Add basic topologySpreadConstraints

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

hack/gen_versions_map.sh

@@ -20,9 +20,28 @@ miss_map=$(echo "$new_map" | awk 'NR==FNR { new_map[$1 " " $2] = $3; next } { if
 resolved_miss_map=$(
   echo "$miss_map" | while read chart version commit; do
     if [ "$commit" = HEAD ]; then
-      line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
-      change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
-      commit=$(git describe --always "$change_commit~1")
+      line=$(awk '/^version:/ {print NR; exit}' "./$chart/Chart.yaml")
+      change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
+       
+      if [ "$change_commit" = "00000000" ]; then
+        # Not commited yet, use previus commit
+        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
+        commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
+        if [ $(echo $commit | cut -c1) = "^" ]; then
+          # Previus commit not exists
+          commit=$(echo $commit | cut -c2-)
+        fi
+      else
+        # Commited, but version_map wasn't updated
+        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
+        change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
+        if [ $(echo $change_commit | cut -c1) = "^" ]; then
+          # Previus commit not exists
+          commit=$(echo $change_commit | cut -c2-)
+        else
+          commit=$(git describe --always "$change_commit~1")
+        fi
+      fi
     fi
     echo "$chart $version $commit"
   done

hack/prepare_release.sh

@@ -1,25 +0,0 @@
-#!/bin/sh
-set -e
-
-if [ -e $1 ]; then
-  echo "Please pass version in the first argument"
-  echo "Example: $0 0.2.0"
-  exit 1
-fi
-
-version=$1
-talos_version=$(awk '/^version:/ {print $2}' packages/core/installer/images/talos/profiles/installer.yaml)
-
-set -x
-
-sed -i "/^TAG / s|=.*|= v${version}|" \
-  packages/apps/http-cache/Makefile \
-  packages/apps/kubernetes/Makefile \
-  packages/core/installer/Makefile \
-  packages/system/dashboard/Makefile
-
-sed -i "/^VERSION / s|=.*|= ${version}|" \
-  packages/core/Makefile \
-  packages/system/Makefile
-make -C packages/core fix-chartnames
-make -C packages/system fix-chartnames

manifests/cozystack-installer.yaml

@@ -15,13 +15,6 @@ metadata:
   namespace: cozy-system
 ---
 # Source: cozy-installer/templates/cozystack.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cozystack
-  namespace: cozy-system
----
-# Source: cozy-installer/templates/cozystack.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -70,7 +63,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.2.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -89,7 +82,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.2.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/Makefile

@@ -7,7 +7,7 @@ repo:
 	awk '$$3 != "HEAD" {print "mkdir -p $(TMP)/" $$1 "-" $$2}' versions_map | sh -ex
 	awk '$$3 != "HEAD" {print "git archive " $$3 " " $$1 " | tar -xf- --strip-components=1 -C $(TMP)/" $$1 "-" $$2 }' versions_map | sh -ex
 	helm package -d "$(OUT)" $$(find . $(TMP) -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")' | sort -V)
-	cd "$(OUT)" && helm repo index .
+	cd "$(OUT)" && helm repo index . --url http://cozystack.cozy-system.svc/repos/apps
 	rm -rf "$(TMP)"
 
 fix-chartnames:

packages/apps/clickhouse/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: clickhouse
+description: Managed ClickHouse service
+icon: https://cdn.worldvectorlogo.com/logos/clickhouse.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.2.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "24.3.0"

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -0,0 +1,36 @@
+apiVersion: "clickhouse.altinity.com/v1"
+kind: "ClickHouseInstallation"
+metadata:
+  name: "{{ .Release.Name }}"
+spec:
+  {{- with .Values.size }}
+  defaults:
+    templates:
+      dataVolumeClaimTemplate: data-volume-template
+  {{- end }}
+  configuration:
+    {{- with .Values.users }}
+    users:
+      {{- range $name, $u := . }}
+      {{ $name }}/password_sha256_hex: {{ sha256sum $u.password }}
+      {{ $name }}/profile: {{ ternary "readonly" "default" (index $u "readonly" | default false) }}
+      {{- end }}
+    {{- end }}
+    profiles:
+      readonly/readonly: "1"
+    clusters:
+      - name: "clickhouse"
+        layout:
+          shardsCount: {{ .Values.shards }}
+          replicasCount: {{ .Values.replicas }}
+  {{- with .Values.size }}
+  templates:
+    volumeClaimTemplates:
+      - name: data-volume-template
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: {{ . }}
+  {{- end }}

packages/apps/clickhouse/values.yaml

@@ -0,0 +1,10 @@
+size: 10Gi
+shards: 1
+replicas: 2
+
+users:
+  user1:
+    password: strongpassword
+  user2:
+    readonly: true
+    password: hackme

packages/apps/http-cache/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.25.3"

packages/apps/http-cache/Makefile

@@ -1,22 +1,20 @@
-PUSH := 1
-LOAD := 0
-REGISTRY := ghcr.io/aenix-io/cozystack
 NGINX_CACHE_TAG = v0.1.0
-TAG := v0.2.0
+
+include ../../../scripts/common-envs.mk
 
 image: image-nginx
 
 image-nginx:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/nginx-cache \
 		--provenance false \
-		--tag $(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG) \
-		--tag $(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG)-$(TAG) \
-		--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG) \
+		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)) \
+		--tag $(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/nginx-cache:latest \
 		--cache-to type=inline \
 		--metadata-file images/nginx-cache.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/nginx-cache:$(NGINX_CACHE_TAG)" > images/nginx-cache.tag
+	echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))" > images/nginx-cache.tag
 
 update:
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/chrislim2888/IP2Location-C-Library | awk -F'[/^]' 'END{print $$3}') && \

packages/apps/http-cache/images/nginx-cache.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:0487fc50bb5f870720b05e947185424a400fad38b682af8f1ca4b418ed3c5b4b",
-  "containerimage.digest": "sha256:be12f3834be0e2f129685f682fab83c871610985fc43668ce6a294c9de603798"
+  "containerimage.config.digest": "sha256:9eb68d2d503d7e22afc6fde2635f566fd3456bbdb3caad5dc9f887be1dc2b8ab",
+  "containerimage.digest": "sha256:1f44274dbc2c3be2a98e6cef83d68a041ae9ef31abb8ab069a525a2a92702bdd"
 }

packages/apps/http-cache/templates/haproxy/configmap.yaml

@@ -74,7 +74,7 @@ data:
         option redispatch 1
         default-server observe layer7 error-limit 10 on-error mark-down
 
-        {{- range $i, $e := until (int $.Values.replicas) }}
+        {{- range $i, $e := until (int $.Values.nginx.replicas) }}
         server cache{{ $i }} {{ $.Release.Name }}-nginx-cache-{{ $i }}:80 check
         {{- end }}
         {{- range $i, $e := $.Values.endpoints }} 

packages/apps/http-cache/templates/haproxy/deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: 2
+  replicas: {{ .Values.haproxy.replicas }}
   selector:
     matchLabels:
       app: {{ .Release.Name }}-haproxy

packages/apps/http-cache/templates/nginx/deployment.yaml

@@ -11,7 +11,7 @@ spec:
   selector:
     matchLabels:
       app: {{ $.Release.Name }}-nginx-cache
-{{- range $i := until 3 }}
+{{- range $i := until (int $.Values.nginx.replicas) }}
 ---
 apiVersion: apps/v1
 kind: Deployment

packages/apps/http-cache/values.yaml

@@ -1,4 +1,10 @@
 external: false
+
+haproxy:
+  replicas: 2
+nginx:
+  replicas: 2
+
 size: 10Gi
 endpoints:
   - 10.100.3.1:80

packages/apps/kafka/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: kafka
+description: Managed Kafka service
+icon: https://upload.wikimedia.org/wikipedia/commons/0/05/Apache_kafka.svg
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "3.7.0"

packages/apps/kafka/templates/kafka.yaml

@@ -0,0 +1,53 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: Kafka
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  kafka:
+    replicas: {{ .Values.replicas }}
+    listeners:
+      - name: plain
+        port: 9092
+        type: internal
+        tls: false
+      - name: tls
+        port: 9093
+        type: internal
+        tls: true
+      - name: external
+        port: 9094
+        {{- if .Values.external }}
+        type: loadbalancer
+        {{- else }}
+        type: internal
+        {{- end }}
+        tls: false
+    config:
+      offsets.topic.replication.factor: 3
+      transaction.state.log.replication.factor: 3
+      transaction.state.log.min.isr: 2
+      default.replication.factor: 3
+      min.insync.replicas: 2
+    storage:
+      type: jbod
+      volumes:
+      - id: 0
+        type: persistent-claim
+        {{- with .Values.kafka.size }}
+        size: {{ . }}
+        {{- end }}
+        deleteClaim: true
+  zookeeper:
+    replicas: {{ .Values.replicas }}
+    storage:
+      type: persistent-claim
+      {{- with .Values.zookeeper.size }}
+      size: {{ . }}
+      {{- end }}
+      deleteClaim: false
+  entityOperator:
+    topicOperator: {}
+    userOperator: {}

packages/apps/kafka/templates/topics.yaml

@@ -0,0 +1,17 @@
+{{- range $topic := .Values.topics }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: "{{ $.Release.Name }}-{{ kebabcase $topic.name }}"
+  labels:
+    strimzi.io/cluster: "{{ $.Release.Name }}"
+spec:
+  topicName: "{{ $topic.name }}"
+  partitions: 10
+  replicas: 3
+  {{- with $topic.config }}
+  config:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

packages/apps/kafka/values.yaml

@@ -0,0 +1,22 @@
+external: false
+kafka:
+  size: 10Gi
+  replicas: 3
+zookeeper:
+  size: 5Gi
+  replicas: 3
+
+topics:
+  - name: Results
+    partitions: 1
+    replicas: 3
+    config:
+      min.insync.replicas: 2
+  - name: Orders
+    config:
+      cleanup.policy: compact
+      segment.ms: 3600000
+      max.compaction.lag.ms: 5400000
+      min.insync.replicas: 2
+    partitions: 1
+    replicationFactor: 3

packages/apps/kubernetes/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.19.0"

packages/apps/kubernetes/Makefile

@@ -1,19 +1,17 @@
-PUSH := 1
-LOAD := 0
-REGISTRY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
 UBUNTU_CONTAINER_DISK_TAG = v1.29.1
 
