Prepare release v0.21.0

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

hack/e2e.sh

@@ -114,7 +114,7 @@ machine:
     - name: zfs
     - name: spl
   install:
-    image: ghcr.io/aenix-io/cozystack/talos:v1.8.3
+    image: ghcr.io/aenix-io/cozystack/talos:v1.8.4
   files:
   - content: |
       [plugins]

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.2"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.21.0"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.2"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.21.0"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:406d2c5a30fa8b6fe10eab3cba45c06fea3876e81fd123ead6dc3c19347762d0
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d2271b345240c6c5b37599996745646012004b0f57e31c4c9deb1aba7408a51

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:27112d470a31725b75b29b29919af06b4ce1339e3b502b08889a92ab7099adde
+ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:3e8ae1bd576858a88c995aefb1431a1b89f55b7a1ef60575fecae4bbf5aa0d4e

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:b63293bc295e8c04574900bb711ebfe51db6774beb6bc3a58791562ec11b406b
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:0ea139c71e08db5adb275d81a7efa9a0d8b8db61a1fc1a67167a33a347c07fd8

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:c0561a342e6b55d066f3363182f442e8fa30a0b6b448d89d15a1a855c999b98e
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:f595d50689405a504249c2af4b84562e8a0d16bdf9287d4eedf7c87959c4fba1

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:4b84a077e7f1b75bdf8b272c8f147e4ef3b67b9bea83383a399e9149868384ac
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:644379ba92c72dbbf07257d70f88ef3e5c1f1fb88f161c03758c13588d33ac2d

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:91ec9c31472f8e94ae5f6f5a2568058eb28b3f57ab7e203d8d4a0993911fffc3
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:a64fefbd94535be2f8ac92943f0cad076a7b4c61c289a6ac0086a40859ed9d0e

packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml

@@ -48,7 +48,6 @@ spec:
         tenant: {{ .Release.Namespace }}
       remoteWrite:
         url: http://vminsert-shortterm.{{ $targetTenant }}.svc:8480/insert/0/prometheus
-
     fluent-bit:
       readinessProbe:
         httpGet:

packages/apps/mysql/images/mariadb-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:f6435ce02b1bf4d7b2422676e84bc2299725ed2cfb93922e40f40a695d54b9d3
+ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:948d41556939d90bdc37b4406b18935d46490dcb3f38a27aa117a4c3973e5604

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:406d2c5a30fa8b6fe10eab3cba45c06fea3876e81fd123ead6dc3c19347762d0
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d2271b345240c6c5b37599996745646012004b0f57e31c4c9deb1aba7408a51

packages/apps/redis/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/redis/README.md

@@ -19,5 +19,6 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche
 | `size`         | Persistent Volume size                          | `1Gi`   |
 | `replicas`     | Number of Redis replicas                        | `2`     |
 | `storageClass` | StorageClass used to store the data             | `""`    |
+| `authEnabled`  | Enable password generation                      | `true`  |
 
 

packages/apps/redis/templates/dashboard-resourcemap.yaml

@@ -13,3 +13,10 @@ rules:
   - rfrs-{{ .Release.Name }}
   - "{{ .Release.Name }}-external-lb"
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - "{{ .Release.Name }}-auth"
+  verbs: ["get", "list", "watch"]

packages/apps/redis/templates/redisfailover.yaml

@@ -1,3 +1,20 @@
+{{- if .Values.authEnabled }}
+  {{- $existingPassword := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" .Release.Name) }}
+  {{- $password := randAlphaNum 32 | b64enc }}
+  {{- if $existingPassword }}
+    {{- $password = index $existingPassword.data "password" }}
+  {{- end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-auth
+data:
+  password: {{ $password }}
+{{- end }}
+
+---
+
 apiVersion: databases.spotahome.com/v1
 kind: RedisFailover
 metadata:
@@ -52,3 +69,7 @@ spec:
       - appendonly no
       - save ""
       {{- end }}
+  {{- if .Values.authEnabled }}
+  auth:
+    secretPath: {{ .Release.Name }}-auth
+  {{- end }}

packages/apps/redis/values.schema.json

@@ -21,6 +21,11 @@
             "type": "string",
             "description": "StorageClass used to store the data",
             "default": ""
+        },
+        "authEnabled": {
+            "type": "boolean",
+            "description": "Enable password generation",
+            "default": true
         }
     }
 }

packages/apps/redis/values.yaml

@@ -4,8 +4,10 @@
 ## @param size Persistent Volume size
 ## @param replicas Number of Redis replicas
 ## @param storageClass StorageClass used to store the data
+## @param authEnabled Enable password generation
 ##
 external: false
 size: 1Gi
 replicas: 2
 storageClass: ""
+authEnabled: true

packages/apps/tenant/Chart.yaml

@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg
 
 type: application
-version: 1.6.2
+version: 1.6.4

packages/apps/tenant/templates/tenant.yaml

@@ -14,6 +14,8 @@ metadata:
     kubernetes.io/service-account.name: {{ include "tenant.name" . }}
 type: kubernetes.io/service-account-token
 ---
+# == default role ==
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -29,9 +31,7 @@ rules:
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["roles"]
   verbs: ["get"]
-- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources: ["helmreleases"]
-  verbs: ["*"]
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -62,18 +62,7 @@ roleRef:
   name: {{ include "tenant.name" . }}
   apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}
-  namespace: cozy-public
-rules:
-- apiGroups: ["source.toolkit.fluxcd.io"]
-  resources: ["helmrepositories"]
-  verbs: ["get", "list"]
-- apiGroups: ["source.toolkit.fluxcd.io"]
-  resources: ["helmcharts"]
-  verbs: ["*"]
+# == view role ==
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -95,14 +84,6 @@ rules:
       - get
       - list
       - watch
-  - apiGroups:
-      - helm.toolkit.fluxcd.io
-    resources:
-      - helmreleases
-    verbs:
-      - get
-      - list
-      - watch
   - apiGroups:
       - ""
     resources:
@@ -119,22 +100,38 @@ rules:
       - get
       - list
       - watch
-
 ---
-
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "tenant.name" . }}-view
   namespace: {{ include "tenant.name" . }}
 subjects:
-  - kind: Group
-    name: {{ include "tenant.name" . }}-view
-    apiGroup: rbac.authorization.k8s.io
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-view
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-view
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-view
   apiGroup: rbac.authorization.k8s.io
+
+---
+# == use role ==
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -154,13 +151,6 @@ rules:
     - get
     - list
     - watch
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources:
-    - helmreleases
-    verbs:
-    - get
-    - list
-    - watch
   - apiGroups: [""]
     resources:
     - "*"
@@ -189,14 +179,31 @@ metadata:
   name: {{ include "tenant.name" . }}-use
   namespace: {{ include "tenant.name" . }}
 subjects:
-  - kind: Group
-    name: {{ include "tenant.name" . }}-use
-    apiGroup: rbac.authorization.k8s.io
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-use
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-use
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-use
   apiGroup: rbac.authorization.k8s.io
 ---
+# == admin role ==
+---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -216,13 +223,6 @@ rules:
     - list
     - watch
     - delete
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources:
-    - helmreleases
-    verbs:
-    - get
-    - list
-    - watch
   - apiGroups: ["kubevirt.io"]
     resources:
     - virtualmachines
@@ -263,64 +263,6 @@ rules:
     - update
     - patch
     - delete
-
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}-admin
-  namespace: cozy-public
-rules:
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs:
-    - get
-    - list
-  - apiGroups:
-    - source.toolkit.fluxcd.io
-    resources:
-    - helmcharts
-    verbs:
-    - get
-    - list
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources:
-    - helmcharts
-    verbs: ["*"]
-    resourceNames:
-    - bucket
-    - clickhouse
-    - ferretdb
-    - foo
-    - httpcache
-    - kafka
-    - kubernetes
-    - mysql
-    - nats
-    - postgres
-    - rabbitmq
-    - redis
-    - seaweedfs
-    - tcpbalancer
-    - virtualmachine
-    - vmdisk
-    - vminstance
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "tenant.name" . }}-admin
-  namespace: cozy-public
-subjects:
-- kind: Group
-  name: {{ include "tenant.name" . }}-admin
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: Role
-  name: {{ include "tenant.name" . }}-admin
-  apiGroup: rbac.authorization.k8s.io
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -328,14 +270,31 @@ metadata:
   name: {{ include "tenant.name" . }}-admin
   namespace: {{ include "tenant.name" . }}
 subjects:
-  - kind: Group
-    name: {{ include "tenant.name" . }}-admin
-    apiGroup: rbac.authorization.k8s.io
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-admin
   apiGroup: rbac.authorization.k8s.io
 ---
+# == super admin role ==
+---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -355,11 +314,6 @@ rules:
     - list
     - watch
     - delete
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources:
-    - helmreleases
-    verbs:
-    - '*'
   - apiGroups: ["kubevirt.io"]
     resources:
     - virtualmachines
@@ -377,38 +331,6 @@ rules:
     - '*'
     verbs:
     - '*'
-
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}-super-admin
-  namespace: cozy-public
-rules:
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs:
-    - get
-    - list
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources:
-    - helmcharts
-    verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "tenant.name" . }}-super-admin
-  namespace: cozy-public
-subjects:
-- kind: Group
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: Role
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -416,6 +338,14 @@ metadata:
   name: {{ include "tenant.name" . }}-super-admin
   namespace: {{ include "tenant.name" . }}
 subjects:
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-super-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 {{- if hasPrefix "tenant-" .Release.Namespace }}
 {{- $parts := splitList "-" .Release.Namespace }}
 {{- range $i, $v := $parts }}
@@ -426,10 +356,48 @@ subjects:
 {{- end }}
 {{- end }}
 {{- end }}
-- kind: Group
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-super-admin
   apiGroup: rbac.authorization.k8s.io
+---
+# == dashboard role ==
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}
+  namespace: cozy-public
+rules:
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmrepositories"]
+  verbs: ["get", "list"]
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmcharts"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tenant.name" . }}
+  namespace: cozy-public
+subjects:
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+- kind: Group
+  name: {{ include "tenant.name" . }}-use
+  apiGroup: rbac.authorization.k8s.io
+- kind: Group
+  name: {{ include "tenant.name" . }}-view
+  apiGroup: rbac.authorization.k8s.io
+- kind: ServiceAccount
+  name: {{ include "tenant.name" . }}
+  namespace: {{ include "tenant.name" . }}
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}
+  apiGroup: rbac.authorization.k8s.io

