Upd: Maintainers

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **Resource Configuration**
	- Updated VMAgent memory limits from 500Mi to 1024Mi.
	- Increased VMAgent memory requests from 200Mi to 768Mi.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

MAINTAINERS.md

@@ -1,7 +1,12 @@
 # The Cozystack Maintainers
 
-| Maintainer | GitHub Username | Company |
-| ---------- | --------------- | ------- |
-| Andrei Kvapil | [@kvaps](https://github.com/kvaps) | Ænix |
-| George Gaál | [@gecube](https://github.com/gecube) | Ænix |
-| Eduard Generalov | [@egeneralov](https://github.com/egeneralov) | Ænix |
+| Scope | Maintainer | GitHub Username | Company |
+| ----- | ---------- | --------------- | ------- |
+| Cozystack core | Andrei Kvapil | [@kvaps](https://github.com/kvaps) | Ænix |
+| Cozystack core | George Gaál | [@gecube](https://github.com/gecube) | Ænix |
+| Cozystack apps | Kirill Klinchenkov | [@klinch0](https://github.com/klinch0) | Ænix |
+| Flux and flux-operator | Kingdon Barrett | [@kingdonb](https://github.com/kingdonb) | Urmanac |
+| Docs and website | Timur Tukaev | [@tym83](https://github.com/tym83) | Ænix |
+| Docs and website | Andrey Gumilev | [@chumkaska](https://github.com/chumkaska) | Ænix |
+| etcd-operator | Timofey Larkin | [@lllamnyp](https://github.com/lllamnyp) | |
+| etcd-operator | Artem Bortnikov | [@aobort](https://github.com/aobort) | Timescale |

hack/e2e.sh

@@ -114,7 +114,7 @@ machine:
     - name: zfs
     - name: spl
   install:
-    image: ghcr.io/aenix-io/cozystack/talos:v1.8.3
+    image: ghcr.io/aenix-io/cozystack/talos:v1.8.4
   files:
   - content: |
       [plugins]
@@ -142,6 +142,9 @@ EOT
 
 cat > patch-controlplane.yaml <<\EOT
 machine:
+  nodeLabels:
+    node.kubernetes.io/exclude-from-external-load-balancers:
+      $patch: delete
   network:
     interfaces:
     - interface: eth0

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.21.1"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.20.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.21.1"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d934b40075b0781265faca8c70f39d92602df82f00ef4dfeb5481e973575662
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d2271b345240c6c5b37599996745646012004b0f57e31c4c9deb1aba7408a51

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:27112d470a31725b75b29b29919af06b4ce1339e3b502b08889a92ab7099adde
+ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:e21d7ef5427edb70e5b9080c895143e291485f3f40948f7a6b99a03027f4ed7b

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:1cfca75874f03834426969f9e011b4d24da4a8a7d67d8cc5b8ad916189515766
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.14.1@sha256:0ea139c71e08db5adb275d81a7efa9a0d8b8db61a1fc1a67167a33a347c07fd8

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:ee4527c2e0a19edcedf3a93ae6d9462a6263af4c2cb0feaab218ff94ed01f3a4
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.14.1@sha256:f595d50689405a504249c2af4b84562e8a0d16bdf9287d4eedf7c87959c4fba1

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:89d0e7ddce51370c350da0f5f884030d73d4e219cd34b6017c9c08a4c3dd0ece
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.14.1@sha256:644379ba92c72dbbf07257d70f88ef3e5c1f1fb88f161c03758c13588d33ac2d

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:1b82ac6e0c0e5e3a3a0793609ada90f7b21ba290967afe214bdce76b28a8f88a
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:77336fdd85a5587baecae8cf37eba8829062231b1b4729d2fd60e6435b8e0a43

packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml

@@ -48,7 +48,6 @@ spec:
         tenant: {{ .Release.Namespace }}
       remoteWrite:
         url: http://vminsert-shortterm.{{ $targetTenant }}.svc:8480/insert/0/prometheus
-
     fluent-bit:
       readinessProbe:
         httpGet:

packages/apps/mysql/images/mariadb-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:1d9a9d5ab0c785e40d7dd1fe40422e229ca2ff80a194014765072c3bbfe98b07
+ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:65db81f064d4f385472b6764e686f6501213de43b2db4204e39629600fe45713

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d934b40075b0781265faca8c70f39d92602df82f00ef4dfeb5481e973575662
+ghcr.io/aenix-io/cozystack/postgres-backup:0.7.1@sha256:4d2271b345240c6c5b37599996745646012004b0f57e31c4c9deb1aba7408a51

packages/apps/redis/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/redis/README.md

@@ -19,5 +19,6 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche
 | `size`         | Persistent Volume size                          | `1Gi`   |
 | `replicas`     | Number of Redis replicas                        | `2`     |
 | `storageClass` | StorageClass used to store the data             | `""`    |
+| `authEnabled`  | Enable password generation                      | `true`  |
 
 

packages/apps/redis/templates/dashboard-resourcemap.yaml

@@ -13,3 +13,10 @@ rules:
   - rfrs-{{ .Release.Name }}
   - "{{ .Release.Name }}-external-lb"
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - "{{ .Release.Name }}-auth"
+  verbs: ["get", "list", "watch"]

packages/apps/redis/templates/redisfailover.yaml

@@ -1,3 +1,20 @@
+{{- if .Values.authEnabled }}
+  {{- $existingPassword := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" .Release.Name) }}
+  {{- $password := randAlphaNum 32 | b64enc }}
+  {{- if $existingPassword }}
+    {{- $password = index $existingPassword.data "password" }}
+  {{- end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-auth
+data:
+  password: {{ $password }}
+{{- end }}
+
+---
+
 apiVersion: databases.spotahome.com/v1
 kind: RedisFailover
 metadata:
@@ -52,3 +69,7 @@ spec:
       - appendonly no
       - save ""
       {{- end }}
+  {{- if .Values.authEnabled }}
+  auth:
+    secretPath: {{ .Release.Name }}-auth
+  {{- end }}

packages/apps/redis/values.schema.json

@@ -21,6 +21,11 @@
             "type": "string",
             "description": "StorageClass used to store the data",
             "default": ""
+        },
+        "authEnabled": {
+            "type": "boolean",
+            "description": "Enable password generation",
+            "default": true
         }
     }
 }

packages/apps/redis/values.yaml

@@ -4,8 +4,10 @@
 ## @param size Persistent Volume size
 ## @param replicas Number of Redis replicas
 ## @param storageClass StorageClass used to store the data
+## @param authEnabled Enable password generation
 ##
 external: false
 size: 1Gi
 replicas: 2
 storageClass: ""
+authEnabled: true

packages/apps/tenant/Chart.yaml

@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg
 
 type: application
-version: 1.6.2
+version: 1.6.5

packages/apps/tenant/templates/tenant.yaml

@@ -14,6 +14,8 @@ metadata:
     kubernetes.io/service-account.name: {{ include "tenant.name" . }}
 type: kubernetes.io/service-account-token
 ---
+# == default role ==
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -29,9 +31,10 @@ rules:
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["roles"]
   verbs: ["get"]
-- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources: ["helmreleases"]
-  verbs: ["*"]
+- apiGroups: ["apps.cozystack.io"]
+  resources: ['*']
+  verbs: ['*']
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -62,18 +65,7 @@ roleRef:
   name: {{ include "tenant.name" . }}
   apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}
-  namespace: cozy-public
-rules:
-- apiGroups: ["source.toolkit.fluxcd.io"]
-  resources: ["helmrepositories"]
-  verbs: ["get", "list"]
-- apiGroups: ["source.toolkit.fluxcd.io"]
-  resources: ["helmcharts"]
-  verbs: ["*"]
+# == view role ==
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -95,14 +87,6 @@ rules:
       - get
       - list
       - watch
-  - apiGroups:
-      - helm.toolkit.fluxcd.io
-    resources:
-      - helmreleases
-    verbs:
-      - get
-      - list
-      - watch
   - apiGroups:
       - ""
     resources:
@@ -119,22 +103,38 @@ rules:
       - get
       - list
       - watch
-
 ---
-
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "tenant.name" . }}-view
   namespace: {{ include "tenant.name" . }}
 subjects:
-  - kind: Group
-    name: {{ include "tenant.name" . }}-view
-    apiGroup: rbac.authorization.k8s.io
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-view
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-view
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-view
   apiGroup: rbac.authorization.k8s.io
+
+---
+# == use role ==
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -154,13 +154,6 @@ rules:
     - get
     - list
     - watch
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources:
-    - helmreleases
-    verbs:
-    - get
-    - list
-    - watch
   - apiGroups: [""]
     resources:
     - "*"
@@ -189,14 +182,31 @@ metadata:
   name: {{ include "tenant.name" . }}-use
   namespace: {{ include "tenant.name" . }}
 subjects:
-  - kind: Group
-    name: {{ include "tenant.name" . }}-use
-    apiGroup: rbac.authorization.k8s.io
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-use
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-use
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-use
   apiGroup: rbac.authorization.k8s.io
 ---
+# == admin role ==
+---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -216,13 +226,6 @@ rules:
     - list
     - watch
     - delete
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources:
-    - helmreleases
-    verbs:
-    - get
-    - list
-    - watch
   - apiGroups: ["kubevirt.io"]
     resources:
     - virtualmachines
@@ -263,64 +266,6 @@ rules:
     - update
     - patch
     - delete
-
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}-admin
-  namespace: cozy-public
-rules:
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs:
-    - get
-    - list
-  - apiGroups:
-    - source.toolkit.fluxcd.io
-    resources:
-    - helmcharts
-    verbs:
-    - get
-    - list
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources:
-    - helmcharts
-    verbs: ["*"]
-    resourceNames:
-    - bucket
-    - clickhouse
-    - ferretdb
-    - foo
-    - httpcache
-    - kafka
-    - kubernetes
-    - mysql
-    - nats
-    - postgres
-    - rabbitmq
-    - redis
-    - seaweedfs
-    - tcpbalancer
-    - virtualmachine
-    - vmdisk
-    - vminstance
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "tenant.name" . }}-admin
-  namespace: cozy-public
-subjects:
-- kind: Group
-  name: {{ include "tenant.name" . }}-admin
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: Role
-  name: {{ include "tenant.name" . }}-admin
-  apiGroup: rbac.authorization.k8s.io
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -328,14 +273,31 @@ metadata:
   name: {{ include "tenant.name" . }}-admin
   namespace: {{ include "tenant.name" . }}
 subjects:
-  - kind: Group
-    name: {{ include "tenant.name" . }}-admin
-    apiGroup: rbac.authorization.k8s.io
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-admin
   apiGroup: rbac.authorization.k8s.io
 ---
+# == super admin role ==
+---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -355,11 +317,6 @@ rules:
     - list
     - watch
     - delete
-  - apiGroups: ["helm.toolkit.fluxcd.io"]
-    resources:
-    - helmreleases
-    verbs:
-    - '*'
   - apiGroups: ["kubevirt.io"]
     resources:
     - virtualmachines
@@ -377,38 +334,6 @@ rules:
     - '*'
     verbs:
     - '*'
-
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "tenant.name" . }}-super-admin
-  namespace: cozy-public
-rules:
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs:
-    - get
-    - list
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources:
-    - helmcharts
-    verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "tenant.name" . }}-super-admin
-  namespace: cozy-public
-subjects:
-- kind: Group
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: Role
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -416,6 +341,14 @@ metadata:
   name: {{ include "tenant.name" . }}-super-admin
   namespace: {{ include "tenant.name" . }}
 subjects:
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-super-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
 {{- if hasPrefix "tenant-" .Release.Namespace }}
 {{- $parts := splitList "-" .Release.Namespace }}
 {{- range $i, $v := $parts }}
@@ -426,10 +359,48 @@ subjects:
 {{- end }}
 {{- end }}
 {{- end }}
-- kind: Group
-  name: {{ include "tenant.name" . }}-super-admin
-  apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-super-admin
   apiGroup: rbac.authorization.k8s.io
+---
+# == dashboard role ==
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}
+  namespace: cozy-public
+rules:
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmrepositories"]
+  verbs: ["get", "list"]
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmcharts"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tenant.name" . }}
+  namespace: cozy-public
+subjects:
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+- kind: Group
+  name: {{ include "tenant.name" . }}-use
+  apiGroup: rbac.authorization.k8s.io
+- kind: Group
+  name: {{ include "tenant.name" . }}-view
+  apiGroup: rbac.authorization.k8s.io
+- kind: ServiceAccount
+  name: {{ include "tenant.name" . }}
+  namespace: {{ include "tenant.name" . }}
+roleRef:
+  kind: Role
+  name: {{ include "tenant.name" . }}
+  apiGroup: rbac.authorization.k8s.io

packages/apps/versions_map

@@ -76,7 +76,8 @@ rabbitmq 0.4.3 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 5ca8823
 redis 0.3.0 c07c4bbd
-redis 0.3.1 HEAD
+redis 0.3.1 b7375f73
+redis 0.4.0 HEAD
 tcp-balancer 0.1.0 f642698
 tcp-balancer 0.2.0 HEAD
 tenant 0.1.3 3d1b86c
@@ -91,7 +92,10 @@ tenant 1.4.0 94c688f7
 tenant 1.5.0 48128743
 tenant 1.6.0 df448b99
 tenant 1.6.1 edbbb9be
-tenant 1.6.2 HEAD
+tenant 1.6.2 ccedc5fe
+tenant 1.6.3 2057bb96
+tenant 1.6.4 3c9e50a4
+tenant 1.6.5 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
 virtual-machine 0.2.0 5ca8823
@@ -99,7 +103,8 @@ virtual-machine 0.3.0 b908400
 virtual-machine 0.4.0 4746d51
 virtual-machine 0.5.0 HEAD
 vm-disk 0.1.0 HEAD
-vm-instance 0.1.0 HEAD
+vm-instance 0.1.0 ced8e5b9
+vm-instance 0.2.0 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
 vpn 0.3.0 a2bcf100

packages/apps/vm-instance/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: "0.2.0"

packages/apps/vm-instance/templates/vm.yaml

@@ -85,7 +85,7 @@ spec:
       {{- range .Values.disks }}
       - name: disk-{{ .name }}
         dataVolume:
-          name: {{ .name }}
+          name: vm-disk-{{ .name }}
       {{- end }}
       {{- if or .Values.sshKeys .Values.cloudInit }}
       - name: cloudinitdisk

packages/apps/vm-instance/values.yaml

@@ -18,8 +18,8 @@ instanceProfile: ubuntu
 ## @param disks [array] List of disks to attach
 ## Example:
 ## disks:
-## - name: vm-disk-example-system
-## - name: vm-disk-example-data
+## - name: example-system
+## - name: example-data
 disks: []
 
 ## @param resources.cpu The number of CPU cores allocated to the virtual machine

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: initramfs
   imageOptions: {}

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: installer
   imageOptions: {}

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: iso
   imageOptions: {}

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: kernel
   imageOptions: {}

packages/core/installer/images/talos/profiles/metal.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.8.3
+version: v1.8.4
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.8.3
+    imageRef: ghcr.io/siderolabs/installer:v1.8.4
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.11-v1.8.4
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.6-v1.8.4
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.20.0@sha256:c4fedc707857aea08fd26508ca8d179581533a90a4665cb9bd71fa90d9955348
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.21.1@sha256:05a1b10700b387594887785e49e496da13d83abb9dc6415195b70ed9898e9d39

packages/core/platform/bundles/paas-full.yaml

@@ -210,25 +210,28 @@ releases:
   chart: cozy-dashboard
   namespace: cozy-dashboard
   dependsOn: [cilium,kubeovn,keycloak-configure]
-  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-  {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
   values:
-      redis:
-        master:
-          podAnnotations:
-            {{- range $index, $repo := . }}
-            {{- with (($repo.status).artifact).revision }}
-            repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
-            {{- end }}
-            {{- end }}
-  {{- end }}
-  {{- end }}
-  {{- if $oidcEnabled }}
+    {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+    {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
+    redis:
+      master:
+        podAnnotations:
+          {{- range $index, $repo := . }}
+          {{- with (($repo.status).artifact).revision }}
+          repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
+          {{- end }}
+          {{- end }}
+    {{- end }}
+    {{- end }}
+
+    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
+    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
+    {{- if $dashboardKCValues }}
+    {{- $dashboardKCValues | nindent 4 }}
+    {{- end }}
+
+  {{- if eq $oidcEnabled "true" }}
   dependsOn: [keycloak-configure]
-  valuesFrom:
-    - kind: ConfigMap
-      name: kubeapps-auth-config
-      valuesKey: values.yaml
   {{- else }}
   dependsOn: []
   {{- end }}

packages/core/platform/bundles/paas-hosted.yaml

@@ -139,9 +139,9 @@ releases:
   releaseName: dashboard
   chart: cozy-dashboard
   namespace: cozy-dashboard
-  {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-  {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
   values:
+    {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+    {{- with (lookup "source.toolkit.fluxcd.io/v1" "HelmRepository" "cozy-public" "").items }}
     kubeapps:
       redis:
         master:
@@ -151,14 +151,17 @@ releases:
             repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }}
             {{- end }}
             {{- end }}
-  {{- end }}
-  {{- end }}
-  {{- if $oidcEnabled }}
+    {{- end }}
+    {{- end }}
+
+    {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }}
+    {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }}
+    {{- if $dashboardKCValues }}
+    {{- $dashboardKCValues | nindent 4 }}
+    {{- end }}
+
+  {{- if eq $oidcEnabled "true" }}
   dependsOn: [keycloak-configure]
-  valuesFrom:
-    - kind: ConfigMap
-      name: kubeapps-auth-config
-      valuesKey: values.yaml
   {{- else }}
   dependsOn: []
   {{- end }}

packages/core/testing/images/e2e-sandbox/Dockerfile

@@ -1,8 +1,8 @@
 FROM ubuntu:22.04
 
-ARG KUBECTL_VERSION=1.31.0
-ARG TALOSCTL_VERSION=1.7.6
-ARG HELM_VERSION=3.15.4
+ARG KUBECTL_VERSION=1.32.0
+ARG TALOSCTL_VERSION=1.8.4
+ARG HELM_VERSION=3.16.4
 
 RUN apt-get update
 RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.20.0@sha256:1a26a511b9e269bcb607e2d80f878d7c2d993b7a2a7a3a2a1042470c8c56b061
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.21.1@sha256:38229517c86e179984a6d39f5510b859d13d965e35b216bc01ce456f9ab5f8b5

packages/extra/monitoring/Chart.yaml

@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.5.2
+version: 1.5.3

packages/extra/monitoring/README.md

@@ -4,12 +4,13 @@
 
 ### Common parameters
 
-| Name                            | Description                                                                                               | Value                                            |
-| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
-| `host`                          | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""`                                             |
-| `metricsStorages`               | Configuration of metrics storage instances                                                                | `[]`                                             |
-| `logsStorages`                  | Configuration of logs storage instances                                                                   | `[]`                                             |
-| `alerta.storage`                | Persistent Volume size for alerta database                                                                | `10Gi`                                           |
-| `alerta.storageClassName`       | StorageClass used to store the data                                                                       | `""`                                             |
-| `alerta.alerts.telegram.token`  | telegram token for your bot                                                                               | `7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34` |
-| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot                       | `-4520856007`                                    |
+| Name                            | Description                                                                                               | Value  |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------ |
+| `host`                          | The hostname used to access the grafana externally (defaults to 'grafana' subdomain for the tenant host). | `""`   |
+| `metricsStorages`               | Configuration of metrics storage instances                                                                | `[]`   |
+| `logsStorages`                  | Configuration of logs storage instances                                                                   | `[]`   |
+| `alerta.storage`                | Persistent Volume size for alerta database                                                                | `10Gi` |
+| `alerta.storageClassName`       | StorageClass used to store the data                                                                       | `""`   |
+| `alerta.alerts.telegram.token`  | telegram token for your bot                                                                               | `""`   |
+| `alerta.alerts.telegram.chatID` | specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot                       | `""`   |
+| `grafana.db.size`               | Persistent Volume size for grafana database                                                               | `10Gi` |

packages/extra/monitoring/templates/grafana/db.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   instances: 2
   storage:
-    size: 10Gi
+    size: {{ .Values.grafana.db.size }}
 
   inheritedMetadata:
     labels:

packages/extra/monitoring/templates/grafana/grafana.yaml

@@ -1,5 +1,5 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} 
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
 
 {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
 {{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
@@ -30,7 +30,7 @@ spec:
       admin_user: user
       admin_password: ${GF_PASSWORD}
     plugins:
-      allow_loading_unsigned_plugins: "victorialogs-datasource"
+      allow_loading_unsigned_plugins: "victoriametrics-logs-datasource"
   deployment:
     spec:
       replicas: 2
@@ -50,8 +50,8 @@ spec:
                 - |
                   set -ex
                   mkdir -p /var/lib/grafana/plugins/
-                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
-                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victorialogs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
+                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v0\.13\.[0-9]+' | head -1)
+                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victoriametrics-logs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
                   tar -xf /var/lib/grafana/plugins/vl-plugin.tar.gz -C /var/lib/grafana/plugins/
                   rm /var/lib/grafana/plugins/vl-plugin.tar.gz
               volumeMounts:

packages/extra/monitoring/templates/vlogs/grafana-datasource.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   datasource:
     access: proxy
-    type: victorialogs-datasource
+    type: victoriametrics-logs-datasource
     name: vlogs-{{ .name }}
     url: http://vlogs-{{ .name }}.{{ $.Release.Namespace }}.svc:9428
   instanceSelector:

packages/extra/monitoring/templates/vm/vmcluster.yaml

@@ -34,6 +34,12 @@ spec:
               storage: 2Gi
   vmstorage:
     replicaCount: 2
+    resources:
+      limits:
+        memory: 1000Mi
+      requests:
+        cpu: 100m
+        memory: 500Mi
     storage:
       volumeClaimTemplate:
         spec:

packages/extra/monitoring/values.schema.json

@@ -45,18 +45,33 @@
                 "token": {
                   "type": "string",
                   "description": "telegram token for your bot",
-                  "default": "7262461387:AAGtwq16iwuVtWtzoN6TUEMpF00fpC9Xz34"
+                  "default": ""
                 },
                 "chatID": {
                   "type": "string",
                   "description": "specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot",
-                  "default": "-4520856007"
+                  "default": ""
                 }
               }
             }
           }
         }
       }
+    },
+    "grafana": {
+      "type": "object",
+      "properties": {
+        "db": {
+          "type": "object",
+          "properties": {
+            "size": {
+              "type": "string",
+              "description": "Persistent Volume size for grafana database",
+              "default": "10Gi"
+            }
+          }
+        }
+      }
     }
   }
 }

packages/extra/monitoring/values.yaml

@@ -44,3 +44,9 @@ alerta:
     telegram:
       token: ""
       chatID: ""
+
+## Configuration for Grafana
+## @param grafana.db.size Persistent Volume size for grafana database
+grafana:
+  db:
+    size: 10Gi

packages/extra/versions_map

@@ -16,7 +16,8 @@ monitoring 1.3.0 6c5cf5b
 monitoring 1.4.0 adaf603b
 monitoring 1.5.0 4b90bf5a
 monitoring 1.5.1 57e90b70
-monitoring 1.5.2 HEAD
+monitoring 1.5.2 898374b5
+monitoring 1.5.3 HEAD
 seaweedfs 0.1.0 5ca8823
 seaweedfs 0.2.0 9e33dc0
 seaweedfs 0.2.1 HEAD

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:cb80a89e0fe516b3f788df9af8ed1980103659fd0e0ae18e46c01dd4d1578346
+ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:d0822530702f1c233407ea651cca8784ae6619b418fed3d1b13bc102be52bd98

packages/system/cozystack-api/templates/configmap.yaml

@@ -71,7 +71,7 @@ data:
         labels:
           cozystack.io/ui: "true"
         chart:
-          name: http-cache
+          name: tcp-balancer
           sourceRef:
             kind: HelmRepository
             name: cozystack-apps
@@ -155,7 +155,7 @@ data:
         labels:
           cozystack.io/ui: "true"
         chart:
-          name: rabbitmq
+          name: redis
           sourceRef:
             kind: HelmRepository
             name: cozystack-apps
@@ -207,7 +207,7 @@ data:
         singular: kafka
         plural: kafkas
       release:
-        prefix: ferretdb-
+        prefix: kafka-
         labels:
           cozystack.io/ui: "true"
         chart:

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.20.0@sha256:d49c650a7f0f3ec4321a17d44c86ca2e8b9d47be8ee063f891b432ec7d6e1f6d
+  image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.21.1@sha256:1eb7f0387ea01754107a4aabe72c2e1e7d2c55303dc15cfe9caa2c0739c0215e

packages/system/dashboard/Makefile

@@ -25,7 +25,7 @@ update-dockerfiles:
 	version=$$(echo "$$tag" | sed 's/^v//') && \
 	sed -i "s/ARG VERSION=.*/ARG VERSION=$${version}/" images/dashboard/Dockerfile
 
-image-dashboard:
+image-dashboard: update-version
 	docker buildx build images/dashboard \
 		--provenance false \
 		--tag $(REGISTRY)/dashboard:$(call settag,$(TAG)) \
@@ -44,7 +44,7 @@ image-dashboard:
 		yq -i '.kubeapps.dashboard.image.digest = strenv(DIGEST)' values.yaml
 	rm -f images/dashboard.json
 
-image-kubeapps-apis:
+image-kubeapps-apis: update-version
 	docker buildx build images/kubeapps-apis \
 		--provenance false \
 		--tag $(REGISTRY)/kubeapps-apis:$(call settag,$(TAG)) \
@@ -62,3 +62,6 @@ image-kubeapps-apis:
 	DIGEST=$$(yq e '."containerimage.digest"' images/kubeapps-apis.json -o json -r) \
 		yq -i '.kubeapps.kubeappsapis.image.digest = strenv(DIGEST)' values.yaml
 	rm -f images/kubeapps-apis.json
+
+update-version:
+	sed -i "s|\(\"appVersion\":\).*|\1 \"$(TAG)\",|g" ./charts/kubeapps/templates/dashboard/configmap.yaml

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": {{ printf "v%s" .Chart.AppVersion | quote }},
+      "appVersion": "v0.21.1",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/images/dashboard/documentation.diff

@@ -0,0 +1,13 @@
+diff --git a/dashboard/src/components/AppList/AppListGrid.tsx b/dashboard/src/components/AppList/AppListGrid.tsx
+index d3261e459..dee6a50c1 100644
+--- a/dashboard/src/components/AppList/AppListGrid.tsx
++++ b/dashboard/src/components/AppList/AppListGrid.tsx
+@@ -42,7 +42,7 @@ function AppListGrid(props: IAppListProps) {
+           Start browsing your <Link to={url.app.catalog(cluster, namespace)}>favourite apps</Link>{" "}
+           or check the{" "}
+           <a
+-            href={`https://github.com/vmware-tanzu/kubeapps/blob/${appVersion}/site/content/docs/latest/tutorials/getting-started.md`}
++            href={"https://cozystack.io/docs/"}
+             target="_blank"
+             rel="noopener noreferrer"
+           >

packages/system/dashboard/images/dashboard/release-url.diff

@@ -0,0 +1,34 @@
+diff --git a/dashboard/src/shared/url.ts b/dashboard/src/shared/url.ts
+index 7918652b0..64c3435af 100644
+--- a/dashboard/src/shared/url.ts
++++ b/dashboard/src/shared/url.ts
+@@ -36,7 +36,7 @@ export const app = {
+       return `${app.apps.list(
+         pkgCluster,
+         pkgNamespace,
+-      )}/${pkgPluginName}/${pkgPluginVersion}/${pkgId}`;
++      )}/${pkgPluginName}/${pkgPluginVersion}/${encodeURIComponent(pkgId)}`;
+     },
+     upgrade: (ref: InstalledPackageReference) => `${app.apps.get(ref)}/upgrade`,
+     upgradeTo: (ref: InstalledPackageReference, version?: string) =>
+diff --git a/dashboard/src/components/DeploymentForm/DeploymentForm.tsx b/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
+index 7ccb77b5d..589f72b65 100644
+--- a/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
++++ b/dashboard/src/components/DeploymentForm/DeploymentForm.tsx
+@@ -144,13 +144,15 @@ export default function DeploymentForm() {
+       );
+       setDeploying(false);
+       if (deployed) {
++        const chartParts = packageId?.split("/") || [];
++        const kind = chartParts[chartParts.length - 1];
+         push(
+           // Redirect to the installed package, note that the cluster/ns are the ones passed
+           // in the URL, not the ones from the package.
+           url.app.apps.get({
+             context: { cluster: targetCluster, namespace: targetNamespace },
+             plugin: pluginObj,
+-            identifier: releaseName,
++            identifier: `${kind}%2F${releaseName}`,
+           } as AvailablePackageReference),
+         );
+       }