+include ../../../scripts/common-envs.mk
+
 image: image-ubuntu-container-disk
 
 image-ubuntu-container-disk:
 	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/ubuntu-container-disk \
 		--provenance false \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG) \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG)-$(TAG) \
-		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)) \
+		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
 		--cache-to type=inline \
 		--metadata-file images/ubuntu-container-disk.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/ubuntu-container-disk:$(UBUNTU_CONTAINER_DISK_TAG)" > images/ubuntu-container-disk.tag
+	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))" > images/ubuntu-container-disk.tag

packages/apps/kubernetes/images/ubuntu-container-disk.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:43d0bfd01c5e364ba961f1e3dc2c7ccd7fd4ca65bd26bc8c4a5298d7ff2c9f4f",
-  "containerimage.digest": "sha256:908b3c186bee86f1c9476317eb6582d07f19776b291aa068e5642f8fd08fa9e7"
+  "containerimage.config.digest": "sha256:a7e8e6e35ac07bcf6253c9cfcf21fd3c315bd0653ad0427dd5f0cae95ffd3722",
+  "containerimage.digest": "sha256:c03bffeeb70fe7dd680d2eca3021d2405fbcd9961dd38437f5673560c31c72cc"
 }

packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml

@@ -15,6 +15,12 @@ spec:
       labels:
         app: {{ .Release.Name }}-cluster-autoscaler
     spec:
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: "NoSchedule"
       containers:
       - image: ghcr.io/kvaps/test:cluster-autoscaller
         name: cluster-autoscaler

packages/apps/kubernetes/templates/cluster.yaml

@@ -64,12 +64,13 @@ metadata:
     cluster.x-k8s.io/managed-by: kamaji
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
+{{- range $groupName, $group := .Values.nodeGroups }}
 ---
 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: KubeadmConfigTemplate
 metadata:
-  name: {{ .Release.Name }}-md-0
-  namespace: {{ .Release.Namespace }}
+  name: {{ $.Release.Name }}-{{ $groupName }}
+  namespace: {{ $.Release.Namespace }}
 spec:
   template:
     spec:
@@ -78,7 +79,7 @@ spec:
           kubeletExtraArgs: {}
         discovery:
           bootstrapToken:
-            apiServerEndpoint: {{ .Release.Name }}.{{ .Release.Namespace }}.svc:6443
+            apiServerEndpoint: {{ $.Release.Name }}.{{ $.Release.Namespace }}.svc:6443
       initConfiguration:
         skipPhases:
         - addon/kube-proxy
@@ -86,8 +87,8 @@ spec:
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtMachineTemplate
 metadata:
-  name: {{ .Release.Name }}-md-0
-  namespace: {{ .Release.Namespace }}
+  name: {{ $.Release.Name }}-{{ $groupName }}
+  namespace: {{ $.Release.Namespace }}
 spec:
   template:
     spec:
@@ -95,7 +96,7 @@ spec:
         checkStrategy: ssh
       virtualMachineTemplate:
         metadata:
-          namespace: {{ .Release.Namespace }}
+          namespace: {{ $.Release.Namespace }}
         spec:
           runStrategy: Always
           template:
@@ -103,7 +104,7 @@ spec:
               domain:
                 cpu:
                   threads: 1
-                  cores: 2
+                  cores: {{ $group.resources.cpu }}
                   sockets: 1
                 devices:
                   disks:
@@ -112,7 +113,7 @@ spec:
                     name: containervolume
                   networkInterfaceMultiqueue: true
                 memory:
-                  guest: 1024Mi
+                  guest: {{ $group.resources.memory }}
               evictionStrategy: External
               volumes:
               - containerDisk:
@@ -122,29 +123,28 @@ spec:
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: MachineDeployment
 metadata:
-  name: {{ .Release.Name }}-md-0
-  namespace: {{ .Release.Namespace }}
+  name: {{ $.Release.Name }}-{{ $groupName }}
+  namespace: {{ $.Release.Namespace }}
   annotations:
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "2"
-    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "0"
-    capacity.cluster-autoscaler.kubernetes.io/memory: "1024Mi"
-    capacity.cluster-autoscaler.kubernetes.io/cpu: "2"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-min-size: "{{ $group.minReplicas }}"
+    cluster.x-k8s.io/cluster-api-autoscaler-node-group-max-size: "{{ $group.maxReplicas }}"
+    capacity.cluster-autoscaler.kubernetes.io/memory: "{{ $group.resources.memory }}"
+    capacity.cluster-autoscaler.kubernetes.io/cpu: "{{ $group.resources.cpu }}"
 spec:
-  clusterName: {{ .Release.Name }}
-  selector:
-    matchLabels: null
+  clusterName: {{ $.Release.Name }}
   template:
     spec:
       bootstrap:
         configRef:
           apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
           kind: KubeadmConfigTemplate
-          name: {{ .Release.Name }}-md-0
+          name: {{ $.Release.Name }}-{{ $groupName }}
           namespace: default
-      clusterName: {{ .Release.Name }}
+      clusterName: {{ $.Release.Name }}
       infrastructureRef:
         apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
         kind: KubevirtMachineTemplate
-        name: {{ .Release.Name }}-md-0
+        name: {{ $.Release.Name }}-{{ $groupName }}
         namespace: default
-      version: v1.23.10
+      version: v1.29.0
+{{- end }}

packages/apps/kubernetes/templates/csi/deploy.yaml

@@ -16,12 +16,10 @@ spec:
     spec:
       serviceAccountName: {{ .Release.Name }}-kcsi
       priorityClassName: system-cluster-critical
-      nodeSelector:
-        node-role.kubernetes.io/control-plane: ""
       tolerations:
         - key: CriticalAddonsOnly
           operator: Exists
-        - key: node-role.kubernetes.io/master
+        - key: node-role.kubernetes.io/control-plane
           operator: Exists
           effect: "NoSchedule"
       containers:

packages/apps/kubernetes/templates/helmreleases/delete.yaml

@@ -12,6 +12,12 @@ spec:
     spec:
       serviceAccountName: {{ .Release.Name }}-flux-teardown
       restartPolicy: Never
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: "NoSchedule"
       containers:
         - name: kubectl
           image: docker.io/clastix/kubectl:v1.29.1

packages/apps/kubernetes/templates/kccm/manager.yaml

@@ -14,6 +14,12 @@ spec:
       labels:
         k8s-app: {{ .Release.Name }}-kccm
     spec:
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: "NoSchedule"
       containers:
       - name: kubevirt-cloud-controller-manager
         args:

packages/apps/kubernetes/values.schema.json

@@ -1,11 +0,0 @@
-{
-  "$schema": "http://json-schema.org/schema#",
-  "type": "object",
-  "properties": {
-    "host": {
-      "type": "string",
-      "title": "Domain name for this kubernetes cluster",
-      "description": "This host will be used for all apps deployed in this tenant"
-    }
-  }
-}

packages/apps/kubernetes/values.yaml

@@ -1 +1,10 @@
 host: ""
+controlPlane:
+  replicas: 2
+nodeGroups:
+  md0:
+    minReplicas: 0
+    maxReplicas: 10
+    resources:
+      cpu: 2
+      memory: 1024Mi

packages/apps/mysql/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "11.0.2"

packages/apps/mysql/templates/mariadb.yaml

@@ -12,7 +12,7 @@ spec:
 
   port: 3306
 
-  replicas: 2
+  replicas: {{ .Values.replicas }}
   affinity:
     podAntiAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -28,11 +28,13 @@ spec:
             - {{ .Release.Name }}
         topologyKey: "kubernetes.io/hostname"
 