packages/apps/versions_map

@@ -76,7 +76,8 @@ rabbitmq 0.4.3 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 5ca8823
 redis 0.3.0 c07c4bbd
-redis 0.3.1 HEAD
+redis 0.3.1 b7375f73
+redis 0.4.0 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
@@ -91,7 +92,9 @@ tenant 1.4.0 94c688f7
 tenant 1.5.0 48128743
 tenant 1.6.0 df448b99
 tenant 1.6.1 edbbb9be
-tenant 1.6.2 HEAD
+tenant 1.6.2 ccedc5fe
+tenant 1.6.3 2057bb96
+tenant 1.6.4 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
 virtual-machine 0.2.0 5ca8823
@@ -99,7 +102,8 @@ virtual-machine 0.3.0 b908400
 virtual-machine 0.4.0 4746d51
 virtual-machine 0.5.0 HEAD
 vm-disk 0.1.0 HEAD
-vm-instance 0.1.0 HEAD
+vm-instance 0.1.0 ced8e5b9
+vm-instance 0.2.0 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
 vpn 0.3.0 a2bcf100

packages/apps/vm-instance/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: "0.2.0"

packages/apps/vm-instance/templates/vm.yaml

@@ -85,7 +85,7 @@ spec:
       {{- range .Values.disks }}
       - name: disk-{{ .name }}
         dataVolume:
-          name: {{ .name }}
+          name: vm-disk-{{ .name }}
       {{- end }}
       {{- if or .Values.sshKeys .Values.cloudInit }}
       - name: cloudinitdisk

packages/apps/vm-instance/values.yaml

@@ -18,8 +18,8 @@ instanceProfile: ubuntu
 ## @param disks [array] List of disks to attach
 ## Example:
 ## disks:
-## - name: vm-disk-example-system
-## - name: vm-disk-example-data
+## - name: example-system
+## - name: example-data
 disks: []
 
 ## @param resources.cpu The number of CPU cores allocated to the virtual machine

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: initramfs
   imageOptions: {}

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: installer
   imageOptions: {}

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: iso
   imageOptions: {}

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: kernel
   imageOptions: {}

packages/core/installer/images/talos/profiles/metal.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.20.2@sha256:061668fa81344302f1097482418fe7925d77ca74ccc856dcb739119590523136
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.21.0@sha256:90487dafccb12705b5e9760595b43c0352f3a94551c55c5fa7778bf9173d1737

packages/core/platform/bundles/paas-full.yaml

@@ -210,35 +210,32 @@ releases:
   chart: cozy-dashboard
   namespace: cozy-dashboard
   dependsOn: [cilium,kubeovn,keycloak-configure]
-  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-  {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
   values:
-      redis:
-        master:
-          podAnnotations:
-            {{- range $index, $repo := . }}
-            {{- with (($repo.status).artifact).revision }}
-            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
-            {{- end }}
-            {{- end }}
-  {{- end }}
-  {{- end }}
+    {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+    {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
+    redis:
+      master:
+        podAnnotations:
+          {{- range $index, $repo := . }}
+          {{- with (($repo.status).artifact).revision }}
+          repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
+          {{- end }}
+          {{- end }}
+    {{- end }}
+    {{- end }}
+
+    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
+    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
+    {{- if $dashboardKCValues }}
+    {{- $dashboardKCValues | nindent 4 }}
+    {{- end }}
+
   {{- if eq $oidcEnabled "true" }}
   dependsOn: [keycloak-configure]
-  valuesFrom:
-    - kind: ConfigMap
-      name: kubeapps-auth-config
-      valuesKey: values.yaml
   {{- else }}
   dependsOn: []
   {{- end }}
 
-- name: console
-  releaseName: console
-  chart: cozy-console
-  namespace: cozy-console
-  dependsOn: [cilium,kubeovn]
-
 - name: kamaji
   releaseName: kamaji
   chart: cozy-kamaji

packages/core/platform/bundles/paas-hosted.yaml

@@ -139,9 +139,9 @@ releases:
   releaseName: dashboard
   chart: cozy-dashboard
   namespace: cozy-dashboard
-  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-  {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
   values:
+    {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+    {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
     kubeapps:
       redis:
         master:
@@ -151,24 +151,21 @@ releases:
             repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
             {{- end }}
             {{- end }}
-  {{- end }}
-  {{- end }}
+    {{- end }}
+    {{- end }}
+
+    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
+    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
+    {{- if $dashboardKCValues }}
+    {{- $dashboardKCValues | nindent 4 }}
+    {{- end }}
+
   {{- if eq $oidcEnabled "true" }}
   dependsOn: [keycloak-configure]
-  valuesFrom:
-    - kind: ConfigMap
-      name: kubeapps-auth-config
-      valuesKey: values.yaml
   {{- else }}
   dependsOn: []
   {{- end }}
 
-- name: console
-  releaseName: console
-  chart: cozy-console
-  namespace: cozy-console
-  dependsOn: [cilium,kubeovn]
-
 {{- if $oidcEnabled }}
 - name: keycloak
   releaseName: keycloak

packages/core/testing/images/e2e-sandbox/Dockerfile

@@ -1,8 +1,8 @@
 FROM ubuntu:22.04
 
-ARG KUBECTL_VERSION=1.31.0
-ARG TALOSCTL_VERSION=1.7.6
-ARG HELM_VERSION=3.15.4
+ARG KUBECTL_VERSION=1.32.0
+ARG TALOSCTL_VERSION=1.8.4
+ARG HELM_VERSION=3.16.4
 
 RUN apt-get update
 RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.20.2@sha256:1a26a511b9e269bcb607e2d80f878d7c2d993b7a2a7a3a2a1042470c8c56b061
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.21.0@sha256:38229517c86e179984a6d39f5510b859d13d965e35b216bc01ce456f9ab5f8b5

packages/extra/monitoring/Chart.yaml

@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.5.2
+version: 1.5.3

packages/extra/monitoring/README.md

@@ -4,12 +4,13 @@
 
 ### Common parameters
 
-| Name                            | Description                                                                                               | Value                                            |
-| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
-| `host`                          | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""`                                             |
-| `metricsStorages`               | Configuration of metrics storage instances                                                                | `[]`                                             |
-| `logsStorages`                  | Configuration of logs storage instances                                                                   | `[]`                                             |
-| `alerta.storage`                | Persistent Volume size for alerta database                                                                | `10Gi`                                           |
-| `alerta.storageClassName`       | StorageClass used to store the data                                                                       | `""`                                             |
-| `alerta.alerts.telegram.token`  | telegram token for your bot                                                                               | `7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34` |
-| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot                       | `-4520856007`                                    |
+| Name                            | Description                                                                                               | Value  |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------ |
+| `host`                          | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""`   |
+| `metricsStorages`               | Configuration of metrics storage instances                                                                | `[]`   |
+| `logsStorages`                  | Configuration of logs storage instances                                                                   | `[]`   |
+| `alerta.storage`                | Persistent Volume size for alerta database                                                                | `10Gi` |
+| `alerta.storageClassName`       | StorageClass used to store the data                                                                       | `""`   |
+| `alerta.alerts.telegram.token`  | telegram token for your bot                                                                               | `""`   |
+| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot                       | `""`   |
+| `grafana.db.size`               | Persistent Volume size for grafana database                                                               | `10Gi` |

packages/extra/monitoring/templates/grafana/db.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   instances: 2
   storage:
-    size: 10Gi
+    size: {{ .Values.grafana.db.size }}
 
   inheritedMetadata:
     labels:

packages/extra/monitoring/templates/grafana/grafana.yaml

@@ -1,5 +1,5 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} 
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
 
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
@@ -30,7 +30,7 @@ spec:
       admin_user: user
       admin_password: ${GF_PASSWORD}
     plugins:
-      allow_loading_unsigned_plugins: "victorialogs-datasource"
+      allow_loading_unsigned_plugins: "victoriametrics-logs-datasource"
   deployment:
     spec:
       replicas: 2
@@ -50,8 +50,8 @@ spec:
                 - |
                   set -ex
                   mkdir -p /var/lib/grafana/plugins/
-                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
-                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victorialogs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
+                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v0\.13\.[0-9]+' | head -1)
+                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victoriametrics-logs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
                   tar -xf /var/lib/grafana/plugins/vl-plugin.tar.gz -C /var/lib/grafana/plugins/
                   rm /var/lib/grafana/plugins/vl-plugin.tar.gz
               volumeMounts:

packages/extra/monitoring/templates/vlogs/grafana-datasource.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   datasource:
     access: proxy
-    type: victorialogs-datasource
+    type: victoriametrics-logs-datasource
     name: vlogs-{{ .name }}
     url: http://vlogs-{{ .name }}.{{ $.Release.Namespace }}.svc:9428
   instanceSelector:

packages/extra/monitoring/templates/vm/vmcluster.yaml

@@ -34,6 +34,12 @@ spec:
               storage: 2Gi
   vmstorage:
     replicaCount: 2
+    resources:
+      limits:
+        memory: 1000Mi
+      requests:
+        cpu: 100m
+        memory: 500Mi
     storage:
       volumeClaimTemplate:
         spec:

packages/extra/monitoring/values.schema.json

@@ -45,18 +45,33 @@
                 "token": {
                   "type": "string",
                   "description": "telegram token for your bot",
-                  "default": "7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34"
+                  "default": ""
                 },
                 "chatID": {
                   "type": "string",
                   "description": "specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot",
-                  "default": "-4520856007"
+                  "default": ""
                 }
               }
             }
           }
         }
       }
+    },
+    "grafana": {
+      "type": "object",
+      "properties": {
+        "db": {
+          "type": "object",
+          "properties": {
+            "size": {
+              "type": "string",
+              "description": "Persistent Volume size for grafana database",
+              "default": "10Gi"
+            }
+          }
+        }
+      }
     }
   }
 }

packages/extra/monitoring/values.yaml

@@ -44,3 +44,9 @@ alerta:
     telegram:
       token: ""
       chatID: ""
+
+## Configuration for Grafana
+## @param grafana.db.size Persistent Volume size for grafana database
+grafana:
+  db:
+    size: 10Gi

packages/extra/versions_map

@@ -16,7 +16,8 @@ monitoring 1.3.0 6c5cf5b
 monitoring 1.4.0 adaf603b
 monitoring 1.5.0 4b90bf5a
 monitoring 1.5.1 57e90b70
-monitoring 1.5.2 HEAD
+monitoring 1.5.2 898374b5
+monitoring 1.5.3 HEAD
 seaweedfs 0.1.0 5ca8823
 seaweedfs 0.2.0 9e33dc0
 seaweedfs 0.2.1 HEAD

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:e0cb068804546e4152ce4cf7a7c315a5a2a669a7236c9fe47371de934cdf99a9
+ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:109b1f36e85353066b387472aaab936d7d5b691ac99547312acd26484e3ebe8e

packages/system/console/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-name: cozy-console
-version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/console/Makefile

@@ -1,5 +0,0 @@
-export NAME=console
-export NAMESPACE=cozy-$(NAME)
-
-include ../../../scripts/common-envs.mk
-include ../../../scripts/package.mk

packages/system/console/charts/openshift-console/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

packages/system/console/charts/openshift-console/Chart.yaml

@@ -1,7 +0,0 @@
-apiVersion: v2
-appVersion: 4.20.0
-description: OpenShift Cluster Console UI
-icon: https://avatars0.githubusercontent.com/u/792337?s=200&v=4
-name: openshift-console
-type: application
-version: 0.3.6

packages/system/console/charts/openshift-console/README.md

@@ -1,75 +0,0 @@
-# OpenShift Console (Bridge)
-
-[Bridge](https://github.com/openshift/console) is the OpenShift console.
-
-## TL;DR
-
-```console
-$ helm repo add av1o https://av1o.gitlab.io/charts
-$ helm install bridge av1o/openshift-console
-```
-
-## Introduction
-
-This chart bootstraps a deployment of the OpenShift Console on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-The OpenShift Console is designed for running on OpenShift, however it works perfectly fine in native Kubernetes. Since the Console is unable to use the default OpenShift OAuth2, this chart is expecting a Dex deployment which is configured to generate OIDC tokens for the Kubernetes API server.
-This behaviour can be configured with the `extraEnv` map.
-
-## Prerequisites
-
-- Kubernetes 1.12+
-- Helm 3
-
-## Installing the Chart
-To install the chart with the release name `my-release`:
-
-```console
-$ helm install my-release av1o/openshift-console
-```
-
-The command deploys the console on the Kubernetes cluster in the default configuration.
-
-> **Tip**: List all releases using `helm list`
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm delete my-release
-```
-
-## Parameters
-
-The following table lists the configurable parameters of the OpenShift Console chart and their default values.
-
-| Parameter                      | Description                                                                                                                                    | Default                       |
-|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------|
-| `replicaCount`                 | Number of pods to run                                                                                                                          | 1                             |
-| `image.registry`               | Docker image registry                                                                                                                          | `quay.io`                     |
-| `image.repository`             | Docker image name                                                                                                                              | `openshift/origin-console`    |
-| `image.pullPolicy`             | Docker image pull policy                                                                                                                       | `IfNotPresent`                |
-| `image.tag`                    | Docker image tag                                                                                                                               | `${CHART_VERSION}`            |
-| `imagePullSecrets`             | Specify Image pull secrets                                                                                                                     | `[]`                          |
-| `podAnnotations`               | Map of annotations to add to the pods                                                                                                          | See `values.yaml`             |
-| `podSecurityContext`           | Map of security context to add to the pod                                                                                                      | See `values.yaml`             |
-| `securityContext`              | Map of security context to add to the container                                                                                                | See `values.yaml`             |
-| `service.type`                 | Service type                                                                                                                                   | `ClusterIP`                   |
-| `extraEnv`                     | Map of environment variables to include in the container                                                                                       | `{}`                          |
-| `console.dex.host`             | HTTP(S) address of the Dex instance                                                                                                            | `https://dex.example.org`     |
-| `console.baseUrl`              | HTTP(S) address of the Console                                                                                                                 | `https://console.example.org` |
-| `console.impersonateOpenShift` | Install CRDs to trick the Console into showing some OpenShift-exclusive actions which work on Kubernetes. Note: requires `cluster-admin`       | `false`                       |
-| `console.oidc.enabled`         | Enable OIDC authentication                                                                                                                     | `true`                        |
-| `console.oidc.issuerUrl`       | Issuer of the OIDC server                                                                                                                      | `https://dex.example.org`     |
-| `console.oidc.clientId`        | OIDC client ID                                                                                                                                 | `kubernetes`                  |
-| `console.oidc.clientSecret`    | OIDC client secret                                                                                                                             | `hunter2`                     |
-| `rbac.enabled`                 | Install RBAC to trick the Console into behaving closer to how OpenShift does. Required `cluster-admin` and `console.impersonateOpenShift=true` | `false`                       |
-| `ingress.className`            | IngressClass resource to use.                                                                                                                  |                               |
-| `sidecars`                     | Arbitrary sidecars to include as-is                                                                                                            | `[]`                          |
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
-
-### Version `0.2.X`
-
-Version `0.2.0` and above require the `networking.k8s.io/v1` API for Ingress which is available in Kubernetes 1.19 and above.

packages/system/console/charts/openshift-console/ci/hostaliases.yaml

@@ -1,4 +0,0 @@
-hostAliases:
-  - ip: "127.0.0.1"
-    hostnames:
-      - "kubernetes.default.svc"

packages/system/console/charts/openshift-console/ci/sidecar.yaml

@@ -1,7 +0,0 @@
-sidecars:
- - name: your-image-name
-   image: your-image
-   imagePullPolicy: Always
-   ports:
-     - name: portname
-       containerPort: 1234

packages/system/console/charts/openshift-console/templates/NOTES.txt

@@ -1,21 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "openshift-console.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "openshift-console.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "openshift-console.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "openshift-console.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
-{{- end }}

packages/system/console/charts/openshift-console/templates/_helpers.tpl

@@ -1,75 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "openshift-console.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "openshift-console.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "openshift-console.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "openshift-console.labels" -}}
-helm.sh/chart: {{ include "openshift-console.chart" . }}
-{{ include "openshift-console.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "openshift-console.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "openshift-console.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "openshift-console.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "openshift-console.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Renders a value that contains template.
-Usage:
-{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
-*/}}
-{{- define "common.tplvalues.render" -}}
-    {{- if typeIs "string" .value }}
-        {{- tpl .value .context }}
-    {{- else }}
-        {{- tpl (.value | toYaml) .context }}
-    {{- end }}
-{{- end -}}

packages/system/console/charts/openshift-console/templates/crd.yaml

@@ -1,21 +0,0 @@
-{{- if .Values.console.impersonateOpenShift }}
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: apps.apps.openshift.io
-spec:
-  group: apps.openshift.io
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        openAPIV3Schema:
-          type: object
-          properties: {}
-  scope: Namespaced
-  names:
-    plural: apps
-    singular: app
-    kind: OpenShift
-{{- end }}

packages/system/console/charts/openshift-console/templates/deployment.yaml

@@ -1,134 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "openshift-console.fullname" . }}
-  labels:
-    {{- with .Values.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- include "openshift-console.labels" . | nindent 4 }}
-  annotations:
-    {{- toYaml .Values.annotations | nindent 4 }}
-spec:
-{{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-{{- end }}
-  selector:
-    matchLabels:
-      {{- include "openshift-console.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-    {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      labels:
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-        {{- include "openshift-console.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
-      serviceAccountName: {{ include "openshift-console.serviceAccountName" . }}
-      {{- if .Values.podSecurityContext.enabled }}
-      securityContext:
-        {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
-      {{- end }}
-      volumes:
-      {{- if .Values.volumes }}
-      {{- range .Values.volumes }}
-        - name: {{ .name }}
-{{ toYaml .config | indent 10 }}
-      {{- end }}
-      {{- end }}
-      {{- with .Values.hostAliases }}
-      hostAliases:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{- with .Values.args }}
-          args:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.command }}
-          command:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- if .Values.securityContext.enabled }}
-          securityContext:
-            {{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: BRIDGE_KUBECTL_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  key: secret
-                  name: {{ include "openshift-console.fullname" . }}
-            - name: BRIDGE_DOCUMENTATION_BASE_URL
-              value: https://kubernetes.io/docs/
-            - name: BRIDGE_DEX_API_HOST
-              value: {{ .Values.console.dex.host }}
-            - name: BRIDGE_BASE_ADDRESS
-              value: {{ .Values.console.baseUrl }}
-            {{- if .Values.console.oidc.enabled }}
-            - name: BRIDGE_USER_AUTH
-              value: oidc
-            - name: BRIDGE_K8S_AUTH
-              value: oidc
-            - name: BRIDGE_USER_AUTH_OIDC_ISSUER_URL
-              value: {{ .Values.console.oidc.issuerUrl }}
-            - name: BRIDGE_USER_AUTH_OIDC_CLIENT_ID
-              value: {{ .Values.console.oidc.clientId }}
-            - name: BRIDGE_USER_AUTH_OIDC_CLIENT_SECRET
-              value: {{ .Values.console.oidc.clientSecret }}
-            {{- end }}
-{{- range $key, $value := .Values.extraEnv }}
-            - name: {{ $key }}
-              value:  {{ $value | quote }}
-{{- end }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          volumeMounts:
-          {{- if .Values.volumes }}
-          {{- range .Values.volumes }}
-            - mountPath: {{ .mountPath }}
-              name: {{ .name }}
-              {{- if .subPath }}
-              subPath: {{ .subPath }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: http
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-{{- if .Values.sidecars }}
-{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $ ) | nindent 8 }}
-{{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

