Introduce tinkerbell essentials

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Makefile

@@ -6,7 +6,6 @@ build:
 	make -C packages/apps/mysql image
 	make -C packages/apps/clickhouse image
 	make -C packages/apps/kubernetes image
-	make -C packages/extra/monitoring image
 	make -C packages/system/cozystack-api image
 	make -C packages/system/cozystack-controller image
 	make -C packages/system/cilium image
@@ -36,7 +35,6 @@ assets:
 	make -C packages/core/installer/ assets
 
 test:
-	test -f _out/assets/nocloud-amd64.raw.xz || make -C packages/core/installer talos-nocloud
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
 	make -C packages/core/testing test-applications

cmd/cozystack-assets-server/main.go

@@ -1,29 +0,0 @@
-package main
-
-import (
-	"flag"
-	"log"
-	"net/http"
-	"path/filepath"
-)
-
-func main() {
-	addr := flag.String("address", ":8123", "Address to listen on")
-	dir := flag.String("dir", "/cozystack/assets", "Directory to serve files from")
-	flag.Parse()
-
-	absDir, err := filepath.Abs(*dir)
-	if err != nil {
-		log.Fatalf("Error getting absolute path for %s: %v", *dir, err)
-	}
-
-	fs := http.FileServer(http.Dir(absDir))
-	http.Handle("/", fs)
-
-	log.Printf("Server starting on %s, serving directory %s", *addr, absDir)
-
-	err = http.ListenAndServe(*addr, nil)
-	if err != nil {
-		log.Fatalf("Server failed to start: %v", err)
-	}
-}

hack/download-dashboards.sh

@@ -21,7 +21,7 @@ fix_d8() {
 }
 
 swap_pvc_overview() {
- jq '(.panels[] | select(.title=="PVC Detailed") | .panels[] | select(.title=="Overview")) as $a | del(.panels[] | select(.title=="PVC Detailed").panels[] | select(.title=="Overview")) | ( (.panels[] | select(.title=="PVC Detailed"))) as $b | del( .panels[] | select(.title=="PVC Detailed")) | (.panels[.panels|length]=($a|.gridPos.y=$b.gridPos.y)) | (.panels[.panels|length]=($b|.gridPos.y=$a.gridPos.y))'
+ jq '(.panels[] | select(.title=="PVC Detailed") | .panels[] | select(.title=="Overview")) as $a | del(.panels[] | select(.title=="PVC Detailed").panels[] | select(.title=="Overview")) | ( (.panels[] | select(.title=="PVC Detailed"))) as $b | del( .panels[] | select(.title=="PVC Detailed")) | (.panels[.panels|length]=($a|.gridPos.y=$b.gridPos.y)) | (.panels[.panels|length]=($b|.gridPos.y=$a.gridPos.y))' 
 }
 
 deprectaed_remove_faq() {
@@ -68,7 +68,7 @@ modules/402-ingress-nginx/monitoring/grafana-dashboards/ingress-nginx/namespace/
 modules/402-ingress-nginx/monitoring/grafana-dashboards/ingress-nginx/vhost/vhost_detail.json
 modules/402-ingress-nginx/monitoring/grafana-dashboards/ingress-nginx/vhost/vhosts.json
 modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/control-plane-status.json
-modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/kube-etcd.json                #TODO
+modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/kube-etcd3.json                #TODO
 modules/340-monitoring-kubernetes-control-plane/monitoring/grafana-dashboards/kubernetes-cluster/deprecated-resources.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kubernetes-cluster/nodes/ntp.json                              #TODO
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kubernetes-cluster/nodes/nodes.json
@@ -78,9 +78,6 @@ modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/pod.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/namespace/namespaces.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/namespace/namespace.json
 modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//main/capacity-planning/capacity-planning.json
-modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-control-plane.json
-modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//flux/flux-stats.json
-modules/340-monitoring-kubernetes/monitoring/grafana-dashboards//kafka/strimzi-kafka.json
 EOT
 
 
@@ -112,3 +109,4 @@ done <<\EOT
 	https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json
 	https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json
 EOT
+

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.25.1"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -86,12 +86,13 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-      - name: assets
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.25.1"
+      - name: darkhttpd
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
         command:
-        - /usr/bin/cozystack-assets-server
-        - "-dir=/cozystack/assets"
-        - "-address=:8123"
+        - /usr/bin/darkhttpd
+        - /cozystack/assets
+        - --port
+        - "8123"
         ports:
         - name: http
           containerPort: 8123

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:4c79017b6663f894812d8c3d4f9e03ef44e4d4032ad8bb91945c92c7cce6a0b0
+ghcr.io/aenix-io/cozystack/nginx-cache:0.3.1@sha256:a3c25199acb8e8426e6952658ccc4acaadb50fe2cfa6359743b64e5166b3fc70

packages/apps/kafka/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.2
+version: 0.3.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kafka/templates/kafka.yaml

@@ -57,12 +57,6 @@ spec:
         class: {{ . }}
         {{- end }}
         deleteClaim: true
-    metricsConfig:
-      type: jmxPrometheusExporter
-      valueFrom:
-        configMapKeyRef:
-          name: {{ .Release.Name }}-metrics
-          key: kafka-metrics-config.yml
   zookeeper:
     replicas: {{ .Values.zookeeper.replicas }}
     storage:
@@ -74,12 +68,6 @@ spec:
       class: {{ . }}
       {{- end }}
       deleteClaim: false
-    metricsConfig:
-      type: jmxPrometheusExporter
-      valueFrom:
-        configMapKeyRef:
-          name: {{ .Release.Name }}-metrics
-          key: kafka-metrics-config.yml
   entityOperator:
     topicOperator: {}
     userOperator: {}

packages/apps/kafka/templates/metrics-configmap.yaml

@@ -1,198 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: {{ .Release.Name }}-metrics
-data:
-  kafka-metrics-config.yml: |
-    # See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics
-    lowercaseOutputName: true
-    rules:
-    # Special cases and very specific rules
-    - pattern: kafka.server<type=(.+), name=(.+), clientId=(.+), topic=(.+), partition=(.*)><>Value
-      name: kafka_server_$1_$2
-      type: GAUGE
-      labels:
-        clientId: "$3"
-        topic: "$4"
-        partition: "$5"
-    - pattern: kafka.server<type=(.+), name=(.+), clientId=(.+), brokerHost=(.+), brokerPort=(.+)><>Value
-      name: kafka_server_$1_$2
-      type: GAUGE
-      labels:
-        clientId: "$3"
-        broker: "$4:$5"
-    - pattern: kafka.server<type=(.+), cipher=(.+), protocol=(.+), listener=(.+), networkProcessor=(.+)><>connections
-      name: kafka_server_$1_connections_tls_info
-      type: GAUGE
-      labels:
-        cipher: "$2"
-        protocol: "$3"
-        listener: "$4"
-        networkProcessor: "$5"
-    - pattern: kafka.server<type=(.+), clientSoftwareName=(.+), clientSoftwareVersion=(.+), listener=(.+), networkProcessor=(.+)><>connections
-      name: kafka_server_$1_connections_software
-      type: GAUGE
-      labels:
-        clientSoftwareName: "$2"
-        clientSoftwareVersion: "$3"
-        listener: "$4"
-        networkProcessor: "$5"
-    - pattern: "kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+-total):"
-      name: kafka_server_$1_$4
-      type: COUNTER
-      labels:
-        listener: "$2"
-        networkProcessor: "$3"
-    - pattern: "kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+):"
-      name: kafka_server_$1_$4
-      type: GAUGE
-      labels:
-        listener: "$2"
-        networkProcessor: "$3"
-    - pattern: kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+-total)
-      name: kafka_server_$1_$4
-      type: COUNTER
-      labels:
-        listener: "$2"
-        networkProcessor: "$3"
-    - pattern: kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+)
-      name: kafka_server_$1_$4
-      type: GAUGE
-      labels:
-        listener: "$2"
-        networkProcessor: "$3"
-    # Some percent metrics use MeanRate attribute
-    # Ex) kafka.server<type=(KafkaRequestHandlerPool), name=(RequestHandlerAvgIdlePercent)><>MeanRate
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*><>MeanRate
-      name: kafka_$1_$2_$3_percent
-      type: GAUGE
-    # Generic gauges for percents
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*><>Value
-      name: kafka_$1_$2_$3_percent
-      type: GAUGE
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*, (.+)=(.+)><>Value
-      name: kafka_$1_$2_$3_percent
-      type: GAUGE
-      labels:
-        "$4": "$5"
-    # Generic per-second counters with 0-2 key/value pairs
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*, (.+)=(.+), (.+)=(.+)><>Count
-      name: kafka_$1_$2_$3_total
-      type: COUNTER
-      labels:
-        "$4": "$5"
-        "$6": "$7"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*, (.+)=(.+)><>Count
-      name: kafka_$1_$2_$3_total
-      type: COUNTER
-      labels:
-        "$4": "$5"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*><>Count
-      name: kafka_$1_$2_$3_total
-      type: COUNTER
-    # Generic gauges with 0-2 key/value pairs
-    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+), (.+)=(.+)><>Value
-      name: kafka_$1_$2_$3
-      type: GAUGE
-      labels:
-        "$4": "$5"
-        "$6": "$7"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+)><>Value
-      name: kafka_$1_$2_$3
-      type: GAUGE
-      labels:
-        "$4": "$5"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)><>Value
-      name: kafka_$1_$2_$3
-      type: GAUGE
-    # Emulate Prometheus 'Summary' metrics for the exported 'Histogram's.
-    # Note that these are missing the '_sum' metric!
-    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+), (.+)=(.+)><>Count
-      name: kafka_$1_$2_$3_count
-      type: COUNTER
-      labels:
-        "$4": "$5"
-        "$6": "$7"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.*), (.+)=(.+)><>(\d+)thPercentile
-      name: kafka_$1_$2_$3
-      type: GAUGE
-      labels:
-        "$4": "$5"
-        "$6": "$7"
-        quantile: "0.$8"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+)><>Count
-      name: kafka_$1_$2_$3_count
-      type: COUNTER
-      labels:
-        "$4": "$5"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.*)><>(\d+)thPercentile
-      name: kafka_$1_$2_$3
-      type: GAUGE
-      labels:
-        "$4": "$5"
-        quantile: "0.$6"
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)><>Count
-      name: kafka_$1_$2_$3_count
-      type: COUNTER
-    - pattern: kafka.(\w+)<type=(.+), name=(.+)><>(\d+)thPercentile
-      name: kafka_$1_$2_$3
-      type: GAUGE
-      labels:
-        quantile: "0.$4"
-    # KRaft overall related metrics
-    # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics
-    - pattern: "kafka.server<type=raft-metrics><>(.+-total|.+-max):"
-      name: kafka_server_raftmetrics_$1
-      type: COUNTER
-    - pattern: "kafka.server<type=raft-metrics><>(current-state): (.+)"
-      name: kafka_server_raftmetrics_$1
-      value: 1
-      type: UNTYPED
-      labels:
-        $1: "$2"
-    - pattern: "kafka.server<type=raft-metrics><>(.+):"
-      name: kafka_server_raftmetrics_$1
-      type: GAUGE
-    # KRaft "low level" channels related metrics
-    # distinguish between always increasing COUNTER (total and max) and variable GAUGE (all others) metrics
-    - pattern: "kafka.server<type=raft-channel-metrics><>(.+-total|.+-max):"
-      name: kafka_server_raftchannelmetrics_$1
-      type: COUNTER
-    - pattern: "kafka.server<type=raft-channel-metrics><>(.+):"
-      name: kafka_server_raftchannelmetrics_$1
-      type: GAUGE
-    # Broker metrics related to fetching metadata topic records in KRaft mode
-    - pattern: "kafka.server<type=broker-metadata-metrics><>(.+):"
-      name: kafka_server_brokermetadatametrics_$1
-      type: GAUGE
-  zookeeper-metrics-config.yml: |
-    # See https://github.com/prometheus/jmx_exporter for more info about JMX Prometheus Exporter metrics
-    lowercaseOutputName: true
-    rules:
-    # replicated Zookeeper
-    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
-      name: "zookeeper_$2"
-      type: GAUGE
-    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
-      name: "zookeeper_$3"
-      type: GAUGE
-      labels:
-        replicaId: "$2"
-    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(Packets\\w+)"
-      name: "zookeeper_$4"
-      type: COUNTER
-      labels:
-        replicaId: "$2"
-        memberType: "$3"
-    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
-      name: "zookeeper_$4"
-      type: GAUGE
-      labels:
-        replicaId: "$2"
-        memberType: "$3"
-    - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
-      name: "zookeeper_$4_$5"
-      type: GAUGE
-      labels:
-        replicaId: "$2"
-        memberType: "$3"

packages/apps/kafka/templates/podscrape.yaml

@@ -1,40 +0,0 @@
-apiVersion: operator.victoriametrics.com/v1beta1
-kind: VMPodScrape
-metadata:
-  name: {{ .Release.Name }}
-spec:
-  podMetricsEndpoints:
-    - port: tcp-prometheus
-      scheme: http
-      relabelConfigs:
-      - separator: ;
-        regex: __meta_kubernetes_pod_label_(strimzi_io_.+)
-        replacement: $1
-        action: labelmap
-      - sourceLabels: [__meta_kubernetes_namespace]
-        separator: ;
-        regex: (.*)
-        targetLabel: namespace
-        replacement: $1
-        action: replace
-      - sourceLabels: [__meta_kubernetes_pod_name]
-        separator: ;
-        regex: (.*)
-        targetLabel: pod
-        replacement: $1
-        action: replace
-      - sourceLabels: [__meta_kubernetes_pod_node_name]
-        separator: ;
-        regex: (.*)
-        targetLabel: node
-        replacement: $1
-        action: replace
-      - sourceLabels: [__meta_kubernetes_pod_host_ip]
-        separator: ;
-        regex: (.*)
-        targetLabel: node_ip
-        replacement: $1
-        action: replace
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: {{ .Release.Name }}