+  {{- if gt (int .Values.replicas) 1 }}
   replication:
     enabled: true
     #primary:
     #  podIndex: 0
     #  automaticFailover: true
+  {{- end }}
 
   metrics:
     enabled: true

packages/apps/mysql/values.yaml

@@ -1,6 +1,8 @@
 external: false
 size: 10Gi
 
+replicas: 2
+
 users:
   root:
     password: strongpassword

packages/apps/postgres/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "16.2"

packages/apps/postgres/templates/db.yaml

@@ -4,7 +4,7 @@ kind: Cluster
 metadata:
   name: {{ .Release.Name }}
 spec:
-  instances: 2
+  instances: {{ .Values.replicas }}
   enableSuperuserAccess: true
 
   postgresql:

packages/apps/postgres/values.yaml

@@ -1,5 +1,6 @@
 external: false
 size: 10Gi
+replicas: 2
 
 users:
   user1:

packages/apps/rabbitmq/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "3.12.2"

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -6,7 +6,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: 3
+  replicas: {{ .Values.replicas }}
   {{- if .Values.external }}
   service:
     type: LoadBalancer

packages/apps/rabbitmq/values.schema.json

@@ -5,6 +5,10 @@
     "external": {
       "type": "boolean",
       "title": "Enable external Access"
+    },
+    "replicas": {
+      "type": "integer",
+      "title": "Replicas"
     }
   }
 }

packages/apps/rabbitmq/values.yaml

@@ -1 +1,2 @@
+replicas: 3
 external: false

packages/apps/redis/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "6.2.6"

packages/apps/redis/templates/redisfailover.yaml

@@ -14,7 +14,7 @@ spec:
       limits:
         memory: 100Mi
   redis:
-    replicas: 3
+    replicas: {{ .Values.replicas }}
     resources:
       requests:
         cpu: 150m

packages/apps/redis/values.schema.json

@@ -9,6 +9,10 @@
     "size": {
       "type": "string",
       "title": "Disk Size"
+    },
+    "replicas": {
+      "type": "integer",
+      "title": "Replicas"
     }
   }
 }

packages/apps/redis/values.yaml

@@ -1,2 +1,3 @@
+replicas: 2
 external: false
 size: 5Gi

packages/apps/tcp-balancer/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "2.9.7"

packages/apps/tcp-balancer/templates/deployment.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  replicas: 2
+  replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
       app: {{ .Release.Name }}-haproxy

packages/apps/tcp-balancer/values.yaml

@@ -1,4 +1,5 @@
 external: false
+replicas: 2
 httpAndHttps:
   mode: tcp
   targetPorts:

packages/apps/versions_map

@@ -1,15 +1,26 @@
-http-cache 0.1.0 HEAD
-kubernetes 0.1.0 HEAD
+clickhouse 0.1.0 ca79f72
+clickhouse 0.2.0 HEAD
+http-cache 0.1.0 a956713
+http-cache 0.2.0 HEAD
+kafka 0.1.0 HEAD
+kubernetes 0.1.0 f642698
+kubernetes 0.2.0 HEAD
 mysql 0.1.0 f642698
-mysql 0.2.0 HEAD
-postgres 0.1.0 HEAD
-rabbitmq 0.1.0 HEAD
-redis 0.1.1 HEAD
-tcp-balancer 0.1.0 HEAD
+mysql 0.2.0 8b975ff0
+mysql 0.3.0 HEAD
+postgres 0.1.0 f642698
+postgres 0.2.0 HEAD
+rabbitmq 0.1.0 f642698
+rabbitmq 0.2.0 HEAD
+redis 0.1.1 f642698
+redis 0.2.0 HEAD
+tcp-balancer 0.1.0 f642698
+tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
 tenant 0.1.4 d200480
 tenant 0.1.5 e3ab858
 tenant 1.0.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 HEAD
-vpn 0.1.0 HEAD
+vpn 0.1.0 f642698
+vpn 0.2.0 HEAD

packages/apps/vpn/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vpn
-description: Establish a connection from your computer
+description: Managed VPN service
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Outline_VPN_icon.png/600px-Outline_VPN_icon.png
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.8.1"

packages/apps/vpn/templates/deployment.yaml

@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
   name: {{ .Release.Name }}-vpn
 spec:
-  replicas: 2
+  replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
       app: {{ .Release.Name }}-vpn

packages/apps/vpn/values.yaml

@@ -1,4 +1,5 @@
 external: false
+replicas: 2
 
 users:
   user1:

packages/core/Makefile

@@ -1,6 +0,0 @@
-VERSION := 0.2.0
-
-gen: fix-chartnames
-	
-fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: $(VERSION)\n" "$$i" > "$$i/Chart.yaml"; done

packages/core/fluxcd/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-fluxcd
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/core/fluxcd/Makefile

@@ -1,5 +1,5 @@
-NAMESPACE=cozy-fluxcd
 NAME=fluxcd
+NAMESPACE=cozy-$(NAME)
 
 API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
 

packages/core/installer/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-installer
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/core/installer/Makefile

@@ -1,11 +1,10 @@
-NAMESPACE=cozy-system
 NAME=installer
-PUSH := 1
-LOAD := 0
-REGISTRY := ghcr.io/aenix-io/cozystack
-TAG := v0.2.0
+NAMESPACE=cozy-system
+
 TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml)
 
+include ../../../scripts/common-envs.mk
+
 show:
 	helm template -n $(NAMESPACE) $(NAME) .
 
@@ -24,37 +23,37 @@ image-cozystack:
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
-		--tag $(REGISTRY)/cozystack:$(TAG) \
-		--cache-from type=registry,ref=$(REGISTRY)/cozystack:$(TAG) \
+		--tag $(REGISTRY)/cozystack:$(call settag,$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/cozystack:latest \
 		--cache-to type=inline \
 		--metadata-file images/cozystack.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/cozystack:$(TAG)" > images/cozystack.tag
+	echo "$(REGISTRY)/cozystack:$(call settag,$(TAG))" > images/cozystack.tag
 
 image-talos:
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
 	docker load -i ../../../_out/assets/installer-amd64.tar
-	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) ghcr.io/aenix-io/cozystack/talos:$(TALOS_VERSION)
-	docker push ghcr.io/aenix-io/cozystack/talos:$(TALOS_VERSION)
+	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION))
+	docker push ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION))
 
 image-matchbox:
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
 	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
 		--provenance false \
-		--tag $(REGISTRY)/matchbox:$(TAG) \
-		--tag $(REGISTRY)/matchbox:$(TALOS_VERSION)-$(TAG) \
-		--cache-from type=registry,ref=$(REGISTRY)/matchbox:$(TALOS_VERSION) \
+		--tag $(REGISTRY)/matchbox:$(call settag,$(TAG)) \
+		--tag $(REGISTRY)/matchbox:$(call settag,$(TALOS_VERSION)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/matchbox:latest \
 		--cache-to type=inline \
 		--metadata-file images/matchbox.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/matchbox:$(TALOS_VERSION)" > images/matchbox.tag
+	echo "$(REGISTRY)/matchbox:$(call settag,$(TALOS_VERSION))" > images/matchbox.tag
 
-assets: talos-iso
+assets: talos-iso talos-nocloud
 
-talos-initramfs talos-kernel talos-installer talos-iso:
+talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud:
 	mkdir -p ../../../_out/assets
 	cat images/talos/profiles/$(subst talos-,,$@).yaml | \
 		docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \

packages/core/installer/hack/gen-profiles.sh

@@ -2,7 +2,7 @@
 set -e
 set -u
 
-PROFILES="initramfs kernel iso installer"
+PROFILES="initramfs kernel iso installer nocloud"
 FIRMWARES="amd-ucode amdgpu-firmware bnx2-bnx2x i915-ucode intel-ice-firmware intel-ucode qlogic-firmware"
 EXTENSIONS="drbd zfs"
 
@@ -32,6 +32,14 @@ done
 
 for profile in $PROFILES; do
   echo "writing profile images/talos/profiles/$profile.yaml"
+  if [ "$profile" = "nocloud" ]; then
+    image_options="{ diskSize: 1306525696, diskFormat: raw }"
+    out_format=".xz"
+  else
+    image_options="{}"
+    out_format="raw"
+  fi
+
   cat > images/talos/profiles/$profile.yaml <<EOT
 # this file generated by hack/gen-profiles.sh
 # do not edit it
@@ -58,6 +66,7 @@ input:
     - imageRef: ghcr.io/siderolabs/zfs:${ZFS_VERSION}
 output:
   kind: ${profile}
-  outFormat: raw
+  imageOptions: ${image_options}
+  outFormat: ${out_format}
 EOT
 done

packages/core/installer/images/cozystack.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:326a169fb5d4277a5c3b0359e0c885b31d1360b58475bbc316be1971c710cd8d",
-  "containerimage.digest": "sha256:a608bdb75b3e06f6365f5f0b3fea82ac93c564d11f316f17e3d46e8a497a321d"
+  "containerimage.config.digest": "sha256:2474ace34da2ef40ac45fe0b953ffd0932e30680cdf574f353ce3bd6c39dbe9b",
+  "containerimage.digest": "sha256:4dd7fb090e817cd75dcde39e801670f779ec15077be704f1188e8fb986955983"
 }

packages/core/installer/images/cozystack.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cozystack:v0.2.0
+ghcr.io/aenix-io/cozystack/cozystack:v0.4.0

packages/core/installer/images/matchbox.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:dc584f743bb73e04dcbebca7ab4f602f2c067190fd9609c3fd84412e83c20445",
-  "containerimage.digest": "sha256:39ab0bf769b269a8082eeb31a9672e39caa61dd342ba2157b954c642f54a32ff"
+  "containerimage.config.digest": "sha256:f0739211f7a0614aeb981a1d810a2e6d44f8f4d1c927712db1b3c75168ab8d2a",
+  "containerimage.digest": "sha256:ff20cd22d7bead74ad40110b174905ddea837341ffa8919d4f3df49390a1460e"
 }

packages/core/installer/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/matchbox:v1.6.4
+ghcr.io/aenix-io/cozystack/matchbox:v1.7.1

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: initramfs
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: installer
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: iso
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: kernel
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: amd64
+platform: metal
+secureboot: false
+version: v1.7.1
+input:
+  kernel:
+    path: /usr/install/amd64/vmlinuz
+  initramfs:
+    path: /usr/install/amd64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
+output:
+  kind: nocloud
+  imageOptions: { diskSize: 1306525696, diskFormat: raw }
+  outFormat: .xz

packages/core/installer/templates/cozystack.yaml

@@ -12,12 +12,6 @@ metadata:
   name: cozystack
   namespace: cozy-system
 ---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cozystack
-  namespace: cozy-system
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

packages/core/platform/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-platform
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/core/platform/Makefile

@@ -1,5 +1,5 @@
-NAMESPACE=cozy-system
 NAME=platform
+NAMESPACE=cozy-system
 
 API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
 

packages/core/platform/bundles/distro-full.yaml

@@ -52,6 +52,12 @@ releases:
   privileged: true
   dependsOn: [cilium]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cilium,cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator
@@ -70,6 +76,18 @@ releases:
   namespace: cozy-postgres-operator
   dependsOn: [cilium,cert-manager]
 
+- name: kafka-operator
+  releaseName: kafka-operator
+  chart: cozy-kafka-operator
+  namespace: cozy-kafka-operator
+  dependsOn: [cilium,kubeovn]
+
+- name: clickhouse-operator
+  releaseName: clickhouse-operator
+  chart: cozy-clickhouse-operator
+  namespace: cozy-clickhouse-operator
+  dependsOn: [cilium,kubeovn]
+
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator
   chart: cozy-rabbitmq-operator

packages/core/platform/bundles/distro-hosted.yaml

@@ -26,6 +26,12 @@ releases:
   privileged: true
   dependsOn: [victoria-metrics-operator]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator
@@ -44,6 +50,18 @@ releases:
   namespace: cozy-postgres-operator
   dependsOn: [cert-manager]
 
+- name: kafka-operator
+  releaseName: kafka-operator
+  chart: cozy-kafka-operator
+  namespace: cozy-kafka-operator
+  dependsOn: [cilium,kubeovn]
+
+- name: clickhouse-operator
+  releaseName: clickhouse-operator
+  chart: cozy-clickhouse-operator
+  namespace: cozy-clickhouse-operator
+  dependsOn: [cilium,kubeovn]
+
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator
   chart: cozy-rabbitmq-operator

packages/core/platform/bundles/paas-full.yaml

@@ -81,6 +81,12 @@ releases:
   privileged: true
   dependsOn: [cilium,kubeovn]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cilium,kubeovn,cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator
@@ -99,6 +105,18 @@ releases:
   namespace: cozy-postgres-operator
   dependsOn: [cilium,kubeovn,cert-manager]
 
+- name: kafka-operator
+  releaseName: kafka-operator
+  chart: cozy-kafka-operator
+  namespace: cozy-kafka-operator
+  dependsOn: [cilium,kubeovn]
+
+- name: clickhouse-operator
+  releaseName: clickhouse-operator
+  chart: cozy-clickhouse-operator
+  namespace: cozy-clickhouse-operator
+  dependsOn: [cilium,kubeovn]
+
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator
   chart: cozy-rabbitmq-operator

packages/core/platform/bundles/paas-hosted.yaml

@@ -26,6 +26,12 @@ releases:
   privileged: true
   dependsOn: [victoria-metrics-operator]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator
@@ -44,6 +50,18 @@ releases:
   namespace: cozy-postgres-operator
   dependsOn: [cert-manager]
 
+- name: kafka-operator
+  releaseName: kafka-operator
+  chart: cozy-kafka-operator
+  namespace: cozy-kafka-operator
+  dependsOn: [cilium,kubeovn]
+
+- name: clickhouse-operator
+  releaseName: clickhouse-operator
+  chart: cozy-clickhouse-operator
+  namespace: cozy-clickhouse-operator
+  dependsOn: [cilium,kubeovn]
+
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator
   chart: cozy-rabbitmq-operator

packages/core/platform/templates/helmreleases.yaml

@@ -23,9 +23,11 @@ spec:
   interval: 1m
   releaseName: {{ $x.releaseName | default $x.name }}
   install:
+    crds: CreateReplace
     remediation:
       retries: -1
   upgrade:
+    crds: CreateReplace
     remediation:
       retries: -1
   chart:

packages/extra/Makefile

@@ -7,7 +7,7 @@ repo:
 	awk '$$3 != "HEAD" {print "mkdir -p $(TMP)/" $$1 "-" $$2}' versions_map | sh -ex
 	awk '$$3 != "HEAD" {print "git archive " $$3 " " $$1 " | tar -xf- --strip-components=1 -C $(TMP)/" $$1 "-" $$2 }' versions_map | sh -ex
 	helm package -d "$(OUT)" $$(find . $(TMP) -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")' | sort -V)
-	cd "$(OUT)" && helm repo index .
+	cd "$(OUT)" && helm repo index . --url http://cozystack.cozy-system.svc/repos/extra
 	rm -rf "$(TMP)"
 
 fix-chartnames:

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: https://www.svgrepo.com/show/353714/etcd.svg
 type: application
-version: 1.0.0
+version: 2.0.0

packages/extra/etcd/templates/datastore.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: kamaji.clastix.io/v1alpha1
+kind: DataStore
+metadata:
+  name: {{ .Release.Namespace }}
+spec:
+  driver: etcd
+  endpoints:
+  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc:2379
+  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc:2379
+  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc:2379
+  tlsConfig:
+    certificateAuthority:
+      certificate:
+        secretReference:
+          keyPath: tls.crt
+          name: etcd-ca-tls
+          namespace: {{ .Release.Namespace }}
+      privateKey:
+        secretReference:
+          keyPath: tls.key
+          name: etcd-ca-tls
+          namespace: {{ .Release.Namespace }}
+    clientCertificate:
+      certificate:
+        secretReference:
+          keyPath: tls.crt
+          name: etcd-client-tls
+          namespace: {{ .Release.Namespace }}
+      privateKey:
+        secretReference:
+          keyPath: tls.key
+          name: etcd-client-tls
+          namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etcd-ca-tls
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/resource-policy: keep
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etcd-client-tls
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/resource-policy: keep

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -0,0 +1,176 @@
+---
+apiVersion: etcd.aenix.io/v1alpha1
+kind: EtcdCluster
+metadata:
+  name: etcd
+spec:
+  storage: {}
+  security:
+    tls:
+      peerTrustedCASecret: etcd-peer-ca-tls
+      peerSecret: etcd-peer-tls
+      serverSecret: etcd-server-tls
+      clientTrustedCASecret: etcd-ca-tls
+      clientSecret: etcd-client-tls
+  podTemplate:
+    spec:
+      topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: "kubernetes.io/hostname"
+        whenUnsatisfiable: ScheduleAnyway
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/instance: etcd
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-selfsigning-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-peer-ca
+spec:
+  isCA: true
+  usages:
+  - "signing"
+  - "key encipherment"
+  - "cert sign"
+  commonName: etcd-peer-ca
+  subject:
+    organizations:
+      - ACME Inc.
+    organizationalUnits:
+      - Widgets
+  secretName: etcd-peer-ca-tls
+  privateKey:
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-selfsigning-issuer
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-ca
+spec:
+  isCA: true
+  usages:
+  - "signing"
+  - "key encipherment"
+  - "cert sign"
+  commonName: etcd-ca
+  subject:
+    organizations:
+      - ACME Inc.
+    organizationalUnits:
+      - Widgets
+  secretName: etcd-ca-tls
+  privateKey:
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-selfsigning-issuer
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-peer-issuer
+spec:
+  ca:
+    secretName: etcd-peer-ca-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-issuer
+spec:
+  ca:
+    secretName: etcd-ca-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-server
+spec:
+  secretName: etcd-server-tls
+  isCA: false
+  usages:
+    - "server auth"
+    - "signing"
+    - "key encipherment"
+  dnsNames:
+  - etcd-0
+  - etcd-0.etcd-headless
+  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-1
+  - etcd-1.etcd-headless
+  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-2
+  - etcd-2.etcd-headless
+  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
+  - localhost
+  - "127.0.0.1"
+  privateKey:
+    rotationPolicy: Always
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-peer
+spec:
+  secretName: etcd-peer-tls
+  isCA: false
+  usages:
+    - "server auth"
+    - "client auth"
+    - "signing"
+    - "key encipherment"
+  dnsNames:
+  - etcd-0
+  - etcd-0.etcd-headless
+  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-1
+  - etcd-1.etcd-headless
+  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-2
+  - etcd-2.etcd-headless
+  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
+  - localhost
+  - "127.0.0.1"
+  privateKey:
+    rotationPolicy: Always
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-peer-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-client
+spec:
+  commonName: root
+  secretName: etcd-client-tls
+  usages:
+  - "signing"
+  - "key encipherment"
+  - "client auth"
+  privateKey:
+    rotationPolicy: Always
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-issuer
+    kind: Issuer