packages/system/console/charts/openshift-console/templates/hpa.yaml

@@ -1,28 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "openshift-console.fullname" . }}
-  labels:
-    {{- include "openshift-console.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "openshift-console.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-  {{- end }}
-  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-  {{- end }}
-{{- end }}

packages/system/console/charts/openshift-console/templates/ingress.yaml

@@ -1,41 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "openshift-console.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "openshift-console.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- omit . "kubernetes.io/ingress.class" | toYaml | nindent 4 }}
-  {{- end }}
-spec:
-  ingressClassName: {{ .Values.ingress.className | default (get .Values.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ . }}
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: {{ $fullName }}
-                port:
-                  number: {{ $svcPort }}
-          {{- end }}
-    {{- end }}
-  {{- end }}

packages/system/console/charts/openshift-console/templates/rbac.yaml

@@ -1,31 +0,0 @@
-{{- if and .Values.console.impersonateOpenShift .Values.rbac.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "openshift-console.fullname" . }}-dashboards
-  namespace: openshift-config-managed
-rules:
-  - verbs:
-      - get
-      - list
-      - watch
-    apiGroups:
-      - ""
-    resources:
-      - configmaps
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "openshift-console.fullname" . }}-dashboards
-  # unfortunately this is hardcoded (https://github.com/openshift/console/blob/master/cmd/bridge/main.go#L576)
-  namespace: openshift-config-managed
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "openshift-console.fullname" . }}-dashboards
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "openshift-console.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}

packages/system/console/charts/openshift-console/templates/secret.yaml

@@ -1,15 +0,0 @@
-{{ if .Values.consolesecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "openshift-console.fullname" . }}
-  labels:
-    {{- with .Values.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    {{- include "openshift-console.labels" . | nindent 4 }}
-  annotations:
-    {{- toYaml .Values.annotations | nindent 4 }}
-data:
-  secret: {{ .Values.consolesecret | b64enc | quote }}
-{{- end }}

packages/system/console/charts/openshift-console/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "openshift-console.fullname" . }}
-  labels:
-    {{- include "openshift-console.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "openshift-console.selectorLabels" . | nindent 4 }}

packages/system/console/charts/openshift-console/templates/serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "openshift-console.serviceAccountName" . }}
-  labels:
-    {{- include "openshift-console.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

packages/system/console/charts/openshift-console/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "openshift-console.fullname" . }}-test-connection"
-  labels:
-    {{- include "openshift-console.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "openshift-console.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

packages/system/console/charts/openshift-console/values.yaml

@@ -1,130 +0,0 @@
-# Default values for openshift-console.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  registry: quay.io
-  repository: openshift/origin-console
-  pullPolicy: Always
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: 4.20.0
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-annotations: {}
-labels: {}
-
-podLabels: {}
-podAnnotations: {}
-
-podSecurityContext:
-  enabled: true
-  runAsUser: 1001
-
-securityContext:
-  enabled: true
-  capabilities:
-    drop:
-      - ALL
-  readOnlyRootFilesystem: true
-  allowPrivilegeEscalation: false
-  runAsNonRoot: true
-  runAsUser: 1001
-
-service:
-  type: ClusterIP
-  port: 9000
-
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths: []
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-extraEnv:
-  BRIDGE_K8S_AUTH_BEARER_TOKEN: 'CENSORED'
-  BRIDGE_GRAFANA_PUBLIC_URL: https://grafana.something.com
-  BRIDGE_KUBECTL_CLIENT_ID: console
-  BRIDGE_K8S_MODE: off-cluster
-  BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER: https://alertmanager.something.com
-  BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS: "true"
-  BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS: https://prometheus.something.com
-  BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT: https://kube-oidc-proxy:443
-
-volumes: []
-# - name: my-volume
-#   mountPath: /foo/bar
-#   config:
-#     emptyDir: {}
-
-console:
-  dex:
-    host: https://dex.something.com
-  baseUrl: https://console.something.com
-  impersonateOpenShift: false
-  oidc:
-    enabled: true
-    issuerUrl: https://dex.something.com
-    clientId: console
-    clientSecret: 'xxxxxx'
-
-rbac:
-  enabled: false
-
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-sidecars: []
-
-serviceAccount:
-  create: false
-  automountServiceAccountToken: true
-  annotations: {}
-  name: ""
-
-hostAliases: []
-#  - ip: "127.0.0.1"
-#    hostnames:
-#      - "kubernetes.default.svc"
-
-
-consolesecret: 'XXXXXXXXX'
-#cookie-encryption-key-file:     "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
-#cookie-authentication-key-file: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
-
-args:
-- --public-dir=/opt/bridge/static
-- -v
-- "7"
-command:
-- /opt/bridge/bin/bridge
-
-resources:
-  limits:
-    cpu: 500m
-    memory: 512Mi
-  requests:
-    cpu: 200m
-    memory: 256Mi

packages/system/console/templates/00_helmchartrepositories.crd.yaml

@@ -1,168 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    api-approved.openshift.io: https://github.com/openshift/api/pull/598
-    api.openshift.io/merged-by-featuregates: "true"
-    include.release.openshift.io/ibm-cloud-managed: "true"
-    include.release.openshift.io/self-managed-high-availability: "true"
-  name: helmchartrepositories.helm.openshift.io
-spec:
-  group: helm.openshift.io
-  names:
-    kind: HelmChartRepository
-    listKind: HelmChartRepositoryList
-    plural: helmchartrepositories
-    singular: helmchartrepository
-  scope: Cluster
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: |-
-          HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository
-
-          Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: spec holds user settable values for configuration
-            properties:
-              connectionConfig:
-                description: Required configuration for connecting to the chart repo
-                properties:
-                  ca:
-                    description: |-
-                      ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-                      It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-                      The key "ca-bundle.crt" is used to locate the data.
-                      If empty, the default system roots are used.
-                      The namespace for this config map is openshift-config.
-                    properties:
-                      name:
-                        description: name is the metadata.name of the referenced config
-                          map
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  tlsClientConfig:
-                    description: |-
-                      tlsClientConfig is an optional reference to a secret by name that contains the
-                      PEM-encoded TLS client certificate and private key to present when connecting to the server.
-                      The key "tls.crt" is used to locate the client certificate.
-                      The key "tls.key" is used to locate the private key.
-                      The namespace for this secret is openshift-config.
-                    properties:
-                      name:
-                        description: name is the metadata.name of the referenced secret
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  url:
-                    description: Chart repository URL
-                    maxLength: 2048
-                    pattern: ^https?:\/\/
-                    type: string
-                type: object
-              description:
-                description: Optional human readable repository description, it can
-                  be used by UI for displaying purposes
-                maxLength: 2048
-                minLength: 1
-                type: string
-              disabled:
-                description: If set to true, disable the repo usage in the cluster/namespace
-                type: boolean
-              name:
-                description: Optional associated human readable repository name, it
-                  can be used by UI for displaying purposes
-                maxLength: 100
-                minLength: 1
-                type: string
-            type: object
-          status:
-            description: Observed status of the repository within the cluster..
-            properties:
-              conditions:
-                description: conditions is a list of conditions and their statuses
-                items:
-                  description: Condition contains details for one aspect of the current
-                    state of this API Resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        message is a human readable message indicating details about the transition.
-                        This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: |-
-                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        Producers of specific condition types may define expected values and meanings for this field,
-                        and whether the values are considered a guaranteed API.
-                        The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}

packages/system/console/templates/00_projecthelmchartrepositories.crd.yaml

@@ -1,182 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    api-approved.openshift.io: https://github.com/openshift/api/pull/1084
-    api.openshift.io/merged-by-featuregates: "true"
-    include.release.openshift.io/ibm-cloud-managed: "true"
-    include.release.openshift.io/self-managed-high-availability: "true"
-  name: projecthelmchartrepositories.helm.openshift.io
-spec:
-  group: helm.openshift.io
-  names:
-    kind: ProjectHelmChartRepository
-    listKind: ProjectHelmChartRepositoryList
-    plural: projecthelmchartrepositories
-    singular: projecthelmchartrepository
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: |-
-          ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository
-
-          Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: spec holds user settable values for configuration
-            properties:
-              connectionConfig:
-                description: Required configuration for connecting to the chart repo
-                properties:
-                  basicAuthConfig:
-                    description: |-
-                      basicAuthConfig is an optional reference to a secret by name that contains
-                      the basic authentication credentials to present when connecting to the server.
-                      The key "username" is used locate the username.
-                      The key "password" is used to locate the password.
-                      The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
-                    properties:
-                      name:
-                        description: name is the metadata.name of the referenced secret
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  ca:
-                    description: |-
-                      ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-                      It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-                      The key "ca-bundle.crt" is used to locate the data.
-                      If empty, the default system roots are used.
-                      The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.
-                    properties:
-                      name:
-                        description: name is the metadata.name of the referenced config
-                          map
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  tlsClientConfig:
-                    description: |-
-                      tlsClientConfig is an optional reference to a secret by name that contains the
-                      PEM-encoded TLS client certificate and private key to present when connecting to the server.
-                      The key "tls.crt" is used to locate the client certificate.
-                      The key "tls.key" is used to locate the private key.
-                      The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.
-                    properties:
-                      name:
-                        description: name is the metadata.name of the referenced secret
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  url:
-                    description: Chart repository URL
-                    maxLength: 2048
-                    pattern: ^https?:\/\/
-                    type: string
-                type: object
-              description:
-                description: Optional human readable repository description, it can
-                  be used by UI for displaying purposes
-                maxLength: 2048
-                minLength: 1
-                type: string
-              disabled:
-                description: If set to true, disable the repo usage in the namespace
-                type: boolean
-              name:
-                description: Optional associated human readable repository name, it
-                  can be used by UI for displaying purposes
-                maxLength: 100
-                minLength: 1
-                type: string
-            type: object
-          status:
-            description: Observed status of the repository within the namespace..
-            properties:
-              conditions:
-                description: conditions is a list of conditions and their statuses
-                items:
-                  description: Condition contains details for one aspect of the current
-                    state of this API Resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        message is a human readable message indicating details about the transition.
-                        This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: |-
-                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        Producers of specific condition types may define expected values and meanings for this field,
-                        and whether the values are considered a guaranteed API.
-                        The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-            type: object
-        required:
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}

