[feat] end-user environment setup

Add script to automatically install all required
packages on end-user system
Linux distro independent, MacOS ready

Signed-off-by: Ahmad Murzahmatov <gwynbleidd2106@yandex.com>

.github/workflows/pull-requests.yaml

@@ -167,6 +167,7 @@ jobs:
       - name: Download assets from draft release (release PR)
         if: contains(github.event.pull_request.labels.*.name, 'release')
         run: |
+          mkdir -p _out/assets
           curl -sSL -H "Authorization: token ${GH_PAT}" -H "Accept: application/octet-stream" \
             -o _out/assets/nocloud-amd64.raw.xz \
             "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${{ needs.resolve_assets.outputs.disk_id }}"
@@ -221,6 +222,7 @@ jobs:
       - name: Download assets from draft release (release PR)
         if: contains(github.event.pull_request.labels.*.name, 'release')
         run: |
+          mkdir -p _out/assets
           curl -sSL -H "Authorization: token ${GH_PAT}" -H "Accept: application/octet-stream" \
             -o _out/assets/cozystack-installer.yaml \
             "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${{ needs.resolve_assets.outputs.installer_id }}"
@@ -290,8 +292,8 @@ jobs:
           done
           echo "✅ The task completed successfully after $attempt attempts"
 
-  collect_report:
-    name: Collect report
+  collect_debug_information:
+    name: Collect debug information
     runs-on: [self-hosted]
     needs: [test_apps]
     if: ${{ always() }}
@@ -313,10 +315,21 @@ jobs:
           name: cozyreport
           path: /tmp/${{ env.SANDBOX_NAME }}/_out/cozyreport.tgz
 
+      - name: Collect images list
+        run: |
+          cd /tmp/$SANDBOX_NAME
+          make -C packages/core/testing SANDBOX_NAME=$SANDBOX_NAME collect-images
+
+      - name: Upload image list
+        uses: actions/upload-artifact@v4
+        with:
+          name: image-list
+          path: /tmp/${{ env.SANDBOX_NAME }}/_out/images.txt
+
   cleanup:
     name: Tear down environment
     runs-on: [self-hosted]
-    needs: [collect_report]
+    needs: [collect_debug_information]
     if: ${{ always() && needs.test_apps.result == 'success' }}
 
     steps:

.github/workflows/tags.yaml

@@ -112,9 +112,12 @@ jobs:
       # Commit built artifacts
       - name: Commit release artifacts
         if: steps.check_release.outputs.skip == 'false'
+        env:
+          GH_PAT: ${{ secrets.GH_PAT }}
         run: |
-          git config user.name  "github-actions"
-          git config user.email "github-actions@github.com"
+          git config user.name  "cozystack-bot"
+          git config user.email "217169706+cozystack-bot@users.noreply.github.com"
+          git remote set-url origin https://cozystack-bot:${GH_PAT}@github.com/${GITHUB_REPOSITORY}
           git add .
           git commit -m "Prepare release ${GITHUB_REF#refs/tags/}" -s || echo "No changes to commit"
           git push origin HEAD || true
@@ -189,7 +192,12 @@ jobs:
       # Create release-X.Y.Z branch and push (force-update)
       - name: Create release branch
         if: steps.check_release.outputs.skip == 'false'
+        env:
+          GH_PAT: ${{ secrets.GH_PAT }}
         run: |
+          git config user.name  "cozystack-bot"
+          git config user.email "217169706+cozystack-bot@users.noreply.github.com"
+          git remote set-url origin https://cozystack-bot:${GH_PAT}@github.com/${GITHUB_REPOSITORY}
           BRANCH="release-${GITHUB_REF#refs/tags/v}"
           git branch -f "$BRANCH"
           git push -f origin "$BRANCH"
@@ -199,6 +207,7 @@ jobs:
         if: steps.check_release.outputs.skip == 'false'
         uses: actions/github-script@v7
         with:
+          github-token: ${{ secrets.GH_PAT }}
           script: |
             const version = context.ref.replace('refs/tags/v', '');
             const base    = '${{ steps.get_base.outputs.branch }}';

Makefile

@@ -6,6 +6,7 @@ build-deps:
 	@tar --version | grep -q GNU || (echo "GNU tar is required" && exit 1)
 	@sed --version | grep -q GNU || (echo "GNU sed is required" && exit 1)
 	@awk --version | grep -q GNU || (echo "GNU awk is required" && exit 1)
+	@./hack/user_setup_env.sh
 
 build: build-deps
 	make -C packages/apps/http-cache image

hack/cdi_golden_image_create.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+
+name="$1"
+url="$2"
+
+if [ -z "$name" ] || [ -z "$url" ]; then
+  echo "Usage: <name> <url>"
+  echo "Example: 'ubuntu' 'https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img'"
+  exit 1
+fi
+
+#### create DV ubuntu source for CDI image cloning
+kubectl create -f - <<EOF
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+  name: "vm-image-$name"
+  namespace: cozy-public
+  annotations:
+    cdi.kubevirt.io/storage.bind.immediate.requested: "true"
+spec:
+  source:
+    http:
+      url: "$url"
+  storage:
+    resources:
+      requests:
+        storage: 5Gi
+    storageClassName: replicated
+EOF

hack/collect-images.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+for node in 11 12 13; do
+  talosctl -n 192.168.123.${node} -e 192.168.123.${node} images ls >> images.tmp
+  talosctl -n 192.168.123.${node} -e 192.168.123.${node} images --namespace system ls >> images.tmp
+done
+
+while read _ name sha _ ; do echo $sha $name ; done < images.tmp | sort -u > images.txt

hack/user_setup_env.sh

@@ -0,0 +1,129 @@
+#!/bin/bash
+
+#### variables list
+cozypkg_version="v1.1.0"
+talm_version="v0.13.0"
+kubectl_version="v1.33.1"
+krew_version="v0.4.5"
+helm_version="v3.18.2"
+virtctl_version="v1.4.0"
+fluxcd_version="2.6.1"
+ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')"
+echo $ARCH
+OS="$(uname | tr '[:upper:]' '[:lower:]')"
+
+
+function user_setup_env() {
+    log "Start setuping user environment"
+
+    install_cozypkg
+    install_talm
+    install_kubectl
+    install_krew
+    install_krew_plugins
+    install_virtctl
+    install_helm
+    install_helm_plugins
+    install_fluxcd
+}
+
+function log() {
+    echo "$(date '+%d-%m-%Y %H:%M:%S') - $1"
+}
+
+function install_cozypkg() {
+    log "Installing cozypkg"
+
+	curl -sSL https://github.com/cozystack/cozypkg/releases/download/${cozypkg_version}/cozypkg-${OS}-${ARCH}.tar.gz | \
+	tar xzvf - cozypkg
+    sudo mv /tmp/cozypkg /usr/local/bin/cozypkg
+    sudo chown 0:0 /usr/local/bin/cozypkg
+    sudo chmod 0755 /usr/local/bin/cozypkg
+}
+
+function install_talm() {
+    log "Installing talm"
+
+    curl -o /tmp/talm -fsL "https://github.com/cozystack/talm/releases/download/${talm_version}/talm-${OS}-${ARCH}"
+    sudo mv /tmp/talm /usr/local/bin/talm
+    sudo chown 0:0 /usr/local/bin/talm
+    sudo chmod 0755 /usr/local/bin/talm
+}
+
+function install_kubectl() {
+    log "Installing kubectl"
+
+    curl -o /tmp/kubectl -fsLO "https://dl.k8s.io/release/${kubectl_version}/bin/${OS}/${ARCH}/kubectl"
+    sudo mv /tmp/kubectl /usr/local/bin/kubectl
+    sudo chown 0:0 /usr/local/bin/kubectl
+    sudo chmod 0755 /usr/local/bin/kubectl
+}
+
+install_krew() {
+    log "Installing krew"
+
+    KREW="krew-${OS}_${ARCH}"
+    curl -o "/tmp/${KREW}.tar.gz" -fsLO "https://github.com/kubernetes-sigs/krew/releases/download/${krew_version}/${KREW}.tar.gz"
+    mkdir /tmp/krew && tar -xzf "/tmp/${KREW}.tar.gz" -C /tmp/krew/
+    "/tmp/krew/${KREW}" install krew
+    log "configure .bashrc for krew"
+    printf '# krew\nexport PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"\n' >> ~/.bashrc
+    source ~/.bashrc
+}
+
+function install_krew_plugins() {
+    log "Installing krew plugins..."
+
+    if [[ ! $(kubectl krew version) ]]; then
+        log "krew is not installed, install it first!"
+        return 1
+    fi
+
+    log "Installing krew plugin: node-shell"
+    kubectl krew install node-shell
+
+    log "Installing krew plugin: virt"
+    kubectl krew install virt
+
+    log "Installing krew plugin: oidc-login"
+    kubectl krew install oidc-login
+}
+
+function install_virtctl() {
+    log "Installing virtctl"
+
+    curl -o /tmp/virtctl -fsL "https://github.com/kubevirt/kubevirt/releases/download/${virtctl_version}/virtctl-${virtctl_version}-${OS}-${ARCH}"
+    sudo mv /tmp/virtctl /usr/local/bin/virtctl
+    sudo chown 0:0 /usr/local/bin/virtctl
+    sudo chmod 0755 /usr/local/bin/virtctl
+}
+
+function install_helm() {
+    log "Installing Helm"
+
+    curl -o /tmp/helm.tar.gz -fsL "https://get.helm.sh/helm-${helm_version}-${OS}-${ARCH}.tar.gz"
+    mkdir /tmp/helm && tar -xzf /tmp/helm.tar.gz -C /tmp/helm/
+    sudo mv "/tmp/helm/${OS}-${ARCH}/helm" /usr/local/bin/helm
+    sudo chown 0:0 /usr/local/bin/helm
+    sudo chmod 0755 /usr/local/bin/helm
+}
+
+function install_helm_plugins() {
+    log "Installing Helm plugins..."
+
+    log "Installing Helm plugin: diff"
+    helm plugin install https://github.com/databus23/helm-diff
+}
+
+function install_fluxcd() {
+    log "Installing FluxCD"
+
+    curl -o /tmp/flux.tar.gz -fsL "https://github.com/fluxcd/flux2/releases/download/v${fluxcd_version}/flux_${fluxcd_version}_${OS}_${ARCH}.tar.gz"
+    mkdir /tmp/flux && tar -xzf /tmp/flux.tar.gz -C /tmp/flux/
+    sudo mv /tmp/flux/flux /usr/local/bin/flux
+    sudo chown 0:0 /usr/local/bin/flux
+    sudo chmod 0755 /usr/local/bin/flux
+}
+
+
+user_setup_env

packages/apps/clickhouse/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.10.1
+version: 0.11.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/clickhouse/README.md

@@ -1,18 +1,19 @@
-# Managed Clickhouse Service
+# Managed ClickHouse Service
 
 ClickHouse is an open source high-performance and column-oriented SQL database management system (DBMS).
 It is used for online analytical processing (OLAP).
-Cozystack platform uses Altinity operator to provide ClickHouse.
 
-### How to restore backup:
+### How to restore backup from S3
 
-1. Find a snapshot:
-    ```
+1.  Find the snapshot:
+
+    ```bash
     restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
     ```
 
 2.  Restore it:
-    ```
+
+    ```bash
     restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
     ```
 
@@ -39,32 +40,41 @@ For more details, read [Restic: Effective Backup from Stdin](https://blog.aenix.
 