packages/extra/etcd/templates/kamaji-etcd.yaml

@@ -1,19 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: kamaji-etcd
-spec:
-  chart:
-    spec:
-      chart: cozy-kamaji-etcd
-      reconcileStrategy: Revision
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-system
-        namespace: cozy-system
-      version: '*'
-  interval: 1m0s
-  timeout: 5m0s
-  values:
-    kamaji-etcd:
-      fullnameOverride: etcd

packages/extra/monitoring/templates/grafana/grafana.yaml

@@ -67,7 +67,7 @@ spec:
   ingress:
     metadata:
       annotations:
-        kubernetes.io/ingress.class: "{{ $ingress }}"
+        acme.cert-manager.io/http01-ingress-class: "{{ $ingress }}"
         cert-manager.io/cluster-issuer: letsencrypt-prod
     spec:
       ingressClassName: "{{ $ingress }}"

packages/extra/versions_map

@@ -1,3 +1,4 @@
-etcd 1.0.0 HEAD
+etcd 1.0.0 f7eaab0
+etcd 2.0.0 HEAD
 ingress 1.0.0 HEAD
 monitoring 1.0.0 HEAD

packages/system/Makefile

@@ -1,13 +1,12 @@
 OUT=../../_out/repos/system
-VERSION := 0.2.0
 
-gen: fix-chartnames
+include ../../scripts/common-envs.mk
 
-repo: fix-chartnames
+repo:
 	rm -rf "$(OUT)"
 	mkdir -p "$(OUT)"
-	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")')
+	helm package -d "$(OUT)" $$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') --version $(VERSION)
 	cd "$(OUT)" && helm repo index .
 
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do printf "name: cozy-%s\nversion: $(VERSION)\n" "$$i" > "$$i/Chart.yaml"; done
+	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done

packages/system/capi-operator/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-capi-operator
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/capi-operator/Makefile

@@ -1,14 +1,7 @@
 NAME=capi-operator
 NAMESPACE=cozy-cluster-api
 
-show:
-	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
-
-apply:
-	helm upgrade -i -n $(NAMESPACE) $(NAME) .
-
-diff:
-	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
+include ../../../scripts/package-system.mk
 
 update:
 	rm -rf charts

packages/system/capi-providers/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-capi-providers
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/capi-providers/Makefile

@@ -1,11 +1,4 @@
 NAME=capi-providers
 NAMESPACE=cozy-cluster-api
 
-show:
-	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
-
-apply:
-	helm upgrade -i -n $(NAMESPACE) $(NAME) .
-
-diff:
-	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
+include ../../../scripts/package-system.mk

packages/system/capi-providers/templates/providers.yaml

@@ -13,7 +13,7 @@ spec:
   deployment:
     containers:
     - name: manager
-      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.6.0-fix7
+      imageUrl: ghcr.io/kvaps/test:cluster-api-control-plane-provider-kamaji-v0.7.1-fix
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
 kind: BootstrapProvider

packages/system/cert-manager-issuers/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-cert-manager-issuers
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/cert-manager-issuers/Makefile

@@ -1,11 +1,4 @@
 NAME=cert-manager-issuers
 NAMESPACE=cozy-cert-manager
 
-show:
-	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
-
-apply:
-	helm upgrade -i -n $(NAMESPACE) $(NAME) .
-
-diff:
-	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
+include ../../../scripts/package-system.mk

packages/system/cert-manager/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-cert-manager
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/cert-manager/Makefile

@@ -1,14 +1,7 @@
 NAME=cert-manager
-NAMESPACE=cozy-cert-manager
+NAMESPACE=cozy-$(NAME)
 
-show:
-	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
-
-apply:
-	helm upgrade -i -n $(NAMESPACE) $(NAME) .
-
-diff:
-	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
+include ../../../scripts/package-system.mk
 
 update:
 	rm -rf charts

packages/system/cilium/Chart.yaml

@@ -1,2 +1,3 @@
+apiVersion: v2
 name: cozy-cilium
-version: 0.2.0
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/cilium/Makefile

@@ -1,14 +1,7 @@
-NAMESPACE=cozy-cilium
 NAME=cilium
+NAMESPACE=cozy-$(NAME)
 
-show:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm template --dry-run=server -n $(NAMESPACE) $(NAME) . -f -
-
-apply:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm upgrade -i -n $(NAMESPACE) $(NAME) . -f -
-
-diff:
-	kubectl get hr -n cozy-cilium cilium -o jsonpath='{.spec.values}' | helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) . -f -
+include ../../../scripts/package-system.mk
 
 update:
 	rm -rf charts

packages/system/clickhouse-operator/Chart.yaml

@@ -0,0 +1,3 @@
+apiVersion: v2
+name: cozy-clickhouse-operator
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/clickhouse-operator/Makefile

@@ -0,0 +1,10 @@
+NAME=clickhouse-operator
+NAMESPACE=cozy-clickhouse-operator
+
+include ../../../scripts/package-system.mk
+
+update:
+	rm -rf charts
+	helm repo add clickhouse-operator https://docs.altinity.com/clickhouse-operator/
+	helm repo update clickhouse-operator
+	helm pull clickhouse-operator/altinity-clickhouse-operator --untar --untardir charts

