[dx] fix version_map generator to exclude duplicates

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-01-30 18:19:02 +00:00 · 2025-05-28 13:11:24 +02:00
49 changed files with 326 additions and 669 deletions
--- a/.github/workflows/pull-requests-release.yaml
+++ b/.github/workflows/pull-requests-release.yaml
@@ -16,6 +16,7 @@ jobs:
      contents: read
      packages: write

+    # Run only when the PR carries the "release" label and not closed.
    if: |
      contains(github.event.pull_request.labels.*.name, 'release') &&
      github.event.action != 'closed'
@@ -34,64 +35,6 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}
          registry: ghcr.io

-      - name: Extract tag from PR branch
-        id: get_tag
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const branch = context.payload.pull_request.head.ref;
-            const m = branch.match(/^release-(\d+\.\d+\.\d+(?:[-\w\.]+)?)$/);
-            if (!m) {
-              core.setFailed(`❌ Branch '${branch}' does not match 'release-X.Y.Z[-suffix]'`);
-              return;
-            }
-            const tag = `v${m[1]}`;
-            core.setOutput('tag', tag);
-
-      - name: Find draft release and get asset IDs
-        id: fetch_assets
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GH_PAT }}
-          script: |
-            const tag = '${{ steps.get_tag.outputs.tag }}';
-            const releases = await github.rest.repos.listReleases({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              per_page: 100
-            });
-            const draft = releases.data.find(r => r.tag_name === tag && r.draft);
-            if (!draft) {
-              core.setFailed(`Draft release '${tag}' not found`);
-              return;
-            }
-            const findAssetId = (name) =>
-              draft.assets.find(a => a.name === name)?.id;
-            const installerId = findAssetId("cozystack-installer.yaml");
-            const diskId = findAssetId("nocloud-amd64.raw.xz");
-            if (!installerId || !diskId) {
-              core.setFailed("Missing required assets");
-              return;
-            }
-            core.setOutput("installer_id", installerId);
-            core.setOutput("disk_id", diskId);
-      
-      - name: Download assets from GitHub API
-        run: |
-          mkdir -p _out/assets
-          curl -sSL \
-            -H "Authorization: token ${GH_PAT}" \
-            -H "Accept: application/octet-stream" \
-            -o _out/assets/cozystack-installer.yaml \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${{ steps.fetch_assets.outputs.installer_id }}"
-          curl -sSL \
-            -H "Authorization: token ${GH_PAT}" \
-            -H "Accept: application/octet-stream" \
-            -o _out/assets/nocloud-amd64.raw.xz \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${{ steps.fetch_assets.outputs.disk_id }}"
-        env:
-          GH_PAT: ${{ secrets.GH_PAT }}
-
      - name: Run tests
        run: make test

--- a/.github/workflows/pull-requests.yaml
+++ b/.github/workflows/pull-requests.yaml
@@ -9,8 +9,8 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  build:
-    name: Build
+  e2e:
+    name: Build and Test
    runs-on: [self-hosted]
    permissions:
      contents: read
@@ -37,38 +37,5 @@ jobs:
      - name: Build
        run: make build

-      - name: Build Talos image
-        run: make -C packages/core/installer talos-nocloud
-
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: cozystack-artefacts
-          path: |
-            _out/assets/nocloud-amd64.raw.xz
-            _out/assets/cozystack-installer.yaml
-
-  test:
-    name: Test
-    runs-on: [self-hosted]
-    needs: build
-
-    # Never run when the PR carries the "release" label.
-    if: |
-      !contains(github.event.pull_request.labels.*.name, 'release')
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          fetch-tags: true
-
-      - name: Download artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: cozystack-artefacts
-          path: _out/assets/
-
      - name: Test
        run: make test
--- a/2
+++ b/2
@@ -43,7 +43,7 @@ manifests:
 	(cd packages/core/installer/; helm template -n cozy-installer installer .) > _out/assets/cozystack-installer.yaml

 assets:
-	make -C packages/core/installer assets
+	make -C packages/core/installer/ assets

 test:
 	make -C packages/core/testing apply
--- a/docs/changelogs/v0.31.0.md
+++ b/docs/changelogs/v0.31.0.md
@@ -1,129 +1,39 @@
-Cozystack v0.31.0 is a significant release that brings new features, key fixes, and updates to underlying components.
-This version enhances GPU support, improves many components of Cozystack, and introduces a more robust release process to improve stability.
-Below, we'll go over the highlights in each area for current users, developers, and our community.
+This is the third release candidate for the upcoming Cozystack v0.31.0 release.
+The release notes show changes accumulated since the release of previous version, Cozystack v0.30.0.

-## Major Features and Improvements
+Cozystack 0.31.0 further advances GPU support, monitoring, and all-around convenience features.