 ### Backup parameters
 
-| Name                     | Description                                                                 | Value                                                  |
-| ------------------------ | --------------------------------------------------------------------------- | ------------------------------------------------------ |
-| `backup.enabled`         | Enable periodic backups                                                     | `false`                                                |
-| `backup.s3Region`        | AWS S3 region where backups are stored                                      | `us-east-1`                                            |
-| `backup.s3Bucket`        | S3 bucket used for storing backups                                          | `s3.example.org/clickhouse-backups`                    |
-| `backup.schedule`        | Cron schedule for automated backups                                         | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups                              | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication                                  | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication                                  | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
-| `backup.resticPassword`  | Password for Restic backup encryption                                       | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
-| `resources`              | Explicit CPU/memory resource requests and limits for the Clickhouse service | `{}`                                                   |
-| `resourcesPreset`        | Use a common resources preset when `resources` is not set explicitly.       | `small`                                                |
+| Name                     | Description                                                                                                                             | Value                                                  |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
+| `backup.enabled`         | Enable periodic backups                                                                                                                 | `false`                                                |
+| `backup.s3Region`        | AWS S3 region where backups are stored                                                                                                  | `us-east-1`                                            |
+| `backup.s3Bucket`        | S3 bucket used for storing backups                                                                                                      | `s3.example.org/clickhouse-backups`                    |
+| `backup.schedule`        | Cron schedule for automated backups                                                                                                     | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups                                                                                          | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication                                                                                              | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication                                                                                              | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
+| `backup.resticPassword`  | Password for Restic backup encryption                                                                                                   | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+| `resources`              | Explicit CPU and memory configuration for each ClickHouse replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`                                                   |
+| `resourcesPreset`        | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.       | `small`                                                |
 
+## Parameter examples and reference
 
-In production environments, it's recommended to set `resources` explicitly.
-Example of `resources`:
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
 
 ```yaml
 resources:
-  limits:
-    cpu: 4000m
-    memory: 4Gi
-  requests:
-    cpu: 100m
-    memory: 512Mi
+  cpu: 4000m
+  memory: 4Gi
 ```
 
-Allowed values for `resourcesPreset` are `none`, `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-This value is ignored if `resources` value is set. 
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |

packages/apps/clickhouse/images/clickhouse-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/clickhouse-backup:0.10.1@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205
+ghcr.io/cozystack/cozystack/clickhouse-backup:0.11.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -132,11 +132,7 @@ spec:
           containers:
             - name: clickhouse
               image: clickhouse/clickhouse-server:24.9.2.42
-              {{- if .Values.resources }}
-              resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 16 }}
-              {{- else if ne .Values.resourcesPreset "none" }}
-              resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 16 }}
-              {{- end }}
+              resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 16 }}
               volumeMounts:
                 - name: data-volume-template
                   mountPath: /var/lib/clickhouse

packages/apps/clickhouse/values.schema.json

@@ -79,12 +79,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Explicit CPU/memory resource requests and limits for the Clickhouse service",
+            "description": "Explicit CPU and memory configuration for each ClickHouse replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly.",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "small",
             "enum": [
                 "none",

packages/apps/clickhouse/values.yaml

@@ -47,11 +47,11 @@ backup:
   s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
   resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
 
-## @param resources Explicit CPU/memory resource requests and limits for the Clickhouse service
+## @param resources Explicit CPU and memory configuration for each ClickHouse replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
 
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly.
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "small"

packages/apps/ferretdb/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.1
+version: 0.8.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/ferretdb/README.md

@@ -1,17 +1,21 @@
 # Managed FerretDB Service
 
+FerretDB is an open source MongoDB alternative.
+It translates MongoDB wire protocol queries to SQL and can be used as a direct replacement for MongoDB 5.0+.
+Internally, FerretDB service is backed by Postgres.
+
 ## Parameters
 
 ### Common parameters
 
-| Name                     | Description                                                                                                             | Value   |
-| ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | ------- |
-| `external`               | Enable external access from outside the cluster                                                                         | `false` |
-| `size`                   | Persistent Volume size                                                                                                  | `10Gi`  |
-| `replicas`               | Number of Postgres replicas                                                                                             | `2`     |
-| `storageClass`           | StorageClass used to store the data                                                                                     | `""`    |
-| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.           | `0`     |
-| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances). | `0`     |
+| Name                     | Description                                                                                                                 | Value   |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `external`               | Enable external access from outside the cluster                                                                             | `false` |
+| `size`                   | Persistent Volume size                                                                                                      | `10Gi`  |
+| `replicas`               | Number of replicas                                                                                                          | `2`     |
+| `storageClass`           | StorageClass used to store the data                                                                                         | `""`    |
+| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed                | `0`     |
+| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas) | `0`     |
 
 ### Configuration parameters
 
@@ -21,17 +25,43 @@
 
 ### Backup parameters
 
-| Name                     | Description                                                                                                                                      | Value                                                  |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ |
-| `backup.enabled`         | Enable pereiodic backups                                                                                                                         | `false`                                                |
-| `backup.s3Region`        | The AWS S3 region where backups are stored                                                                                                       | `us-east-1`                                            |
-| `backup.s3Bucket`        | The S3 bucket used for storing backups                                                                                                           | `s3.example.org/postgres-backups`                      |
-| `backup.schedule`        | Cron schedule for automated backups                                                                                                              | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | The strategy for cleaning up old backups                                                                                                         | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | The access key for S3, used for authentication                                                                                                   | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
-| `backup.s3SecretKey`     | The secret key for S3, used for authentication                                                                                                   | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
-| `backup.resticPassword`  | The password for Restic backup encryption                                                                                                        | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
-| `resources`              | Resources                                                                                                                                        | `{}`                                                   |
-| `resourcesPreset`        | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`                                                 |
+| Name                     | Description                                                                                                                           | Value                                                  |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
+| `backup.enabled`         | Enable periodic backups                                                                                                               | `false`                                                |
+| `backup.s3Region`        | The AWS S3 region where backups are stored                                                                                            | `us-east-1`                                            |
+| `backup.s3Bucket`        | The S3 bucket used for storing backups                                                                                                | `s3.example.org/postgres-backups`                      |
+| `backup.schedule`        | Cron schedule for automated backups                                                                                                   | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | The strategy for cleaning up old backups                                                                                              | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | The access key for S3, used for authentication                                                                                        | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
+| `backup.s3SecretKey`     | The secret key for S3, used for authentication                                                                                        | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
+| `backup.resticPassword`  | The password for Restic backup encryption                                                                                             | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+| `resources`              | Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`                                                   |
+| `resourcesPreset`        | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.     | `nano`                                                 |
 
 
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |

packages/apps/ferretdb/templates/postgres.yaml

@@ -18,11 +18,7 @@ spec:
   {{- end }}
   minSyncReplicas: {{ .Values.quorum.minSyncReplicas }}
   maxSyncReplicas: {{ .Values.quorum.maxSyncReplicas }}
-  {{- if .Values.resources }}
-  resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 4 }}
-  {{- else if ne .Values.resourcesPreset "none" }}
-  resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 4 }}
-  {{- end }}
+  resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 4 }}
   monitoring:
     enablePodMonitor: true
 

packages/apps/ferretdb/values.schema.json

@@ -14,7 +14,7 @@
         },
         "replicas": {
             "type": "number",
-            "description": "Number of Postgres replicas",
+            "description": "Number of replicas",
             "default": 2
         },
         "storageClass": {
@@ -27,12 +27,12 @@
             "properties": {
                 "minSyncReplicas": {
                     "type": "number",
-                    "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.",
+                    "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed",
                     "default": 0
                 },
                 "maxSyncReplicas": {
                     "type": "number",
-                    "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).",
+                    "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)",
                     "default": 0
                 }
             }
@@ -42,7 +42,7 @@
             "properties": {
                 "enabled": {
                     "type": "boolean",
-                    "description": "Enable pereiodic backups",
+                    "description": "Enable periodic backups",
                     "default": false
                 },
                 "s3Region": {
@@ -84,12 +84,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "nano",
             "enum": [
                 "none",

packages/apps/ferretdb/values.yaml

@@ -2,7 +2,7 @@
 
 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
-## @param replicas Number of Postgres replicas
+## @param replicas Number of replicas
 ## @param storageClass StorageClass used to store the data
 ##
 external: false
@@ -11,8 +11,8 @@ replicas: 2
 storageClass: ""
 
 ## Configuration for the quorum-based synchronous replication
-## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
-## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
+## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed
+## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)
 quorum:
   minSyncReplicas: 0
   maxSyncReplicas: 0
@@ -31,7 +31,7 @@ users: {}
 
 ## @section Backup parameters
 
-## @param backup.enabled Enable pereiodic backups
+## @param backup.enabled Enable periodic backups
 ## @param backup.s3Region The AWS S3 region where backups are stored
 ## @param backup.s3Bucket The S3 bucket used for storing backups
 ## @param backup.schedule Cron schedule for automated backups
@@ -49,11 +49,11 @@ backup:
   s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
   resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
- 
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/apps/http-cache/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.2
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/http-cache/README.md

@@ -1,8 +1,9 @@
-# Managed Nginx Caching Service
+# Managed Nginx-based HTTP Cache Service
 
-The Nginx Caching Service is designed to optimize web traffic and enhance web application performance. This service combines custom-built Nginx instances with HAproxy for efficient caching and load balancing.
+The Nginx-based HTTP caching service is designed to optimize web traffic and enhance web application performance.
+This service combines custom-built Nginx instances with HAProxy for efficient caching and load balancing.
 
-## Deployment infromation
+## Deployment information
 
 The Nginx instances include the following modules and features:
 
@@ -53,27 +54,67 @@ The deployment architecture is illustrated in the diagram below:
 
 ## Known issues
 
-VTS module shows wrong upstream resonse time
-- https://github.com/vozlt/nginx-module-vts/issues/198
+- VTS module shows wrong upstream response time, [github.com/vozlt/nginx-module-vts#198](https://github.com/vozlt/nginx-module-vts/issues/198)
 
 ## Parameters
 
 ### Common parameters
 
-| Name                      | Description                                                                                                                                      | Value   |
-| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `external`                | Enable external access from outside the cluster                                                                                                  | `false` |
-| `size`                    | Persistent Volume size                                                                                                                           | `10Gi`  |
-| `storageClass`            | StorageClass used to store the data                                                                                                              | `""`    |
-| `haproxy.replicas`        | Number of HAProxy replicas                                                                                                                       | `2`     |
-| `nginx.replicas`          | Number of Nginx replicas                                                                                                                         | `2`     |
-| `haproxy.resources`       |                                                                                                                                                  | `{}`    |
-| `haproxy.resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`  |
-| `nginx.resources`         | Resources                                                                                                                                        | `{}`    |
-| `nginx.resourcesPreset`   | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`  |
+| Name                      | Description                                                                                                                          | Value   |
+| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------- |
+| `external`                | Enable external access from outside the cluster                                                                                      | `false` |
+| `size`                    | Persistent Volume size                                                                                                               | `10Gi`  |
+| `storageClass`            | StorageClass used to store the data                                                                                                  | `""`    |
+| `haproxy.replicas`        | Number of HAProxy replicas                                                                                                           | `2`     |
+| `nginx.replicas`          | Number of Nginx replicas                                                                                                             | `2`     |
+| `haproxy.resources`       | Explicit CPU and memory configuration for each HAProxy replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
+| `haproxy.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.    | `nano`  |
+| `nginx.resources`         | Explicit CPU and memory configuration for each nginx replica. When left empty, the preset defined in `resourcesPreset` is applied.   | `{}`    |
+| `nginx.resourcesPreset`   | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.    | `nano`  |
 
 ### Configuration parameters
 
 | Name        | Description             | Value |
 | ----------- | ----------------------- | ----- |
 | `endpoints` | Endpoints configuration | `[]`  |
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
+
+
+### endpoints
+
+`endpoints` is a flat list of IP addresses:
+
+```yaml
+endpoints:
+  - 10.100.3.1:80
+  - 10.100.3.11:80
+  - 10.100.3.2:80
+  - 10.100.3.12:80
+  - 10.100.3.3:80
+  - 10.100.3.13:80
+```

