Prepare release v0.28.2

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>

.github/CODEOWNERS

@@ -1 +1 @@
-* @kvaps
+* @kvaps @lllamnyp

ADOPTERS.md

@@ -13,8 +13,8 @@ but it means a lot to us.
 
 To add your organization to this list, you can either:
 
-- [open a pull request](https://github.com/aenix-io/cozystack/pulls) to directly update this file, or
-- [edit this file](https://github.com/aenix-io/cozystack/blob/main/ADOPTERS.md) directly in GitHub
+- [open a pull request](https://github.com/cozystack/cozystack/pulls) to directly update this file, or
+- [edit this file](https://github.com/cozystack/cozystack/blob/main/ADOPTERS.md) directly in GitHub
 
 Feel free to ask in the Slack chat if you any questions and/or require
 assistance with updating this list.

CONTRIBUTING.md

@@ -23,7 +23,7 @@ We welcome many types of contributions including:
 * New features
 * Builds, CI/CD
 * Bug fixes
-* [Documentation](https://github.com/aenix-io/cozystack-website/tree/main)
+* [Documentation](https://github.com/cozystack/cozystack-website/tree/main)
 * Issue Triage
 * Answering questions on Slack or Github Discussions
 * Web design

Makefile

@@ -6,10 +6,12 @@ build:
 	make -C packages/apps/mysql image
 	make -C packages/apps/clickhouse image
 	make -C packages/apps/kubernetes image
+	make -C packages/extra/monitoring image
 	make -C packages/system/cozystack-api image
 	make -C packages/system/cozystack-controller image
 	make -C packages/system/cilium image
 	make -C packages/system/kubeovn image
+	make -C packages/system/kubeovn-webhook image
 	make -C packages/system/dashboard image
 	make -C packages/system/kamaji image
 	make -C packages/system/bucket image
@@ -35,6 +37,7 @@ assets:
 	make -C packages/core/installer/ assets
 
 test:
+	test -f _out/assets/nocloud-amd64.raw.xz || make -C packages/core/installer talos-nocloud
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
 	make -C packages/core/testing test-applications

README.md

@@ -2,11 +2,11 @@
 ![Cozystack](img/cozystack-logo-white.svg#gh-dark-mode-only)
 
 [![Open Source](https://img.shields.io/badge/Open-Source-brightgreen)](https://opensource.org/)
-[![Apache-2.0 License](https://img.shields.io/github/license/aenix-io/cozystack)](https://opensource.org/licenses/)
-[![Support](https://img.shields.io/badge/$-support-12a0df.svg?style=flat)](https://aenix.io/contact-us/#meet)
-[![Active](http://img.shields.io/badge/Status-Active-green.svg)](https://aenix.io/cozystack/)
-[![GitHub Release](https://img.shields.io/github/release/aenix-io/cozystack.svg?style=flat)](https://github.com/aenix-io/cozystack)
-[![GitHub Commit](https://img.shields.io/github/commit-activity/y/aenix-io/cozystack)](https://github.com/aenix-io/cozystack) 
+[![Apache-2.0 License](https://img.shields.io/github/license/cozystack/cozystack)](https://opensource.org/licenses/)
+[![Support](https://img.shields.io/badge/$-support-12a0df.svg?style=flat)](https://cozystack.io/support/)
+[![Active](http://img.shields.io/badge/Status-Active-green.svg)](https://github.com/cozystack/cozystack)
+[![GitHub Release](https://img.shields.io/github/release/cozystack/cozystack.svg?style=flat)](https://github.com/cozystack/cozystack/releases/latest)
+[![GitHub Commit](https://img.shields.io/github/commit-activity/y/cozystack/cozystack)](https://github.com/cozystack/cozystack/graphs/contributors) 
 
 # Cozystack
 
@@ -42,21 +42,21 @@ If you encounter any difficulties, start with the [troubleshooting guide](https:
 ## Versioning
 
 Versioning adheres to the [Semantic Versioning](http://semver.org/) principles.  
-A full list of the available releases is available in the GitHub repository's [Release](https://github.com/aenix-io/cozystack/releases) section.
+A full list of the available releases is available in the GitHub repository's [Release](https://github.com/cozystack/cozystack/releases) section.
 
-- [Roadmap](https://github.com/orgs/aenix-io/projects/2)
+- [Roadmap](https://cozystack.io/docs/roadmap/)
 
 ## Contributions
 
 Contributions are highly appreciated and very welcomed!
 
-In case of bugs, please, check if the issue has been already opened by checking the [GitHub Issues](https://github.com/aenix-io/cozystack/issues) section.
+In case of bugs, please, check if the issue has been already opened by checking the [GitHub Issues](https://github.com/cozystack/cozystack/issues) section.
 In case it isn't, you can open a new one: a detailed report will help us to replicate it, assess it, and work on a fix.
 
 You can express your intention in working on the fix on your own.
 Commits are used to generate the changelog, and their author will be referenced in it.
 
-In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/aenix-io/cozystack/discussions/categories/feature-requests).
+In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/cozystack/cozystack/discussions/categories/feature-requests).
 
 You can join our weekly community meetings (just add this events to your [Google Calendar](https://calendar.google.com/calendar?cid=ZTQzZDIxZTVjOWI0NWE5NWYyOGM1ZDY0OWMyY2IxZTFmNDMzZTJlNjUzYjU2ZGJiZGE3NGNhMzA2ZjBkMGY2OEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) or [iCal](https://calendar.google.com/calendar/ical/e43d21e5c9b45a95f28c5d649c2cb1e1f433e2e653b56dbbda74ca306f0d0f68%40group.calendar.google.com/public/basic.ics)) or [Telegram group](https://t.me/cozystack).
 
@@ -67,8 +67,4 @@ The code is provided as-is with no warranties.
 
 ## Commercial Support
 
-[**Ænix**](https://aenix.io) offers enterprise-grade support, available 24/7.
-
-We provide all types of assistance, including consultations, development of missing features, design, assistance with installation, and integration.
-
-[Contact us](https://aenix.io/contact/)
+A list of companies providing commercial support for this project can be found on [official site](https://cozystack.io/support/).

api/api-rules/cozystack_api_violation_exceptions.list

@@ -1,4 +1,4 @@
-API rule violation: list_type_missing,github.com/aenix-io/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions
+API rule violation: list_type_missing,github.com/cozystack/cozystack/pkg/apis/apps/v1alpha1,ApplicationStatus,Conditions
 API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref
 API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema
 API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XEmbeddedResource

cmd/cozystack-api/main.go

@@ -19,7 +19,7 @@ package main
 import (
 	"os"
 
