Prepare release v0.14.0 (#333 )

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>  ## Summary by CodeRabbit - **New Features** - Upgraded various container images to version `v0.14.0`, enhancing application performance and potentially introducing new features and bug fixes. - **Bug Fixes** - Improved version tracking for packages by updating commit hashes, enhancing clarity and traceability. - **Chores** - Updated configuration files to reflect the new image versions for components, ensuring the latest updates are utilized across the application.  Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Add passwords generation to ClickHouse (#332 )
2026-02-03 07:26:06 +00:00 · 2024-09-04 16:23:21 +02:00 · 2024-09-04 15:20:38 +02:00 · 2024-09-04 15:15:24 +02:00 · 2024-09-04 15:15:05 +02:00 · 2024-09-04 15:14:50 +02:00
60 changed files with 10550 additions and 8338 deletions
--- a/hack/gen_versions_map.sh
+++ b/hack/gen_versions_map.sh
@@ -24,24 +24,36 @@ resolved_miss_map=$(
      change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}')
       
      if [ "$change_commit" = "00000000" ]; then
-        # Not commited yet, use previus commit
+        # Not committed yet, use previous commit
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
+          # Previous commit not exists
          commit=$(echo $commit | cut -c2-)
        fi
      else
-        # Commited, but version_map wasn't updated
+        # Committed, but version_map wasn't updated
        line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}')
        change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}')
        if [ $(echo $change_commit | cut -c1) = "^" ]; then
-          # Previus commit not exists
+          # Previous commit not exists
          commit=$(echo $change_commit | cut -c2-)
        else
          commit=$(git describe --always "$change_commit~1")
        fi
      fi
+
+      # Check if the commit belongs to the main branch
+      if ! git merge-base --is-ancestor "$commit" main; then
+        # Find the closest parent commit that belongs to main
+        commit_in_main=$(git log --pretty=format:"%H" main -- "$chart/Chart.yaml" | head -n 1)
+        if [ -n "$commit_in_main" ]; then
+          commit="$commit_in_main"
+        else
+          # No valid commit found in main branch for $chart, skipping..."
+          continue
+        fi
+      fi
    fi
    echo "$chart $version $commit"
  done
--- a/manifests/cozystack-installer.yaml
+++ b/manifests/cozystack-installer.yaml
@@ -68,7 +68,7 @@ spec:
      serviceAccountName: cozystack
      containers:
      - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.13.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.0"
        env:
        - name: KUBERNETES_SERVICE_HOST
          value: localhost
@@ -87,7 +87,7 @@ spec:
            fieldRef:
              fieldPath: metadata.name
      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.13.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.14.0"
        command:
        - /usr/bin/darkhttpd
        - /cozystack/assets
--- a/packages/apps/clickhouse/Chart.yaml
+++ b/packages/apps/clickhouse/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/clickhouse/templates/clickhouse.yaml
+++ b/packages/apps/clickhouse/templates/clickhouse.yaml
@@ -1,3 +1,32 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
+
+---
 apiVersion: "clickhouse.altinity.com/v1"
 kind: "ClickHouseInstallation"
 metadata:
@@ -12,7 +41,7 @@ spec:
    {{- with .Values.users }}
    users:
      {{- range $name, $u := . }}
-      {{ $name }}/password_sha256_hex: {{ sha256sum $u.password }}
+      {{ $name }}/password_sha256_hex: {{ sha256sum (index $passwords $name) }}
      {{ $name }}/profile: {{ ternary "readonly" "default" (index $u "readonly" | default false) }}
      {{ $name }}/networks/ip: ["::/0"]
      {{- end }}
@@ -31,7 +60,7 @@ spec:
        spec:
          accessModes:
            - ReadWriteOnce
-          {{- with .Values.storageClass }}
+          {{- with $.Values.storageClass }}
          storageClassName: {{ . }}
          {{- end }}
          resources:
--- a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - chi-clickhouse-test-clickhouse-0-0
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/ferretdb/Chart.yaml
+++ b/packages/apps/ferretdb/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/ferretdb/templates/init-script.yaml
+++ b/packages/apps/ferretdb/templates/init-script.yaml
@@ -1,3 +1,30 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Secret
@@ -13,7 +40,7 @@ stringData:
    {{- range $user, $u := .Values.users }}
    SELECT 'CREATE ROLE {{ $user }} LOGIN INHERIT;'
    WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $user }}')\gexec
-    ALTER ROLE {{ $user }} WITH PASSWORD '{{ $u.password }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
+    ALTER ROLE {{ $user }} WITH PASSWORD '{{ index $passwords $user }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
    COMMENT ON ROLE {{ $user }} IS 'user managed by helm';
    {{- end }}
    EOT
--- a/packages/apps/mysql/Chart.yaml
+++ b/packages/apps/mysql/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.5.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/mysql/README.md
+++ b/packages/apps/mysql/README.md
@@ -79,7 +79,7 @@ more details:
 | Name        | Description             | Value |
 | ----------- | ----------------------- | ----- |
 | `users`     | Users configuration     | `{}`  |
-| `databases` | Databases configuration | `[]`  |
+| `databases` | Databases configuration | `{}`  |

 ### Backup parameters

--- a/packages/apps/mysql/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/mysql/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}-primary
+  - {{ .Release.Name }}-secondary
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/mysql/templates/db.yaml
+++ b/packages/apps/mysql/templates/db.yaml
@@ -1,14 +1,47 @@
-{{- range $name := .Values.databases }}
-{{ $dnsName := replace "_" "-" $name }}
+{{- range $name, $db := .Values.databases }}
+{{ $dbDNSName := replace "_" "-" $name }}
 ---
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Database
 metadata:
-  name: {{ $.Release.Name }}-{{ $dnsName }}
+  name: {{ $.Release.Name }}-{{ $dbDNSName }}
 spec:
  name: {{ $name }}
  mariaDbRef:
    name: {{ $.Release.Name }}
  characterSet: utf8
  collate: utf8_general_ci
+{{- range $user := $db.roles.admin }}
+{{ $userDNSName := replace "_" "-" $user }}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: {{ $.Release.Name }}-{{ $dbDNSName }}-{{ $userDNSName }}
+spec:
+  mariaDbRef:
+    name: {{ $.Release.Name }}
+  privileges: ['ALL']
+  database: {{ $name }}
+  table: "*"
+  username: {{ $user }}
+  grantOption: true
+{{- end }}
+{{- range $user := $db.roles.readonly }}
+{{ $userDNSName := replace "_" "-" $user }}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: {{ $.Release.Name }}-{{ $dbDNSName }}-{{ $userDNSName }}
+spec:
+  mariaDbRef:
+    name: {{ $.Release.Name }}
+  privileges: ['SELECT']
+  database: {{ $name }}
+  table: "*"
+  username: {{ $user }}
+  grantOption: true
+{{- end }}
+
 {{- end }}
--- a/packages/apps/mysql/templates/mariadb.yaml
+++ b/packages/apps/mysql/templates/mariadb.yaml
@@ -4,11 +4,9 @@ kind: MariaDB
 metadata:
  name: {{ .Release.Name }}
 spec:
-  {{- if (and .Values.users.root .Values.users.root.password) }}
  rootPasswordSecretKeyRef:
-    name: {{ .Release.Name }}
-    key: root-password
-  {{- end }}
+    name: {{ .Release.Name }}-credentials
+    key: root

  image: "mariadb:11.0.2"

--- a/packages/apps/mysql/templates/secret.yaml
+++ b/packages/apps/mysql/templates/secret.yaml
@@ -1,9 +1,31 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- $usersWithRoot := .Values.users }}
+{{- if (and .Values.users.root .Values.users.root.password) }}
+  {{- $_ := set $usersWithRoot "root" dict }}
+{{- end }}
+
+{{- range $user, $u := $usersWithRoot }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ .Release.Name }}-credentials
 stringData:
-  {{- range $name, $u := .Values.users }}
-  {{ $name }}-password: {{ $u.password }}
+  {{- range $name, $u := $usersWithRoot }}
+  {{ $name }}: {{ index $passwords $name }}
  {{- end }}
--- a/packages/apps/mysql/templates/user.yaml
+++ b/packages/apps/mysql/templates/user.yaml
@@ -11,21 +11,8 @@ spec:
  mariaDbRef:
    name: {{ $.Release.Name }}
  passwordSecretKeyRef:
-    name: {{ $.Release.Name }}
-    key: {{ $name }}-password
+    name: {{ $.Release.Name }}-credentials
+    key: {{ $name }}
  maxUserConnections: {{ $u.maxUserConnections }}
---
-apiVersion: k8s.mariadb.com/v1alpha1
-kind: Grant
-metadata:
-  name: {{ $.Release.Name }}-{{ $dnsName }}
-spec:
-  mariaDbRef:
-    name: {{ $.Release.Name }}
-  privileges: {{ $u.privileges | toJson }}
-  database: "*"
-  table: "*"
-  username: {{ $name }}
-  grantOption: true
 {{- end }}
 {{- end }}
--- a/packages/apps/mysql/values.schema.json
+++ b/packages/apps/mysql/values.schema.json
@@ -22,12 +22,6 @@
            "description": "StorageClass used to store the data",
            "default": ""
        },
-        "databases": {
-            "type": "array",
-            "description": "Databases configuration",
-            "default": [],
-            "items": {}
-        },
        "backup": {
            "type": "object",
            "properties": {
--- a/packages/apps/mysql/values.yaml
+++ b/packages/apps/mysql/values.yaml
@@ -15,27 +15,25 @@ storageClass: ""
 ## @param users [object] Users configuration
 ## Example:
 ## users:
-##   root:
-##     password: strongpassword
 ##   user1:
-##     privileges: ['ALL']
 ##     maxUserConnections: 1000
 ##     password: hackme
 ##   user2:
-##     privileges: ['SELECT']
 ##     maxUserConnections: 1000
 ##     password: hackme
 ##
 users: {}

-## @param databases Databases configuration
+## @param databases [object] Databases configuration
 ## Example:
 ## databases:
-## - wordpress1
-## - wordpress2
-## - wordpress3
-## - wordpress4
-databases: []
+##   myapp1:
+##     roles:
+##       admin:
+##       - user1
+##       readonly:
+##       - user2
+databases: {}

 ## @section Backup parameters

--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.6.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/postgres/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/postgres/templates/dashboard-resourcemap.yaml
@@ -8,7 +8,14 @@ rules:
  resources:
  - services
  resourceNames:
-  - postgres-service-r
-  - postgres-service-ro
-  - postgres-service-rw
+  - {{ .Release.Name }}-r
+  - {{ .Release.Name }}-ro
+  - {{ .Release.Name }}-rw
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
  verbs: ["get", "list", "watch"]
--- a/packages/apps/postgres/templates/init-script.yaml
+++ b/packages/apps/postgres/templates/init-script.yaml
@@ -1,3 +1,30 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-credentials" .Release.Name) }}
+{{- $passwords := dict }}
+
+{{- with (index $existingSecret "data") }}
+  {{- range $k, $v := . }}
+    {{- $_ := set $passwords $k (b64dec $v) }}
+  {{- end }}
+{{- end }}
+
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Secret
@@ -13,7 +40,7 @@ stringData:
    {{- range $user, $u := .Values.users }}
    SELECT 'CREATE ROLE {{ $user }} LOGIN INHERIT;'
    WHERE NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '{{ $user }}')\gexec
-    ALTER ROLE {{ $user }} WITH PASSWORD '{{ $u.password }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
+    ALTER ROLE {{ $user }} WITH PASSWORD '{{ index $passwords $user }}' LOGIN INHERIT {{ ternary "REPLICATION" "NOREPLICATION" (default false $u.replication) }};
    COMMENT ON ROLE {{ $user }} IS 'user managed by helm';
    {{- end }}
    EOT
--- a/packages/apps/rabbitmq/Chart.yaml
+++ b/packages/apps/rabbitmq/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.12.2"
+appVersion: "3.13.2"
--- a/packages/apps/rabbitmq/README.md
+++ b/packages/apps/rabbitmq/README.md
@@ -19,3 +19,10 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an
 | `size`         | Persistent Volume size                          | `10Gi`  |
 | `replicas`     | Number of RabbitMQ replicas                     | `3`     |
 | `storageClass` | StorageClass used to store the data             | `""`    |
+
+### Configuration parameters
+
+| Name     | Description                 | Value |
+| -------- | --------------------------- | ----- |
+| `users`  | Users configuration         | `{}`  |
+| `vhosts` | Virtual Hosts configuration | `{}`  |
--- a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,22 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-default-user
+  {{- range $name, $u := .Values.users }}
+  - {{ $.Release.Name }}-{{ kebabcase $name }}-credentials
+  {{- end }}
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]
--- a/packages/apps/rabbitmq/templates/rabbitmq.yaml
+++ b/packages/apps/rabbitmq/templates/rabbitmq.yaml
@@ -17,3 +17,81 @@ spec:
    storageClassName: {{ . }}
    {{- end }}
    storage: {{ .Values.size }}
+
+{{- range $user, $u := .Values.users }}
+
+{{- $password := $u.password }}
+{{- if not $password }}
+{{- with (dig "data" "password" "" (lookup "v1" "Secret" $.Release.Namespace (printf "%s-%s-credentials" $.Release.Name (kebabcase $user)))) }}
+{{- $password = b64dec . }}
+{{- end }}
+{{- end }}
+{{- if not $password }}
+{{- $password = (randAlphaNum 16) }}
+{{- end }}
+
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: User
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $user }}
+  annotations:
+    config: '{{ printf "%s %s" $user $password | sha256sum }}'
+spec:
+  importCredentialsSecret:
+    name: {{ $.Release.Name }}-{{ $user }}-credentials
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $user }}-credentials
+type: Opaque
+stringData:
+  username: {{ $user }}
+  password: {{ $password }}
+{{- end }}
+
+{{- range $host, $h := .Values.vhosts }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Vhost
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $host }}
+spec:
+  name: {{ $host }}
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+{{- range $user := $h.roles.admin }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }}
+spec:
+  vhost: "{{ $host }}"
+  user: "{{ $user }}"
+  permissions:
+    write: ".*"
+    configure: ".*"
+    read: ".*"
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+{{- end }}
+{{- range $user := $h.roles.readonly }}
+---
+apiVersion: rabbitmq.com/v1beta1
+kind: Permission
+metadata:
+  name: {{ $.Release.Name }}-{{ kebabcase $host }}-{{ kebabcase $user }}
+spec:
+  vhost: "{{ $host }}"
+  user: "{{ $user }}"
+  permissions:
+    read: ".*"
+  rabbitmqClusterReference:
+    name: {{ $.Release.Name }}
+{{- end }}
+
+{{- end }}
--- a/packages/apps/rabbitmq/values.schema.json
+++ b/packages/apps/rabbitmq/values.schema.json
@@ -21,6 +21,11 @@
            "type": "string",
            "description": "StorageClass used to store the data",
            "default": ""
+        },
+        "vhosts": {
+            "type": "object",
+            "description": "Virtual Hosts configuration",
+            "default": {}
        }
    }
 }
--- a/packages/apps/rabbitmq/values.yaml
+++ b/packages/apps/rabbitmq/values.yaml
@@ -9,3 +9,33 @@ external: false
 size: 10Gi
 replicas: 3
 storageClass: ""
+
+## @section Configuration parameters
+
+## @param users [object] Users configuration
+## Example:
+## users:
+##   user1:
+##     password: strongpassword
+##   user2:
+##     password: hackme
+##   user3:
+##     password: testtest
+##
+users: {}
+
+## @param vhosts Virtual Hosts configuration
+## Example:
+## vhosts:
+##   myapp:
+##     roles:
+##       admin:
+##       - user1
+##       - user2
+##       readonly:
+##       - user3
+##   test:
+##     roles:
+##       admin:
+##       - user3
+vhosts: {}
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -2,11 +2,13 @@ bucket 0.1.0 HEAD
 clickhouse 0.1.0 ca79f72
 clickhouse 0.2.0 7cd7de73
 clickhouse 0.2.1 5ca8823
-clickhouse 0.3.0 HEAD
+clickhouse 0.3.0 b00621e
+clickhouse 0.4.0 HEAD
 ferretdb 0.1.0 4ffa8615
 ferretdb 0.1.1 5ca8823
 ferretdb 0.2.0 adaf603
-ferretdb 0.3.0 HEAD
+ferretdb 0.3.0 aa2f553
+ferretdb 0.4.0 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 5ca8823
 http-cache 0.3.0 HEAD
@@ -31,7 +33,8 @@ kubernetes 0.10.0 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 5ca8823
-mysql 0.4.0 HEAD
+mysql 0.4.0 93018c4
+mysql 0.5.0 HEAD
 nats 0.1.0 5ca8823
 nats 0.2.0 HEAD
 postgres 0.1.0 f642698
@@ -40,10 +43,12 @@ postgres 0.2.1 4a97e297
 postgres 0.3.0 995dea6f
 postgres 0.4.0 ec283c33
 postgres 0.4.1 5ca8823
-postgres 0.5.0 HEAD
+postgres 0.5.0 c07c4bbd
+postgres 0.6.0 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 5ca8823
-rabbitmq 0.3.0 HEAD
+rabbitmq 0.3.0 9e33dc0
+rabbitmq 0.4.0 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 5ca8823
 redis 0.3.0 HEAD
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.13.0@sha256:0943f277c63f20cea19bef0207dc47f47157b58309c09af18830aac7906d1416
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.14.0@sha256:5a0269683feb4fff24e9044a41453dbedbc857ad450102b275e1d05aa3aec081
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.13.0@sha256:be1693c8ce6a9522499f79b1e42b2e08c7ca80405026a095299e5e990a3ab791
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.14.0@sha256:be1693c8ce6a9522499f79b1e42b2e08c7ca80405026a095299e5e990a3ab791
--- a/packages/extra/seaweedfs/templates/seaweedfs.yaml
+++ b/packages/extra/seaweedfs/templates/seaweedfs.yaml
@@ -50,7 +50,7 @@ spec:
            cert-manager.io/cluster-issuer: letsencrypt-prod
          tls:
            - hosts:
-              - {{ .Values.host | default (printf "seaweedfs.%s" $host) }}
+              - {{ .Values.host | default (printf "s3.%s" $host) }}
              secretName: {{ .Release.Name }}-s3-ingress-tls

      cosi:
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -33,11 +33,11 @@ kubeapps:
    image:
      registry: ghcr.io/aenix-io/cozystack
      repository: dashboard
-      tag: v0.13.0
+      tag: v0.14.0
      digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
  kubeappsapis:
    image:
      registry: ghcr.io/aenix-io/cozystack
      repository: kubeapps-apis
-      tag: v0.13.0
-      digest: "sha256:a8cf2b536573f4bc29d4dce323ef3007a65567d6f1fe7803490bd71f422aca88"
+      tag: v0.14.0
+      digest: "sha256:7918268647b8f4862f312df9ba42e9edfd2f703223259e2e8b9e02da1ad71cc4"
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,5 +3,5 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v0.13.0@sha256:197d7c36f76d4d9c09cc82eb87f9e36f05799a2b9158ae27e4729f2dd636ad0d
+    tag: v0.14.0@sha256:47bf03ba0f5a4c25eb53df94a1962bbd2423b1b3d027de26945b06a363eebf2e
    repository: ghcr.io/aenix-io/cozystack/kamaji
--- a/packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.0.28
+appVersion: v0.0.30
 description: Run and operate MariaDB in a cloud native way
 home: https://github.com/mariadb-operator/mariadb-operator
 icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
@@ -10,10 +10,10 @@ keywords:
 - mariadb-operator
 - database
 - maxscale
-kubeVersion: '>= 1.16.0-0'
+kubeVersion: '>=1.26.0-0'
 maintainers:
 - email: mariadb-operator@proton.me
  name: mmontes11
 name: mariadb-operator
 type: application
-version: 0.28.1
+version: 0.30.0
--- a/packages/system/mariadb-operator/charts/mariadb-operator/README.md
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/README.md
@@ -6,13 +6,13 @@
 <img src="https://mariadb-operator.github.io/mariadb-operator/assets/mariadb-operator_centered_whitebg.svg" alt="mariadb" width="100%"/>
 </p>

-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.28.1](https://img.shields.io/badge/Version-0.28.1-informational?style=flat-square) ![AppVersion: v0.0.28](https://img.shields.io/badge/AppVersion-v0.0.28-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.30.0](https://img.shields.io/badge/Version-0.30.0-informational?style=flat-square) ![AppVersion: v0.0.30](https://img.shields.io/badge/AppVersion-v0.0.30-informational?style=flat-square)

 Run and operate MariaDB in a cloud native way

 ## Installing
 ```bash
-helm repo add mariadb-operator https://mariadb-operator.github.io/mariadb-operator
+helm repo add mariadb-operator https://helm.mariadb.com/mariadb-operator
 helm install mariadb-operator mariadb-operator/mariadb-operator
 ```

@@ -36,7 +36,7 @@ helm uninstall mariadb-operator
 | certController.ha.enabled | bool | `false` | Enable high availability |
 | certController.ha.replicas | int | `3` | Number of replicas |
 | certController.image.pullPolicy | string | `"IfNotPresent"` |  |
-| certController.image.repository | string | `"ghcr.io/mariadb-operator/mariadb-operator"` |  |
+| certController.image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` |  |
 | certController.image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
 | certController.imagePullSecrets | list | `[]` |  |
 | certController.lookaheadValidity | string | `"2160h"` | Duration used to verify whether a certificate is valid or not. |
@@ -59,13 +59,14 @@ helm uninstall mariadb-operator
 | clusterName | string | `"cluster.local"` | Cluster DNS name |
 | extrArgs | list | `[]` | Extra arguments to be passed to the controller entrypoint |
 | extraEnv | list | `[]` | Extra environment variables to be passed to the controller |
+| extraEnvFrom | list | `[]` | Extra environment variables from preexiting ConfigMap / Secret objects used by the controller using envFrom |
 | extraVolumeMounts | list | `[]` | Extra volumes to mount to the container. |
 | extraVolumes | list | `[]` | Extra volumes to pass to pod. |
 | fullnameOverride | string | `""` |  |
 | ha.enabled | bool | `false` | Enable high availability |
 | ha.replicas | int | `3` | Number of replicas |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"ghcr.io/mariadb-operator/mariadb-operator"` |  |
+| image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` |  |
 | image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
 | imagePullSecrets | list | `[]` |  |
 | logLevel | string | `"INFO"` | Controller log level |
@@ -78,6 +79,7 @@ helm uninstall mariadb-operator
 | nodeSelector | object | `{}` | Node selectors to add to controller Pod |
 | podAnnotations | object | `{}` | Annotations to add to controller Pod |
 | podSecurityContext | object | `{}` | Security context to add to controller Pod |
+| rbac.aggregation.enabled | bool | `true` | Specifies whether the cluster roles aggrate to view and edit predefinied roles |
 | rbac.enabled | bool | `true` | Specifies whether RBAC resources should be created |
 | resources | object | `{}` | Resources to add to controller container |
 | securityContext | object | `{}` | Security context to add to controller container |
@@ -89,12 +91,14 @@ helm uninstall mariadb-operator
 | tolerations | list | `[]` | Tolerations to add to controller Pod |
 | webhook.affinity | object | `{}` | Affinity to add to controller Pod |
 | webhook.annotations | object | `{}` | Annotations for webhook configurations. |
-| webhook.cert.caPath | string | `"/tmp/k8s-webhook-server/certificate-authority"` | Path where the CA certificate will be mounted. |
+| webhook.cert.ca.key | string | `""` | File under 'ca.path' that contains the full CA trust chain. |
+| webhook.cert.ca.path | string | `""` | Path that contains the full CA trust chain. |
 | webhook.cert.certManager.duration | string | `""` | Duration to be used in the Certificate resource, |
 | webhook.cert.certManager.enabled | bool | `false` | Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead. |
 | webhook.cert.certManager.issuerRef | object | `{}` | Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used. |
 | webhook.cert.certManager.renewBefore | string | `""` | Renew before duration to be used in the Certificate resource. |
-| webhook.cert.path | string | `"/tmp/k8s-webhook-server/serving-certs"` | Path where the certificate will be mounted. |
+| webhook.cert.certManager.revisionHistoryLimit | int | `3` | The maximum number of CertificateRequest revisions that are maintained in the Certificate’s history. |
+| webhook.cert.path | string | `"/tmp/k8s-webhook-server/serving-certs"` | Path where the certificate will be mounted. 'tls.crt' and 'tls.key' certificates files should be under this path. |
 | webhook.cert.secretAnnotations | object | `{}` | Annotatioms to be added to webhook TLS secret. |
 | webhook.cert.secretLabels | object | `{}` | Labels to be added to webhook TLS secret. |
 | webhook.extrArgs | list | `[]` | Extra arguments to be passed to the webhook entrypoint |
@@ -104,7 +108,7 @@ helm uninstall mariadb-operator
 | webhook.ha.replicas | int | `3` | Number of replicas |
 | webhook.hostNetwork | bool | `false` | Expose the webhook server in the host network |
 | webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
-| webhook.image.repository | string | `"ghcr.io/mariadb-operator/mariadb-operator"` |  |
+| webhook.image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` |  |
 | webhook.image.tag | string | `""` | Image tag to use. By default the chart appVersion is used |
 | webhook.imagePullSecrets | list | `[]` |  |
 | webhook.nodeSelector | object | `{}` | Node selectors to add to controller Pod |
--- a/packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/README.md.gotmpl
@@ -1,4 +1,4 @@
-{{ $chartRepo := "https://mariadb-operator.github.io/mariadb-operator" }}
+{{ $chartRepo := "https://helm.mariadb.com/mariadb-operator" }}
 {{ $org := "mariadb-operator" }}
 {{ $release := "mariadb-operator" }}
 [//]: # (README.md generated by gotmpl. DO NOT EDIT.)
--- a/packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/crds/crds.yaml
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/_helpers.tpl
@@ -70,6 +70,34 @@ app.kubernetes.io/name: {{ include "mariadb-operator.name" . }}-webhook
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}

+{{/*
+Webhook CA path to use cert-controller issued certificates
+*/}}
+{{- define "mariadb-operator-webhook.certControllerCAPath" -}}
+{{ .Values.webhook.cert.ca.path | default "/tmp/k8s-webhook-server/certificate-authority" }}
+{{- end }}
+
+{{/*
+Webhook CA full path to use cert-controller issued certificates
+*/}}
+{{- define "mariadb-operator-webhook.certControllerFullCAPath" -}}
+{{- printf "%s/%s" (include "mariadb-operator-webhook.certControllerCAPath" .) (.Values.webhook.cert.ca.key | default "tls.crt") }}
+{{- end }}
+
+{{/*
+Webhook CA path to use cert-manager issued certificates
+*/}}
+{{- define "mariadb-operator-webhook.certManagerCAPath" -}}
+{{ .Values.webhook.cert.ca.path | default .Values.webhook.cert.path }}
+{{- end }}
+
+{{/*
+Webhook CA full path to use cert-manager issued certificates
+*/}}
+{{- define "mariadb-operator-webhook.certManagerFullCAPath" -}}
+{{- printf "%s/%s" (include "mariadb-operator-webhook.certManagerCAPath" .) (.Values.webhook.cert.ca.key | default "ca.crt") }}
+{{- end }}
+
 {{/*
 Cert-controller common labels
 */}}
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml
@@ -1,13 +1,12 @@
 apiVersion: v1
 data:
-  MARIADB_GALERA_AGENT_IMAGE: ghcr.io/mariadb-operator/mariadb-operator:v0.0.28
-  MARIADB_GALERA_INIT_IMAGE: ghcr.io/mariadb-operator/mariadb-operator:v0.0.28
+  MARIADB_ENTRYPOINT_VERSION: "11.4"
  MARIADB_GALERA_LIB_PATH: /usr/lib/galera/libgalera_smm.so
-  MARIADB_OPERATOR_IMAGE: ghcr.io/mariadb-operator/mariadb-operator:v0.0.28
+  MARIADB_OPERATOR_IMAGE: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:v0.0.30
  RELATED_IMAGE_EXPORTER: prom/mysqld-exporter:v0.15.1
-  RELATED_IMAGE_EXPORTER_MAXSCALE: mariadb/maxscale-prometheus-exporter-ubi:latest
-  RELATED_IMAGE_MARIADB: mariadb:10.11.7
-  RELATED_IMAGE_MAXSCALE: mariadb/maxscale:23.08
+  RELATED_IMAGE_EXPORTER_MAXSCALE: docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1
+  RELATED_IMAGE_MARIADB: docker-registry1.mariadb.com/library/mariadb:11.4.3
+  RELATED_IMAGE_MAXSCALE: docker-registry2.mariadb.com/mariadb/maxscale:23.08.5
 kind: ConfigMap
 metadata:
  creationTimestamp: null
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/deployment.yaml
@@ -63,6 +63,9 @@ spec:
          envFrom:
            - configMapRef:
                name: mariadb-operator-env
+            {{- with .Values.extraEnvFrom }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
          env:
            - name: CLUSTER_NAME
              value: {{ .Values.clusterName }}
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac-user.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac-user.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.rbac.enabled -}}
+{{ $fullName := include "mariadb-operator.fullname" . }}
+# the mariadb-view ClusterRole allows viewing all k8s.mariadb.com resources
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ $fullName }}-view
+  {{- if .Values.rbac.aggregation.enabled }}
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  {{- end }}
+rules:
+- apiGroups: ["k8s.mariadb.com"]
+  resources: ["*"]
+  verbs: ["get", "list", "watch"]
+---
+# the mariadb-edit ClusterRole allows editing k8s.mariadb.com resources
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ $fullName }}-edit
+  {{- if .Values.rbac.aggregation.enabled }}
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  {{- end }}
+rules:
+- apiGroups: ["k8s.mariadb.com"]
+  resources: ["*"]
+  verbs: ["create", "update", "patch", "delete"]
+{{- end }}
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml
@@ -57,15 +57,6 @@ rules:
  - ""
  resources:
  - endpoints
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
  - endpoints/restricted
  verbs:
  - create
@@ -77,6 +68,9 @@ rules:
  - ""
  resources:
  - events
+  - secrets
+  - serviceaccounts
+  - services
  verbs:
  - create
  - list
@@ -104,30 +98,9 @@ rules:
 - apiGroups:
  - ""
  resources:
-  - secrets
+  - pods/log
  verbs:
-  - create
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - services
-  verbs:
-  - create
-  - list
-  - patch
-  - watch
+  - get
 - apiGroups:
  - apps
  resources:
@@ -183,6 +156,14 @@ rules:
  - k8s.mariadb.com
  resources:
  - backups
+  - connections
+  - databases
+  - grants
+  - mariadbs
+  - maxscales
+  - restores
+  - sqljobs
+  - users
  verbs:
  - create
  - delete
@@ -195,248 +176,41 @@ rules:
  - k8s.mariadb.com
  resources:
  - backups/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - backups/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - connections
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - connections
-  - grants
-  - maxscale
-  - restores
-  - users
-  verbs:
-  - create
-  - list
-  - patch
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - connections
-  - grants
-  - users
-  verbs:
-  - create
-  - list
-  - patch
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - connections/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - connections/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - databases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - databases/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - databases/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - grants
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - grants/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - grants/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - mariadbs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - mariadbs/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - mariadbs/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - maxscales
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - maxscales/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - maxscales/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - restores
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - restores/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - restores/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - sqljobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - sqljobs/finalizers
-  verbs:
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - sqljobs/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - k8s.mariadb.com
-  resources:
-  - users
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - k8s.mariadb.com
-  resources:
  - users/finalizers
  verbs:
  - update
 - apiGroups:
  - k8s.mariadb.com
  resources:
+  - backups/status
+  - connections/status
+  - databases/status
+  - grants/status
+  - mariadbs/status
+  - maxscales/status
+  - restores/status
+  - sqljobs/status
  - users/status
  verbs:
  - get
  - patch
  - update
+- apiGroups:
+  - k8s.mariadb.com
+  resources:
+  - maxscale
+  verbs:
+  - create
+  - list
+  - patch
+  - watch
 - apiGroups:
  - monitoring.coreos.com
  resources:
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-certificate.yaml
@@ -36,7 +36,11 @@ spec:
  {{- with .Values.webhook.cert.certManager.renewBefore }}
  renewBefore: {{ . | quote }}
  {{- end }}
+  {{- with .Values.webhook.cert.certManager.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ . }}
+  {{- end }}
  secretName: {{ include "mariadb-operator.fullname" . }}-webhook-cert
+  {{- if or (.Values.webhook.cert.secretLabels) (.Values.webhook.cert.secretAnnotations) }}
  secretTemplate:
    {{- with .Values.webhook.cert.secretLabels }}
    labels:
@@ -44,6 +48,7 @@ spec:
    {{- end }}
    {{- with .Values.webhook.cert.secretAnnotations }}
    annotations:
-      {{- toYaml . | nindent 4 }}
+      {{- toYaml . | nindent 6 }}
    {{- end }}
+  {{- end }}
 {{ end }}
--- a/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/templates/webhook-deployment.yaml
@@ -51,9 +51,9 @@ spec:
          args:
            - webhook
            {{- if .Values.webhook.cert.certManager.enabled }}
-            - --ca-cert-path={{ .Values.webhook.cert.path }}/ca.crt
+            - --ca-cert-path={{ include "mariadb-operator-webhook.certManagerFullCAPath" . }}
            {{- else }}
-            - --ca-cert-path={{ .Values.webhook.cert.caPath }}/tls.crt
+            - --ca-cert-path={{ include "mariadb-operator-webhook.certControllerFullCAPath" . }}
            {{- end }}
            - --cert-dir={{ .Values.webhook.cert.path }}
            - --dns-name={{ $fullName }}-webhook.{{ .Release.Namespace }}.svc
@@ -76,7 +76,7 @@ spec:
              name: health
          volumeMounts:
            {{- if not .Values.webhook.cert.certManager.enabled }}
-            - mountPath: {{ .Values.webhook.cert.caPath }}
+            - mountPath: {{ include "mariadb-operator-webhook.certControllerCAPath" . }}
              name: ca
              readOnly: true
            {{- end }}
--- a/packages/system/mariadb-operator/charts/mariadb-operator/values.yaml
+++ b/packages/system/mariadb-operator/charts/mariadb-operator/values.yaml
@@ -2,7 +2,7 @@ nameOverride: ""
 fullnameOverride: ""

 image:
-  repository: ghcr.io/mariadb-operator/mariadb-operator
+  repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
  pullPolicy: IfNotPresent
  # -- Image tag to use. By default the chart appVersion is used
  tag: ""
@@ -51,12 +51,20 @@ rbac:
  # -- Specifies whether RBAC resources should be created
  enabled: true

+  aggregation:
+
+    # -- Specifies whether the cluster roles aggrate to view and edit predefinied roles
+    enabled: true
+
 # -- Extra arguments to be passed to the controller entrypoint
 extrArgs: []

 # -- Extra environment variables to be passed to the controller
 extraEnv: []

+# -- Extra environment variables from preexiting ConfigMap / Secret objects used by the controller using envFrom
+extraEnvFrom: []
+
 # -- Extra volumes to pass to pod.
 extraVolumes: []

@@ -89,7 +97,7 @@ affinity: {}

 webhook:
  image:
-    repository: ghcr.io/mariadb-operator/mariadb-operator
+    repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
    pullPolicy: IfNotPresent
    # -- Image tag to use. By default the chart appVersion is used
    tag: ""
@@ -105,17 +113,22 @@ webhook:
      enabled: false
      # -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used.
      issuerRef: {}
-       # -- Duration to be used in the Certificate resource,
+      # -- Duration to be used in the Certificate resource,
      duration: ""
-       # -- Renew before duration to be used in the Certificate resource.
+      # -- Renew before duration to be used in the Certificate resource.
      renewBefore: ""
+      # -- The maximum number of CertificateRequest revisions that are maintained in the Certificate’s history.
+      revisionHistoryLimit: 3
    # -- Annotatioms to be added to webhook TLS secret.
    secretAnnotations: {}
    # -- Labels to be added to webhook TLS secret.
    secretLabels: {}
-    # -- Path where the CA certificate will be mounted.
-    caPath: /tmp/k8s-webhook-server/certificate-authority
-    # -- Path where the certificate will be mounted.
+    ca:
+      # -- Path that contains the full CA trust chain.
+      path: ""
+      # -- File under 'ca.path' that contains the full CA trust chain.
+      key: ""
+    # -- Path where the certificate will be mounted. 'tls.crt' and 'tls.key' certificates files should be under this path.
    path: /tmp/k8s-webhook-server/serving-certs
  # -- Port to be used by the webhook server
  port: 9443
@@ -173,7 +186,7 @@ certController:
  # -- Specifies whether the cert-controller should be created.
  enabled: true
  image:
-    repository: ghcr.io/mariadb-operator/mariadb-operator
+    repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
    pullPolicy: IfNotPresent
    # -- Image tag to use. By default the chart appVersion is used
    tag: ""
--- a/packages/system/mariadb-operator/values.yaml
+++ b/packages/system/mariadb-operator/values.yaml
@@ -1,4 +1,5 @@
 mariadb-operator:
+  clusterName: cozy.local
  metrics:
    enabled: true
  webhook:
--- a/packages/system/postgres-operator/Makefile
+++ b/packages/system/postgres-operator/Makefile
@@ -8,3 +8,4 @@ update:
 	helm repo add cnpg https://cloudnative-pg.github.io/charts
 	helm repo update cnpg
 	helm pull cnpg/cloudnative-pg --untar --untardir charts
+	rm -rf charts/cloudnative-pg/charts
--- a/packages/system/postgres-operator/charts/cloudnative-pg/Chart.lock
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: cluster
+  repository: https://cloudnative-pg.github.io/grafana-dashboards
+  version: 0.0.2
+digest: sha256:fcf16ad357c17be3dd79c138723e78e9e101fecc5d07d9371299c32b9f85dbd9
+generated: "2024-04-25T12:32:36.61779032-04:00"
--- a/packages/system/postgres-operator/charts/cloudnative-pg/Chart.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/Chart.yaml
@@ -1,5 +1,11 @@
 apiVersion: v2
-appVersion: 1.22.2
+appVersion: 1.24.0
+dependencies:
+- alias: monitoring
+  condition: monitoring.grafanaDashboard.create
+  name: cluster
+  repository: https://cloudnative-pg.github.io/grafana-dashboards
+  version: "0.0"
 description: CloudNativePG Operator Helm Chart
 home: https://cloudnative-pg.io
 icon: https://raw.githubusercontent.com/cloudnative-pg/artwork/main/cloudnativepg-logo.svg
@@ -16,4 +22,4 @@ name: cloudnative-pg
 sources:
 - https://github.com/cloudnative-pg/charts
 type: application
-version: 0.20.2
+version: 0.22.0
--- a/packages/system/postgres-operator/charts/cloudnative-pg/README.md
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/README.md
--- a/packages/system/postgres-operator/charts/cloudnative-pg/monitoring/grafana-dashboard.json
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/monitoring/grafana-dashboard.json
--- a/packages/system/postgres-operator/charts/cloudnative-pg/templates/crds/crds.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/templates/crds/crds.yaml
--- a/packages/system/postgres-operator/charts/cloudnative-pg/templates/deployment.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/templates/deployment.yaml
@@ -46,6 +46,12 @@ spec:
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- if .Values.hostNetwork }}
+      hostNetwork: {{ .Values.hostNetwork }}
+      {{- end }}
+      {{- if .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      {{- end }}
      containers:
      - args:
        - controller
@@ -72,6 +78,9 @@ spec:
              fieldPath: metadata.namespace
        - name: MONITORING_QUERIES_CONFIGMAP
          value: "{{ .Values.monitoringQueriesConfigMap.name }}"
+        {{- if .Values.additionalEnv }}
+        {{- tpl (.Values.additionalEnv | toYaml) . | nindent 8 }}
+        {{- end }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        livenessProbe:
--- a/packages/system/postgres-operator/charts/cloudnative-pg/templates/grafana-dashboard.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/templates/grafana-dashboard.yaml
@@ -1,12 +0,0 @@
-{{- if .Values.monitoring.grafanaDashboard.create -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Values.monitoring.grafanaDashboard.configMapName }}
-  namespace: {{ default .Release.Namespace .Values.monitoring.grafanaDashboard.namespace }}
-  labels:
-    {{ .Values.monitoring.grafanaDashboard.sidecarLabel }}: {{ .Values.monitoring.grafanaDashboard.sidecarLabelValue | quote }}
-data:
-    cnp.json: |-
-{{ .Files.Get "monitoring/grafana-dashboard.json" | indent 6 }}
-{{- end -}}
--- a/packages/system/postgres-operator/charts/cloudnative-pg/templates/podmonitor.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/templates/podmonitor.yaml
@@ -5,6 +5,9 @@ metadata:
  name: {{ include "cloudnative-pg.fullname" . }}
  labels:
    {{- include "cloudnative-pg.labels" . | nindent 4 }}
+    {{- with .Values.monitoring.podMonitorAdditionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end}}
  {{- with .Values.commonAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
@@ -15,4 +18,12 @@ spec:
      {{- include "cloudnative-pg.selectorLabels" . | nindent 6 }}
  podMetricsEndpoints:
    - port: metrics
-{{- end }}
+      {{- with .Values.monitoring.podMonitorMetricRelabelings }}
+      metricRelabelings:
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with .Values.monitoring.podMonitorRelabelings }}
+      relabelings:
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+{{- end }}
--- a/packages/system/postgres-operator/charts/cloudnative-pg/templates/rbac.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/templates/rbac.yaml
@@ -67,14 +67,6 @@ rules:
  verbs:
  - create
  - patch
- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
  - ""
  resources:
@@ -171,26 +163,14 @@ rules:
  - mutatingwebhookconfigurations
  verbs:
  - get
-  - list
  - patch
-  - update
 - apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
-  - list
  - patch
-  - update
- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - update
 - apiGroups:
  - apps
  resources:
@@ -265,6 +245,14 @@ rules:
  - get
  - patch
  - update
+- apiGroups:
+  - postgresql.cnpg.io
+  resources:
+  - clusterimagecatalogs
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
  - postgresql.cnpg.io
  resources:
@@ -292,6 +280,14 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - postgresql.cnpg.io
+  resources:
+  - imagecatalogs
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
  - postgresql.cnpg.io
  resources:
--- a/packages/system/postgres-operator/charts/cloudnative-pg/values.schema.json
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/values.schema.json
@@ -5,6 +5,9 @@
        "additionalArgs": {
            "type": "array"
        },
+        "additionalEnv": {
+            "type": "array"
+        },
        "affinity": {
            "type": "object"
        },
@@ -72,9 +75,15 @@
                }
            }
        },
+        "dnsPolicy": {
+            "type": "string"
+        },
        "fullnameOverride": {
            "type": "string"
        },
+        "hostNetwork": {
+            "type": "boolean"
+        },
        "image": {
            "type": "object",
            "properties": {
@@ -98,12 +107,18 @@
                "grafanaDashboard": {
                    "type": "object",
                    "properties": {
+                        "annotations": {
+                            "type": "object"
+                        },
                        "configMapName": {
                            "type": "string"
                        },
                        "create": {
                            "type": "boolean"
                        },
+                        "labels": {
+                            "type": "object"
+                        },
                        "namespace": {
                            "type": "string"
                        },
@@ -115,8 +130,17 @@
                        }
                    }
                },
+                "podMonitorAdditionalLabels": {
+                    "type": "object"
+                },
                "podMonitorEnabled": {
                    "type": "boolean"
+                },
+                "podMonitorMetricRelabelings": {
+                    "type": "array"
+                },
+                "podMonitorRelabelings": {
+                    "type": "array"
                }
            }
        },
--- a/packages/system/postgres-operator/charts/cloudnative-pg/values.yaml
+++ b/packages/system/postgres-operator/charts/cloudnative-pg/values.yaml
@@ -29,6 +29,9 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

+hostNetwork: false
+dnsPolicy: ""
+
 crds:
  # -- Specifies whether the CRDs should be created when installing the chart.
  create: true
@@ -66,6 +69,14 @@ config:
 # -- Additinal arguments to be added to the operator's args list.
 additionalArgs: []

+# -- Array containing extra environment variables which can be templated.
+# For example:
+#  - name: RELEASE_NAME
+#    value: "{{ .Release.Name }}"
+#  - name: MY_VAR
+#    value: "mySpecialKey"
+additionalEnv: []
+
 serviceAccount:
  # -- Specifies whether the service account should be created.
  create: true
@@ -137,18 +148,30 @@ tolerations: []
 affinity: {}

 monitoring:
+
  # -- Specifies whether the monitoring should be enabled. Requires Prometheus Operator CRDs.
  podMonitorEnabled: false
+  # -- Metrics relabel configurations to apply to samples before ingestion.
+  podMonitorMetricRelabelings: []
+  # -- Relabel configurations to apply to samples before scraping.
+  podMonitorRelabelings: []
+  # -- Additional labels for the podMonitor
+  podMonitorAdditionalLabels: {}
+
  grafanaDashboard:
    create: false
    # -- Allows overriding the namespace where the ConfigMap will be created, defaulting to the same one as the Release.
    namespace: ""
    # -- The name of the ConfigMap containing the dashboard.
    configMapName: "cnpg-grafana-dashboard"
-    # -- Label that ConfigMaps should have to be loaded as dashboards.
+    # -- Label that ConfigMaps should have to be loaded as dashboards.  DEPRECATED: Use labels instead.
    sidecarLabel: "grafana_dashboard"
-    # -- Label value that ConfigMaps should have to be loaded as dashboards.
+    # -- Label value that ConfigMaps should have to be loaded as dashboards.  DEPRECATED: Use labels instead.
    sidecarLabelValue: "1"
+    # -- Labels that ConfigMaps should have to get configured in Grafana.
+    labels: {}
+    # -- Annotations that ConfigMaps can have to get configured in Grafana.
+    annotations: {}

 # Default monitoring queries
 monitoringQueriesConfigMap:
@@ -232,6 +255,7 @@ monitoringQueriesConfigMap:
          , pg_catalog.age(datfrozenxid) AS xid_age
          , pg_catalog.mxid_age(datminmxid) AS mxid_age
        FROM pg_catalog.pg_database
+        WHERE datallowconn
      metrics:
        - datname:
            usage: "LABEL"
@@ -351,6 +375,7 @@ monitoringQueriesConfigMap:
            description: "Time at which these statistics were last reset"

    pg_stat_bgwriter:
+      runonserver: "<17.0.0"
      query: |
        SELECT checkpoints_timed
          , checkpoints_req
@@ -395,6 +420,71 @@ monitoringQueriesConfigMap:
            usage: "COUNTER"
            description: "Number of buffers allocated"

+    pg_stat_bgwriter_17:
+      runonserver: ">=17.0.0"
+      name: pg_stat_bgwriter
+      query: |
+        SELECT buffers_clean
+          , maxwritten_clean
+          , buffers_alloc
+          , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
+        FROM pg_catalog.pg_stat_bgwriter
+      metrics:
+        - buffers_clean:
+            usage: "COUNTER"
+            description: "Number of buffers written by the background writer"
+        - maxwritten_clean:
+            usage: "COUNTER"
+            description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
+        - buffers_alloc:
+            usage: "COUNTER"
+            description: "Number of buffers allocated"
+        - stats_reset_time:
+            usage: "GAUGE"
+            description: "Time at which these statistics were last reset"
+
+    pg_stat_checkpointer:
+      runonserver: ">=17.0.0"
+      query: |
+        SELECT num_timed AS checkpoints_timed
+          , num_requested AS checkpoints_req
+          , restartpoints_timed
+          , restartpoints_req
+          , restartpoints_done
+          , write_time
+          , sync_time
+          , buffers_written
+          , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
+        FROM pg_catalog.pg_stat_checkpointer
+      metrics:
+        - checkpoints_timed:
+            usage: "COUNTER"
+            description: "Number of scheduled checkpoints that have been performed"
+        - checkpoints_req:
+            usage: "COUNTER"
+            description: "Number of requested checkpoints that have been performed"
+        - restartpoints_timed:
+            usage: "COUNTER"
+            description: "Number of scheduled restartpoints due to timeout or after a failed attempt to perform it"
+        - restartpoints_req:
+            usage: "COUNTER"
+            description: "Number of requested restartpoints that have been performed"
+        - restartpoints_done:
+            usage: "COUNTER"
+            description: "Number of restartpoints that have been performed"
+        - write_time:
+            usage: "COUNTER"
+            description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are written to disk, in milliseconds"
+        - sync_time:
+            usage: "COUNTER"
+            description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are synchronized to disk, in milliseconds"
+        - buffers_written:
+            usage: "COUNTER"
+            description: "Number of buffers written during checkpoints and restartpoints"
+        - stats_reset_time:
+            usage: "GAUGE"
+            description: "Time at which these statistics were last reset"
+
    pg_stat_database:
      query: |
        SELECT datname
--- a/packages/system/rabbitmq-operator/Makefile
+++ b/packages/system/rabbitmq-operator/Makefile
@@ -8,3 +8,6 @@ update:
 	wget -O templates/cluster-operator.yml https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml
 	yq -i 'del(select(.kind=="Namespace"))' templates/cluster-operator.yml
 	sed -i 's/rabbitmq-system/$(NAMESPACE)/g' templates/cluster-operator.yml
+	wget -O templates/messaging-topology-operator.yml https://github.com/rabbitmq/messaging-topology-operator/releases/latest/download/messaging-topology-operator-with-certmanager.yaml
+	yq -i 'del(select(.kind=="Namespace"))' templates/messaging-topology-operator.yml
+	sed -i 's/rabbitmq-system/$(NAMESPACE)/g' templates/messaging-topology-operator.yml
--- a/packages/system/rabbitmq-operator/templates/cluster-operator.yml
+++ b/packages/system/rabbitmq-operator/templates/cluster-operator.yml
--- a/packages/system/rabbitmq-operator/templates/messaging-topology-operator.yml
+++ b/packages/system/rabbitmq-operator/templates/messaging-topology-operator.yml
Author	SHA1	Message	Date
Andrei Kvapil	b40e1b09cb	Prepare release v0.14.0 (#333 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Upgraded various container images to version `v0.14.0`, enhancing application performance and potentially introducing new features and bug fixes. - Bug Fixes - Improved version tracking for packages by updating commit hashes, enhancing clarity and traceability. - Chores - Updated configuration files to reflect the new image versions for components, ensuring the latest updates are utilized across the application. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-09-04 16:23:21 +02:00
Andrei Kvapil	93018c4035	Add passwords generation to ClickHouse (#332 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Updated Clickhouse application to version 0.4.0, indicating new enhancements. - Improved user credential management by dynamically generating passwords or using provided ones, enhancing security. - Introduced a new Kubernetes Role for managing access to services and secrets, ensuring better control over resource interactions. - Bug Fixes - Corrected the reference for accessing the storage class value to ensure proper retrieval. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-09-04 15:20:38 +02:00
Andrei Kvapil	b00621ee2a	Add passwords generation to postgres (#330 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-09-04 15:15:24 +02:00
Andrei Kvapil	02a623b17d	Update CNPG 1.24.0 (#331 )	2024-09-04 15:15:05 +02:00
Andrei Kvapil	def2eb0f42	Add passwords generation to FerretDB (#329 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Updated application version from 0.3.0 to 0.4.0, indicating a new release. - Introduced a new Kubernetes Role for managing access to dashboard-related resources, enhancing security. - Improved user credential management with dynamic password generation in the initialization script, enhancing security practices. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-09-04 15:14:50 +02:00
Andrei Kvapil	aa2f553281	Update mariadb-operator and mysql chart (#328 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Enhanced database user management with role definitions for `admin` and `readonly` users. - Introduced support for additional environment variables in the MariaDB operator deployment. - Added new RBAC roles for viewing and editing MariaDB resources. - Changes - Updated configuration structure for database and user management, shifting from arrays to objects. - Improved webhook certificate management with revision history control. - Updated image repository for the MariaDB operator. - Bug Fixes - Adjusted permissions in RBAC configuration for better security and resource management. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-09-04 15:14:31 +02:00
Andrei Kvapil	36d88553ce	Update RabbitMQ and add configuration for Users and VHosts (#327 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Updated RabbitMQ chart version to 0.4.0 and application version to 3.13.2. - Added new configuration options for users and virtual hosts in the application. - Introduced a new Kubernetes Role for managing access to secrets and services. - Enhanced RabbitMQ configuration for automated user and permission management. - Documentation - Improved README with a section on configuration parameters for better user guidance. - Chores - Added a new YAML configuration file for comprehensive RabbitMQ cluster management. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2024-09-04 10:50:54 +02:00
Mr Khachaturov	9e33dc0651	Update seaweedfs.yaml (#325 ) Changed tls host to be the same as ingress host <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Updated the default host value in the SeaweedFS configuration to support S3-compatible endpoints. - Bug Fixes - Corrected the hostname configuration to reflect the new service access method. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2024-09-02 09:04:07 +02:00