Add openshft-console

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-01-29 02:18:47 +00:00 · 2024-12-18 15:41:49 +01:00
289 changed files with 7210 additions and 26751 deletions
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -1,12 +1,7 @@
 # The Cozystack Maintainers

-| Maintainer | GitHub Username | Company |          Responsibility           |
-| ---------- | --------------- | ------- | --------------------------------- |
-| Andrei Kvapil | [@kvaps](https://github.com/kvaps) | Ænix | Core Maintainer |
-| George Gaál | [@gecube](https://github.com/gecube) | Ænix | DevOps Practices in Platform, Developers Advocate |
-| Kingdon Barrett | [@kingdonb](https://github.com/kingdonb) | Urmanac | FluxCD and flux-operator |
-| Timofei Larkin | [@lllamnyp](https://github.com/lllamnyp) | 3commas | Etcd-operator Lead |
-| Artem Bortnikov | [@aobort](https://github.com/aobort) | Timescale | Etcd-operator Lead |
-| Andrei Gumilev | [@chumkaska](https://github.com/chumkaska) | Ænix | Platform Documentation |
-| Timur Tukaev | [@tym83](https://github.com/tym83) | Ænix | Cozystack Website, Marketing, Community Management |
-| Kirill Klinchenkov | [@klinch0](https://github.com/klinch0) | Ænix | Core Maintainer |
+| Maintainer | GitHub Username | Company |
+| ---------- | --------------- | ------- |
+| Andrei Kvapil | [@kvaps](https://github.com/kvaps) | Ænix |
+| George Gaál | [@gecube](https://github.com/gecube) | Ænix |
+| Eduard Generalov | [@egeneralov](https://github.com/egeneralov) | Ænix |
--- a/4
+++ b/4
@@ -7,7 +7,6 @@ build:
 	make -C packages/apps/clickhouse image
 	make -C packages/apps/kubernetes image
 	make -C packages/system/cozystack-api image
-	make -C packages/system/cozystack-controller image
 	make -C packages/system/cilium image
 	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
@@ -38,6 +37,3 @@ test:
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
 	make -C packages/core/testing test-applications
-
-generate:
-	hack/update-codegen.sh
--- a/api/api-rules/cozystack_api_violation_exceptions.list
+++ b/api/api-rules/cozystack_api_violation_exceptions.list
@@ -1,4 +1,4 @@
-API rule violation: list_type_missing,github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions
+API rule violation: list_type_missing,github.com/aenix.io/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions
 API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref
 API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema
 API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XEmbeddedResource
--- a/api/v1alpha1/groupversion_info.go
+++ b/api/v1alpha1/groupversion_info.go
@@ -1,36 +0,0 @@
-/*
-Copyright 2025.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package v1alpha1 contains API Schema definitions for the  v1alpha1 API group.
-// +kubebuilder:object:generate=true
-// +groupName=cozystack.io
-package v1alpha1
-
-import (
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"sigs.k8s.io/controller-runtime/pkg/scheme"
-)
-
-var (
-	// GroupVersion is group version used to register these objects.
-	GroupVersion = schema.GroupVersion{Group: "cozystack.io", Version: "v1alpha1"}
-
-	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
-	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
-
-	// AddToScheme adds the types in this group-version to the given scheme.
-	AddToScheme = SchemeBuilder.AddToScheme
-)
--- a/api/v1alpha1/workload_types.go
+++ b/api/v1alpha1/workload_types.go
@@ -1,70 +0,0 @@
-/*
-Copyright 2025.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
-	"k8s.io/apimachinery/pkg/api/resource"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// WorkloadStatus defines the observed state of Workload
-type WorkloadStatus struct {
-	// Kind represents the type of workload (redis, postgres, etc.)
-	// +required
-	Kind string `json:"kind"`
-
-	// Type represents the specific role of the workload (redis, sentinel, etc.)
-	// If not specified, defaults to Kind
-	// +optional
-	Type string `json:"type,omitempty"`
-
-	// Resources specifies the compute resources allocated to this workload
-	// +required
-	Resources map[string]resource.Quantity `json:"resources"`
-
-	// Operational indicates if all pods of the workload are ready
-	// +optional
-	Operational bool `json:"operational"`
-}
-
-// +kubebuilder:object:root=true
-// +kubebuilder:printcolumn:name="Kind",type="string",JSONPath=".status.kind"
-// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".status.type"
-// +kubebuilder:printcolumn:name="CPU",type="string",JSONPath=".status.resources.cpu"
-// +kubebuilder:printcolumn:name="Memory",type="string",JSONPath=".status.resources.memory"
-// +kubebuilder:printcolumn:name="Operational",type="boolean",JSONPath=`.status.operational`
-
-// Workload is the Schema for the workloads API
-type Workload struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Status WorkloadStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// WorkloadList contains a list of Workload
-type WorkloadList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Workload `json:"items"`
-}
-
-func init() {
-	SchemeBuilder.Register(&Workload{}, &WorkloadList{})
-}
--- a/api/v1alpha1/workloadmonitor_types.go
+++ b/api/v1alpha1/workloadmonitor_types.go
@@ -1,91 +0,0 @@
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// WorkloadMonitorSpec defines the desired state of WorkloadMonitor
-type WorkloadMonitorSpec struct {
-	// Selector is a label selector to find workloads to monitor
-	// +required
-	Selector map[string]string `json:"selector"`
-
-	// Kind specifies the kind of the workload
-	// +optional
-	Kind string `json:"kind,omitempty"`
-
-	// Type specifies the type of the workload
-	// +optional
-	Type string `json:"type,omitempty"`
-
-	// Version specifies the version of the workload
-	// +optional
-	Version string `json:"version,omitempty"`
-
-	// MinReplicas specifies the minimum number of replicas that should be available
-	// +kubebuilder:validation:Minimum=0
-	// +optional
-	MinReplicas *int32 `json:"minReplicas,omitempty"`
-
-	// Replicas is the desired number of replicas
-	// If not specified, will use observedReplicas as the target
-	// +kubebuilder:validation:Minimum=0
-	// +optional
-	Replicas *int32 `json:"replicas,omitempty"`
-}
-
-// WorkloadMonitorStatus defines the observed state of WorkloadMonitor
-type WorkloadMonitorStatus struct {
-	// Operational indicates if the workload meets all operational requirements
-	// +optional
-	Operational *bool `json:"operational,omitempty"`
-
-	// AvailableReplicas is the number of ready replicas
-	// +optional
-	AvailableReplicas int32 `json:"availableReplicas"`
-
-	// ObservedReplicas is the total number of pods observed
-	// +optional
-	ObservedReplicas int32 `json:"observedReplicas"`
-}
-
-// +kubebuilder:object:root=true
-// +kubebuilder:subresource:status
-// +kubebuilder:printcolumn:name="Kind",type="string",JSONPath=".spec.kind"
-// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".spec.type"
-// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version"
-// +kubebuilder:printcolumn:name="Replicas",type="integer",JSONPath=".spec.replicas"
-// +kubebuilder:printcolumn:name="MinReplicas",type="integer",JSONPath=".spec.minReplicas"
-// +kubebuilder:printcolumn:name="Available",type="integer",JSONPath=".status.availableReplicas"
-// +kubebuilder:printcolumn:name="Observed",type="integer",JSONPath=".status.observedReplicas"
-// +kubebuilder:printcolumn:name="Operational",type="boolean",JSONPath=".status.operational"
-
-// WorkloadMonitor is the Schema for the workloadmonitors API
-type WorkloadMonitor struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   WorkloadMonitorSpec   `json:"spec,omitempty"`
-	Status WorkloadMonitorStatus `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// WorkloadMonitorList contains a list of WorkloadMonitor
-type WorkloadMonitorList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []WorkloadMonitor `json:"items"`
-}
-
-func init() {
-	SchemeBuilder.Register(&WorkloadMonitor{}, &WorkloadMonitorList{})
-}
-
-// GetSelector returns the label selector from metadata
-func (w *WorkloadMonitor) GetSelector() map[string]string {
-	return w.Spec.Selector
-}
-
-// Selector specifies the label selector for workloads
-type Selector map[string]string
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -1,238 +0,0 @@
-//go:build !ignore_autogenerated
-
-/*
-Copyright 2025 The Cozystack Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by controller-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"k8s.io/apimachinery/pkg/api/resource"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in Selector) DeepCopyInto(out *Selector) {
-	{
-		in := &in
-		*out = make(Selector, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Selector.
-func (in Selector) DeepCopy() Selector {
-	if in == nil {
-		return nil
-	}
-	out := new(Selector)
-	in.DeepCopyInto(out)
-	return *out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Workload) DeepCopyInto(out *Workload) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workload.
-func (in *Workload) DeepCopy() *Workload {
-	if in == nil {
-		return nil
-	}
-	out := new(Workload)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *Workload) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkloadList) DeepCopyInto(out *WorkloadList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]Workload, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadList.
-func (in *WorkloadList) DeepCopy() *WorkloadList {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkloadList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *WorkloadList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkloadMonitor) DeepCopyInto(out *WorkloadMonitor) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadMonitor.
-func (in *WorkloadMonitor) DeepCopy() *WorkloadMonitor {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkloadMonitor)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *WorkloadMonitor) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkloadMonitorList) DeepCopyInto(out *WorkloadMonitorList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]WorkloadMonitor, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadMonitorList.
-func (in *WorkloadMonitorList) DeepCopy() *WorkloadMonitorList {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkloadMonitorList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *WorkloadMonitorList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkloadMonitorSpec) DeepCopyInto(out *WorkloadMonitorSpec) {
-	*out = *in
-	if in.Selector != nil {
-		in, out := &in.Selector, &out.Selector
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.MinReplicas != nil {
-		in, out := &in.MinReplicas, &out.MinReplicas
-		*out = new(int32)
-		**out = **in
-	}
-	if in.Replicas != nil {
-		in, out := &in.Replicas, &out.Replicas
-		*out = new(int32)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadMonitorSpec.
-func (in *WorkloadMonitorSpec) DeepCopy() *WorkloadMonitorSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkloadMonitorSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkloadMonitorStatus) DeepCopyInto(out *WorkloadMonitorStatus) {
-	*out = *in
-	if in.Operational != nil {
-		in, out := &in.Operational, &out.Operational
-		*out = new(bool)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadMonitorStatus.
-func (in *WorkloadMonitorStatus) DeepCopy() *WorkloadMonitorStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkloadMonitorStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *WorkloadStatus) DeepCopyInto(out *WorkloadStatus) {
-	*out = *in
-	if in.Resources != nil {
-		in, out := &in.Resources, &out.Resources
-		*out = make(map[string]resource.Quantity, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val.DeepCopy()
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadStatus.
-func (in *WorkloadStatus) DeepCopy() *WorkloadStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(WorkloadStatus)
-	in.DeepCopyInto(out)
-	return out
-}
--- a/cmd/cozystack-api/main.go
+++ b/cmd/cozystack-api/main.go
@@ -19,7 +19,7 @@ package main
 import (
 	"os"

-	"github.com/aenix-io/cozystack/pkg/cmd/server"
+	"github.com/aenix.io/cozystack/pkg/cmd/server"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	"k8s.io/component-base/cli"
 )
--- a/cmd/cozystack-controller/main.go
+++ b/cmd/cozystack-controller/main.go
@@ -1,210 +0,0 @@
-/*
-Copyright 2025.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"os"
-	"time"
-
-	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
-	// to ensure that exec-entrypoint and run can make use of them.
-	_ "k8s.io/client-go/plugin/pkg/client/auth"
-
-	"k8s.io/apimachinery/pkg/runtime"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-	"sigs.k8s.io/controller-runtime/pkg/metrics/filters"
-	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
-
-	cozystackiov1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
-	"github.com/aenix-io/cozystack/internal/controller"
-	"github.com/aenix-io/cozystack/internal/telemetry"
-	// +kubebuilder:scaffold:imports
-)
-
-var (
-	scheme   = runtime.NewScheme()
-	setupLog = ctrl.Log.WithName("setup")
-)
-
-func init() {
-	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-
-	utilruntime.Must(cozystackiov1alpha1.AddToScheme(scheme))
-	// +kubebuilder:scaffold:scheme
-}
-
-func main() {
-	var metricsAddr string
-	var enableLeaderElection bool
-	var probeAddr string
-	var secureMetrics bool
-	var enableHTTP2 bool
-	var disableTelemetry bool
-	var telemetryEndpoint string
-	var telemetryInterval string
-	var cozystackVersion string
-	var tlsOpts []func(*tls.Config)
-	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
-		"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
-	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
-		"Enable leader election for controller manager. "+
-			"Enabling this will ensure there is only one active controller manager.")
-	flag.BoolVar(&secureMetrics, "metrics-secure", true,
-		"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
-	flag.BoolVar(&enableHTTP2, "enable-http2", false,
-		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
-	flag.BoolVar(&disableTelemetry, "disable-telemetry", false,
-		"Disable telemetry collection")
-	flag.StringVar(&telemetryEndpoint, "telemetry-endpoint", "https://telemetry.cozystack.io",
-		"Endpoint for sending telemetry data")
-	flag.StringVar(&telemetryInterval, "telemetry-interval", "15m",
-		"Interval between telemetry data collection (e.g. 15m, 1h)")
-	flag.StringVar(&cozystackVersion, "cozystack-version", "unknown",
-		"Version of Cozystack")
-	opts := zap.Options{
-		Development: false,
-	}
-	opts.BindFlags(flag.CommandLine)
-	flag.Parse()
-
-	// Parse telemetry interval
-	interval, err := time.ParseDuration(telemetryInterval)
-	if err != nil {
-		setupLog.Error(err, "invalid telemetry interval")
-		os.Exit(1)
-	}
-
-	// Configure telemetry
-	telemetryConfig := telemetry.Config{
-		Disabled:         disableTelemetry,
-		Endpoint:         telemetryEndpoint,
-		Interval:         interval,
-		CozystackVersion: cozystackVersion,
-	}
-
-	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
-
-	// if the enable-http2 flag is false (the default), http/2 should be disabled
-	// due to its vulnerabilities. More specifically, disabling http/2 will
-	// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
-	// Rapid Reset CVEs. For more information see:
-	// - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
-	// - https://github.com/advisories/GHSA-4374-p667-p6c8
-	disableHTTP2 := func(c *tls.Config) {
-		setupLog.Info("disabling http/2")
-		c.NextProtos = []string{"http/1.1"}
-	}
-
-	if !enableHTTP2 {
-		tlsOpts = append(tlsOpts, disableHTTP2)
-	}
-
-	webhookServer := webhook.NewServer(webhook.Options{
-		TLSOpts: tlsOpts,
-	})
-
-	// Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server.
-	// More info:
-	// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/server
-	// - https://book.kubebuilder.io/reference/metrics.html
-	metricsServerOptions := metricsserver.Options{
-		BindAddress:   metricsAddr,
-		SecureServing: secureMetrics,
-		TLSOpts:       tlsOpts,
-	}
-
-	if secureMetrics {
-		// FilterProvider is used to protect the metrics endpoint with authn/authz.
-		// These configurations ensure that only authorized users and service accounts
-		// can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info:
-		// https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/filters#WithAuthenticationAndAuthorization
-		metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
-
-		// TODO(user): If CertDir, CertName, and KeyName are not specified, controller-runtime will automatically
-		// generate self-signed certificates for the metrics server. While convenient for development and testing,
-		// this setup is not recommended for production.
-	}
-
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme:                 scheme,
-		Metrics:                metricsServerOptions,
-		WebhookServer:          webhookServer,
-		HealthProbeBindAddress: probeAddr,
-		LeaderElection:         enableLeaderElection,
-		LeaderElectionID:       "19a0338c.cozystack.io",
-		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
-		// when the Manager ends. This requires the binary to immediately end when the
-		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
-		// speeds up voluntary leader transitions as the new leader don't have to wait
-		// LeaseDuration time first.
-		//
-		// In the default scaffold provided, the program ends immediately after
-		// the manager stops, so would be fine to enable this option. However,
-		// if you are doing or is intended to do any operation such as perform cleanups
-		// after the manager stops then its usage might be unsafe.
-		// LeaderElectionReleaseOnCancel: true,
-	})
-	if err != nil {
-		setupLog.Error(err, "unable to start manager")
-		os.Exit(1)
-	}
-
-	if err = (&controller.WorkloadMonitorReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", "WorkloadMonitor")
-		os.Exit(1)
-	}
-	// +kubebuilder:scaffold:builder
-
-	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up health check")
-		os.Exit(1)
-	}
-	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up ready check")
-		os.Exit(1)
-	}
-
-	// Initialize telemetry collector
-	collector, err := telemetry.NewCollector(mgr.GetClient(), &telemetryConfig, mgr.GetConfig())
-	if err != nil {
-		setupLog.V(1).Error(err, "unable to create telemetry collector, telemetry will be disabled")
-	}
-
-	if collector != nil {
-		if err := mgr.Add(collector); err != nil {
-			setupLog.Error(err, "unable to set up telemetry collector")
-			setupLog.V(1).Error(err, "unable to set up telemetry collector, continuing without telemetry")
-		}
-	}
-
-	setupLog.Info("starting manager")
-	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
-		setupLog.Error(err, "problem running manager")
-		os.Exit(1)
-	}
-}
--- a/dashboards/kubevirt/kubevirt-control-plane.json
+++ b/dashboards/kubevirt/kubevirt-control-plane.json
--- a/go.mod
+++ b/go.mod
@@ -1,27 +1,22 @@
 // This is a generated file. Do not edit directly.

-module github.com/aenix-io/cozystack
+module github.com/aenix.io/cozystack

 go 1.23.0

 require (
-	github.com/fluxcd/helm-controller/api v1.1.0
+	github.com/emicklei/go-restful/v3 v3.11.0
 	github.com/google/gofuzz v1.2.0
-	github.com/onsi/ginkgo/v2 v2.19.0
-	github.com/onsi/gomega v1.33.1
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
-	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.31.2
 	k8s.io/apiextensions-apiserver v0.31.2
 	k8s.io/apimachinery v0.31.2
 	k8s.io/apiserver v0.31.2
 	k8s.io/client-go v0.31.2
+	k8s.io/code-generator v0.31.2
 	k8s.io/component-base v0.31.2
-	k8s.io/klog/v2 v2.130.1
 	k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	sigs.k8s.io/controller-runtime v0.19.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 )

@@ -36,27 +31,23 @@ require (
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fluxcd/helm-controller/api v1.1.0 // indirect
 	github.com/fluxcd/pkg/apis/kustomize v1.6.1 // indirect
 	github.com/fluxcd/pkg/apis/meta v1.6.1 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/cel-go v0.21.0 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
@@ -93,6 +84,7 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
@@ -101,7 +93,6 @@ require (
 	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
 	google.golang.org/grpc v1.65.0 // indirect
@@ -109,9 +100,14 @@ require (
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.31.2 // indirect
+	k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kms v0.31.2 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect
+	sigs.k8s.io/controller-runtime v0.19.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -26,10 +26,6 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k=
-github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fluxcd/helm-controller/api v1.1.0 h1:NS5Wm3U6Kv4w7Cw2sDOV++vf2ecGfFV00x1+2Y3QcOY=
@@ -218,6 +214,8 @@ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -254,8 +252,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
-gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY=
 google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
 google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw=
@@ -291,8 +287,12 @@ k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4=
 k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE=
 k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc=
 k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs=
+k8s.io/code-generator v0.31.2 h1:xLWxG0HEpMSHfcM//3u3Ro2Hmc6AyyLINQS//Z2GEOI=
+k8s.io/code-generator v0.31.2/go.mod h1:eEQHXgBU/m7LDaToDoiz3t97dUUVyOblQdwOr8rivqc=
 k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA=
 k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ=
+k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 h1:si3PfKm8dDYxgfbeA6orqrtLkvvIeH8UqffFJDl0bz4=
+k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kms v0.31.2 h1:pyx7l2qVOkClzFMIWMVF/FxsSkgd+OIGH7DecpbscJI=
--- a/hack/boilerplate.go.txt
+++ b/hack/boilerplate.go.txt
@@ -1,5 +1,5 @@
 /*
-Copyright 2025 The Cozystack Authors.
+Copyright 2024 The Cozystack Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -113,6 +113,8 @@ machine:
        - usermode_helper=disabled
    - name: zfs
    - name: spl
+  install:
+    image: ghcr.io/aenix-io/cozystack/talos:v1.8.3
  files:
  - content: |
      [plugins]
@@ -140,9 +142,6 @@ EOT

 cat > patch-controlplane.yaml <<\EOT
 machine:
-  nodeLabels:
-    node.kubernetes.io/exclude-from-external-load-balancers:
-      $patch: delete
  network:
    interfaces:
    - interface: eth0
@@ -229,7 +228,6 @@ sleep 5
 kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x

 # Wait for Cluster-API providers
-timeout 30 sh -c 'until kubectl get deploy -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager; do sleep 1; done'
 kubectl wait deploy --timeout=30s --for=condition=available -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager

 # Wait for linstor controller
@@ -298,9 +296,6 @@ spec:
  avoidBuggyIPs: false
 EOT

-# Wait for cozystack-api
-kubectl wait --for=condition=Available apiservices v1alpha1.apps.cozystack.io --timeout=2m
-
 kubectl patch -n tenant-root tenants.apps.cozystack.io root --type=merge -p '{"spec":{
  "host": "example.org",
  "ingress": true,
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@@ -22,7 +22,6 @@ SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
 CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
 API_KNOWN_VIOLATIONS_DIR="${API_KNOWN_VIOLATIONS_DIR:-"${SCRIPT_ROOT}/api/api-rules"}"
 UPDATE_API_KNOWN_VIOLATIONS="${UPDATE_API_KNOWN_VIOLATIONS:-true}"
-CONTROLLER_GEN="go run sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.4"

 source "${CODEGEN_PKG}/kube_codegen.sh"

@@ -47,6 +46,3 @@ kube::codegen::gen_openapi \
    ${update_report:+"${update_report}"} \
    --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
    "${SCRIPT_ROOT}/pkg/apis"
-
-$CONTROLLER_GEN object:headerFile="hack/boilerplate.go.txt" paths="./api/..."
-$CONTROLLER_GEN rbac:roleName=manager-role crd paths="./api/..." output:crd:artifacts:config=packages/system/cozystack-controller/templates/crds
--- a/internal/controller/suite_test.go
+++ b/internal/controller/suite_test.go
@@ -1,96 +0,0 @@
-/*
-Copyright 2025.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package controller
-
-import (
-	"context"
-	"fmt"
-	"path/filepath"
-	"runtime"
-	"testing"
-
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-
-	"k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/client-go/rest"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/envtest"
-	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-
-	cozystackiov1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
-	// +kubebuilder:scaffold:imports
-)
-
-// These tests use Ginkgo (BDD-style Go testing framework). Refer to
-// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
-
-var cfg *rest.Config
-var k8sClient client.Client
-var testEnv *envtest.Environment
-var ctx context.Context
-var cancel context.CancelFunc
-
-func TestControllers(t *testing.T) {
-	RegisterFailHandler(Fail)
-
-	RunSpecs(t, "Controller Suite")
-}
-
-var _ = BeforeSuite(func() {
-	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
-
-	ctx, cancel = context.WithCancel(context.TODO())
-
-	By("bootstrapping test environment")
-	testEnv = &envtest.Environment{
-		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "config", "crd", "bases")},
-		ErrorIfCRDPathMissing: true,
-
-		// The BinaryAssetsDirectory is only required if you want to run the tests directly
-		// without call the makefile target test. If not informed it will look for the
-		// default path defined in controller-runtime which is /usr/local/kubebuilder/.
-		// Note that you must have the required binaries setup under the bin directory to perform
-		// the tests directly. When we run make test it will be setup and used automatically.
-		BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s",
-			fmt.Sprintf("1.31.0-%s-%s", runtime.GOOS, runtime.GOARCH)),
-	}
-
-	var err error
-	// cfg is defined in this file globally.
-	cfg, err = testEnv.Start()
-	Expect(err).NotTo(HaveOccurred())
-	Expect(cfg).NotTo(BeNil())
-
-	err = cozystackiov1alpha1.AddToScheme(scheme.Scheme)
-	Expect(err).NotTo(HaveOccurred())
-
-	// +kubebuilder:scaffold:scheme
-
-	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
-	Expect(err).NotTo(HaveOccurred())
-	Expect(k8sClient).NotTo(BeNil())
-
-})
-
-var _ = AfterSuite(func() {
-	By("tearing down the test environment")
-	cancel()
-	err := testEnv.Stop()
-	Expect(err).NotTo(HaveOccurred())
-})
--- a/internal/controller/workloadmonitor_controller.go
+++ b/internal/controller/workloadmonitor_controller.go
@@ -1,273 +0,0 @@
-package controller
-
-import (
-	"context"
-	"encoding/json"
-	"sort"
-
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/utils/pointer"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/handler"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/resource"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	cozyv1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
-)
-
-// WorkloadMonitorReconciler reconciles a WorkloadMonitor object
-type WorkloadMonitorReconciler struct {
-	client.Client
-	Scheme *runtime.Scheme
-}
-
-// +kubebuilder:rbac:groups=cozystack.io,resources=workloadmonitors,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=cozystack.io,resources=workloadmonitors/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=cozystack.io,resources=workloads,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=cozystack.io,resources=workloads/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch
-
-// isPodReady checks if the Pod is in the Ready condition.
-func (r *WorkloadMonitorReconciler) isPodReady(pod *corev1.Pod) bool {
-	for _, c := range pod.Status.Conditions {
-		if c.Type == corev1.PodReady && c.Status == corev1.ConditionTrue {
-			return true
-		}
-	}
-	return false
-}
-
-// updateOwnerReferences adds the given monitor as a new owner reference to the object if not already present.
-// It then sorts the owner references to enforce a consistent order.
-func updateOwnerReferences(obj metav1.Object, monitor client.Object) {
-	// Retrieve current owner references
-	owners := obj.GetOwnerReferences()
-
-	// Check if current monitor is already in owner references
-	var alreadyOwned bool
-	for _, ownerRef := range owners {
-		if ownerRef.UID == monitor.GetUID() {
-			alreadyOwned = true
-			break
-		}
-	}
-
-	runtimeObj, ok := monitor.(runtime.Object)
-	if !ok {
-		return
-	}
-	gvk := runtimeObj.GetObjectKind().GroupVersionKind()
-
-	// If not already present, add new owner reference without controller flag
-	if !alreadyOwned {
-		newOwnerRef := metav1.OwnerReference{
-			APIVersion: gvk.GroupVersion().String(),
-			Kind:       gvk.Kind,
-			Name:       monitor.GetName(),
-			UID:        monitor.GetUID(),
-			// Set Controller to false to avoid conflict as multiple controllers are not allowed
-			Controller:         pointer.BoolPtr(false),
-			BlockOwnerDeletion: pointer.BoolPtr(true),
-		}
-		owners = append(owners, newOwnerRef)
-	}
-
-	// Sort owner references to enforce a consistent order by UID
-	sort.SliceStable(owners, func(i, j int) bool {
-		return owners[i].UID < owners[j].UID
-	})
-
-	// Update the owner references of the object
-	obj.SetOwnerReferences(owners)
-}
-
-// reconcilePodForMonitor creates or updates a Workload object for the given Pod and WorkloadMonitor.
-func (r *WorkloadMonitorReconciler) reconcilePodForMonitor(
-	ctx context.Context,
-	monitor *cozyv1alpha1.WorkloadMonitor,
-	pod corev1.Pod,
-) error {
-	logger := log.FromContext(ctx)
-
-	// Combine both init containers and normal containers to sum resources properly
-	combinedContainers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
-
-	// totalResources will store the sum of all container resource limits
-	totalResources := make(map[string]resource.Quantity)
-
-	// Iterate over all containers to aggregate their Limits
-	for _, container := range combinedContainers {
-		for name, qty := range container.Resources.Limits {
-			if existing, exists := totalResources[name.String()]; exists {
-				existing.Add(qty)
-				totalResources[name.String()] = existing
-			} else {
-				totalResources[name.String()] = qty.DeepCopy()
-			}
-		}
-	}
-
-	// If annotation "workload.cozystack.io/resources" is present, parse and merge
-	if resourcesStr, ok := pod.Annotations["workload.cozystack.io/resources"]; ok {
-		annRes := map[string]string{}
-		if err := json.Unmarshal([]byte(resourcesStr), &annRes); err != nil {
-			logger.Error(err, "Failed to parse resources annotation", "pod", pod.Name)
-		} else {
-			for k, v := range annRes {
-				parsed, err := resource.ParseQuantity(v)
-				if err != nil {
-					logger.Error(err, "Failed to parse resource quantity from annotation", "key", k, "value", v)
-					continue
-				}
-				totalResources[k] = parsed
-			}
-		}
-	}
-
-	workload := &cozyv1alpha1.Workload{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      pod.Name,
-			Namespace: pod.Namespace,
-		},
-	}
-
-	_, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error {
-		// Update owner references with the new monitor
-		updateOwnerReferences(workload.GetObjectMeta(), monitor)
-
-		// Copy labels from the Pod if needed
-		workload.Labels = pod.Labels
-
-		// Fill Workload status fields:
-		workload.Status.Kind = monitor.Spec.Kind
-		workload.Status.Type = monitor.Spec.Type
-		workload.Status.Resources = totalResources
-		workload.Status.Operational = r.isPodReady(&pod)
-
-		return nil
-	})
-	if err != nil {
-		logger.Error(err, "Failed to CreateOrUpdate Workload", "workload", workload.Name)
-		return err
-	}
-
-	return nil
-}
-
-// Reconcile is the main reconcile loop.
-// 1. It reconciles WorkloadMonitor objects themselves (create/update/delete).
-// 2. It also reconciles Pod events mapped to WorkloadMonitor via label selector.
-func (r *WorkloadMonitorReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	logger := log.FromContext(ctx)
-
-	// Fetch the WorkloadMonitor object if it exists
-	monitor := &cozyv1alpha1.WorkloadMonitor{}
-	err := r.Get(ctx, req.NamespacedName, monitor)
-	if err != nil {
-		// If the resource is not found, it may be a Pod event (mapFunc).
-		if apierrors.IsNotFound(err) {
-			return ctrl.Result{}, nil
-		}
-		logger.Error(err, "Unable to fetch WorkloadMonitor")
-		return ctrl.Result{}, err
-	}
-
-	// List Pods that match the WorkloadMonitor's selector
-	podList := &corev1.PodList{}
-	if err := r.List(
-		ctx,
-		podList,
-		client.InNamespace(monitor.Namespace),
-		client.MatchingLabels(monitor.Spec.Selector),
-	); err != nil {
-		logger.Error(err, "Unable to list Pods for WorkloadMonitor", "monitor", monitor.Name)
-		return ctrl.Result{}, err
-	}
-
-	var observedReplicas, availableReplicas int32
-
-	// For each matching Pod, reconcile the corresponding Workload
-	for _, pod := range podList.Items {
-		observedReplicas++
-		if err := r.reconcilePodForMonitor(ctx, monitor, pod); err != nil {
-			logger.Error(err, "Failed to reconcile Workload for Pod", "pod", pod.Name)
-			continue
-		}
-		if r.isPodReady(&pod) {
-			availableReplicas++
-		}
-	}
-
-	// Update WorkloadMonitor status based on observed pods
-	monitor.Status.ObservedReplicas = observedReplicas
-	monitor.Status.AvailableReplicas = availableReplicas
-
-	// Default to operational = true, but check MinReplicas if set
-	monitor.Status.Operational = pointer.Bool(true)
-	if monitor.Spec.MinReplicas != nil && availableReplicas < *monitor.Spec.MinReplicas {
-		monitor.Status.Operational = pointer.Bool(false)
-	}
-
-	// Update the WorkloadMonitor status in the cluster
-	if err := r.Status().Update(ctx, monitor); err != nil {
-		logger.Error(err, "Unable to update WorkloadMonitor status", "monitor", monitor.Name)
-		return ctrl.Result{}, err
-	}
-
-	// Return without requeue if we want purely event-driven reconciliations
-	return ctrl.Result{}, nil
-}
-
-// SetupWithManager registers our controller with the Manager and sets up watches.
-func (r *WorkloadMonitorReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
-		// Watch WorkloadMonitor objects
-		For(&cozyv1alpha1.WorkloadMonitor{}).
-		// Also watch Pod objects and map them back to WorkloadMonitor if labels match
-		Watches(
-			&corev1.Pod{},
-			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request {
-				pod, ok := obj.(*corev1.Pod)
-				if !ok {
-					return nil
-				}
-
-				var monitorList cozyv1alpha1.WorkloadMonitorList
-				// List all WorkloadMonitors in the same namespace
-				if err := r.List(ctx, &monitorList, client.InNamespace(pod.Namespace)); err != nil {
-					return nil
-				}
-
-				// Match each monitor's selector with the Pod's labels
-				var requests []reconcile.Request
-				for _, m := range monitorList.Items {
-					matches := true
-					for k, v := range m.Spec.Selector {
-						if podVal, exists := pod.Labels[k]; !exists || podVal != v {
-							matches = false
-							break
-						}
-					}
-					if matches {
-						requests = append(requests, reconcile.Request{
-							NamespacedName: types.NamespacedName{
-								Namespace: m.Namespace,
-								Name:      m.Name,
-							},
-						})
-					}
-				}
-				return requests
-			}),
-		).
-		// Watch for changes to Workload objects we create (owned by WorkloadMonitor)
-		Owns(&cozyv1alpha1.Workload{}).
-		Complete(r)
-}
--- a/internal/telemetry/collector.go
+++ b/internal/telemetry/collector.go
@@ -1,292 +0,0 @@
-package telemetry
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/resource"
-	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/rest"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/log"
-
-	cozyv1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
-)
-
-// Collector handles telemetry data collection and sending
-type Collector struct {
-	client          client.Client
-	discoveryClient discovery.DiscoveryInterface
-	config          *Config
-	ticker          *time.Ticker
-	stopCh          chan struct{}
-}
-
-// NewCollector creates a new telemetry collector
-func NewCollector(client client.Client, config *Config, kubeConfig *rest.Config) (*Collector, error) {
-	discoveryClient, err := discovery.NewDiscoveryClientForConfig(kubeConfig)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create discovery client: %w", err)
-	}
-	return &Collector{
-		client:          client,
-		discoveryClient: discoveryClient,
-		config:          config,
-	}, nil
-}
-
-// Start implements manager.Runnable
-func (c *Collector) Start(ctx context.Context) error {
-	if c.config.Disabled {
-		return nil
-	}
-
-	c.ticker = time.NewTicker(c.config.Interval)
-	c.stopCh = make(chan struct{})
-
-	// Initial collection
-	c.collect(ctx)
-
-	for {
-		select {
-		case <-ctx.Done():
-			c.ticker.Stop()
-			close(c.stopCh)
-			return nil
-		case <-c.ticker.C:
-			c.collect(ctx)
-		}
-	}
-}
-
-// NeedLeaderElection implements manager.LeaderElectionRunnable
-func (c *Collector) NeedLeaderElection() bool {
-	// Only run telemetry collector on the leader
-	return true
-}
-
-// Stop halts telemetry collection
-func (c *Collector) Stop() {
-	close(c.stopCh)
-}
-
-// getSizeGroup returns the exponential size group for PVC
-func getSizeGroup(size resource.Quantity) string {
-	gb := size.Value() / (1024 * 1024 * 1024)
-	switch {
-	case gb <= 1:
-		return "1Gi"
-	case gb <= 5:
-		return "5Gi"
-	case gb <= 10:
-		return "10Gi"
-	case gb <= 25:
-		return "25Gi"
-	case gb <= 50:
-		return "50Gi"
-	case gb <= 100:
-		return "100Gi"
-	case gb <= 250:
-		return "250Gi"
-	case gb <= 500:
-		return "500Gi"
-	case gb <= 1024:
-		return "1Ti"
-	case gb <= 2048:
-		return "2Ti"
-	case gb <= 5120:
-		return "5Ti"
-	default:
-		return "10Ti"
-	}
-}
-
-// collect gathers and sends telemetry data
-func (c *Collector) collect(ctx context.Context) {
-	logger := log.FromContext(ctx).V(1)
-
-	// Get cluster ID from kube-system namespace
-	var kubeSystemNS corev1.Namespace
-	if err := c.client.Get(ctx, types.NamespacedName{Name: "kube-system"}, &kubeSystemNS); err != nil {
-		logger.Info(fmt.Sprintf("Failed to get kube-system namespace: %v", err))
-		return
-	}
-
-	clusterID := string(kubeSystemNS.UID)
-
-	var cozystackCM corev1.ConfigMap
-	if err := c.client.Get(ctx, types.NamespacedName{Namespace: "cozy-system", Name: "cozystack"}, &cozystackCM); err != nil {
-		logger.Info(fmt.Sprintf("Failed to get cozystack configmap in cozy-system namespace: %v", err))
-		return
-	}
-
-	oidcEnabled := cozystackCM.Data["oidc-enabled"]
-	bundle := cozystackCM.Data["bundle-name"]
-	bundleEnable := cozystackCM.Data["bundle-enable"]
-	bundleDisable := cozystackCM.Data["bundle-disable"]
-
-	// Get Kubernetes version from nodes
-	var nodeList corev1.NodeList
-	if err := c.client.List(ctx, &nodeList); err != nil {
-		logger.Info(fmt.Sprintf("Failed to list nodes: %v", err))
-		return
-	}
-
-	// Create metrics buffer
-	var metrics strings.Builder
-
-	// Add Cozystack info metric
-	if len(nodeList.Items) > 0 {
-		k8sVersion, _ := c.discoveryClient.ServerVersion()
-		metrics.WriteString(fmt.Sprintf(
-			"cozy_cluster_info{cozystack_version=\"%s\",kubernetes_version=\"%s\",oidc_enabled=\"%s\",bundle_name=\"%s\",bunde_enable=\"%s\",bunde_disable=\"%s\"} 1\n",
-			c.config.CozystackVersion,
-			k8sVersion,
-			oidcEnabled,
-			bundle,
-			bundleEnable,
-			bundleDisable,
-		))
-	}
-
-	// Collect node metrics
-	nodeOSCount := make(map[string]int)
-	for _, node := range nodeList.Items {
-		key := fmt.Sprintf("%s (%s)", node.Status.NodeInfo.OperatingSystem, node.Status.NodeInfo.OSImage)
-		nodeOSCount[key] = nodeOSCount[key] + 1
-	}
-
-	for osKey, count := range nodeOSCount {
-		metrics.WriteString(fmt.Sprintf(
-			"cozy_nodes_count{os=\"%s\",kernel=\"%s\"} %d\n",
-			osKey,
-			nodeList.Items[0].Status.NodeInfo.KernelVersion,
-			count,
-		))
-	}
-
-	// Collect LoadBalancer services metrics
-	var serviceList corev1.ServiceList
-	if err := c.client.List(ctx, &serviceList); err != nil {
-		logger.Info(fmt.Sprintf("Failed to list Services: %v", err))
-	} else {
-		lbCount := 0
-		for _, svc := range serviceList.Items {
-			if svc.Spec.Type == corev1.ServiceTypeLoadBalancer {
-				lbCount++
-			}
-		}
-		metrics.WriteString(fmt.Sprintf("cozy_loadbalancers_count %d\n", lbCount))
-	}
-
-	// Count tenant namespaces
-	var nsList corev1.NamespaceList
-	if err := c.client.List(ctx, &nsList); err != nil {
-		logger.Info(fmt.Sprintf("Failed to list Namespaces: %v", err))
-	} else {
-		tenantCount := 0
-		for _, ns := range nsList.Items {
-			if strings.HasPrefix(ns.Name, "tenant-") {
-				tenantCount++
-			}
-		}
-		metrics.WriteString(fmt.Sprintf("cozy_tenants_count %d\n", tenantCount))
-	}
-
-	// Collect PV metrics grouped by driver and size
-	var pvList corev1.PersistentVolumeList
-	if err := c.client.List(ctx, &pvList); err != nil {
-		logger.Info(fmt.Sprintf("Failed to list PVs: %v", err))
-	} else {
-		// Map to store counts by size and driver
-		pvMetrics := make(map[string]map[string]int)
-
-		for _, pv := range pvList.Items {
-			if capacity, ok := pv.Spec.Capacity[corev1.ResourceStorage]; ok {
-				sizeGroup := getSizeGroup(capacity)
-
-				// Get the CSI driver name
-				driver := "unknown"
-				if pv.Spec.CSI != nil {
-					driver = pv.Spec.CSI.Driver
-				} else if pv.Spec.HostPath != nil {
-					driver = "hostpath"
-				} else if pv.Spec.NFS != nil {
-					driver = "nfs"
-				}
-
-				// Initialize nested map if needed
-				if _, exists := pvMetrics[sizeGroup]; !exists {
-					pvMetrics[sizeGroup] = make(map[string]int)
-				}
-
-				// Increment count for this size/driver combination
-				pvMetrics[sizeGroup][driver]++
-			}
-		}
-
-		// Write metrics
-		for size, drivers := range pvMetrics {
-			for driver, count := range drivers {
-				metrics.WriteString(fmt.Sprintf(
-					"cozy_pvs_count{driver=\"%s\",size=\"%s\"} %d\n",
-					driver,
-					size,
-					count,
-				))
-			}
-		}
-	}
-
-	// Collect workload metrics
-	var monitorList cozyv1alpha1.WorkloadMonitorList
-	if err := c.client.List(ctx, &monitorList); err != nil {
-		logger.Info(fmt.Sprintf("Failed to list WorkloadMonitors: %v", err))
-		return
-	}
-
-	for _, monitor := range monitorList.Items {
-		metrics.WriteString(fmt.Sprintf(
-			"cozy_workloads_count{uid=\"%s\",kind=\"%s\",type=\"%s\",version=\"%s\"} %d\n",
-			monitor.UID,
-			monitor.Spec.Kind,
-			monitor.Spec.Type,
-			monitor.Spec.Version,
-			monitor.Status.ObservedReplicas,
-		))
-	}
-
-	// Send metrics
-	if err := c.sendMetrics(clusterID, metrics.String()); err != nil {
-		logger.Info(fmt.Sprintf("Failed to send metrics: %v", err))
-	}
-}
-
-// sendMetrics sends collected metrics to the configured endpoint
-func (c *Collector) sendMetrics(clusterID, metrics string) error {
-	req, err := http.NewRequest("POST", c.config.Endpoint, bytes.NewBufferString(metrics))
-	if err != nil {
-		return fmt.Errorf("failed to create request: %w", err)
-	}
-
-	req.Header.Set("Content-Type", "text/plain")
-	req.Header.Set("X-Cluster-ID", clusterID)
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("failed to send request: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
-	}
-
-	return nil
-}
--- a/internal/telemetry/config.go
+++ b/internal/telemetry/config.go
@@ -1,27 +0,0 @@
-package telemetry
-
-import (
-	"time"
-)
-
-// Config holds telemetry configuration
-type Config struct {
-	// Disable telemetry collection if set to true
-	Disabled bool
-	// Endpoint to send telemetry data to
-	Endpoint string
-	// Interval between telemetry data collection
-	Interval time.Duration
-	// CozystackVersion represents the current version of Cozystack
-	CozystackVersion string
-}
-
-// DefaultConfig returns default telemetry configuration
-func DefaultConfig() *Config {
-	return &Config{
-		Disabled:         false,
-		Endpoint:         "https://telemetry.cozystack.io",
-		Interval:         15 * time.Minute,
-		CozystackVersion: "unknown",
-	}
-}
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -68,7 +68,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.2"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -87,7 +87,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.2"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
--- a/packages/apps/clickhouse/images/clickhouse-backup.tag
+++ b/packages/apps/clickhouse/images/clickhouse-backup.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.1@sha256:7a99cabdfd541f863aa5d1b2f7b49afd39838fb94c8448986634a1dc9050751c
+ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.1@sha256:dda84420cb8648721299221268a00d72a05c7af5b7fb452619bac727068b9e61
--- a/packages/apps/ferretdb/images/postgres-backup.tag
+++ b/packages/apps/ferretdb/images/postgres-backup.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.8.0@sha256:6a8ec7e7052f2d02ec5457d7cbac6ee52b3ed93a883988a192d1394fc7c88117
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:406d2c5a30fa8b6fe10eab3cba45c06fea3876e81fd123ead6dc3c19347762d0
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:a3c25199acb8e8426e6952658ccc4acaadb50fe2cfa6359743b64e5166b3fc70
+ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:27112d470a31725b75b29b29919af06b4ce1339e3b502b08889a92ab7099adde
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.15.0
+version: 0.14.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:538ee308f16c9e627ed16ee7c4aaa65919c2e6c4c2778f964a06e4797610d1cd
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:b63293bc295e8c04574900bb711ebfe51db6774beb6bc3a58791562ec11b406b
--- a/packages/apps/kubernetes/images/cluster-autoscaler/Dockerfile
+++ b/packages/apps/kubernetes/images/cluster-autoscaler/Dockerfile
@@ -1,14 +1,12 @@
 # Source: https://raw.githubusercontent.com/kubernetes/autoscaler/refs/heads/master/cluster-autoscaler/Dockerfile.amd64
-ARG builder_image=docker.io/library/golang:1.23.4
+ARG builder_image=docker.io/library/golang:1.22.5
 ARG BASEIMAGE=gcr.io/distroless/static:nonroot-amd64
 FROM ${builder_image} AS builder
 RUN git clone https://github.com/kubernetes/autoscaler /src/autoscaler \
 && cd /src/autoscaler/cluster-autoscaler \
- && git checkout cluster-autoscaler-1.32.0
+ && git checkout cluster-autoscaler-1.31.0

 WORKDIR /src/autoscaler/cluster-autoscaler
-COPY fix-downscale.diff /fix-downscale.diff
-RUN git apply /fix-downscale.diff
 RUN make build

 FROM $BASEIMAGE
--- a/packages/apps/kubernetes/images/cluster-autoscaler/fix-downscale.diff
+++ b/packages/apps/kubernetes/images/cluster-autoscaler/fix-downscale.diff
@@ -1,13 +0,0 @@
-diff --git a/cluster-autoscaler/cloudprovider/clusterapi/clusterapi_unstructured.go b/cluster-autoscaler/cloudprovider/clusterapi/clusterapi_unstructured.go
-index 4eec0e4bf..f28fd9241 100644
--- a/cluster-autoscaler/cloudprovider/clusterapi/clusterapi_unstructured.go
-+++ b/cluster-autoscaler/cloudprovider/clusterapi/clusterapi_unstructured.go
-@@ -106,8 +106,6 @@ func (r unstructuredScalableResource) Replicas() (int, error) {
- 
- func (r unstructuredScalableResource) SetSize(nreplicas int) error {
- 	switch {
-	case nreplicas > r.maxSize:
-		return fmt.Errorf("size increase too large - desired:%d max:%d", nreplicas, r.maxSize)
- 	case nreplicas < r.minSize:
- 		return fmt.Errorf("size decrease too large - desired:%d min:%d", nreplicas, r.minSize)
- 	}
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:7716c88947d13dc90ccfcc3e60bfdd6e6fa9b201339a75e9c84bf825c76e2b1f
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:c0561a342e6b55d066f3363182f442e8fa30a0b6b448d89d15a1a855c999b98e
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:be5e0eef92dada3ace5cddda5c68b30c9fe4682774c5e6e938ed31efba11ebbf
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:4b84a077e7f1b75bdf8b272c8f147e4ef3b67b9bea83383a399e9149868384ac
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:8392f00a7182294ce6fd417d254f7c2aa09fb9203d829dec70344a8050369430
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:91ec9c31472f8e94ae5f6f5a2568058eb28b3f57ab7e203d8d4a0993911fffc3
--- a/packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
+++ b/packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
@@ -30,12 +30,6 @@ spec:
        - /cluster-autoscaler
        args:
        - --cloud-provider=clusterapi
-        - --enforce-node-group-min-size=true
-        - --ignore-daemonsets-utilization=true
-        - --ignore-mirror-pods-utilization=true
-        - --scale-down-unneeded-time=30s
-        - --scan-interval=25s
-        - --force-delete-unregistered-nodes=true
        - --kubeconfig=/etc/kubernetes/kubeconfig/super-admin.svc
        - --clusterapi-cloud-config-authoritative
        - --node-group-auto-discovery=clusterapi:namespace={{ .Release.Namespace }},clusterName={{ .Release.Name }}
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -29,7 +29,6 @@ spec:
            {{- range .group.roles }}
            node-role.kubernetes.io/{{ . }}: ""
            {{- end }}
-            cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ .groupName }}
        spec:
          domain:
            {{- if and .group.resources .group.resources.cpu }}
@@ -127,21 +126,6 @@ spec:
  replicas: 2
  version: 1.30.1
 ---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: kubernetes
-  type: control-plane
-  selector:
-    kamaji.clastix.io/component: deployment
-    kamaji.clastix.io/name: {{ .Release.Name }}
-  version: {{ $.Chart.Version }}
---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtCluster
 metadata:
@@ -188,7 +172,6 @@ spec:
 ---
 {{- $context := deepCopy $ }}
 {{- $_ := set $context "group" $group }}
-{{- $_ := set $context "groupName" $groupName }}
 {{- $kubevirtmachinetemplate := include "kubevirtmachinetemplate" $context }}
 {{- $kubevirtmachinetemplateHash := $kubevirtmachinetemplate | sha256sum | trunc 6 }}
 {{- $kubevirtmachinetemplateName := printf "%s-%s-%s" $.Release.Name $groupName $kubevirtmachinetemplateHash }}
@@ -272,21 +255,6 @@ spec:
  - type: Ready
    status: "False"
    timeout: 300s
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-{{ $groupName }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-  minReplicas: {{ $group.minReplicas }}
-  kind: kubernetes
-  type: worker
-  selector:
-    cluster.x-k8s.io/cluster-name: {{ $.Release.Name }}
-    cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ $groupName }}
-    cluster.x-k8s.io/role: worker
-  version: {{ $.Chart.Version }}
 {{- end }}
 ---
 {{- /*
--- a/packages/apps/kubernetes/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/kubernetes/templates/dashboard-resourcemap.yaml
@@ -24,13 +24,3 @@ rules:
  resourceNames:
  - {{ .Release.Name }}
  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}
-  {{- range $groupName, $group := .Values.nodeGroups }}
-  - {{ $.Release.Name }}-{{ $groupName }}
-  {{- end }}
-  verbs: ["get", "list", "watch"]
--- a/packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
@@ -48,6 +48,7 @@ spec:
        tenant: {{ .Release.Namespace }}
      remoteWrite:
        url: http://vminsert-shortterm.{{ $targetTenant }}.svc:8480/insert/0/prometheus
+
    fluent-bit:
      readinessProbe:
        httpGet:
--- a/packages/apps/mysql/images/mariadb-backup.tag
+++ b/packages/apps/mysql/images/mariadb-backup.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:4bbfbb397bd7ecea45507ca47989c51429c4a24f40853ac92583e5b5b352fbea
+ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:f6435ce02b1bf4d7b2422676e84bc2299725ed2cfb93922e40f40a695d54b9d3
--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.0
+version: 0.7.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/postgres/images/postgres-backup.tag
+++ b/packages/apps/postgres/images/postgres-backup.tag
@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.8.0@sha256:6a8ec7e7052f2d02ec5457d7cbac6ee52b3ed93a883988a192d1394fc7c88117
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:406d2c5a30fa8b6fe10eab3cba45c06fea3876e81fd123ead6dc3c19347762d0
--- a/packages/apps/postgres/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/postgres/templates/dashboard-resourcemap.yaml
@@ -19,10 +19,3 @@ rules:
  resourceNames:
  - {{ .Release.Name }}-credentials
  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}
-  verbs: ["get", "list", "watch"]
--- a/packages/apps/postgres/templates/db.yaml
+++ b/packages/apps/postgres/templates/db.yaml
@@ -29,17 +29,3 @@ spec:
  inheritedMetadata:
    labels:
      policy.cozystack.io/allow-to-apiserver: "true"
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: postgres
-  type: postgres
-  selector:
-    cnpg.io/cluster: {{ .Release.Name }}
-    cnpg.io/podRole: instance
-  version: {{ $.Chart.Version }}
--- a/packages/apps/redis/Chart.yaml
+++ b/packages/apps/redis/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.3.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/redis/README.md
+++ b/packages/apps/redis/README.md
@@ -19,6 +19,5 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche
 | `size`         | Persistent Volume size                          | `1Gi`   |
 | `replicas`     | Number of Redis replicas                        | `2`     |
 | `storageClass` | StorageClass used to store the data             | `""`    |
-| `authEnabled`  | Enable password generation                      | `true`  |


--- a/packages/apps/redis/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/redis/templates/dashboard-resourcemap.yaml
@@ -13,18 +13,3 @@ rules:
  - rfrs-{{ .Release.Name }}
  - "{{ .Release.Name }}-external-lb"
  verbs: ["get", "list", "watch"]
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  resourceNames:
-  - "{{ .Release.Name }}-auth"
-  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}-redis
-  - {{ .Release.Name }}-sentinel
-  verbs: ["get", "list", "watch"]
--- a/packages/apps/redis/templates/redisfailover.yaml
+++ b/packages/apps/redis/templates/redisfailover.yaml
@@ -1,20 +1,3 @@
-{{- if .Values.authEnabled }}
-  {{- $existingPassword := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" .Release.Name) }}
-  {{- $password := randAlphaNum 32 | b64enc }}
-  {{- if $existingPassword }}
-    {{- $password = index $existingPassword.data "password" }}
-  {{- end }}
---
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-auth
-data:
-  password: {{ $password }}
-{{- end }}
-
---
-
 apiVersion: databases.spotahome.com/v1
 kind: RedisFailover
 metadata:
@@ -69,38 +52,3 @@ spec:
      - appendonly no
      - save ""
      {{- end }}
-  {{- if .Values.authEnabled }}
-  auth:
-    secretPath: {{ .Release.Name }}-auth
-  {{- end }}
-
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-redis
-  namespace: {{ $.Release.Namespace }}
-spec:
-  minReplicas: 1
-  replicas: {{ .Values.replicas }}
-  kind: redis
-  type: redis
-  selector:
-    app.kubernetes.io/component: redis
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-sentinel
-  namespace: {{ $.Release.Namespace }}
-spec:
-  minReplicas: 2
-  replicas: 3
-  kind: redis
-  type: sentinel
-  selector:
-    app.kubernetes.io/component: sentinel
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/redis/values.schema.json
+++ b/packages/apps/redis/values.schema.json
@@ -21,11 +21,6 @@
            "type": "string",
            "description": "StorageClass used to store the data",
            "default": ""
-        },
-        "authEnabled": {
-            "type": "boolean",
-            "description": "Enable password generation",
-            "default": true
        }
    }
 }
--- a/packages/apps/redis/values.yaml
+++ b/packages/apps/redis/values.yaml
@@ -4,10 +4,8 @@
 ## @param size Persistent Volume size
 ## @param replicas Number of Redis replicas
 ## @param storageClass StorageClass used to store the data
-## @param authEnabled Enable password generation
 ##
 external: false
 size: 1Gi
 replicas: 2
 storageClass: ""
-authEnabled: true
--- a/packages/apps/tenant/Chart.yaml
+++ b/packages/apps/tenant/Chart.yaml
@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg

 type: application
-version: 1.6.7
+version: 1.6.2
--- a/packages/apps/tenant/templates/kubeconfig.yaml
+++ b/packages/apps/tenant/templates/kubeconfig.yaml
@@ -4,13 +4,9 @@

 {{- if $k8sClientSecret }}
 {{- $apiServerEndpoint := index $cozyConfig.data "api-server-endpoint" }}
-{{- $managementKubeconfigEndpoint := default "" (get $cozyConfig.data "management-kubeconfig-endpoint") }}
-{{- if and $managementKubeconfigEndpoint (ne $managementKubeconfigEndpoint "") }}
-{{- $apiServerEndpoint = $managementKubeconfigEndpoint }}
-{{- end }}
 {{- $k8sClient := index $k8sClientSecret.data "client-secret-key" | b64dec }}
 {{- $rootSaConfigMap := lookup "v1" "ConfigMap" "kube-system" "kube-root-ca.crt" }}
-{{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc }}
+{{- $k8sCa := index $rootSaConfigMap.data "ca.crt" | b64enc  }}
 ---
 apiVersion: v1
 kind: Secret
--- a/packages/apps/tenant/templates/monitoring.yaml
+++ b/packages/apps/tenant/templates/monitoring.yaml
@@ -26,24 +26,12 @@ spec:
    metricsStorages:
    - name: shortterm
      retentionPeriod: "3d"
-      deduplicationInterval: "15s"
-      storage: 10Gi
-      vminsert:
-        resources: {}
-      vmselect:
-        resources: {}
-      vmstorage:
-        resources: {}
-    - name: longterm
-      retentionPeriod: "14d"
      deduplicationInterval: "5m"
      storage: 10Gi
-      vminsert:
-        resources: {}
-      vmselect:
-        resources: {}
-      vmstorage:
-        resources: {}
+    - name: longterm
+      retentionPeriod: "14d"
+      deduplicationInterval: "15s"
+      storage: 10Gi
    oncall:
      enabled: false
 {{- end }}
--- a/packages/apps/tenant/templates/tenant.yaml
+++ b/packages/apps/tenant/templates/tenant.yaml
@@ -14,8 +14,6 @@ metadata:
    kubernetes.io/service-account.name: {{ include "tenant.name" . }}
 type: kubernetes.io/service-account-token
 ---
-# == default role ==
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -31,10 +29,9 @@ rules:
 - apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["roles"]
  verbs: ["get"]
- apiGroups: ["apps.cozystack.io"]
-  resources: ['*']
-  verbs: ['*']
-
+- apiGroups: ["helm.toolkit.fluxcd.io"]
+  resources: ["helmreleases"]
+  verbs: ["*"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -65,7 +62,18 @@ roleRef:
  name: {{ include "tenant.name" . }}
  apiGroup: rbac.authorization.k8s.io
 ---
-# == view role ==
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}
+  namespace: cozy-public
+rules:
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmrepositories"]
+  verbs: ["get", "list"]
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmcharts"]
+  verbs: ["*"]
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -87,6 +95,14 @@ rules:
      - get
      - list
      - watch
+  - apiGroups:
+      - helm.toolkit.fluxcd.io
+    resources:
+      - helmreleases
+    verbs:
+      - get
+      - list
+      - watch
  - apiGroups:
      - ""
    resources:
@@ -103,38 +119,22 @@ rules:
      - get
      - list
      - watch
+
 ---
+
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: {{ include "tenant.name" . }}-view
  namespace: {{ include "tenant.name" . }}
 subjects:
-{{- if ne .Release.Namespace "tenant-root" }}
- kind: Group
-  name: tenant-root-view
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
- kind: Group
-  name: {{ include "tenant.name" . }}-view
-  apiGroup: rbac.authorization.k8s.io
-{{- if hasPrefix "tenant-" .Release.Namespace }}
-{{- $parts := splitList "-" .Release.Namespace }}
-{{- range $i, $v := $parts }}
-{{- if ne $i 0 }}
- kind: Group
-  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-{{- end }}
-{{- end }}
+  - kind: Group
+    name: {{ include "tenant.name" . }}-view
+    apiGroup: rbac.authorization.k8s.io
 roleRef:
  kind: Role
  name: {{ include "tenant.name" . }}-view
  apiGroup: rbac.authorization.k8s.io
-
---
-# == use role ==
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -154,6 +154,13 @@ rules:
    - get
    - list
    - watch
+  - apiGroups: ["helm.toolkit.fluxcd.io"]
+    resources:
+    - helmreleases
+    verbs:
+    - get
+    - list
+    - watch
  - apiGroups: [""]
    resources:
    - "*"
@@ -182,31 +189,14 @@ metadata:
  name: {{ include "tenant.name" . }}-use
  namespace: {{ include "tenant.name" . }}
 subjects:
-{{- if ne .Release.Namespace "tenant-root" }}
- kind: Group
-  name: tenant-root-use
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
- kind: Group
-  name: {{ include "tenant.name" . }}-use
-  apiGroup: rbac.authorization.k8s.io
-{{- if hasPrefix "tenant-" .Release.Namespace }}
-{{- $parts := splitList "-" .Release.Namespace }}
-{{- range $i, $v := $parts }}
-{{- if ne $i 0 }}
- kind: Group
-  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-{{- end }}
-{{- end }}
+  - kind: Group
+    name: {{ include "tenant.name" . }}-use
+    apiGroup: rbac.authorization.k8s.io
 roleRef:
  kind: Role
  name: {{ include "tenant.name" . }}-use
  apiGroup: rbac.authorization.k8s.io
 ---
-# == admin role ==
---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -226,6 +216,13 @@ rules:
    - list
    - watch
    - delete
+  - apiGroups: ["helm.toolkit.fluxcd.io"]
+    resources:
+    - helmreleases
+    verbs:
+    - get
+    - list
+    - watch
  - apiGroups: ["kubevirt.io"]
    resources:
    - virtualmachines
@@ -266,6 +263,64 @@ rules:
    - update
    - patch
    - delete
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: cozy-public
+rules:
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: ["helmrepositories"]
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - source.toolkit.fluxcd.io
+    resources:
+    - helmcharts
+    verbs:
+    - get
+    - list
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources:
+    - helmcharts
+    verbs: ["*"]
+    resourceNames:
+    - bucket
+    - clickhouse
+    - ferretdb
+    - foo
+    - httpcache
+    - kafka
+    - kubernetes
+    - mysql
+    - nats
+    - postgres
+    - rabbitmq
+    - redis
+    - seaweedfs
+    - tcpbalancer
+    - virtualmachine
+    - vmdisk
+    - vminstance
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tenant.name" . }}-admin
+  namespace: cozy-public
+subjects:
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -273,31 +328,14 @@ metadata:
  name: {{ include "tenant.name" . }}-admin
  namespace: {{ include "tenant.name" . }}
 subjects:
-{{- if ne .Release.Namespace "tenant-root" }}
- kind: Group
-  name: tenant-root-admin
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
- kind: Group
-  name: {{ include "tenant.name" . }}-admin
-  apiGroup: rbac.authorization.k8s.io
-{{- if hasPrefix "tenant-" .Release.Namespace }}
-{{- $parts := splitList "-" .Release.Namespace }}
-{{- range $i, $v := $parts }}
-{{- if ne $i 0 }}
- kind: Group
-  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-{{- end }}
-{{- end }}
+  - kind: Group
+    name: {{ include "tenant.name" . }}-admin
+    apiGroup: rbac.authorization.k8s.io
 roleRef:
  kind: Role
  name: {{ include "tenant.name" . }}-admin
  apiGroup: rbac.authorization.k8s.io
 ---
-# == super admin role ==
---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -317,6 +355,11 @@ rules:
    - list
    - watch
    - delete
+  - apiGroups: ["helm.toolkit.fluxcd.io"]
+    resources:
+    - helmreleases
+    verbs:
+    - '*'
  - apiGroups: ["kubevirt.io"]
    resources:
    - virtualmachines
@@ -334,6 +377,38 @@ rules:
    - '*'
    verbs:
    - '*'
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}-super-admin
+  namespace: cozy-public
+rules:
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: ["helmrepositories"]
+    verbs:
+    - get
+    - list
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources:
+    - helmcharts
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tenant.name" . }}-super-admin
+  namespace: cozy-public
+subjects:
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -341,14 +416,6 @@ metadata:
  name: {{ include "tenant.name" . }}-super-admin
  namespace: {{ include "tenant.name" . }}
 subjects:
-{{- if ne .Release.Namespace "tenant-root" }}
- kind: Group
-  name: tenant-root-super-admin
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
- kind: Group
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
 {{- if hasPrefix "tenant-" .Release.Namespace }}
 {{- $parts := splitList "-" .Release.Namespace }}
 {{- range $i, $v := $parts }}
@@ -359,48 +426,10 @@ subjects:
 {{- end }}
 {{- end }}
 {{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 roleRef:
  kind: Role
  name: {{ include "tenant.name" . }}-super-admin
  apiGroup: rbac.authorization.k8s.io
---
-# == dashboard role ==
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}
-  namespace: cozy-public
-rules:
- apiGroups: ["source.toolkit.fluxcd.io"]
-  resources: ["helmrepositories"]
-  verbs: ["get", "list"]
- apiGroups: ["source.toolkit.fluxcd.io"]
-  resources: ["helmcharts"]
-  verbs: ["get", "list"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "tenant.name" . }}
-  namespace: cozy-public
-subjects:
- kind: Group
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
- kind: Group
-  name: {{ include "tenant.name" . }}-admin
-  apiGroup: rbac.authorization.k8s.io
- kind: Group
-  name: {{ include "tenant.name" . }}-use
-  apiGroup: rbac.authorization.k8s.io
- kind: Group
-  name: {{ include "tenant.name" . }}-view
-  apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount
-  name: {{ include "tenant.name" . }}
-  namespace: {{ include "tenant.name" . }}
-roleRef:
-  kind: Role
-  name: {{ include "tenant.name" . }}
-  apiGroup: rbac.authorization.k8s.io
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -42,8 +42,7 @@ kubernetes 0.12.0 74649f8
 kubernetes 0.12.1 28fca4e
 kubernetes 0.13.0 ced8e5b9
 kubernetes 0.14.0 bfbde07c
-kubernetes 0.14.1 fde4bcfa
-kubernetes 0.15.0 HEAD
+kubernetes 0.14.1 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 5ca8823
@@ -66,8 +65,7 @@ postgres 0.5.0 c07c4bbd
 postgres 0.6.0 2a4768a
 postgres 0.6.2 54fd61c
 postgres 0.7.0 dc9d8bb
-postgres 0.7.1 175a65f
-postgres 0.8.0 HEAD
+postgres 0.7.1 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 5ca8823
 rabbitmq 0.3.0 9e33dc0
@@ -78,9 +76,7 @@ rabbitmq 0.4.3 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 5ca8823
 redis 0.3.0 c07c4bbd
-redis 0.3.1 b7375f73
-redis 0.4.0 abc8f082
-redis 0.5.0 HEAD
+redis 0.3.1 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
@@ -95,25 +91,15 @@ tenant 1.4.0 94c688f7
 tenant 1.5.0 48128743
 tenant 1.6.0 df448b99
 tenant 1.6.1 edbbb9be
-tenant 1.6.2 ccedc5fe
-tenant 1.6.3 2057bb96
-tenant 1.6.4 3c9e50a4
-tenant 1.6.5 f1e11451
-tenant 1.6.6 d4634797
-tenant 1.6.7 HEAD
+tenant 1.6.2 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
 virtual-machine 0.2.0 5ca8823
 virtual-machine 0.3.0 b908400
 virtual-machine 0.4.0 4746d51
-virtual-machine 0.5.0 cad9cde
-virtual-machine 0.6.0 0e728870
-virtual-machine 0.7.0 HEAD
+virtual-machine 0.5.0 HEAD
 vm-disk 0.1.0 HEAD
-vm-instance 0.1.0 ced8e5b9
-vm-instance 0.2.0 4f767ee3
-vm-instance 0.3.0 0e728870
-vm-instance 0.4.0 HEAD
+vm-instance 0.1.0 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
 vpn 0.3.0 a2bcf100
--- a/packages/apps/virtual-machine/Chart.yaml
+++ b/packages/apps/virtual-machine/Chart.yaml
@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.0
+version: 0.5.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.7.0"
+appVersion: "1.16.1"
--- a/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml
@@ -1,25 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-dashboard-resources
-rules:
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}
-  verbs: ["get", "list", "watch"]
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: 1
-  minReplicas: 1
-  kind: virtual-machine
-  type: virtual-machine
-  selector:
-    vm.kubevirt.io/name: {{ .Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/virtual-machine/templates/vm-update-hook.yaml
+++ b/packages/apps/virtual-machine/templates/vm-update-hook.yaml
@@ -1,118 +0,0 @@
-{{- $vmName := include "virtual-machine.fullname" . -}}
-{{- $namespace := .Release.Namespace -}}
-
-{{- $existingVM := lookup "kubevirt.io/v1" "VirtualMachine" $namespace $vmName -}}
-{{- $existingPVC := lookup "v1" "PersistentVolumeClaim" $namespace $vmName -}}
-
-{{- $instanceType := .Values.instanceType | default "" -}}
-{{- $instanceProfile := .Values.instanceProfile | default "" -}}
-{{- $desiredStorage := .Values.systemDisk.storage | default "" -}}
-
-{{- $needUpdateType := false -}}
-{{- $needUpdateProfile := false -}}
-{{- $needResizePVC := false -}}
-
-{{- if and $existingVM $instanceType -}}
-  {{- if not (eq $existingVM.spec.instancetype.name $instanceType) -}}
-    {{- $needUpdateType = true -}}
-  {{- end -}}
-{{- end -}}
-
-{{- if and $existingVM $instanceProfile -}}
-  {{- if not (eq $existingVM.spec.preference.name $instanceProfile) -}}
-    {{- $needUpdateProfile = true -}}
-  {{- end -}}
-{{- end -}}
-
-{{- if and $existingPVC $desiredStorage -}}
-  {{- $currentStorage := $existingPVC.spec.resources.requests.storage | toString -}}
-  {{- if not (eq $currentStorage $desiredStorage) -}}
-    {{- $needResizePVC = true -}}
-  {{- end -}}
-{{- end -}}
-
-{{- if or $needUpdateType $needUpdateProfile $needResizePVC }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "{{ $.Release.Name }}-update-hook"
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "0"
-    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
-spec:
-  template:
-    metadata:
-      labels:
-        app: "{{ $.Release.Name }}-update-hook"
-    spec:
-      serviceAccountName: {{ $.Release.Name }}-update-hook
-      restartPolicy: Never
-      containers:
-        - name: update-resources
-          image: bitnami/kubectl:latest
-          command: ["sh", "-exc"]
-          args:
-            - |
-              {{- if $needUpdateType }}
-              echo "Patching VirtualMachine for instancetype update..."
-              kubectl patch virtualmachine {{ $vmName }} -n {{ $namespace }} \
-                --type merge \
-                -p '{"spec":{"instancetype":{"name": "{{ $instanceType }}", "revisionName": null}}}'
-              {{- end }}
-              
-              {{- if $needUpdateProfile }}
-              echo "Patching VirtualMachine for preference update..."
-              kubectl patch virtualmachine {{ $vmName }} -n {{ $namespace }} \
-                --type merge \
-                -p '{"spec":{"preference":{"name": "{{ $instanceProfile }}", "revisionName": null}}}'
-              {{- end }}
-
-              {{- if $needResizePVC }}
-              echo "Patching PVC for storage resize..."
-              kubectl patch pvc {{ $vmName }} -n {{ $namespace }} \
-                --type merge \
-                -p '{"spec":{"resources":{"requests":{"storage":"{{ $desiredStorage }}"}}}}'
-              {{- end }}
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $.Release.Name }}-update-hook
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ $.Release.Name }}-update-hook
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation
-rules:
-  - apiGroups: ["kubevirt.io"]
-    resources: ["virtualmachines"]
-    verbs: ["patch", "get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["patch", "get", "list", "watch"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ $.Release.Name }}-update-hook
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation
-subjects:
-  - kind: ServiceAccount
-    name: {{ $.Release.Name }}-update-hook
-roleRef:
-  kind: Role
-  name: {{ $.Release.Name }}-update-hook
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
--- a/packages/apps/vm-instance/Chart.yaml
+++ b/packages/apps/vm-instance/Chart.yaml
@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.1.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.4.0"
+appVersion: "0.1.0"
--- a/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml
@@ -1,26 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-dashboard-resources
-rules:
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}
-  verbs: ["get", "list", "watch"]
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-  replicas: 1
-  minReplicas: 1
-  kind: virtual-machine
-  type: virtual-machine
-  selector:
-    vm.kubevirt.io/name: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/vm-instance/templates/vm-update-hook.yaml
+++ b/packages/apps/vm-instance/templates/vm-update-hook.yaml
@@ -1,98 +0,0 @@
-{{- $vmName := include "virtual-machine.fullname" . -}}
-{{- $namespace := .Release.Namespace -}}
-
-{{- $existingVM := lookup "kubevirt.io/v1" "VirtualMachine" $namespace $vmName -}}
-
-{{- $instanceType := .Values.instanceType | default "" -}}
-{{- $instanceProfile := .Values.instanceProfile | default "" -}}
-
-{{- $needUpdateType := false -}}
-{{- $needUpdateProfile := false -}}
-
-{{- if and $existingVM $instanceType -}}
-  {{- if not (eq $existingVM.spec.instancetype.name $instanceType) -}}
-    {{- $needUpdateType = true -}}
-  {{- end -}}
-{{- end -}}
-
-{{- if and $existingVM $instanceProfile -}}
-  {{- if not (eq $existingVM.spec.preference.name $instanceProfile) -}}
-    {{- $needUpdateProfile = true -}}
-  {{- end -}}
-{{- end -}}
-
-{{- if or $needUpdateType $needUpdateProfile }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "{{ $.Release.Name }}-update-hook"
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "0"
-    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
-spec:
-  template:
-    metadata:
-      labels:
-        app: "{{ $.Release.Name }}-update-hook"
-    spec:
-      serviceAccountName: {{ $.Release.Name }}-update-hook
-      restartPolicy: Never
-      containers:
-        - name: update-resources
-          image: bitnami/kubectl:latest
-          command: ["sh", "-exc"]
-          args:
-            - |
-              {{- if $needUpdateType }}
-              echo "Patching VirtualMachine for instancetype update..."
-              kubectl patch virtualmachine {{ $vmName }} -n {{ $namespace }} \
-                --type merge \
-                -p '{"spec":{"instancetype":{"name": "{{ $instanceType }}", "revisionName": null}}}'
-              {{- end }}
-              
-              {{- if $needUpdateProfile }}
-              echo "Patching VirtualMachine for preference update..."
-              kubectl patch virtualmachine {{ $vmName }} -n {{ $namespace }} \
-                --type merge \
-                -p '{"spec":{"preference":{"name": "{{ $instanceProfile }}", "revisionName": null}}}'
-              {{- end }}
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ $.Release.Name }}-update-hook
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ $.Release.Name }}-update-hook
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation
-rules:
-  - apiGroups: ["kubevirt.io"]
-    resources: ["virtualmachines"]
-    verbs: ["patch", "get", "list", "watch"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ $.Release.Name }}-update-hook
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation
-subjects:
-  - kind: ServiceAccount
-    name: {{ $.Release.Name }}-update-hook
-roleRef:
-  kind: Role
-  name: {{ $.Release.Name }}-update-hook
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
--- a/packages/apps/vm-instance/templates/vm.yaml
+++ b/packages/apps/vm-instance/templates/vm.yaml
@@ -17,12 +17,15 @@ spec:
  instancetype:
    kind: VirtualMachineClusterInstancetype
    name: {{ . }}
-    {{- end }}
+    revisionName: null
+  {{- end }}
  {{- with .Values.instanceProfile }}
  preference:
    kind: VirtualMachineClusterPreference
    name: {{ . }}
-    {{- end }}
+    revisionName: null
+  {{- end }}
+
  template:
    metadata:
      annotations:
@@ -44,7 +47,7 @@ spec:
          disks:
          {{- range $i, $disk := .Values.disks }}
          - name: disk-{{ .name }}
-            {{- $disk := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" .name) }}
+            {{- $disk := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace .name }}
            {{- if $disk }}
            {{- if and (hasKey $disk.metadata.annotations "vm-disk.cozystack.io/optical") (eq (index $disk.metadata.annotations "vm-disk.cozystack.io/optical") "true") }}
            cdrom: {}
@@ -82,7 +85,7 @@ spec:
      {{- range .Values.disks }}
      - name: disk-{{ .name }}
        dataVolume:
-          name: vm-disk-{{ .name }}
+          name: {{ .name }}
      {{- end }}
      {{- if or .Values.sshKeys .Values.cloudInit }}
      - name: cloudinitdisk
--- a/packages/apps/vm-instance/values.yaml
+++ b/packages/apps/vm-instance/values.yaml
@@ -18,8 +18,8 @@ instanceProfile: ubuntu
 ## @param disks [array] List of disks to attach
 ## Example:
 ## disks:
-## - name: example-system
-## - name: example-data
+## - name: vm-disk-example-system
+## - name: vm-disk-example-data
 disks: []

 ## @param resources.cpu The number of CPU cores allocated to the virtual machine
--- a/packages/core/builder/Makefile
+++ b/packages/core/builder/Makefile
@@ -1,35 +0,0 @@
-NAMESPACE=cozy-builder
-NAME := builder
-
-TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' ../installer/images/talos/profiles/installer.yaml)
-
-include ../../../scripts/common-envs.mk
-
-help: ## Show this help.
-	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
-
-show:
-	helm template -n $(NAMESPACE) $(NAME) .
-
-apply: ## Create builder sandbox in existing Kubernetes cluster.
-	helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f -
-	docker buildx ls | grep -q '^buildkit-builder*' || docker buildx create \
-		--bootstrap \
-		--name=buildkit-$(NAME) \
-		--driver=kubernetes \
-		--driver-opt=namespace=$(NAMESPACE),replicas=1 \
-		--platform=linux/amd64 \
-		--platform=linux/arm64 \
-		--use \
-		--config config.toml
-
-diff:
-	helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f -
-
-delete: ## Remove builder sandbox from existing Kubernetes cluster.
-	kubectl delete deploy -n $(NAMESPACE) $(NAME)-talos-imager
-	docker buildx rm buildkit-$(NAME)
-
-wait-for-builder:
-	kubectl wait deploy --for=condition=Progressing -n $(NAMESPACE) $(NAME)-talos-imager
-	kubectl wait pod --for=condition=Ready -n $(NAMESPACE) -l app=$(NAME)-talos-imager
--- a/packages/core/builder/config.toml
+++ b/packages/core/builder/config.toml
@@ -1,11 +0,0 @@
-[worker.oci]
-  gc = true
-  gckeepstorage = 50000
-
-  [[worker.oci.gcpolicy]]
-    keepBytes = 10737418240
-    keepDuration = 604800
-    filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
-  [[worker.oci.gcpolicy]]
-    all = true
-    keepBytes = 53687091200
--- a/packages/core/builder/templates/sandbox.yaml
+++ b/packages/core/builder/templates/sandbox.yaml
@@ -1,43 +0,0 @@
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Release.Namespace }}
-  labels:
-    pod-security.kubernetes.io/enforce: privileged
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-talos-imager
-  namespace: {{ .Release.Namespace }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-talos-imager
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-talos-imager
-    spec:
-      automountServiceAccountToken: false
-      terminationGracePeriodSeconds: 1
-      containers:
-      - name: imager
-        image: "{{ .Values.talos.imager.image }}"
-        securityContext:
-          privileged: true
-        command:
-        - sleep
-        - infinity
-        volumeMounts:
-        - mountPath: /dev
-          name: dev
-      volumes:
-      - hostPath:
-          path: /dev
-          type: Directory
-        name: dev
--- a/packages/core/builder/values.yaml
+++ b/packages/core/builder/values.yaml
@@ -1,3 +0,0 @@
-talos:
-  imager:
-    image: ghcr.io/siderolabs/imager:v1.9.2
--- a/packages/core/installer/Makefile
+++ b/packages/core/installer/Makefile
@@ -19,12 +19,10 @@ diff:

 update:
 	hack/gen-profiles.sh
-	IMAGE=$$(yq '.input.baseInstaller.imageRef | sub("/installer:", "/imager:")' images/talos/profiles/installer.yaml) \
-		yq -i '.talos.imager.image = strenv(IMAGE)' ../builder/values.yaml

 image: pre-checks image-cozystack image-talos image-matchbox

-image-cozystack: run-builder
+image-cozystack:
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
@@ -39,11 +37,13 @@ image-cozystack: run-builder
 		yq -i '.cozystack.image = strenv(IMAGE)' values.yaml
 	rm -f images/cozystack.json

-image-talos: run-builder
+image-talos:
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
-	skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
+	docker load -i ../../../_out/assets/installer-amd64.tar
+	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
+	docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))

-image-matchbox:  run-builder
+image-matchbox:
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
 	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
@@ -62,8 +62,5 @@ assets: talos-iso talos-nocloud talos-metal
 talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
 	mkdir -p ../../../_out/assets
 	cat images/talos/profiles/$(subst talos-,,$@).yaml | \
-		kubectl exec -i -n cozy-builder deploy/builder-talos-imager -- imager --tar-to-stdout - | \
+		docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
 		tar -C ../../../_out/assets -xzf-
-
-run-builder:
-	make -C ../builder/ apply wait-for-builder
--- a/packages/core/installer/images/talos/profiles/initramfs.yaml
+++ b/packages/core/installer/images/talos/profiles/initramfs.yaml
@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.8.3
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.8.3
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
 output:
  kind: initramfs
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/installer.yaml
+++ b/packages/core/installer/images/talos/profiles/installer.yaml
@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.8.3
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.8.3
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
 output:
  kind: installer
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/iso.yaml
+++ b/packages/core/installer/images/talos/profiles/iso.yaml
@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.8.3
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.8.3
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
 output:
  kind: iso
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/kernel.yaml
+++ b/packages/core/installer/images/talos/profiles/kernel.yaml
@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.8.3
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.8.3
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
 output:
  kind: kernel
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/metal.yaml
+++ b/packages/core/installer/images/talos/profiles/metal.yaml
@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.8.3
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.8.3
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
 output:
  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
--- a/packages/core/installer/images/talos/profiles/nocloud.yaml
+++ b/packages/core/installer/images/talos/profiles/nocloud.yaml
@@ -3,24 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.9.2
+version: v1.8.3
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.8.3
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
 output:
  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.23.1@sha256:dfa803a3e02ec9ea221029d361aa9d7aef0b5eb0a36d66c949b265d4ac4fc114
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.20.2@sha256:061668fa81344302f1097482418fe7925d77ca74ccc856dcb739119590523136
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -37,17 +37,6 @@ releases:
  namespace: cozy-cert-manager
  dependsOn: [cilium]

- name: cozystack-controller
-  releaseName: cozystack-controller
-  chart: cozy-cozystack-controller
-  namespace: cozy-system
-  dependsOn: [cilium]
-  {{- if eq (index $cozyConfig.data "telemetry-enabled") "false" }}
-  values:
-    cozystackController:
-      disableTelemetry: true
-  {{- end }}
-
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
@@ -109,7 +98,7 @@ releases:
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
  optional: true
-  dependsOn: [cilium,cert-manager,victoria-metrics-operator]
+  dependsOn: [cilium,cert-manager]

 - name: kafka-operator
  releaseName: kafka-operator
@@ -199,10 +188,3 @@ releases:
  namespace: cozy-keycloak
  optional: true
  dependsOn: [keycloak]
-
- name: tinkerbell
-  releaseName: tinkerbell
-  chart: cozy-tinkerbell
-  namespace: cozy-tinkerbell
-  optional: true
-  dependsOn: [cilium,kubeovn]
--- a/packages/core/platform/bundles/distro-hosted.yaml
+++ b/packages/core/platform/bundles/distro-hosted.yaml
@@ -20,17 +20,6 @@ releases:
  namespace: cozy-cert-manager
  dependsOn: []

- name: cozystack-controller
-  releaseName: cozystack-controller
-  chart: cozy-cozystack-controller
-  namespace: cozy-system
-  dependsOn: [cilium]
-  {{- if eq (index $cozyConfig.data "telemetry-enabled") "false" }}
-  values:
-    cozystackController:
-      disableTelemetry: true
-  {{- end }}
-
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
@@ -85,7 +74,7 @@ releases:
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
  optional: true
-  dependsOn: [victoria-metrics-operator]
+  dependsOn: [cert-manager]

 - name: kafka-operator
  releaseName: kafka-operator
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -62,17 +62,6 @@ releases:
  namespace: cozy-system
  dependsOn: [cilium,kubeovn]

- name: cozystack-controller
-  releaseName: cozystack-controller
-  chart: cozy-cozystack-controller
-  namespace: cozy-system
-  dependsOn: [cilium,kubeovn]
-  {{- if eq (index $cozyConfig.data "telemetry-enabled") "false" }}
-  values:
-    cozystackController:
-      disableTelemetry: true
-  {{- end }}
-
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
@@ -102,7 +91,7 @@ releases:
  releaseName: kubevirt-operator
  chart: cozy-kubevirt-operator
  namespace: cozy-kubevirt
-  dependsOn: [cilium,kubeovn,victoria-metrics-operator]
+  dependsOn: [cilium,kubeovn]

 - name: kubevirt
  releaseName: kubevirt
@@ -221,32 +210,35 @@ releases:
  chart: cozy-dashboard
  namespace: cozy-dashboard
  dependsOn: [cilium,kubeovn,keycloak-configure]
+  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+  {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
  values:
-    {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-    {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
-    redis:
-      master:
-        podAnnotations:
-          {{- range $index, $repo := . }}
-          {{- with (($repo.status).artifact).revision }}
-          repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
-          {{- end }}
-          {{- end }}
-    {{- end }}
-    {{- end }}
-
-    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
-    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
-    {{- if $dashboardKCValues }}
-    {{- $dashboardKCValues | nindent 4 }}
-    {{- end }}
-
+      redis:
+        master:
+          podAnnotations:
+            {{- range $index, $repo := . }}
+            {{- with (($repo.status).artifact).revision }}
+            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
+            {{- end }}
+            {{- end }}
+  {{- end }}
+  {{- end }}
  {{- if eq $oidcEnabled "true" }}
  dependsOn: [keycloak-configure]
+  valuesFrom:
+    - kind: ConfigMap
+      name: kubeapps-auth-config
+      valuesKey: values.yaml
  {{- else }}
  dependsOn: []
  {{- end }}

+- name: console
+  releaseName: console
+  chart: cozy-console
+  namespace: cozy-console
+  dependsOn: [cilium,kubeovn]
+
 - name: kamaji
  releaseName: kamaji
  chart: cozy-kamaji
@@ -281,13 +273,6 @@ releases:
  optional: true
  dependsOn: [cilium,kubeovn]

- name: tinkerbell
-  releaseName: tinkerbell
-  chart: cozy-tinkerbell
-  namespace: cozy-tinkerbell
-  optional: true
-  dependsOn: [cilium,kubeovn]
-
 {{- if $oidcEnabled }}
 - name: keycloak
  releaseName: keycloak
@@ -306,7 +291,4 @@ releases:
  chart: cozy-keycloak-configure
  namespace: cozy-keycloak
  dependsOn: [keycloak-operator]
-  values:
-    cozystack:
-      configHash: {{ $cozyConfig | toJson | sha256sum }}
 {{- end }}
--- a/packages/core/platform/bundles/paas-hosted.yaml
+++ b/packages/core/platform/bundles/paas-hosted.yaml
@@ -35,17 +35,6 @@ releases:
  namespace: cozy-system
  dependsOn: []

- name: cozystack-controller
-  releaseName: cozystack-controller
-  chart: cozy-cozystack-controller
-  namespace: cozy-system
-  dependsOn: []
-  {{- if eq (index $cozyConfig.data "telemetry-enabled") "false" }}
-  values:
-    cozystackController:
-      disableTelemetry: true
-  {{- end }}
-
 - name: cert-manager
  releaseName: cert-manager
  chart: cozy-cert-manager
@@ -93,7 +82,7 @@ releases:
  releaseName: postgres-operator
  chart: cozy-postgres-operator
  namespace: cozy-postgres-operator
-  dependsOn: [cert-manager,victoria-metrics-operator]
+  dependsOn: [cert-manager]

 - name: kafka-operator
  releaseName: kafka-operator
@@ -150,9 +139,9 @@ releases:
  releaseName: dashboard
  chart: cozy-dashboard
  namespace: cozy-dashboard
+  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+  {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
  values:
-    {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-    {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
    kubeapps:
      redis:
        master:
@@ -162,21 +151,24 @@ releases:
            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
            {{- end }}
            {{- end }}
-    {{- end }}
-    {{- end }}
-
-    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
-    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
-    {{- if $dashboardKCValues }}
-    {{- $dashboardKCValues | nindent 4 }}
-    {{- end }}
-
+  {{- end }}
+  {{- end }}
  {{- if eq $oidcEnabled "true" }}
  dependsOn: [keycloak-configure]
+  valuesFrom:
+    - kind: ConfigMap
+      name: kubeapps-auth-config
+      valuesKey: values.yaml
  {{- else }}
  dependsOn: []
  {{- end }}

+- name: console
+  releaseName: console
+  chart: cozy-console
+  namespace: cozy-console
+  dependsOn: [cilium,kubeovn]
+
 {{- if $oidcEnabled }}
 - name: keycloak
  releaseName: keycloak
@@ -195,7 +187,4 @@ releases:
  chart: cozy-keycloak-configure
  namespace: cozy-keycloak
  dependsOn: [keycloak-operator]
-  values:
-    cozystack:
-      configHash: {{ $cozyConfig | toJson | sha256sum }}
 {{- end }}
--- a/packages/core/testing/Makefile
+++ b/packages/core/testing/Makefile
@@ -36,10 +36,7 @@ image-e2e-sandbox:
 copy-hack-dir:
 	tar -C ../../../ -cf- hack | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- tar -xf-

-copy-image:
-	cat ../../../_out/assets/nocloud-amd64.raw.xz | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -xec 'xz --decompress > /nocloud-amd64.raw'
-
-test: wait-for-sandbox copy-hack-dir copy-image ## Run the end-to-end tests in existing sandbox.
+test: wait-for-sandbox copy-hack-dir ## Run the end-to-end tests in existing sandbox.
 	helm template -n cozy-system installer ../installer | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'cat > /cozystack-installer.yaml'
 	kubectl exec -ti -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'export COZYSTACK_INSTALLER_YAML=$$(cat /cozystack-installer.yaml) && /hack/e2e.sh'

--- a/packages/core/testing/images/e2e-sandbox/Dockerfile
+++ b/packages/core/testing/images/e2e-sandbox/Dockerfile
@@ -1,8 +1,8 @@
 FROM ubuntu:22.04

-ARG KUBECTL_VERSION=1.32.0
-ARG TALOSCTL_VERSION=1.8.4
-ARG HELM_VERSION=3.16.4
+ARG KUBECTL_VERSION=1.31.0
+ARG TALOSCTL_VERSION=1.7.6
+ARG HELM_VERSION=3.15.4

 RUN apt-get update
 RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.23.1@sha256:0f4ffa7f23d6cdc633c0c4a0b852fde9710edbce96486fd9bd29c7d0d7710380
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.20.2@sha256:1a26a511b9e269bcb607e2d80f878d7c2d993b7a2a7a3a2a1042470c8c56b061
--- a/packages/extra/etcd/Chart.yaml
+++ b/packages/extra/etcd/Chart.yaml
@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: /logos/etcd.svg
 type: application
-version: 2.4.0
+version: 2.3.0
--- a/packages/extra/etcd/templates/dashboard-resourcemap.yaml
+++ b/packages/extra/etcd/templates/dashboard-resourcemap.yaml
@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-dashboard-resources
-rules:
- apiGroups:
-  - ""
-  resources:
-  - services
-  resourceNames:
-  - etcd
-  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}
-  verbs: ["get", "list", "watch"]
--- a/packages/extra/etcd/templates/etcd-cluster.yaml
+++ b/packages/extra/etcd/templates/etcd-cluster.yaml
@@ -193,19 +193,3 @@ spec:
  issuerRef:
    name: etcd-issuer
    kind: Issuer
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: {{ div .Values.replicas 2 | add1 }}
-  kind: etcd
-  type: etcd
-  selector:
-    app.kubernetes.io/instance: etcd
-    app.kubernetes.io/managed-by: etcd-operator
-    app.kubernetes.io/name: etcd
-  version: {{ $.Chart.Version }}
--- a/packages/extra/ingress/Chart.yaml
+++ b/packages/extra/ingress/Chart.yaml
@@ -3,4 +3,4 @@ name: ingress
 description: NGINX Ingress Controller
 icon: /logos/ingress-nginx.svg
 type: application
-version: 1.4.0
+version: 1.3.0
--- a/packages/extra/ingress/templates/dashboard-resourcemap.yaml
+++ b/packages/extra/ingress/templates/dashboard-resourcemap.yaml
@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-dashboard-resources
-rules:
- apiGroups:
-  - ""
-  resources:
-  - services
-  resourceNames:
-  - {{ trimPrefix "tenant-" .Release.Namespace }}-ingress-controller
-  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ .Release.Name }}
-  verbs: ["get", "list", "watch"]
--- a/packages/extra/ingress/templates/workloadmonitor.yaml
+++ b/packages/extra/ingress/templates/workloadmonitor.yaml
@@ -1,16 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-  namespace: {{ $.Release.Namespace }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: {{ div .Values.replicas 2 | add1 }}
-  kind: ingress
-  type: controller
-  selector:
-    app.kubernetes.io/component: controller
-    app.kubernetes.io/instance: ingress-nginx-system
-    app.kubernetes.io/name: ingress-nginx
-  version: {{ $.Chart.Version }}
--- a/packages/extra/monitoring/Chart.yaml
+++ b/packages/extra/monitoring/Chart.yaml
@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.7.0
+version: 1.5.2
--- a/packages/extra/monitoring/README.md
+++ b/packages/extra/monitoring/README.md
@@ -4,14 +4,12 @@

 ### Common parameters

-| Name                                      | Description                                                                                               | Value  |
-| ----------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------ |
-| `host`                                    | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""`   |
-| `metricsStorages`                         | Configuration of metrics storage instances                                                                | `[]`   |
-| `logsStorages`                            | Configuration of logs storage instances                                                                   | `[]`   |
-| `alerta.storage`                          | Persistent Volume size for alerta database                                                                | `10Gi` |
-| `alerta.storageClassName`                 | StorageClass used to store the data                                                                       | `""`   |
-| `alerta.alerts.telegram.token`            | telegram token for your bot                                                                               | `""`   |
-| `alerta.alerts.telegram.chatID`           | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot                       | `""`   |
-| `alerta.alerts.telegram.disabledSeverity` | list of severity without alerts, separated comma like: "informational,warning"                            | `""`   |
-| `grafana.db.size`                         | Persistent Volume size for grafana database                                                               | `10Gi` |
+| Name                            | Description                                                                                               | Value                                            |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
+| `host`                          | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""`                                             |
+| `metricsStorages`               | Configuration of metrics storage instances                                                                | `[]`                                             |
+| `logsStorages`                  | Configuration of logs storage instances                                                                   | `[]`                                             |
+| `alerta.storage`                | Persistent Volume size for alerta database                                                                | `10Gi`                                           |
+| `alerta.storageClassName`       | StorageClass used to store the data                                                                       | `""`                                             |
+| `alerta.alerts.telegram.token`  | telegram token for your bot                                                                               | `7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34` |
+| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot                       | `-4520856007`                                    |
--- a/packages/extra/monitoring/dashboards.list
+++ b/packages/extra/monitoring/dashboards.list
@@ -31,4 +31,3 @@ control-plane/control-plane-status
 control-plane/deprecated-resources
 control-plane/dns-coredns
 control-plane/kube-etcd3
-kubevirt/kubevirt-control-plane
--- a/packages/extra/monitoring/templates/alerta/alerta-db.yaml
+++ b/packages/extra/monitoring/templates/alerta/alerta-db.yaml
@@ -11,23 +11,6 @@ spec:
    storageClass: {{ . }}
    {{- end }}

-  monitoring:
-    enablePodMonitor: true
-
  inheritedMetadata:
    labels:
      policy.cozystack.io/allow-to-apiserver: "true"
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: alerta-db
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: monitoring
-  type: postgres
-  selector:
-    cnpg.io/cluster: alerta-db
-    cnpg.io/podRole: instance
-  version: {{ $.Chart.Version }}
--- a/packages/extra/monitoring/templates/alerta/alerta.yaml
+++ b/packages/extra/monitoring/templates/alerta/alerta.yaml
@@ -116,8 +116,6 @@ spec:
              value: "{{ .Values.alerta.alerts.telegram.token }}"
            - name: TELEGRAM_WEBHOOK_URL
              value: "https://{{ printf "alerta.%s" (.Values.host | default $host) }}/api/webhooks/telegram?api-key={{ $apiKey }}"
-            - name: TELEGRAM_DISABLE_NOTIFICATION_SEVERITY
-              value: "{{ .Values.alerta.alerts.telegram.disabledSeverity }}"
            {{- end }}

          ports:
@@ -172,20 +170,6 @@ spec:
                port:
                  name: http
 ---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: alerta
-spec:
-  replicas: 1
-  minReplicas: 1
-  kind: monitoring
-  type: alerta
-  selector:
-    app: alerta
-    release: alerta
-  version: {{ $.Chart.Version }}
---
 apiVersion: v1
 kind: Secret
 metadata:
@@ -233,17 +217,3 @@ spec:
  podMetadata:
    labels:
      policy.cozystack.io/allow-to-apiserver: "true"
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: alertmanager
-spec:
-  replicas: 3
-  minReplicas: 2
-  kind: monitoring
-  type: alertmanager
-  selector:
-    app.kubernetes.io/instance: alertmanager
-    app.kubernetes.io/name: vmalertmanager
-  version: {{ $.Chart.Version }}
--- a/packages/extra/monitoring/templates/dashboard-resourcemap.yaml
+++ b/packages/extra/monitoring/templates/dashboard-resourcemap.yaml
@@ -26,28 +26,3 @@ rules:
  - grafana-service
  - alerta
  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - alerta
-  - grafana
-  - grafana-db
-  - alerta-db
-  - alermanager
-  {{- range .Values.metricsStorages }}
-  - {{ .name }}-vmstorage
-  - {{ .name }}-vmselect
-  - {{ .name }}-vminsert
-  {{- end }}
-  {{- range .Values.logsStorages }}
-  - {{ $.Release.Name }}-vlogs-{{ .name }}
-  {{- end }}
-  {{- range .Values.metricsStorages }}
-  - vmalert-{{ .name }}
-  {{- break }}
-  {{- end }}
-  verbs: ["get", "list", "watch"]
-
-
--- a/packages/extra/monitoring/templates/grafana/db.yaml
+++ b/packages/extra/monitoring/templates/grafana/db.yaml
@@ -5,25 +5,8 @@ metadata:
 spec:
  instances: 2
  storage:
-    size: {{ .Values.grafana.db.size }}
-
-  monitoring:
-    enablePodMonitor: true
+    size: 10Gi

  inheritedMetadata:
    labels:
      policy.cozystack.io/allow-to-apiserver: "true"
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: grafana-db
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: monitoring
-  type: postgres
-  selector:
-    cnpg.io/cluster: grafana-db
-    cnpg.io/podRole: instance
-  version: {{ $.Chart.Version }}
--- a/packages/extra/monitoring/templates/grafana/grafana.yaml
+++ b/packages/extra/monitoring/templates/grafana/grafana.yaml
@@ -1,5 +1,5 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} 

 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
@@ -30,7 +30,7 @@ spec:
      admin_user: user
      admin_password: ${GF_PASSWORD}
    plugins:
-      allow_loading_unsigned_plugins: "victoriametrics-logs-datasource"
+      allow_loading_unsigned_plugins: "victorialogs-datasource"
  deployment:
    spec:
      replicas: 2
@@ -50,8 +50,8 @@ spec:
                - |
                  set -ex
                  mkdir -p /var/lib/grafana/plugins/
-                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v0\.13\.[0-9]+' | head -1)
-                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victoriametrics-logs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
+                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
+                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victorialogs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
                  tar -xf /var/lib/grafana/plugins/vl-plugin.tar.gz -C /var/lib/grafana/plugins/
                  rm /var/lib/grafana/plugins/vl-plugin.tar.gz
              volumeMounts:
@@ -114,16 +114,3 @@ spec:
      - hosts:
        - "{{ printf "grafana.%s" (.Values.host | default $host) }}"
        secretName: grafana-ingress-tls
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: grafana
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: monitoring
-  type: grafana
-  selector:
-    app: grafana
-  version: {{ $.Chart.Version }}
--- a/packages/extra/monitoring/templates/vlogs/grafana-datasource.yaml
+++ b/packages/extra/monitoring/templates/vlogs/grafana-datasource.yaml
@@ -6,7 +6,7 @@ metadata:
 spec:
  datasource:
    access: proxy
-    type: victoriametrics-logs-datasource
+    type: victorialogs-datasource
    name: vlogs-{{ .name }}
    url: http://vlogs-{{ .name }}.{{ $.Release.Namespace }}.svc:9428
  instanceSelector:
--- a/packages/extra/monitoring/templates/vlogs/vlogs.yaml
+++ b/packages/extra/monitoring/templates/vlogs/vlogs.yaml
@@ -12,19 +12,4 @@ spec:
    accessModes: [ReadWriteOnce]
  retentionPeriod: "{{ .retentionPeriod }}"
  removePvcAfterDelete: true
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: vlogs-{{ .name }}
-spec:
-  replicas: 1
-  minReplicas: 1
-  kind: monitoring
-  type: vlogs
-  selector:
-    app.kubernetes.io/component: monitoring
-    app.kubernetes.io/instance: {{ .name }}
-    app.kubernetes.io/name: vlogs
-  version: {{ $.Chart.Version }}
 {{- end }}
--- a/packages/extra/monitoring/templates/vm/vmalert.yaml
+++ b/packages/extra/monitoring/templates/vm/vmalert.yaml
@@ -18,19 +18,5 @@ spec:
    url: http://vminsert-{{ .name }}.{{ $.Release.Namespace }}.svc:8480/insert/0/prometheus/api/v1/write
  resources: {}
  selectAllByDefault: true
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: vmalert-{{ .name }}
-spec:
-  replicas: 1
-  minReplicas: 1
-  kind: monitoring
-  type: vmalert
-  selector:
-    app.kubernetes.io/instance: vmalert-{{ .name }}
-    app.kubernetes.io/name: vmalert
-  version: {{ $.Chart.Version }}
 {{- break }}
 {{- end }}
--- a/packages/extra/monitoring/templates/vm/vmcluster.yaml
+++ b/packages/extra/monitoring/templates/vm/vmcluster.yaml
@@ -6,35 +6,22 @@ metadata:
  name: {{ .name }}
 spec:
  replicationFactor: 2
-  retentionPeriod: {{ .retentionPeriod | quote }}
+  retentionPeriod: "3"
  vminsert:
    replicaCount: 2
-    resources:
-      {{- if and (hasKey . "vminsert") (hasKey .vminsert "resources") }}
-      {{- toYaml .vminsert.resources | nindent 6 }}
-      {{- else }}
-      limits:
-        memory: 1000Mi
-      requests:
-        cpu: 100m
-        memory: 500Mi
-      {{- end }}
+    resources: {}
  vmselect:
    replicaCount: 2
    resources:
-      {{- if and (hasKey . "vmselect") (hasKey .vmselect "resources") }}
-      {{- toYaml .vmselect.resources | nindent 6 }}
-      {{- else }}
      limits:
        memory: 1000Mi
      requests:
        cpu: 100m
        memory: 500Mi
-      {{- end }}
    extraArgs:
      search.maxUniqueTimeseries: "600000"
      vmalert.proxyURL: http://vmalert-{{ .name }}.{{ $.Release.Namespace }}.svc:8080
-      dedup.minScrapeInterval: {{ .deduplicationInterval | quote}}
+      dedup.minScrapeInterval: "15s"
    cacheMountPath: /select-cache
    storage:
      volumeClaimTemplate:
@@ -47,16 +34,6 @@ spec:
              storage: 2Gi
  vmstorage:
    replicaCount: 2
-    resources:
-      {{- if and (hasKey . "vmstorage") (hasKey .vmstorage "resources") }}
-      {{- toYaml .vmstorage.resources | nindent 6 }}
-      {{- else }}
-      limits:
-        memory: 2048Mi
-      requests:
-        cpu: 100m
-        memory: 500Mi
-      {{- end }}
    storage:
      volumeClaimTemplate:
        spec:
@@ -67,49 +44,4 @@ spec:
            requests:
              storage: {{ .storage }}
    storageDataPath: /vm-data
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ .name }}-vmstorage
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: monitoring
-  type: vmstorage
-  selector:
-    app.kubernetes.io/component: monitoring
-    app.kubernetes.io/instance: {{ .name }}
-    app.kubernetes.io/name: vmstorage
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ .name }}-vmselect
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: monitoring
-  type: vmselect
-  selector:
-    app.kubernetes.io/component: monitoring
-    app.kubernetes.io/instance: {{ .name }}
-    app.kubernetes.io/name: vmselect
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ .name }}-vminsert
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: monitoring
-  type: vminsert
-  selector:
-    app.kubernetes.io/component: monitoring
-    app.kubernetes.io/instance: {{ .name }}
-    app.kubernetes.io/name: vminsert
-  version: {{ $.Chart.Version }}
 {{- end }}
--- a/packages/extra/monitoring/values.schema.json
+++ b/packages/extra/monitoring/values.schema.json
@@ -45,38 +45,18 @@
                "token": {
                  "type": "string",
                  "description": "telegram token for your bot",
-                  "default": ""
+                  "default": "7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34"
                },
                "chatID": {
                  "type": "string",
                  "description": "specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot",
-                  "default": ""
-                },
-                "disabledSeverity": {
-                  "type": "string",
-                  "description": "list of severity without alerts, separated comma like: \"informational,warning\"",
-                  "default": ""
+                  "default": "-4520856007"
                }
              }
            }
          }
        }
      }
-    },
-    "grafana": {
-      "type": "object",
-      "properties": {
-        "db": {
-          "type": "object",
-          "properties": {
-            "size": {
-              "type": "string",
-              "description": "Persistent Volume size for grafana database",
-              "default": "10Gi"
-            }
-          }
-        }
-      }
    }
  }
 }
--- a/packages/extra/monitoring/values.yaml
+++ b/packages/extra/monitoring/values.yaml
@@ -5,59 +5,17 @@ host: ""

 ## @param metricsStorages [array] Configuration of metrics storage instances
 ##
-## Example:
-## metricsStorages:
-## - name: shortterm
-##   retentionPeriod: "3d"
-##   deduplicationInterval: "15s"
-##   storage: 10Gi
-##   storageClassName: ""
-##   vminsert:
-##     resources:
-##       limits:
-##         memory: 1024Mi
-##       requests:
-##         cpu: 200m
-##         memory: 512Mi
-##   vmselect:
-##     resources:
-##       limits:
-##         memory: 2048Mi
-##       requests:
-##         cpu: 300m
-##         memory: 1Gi
-##   vmstorage:
-##     resources:
-##       limits:
-##         memory: 4096Mi
-##       requests:
-##         cpu: 500m
-##         memory: 2Gi
-##
 metricsStorages:
 - name: shortterm
  retentionPeriod: "3d"
-  deduplicationInterval: "15s"
-  storage: 10Gi
-  storageClassName: ""
-  vminsert:
-    resources: {}
-  vmselect:
-    resources: {}
-  vmstorage:
-    resources: {}
- name: longterm
-  retentionPeriod: "14d"
  deduplicationInterval: "5m"
  storage: 10Gi
  storageClassName: ""
-  vminsert:
-    resources: {}
-  vmselect:
-    resources: {}
-  vmstorage:
-    resources: {}
-
+- name: longterm
+  retentionPeriod: "14d"
+  deduplicationInterval: "15s"
+  storage: 10Gi
+  storageClassName: ""

 ## @param logsStorages [array] Configuration of logs storage instances
 ##
@@ -78,20 +36,11 @@ alerta:
  alerts:
    ## @param alerta.alerts.telegram.token telegram token for your bot
    ## @param alerta.alerts.telegram.chatID specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot
-    ## @param alerta.alerts.telegram.disabledSeverity list of severity without alerts, separated comma like: "informational,warning"
    ## example:
    ##   telegram:
    ##     token: "7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34"
    ##     chatID: "-4520856007"
-    ##     disabledSeverity: "informational,warning"
    ##
    telegram:
      token: ""
      chatID: ""
-      disabledSeverity: ""
-
-## Configuration for Grafana
-## @param grafana.db.size Persistent Volume size for grafana database
-grafana:
-  db:
-    size: 10Gi
--- a/packages/extra/seaweedfs/Chart.yaml
+++ b/packages/extra/seaweedfs/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.2.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml
+++ b/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml
@@ -1,29 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-dashboard-resources
-rules:
- apiGroups:
-  - ""
-  resources:
-  - services
-  resourceNames:
-  - {{ $.Release.Name }}-s3
-  verbs: ["get", "list", "watch"]
- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  resourceNames:
-  - ingress-{{ $.Release.Name }}-s3
-  verbs: ["get", "list", "watch"]
- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - {{ $.Release.Name }}-master
-  - {{ $.Release.Name }}-filer
-  - {{ $.Release.Name }}-volume
-  - {{ $.Release.Name }}-db
-  verbs: ["get", "list", "watch"]
--- a/packages/extra/seaweedfs/templates/seaweedfs.yaml
+++ b/packages/extra/seaweedfs/templates/seaweedfs.yaml
@@ -60,59 +60,3 @@ spec:
      cosi:
        driverName: "{{ .Release.Namespace }}.seaweedfs.objectstorage.k8s.io"
        bucketClassName: "{{ .Release.Namespace }}"
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-master
-spec:
-  replicas: 3
-  minReplicas: 2
-  kind: seaweedfs
-  type: master
-  selector:
-    app.kubernetes.io/component: master
-    app.kubernetes.io/name: seaweedfs
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-filer
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: seaweedfs
-  type: filer
-  selector:
-    app.kubernetes.io/component: filer
-    app.kubernetes.io/name: seaweedfs
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-volume
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: {{ div .Values.replicas 2 | add1 }}
-  kind: seaweedfs
-  type: volume
-  selector:
-    app.kubernetes.io/component: volume
-    app.kubernetes.io/name: seaweedfs
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-db
-spec:
-  replicas: 2
-  minReplicas: 1
-  kind: seaweedfs
-  type: postgres
-  selector:
-    cnpg.io/cluster: seaweedfs-db
-    cnpg.io/podRole: instance
-  version: {{ $.Chart.Version }}
--- a/Show More
+++ b/Show More