packages/system/dashboard/images/dashboard/remove-manage-repositories.diff

@@ -0,0 +1,66 @@
+diff --git a/dashboard/src/components/Catalog/Catalog.tsx b/dashboard/src/components/Catalog/Catalog.tsx
+index 5f2d2a1c5..093cb598d 100644
+--- a/dashboard/src/components/Catalog/Catalog.tsx
++++ b/dashboard/src/components/Catalog/Catalog.tsx
+@@ -15,7 +15,6 @@ import qs from "qs";
+ import React, { useEffect } from "react";
+ import { useDispatch, useSelector } from "react-redux";
+ import * as ReactRouter from "react-router-dom";
+-import { Link } from "react-router-dom";
+ import { IClusterServiceVersion, IStoreState } from "shared/types";
+ import { app } from "shared/url";
+ import { escapeRegExp, getPluginPackageName } from "shared/utils";
+@@ -85,7 +84,6 @@ export default function Catalog() {
+     operators,
+     repos: { reposSummaries: repos },
+     config: {
+-      appVersion,
+       kubeappsCluster,
+       helmGlobalNamespace,
+       carvelGlobalNamespace,
+@@ -420,24 +418,6 @@ export default function Catalog() {
+         <div className="empty-catalog">
+           <CdsIcon shape="bundle" />
+           <p>The current catalog is empty.</p>
+-          <p>
+-            Manage your Package Repositories in Kubeapps by visiting the Package repositories
+-            configuration page.
+-          </p>
+-          <Link to={app.config.pkgrepositories(cluster || "", namespace || "")}>
+-            <CdsButton>Manage Package Repositories</CdsButton>
+-          </Link>
+-          <p>
+-            For help managing other packaging formats, such as Flux or Carvel, please refer to the{" "}
+-            <a
+-              target="_blank"
+-              rel="noopener noreferrer"
+-              href={`https://github.com/vmware-tanzu/kubeapps/tree/${appVersion}/site/content/docs/latest`}
+-            >
+-              Kubeapps documentation
+-            </a>
+-            .
+-          </p>
+         </div>
+       ) : (
+         <Row>
+diff --git a/dashboard/src/components/Header/Menu.tsx b/dashboard/src/components/Header/Menu.tsx
+index c8ec1da8c..e59f90190 100644
+--- a/dashboard/src/components/Header/Menu.tsx
++++ b/dashboard/src/components/Header/Menu.tsx
+@@ -78,16 +78,6 @@ function Menu({ clusters, appVersion, logout }: IContextSelectorProps) {
+           <div className="dropdown-menu dropdown-configuration-menu" role="menu" hidden={!open}>
+             <div>
+               <label className="dropdown-menu-padding dropdown-menu-label">Administration</label>
+-              <Link
+-                to={app.config.pkgrepositories(clusters.currentCluster, namespaceSelected)}
+-                className="dropdown-menu-link"
+-                onClick={toggleOpen}
+-              >
+-                <div className="dropdown-menu-item" role="menuitem">
+-                  <CdsIcon solid={true} size="md" shape="library" />{" "}
+-                  <span>Package Repositories</span>
+-                </div>
+-              </Link>
+               <div className="dropdown-divider" role="separator" />
+               {featureFlags?.operators && (
+                 <Link

packages/system/dashboard/images/kubeapps-apis/Dockerfile

@@ -4,20 +4,12 @@
 # syntax = docker/dockerfile:1
 
 FROM alpine as source
-ARG VERSION=v2.11.0
+ARG COMMIT_REF=e146cf8660c58a4f585611ab3cbce62ebfa4c5a3
 RUN apk add --no-cache patch
 WORKDIR /source
-RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
-COPY fluxcd.diff /patches/fluxcd.diff
-COPY labels.diff /patches/labels.diff
-COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
-COPY dashboard-resource.diff /patches/dashboard-resource.diff
-RUN patch -p1 < /patches/fluxcd.diff
-RUN patch -p1 < /patches/labels.diff
-RUN patch -p1 < /patches/reconcile-strategy.diff
-RUN patch -p1 < /patches/dashboard-resource.diff
+RUN wget -O- https://github.com/aenix-io/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
 
-FROM bitnami/golang:1.22.5 AS builder
+FROM bitnami/golang:1.23.4 AS builder
 WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
 COPY --from=source /source/go.mod /source/go.sum ./
 ARG VERSION="devel"
@@ -45,7 +37,6 @@ RUN curl -sSL "https://github.com/bufbuild/buf/releases/download/v$BUF_VERSION/b
 # TODO: Remove and instead use built-in gRPC container probes once we're supporting >= 1.24 only. https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/
 RUN curl -sSL "https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH}" -o "/bin/grpc_health_probe" && chmod +x "/bin/grpc_health_probe"
 
-
 # With the trick below, Go's build cache is kept between builds.
 # https://github.com/golang/go/issues/27719#issuecomment-514747274
 RUN --mount=type=cache,target=/go/pkg/mod  \