packages/system/console/templates/cozystack.yaml

@@ -1,8 +0,0 @@
-apiVersion: helm.openshift.io/v1beta1
-kind: HelmChartRepository
-metadata:
-  name: cozystack
-spec:
-  name: cozystack
-  connectionConfig:
-    url: http://cozystack.cozy-system.svc/repos/apps 

packages/system/console/templates/kubevirt.yaml

@@ -1,88 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kubevirt-plugin
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: kubevirt-plugin
-  template:
-    metadata:
-      labels:
-        app: kubevirt-plugin
-    spec:
-      containers:
-        - name: kubevirt-plugin
-          image: quay.io/kubevirt-ui/kubevirt-plugin:v4.17.0
-          ports:
-            - containerPort: 9443
-              protocol: TCP
-          imagePullPolicy: Always
-          volumeMounts:
-            #- name: plugin-serving-cert
-            #  readOnly: true
-            #  mountPath: /var/serving-cert
-            - name: nginx-conf
-              readOnly: true
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-      volumes:
-        #- name: plugin-serving-cert
-        #  secret:
-        #    secretName: plugin-serving-cert
-        #    defaultMode: 420
-        - name: nginx-conf
-          configMap:
-            name: nginx-conf
-            defaultMode: 420
-      restartPolicy: Always
-      dnsPolicy: ClusterFirst
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 25%
-      maxSurge: 25%
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-conf
-data:
-  nginx.conf: |
-    error_log /dev/stdout info;
-    events {}
-    http {
-      access_log         /dev/stdout;
-      include            /etc/nginx/mime.types;
-      default_type       application/octet-stream;
-      keepalive_timeout  65;
-      server {
-        listen              9443;
-        root                /usr/share/nginx/html;
-      }
-      #server {
-      #  listen              9443 ssl;
-      #  ssl_certificate     /var/serving-cert/tls.crt;
-      #  ssl_certificate_key /var/serving-cert/tls.key;
-      #  root                /usr/share/nginx/html;
-      #}
-    }
----
-apiVersion: v1
-kind: Service
-metadata:
-  #annotations:
-  #  service.alpha.openshift.io/serving-cert-secret-name: plugin-serving-cert
-  name: kubevirt-plugin
-spec:
-  ports:
-    - name: 9443-tcp
-      protocol: TCP
-      port: 9443
-      targetPort: 9443
-  selector:
-    app: kubevirt-plugin
-  type: ClusterIP
-  sessionAffinity: None

packages/system/console/templates/secret.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: openshift-console
-stringData:
-  cookie_auth_key: rpb7aos4rd0m32x9omcrcqacnia0xty2
-  cookie_enc_key: gg1ejofgupoc19wyuywr2yflm75aeiwg

packages/system/console/values.yaml

@@ -1,50 +0,0 @@
-openshift-console:
-  fullnameOverride: console
-  console:
-    baseUrl: https://console.infra.aenix.org
-    oidc:
-      enabled: true
-      issuerUrl: https://keycloak.infra.aenix.org/realms/cozy
-      clientId: console-test
-      clientSecret: Sgq1yrmmEwPKy9YxGmg37b1EgsLu3P9g
-  extraEnv:
-    BRIDGE_K8S_AUTH_BEARER_TOKEN: null
-    BRIDGE_GRAFANA_PUBLIC_URL: https://grafana.infra.aenix.org
-    BRIDGE_KUBECTL_CLIENT_ID: console
-    BRIDGE_K8S_MODE: in-cluster
-    BRIDGE_COOKIE_AUTHENTICATION_KEY_FILE: /etc/openshift-console-secrets/cookie_auth_key
-    BRIDGE_COOKIE_ENCRYPTION_KEY_FILE: /etc/openshift-console-secrets/cookie_enc_key
-    BRIDGE_PLUGINS: kubevirt-plugin=http://kubevirt-plugin.cozy-console.svc:9443/
-    BRIDGE_ALERMANAGER_PUBLIC_URL: http://vmalertmanager-alertmanager.tenant-root.svc:9093
-    BRIDGE_THANOS_PUBLIC_URL: http://vmselect-shortterm.tenant-root.svc:8481/select/0/prometheus
-    BRIDGE_SKIP_VERIFY_TLS: true
-  volumes:
-  - name: cookie-secrets
-    mountPath: /etc/openshift-console-secrets
-    config:
-      secret:
-        secretName: openshift-console
-  - name: tmp
-    mountPath: /tmp
-    config:
-      emptyDir: {}
-  ingress:
-    enabled: true
-    annotations:
-      acme.cert-manager.io/http01-ingress-class: tenant-root
-      cert-manager.io/cluster-issuer: letsencrypt-prod
-    className: 'tenant-root'
-    hosts:
-    - host: console.infra.aenix.org
-      paths: ["/"]
-    tls:
-    - secretName: console-tls
-      hosts:
-        - console.infra.aenix.org
-  resources:
-    limits:
-      cpu: 500m
-      memory: 2048Mi
-    requests:
-      cpu: 200m
-      memory: 512Mi

packages/system/cozystack-api/templates/configmap.yaml

@@ -71,7 +71,7 @@ data:
         labels:
           cozystack.io/ui: "true"
         chart:
-          name: http-cache
+          name: tcp-balancer
           sourceRef:
             kind: HelmRepository
             name: cozystack-apps
@@ -207,7 +207,7 @@ data:
         singular: kafka
         plural: kafkas
       release:
-        prefix: ferretdb-
+        prefix: kafka-
         labels:
           cozystack.io/ui: "true"
         chart:

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.20.2@sha256:fd7bebabd4b8d29c5749bc454feec1ef35bf29ce60b5edebb9a550ca6dcfed49
+  image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.21.0@sha256:1eb7f0387ea01754107a4aabe72c2e1e7d2c55303dc15cfe9caa2c0739c0215e

packages/system/dashboard/Makefile

@@ -25,7 +25,7 @@ update-dockerfiles:
 	version=$$(echo "$$tag" | sed 's/^v//') && \
 	sed -i "s/ARG VERSION=.*/ARG VERSION=$${version}/" images/dashboard/Dockerfile
 
-image-dashboard:
+image-dashboard: update-version
 	docker buildx build images/dashboard \
 		--provenance false \
 		--tag $(REGISTRY)/dashboard:$(call settag,$(TAG)) \
@@ -44,7 +44,7 @@ image-dashboard:
 		yq -i '.kubeapps.dashboard.image.digest = strenv(DIGEST)' values.yaml
 	rm -f images/dashboard.json
 
-image-kubeapps-apis:
+image-kubeapps-apis: update-version
 	docker buildx build images/kubeapps-apis \
 		--provenance false \
 		--tag $(REGISTRY)/kubeapps-apis:$(call settag,$(TAG)) \
@@ -62,3 +62,6 @@ image-kubeapps-apis:
 	DIGEST=$$(yq e '."containerimage.digest"' images/kubeapps-apis.json -o json -r) \
 		yq -i '.kubeapps.kubeappsapis.image.digest = strenv(DIGEST)' values.yaml
 	rm -f images/kubeapps-apis.json
+
+update-version:
+	sed -i "s|\(\"appVersion\":\).*|\1 \"$(TAG)\",|g" ./charts/kubeapps/templates/dashboard/configmap.yaml

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": {{ printf "v%s" .Chart.AppVersion | quote }},
+      "appVersion": "v0.21.0",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/images/dashboard/documentation.diff