-### GPU support for tenant Kubernetes clusters
+## New Features and Changes

-Cozystack now integrates NVIDIA GPU Operator support for tenant Kubernetes clusters.
-This enables platform users to run GPU-powered AI/ML applications in their own clusters.
-To enable GPU Operator, set `addons.gpuOperator.enabled: true` in the cluster configuration.
-(@kvaps in https://github.com/cozystack/cozystack/pull/834)
-
-Check out Andrei Kvapil's CNCF webinar [showcasing the GPU support by running Stable Diffusion in Cozystack](https://www.youtube.com/watch?v=S__h_QaoYEk).
-
-<!--
 * [kubernetes] Introduce GPU support for tenant Kubernetes clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/834)
-->
-
-### Cilium Improvements
-
-Cozystack’s Cilium integration received two significant enhancements.
-First, Gateway API support in Cilium is now enabled, allowing advanced L4/L7 routing features via Kubernetes Gateway API.
-We thank Zdenek Janda @zdenekjanda for contributing this feature in https://github.com/cozystack/cozystack/pull/924.
-
-Second, Cozystack now permits custom user-provided parameters in the tenant cluster’s Cilium configuration.
-(@lllamnyp in https://github.com/cozystack/cozystack/pull/917)
-
-<!--
-* [cilium] Enable Cilium Gateway API. (@zdenekjanda in https://github.com/cozystack/cozystack/pull/924)
-* [cilium] Enable user-added parameters in a tenant cluster Cilium. (@lllamnyp in https://github.com/cozystack/cozystack/pull/917)
-->
-
-### Cross-Architecture Builds (ARM Support Beta)
-
-Cozystack's build system was refactored to support multi-architecture binaries and container images.
-This paves the road to running Cozystack on ARM64 servers.
-Changes include Makefile improvements (https://github.com/cozystack/cozystack/pull/907)
-and multi-arch Docker image builds (https://github.com/cozystack/cozystack/pull/932 and https://github.com/cozystack/cozystack/pull/970).
-
-We thank Nikita Bykov @nbykov0 for his ongoing work on ARM support!
-
-<!--
-* Introduce support for cross-architecture builds and Cozystack on ARM:
-    * [build] Refactor Makefiles introducing build variables. (@nbykov0 in https://github.com/cozystack/cozystack/pull/907)
-    * [build] Add support for multi-architecture and cross-platform image builds. (@nbykov0 in https://github.com/cozystack/cozystack/pull/932 and https://github.com/cozystack/cozystack/pull/970)
-->
-
-### VerticalPodAutoscaler (VPA) Expansion
-
-The VerticalPodAutoscaler is now enabled for more Cozystack components to automate resource tuning.
-Specifically, VPA was added for tenant Kubernetes control planes (@klinch0 in https://github.com/cozystack/cozystack/pull/806),
-the Cozystack Dashboard (https://github.com/cozystack/cozystack/pull/828),
-and the Cozystack etcd-operator (https://github.com/cozystack/cozystack/pull/850).
-All Cozystack components that have VPA enabled can automatically adjust their CPU and memory requests based on usage, improving platform and application stability.
-
-<!--
 * Add VerticalPodAutoscaler to a few more components:
    * [kubernetes] Kubernetes clusters in user tenants. (@klinch0 in https://github.com/cozystack/cozystack/pull/806)
    * [platform] Cozystack dashboard. (@klinch0 in https://github.com/cozystack/cozystack/pull/828)
    * [platform] Cozystack etcd-operator (@klinch0 in https://github.com/cozystack/cozystack/pull/850)
-->
-
-### Tenant HelmRelease Reconcile Controller
-
-A new controller was introduced to monitor and synchronize HelmRelease resources across tenants.
-This controller propagates configuration changes to tenant workloads and ensures that any HelmRelease defined in a tenant
-stays in sync with platform updates.
-It improves the reliability of deploying managed applications in Cozystack.
-(@klinch0 in https://github.com/cozystack/cozystack/pull/870)
-
-<!--
+* Introduce support for cross-architecture builds and Cozystack on ARM:
+    * [build] Refactor Makefiles introducing build variables. (@nbykov0 in https://github.com/cozystack/cozystack/pull/907)
+    * [build] Add support for multi-architecture and cross-platform image builds. (@nbykov0 in https://github.com/cozystack/cozystack/pull/932 and https://github.com/cozystack/cozystack/pull/970)
 * [platform] Introduce a new controller to synchronize tenant HelmReleases and propagate configuration changes. (@klinch0 in https://github.com/cozystack/cozystack/pull/870)
-->
-
-### Virtual Machine Improvements
-
-**Configurable KubeVirt CPU Overcommit**: The CPU allocation ratio in KubeVirt (how virtual CPUs are overcommitted relative to physical) is now configurable
-via the `cpu-allocation-ratio` value in the Cozystack configmap.
-This means Cozystack administrators can now tune CPU overcommitment for VMs to balance performance vs. density.
-(@lllamnyp in https://github.com/cozystack/cozystack/pull/905)
-
-**KubeVirt VM Export**: Cozystack now allows exporting KubeVirt virtual machines.
-This feature, enabled via KubeVirt's `VirtualMachineExport` capability, lets users snapshot or back up VM images.
-(@kvaps in https://github.com/cozystack/cozystack/pull/808)
-
-**Support for various storage classes in Virtual Machines**: The `virtual-machine` application (since version 0.9.2) lets you pick any StorageClass for a VM's 
-system disk instead of relying on a hard-coded PVC.
-Refer to values `systemDisk.storage` and `systemDisk.storageClass` in the [application's configs](https://cozystack.io/docs/reference/applications/virtual-machine/#common-parameters).
-(@kvaps in https://github.com/cozystack/cozystack/pull/974)
-
-<!--
+* [platform] Introduce options `expose-services`, `expose-ingress` and `expose-external-ips` to the ingress service. (@kvaps in https://github.com/cozystack/cozystack/pull/929)
 * [kubevirt] Enable exporting VMs. (@kvaps in https://github.com/cozystack/cozystack/pull/808)
 * [kubevirt] Make KubeVirt's CPU allocation ratio configurable. (@lllamnyp in https://github.com/cozystack/cozystack/pull/905)
 * [virtual-machine] Add support for various storages. (@kvaps in https://github.com/cozystack/cozystack/pull/974)
-->
-
-### Other Features and Improvements
-
-* [platform] Introduce options `expose-services`, `expose-ingress`, and `expose-external-ips` to the ingress service. (@kvaps in https://github.com/cozystack/cozystack/pull/929)
 * [cozystack-controller] Record the IP address pool and storage class in Workload objects. (@lllamnyp in https://github.com/cozystack/cozystack/pull/831)
+* [cilium] Enable Cilium Gateway API. (@zdenekjanda in https://github.com/cozystack/cozystack/pull/924)
+* [cilium] Enable user-added parameters in a tenant cluster Cilium. (@lllamnyp in https://github.com/cozystack/cozystack/pull/917)
 * [apps] Remove user-facing config of limits and requests. (@lllamnyp in https://github.com/cozystack/cozystack/pull/935)
-
-## New Release Lifecycle
-
-Cozystack release lifecycle is changing to provide a more stable and predictable lifecycle to customers running Cozystack in mission-critical environments.
-
-* **Gradual Release with Alpha, Beta, and Release Candidates**: Cozystack will now publish pre-release versions (alpha, beta, release candidates) before a stable release.
-  Starting with v0.31.0, the team made three release candidates before releasing version v0.31.0.
-  This allows more testing and feedback before marking a release as stable.
-
-* **Prolonged Release Support with Patch Versions**: After the initial `vX.Y.0` release, a long-lived branch `release-X.Y` will be created to backport fixes.
-  For example, with 0.31.0’s release, a `release-0.31` branch will track patch fixes (`0.31.x`).
-  This strategy lets Cozystack users receive timely patch releases and updates with minimal risks.
-
-To implement these new changes, we have rebuilt our CI/CD workflows and introduced automation, enabling automatic backports.
-You can read more about how it's implemented in the Development section below.
-
-For more information, read the [Cozystack Release Workflow](https://github.com/cozystack/cozystack/blob/main/docs/release.md) documentation.
+* Update the Cozystack release policy to include long-lived release branches and start with release candidates. Update CI workflows and docs accordingly.
+    * Use release branches `release-X.Y` for gathering and releasing fixes after initial `vX.Y.0` release. (@kvaps in https://github.com/cozystack/cozystack/pull/816)
+    * Automatically create release branches after initial `vX.Y.0` release is published. (@kvaps in https://github.com/cozystack/cozystack/pull/886)
+    * Introduce Release Candidate versions. Automate patch backporting by applying patches from pull requests labeled `[backport]` to the current release branch. (@kvaps in https://github.com/cozystack/cozystack/pull/841 and https://github.com/cozystack/cozystack/pull/901, @nickvolynkin in https://github.com/cozystack/cozystack/pull/890)
+    * Support alpha and beta pre-releases. (@kvaps in https://github.com/cozystack/cozystack/pull/978)
+    * Commit changes in release pipelines under `github-actions <github-actions@github.com>`. (@kvaps in https://github.com/cozystack/cozystack/pull/823)
+    * Describe the Cozystack release workflow. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/817 and https://github.com/cozystack/cozystack/pull/897)