packages/system/dashboard/images/kubeapps-apis/dashboard-resource.diff

@@ -1,155 +0,0 @@
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
-index 53fac6474..4602a1148 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/server.go
-@@ -5,6 +5,7 @@ package main
- 
- import (
- 	"context"
-+	"encoding/json"
- 	"fmt"
- 	"net/http"
- 
-@@ -16,7 +17,6 @@ import (
- 	helmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2"
- 	sourcev1beta2 "github.com/fluxcd/source-controller/api/v1beta2"
- 	authorizationv1 "k8s.io/api/authorization/v1"
--	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- 	"k8s.io/apimachinery/pkg/runtime"
- 	"k8s.io/apimachinery/pkg/runtime/schema"
- 	"k8s.io/apimachinery/pkg/types"
-@@ -28,12 +28,16 @@ import (
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common"
--	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/clientgetter"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/paginate"
- 	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/pkgutils"
--	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/resourcerefs"
-+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- 	log "k8s.io/klog/v2"
- 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
-+
-+	"github.com/vmware-tanzu/kubeapps/cmd/kubeapps-apis/plugins/pkg/clientgetter"
-+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-+	"k8s.io/client-go/discovery/cached/memory"
-+	"k8s.io/client-go/restmapper"
- )
- 
- // Compile-time statement to ensure this service implementation satisfies the core packaging API
-@@ -135,6 +139,7 @@ func NewServer(configGetter core.KubernetesConfigGetter, kubeappsCluster string,
- 			if err != nil {
- 				log.Fatalf("%s", err)
- 			}
-+
- 			return &Server{
- 				clientGetter:               clientProvider,
- 				serviceAccountClientGetter: backgroundClientGetter,
-@@ -462,36 +467,84 @@ func (s *Server) DeleteInstalledPackage(ctx context.Context, request *connect.Re
- // resources created by an installed package.
- func (s *Server) GetInstalledPackageResourceRefs(ctx context.Context, request *connect.Request[corev1.GetInstalledPackageResourceRefsRequest]) (*connect.Response[corev1.GetInstalledPackageResourceRefsResponse], error) {
- 	pkgRef := request.Msg.GetInstalledPackageRef()
--	identifier := pkgRef.GetIdentifier()
--	log.InfoS("+fluxv2 GetInstalledPackageResourceRefs", "cluster", pkgRef.GetContext().GetCluster(), "namespace", pkgRef.GetContext().GetNamespace(), "id", identifier)
-+	log.InfoS("+fluxv2 GetInstalledPackageResourceRefs", "cluster", pkgRef.GetContext().GetCluster(), "namespace", pkgRef.GetContext().GetNamespace(), "id", pkgRef.GetIdentifier())
- 
--	key := types.NamespacedName{Namespace: pkgRef.Context.Namespace, Name: identifier}
--	rel, err := s.getReleaseInCluster(ctx, request.Header(), key)
-+	// Getting dynamic client
-+	dynamicClient, err := s.clientGetter.Dynamic(request.Header(), pkgRef.GetContext().GetCluster())
- 	if err != nil {
-+		log.Errorf("Failed to get dynamic client: %v", err)
- 		return nil, err
- 	}
--	hrName := helmReleaseName(key, rel)
--	refs, err := resourcerefs.GetInstalledPackageResourceRefs(request.Header(), hrName, s.actionConfigGetter)
-+
-+	// Getting Discovery Client to work with RESTMapper
-+	discoveryClient, err := s.clientGetter.Typed(request.Header(), pkgRef.GetContext().GetCluster())
- 	if err != nil {
-+		log.Errorf("Failed to create discovery client: %v", err)
- 		return nil, err
--	} else {
--		return connect.NewResponse(
--			&corev1.GetInstalledPackageResourceRefsResponse{
--				Context: &corev1.Context{
--					Cluster: s.kubeappsCluster,
--					// TODO (gfichtenholt) it is not specifically called out in the spec why there is a
--					// need for a Context in the response and MORE imporantly what the value of Namespace
--					// field should be. In particular, there is use case when Flux Helm Release in
--					// installed in ns1 but specifies targetNamespace as test2. Should we:
--					//  (a) return ns1 (the namespace where CRs are installed) OR
--					//  (b) return ns2 (the namespace where flux installs the resources specified by the
--					//    release).
--					// For now lets use (a)
--					Namespace: key.Namespace,
--				},
--				ResourceRefs: refs,
--			}), nil
- 	}
-+	mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(discoveryClient.Discovery()))
-+
-+	// Getting the role
-+	roleGVR := schema.GroupVersionResource{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "roles"}
-+	roleName := fmt.Sprintf("%s-dashboard-resources", pkgRef.GetIdentifier())
-+	namespace := pkgRef.GetContext().GetNamespace()
-+	role, err := dynamicClient.Resource(roleGVR).Namespace(namespace).Get(ctx, roleName, metav1.GetOptions{})
-+	if err != nil {
-+		log.Errorf("Failed to get role %s: %v", roleName, err)
-+		return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("Unable to get role %s: %w", roleName, err))
-+	}
-+
-+	// Logging Role content for debugging
-+	roleContent, _ := json.Marshal(role)
-+	log.Infof("Role content: %s", string(roleContent))
-+
-+	// Parsing rules from Role and creating ResourceRefs
-+	resourcesFromRole := make([]*corev1.ResourceRef, 0)
-+	rules, found, _ := unstructured.NestedSlice(role.Object, "rules")
-+	if !found {
-+		log.Errorf("No rules found in role %s", roleName)
-+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("No rules found in role %s", roleName))
-+	}
-+
-+	for _, rule := range rules {
-+		r := rule.(map[string]interface{})
-+		resources, _ := r["resources"].([]interface{})
-+		apiGroups, _ := r["apiGroups"].([]interface{})
-+
-+		for _, resource := range resources {
-+			resourceStr := resource.(string)
-+			for _, apiGroup := range apiGroups {
-+				apiGroupStr := apiGroup.(string)
-+
-+				// Using GroupVersionResource to get GroupVersionKind
-+				gvr := schema.GroupVersionResource{Group: apiGroupStr, Version: "v1", Resource: resourceStr}
-+				gvk, err := mapper.KindFor(gvr)
-+				if err != nil {
-+					log.Errorf("Failed to get GroupVersionKind for GVR %v: %v", gvr, err)
-+					continue
-+				}
-+
-+				resourceNames, _ := r["resourceNames"].([]interface{})
-+				for _, resourceName := range resourceNames {
-+					resourceNameStr := resourceName.(string)
-+					resourcesFromRole = append(resourcesFromRole, &corev1.ResourceRef{
-+						ApiVersion: gvk.GroupVersion().String(),
-+						Kind:       gvk.Kind,
-+						Name:       resourceNameStr,
-+						Namespace:  namespace,
-+					})
-+				}
-+			}
-+		}
-+	}
-+
-+	return connect.NewResponse(&corev1.GetInstalledPackageResourceRefsResponse{
-+		Context: &corev1.Context{
-+			Cluster:   s.kubeappsCluster,
-+			Namespace: namespace,
-+		},
-+		ResourceRefs: resourcesFromRole,
-+	}), nil
- }
- 
- func (s *Server) AddPackageRepository(ctx context.Context, request *connect.Request[corev1.AddPackageRepositoryRequest]) (*connect.Response[corev1.AddPackageRepositoryResponse], error) {

packages/system/dashboard/images/kubeapps-apis/dockerfile.diff

@@ -1,38 +0,0 @@
---- b/system/kubeapps/images/kubeapps-apis/Dockerfile
-+++ a/system/kubeapps/images/kubeapps-apis/Dockerfile
-@@ -3,9 +3,19 @@
- 
- # syntax = docker/dockerfile:1
- 
-+FROM alpine as source
-+ARG VERSION=v2.11.0
-+RUN apk add --no-cache patch
-+WORKDIR /source
-+RUN wget -O- https://github.com/vmware-tanzu/kubeapps/archive/refs/tags/${VERSION}.tar.gz | tar xzf - --strip-components=1
-+COPY fluxcd.diff /patches/fluxcd.diff
-+COPY labels.diff /patches/labels.diff
-+COPY reconcile-strategy.diff /patches/reconcile-strategy.diff
-+COPY dashboard-resource.diff /patches/dashboard-resource.diff
-+RUN patch -p1 < /patches/fluxcd.diff
-+RUN patch -p1 < /patches/labels.diff
-+RUN patch -p1 < /patches/reconcile-strategy.diff
-+RUN patch -p1 < /patches/dashboard-resource.diff
-+
- FROM bitnami/golang:1.22.2 as builder
- WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
--COPY go.mod go.sum ./
-+COPY --from=source /source/go.mod /source/go.sum ./
- ARG VERSION="devel"
- ARG TARGETARCH
- 
-@@ -40,8 +52,8 @@
- 
- # We don't copy the pkg and cmd directories until here so the above layers can
- # be reused.
--COPY pkg pkg
--COPY cmd cmd
-+COPY --from=source /source/pkg pkg
-+COPY --from=source /source/cmd cmd
- 
- RUN if [ ! -z ${lint:-} ]; then \
-     # Run golangci-lint to detect issues

packages/system/dashboard/images/kubeapps-apis/labels.diff

@@ -1,69 +0,0 @@
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-index c489cb6ca..8884a6484 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-@@ -29,8 +29,10 @@ import (
- 	"k8s.io/apimachinery/pkg/api/errors"
- 	"k8s.io/apimachinery/pkg/api/meta"
- 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-+	"k8s.io/apimachinery/pkg/labels"
- 	"k8s.io/apimachinery/pkg/types"
- 	log "k8s.io/klog/v2"
-+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
- 	"sigs.k8s.io/yaml"
- )
- 
-@@ -54,7 +56,10 @@ func (s *Server) listReleasesInCluster(ctx context.Context, headers http.Header,
- 	// see any results created/updated/deleted after the first request is issued
- 	// To fix this, we must make use of resourceVersion := relList.GetResourceVersion()
- 	var relList helmv2.HelmReleaseList
--	if err = client.List(ctx, &relList); err != nil {
-+	listOptions := ctrlclient.ListOptions{
-+		LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
-+	}
-+	if err = client.List(ctx, &relList, &listOptions); err != nil {
- 		return nil, connecterror.FromK8sError("list", "HelmRelease", namespace+"/*", err)
- 	} else {
- 		return relList.Items, nil
-@@ -512,6 +517,9 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
- 		ObjectMeta: metav1.ObjectMeta{
- 			Name:      targetName.Name,
- 			Namespace: targetName.Namespace,
-+			Labels: map[string]string{
-+				"cozystack.io/ui": "true",
-+			},
- 		},
- 		Spec: helmv2.HelmReleaseSpec{
- 			Chart: helmv2.HelmChartTemplate{
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-index 790b21514..539276a17 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/repo.go
-@@ -32,6 +32,7 @@ import (
- 	apiv1 "k8s.io/api/core/v1"
- 	"k8s.io/apimachinery/pkg/api/meta"
- 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-+	"k8s.io/apimachinery/pkg/labels"
- 	"k8s.io/apimachinery/pkg/types"
- 	"k8s.io/apimachinery/pkg/util/sets"
- 	log "k8s.io/klog/v2"
-@@ -64,7 +65,8 @@ func (s *Server) listReposInNamespace(ctx context.Context, headers http.Header,
- 
- 	var repoList sourcev1.HelmRepositoryList
- 	listOptions := ctrlclient.ListOptions{
--		Namespace: ns,
-+		Namespace:     ns,
-+		LabelSelector: labels.SelectorFromSet(labels.Set{"cozystack.io/ui": "true"}),
- 	}
- 	if err := client.List(backgroundCtx, &repoList, &listOptions); err != nil {
- 		return nil, connecterror.FromK8sError("list", "HelmRepository", "", err)
-@@ -927,6 +929,9 @@ func newFluxHelmRepo(
- 		ObjectMeta: metav1.ObjectMeta{
- 			Name:      targetName.Name,
- 			Namespace: targetName.Namespace,
-+			Labels: map[string]string{
-+				"cozystack.io/ui": "true",
-+			},
- 		},
- 		Spec: sourcev1.HelmRepositorySpec{
- 			URL:      url,