@@ -0,0 +1,13 @@
+diff --git a/dashboard/src/components/AppList/AppListGrid.tsx b/dashboard/src/components/AppList/AppListGrid.tsx
+index d3261e459..dee6a50c1 100644
+--- a/dashboard/src/components/AppList/AppListGrid.tsx
++++ b/dashboard/src/components/AppList/AppListGrid.tsx
+@@ -42,7 +42,7 @@ function AppListGrid(props: IAppListProps) {
+           Start browsing your <Link to={url.app.catalog(cluster, namespace)}>favourite apps</Link>{" "}
+           or check the{" "}
+           <a
+-            href={`https://github.com/vmware-tanzu/kubeapps/blob/${appVersion}/site/content/docs/latest/tutorials/getting-started.md`}
++            href={"https://cozystack.io/docs/"}
+             target="_blank"
+             rel="noopener noreferrer"
+           >

packages/system/dashboard/images/dashboard/release-url.diff

@@ -0,0 +1,34 @@
+diff --git a/dashboard/src/shared/url.ts b/dashboard/src/shared/url.ts
+index 7918652b0..64c3435af 100644
+--- a/dashboard/src/shared/url.ts
++++ b/dashboard/src/shared/url.ts
+@@ -36,7 +36,7 @@ export const app = {
+       return `${app.apps.list(
+         pkgCluster,
+         pkgNamespace,
+-      )}/${pkgPluginName}/${pkgPluginVersion}/${pkgId}`;
++      )}/${pkgPluginName}/${pkgPluginVersion}/${encodeURIComponent(pkgId)}`;
+     },
+     upgrade: (ref: InstalledPackageReference) => `${app.apps.get(ref)}/upgrade`,
+     upgradeTo: (ref: InstalledPackageReference, version?: string) =>
+diff --git a/dashboard/src/components/DeploymentForm/DeploymentForm.tsx b/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
+index 7ccb77b5d..589f72b65 100644
+--- a/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
++++ b/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
+@@ -144,13 +144,15 @@ export default function DeploymentForm() {
+       );
+       setDeploying(false);
+       if (deployed) {
++        const chartParts = packageId?.split("/") || [];
++        const kind = chartParts[chartParts.length - 1];
+         push(
+           // Redirect to the installed package, note that the cluster/ns are the ones passed
+           // in the URL, not the ones from the package.
+           url.app.apps.get({
+             context: { cluster: targetCluster, namespace: targetNamespace },
+             plugin: pluginObj,
+-            identifier: releaseName,
++            identifier: `${kind}%2F${releaseName}`,
+           } as AvailablePackageReference),
+         );
+       }

packages/system/dashboard/images/dashboard/remove-manage-repositories.diff

@@ -0,0 +1,66 @@
+diff --git a/dashboard/src/components/Catalog/Catalog.tsx b/dashboard/src/components/Catalog/Catalog.tsx
+index 5f2d2a1c5..093cb598d 100644
+--- a/dashboard/src/components/Catalog/Catalog.tsx
++++ b/dashboard/src/components/Catalog/Catalog.tsx
+@@ -15,7 +15,6 @@ import qs from "qs";
+ import React, { useEffect } from "react";
+ import { useDispatch, useSelector } from "react-redux";
+ import * as ReactRouter from "react-router-dom";
+-import { Link } from "react-router-dom";
+ import { IClusterServiceVersion, IStoreState } from "shared/types";
+ import { app } from "shared/url";
+ import { escapeRegExp, getPluginPackageName } from "shared/utils";
+@@ -85,7 +84,6 @@ export default function Catalog() {
+     operators,
+     repos: { reposSummaries: repos },
+     config: {
+-      appVersion,
+       kubeappsCluster,
+       helmGlobalNamespace,
+       carvelGlobalNamespace,
+@@ -420,24 +418,6 @@ export default function Catalog() {
+         <div className="empty-catalog">
+           <CdsIcon shape="bundle" />
+           <p>The current catalog is empty.</p>
+-          <p>
+-            Manage your Package Repositories in Kubeapps by visiting the Package repositories
+-            configuration page.
+-          </p>
+-          <Link to={app.config.pkgrepositories(cluster || "", namespace || "")}>
+-            <CdsButton>Manage Package Repositories</CdsButton>
+-          </Link>
+-          <p>
+-            For help managing other packaging formats, such as Flux or Carvel, please refer to the{" "}
+-            <a
+-              target="_blank"
+-              rel="noopener noreferrer"
+-              href={`https://github.com/vmware-tanzu/kubeapps/tree/${appVersion}/site/content/docs/latest`}
+-            >
+-              Kubeapps documentation
+-            </a>
+-            .
+-          </p>
+         </div>
+       ) : (
+         <Row>
+diff --git a/dashboard/src/components/Header/Menu.tsx b/dashboard/src/components/Header/Menu.tsx
+index c8ec1da8c..e59f90190 100644
+--- a/dashboard/src/components/Header/Menu.tsx
++++ b/dashboard/src/components/Header/Menu.tsx
+@@ -78,16 +78,6 @@ function Menu({ clusters, appVersion, logout }: IContextSelectorProps) {
+           <div className="dropdown-menu dropdown-configuration-menu" role="menu" hidden={!open}>
+             <div>
+               <label className="dropdown-menu-padding dropdown-menu-label">Administration</label>
+-              <Link
+-                to={app.config.pkgrepositories(clusters.currentCluster, namespaceSelected)}
+-                className="dropdown-menu-link"
+-                onClick={toggleOpen}
+-              >
+-                <div className="dropdown-menu-item" role="menuitem">
+-                  <CdsIcon solid={true} size="md" shape="library" />{" "}
+-                  <span>Package Repositories</span>
+-                </div>
+-              </Link>
+               <div className="dropdown-divider" role="separator" />
+               {featureFlags?.operators && (
+                 <Link

packages/system/dashboard/images/kubeapps-apis/Dockerfile

@@ -4,20 +4,12 @@
 # syntax = docker/dockerfile:1
 
 FROM alpine as source
-ARG VERSION=v2.11.0
+ARG COMMIT_REF=e146cf8660c58a4f585611ab3cbce62ebfa4c5a3
 RUN apk add --no-cache patch
 WORKDIR /source
-RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
-COPY fluxcd.diff /patches/fluxcd.diff
-COPY labels.diff /patches/labels.diff
-COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
-COPY dashboard-resource.diff /patches/dashboard-resource.diff
-RUN patch -p1 < /patches/fluxcd.diff
-RUN patch -p1 < /patches/labels.diff
-RUN patch -p1 < /patches/reconcile-strategy.diff
-RUN patch -p1 < /patches/dashboard-resource.diff
+RUN wget -O- https://github.com/aenix-io/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
 
-FROM bitnami/golang:1.22.5 AS builder
+FROM bitnami/golang:1.23.4 AS builder
 WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
 COPY --from=source /source/go.mod /source/go.sum ./
 ARG VERSION="devel"
@@ -45,7 +37,6 @@ RUN curl -sSL "https://github.com/bufbuild/buf/releases/download/v$BUF_VERSION/b
 # TODO: Remove and instead use built-in gRPC container probes once we're supporting >= 1.24 only. https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/
 RUN curl -sSL "https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH}" -o "/bin/grpc_health_probe" && chmod +x "/bin/grpc_health_probe"
 
-
 # With the trick below, Go's build cache is kept between builds.
 # https://github.com/golang/go/issues/27719#issuecomment-514747274
 RUN --mount=type=cache,target=/go/pkg/mod  \

