spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: dashboard-internal-dashboard
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
    - containerName: dashboard
      controlledResources: ["cpu", "memory"]
      minAllowed:
        cpu: 50m
        memory: 64Mi
      maxAllowed:
        cpu: 500m
        memory: 512Mi
 ---
 apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
  name: dashboard-internal-kubeappsapis
  namespace: cozy-dashboard
 spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: dashboard-internal-kubeappsapis
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
      - containerName: kubeappsapis
        controlledResources: ["cpu", "memory"]
        minAllowed:
          cpu: 50m
          memory: 100Mi
        maxAllowed:
          cpu: 1000m
          memory: 1Gi
 ---
 apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
  name: dashboard-vpa
  namespace: cozy-dashboard
 spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: dashboard
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
    - containerName: nginx
      controlledResources: ["cpu", "memory"]
      minAllowed:
        cpu: "50m"
        memory: "64Mi"
      maxAllowed:
        cpu: "500m"
        memory: "512Mi"
    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
    {{- if $dashboardKCValues }}
    - containerName: auth-proxy
      controlledResources: ["cpu", "memory"]
      minAllowed:
        cpu: "50m"
        memory: "64Mi"
      maxAllowed:
        cpu: "500m"
        memory: "512Mi"
    {{- end }}
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -15,19 +15,17 @@ kubeapps:
    flux:
      enabled: true
  dashboard:
    resourcesPreset: "none"
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: dashboard
-      tag: v0.31.0-rc.1
+      tag: v0.30.6
      digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
  kubeappsapis:
    resourcesPreset: "none"
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: kubeapps-apis
-      tag: v0.31.0-rc.1
+      tag: v0.30.6
-      digest: "sha256:ca65949e84c9a92436f47525ae92861984406644779cbb2ecdb8e2a1a133fabf"
+      digest: "sha256:cbb14a3becd0ca847a87fa17211a3348d4f0ff499738a47e1f86c85ce1b72f71"
    pluginConfig:
      flux:
        packages:
--- a/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml
+++ b/packages/system/etcd-operator/charts/etcd-operator/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.4.2
+appVersion: v0.4.1
 name: etcd-operator
 type: application
-version: 0.4.2
+version: 0.4.1
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Timofei Larkin	bf04ebad33	Release v0.30.6 (#955 ) This PR prepares the release `v0.30.6`.	2025-05-16 18:25:24 +03:00
github-actions	7eae8cc0df	Prepare release v0.30.6 Signed-off-by: github-actions <github-actions@github.com>	2025-05-16 13:52:29 +00:00
Timofei Larkin	4bbae53cda	[docs] fix linter issues Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-16 16:44:06 +03:00
Andrei Kvapil	1f6f00892d	[kube-ovn] fix versions mapping in Makefile Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `e3e0b21612`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-16 16:34:50 +03:00
Timofei Larkin	bd793dd57e	Build patched MetalLB (#945 ) Since it's taking a while for metallb/metallb#2726 to get released, the binaries with the fix are recompiled in-tree. Workaround for #909. (cherry picked from commit `73fdc5ded7`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-16 15:39:49 +03:00
Timofei Larkin	b56ac2a4ab	Update kube-ovn to latest version (#922 ) This commit bumps kube-ovn to 1.13.11 and does away with patching the code now that the fixes necessary for kube-ovn to work properly in Talos have been released in the upstream. (cherry picked from commit `557ffa536f`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-16 15:38:24 +03:00
Timofei Larkin	69c3bff41d	Fix virtual machine resource tracking (#904 ) (#916 ) * Count Workload resources for pods by requests, not limits * Do not count init container requests * Prefix Workloads for pods with `pod-`, just like the other types to prevent possible name collisions (closes #787) The previous version of the WorkloadMonitor controller incorrectly summed resource limits on pods, rather than requests. This prevented it from tracking the resource allocation for pods, which only had requests specified, which is particularly the case for kubevirt's virtual machine pods. Additionally, it counted the limits for all containers, including init containers, which are short-lived and do not contribute much to the total resource usage. (cherry picked from commit `1e59e5fbb6`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-05 18:16:50 +04:00