-	"github.com/aenix-io/cozystack/pkg/cmd/server"
+	"github.com/cozystack/cozystack/pkg/cmd/server"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	"k8s.io/component-base/cli"
 )

cmd/cozystack-assets-server/main.go

@@ -0,0 +1,29 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"net/http"
+	"path/filepath"
+)
+
+func main() {
+	addr := flag.String("address", ":8123", "Address to listen on")
+	dir := flag.String("dir", "/cozystack/assets", "Directory to serve files from")
+	flag.Parse()
+
+	absDir, err := filepath.Abs(*dir)
+	if err != nil {
+		log.Fatalf("Error getting absolute path for %s: %v", *dir, err)
+	}
+
+	fs := http.FileServer(http.Dir(absDir))
+	http.Handle("/", fs)
+
+	log.Printf("Server starting on %s, serving directory %s", *addr, absDir)
+
+	err = http.ListenAndServe(*addr, nil)
+	if err != nil {
+		log.Fatalf("Server failed to start: %v", err)
+	}
+}

cmd/cozystack-controller/main.go

@@ -36,9 +36,9 @@ import (
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
-	cozystackiov1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
-	"github.com/aenix-io/cozystack/internal/controller"
-	"github.com/aenix-io/cozystack/internal/telemetry"
+	cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
+	"github.com/cozystack/cozystack/internal/controller"
+	"github.com/cozystack/cozystack/internal/telemetry"
 	// +kubebuilder:scaffold:imports
 )
 

go.mod

@@ -1,6 +1,6 @@
 // This is a generated file. Do not edit directly.
 
-module github.com/aenix-io/cozystack
+module github.com/cozystack/cozystack
 
 go 1.23.0
 

hack/download-dashboards.sh

@@ -21,7 +21,7 @@ fix_d8() {
 }
 
 swap_pvc_overview() {
- jq '(.panels[] | select(.title=="PVC Detailed") | .panels[] | select(.title=="Overview")) as $a | del(.panels[] | select(.title=="PVC Detailed").panels[] | select(.title=="Overview")) | ( (.panels[] | select(.title=="PVC Detailed"))) as $b | del( .panels[] | select(.title=="PVC Detailed")) | (.panels[.panels|length]=($a|.gridPos.y=$b.gridPos.y)) | (.panels[.panels|length]=($b|.gridPos.y=$a.gridPos.y))' 
+ jq '(.panels[] | select(.title=="PVC Detailed") | .panels[] | select(.title=="Overview")) as $a | del(.panels[] | select(.title=="PVC Detailed").panels[] | select(.title=="Overview")) | ( (.panels[] | select(.title=="PVC Detailed"))) as $b | del( .panels[] | select(.title=="PVC Detailed")) | (.panels[.panels|length]=($a|.gridPos.y=$b.gridPos.y)) | (.panels[.panels|length]=($b|.gridPos.y=$a.gridPos.y))'
 }
 
 deprectaed_remove_faq() {
@@ -68,7 +68,7 @@ modules/402-ingress-nginx/monitoring/grafana-dashboards/ingress-nginx/namespace/
 modules/402-ingress-nginx/monitoring/grafana-dashboards/ingress-nginx/vhost/vhost_detail.json
 modules/402-ingress-nginx/monitoring/grafana-dashboards/ingress-nginx/vhost/vhosts.json
 modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/control-plane-status.json
-modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/kube-etcd3.json                #TODO
+modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/kube-etcd.json                #TODO
 modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/deprecated-resources.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kubernetes-cluster/nodes/ntp.json                              #TODO
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kubernetes-cluster/nodes/nodes.json
@@ -78,6 +78,10 @@ modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/pod.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/namespace/namespaces.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/namespace/namespace.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/capacity-planning/capacity-planning.json
+modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-control-plane.json
+modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-stats.json
+modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kafka/strimzi-kafka.json
+modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//goldpinger/goldpinger.json
 EOT
 
 
@@ -109,4 +113,3 @@ done <<\EOT
 	https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json
 	https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json
 EOT
-

hack/e2e.sh

@@ -60,7 +60,7 @@ done
 
 # Prepare system drive
 if [ ! -f nocloud-amd64.raw ]; then
-  wget https://github.com/aenix-io/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz
+  wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz -O nocloud-amd64.raw.xz
   rm -f nocloud-amd64.raw
   xz --decompress nocloud-amd64.raw.xz
 fi

internal/controller/suite_test.go

@@ -33,7 +33,7 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
-	cozystackiov1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
+	cozystackiov1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 	// +kubebuilder:scaffold:imports
 )
 

internal/controller/workloadmonitor_controller.go

@@ -19,7 +19,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	cozyv1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
+	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 )
 
 // WorkloadMonitorReconciler reconciles a WorkloadMonitor object

internal/telemetry/collector.go

@@ -16,7 +16,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	cozyv1alpha1 "github.com/aenix-io/cozystack/api/v1alpha1"
+	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
 )
 
 // Collector handles telemetry data collection and sending

manifests/cozystack-installer.yaml

@@ -5,6 +5,7 @@ kind: Namespace
 metadata:
   name: cozy-system
   labels:
+    cozystack.io/system: "true"
     pod-security.kubernetes.io/enforce: privileged
 ---
 # Source: cozy-installer/templates/cozystack.yaml
@@ -68,7 +69,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
+        image: "ghcr.io/cozystack/cozystack/installer:v0.28.2"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -86,13 +87,12 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-      - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
+      - name: assets
+        image: "ghcr.io/cozystack/cozystack/installer:v0.28.2"
         command:
-        - /usr/bin/darkhttpd
-        - /cozystack/assets
-        - --port
-        - "8123"
+        - /usr/bin/cozystack-assets-server
+        - "-dir=/cozystack/assets"
+        - "-address=:8123"
         ports:
         - name: http
           containerPort: 8123

packages/apps/clickhouse/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.1
+version: 0.6.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/clickhouse/Makefile

@@ -14,6 +14,7 @@ image:
 		--cache-to type=inline \
 		--metadata-file images/clickhouse-backup.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/clickhouse-backup:$(call settag,$(CLICKHOUSE_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/clickhouse-backup.json -o json -r)" \
 		> images/clickhouse-backup.tag

packages/apps/clickhouse/images/clickhouse-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/clickhouse-backup:0.6.1@sha256:7a99cabdfd541f863aa5d1b2f7b49afd39838fb94c8448986634a1dc9050751c
+ghcr.io/cozystack/cozystack/clickhouse-backup:0.6.2@sha256:67dd53efa86b704fc5cb876aca055fef294b31ab67899b683a4821ea12582ea7

packages/apps/clickhouse/templates/dashboard-resourcemap.yaml

@@ -17,3 +17,10 @@ rules:
   resourceNames:
   - {{ .Release.Name }}-credentials
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/clickhouse/templates/workloadmonitor.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: clickhouse
+  type: clickhouse
+  selector:
+    clickhouse.altinity.com/chi: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}

packages/apps/ferretdb/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 0.4.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.8.0@sha256:6a8ec7e7052f2d02ec5457d7cbac6ee52b3ed93a883988a192d1394fc7c88117
+ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521

packages/apps/ferretdb/templates/dashboard-resourcemap.yaml

@@ -17,3 +17,10 @@ rules:
   resourceNames:
   - {{ .Release.Name }}-credentials
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/ferretdb/templates/postgres.yaml

@@ -6,7 +6,13 @@ metadata:
 spec:
   instances: {{ .Values.replicas }}
   enableSuperuserAccess: true
-
+  {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}
+  {{- if $configMap }}
+  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
+  {{- if $rawConstraints }}
+  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
   minSyncReplicas: {{ .Values.quorum.minSyncReplicas }}
   maxSyncReplicas: {{ .Values.quorum.maxSyncReplicas }}
 

packages/apps/ferretdb/templates/workloadmonitor.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: ferretdb
+  type: ferretdb
+  selector:
+    app: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}

packages/apps/http-cache/Makefile

@@ -13,6 +13,7 @@ image-nginx:
 		--cache-to type=inline \
 		--metadata-file images/nginx-cache.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/nginx-cache:$(call settag,$(NGINX_CACHE_TAG))@$$(yq e '."containerimage.digest"' images/nginx-cache.json -o json -r)" \
 		> images/nginx-cache.tag

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:a3c25199acb8e8426e6952658ccc4acaadb50fe2cfa6359743b64e5166b3fc70
+ghcr.io/cozystack/cozystack/nginx-cache:0.3.1@sha256:2b82eae28239ca0f9968602c69bbb752cd2a5818e64934ccd06cb91d95d019c7

packages/apps/kafka/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.1
+version: 0.3.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kafka/templates/dashboard-resourcemap.yaml

@@ -17,3 +17,11 @@ rules:
   resourceNames:
   - {{ .Release.Name }}-clients-ca
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  - {{ $.Release.Name }}-zookeeper
+  verbs: ["get", "list", "watch"]

packages/apps/kafka/templates/kafka.yaml

@@ -57,6 +57,12 @@ spec:
         class: {{ . }}
         {{- end }}
         deleteClaim: true
+    metricsConfig:
+      type: jmxPrometheusExporter
+      valueFrom:
+        configMapKeyRef:
+          name: {{ .Release.Name }}-metrics
+          key: kafka-metrics-config.yml
   zookeeper:
     replicas: {{ .Values.zookeeper.replicas }}
     storage:
@@ -68,6 +74,12 @@ spec:
       class: {{ . }}
       {{- end }}
       deleteClaim: false
+    metricsConfig:
+      type: jmxPrometheusExporter
+      valueFrom:
+        configMapKeyRef:
+          name: {{ .Release.Name }}-metrics
+          key: kafka-metrics-config.yml
   entityOperator:
     topicOperator: {}
     userOperator: {}

packages/apps/kafka/templates/metrics-configmap.yaml

@@ -0,0 +1,198 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ .Release.Name }}-metrics
+data:
+  kafka-metrics-config.yml: |
+    # See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics
+    lowercaseOutputName: true
+    rules:
+    # Special cases and very specific rules
+    - pattern: kafka.server<type=(.+), name=(.+), clientId=(.+), topic=(.+), partition=(.*)><>Value
+      name: kafka_server_$1_$2
+      type: GAUGE
+      labels:
+        clientId: "$3"
+        topic: "$4"
+        partition: "$5"
+    - pattern: kafka.server<type=(.+), name=(.+), clientId=(.+), brokerHost=(.+), brokerPort=(.+)><>Value
+      name: kafka_server_$1_$2
+      type: GAUGE
+      labels:
+        clientId: "$3"
+        broker: "$4:$5"
+    - pattern: kafka.server<type=(.+), cipher=(.+), protocol=(.+), listener=(.+), networkProcessor=(.+)><>connections
+      name: kafka_server_$1_connections_tls_info
+      type: GAUGE
+      labels:
+        cipher: "$2"
+        protocol: "$3"
+        listener: "$4"
+        networkProcessor: "$5"
+    - pattern: kafka.server<type=(.+), clientSoftwareName=(.+), clientSoftwareVersion=(.+), listener=(.+), networkProcessor=(.+)><>connections
+      name: kafka_server_$1_connections_software
+      type: GAUGE
+      labels:
+        clientSoftwareName: "$2"
+        clientSoftwareVersion: "$3"
+        listener: "$4"
+        networkProcessor: "$5"
+    - pattern: "kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+-total):"
+      name: kafka_server_$1_$4
+      type: COUNTER
+      labels:
+        listener: "$2"
+        networkProcessor: "$3"
+    - pattern: "kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+):"
+      name: kafka_server_$1_$4
+      type: GAUGE
+      labels:
+        listener: "$2"
+        networkProcessor: "$3"
+    - pattern: kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+-total)
+      name: kafka_server_$1_$4
+      type: COUNTER
+      labels:
+        listener: "$2"
+        networkProcessor: "$3"
+    - pattern: kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+)
+      name: kafka_server_$1_$4
+      type: GAUGE
+      labels:
+        listener: "$2"
+        networkProcessor: "$3"
+    # Some percent metrics use MeanRate attribute
+    # Ex) kafka.server<type=(KafkaRequestHandlerPool), name=(RequestHandlerAvgIdlePercent)><>MeanRate
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*><>MeanRate
+      name: kafka_$1_$2_$3_percent
+      type: GAUGE
+    # Generic gauges for percents
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*><>Value
+      name: kafka_$1_$2_$3_percent
+      type: GAUGE
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*, (.+)=(.+)><>Value
+      name: kafka_$1_$2_$3_percent
+      type: GAUGE
+      labels:
+        "$4": "$5"
+    # Generic per-second counters with 0-2 key/value pairs
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*, (.+)=(.+), (.+)=(.+)><>Count
+      name: kafka_$1_$2_$3_total
+      type: COUNTER
+      labels:
+        "$4": "$5"
+        "$6": "$7"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*, (.+)=(.+)><>Count
+      name: kafka_$1_$2_$3_total
+      type: COUNTER
+      labels:
+        "$4": "$5"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*><>Count
+      name: kafka_$1_$2_$3_total
+      type: COUNTER
+    # Generic gauges with 0-2 key/value pairs
+    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+), (.+)=(.+)><>Value
+      name: kafka_$1_$2_$3
+      type: GAUGE
+      labels:
+        "$4": "$5"
+        "$6": "$7"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+)><>Value
+      name: kafka_$1_$2_$3
+      type: GAUGE
+      labels:
+        "$4": "$5"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)><>Value
+      name: kafka_$1_$2_$3
+      type: GAUGE
+    # Emulate Prometheus 'Summary' metrics for the exported 'Histogram's.
+    # Note that these are missing the '_sum' metric!
+    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+), (.+)=(.+)><>Count
+      name: kafka_$1_$2_$3_count
+      type: COUNTER
+      labels:
+        "$4": "$5"
+        "$6": "$7"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.*), (.+)=(.+)><>(\d+)thPercentile
+      name: kafka_$1_$2_$3
+      type: GAUGE
+      labels:
+        "$4": "$5"
+        "$6": "$7"
+        quantile: "0.$8"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+)><>Count
+      name: kafka_$1_$2_$3_count
+      type: COUNTER
+      labels:
+        "$4": "$5"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.*)><>(\d+)thPercentile
+      name: kafka_$1_$2_$3
+      type: GAUGE
+      labels:
+        "$4": "$5"
+        quantile: "0.$6"
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)><>Count
+      name: kafka_$1_$2_$3_count
+      type: COUNTER
+    - pattern: kafka.(\w+)<type=(.+), name=(.+)><>(\d+)thPercentile
+      name: kafka_$1_$2_$3
+      type: GAUGE
+      labels:
+        quantile: "0.$4"
+    # KRaft overall related metrics
+    # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics
+    - pattern: "kafka.server<type=raft-metrics><>(.+-total|.+-max):"
+      name: kafka_server_raftmetrics_$1
+      type: COUNTER
+    - pattern: "kafka.server<type=raft-metrics><>(current-state): (.+)"
+      name: kafka_server_raftmetrics_$1
+      value: 1
+      type: UNTYPED
+      labels:
+        $1: "$2"
+    - pattern: "kafka.server<type=raft-metrics><>(.+):"
+      name: kafka_server_raftmetrics_$1
+      type: GAUGE
+    # KRaft "low level" channels related metrics
+    # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics
+    - pattern: "kafka.server<type=raft-channel-metrics><>(.+-total|.+-max):"
+      name: kafka_server_raftchannelmetrics_$1
+      type: COUNTER
+    - pattern: "kafka.server<type=raft-channel-metrics><>(.+):"
+      name: kafka_server_raftchannelmetrics_$1
+      type: GAUGE
+    # Broker metrics related to fetching metadata topic records in KRaft mode
+    - pattern: "kafka.server<type=broker-metadata-metrics><>(.+):"
+      name: kafka_server_brokermetadatametrics_$1
+      type: GAUGE
+  zookeeper-metrics-config.yml: |
+    # See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics
+    lowercaseOutputName: true
+    rules:
+    # replicated Zookeeper
+    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+      name: "zookeeper_$2"
+      type: GAUGE
+    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+      name: "zookeeper_$3"
+      type: GAUGE
+      labels:
+        replicaId: "$2"
+    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(Packets\\w+)"
+      name: "zookeeper_$4"
+      type: COUNTER
+      labels:
+        replicaId: "$2"
+        memberType: "$3"
+    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+      name: "zookeeper_$4"
+      type: GAUGE
+      labels:
+        replicaId: "$2"
+        memberType: "$3"
+    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+      name: "zookeeper_$4_$5"
+      type: GAUGE
+      labels:
+        replicaId: "$2"
+        memberType: "$3"