packages/system/clickhouse-operator/charts/altinity-clickhouse-operator/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+appVersion: 0.23.4
+description: 'Helm chart to deploy [altinity-clickhouse-operator](https://github.com/Altinity/clickhouse-operator).  The
+  ClickHouse Operator creates, configures and manages ClickHouse clusters running
+  on Kubernetes.  For upgrade please install CRDs separately: ```bash   kubectl apply
+  -f https://github.com/Altinity/clickhouse-operator/raw/master/deploy/helm/crds/CustomResourceDefinition-clickhouseinstallations.clickhouse.altinity.com.yaml   kubectl
+  apply -f https://github.com/Altinity/clickhouse-operator/raw/master/deploy/helm/crds/CustomResourceDefinition-clickhouseinstallationtemplates.clickhouse.altinity.com.yaml   kubectl
+  apply -f https://github.com/Altinity/clickhouse-operator/raw/master/deploy/helm/crds/CustomResourceDefinition-clickhouseoperatorconfigurations.clickhouse.altinity.com.yaml
+  ```'
+home: https://github.com/Altinity/clickhouse-operator
+icon: https://logosandtypes.com/wp-content/uploads/2020/12/altinity.svg
+maintainers:
+- email: support@altinity.com
+  name: altinity
+name: altinity-clickhouse-operator
+type: application
+version: 0.23.4

packages/system/clickhouse-operator/charts/altinity-clickhouse-operator/README.md

@@ -0,0 +1,65 @@
+# altinity-clickhouse-operator
+
+![Version: 0.23.4](https://img.shields.io/badge/Version-0.23.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.23.4](https://img.shields.io/badge/AppVersion-0.23.4-informational?style=flat-square)
+
+Helm chart to deploy [altinity-clickhouse-operator](https://github.com/Altinity/clickhouse-operator).
+
+The ClickHouse Operator creates, configures and manages ClickHouse clusters running on Kubernetes.
+
+For upgrade please install CRDs separately:
+```bash
+  kubectl apply -f https://github.com/Altinity/clickhouse-operator/raw/master/deploy/helm/crds/CustomResourceDefinition-clickhouseinstallations.clickhouse.altinity.com.yaml
+  kubectl apply -f https://github.com/Altinity/clickhouse-operator/raw/master/deploy/helm/crds/CustomResourceDefinition-clickhouseinstallationtemplates.clickhouse.altinity.com.yaml
+  kubectl apply -f https://github.com/Altinity/clickhouse-operator/raw/master/deploy/helm/crds/CustomResourceDefinition-clickhouseoperatorconfigurations.clickhouse.altinity.com.yaml
+```
+
+**Homepage:** <https://github.com/Altinity/clickhouse-operator>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| altinity | <support@altinity.com> |  |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalResources | list | `[]` | list of additional resources to create (are processed via `tpl` function), useful for create ClickHouse clusters together with clickhouse-operator, look `kubectl explain chi` for details |
+| affinity | object | `{}` | affinity for scheduler pod assignment, look `kubectl explain pod.spec.affinity` for details |
+| configs | object | check the values.yaml file for the config content, auto-generated from latest operator release | clickhouse-operator configs |
+| dashboards.additionalLabels | object | `{"grafana_dashboard":""}` | labels to add to a secret with dashboards |
+| dashboards.annotations | object | `{}` | annotations to add to a secret with dashboards |
+| dashboards.enabled | bool | `false` | provision grafana dashboards as secrets (can be synced by grafana dashboards sidecar https://github.com/grafana/helm-charts/blob/grafana-6.33.1/charts/grafana/values.yaml#L679 ) |
+| dashboards.grafana_folder | string | `"clickhouse"` |  |
+| fullnameOverride | string | `""` | full name of the chart. |
+| imagePullSecrets | list | `[]` | image pull secret for private images in clickhouse-operator pod  possible value format [{"name":"your-secret-name"}]  look `kubectl explain pod.spec.imagePullSecrets` for details |
+| metrics.containerSecurityContext | object | `{}` |  |
+| metrics.enabled | bool | `true` |  |
+| metrics.env | list | `[]` | additional environment variables for the deployment of metrics-exporter containers possible format value [{"name": "SAMPLE", "value": "text"}] |
+| metrics.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| metrics.image.repository | string | `"altinity/metrics-exporter"` | image repository |
+| metrics.image.tag | string | `""` | image tag (chart's appVersion value will be used if not set) |
+| metrics.resources | object | `{}` | custom resource configuration |
+| nameOverride | string | `""` | override name of the chart |
+| nodeSelector | object | `{}` | node for scheduler pod assignment, look `kubectl explain pod.spec.nodeSelector` for details |
+| operator.containerSecurityContext | object | `{}` |  |
+| operator.env | list | `[]` | additional environment variables for the clickhouse-operator container in deployment possible format value [{"name": "SAMPLE", "value": "text"}] |
+| operator.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| operator.image.repository | string | `"altinity/clickhouse-operator"` | image repository |
+| operator.image.tag | string | `""` | image tag (chart's appVersion value will be used if not set) |
+| operator.resources | object | `{}` | custom resource configuration, look `kubectl explain pod.spec.containers.resources` for details |
+| podAnnotations | object | `{"clickhouse-operator-metrics/port":"9999","clickhouse-operator-metrics/scrape":"true","prometheus.io/port":"8888","prometheus.io/scrape":"true"}` | annotations to add to the clickhouse-operator pod, look `kubectl explain pod.spec.annotations` for details |
+| podLabels | object | `{}` | labels to add to the clickhouse-operator pod |
+| podSecurityContext | object | `{}` |  |
+| rbac.create | bool | `true` | specifies whether cluster roles and cluster role bindings should be created |
+| secret.create | bool | `true` | create a secret with operator credentials |
+| secret.password | string | `"clickhouse_operator_password"` | operator credentials password |
+| secret.username | string | `"clickhouse_operator"` | operator credentials username |
+| serviceAccount.annotations | object | `{}` | annotations to add to the service account |
+| serviceAccount.create | bool | `true` | specifies whether a service account should be created |
+| serviceAccount.name | string | `nil` | the name of the service account to use; if not set and create is true, a name is generated using the fullname template |
+| serviceMonitor.additionalLabels | object | `{}` | additional labels for service monitor |
+| serviceMonitor.enabled | bool | `false` | ServiceMonitor Custom resource is created for a (prometheus-operator)[https://github.com/prometheus-operator/prometheus-operator] |
+| tolerations | list | `[]` | tolerations for scheduler pod assignment, look `kubectl explain pod.spec.tolerations` for details |
+

packages/system/clickhouse-operator/charts/altinity-clickhouse-operator/crds/CustomResourceDefinition-clickhousekeeperinstallations.clickhouse-keeper.altinity.com.yaml

@@ -0,0 +1,263 @@
+# Template Parameters:
+#
+# OPERATOR_VERSION=0.23.4
+#
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clickhousekeeperinstallations.clickhouse-keeper.altinity.com
+  labels:
+    clickhouse-keeper.altinity.com/chop: 0.23.4
+spec:
+  group: clickhouse-keeper.altinity.com
+  scope: Namespaced
+  names:
+    kind: ClickHouseKeeperInstallation
+    singular: clickhousekeeperinstallation
+    plural: clickhousekeeperinstallations
+    shortNames:
+      - chk
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+        - name: status
+          type: string
+          description: CHK status
+          jsonPath: .status.status
+        - name: replicas
+          type: integer
+          description: Replica count
+          priority: 1 # show in wide view
+          jsonPath: .status.replicas
+        - name: age
+          type: date
+          description: Age of the resource
+          # Displayed in all priorities
+          jsonPath: .metadata.creationTimestamp
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          required:
+            - spec
+          description: "define a set of Kubernetes resources (StatefulSet, PVC, Service, ConfigMap) which describe behavior one ClickHouse Keeper cluster"
+          properties:
+            apiVersion:
+              type: string
+              description: |
+                APIVersion defines the versioned schema of this representation
+                of an object. Servers should convert recognized schemas to the latest
+                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            kind:
+              type: string
+              description: |
+                Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            metadata:
+              type: object
+            status:
+              type: object
+              description: |
+                Current ClickHouseKeeperInstallation status, contains many fields like overall status, desired replicas and ready replica list with their endpoints
+              properties:
+                chop-version:
+                  type: string
+                  description: "ClickHouse operator version"
+                chop-commit:
+                  type: string
+                  description: "ClickHouse operator git commit SHA"
+                chop-date:
+                  type: string
+                  description: "ClickHouse operator build date"
+                chop-ip:
+                  type: string
+                  description: "IP address of the operator's pod which managed this CHI"
+                status:
+                  type: string
+                  description: "Status"
+                replicas:
+                  type: integer
+                  format: int32
+                  description: Replicas is the number of number of desired replicas in the cluster
+                readyReplicas:
+                  type: array
+                  description: ReadyReplicas is the array of endpoints of those ready replicas in the cluster
+                  items:
+                    type: object
+                    properties:
+                      host:
+                        type: string
+                        description: dns name or ip address for Keeper node
+                      port:
+                        type: integer
+                        minimum: 0
+                        maximum: 65535
+                        description: TCP port which used to connect to Keeper node
+                      secure:
+                        type: string
+                        description: if a secure connection to Keeper is required
+                normalized:
+                  type: object
+                  description: "Normalized CHK requested"
+                  x-kubernetes-preserve-unknown-fields: true
+                normalizedCompleted:
+                  type: object
+                  description: "Normalized CHK completed"
+                  x-kubernetes-preserve-unknown-fields: true
+            spec:
+              type: object
+              description: KeeperSpec defines the desired state of a Keeper cluster
+              properties:
+                namespaceDomainPattern:
+                  type: string
+                  description: |
+                    Custom domain pattern which will be used for DNS names of `Service` or `Pod`.
+                    Typical use scenario - custom cluster domain in Kubernetes cluster
+                    Example: %s.svc.my.test
+                replicas:
+                  type: integer
+                  format: int32
+                  description: |
+                    Replicas is the expected size of the keeper cluster.
+                    The valid range of size is from 1 to 7.
+                  minimum: 1
+                  maximum: 7
+                configuration:
+                  type: object
+                  description: "allows configure multiple aspects and behavior for `clickhouse-server` instance and also allows describe multiple `clickhouse-server` clusters inside one `chi` resource"
+                  # nullable: true
+                  properties:
+                    settings:
+                      type: object
+                      description: "allows configure multiple aspects and behavior for `clickhouse-keeper` instance"
+                      x-kubernetes-preserve-unknown-fields: true
+                    clusters:
+                      type: array
+                      description: |
+                        describes ClickHouseKeeper clusters layout and allows change settings on cluster-level and replica-level
+                      # nullable: true
+                      items:
+                        type: object
+                        #required:
+                        #  - name
+                        properties:
+                          name:
+                            type: string
+                            description: "cluster name, used to identify set of ClickHouseKeeper servers and wide used during generate names of related Kubernetes resources"
+                            minLength: 1
+                            # See namePartClusterMaxLen const
+                            maxLength: 15
+                            pattern: "^[a-zA-Z0-9-]{0,15}$"
+                          layout:
+                            type: object
+                            description: |
+                              describe current cluster layout, how many replicas
+                            # nullable: true
+                            properties:
+                              replicasCount:
+                                type: integer
+                                description: "how many replicas in ClickHouseKeeper cluster"
+                templates:
+                  type: object
+                  description: "allows define templates which will use for render Kubernetes resources like StatefulSet, ConfigMap, Service, PVC, by default, clickhouse-operator have own templates, but you can override it"
+                  # nullable: true
+                  properties:
+                    podTemplates:
+                      type: array
+                      description: |
+                        podTemplate will use during render `Pod` inside `StatefulSet.spec` and allows define rendered `Pod.spec`, pod scheduling distribution and pod zone
+                        More information: https://github.com/Altinity/clickhouse-operator/blob/master/docs/custom_resource_explained.md#spectemplatespodtemplates
+                      # nullable: true
+                      items:
+                        type: object
+                        #required:
+                        #  - name
+                        properties:
+                          name:
+                            type: string
+                            description: "template name, could use to link inside top-level `chi.spec.defaults.templates.podTemplate`, cluster-level `chi.spec.configuration.clusters.templates.podTemplate`, shard-level `chi.spec.configuration.clusters.layout.shards.temlates.podTemplate`, replica-level `chi.spec.configuration.clusters.layout.replicas.templates.podTemplate`"
+                          metadata:
+                            type: object
+                            description: |
+                              allows pass standard object's metadata from template to Pod
+                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                            # nullable: true
+                            x-kubernetes-preserve-unknown-fields: true
+                          spec:
+                            # TODO specify PodSpec
+                            type: object
+                            description: "allows define whole Pod.spec inside StaefulSet.spec, look to https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates for details"
+                            # nullable: true
+                            x-kubernetes-preserve-unknown-fields: true
+                    volumeClaimTemplates:
+                      type: array
+                      description: "allows define template for rendering `PVC` kubernetes resource, which would use inside `Pod` for mount clickhouse `data`, clickhouse `logs` or something else"
+                      # nullable: true
+                      items:
+                        type: object
+                        #required:
+                        #  - name
+                        #  - spec
+                        properties:
+                          name:
+                            type: string
+                            description: |
+                              template name, could use to link inside
+                              top-level `chi.spec.defaults.templates.dataVolumeClaimTemplate` or `chi.spec.defaults.templates.logVolumeClaimTemplate`,
+                              cluster-level `chi.spec.configuration.clusters.templates.dataVolumeClaimTemplate` or `chi.spec.configuration.clusters.templates.logVolumeClaimTemplate`,
+                              shard-level `chi.spec.configuration.clusters.layout.shards.temlates.dataVolumeClaimTemplate` or `chi.spec.configuration.clusters.layout.shards.temlates.logVolumeClaimTemplate`
+                              replica-level `chi.spec.configuration.clusters.layout.replicas.templates.dataVolumeClaimTemplate` or `chi.spec.configuration.clusters.layout.replicas.templates.logVolumeClaimTemplate`
+                          metadata:
+                            type: object
+                            description: |
+                              allows to pass standard object's metadata from template to PVC
+                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                            # nullable: true
+                            x-kubernetes-preserve-unknown-fields: true
+                          spec:
+                            type: object
+                            description: |
+                              allows define all aspects of `PVC` resource
+                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims
+                            # nullable: true
+                            x-kubernetes-preserve-unknown-fields: true
+                    serviceTemplates:
+                      type: array
+                      description: |
+                        allows define template for rendering `Service` which would get endpoint from Pods which scoped chi-wide, cluster-wide, shard-wide, replica-wide level
+                      # nullable: true
+                      items:
+                        type: object
+                        #required:
+                        #  - name
+                        #  - spec
+                        properties:
+                          name:
+                            type: string
+                            description: |
+                              template name, could use to link inside
+                              chi-level `chi.spec.defaults.templates.serviceTemplate`
+                              cluster-level `chi.spec.configuration.clusters.templates.clusterServiceTemplate`
+                              shard-level `chi.spec.configuration.clusters.layout.shards.temlates.shardServiceTemplate`
+                              replica-level `chi.spec.configuration.clusters.layout.replicas.templates.replicaServiceTemplate` or `chi.spec.configuration.clusters.layout.shards.replicas.replicaServiceTemplate`
+                          metadata:
+                            # TODO specify ObjectMeta
+                            type: object
+                            description: |
+                              allows pass standard object's metadata from template to Service
+                              Could be use for define specificly for Cloud Provider metadata which impact to behavior of service
+                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                            # nullable: true
+                            x-kubernetes-preserve-unknown-fields: true
+                          spec:
+                            # TODO specify ServiceSpec
+                            type: object
+                            description: |
+                              describe behavior of generated Service
+                              More info: https://kubernetes.io/docs/concepts/services-networking/service/
+                            # nullable: true
+                            x-kubernetes-preserve-unknown-fields: true

packages/system/clickhouse-operator/charts/altinity-clickhouse-operator/crds/CustomResourceDefinition-clickhouseoperatorconfigurations.clickhouse.altinity.com.yaml

@@ -0,0 +1,415 @@
+# Template Parameters:
+#
+# NONE
+#
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clickhouseoperatorconfigurations.clickhouse.altinity.com
+  labels:
+    clickhouse.altinity.com/chop: 0.23.4
+spec:
+  group: clickhouse.altinity.com
+  scope: Namespaced
+  names:
+    kind: ClickHouseOperatorConfiguration
+    singular: clickhouseoperatorconfiguration
+    plural: clickhouseoperatorconfigurations
+    shortNames:
+      - chopconf
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+        - name: namespaces
+          type: string
+          description: Watch namespaces
+          jsonPath: .status
+        - name: age
+          type: date
+          description: Age of the resource
+          # Displayed in all priorities
+          jsonPath: .metadata.creationTimestamp
+      schema:
+        openAPIV3Schema:
+          type: object
+          description: "allows customize `clickhouse-operator` settings, need restart clickhouse-operator pod after adding, more details https://github.com/Altinity/clickhouse-operator/blob/master/docs/operator_configuration.md"
+          x-kubernetes-preserve-unknown-fields: true
+          properties:
+            status:
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+            spec:
+              type: object
+              description: |
+                Allows to define settings of the clickhouse-operator.
+                More info: https://github.com/Altinity/clickhouse-operator/blob/master/config/config.yaml
+                Check into etc-clickhouse-operator* ConfigMaps if you need more control
+              x-kubernetes-preserve-unknown-fields: true
+              properties:
+                watch:
+                  type: object
+                  description: "Parameters for watch kubernetes resources which used by clickhouse-operator deployment"
+                  properties:
+                    namespaces:
+                      type: array
+                      description: "List of namespaces where clickhouse-operator watches for events."
+                      items:
+                        type: string
+                clickhouse:
+                  type: object
+                  description: "Clickhouse related parameters used by clickhouse-operator"
+                  properties:
+                    configuration:
+                      type: object
+                      properties:
+                        file:
+                          type: object
+                          properties:
+                            path:
+                              type: object
+                              description: |
+                                Each 'path' can be either absolute or relative.
+                                In case path is absolute - it is used as is.
+                                In case path is relative - it is relative to the folder where configuration file you are reading right now is located.
+                              properties:
+                                common:
+                                  type: string
+                                  description: |
+                                    Path to the folder where ClickHouse configuration files common for all instances within a CHI are located.
+                                    Default value - config.d
+                                host:
+                                  type: string
+                                  description: |
+                                    Path to the folder where ClickHouse configuration files unique for each instance (host) within a CHI are located.
+                                    Default value - conf.d
+                                user:
+                                  type: string
+                                  description: |
+                                    Path to the folder where ClickHouse configuration files with users settings are located.
+                                    Files are common for all instances within a CHI.
+                                    Default value - users.d
+                        user:
+                          type: object
+                          description: "Default parameters for any user which will create"
+                          properties:
+                            default:
+                              type: object
+                              properties:
+                                profile:
+                                  type: string
+                                  description: "ClickHouse server configuration `<profile>...</profile>` for any <user>"
+                                quota:
+                                  type: string
+                                  description: "ClickHouse server configuration `<quota>...</quota>` for any <user>"
+                                networksIP:
+                                  type: array
+                                  description: "ClickHouse server configuration `<networks><ip>...</ip></networks>` for any <user>"
+                                  items:
+                                    type: string
+                                password:
+                                  type: string
+                                  description: "ClickHouse server configuration `<password>...</password>` for any <user>"
+                        network:
+                          type: object
+                          description: "Default network parameters for any user which will create"
+                          properties:
+                            hostRegexpTemplate:
+                              type: string
+                              description: "ClickHouse server configuration `<host_regexp>...</host_regexp>` for any <user>"
+                    configurationRestartPolicy:
+                      type: object
+                      description: "Configuration restart policy describes what configuration changes require ClickHouse restart"
+                      properties:
+                        rules:
+                          type: array
+                          description: "Array of set of rules per specified ClickHouse versions"
+                          items:
+                            type: object
+                            properties:
+                              version:
+                                type: string
+                                description: "ClickHouse version expression"
+                              rules:
+                                type: array
+                                description: "Set of configuration rules for specified ClickHouse version"
+                                items:
+                                  type: object
+                                  description: "setting: value pairs for configuration restart policy"
+                    access:
+                      type: object
+                      description: "parameters which use for connect to clickhouse from clickhouse-operator deployment"
+                      properties:
+                        scheme:
+                          type: string
+                          description: "The scheme to user for connecting to ClickHouse. Possible values: http, https, auto"
+                        username:
+                          type: string
+                          description: "ClickHouse username to be used by operator to connect to ClickHouse instances, deprecated, use chCredentialsSecretName"
+                        password:
+                          type: string
+                          description: "ClickHouse password to be used by operator to connect to ClickHouse instances, deprecated, use chCredentialsSecretName"
+                        rootCA:
+                          type: string
+                          description: "Root certificate authority that clients use when verifying server certificates. Used for https connection to ClickHouse"
+                        secret:
+                          type: object
+                          properties:
+                            namespace:
+                              type: string
+                              description: "Location of k8s Secret with username and password to be used by operator to connect to ClickHouse instances"
+                            name:
+                              type: string