packages/system/dashboard/images/kubeapps-apis/reconcile-strategy.diff

@@ -1,12 +0,0 @@
-diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-index 8884a6484..4bf77071c 100644
---- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go
-@@ -530,6 +530,7 @@ func (s *Server) newFluxHelmRelease(chart *models.Chart, targetName types.Namesp
- 						Kind:      sourcev1.HelmRepositoryKind,
- 						Namespace: chart.Repo.Namespace,
- 					},
-+					ReconcileStrategy: "Revision",
- 				},
- 			},
- 		},

packages/system/dashboard/values.yaml

@@ -1,4 +1,11 @@
 kubeapps:
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/client-max-body-size: 1m
+      nginx.ingress.kubernetes.io/proxy-body-size: 100m
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
   fullnameOverride: dashboard
   postgresql:
     enabled: false
@@ -33,11 +40,310 @@ kubeapps:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: dashboard
-      tag: v0.20.0
-      digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
+      tag: v0.21.1
+      digest: "sha256:fa9b6238da1dfaa15ec1c20c041103d6e07b5194cc54cf3cf4872f758ceaa085"
   kubeappsapis:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: kubeapps-apis
-      tag: v0.20.0
-      digest: "sha256:097b04a5870a966f764aacc317276078149ad7d038fce6a388b9a8f47c3d34a6"
+      tag: v0.21.1
+      digest: "sha256:3ad47a120ae2bd83e1242430e17616a6500d627a7a6cef94095b9e6c1a9e85a8"
+    pluginConfig:
+      flux:
+        packages:
+          v1alpha1:
+            resources:
+              - application:
+                  kind: Bucket
+                  singular: bucket
+                  plural: buckets
+                release:
+                  prefix: bucket-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: bucket
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: ClickHouse
+                  singular: clickhouse
+                  plural: clickhouses
+                release:
+                  prefix: clickhouse-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: clickhouse
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: HTTPCache
+                  singular: httpcache
+                  plural: httpcaches
+                release:
+                  prefix: http-cache-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: http-cache
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: NATS
+                  singular: nats
+                  plural: natses
+                release:
+                  prefix: nats-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: nats
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: TCPBalancer
+                  singular: tcpbalancer
+                  plural: tcpbalancers
+                release:
+                  prefix: tcp-balancer-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: tcp-balancer
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VirtualMachine
+                  singular: virtualmachine
+                  plural: virtualmachines
+                release:
+                  prefix: virtual-machine-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: virtual-machine
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VPN
+                  singular: vpn
+                  plural: vpns
+                release:
+                  prefix: vpn-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: vpn
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: MySQL
+                  singular: mysql
+                  plural: mysqls
+                release:
+                  prefix: mysql-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: mysql
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Tenant
+                  singular: tenant
+                  plural: tenants
+                release:
+                  prefix: tenant-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: tenant
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Kubernetes
+                  singular: kubernetes
+                  plural: kuberneteses
+                release:
+                  prefix: kubernetes-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: kubernetes
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Redis
+                  singular: redis
+                  plural: redises
+                release:
+                  prefix: redis-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: redis
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: RabbitMQ
+                  singular: rabbitmq
+                  plural: rabbitmqs
+                release:
+                  prefix: rabbitmq-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: rabbitmq
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Postgres
+                  singular: postgres
+                  plural: postgreses
+                release:
+                  prefix: postgres-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: postgres
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: FerretDB
+                  singular: ferretdb
+                  plural: ferretdb
+                release:
+                  prefix: ferretdb-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: ferretdb
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Kafka
+                  singular: kafka
+                  plural: kafkas
+                release:
+                  prefix: kafka-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: kafka
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VMDisk
+                  plural: vmdisks
+                  singular: vmdisk
+                release:
+                  prefix: vm-disk-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: vm-disk
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: VMInstance
+                  plural: vminstances
+                  singular: vminstance
+                release:
+                  prefix: vm-instance-
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: vm-instance
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-apps
+                      namespace: cozy-public
+              - application:
+                  kind: Monitoring
+                  plural: monitorings
+                  singular: monitoring
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: monitoring
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public
+              - application:
+                  kind: Etcd
+                  plural: etcds
+                  singular: etcd
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: etcd
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public
+              - application:
+                  kind: Ingress
+                  plural: ingresses
+                  singular: ingress
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: ingress
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public
+              - application:
+                  kind: SeaweedFS
+                  plural: seaweedfses
+                  singular: seaweedfs
+                release:
+                  prefix: ""
+                  labels:
+                    cozystack.io/ui: "true"
+                  chart:
+                    name: seaweedfs
+                    sourceRef:
+                      kind: HelmRepository
+                      name: cozystack-extra
+                      namespace: cozy-public

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.20.0@sha256:35f4793fedb4dfbedbd6dca2cf312518c25632ae66f9f7acc4dc69aaf2406650
+    tag: v0.21.1@sha256:78d42522832b27aade9cc32ef021922fada8107e29e2fe7f255a4840c0d1719a
     repository: ghcr.io/aenix-io/cozystack/kamaji
   resources:
     limits:

packages/system/keycloak-configure/templates/configure-kk.yaml

@@ -215,19 +215,6 @@ data:
 
 ---
 
-apiVersion: v1.edp.epam.com/v1
-kind: KeycloakRealmGroup
-metadata:
-  name: kubeapps-admin
-  namespace: cozy-dashboard
-spec:
-  name: kubeapps-admin
-  realmRef:
-    name: keycloakrealm-cozy
-    kind: ClusterKeycloakRealm
-
----
-
 apiVersion: v1.edp.epam.com/v1
 kind: KeycloakRealmGroup
 metadata:

packages/system/keycloak-configure/templates/rolebinding.yaml

@@ -1,35 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubeapps-admin-group
-  namespace: cozy-dashboard
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubeapps-admin
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: kubeapps-admin
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: kubeapps-admin
-  namespace: cozy-public
-subjects:
-- kind: Group
-  name: kubeapps-admin
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: Role
-  name: kubeapps-admin
-  apiGroup: rbac.authorization.k8s.io
-
----
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