packages/apps/kafka/templates/podscrape.yaml

@@ -0,0 +1,40 @@
+apiVersion: operator.victoriametrics.com/v1beta1
+kind: VMPodScrape
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  podMetricsEndpoints:
+    - port: tcp-prometheus
+      scheme: http
+      relabelConfigs:
+      - separator: ;
+        regex: __meta_kubernetes_pod_label_(strimzi_io_.+)
+        replacement: $1
+        action: labelmap
+      - sourceLabels: [__meta_kubernetes_namespace]
+        separator: ;
+        regex: (.*)
+        targetLabel: namespace
+        replacement: $1
+        action: replace
+      - sourceLabels: [__meta_kubernetes_pod_name]
+        separator: ;
+        regex: (.*)
+        targetLabel: pod
+        replacement: $1
+        action: replace
+      - sourceLabels: [__meta_kubernetes_pod_node_name]
+        separator: ;
+        regex: (.*)
+        targetLabel: node
+        replacement: $1
+        action: replace
+      - sourceLabels: [__meta_kubernetes_pod_host_ip]
+        separator: ;
+        regex: (.*)
+        targetLabel: node_ip
+        replacement: $1
+        action: replace
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: {{ .Release.Name }}

packages/apps/kafka/templates/workloadmonitor.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: kafka
+  type: kafka
+  selector:
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+    app.kubernetes.io/name: kafka
+  version: {{ $.Chart.Version }}
+
+---
+
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}-zookeeper
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: kafka
+  type: zookeeper
+  selector:
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+    app.kubernetes.io/name: zookeeper
+  version: {{ $.Chart.Version }}

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.15.0
+version: 0.15.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/Makefile

@@ -18,6 +18,7 @@ image-ubuntu-container-disk:
 		--cache-to type=inline \
 		--metadata-file images/ubuntu-container-disk.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(UBUNTU_CONTAINER_DISK_TAG))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
 		> images/ubuntu-container-disk.tag
@@ -32,6 +33,7 @@ image-kubevirt-cloud-provider:
 		--cache-to type=inline \
 		--metadata-file images/kubevirt-cloud-provider.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/kubevirt-cloud-provider:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-cloud-provider.json -o json -r)" \
 		> images/kubevirt-cloud-provider.tag
@@ -46,6 +48,7 @@ image-kubevirt-csi-driver:
 		--cache-to type=inline \
 		--metadata-file images/kubevirt-csi-driver.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \
 		> images/kubevirt-csi-driver.tag
@@ -61,6 +64,7 @@ image-cluster-autoscaler:
 		--cache-to type=inline \
 		--metadata-file images/cluster-autoscaler.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/cluster-autoscaler:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/cluster-autoscaler.json -o json -r)" \
 		> images/cluster-autoscaler.tag

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:538ee308f16c9e627ed16ee7c4aaa65919c2e6c4c2778f964a06e4797610d1cd
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.15.2@sha256:ea5cd225dbd1233afe2bfd727b9f90847f198f5d231871141d494d491fdee795

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:7716c88947d13dc90ccfcc3e60bfdd6e6fa9b201339a75e9c84bf825c76e2b1f
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.15.2@sha256:de98b18691cbd1e0d7d886c57873c2ecdae7a5ab2e3c4c59f9a24bdc321622a9

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:be5e0eef92dada3ace5cddda5c68b30c9fe4682774c5e6e938ed31efba11ebbf
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.15.2@sha256:fdfa71edcb8a9f537926963fa11ad959fa2a20c08ba757c253b9587e8625b700