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.5.2@sha256:e0a07082bb6fc6aeaae2315f335386f1705a646c72f9e0af512aebbca5cb2b15
+ghcr.io/cozystack/cozystack/nginx-cache:0.6.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5

packages/apps/http-cache/templates/haproxy/deployment.yaml

@@ -33,11 +33,7 @@ spec:
       containers:
       - image: haproxy:latest
         name: haproxy
-        {{- if .Values.haproxy.resources }}
-        resources: {{- include "cozy-lib.resources.sanitize" (list .Values.haproxy.resources $) | nindent 10 }}
-        {{- else if ne .Values.haproxy.resourcesPreset "none" }}
-        resources: {{- include "cozy-lib.resources.preset" (list .Values.haproxy.resourcesPreset $) | nindent 10 }}
-        {{- end }}
+        resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.haproxy.resourcesPreset .Values.haproxy.resources $) | nindent 10 }}
         ports:
         - containerPort: 8080
           name: http

packages/apps/http-cache/templates/nginx/deployment.yaml

@@ -52,11 +52,7 @@ spec:
       shareProcessNamespace: true
       containers:
       - name: nginx
-        {{- if $.Values.nginx.resources }}
-        resources: {{- include "cozy-lib.resources.sanitize" (list $.Values.nginx.resources $) | nindent 10 }}
-        {{- else if ne $.Values.nginx.resourcesPreset "none" }}
-        resources: {{- include "cozy-lib.resources.preset" (list $.Values.nginx.resourcesPreset $) | nindent 10 }}
-        {{- end }}
+        resources: {{- include "cozy-lib.resources.defaultingSanitize" (list $.Values.nginx.resourcesPreset $.Values.nginx.resources $) | nindent 10 }}
         image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}"
         readinessProbe:
           httpGet:

packages/apps/http-cache/values.schema.json

@@ -27,12 +27,12 @@
                 },
                 "resources": {
                     "type": "object",
-                    "description": "",
+                    "description": "Explicit CPU and memory configuration for each HAProxy replica. When left empty, the preset defined in `resourcesPreset` is applied.",
                     "default": {}
                 },
                 "resourcesPreset": {
                     "type": "string",
-                    "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
                     "default": "nano",
                     "enum": [
                         "none",
@@ -57,12 +57,12 @@
                 },
                 "resources": {
                     "type": "object",
-                    "description": "Resources",
+                    "description": "Explicit CPU and memory configuration for each nginx replica. When left empty, the preset defined in `resourcesPreset` is applied.",
                     "default": {}
                 },
                 "resourcesPreset": {
                     "type": "string",
-                    "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
                     "default": "nano",
                     "enum": [
                         "none",

packages/apps/http-cache/values.yaml

@@ -12,23 +12,23 @@ size: 10Gi
 storageClass: ""
 haproxy:
   replicas: 2
-  ## @param haproxy.resources 
+  ## @param haproxy.resources Explicit CPU and memory configuration for each HAProxy replica. When left empty, the preset defined in `resourcesPreset` is applied.
   resources: {}
   # resources:
   #   cpu: 4000m
   #   memory: 4Gi
-  
-  ## @param haproxy.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+
+  ## @param haproxy.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
   resourcesPreset: "nano"
 nginx:
   replicas: 2
-  ## @param nginx.resources Resources
+  ## @param nginx.resources Explicit CPU and memory configuration for each nginx replica. When left empty, the preset defined in `resourcesPreset` is applied.
   resources: {}
   # resources:
   #   cpu: 4000m
   #   memory: 4Gi
-  
-  ## @param nginx.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+
+  ## @param nginx.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
   resourcesPreset: "nano"
 
 ## @section Configuration parameters

packages/apps/kafka/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.1
+version: 0.8.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kafka/README.md

@@ -4,22 +4,67 @@
 
 ### Common parameters
 
-| Name                        | Description                                                                                                                                      | Value   |
-| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `external`                  | Enable external access from outside the cluster                                                                                                  | `false` |
-| `kafka.size`                | Persistent Volume size for Kafka                                                                                                                 | `10Gi`  |
-| `kafka.replicas`            | Number of Kafka replicas                                                                                                                         | `3`     |
-| `kafka.storageClass`        | StorageClass used to store the Kafka data                                                                                                        | `""`    |
-| `zookeeper.size`            | Persistent Volume size for ZooKeeper                                                                                                             | `5Gi`   |
-| `zookeeper.replicas`        | Number of ZooKeeper replicas                                                                                                                     | `3`     |
-| `zookeeper.storageClass`    | StorageClass used to store the ZooKeeper data                                                                                                    | `""`    |
-| `kafka.resources`           | Resources                                                                                                                                        | `{}`    |
-| `kafka.resourcesPreset`     | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `small` |
-| `zookeeper.resources`       | Resources                                                                                                                                        | `{}`    |
-| `zookeeper.resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `small` |
+| Name                        | Description                                                                                                                            | Value   |
+| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `external`                  | Enable external access from outside the cluster                                                                                        | `false` |
+| `kafka.size`                | Persistent Volume size for Kafka                                                                                                       | `10Gi`  |
+| `kafka.replicas`            | Number of Kafka replicas                                                                                                               | `3`     |
+| `kafka.storageClass`        | StorageClass used to store the Kafka data                                                                                              | `""`    |
+| `zookeeper.size`            | Persistent Volume size for ZooKeeper                                                                                                   | `5Gi`   |
+| `zookeeper.replicas`        | Number of ZooKeeper replicas                                                                                                           | `3`     |
+| `zookeeper.storageClass`    | StorageClass used to store the ZooKeeper data                                                                                          | `""`    |
+| `kafka.resources`           | Explicit CPU and memory configuration for each Kafka replica. When left empty, the preset defined in `resourcesPreset` is applied.     | `{}`    |
+| `kafka.resourcesPreset`     | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.      | `small` |
+| `zookeeper.resources`       | Explicit CPU and memory configuration for each Zookeeper replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
+| `zookeeper.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.      | `small` |
 
 ### Configuration parameters
 
 | Name     | Description          | Value |
 | -------- | -------------------- | ----- |
 | `topics` | Topics configuration | `[]`  |
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
+
+### topics
+
+```yaml
+topics:
+  - name: Results
+    partitions: 1
+    replicas: 3
+    config:
+      min.insync.replicas: 2
+  - name: Orders
+    config:
+      cleanup.policy: compact
+      segment.ms: 3600000
+      max.compaction.lag.ms: 5400000
+      min.insync.replicas: 2
+    partitions: 1
+    replicas: 3
+```

packages/apps/kafka/templates/kafka.yaml

@@ -8,11 +8,7 @@ metadata:
 spec:
   kafka:
     replicas: {{ .Values.kafka.replicas }}
-    {{- if .Values.kafka.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.kafka.resources $) | nindent 6 }}
-    {{- else if ne .Values.kafka.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.kafka.resourcesPreset $) | nindent 6 }}
-    {{- end }}
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.kafka.resourcesPreset .Values.kafka.resources $) | nindent 6 }}
     listeners:
       - name: plain
         port: 9092
@@ -70,11 +66,7 @@ spec:
           key: kafka-metrics-config.yml
   zookeeper:
     replicas: {{ .Values.zookeeper.replicas }}
-    {{- if .Values.zookeeper.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.zookeeper.resources $) | nindent 6 }}
-    {{- else if ne .Values.zookeeper.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.zookeeper.resourcesPreset $) | nindent 6 }}
-    {{- end }}
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.zookeeper.resourcesPreset .Values.zookeeper.resources $) | nindent 6 }}
     storage:
       type: persistent-claim
       {{- with .Values.zookeeper.size }}

packages/apps/kafka/values.schema.json

@@ -27,12 +27,12 @@
                 },
                 "resources": {
                     "type": "object",
-                    "description": "Resources",
+                    "description": "Explicit CPU and memory configuration for each Kafka replica. When left empty, the preset defined in `resourcesPreset` is applied.",
                     "default": {}
                 },
                 "resourcesPreset": {
                     "type": "string",
-                    "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
                     "default": "small",
                     "enum": [
                         "none",
@@ -67,12 +67,12 @@
                 },
                 "resources": {
                     "type": "object",
-                    "description": "Resources",
+                    "description": "Explicit CPU and memory configuration for each Zookeeper replica. When left empty, the preset defined in `resourcesPreset` is applied.",
                     "default": {}
                 },
                 "resourcesPreset": {
                     "type": "string",
-                    "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+                    "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
                     "default": "small",
                     "enum": [
                         "none",

packages/apps/kafka/values.yaml

@@ -14,26 +14,24 @@ kafka:
   size: 10Gi
   replicas: 3
   storageClass: ""
-  ## @param kafka.resources Resources
+  ## @param kafka.resources Explicit CPU and memory configuration for each Kafka replica. When left empty, the preset defined in `resourcesPreset` is applied.
   resources: {}
   # resources:
   #   cpu: 4000m
   #   memory: 4Gi
-  
-  ## @param kafka.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+  ## @param kafka.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
   resourcesPreset: "small"
 
 zookeeper:
   size: 5Gi
   replicas: 3
   storageClass: ""
-  ## @param zookeeper.resources Resources
+  ## @param zookeeper.resources Explicit CPU and memory configuration for each Zookeeper replica. When left empty, the preset defined in `resourcesPreset` is applied.
   resources: {}
   # resources:
   #   cpu: 4000m
   #   memory: 4Gi
-  
-  ## @param zookeeper.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+  ## @param zookeeper.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
   resourcesPreset: "small"
 
 ## @section Configuration parameters

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.25.0
+version: 0.25.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/Makefile

@@ -64,6 +64,8 @@ image-kubevirt-csi-driver:
 		--load=$(LOAD)
 	echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \
 		> images/kubevirt-csi-driver.tag
+	IMAGE=$$(cat images/kubevirt-csi-driver.tag) \
+		yq -i '.csiDriver.image = strenv(IMAGE)' ../../system/kubevirt-csi-node/values.yaml
 	rm -f images/kubevirt-csi-driver.json
 
 

packages/apps/kubernetes/README.md

@@ -107,55 +107,48 @@ See the reference for components utilized in this service:
 | `addons.monitoringAgents.enabled`             | Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage. | `false`   |
 | `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                                         | `{}`      |
 | `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                                         | `{}`      |
-| Name                                          | Description                                                                                                                                                                       | Value   |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `addons.certManager.enabled`                  | Enable cert-manager, which automatically creates and manages SSL/TLS certificates.                                                                                                | `false` |
-| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.gatewayAPI.enabled`                   | Enable the Gateway API                                                                                                                                                            | `false` |
-| `addons.ingressNginx.enabled`                 | Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).                                                                                       | `false` |
-| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.ingressNginx.hosts`                   | List of domain names that the parent cluster should route to this tenant cluster.                                                                                                 | `[]`    |
-| `addons.gpuOperator.enabled`                  | Enable the GPU-operator                                                                                                                                                           | `false` |
-| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.fluxcd.enabled`                       | Enable FluxCD                                                                                                                                                                     | `false` |
-| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.monitoringAgents.enabled`             | Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage. | `false` |
-| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.velero.enabled`                       | Enable velero for backup and restore k8s cluster.                                                                                                                                 | `false` |
-| `addons.velero.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`    |
+| `addons.velero.enabled`                       | Enable velero for backup and restore k8s cluster.                                                                                                                                 | `false`   |
+| `addons.velero.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`      |
 
 ### Kubernetes Control Plane Configuration
 
-| Name                                               | Description                                                                                                                                      | Value    |
-| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -------- |
-| `controlPlane.apiServer.resources`                 | Explicit CPU/memory resource requests and limits for the API server.                                                                             | `{}`     |
-| `controlPlane.apiServer.resourcesPreset`           | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `medium` |
-| `controlPlane.controllerManager.resources`         | Explicit CPU/memory resource requests and limits for the controller manager.                                                                     | `{}`     |
-| `controlPlane.controllerManager.resourcesPreset`   | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `micro`  |
-| `controlPlane.scheduler.resources`                 | Explicit CPU/memory resource requests and limits for the scheduler.                                                                              | `{}`     |
-| `controlPlane.scheduler.resourcesPreset`           | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `micro`  |
-| `controlPlane.konnectivity.server.resources`       | Explicit CPU/memory resource requests and limits for the Konnectivity.                                                                           | `{}`     |
-| `controlPlane.konnectivity.server.resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `micro`  |
+| Name                                               | Description                                                                                                                            | Value    |
+| -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| `controlPlane.apiServer.resources`                 | Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.         | `{}`     |
+| `controlPlane.apiServer.resourcesPreset`           | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.      | `medium` |
+| `controlPlane.controllerManager.resources`         | Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`     |
+| `controlPlane.controllerManager.resourcesPreset`   | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.      | `micro`  |
+| `controlPlane.scheduler.resources`                 | Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.          | `{}`     |
+| `controlPlane.scheduler.resourcesPreset`           | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.      | `micro`  |
+| `controlPlane.konnectivity.server.resources`       | Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.           | `{}`     |
+| `controlPlane.konnectivity.server.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.      | `micro`  |
 
-In production environments, it's recommended to set `resources` explicitly.
-Example of `controlPlane.*.resources`:
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
 
 ```yaml
 resources:
-  limits:
-    cpu: 4000m
-    memory: 4Gi
-  requests:
-    cpu: 100m
-    memory: 512Mi
+  cpu: 4000m
+  memory: 4Gi
 ```
 
-Allowed values for `controlPlane.*.resourcesPreset` are `none`, `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-This value is ignored if the corresponding `resources` value is set. 
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
 
-## Resources Reference
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
 
 ### instanceType Resources
 

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.24.2@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.25.1@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.24.2@sha256:b478952fab735f85c3ba15835012b1de8af5578b33a8a2670eaf532ffc17681e
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.25.1@sha256:412ed2b3c77249bd1b973e6dc9c87976d31863717fb66ba74ccda573af737eb1

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.24.2@sha256:598ab20550dbf495717e8e123e6b626bb36298f88dde851664301d393ac06ca3
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.25.1@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036

packages/apps/kubernetes/images/kubevirt-csi-driver/Dockerfile

@@ -3,7 +3,7 @@ ARG builder_image=docker.io/library/golang:1.22.5
 FROM ${builder_image} AS builder
 RUN git clone https://github.com/kubevirt/csi-driver /src/kubevirt-csi-driver \
  && cd /src/kubevirt-csi-driver \
- && git checkout 35836e0c8b68d9916d29a838ea60cdd3fc6199cf
+ && git checkout a8d6605bc9997bcfda3fb9f1f82ba6445b4984cc
 
 ARG TARGETOS
 ARG TARGETARCH
@@ -11,6 +11,7 @@ ENV GOOS=$TARGETOS
 ENV GOARCH=$TARGETARCH
 
 WORKDIR /src/kubevirt-csi-driver
+
 RUN make build
 
 FROM quay.io/centos/centos:stream9

packages/apps/kubernetes/templates/cluster.yaml

@@ -120,23 +120,11 @@ metadata:
     kamaji.clastix.io/kubeconfig-secret-key: "super-admin.svc"
 spec:
   apiServer:
-    {{- if .Values.controlPlane.apiServer.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.controlPlane.apiServer.resources $) | nindent 6 }}
-    {{- else if ne .Values.controlPlane.apiServer.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.controlPlane.apiServer.resourcesPreset $) | nindent 6 }}
-    {{- end }}
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.controlPlane.apiServer.resourcesPreset .Values.controlPlane.apiServer.resources $) | nindent 6 }}
   controllerManager:
-    {{- if .Values.controlPlane.controllerManager.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.controlPlane.controllerManager.resources $) | nindent 6 }}
-    {{- else if ne .Values.controlPlane.controllerManager.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.controlPlane.controllerManager.resourcesPreset $) | nindent 6 }}
-    {{- end }}
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.controlPlane.controllerManager.resourcesPreset .Values.controlPlane.controllerManager.resources $) | nindent 6 }}
   scheduler:
-    {{- if .Values.controlPlane.scheduler.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.controlPlane.scheduler.resources $) | nindent 6 }}
-    {{- else if ne .Values.controlPlane.scheduler.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.controlPlane.scheduler.resourcesPreset $) | nindent 6 }}
-    {{- end }}
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.controlPlane.scheduler.resourcesPreset .Values.controlPlane.scheduler.resources $) | nindent 6 }}
   dataStoreName: "{{ $etcd }}"
   addons:
     coreDNS:
@@ -145,11 +133,7 @@ spec:
     konnectivity:
       server:
         port: 8132
-        {{- if .Values.controlPlane.konnectivity.server.resources }}
-        resources: {{- include "cozy-lib.resources.sanitize" (list .Values.controlPlane.konnectivity.server.resources $) | nindent 10 }}
-        {{- else if ne .Values.controlPlane.konnectivity.server.resourcesPreset "none" }}
-        resources: {{- include "cozy-lib.resources.preset" (list .Values.controlPlane.konnectivity.server.resourcesPreset $) | nindent 10 }}
-        {{- end }}
+        resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.controlPlane.konnectivity.server.resourcesPreset .Values.controlPlane.konnectivity.server.resources $) | nindent 10 }}
   kubelet:
     cgroupfs: systemd
     preferredAddressTypes:

packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml

@@ -13,11 +13,17 @@ rules:
   resources: ["datavolumes"]
   verbs: ["get", "create", "delete"]
 - apiGroups: ["kubevirt.io"]
-  resources: ["virtualmachineinstances"]
+  resources: ["virtualmachineinstances", "virtualmachines"]
   verbs: ["list", "get"]
 - apiGroups: ["subresources.kubevirt.io"]
-  resources: ["virtualmachineinstances/addvolume", "virtualmachineinstances/removevolume"]
+  resources: ["virtualmachines/addvolume", "virtualmachines/removevolume"]
   verbs: ["update"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshots"]
+  verbs: ["get", "create", "delete"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

packages/apps/kubernetes/templates/helmreleases/delete.yaml

@@ -40,6 +40,7 @@ spec:
                 {{ .Release.Name }}-fluxcd-operator
                 {{ .Release.Name }}-fluxcd
                 {{ .Release.Name }}-gpu-operator
+                {{ .Release.Name }}-velero
                 -p '{"spec": {"suspend": true}}'
                 --type=merge --field-manager=flux-client-side-apply || true
 ---
@@ -79,6 +80,8 @@ rules:
       - {{ .Release.Name }}-fluxcd-operator
       - {{ .Release.Name }}-fluxcd
       - {{ .Release.Name }}-gpu-operator
+      - {{ .Release.Name }}-velero
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

packages/apps/kubernetes/values.schema.json

@@ -20,12 +20,12 @@
           "properties": {
             "resources": {
               "type": "object",
-              "description": "Explicit CPU/memory resource requests and limits for the API server.",
+              "description": "Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.",
               "default": {}
             },
             "resourcesPreset": {
               "type": "string",
-              "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+              "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
               "default": "medium",
               "enum": [
                 "none",
@@ -45,12 +45,12 @@
           "properties": {
             "resources": {
               "type": "object",
-              "description": "Explicit CPU/memory resource requests and limits for the controller manager.",
+              "description": "Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.",
               "default": {}
             },
             "resourcesPreset": {
               "type": "string",
-              "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+              "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
               "default": "micro",
               "enum": [
                 "none",
@@ -70,12 +70,12 @@
           "properties": {
             "resources": {
               "type": "object",
-              "description": "Explicit CPU/memory resource requests and limits for the scheduler.",
+              "description": "Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.",
               "default": {}
             },
             "resourcesPreset": {
               "type": "string",
-              "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+              "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
               "default": "micro",
               "enum": [
                 "none",
@@ -98,12 +98,12 @@
               "properties": {
                 "resources": {
                   "type": "object",
-                  "description": "Explicit CPU/memory resource requests and limits for the Konnectivity.",
+                  "description": "Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.",
                   "default": {}
                 },
                 "resourcesPreset": {
                   "type": "string",
-                  "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+                  "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
                   "default": "micro",
                   "enum": [
                     "none",

packages/apps/kubernetes/values.yaml

@@ -121,8 +121,8 @@ controlPlane:
   replicas: 2
 
   apiServer:
-    ## @param controlPlane.apiServer.resources Explicit CPU/memory resource requests and limits for the API server.
-    ## @param controlPlane.apiServer.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+    ## @param controlPlane.apiServer.resources Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.
+    ## @param controlPlane.apiServer.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
     ## e.g:
     ## resources:
     ##   cpu: 4000m
@@ -132,20 +132,20 @@ controlPlane:
     resources: {}
 
   controllerManager:
-    ## @param controlPlane.controllerManager.resources Explicit CPU/memory resource requests and limits for the controller manager.
-    ## @param controlPlane.controllerManager.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+    ## @param controlPlane.controllerManager.resources Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.
+    ## @param controlPlane.controllerManager.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
     resourcesPreset: "micro"
     resources: {}
 
   scheduler:
-    ## @param controlPlane.scheduler.resources Explicit CPU/memory resource requests and limits for the scheduler.
-    ## @param controlPlane.scheduler.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+    ## @param controlPlane.scheduler.resources Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.
+    ## @param controlPlane.scheduler.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
     resourcesPreset: "micro"
     resources: {}
 
   konnectivity:
     server:
-      ## @param controlPlane.konnectivity.server.resources Explicit CPU/memory resource requests and limits for the Konnectivity.
-      ## @param controlPlane.konnectivity.server.resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+      ## @param controlPlane.konnectivity.server.resources Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.
+      ## @param controlPlane.konnectivity.server.resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
       resourcesPreset: "micro"
       resources: {}

packages/apps/mysql/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.2
+version: 0.9.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/mysql/README.md

@@ -1,6 +1,7 @@
 ## Managed MariaDB Service
 
-The Managed MariaDB Service offers a powerful and widely used relational database solution. This service allows you to create and manage a replicated MariaDB cluster seamlessly.
+The Managed MariaDB Service offers a powerful and widely used relational database solution.
+This service allows you to create and manage a replicated MariaDB cluster seamlessly.
 
 ## Deployment Details
 
@@ -46,7 +47,7 @@ restic -r s3:s3.example.org/mariadb-backups/database_name restore latest --targe
 ```
 
 more details:
-- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
+- https://blog.aenix.io/restic-effective-backup-from-stdin-4bc1e8f083c1
 
 ### Known issues
 
@@ -83,16 +84,66 @@ more details:
 
 ### Backup parameters
 
-| Name                     | Description                                                                                                                                      | Value                                                  |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ |
-| `backup.enabled`         | Enable pereiodic backups                                                                                                                         | `false`                                                |
-| `backup.s3Region`        | The AWS S3 region where backups are stored                                                                                                       | `us-east-1`                                            |
-| `backup.s3Bucket`        | The S3 bucket used for storing backups                                                                                                           | `s3.example.org/postgres-backups`                      |
-| `backup.schedule`        | Cron schedule for automated backups                                                                                                              | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | The strategy for cleaning up old backups                                                                                                         | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | The access key for S3, used for authentication                                                                                                   | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
-| `backup.s3SecretKey`     | The secret key for S3, used for authentication                                                                                                   | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
-| `backup.resticPassword`  | The password for Restic backup encryption                                                                                                        | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
-| `resources`              | Resources                                                                                                                                        | `{}`                                                   |
-| `resourcesPreset`        | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`                                                 |
+| Name                     | Description                                                                                                                          | Value                                                  |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------ |
+| `backup.enabled`         | Enable periodic backups                                                                                                              | `false`                                                |
+| `backup.s3Region`        | The AWS S3 region where backups are stored                                                                                           | `us-east-1`                                            |
+| `backup.s3Bucket`        | The S3 bucket used for storing backups                                                                                               | `s3.example.org/postgres-backups`                      |
+| `backup.schedule`        | Cron schedule for automated backups                                                                                                  | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | The strategy for cleaning up old backups                                                                                             | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | The access key for S3, used for authentication                                                                                       | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
+| `backup.s3SecretKey`     | The secret key for S3, used for authentication                                                                                       | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
+| `backup.resticPassword`  | The password for Restic backup encryption                                                                                            | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+| `resources`              | Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`                                                   |
+| `resourcesPreset`        | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.    | `nano`                                                 |
 
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
+
+### users
+
+```yaml
+users:
+  user1:
+    maxUserConnections: 1000
+    password: hackme
+  user2:
+    maxUserConnections: 1000
+    password: hackme
+```
+
+
+### databases
+
+```yaml
+databases:
+  myapp1:
+    roles:
+      admin:
+      - user1
+      readonly:
+      - user2
+```

packages/apps/mysql/images/mariadb-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/mariadb-backup:0.8.1@sha256:cfd1c37d8ad24e10681d82d6e6ce8a641b4602c1b0ffa8516ae15b4958bb12d4
+ghcr.io/cozystack/cozystack/mariadb-backup:0.9.0@sha256:cfd1c37d8ad24e10681d82d6e6ce8a641b4602c1b0ffa8516ae15b4958bb12d4

packages/apps/mysql/templates/mariadb.yaml

@@ -80,8 +80,4 @@ spec:
   #secondaryService:
   #  type: LoadBalancer
 
-  {{- if .Values.resources }}
-  resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 4 }}
-  {{- else if ne .Values.resourcesPreset "none" }}
-  resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 4 }}
-  {{- end }}
+  resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 4 }}

packages/apps/mysql/values.schema.json

@@ -27,7 +27,7 @@
             "properties": {
                 "enabled": {
                     "type": "boolean",
-                    "description": "Enable pereiodic backups",
+                    "description": "Enable periodic backups",
                     "default": false
                 },
                 "s3Region": {
@@ -69,12 +69,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "nano",
             "enum": [
                 "none",

packages/apps/mysql/values.yaml

@@ -37,7 +37,7 @@ databases: {}
 
 ## @section Backup parameters
 
-## @param backup.enabled Enable pereiodic backups
+## @param backup.enabled Enable periodic backups
 ## @param backup.s3Region The AWS S3 region where backups are stored
 ## @param backup.s3Bucket The S3 bucket used for storing backups
 ## @param backup.schedule Cron schedule for automated backups
@@ -55,11 +55,11 @@ backup:
   s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
   resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
  
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/apps/nats/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.1
+version: 0.8.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/nats/README.md

@@ -1,18 +1,48 @@
 # Managed NATS Service
 
+NATS is an open-source, simple, secure, and high performance messaging system.
+It provides a data layer for cloud native applications, IoT messaging, and microservices architectures.
+
 ## Parameters
 
 ### Common parameters
 
-| Name                | Description                                                                                                                                      | Value   |
-| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `external`          | Enable external access from outside the cluster                                                                                                  | `false` |
-| `replicas`          | Persistent Volume size for NATS                                                                                                                  | `2`     |
-| `storageClass`      | StorageClass used to store the data                                                                                                              | `""`    |
-| `users`             | Users configuration                                                                                                                              | `{}`    |
-| `jetstream.size`    | Jetstream persistent storage size                                                                                                                | `10Gi`  |
-| `jetstream.enabled` | Enable or disable Jetstream                                                                                                                      | `true`  |
-| `config.merge`      | Additional configuration to merge into NATS config                                                                                               | `{}`    |
-| `config.resolver`   | Additional configuration to merge into NATS config                                                                                               | `{}`    |
-| `resources`         | Resources                                                                                                                                        | `{}`    |
-| `resourcesPreset`   | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`  |
+| Name                | Description                                                                                                                       | Value   |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `external`          | Enable external access from outside the cluster                                                                                   | `false` |
+| `replicas`          | Persistent Volume size for NATS                                                                                                   | `2`     |
+| `storageClass`      | StorageClass used to store the data                                                                                               | `""`    |
+| `users`             | Users configuration                                                                                                               | `{}`    |
+| `jetstream.size`    | Jetstream persistent storage size                                                                                                 | `10Gi`  |
+| `jetstream.enabled` | Enable or disable Jetstream                                                                                                       | `true`  |
+| `config.merge`      | Additional configuration to merge into NATS config                                                                                | `{}`    |
+| `config.resolver`   | Additional configuration to merge into NATS config                                                                                | `{}`    |
+| `resources`         | Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
+| `resourcesPreset`   | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge. | `nano`  |
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
+

packages/apps/nats/templates/nats.yaml

@@ -46,11 +46,7 @@ spec:
             containers:
               - name: nats
                 image: nats:2.10.17-alpine
-                {{- if .Values.resources }}
-                resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 22 }}
-                {{- else if ne .Values.resourcesPreset "none" }}
-                resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 22 }}
-                {{- end }}
+                resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 22 }}
       fullnameOverride: {{ .Release.Name }}
       config:
         cluster:

packages/apps/nats/values.schema.json

@@ -49,12 +49,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "nano",
             "enum": [
                 "none",

packages/apps/nats/values.yaml

@@ -62,11 +62,11 @@ config:
   ## Example see: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/values.yaml#L247
   resolver: {}
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
  
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/apps/postgres/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.15.1
+version: 0.17.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/postgres/README.md

@@ -1,6 +1,8 @@
 # Managed PostgreSQL Service
 
-PostgreSQL is currently the leading choice among relational databases, known for its robust features and performance. Our Managed PostgreSQL Service takes advantage of platform-side implementation to provide a self-healing replicated cluster. This cluster is efficiently managed using the highly acclaimed CloudNativePG operator, which has gained popularity within the community.
+PostgreSQL is currently the leading choice among relational databases, known for its robust features and performance.
+The Managed PostgreSQL Service takes advantage of platform-side implementation to provide a self-healing replicated cluster.
+This cluster is efficiently managed using the highly acclaimed CloudNativePG operator, which has gained popularity within the community.
 
 ## Deployment Details
 
@@ -9,32 +11,57 @@ This managed service is controlled by the CloudNativePG operator, ensuring effic
 - Docs: <https://cloudnative-pg.io/docs/>
 - Github: <https://github.com/cloudnative-pg/cloudnative-pg>
 
-## HowTos
+## Operations
 
-### How to switch master/slave replica
+### How to enable backups
+
+To back up a PostgreSQL application, an external S3-compatible storage is required.
+
+To start regular backups, update the application, setting `backup.enabled` to `true`, and fill in the path and credentials to an  `backup.*`:
+
+```yaml
+## @param backup.enabled Enable regular backups
+## @param backup.schedule Cron schedule for automated backups
+## @param backup.retentionPolicy Retention policy
+## @param backup.destinationPath Path to store the backup (i.e. s3://bucket/path/to/folder)
+## @param backup.endpointURL S3 Endpoint used to upload data to the cloud
+## @param backup.s3AccessKey Access key for S3, used for authentication
+## @param backup.s3SecretKey Secret key for S3, used for authentication
+backup:
+  enabled: false
+  retentionPolicy: 30d
+  destinationPath: s3://bucket/path/to/folder/
+  endpointURL: http://minio-gateway-service:9000
+  schedule: "0 2 * * * *"
+  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
+  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
+```
+
+### How to recover a backup
+
+CloudNativePG supports point-in-time-recovery.
+Recovering a backup is done by creating a new database instance and restoring the data in it.
+
+Create a new PostgreSQL application with a different name, but identical configuration.
+Set `bootstrap.enabled` to `true` and fill in the name of the database instance to recover from and the recovery time:
+
+```yaml
+## @param bootstrap.enabled Restore database cluster from a backup
+## @param bootstrap.recoveryTime Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
+## @param bootstrap.oldName Name of database cluster before deleting
+##
+bootstrap:
+  enabled: false
+  recoveryTime: ""  # leave empty for latest or exact timestamp; example: 2020-11-26 15:22:00.00000+00
+  oldName: "<previous-postgres-instance>"
+```
+
+### How to switch primary/secondary replica
 
 See:
 
 - <https://cloudnative-pg.io/documentation/1.15/rolling_update/#manual-updates-supervised>
 
-### How to restore backup
-
-find snapshot:
-
-```bash
-restic -r s3:s3.example.org/postgres-backups/database_name snapshots
-```
-
-restore:
-
-```bash
-restic -r s3:s3.example.org/postgres-backups/database_name restore latest --target /tmp/
-```
-
-more details:
-
-- <https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1>
-
 ## Parameters
 
 ### Common parameters
@@ -58,22 +85,82 @@ more details:
 
 ### Backup parameters
 
-| Name                     | Description                                                          | Value                               |
-| ------------------------ | -------------------------------------------------------------------- | ----------------------------------- |
-| `backup.enabled`         | Enable pereiodic backups                                             | `false`                             |
-| `backup.schedule`        | Cron schedule for automated backups                                  | `0 2 * * * *`                       |
-| `backup.retentionPolicy` | The retention policy                                                 | `30d`                               |
-| `backup.destinationPath` | The path where to store the backup (i.e. s3://bucket/path/to/folder) | `s3://BUCKET_NAME/`                 |
-| `backup.endpointURL`     | Endpoint to be used to upload data to the cloud                      | `http://minio-gateway-service:9000` |
-| `backup.s3AccessKey`     | The access key for S3, used for authentication                       | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`  |
-| `backup.s3SecretKey`     | The secret key for S3, used for authentication                       | `ju3eum4dekeich9ahM1te8waeGai0oog`  |
+| Name                     | Description                                                | Value                               |
+| ------------------------ | ---------------------------------------------------------- | ----------------------------------- |
+| `backup.enabled`         | Enable regular backups                                     | `false`                             |
+| `backup.schedule`        | Cron schedule for automated backups                        | `0 2 * * * *`                       |
+| `backup.retentionPolicy` | Retention policy                                           | `30d`                               |
+| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `s3://bucket/path/to/folder/`       |
+| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `http://minio-gateway-service:9000` |
+| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`  |
+| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `ju3eum4dekeich9ahM1te8waeGai0oog`  |
 
 ### Bootstrap parameters
 
-| Name                     | Description                                                                                                                                      | Value   |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `bootstrap.enabled`      | Restore cluster from backup                                                                                                                      | `false` |
-| `bootstrap.recoveryTime` | Time stamp up to which recovery will proceed, expressed in RFC 3339 format, if empty, will restore latest                                        | `""`    |
-| `bootstrap.oldName`      | Name of cluster before deleting                                                                                                                  | `""`    |
-| `resources`              | Resources                                                                                                                                        | `{}`    |
-| `resourcesPreset`        | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `micro` |
+| Name                     | Description                                                                                                                             | Value   |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `bootstrap.enabled`      | Restore database cluster from a backup                                                                                                  | `false` |
+| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest                    | `""`    |
+| `bootstrap.oldName`      | Name of database cluster before deleting                                                                                                | `""`    |
+| `resources`              | Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
+| `resourcesPreset`        | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.       | `micro` |
+
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
+
+### users
+
+```yaml
+users:
+  user1:
+    password: strongpassword
+  user2:
+    password: hackme
+  airflow:
+    password: qwerty123
+  debezium:
+    replication: true
+```
+
+### databases
+
+```yaml
+databases:          
+  myapp:            
+    roles:          
+      admin:        
+      - user1       
+      - debezium    
+      readonly:     
+      - user2       
+  airflow:          
+    roles:          
+      admin:        
+      - airflow     
+    extensions:     
+    - hstore        
+```

packages/apps/postgres/templates/db.yaml

@@ -42,11 +42,7 @@ spec:
             key: AWS_SECRET_ACCESS_KEY
   {{- end }}
 
-  {{- if .Values.resources }}
-  resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 4 }}
-  {{- else if ne .Values.resourcesPreset "none" }}
-  resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 4 }}
-  {{- end }}
+  resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 4 }}
 
   enableSuperuserAccess: true
   {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}

packages/apps/postgres/templates/init-script.yaml

@@ -38,7 +38,7 @@ stringData:
     until pg_isready ; do sleep 5; done
 
     echo "== create users"
-    {{- if .Values.users }}
+    {{- if and .Values.users (not (hasKey .Values.users "postgres")) }}
     psql -v ON_ERROR_STOP=1 <<\EOT
     {{- range $user, $u := .Values.users }}
     SELECT 'CREATE ROLE "{{ $user }}" LOGIN INHERIT;'
@@ -47,6 +47,8 @@ stringData:
     COMMENT ON ROLE "{{ $user }}" IS 'user managed by helm';
     {{- end }}
     EOT
+    {{- else if and .Values.users (hasKey .Values.users "postgres") }}
+    {{- fail "`users.postgres` is forbidden by policy. Use a different username." }}
     {{- end }}
 
     echo "== delete users"

packages/apps/postgres/values.schema.json

@@ -62,7 +62,7 @@
             "properties": {
                 "enabled": {
                     "type": "boolean",
-                    "description": "Enable pereiodic backups",
+                    "description": "Enable regular backups",
                     "default": false
                 },
                 "schedule": {
@@ -72,27 +72,27 @@
                 },
                 "retentionPolicy": {
                     "type": "string",
-                    "description": "The retention policy",
+                    "description": "Retention policy",
                     "default": "30d"
                 },
                 "destinationPath": {
                     "type": "string",
-                    "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)",
-                    "default": "s3://BUCKET_NAME/"
+                    "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
+                    "default": "s3://bucket/path/to/folder/"
                 },
                 "endpointURL": {
                     "type": "string",
-                    "description": "Endpoint to be used to upload data to the cloud",
+                    "description": "S3 Endpoint used to upload data to the cloud",
                     "default": "http://minio-gateway-service:9000"
                 },
                 "s3AccessKey": {
                     "type": "string",
-                    "description": "The access key for S3, used for authentication",
+                    "description": "Access key for S3, used for authentication",
                     "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
                 },
                 "s3SecretKey": {
                     "type": "string",
-                    "description": "The secret key for S3, used for authentication",
+                    "description": "Secret key for S3, used for authentication",
                     "default": "ju3eum4dekeich9ahM1te8waeGai0oog"
                 }
             }
@@ -102,29 +102,29 @@
             "properties": {
                 "enabled": {
                     "type": "boolean",
-                    "description": "Restore cluster from backup",
+                    "description": "Restore database cluster from a backup",
                     "default": false
                 },
                 "recoveryTime": {
                     "type": "string",
-                    "description": "Time stamp up to which recovery will proceed, expressed in RFC 3339 format, if empty, will restore latest",
+                    "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest",
                     "default": ""
                 },
                 "oldName": {
                     "type": "string",
-                    "description": "Name of cluster before deleting",
+                    "description": "Name of database cluster before deleting",
                     "default": ""
                 }
             }
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "micro",
             "enum": [
                 "none",

packages/apps/postgres/values.yaml

@@ -59,17 +59,17 @@ databases: {}
 
 ## @section Backup parameters
 
-## @param backup.enabled Enable pereiodic backups
+## @param backup.enabled Enable regular backups
 ## @param backup.schedule Cron schedule for automated backups
-## @param backup.retentionPolicy The retention policy
-## @param backup.destinationPath The path where to store the backup (i.e. s3://bucket/path/to/folder)
-## @param backup.endpointURL Endpoint to be used to upload data to the cloud
-## @param backup.s3AccessKey The access key for S3, used for authentication
-## @param backup.s3SecretKey The secret key for S3, used for authentication
+## @param backup.retentionPolicy Retention policy
+## @param backup.destinationPath Path to store the backup (i.e. s3://bucket/path/to/folder)
+## @param backup.endpointURL S3 Endpoint used to upload data to the cloud
+## @param backup.s3AccessKey Access key for S3, used for authentication
+## @param backup.s3SecretKey Secret key for S3, used for authentication
 backup:
   enabled: false
   retentionPolicy: 30d
-  destinationPath: s3://BUCKET_NAME/
+  destinationPath: s3://bucket/path/to/folder/
   endpointURL: http://minio-gateway-service:9000
   schedule: "0 2 * * * *"
   s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
@@ -77,9 +77,9 @@ backup:
 
 ## @section Bootstrap parameters
 
-## @param bootstrap.enabled Restore cluster from backup
-## @param bootstrap.recoveryTime Time stamp up to which recovery will proceed, expressed in RFC 3339 format, if empty, will restore latest
-## @param bootstrap.oldName Name of cluster before deleting
+## @param bootstrap.enabled Restore database cluster from a backup
+## @param bootstrap.recoveryTime Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
+## @param bootstrap.oldName Name of database cluster before deleting
 ##
 bootstrap:
   enabled: false
@@ -87,11 +87,11 @@ bootstrap:
   recoveryTime: ""
   oldName: ""
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
  
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "micro"

packages/apps/rabbitmq/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.1
+version: 0.8.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/rabbitmq/README.md

@@ -22,9 +22,36 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an
 
 ### Configuration parameters
 
-| Name              | Description                                                                                                                                      | Value  |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------ |
-| `users`           | Users configuration                                                                                                                              | `{}`   |
-| `vhosts`          | Virtual Hosts configuration                                                                                                                      | `{}`   |
-| `resources`       | Resources                                                                                                                                        | `{}`   |
-| `resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano` |
+| Name              | Description                                                                                                                           | Value  |
+| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------ |
+| `users`           | Users configuration                                                                                                                   | `{}`   |
+| `vhosts`          | Virtual Hosts configuration                                                                                                           | `{}`   |
+| `resources`       | Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`   |
+| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.     | `nano` |
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `100m` | `128Mi` |
+| `micro`     | `250m` | `256Mi` |
+| `small`     | `500m` | `512Mi` |
+| `medium`    | `500m` | `1Gi`   |
+| `large`     | `1`    | `2Gi`   |
+| `xlarge`    | `2`    | `4Gi`   |
+| `2xlarge`   | `4`    | `8Gi`   |
+

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -11,11 +11,7 @@ spec:
   service:
     type: LoadBalancer
   {{- end }}
-  {{- if .Values.resources }}
-  resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 4 }}
-  {{- else if ne .Values.resourcesPreset "none" }}
-  resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 4 }}
-  {{- end }}
+  resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 4 }}
   override:
     statefulSet:
       spec:

packages/apps/rabbitmq/values.schema.json

@@ -29,12 +29,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "nano",
             "enum": [
                 "none",

packages/apps/rabbitmq/values.yaml

@@ -40,11 +40,11 @@ users: {}
 ##       - user3
 vhosts: {}
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each RabbitMQ replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
  
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/apps/redis/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.1
+version: 0.9.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/redis/README.md

@@ -13,14 +13,38 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche
 
 ### Common parameters
 
-| Name              | Description                                                                                                                                      | Value   |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `external`        | Enable external access from outside the cluster                                                                                                  | `false` |
-| `size`            | Persistent Volume size                                                                                                                           | `1Gi`   |
-| `replicas`        | Number of Redis replicas                                                                                                                         | `2`     |
-| `storageClass`    | StorageClass used to store the data                                                                                                              | `""`    |
-| `authEnabled`     | Enable password generation                                                                                                                       | `true`  |
-| `resources`       | Resources                                                                                                                                        | `{}`    |
-| `resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`  |
+| Name              | Description                                                                                                                        | Value   |
+| ----------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `external`        | Enable external access from outside the cluster                                                                                    | `false` |
+| `size`            | Persistent Volume size                                                                                                             | `1Gi`   |
+| `replicas`        | Number of Redis replicas                                                                                                           | `2`     |
+| `storageClass`    | StorageClass used to store the data                                                                                                | `""`    |
+| `authEnabled`     | Enable password generation                                                                                                         | `true`  |
+| `resources`       | Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
+| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.  | `nano`  |
 
+## Parameter examples and reference
 
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |

packages/apps/redis/templates/redisfailover.yaml

@@ -25,18 +25,10 @@ metadata:
 spec:
   sentinel:
     replicas: 3
-    {{- if .Values.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 6 }}
-    {{- else if ne .Values.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 6 }}
-    {{- end }}
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 6 }}
   redis:
+    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 6 }}
     replicas: {{ .Values.replicas }}
-    {{- if .Values.resources }}
-    resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 6 }}
-    {{- else if ne .Values.resourcesPreset "none" }}
-    resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 6 }}
-    {{- end }}
     {{- with .Values.size }}
     storage:
       persistentVolumeClaim:

packages/apps/redis/values.schema.json

@@ -29,12 +29,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "nano",
             "enum": [
                 "none",

packages/apps/redis/values.yaml

@@ -12,11 +12,11 @@ replicas: 2
 storageClass: ""
 authEnabled: true
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each Redis replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
  # resources:
  #   cpu: 4000m
  #   memory: 4Gi
  
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/apps/tcp-balancer/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.2
+version: 0.5.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/tcp-balancer/README.md

@@ -19,13 +19,39 @@ Managed TCP Load Balancer Service efficiently utilizes HAProxy for load balancin
 
 ### Configuration parameters
 
-| Name                             | Description                                                                                                                                      | Value   |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
-| `httpAndHttps.mode`              | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`                                                                                    | `tcp`   |
-| `httpAndHttps.targetPorts.http`  | HTTP port number.                                                                                                                                | `80`    |
-| `httpAndHttps.targetPorts.https` | HTTPS port number.                                                                                                                               | `443`   |
-| `httpAndHttps.endpoints`         | Endpoint addresses list                                                                                                                          | `[]`    |
-| `whitelistHTTP`                  | Secure HTTP by enabling  client networks whitelisting                                                                                            | `false` |
-| `whitelist`                      | List of client networks                                                                                                                          | `[]`    |
-| `resources`                      | Resources                                                                                                                                        | `{}`    |
-| `resourcesPreset`                | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano`  |
+| Name                             | Description                                                                                                                               | Value   |
+| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `httpAndHttps.mode`              | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`                                                                             | `tcp`   |
+| `httpAndHttps.targetPorts.http`  | HTTP port number.                                                                                                                         | `80`    |
+| `httpAndHttps.targetPorts.https` | HTTPS port number.                                                                                                                        | `443`   |
+| `httpAndHttps.endpoints`         | Endpoint addresses list                                                                                                                   | `[]`    |
+| `whitelistHTTP`                  | Secure HTTP by enabling  client networks whitelisting                                                                                     | `false` |
+| `whitelist`                      | List of client networks                                                                                                                   | `[]`    |
+| `resources`                      | Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`    |
+| `resourcesPreset`                | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.         | `nano`  |
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |

packages/apps/tcp-balancer/templates/deployment.yaml

@@ -34,11 +34,7 @@ spec:
       containers:
       - image: haproxy:latest
         name: haproxy
-        {{- if .Values.resources }}
-        resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 10 }}
-        {{- else if ne .Values.resourcesPreset "none" }}
-        resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 10 }}
-        {{- end }}
+        resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 10 }}
         ports:
         {{- with .Values.httpAndHttps }}
         - containerPort: 8080

packages/apps/tcp-balancer/values.schema.json

@@ -60,12 +60,12 @@
     },
     "resources": {
       "type": "object",
-      "description": "Resources",
+      "description": "Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied.",
       "default": {}
     },
     "resourcesPreset": {
       "type": "string",
-      "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+      "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
       "default": "nano",
       "enum": [
         "none",

packages/apps/tcp-balancer/values.yaml

@@ -44,11 +44,11 @@ httpAndHttps:
 whitelistHTTP: false
 whitelist: []
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each TCP Balancer replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
 # resources:
 #   cpu: 4000m
 #   memory: 4Gi
 
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/apps/tenant/Chart.yaml

@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg
 
 type: application
-version: 1.10.0
+version: 1.11.0

packages/apps/tenant/templates/quota.yaml

@@ -6,5 +6,5 @@ metadata:
   namespace: {{ include "tenant.name" . }}
 spec:
   hard:
-    {{- toYaml .Values.resourceQuotas | nindent 4 }}
+    {{- include "cozy-lib.resources.flatten" (list .Values.resourceQuotas $) | nindent 6 }}
 {{- end }}

packages/apps/tenant/values.yaml

@@ -15,9 +15,7 @@ seaweedfs: false
 isolated: true
 resourceQuotas: {}
 # resourceQuotas:
-#   requests.cpu: "1"
-#   requests.memory: "1Gi"
-#   limits.cpu: "2"
-#   limits.memory: "2Gi"
-#   requests.nvidia.com/gpu: 4
-#   requests.storage: 100Gi
+#   cpu: "1"
+#   memory: "1Gi"
+#   nvidia.com/gpu: 4
+#   storage: 100Gi

packages/apps/versions_map

@@ -13,7 +13,8 @@ clickhouse 0.7.0 93bdf411
 clickhouse 0.9.0 6130f43d
 clickhouse 0.9.2 632224a3
 clickhouse 0.10.0 6358fd7a
-clickhouse 0.10.1 HEAD
+clickhouse 0.10.1 4369b031
+clickhouse 0.11.0 HEAD
 ferretdb 0.1.0 e9716091
 ferretdb 0.1.1 91b0499a
 ferretdb 0.2.0 6c5cf5bf
@@ -25,7 +26,8 @@ ferretdb 0.5.0 93bdf411
 ferretdb 0.6.0 6130f43d
 ferretdb 0.6.1 632224a3
 ferretdb 0.7.0 62cb694d
-ferretdb 0.7.1 HEAD
+ferretdb 0.7.1 4369b031
+ferretdb 0.8.0 HEAD
 http-cache 0.1.0 263e47be
 http-cache 0.2.0 53f2365e
 http-cache 0.3.0 6c5cf5bf
@@ -33,7 +35,8 @@ http-cache 0.3.1 0f312d5c
 http-cache 0.4.0 93bdf411
 http-cache 0.5.0 6130f43d
 http-cache 0.5.1 62cb694d
-http-cache 0.5.2 HEAD
+http-cache 0.5.2 4369b031
+http-cache 0.6.0 HEAD
 kafka 0.1.0 f7eaab0a
 kafka 0.2.0 c0685f43
 kafka 0.2.1 dfbc210b
@@ -48,9 +51,12 @@ kafka 0.5.0 93bdf411
 kafka 0.6.0 6130f43d
 kafka 0.6.1 632224a3
 kafka 0.7.0 6358fd7a
-kafka 0.7.1 HEAD
+kafka 0.7.1 4369b031
+kafka 0.8.0 HEAD
 kubernetes 0.24.0 62cb694d
-kubernetes 0.25.0 HEAD
+kubernetes 0.25.0 70f82667
+kubernetes 0.25.1 acd4663a
+kubernetes 0.25.2 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
@@ -64,7 +70,7 @@ mysql 0.7.0 6130f43d
 mysql 0.7.1 632224a3
 mysql 0.8.0 62cb694d
 mysql 0.8.1 4369b031
-mysql 0.8.2 HEAD
+mysql 0.9.0 HEAD
 nats 0.1.0 e9716091
 nats 0.2.0 6c5cf5bf
 nats 0.3.0 78366f19
@@ -75,7 +81,8 @@ nats 0.5.0 93bdf411
 nats 0.6.0 6130f43d
 nats 0.6.1 632224a3
 nats 0.7.0 62cb694d
-nats 0.7.1 HEAD
+nats 0.7.1 4369b031
+nats 0.8.0 HEAD
 postgres 0.1.0 263e47be
 postgres 0.2.0 53f2365e
 postgres 0.2.1 d7cfa53c
@@ -95,7 +102,10 @@ postgres 0.11.0 f9f8bb2f
 postgres 0.12.0 6130f43d
 postgres 0.12.1 632224a3
 postgres 0.14.0 62cb694d
-postgres 0.15.1 HEAD
+postgres 0.15.1 4369b031
+postgres 0.16.0 70f82667
+postgres 0.17.0 acd4663a
+postgres 0.17.1 HEAD
 rabbitmq 0.1.0 263e47be
 rabbitmq 0.2.0 53f2365e
 rabbitmq 0.3.0 6c5cf5bf
@@ -107,7 +117,8 @@ rabbitmq 0.4.4 8267072d
 rabbitmq 0.5.0 93bdf411
 rabbitmq 0.6.0 632224a3
 rabbitmq 0.7.0 62cb694d
-rabbitmq 0.7.1 HEAD
+rabbitmq 0.7.1 4369b031
+rabbitmq 0.8.0 HEAD
 redis 0.1.1 263e47be
 redis 0.2.0 53f2365e
 redis 0.3.0 6c5cf5bf
@@ -118,14 +129,17 @@ redis 0.6.0 93bdf411
 redis 0.7.0 6130f43d
 redis 0.7.1 632224a3
 redis 0.8.0 62cb694d
-redis 0.8.1 HEAD
+redis 0.8.1 4369b031
+redis 0.9.0 HEAD
 tcp-balancer 0.1.0 263e47be
 tcp-balancer 0.2.0 53f2365e
 tcp-balancer 0.3.0 93bdf411
 tcp-balancer 0.4.0 6130f43d
 tcp-balancer 0.4.1 62cb694d
-tcp-balancer 0.4.2 HEAD
-tenant 1.10.0 HEAD
+tcp-balancer 0.4.2 4369b031
+tcp-balancer 0.5.0 HEAD
+tenant 1.10.0 4369b031
+tenant 1.11.0 HEAD
 virtual-machine 0.1.4 f2015d65
 virtual-machine 0.1.5 263e47be
 virtual-machine 0.2.0 c0685f43
@@ -142,11 +156,14 @@ virtual-machine 0.9.0 721c12a7
 virtual-machine 0.9.1 93bdf411
 virtual-machine 0.10.0 6130f43d
 virtual-machine 0.10.2 632224a3
-virtual-machine 0.11.0 HEAD
+virtual-machine 0.11.0 4369b031
+virtual-machine 0.12.0 70f82667
+virtual-machine 0.12.1 HEAD
 vm-disk 0.1.0 d971f2ff
 vm-disk 0.1.1 6130f43d
 vm-disk 0.1.2 632224a3
-vm-disk 0.2.0 HEAD
+vm-disk 0.2.0 4369b031
+vm-disk 0.3.0 HEAD
 vm-instance 0.1.0 1ec10165
 vm-instance 0.2.0 84f3ccc0
 vm-instance 0.3.0 4e68e65c
@@ -157,7 +174,9 @@ vm-instance 0.5.1 de19450f
 vm-instance 0.6.0 721c12a7
 vm-instance 0.7.0 6130f43d
 vm-instance 0.7.2 632224a3
-vm-instance 0.8.0 HEAD
+vm-instance 0.8.0 4369b031
+vm-instance 0.9.0 70f82667
+vm-instance 0.10.0 HEAD
 vpn 0.1.0 263e47be
 vpn 0.2.0 53f2365e
 vpn 0.3.0 6c5cf5bf
@@ -166,4 +185,5 @@ vpn 0.4.0 93bdf411
 vpn 0.5.0 6130f43d
 vpn 0.5.1 632224a3
 vpn 0.6.1 62cb694d
-vpn 0.6.2 HEAD
+vpn 0.6.2 4369b031
+vpn 0.7.0 HEAD

packages/apps/virtual-machine/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.11.0
+version: 0.12.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.11.0
+appVersion: 0.12.0

packages/apps/virtual-machine/README.md

@@ -50,6 +50,7 @@ virtctl ssh <user>@<vm>
 | `gpus`                    | List of GPUs to attach                                                                                     | `[]`         |
 | `resources.cpu`           | The number of CPU cores allocated to the virtual machine                                                   | `""`         |
 | `resources.memory`        | The amount of memory allocated to the virtual machine                                                      | `""`         |
+| `resources.sockets`       | The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)                  | `""`         |
 | `sshKeys`                 | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`         |
 | `cloudInit`               | cloud-init user data config. See cloud-init documentation for more details.                                | `""`         |
 | `cloudInitSeed`           | A seed string to generate an SMBIOS UUID for the VM.                                                       | `""`         |

packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml

@@ -3,6 +3,13 @@ kind: Role
 metadata:
   name: {{ .Release.Name }}-dashboard-resources
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ include "virtual-machine.fullname" . }}
+  verbs: ["get", "list", "watch"]
 - apiGroups:
   - cozystack.io
   resources:

packages/apps/virtual-machine/templates/secret.yaml

@@ -9,7 +9,7 @@ stringData:
   key{{ $k }}: {{ quote $v }} 
   {{- end }}
 {{- end }}
-{{- if .Values.cloudInit }}
+{{- if or .Values.cloudInit .Values.sshKeys }}
 ---
 apiVersion: v1
 kind: Secret
@@ -17,5 +17,17 @@ metadata:
   name: {{ include "virtual-machine.fullname" . }}-cloud-init
 stringData:
   userdata: |
-    {{- .Values.cloudInit | nindent 4 }}
+    {{- if .Values.cloudInit }}
+    {{-   .Values.cloudInit | nindent 4 }}
+    {{- else if and (.Values.sshKeys) (not .Values.cloudInit) }}
+    {{- /*
+      We usually provide ssh keys in cloud-init metadata, because userdata it not typed and can be used for any purpose.
+      However, if user provides ssh keys but not cloud-init, we still need to provide a minimal cloud-init config to avoid errors.
+    */}}
+    #cloud-config
+    ssh_authorized_keys:
+      {{- range .Values.sshKeys }}
+      - {{ quote . }} 
+      {{- end }}
+    {{- end }}
 {{- end }}

packages/apps/virtual-machine/templates/vm.yaml

@@ -39,6 +39,12 @@ spec:
         storageClassName: {{ . }}
         {{- end }}
       source:
+        {{- $dv := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" "cozy-public" (printf "vm-image-%s" .Values.systemDisk.image) }}
+        {{- if $dv }}
+        pvc:
+          name: vm-image-{{ .Values.systemDisk.image }}
+          namespace: cozy-public
+        {{- else }}
         http:
           {{- if eq .Values.systemDisk.image "cirros" }}
           url: https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
@@ -51,6 +57,7 @@ spec:
           {{- else if eq .Values.systemDisk.image "talos" }}
           url: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
           {{- end }}
+        {{- end }}
 
   template:
     metadata:
@@ -60,9 +67,10 @@ spec:
         {{- include "virtual-machine.labels" . | nindent 8 }}
     spec:
       domain:
-        {{- if and .Values.resources .Values.resources.cpu }}
+        {{- if and .Values.resources .Values.resources.cpu .Values.resources.sockets }}
         cpu:
           cores: {{ .Values.resources.cpu }}
+          sockets: {{ .Values.resources.sockets }}
         {{- end }}
         {{- if and .Values.resources .Values.resources.memory }}
         resources:
@@ -84,7 +92,7 @@ spec:
           - disk:
               bus: scsi
             name: systemdisk
-          {{- if .Values.sshKeys }}
+          {{- if or .Values.cloudInit .Values.sshKeys }}
           - disk:
               bus: virtio
             name: cloudinitdisk
@@ -114,28 +122,11 @@ spec:
         - name: systemdisk
           dataVolume:
             name: {{ include "virtual-machine.fullname" . }}
-
-        {{- if and .Values.sshKeys .Values.cloudInit }}
+        {{- if or .Values.cloudInit .Values.sshKeys }}
         - name: cloudinitdisk
           cloudInitNoCloud:
             secretRef:
               name: {{ include "virtual-machine.fullname" . }}-cloud-init
-        {{- else if .Values.sshKeys }}
-        - name: cloudinitdisk
-          cloudInitNoCloud:
-            userData: |
-              {{ printf "%s" "#cloud-config" }}
-              ssh_authorized_keys:
-                {{- range .Values.sshKeys }}
-                - {{ . }}
-                {{- end }}
-              chpasswd:
-                expire: false
-        {{- else }}
-        - name: cloudinitdisk
-          cloudInitNoCloud:
-            userData: |
-              {{ printf "%s" "#cloud-config" }}
         {{- end }}
 
       networks:

packages/apps/virtual-machine/values.schema.json

@@ -184,6 +184,11 @@
           "type": "string",
           "description": "The amount of memory allocated to the virtual machine",
           "default": ""
+        },
+        "sockets": {
+          "type": "string",
+          "description": "The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)",
+          "default": ""
         }
       }
     },

packages/apps/virtual-machine/values.yaml

@@ -34,9 +34,11 @@ gpus: []
 
 ## @param resources.cpu The number of CPU cores allocated to the virtual machine
 ## @param resources.memory The amount of memory allocated to the virtual machine
+## @param resources.sockets The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)
 resources:
   cpu: ""
   memory: ""
+  sockets: ""
 
 ## @param sshKeys [array] List of SSH public keys for authentication. Can be a single key or a list of keys.
 ## Example:

packages/apps/vm-disk/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.2.0
+appVersion: 0.3.0

packages/apps/vm-disk/templates/dv.yaml

@@ -20,7 +20,12 @@ spec:
     {{- fail "Exactly one type of source is expected!" }}
   {{- end }}
   source:
-    {{- if hasKey .Values.source "http" }}
+    {{- if hasKey .Values.source "image" }}
+    {{- $dv := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" "cozy-public" (printf "vm-image-%s" .Values.source.image.name) }}
+    pvc:
+      name: vm-image-{{ required "A valid .Values.source.image.name entry required!" .Values.source.image.name }}
+      namespace: cozy-public
+    {{- else if hasKey .Values.source "http" }}
     http:
       url: {{ required "A valid .Values.source.http.url entry required!" .Values.source.http.url }}
     {{- else if hasKey .Values.source "upload" }}

packages/apps/vm-disk/values.yaml

@@ -1,6 +1,11 @@
 ## @section Common parameters
 
 ## @param source The source image location used to create a disk
+## Example using golden image:
+## source:
+##   image:
+##     name: ubuntu
+##
 ## Example upload local image:
 ## source:
 ##   upload: {}

packages/apps/vm-instance/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.0
+version: 0.10.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.8.0
+appVersion: 0.10.0

packages/apps/vm-instance/README.md

@@ -36,21 +36,22 @@ virtctl ssh <user>@<vm>
 
 ### Common parameters
 
-| Name               | Description                                                                                                | Value       |
-| ------------------ | ---------------------------------------------------------------------------------------------------------- | ----------- |
-| `external`         | Enable external access from outside the cluster                                                            | `false`     |
-| `externalMethod`   | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `PortList`  |
-| `externalPorts`    | Specify ports to forward from outside the cluster                                                          | `[]`        |
-| `running`          | Determines if the virtual machine should be running                                                        | `true`      |
-| `instanceType`     | Virtual Machine instance type                                                                              | `u1.medium` |
-| `instanceProfile`  | Virtual Machine preferences profile                                                                        | `ubuntu`    |
-| `disks`            | List of disks to attach                                                                                    | `[]`        |
-| `gpus`             | List of GPUs to attach                                                                                     | `[]`        |
-| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                                   | `""`        |
-| `resources.memory` | The amount of memory allocated to the virtual machine                                                      | `""`        |
-| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`        |
-| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.                                | `""`        |
-| `cloudInitSeed`    | A seed string to generate an SMBIOS UUID for the VM.                                                       | `""`        |
+| Name                | Description                                                                                                | Value       |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----------- |
+| `external`          | Enable external access from outside the cluster                                                            | `false`     |
+| `externalMethod`    | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `PortList`  |
+| `externalPorts`     | Specify ports to forward from outside the cluster                                                          | `[]`        |
+| `running`           | Determines if the virtual machine should be running                                                        | `true`      |
+| `instanceType`      | Virtual Machine instance type                                                                              | `u1.medium` |
+| `instanceProfile`   | Virtual Machine preferences profile                                                                        | `ubuntu`    |
+| `disks`             | List of disks to attach                                                                                    | `[]`        |
+| `gpus`              | List of GPUs to attach                                                                                     | `[]`        |
+| `resources.cpu`     | The number of CPU cores allocated to the virtual machine                                                   | `""`        |
+| `resources.memory`  | The amount of memory allocated to the virtual machine                                                      | `""`        |
+| `resources.sockets` | The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)                  | `""`        |
+| `sshKeys`           | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`        |
+| `cloudInit`         | cloud-init user data config. See cloud-init documentation for more details.                                | `""`        |
+| `cloudInitSeed`     | A seed string to generate an SMBIOS UUID for the VM.                                                       | `""`        |
 
 ## U Series
 

packages/apps/vm-instance/templates/dashboard-resourcemap.yaml

@@ -3,6 +3,13 @@ kind: Role
 metadata:
   name: {{ .Release.Name }}-dashboard-resources
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ include "virtual-machine.fullname" . }}
+  verbs: ["get", "list", "watch"]
 - apiGroups:
   - cozystack.io
   resources:

packages/apps/vm-instance/templates/secret.yaml

@@ -9,7 +9,7 @@ stringData:
   key{{ $k }}: {{ quote $v }} 
   {{- end }}
 {{- end }}
-{{- if .Values.cloudInit }}
+{{- if or .Values.cloudInit .Values.sshKeys }}
 ---
 apiVersion: v1
 kind: Secret
@@ -17,5 +17,17 @@ metadata:
   name: {{ include "virtual-machine.fullname" . }}-cloud-init
 stringData:
   userdata: |
-    {{- .Values.cloudInit | nindent 4 }}
+    {{- if .Values.cloudInit }}
+    {{-   .Values.cloudInit | nindent 4 }}
+    {{- else if and (.Values.sshKeys) (not .Values.cloudInit) }}
+    {{- /*
+      We usually provide ssh keys in cloud-init metadata, because userdata it not typed and can be used for any purpose.
+      However, if user provides ssh keys but not cloud-init, we still need to provide a minimal cloud-init config to avoid errors.
+    */}}
+    #cloud-config
+    ssh_authorized_keys:
+      {{- range .Values.sshKeys }}
+      - {{ quote . }} 
+      {{- end }}
+    {{- end }}
 {{- end }}

packages/apps/vm-instance/templates/vm.yaml

@@ -31,9 +31,10 @@ spec:
         {{- include "virtual-machine.labels" . | nindent 8 }}
     spec:
       domain:
-        {{- if and .Values.resources .Values.resources.cpu }}
+        {{- if and .Values.resources .Values.resources.cpu .Values.resources.sockets }}
         cpu:
           cores: {{ .Values.resources.cpu }}
+          sockets: {{ .Values.resources.sockets }}
         {{- end }}
         {{- if and .Values.resources .Values.resources.memory }}
         resources:
@@ -53,24 +54,24 @@ spec:
           disks:
           {{- range $i, $disk := .Values.disks }}
           - name: disk-{{ $disk.name }}
-            {{- $disk := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" $disk.name) }}
-            {{- if $disk }}
-            {{- if and (hasKey $disk.metadata.annotations "vm-disk.cozystack.io/optical") (eq (index $disk.metadata.annotations "vm-disk.cozystack.io/optical") "true") }}
-            cdrom: {}
+            {{- $dv := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" $disk.name) }}
+            {{- if $dv }}
+            {{- if and (hasKey $dv.metadata.annotations "vm-disk.cozystack.io/optical") (eq (index $dv.metadata.annotations "vm-disk.cozystack.io/optical") "true") }}
+            cdrom:
             {{- else }}
-            disk: {}
-            {{- end }}
-            {{- if eq $i 0 }}
-            bootOrder: 1
+            disk:
             {{- end }}
+              {{- with $disk.bus }}
+              bus: {{ . }}
+              {{- end }}
+            bootOrder: {{ add $i 1 }}
             {{- else }}
             {{-   fail (printf "Specified disk not exists in cluster: %s" .name) }}
             {{- end }}
           {{- end }}
-          {{- if or .Values.sshKeys .Values.cloudInit }}
+          {{- if or .Values.cloudInit .Values.sshKeys }}
           - name: cloudinitdisk
-            disk:
-              bus: virtio
+            disk: {}
           {{- end }}
           interfaces:
           - name: default
@@ -94,27 +95,11 @@ spec:
         dataVolume:
           name: vm-disk-{{ .name }}
       {{- end }}
-      {{- if and .Values.sshKeys .Values.cloudInit }}
+      {{- if or .Values.cloudInit .Values.sshKeys }}
       - name: cloudinitdisk
         cloudInitNoCloud:
           secretRef:
             name: {{ include "virtual-machine.fullname" . }}-cloud-init
-      {{- else if .Values.sshKeys }}
-      - name: cloudinitdisk
-        cloudInitNoCloud:
-          userData: |
-            {{ printf "%s" "#cloud-config" }}
-            ssh_authorized_keys:
-              {{- range .Values.sshKeys }}
-              - {{ . }}
-              {{- end }}
-            chpasswd:
-              expire: false
-      {{- else }}
-      - name: cloudinitdisk
-        cloudInitNoCloud:
-          userData: |
-            {{ printf "%s" "#cloud-config" }}
       {{- end }}
       networks:
       - name: default

packages/apps/vm-instance/values.schema.json

@@ -165,6 +165,11 @@
           "type": "string",
           "description": "The amount of memory allocated to the virtual machine",
           "default": ""
+        },
+        "sockets": {
+          "type": "string",
+          "description": "The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)",
+          "default": ""
         }
       }
     },

packages/apps/vm-instance/values.yaml

@@ -22,6 +22,7 @@ instanceProfile: ubuntu
 ## disks:
 ## - name: example-system
 ## - name: example-data
+##   bus: sata
 disks: []
 
 ## @param gpus [array] List of GPUs to attach
@@ -32,9 +33,11 @@ gpus: []
 
 ## @param resources.cpu The number of CPU cores allocated to the virtual machine
 ## @param resources.memory The amount of memory allocated to the virtual machine
+## @param resources.sockets The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)
 resources:
   cpu: ""
   memory: ""
+  sockets: ""
 
 ## @param sshKeys [array] List of SSH public keys for authentication. Can be a single key or a list of keys.
 ## Example:

packages/apps/vpn/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.2
+version: 0.7.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/vpn/README.md

@@ -1,12 +1,16 @@
 # Managed VPN Service
 
-A Virtual Private Network (VPN) is a critical tool for ensuring secure and private communication over the internet. Managed VPN Service simplifies the deployment and management of VPN server, enabling you to establish secure connections with ease.
+A Virtual Private Network (VPN) is a critical tool for ensuring secure and private communication over the internet.
+Managed VPN Service simplifies the deployment and management of VPN server, enabling you to establish secure connections with ease.
 
-- Clients: https://shadowsocks5.github.io/en/download/clients.html
+- VPN client applications: https://shadowsocks5.github.io/en/download/clients.html
 
 ## Deployment Details
 
-The VPN Service is powered by the Outline Server, an advanced and user-friendly VPN solution. Internally known as "Shadowbox", which simplifies the process of setting up and sharing Shadowsocks servers. It operates by launching Shadowsocks instances on demand. Furthermore, Shadowbox is compatible with standard Shadowsocks clients, providing flexibility and ease of use for your VPN requirements.
+The VPN Service is powered by the Outline Server, an advanced and user-friendly VPN solution.
+Internally known as "Shadowbox", which simplifies the process of setting up and sharing Shadowsocks servers.
+It operates by launching Shadowsocks instances on demand.
+Furthermore, Shadowbox is compatible with standard Shadowsocks clients, providing flexibility and ease of use for your VPN requirements.
 
 - Docs: https://shadowsocks.org/
 - Docs: https://github.com/Jigsaw-Code/outline-server/tree/master/src/shadowbox
@@ -18,14 +22,60 @@ The VPN Service is powered by the Outline Server, an advanced and user-friendly
 | Name       | Description                                     | Value   |
 | ---------- | ----------------------------------------------- | ------- |
 | `external` | Enable external access from outside the cluster | `false` |
-| `replicas` | Number of VPN-server replicas                   | `2`     |
+| `replicas` | Number of VPN server replicas                   | `2`     |
 
 ### Configuration parameters
 
-| Name              | Description                                                                                                                                      | Value  |
-| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------ |
-| `host`            | Host used to substitute into generated URLs                                                                                                      | `""`   |
-| `users`           | Users configuration                                                                                                                              | `{}`   |
-| `externalIPs`     | List of externalIPs for service.                                                                                                                 | `[]`   |
-| `resources`       | Resources                                                                                                                                        | `{}`   |
-| `resourcesPreset` | Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge) | `nano` |
+| Name              | Description                                                                                                                             | Value  |
+| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------ |
+| `host`            | Host used to substitute into generated URLs                                                                                             | `""`   |
+| `users`           | Users configuration                                                                                                                     | `{}`   |
+| `externalIPs`     | List of externalIPs for service. Optional. If not specified will use LoadBalancer service by default.                                   | `[]`   |
+| `resources`       | Explicit CPU and memory configuration for each VPN server replica. When left empty, the preset defined in `resourcesPreset` is applied. | `{}`   |
+| `resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.       | `nano` |
+
+## Parameter examples and reference
+
+### resources and resourcesPreset
+
+`resources` sets explicit CPU and memory configurations for each replica.
+When left empty, the preset defined in `resourcesPreset` is applied.
+
+```yaml
+resources:
+  cpu: 4000m
+  memory: 4Gi
+```
+
+`resourcesPreset` sets named CPU and memory configurations for each replica.
+This setting is ignored if the corresponding `resources` value is set.
+
+| Preset name | CPU    | memory  |
+|-------------|--------|---------|
+| `nano`      | `250m` | `128Mi` |
+| `micro`     | `500m` | `256Mi` |
+| `small`     | `1`    | `512Mi` |
+| `medium`    | `1`    | `1Gi`   |
+| `large`     | `2`    | `2Gi`   |
+| `xlarge`    | `4`    | `4Gi`   |
+| `2xlarge`   | `8`    | `8Gi`   |
+
+
+### users
+
+```yaml
+users:                              
+  user1:                            
+    password: hackme                
+  user2: {} # autogenerated password
+```
+
+
+### externalIPs
+
+```yaml
+externalIPs:       
+  - "11.22.33.44"
+  - "11.22.33.45"
+  - "11.22.33.46"
+```

packages/apps/vpn/templates/deployment.yaml

@@ -43,11 +43,7 @@ spec:
       containers:
         - name: outline-vpn
           image: quay.io/outline/shadowbox:stable
-          {{- if .Values.resources }}
-          resources: {{- include "cozy-lib.resources.sanitize" (list .Values.resources $) | nindent 12 }}
-          {{- else if ne .Values.resourcesPreset "none" }}
-          resources: {{- include "cozy-lib.resources.preset" (list .Values.resourcesPreset $) | nindent 12 }}
-          {{- end }}
+          resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 12 }}
           ports:
             - containerPort: 40000
               protocol: TCP

packages/apps/vpn/values.schema.json

@@ -9,7 +9,7 @@
         },
         "replicas": {
             "type": "number",
-            "description": "Number of VPN-server replicas",
+            "description": "Number of VPN server replicas",
             "default": 2
         },
         "host": {
@@ -19,7 +19,7 @@
         },
         "externalIPs": {
             "type": "array",
-            "description": "List of externalIPs for service.",
+            "description": "List of externalIPs for service. Optional. If not specified will use LoadBalancer service by default.",
             "default": "[]",
             "items": {
                 "type": "string"
@@ -27,12 +27,12 @@
         },
         "resources": {
             "type": "object",
-            "description": "Resources",
+            "description": "Explicit CPU and memory configuration for each VPN server replica. When left empty, the preset defined in `resourcesPreset` is applied.",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)",
+            "description": "Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.",
             "default": "nano",
             "enum": [
                 "none",

packages/apps/vpn/values.yaml

@@ -1,7 +1,7 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
-## @param replicas Number of VPN-server replicas
+## @param replicas Number of VPN server replicas
 ##
 external: false
 replicas: 2
@@ -19,8 +19,7 @@ host: ""
 ##   user2: {} # autogenerated password
 users: {}
 
-## @param externalIPs [array] List of externalIPs for service.
-## Optional. If not specified will use LoadBalancer service by default.
+## @param externalIPs [array] List of externalIPs for service. Optional. If not specified will use LoadBalancer service by default.
 ## 
 ## e.g:
 ## externalIPs:
@@ -30,11 +29,11 @@ users: {}
 ##
 externalIPs: []
 
-## @param resources Resources
+## @param resources Explicit CPU and memory configuration for each VPN server replica. When left empty, the preset defined in `resourcesPreset` is applied.
 resources: {}
 # resources:
 #   cpu: 4000m
 #   memory: 4Gi
 
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly. (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge)
+## @param resourcesPreset Default sizing preset used when `resources` is omitted. Allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge.
 resourcesPreset: "nano"

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.32.1@sha256:9eb11a1c396d63e4235f398f5f01ec6aedea2316d6a7a9294d88191d25af309c
+  image: ghcr.io/cozystack/cozystack/installer:v0.33.1@sha256:03a0002be9cf5926643c295bbf05c3e250401b0f0595b9fcd147d53534f368f5