packages/system/keycloak-configure/templates/roles.yaml

@@ -1,45 +1,3 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kubeapps-admin
-rules:
-- apiGroups: [""]
-  resources:
-  - "*"
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups: ["apps.cozystack.io"]
-  resources:
-  - '*'
-  verbs:
-  - '*'
-- apiGroups: ["helm.toolkit.fluxcd.io"]
-  resources:
-  - helmreleases
-  verbs:
-  - '*'
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kubeapps-admin
-  namespace: cozy-public
-rules:
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources: ["helmrepositories"]
-    verbs:
-    - get
-    - list
-  - apiGroups: ["source.toolkit.fluxcd.io"]
-    resources:
-    - helmcharts
-    verbs: ["*"]
-
----
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.0@sha256:3962404f479a95a6d8c0d4566b2694bcc9f2e88048edde4f368b84e0e0fadb7b
+      tag: v1.13.0@sha256:492c18b5392ef3bb6e40b094c7c41f390571ab71ec1bbdd0a8553864e9014d08

packages/system/monitoring-agents/templates/vmagent.yaml

@@ -18,10 +18,10 @@ spec:
     key: prometheus-additional.yaml
   resources:
     limits:
-      memory: 500Mi
+      memory: 1024Mi
     requests:
       cpu: 50m
-      memory: 200Mi
+      memory: 768Mi
   #statefulMode: true
   #statefulStorage:
   #  volumeClaimTemplate:

packages/system/monitoring-agents/values.yaml

@@ -305,3 +305,57 @@ vmagent:
     tenant: tenant-root
   remoteWrite:
     url: http://vminsert-shortterm.tenant-root.svc:8480/insert/0/prometheus
+
+fluent-bit:
+  readinessProbe:
+    httpGet:
+      path: /
+  daemonSetVolumes:
+    - name: varlog
+      hostPath:
+        path: /var/log
+    - name: varlibdockercontainers
+      hostPath:
+        path: /var/lib/docker/containers
+  daemonSetVolumeMounts:
+    - name: varlog
+      mountPath: /var/log
+    - name: varlibdockercontainers
+      mountPath: /var/lib/docker/containers
+      readOnly: true
+  config:
+    outputs: |
+      [OUTPUT]
+          Name http
+          Match kube.*
+          Host vlogs-generic.tenant-root.svc
+          port 9428
+          compress gzip
+          uri /insert/jsonline?_stream_fields=stream,kubernetes_pod_name,kubernetes_container_name,kubernetes_namespace_name&_msg_field=log&_time_field=date
+          format json_lines
+          json_date_format iso8601
+          header AccountID 0
+          header ProjectID 0
+    filters: |
+      [FILTER]
+          Name kubernetes
+          Match kube.*
+          Merge_Log On
+          Keep_Log On
+          K8S-Logging.Parser On
+          K8S-Logging.Exclude On
+      [FILTER]
+          Name                nest
+          Match               *
+          Wildcard            pod_name
+          Operation lift
+          Nested_under kubernetes
+          Add_prefix   kubernetes_
+      [FILTER]
+          Name modify
+          Match *
+          Add tenant tenant-root
+      [FILTER]
+          Name modify
+          Match *
+          Add cluster root-cluster

packages/system/piraeus-operator/charts/piraeus/templates/config.yaml

@@ -30,7 +30,7 @@ data:
         tag: v1.6.0
         image: drbd-reactor
       ha-controller:
-        tag: v1.2.2
+        tag: v1.2.3
         image: piraeus-ha-controller
       drbd-shutdown-guard:
         tag: v1.0.0

pkg/apis/apps/v1alpha1/register.go

@@ -72,6 +72,10 @@ func RegisterDynamicTypes(scheme *runtime.Scheme, cfg *config.ResourceConfig) er
 		scheme.AddKnownTypeWithName(gvk, &Application{})
 		scheme.AddKnownTypeWithName(gvk.GroupVersion().WithKind(kind+"List"), &ApplicationList{})
 
+		gvkInternal := schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}.WithKind(kind)
+		scheme.AddKnownTypeWithName(gvkInternal, &Application{})
+		scheme.AddKnownTypeWithName(gvkInternal.GroupVersion().WithKind(kind+"List"), &ApplicationList{})
+
 		klog.V(1).Infof("Registered kind: %s\n", kind)
 		RegisteredGVKs = append(RegisteredGVKs, gvk)
 	}

pkg/cmd/server/start.go

@@ -201,26 +201,30 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 	serverConfig.OpenAPIConfig.PostProcessSpec = func(swagger *spec.Swagger) (*spec.Swagger, error) {
 		defs := swagger.Definitions
 
-		// Check basic Application definition
+		// Verify the presence of the base Application/ApplicationList definitions
 		appDef, exists := defs["com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Application"]
 		if !exists {
 			return swagger, fmt.Errorf("Application definition not found")
 		}
 
-		// Check basic ApplicationList definition
 		listDef, exists := defs["com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList"]
 		if !exists {
 			return swagger, fmt.Errorf("ApplicationList definition not found")
 		}
 
+		// Iterate over all registered GVKs (e.g., Bucket, Database, etc.)
 		for _, gvk := range v1alpha1.RegisteredGVKs {
+			// This will be something like:
+			// "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Bucket"
 			resourceName := fmt.Sprintf("com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.%s", gvk.Kind)
+
+			// 1. Create a copy of the base Application definition for the new resource
 			newDef, err := DeepCopySchema(&appDef)
 			if err != nil {
 				return nil, fmt.Errorf("failed to deepcopy schema for %s: %w", gvk.Kind, err)
 			}
 
-			// Fix Extensions for resource
+			// 2. Update x-kubernetes-group-version-kind to match the new resource
 			if newDef.Extensions == nil {
 				newDef.Extensions = map[string]interface{}{}
 			}
@@ -231,17 +235,20 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 					"kind":    gvk.Kind,
 				},
 			}
+
+			// 3. Save the new resource definition under the correct name
 			defs[resourceName] = *newDef
 			klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", resourceName)
 
-			// List resource
+			// 4. Now handle the corresponding List type (e.g., BucketList).
+			//    We'll start by copying the ApplicationList definition.
 			listResourceName := fmt.Sprintf("com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.%sList", gvk.Kind)
 			newListDef, err := DeepCopySchema(&listDef)
 			if err != nil {
 				return nil, fmt.Errorf("failed to deepcopy schema for %sList: %w", gvk.Kind, err)
 			}
 
-			// Fix Extensions for List resource
+			// 5. Update x-kubernetes-group-version-kind for the List definition
 			if newListDef.Extensions == nil {
 				newListDef.Extensions = map[string]interface{}{}
 			}
@@ -252,10 +259,25 @@ func (o *AppsServerOptions) Config() (*apiserver.Config, error) {
 					"kind":    fmt.Sprintf("%sList", gvk.Kind),
 				},
 			}
+
+			// 6. IMPORTANT: Fix the "items" reference so it points to the new resource
+			//    rather than to "Application".
+			if itemsProp, found := newListDef.Properties["items"]; found {
+				if itemsProp.Items != nil && itemsProp.Items.Schema != nil {
+					itemsProp.Items.Schema.Ref = spec.MustCreateRef("#/definitions/" + resourceName)
+					newListDef.Properties["items"] = itemsProp
+				}
+			}
+
+			// 7. Finally, save the new List definition
 			defs[listResourceName] = *newListDef
 			klog.V(6).Infof("PostProcessSpec: Added OpenAPI definition for %s\n", listResourceName)
 		}
 
+		// Remove the original Application/ApplicationList from the definitions
+		delete(defs, "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.Application")
+		delete(defs, "com.github.aenix.io.cozystack.pkg.apis.apps.v1alpha1.ApplicationList")
+
 		swagger.Definitions = defs
 		return swagger, nil
 	}