Timofei Larkin	34991d2cdb	Fix virtual machine resource tracking (#904 ) * Count Workload resources for pods by requests, not limits * Do not count init container requests * Prefix Workloads for pods with `pod-`, just like the other types to prevent possible name collisions (closes #787) The previous version of the WorkloadMonitor controller incorrectly summed resource limits on pods, rather than requests. This prevented it from tracking the resource allocation for pods, which only had requests specified, which is particularly the case for kubevirt's virtual machine pods. Additionally, it counted the limits for all containers, including init containers, which are short-lived and do not contribute much to the total resource usage. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Improved handling of workloads with unrecognized prefixes by ensuring they are properly deleted and not processed further. - Corrected resource aggregation for Pods to sum container resource requests instead of limits, and now only includes normal containers. - New Features - Added support for monitoring workloads with names prefixed by "pod-". - Tests - Introduced unit tests to verify correct handling of workload name prefixes and monitored object creation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> (cherry picked from commit `1e59e5fbb6`) Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2025-05-05 13:55:06 +03:00
Andrei Kvapil	32c12ae8f7	Release v0.30.4 (#881 ) This PR prepares the release `v0.30.4`.	2025-04-24 15:16:14 +02:00
github-actions	75f9aacecc	Prepare release v0.30.4 Signed-off-by: github-actions <github-actions@github.com>	2025-04-24 12:50:06 +00:00
Andrei Kvapil	630bd55b1a	[Backport release-0.30] [ci] Fix uploading assets to release (#877 ) Backport of #876 to branch `release-0.30`	2025-04-24 14:25:08 +02:00
Andrei Kvapil	7627b1e47e	[ci] Fix uploading assets to release Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `59ef3296f0`)	2025-04-24 15:03:32 +03:00
Andrei Kvapil	d70cdfd854	[Backport release-0.30] [postgres] remove douplicated template from backup manifest (#874 ) # Description Backport of #872 to `release-0.30`.	2025-04-24 11:40:08 +02:00
Ian Simon	dfe5b937ac	[postgres] remove douplicated template from backup manifest Signed-off-by: Ian Simon <cheatmaster114@gmail.com> (cherry picked from commit `19409d801d`)	2025-04-24 09:34:46 +00:00
Andrei Kvapil	cde49eb055	[Backport release-0.30] [ci,dx] Suppress wget progress bar (#868 ) Backport of #865 to release 0.30	2025-04-23 18:08:26 +02:00
Timofei Larkin	77648f1716	Suppress wget progress bar (#865 ) In our CI wget spams thousands of lines of the progress bar into the output, making it hard to read. Turns out, it doesn't have an option to just remove the progress bar, but explicitly directing wget's log to stdout and invoking --show-progress sends that to stderr which we redirect to dev/null. The downloaded size is still reported at regular intervals, but --progress=dot:giga shortens that to one line per 32M which is manageable. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Improved file download process to display clearer progress updates during downloads. <!-- end of auto-generated comment: release notes by coderabbit.ai --> (cherry picked from commit `07d7fadb1a`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 19:01:19 +03:00
Andrei Kvapil	a9cbed9617	[Backport release-0.30] [virtual-machine] Fix: Add GPU names to virtual machines spec (#864 ) # Description Backport of #862 to `release-0.30`.	2025-04-23 16:41:10 +02:00
Nick Volynkin	05729ebb07	[backport] Backport several patches to 0.30.x (#852 ) Cherry-picking patches that came before https://github.com/cozystack/cozystack/pull/841 was merged. * Used `git cherry-pick -x -m1 <sha1>` on merge commits of respective pull requests. * Added `Co-authored-by` where the author of the changes was not the one who merged the PR (and authored the merge commit). Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:34:37 +03:00
Andrei Kvapil	baf1bd9bfe	[virtual-machine] Fix: Add GPU names to virtual machines spec Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `8547dc3b21`)	2025-04-23 14:26:23 +00:00
klinch0	6f3aa9abbe	[kubernetes] Fix tenant addons removal (#835 ) Backport of #835 New Features - Expanded the pre-delete operation to target additional components, including cert-manager and vertical pod autoscaler resources. Chores - Updated chart version to 0.18.1 and revised version mappings for improved tracking. (cherry picked from commit `ccedcb7419`) Co-authored-by: Andrei Kvapil <kvapss@gmail.com> Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:56 +03:00
Andrei Kvapil	b70df68a5d	[monitoring] Drop legacy label condition. (#826 ) Backport of #826 Updated dashboard metrics filters to exclude containers with empty names instead of specifically excluding containers named "POD". This change applies to all relevant CPU, memory, network, and storage metrics across capacity planning, controller, namespace, namespaces, and pod dashboards. No other dashboard functionality or structure was changed. (cherry picked from commit `277b438f68`) Co-authored-by: Denis Seleznev <kto.3decb@gmail.com> Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:56 +03:00
Andrei Kvapil	9257dfe230	[ci] Fix checkout and improve error output for gen_versions_map.sh (#845 ) Backport of #845 to release-v0.30 Third attempt to fix https://github.com/cozystack/cozystack/pull/842 and https://github.com/cozystack/cozystack/pull/836 tested in https://github.com/cozystack/cozystack/actions/runs/14599981710/job/40955508728?pr=808 Signed-off-by: Andrei Kvapil <kvapss@gmail.com> Chores - Improved GitHub Actions workflow to fetch full git history and tags during pre-commit checks. Refactor - Updated script behavior to display error messages when version extraction from git fails, making troubleshooting easier. (cherry picked from commit `a6b02bf381`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:56 +03:00
Andrei Kvapil	4a72cc4fa6	[ci] Fix escaping for gen_versions_map.sh script (#842 ) Backport of #842 to release-v0.30 second attept of https://github.com/cozystack/cozystack/pull/836 - Improved reliability of version generation by handling empty or special values safely in the process. (cherry picked from commit `e505857832`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:55 +03:00
klinch0	9ca2595bab	[ci] Fix escaping for gen_versions_map.sh script (#836 ) Backport of #836 fixes errors like this: ``` make: Entering directory '/home/runner/work/cozystack/cozystack/packages/apps' find . -maxdepth 2 -name Chart.yaml \| awk -F/ '{print $2}' \| while read i; do sed -i "s/^name: ./name: $i/" "$i/Chart.yaml"; done ../../hack/gen_versions_map.sh ../../hack/gen_versions_map.sh: 34: [: !=: unexpected operator fatal: Needed a single revision make: ** [Makefile:17: gen-versions-map] Error 128 make: Leaving directory '/home/runner/work/cozystack/cozystack/packages/apps' ``` https://github.com/cozystack/cozystack/actions/runs/14591720553/job/40928276862?pr=835 Improved reliability of version generation by handling empty or special values safely in the process. (cherry picked from commit `7a9a1fcba4`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-23 17:03:52 +03:00
Andrei Kvapil	2ba6059dbe	[Backport release-0.30] [tenant] Fix networkpolicy for accessing externalIPs from the cluster (#861 ) # Description Backport of #854 to `release-0.30`.	2025-04-23 14:48:40 +02:00
Andrei Kvapil	6f5e307415	Fix: networkpolicy for tenant to access from cluster Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `7bfad655c2`)	2025-04-23 12:48:04 +00:00
Andrei Kvapil	6c8d1138cd	[Backport release-0.30] [e2e] fix timeouts for capi and keycloak (#860 ) # Description Backport of #858 to `release-0.30`.	2025-04-23 14:26:51 +02:00
Andrei Kvapil	2c4bd23f9f	[e2e] fix timeouts for capi and keycloak Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `1c53a6f9f6`)	2025-04-23 12:26:27 +00:00
Andrei Kvapil	3445e2d23f	[Backport release-0.30] [ci] Enable release-candidates and backport functionality (#853 ) # Description Backport of #841 to `release-0.30`.	2025-04-23 12:23:54 +02:00
Andrei Kvapil	abddefb1b0	[ci] Enable release-candidates and backport functionality Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `63ebab5c2a`)	2025-04-23 10:07:01 +00:00
Andrei Kvapil	f78aefda8f	[platform]: make lower resource request for capi-kamaji-controller-manager (#839 ) Backport of #825 cherry picked from commit `a14bcf98dd`	2025-04-22 17:47:47 +02:00
Andrei Kvapil	ad3684508f	[platform]: make lower resource request for capi-kamaji-controller-manager (#825 ) (cherry picked from commit `a14bcf98dd`) Signed-off-by: Nick Volynkin <nick.volynkin@gmail.com>	2025-04-22 15:09:37 +03:00
Andrei Kvapil	7ca8ff0e69	[ci] Fix matching tag for release branch (#805 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated the automated release process to format version tags with a "v" prefix for consistent version naming. - Performed minor cleanup to improve overall code clarity. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-04-18 00:49:09 +02:00
Andrei Kvapil	721c12a758	Release v0.30.3 (#821 ) This PR prepares the release `v0.30.3`. (Please merge it before releasing draft)	2025-04-18 00:44:01 +02:00
kvaps	9f63cbbb5a	Prepare release v0.30.3 Signed-off-by: github-actions <github-actions@github.com>	2025-04-17 21:59:15 +00:00
Andrei Kvapil	e8e911fea1	[ci] Fix: do not run tests in case of release skipped (#822 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-04-17 23:32:25 +02:00
Andrei Kvapil	2b23300f25	[ci] Revert: Workflows: Use real username to commit changes and fix assets (#823 ) Let's revert `3c511023f3`, because DCO don't like such commits	2025-04-17 23:32:21 +02:00
Andrei Kvapil	53c5c8223c	[ci] Update pipeline for patch releases (#816 ) This PR includes the following changes: * Do not remove version tag as part of releasing pipeline * Overwrite tag only by fact of merging releasing pull request * Automatically detect merge base and prepare pull request for this base * Allow to run pipeline only for tags created on `main` and `release-X.Y` branches Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Improved workflow reliability by forcing Git tag creation and push to overwrite existing tags if necessary. - Enhanced workflow documentation with detailed, numbered comments for greater clarity. - Updated tag-based workflow to dynamically determine the base branch, ensuring only valid branches are used. - Removed the automatic deletion of pushed tags in the workflow. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-04-17 23:32:09 +02:00
Andrei Kvapil	96ea3a5d1f	[monitoring] fix vpa for vmagent delete resources (#820 ) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated resource allocation settings for monitoring agents by removing predefined CPU and memory limits. - Added an option to specify separate resource settings for the config reloader component. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-04-17 23:20:16 +02:00
Andrei Kvapil	159b87d593	Release v0.30.2 (#813 ) This PR prepares the release `v0.30.2`. (Please merge it before releasing draft)	2025-04-17 23:19:03 +02:00
`@@ -1 +1 @@`
	`* @kvaps @lllamnyp @klinch0`	`* @kvaps @lllamnyp`
`@@ -1 +1 @@`
	`ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:4e1f5153d2673a399b315252238f4dc3eb5d6c59295aef594691710cc5b72eb4`	`ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:2e72835a1dcf222038fb5cb343d59f7e60b5c1adf1bf93ca123a8a660e27bcbc`
`@@ -1 +1 @@`
	`ghcr.io/cozystack/cozystack/cluster-autoscaler:0.19.0@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3`	`ghcr.io/cozystack/cozystack/cluster-autoscaler:0.18.1@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3`
`@@ -1 +1 @@`
	`ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.19.0@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9`	`ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.18.1@sha256:af456f75b9bda2ca23e114dcf7f3ba6d4da6a4cf83105c92c9ab2b1ac3615f63`
`@@ -1 +1 @@`
	`ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.19.0@sha256:5717919c75e609902c6d67138311a2a8fd07be822e2173f3802b67cf5f3486e9`	`ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.18.1@sha256:5f59b1987bdbd1b7271c4d46552bb0780d60cabfef02c29abb962b06f1386f35`
`@@ -1 +1 @@`
	`ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:4a4f8bee150e04d1efcd5ff1ea83e12f495a98851cc5fd47ef41ac7aebce9b74`	`ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:fb5e09edf7b3fa5849b0c0f3f4ff5657a41fcbd97444704254deafd6b36f0992`
`@@ -1,2 +1,2 @@`
	`cozystack:`	`cozystack:`
	`image: ghcr.io/cozystack/cozystack/installer:v0.31.0-rc.1@sha256:ab0e8fd97632ba784a42a3d0714806ea327440f82ffa5c4896a87c5fb7c1ec6e`	`image: ghcr.io/cozystack/cozystack/installer:v0.30.6@sha256:d16944b050f044b4bd95d396b9a2c07933d40a8285dc286a6b989b57a58a3999`
`@@ -1,2 +1,2 @@`
	`e2e:`	`e2e:`
	`image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.0-rc.1@sha256:a20a6834527ccfc8daf7413a15234f3f7dbbd7774810c8e1966736d487ef7d0c`	`image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.6@sha256:3e6fe802702a59f495f75415863a8a3b075971e4e6a62dbb0bfd41300e357485`
`@@ -1 +1 @@`
	`ghcr.io/cozystack/cozystack/matchbox:v0.31.0-rc.1@sha256:de69166fd6efec988cad7ad5be41bbb57c8134508c531d7496fc7f15772e4993`	`ghcr.io/cozystack/cozystack/matchbox:v0.30.6@sha256:5cfcc7501be3088657a77796e3871e896953d0a8b825c301fb56dfa93e93586c`