 ## Fixes

 * [virtual-machine] Add GPU names to the virtual machine specifications. (@kvaps in https://github.com/cozystack/cozystack/pull/862)
 * [virtual-machine] Count Workload resources for pods by requests, not limits. Other improvements to VM resource tracking. (@lllamnyp in https://github.com/cozystack/cozystack/pull/904)
-* [virtual-machine] Set PortList method by default. (@kvaps in https://github.com/cozystack/cozystack/pull/996)
-* [virtual-machine] Specify ports even for wholeIP mode. (@kvaps in https://github.com/cozystack/cozystack/pull/1000)
 * [platform] Fix installing HelmReleases on initial setup. (@kvaps in https://github.com/cozystack/cozystack/pull/833)
 * [platform] Migration scripts update Kubernetes ConfigMap with the current stack version for improved version tracking. (@klinch0 in https://github.com/cozystack/cozystack/pull/840)
 * [platform] Reduce requested CPU and RAM for the `kamaji` provider. (@klinch0 in https://github.com/cozystack/cozystack/pull/825)
@@ -135,8 +45,7 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * [kubernetes] Fix merging `valuesOverride` for tenant clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/879)
 * [kubernetes] Fix `ubuntu-container-disk` tag. (@kvaps in https://github.com/cozystack/cozystack/pull/887)
 * [kubernetes] Refactor Helm manifests for tenant Kubernetes clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/866)
-* [kubernetes] Fix Ingress-NGINX depends on Cert-Manager. (@kvaps in https://github.com/cozystack/cozystack/pull/976)
-* [kubernetes, apps] Enable `topologySpreadConstraints` for tenant Kubernetes clusters and fix it for managed PostgreSQL. (@klinch0 in https://github.com/cozystack/cozystack/pull/995)
+* [kubernetes] Fix Ingress-NGINX depends on Cert-Manager . (@kvaps in https://github.com/cozystack/cozystack/pull/976)
 * [tenant] Fix an issue with accessing external IPs of a cluster from the cluster itself. (@kvaps in https://github.com/cozystack/cozystack/pull/854)
 * [cluster-api] Remove the no longer necessary workaround for Kamaji. (@kvaps in https://github.com/cozystack/cozystack/pull/867, patched in https://github.com/cozystack/cozystack/pull/956) 
 * [monitoring] Remove legacy label "POD" from the exclude filter in metrics. (@xy2 in https://github.com/cozystack/cozystack/pull/826)
@@ -145,13 +54,24 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * [postgres] Remove duplicated `template` entry from backup manifest. (@etoshutka in https://github.com/cozystack/cozystack/pull/872)
 * [kube-ovn] Fix versions mapping in Makefile. (@kvaps in https://github.com/cozystack/cozystack/pull/883)
 * [dx] Automatically detect version for migrations in the installer.sh. (@kvaps in https://github.com/cozystack/cozystack/pull/837)
-* [dx] remove version_map and building for library charts. (@kvaps in https://github.com/cozystack/cozystack/pull/998)
-* [docs] Review the tenant Kubernetes cluster docs. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/969)
-* [docs] Explain that tenants cannot have dashes in their names. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/980)
+* [e2e] Increase timeout durations for `capi` and `keycloak` to improve reliability during environment setup. (@kvaps in https://github.com/cozystack/cozystack/pull/858)
+* [e2e] Fix `device_ownership_from_security_context` CRI. (@dtrdnk in https://github.com/cozystack/cozystack/pull/896)
+* [e2e] Return `genisoimage` to the e2e-test Dockerfile (@gwynbleidd2106 in https://github.com/cozystack/cozystack/pull/962)
+* [ci] Improve the check for `versions_map` running on pull requests. (@kvaps and @klinch0 in https://github.com/cozystack/cozystack/pull/836, https://github.com/cozystack/cozystack/pull/842, and https://github.com/cozystack/cozystack/pull/845)
+* [ci] If the release step was skipped on a tag, skip tests as well. (@kvaps in https://github.com/cozystack/cozystack/pull/822)
+* [ci] Allow CI to cancel the previous job if a new one is scheduled. (@kvaps in https://github.com/cozystack/cozystack/pull/873)
+* [ci] Use the correct version name when uploading build assets to the release page. (@kvaps in https://github.com/cozystack/cozystack/pull/876)
+* [ci] Stop using `ok-to-test` label to trigger CI in pull requests. (@kvaps in https://github.com/cozystack/cozystack/pull/875)
+* [ci] Do not run tests in the release building pipeline. (@kvaps in https://github.com/cozystack/cozystack/pull/882)
+* [ci] Fix release branch creation. (@kvaps in https://github.com/cozystack/cozystack/pull/884)
+* [ci, dx] Reduce noise in the test logs by suppressing the `wget` progress bar. (@lllamnyp in https://github.com/cozystack/cozystack/pull/865)
+* [ci] Revert "automatically trigger tests in releasing PR". (@kvaps in https://github.com/cozystack/cozystack/pull/900)
+* [ci] Force-update release branch on tagged main commits . (@kvaps in https://github.com/cozystack/cozystack/pull/977)
+* [docs] Explain that tenants cannot have dashes in the names. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/980)

 ## Dependencies

-* MetalLB images are now built in-tree based on version 0.14.9 with additional critical patches. (@lllamnyp in https://github.com/cozystack/cozystack/pull/945)
+* MetalLB s now included directly as a patched image based on version 0.14.9. (@lllamnyp in https://github.com/cozystack/cozystack/pull/945)
 * Update Kubernetes to v1.32.4. (@kvaps in https://github.com/cozystack/cozystack/pull/949)
 * Update Talos Linux to v1.10.1. (@kvaps in https://github.com/cozystack/cozystack/pull/931)
 * Update Cilium to v1.17.3. (@kvaps in https://github.com/cozystack/cozystack/pull/848)
@@ -163,81 +83,15 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * Update KamajiControlPlane to edge-25.4.1. (@kvaps in https://github.com/cozystack/cozystack/pull/953, fixed by @nbykov0 in https://github.com/cozystack/cozystack/pull/983)
 * Update cert-manager to v1.17.2. (@kvaps in https://github.com/cozystack/cozystack/pull/975)

-## Documentation
+## Maintenance

-* [Installing Talos in Air-Gapped Environment](https://cozystack.io/docs/operations/talos/configuration/air-gapped/):
-  new guide for configuring and bootstrapping Talos Linux clusters in air-gapped environments.
-  (@klinch0 in https://github.com/cozystack/website/pull/203)
+* Add @klinch0 to CODEOWNERS. (@kvaps in https://github.com/cozystack/cozystack/pull/838)

-* [Cozystack Bundles](https://cozystack.io/docs/guides/bundles/): new page in the learning section explaining how Cozystack bundles work and how to choose a bundle.
-  (@NickVolynkin in https://github.com/cozystack/website/pull/188, https://github.com/cozystack/website/pull/189, and others;
-  updated by @kvaps in https://github.com/cozystack/website/pull/192 and https://github.com/cozystack/website/pull/193)
-
-* [Managed Application Reference](https://cozystack.io/docs/reference/applications/): A set of new pages in the docs, mirroring application docs from the Cozystack dashboard.
-  (@NickVolynkin in https://github.com/cozystack/website/pull/198, https://github.com/cozystack/website/pull/202, and https://github.com/cozystack/website/pull/204)
-
-* **LINSTOR Networking**: Guides on [configuring dedicated network for LINSTOR](https://cozystack.io/docs/operations/storage/dedicated-network/)
-and [configuring network for distributed storage in multi-datacenter setup](https://cozystack.io/docs/operations/stretched/linstor-dedicated-network/).
-(@xy2, edited by @NickVolynkin in https://github.com/cozystack/website/pull/171, https://github.com/cozystack/website/pull/182, and https://github.com/cozystack/website/pull/184)
-
-### Fixes
-
-* Correct error in the doc for the command to edit the configmap. (@lb0o in https://github.com/cozystack/website/pull/207)
-* Fix group name in OIDC docs (@kingdonb in https://github.com/cozystack/website/pull/179)
-* A bit more explanation of Docker buildx builders. (@nbykov0 in https://github.com/cozystack/website/pull/187)
-
-## Development, Testing, and CI/CD
-
-### Testing
-
-Improvements:
-
-* Introduce `cozytest` — a new [BATS-based](https://github.com/bats-core/bats-core) testing framework. (@kvaps in https://github.com/cozystack/cozystack/pull/982)
-
-Fixes:
-
-* Fix `device_ownership_from_security_context` CRI. (@dtrdnk in https://github.com/cozystack/cozystack/pull/896)
-* Increase timeout durations for `capi` and `keycloak` to improve reliability during e2e-tests. (@kvaps in https://github.com/cozystack/cozystack/pull/858)
-* Return `genisoimage` to the e2e-test Dockerfile (@gwynbleidd2106 in https://github.com/cozystack/cozystack/pull/962)
-
-### CI/CD Changes
-                          
-Improvements:
-
-* Use release branches `release-X.Y` for gathering and releasing fixes after initial `vX.Y.0` release. (@kvaps in https://github.com/cozystack/cozystack/pull/816)
-* Automatically create release branches after initial `vX.Y.0` release is published. (@kvaps in https://github.com/cozystack/cozystack/pull/886)
-* Introduce Release Candidate versions. Automate patch backporting by applying patches from pull requests labeled `[backport]` to the current release branch. (@kvaps in https://github.com/cozystack/cozystack/pull/841 and https://github.com/cozystack/cozystack/pull/901, @nickvolynkin in https://github.com/cozystack/cozystack/pull/890)
-* Support alpha and beta pre-releases. (@kvaps in https://github.com/cozystack/cozystack/pull/978)
-* Commit changes in release pipelines under `github-actions <github-actions@github.com>`. (@kvaps in https://github.com/cozystack/cozystack/pull/823)
-* Describe the Cozystack release workflow. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/817 and https://github.com/cozystack/cozystack/pull/897)
-
-Fixes:
-
-* Improve the check for `versions_map` running on pull requests. (@kvaps and @klinch0 in https://github.com/cozystack/cozystack/pull/836, https://github.com/cozystack/cozystack/pull/842, and https://github.com/cozystack/cozystack/pull/845)
-* If the release step was skipped on a tag, skip tests as well. (@kvaps in https://github.com/cozystack/cozystack/pull/822)
-* Allow CI to cancel the previous job if a new one is scheduled. (@kvaps in https://github.com/cozystack/cozystack/pull/873)
-* Use the correct version name when uploading build assets to the release page. (@kvaps in https://github.com/cozystack/cozystack/pull/876)
-* Stop using `ok-to-test` label to trigger CI in pull requests. (@kvaps in https://github.com/cozystack/cozystack/pull/875)
-* Do not run tests in the release building pipeline. (@kvaps in https://github.com/cozystack/cozystack/pull/882)
-* Fix release branch creation. (@kvaps in https://github.com/cozystack/cozystack/pull/884)
-* Reduce noise in the test logs by suppressing the `wget` progress bar. (@lllamnyp in https://github.com/cozystack/cozystack/pull/865)
-* Revert "automatically trigger tests in releasing PR". (@kvaps in https://github.com/cozystack/cozystack/pull/900)
-* Force-update release branch on tagged main commits. (@kvaps in https://github.com/cozystack/cozystack/pull/977)
-* Show detailed errors in the `pull-request-release` workflow. (@lllamnyp in https://github.com/cozystack/cozystack/pull/992)
-
-## Community and Maintenance
-
-### Repository Maintenance
-
-Added @klinch0 to CODEOWNERS. (@kvaps in https://github.com/cozystack/cozystack/pull/838)
-
-### New Contributors
+## New Contributors

 * @etoshutka made their first contribution in https://github.com/cozystack/cozystack/pull/872
 * @dtrdnk made their first contribution in https://github.com/cozystack/cozystack/pull/896
 * @zdenekjanda made their first contribution in https://github.com/cozystack/cozystack/pull/924
 * @gwynbleidd2106 made their first contribution in https://github.com/cozystack/cozystack/pull/962

-## Full Changelog
-
-See https://github.com/cozystack/cozystack/compare/v0.30.0...v0.31.0
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.30.0...v0.31.0-rc.3
--- a/hack/e2e-cluster.bats
+++ b/hack/e2e-cluster.bats
@@ -3,14 +3,12 @@
 # Cozystack end‑to‑end provisioning test (Bats)
 # -----------------------------------------------------------------------------

-@test "Required installer assets exist" {
-  if [ ! -f _out/assets/cozystack-installer.yaml ]; then
-    echo "Missing: _out/assets/cozystack-installer.yaml" >&2
-    exit 1
-  fi
-
-  if [ ! -f _out/assets/nocloud-amd64.raw.xz ]; then
-    echo "Missing: _out/assets/nocloud-amd64.raw.xz" >&2
+@test "Environment variable COZYSTACK_INSTALLER_YAML is defined" {
+  if [ -z "${COZYSTACK_INSTALLER_YAML:-}" ]; then
+    echo 'COZYSTACK_INSTALLER_YAML environment variable is not set!' >&2
+    echo >&2
+    echo 'Please export it with the following command:' >&2
+    echo '  export COZYSTACK_INSTALLER_YAML=$(helm template -n cozy-system installer packages/core/installer)' >&2
    exit 1
  fi
 }
@@ -72,15 +70,13 @@ EOF
  done
 }

-@test "Use Talos NoCloud image from assets" {
-  if [ ! -f _out/assets/nocloud-amd64.raw.xz ]; then
-    echo "Missing _out/assets/nocloud-amd64.raw.xz" 2>&1
-    exit 1
+@test "Download Talos NoCloud image" {
+  if [ ! -f nocloud-amd64.raw ]; then
+    wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz \
+      -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
+    rm -f nocloud-amd64.raw
+    xz --decompress nocloud-amd64.raw.xz
  fi
-
-  rm -f nocloud-amd64.raw
-  cp _out/assets/nocloud-amd64.raw.xz .
-  xz --decompress nocloud-amd64.raw.xz
 }

@test "Prepare VM disks" {
@@ -247,8 +243,8 @@ EOF
          --from-literal=api-server-endpoint=https://192.168.123.10:6443 \
          --dry-run=client -o yaml | kubectl apply -f -

-  # Apply installer manifests from file
-  kubectl apply -f _out/assets/cozystack-installer.yaml
+  # Apply installer manifests from env variable
+  echo "$COZYSTACK_INSTALLER_YAML" | kubectl apply -f -

  # Wait for the installer deployment to become available
  kubectl wait deployment/cozystack -n cozy-system --timeout=1m --for=condition=Available
--- a/hack/gen_versions_map.sh
+++ b/hack/gen_versions_map.sh
@@ -61,4 +61,4 @@ resolved_miss_map=$(
  done < $miss_map
 )

-printf "%s\n" "$new_map" "$resolved_miss_map" | sort -k1,1 -k2,2 -V | awk '$1' > "$file"
+printf "%s\n" "$new_map" "$resolved_miss_map" | sort -k1,1 -k2,2 -V | awk '!seen[$1, $2]++' > "$file"
--- a/packages/apps/ferretdb/images/postgres-backup.tag
+++ b/packages/apps/ferretdb/images/postgres-backup.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.12.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
+ghcr.io/cozystack/cozystack/postgres-backup:0.11.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
--- a/packages/apps/ferretdb/templates/postgres.yaml
+++ b/packages/apps/ferretdb/templates/postgres.yaml
@@ -11,9 +11,6 @@ spec:
  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
  {{- if $rawConstraints }}
  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
-    labelSelector:
-      matchLabels:
-        cnpg.io/cluster: {{ .Release.Name }}-postgres
  {{- end }}
  {{- end }}
  minSyncReplicas: {{ .Values.quorum.minSyncReplicas }}
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.5.0@sha256:99cd04f09f80eb0c60cc0b2f6bc8180ada7ada00cb594606447674953dfa1b67
+ghcr.io/cozystack/cozystack/nginx-cache:0.5.0@sha256:158c35dd6a512bd14e86a423be5c8c7ca91ac71999c73cce2714e4db60a2db43
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.21.0
+version: 0.20.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -1,199 +1,77 @@
 # Managed Kubernetes Service

-## Managed Kubernetes in Cozystack
+## Overview

-Whenever you want to deploy a custom containerized application in Cozystack, it's best to deploy it to a managed Kubernetes cluster.
+The Managed Kubernetes Service offers a streamlined solution for efficiently managing server workloads. Kubernetes has emerged as the industry standard, providing a unified and accessible API, primarily utilizing YAML for configuration. This means that teams can easily understand and work with Kubernetes, streamlining infrastructure management.

-Cozystack deploys and manages Kubernetes-as-a-service as standalone applications within each tenant’s isolated environment.
-In Cozystack, such clusters are named tenant Kubernetes clusters, while the base Cozystack cluster is called a management or root cluster.
-Tenant clusters are fully separated from the management cluster and are intended for deploying tenant-specific or customer-developed applications.
+The Kubernetes leverages robust software design patterns, enabling continuous recovery in any scenario through the reconciliation method. Additionally, it ensures seamless scaling across a multitude of servers, addressing the challenges posed by complex and outdated APIs found in traditional virtualization platforms. This managed service eliminates the need for developing custom solutions or modifying source code, saving valuable time and effort.

-Within a tenant cluster, users can take advantage of LoadBalancer services and easily provision physical volumes as needed.                               
-The control-plane operates within containers, while the worker nodes are deployed as virtual machines, all seamlessly managed by the application.
+## Deployment Details

-## Why Use a Managed Kubernetes Cluster?
+The managed Kubernetes service deploys a standard Kubernetes cluster utilizing the Cluster API, Kamaji as control-plane provicer and the KubeVirt infrastructure provider. This ensures a consistent and reliable setup for workloads.

-Kubernetes has emerged as the industry standard, providing a unified and accessible API, primarily utilizing YAML for configuration.
-This means that teams can easily understand and work with Kubernetes, streamlining infrastructure management.
+Within this cluster, users can take advantage of LoadBalancer services and easily provision physical volumes as needed. The control-plane operates within containers, while the worker nodes are deployed as virtual machines, all seamlessly managed by the application.

-Kubernetes leverages robust software design patterns, enabling continuous recovery in any scenario through the reconciliation method.
-Additionally, it ensures seamless scaling across a multitude of servers,
-addressing the challenges posed by complex and outdated APIs found in traditional virtualization platforms.
-This managed service eliminates the need for developing custom solutions or modifying source code, saving valuable time and effort.
+- Docs: https://github.com/clastix/kamaji
+- Docs: https://cluster-api.sigs.k8s.io/
+- GitHub: https://github.com/clastix/kamaji
+- GitHub: https://github.com/kubernetes-sigs/cluster-api-provider-kubevirt
+- GitHub: https://github.com/kubevirt/csi-driver

-The Managed Kubernetes Service in Cozystack offers a streamlined solution for efficiently managing server workloads.

-## Starting Work
+## How-Tos

-Once the tenant Kubernetes cluster is ready, you can get a kubeconfig file to work with it.
-It can be done via UI or a `kubectl` request:
+How to access to deployed cluster:

-   Open the Cozystack dashboard, switch to your tenant, find and open the application page. Copy one of the config files from the **Secrets** section.
-   Run the following command (using the management cluster kubeconfig):
-
-    ```bash
-    kubectl get secret -n tenant-<name> kubernetes-<clusterName>-admin-kubeconfig -o go-template='{{ printf "%s\n" (index .data "admin.conf" | base64decode) }}' > admin.conf
-    ```
-
-There are several kubeconfig options available:
-
-   `admin.conf` — The standard kubeconfig for accessing your new cluster.
-    You can create additional Kubernetes users using this configuration.
-   `admin.svc` — Same token as `admin.conf`, but with the API server address set to the internal service name.
-    Use it for applications running inside the cluster that need API access.
-   `super-admin.conf` — Similar to `admin.conf`, but with extended administrative permissions.
-    Intended for troubleshooting and cluster maintenance tasks.
-   `super-admin.svc` — Same as `super-admin.conf`, but pointing to the internal API server address.
-
-## Implementation Details
-
-A tenant Kubernetes cluster in Cozystack is essentially Kubernetes-in-Kubernetes.
-Deploying it involves the following components:
-
-   **Kamaji Control Plane**: [Kamaji](https://kamaji.clastix.io/) is an open-source project that facilitates the deployment
-    of Kubernetes control planes as pods within a root cluster.
-    Each control plane pod includes essential components like `kube-apiserver`, `controller-manager`, and `scheduler`,
-    allowing for efficient multi-tenancy and resource utilization.
-
-   **Etcd Cluster**: A dedicated etcd cluster is deployed using Ænix's [etcd-operator](https://github.com/aenix-io/etcd-operator).
-    It provides reliable and scalable key-value storage for the Kubernetes control plane.
-
-   **Worker Nodes**: Virtual Machines are provisioned to serve as worker nodes using KubeVirt.
-    These nodes are configured to join the tenant Kubernetes cluster, enabling the deployment and management of workloads.
-
-   **Cluster API**: Cozystack is using the [Kubernetes Cluster API](https://cluster-api.sigs.k8s.io/) to provision the components of a cluster.
-
-This architecture ensures isolated, scalable, and efficient tenant Kubernetes environments.
-
-See the reference for components utilized in this service:
-
- [Kamaji Control Plane](https://kamaji.clastix.io)
- [Kamaji — Cluster API](https://kamaji.clastix.io/cluster-api/)
- [github.com/clastix/kamaji](https://github.com/clastix/kamaji)
- [KubeVirt](https://kubevirt.io/)
- [github.com/kubevirt/kubevirt](https://github.com/kubevirt/kubevirt)
- [github.com/aenix-io/etcd-operator](https://github.com/aenix-io/etcd-operator)
- [Kubernetes Cluster API](https://cluster-api.sigs.k8s.io/)
- [github.com/kubernetes-sigs/cluster-api-provider-kubevirt](https://github.com/kubernetes-sigs/cluster-api-provider-kubevirt)
- [github.com/kubevirt/csi-driver](https://github.com/kubevirt/csi-driver)
+```
+kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o go-template='{{ printf "%s\n" (index .data "super-admin.conf" | base64decode) }}' > test
+```

 ## Parameters

-### Common Parameters
+### Common parameters

-| Name                    | Description                                                                                                       | Value        |
-| ----------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------ |
-| `host`                  | Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty. | `""`         |
-| `controlPlane.replicas` | Number of replicas for Kubernetes control-plane components.                                                       | `2`          |
-| `storageClass`          | StorageClass used to store user data.                                                                             | `replicated` |
-| `nodeGroups`            | nodeGroups configuration                                                                                          | `{}`         |
+| Name                    | Description                                                                                                                            | Value        |
+| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------ |
+| `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`         |
+| `controlPlane.replicas` | Number of replicas for Kubernetes control-plane components                                                                             | `2`          |
+| `storageClass`          | StorageClass used to store user data                                                                                                   | `replicated` |
+| `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`         |

 ### Cluster Addons

-| Name                                          | Description                                                                                                                                                                       | Value   |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
-| `addons.certManager.enabled`                  | Enable cert-manager, which automatically creates and manages SSL/TLS certificates.                                                                                                | `false` |
-| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.gatewayAPI.enabled`                   | Enable the Gateway API                                                                                                                                                            | `false` |
-| `addons.ingressNginx.enabled`                 | Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).                                                                                       | `false` |
-| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.ingressNginx.hosts`                   | List of domain names that the parent cluster should route to this tenant cluster.                                                                                                 | `[]`    |
-| `addons.gpuOperator.enabled`                  | Enable the GPU-operator                                                                                                                                                           | `false` |
-| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.fluxcd.enabled`                       | Enable FluxCD                                                                                                                                                                     | `false` |
-| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.monitoringAgents.enabled`             | Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage. | `false` |
-| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                                         | `{}`    |
-| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                                         | `{}`    |
+| Name                                          | Description                                                                                                                                                       | Value   |
+| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `addons.certManager.enabled`                  | Enables the cert-manager                                                                                                                                          | `false` |
+| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.gatewayAPI.enabled`                   | Enables the Gateway API                                                                                                                                           | `false` |
+| `addons.ingressNginx.enabled`                 | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)                                                                                          | `false` |
+| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.ingressNginx.hosts`                   | List of domain names that should be passed through to the cluster by upper cluster                                                                                | `[]`    |
+| `addons.gpuOperator.enabled`                  | Enables the gpu-operator                                                                                                                                          | `false` |
+| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.fluxcd.enabled`                       | Enables Flux CD                                                                                                                                                   | `false` |
+| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.monitoringAgents.enabled`             | Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage | `false` |
+| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                         | `{}`    |

-### Kubernetes Control Plane Configuration
+### Kubernetes control plane configuration