packages/system/dashboard/images/kubeapps-apis/dashboard-resource.diff

@@ -1,155 +0,0 @@
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
-index 53fac6474..4602a1148 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
-@@ -5,6 +5,7 @@ package main
- 
- import (
- 	"context"
-+	"encoding/json"
- 	"fmt"
- 	"net/http"
- 
-@@ -16,7 +17,6 @@ import (
- 	helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2"
- 	sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2"
- 	authorizationv1 "k8s.io/api/authorization/v1"
--	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- 	"k8s.io/apimachinery/pkg/runtime"
- 	"k8s.io/apimachinery/pkg/runtime/schema"
- 	"k8s.io/apimachinery/pkg/types"
-@@ -28,12 +28,16 @@ import (
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common"
--	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/clientgetter"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/paginate"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/pkgutils"
--	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/resourcerefs"
-+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- 	log "k8s.io/klog/v2"
- 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
-+
-+	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/clientgetter"
-+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-+	"k8s.io/client-go/discovery/cached/memory"
-+	"k8s.io/client-go/restmapper"
- )
- 
- // Compile-time statement to ensure this service implementation satisfies the core packaging API
-@@ -135,6 +139,7 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string,
- 			if err != nil {
- 				log.Fatalf("%s", err)
- 			}
-+
- 			return &Server{
- 				clientGetter:               clientProvider,
- 				serviceAccountClientGetter: backgroundClientGetter,
-@@ -462,36 +467,84 @@ func (s *Server) DeleteInstalledPackage(ctx context.Context, request *connect.Re
- // resources created by an installed package.
- func (s *Server) GetInstalledPackageResourceRefs(ctx context.Context, request *connect.Request[corev1.GetInstalledPackageResourceRefsRequest]) (*connect.Response[corev1.GetInstalledPackageResourceRefsResponse], error) {
- 	pkgRef := request.Msg.GetInstalledPackageRef()
--	identifier := pkgRef.GetIdentifier()
--	log.InfoS("+fluxv2 GetInstalledPackageResourceRefs", "cluster", pkgRef.GetContext().GetCluster(), "namespace", pkgRef.GetContext().GetNamespace(), "id", identifier)
-+	log.InfoS("+fluxv2 GetInstalledPackageResourceRefs", "cluster", pkgRef.GetContext().GetCluster(), "namespace", pkgRef.GetContext().GetNamespace(), "id", pkgRef.GetIdentifier())
- 
--	key := types.NamespacedName{Namespace: pkgRef.Context.Namespace, Name: identifier}
--	rel, err := s.getReleaseInCluster(ctx, request.Header(), key)
-+	// Getting dynamic client
-+	dynamicClient, err := s.clientGetter.Dynamic(request.Header(), pkgRef.GetContext().GetCluster())
- 	if err != nil {
-+		log.Errorf("Failed to get dynamic client: %v", err)
- 		return nil, err
- 	}
--	hrName := helmReleaseName(key, rel)
--	refs, err := resourcerefs.GetInstalledPackageResourceRefs(request.Header(), hrName, s.actionConfigGetter)
-+
-+	// Getting Discovery Client to work with RESTMapper
-+	discoveryClient, err := s.clientGetter.Typed(request.Header(), pkgRef.GetContext().GetCluster())
- 	if err != nil {
-+		log.Errorf("Failed to create discovery client: %v", err)
- 		return nil, err
--	} else {
--		return connect.NewResponse(
--			&corev1.GetInstalledPackageResourceRefsResponse{
--				Context: &corev1.Context{
--					Cluster: s.kubeappsCluster,
--					// TODO (gfichtenholt) it is not specifically called out in the spec why there is a
--					// need for a Context in the response and MORE imporantly what the value of Namespace
--					// field should be. In particular, there is use case when Flux Helm Release in
--					// installed in ns1 but specifies targetNamespace as test2. Should we:
--					//  (a) return ns1 (the namespace where CRs are installed) OR
--					//  (b) return ns2 (the namespace where flux installs the resources specified by the
--					//    release).
--					// For now lets use (a)
--					Namespace: key.Namespace,
--				},
--				ResourceRefs: refs,
--			}), nil
- 	}
-+	mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(discoveryClient.Discovery()))
-+
-+	// Getting the role
-+	roleGVR := schema.GroupVersionResource{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "roles"}
-+	roleName := fmt.Sprintf("%s-dashboard-resources", pkgRef.GetIdentifier())
-+	namespace := pkgRef.GetContext().GetNamespace()
-+	role, err := dynamicClient.Resource(roleGVR).Namespace(namespace).Get(ctx, roleName, metav1.GetOptions{})
-+	if err != nil {
-+		log.Errorf("Failed to get role %s: %v", roleName, err)
-+		return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("Unable to get role %s: %w", roleName, err))
-+	}
-+
-+	// Logging Role content for debugging
-+	roleContent, _ := json.Marshal(role)
-+	log.Infof("Role content: %s", string(roleContent))
-+
-+	// Parsing rules from Role and creating ResourceRefs
-+	resourcesFromRole := make([]*corev1.ResourceRef, 0)
-+	rules, found, _ := unstructured.NestedSlice(role.Object, "rules")
-+	if !found {
-+		log.Errorf("No rules found in role %s", roleName)
-+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("No rules found in role %s", roleName))
-+	}
-+
-+	for _, rule := range rules {
-+		r := rule.(map[string]interface{})
-+		resources, _ := r["resources"].([]interface{})
-+		apiGroups, _ := r["apiGroups"].([]interface{})
-+
-+		for _, resource := range resources {
-+			resourceStr := resource.(string)
-+			for _, apiGroup := range apiGroups {
-+				apiGroupStr := apiGroup.(string)
-+
-+				// Using GroupVersionResource to get GroupVersionKind
-+				gvr := schema.GroupVersionResource{Group: apiGroupStr, Version: "v1", Resource: resourceStr}
-+				gvk, err := mapper.KindFor(gvr)
-+				if err != nil {
-+					log.Errorf("Failed to get GroupVersionKind for GVR %v: %v", gvr, err)
-+					continue
-+				}
-+
-+				resourceNames, _ := r["resourceNames"].([]interface{})
-+				for _, resourceName := range resourceNames {
-+					resourceNameStr := resourceName.(string)
-+					resourcesFromRole = append(resourcesFromRole, &corev1.ResourceRef{
-+						ApiVersion: gvk.GroupVersion().String(),
-+						Kind:       gvk.Kind,
-+						Name:       resourceNameStr,
-+						Namespace:  namespace,
-+					})
-+				}
-+			}
-+		}
-+	}
-+
-+	return connect.NewResponse(&corev1.GetInstalledPackageResourceRefsResponse{
-+		Context: &corev1.Context{
-+			Cluster:   s.kubeappsCluster,
-+			Namespace: namespace,
-+		},
-+		ResourceRefs: resourcesFromRole,
-+	}), nil
- }
- 
- func (s *Server) AddPackageRepository(ctx context.Context, request *connect.Request[corev1.AddPackageRepositoryRequest]) (*connect.Response[corev1.AddPackageRepositoryResponse], error) {

packages/system/dashboard/images/kubeapps-apis/dockerfile.diff

@@ -1,38 +0,0 @@
---- b/system/kubeapps/images/kubeapps-apis/Dockerfile
-+++ a/system/kubeapps/images/kubeapps-apis/Dockerfile
-@@ -3,9 +3,19 @@
- 
- # syntax = docker/dockerfile:1
- 
-+FROM alpine as source
-+ARG VERSION=v2.11.0
-+RUN apk add --no-cache patch
-+WORKDIR /source
-+RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
-+COPY fluxcd.diff /patches/fluxcd.diff
-+COPY labels.diff /patches/labels.diff
-+COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
-+COPY dashboard-resource.diff /patches/dashboard-resource.diff
-+RUN patch -p1 < /patches/fluxcd.diff
-+RUN patch -p1 < /patches/labels.diff
-+RUN patch -p1 < /patches/reconcile-strategy.diff
-+RUN patch -p1 < /patches/dashboard-resource.diff
-+
- FROM bitnami/golang:1.22.2 as builder
- WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
--COPY go.mod go.sum ./
-+COPY --from=source /source/go.mod /source/go.sum ./
- ARG VERSION="devel"
- ARG TARGETARCH
- 
-@@ -40,8 +52,8 @@
- 
- # We don't copy the pkg and cmd directories until here so the above layers can
- # be reused.
--COPY pkg pkg
--COPY cmd cmd
-+COPY --from=source /source/pkg pkg
-+COPY --from=source /source/cmd cmd
- 
- RUN if [ ! -z ${lint:-} ]; then \
-     # Run golangci-lint to detect issues

packages/system/dashboard/images/kubeapps-apis/labels.diff

@@ -1,69 +0,0 @@
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-index c489cb6ca..8884a6484 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-@@ -29,8 +29,10 @@ import (
- 	"k8s.io/apimachinery/pkg/api/errors"
- 	"k8s.io/apimachinery/pkg/api/meta"
- 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-+	"k8s.io/apimachinery/pkg/labels"
- 	"k8s.io/apimachinery/pkg/types"
- 	log "k8s.io/klog/v2"
-+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
- 	"sigs.k8s.io/yaml"
- )
- 
-@@ -54,7 +56,10 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header,
- 	// see any results created/updated/deleted after the first request is issued
- 	// To fix this, we must make use of resourceVersion := relList.GetResourceVersion()
- 	var relList helmv2.HelmReleaseList
--	if err = client.List(ctx, &relList); err != nil {
-+	listOptions := ctrlclient.ListOptions{
-+		LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
-+	}
-+	if err = client.List(ctx, &relList, &listOptions); err != nil {
- 		return nil, connecterror.FromK8sError("list", "HelmRelease", namespace+"/*", err)
- 	} else {
- 		return relList.Items, nil
-@@ -512,6 +517,9 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
- 		ObjectMeta: metav1.ObjectMeta{
- 			Name:      targetName.Name,
- 			Namespace: targetName.Namespace,
-+			Labels: map[string]string{
-+				"cozystack.io/ui": "true",
-+			},
- 		},
- 		Spec: helmv2.HelmReleaseSpec{
- 			Chart: helmv2.HelmChartTemplate{
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-index 790b21514..539276a17 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-@@ -32,6 +32,7 @@ import (
- 	apiv1 "k8s.io/api/core/v1"
- 	"k8s.io/apimachinery/pkg/api/meta"
- 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-+	"k8s.io/apimachinery/pkg/labels"
- 	"k8s.io/apimachinery/pkg/types"
- 	"k8s.io/apimachinery/pkg/util/sets"
- 	log "k8s.io/klog/v2"
-@@ -64,7 +65,8 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header,
- 
- 	var repoList sourcev1.HelmRepositoryList
- 	listOptions := ctrlclient.ListOptions{
--		Namespace: ns,
-+		Namespace:     ns,
-+		LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
- 	}
- 	if err := client.List(backgroundCtx, &repoList, &listOptions); err != nil {
- 		return nil, connecterror.FromK8sError("list", "HelmRepository", "", err)
-@@ -927,6 +929,9 @@ func newFluxHelmRepo(
- 		ObjectMeta: metav1.ObjectMeta{
- 			Name:      targetName.Name,
- 			Namespace: targetName.Namespace,
-+			Labels: map[string]string{
-+				"cozystack.io/ui": "true",
-+			},
- 		},
- 		Spec: sourcev1.HelmRepositorySpec{
- 			URL:      url,

packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff

@@ -1,12 +0,0 @@
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-index 8884a6484..4bf77071c 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-@@ -530,6 +530,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
- 						Kind:      sourcev1.HelmRepositoryKind,
- 						Namespace: chart.Repo.Namespace,
- 					},
-+					ReconcileStrategy: "Revision",
- 				},
- 			},
- 		},