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:8392f00a7182294ce6fd417d254f7c2aa09fb9203d829dec70344a8050369430
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:bc08ea0ced2cb7dd98b26d72a9462fc0a3863adb908a5effbfcdf7227656ea65

packages/apps/kubernetes/templates/cluster.yaml

@@ -118,7 +118,7 @@ spec:
     ingress:
       extraAnnotations:
         nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-      hostname: {{ .Values.host | default (printf "%s.%s" .Release.Name $host) }}:443
+      hostname: {{ .Values.host | default (printf "%s.%s" .Release.Name $host) }}
       className: "{{ $ingress }}"
   deployment:
     podAdditionalMetadata:
@@ -250,7 +250,7 @@ spec:
         apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
         kind: KubevirtMachineTemplate
         name: {{ $.Release.Name }}-{{ $groupName }}-{{ $kubevirtmachinetemplateHash }}
-        namespace: default
+        namespace: {{ $.Release.Namespace }}
       version: v1.30.1
 ---
 apiVersion: cluster.x-k8s.io/v1beta1

packages/apps/mysql/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.2
+version: 0.5.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/mysql/Makefile

@@ -14,6 +14,7 @@ image:
 		--cache-to type=inline \
 		--metadata-file images/mariadb-backup.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/mariadb-backup:$(call settag,$(MARIADB_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/mariadb-backup.json -o json -r)" \
 		> images/mariadb-backup.tag

packages/apps/mysql/images/mariadb-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/mariadb-backup:0.5.2@sha256:4bbfbb397bd7ecea45507ca47989c51429c4a24f40853ac92583e5b5b352fbea
+ghcr.io/cozystack/cozystack/mariadb-backup:0.5.3@sha256:8ca1fb01e880d351ee7d984a0b437c1142836963cd079986156ed28750067138

packages/apps/mysql/templates/dashboard-resourcemap.yaml

@@ -18,3 +18,10 @@ rules:
   resourceNames:
   - {{ .Release.Name }}-credentials
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/mysql/templates/workloadmonitor.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: mysql
+  type: mysql
+  selector:
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}

packages/apps/nats/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.4.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/nats/templates/resourcemap.yaml

@@ -17,3 +17,10 @@ rules:
   resourceNames:
   - {{ .Release.Name }}-credentials
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/nats/templates/workloadmonitor.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: nats
+  type: nats
+  selector:
+    app.kubernetes.io/instance: {{ $.Release.Name }}-system
+  version: {{ $.Chart.Version }}

packages/apps/postgres/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.0
+version: 0.9.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/postgres/Makefile

@@ -14,6 +14,7 @@ image:
 		--cache-to type=inline \
 		--metadata-file images/postgres-backup.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
 	echo "$(REGISTRY)/postgres-backup:$(call settag,$(POSTGRES_BACKUP_TAG))@$$(yq e '."containerimage.digest"' images/postgres-backup.json -o json -r)" \
 		> images/postgres-backup.tag

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/postgres-backup:0.8.0@sha256:6a8ec7e7052f2d02ec5457d7cbac6ee52b3ed93a883988a192d1394fc7c88117
+ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521

packages/apps/postgres/templates/db.yaml

@@ -6,7 +6,13 @@ metadata:
 spec:
   instances: {{ .Values.replicas }}
   enableSuperuserAccess: true
-
+  {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}
+  {{- if $configMap }}
+  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
+  {{- if $rawConstraints }}
+  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
   postgresql:
     parameters:
       max_wal_senders: "30"

packages/apps/rabbitmq/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.3
+version: 0.4.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml

@@ -20,3 +20,10 @@ rules:
   resourceNames:
   - {{ .Release.Name }}
   verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - {{ .Release.Name }}
+  verbs: ["get", "list", "watch"]

packages/apps/rabbitmq/templates/workloadmonitor.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: {{ $.Release.Name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  minReplicas: 1
+  kind: rabbitmq
+  type: rabbitmq
+  selector:
+    app.kubernetes.io/name: {{ $.Release.Name }}
+  version: {{ $.Chart.Version }}

packages/apps/tenant/Chart.yaml

@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg
 
 type: application
-version: 1.6.6
+version: 1.9.0

packages/apps/tenant/README.md

@@ -50,11 +50,12 @@ tenant-u1
 
 ### Common parameters
 
-| Name         | Description                                                                                                                 | Value   |
-| ------------ | --------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `host`       | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `""`    |
-| `etcd`       | Deploy own Etcd cluster                                                                                                     | `false` |
-| `monitoring` | Deploy own Monitoring Stack                                                                                                 | `false` |
-| `ingress`    | Deploy own Ingress Controller                                                                                               | `false` |
-| `seaweedfs`  | Deploy own SeaweedFS                                                                                                        | `false` |
-| `isolated`   | Enforce tenant namespace with network policies                                                                              | `false` |
+| Name             | Description                                                                                                                 | Value   |
+| ---------------- | --------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `host`           | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `""`    |
+| `etcd`           | Deploy own Etcd cluster                                                                                                     | `false` |
+| `monitoring`     | Deploy own Monitoring Stack                                                                                                 | `false` |
+| `ingress`        | Deploy own Ingress Controller                                                                                               | `false` |
+| `seaweedfs`      | Deploy own SeaweedFS                                                                                                        | `false` |
+| `isolated`       | Enforce tenant namespace with network policies                                                                              | `true`  |
+| `resourceQuotas` | Define resource quotas for the tenant                                                                                       | `{}`    |

packages/apps/tenant/templates/info.yaml

@@ -0,0 +1,27 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $oidcEnabled := index $cozyConfig.data "oidc-enabled" }}
+{{- if $oidcEnabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: info
+  namespace: {{ include "tenant.name" . }}
+  annotations:
+    helm.sh/resource-policy: keep
+  labels:
+    cozystack.io/ui: "true"
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  chart:
+    spec:
+      chart: info
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-extra
+        namespace: cozy-public
+      version: "*"
+  interval: 1m0s
+  timeout: 5m0s
+{{- end }}

packages/apps/tenant/templates/quota.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.resourceQuotas }}
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: tenant-quota
+  namespace: {{ include "tenant.name" . }}
+spec:
+  hard:
+    {{- toYaml .Values.resourceQuotas | nindent 4 }}
+{{- end }}

packages/apps/tenant/templates/tenant.yaml

@@ -34,7 +34,11 @@ rules:
 - apiGroups: ["apps.cozystack.io"]
   resources: ['*']
   verbs: ['*']
-
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -103,6 +107,11 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+    - cozystack.io
+    resources:
+    - workloadmonitors
+    verbs: ["get", "list", "watch"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -175,6 +184,11 @@ rules:
     verbs:
     - get
     - list
+  - apiGroups:
+    - cozystack.io
+    resources:
+    - workloadmonitors
+    verbs: ["get", "list", "watch"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -258,6 +272,7 @@ rules:
     - virtualmachines
     - vmdisks
     - vminstances
+    - infos
     verbs:
     - get
     - list
@@ -266,6 +281,11 @@ rules:
     - update
     - patch
     - delete
+  - apiGroups:
+    - cozystack.io
+    resources:
+    - workloadmonitors
+    verbs: ["get", "list", "watch"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -334,6 +354,11 @@ rules:
     - '*'
     verbs:
     - '*'
+  - apiGroups:
+    - cozystack.io
+    resources:
+    - workloadmonitors
+    verbs: ["get", "list", "watch"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

packages/apps/tenant/values.schema.json

@@ -30,7 +30,12 @@
         "isolated": {
             "type": "boolean",
             "description": "Enforce tenant namespace with network policies",
-            "default": false
+            "default": true
+        },
+        "resourceQuotas": {
+            "type": "object",
+            "description": "Define resource quotas for the tenant",
+            "default": {}
         }
     }
 }

packages/apps/tenant/values.yaml

@@ -6,9 +6,18 @@
 ## @param ingress Deploy own Ingress Controller
 ## @param seaweedfs Deploy own SeaweedFS
 ## @param isolated Enforce tenant namespace with network policies
+## @param resourceQuotas Define resource quotas for the tenant
 host: ""
 etcd: false
 monitoring: false
 ingress: false
 seaweedfs: false
-isolated: false
+isolated: true
+resourceQuotas: {}
+# resourceQuotas:
+#   requests.cpu: "1"
+#   requests.memory: "1Gi"
+#   limits.cpu: "2"
+#   limits.memory: "2Gi"
+#   requests.nvidia.com/gpu: 4
+#   requests.storage: 100Gi

packages/apps/versions_map

@@ -6,13 +6,15 @@ clickhouse 0.3.0 b00621e
 clickhouse 0.4.0 320fc32
 clickhouse 0.5.0 2a4768a5
 clickhouse 0.6.0 18bbdb67
-clickhouse 0.6.1 HEAD
+clickhouse 0.6.1 b7375f73
+clickhouse 0.6.2 HEAD
 ferretdb 0.1.0 4ffa8615
 ferretdb 0.1.1 5ca8823
 ferretdb 0.2.0 adaf603
 ferretdb 0.3.0 aa2f553
 ferretdb 0.4.0 def2eb0f
-ferretdb 0.4.1 HEAD
+ferretdb 0.4.1 a9555210
+ferretdb 0.4.2 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 5ca8823
 http-cache 0.3.0 fab5940
@@ -23,7 +25,9 @@ kafka 0.2.1 3ac17018
 kafka 0.2.2 d0758692
 kafka 0.2.3 5ca8823
 kafka 0.3.0 c07c4bbd
-kafka 0.3.1 HEAD
+kafka 0.3.1 b7375f73
+kafka 0.3.2 b75aaf17
+kafka 0.3.3 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 7cd7de73
 kubernetes 0.3.0 7caccec1
@@ -43,19 +47,23 @@ kubernetes 0.12.1 28fca4e
 kubernetes 0.13.0 ced8e5b9
 kubernetes 0.14.0 bfbde07c
 kubernetes 0.14.1 fde4bcfa
-kubernetes 0.15.0 HEAD
+kubernetes 0.15.0 cb7b8158
+kubernetes 0.15.1 43e593c7
+kubernetes 0.15.2 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 5ca8823
 mysql 0.4.0 93018c4
 mysql 0.5.0 4b84798
 mysql 0.5.1 fab5940b
-mysql 0.5.2 HEAD
+mysql 0.5.2 d8a92aa3
+mysql 0.5.3 HEAD
 nats 0.1.0 5ca8823
 nats 0.2.0 c07c4bbd
 nats 0.3.0 78366f19
 nats 0.3.1 b7375f73
-nats 0.4.0 HEAD
+nats 0.4.0 da1e705a
+nats 0.4.1 HEAD
 postgres 0.1.0 f642698
 postgres 0.2.0 7cd7de73
 postgres 0.2.1 4a97e297
@@ -67,14 +75,16 @@ postgres 0.6.0 2a4768a
 postgres 0.6.2 54fd61c
 postgres 0.7.0 dc9d8bb
 postgres 0.7.1 175a65f
-postgres 0.8.0 HEAD
+postgres 0.8.0 cb7b8158
+postgres 0.9.0 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 5ca8823
 rabbitmq 0.3.0 9e33dc0
 rabbitmq 0.4.0 36d8855
 rabbitmq 0.4.1 35536bb
 rabbitmq 0.4.2 00b2834e
-rabbitmq 0.4.3 HEAD
+rabbitmq 0.4.3 d8a92aa3
+rabbitmq 0.4.4 HEAD
 redis 0.1.1 f642698
 redis 0.2.0 5ca8823
 redis 0.3.0 c07c4bbd
@@ -99,7 +109,12 @@ tenant 1.6.2 ccedc5fe
 tenant 1.6.3 2057bb96
 tenant 1.6.4 3c9e50a4
 tenant 1.6.5 f1e11451
-tenant 1.6.6 HEAD
+tenant 1.6.6 d4634797
+tenant 1.6.7 06afcf27
+tenant 1.6.8 4cc48e6f
+tenant 1.7.0 6c73e3f3
+tenant 1.8.0 e2369ba
+tenant 1.9.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
 virtual-machine 0.2.0 5ca8823
@@ -107,12 +122,20 @@ virtual-machine 0.3.0 b908400
 virtual-machine 0.4.0 4746d51
 virtual-machine 0.5.0 cad9cde
 virtual-machine 0.6.0 0e728870
-virtual-machine 0.7.0 HEAD
+virtual-machine 0.6.1 af58018a
+virtual-machine 0.7.0 af58018a
+virtual-machine 0.7.1 05857b95
+virtual-machine 0.8.0 3fa4dd3
+virtual-machine 0.8.1 3fa4dd3a
+virtual-machine 0.8.2 HEAD
 vm-disk 0.1.0 HEAD
 vm-instance 0.1.0 ced8e5b9
 vm-instance 0.2.0 4f767ee3
 vm-instance 0.3.0 0e728870
-vm-instance 0.4.0 HEAD
+vm-instance 0.4.0 af58018a
+vm-instance 0.4.1 05857b95
+vm-instance 0.5.0 3fa4dd3
+vm-instance 0.5.1 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
 vpn 0.3.0 a2bcf100

packages/apps/virtual-machine/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.0
+version: 0.8.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.7.0"
+appVersion: "0.8.2"

packages/apps/virtual-machine/Makefile

@@ -8,3 +8,4 @@ generate:
 	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
 	yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json
+	yq -i -o json '.properties.externalMethod.enum = ["WholeIP", "PortList"]' values.schema.json

packages/apps/virtual-machine/README.md

@@ -39,6 +39,7 @@ virtctl ssh <user>@<vm>
 | Name                      | Description                                                                                                | Value            |
 | ------------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------- |
 | `external`                | Enable external access from outside the cluster                                                            | `false`          |
+| `externalMethod`          | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP`        |
 | `externalPorts`           | Specify ports to forward from outside the cluster                                                          | `[]`             |
 | `running`                 | Determines if the virtual machine should be running                                                        | `true`           |
 | `instanceType`            | Virtual Machine instance type                                                                              | `u1.medium`      |

packages/apps/virtual-machine/templates/service.yaml

@@ -6,16 +6,24 @@ metadata:
   name: {{ include "virtual-machine.fullname" . }}
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
+  {{- if eq .Values.externalMethod "WholeIP" }}
+  annotations:
+    networking.cozystack.io/wholeIP: "true"
+  {{- end }}
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
   allocateLoadBalancerNodePorts: false
   selector:
-    {{- include "virtual-machine.labels" . | nindent 4 }}
+    {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:
+    {{- if eq .Values.externalMethod "WholeIP" }}
+    - port: 65535
+    {{- else }}
     {{- range .Values.externalPorts }}
     - name: port-{{ . }}
       port: {{ . }}
       targetPort: {{ . }}
     {{- end }}
+    {{- end }}
 {{- end }}

packages/apps/virtual-machine/templates/vm-update-hook.yaml

@@ -45,6 +45,7 @@ spec:
     metadata:
       labels:
         app: "{{ $.Release.Name }}-update-hook"
+        policy.cozystack.io/allow-to-apiserver: "true"
     spec:
       serviceAccountName: {{ $.Release.Name }}-update-hook
       restartPolicy: Never

packages/apps/virtual-machine/values.schema.json

@@ -7,6 +7,15 @@
       "description": "Enable external access from outside the cluster",
       "default": false
     },
+    "externalMethod": {
+      "type": "string",
+      "description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
+      "default": "WholeIP",
+      "enum": [
+        "WholeIP",
+        "PortList"
+      ]
+    },
     "externalPorts": {
       "type": "array",
       "description": "Specify ports to forward from outside the cluster",

packages/apps/virtual-machine/values.yaml

@@ -1,8 +1,10 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
+## @param externalMethod specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
 ## @param externalPorts [array] Specify ports to forward from outside the cluster
 external: false
+externalMethod: WholeIP
 externalPorts:
 - 22
 

packages/apps/vm-instance/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.5.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.4.0"
+appVersion: "0.5.1"

packages/apps/vm-instance/Makefile

@@ -8,3 +8,4 @@ generate:
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
 	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
+	yq -i -o json '.properties.externalMethod.enum = ["WholeIP", "PortList"]' values.schema.json

packages/apps/vm-instance/README.md

@@ -36,18 +36,19 @@ virtctl ssh <user>@<vm>
 
 ### Common parameters
 
-| Name               | Description                                                                        | Value            |
-| ------------------ | ---------------------------------------------------------------------------------- | ---------------- |
-| `external`         | Enable external access from outside the cluster                                    | `false`          |
-| `externalPorts`    | Specify ports to forward from outside the cluster                                  | `[]`             |
-| `running`          | Determines if the virtual machine should be running                                | `true`           |
-| `instanceType`     | Virtual Machine instance type                                                      | `u1.medium`      |
-| `instanceProfile`  | Virtual Machine prefferences profile                                               | `ubuntu`         |
-| `disks`            | List of disks to attach                                                            | `[]`             |
-| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                           | `""`             |
-| `resources.memory` | The amount of memory allocated to the virtual machine                              | `""`             |
-| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]`             |
-| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.        | `#cloud-config
+| Name               | Description                                                                                                | Value            |
+| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- |
+| `external`         | Enable external access from outside the cluster                                                            | `false`          |
+| `externalMethod`   | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP`        |
+| `externalPorts`    | Specify ports to forward from outside the cluster                                                          | `[]`             |
+| `running`          | Determines if the virtual machine should be running                                                        | `true`           |
+| `instanceType`     | Virtual Machine instance type                                                                              | `u1.medium`      |
+| `instanceProfile`  | Virtual Machine prefferences profile                                                                       | `ubuntu`         |
+| `disks`            | List of disks to attach                                                                                    | `[]`             |
+| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                                   | `""`             |
+| `resources.memory` | The amount of memory allocated to the virtual machine                                                      | `""`             |
+| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`             |
+| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.                                | `#cloud-config
 ` |
 
 ## U Series

packages/apps/vm-instance/templates/service.yaml

@@ -6,16 +6,24 @@ metadata:
   name: {{ include "virtual-machine.fullname" . }}
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
+  {{- if eq .Values.externalMethod "WholeIP" }}
+  annotations:
+    networking.cozystack.io/wholeIP: "true"
+  {{- end }}
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
   allocateLoadBalancerNodePorts: false
   selector:
-    {{- include "virtual-machine.labels" . | nindent 4 }}
+    {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
   ports:
+    {{- if eq .Values.externalMethod "WholeIP" }}
+    - port: 65535
+    {{- else }}
     {{- range .Values.externalPorts }}
     - name: port-{{ . }}
       port: {{ . }}
       targetPort: {{ . }}
     {{- end }}
+    {{- end }}
 {{- end }}

packages/apps/vm-instance/templates/vm-update-hook.yaml

@@ -35,6 +35,7 @@ spec:
     metadata:
       labels:
         app: "{{ $.Release.Name }}-update-hook"
+        policy.cozystack.io/allow-to-apiserver: "true"
     spec:
       serviceAccountName: {{ $.Release.Name }}-update-hook
       restartPolicy: Never

packages/apps/vm-instance/templates/vm.yaml

@@ -12,7 +12,7 @@ metadata:
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
 spec:
-  running: {{ .Values.running | default "true" }}
+  running: {{ .Values.running }}
   {{- with .Values.instanceType }}
   instancetype:
     kind: VirtualMachineClusterInstancetype

packages/apps/vm-instance/values.schema.json

@@ -7,6 +7,15 @@
       "description": "Enable external access from outside the cluster",
       "default": false
     },
+    "externalMethod": {
+      "type": "string",
+      "description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
+      "default": "WholeIP",
+      "enum": [
+        "WholeIP",
+        "PortList"
+      ]
+    },
     "externalPorts": {
       "type": "array",
       "description": "Specify ports to forward from outside the cluster",

packages/apps/vm-instance/values.yaml

@@ -1,8 +1,10 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
+## @param externalMethod specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
 ## @param externalPorts [array] Specify ports to forward from outside the cluster
 external: false
+externalMethod: WholeIP
 externalPorts:
 - 22
 

packages/core/builder/values.yaml

@@ -1,3 +1,3 @@
 talos:
   imager:
-    image: ghcr.io/siderolabs/imager:v1.9.2
+    image: ghcr.io/siderolabs/imager:v1.9.3

packages/core/installer/Makefile

@@ -28,22 +28,23 @@ image-cozystack: run-builder
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
-		--tag $(REGISTRY)/cozystack:$(call settag,$(TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/cozystack:latest \
-		--platform linux/amd64,linux/arm64 \
+		--tag $(REGISTRY)/installer:$(call settag,$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/installer:latest \
+		--platform linux/amd64 \
 		--cache-to type=inline \
-		--metadata-file images/cozystack.json \
+		--metadata-file images/installer.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
-	IMAGE="$(REGISTRY)/cozystack:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/cozystack.json -o json -r)" \
+	IMAGE="$(REGISTRY)/installer:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/installer.json -o json -r)" \
 		yq -i '.cozystack.image = strenv(IMAGE)' values.yaml
-	rm -f images/cozystack.json
+	rm -f images/installer.json
 
 image-talos: run-builder
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
 	skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
 
-image-matchbox:  run-builder
+image-matchbox: run-builder
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
 	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
@@ -54,7 +55,10 @@ image-matchbox:  run-builder
 		--cache-to type=inline \
 		--metadata-file images/matchbox.json \
 		--push=$(PUSH) \
+		--label "org.opencontainers.image.source=https://github.com/cozystack/cozystack" \
 		--load=$(LOAD)
+	echo "$(REGISTRY)/matchbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/matchbox.json -o json -r)" \
+		> ../../extra/bootbox/images/matchbox.tag
 	rm -f images/matchbox.json
 
 assets: talos-iso talos-nocloud talos-metal

packages/core/installer/images/cozystack/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.19 as k8s-await-election-builder
+FROM golang:alpine3.21 as k8s-await-election-builder
 
 ARG K8S_AWAIT_ELECTION_GITREPO=https://github.com/LINBIT/k8s-await-election
 ARG K8S_AWAIT_ELECTION_VERSION=0.4.1
@@ -13,7 +13,7 @@ RUN git clone ${K8S_AWAIT_ELECTION_GITREPO} /usr/local/go/k8s-await-election/ \
  && make \
  && mv ./out/k8s-await-election-${TARGETARCH} /k8s-await-election
 
-FROM alpine:3.19 AS builder
+FROM golang:alpine3.21 as builder
 
 RUN apk add --no-cache make git
 RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
@@ -21,12 +21,14 @@ RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/communi
 COPY . /src/
 WORKDIR /src
 
+RUN go build -o /cozystack-assets-server -ldflags '-extldflags "-static" -w -s' ./cmd/cozystack-assets-server
+
 # Check that versions_map is not changed
 RUN make repos
 
-FROM alpine:3.19
+FROM alpine:3.21
 
-RUN apk add --no-cache make darkhttpd
+RUN apk add --no-cache make
 RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
 
 COPY scripts /cozystack/scripts
@@ -34,6 +36,7 @@ COPY --from=builder /src/packages/core /cozystack/packages/core
 COPY --from=builder /src/packages/system /cozystack/packages/system
 COPY --from=builder /src/_out/repos /cozystack/assets/repos
 COPY --from=builder /src/_out/logos /cozystack/assets/logos
+COPY --from=builder /cozystack-assets-server /usr/bin/cozystack-assets-server
 COPY --from=k8s-await-election-builder /k8s-await-election /usr/bin/k8s-await-election
 COPY dashboards /cozystack/assets/dashboards
 

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.9.3
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.9.3
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
 output:
   kind: initramfs
   imageOptions: {}

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.9.3
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.9.3
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
 output:
   kind: installer
   imageOptions: {}

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.9.3
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.9.3
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
 output:
   kind: iso
   imageOptions: {}

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.9.3
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.9.3
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
 output:
   kind: kernel
   imageOptions: {}

packages/core/installer/images/talos/profiles/metal.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.2
+version: v1.9.3
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.9.3
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.9.2
+version: v1.9.3
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.2
+    imageRef: ghcr.io/siderolabs/installer:v1.9.3
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/templates/cozystack.yaml

@@ -4,6 +4,7 @@ kind: Namespace
 metadata:
   name: cozy-system
   labels:
+    cozystack.io/system: "true"
     pod-security.kubernetes.io/enforce: privileged
 ---
 apiVersion: v1
@@ -67,13 +68,12 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-      - name: darkhttpd
+      - name: assets
         image: "{{ .Values.cozystack.image }}"
         command:
-        - /usr/bin/darkhttpd
-        - /cozystack/assets
-        - --port
-        - "8123"
+        - /usr/bin/cozystack-assets-server
+        - "-dir=/cozystack/assets"
+        - "-address=:8123"
         ports:
         - name: http
           containerPort: 8123

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.23.1@sha256:dfa803a3e02ec9ea221029d361aa9d7aef0b5eb0a36d66c949b265d4ac4fc114
+  image: ghcr.io/cozystack/cozystack/installer:v0.28.2@sha256:f13bad3220695e206ed5142228f37bd3afa49db2913a1fd52ab91f809c3a017b

packages/core/platform/bundles/distro-full.yaml

@@ -31,6 +31,13 @@ releases:
       autoDirectNodeRoutes: true
       routingMode: native
 
+- name: cozy-proxy
+  releaseName: cozystack
+  chart: cozy-cozy-proxy
+  namespace: cozy-system
+  optional: true
+  dependsOn: [cilium]
+
 - name: cert-manager-crds
   releaseName: cert-manager-crds
   chart: cozy-cert-manager-crds
@@ -75,6 +82,10 @@ releases:
   privileged: true
   optional: true
   dependsOn: [cilium,victoria-metrics-operator]
+  values:
+    scrapeRules:
+      etcd:
+        enabled: true
 
 - name: metallb
   releaseName: metallb
@@ -163,7 +174,7 @@ releases:
   chart: cozy-linstor
   namespace: cozy-linstor
   privileged: true
-  dependsOn: [piraeus-operator,cilium,cert-manager]
+  dependsOn: [piraeus-operator,cilium,cert-manager,snapshot-controller]
 
 - name: telepresence
   releaseName: traffic-manager
@@ -199,3 +210,11 @@ releases:
   namespace: cozy-keycloak
   optional: true
   dependsOn: [keycloak]
+
+- name: bootbox
+  releaseName: bootbox
+  chart: cozy-bootbox
+  namespace: cozy-bootbox
+  privileged: true
+  optional: true
+  dependsOn: [cilium]

packages/core/platform/bundles/distro-hosted.yaml

@@ -58,6 +58,10 @@ releases:
   privileged: true
   optional: true
   dependsOn: [victoria-metrics-operator]
+  values:
+    scrapeRules:
+      etcd:
+        enabled: true
 
 - name: etcd-operator
   releaseName: etcd-operator