+                              description: "Name of k8s Secret with username and password to be used by operator to connect to ClickHouse instances"
+                        port:
+                          type: integer
+                          minimum: 1
+                          maximum: 65535
+                          description: "Port to be used by operator to connect to ClickHouse instances"
+                        timeouts:
+                          type: object
+                          description: "Timeouts used to limit connection and queries from the operator to ClickHouse instances, In seconds"
+                          properties:
+                            connect:
+                              type: integer
+                              minimum: 1
+                              maximum: 10
+                              description: "Timout to setup connection from the operator to ClickHouse instances. In seconds."
+                            query:
+                              type: integer
+                              minimum: 1
+                              maximum: 600
+                              description: "Timout to perform SQL query from the operator to ClickHouse instances. In seconds."
+                    metrics:
+                      type: object
+                      description: "parameters which use for connect to fetch metrics from clickhouse by clickhouse-operator"
+                      properties:
+                        timeouts:
+                          type: object
+                          description: |
+                            Timeouts used to limit connection and queries from the metrics exporter to ClickHouse instances
+                            Specified in seconds.
+                          properties:
+                            collect:
+                              type: integer
+                              minimum: 1
+                              maximum: 600
+                              description: |
+                                Timeout used to limit metrics collection request. In seconds.
+                                Upon reaching this timeout metrics collection is aborted and no more metrics are collected in this cycle.
+                                All collected metrics are returned.
+                template:
+                  type: object
+                  description: "Parameters which are used if you want to generate ClickHouseInstallationTemplate custom resources from files which are stored inside clickhouse-operator deployment"
+                  properties:
+                    chi:
+                      type: object
+                      properties:
+                        policy:
+                          type: string
+                          description: |
+                            CHI template updates handling policy
+                            Possible policy values:
+                              - ReadOnStart. Accept CHIT updates on the operators start only.
+                              - ApplyOnNextReconcile. Accept CHIT updates at all time. Apply news CHITs on next regular reconcile of the CHI
+                          enum:
+                            - ""
+                            - "ReadOnStart"
+                            - "ApplyOnNextReconcile"
+                        path:
+                          type: string
+                          description: "Path to folder where ClickHouseInstallationTemplate .yaml manifests are located."
+                reconcile:
+                  type: object
+                  description: "allow tuning reconciling process"
+                  properties:
+                    runtime:
+                      type: object
+                      description: "runtime parameters for clickhouse-operator process which are used during reconcile cycle"
+                      properties:
+                        reconcileCHIsThreadsNumber:
+                          type: integer
+                          minimum: 1
+                          maximum: 65535
+                          description: "How many goroutines will be used to reconcile CHIs in parallel, 10 by default"
+                        reconcileShardsThreadsNumber:
+                          type: integer
+                          minimum: 1
+                          maximum: 65535
+                          description: "How many goroutines will be used to reconcile shards of a cluster in parallel, 1 by default"
+                        reconcileShardsMaxConcurrencyPercent:
+                          type: integer
+                          minimum: 0
+                          maximum: 100
+                          description: "The maximum percentage of cluster shards that may be reconciled in parallel, 50 percent by default."
+                    statefulSet:
+                      type: object
+                      description: "Allow change default behavior for reconciling StatefulSet which generated by clickhouse-operator"
+                      properties:
+                        create:
+                          type: object
+                          description: "Behavior during create StatefulSet"
+                          properties:
+                            onFailure:
+                              type: string
+                              description: |
+                                What to do in case created StatefulSet is not in Ready after `statefulSetUpdateTimeout` seconds
+                                Possible options:
+                                1. abort - do nothing, just break the process and wait for admin.
+                                2. delete - delete newly created problematic StatefulSet.
+                                3. ignore (default) - ignore error, pretend nothing happened and move on to the next StatefulSet.
+                        update:
+                          type: object
+                          description: "Behavior during update StatefulSet"
+                          properties:
+                            timeout:
+                              type: integer
+                              description: "How many seconds to wait for created/updated StatefulSet to be Ready"
+                            pollInterval:
+                              type: integer
+                              description: "How many seconds to wait between checks for created/updated StatefulSet status"
+                            onFailure:
+                              type: string
+                              description: |
+                                What to do in case updated StatefulSet is not in Ready after `statefulSetUpdateTimeout` seconds
+                                Possible options:
+                                1. abort - do nothing, just break the process and wait for admin.
+                                2. rollback (default) - delete Pod and rollback StatefulSet to previous Generation. Pod would be recreated by StatefulSet based on rollback-ed configuration.
+                                3. ignore - ignore error, pretend nothing happened and move on to the next StatefulSet.
+                    host:
+                      type: object
+                      description: |
+                        Whether the operator during reconcile procedure should wait for a ClickHouse host:
+                          - to be excluded from a ClickHouse cluster
+                          - to complete all running queries
+                          - to be included into a ClickHouse cluster
+                        respectfully before moving forward
+                      properties:
+                        wait:
+                          type: object
+                          properties:
+                            exclude: &TypeStringBool
+                              type: string
+                              description: "Whether the operator during reconcile procedure should wait for a ClickHouse host to be excluded from a ClickHouse cluster"
+                              enum:
+                                # List StringBoolXXX constants from model
+                                - ""
+                                - "0"
+                                - "1"
+                                - "False"
+                                - "false"
+                                - "True"
+                                - "true"
+                                - "No"
+                                - "no"
+                                - "Yes"
+                                - "yes"
+                                - "Off"
+                                - "off"
+                                - "On"
+                                - "on"
+                                - "Disable"
+                                - "disable"
+                                - "Enable"
+                                - "enable"
+                                - "Disabled"
+                                - "disabled"
+                                - "Enabled"
+                                - "enabled"
+                            queries:
+                              !!merge <<: *TypeStringBool
+                              description: "Whether the operator during reconcile procedure should wait for a ClickHouse host to complete all running queries"
+                            include:
+                              !!merge <<: *TypeStringBool
+                              description: "Whether the operator during reconcile procedure should wait for a ClickHouse host to be included into a ClickHouse cluster"
+                annotation:
+                  type: object
+                  description: "defines which metadata.annotations items will include or exclude during render StatefulSet, Pod, PVC resources"
+                  properties:
+                    include:
+                      type: array
+                      description: |
+                        When propagating labels from the chi's `metadata.annotations` section to child objects' `metadata.annotations`,
+                        include annotations with names from the following list
+                      items:
+                        type: string
+                    exclude:
+                      type: array
+                      description: |
+                        When propagating labels from the chi's `metadata.annotations` section to child objects' `metadata.annotations`,
+                        exclude annotations with names from the following list
+                      items:
+                        type: string
+                label:
+                  type: object
+                  description: "defines which metadata.labels will include or exclude during render StatefulSet, Pod, PVC resources"
+                  properties:
+                    include:
+                      type: array
+                      description: |
+                        When propagating labels from the chi's `metadata.labels` section to child objects' `metadata.labels`,
+                        include labels from the following list
+                      items:
+                        type: string
+                    exclude:
+                      type: array
+                      items:
+                        type: string
+                      description: |
+                        When propagating labels from the chi's `metadata.labels` section to child objects' `metadata.labels`,
+                        exclude labels from the following list
+                    appendScope:
+                      !!merge <<: *TypeStringBool
+                      description: |
+                        Whether to append *Scope* labels to StatefulSet and Pod
+                        - "LabelShardScopeIndex"
+                        - "LabelReplicaScopeIndex"
+                        - "LabelCHIScopeIndex"
+                        - "LabelCHIScopeCycleSize"
+                        - "LabelCHIScopeCycleIndex"
+                        - "LabelCHIScopeCycleOffset"
+                        - "LabelClusterScopeIndex"
+                        - "LabelClusterScopeCycleSize"
+                        - "LabelClusterScopeCycleIndex"
+                        - "LabelClusterScopeCycleOffset"
+                statefulSet:
+                  type: object
+                  description: "define StatefulSet-specific parameters"
+                  properties:
+                    revisionHistoryLimit:
+                      type: integer
+                      description: "revisionHistoryLimit is the maximum number of revisions that will be\nmaintained in the StatefulSet's revision history.                         \nLook details in `statefulset.spec.revisionHistoryLimit`\n"
+                pod:
+                  type: object
+                  description: "define pod specific parameters"
+                  properties:
+                    terminationGracePeriod:
+                      type: integer
+                      description: "Optional duration in seconds the pod needs to terminate gracefully. \nLook details in `pod.spec.terminationGracePeriodSeconds`\n"
+                logger:
+                  type: object
+                  description: "allow setup clickhouse-operator logger behavior"
+                  properties:
+                    logtostderr:
+                      type: string
+                      description: "boolean, allows logs to stderr"
+                    alsologtostderr:
+                      type: string
+                      description: "boolean allows logs to stderr and files both"
+                    v:
+                      type: string
+                      description: "verbosity level of clickhouse-operator log, default - 1 max - 9"
+                    stderrthreshold:
+                      type: string
+                    vmodule:
+                      type: string
+                      description: |
+                        Comma-separated list of filename=N, where filename (can be a pattern) must have no .go ext, and N is a V level.
+                        Ex.: file*=2 sets the 'V' to 2 in all files with names like file*.
+                    log_backtrace_at:
+                      type: string
+                      description: |
+                        It can be set to a file and line number with a logging line.
+                        Ex.: file.go:123
+                        Each time when this line is being executed, a stack trace will be written to the Info log.