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:50efa0d1e807c50d10e8fcece332e4eb7de464e98b23db6e3be02a1ef740821f
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:538ee308f16c9e627ed16ee7c4aaa65919c2e6c4c2778f964a06e4797610d1cd

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:461aee26669a15aa8febee5de43e1e5ec72b924ab3fe3fde2a0725ceef08a09b
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:7716c88947d13dc90ccfcc3e60bfdd6e6fa9b201339a75e9c84bf825c76e2b1f

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:7b206eb9c1b44cead6e0e4931c569612fa8034f026d845469ebd2d2ef46b85ab
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:be5e0eef92dada3ace5cddda5c68b30c9fe4682774c5e6e938ed31efba11ebbf

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:c2c26e7a61208415b044d32872c8692bb46e9b62746ce45166d6cb7bd15c597b
+ghcr.io/aenix-io/cozystack/ubuntu-container-disk:v1.30.1@sha256:8392f00a7182294ce6fd417d254f7c2aa09fb9203d829dec70344a8050369430

packages/apps/versions_map

@@ -23,8 +23,7 @@ kafka 0.2.1 3ac17018
 kafka 0.2.2 d0758692
 kafka 0.2.3 5ca8823
 kafka 0.3.0 c07c4bbd
-kafka 0.3.1 b7375f73
-kafka 0.3.2 HEAD
+kafka 0.3.1 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 7cd7de73
 kubernetes 0.3.0 7caccec1
@@ -109,18 +108,12 @@ virtual-machine 0.3.0 b908400
 virtual-machine 0.4.0 4746d51
 virtual-machine 0.5.0 cad9cde
 virtual-machine 0.6.0 0e728870
-virtual-machine 0.7.0 af58018a
-virtual-machine 0.7.1 05857b95
-virtual-machine 0.8.0 3fa4dd3a
-virtual-machine 0.8.1 HEAD
+virtual-machine 0.7.0 HEAD
 vm-disk 0.1.0 HEAD
 vm-instance 0.1.0 ced8e5b9
 vm-instance 0.2.0 4f767ee3
 vm-instance 0.3.0 0e728870
-vm-instance 0.4.0 af58018a
-vm-instance 0.4.1 05857b95
-vm-instance 0.5.0 3fa4dd3a
-vm-instance 0.5.1 HEAD
+vm-instance 0.4.0 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
 vpn 0.3.0 a2bcf100

packages/apps/virtual-machine/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.1
+version: 0.7.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.8.1"
+appVersion: "0.7.0"

packages/apps/virtual-machine/Makefile

@@ -8,4 +8,3 @@ generate:
 	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
 	yq -i -o json '.properties.systemDisk.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' values.schema.json
-	yq -i -o json '.properties.externalMethod.enum = ["wholeIP", "PortList"]' values.schema.json

packages/apps/virtual-machine/README.md

@@ -39,7 +39,6 @@ virtctl ssh <user>@<vm>
 | Name                      | Description                                                                                                | Value            |
 | ------------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------- |
 | `external`                | Enable external access from outside the cluster                                                            | `false`          |
-| `externalMethod`          | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP`        |
 | `externalPorts`           | Specify ports to forward from outside the cluster                                                          | `[]`             |
 | `running`                 | Determines if the virtual machine should be running                                                        | `true`           |
 | `instanceType`            | Virtual Machine instance type                                                                              | `u1.medium`      |

packages/apps/virtual-machine/templates/service.yaml

@@ -6,24 +6,16 @@ metadata:
   name: {{ include "virtual-machine.fullname" . }}
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
-  {{- if eq .Values.externalMethod "WholeIP" }}
-  annotations:
-    networking.cozystack.io/wholeIP: "true"
-  {{- end }}
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
   allocateLoadBalancerNodePorts: false
   selector:
-    {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
+    {{- include "virtual-machine.labels" . | nindent 4 }}
   ports:
-    {{- if eq .Values.externalMethod "WholeIP" }}
-    - port: 65535
-    {{- else }}
     {{- range .Values.externalPorts }}
     - name: port-{{ . }}
       port: {{ . }}
       targetPort: {{ . }}
     {{- end }}
-    {{- end }}
 {{- end }}

packages/apps/virtual-machine/templates/vm-update-hook.yaml

@@ -45,7 +45,6 @@ spec:
     metadata:
       labels:
         app: "{{ $.Release.Name }}-update-hook"
-        policy.cozystack.io/allow-to-apiserver: "true"
     spec:
       serviceAccountName: {{ $.Release.Name }}-update-hook
       restartPolicy: Never

packages/apps/virtual-machine/values.schema.json

@@ -7,15 +7,6 @@
       "description": "Enable external access from outside the cluster",
       "default": false
     },
-    "externalMethod": {
-      "type": "string",
-      "description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
-      "default": "WholeIP",
-      "enum": [
-        "wholeIP",
-        "PortList"
-      ]
-    },
     "externalPorts": {
       "type": "array",
       "description": "Specify ports to forward from outside the cluster",

packages/apps/virtual-machine/values.yaml

@@ -1,10 +1,8 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
-## @param externalMethod specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
 ## @param externalPorts [array] Specify ports to forward from outside the cluster
 external: false
-externalMethod: WholeIP
 externalPorts:
 - 22
 

packages/apps/vm-instance/Chart.yaml

@@ -17,10 +17,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.5.1"
+appVersion: "0.4.0"

packages/apps/vm-instance/Makefile

@@ -8,4 +8,3 @@ generate:
 	PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \
 	  && yq -i -o json ".properties.instanceProfile.optional=true | .properties.instanceProfile.enum = $${PREFERENCES}" values.schema.json
 	yq -i -o json '.properties.externalPorts.items.type = "integer"' values.schema.json
-	yq -i -o json '.properties.externalMethod.enum = ["WholeIP", "PortList"]' values.schema.json

packages/apps/vm-instance/README.md

@@ -36,19 +36,18 @@ virtctl ssh <user>@<vm>
 
 ### Common parameters
 
-| Name               | Description                                                                                                | Value            |
-| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- |
-| `external`         | Enable external access from outside the cluster                                                            | `false`          |
-| `externalMethod`   | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP`        |
-| `externalPorts`    | Specify ports to forward from outside the cluster                                                          | `[]`             |
-| `running`          | Determines if the virtual machine should be running                                                        | `true`           |
-| `instanceType`     | Virtual Machine instance type                                                                              | `u1.medium`      |
-| `instanceProfile`  | Virtual Machine prefferences profile                                                                       | `ubuntu`         |
-| `disks`            | List of disks to attach                                                                                    | `[]`             |
-| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                                   | `""`             |
-| `resources.memory` | The amount of memory allocated to the virtual machine                                                      | `""`             |
-| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`             |
-| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.                                | `#cloud-config
+| Name               | Description                                                                        | Value            |
+| ------------------ | ---------------------------------------------------------------------------------- | ---------------- |
+| `external`         | Enable external access from outside the cluster                                    | `false`          |
+| `externalPorts`    | Specify ports to forward from outside the cluster                                  | `[]`             |
+| `running`          | Determines if the virtual machine should be running                                | `true`           |
+| `instanceType`     | Virtual Machine instance type                                                      | `u1.medium`      |
+| `instanceProfile`  | Virtual Machine prefferences profile                                               | `ubuntu`         |
+| `disks`            | List of disks to attach                                                            | `[]`             |
+| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                           | `""`             |
+| `resources.memory` | The amount of memory allocated to the virtual machine                              | `""`             |
+| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]`             |
+| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.        | `#cloud-config
 ` |
 
 ## U Series

packages/apps/vm-instance/templates/service.yaml

@@ -6,24 +6,16 @@ metadata:
   name: {{ include "virtual-machine.fullname" . }}
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
-  {{- if eq .Values.externalMethod "WholeIP" }}
-  annotations:
-    networking.cozystack.io/wholeIP: "true"
-  {{- end }}
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
   externalTrafficPolicy: Local
   allocateLoadBalancerNodePorts: false
   selector:
-    {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
+    {{- include "virtual-machine.labels" . | nindent 4 }}
   ports:
-    {{- if eq .Values.externalMethod "WholeIP" }}
-    - port: 65535
-    {{- else }}
     {{- range .Values.externalPorts }}
     - name: port-{{ . }}
       port: {{ . }}
       targetPort: {{ . }}
     {{- end }}
-    {{- end }}
 {{- end }}

packages/apps/vm-instance/templates/vm-update-hook.yaml

@@ -35,7 +35,6 @@ spec:
     metadata:
       labels:
         app: "{{ $.Release.Name }}-update-hook"
-        policy.cozystack.io/allow-to-apiserver: "true"
     spec:
       serviceAccountName: {{ $.Release.Name }}-update-hook
       restartPolicy: Never

packages/apps/vm-instance/templates/vm.yaml

@@ -12,7 +12,7 @@ metadata:
   labels:
     {{- include "virtual-machine.labels" . | nindent 4 }}
 spec:
-  running: {{ .Values.running }}
+  running: {{ .Values.running | default "true" }}
   {{- with .Values.instanceType }}
   instancetype:
     kind: VirtualMachineClusterInstancetype

packages/apps/vm-instance/values.schema.json

@@ -7,15 +7,6 @@
       "description": "Enable external access from outside the cluster",
       "default": false
     },
-    "externalMethod": {
-      "type": "string",
-      "description": "specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
-      "default": "WholeIP",
-      "enum": [
-        "WholeIP",
-        "PortList"
-      ]
-    },
     "externalPorts": {
       "type": "array",
       "description": "Specify ports to forward from outside the cluster",

packages/apps/vm-instance/values.yaml

@@ -1,10 +1,8 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
-## @param externalMethod specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
 ## @param externalPorts [array] Specify ports to forward from outside the cluster
 external: false
-externalMethod: WholeIP
 externalPorts:
 - 22
 

packages/core/builder/values.yaml

@@ -1,3 +1,3 @@
 talos:
   imager:
-    image: ghcr.io/siderolabs/imager:v1.9.3
+    image: ghcr.io/siderolabs/imager:v1.9.2

packages/core/installer/Makefile

@@ -30,7 +30,7 @@ image-cozystack: run-builder
 		--provenance false \
 		--tag $(REGISTRY)/cozystack:$(call settag,$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/cozystack:latest \
-		--platform linux/amd64 \
+		--platform linux/amd64,linux/arm64 \
 		--cache-to type=inline \
 		--metadata-file images/cozystack.json \
 		--push=$(PUSH) \
@@ -43,7 +43,7 @@ image-talos: run-builder
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
 	skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
 
-image-matchbox: run-builder
+image-matchbox:  run-builder
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
 	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
@@ -55,8 +55,6 @@ image-matchbox: run-builder
 		--metadata-file images/matchbox.json \
 		--push=$(PUSH) \
 		--load=$(LOAD)
-	echo "$(REGISTRY)/matchbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/matchbox.json -o json -r)" \
-		> ../../extra/bootbox/images/matchbox.tag
 	rm -f images/matchbox.json
 
 assets: talos-iso talos-nocloud talos-metal

packages/core/installer/images/cozystack/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.21 as k8s-await-election-builder
+FROM golang:alpine3.19 as k8s-await-election-builder
 