packages/system/dashboard/values.yaml

@@ -1,4 +1,11 @@
 kubeapps:
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/client-max-body-size: 1m
+      nginx.ingress.kubernetes.io/proxy-body-size: 100m
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
   fullnameOverride: dashboard
   postgresql:
     enabled: false
@@ -33,11 +40,310 @@ kubeapps:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: dashboard
-      tag: v0.20.2
-      digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
+      tag: v0.21.0
+      digest: "sha256:4ec2a6b6e7b92351d5483cda6c65a2a3e9a9c6ff619a6f21b0bb96c469f871ad"
   kubeappsapis:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: kubeapps-apis
-      tag: v0.20.2
-      digest: "sha256:7640ba0c9549e6051b4e26488904a4f07d532087f1ac2f32bdc35687d7291ace"
+      tag: v0.21.0
+      digest: "sha256:ee4d0e44fc86c5c8b03a3c516233354e666f354ed2bb853e73403e9a3060ca2f"
+    pluginConfig:
+      flux:
+        packages:
+          v1alpha1:
+            resources:
+              - application:
+                  kind: Bucket
+                  singular: bucket
+                  plural: buckets
+                release:
+                  prefix: bucket-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: bucket
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: ClickHouse
+                  singular: clickhouse
+                  plural: clickhouses
+                release:
+                  prefix: clickhouse-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: clickhouse
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: HTTPCache
+                  singular: httpcache
+                  plural: httpcaches
+                release:
+                  prefix: http-cache-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: http-cache
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: NATS
+                  singular: nats
+                  plural: natses
+                release:
+                  prefix: nats-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: nats
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: TCPBalancer
+                  singular: tcpbalancer
+                  plural: tcpbalancers
+                release:
+                  prefix: tcp-balancer-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: tcp-balancer
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VirtualMachine
+                  singular: virtualmachine
+                  plural: virtualmachines
+                release:
+                  prefix: virtual-machine-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: virtual-machine
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VPN
+                  singular: vpn
+                  plural: vpns
+                release:
+                  prefix: vpn-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: vpn
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: MySQL
+                  singular: mysql
+                  plural: mysqls
+                release:
+                  prefix: mysql-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: mysql
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Tenant
+                  singular: tenant
+                  plural: tenants
+                release:
+                  prefix: tenant-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: tenant
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Kubernetes
+                  singular: kubernetes
+                  plural: kuberneteses
+                release:
+                  prefix: kubernetes-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: kubernetes
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Redis
+                  singular: redis
+                  plural: redises
+                release:
+                  prefix: redis-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: redis
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: RabbitMQ
+                  singular: rabbitmq
+                  plural: rabbitmqs
+                release:
+                  prefix: rabbitmq-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: rabbitmq
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Postgres
+                  singular: postgres
+                  plural: postgreses
+                release:
+                  prefix: postgres-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: postgres
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: FerretDB
+                  singular: ferretdb
+                  plural: ferretdb
+                release:
+                  prefix: ferretdb-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: ferretdb
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Kafka
+                  singular: kafka
+                  plural: kafkas
+                release:
+                  prefix: kafka-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: kafka
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VMDisk
+                  plural: vmdisks
+                  singular: vmdisk
+                release:
+                  prefix: vm-disk-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: vm-disk
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VMInstance
+                  plural: vminstances
+                  singular: vminstance
+                release:
+                  prefix: vm-instance-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: vm-instance
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Monitoring
+                  plural: monitorings
+                  singular: monitoring
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: monitoring
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public
+              - application:
+                  kind: Etcd
+                  plural: etcds
+                  singular: etcd
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: etcd
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public
+              - application:
+                  kind: Ingress
+                  plural: ingresses
+                  singular: ingress
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: ingress
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public
+              - application:
+                  kind: SeaweedFS
+                  plural: seaweedfses
+                  singular: seaweedfs
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: seaweedfs
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.20.2@sha256:f7ebb4e8b833b90982d371a8d8292c328ab7e828ffd953a32f08cdd91398faef
+    tag: v0.21.0@sha256:711950105680caabaab5532c6bf6f3d3d3c07b6aff39361a1102b4139611d894
     repository: ghcr.io/aenix-io/cozystack/kamaji
   resources:
     limits:

packages/system/keycloak-configure/templates/configure-kk.yaml

@@ -215,19 +215,6 @@ data:
 
 ---
 
-apiVersion: v1.edp.epam.com/v1
-kind: KeycloakRealmGroup
-metadata:
-  name: kubeapps-admin
-  namespace: cozy-dashboard
-spec:
-  name: kubeapps-admin
-  realmRef:
-    name: keycloakrealm-cozy
-    kind: ClusterKeycloakRealm
-
----
-
 apiVersion: v1.edp.epam.com/v1
 kind: KeycloakRealmGroup
 metadata:

packages/system/keycloak-configure/templates/rolebinding.yaml

@@ -1,35 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubeapps-admin-group
-  namespace: cozy-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubeapps-admin
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: kubeapps-admin
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: kubeapps-admin
-  namespace: cozy-public
-subjects:
-- kind: Group
-  name: kubeapps-admin
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: Role
-  name: kubeapps-admin
-  apiGroup: rbac.authorization.k8s.io
-
----
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

packages/system/keycloak-configure/templates/roles.yaml

@@ -1,45 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kubeapps-admin
-rules:
-- apiGroups: [""]
-  resources:
-  - "*"
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups: ["apps.cozystack.io"]
-  resources:
-  - '*'
-  verbs:
-  - '*'
-- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources:
-  - helmreleases
-  verbs:
-  - '*'
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kubeapps-admin
-  namespace: cozy-public
-rules:
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs:
-    - get
-    - list
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources:
-    - helmcharts
-    verbs: ["*"]
-
----
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.0@sha256:3962404f479a95a6d8c0d4566b2694bcc9f2e88048edde4f368b84e0e0fadb7b
+      tag: v1.13.0@sha256:be0bf28b0e669b63b2c6d859a1ba80dcc1d848d2d0dc124480023cc90cd59c38

packages/system/monitoring-agents/values.yaml

@@ -305,3 +305,57 @@ vmagent:
     tenant: tenant-root
   remoteWrite:
     url: http://vminsert-shortterm.tenant-root.svc:8480/insert/0/prometheus
+
+fluent-bit:
+  readinessProbe:
+    httpGet:
+      path: /
+  daemonSetVolumes:
+    - name: varlog
+      hostPath:
+        path: /var/log
+    - name: varlibdockercontainers
+      hostPath:
+        path: /var/lib/docker/containers
+  daemonSetVolumeMounts:
+    - name: varlog
+      mountPath: /var/log
+    - name: varlibdockercontainers
+      mountPath: /var/lib/docker/containers
+      readOnly: true
+  config:
+    outputs: |
+      [OUTPUT]
+          Name http
+          Match kube.*
+          Host vlogs-generic.tenant-root.svc
+          port 9428
+          compress gzip
+          uri /insert/jsonline?_stream_fields=stream,kubernetes_pod_name,kubernetes_container_name,kubernetes_namespace_name&_msg_field=log&_time_field=date
+          format json_lines
+          json_date_format iso8601
+          header AccountID 0
+          header ProjectID 0
+    filters: |
+      [FILTER]
+          Name kubernetes
+          Match kube.*
+          Merge_Log On
+          Keep_Log On
+          K8S-Logging.Parser On
+          K8S-Logging.Exclude On
+      [FILTER]
+          Name                nest
+          Match               *
+          Wildcard            pod_name
+          Operation lift
+          Nested_under kubernetes
+          Add_prefix   kubernetes_
+      [FILTER]
+          Name modify
+          Match *
+          Add tenant tenant-root
+      [FILTER]
+          Name modify
+          Match *
+          Add cluster root-cluster

packages/system/piraeus-operator/charts/piraeus/templates/config.yaml

@@ -30,7 +30,7 @@ data:
         tag: v1.6.0
         image: drbd-reactor
       ha-controller:
-        tag: v1.2.2
+        tag: v1.2.3
         image: piraeus-ha-controller
       drbd-shutdown-guard:
         tag: v1.0.0

pkg/cmd/server/start.go

@@ -201,26 +201,30 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 	serverConfig.OpenAPIConfig.PostProcessSpec = func(swagger *spec.Swagger) (*spec.Swagger, error) {
 		defs := swagger.Definitions
 
-		// Check basic Application definition
+		// Verify the presence of the base Application/ApplicationList definitions
 		appDef, exists := defs["com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Application"]
 		if !exists {
 			return swagger, fmt.Errorf("Application definition not found")
 		}
 
-		// Check basic ApplicationList definition
 		listDef, exists := defs["com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList"]
 		if !exists {
 			return swagger, fmt.Errorf("ApplicationList definition not found")
 		}
 
+		// Iterate over all registered GVKs (e.g., Bucket, Database, etc.)
 		for _, gvk := range v1alpha1.RegisteredGVKs {
+			// This will be something like:
+			// "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Bucket"
 			resourceName := fmt.Sprintf("com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.%s", gvk.Kind)
+
+			// 1. Create a copy of the base Application definition for the new resource
 			newDef, err := DeepCopySchema(&appDef)
 			if err != nil {
 				return nil, fmt.Errorf("failed to deepcopy schema for %s: %w", gvk.Kind, err)
 			}
 
-			// Fix Extensions for resource
+			// 2. Update x-kubernetes-group-version-kind to match the new resource
 			if newDef.Extensions == nil {
 				newDef.Extensions = map[string]interface{}{}
 			}
@@ -231,17 +235,20 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 					"kind":    gvk.Kind,
 				},
 			}
+
+			// 3. Save the new resource definition under the correct name
 			defs[resourceName] = *newDef
 			klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", resourceName)
 
-			// List resource
+			// 4. Now handle the corresponding List type (e.g., BucketList).
+			//    We'll start by copying the ApplicationList definition.
 			listResourceName := fmt.Sprintf("com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.%sList", gvk.Kind)
 			newListDef, err := DeepCopySchema(&listDef)
 			if err != nil {
 				return nil, fmt.Errorf("failed to deepcopy schema for %sList: %w", gvk.Kind, err)
 			}
 
-			// Fix Extensions for List resource
+			// 5. Update x-kubernetes-group-version-kind for the List definition
 			if newListDef.Extensions == nil {
 				newListDef.Extensions = map[string]interface{}{}
 			}
@@ -252,10 +259,22 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 					"kind":    fmt.Sprintf("%sList", gvk.Kind),
 				},
 			}
+
+			// 6. IMPORTANT: Fix the "items" reference so it points to the new resource
+			//    rather than to "Application".
+			if itemsProp, found := newListDef.Properties["items"]; found {
+				if itemsProp.Items != nil && itemsProp.Items.Schema != nil {
+					itemsProp.Items.Schema.Ref = spec.MustCreateRef("#/definitions/" + resourceName)
+					newListDef.Properties["items"] = itemsProp
+				}
+			}
+
+			// 7. Finally, save the new List definition
 			defs[listResourceName] = *newListDef
 			klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", listResourceName)
 		}
 
+		// Remove the original Application/ApplicationList from the definitions
 		delete(defs, "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Application")
 		delete(defs, "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList")