Guacamole

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

.gitignore

@@ -1,3 +1,78 @@
 _out
 .git
-.idea
+.idea
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+.DS_Store
+**/.DS_Store

Makefile

@@ -7,6 +7,7 @@ build:
 	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
 	make -C packages/system/kamaji image
+	make -C packages/core/testing image
 	make -C packages/core/installer image
 	make manifests
 
@@ -26,3 +27,8 @@ repos:
 
 assets:
 	make -C packages/core/installer/ assets
+
+test:
+	make -C packages/core/testing apply
+	make -C packages/core/testing test
+	make -C packages/core/testing delete

README.md

@@ -58,6 +58,8 @@ Commits are used to generate the changelog, and their author will be referenced
 
 In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/aenix-io/cozystack/discussions/categories/feature-requests).
 
+You can join our weekly community meetings (just add this events to your [Google Calendar](https://calendar.google.com/calendar?cid=ZTQzZDIxZTVjOWI0NWE5NWYyOGM1ZDY0OWMyY2IxZTFmNDMzZTJlNjUzYjU2ZGJiZGE3NGNhMzA2ZjBkMGY2OEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) or [iCal](https://calendar.google.com/calendar/ical/e43d21e5c9b45a95f28c5d649c2cb1e1f433e2e653b56dbbda74ca306f0d0f68%40group.calendar.google.com/public/basic.ics)) or [Telegram group](https://t.me/cozystack).
+
 ## License
 
 Cozystack is licensed under Apache 2.0.  

hack/e2e.sh

@@ -27,9 +27,9 @@ ip link add cozy-br0 type bridge
 ip link set cozy-br0 up
 ip addr add 192.168.123.1/24 dev cozy-br0
 
-# Enable forward & masquerading
-echo 1 > /proc/sys/net/ipv4/ip_forward
-iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -j MASQUERADE
+# Enable masquerading
+iptables -t nat -D POSTROUTING -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE 2>/dev/null || true
+iptables -t nat -A POSTROUTING -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE
 
 rm -rf srv1 srv2 srv3
 mkdir -p srv1 srv2 srv3
@@ -287,7 +287,8 @@ kubectl patch -n tenant-root hr/tenant-root --type=merge -p '{"spec":{ "values":
   "host": "example.org",
   "ingress": true,
   "monitoring": true,
-  "etcd": true
+  "etcd": true,
+  "isolated": true
 }}}'
 
 # Wait for HelmRelease be created
@@ -296,6 +297,10 @@ timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring te
 # Wait for HelmReleases be installed
 kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress monitoring tenant-root
 
+kubectl patch -n tenant-root hr/ingress --type=merge -p '{"spec":{ "values":{
+  "dashboard": true
+}}}'
+
 # Wait for nginx-ingress-controller
 timeout 60 sh -c 'until kubectl get deploy -n tenant-root root-ingress-controller; do sleep 1; done'
 kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy root-ingress-controller
@@ -304,8 +309,9 @@ kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy root-i
 kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=3 -n tenant-root sts etcd
 
 # Wait for Victoria metrics
-kubectl wait --timeout=5m --for=condition=available deploy -n tenant-root vmalert-vmalert vminsert-longterm vminsert-shortterm
-kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=2 -n tenant-root sts vmalertmanager-alertmanager vmselect-longterm vmselect-shortterm vmstorage-longterm vmstorage-shortterm
+kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vmalert/vmalert-longterm vmalert/vmalert-shortterm vmalertmanager/alertmanager
+kubectl wait --timeout=5m --for=jsonpath=.status.status=operational -n tenant-root vlogs/generic
+kubectl wait --timeout=5m --for=jsonpath=.status.clusterStatus=operational -n tenant-root vmcluster/shortterm vmcluster/longterm
 
 # Wait for grafana
 kubectl wait --timeout=5m --for=condition=ready -n tenant-root clusters.postgresql.cnpg.io grafana-db

hack/gen_versions_map.sh

@@ -24,24 +24,36 @@ resolved_miss_map=$(
       change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
        
       if [ "$change_commit" = "00000000" ]; then
-        # Not commited yet, use previus commit
+        # Not committed yet, use previous commit
         line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
         commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
         if [ $(echo $commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
+          # Previous commit not exists
           commit=$(echo $commit | cut -c2-)
         fi
       else
-        # Commited, but version_map wasn't updated
+        # Committed, but version_map wasn't updated
         line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
         change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
         if [ $(echo $change_commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
+          # Previous commit not exists
           commit=$(echo $change_commit | cut -c2-)
         else
           commit=$(git describe --always "$change_commit~1")
         fi
       fi
+
+      # Check if the commit belongs to the main branch
+      if ! git merge-base --is-ancestor "$commit" main; then
+        # Find the closest parent commit that belongs to main
+        commit_in_main=$(git log --pretty=format:"%h" main -- "$chart" | head -n 1)
+        if [ -n "$commit_in_main" ]; then
+          commit="$commit_in_main"
+        else
+          # No valid commit found in main branch for $chart, skipping..."
+          continue
+        fi
+      fi
     fi
     echo "$chart $version $commit"
   done

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.11.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.1"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.11.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.1"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/bucket/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/clickhouse/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/clickhouse/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/clickhouse/README.md

@@ -4,11 +4,12 @@
 
 ### Common parameters
 
-| Name       | Description                   | Value  |
-| ---------- | ----------------------------- | ------ |
-| `size`     | Persistent Volume size        | `10Gi` |
-| `shards`   | Number of Clickhouse replicas | `1`    |
-| `replicas` | Number of Clickhouse shards   | `2`    |
+| Name           | Description                         | Value  |
+| -------------- | ----------------------------------- | ------ |
+| `size`         | Persistent Volume size              | `10Gi` |
+| `shards`       | Number of Clickhouse replicas       | `1`    |
+| `replicas`     | Number of Clickhouse shards         | `2`    |
+| `storageClass` | StorageClass used to store the data | `""`   |
 
 ### Configuration parameters
 

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -1,3 +1,32 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
+
+---
 apiVersion: "clickhouse.altinity.com/v1"
 kind: "ClickHouseInstallation"
 metadata:
@@ -12,7 +41,7 @@ spec:
     {{- with .Values.users }}
     users:
       {{- range $name, $u := . }}
-      {{ $name }}/password_sha256_hex: {{ sha256sum $u.password }}
+      {{ $name }}/password_sha256_hex: {{ sha256sum (index $passwords $name) }}
       {{ $name }}/profile: {{ ternary "readonly" "default" (index $u "readonly" | default false) }}
       {{ $name }}/networks/ip: ["::/0"]
       {{- end }}
@@ -31,6 +60,9 @@ spec:
         spec:
           accessModes:
             - ReadWriteOnce
+          {{- with $.Values.storageClass }}
+          storageClassName: {{ . }}
+          {{- end }}
           resources:
             requests:
               storage: {{ . }}

packages/apps/clickhouse/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - chi-clickhouse-test-clickhouse-0-0
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]

packages/apps/clickhouse/values.schema.json

@@ -16,6 +16,11 @@
             "type": "number",
             "description": "Number of Clickhouse shards",
             "default": 2
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
         }
     }
 }

packages/apps/clickhouse/values.yaml

@@ -3,10 +3,12 @@
 ## @param size Persistent Volume size
 ## @param shards Number of Clickhouse replicas
 ## @param replicas Number of Clickhouse shards
+## @param storageClass StorageClass used to store the data
 ##
 size: 10Gi
 shards: 1
 replicas: 2
+storageClass: ""
 
 ## @section Configuration parameters
 

packages/apps/ferretdb/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.22.0"
+appVersion: "1.24.0"

packages/apps/ferretdb/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/ferretdb/README.md

@@ -9,6 +9,7 @@
 | `external`               | Enable external access from outside the cluster                                                                         | `false` |
 | `size`                   | Persistent Volume size                                                                                                  | `10Gi`  |
 | `replicas`               | Number of Postgres replicas                                                                                             | `2`     |
+| `storageClass`           | StorageClass used to store the data                                                                                     | `""`    |
 | `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.           | `0`     |
 | `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances). | `0`     |
 

packages/apps/ferretdb/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]

packages/apps/ferretdb/templates/ferretdb.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
       - name: ferretdb
-        image: ghcr.io/ferretdb/ferretdb:1.22.0
+        image: ghcr.io/ferretdb/ferretdb:1.24.0
         ports:
         - containerPort: 27017
         env:

packages/apps/ferretdb/templates/init-script.yaml

@@ -1,3 +1,30 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Secret
@@ -13,7 +40,7 @@ stringData:
     {{- range $user, $u := .Values.users }}
     SELECT 'CREATE ROLE {{ $user }} LOGIN INHERIT;'
     WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $user }}')\gexec
-    ALTER ROLE {{ $user }} WITH PASSWORD '{{ $u.password }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
+    ALTER ROLE {{ $user }} WITH PASSWORD '{{ index $passwords $user }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
     COMMENT ON ROLE {{ $user }} IS 'user managed by helm';
     {{- end }}
     EOT

packages/apps/ferretdb/templates/postgres.yaml

@@ -15,6 +15,9 @@ spec:
 
   storage:
     size: {{ required ".Values.size is required" .Values.size }}
+    {{- with .Values.storageClass }}
+    storageClass: {{ . }}
+    {{- end }}
 
   inheritedMetadata:
     labels:

packages/apps/ferretdb/values.schema.json

@@ -17,6 +17,11 @@
             "description": "Number of Postgres replicas",
             "default": 2
         },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
         "quorum": {
             "type": "object",
             "properties": {

packages/apps/ferretdb/values.yaml

@@ -3,10 +3,12 @@
 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
 ## @param replicas Number of Postgres replicas
+## @param storageClass StorageClass used to store the data
 ##
 external: false
 size: 10Gi
 replicas: 2
+storageClass: ""
 
 ## Configuration for the quorum-based synchronous replication
 ## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.

packages/apps/ferretdb/values2.yaml

@@ -1,56 +0,0 @@
-## @section Common parameters
-
-## @param external Enable external access from outside the cluster
-## @param size Persistent Volume size
-## @param replicas Number of Postgres replicas
-##
-external: false
-size: 10Gi
-replicas: 1
-
-## Configuration for the quorum-based synchronous replication
-## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
-## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
-quorum:
-  minSyncReplicas: 0
-  maxSyncReplicas: 0
-
-## @section Configuration parameters
-
-## @param users [object] Users configuration
-## Example:
-## users:
-##   user1:
-##     password: strongpassword
-##   user2:
-##     password: hackme
-##
-users:
-  foo:
-    password: asd
-  bar:
-    password: asd
-  baz:
-    password: asd
-  boo:
-    password: asd
-
-## @section Backup parameters
-
-## @param backup.enabled Enable pereiodic backups
-## @param backup.s3Region The AWS S3 region where backups are stored
-## @param backup.s3Bucket The S3 bucket used for storing backups
-## @param backup.schedule Cron schedule for automated backups
-## @param backup.cleanupStrategy The strategy for cleaning up old backups
-## @param backup.s3AccessKey The access key for S3, used for authentication
-## @param backup.s3SecretKey The secret key for S3, used for authentication
-## @param backup.resticPassword The password for Restic backup encryption
-backup:
-  enabled: false
-  s3Region: us-east-1
-  s3Bucket: s3.example.org/postgres-backups
-  schedule: "0 2 * * *"
-  cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
-  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
-  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
-  resticPassword: ChaXoveekoh6eigh4siesheeda2quai0

packages/apps/http-cache/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/http-cache/Makefile

@@ -1,6 +1,7 @@
 NGINX_CACHE_TAG = v0.1.0
 
 include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk
 
 image: image-nginx
 

packages/apps/http-cache/README.md

@@ -64,6 +64,7 @@ VTS module shows wrong upstream resonse time
 | ------------------ | ----------------------------------------------- | ------- |
 | `external`         | Enable external access from outside the cluster | `false` |
 | `size`             | Persistent Volume size                          | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data             | `""`    |
 | `haproxy.replicas` | Number of HAProxy replicas                      | `2`     |
 | `nginx.replicas`   | Number of Nginx replicas                        | `2`     |
 

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0@sha256:73d8a2a3024cc523ff552ac94826ee57bc2795f81412eb46b432bd6003d0930f
+ghcr.io/aenix-io/cozystack/nginx-cache:v0.1.0@sha256:556bc8d29ee9e90b3d64d0481dcfc66483d055803315bba3d9ece17c0d97f32b

packages/apps/http-cache/templates/nginx/deployment.yaml

@@ -114,6 +114,9 @@ spec:
   resources:
     requests:
       storage: "{{ $.Values.size }}"
+  {{- with $.Values.storageClass }}
+  storageClassName: {{ . }}
+  {{- end }}
 ---
 apiVersion: v1
 kind: Service

packages/apps/http-cache/values.schema.json

@@ -12,6 +12,11 @@
             "description": "Persistent Volume size",
             "default": "10Gi"
         },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
         "haproxy": {
             "type": "object",
             "properties": {

packages/apps/http-cache/values.yaml

@@ -3,11 +3,13 @@
 
 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
+## @param storageClass StorageClass used to store the data
 ## @param haproxy.replicas Number of HAProxy replicas
 ## @param nginx.replicas Number of Nginx replicas
 ##
 external: false
 size: 10Gi
+storageClass: ""
 haproxy:
   replicas: 2
 nginx:

packages/apps/kafka/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.3
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kafka/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/kafka/README.md

@@ -4,13 +4,15 @@
 
 ### Common parameters
 
-| Name                 | Description                                     | Value   |
-| -------------------- | ----------------------------------------------- | ------- |
-| `external`           | Enable external access from outside the cluster | `false` |
-| `kafka.size`         | Persistent Volume size for Kafka                | `10Gi`  |
-| `kafka.replicas`     | Number of Kafka replicas                        | `3`     |
-| `zookeeper.size`     | Persistent Volume size for ZooKeeper            | `5Gi`   |
-| `zookeeper.replicas` | Number of ZooKeeper replicas                    | `3`     |
+| Name                     | Description                                     | Value   |
+| ------------------------ | ----------------------------------------------- | ------- |
+| `external`               | Enable external access from outside the cluster | `false` |
+| `kafka.size`             | Persistent Volume size for Kafka                | `10Gi`  |
+| `kafka.replicas`         | Number of Kafka replicas                        | `3`     |
+| `kafka.storageClass`     | StorageClass used to store the Kafka data       | `""`    |
+| `zookeeper.size`         | Persistent Volume size for ZooKeeper            | `5Gi`   |
+| `zookeeper.replicas`     | Number of ZooKeeper replicas                    | `3`     |
+| `zookeeper.storageClass` | StorageClass used to store the ZooKeeper data   | `""`    |
 
 ### Configuration parameters
 

packages/apps/kafka/templates/kafka.yaml

@@ -53,6 +53,9 @@ spec:
         {{- with .Values.kafka.size }}
         size: {{ . }}
         {{- end }}
+        {{- with .Values.kafka.storageClass }}
+        class: {{ . }}
+        {{- end }}
         deleteClaim: true
   zookeeper:
     replicas: {{ .Values.zookeeper.replicas }}
@@ -61,6 +64,9 @@ spec:
       {{- with .Values.zookeeper.size }}
       size: {{ . }}
       {{- end }}
+      {{- with .Values.kafka.storageClass }}
+      class: {{ . }}
+      {{- end }}
       deleteClaim: false
   entityOperator:
     topicOperator: {}

packages/apps/kafka/values.schema.json

@@ -19,6 +19,11 @@
                     "type": "number",
                     "description": "Number of Kafka replicas",
                     "default": 3
+                },
+                "storageClass": {
+                    "type": "string",
+                    "description": "StorageClass used to store the Kafka data",
+                    "default": ""
                 }
             }
         },
@@ -34,6 +39,11 @@
                     "type": "number",
                     "description": "Number of ZooKeeper replicas",
                     "default": 3
+                },
+                "storageClass": {
+                    "type": "string",
+                    "description": "StorageClass used to store the ZooKeeper data",
+                    "default": ""
                 }
             }
         },

packages/apps/kafka/values.yaml

@@ -4,16 +4,20 @@
 ## @param external Enable external access from outside the cluster
 ## @param kafka.size Persistent Volume size for Kafka
 ## @param kafka.replicas Number of Kafka replicas
+## @param kafka.storageClass StorageClass used to store the Kafka data
 ## @param zookeeper.size Persistent Volume size for ZooKeeper
 ## @param zookeeper.replicas Number of ZooKeeper replicas
+## @param zookeeper.storageClass StorageClass used to store the ZooKeeper data
 ##
 external: false
 kafka:
   size: 10Gi
   replicas: 3
+  storageClass: ""
 zookeeper:
   size: 5Gi
   replicas: 3
+  storageClass: ""
 
 ## @section Configuration parameters
 

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.2
+version: 0.10.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/Makefile

@@ -1,6 +1,7 @@
 UBUNTU_CONTAINER_DISK_TAG = v1.30.1
 
 include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk
 
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/kubernetes/README.md

@@ -31,18 +31,22 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 
 ### Common parameters
 
-| Name                    | Description                                                                                                                            | Value |
-| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ----- |
-| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`  |
-| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`   |
-| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`  |
+| Name                    | Description                                                                                                                            | Value        |
+| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
+| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`         |
+| `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`          |
+| `storageClass`          | StorageClass used to store user data                                                                                                   | `replicated` |
+| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`         |
 
 ### Cluster Addons
 
-| Name                          | Description                                                                        | Value   |
-| ----------------------------- | ---------------------------------------------------------------------------------- | ------- |
-| `addons.certManager.enabled`  | Enables the cert-manager                                                           | `false` |
-| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)           | `false` |
-| `addons.ingressNginx.hosts`   | List of domain names that should be passed through to the cluster by upper cluster | `[]`    |
-| `addons.fluxcd.enabled`       | Enables Flux CD                                                                    | `false` |
+| Name                                 | Description                                                                        | Value   |
+| ------------------------------------ | ---------------------------------------------------------------------------------- | ------- |
+| `addons.certManager.enabled`         | Enables the cert-manager                                                           | `false` |
+| `addons.certManager.valuesOverride`  | Custom values to override                                                          | `{}`    |
+| `addons.ingressNginx.enabled`        | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)           | `false` |
+| `addons.ingressNginx.valuesOverride` | Custom values to override                                                          | `{}`    |
+| `addons.ingressNginx.hosts`          | List of domain names that should be passed through to the cluster by upper cluster | `[]`    |
+| `addons.fluxcd.enabled`              | Enables Flux CD                                                                    | `false` |
+| `addons.fluxcd.valuesOverride`       | Custom values to override                                                          | `{}`    |
 

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:00bcac18e2a342ab16a767e2f43827fa9f3b34bd6694e65b737b18e5a8ed93c2
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:5ce80a453073c4f44347409133fc7b15f1d2f37a564d189871a4082fc552ff0f

packages/apps/kubernetes/templates/cluster.yaml

@@ -18,6 +18,8 @@ spec:
       runStrategy: Always
       template:
         metadata:
+          annotations:
+            kubevirt.io/allow-pod-bridge-network-live-migration: "true"
           labels:
             {{- range .group.roles }}
             node-role.kubernetes.io/{{ . }}: ""
@@ -38,7 +40,9 @@ spec:
                 disk:
                   bus: virtio
                   pciAddress: 0000:08:00.0
-              networkInterfaceMultiqueue: true
+              interfaces:
+              - name: default
+                bridge: {}
             memory:
               guest: {{ .group.resources.memory }}
           evictionStrategy: External
@@ -49,6 +53,9 @@ spec:
           - name: ephemeral
             emptyDisk:
               capacity: {{ .group.ephemeralStorage | default "20Gi" }}
+          networks:
+          - name: default
+            pod: {}
 {{- end }}
 ---
 apiVersion: cluster.x-k8s.io/v1beta1

packages/apps/kubernetes/templates/csi/deploy.yaml

@@ -48,7 +48,7 @@ spec:
                 fieldRef:
                   fieldPath: metadata.namespace
             - name: INFRACLUSTER_LABELS
-              value: "csi-driver/cluster=test"
+              value: "cluster.x-k8s.io/cluster-name={{ .Release.Name }}"
             - name: INFRA_STORAGE_CLASS_ENFORCEMENT
               valueFrom:
                 configMapKeyRef:

packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml

@@ -29,6 +29,13 @@ spec:
   upgrade:
     remediation:
       retries: -1
+  {{- if .Values.addons.certManager.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-cert-manager-values-override
+    valuesKey: values
+  {{- end }}
+
   dependsOn:
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
@@ -37,3 +44,13 @@ spec:
   - name: {{ .Release.Name }}-cilium
     namespace: {{ .Release.Namespace }}
 {{- end }}
+{{- if .Values.addons.certManager.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-cert-manager-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.certManager.valuesOverride | nindent 4 }}
+{{- end }}

packages/apps/kubernetes/templates/helmreleases/cilium.yaml

@@ -31,20 +31,8 @@ spec:
   values:
     cilium:
       tunnel: disabled
-      autoDirectNodeRoutes: false
-      bpf:
-        masquerade: true
-      cgroup:
-        autoMount:
-          enabled: true
-        hostRoot: /run/cilium/cgroupv2
       k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
       k8sServicePort: 6443
-    
-      cni:
-        chainingMode: ~
-        customConf: false
-        configMap: ""
       routingMode: tunnel
       enableIPv4Masquerade: true
       ipv4NativeRoutingCIDR: ""

packages/apps/kubernetes/templates/helmreleases/csi.yaml

@@ -28,6 +28,10 @@ spec:
   upgrade:
     remediation:
       retries: -1
+  {{- with .Values.storageClass }}
+  values:
+    storageClass: "{{ . }}"
+  {{- end }}
   dependsOn:
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}

packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml

@@ -72,6 +72,12 @@ spec:
   upgrade:
     remediation:
       retries: -1
+  {{- if .Values.addons.fluxcd.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-fluxcd-values-override
+    valuesKey: values
+  {{- end }}
   dependsOn:
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
@@ -82,3 +88,14 @@ spec:
   - name: {{ .Release.Name }}-fluxcd-operator
     namespace: {{ .Release.Namespace }}
 {{- end }}
+
+{{- if .Values.addons.fluxcd.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-fluxcd-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.fluxcd.valuesOverride | nindent 4 }}
+{{- end }}

packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml

@@ -39,6 +39,12 @@ spec:
           enabled: false
       nodeSelector:
         node-role.kubernetes.io/ingress-nginx: ""
+  {{- if .Values.addons.ingressNginx.valuesOverride }}
+  valuesFrom:
+  - kind: Secret
+    name: {{ .Release.Name }}-ingress-nginx-values-override
+    valuesKey: values
+  {{- end }}
   dependsOn:
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
@@ -47,3 +53,14 @@ spec:
   - name: {{ .Release.Name }}-cilium
     namespace: {{ .Release.Namespace }}
 {{- end }}
+
+{{- if .Values.addons.ingressNginx.valuesOverride }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-ingress-nginx-values-override
+stringData:
+  values: |
+    {{- toYaml .Values.addons.ingressNginx.valuesOverride | nindent 4 }}
+{{- end }}

packages/apps/kubernetes/values.schema.json

@@ -17,6 +17,11 @@
                 }
             }
         },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store user data",
+            "default": "replicated"
+        },
         "addons": {
             "type": "object",
             "properties": {
@@ -27,6 +32,11 @@
                             "type": "boolean",
                             "description": "Enables the cert-manager",
                             "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
                         }
                     }
                 },
@@ -38,6 +48,11 @@
                             "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
                             "default": false
                         },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
+                        },
                         "hosts": {
                             "type": "array",
                             "description": "List of domain names that should be passed through to the cluster by upper cluster",
@@ -53,6 +68,11 @@
                             "type": "boolean",
                             "description": "Enables Flux CD",
                             "default": false
+                        },
+                        "valuesOverride": {
+                            "type": "object",
+                            "description": "Custom values to override",
+                            "default": {}
                         }
                     }
                 }

packages/apps/kubernetes/values.yaml

@@ -2,10 +2,12 @@
 
 ## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
 ## @param controlPlane.replicas Number of replicas for Kubernetes contorl-plane components
+## @param storageClass StorageClass used to store user data
 ##
 host: ""
 controlPlane:
   replicas: 2
+storageClass: replicated
 
 ## @param nodeGroups [object] nodeGroups configuration
 ##
@@ -28,12 +30,15 @@ addons:
   ##
   certManager:
     ## @param addons.certManager.enabled Enables the cert-manager
+    ## @param addons.certManager.valuesOverride Custom values to override
     enabled: false
+    valuesOverride: {}
 
   ## Ingress-NGINX Controller
   ##
   ingressNginx:
     ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
+    ## @param addons.ingressNginx.valuesOverride Custom values to override
     ##
     enabled: false
     ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
@@ -43,10 +48,13 @@ addons:
     ## - foo.example.net
     ##
     hosts: []
+    valuesOverride: {}
 
   ## Flux CD
   ##
   fluxcd:
     ## @param addons.fluxcd.enabled Enables Flux CD
+    ## @param addons.fluxcd.valuesOverride Custom values to override
     ##
     enabled: false
+    valuesOverride: {}

packages/apps/mysql/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.5.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/mysql/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/mysql/README.md

@@ -67,18 +67,19 @@ more details:
 
 ### Common parameters
 
-| Name       | Description                                     | Value   |
-| ---------- | ----------------------------------------------- | ------- |
-| `external` | Enable external access from outside the cluster | `false` |
-| `size`     | Persistent Volume size                          | `10Gi`  |
-| `replicas` | Number of MariaDB replicas                      | `2`     |
+| Name           | Description                                     | Value   |
+| -------------- | ----------------------------------------------- | ------- |
+| `external`     | Enable external access from outside the cluster | `false` |
+| `size`         | Persistent Volume size                          | `10Gi`  |
+| `replicas`     | Number of MariaDB replicas                      | `2`     |
+| `storageClass` | StorageClass used to store the data             | `""`    |
 
 ### Configuration parameters
 
 | Name        | Description             | Value |
 | ----------- | ----------------------- | ----- |
 | `users`     | Users configuration     | `{}`  |
-| `databases` | Databases configuration | `[]`  |
+| `databases` | Databases configuration | `{}`  |
 
 ### Backup parameters
 

packages/apps/mysql/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}-primary
+  - {{ .Release.Name }}-secondary
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]

packages/apps/mysql/templates/db.yaml

@@ -1,14 +1,47 @@
-{{- range $name := .Values.databases }}
-{{ $dnsName := replace "_" "-" $name }}
+{{- range $name, $db := .Values.databases }}
+{{ $dbDNSName := replace "_" "-" $name }}
 ---
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Database
 metadata:
-  name: {{ $.Release.Name }}-{{ $dnsName }}
+  name: {{ $.Release.Name }}-{{ $dbDNSName }}
 spec:
   name: {{ $name }}
   mariaDbRef:
     name: {{ $.Release.Name }}
   characterSet: utf8
   collate: utf8_general_ci
+{{- range $user := $db.roles.admin }}
+{{ $userDNSName := replace "_" "-" $user }}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: {{ $.Release.Name }}-{{ $dbDNSName }}-{{ $userDNSName }}
+spec:
+  mariaDbRef:
+    name: {{ $.Release.Name }}
+  privileges: ['ALL']
+  database: {{ $name }}
+  table: "*"
+  username: {{ $user }}
+  grantOption: true
+{{- end }}
+{{- range $user := $db.roles.readonly }}
+{{ $userDNSName := replace "_" "-" $user }}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: {{ $.Release.Name }}-{{ $dbDNSName }}-{{ $userDNSName }}
+spec:
+  mariaDbRef:
+    name: {{ $.Release.Name }}
+  privileges: ['SELECT']
+  database: {{ $name }}
+  table: "*"
+  username: {{ $user }}
+  grantOption: true
+{{- end }}
+
 {{- end }}

packages/apps/mysql/templates/mariadb.yaml

@@ -4,11 +4,9 @@ kind: MariaDB
 metadata:
   name: {{ .Release.Name }}
 spec:
-  {{- if (and .Values.users.root .Values.users.root.password) }}
   rootPasswordSecretKeyRef:
-    name: {{ .Release.Name }}
-    key: root-password
-  {{- end }}
+    name: {{ .Release.Name }}-credentials
+    key: root
 
   image: "mariadb:11.0.2"
 
@@ -62,6 +60,9 @@ spec:
     size: {{ .Values.size }}
     resizeInUseVolumes: true
     waitForVolumeResize: true
+    {{- with .Values.storageClass }}
+    storageClassName: {{ . }}
+    {{- end }}
 
   {{- if .Values.external }}
   primaryService:

packages/apps/mysql/templates/secret.yaml

@@ -1,9 +1,31 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- $usersWithRoot := .Values.users }}
+{{- if (and .Values.users.root .Values.users.root.password) }}
+  {{- $_ := set $usersWithRoot "root" dict }}
+{{- end }}
+
+{{- range $user, $u := $usersWithRoot }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ .Release.Name }}-credentials
 stringData:
-  {{- range $name, $u := .Values.users }}
-  {{ $name }}-password: {{ $u.password }}
+  {{- range $name, $u := $usersWithRoot }}
+  {{ $name }}: {{ index $passwords $name }}
   {{- end }}

packages/apps/mysql/templates/user.yaml

@@ -11,21 +11,8 @@ spec:
   mariaDbRef:
     name: {{ $.Release.Name }}
   passwordSecretKeyRef:
-    name: {{ $.Release.Name }}
-    key: {{ $name }}-password
+    name: {{ $.Release.Name }}-credentials
+    key: {{ $name }}
   maxUserConnections: {{ $u.maxUserConnections }}
----
-apiVersion: k8s.mariadb.com/v1alpha1
-kind: Grant
-metadata:
-  name: {{ $.Release.Name }}-{{ $dnsName }}
-spec:
-  mariaDbRef:
-    name: {{ $.Release.Name }}
-  privileges: {{ $u.privileges | toJson }}
-  database: "*"
-  table: "*"
-  username: {{ $name }}
-  grantOption: true
 {{- end }}
 {{- end }}

packages/apps/mysql/values.schema.json

@@ -17,11 +17,10 @@
             "description": "Number of MariaDB replicas",
             "default": 2
         },
-        "databases": {
-            "type": "array",
-            "description": "Databases configuration",
-            "default": [],
-            "items": {}
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
         },
         "backup": {
             "type": "object",

packages/apps/mysql/values.yaml

@@ -3,37 +3,37 @@
 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
 ## @param replicas Number of MariaDB replicas
+## @param storageClass StorageClass used to store the data
 ##
 external: false
 size: 10Gi
 replicas: 2
+storageClass: ""
 
 ## @section Configuration parameters
 
 ## @param users [object] Users configuration
 ## Example:
 ## users:
-##   root:
-##     password: strongpassword
 ##   user1:
-##     privileges: ['ALL']
 ##     maxUserConnections: 1000
 ##     password: hackme
 ##   user2:
-##     privileges: ['SELECT']
 ##     maxUserConnections: 1000
 ##     password: hackme
 ##
 users: {}
 
-## @param databases Databases configuration
+## @param databases [object] Databases configuration
 ## Example:
 ## databases:
-## - wordpress1
-## - wordpress2
-## - wordpress3
-## - wordpress4
-databases: []
+##   myapp1:
+##     roles:
+##       admin:
+##       - user1
+##       readonly:
+##       - user2
+databases: {}
 
 ## @section Backup parameters
 

packages/apps/nats/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/nats/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/nats/README.md

@@ -4,8 +4,9 @@
 
 ### Common parameters
 
-| Name       | Description                                     | Value   |
-| ---------- | ----------------------------------------------- | ------- |
-| `external` | Enable external access from outside the cluster | `false` |
-| `replicas` | Persistent Volume size for NATS                 | `3`     |
+| Name           | Description                                     | Value   |
+| -------------- | ----------------------------------------------- | ------- |
+| `external`     | Enable external access from outside the cluster | `false` |
+| `replicas`     | Persistent Volume size for NATS                 | `2`     |
+| `storageClass` | StorageClass used to store the data             | `""`    |
 

packages/apps/nats/templates/nats.yaml

@@ -30,7 +30,9 @@ spec:
             pvc:
               enabled: true
               size: 10Gi
-              storageClassName: local
+              {{- with .Values.storageClass }}
+              storageClassName: {{ . }}
+              {{- end }}
       promExporter:
         enabled: true
         podMonitor:

packages/apps/nats/values.schema.json

@@ -10,7 +10,12 @@
         "replicas": {
             "type": "number",
             "description": "Persistent Volume size for NATS",
-            "default": 3
+            "default": 2
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
         }
     }
 }

packages/apps/nats/values.yaml

@@ -3,6 +3,8 @@
 
 ## @param external Enable external access from outside the cluster
 ## @param replicas Persistent Volume size for NATS
+## @param storageClass StorageClass used to store the data
 ##
 external: false
 replicas: 2
+storageClass: ""

packages/apps/postgres/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/postgres/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/postgres/README.md

@@ -40,6 +40,7 @@ more details:
 | `external`               | Enable external access from outside the cluster                                                                         | `false` |
 | `size`                   | Persistent Volume size                                                                                                  | `10Gi`  |
 | `replicas`               | Number of Postgres replicas                                                                                             | `2`     |
+| `storageClass`           | StorageClass used to store the data                                                                                     | `""`    |
 | `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.           | `0`     |
 | `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances). | `0`     |
 

packages/apps/postgres/templates/dashboard-resourcemap.yaml

@@ -8,7 +8,14 @@ rules:
   resources:
   - services
   resourceNames:
-  - postgres-service-r
-  - postgres-service-ro
-  - postgres-service-rw
+  - {{ .Release.Name }}-r
+  - {{ .Release.Name }}-ro
+  - {{ .Release.Name }}-rw
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
   verbs: ["get", "list", "watch"]

packages/apps/postgres/templates/db.yaml

@@ -19,6 +19,9 @@ spec:
 
   storage:
     size: {{ required ".Values.size is required" .Values.size }}
+    {{- with .Values.storageClass }}
+    storageClass: {{ . }}
+    {{- end }}
 
   inheritedMetadata:
     labels:

packages/apps/postgres/templates/init-script.yaml

@@ -1,3 +1,30 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Secret
@@ -13,7 +40,7 @@ stringData:
     {{- range $user, $u := .Values.users }}
     SELECT 'CREATE ROLE {{ $user }} LOGIN INHERIT;'
     WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $user }}')\gexec
-    ALTER ROLE {{ $user }} WITH PASSWORD '{{ $u.password }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
+    ALTER ROLE {{ $user }} WITH PASSWORD '{{ index $passwords $user }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
     COMMENT ON ROLE {{ $user }} IS 'user managed by helm';
     {{- end }}
     EOT

packages/apps/postgres/values.schema.json

@@ -17,6 +17,11 @@
             "description": "Number of Postgres replicas",
             "default": 2
         },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
         "quorum": {
             "type": "object",
             "properties": {

packages/apps/postgres/values.yaml

@@ -3,10 +3,12 @@
 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
 ## @param replicas Number of Postgres replicas
+## @param storageClass StorageClass used to store the data
 ##
 external: false
 size: 10Gi
 replicas: 2
+storageClass: ""
 
 ## Configuration for the quorum-based synchronous replication
 ## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.

packages/apps/rabbitmq/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.4.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.12.2"
+appVersion: "3.13.2"

packages/apps/rabbitmq/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/rabbitmq/README.md

@@ -13,7 +13,16 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an
 
 ### Common parameters
 
-| Name       | Description                                     | Value   |
-| ---------- | ----------------------------------------------- | ------- |
-| `external` | Enable external access from outside the cluster | `false` |
-| `replicas` | Number of RabbitMQ replicas                     | `3`     |
+| Name           | Description                                     | Value   |
+| -------------- | ----------------------------------------------- | ------- |
+| `external`     | Enable external access from outside the cluster | `false` |
+| `size`         | Persistent Volume size                          | `10Gi`  |
+| `replicas`     | Number of RabbitMQ replicas                     | `3`     |
+| `storageClass` | StorageClass used to store the data             | `""`    |
+
+### Configuration parameters
+
+| Name     | Description                 | Value |
+| -------- | --------------------------- | ----- |
+| `users`  | Users configuration         | `{}`  |
+| `vhosts` | Virtual Hosts configuration | `{}`  |

packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml

@@ -0,0 +1,22 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-default-user
+  {{- range $name, $u := .Values.users }}
+  - {{ $.Release.Name }}-{{ kebabcase $name }}-credentials
+  {{- end }}
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -11,3 +11,95 @@ spec:
   service:
     type: LoadBalancer
   {{- end }}
+
+  override:
+    statefulSet:
+      spec:
+        template:
+          metadata:
+            labels:
+              policy.cozystack.io/allow-to-apiserver: "true"
+
+  persistence:
+    {{- with .Values.storageClass }}
+    storageClassName: {{ . }}
+    {{- end }}
+    storage: {{ .Values.size }}
+
+{{- range $user, $u := .Values.users }}
+
+{{- $password := $u.password }}
+{{- if not $password }}
+{{- with (dig "data" "password" "" (lookup "v1" "Secret" $.Release.Namespace (printf "%s-%s-credentials" $.Release.Name (kebabcase $user)))) }}
+{{- $password = b64dec . }}
+{{- end }}
+{{- end }}
+{{- if not $password }}
+{{- $password = (randAlphaNum 16) }}
+{{- end }}
+
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $user }}
+  annotations:
+    config: '{{ printf "%s %s" $user $password | sha256sum }}'
+spec:
+  importCredentialsSecret:
+    name: {{ $.Release.Name }}-{{ $user }}-credentials
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials
+type: Opaque
+stringData:
+  username: {{ $user }}
+  password: {{ $password }}
+{{- end }}
+
+{{- range $host, $h := .Values.vhosts }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Vhost
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $host }}
+spec:
+  name: {{ $host }}
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+{{- range $user := $h.roles.admin }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }}
+spec:
+  vhost: "{{ $host }}"
+  user: "{{ $user }}"
+  permissions:
+    write: ".*"
+    configure: ".*"
+    read: ".*"
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+{{- end }}
+{{- range $user := $h.roles.readonly }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }}
+spec:
+  vhost: "{{ $host }}"
+  user: "{{ $user }}"
+  permissions:
+    read: ".*"
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+{{- end }}
+
+{{- end }}

packages/apps/rabbitmq/values.schema.json

@@ -7,10 +7,25 @@
             "description": "Enable external access from outside the cluster",
             "default": false
         },
+        "size": {
+            "type": "string",
+            "description": "Persistent Volume size",
+            "default": "10Gi"
+        },
         "replicas": {
             "type": "number",
             "description": "Number of RabbitMQ replicas",
             "default": 3
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
+        },
+        "vhosts": {
+            "type": "object",
+            "description": "Virtual Hosts configuration",
+            "default": {}
         }
     }
 }

packages/apps/rabbitmq/values.yaml

@@ -1,7 +1,41 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
+## @param size Persistent Volume size
 ## @param replicas Number of RabbitMQ replicas
+## @param storageClass StorageClass used to store the data
 ##
 external: false
+size: 10Gi
 replicas: 3
+storageClass: ""
+
+## @section Configuration parameters
+
+## @param users [object] Users configuration
+## Example:
+## users:
+##   user1:
+##     password: strongpassword
+##   user2:
+##     password: hackme
+##   user3:
+##     password: testtest
+##
+users: {}
+
+## @param vhosts Virtual Hosts configuration
+## Example:
+## vhosts:
+##   myapp:
+##     roles:
+##       admin:
+##       - user1
+##       - user2
+##       readonly:
+##       - user3
+##   test:
+##     roles:
+##       admin:
+##       - user3
+vhosts: {}

packages/apps/redis/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/redis/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/redis/README.md

@@ -13,10 +13,11 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche
 
 ### Common parameters
 
-| Name       | Description                                     | Value   |
-| ---------- | ----------------------------------------------- | ------- |
-| `external` | Enable external access from outside the cluster | `false` |
-| `size`     | Persistent Volume size                          | `1Gi`   |
-| `replicas` | Number of Redis replicas                        | `2`     |
+| Name           | Description                                     | Value   |
+| -------------- | ----------------------------------------------- | ------- |
+| `external`     | Enable external access from outside the cluster | `false` |
+| `size`         | Persistent Volume size                          | `1Gi`   |
+| `replicas`     | Number of Redis replicas                        | `2`     |
+| `storageClass` | StorageClass used to store the data             | `""`    |
 
 

packages/apps/redis/templates/redisfailover.yaml

@@ -33,6 +33,9 @@ spec:
           resources:
             requests:
               storage: {{ . }}
+          {{- with $.Values.storageClass }}
+          storageClassName: {{ . }}
+          {{- end }}
     {{- end }}
     exporter: 
       enabled: true

packages/apps/redis/values.schema.json

@@ -16,6 +16,11 @@
             "type": "number",
             "description": "Number of Redis replicas",
             "default": 2
+        },
+        "storageClass": {
+            "type": "string",
+            "description": "StorageClass used to store the data",
+            "default": ""
         }
     }
 }

packages/apps/redis/values.yaml

@@ -3,7 +3,9 @@
 ## @param external Enable external access from outside the cluster
 ## @param size Persistent Volume size
 ## @param replicas Number of Redis replicas
+## @param storageClass StorageClass used to store the data
 ##
 external: false
 size: 1Gi
 replicas: 2
+storageClass: ""

packages/apps/tcp-balancer/Makefile

@@ -1,3 +1,5 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
 	cat values.schema.json.tmp | jq '.properties.httpAndHttps.properties.mode.enum = ["tcp","tcp-with-proxy"]' > values.schema.json

packages/apps/tenant/Makefile

@@ -1,2 +1,4 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json -r README.md

packages/apps/versions_map

@@ -1,16 +1,23 @@
 bucket 0.1.0 HEAD
 clickhouse 0.1.0 ca79f72
 clickhouse 0.2.0 7cd7de73
-clickhouse 0.2.1 HEAD
+clickhouse 0.2.1 5ca8823
+clickhouse 0.3.0 b00621e
+clickhouse 0.4.0 HEAD
 ferretdb 0.1.0 4ffa8615
-ferretdb 0.1.1 HEAD
+ferretdb 0.1.1 5ca8823
+ferretdb 0.2.0 adaf603
+ferretdb 0.3.0 aa2f553
+ferretdb 0.4.0 HEAD
 http-cache 0.1.0 a956713
-http-cache 0.2.0 HEAD
+http-cache 0.2.0 5ca8823
+http-cache 0.3.0 HEAD
 kafka 0.1.0 760f86d2
 kafka 0.2.0 a2cc83d
 kafka 0.2.1 3ac17018
 kafka 0.2.2 d0758692
-kafka 0.2.3 HEAD
+kafka 0.2.3 5ca8823
+kafka 0.3.0 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 7cd7de73
 kubernetes 0.3.0 7caccec1
@@ -20,21 +27,32 @@ kubernetes 0.6.0 4cbc8a2c
 kubernetes 0.7.0 ceefae03
 kubernetes 0.8.0 ac11056e
 kubernetes 0.8.1 e54608d8
-kubernetes 0.8.2 HEAD
+kubernetes 0.8.2 5ca8823
+kubernetes 0.9.0 9b6dd19
+kubernetes 0.10.0 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
-mysql 0.3.0 HEAD
-nats 0.1.0 HEAD
+mysql 0.3.0 5ca8823
+mysql 0.4.0 93018c4
+mysql 0.5.0 HEAD
+nats 0.1.0 5ca8823
+nats 0.2.0 HEAD
 postgres 0.1.0 f642698
 postgres 0.2.0 7cd7de73
 postgres 0.2.1 4a97e297
 postgres 0.3.0 995dea6f
 postgres 0.4.0 ec283c33
-postgres 0.4.1 HEAD
+postgres 0.4.1 5ca8823
+postgres 0.5.0 c07c4bbd
+postgres 0.6.0 HEAD
 rabbitmq 0.1.0 f642698
-rabbitmq 0.2.0 HEAD
+rabbitmq 0.2.0 5ca8823
+rabbitmq 0.3.0 9e33dc0
+rabbitmq 0.4.0 36d8855
+rabbitmq 0.4.1 HEAD
 redis 0.1.1 f642698
-redis 0.2.0 HEAD
+redis 0.2.0 5ca8823
+redis 0.3.0 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
@@ -48,6 +66,9 @@ tenant 1.3.1 c56e5769
 tenant 1.4.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
-virtual-machine 0.2.0 HEAD
+virtual-machine 0.2.0 5ca8823
+virtual-machine 0.3.0 b908400
+virtual-machine 0.4.0 HEAD
 vpn 0.1.0 f642698
-vpn 0.2.0 HEAD
+vpn 0.2.0 7151424
+vpn 0.3.0 HEAD

packages/apps/virtual-machine/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/virtual-machine/Makefile

@@ -1,7 +1,10 @@
+include ../../../scripts/package.mk
+
 generate:
 	readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
 	cat values.schema.json.tmp | \
-		jq '.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora"]' | \
-		jq '.properties.resources.properties.memory["x-display"] = "slider"' \
+		jq '.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' | \
+		jq '.properties.resources.properties.memory["x-display"] = "slider"' | \
+		jq '.properties.externalPorts.items.type = "integer"' \
 		> values.schema.json
 	rm -f values.schema.json.tmp

packages/apps/virtual-machine/README.md

@@ -6,19 +6,70 @@ A Virtual Machine (VM) simulates computer hardware, enabling various operating s
 
 The virtual machine is managed and hosted through KubeVirt, allowing you to harness the benefits of virtualization within your Kubernetes ecosystem.
 
-- Docs: https://kubevirt.io/user-guide/
-- GitHub: https://github.com/kubevirt/kubevirt
+- Docs: [KubeVirt User Guide](https://kubevirt.io/user-guide/)
+- GitHub: [KubeVirt Repository](https://github.com/kubevirt/kubevirt)
+
+## Accessing virtual machine
+
+You can access the virtual machine using the virtctl tool:
+- [KubeVirt User Guide - Virtctl Client Tool](https://kubevirt.io/user-guide/user_workloads/virtctl_client_tool/)
+
+To access the serial console:
+
+```
+virtctl console <vm>
+```
+
+To access the VM using VNC:
+
+```
+virtctl vnc <vm>
+```
+
+To SSH into the VM:
+
+```
+virtctl ssh <user>@<vm>
+```
 
 ## Parameters
 
 ### Common parameters
 
-| Name               | Description                                                                                       | Value    |
-| ------------------ | ------------------------------------------------------------------------------------------------- | -------- |
-| `external`         | Enable external access from outside the cluster                                                   | `false`  |
-| `running`          | Determines if the virtual machine should be running                                               | `true`   |
-| `password`         | The default password for the virtual machine                                                      | `hackme` |
-| `image`            | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine` and `fedora` | `ubuntu` |
-| `disk`             | The size of the disk allocated for the virtual machine                                            | `5Gi`    |
-| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                          | `1`      |
-| `resources.memory` | The amount of memory allocated to the virtual machine                                             | `1024M`  |
+| Name               | Description                                                                                                | Value            |
+| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- |
+| `external`         | Enable external access from outside the cluster                                                            | `false`          |
+| `externalPorts`    | Specify ports to forward from outside the cluster                                                          | `[]`             |
+| `running`          | Determines if the virtual machine should be running                                                        | `true`           |
+| `image`            | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos` | `ubuntu`         |
+| `storageClass`     | StorageClass used to store the data                                                                        | `replicated`     |
+| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                                   | `1`              |
+| `resources.memory` | The amount of memory allocated to the virtual machine                                                      | `1024M`          |
+| `resources.disk`   | The size of the disk allocated for the virtual machine                                                     | `5Gi`            |
+| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`             |
+| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.                                | `#cloud-config
+` |
+
+You can customize the exposed ports by specifying them under `service.ports` in the `values.yaml` file.
+
+## Example virtual machine:
+
+```yaml
+running: true
+image: fedora
+storageClass: replicated
+resources:
+  cpu: 1
+  memory: 1024M
+  disk: 10Gi
+
+sshKeys:
+- ssh-rsa ...
+
+cloudInit: |
+  #cloud-config
+  user: fedora
+  password: fedora
+  chpasswd: { expire: False }
+  ssh_pwauth: True
+```

packages/apps/virtual-machine/templates/secret.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.sshKeys }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "virtual-machine.fullname" $ }}-ssh-keys
+stringData:
+  {{- range $k, $v := .Values.sshKeys }}
+  key{{ $k }}: {{ quote $v }} 
+  {{- end }}
+{{- end }}
+{{- if .Values.cloudInit }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "virtual-machine.fullname" . }}-cloud-init
+stringData:
+  userdata: |
+    {{- .Values.cloudInit | nindent 4 }}
+{{- end }}

packages/apps/virtual-machine/templates/service.yaml

@@ -8,20 +8,14 @@ metadata:
     {{- include "virtual-machine.labels" . | nindent 4 }}
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
-  {{- if .Values.external }}
   externalTrafficPolicy: Local
   allocateLoadBalancerNodePorts: false
-  {{- end }}
   selector:
     {{- include "virtual-machine.labels" . | nindent 4 }}
   ports:
-  - name: ssh
-    port: 22
-    targetPort: 22
-  - name: http
-    port: 80
-    targetPort: 80
-  - name: https
-    port: 443
-    targetPort: 443
+    {{- range .Values.externalPorts }}
+    - name: port-{{ . }}
+      port: {{ . }}
+      targetPort: {{ . }}
+    {{- end }}
 {{- end }}

packages/apps/virtual-machine/templates/vm.yaml

@@ -1,34 +1,38 @@
-apiVersion: kubevirt.io/v1alpha3
+apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
   name: {{ include "virtual-machine.fullname" . }}
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
 spec:
-  running: true
+  running: {{ .Values.running | default "true" }}
   dataVolumeTemplates:
   - metadata:
       name: {{ include "virtual-machine.fullname" . }}
     spec:
       pvc:
+        volumeMode: Block
         accessModes:
-        - ReadWriteOnce
+        - ReadWriteMany
         resources:
           requests:
-            storage: {{ .Values.disk | quote }}
-        storageClassName: replicated
+            storage: {{ .Values.resources.disk | quote }}
+        {{- with $.Values.storageClass }}
+        storageClassName: {{ . }}
+        {{- end }}
       source:
         http:
           {{- if eq .Values.image "cirros" }}
           url: https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
           {{- else if eq .Values.image "ubuntu" }}
-          url: https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
+          url: https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img
           {{- else if eq .Values.image "fedora" }}
-          url: https://mirror.karneval.cz/pub/linux/fedora/linux/releases/39/Cloud/x86_64/images/Fedora-Cloud-Base-39-1.5.x86_64.qcow2
+          url: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2
           {{- else if eq .Values.image "alpine" }}
-          url: https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-virt-3.19.1-x86_64.iso
+          url: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.2-x86_64-bios-tiny-r0.qcow2
+          {{- else if eq .Values.image "talos" }}
+          url: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
           {{- end }}
-
   template:
     metadata:
       annotations:
@@ -44,22 +48,39 @@ spec:
           - disk:
               bus: scsi
             name: systemdisk
+          {{- if or .Values.sshKeys .Values.cloudInit }}
           - disk:
               bus: virtio
             name: cloudinitdisk
+          {{- end }}
+          interfaces:
+          - name: default
+            bridge: {}
         machine:
           type: ""
         resources:
           requests:
             memory: {{ .Values.resources.memory | quote }}
+      {{- with .Values.sshKeys }}
+      accessCredentials:
+      - sshPublicKey:
+          source:
+            secret:
+              secretName: {{ include "virtual-machine.fullname" $ }}-ssh-keys
+          propagationMethod:
+            noCloud: {}
+      {{- end }}
       terminationGracePeriodSeconds: 30
       volumes:
-      - dataVolume:
+      - name: systemdisk
+        dataVolume:
           name: {{ include "virtual-machine.fullname" . }}
-        name: systemdisk
-      - cloudInitNoCloud:
-          userData: |-
-            #cloud-config
-            password: {{ .Values.password }}
-            chpasswd: { expire: False }
-        name: cloudinitdisk
+      {{- if or .Values.sshKeys .Values.cloudInit }}
+      - name: cloudinitdisk
+        cloudInitNoCloud:
+          secretRef:
+            name: {{ include "virtual-machine.fullname" . }}-cloud-init
+      {{- end }}
+      networks:
+      - name: default
+        pod: {}

packages/apps/virtual-machine/values.schema.json

@@ -7,31 +7,35 @@
       "description": "Enable external access from outside the cluster",
       "default": false
     },
+    "externalPorts": {
+      "type": "array",
+      "description": "Specify ports to forward from outside the cluster",
+      "default": "[]",
+      "items": {
+        "type": "integer"
+      }
+    },
     "running": {
       "type": "boolean",
       "description": "Determines if the virtual machine should be running",
       "default": true
     },
-    "password": {
-      "type": "string",
-      "description": "The default password for the virtual machine",
-      "default": "hackme"
-    },
     "image": {
       "type": "string",
-      "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine` and `fedora`",
+      "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`",
       "default": "ubuntu",
       "enum": [
         "ubuntu",
         "cirros",
         "alpine",
-        "fedora"
+        "fedora",
+        "talos"
       ]
     },
-    "disk": {
+    "storageClass": {
       "type": "string",
-      "description": "The size of the disk allocated for the virtual machine",
-      "default": "5Gi"
+      "description": "StorageClass used to store the data",
+      "default": "replicated"
     },
     "resources": {
       "type": "object",
@@ -46,8 +50,26 @@
           "description": "The amount of memory allocated to the virtual machine",
           "default": "1024M",
           "x-display": "slider"
+        },
+        "disk": {
+          "type": "string",
+          "description": "The size of the disk allocated for the virtual machine",
+          "default": "5Gi"
         }
       }
+    },
+    "sshKeys": {
+      "type": "array",
+      "description": "List of SSH public keys for authentication. Can be a single key or a list of keys.",
+      "default": "[]",
+      "items": {
+        "type": "string"
+      }
+    },
+    "cloudInit": {
+      "type": "string",
+      "description": "cloud-init user data config. See cloud-init documentation for more details.",
+      "default": "#cloud-config\n"
     }
   }
 }

packages/apps/virtual-machine/values.yaml

@@ -1,18 +1,43 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
+## @param externalPorts [array] Specify ports to forward from outside the cluster
 ## @param running Determines if the virtual machine should be running
-## @param password The default password for the virtual machine
-## @param image The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine` and `fedora`
-## @param disk The size of the disk allocated for the virtual machine
+## @param image The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`
+## @param storageClass StorageClass used to store the data
 ## @param resources.cpu The number of CPU cores allocated to the virtual machine
 ## @param resources.memory The amount of memory allocated to the virtual machine
+## @param resources.disk The size of the disk allocated for the virtual machine
 
 external: false
+externalPorts:
+- 22
+
 running: true
-password: hackme
 image: ubuntu
-disk: 5Gi
+storageClass: replicated
 resources:
   cpu: 1
   memory: 1024M
+  disk: 5Gi
+
+## @param sshKeys [array] List of SSH public keys for authentication. Can be a single key or a list of keys.
+## Example:
+## sshKeys:
+##   - ssh-rsa ...
+##   - ssh-ed25519 ...
+##
+sshKeys: []
+
+## @param cloudInit cloud-init user data config. See cloud-init documentation for more details.
+## - https://cloudinit.readthedocs.io/en/latest/explanation/format.html
+## - https://cloudinit.readthedocs.io/en/latest/reference/examples.html
+## Example:
+## cloudInit: |
+##   #cloud-config
+##   password: ubuntu
+##   chpasswd: { expire: False }
+##
+cloudInit: |
+  #cloud-config
+

packages/apps/vpn/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to