 ARG K8S_AWAIT_ELECTION_GITREPO=https://github.com/LINBIT/k8s-await-election
 ARG K8S_AWAIT_ELECTION_VERSION=0.4.1
@@ -13,7 +13,7 @@ RUN git clone ${K8S_AWAIT_ELECTION_GITREPO} /usr/local/go/k8s-await-election/ \
  && make \
  && mv ./out/k8s-await-election-${TARGETARCH} /k8s-await-election
 
-FROM golang:alpine3.21 as builder
+FROM alpine:3.19 AS builder
 
 RUN apk add --no-cache make git
 RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
@@ -21,14 +21,12 @@ RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/communi
 COPY . /src/
 WORKDIR /src
 
-RUN go build -o /cozystack-assets-server -ldflags '-extldflags "-static" -w -s' ./cmd/cozystack-assets-server
-
 # Check that versions_map is not changed
 RUN make repos
 
-FROM alpine:3.21
+FROM alpine:3.19
 
-RUN apk add --no-cache make
+RUN apk add --no-cache make darkhttpd
 RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
 
 COPY scripts /cozystack/scripts
@@ -36,7 +34,6 @@ COPY --from=builder /src/packages/core /cozystack/packages/core
 COPY --from=builder /src/packages/system /cozystack/packages/system
 COPY --from=builder /src/_out/repos /cozystack/assets/repos
 COPY --from=builder /src/_out/logos /cozystack/assets/logos
-COPY --from=builder /cozystack-assets-server /usr/bin/cozystack-assets-server
 COPY --from=k8s-await-election-builder /k8s-await-election /usr/bin/k8s-await-election
 COPY dashboards /cozystack/assets/dashboards
 

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.2
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.2
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
 output:
   kind: initramfs
   imageOptions: {}

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.2
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.2
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
 output:
   kind: installer
   imageOptions: {}

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.2
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.2
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
 output:
   kind: iso
   imageOptions: {}

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.2
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.2
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
 output:
   kind: kernel
   imageOptions: {}

packages/core/installer/images/talos/profiles/metal.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.2
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.2
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.9.3
+version: v1.9.2
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.2
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20241210
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20241210
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20241210
     - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20241210
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.2
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.2
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/templates/cozystack.yaml

@@ -67,12 +67,13 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-      - name: assets
+      - name: darkhttpd
         image: "{{ .Values.cozystack.image }}"
         command:
-        - /usr/bin/cozystack-assets-server
-        - "-dir=/cozystack/assets"
-        - "-address=:8123"
+        - /usr/bin/darkhttpd
+        - /cozystack/assets
+        - --port
+        - "8123"
         ports:
         - name: http
           containerPort: 8123

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.25.1@sha256:bf74a003181ffb10c1a158b6920bb3d9be2cf06ecd41cb6519ad237ba52e9be1
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.23.1@sha256:dfa803a3e02ec9ea221029d361aa9d7aef0b5eb0a36d66c949b265d4ac4fc114

packages/core/platform/bundles/distro-full.yaml

@@ -31,13 +31,6 @@ releases:
       autoDirectNodeRoutes: true
       routingMode: native
 
-- name: cozy-proxy
-  releaseName: cozystack
-  chart: cozy-cozy-proxy
-  namespace: cozy-system
-  optional: true
-  dependsOn: [cilium]
-
 - name: cert-manager-crds
   releaseName: cert-manager-crds
   chart: cozy-cert-manager-crds
@@ -82,10 +75,6 @@ releases:
   privileged: true
   optional: true
   dependsOn: [cilium,victoria-metrics-operator]
-  values:
-    scrapeRules:
-      etcd:
-        enabled: true
 
 - name: metallb
   releaseName: metallb
@@ -211,10 +200,9 @@ releases:
   optional: true
   dependsOn: [keycloak]
 
-- name: bootbox
-  releaseName: bootbox
-  chart: cozy-bootbox
-  namespace: cozy-bootbox
-  privileged: true
+- name: tinkerbell
+  releaseName: tinkerbell
+  chart: cozy-tinkerbell
+  namespace: cozy-tinkerbell
   optional: true
-  dependsOn: [cilium]
+  dependsOn: [cilium,kubeovn]

packages/core/platform/bundles/distro-hosted.yaml

@@ -58,10 +58,6 @@ releases:
   privileged: true
   optional: true
   dependsOn: [victoria-metrics-operator]
-  values:
-    scrapeRules:
-      etcd:
-        enabled: true
 
 - name: etcd-operator
   releaseName: etcd-operator

packages/core/platform/bundles/paas-full.yaml

@@ -50,12 +50,6 @@ releases:
         SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}"
         JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}"
 
-- name: cozy-proxy
-  releaseName: cozystack
-  chart: cozy-cozy-proxy
-  namespace: cozy-system
-  dependsOn: [cilium,kubeovn]
-
 - name: cert-manager-crds
   releaseName: cert-manager-crds
   chart: cozy-cert-manager-crds
@@ -103,10 +97,6 @@ releases:
   namespace: cozy-monitoring
   privileged: true
   dependsOn: [cilium,kubeovn,victoria-metrics-operator]
-  values:
-    scrapeRules:
-      etcd:
-        enabled: true
 
 - name: kubevirt-operator
   releaseName: kubevirt-operator
@@ -291,11 +281,10 @@ releases:
   optional: true
   dependsOn: [cilium,kubeovn]
 
-- name: bootbox
-  releaseName: bootbox
-  chart: cozy-bootbox
-  namespace: cozy-bootbox
-  privileged: true
+- name: tinkerbell
+  releaseName: tinkerbell
+  chart: cozy-tinkerbell
+  namespace: cozy-tinkerbell
   optional: true
   dependsOn: [cilium,kubeovn]
 

packages/core/platform/bundles/paas-hosted.yaml

@@ -70,10 +70,6 @@ releases:
   namespace: cozy-monitoring
   privileged: true
   dependsOn: [victoria-metrics-operator]
-  values:
-    scrapeRules:
-      etcd:
-        enabled: true
 
 - name: etcd-operator
   releaseName: etcd-operator

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.25.1@sha256:eef99408647d4a427f971eed8a2ccd0ebc7f99b3c99f3f911bc87ffe34500661
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.23.1@sha256:0f4ffa7f23d6cdc633c0c4a0b852fde9710edbce96486fd9bd29c7d0d7710380

packages/extra/bootbox/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: bootbox
-description: PXE hardware provisioning
-icon: /logos/bootbox.svg
-type: application
-version: 0.1.0

packages/extra/bootbox/Makefile

@@ -1,11 +0,0 @@
-NAME=bootbox
-NAMESPACE=tenant-root
-
-include ../../../scripts/package.mk
-
-generate:
-	readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
-	cat values.schema.json.tmp | \
-		jq '.properties.machines.items.type = "object"' \
-		> values.schema.json
-	rm -f values.schema.json.tmp

packages/extra/bootbox/README.md

@@ -1,11 +0,0 @@
-# BootBox
-
-## Parameters
-
-### Common parameters
-
-| Name            | Description                                           | Value  |
-| --------------- | ----------------------------------------------------- | ------ |
-| `whitelistHTTP` | Secure HTTP by enabling  client networks whitelisting | `true` |
-| `whitelist`     | List of client networks                               | `[]`   |
-| `machines`      | Configuration of physical machine instances           | `[]`   |

packages/extra/bootbox/hack/test.sh

@@ -1,18 +0,0 @@
-apk add iptables iproute2 qemu-system-x86_64 qemu-img
-
-iptables -t nat -D POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE 2>/dev/null || true
-iptables -t nat -A POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE
-
-ip link del tap0 2>/dev/null || true
-ip tuntap add dev tap0 mode tap
-ip link set tap0 up
-ip addr add 10.8.2.1/24 dev tap0
-
-
-rm -f data.img
-qemu-img create data.img 100G
-
-qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \
-  -device virtio-net,netdev=net0,mac=d6:fa:af:52:25:93 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
-  -drive file=data.img,if=virtio,format=raw \
-  -nographic

packages/extra/bootbox/images/matchbox.tag

@@ -1 +0,0 @@
-ghcr.io/aenix-io/cozystack/matchbox:v0.25.1@sha256:a6febea70f863ad834695f729d9befde7d970a36c605f1902a4d79e40dfbbe72

packages/extra/bootbox/logos/bootbox.svg

@@ -1,91 +0,0 @@
-<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
-<rect width="144" height="144" rx="24" fill="url(#paint0_linear_979_792)"/>
-<path d="M71.5698 76.5336C71.2374 76.5336 70.9036 76.4847 70.5829 76.3892L36.2079 66.0767C34.3885 65.5311 33.3562 63.6144 33.9017 61.7966C34.4489 59.9755 36.3657 58.9483 38.1817 59.4904L71.5698 69.5076L104.958 59.4904C106.776 58.96 108.691 59.9772 109.238 61.7966C109.783 63.6144 108.751 65.5311 106.932 66.0767L72.5567 76.3892C72.236 76.4847 71.9022 76.5336 71.5698 76.5336Z" fill="#231F20"/>
-<path d="M74.973 53.0214C74.7668 54.3276 73.8043 55.3933 72.5668 55.7714L38.1918 66.0839C37.848 66.187 37.5387 66.2214 37.1949 66.2214C36.3699 66.2214 35.5793 65.912 34.9262 65.362L21.1762 53.3308C20.248 52.5401 19.8355 51.2683 20.0762 50.0651C20.3168 48.862 21.1762 47.8651 22.3449 47.487L53.2824 37.1745C54.3137 36.8308 55.448 37.0026 56.3418 37.6214L73.5293 49.6526C74.6293 50.4089 75.1793 51.7151 74.973 53.0214Z" fill="#FFDC83"/>
-<path d="M121.964 53.3308L108.214 65.362C107.56 65.912 106.77 66.2214 105.945 66.2214C105.601 66.2214 105.292 66.187 104.948 66.0839L70.573 55.7714C69.3355 55.3933 68.373 54.3276 68.1667 53.0214C67.9605 51.7151 68.5105 50.4089 69.6105 49.6526L86.798 37.6214C87.6917 37.0026 88.8261 36.8308 89.8574 37.1745L120.795 47.487C121.964 47.8651 122.823 48.862 123.064 50.0651C123.304 51.2683 122.892 52.5401 121.964 53.3308Z" fill="#FFDC83"/>
-<path d="M109.382 63.6426V107.471C109.382 108.88 108.522 110.152 107.216 110.668L72.8412 124.418C72.4287 124.589 72.0162 124.658 71.5693 124.658C71.1225 124.658 70.71 124.589 70.2975 124.418L35.9225 110.668C34.6162 110.152 33.7568 108.88 33.7568 107.471V63.6426C33.7568 61.752 35.3037 60.2051 37.1943 60.2051H105.944C107.835 60.2051 109.382 61.752 109.382 63.6426Z" fill="#EABD4C"/>
-<path d="M107.999 61.4958C107.999 62.9812 107.037 64.2979 105.643 64.7368L72.4613 74.865C72.1295 74.9662 71.8308 75 71.499 75C71.1672 75 70.8686 74.9662 70.5368 74.865L37.3549 64.7368C35.9613 64.2979 34.999 62.9812 34.999 61.4958C34.999 60.0103 35.9613 58.6937 37.3549 58.2548L70.5368 48.1266C71.1672 47.9578 71.8308 47.9578 72.4613 48.1266L105.643 58.2548C107.037 58.6937 107.999 60.0103 107.999 61.4958Z" fill="#4C3825"/>
-<path d="M74.5118 77C75.35 77 76.1794 76.9628 77 76.9133V21.0867C76.1765 21.0347 75.3471 21 74.5059 21C73.6647 21 72.8294 21.0347 72 21.0867V76.9108C72.8265 76.9628 73.6588 76.9975 74.5 77H74.5118Z" fill="url(#paint1_linear_979_792)"/>
-<path d="M44.0282 38.1129L43.2078 37.2959C42.0773 38.9121 41.0746 40.614 40.2088 42.3861C50.1001 52.4354 51.1424 57.2835 51.1289 58.9074C51.0919 63.026 46.0522 69.4845 40.1416 75.4657C40.9996 77.2375 41.9933 78.9405 43.1137 80.5592C43.4499 80.223 43.7693 79.9137 44.0954 79.5842C52.625 70.9975 56.794 64.2498 56.8445 58.9477C56.8949 53.6457 52.7024 46.8879 44.0282 38.1129Z" fill="url(#paint2_linear_979_792)"/>
-<path d="M104.695 79.5975L105.676 80.5725C106.795 78.9492 107.787 77.2417 108.642 75.4655C102.735 69.4709 97.6948 62.9955 97.6545 58.8937C97.6175 54.8928 102.627 48.4208 108.568 42.359C107.703 40.5917 106.703 38.8944 105.576 37.2822L104.755 38.0992C96.081 46.8575 91.8885 53.6791 91.9389 58.9442C91.9894 64.2092 96.1583 71.0107 104.695 79.5975Z" fill="url(#paint3_linear_979_792)"/>
-<path d="M87.4396 58.9344C87.4396 51.5378 90.7378 39.2393 95.8179 27.6165C94.1979 26.5139 92.495 25.5382 90.7244 24.6982C85.1635 37.2287 81.7207 50.5561 81.7207 58.9478C81.7207 67.0673 85.4493 80.5425 91.111 93.1403C92.8468 92.2859 94.5147 91.3002 96.1004 90.1917C90.8589 78.4009 87.4396 66.0755 87.4396 58.9344Z" fill="url(#paint4_linear_979_792)"/>
-<path d="M67.0384 58.9353C67.0384 50.4998 63.4578 37.0985 57.9608 24.7227C56.2158 25.5613 54.5377 26.5325 52.9412 27.6275C58.0314 39.2435 61.3228 51.5454 61.3228 58.9353C61.3228 66.073 57.9036 78.395 52.6621 90.1724C54.2482 91.2802 55.9161 92.2658 57.6514 93.121C63.3199 80.5266 67.0384 67.0614 67.0384 58.9353Z" fill="url(#paint5_linear_979_792)"/>
-<path d="M74.4229 74.987L60.6729 95.612C60.0197 96.6089 58.9541 97.1589 57.8197 97.1589C57.4072 97.1589 56.9604 97.0901 56.5479 96.9183L22.1729 83.1683C21.1416 82.7558 20.3854 81.8964 20.1104 80.8651C19.8354 79.7995 20.076 78.6651 20.7635 77.8401L34.5135 60.6526C35.3729 59.5526 32.7391 57.8404 34.0797 58.2185L72.5666 69.7964C73.5979 70.1058 74.4229 70.8964 74.801 71.9276C75.1791 72.9589 75.0416 74.0933 74.4229 74.987Z" fill="#FFDC83"/>
-<path d="M123.029 80.6242C122.754 81.6555 121.998 82.5492 121.001 82.9274L86.6261 96.918C86.1792 97.0899 85.7667 97.1586 85.3199 97.1586C84.1855 97.1586 83.1199 96.6086 82.4667 95.6117L68.7167 74.9867C68.098 74.093 67.9605 72.9586 68.3386 71.9274C68.7167 70.8961 69.5417 70.1055 70.573 69.7961L108.469 58.4331C109.81 58.0206 107.732 59.5524 108.626 60.618L122.376 77.5992C123.064 78.4242 123.304 79.5586 123.029 80.6242Z" fill="#FFDC83"/>
-<defs>
-<linearGradient id="paint0_linear_979_792" x1="24" y1="3.5" x2="181" y2="147" gradientUnits="userSpaceOnUse">
-<stop stop-color="#480000"/>
-<stop offset="1" stop-color="#AE2300"/>
-</linearGradient>
-<linearGradient id="paint1_linear_979_792" x1="74.5" y1="17.2369" x2="74.5" y2="79.9133" gradientUnits="userSpaceOnUse">
-<stop stop-color="#FFD200"/>
-<stop offset="0.06" stop-color="#FFB500"/>
-<stop offset="0.14" stop-color="#FF8C00"/>
-<stop offset="0.21" stop-color="#FF7300"/>
-<stop offset="0.26" stop-color="#FF6A00"/>
-<stop offset="0.33" stop-color="#FC4F0E"/>
-<stop offset="0.43" stop-color="#F92F1E"/>
-<stop offset="0.51" stop-color="#F81B27"/>
-<stop offset="0.57" stop-color="#F7142B"/>
-<stop offset="0.68" stop-color="#DF162E"/>
-<stop offset="0.79" stop-color="#AF1A38"/>
-<stop offset="1" stop-color="#4B214C"/>
-</linearGradient>
-<linearGradient id="paint2_linear_979_792" x1="48.493" y1="15.8928" x2="48.493" y2="100.954" gradientUnits="userSpaceOnUse">
-<stop stop-color="#FFD200"/>
-<stop offset="0.06" stop-color="#FFB500"/>
-<stop offset="0.14" stop-color="#FF8C00"/>
-<stop offset="0.21" stop-color="#FF7300"/>
-<stop offset="0.26" stop-color="#FF6A00"/>
-<stop offset="0.33" stop-color="#FC4F0E"/>
-<stop offset="0.43" stop-color="#F92F1E"/>
-<stop offset="0.51" stop-color="#F81B27"/>
-<stop offset="0.57" stop-color="#F7142B"/>
-<stop offset="0.68" stop-color="#DF162E"/>
-<stop offset="0.79" stop-color="#AF1A38"/>
-<stop offset="1" stop-color="#4B214C"/>
-</linearGradient>
-<linearGradient id="paint3_linear_979_792" x1="100.29" y1="15.8926" x2="100.29" y2="100.953" gradientUnits="userSpaceOnUse">
-<stop stop-color="#FFD200"/>
-<stop offset="0.06" stop-color="#FFB500"/>
-<stop offset="0.14" stop-color="#FF8C00"/>
-<stop offset="0.21" stop-color="#FF7300"/>
-<stop offset="0.26" stop-color="#FF6A00"/>
-<stop offset="0.33" stop-color="#FC4F0E"/>
-<stop offset="0.43" stop-color="#F92F1E"/>
-<stop offset="0.51" stop-color="#F81B27"/>
-<stop offset="0.57" stop-color="#F7142B"/>
-<stop offset="0.68" stop-color="#DF162E"/>
-<stop offset="0.79" stop-color="#AF1A38"/>
-<stop offset="1" stop-color="#4B214C"/>
-</linearGradient>
-<linearGradient id="paint4_linear_979_792" x1="88.9122" y1="15.8929" x2="88.9122" y2="100.954" gradientUnits="userSpaceOnUse">
-<stop stop-color="#FFD200"/>
-<stop offset="0.06" stop-color="#FFB500"/>
-<stop offset="0.14" stop-color="#FF8C00"/>
-<stop offset="0.21" stop-color="#FF7300"/>
-<stop offset="0.26" stop-color="#FF6A00"/>
-<stop offset="0.33" stop-color="#FC4F0E"/>
-<stop offset="0.43" stop-color="#F92F1E"/>
-<stop offset="0.51" stop-color="#F81B27"/>
-<stop offset="0.57" stop-color="#F7142B"/>
-<stop offset="0.68" stop-color="#DF162E"/>
-<stop offset="0.79" stop-color="#AF1A38"/>
-<stop offset="1" stop-color="#4B214C"/>
-</linearGradient>
-<linearGradient id="paint5_linear_979_792" x1="59.857" y1="15.8938" x2="59.857" y2="100.955" gradientUnits="userSpaceOnUse">
-<stop stop-color="#FFD200"/>
-<stop offset="0.06" stop-color="#FFB500"/>
-<stop offset="0.14" stop-color="#FF8C00"/>
-<stop offset="0.21" stop-color="#FF7300"/>
-<stop offset="0.26" stop-color="#FF6A00"/>
-<stop offset="0.33" stop-color="#FC4F0E"/>
-<stop offset="0.43" stop-color="#F92F1E"/>
-<stop offset="0.51" stop-color="#F81B27"/>
-<stop offset="0.57" stop-color="#F7142B"/>
-<stop offset="0.68" stop-color="#DF162E"/>
-<stop offset="0.79" stop-color="#AF1A38"/>
-<stop offset="1" stop-color="#4B214C"/>
-</linearGradient>
-</defs>
-</svg>

packages/extra/bootbox/templates/check-release-name.yaml

@@ -1,6 +0,0 @@
-{{- if ne .Release.Name .Chart.Name }}
-{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
-{{- end -}}
-{{- if ne .Release.Namespace "tenant-root" }}
-{{- fail "The namespace of the release MUST BE tenant-root" }}
-{{- end -}}

packages/extra/bootbox/templates/dashboard-resourcemap.yaml

@@ -1,35 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ .Release.Name }}-dashboard-resources
-rules:
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  resourceNames:
-  - bootbox
-  verbs: ["get", "list", "watch"]
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  resourceNames:
-  - grafana-admin-password
-  verbs: ["get", "list", "watch"]
-- apiGroups:
-  - ""
-  resources:
-  - services
-  resourceNames:
-  - bootbox
-  verbs: ["get", "list", "watch"]
-- apiGroups:
-  - cozystack.io
-  resources:
-  - workloadmonitors
-  resourceNames:
-  - bootbox-matchbox
-  verbs: ["get", "list", "watch"]
-
-

packages/extra/bootbox/templates/matchbox/configmaps.yaml

@@ -1,42 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: bootbox-profiles
-data:
-  default.json: |
-    {
-      "id": "default",
-      "name": "default",
-      "boot": {
-        "kernel": "/assets/vmlinuz",
-        "initrd": ["/assets/initramfs.xz"],
-        "args": [
-          "initrd=initramfs.xz",
-          "init_on_alloc=1",
-          "slab_nomerge",
-          "pti=on",
-          "console=tty0",
-          "console=ttyS0",
-          "printk.devkmsg=on",
-          "talos.platform=metal"
-        ]
-      }
-    }
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: bootbox-groups
-data:
-  default.json: |
-    {
-      "id": "default",
-      "name": "default",
-      "profile": "default"
-    }
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: bootbox-configs
-data:

packages/extra/bootbox/templates/matchbox/deployment.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bootbox-matchbox
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: bootbox-matchbox
-  template:
-    metadata:
-      labels:
-        app: bootbox-matchbox
-    spec:
-      containers:
-      - name: matchbox
-        image: "{{ $.Files.Get "images/matchbox.tag" | trim }}"
-        args:
-          - "-address=:8080"
-          - "-log-level=debug"
-        volumeMounts:
-          - name: profiles-volume
-            mountPath: /var/lib/matchbox/profiles
-          - name: groups-volume
-            mountPath: /var/lib/matchbox/groups
-          - name: configs-volume
-            mountPath: /var/lib/matchbox/assets/configs
-        ports:
-          - name: http
-            containerPort: 8080
-            protocol: TCP
-      volumes:
-        - name: profiles-volume
-          configMap:
-            name: bootbox-profiles
-        - name: groups-volume
-          configMap:
-            name: bootbox-groups
-        - name: configs-volume
-          configMap:
-            name: bootbox-configs
----
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: bootbox-matchbox
-spec:
-  replicas: 1
-  minReplicas: 1
-  kind: bootbox
-  type: matchbox
-  selector:
-    app: bootbox-matchbox
-  version: {{ $.Chart.Version }}

packages/extra/bootbox/templates/matchbox/ingress.yaml

@@ -1,37 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
-
-{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
-{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
-{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: bootbox
-  labels:
-    app: bootbox
-  annotations:
-    {{- if ne $issuerType "cloudflare" }}
-    acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
-    {{- end }}
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    {{- if .Values.whitelistHTTP }}
-    nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.whitelist | default "0.0.0.0/32") }}"
-    {{- end }}
-spec:
-  ingressClassName: {{ $ingress }}
-  tls:
-    - hosts:
-        - "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
-      secretName: bootbox-tls
-  rules:
-    - host: "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
-      http:
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: bootbox
-                port:
-                  name: http

packages/extra/bootbox/templates/matchbox/machines.yaml

@@ -1,47 +0,0 @@
-{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
-
-{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
-{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
-{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
-
-{{ range $m := .Values.machines }}
----
-apiVersion: tinkerbell.org/v1alpha1
-kind: Hardware
-metadata:
-  name: {{ $m.hostname }}
-  namespace: cozy-bootbox
-spec:
-  interfaces:
-  {{- range $mac := $m.mac }}
-  - dhcp:
-      hostname: {{ $m.hostname }}
-      mac: {{ $mac }}
-      {{- with $m.arch }}
-      arch: {{ . }}
-      {{- end }}
-      {{- with $m.ip }}
-      ip:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with $m.leaseTime }}
-      lease_time: {{ . }}
-      {{- end }}
-      {{- with $m.uefi }}
-      uefi: {{ . }}
-      {{- end }}
-      {{- with $m.nameServers }}
-      name_servers:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with $m.timeServers }}
-      time_servers:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    netboot:
-      allowPXE: true
-      ipxe:
-        url: "https://{{ printf "bootbox.%s" ($.Values.host | default $host) }}/boot.ipxe"
-  {{- end }}
-{{- end }}

packages/extra/bootbox/templates/matchbox/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: bootbox
-spec:
-  selector:
-    app: bootbox-matchbox
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: http
-      name: http

packages/extra/bootbox/values.schema.json

@@ -1,25 +0,0 @@
-{
-  "title": "Chart Values",
-  "type": "object",
-  "properties": {
-    "whitelistHTTP": {
-      "type": "boolean",
-      "description": "Secure HTTP by enabling  client networks whitelisting",
-      "default": true
-    },
-    "whitelist": {
-      "type": "array",
-      "description": "List of client networks",
-      "default": [],
-      "items": {}
-    },
-    "machines": {
-      "type": "array",
-      "description": "Configuration of physical machine instances",
-      "default": "[]",
-      "items": {
-        "type": "object"
-      }
-    }
-  }
-}

packages/extra/bootbox/values.yaml

@@ -1,30 +0,0 @@
-## @section Common parameters
-
-## @param whitelistHTTP Secure HTTP by enabling  client networks whitelisting
-## @param whitelist List of client networks
-## Example:
-## whitelistHTTP: true
-## whitelist:
-## - "1.2.3.4"
-## - "10.8.0.0/16"
-##
-whitelistHTTP: true
-whitelist: []
-
-## @param machines [array] Configuration of physical machine instances
-##
-## Example:
-## machines:
-## - hostname: machine1
-##   arch: x86_64
-##   ip:
-##     address: 10.8.2.2
-##     gateway: 10.8.2.1
-##     netmask: 255.255.255.0
-##   leaseTime: 86400
-##   mac: [d6:fa:af:52:25:93]
-##   nameServers: [1.1.1.1,8.8.8.8]
-##   timeServers: [pool.ntp.org]
-##   uefi: true
-
-machines: []

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: /logos/etcd.svg
 type: application
-version: 2.5.0
+version: 2.4.0

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -40,12 +40,6 @@ spec:
       labels:
         cozystack.io/service: etcd
     spec:
-      containers:
-      - name: etcd
-        ports:
-        - name: metrics
-          containerPort: 2381
-          protocol: TCP
       topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: "kubernetes.io/hostname"

packages/extra/etcd/templates/podscrape.yaml

@@ -1,11 +0,0 @@
-apiVersion: operator.victoriametrics.com/v1beta1
-kind: VMPodScrape
-metadata:
-  name: etcd-pod-scrape
-spec:
-  podMetricsEndpoints:
-    - port: metrics
-      scheme: http
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: etcd

packages/extra/etcd/templates/prometheus-rules.yaml

@@ -1,132 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: etcd-rules
-spec:
-  groups:
-  - name: etcd
-    rules:
-    - alert: etcdInsufficientMembers
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': insufficient members '{{`{{ $value }}`}}'."
-      expr: |
-        sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2)
-      for: 3m
-      labels:
-        severity: critical
-
-    - alert: etcdNoLeader
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': member '{{`{{ $labels.instance }}`}}' has no leader."
-      expr: |
-        etcd_server_has_leader{job=~".*etcd.*"} == 0
-      for: 1m
-      labels:
-        severity: critical
-
-    - alert: etcdHighNumberOfLeaderChanges
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': instance '{{`{{ $labels.instance }}`}}' has seen '{{`{{ $value }}`}}' leader changes within the last hour."
-      expr: |
-        rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3
-      for: 15m
-      labels:
-        severity: warning
-
-    - alert: etcdHighNumberOfFailedGRPCRequests
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': '{{`{{ $value }}`}}' of requests for '{{`{{ $labels.grpc_method }}`}}' failed on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
-          /
-        sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
-          > 1
-      for: 10m
-      labels:
-        severity: warning
-
-    - alert: etcdHighNumberOfFailedGRPCRequests
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': '{{`{{ $value }}`}}' of requests for '{{`{{ $labels.grpc_method }}`}}' failed on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
-          /
-        sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
-          > 5
-      for: 5m
-      labels:
-        severity: critical
-
-    - alert: etcdGRPCRequestsSlow
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': gRPC requests to '{{`{{ $labels.grpc_method }}`}}' are taking '{{`{{ $value }}`}}' on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le))
-        > 0.15
-      for: 10m
-      labels:
-        severity: critical
-
-    - alert: etcdMemberCommunicationSlow
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': member communication with '{{`{{ $labels.To }}`}}' is taking '{{`{{ $value }}`}}' on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m]))
-        > 0.15
-      for: 10m
-      labels:
-        severity: warning
-
-    - alert: etcdHighNumberOfFailedProposals
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}': '{{`{{ $value }}`}}' proposal failures within the last hour on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5
-      for: 15m
-      labels:
-        severity: warning
-
-    - alert: etcdHighNumberOfFailedHTTPRequests
-      annotations:
-        summary: "'{{`{{ $value }}`}}' of requests for '{{`{{ $labels.method }}`}}' failed on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) BY (method) > 0.01
-      for: 10m
-      labels:
-        severity: warning
-
-    - alert: etcdHighNumberOfFailedHTTPRequests
-      annotations:
-        summary: "'{{`{{ $value }}`}}' of requests for '{{`{{ $labels.method }}`}}' failed on etcd instance '{{`{{ $labels.instance }}`}}'."
-      expr: |
-        sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) BY (method) > 0.05
-      for: 10m
-      labels:
-        severity: critical
-
-    - alert: etcdHTTPRequestsSlow
-      annotations:
-        summary: "etcd instance '{{`{{ $labels.instance }}`}}' HTTP requests to '{{`{{ $labels.method }}`}}' are slow."
-      expr: |
-        histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m]))
-        > 0.15
-      for: 10m
-      labels:
-        severity: warning
-
-    - alert: etcdMembersDown
-      annotations:
-        summary: "etcd cluster '{{`{{ $labels.job }}`}}' members are down."
-        description: 'etcd cluster "{{`{{ $labels.job }}`}}": members are down {{`{{ $value }}`}}.'
-      expr: |
-        max without (endpoint) (
-          sum without (instance, pod) (up{job=~".*etcd.*"} == bool 0)
-        or
-          count without (To) (
-            sum without (instance, pod) (rate(etcd_network_peer_sent_failures_total{job=~".*etcd.*"}[120s])) > 0.01
-          )
-        )
-        > 0
-      for: 10m
-      labels:
-        severity: critical

packages/extra/monitoring/Chart.yaml

@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.8.0
+version: 1.7.0

packages/extra/monitoring/Makefile

@@ -1,8 +1,5 @@
-GRAFANA_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
-
 NAME=monitoring
 
-include ../../../scripts/common-envs.mk
 include ../../../scripts/package.mk
 
 generate:
@@ -11,16 +8,3 @@ generate:
 		jq '.properties.metricsStorages.items.type = "object" | .properties.logsStorages.items.type = "object"' \
 		> values.schema.json
 	rm -f values.schema.json.tmp
-
-image:
-	docker buildx build --platform linux/amd64 images/grafana \
-		--provenance false \
-		--tag $(REGISTRY)/grafana:$(call settag,$(GRAFANA_TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/grafana:latest \
-		--cache-to type=inline \
-		--metadata-file images/grafana.json \
-		--push=$(PUSH) \
-		--load=$(LOAD)
-	echo "$(REGISTRY)/grafana:$(call settag,$(GRAFANA_TAG))@$$(yq e '."containerimage.digest"' images/grafana.json -o json -r)" \
-		> images/grafana.tag
-	rm -f images/grafana.json

packages/extra/monitoring/dashboards.list

@@ -30,8 +30,5 @@ main/nodes
 control-plane/control-plane-status
 control-plane/deprecated-resources
 control-plane/dns-coredns
-control-plane/kube-etcd
+control-plane/kube-etcd3
 kubevirt/kubevirt-control-plane
-flux/flux-control-plane
-flux/flux-stats
-kafka/strimzi-kafka

packages/extra/monitoring/images/grafana.tag

@@ -1 +0,0 @@
-ghcr.io/aenix-io/cozystack/grafana:1.8.0@sha256:0377abd3cb2c6e27b12ac297f1859aa4d550f1aa14989f824f2315d0dfd1a5b2

packages/extra/monitoring/images/grafana/Dockerfile

@@ -1,15 +0,0 @@
-FROM grafana/grafana:11.4.0
-
-USER root
-
-RUN mkdir -p /var/lib/grafana-plugins \
- && chown -R grafana:0 /var/lib/grafana-plugins
-
-USER grafana
-
-ARG VLOGS_VERSION=v0.14.1
-RUN curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/${VLOGS_VERSION}/victoriametrics-logs-datasource-${VLOGS_VERSION}.tar.gz | \
-      tar -xzf - -C /var/lib/grafana-plugins
-
-RUN grafana-cli --pluginsDir /var/lib/grafana-plugins plugins install natel-discrete-panel
-RUN grafana-cli --pluginsDir /var/lib/grafana-plugins plugins install grafana-worldmap-panel

packages/extra/monitoring/templates/grafana/grafana.yaml

@@ -36,19 +36,38 @@ spec:
       replicas: 2
       template:
         spec:
+          initContainers:
+            - name: "load-vm-ds-plugin"
+              image: "curlimages/curl:7.85.0"
+              command: [ "/bin/sh" ]
+              workingDir: "/var/lib/grafana"
+              securityContext:
+                runAsUser: 10001
+                runAsNonRoot: true
+                runAsGroup: 10001
+              args:
+                - "-c"
+                - |
+                  set -ex
+                  mkdir -p /var/lib/grafana/plugins/
+                  ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v0\.13\.[0-9]+' | head -1)
+                  curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victoriametrics-logs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
+                  tar -xf /var/lib/grafana/plugins/vl-plugin.tar.gz -C /var/lib/grafana/plugins/
+                  rm /var/lib/grafana/plugins/vl-plugin.tar.gz
+              volumeMounts:
+                - name: grafana-data
+                  mountPath: /var/lib/grafana
           containers:
             - name: grafana
-              image: "{{ $.Files.Get "images/grafana.tag" | trim }}"
+              image: grafana/grafana:11.2.0
               securityContext:
                 allowPrivilegeEscalation: false
                 readOnlyRootFilesystem: false
               readinessProbe:
                 failureThreshold: 3
               env:
-              #- name: GF_INSTALL_PLUGINS
-              #  value: grafana-worldmap-panel,natel-discrete-panel
-              - name: GF_PATHS_PLUGINS
-                value: /var/lib/grafana-plugins
+              - name: GF_INSTALL_PLUGINS
+                value: grafana-worldmap-panel,natel-discrete-panel
               - name: ONCALL_API_URL
                 value: http://grafana-oncall-engine:8080
               - name: GF_DATABASE_HOST

packages/extra/versions_map

@@ -1,12 +1,10 @@
-bootbox 0.1.0 HEAD
 etcd 1.0.0 f7eaab0
 etcd 2.0.0 a6d0f7cf
 etcd 2.0.1 6fc1cc7d
 etcd 2.1.0 2b00fcf8
 etcd 2.2.0 5ca8823
 etcd 2.3.0 b908400d
-etcd 2.4.0 cb7b8158
-etcd 2.5.0 HEAD
+etcd 2.4.0 HEAD
 ingress 1.0.0 f642698
 ingress 1.1.0 838bee5d
 ingress 1.2.0 ced8e5b
@@ -25,8 +23,7 @@ monitoring 1.5.3 c1ca19dc
 monitoring 1.5.4 d4634797
 monitoring 1.6.0 cb7b8158
 monitoring 1.6.1 3bb97596
-monitoring 1.7.0 749110aa
-monitoring 1.8.0 HEAD
+monitoring 1.7.0 HEAD
 seaweedfs 0.1.0 5ca8823
 seaweedfs 0.2.0 9e33dc0
 seaweedfs 0.2.1 249bf35

packages/system/bootbox/templates/bootbox.yaml

@@ -1,21 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  annotations:
-    helm.sh/resource-policy: keep
-  labels:
-    cozystack.io/ui: "true"
-  name: bootbox
-  namespace: tenant-root
-spec:
-  chart:
-    spec:
-      chart: bootbox
-      reconcileStrategy: Revision
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-extra
-        namespace: cozy-public
-      version: '*'
-  interval: 1m0s
-  timeout: 5m0s

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:b4ea039e7a04edb1afb3dda86b5caf0fda6dcf826886118058560bf876c7197b
+ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:35e9a8ba7e1a3b0cee634f6d2bd92d2b08c47c7ed3316559c9ea25ff733eb5d5

packages/system/cilium/charts/cilium/Chart.yaml

@@ -79,7 +79,7 @@ annotations:
     Pod IP Pool\n  description: |\n    CiliumPodIPPool defines an IP pool that can
     be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
 apiVersion: v2
-appVersion: 1.16.6
+appVersion: 1.16.5
 description: eBPF-based Networking, Security, and Observability
 home: https://cilium.io/
 icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
@@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0'
 name: cilium
 sources:
 - https://github.com/cilium/cilium
-version: 1.16.6
+version: 1.16.5

packages/system/cilium/charts/cilium/README.md

@@ -1,6 +1,6 @@
 # cilium
 
-![Version: 1.16.6](https://img.shields.io/badge/Version-1.16.6-informational?style=flat-square) ![AppVersion: 1.16.6](https://img.shields.io/badge/AppVersion-1.16.6-informational?style=flat-square)
+![Version: 1.16.5](https://img.shields.io/badge/Version-1.16.5-informational?style=flat-square) ![AppVersion: 1.16.5](https://img.shields.io/badge/AppVersion-1.16.5-informational?style=flat-square)
 
 Cilium is open source software for providing and transparently securing
 network connectivity and loadbalancing between application workloads such as
@@ -83,7 +83,7 @@ contributors across the globe, there is almost always someone available to help.
 | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
 | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true |
 | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. |
-| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server |
+| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:d75b758a4fea99ffff4db799e16f853bbde8643671b5b72464a8ba94cbe3dbe3","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server |
 | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into |
 | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration |
 | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations |
@@ -182,7 +182,7 @@ contributors across the globe, there is almost always someone available to help.
 | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
 | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
 | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. |
-| clustermesh.apiserver.image | object | `{"digest":"sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.6","useDigest":true}` | Clustermesh API server image. |
+| clustermesh.apiserver.image | object | `{"digest":"sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.5","useDigest":true}` | Clustermesh API server image. |
 | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. |
 | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. |
 | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. |
@@ -353,7 +353,7 @@ contributors across the globe, there is almost always someone available to help.
 | envoy.extraVolumes | list | `[]` | Additional envoy volumes. |
 | envoy.healthPort | int | `9878` | TCP port for the health API. |
 | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s |
-| envoy.image | object | `{"digest":"sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5","useDigest":true}` | Envoy container image. |
+| envoy.image | object | `{"digest":"sha256:709c08ade3d17d52da4ca2af33f431360ec26268d288d9a6cd1d98acc9a1dced","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8","useDigest":true}` | Envoy container image. |
 | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out |
 | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
 | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
@@ -485,7 +485,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. |
 | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay |
 | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay |
-| hubble.relay.image | object | `{"digest":"sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.6","useDigest":true}` | Hubble-relay container image. |
+| hubble.relay.image | object | `{"digest":"sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.5","useDigest":true}` | Hubble-relay container image. |
 | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
 | hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
 | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
@@ -591,7 +591,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
 | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). |
 | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. |
-| image | object | `{"digest":"sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.6","useDigest":true}` | Agent container image. |
+| image | object | `{"digest":"sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.5","useDigest":true}` | Agent container image. |
 | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images |
 | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set |
 | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. |
@@ -718,7 +718,7 @@ contributors across the globe, there is almost always someone available to help.
 | operator.hostNetwork | bool | `true` | HostNetwork setting |
 | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
 | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
-| operator.image | object | `{"alibabacloudDigest":"sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9","awsDigest":"sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d","azureDigest":"sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd","genericDigest":"sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.6","useDigest":true}` | cilium-operator image. |
+| operator.image | object | `{"alibabacloudDigest":"sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0","awsDigest":"sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476","azureDigest":"sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9","genericDigest":"sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.5","useDigest":true}` | cilium-operator image. |
 | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
 | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
@@ -768,7 +768,7 @@ contributors across the globe, there is almost always someone available to help.
 | preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
 | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
 | preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
-| preflight.image | object | `{"digest":"sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.6","useDigest":true}` | Cilium pre-flight image. |
+| preflight.image | object | `{"digest":"sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.5","useDigest":true}` | Cilium pre-flight image. |
 | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
 | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
 | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |

packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.json

@@ -0,0 +1,471 @@
+{
+  "node": {
+    "id": "host~127.0.0.1~no-id~localdomain",
+    "cluster": "ingress-cluster"
+  },
+  "staticResources": {
+    "listeners": [
+      {{- if .Values.envoy.prometheus.enabled }}
+      {
+        "name": "envoy-prometheus-metrics-listener",
+        "address": {
+          "socket_address": {
+            "address": "0.0.0.0",
+            "port_value": {{ .Values.envoy.prometheus.port }}
+          }
+        },
+        "filter_chains": [
+          {
+            "filters": [
+              {
+                "name": "envoy.filters.network.http_connection_manager",
+                "typed_config": {
+                  "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                  "stat_prefix": "envoy-prometheus-metrics-listener",
+                  "route_config": {
+                    "virtual_hosts": [
+                      {
+                        "name": "prometheus_metrics_route",
+                        "domains": [
+                          "*"
+                        ],
+                        "routes": [
+                          {
+                            "name": "prometheus_metrics_route",
+                            "match": {
+                              "prefix": "/metrics"
+                            },
+                            "route": {
+                              "cluster": "/envoy-admin",
+                              "prefix_rewrite": "/stats/prometheus"
+                            }
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "http_filters": [
+                    {
+                      "name": "envoy.filters.http.router",
+                      "typed_config": {
+                        "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                      }
+                    }
+                  ],
+                  "internal_address_config": {
+                    "cidr_ranges": [
+                      {
+                        "address_prefix": "10.0.0.0",
+                        "prefix_len": 8
+                      },
+                      {
+                        "address_prefix": "172.16.0.0",
+                        "prefix_len": 12
+                      },
+                      {
+                        "address_prefix": "192.168.0.0",
+                        "prefix_len": 16
+                      },
+                      {
+                        "address_prefix": "127.0.0.1",
+                        "prefix_len": 32
+                      },
+                      {
+                        "address_prefix": "::1",
+                        "prefix_len": 128
+                      }
+                    ]
+                  },
+                  "stream_idle_timeout": "0s"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {{- end }}
+      {{- if and .Values.envoy.debug.admin.enabled }}
+      {
+        "name": "envoy-admin-listener",
+        "address": {
+          "socket_address": {
+            "address": {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }},
+            "port_value": {{ .Values.envoy.debug.admin.port }}
+          }
+        },
+        {{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
+        "additional_addresses": [
+          {
+            "address": {
+              "socket_address": {
+                "address": "::1",
+                "port_value": {{ .Values.envoy.debug.admin.port }}
+              }
+            }
+          }
+        ],
+        {{- end }}
+        "filter_chains": [
+          {
+            "filters": [
+              {
+                "name": "envoy.filters.network.http_connection_manager",
+                "typed_config": {
+                  "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                  "stat_prefix": "envoy-admin-listener",
+                  "route_config": {
+                    "virtual_hosts": [
+                      {
+                        "name": "admin_route",
+                        "domains": [
+                          "*"
+                        ],
+                        "routes": [
+                          {
+                            "name": "admin_route",
+                            "match": {
+                              "prefix": "/"
+                            },
+                            "route": {
+                              "cluster": "/envoy-admin",
+                              "prefix_rewrite": "/"
+                            }
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "http_filters": [
+                    {
+                      "name": "envoy.filters.http.router",
+                      "typed_config": {
+                        "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                      }
+                    }
+                  ],
+                  "internal_address_config": {
+                    "cidr_ranges": [
+                      {
+                        "address_prefix": "10.0.0.0",
+                        "prefix_len": 8
+                      },
+                      {
+                        "address_prefix": "172.16.0.0",
+                        "prefix_len": 12
+                      },
+                      {
+                        "address_prefix": "192.168.0.0",
+                        "prefix_len": 16
+                      },
+                      {
+                        "address_prefix": "127.0.0.1",
+                        "prefix_len": 32
+                      },
+                      {
+                        "address_prefix": "::1",
+                        "prefix_len": 128
+                      }
+                    ]
+                  },
+                  "stream_idle_timeout": "0s"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {{- end }}
+      {
+        "name": "envoy-health-listener",
+        "address": {
+          "socket_address": {
+            "address": {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }},
+            "port_value": {{ .Values.envoy.healthPort }}
+          }
+        },
+        {{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
+        "additional_addresses": [
+          {
+            "address": {
+              "socket_address": {
+                "address": "::1",
+                "port_value": {{ .Values.envoy.healthPort }}
+              }
+            }
+          }
+        ],
+        {{- end }}
+        "filter_chains": [
+          {
+            "filters": [
+              {
+                "name": "envoy.filters.network.http_connection_manager",
+                "typed_config": {
+                  "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                  "stat_prefix": "envoy-health-listener",
+                  "route_config": {
+                    "virtual_hosts": [
+                      {
+                        "name": "health",
+                        "domains": [
+                          "*"
+                        ],
+                        "routes": [
+                          {
+                            "name": "health",
+                            "match": {
+                              "prefix": "/healthz"
+                            },
+                            "route": {
+                              "cluster": "/envoy-admin",
+                              "prefix_rewrite": "/ready"
+                            }
+                          }
+                        ]
+                      }
+                    ]
+                  },
+                  "http_filters": [
+                    {
+                      "name": "envoy.filters.http.router",
+                      "typed_config": {
+                        "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                      }
+                    }
+                  ],
+                  "internal_address_config": {
+                    "cidr_ranges": [
+                      {
+                        "address_prefix": "10.0.0.0",
+                        "prefix_len": 8
+                      },
+                      {
+                        "address_prefix": "172.16.0.0",
+                        "prefix_len": 12
+                      },
+                      {
+                        "address_prefix": "192.168.0.0",
+                        "prefix_len": 16
+                      },
+                      {
+                        "address_prefix": "127.0.0.1",
+                        "prefix_len": 32
+                      },
+                      {
+                        "address_prefix": "::1",
+                        "prefix_len": 128
+                      }
+                    ]
+                  },
+                  "stream_idle_timeout": "0s"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    ],
+    "clusters": [
+      {
+        "name": "ingress-cluster",
+        "type": "ORIGINAL_DST",
+        "connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
+        "lbPolicy": "CLUSTER_PROVIDED",
+        "typedExtensionProtocolOptions": {
+          "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+            "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+            "commonHttpProtocolOptions": {
+              "idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
+              "maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
+              "maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
+            },
+            "useDownstreamProtocolConfig": {}
+          }
+        },
+        "cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
+      },
+      {
+        "name": "egress-cluster-tls",
+        "type": "ORIGINAL_DST",
+        "connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
+        "lbPolicy": "CLUSTER_PROVIDED",
+        "typedExtensionProtocolOptions": {
+          "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+            "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+            "commonHttpProtocolOptions": {
+              "idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
+              "maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
+              "maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
+            },
+            "upstreamHttpProtocolOptions": {},
+            "useDownstreamProtocolConfig": {}
+          }
+        },
+        "cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s",
+        "transportSocket": {
+          "name": "cilium.tls_wrapper",
+          "typedConfig": {
+            "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
+          }
+        }
+      },
+      {
+        "name": "egress-cluster",
+        "type": "ORIGINAL_DST",
+        "connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
+        "lbPolicy": "CLUSTER_PROVIDED",
+        "typedExtensionProtocolOptions": {
+          "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+            "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+            "commonHttpProtocolOptions": {
+              "idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
+              "maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
+              "maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
+            },
+            "useDownstreamProtocolConfig": {}
+          }
+        },
+        "cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
+      },
+      {
+        "name": "ingress-cluster-tls",
+        "type": "ORIGINAL_DST",
+        "connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
+        "lbPolicy": "CLUSTER_PROVIDED",
+        "typedExtensionProtocolOptions": {
+          "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+            "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+            "commonHttpProtocolOptions": {
+              "idleTimeout": "{{ .Values.envoy.idleTimeoutDurationSeconds }}s",
+              "maxConnectionDuration": "{{ .Values.envoy.maxConnectionDurationSeconds }}s",
+              "maxRequestsPerConnection": {{ .Values.envoy.maxRequestsPerConnection }}
+            },
+            "upstreamHttpProtocolOptions": {},
+            "useDownstreamProtocolConfig": {}
+          }
+        },
+        "cleanupInterval": "{{ .Values.envoy.connectTimeoutSeconds }}.500s",
+        "transportSocket": {
+          "name": "cilium.tls_wrapper",
+          "typedConfig": {
+            "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
+          }
+        }
+      },
+      {
+        "name": "xds-grpc-cilium",
+        "type": "STATIC",
+        "connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
+        "loadAssignment": {
+          "clusterName": "xds-grpc-cilium",
+          "endpoints": [
+            {
+              "lbEndpoints": [
+                {
+                  "endpoint": {
+                    "address": {
+                      "pipe": {
+                        "path": "/var/run/cilium/envoy/sockets/xds.sock"
+                      }
+                    }
+                  }
+                }
+              ]
+            }
+          ]
+        },
+        "typedExtensionProtocolOptions": {
+          "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+            "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+            "explicitHttpConfig": {
+              "http2ProtocolOptions": {}
+            }
+          }
+        }
+      },
+      {
+        "name": "/envoy-admin",
+        "type": "STATIC",
+        "connectTimeout": "{{ .Values.envoy.connectTimeoutSeconds }}s",
+        "loadAssignment": {
+          "clusterName": "/envoy-admin",
+          "endpoints": [
+            {
+              "lbEndpoints": [
+                {
+                  "endpoint": {
+                    "address": {
+                      "pipe": {
+                        "path": "/var/run/cilium/envoy/sockets/admin.sock"
+                      }
+                    }
+                  }
+                }
+              ]
+            }
+          ]
+        }
+      }
+    ]
+  },
+  "dynamicResources": {
+    "ldsConfig": {
+      "initialFetchTimeout": "{{ .Values.envoy.initialFetchTimeoutSeconds }}s",
+      "apiConfigSource": {
+        "apiType": "GRPC",
+        "transportApiVersion": "V3",
+        "grpcServices": [
+          {
+            "envoyGrpc": {
+              "clusterName": "xds-grpc-cilium"
+            }
+          }
+        ],
+        "setNodeOnFirstMessageOnly": true
+      },
+      "resourceApiVersion": "V3"
+    },
+    "cdsConfig": {
+      "initialFetchTimeout": "{{ .Values.envoy.initialFetchTimeoutSeconds }}s",
+      "apiConfigSource": {
+        "apiType": "GRPC",
+        "transportApiVersion": "V3",
+        "grpcServices": [
+          {
+            "envoyGrpc": {
+              "clusterName": "xds-grpc-cilium"
+            }
+          }
+        ],
+        "setNodeOnFirstMessageOnly": true
+      },
+      "resourceApiVersion": "V3"
+    }
+  },
+  "bootstrapExtensions": [
+    {
+      "name": "envoy.bootstrap.internal_listener",
+      "typed_config": {
+        "@type": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"
+      }
+    }
+  ],
+  "overload_manager": {
+    "resource_monitors": [
+      {
+        "name": "envoy.resource_monitors.global_downstream_max_connections",
+        "typed_config": {
+          "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
+          "max_active_downstream_connections": "50000"
+        }
+      }
+    ]
+  },
+  "admin": {
+    "address": {
+      "pipe": {
+        "path": "/var/run/cilium/envoy/sockets/admin.sock"
+      }
+    }
+  }
+}

packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml

@@ -1,280 +0,0 @@
-node:
-  id: "host~127.0.0.1~no-id~localdomain"
-  cluster: "ingress-cluster"
-staticResources:
-  listeners:
-  {{- if .Values.envoy.prometheus.enabled }}
-  - name: "envoy-prometheus-metrics-listener"
-    address:
-      socketAddress:
-        address: "0.0.0.0"
-        portValue: {{ .Values.envoy.prometheus.port }}
-    filterChains:
-    - filters:
-      - name: "envoy.filters.network.http_connection_manager"
-        typedConfig:
-          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
-          statPrefix: "envoy-prometheus-metrics-listener"
-          routeConfig:
-            virtualHosts:
-            - name: "prometheus_metrics_route"
-              domains:
-              - "*"
-              routes:
-              - name: "prometheus_metrics_route"
-                match:
-                  prefix: "/metrics"
-                route:
-                  cluster: "/envoy-admin"
-                  prefixRewrite: "/stats/prometheus"
-          httpFilters:
-          - name: "envoy.filters.http.router"
-            typedConfig:
-              "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-          internalAddressConfig:
-            cidrRanges:
-            {{- if .Values.ipv4.enabled }}
-            - addressPrefix: "10.0.0.0"
-              prefixLen: 8
-            - addressPrefix: "172.16.0.0"
-              prefixLen: 12
-            - addressPrefix: "192.168.0.0"
-              prefixLen: 16
-            - addressPrefix: "127.0.0.1"
-              prefixLen: 32
-            {{- end }}
-            {{- if .Values.ipv6.enabled }}
-            - addressPrefix: "::1"
-              prefixLen: 128
-            {{- end }}
-          streamIdleTimeout: "0s"
-  {{- end }}
-  {{- if and .Values.envoy.debug.admin.enabled }}
-  - name: "envoy-admin-listener"
-    address:
-      socketAddress:
-        address: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
-        portValue: {{ .Values.envoy.debug.admin.port }}
-    {{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
-    additionalAddresses:
-    - address:
-        socketAddress:
-          address: "::1"
-          portValue: {{ .Values.envoy.debug.admin.port }}
-    {{- end }}
-    filterChains:
-    - filters:
-      - name: "envoy.filters.network.http_connection_manager"
-        typedConfig:
-          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
-          statPrefix: "envoy-admin-listener"
-          routeConfig:
-            virtual_hosts:
-            - name: "admin_route"
-              domains:
-              - "*"
-              routes:
-              - name: "admin_route"
-                match:
-                  prefix: "/"
-                route:
-                  cluster: "/envoy-admin"
-                  prefixRewrite: "/"
-          httpFilters:
-          - name: "envoy.filters.http.router"
-            typedConfig:
-              "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-          internalAddressConfig:
-            cidrRanges:
-            {{- if .Values.ipv4.enabled }}
-            - addressPrefix: "10.0.0.0"
-              prefixLen: 8
-            - addressPrefix: "172.16.0.0"
-              prefixLen: 12
-            - addressPrefix: "192.168.0.0"
-              prefixLen: 16
-            - addressPrefix: "127.0.0.1"
-              prefixLen: 32
-            {{- end }}
-            {{- if .Values.ipv6.enabled }}
-            - addressPrefix: "::1"
-              prefixLen: 128
-            {{- end }}
-          streamIdleTimeout: "0s"
-  {{- end }}
-  - name: "envoy-health-listener"
-    address:
-      socketAddress:
-        address: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }}
-        portValue: {{ .Values.envoy.healthPort }}
-    {{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
-    additionalAddresses:
-    - address:
-        socketAddress:
-          address: "::1"
-          portValue: {{ .Values.envoy.healthPort }}
-    {{- end }}
-    filterChains:
-    - filters:
-      - name: "envoy.filters.network.http_connection_manager"
-        typedConfig:
-          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
-          statPrefix: "envoy-health-listener"
-          routeConfig:
-            virtual_hosts:
-            - name: "health"
-              domains:
-              - "*"
-              routes:
-              - name: "health"
-                match:
-                  prefix: "/healthz"
-                route:
-                  cluster: "/envoy-admin"
-                  prefixRewrite: "/ready"
-          httpFilters:
-          - name: "envoy.filters.http.router"
-            typedConfig:
-              "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-          internalAddressConfig:
-            cidrRanges:
-            {{- if .Values.ipv4.enabled }}
-            - addressPrefix: "10.0.0.0"
-              prefixLen: 8
-            - addressPrefix: "172.16.0.0"
-              prefixLen: 12
-            - addressPrefix: "192.168.0.0"
-              prefixLen: 16
-            - addressPrefix: "127.0.0.1"
-              prefixLen: 32
-            {{- end }}
-            {{- if .Values.ipv6.enabled }}
-            - addressPrefix: "::1"
-              prefixLen: 128
-            {{- end }}
-          streamIdleTimeout: "0s"
-  clusters:
-  - name: "ingress-cluster"
-    type: "ORIGINAL_DST"
-    connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
-    lbPolicy: "CLUSTER_PROVIDED"
-    typedExtensionProtocolOptions:
-      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-        "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
-        commonHttpProtocolOptions:
-          idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
-          maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
-          maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
-        useDownstreamProtocolConfig: {}
-    cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
-  - name: "egress-cluster-tls"
-    type: "ORIGINAL_DST"
-    connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
-    lbPolicy: "CLUSTER_PROVIDED"
-    typedExtensionProtocolOptions:
-      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-        "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
-        commonHttpProtocolOptions:
-          idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
-          maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
-          maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
-        upstreamHttpProtocolOptions: {}
-        useDownstreamProtocolConfig: {}
-    cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
-    transportSocket:
-      name: "cilium.tls_wrapper"
-      typedConfig:
-        "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
-  - name: "egress-cluster"
-    type: "ORIGINAL_DST"
-    connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
-    lbPolicy: "CLUSTER_PROVIDED"
-    typedExtensionProtocolOptions:
-      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-        "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
-        commonHttpProtocolOptions:
-          idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
-          maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
-          maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
-        useDownstreamProtocolConfig: {}
-    cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
-  - name: "ingress-cluster-tls"
-    type: "ORIGINAL_DST"
-    connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
-    lbPolicy: "CLUSTER_PROVIDED"
-    typedExtensionProtocolOptions:
-      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-        "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
-        commonHttpProtocolOptions:
-          idleTimeout: "{{ .Values.envoy.idleTimeoutDurationSeconds }}s"
-          maxConnectionDuration: "{{ .Values.envoy.maxConnectionDurationSeconds }}s"
-          maxRequestsPerConnection: {{ .Values.envoy.maxRequestsPerConnection }}
-        upstreamHttpProtocolOptions: {}
-        useDownstreamProtocolConfig: {}
-    cleanupInterval: "{{ .Values.envoy.connectTimeoutSeconds }}.500s"
-    transportSocket:
-      name: "cilium.tls_wrapper"
-      typedConfig:
-        "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
-  - name: "xds-grpc-cilium"
-    type: "STATIC"
-    connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
-    loadAssignment:
-      clusterName: "xds-grpc-cilium"
-      endpoints:
-      - lbEndpoints:
-        - endpoint:
-            address:
-              pipe:
-                path: "/var/run/cilium/envoy/sockets/xds.sock"
-    typedExtensionProtocolOptions:
-      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-        "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions"
-        explicitHttpConfig:
-          http2ProtocolOptions: {}
-  - name: "/envoy-admin"
-    type: "STATIC"
-    connectTimeout: "{{ .Values.envoy.connectTimeoutSeconds }}s"
-    loadAssignment:
-      clusterName: "/envoy-admin"
-      endpoints:
-      - lbEndpoints:
-        - endpoint:
-            address:
-              pipe:
-                path: "/var/run/cilium/envoy/sockets/admin.sock"
-dynamicResources:
-  ldsConfig:
-    initialFetchTimeout: "{{ .Values.envoy.initialFetchTimeoutSeconds }}s"
-    apiConfigSource:
-      apiType: "GRPC"
-      transportApiVersion: "V3"
-      grpcServices:
-      - envoyGrpc:
-          clusterName: "xds-grpc-cilium"
-      setNodeOnFirstMessageOnly: true
-    resourceApiVersion: "V3"
-  cdsConfig:
-    initialFetchTimeout: "{{ .Values.envoy.initialFetchTimeoutSeconds }}s"
-    apiConfigSource:
-      apiType: "GRPC"
-      transportApiVersion: "V3"
-      grpcServices:
-      - envoyGrpc:
-          clusterName: "xds-grpc-cilium"
-      setNodeOnFirstMessageOnly: true
-    resourceApiVersion: "V3"
-bootstrapExtensions:
-- name: "envoy.bootstrap.internal_listener"
-  typedConfig:
-    "@type": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"
-overloadManager:
-  resourceMonitors:
-  - name: "envoy.resource_monitors.global_downstream_max_connections"
-    typedConfig:
-      "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig"
-      max_active_downstream_connections: "50000"
-admin:
-  address:
-    pipe:
-      path: "/var/run/cilium/envoy/sockets/admin.sock"

packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml

@@ -315,9 +315,13 @@ spec:
         {{- end}}
         - name: cilium-run
           mountPath: /var/run/cilium
+        {{- /* mount the directory if socketLB.enabled is true and socketLB.terminatePodConnections is not explicitly set to false */ -}}
+        {{- if or (and (kindIs "invalid" .Values.socketLB.terminatePodConnections) .Values.socketLB.enabled)
+                  (and .Values.socketLB.enabled .Values.socketLB.terminatePodConnections)  }}
         - name: cilium-netns
           mountPath: /var/run/cilium/netns
           mountPropagation: HostToContainer
+        {{- end}}
         - name: etc-cni-netd
           mountPath: {{ .Values.cni.hostConfDirMountPath }}
         {{- if .Values.etcd.enabled }}
@@ -793,11 +797,14 @@ spec:
         hostPath:
           path: {{ .Values.daemon.runPath }}
           type: DirectoryOrCreate
+      {{- if or (and (kindIs "invalid" .Values.socketLB.terminatePodConnections) .Values.socketLB.enabled)
+                (and .Values.socketLB.enabled .Values.socketLB.terminatePodConnections)  }}
         # To exec into pod network namespaces
       - name: cilium-netns
         hostPath:
           path: /var/run/netns
           type: DirectoryOrCreate
+      {{- end }}
       {{- if .Values.bpf.autoMount.enabled }}
         # To keep state between restarts / upgrades for bpf maps
       - name: bpf-maps

packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml

@@ -513,10 +513,10 @@ data:
   subnet-ids-filter: {{ .Values.eni.subnetIDsFilter | join " " | quote }}
 {{- end }}
 {{- if .Values.eni.subnetTagsFilter }}
-  subnet-tags-filter: {{ .Values.eni.subnetTagsFilter |  join "," | quote }}
+  subnet-tags-filter: {{ .Values.eni.subnetTagsFilter |  join " " | quote }}
 {{- end }}
 {{- if .Values.eni.instanceTagsFilter }}
-  instance-tags-filter: {{ .Values.eni.instanceTagsFilter | join "," | quote }}
+  instance-tags-filter: {{ .Values.eni.instanceTagsFilter | join " " | quote }}
 {{- end }}
 {{- end }}
 {{ if .Values.eni.gcInterval }}
@@ -718,6 +718,8 @@ data:
 {{- end }}
 {{- if hasKey $socketLB "terminatePodConnections" }}
   bpf-lb-sock-terminate-pod-connections: {{ $socketLB.terminatePodConnections | quote }}
+{{- else if hasKey $socketLB "enabled" }}
+  bpf-lb-sock-terminate-pod-connections: {{ $socketLB.enabled | quote }}
 {{- end }}
 {{- if hasKey $socketLB "tracing" }}
   trace-sock: {{ $socketLB.tracing | quote }}

packages/system/cilium/charts/cilium/templates/cilium-envoy/configmap.yaml

@@ -12,7 +12,6 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 data:
-  # Keep the key name as bootstrap-config.json to avoid breaking changes
-  bootstrap-config.json: |
-    {{- (tpl (.Files.Get "files/cilium-envoy/configmap/bootstrap-config.yaml") .) | fromYaml | toJson | nindent 4 }}
+{{- (tpl (.Files.Glob "files/cilium-envoy/configmap/bootstrap-config.json").AsConfig .) | nindent 2 }}
+
 {{- end }}

packages/system/cilium/charts/cilium/templates/hubble-ui/_nginx.tpl

@@ -13,12 +13,24 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
 
+        # CORS
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
+        add_header Access-Control-Allow-Origin *;
+        add_header Access-Control-Max-Age 1728000;
+        add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
+        add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
+        if ($request_method = OPTIONS) {
+            return 204;
+        }
+        # /CORS
+
         location {{ .Values.hubble.ui.baseUrl }}api {
             {{- if not (eq .Values.hubble.ui.baseUrl "/") }}
             rewrite ^{{ (trimSuffix "/" .Values.hubble.ui.baseUrl) }}(/.*)$ $1 break;
             {{- end }}
             proxy_http_version 1.1;
             proxy_pass_request_headers on;
+            proxy_hide_header Access-Control-Allow-Origin;
             {{- if eq .Values.hubble.ui.baseUrl "/" }}
             proxy_pass http://127.0.0.1:8090;
             {{- else }}

packages/system/cilium/charts/cilium/values.yaml

@@ -153,10 +153,10 @@ image:
   # @schema
   override: ~
   repository: "quay.io/cilium/cilium"
-  tag: "v1.16.6"
+  tag: "v1.16.5"
   pullPolicy: "IfNotPresent"
   # cilium-digest
-  digest: "sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da"
+  digest: "sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d"
   useDigest: true
 # -- Affinity for cilium-agent.
 affinity:
@@ -1314,9 +1314,9 @@ hubble:
       # @schema
       override: ~
       repository: "quay.io/cilium/hubble-relay"
-      tag: "v1.16.6"
+      tag: "v1.16.5"
       # hubble-relay-digest
-      digest: "sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b"
+      digest: "sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00"
       useDigest: true
       pullPolicy: "IfNotPresent"
     # -- Specifies the resources for the hubble-relay pods
@@ -2165,9 +2165,9 @@ envoy:
     # @schema
     override: ~
     repository: "quay.io/cilium/cilium-envoy"
-    tag: "v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5"
+    tag: "v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8"
     pullPolicy: "IfNotPresent"
-    digest: "sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88"
+    digest: "sha256:709c08ade3d17d52da4ca2af33f431360ec26268d288d9a6cd1d98acc9a1dced"
     useDigest: true
   # -- Additional containers added to the cilium Envoy DaemonSet.
   extraContainers: []
@@ -2480,15 +2480,15 @@ operator:
     # @schema
     override: ~
     repository: "quay.io/cilium/operator"
-    tag: "v1.16.6"
+    tag: "v1.16.5"
     # operator-generic-digest
-    genericDigest: "sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc"
+    genericDigest: "sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039"
     # operator-azure-digest
-    azureDigest: "sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd"
+    azureDigest: "sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9"
     # operator-aws-digest
-    awsDigest: "sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d"
+    awsDigest: "sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476"
     # operator-alibabacloud-digest
-    alibabacloudDigest: "sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9"
+    alibabacloudDigest: "sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0"
     useDigest: true
     pullPolicy: "IfNotPresent"
     suffix: ""
@@ -2762,9 +2762,9 @@ preflight:
     # @schema
     override: ~
     repository: "quay.io/cilium/cilium"
-    tag: "v1.16.6"
+    tag: "v1.16.5"
     # cilium-digest
-    digest: "sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da"
+    digest: "sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d"
     useDigest: true
     pullPolicy: "IfNotPresent"
   # -- The priority class to use for the preflight pod.
@@ -2911,9 +2911,9 @@ clustermesh:
       # @schema
       override: ~
       repository: "quay.io/cilium/clustermesh-apiserver"
-      tag: "v1.16.6"
+      tag: "v1.16.5"
       # clustermesh-apiserver-digest
-      digest: "sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a"
+      digest: "sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958"
       useDigest: true
       pullPolicy: "IfNotPresent"
     # -- TCP port for the clustermesh-apiserver health API.
@@ -3412,7 +3412,7 @@ authentication:
           override: ~
           repository: "docker.io/library/busybox"
           tag: "1.36.1"
-          digest: "sha256:71b79694b71639e633452f57fd9de40595d524de308349218d9a6a144b40be02"
+          digest: "sha256:d75b758a4fea99ffff4db799e16f853bbde8643671b5b72464a8ba94cbe3dbe3"
           useDigest: true
           pullPolicy: "IfNotPresent"
         # SPIRE agent configuration

packages/system/cilium/images/cilium/Dockerfile

@@ -1,2 +1,2 @@
-ARG VERSION=v1.16.6
+ARG VERSION=v1.16.5
 FROM quay.io/cilium/cilium:${VERSION}

packages/system/cilium/values.yaml

@@ -12,7 +12,7 @@ cilium:
     mode: "kubernetes"
   image:
     repository: ghcr.io/aenix-io/cozystack/cilium
-    tag: 1.16.6
-    digest: "sha256:cf64df62897b071d5a9a005564ecbfb9124aa82a96957e329ce28a187864f113"
+    tag: 1.16.5
+    digest: "sha256:eae9d5531c115f8946990a731bfaaebc905b020a2957559b3c9f2ce1c655a834"
   envoy:
     enabled: false

packages/system/cozy-proxy/Chart.yaml

@@ -1,3 +0,0 @@
-apiVersion: v2
-name: cozy-cozy-proxy
-version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/cozy-proxy/Makefile

@@ -1,11 +0,0 @@
-NAME=cozy-proxy
-NAMESPACE=cozy-system
-
-include ../../../scripts/common-envs.mk
-include ../../../scripts/package.mk
-
-update:
-	rm -rf charts
-	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/aenix-io/cozy-proxy | awk -F'[/^]' 'END{print $$3}') && \
-	curl -sSL https://github.com/aenix-io/cozy-proxy/archive/refs/tags/$${tag}.tar.gz | \
-	tar xzvf - --strip 1 cozy-proxy-$${tag#*v}/charts

packages/system/cozy-proxy/charts/cozy-proxy/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: cozy-proxy
-description: A simple kube-proxy addon for 1:1 NAT services in Kubernetes using an NFT backend
-type: application
-version: 0.1.2
-appVersion: 0.1.2

packages/system/cozy-proxy/charts/cozy-proxy/templates/_helpers.tpl

@@ -1,24 +0,0 @@
-{{- define "cozy-proxy.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "cozy-proxy.fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if .Values.fullnameOverride -}}
-  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-  {{- if eq .Release.Name $name }}
-    {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-  {{- else -}}
-    {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "cozy-proxy.labels" -}}
-helm.sh/chart: {{ include "cozy-proxy.name" . }}-{{ .Chart.Version | replace "+" "_" }}
-app.kubernetes.io/name: {{ include "cozy-proxy.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/version: {{ .Chart.AppVersion }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}

packages/system/cozy-proxy/charts/cozy-proxy/templates/daemonset.yaml

@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: {{ include "cozy-proxy.fullname" . }}
-  labels:
-    {{- include "cozy-proxy.labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app: {{ include "cozy-proxy.name" . }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "cozy-proxy.name" . }}
-      annotations:
-        {{- toYaml .Values.daemonset.podAnnotations | nindent 8 }}
-    spec:
-      serviceAccountName: {{ include "cozy-proxy.fullname" . }}
-      hostNetwork: {{ .Values.daemonset.hostNetwork }}
-      containers:
-        - name: cozy-proxy
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          securityContext:
-            privileged: true
-            capabilities:
-              add: ["NET_ADMIN"]

packages/system/cozy-proxy/charts/cozy-proxy/templates/role.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "cozy-proxy.fullname" . }}
-  labels:
-    {{- include "cozy-proxy.labels" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["services", "endpoints"]
-    verbs: ["get", "list", "watch"]
-{{- end }}

packages/system/cozy-proxy/charts/cozy-proxy/templates/rolebinding.yaml

@@ -1,16 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "cozy-proxy.fullname" . }}
-  labels:
-    {{- include "cozy-proxy.labels" . | nindent 4 }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "cozy-proxy.fullname" . }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "cozy-proxy.fullname" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}

packages/system/cozy-proxy/charts/cozy-proxy/templates/serviceaccount.yaml

@@ -1,8 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "cozy-proxy.fullname" . }}
-  labels:
-    {{- include "cozy-proxy.labels" . | nindent 4 }}
-{{- end }}

packages/system/cozy-proxy/charts/cozy-proxy/values.yaml

@@ -1,12 +0,0 @@
-image:
-  repository: ghcr.io/aenix-io/cozystack/cozy-proxy
-  tag: v0.1.2
-  pullPolicy: IfNotPresent
-
-daemonset:
-  hostNetwork: true
-  podAnnotations: {}
-  podLabels: {}
-
-rbac:
-  create: true

packages/system/cozy-proxy/values.yaml

@@ -1,2 +0,0 @@
-cozy-proxy:
-  fullnameOverride: cozy-proxy

packages/system/cozystack-api/templates/configmap.yaml

@@ -300,17 +300,3 @@ data:
             kind: HelmRepository
             name: cozystack-extra
             namespace: cozy-public
-    - application:
-        kind: BootBox
-        plural: bootboxes
-        singular: bootbox
-      release:
-        prefix: ""
-        labels:
-          cozystack.io/ui: "true"
-        chart:
-          name: bootbox
-          sourceRef:
-            kind: HelmRepository
-            name: cozystack-extra
-            namespace: cozy-public