-| Name                                               | Description                                                                  | Value   |
-| -------------------------------------------------- | ---------------------------------------------------------------------------- | ------- |
-| `controlPlane.apiServer.resources`                 | Explicit CPU/memory resource requests and limits for the API server.         | `{}`    |
-| `controlPlane.apiServer.resourcesPreset`           | Use a common resources preset when `resources` is not set explicitly.        | `small` |
-| `controlPlane.controllerManager.resources`         | Explicit CPU/memory resource requests and limits for the controller manager. | `{}`    |
-| `controlPlane.controllerManager.resourcesPreset`   | Use a common resources preset when `resources` is not set explicitly.        | `micro` |
-| `controlPlane.scheduler.resources`                 | Explicit CPU/memory resource requests and limits for the scheduler.          | `{}`    |
-| `controlPlane.scheduler.resourcesPreset`           | Use a common resources preset when `resources` is not set explicitly.        | `micro` |
-| `controlPlane.konnectivity.server.resources`       | Explicit CPU/memory resource requests and limits for the Konnectivity.       | `{}`    |
-| `controlPlane.konnectivity.server.resourcesPreset` | Use a common resources preset when `resources` is not set explicitly.        | `micro` |
+| Name                                               | Description                                                                                                                                                                                                       | Value   |
+| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `controlPlane.apiServer.resourcesPreset`           | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
+| `controlPlane.apiServer.resources`                 | Resources                                                                                                                                                                                                         | `{}`    |
+| `controlPlane.controllerManager.resources`         | Resources                                                                                                                                                                                                         | `{}`    |
+| `controlPlane.controllerManager.resourcesPreset`   | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `controlPlane.scheduler.resourcesPreset`           | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `controlPlane.scheduler.resources`                 | Resources                                                                                                                                                                                                         | `{}`    |
+| `controlPlane.konnectivity.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `controlPlane.konnectivity.server.resources`       | Resources                                                                                                                                                                                                         | `{}`    |

-In production environments, it's recommended to set `resources` explicitly.
-Example of `controlPlane.*.resources`:

-```yaml
-resources:
-  limits:
-    cpu: 4000m
-    memory: 4Gi
-  requests:
-    cpu: 100m
-    memory: 512Mi
-```
-
-Allowed values for `controlPlane.*.resourcesPreset` are `none`, `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-This value is ignored if the corresponding `resources` value is set. 
-
-## Resources Reference
-
-### instanceType Resources
-
-The following instanceType resources are provided by Cozystack:
-
-| Name          | vCPUs | Memory |
-|---------------|-------|--------|
-| `cx1.2xlarge` | 8     | 16Gi   |
-| `cx1.4xlarge` | 16    | 32Gi   |
-| `cx1.8xlarge` | 32    | 64Gi   |
-| `cx1.large`   | 2     | 4Gi    |
-| `cx1.medium`  | 1     | 2Gi    |
-| `cx1.xlarge`  | 4     | 8Gi    |
-| `gn1.2xlarge` | 8     | 32Gi   |
-| `gn1.4xlarge` | 16    | 64Gi   |
-| `gn1.8xlarge` | 32    | 128Gi  |
-| `gn1.xlarge`  | 4     | 16Gi   |
-| `m1.2xlarge`  | 8     | 64Gi   |
-| `m1.4xlarge`  | 16    | 128Gi  |
-| `m1.8xlarge`  | 32    | 256Gi  |
-| `m1.large`    | 2     | 16Gi   |
-| `m1.xlarge`   | 4     | 32Gi   |
-| `n1.2xlarge`  | 16    | 32Gi   |
-| `n1.4xlarge`  | 32    | 64Gi   |
-| `n1.8xlarge`  | 64    | 128Gi  |
-| `n1.large`    | 4     | 8Gi    |
-| `n1.medium`   | 4     | 4Gi    |
-| `n1.xlarge`   | 8     | 16Gi   |
-| `o1.2xlarge`  | 8     | 32Gi   |
-| `o1.4xlarge`  | 16    | 64Gi   |
-| `o1.8xlarge`  | 32    | 128Gi  |
-| `o1.large`    | 2     | 8Gi    |
-| `o1.medium`   | 1     | 4Gi    |
-| `o1.micro`    | 1     | 1Gi    |
-| `o1.nano`     | 1     | 512Mi  |
-| `o1.small`    | 1     | 2Gi    |
-| `o1.xlarge`   | 4     | 16Gi   |
-| `rt1.2xlarge` | 8     | 32Gi   |
-| `rt1.4xlarge` | 16    | 64Gi   |
-| `rt1.8xlarge` | 32    | 128Gi  |
-| `rt1.large`   | 2     | 8Gi    |
-| `rt1.medium`  | 1     | 4Gi    |
-| `rt1.micro`   | 1     | 1Gi    |
-| `rt1.small`   | 1     | 2Gi    |
-| `rt1.xlarge`  | 4     | 16Gi   |
-| `u1.2xlarge`  | 8     | 32Gi   |
-| `u1.2xmedium` | 2     | 4Gi    |
-| `u1.4xlarge`  | 16    | 64Gi   |
-| `u1.8xlarge`  | 32    | 128Gi  |
-| `u1.large`    | 2     | 8Gi    |
-| `u1.medium`   | 1     | 4Gi    |
-| `u1.micro`    | 1     | 1Gi    |
-| `u1.nano`     | 1     | 512Mi  |
-| `u1.small`    | 1     | 2Gi    |
-| `u1.xlarge`   | 4     | 16Gi   |
-
-### U Series: Universal
+## U Series

 The U Series is quite neutral and provides resources for
 general purpose applications.
@@ -204,7 +82,7 @@ attitude towards workloads.
 VMs of instance types will share physical CPU cores on a
 time-slice basis with other VMs.

-#### U Series Characteristics
+### U Series Characteristics

 Specific characteristics of this series are:
 - *Burstable CPU performance* - The workload has a baseline compute
@@ -213,14 +91,14 @@ Specific characteristics of this series are:
 - *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
  noise per node.

-### O Series: Overcommitted
+## O Series

 The O Series is based on the U Series, with the only difference
 being that memory is overcommitted.

 *O* is the abbreviation for "Overcommitted".

-#### O Series Characteristics
+### UO Series Characteristics

 Specific characteristics of this series are:
 - *Burstable CPU performance* - The workload has a baseline compute
@@ -231,7 +109,7 @@ Specific characteristics of this series are:
 - *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4, for less
  noise per node.

-### CX Series: Compute Exclusive
+## CX Series

 The CX Series provides exclusive compute resources for compute
 intensive applications.
@@ -245,7 +123,7 @@ the IO threading from cores dedicated to the workload.
 In addition, in this series, the NUMA topology of the used
 cores is provided to the VM.

-#### CX Series Characteristics
+### CX Series Characteristics

 Specific characteristics of this series are:
 - *Hugepages* - Hugepages are used in order to improve memory
@@ -260,14 +138,14 @@ Specific characteristics of this series are:
  optimize guest sided cache utilization.
 - *vCPU-To-Memory Ratio (1:2)* - A vCPU-to-Memory ratio of 1:2.

-### M Series: Memory
+## M Series

 The M Series provides resources for memory intensive
 applications.

 *M* is the abbreviation of "Memory".

-#### M Series Characteristics
+### M Series Characteristics

 Specific characteristics of this series are:
 - *Hugepages* - Hugepages are used in order to improve memory
@@ -278,7 +156,7 @@ Specific characteristics of this series are:
 - *vCPU-To-Memory Ratio (1:8)* - A vCPU-to-Memory ratio of 1:8, for much
  less noise per node.

-### RT Series: RealTime
+## RT Series

 The RT Series provides resources for realtime applications, like Oslat.

@@ -287,7 +165,7 @@ The RT Series provides resources for realtime applications, like Oslat.
 This series of instance types requires nodes capable of running
 realtime applications.

-#### RT Series Characteristics
+### RT Series Characteristics

 Specific characteristics of this series are:
 - *Hugepages* - Hugepages are used in order to improve memory
@@ -301,3 +179,57 @@ Specific characteristics of this series are:
 - *vCPU-To-Memory Ratio (1:4)* - A vCPU-to-Memory ratio of 1:4 starting from
  the medium size.

+## Resources
+
+The following instancetype resources are provided by Cozystack:
+
+Name | vCPUs | Memory
+-----|-------|-------
+cx1.2xlarge  |  8  |  16Gi
+cx1.4xlarge  |  16  |  32Gi
+cx1.8xlarge  |  32  |  64Gi
+cx1.large  |  2  |  4Gi
+cx1.medium  |  1  |  2Gi
+cx1.xlarge  |  4  |  8Gi
+gn1.2xlarge  |  8  |  32Gi
+gn1.4xlarge  |  16  |  64Gi
+gn1.8xlarge  |  32  |  128Gi
+gn1.xlarge  |  4  |  16Gi
+m1.2xlarge  |  8  |  64Gi
+m1.4xlarge  |  16  |  128Gi
+m1.8xlarge  |  32  |  256Gi
+m1.large  |  2  |  16Gi
+m1.xlarge  |  4  |  32Gi
+n1.2xlarge  |  16  |  32Gi
+n1.4xlarge  |  32  |  64Gi
+n1.8xlarge  |  64  |  128Gi
+n1.large  |  4  |  8Gi
+n1.medium  |  4  |  4Gi
+n1.xlarge  |  8  |  16Gi
+o1.2xlarge  |  8  |  32Gi
+o1.4xlarge  |  16  |  64Gi
+o1.8xlarge  |  32  |  128Gi
+o1.large  |  2  |  8Gi
+o1.medium  |  1  |  4Gi
+o1.micro  |  1  |  1Gi
+o1.nano  |  1  |  512Mi
+o1.small  |  1  |  2Gi
+o1.xlarge  |  4  |  16Gi
+rt1.2xlarge  |  8  |  32Gi
+rt1.4xlarge  |  16  |  64Gi
+rt1.8xlarge  |  32  |  128Gi
+rt1.large  |  2  |  8Gi
+rt1.medium  |  1  |  4Gi
+rt1.micro  |  1  |  1Gi
+rt1.small  |  1  |  2Gi
+rt1.xlarge  |  4  |  16Gi
+u1.2xlarge  |  8  |  32Gi
+u1.2xmedium  |  2  |  4Gi
+u1.4xlarge  |  16  |  64Gi
+u1.8xlarge  |  32  |  128Gi
+u1.large  |  2  |  8Gi
+u1.medium  |  1  |  4Gi
+u1.micro  |  1  |  1Gi
+u1.nano  |  1  |  512Mi
+u1.small  |  1  |  2Gi
+u1.xlarge  |  4  |  16Gi
--- a/packages/apps/kubernetes/images/cluster-autoscaler.tag
+++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.21.0@sha256:7315850634728a5864a3de3150c12f0e1454f3f1ce33cdf21a278f57611dd5e9
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.20.1@sha256:720148128917fa10f860a8b7e74f9428de72481c466c880c5ad894e1f0026d43
--- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
+++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.21.0@sha256:6962bdf51ab2ff40b420b9cff7c850aeea02187da2a65a67f10e0471744649d7
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.20.1@sha256:1b48a4725a33ccb48604bb2e1be3171271e7daac2726d3119228212d8a9da5bb
--- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
+++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.21.0@sha256:b1525163cd21938ac934bb1b860f2f3151464fa463b82880ab058167aeaf3e29
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.20.1@sha256:fb6d3ce9d6d948285a6d399c852e15259d6922162ec7c44177d2274243f59d1f
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:bfe568db4b768a4b6c67a8d562892bbba766d0245e140d431754589b347f0b41
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:184b81529ae72684279799b12f436cc7a511d8ff5bd1e9a30478799c7707c625
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -31,16 +31,6 @@ spec:
            {{- end }}
            cluster.x-k8s.io/deployment-name: {{ $.Release.Name }}-{{ .groupName }}
        spec:
-          {{- $configMap := lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling" }}
-          {{- if $configMap }}
-          {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
-          {{- if $rawConstraints }}
-          {{- $rawConstraints | fromYaml | toYaml | nindent 10 }}
-            labelSelector:
-              matchLabels:
-                cluster.x-k8s.io/cluster-name: {{ $.Release.Name }}
-          {{- end }}
-          {{- end }}
          domain:
            {{- if and .group.resources .group.resources.cpu }}
            cpu:
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -4,7 +4,7 @@
  "properties": {
    "host": {
      "type": "string",
-      "description": "Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.",
+      "description": "The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).",
      "default": ""
    },
    "controlPlane": {
@@ -12,20 +12,15 @@
      "properties": {
        "replicas": {
          "type": "number",
-          "description": "Number of replicas for Kubernetes control-plane components.",
+          "description": "Number of replicas for Kubernetes control-plane components",
          "default": 2
        },
        "apiServer": {
          "type": "object",
          "properties": {
-            "resources": {
-              "type": "object",
-              "description": "Explicit CPU/memory resource requests and limits for the API server.",
-              "default": {}
-            },
            "resourcesPreset": {
              "type": "string",
-              "description": "Use a common resources preset when `resources` is not set explicitly.",
+              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
              "default": "small",
              "enum": [
                "none",
@@ -37,6 +32,11 @@
                "xlarge",
                "2xlarge"
              ]
+            },
+            "resources": {
+              "type": "object",
+              "description": "Resources",
+              "default": {}
            }
          }
        },
@@ -45,12 +45,12 @@
          "properties": {
            "resources": {
              "type": "object",
-              "description": "Explicit CPU/memory resource requests and limits for the controller manager.",
+              "description": "Resources",
              "default": {}
            },
            "resourcesPreset": {
              "type": "string",
-              "description": "Use a common resources preset when `resources` is not set explicitly.",
+              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
              "default": "micro",
              "enum": [
                "none",
@@ -68,14 +68,9 @@
        "scheduler": {
          "type": "object",
          "properties": {
-            "resources": {
-              "type": "object",
-              "description": "Explicit CPU/memory resource requests and limits for the scheduler.",
-              "default": {}
-            },
            "resourcesPreset": {
              "type": "string",
-              "description": "Use a common resources preset when `resources` is not set explicitly.",
+              "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
              "default": "micro",
              "enum": [
                "none",
@@ -87,6 +82,11 @@
                "xlarge",
                "2xlarge"
              ]
+            },
+            "resources": {
+              "type": "object",
+              "description": "Resources",
+              "default": {}
            }
          }
        },
@@ -96,14 +96,9 @@
            "server": {
              "type": "object",
              "properties": {
-                "resources": {
-                  "type": "object",
-                  "description": "Explicit CPU/memory resource requests and limits for the Konnectivity.",
-                  "default": {}
-                },
                "resourcesPreset": {
                  "type": "string",
-                  "description": "Use a common resources preset when `resources` is not set explicitly.",
+                  "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
                  "default": "micro",
                  "enum": [
                    "none",
@@ -115,6 +110,11 @@
                    "xlarge",
                    "2xlarge"
                  ]
+                },
+                "resources": {
+                  "type": "object",
+                  "description": "Resources",
+                  "default": {}
                }
              }
            }
@@ -124,7 +124,7 @@
    },
    "storageClass": {
      "type": "string",
-      "description": "StorageClass used to store user data.",
+      "description": "StorageClass used to store user data",
      "default": "replicated"
    },
    "addons": {
@@ -135,7 +135,7 @@
          "properties": {
            "enabled": {
              "type": "boolean",
-              "description": "Enable cert-manager, which automatically creates and manages SSL/TLS certificates.",
+              "description": "Enables the cert-manager",
              "default": false
            },
            "valuesOverride": {
@@ -160,7 +160,7 @@
          "properties": {
            "enabled": {
              "type": "boolean",
-              "description": "Enable the Gateway API",
+              "description": "Enables the Gateway API",
              "default": false
            }
          }
@@ -170,7 +170,7 @@
          "properties": {
            "enabled": {
              "type": "boolean",
-              "description": "Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).",
+              "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)",
              "default": false
            },
            "valuesOverride": {
@@ -180,7 +180,7 @@
            },
            "hosts": {
              "type": "array",
-              "description": "List of domain names that the parent cluster should route to this tenant cluster.",
+              "description": "List of domain names that should be passed through to the cluster by upper cluster",
              "default": [],
              "items": {}
            }
@@ -191,7 +191,7 @@
          "properties": {
            "enabled": {
              "type": "boolean",
-              "description": "Enable the GPU-operator",
+              "description": "Enables the gpu-operator",
              "default": false
            },
            "valuesOverride": {
@@ -206,7 +206,7 @@
          "properties": {
            "enabled": {
              "type": "boolean",
-              "description": "Enable FluxCD",
+              "description": "Enables Flux CD",
              "default": false
            },
            "valuesOverride": {
@@ -221,7 +221,7 @@
          "properties": {
            "enabled": {
              "type": "boolean",
-              "description": "Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.",
+              "description": "Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage",
              "default": false
            },
            "valuesOverride": {
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1,8 +1,8 @@
-## @section Common Parameters
+## @section Common parameters

-## @param host Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.
-## @param controlPlane.replicas Number of replicas for Kubernetes control-plane components.
-## @param storageClass StorageClass used to store user data.
+## @param host The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host).
+## @param controlPlane.replicas Number of replicas for Kubernetes control-plane components
+## @param storageClass StorageClass used to store user data
 ##
 host: ""
 storageClass: replicated
@@ -37,7 +37,7 @@ addons:
  ## Cert-manager: automatically creates and manages SSL/TLS certificate
  ##
  certManager:
-    ## @param addons.certManager.enabled Enable cert-manager, which automatically creates and manages SSL/TLS certificates.
+    ## @param addons.certManager.enabled Enables the cert-manager
    ## @param addons.certManager.valuesOverride Custom values to override
    enabled: false
    valuesOverride: {}
@@ -51,17 +51,17 @@ addons:
  ## Gateway API
  ##
  gatewayAPI:
-    ## @param addons.gatewayAPI.enabled Enable the Gateway API
+    ## @param addons.gatewayAPI.enabled Enables the Gateway API
    enabled: false

  ## Ingress-NGINX Controller
  ##
  ingressNginx:
-    ## @param addons.ingressNginx.enabled Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).
+    ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)
    ## @param addons.ingressNginx.valuesOverride Custom values to override
    ##
    enabled: false
-    ## @param addons.ingressNginx.hosts List of domain names that the parent cluster should route to this tenant cluster.
+    ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster
    ## e.g:
    ## hosts:
    ## - example.org
@@ -73,7 +73,7 @@ addons:
  ## GPU-operator: NVIDIA GPU Operator
  ##
  gpuOperator:
-    ## @param addons.gpuOperator.enabled Enable the GPU-operator
+    ## @param addons.gpuOperator.enabled Enables the gpu-operator
    ## @param addons.gpuOperator.valuesOverride Custom values to override
    enabled: false
    valuesOverride: {}
@@ -81,7 +81,7 @@ addons:
  ## Flux CD
  ##
  fluxcd:
-    ## @param addons.fluxcd.enabled Enable FluxCD
+    ## @param addons.fluxcd.enabled Enables Flux CD
    ## @param addons.fluxcd.valuesOverride Custom values to override
    ##
    enabled: false
@@ -90,7 +90,7 @@ addons:
  ## MonitoringAgents
  ##
  monitoringAgents:
-    ## @param addons.monitoringAgents.enabled Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.
+    ## @param addons.monitoringAgents.enabled Enables MonitoringAgents (fluentbit, vmagents for sending logs and metrics to storage) if tenant monitoring enabled, send to tenant storage, else to root storage
    ## @param addons.monitoringAgents.valuesOverride Custom values to override
    ##
    enabled: false
@@ -103,15 +103,15 @@ addons:
    ##
    valuesOverride: {}

-## @section Kubernetes Control Plane Configuration
+## @section Kubernetes control plane configuration
 ##

 controlPlane:
  replicas: 2

  apiServer:
-    ## @param controlPlane.apiServer.resources Explicit CPU/memory resource requests and limits for the API server.
-    ## @param controlPlane.apiServer.resourcesPreset Use a common resources preset when `resources` is not set explicitly.
+    ## @param controlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    ## @param controlPlane.apiServer.resources Resources
    ## e.g:
    ## resources:
    ##   limits:
@@ -125,20 +125,20 @@ controlPlane:
    resources: {}

  controllerManager:
-    ## @param controlPlane.controllerManager.resources Explicit CPU/memory resource requests and limits for the controller manager.
-    ## @param controlPlane.controllerManager.resourcesPreset Use a common resources preset when `resources` is not set explicitly.
+    ## @param controlPlane.controllerManager.resources Resources
+    ## @param controlPlane.controllerManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
    resourcesPreset: "micro"
    resources: {}

  scheduler:
-    ## @param controlPlane.scheduler.resources Explicit CPU/memory resource requests and limits for the scheduler.
-    ## @param controlPlane.scheduler.resourcesPreset Use a common resources preset when `resources` is not set explicitly.
+    ## @param controlPlane.scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+    ## @param controlPlane.scheduler.resources Resources
    resourcesPreset: "micro"
    resources: {}

  konnectivity:
    server:
-      ## @param controlPlane.konnectivity.server.resources Explicit CPU/memory resource requests and limits for the Konnectivity.
-      ## @param controlPlane.konnectivity.server.resourcesPreset Use a common resources preset when `resources` is not set explicitly.
+      ## @param controlPlane.konnectivity.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+      ## @param controlPlane.konnectivity.server.resources Resources
      resourcesPreset: "micro"
      resources: {}
--- a/packages/apps/postgres/Chart.yaml
+++ b/packages/apps/postgres/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.0
+version: 0.11.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/packages/apps/postgres/images/postgres-backup.tag
+++ b/packages/apps/postgres/images/postgres-backup.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.12.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
+ghcr.io/cozystack/cozystack/postgres-backup:0.11.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
--- a/packages/apps/postgres/templates/db.yaml
+++ b/packages/apps/postgres/templates/db.yaml
@@ -17,9 +17,6 @@ spec:
  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
  {{- if $rawConstraints }}
  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
-    labelSelector:
-      matchLabels:
-        cnpg.io/cluster: {{ .Release.Name }}
  {{- end }}
  {{- end }}
  postgresql:
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -65,8 +65,7 @@ kubernetes 0.17.1 fd240701
 kubernetes 0.18.0 721c12a7
 kubernetes 0.19.0 93bdf411
 kubernetes 0.20.0 609e7ede
-kubernetes 0.20.1 f9f8bb2f
-kubernetes 0.21.0 HEAD
+kubernetes 0.20.1 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
@@ -100,8 +99,7 @@ postgres 0.8.0 4e68e65c
 postgres 0.9.0 8267072d
 postgres 0.10.0 721c12a7
 postgres 0.10.1 93bdf411
-postgres 0.11.0 f9f8bb2f
-postgres 0.12.0 HEAD
+postgres 0.11.0 HEAD
 rabbitmq 0.1.0 263e47be
 rabbitmq 0.2.0 53f2365e
 rabbitmq 0.3.0 6c5cf5bf
--- a/packages/apps/virtual-machine/templates/service.yaml
+++ b/packages/apps/virtual-machine/templates/service.yaml
@@ -17,7 +17,7 @@ spec:
  selector:
    {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
  ports:
-    {{- if and (eq .Values.externalMethod "WholeIP") (not .Values.externalPorts) }}
+    {{- if eq .Values.externalMethod "WholeIP" }}
    - port: 65535
    {{- else }}
    {{- range .Values.externalPorts }}
--- a/packages/apps/vm-instance/templates/service.yaml
+++ b/packages/apps/vm-instance/templates/service.yaml
@@ -17,7 +17,7 @@ spec:
  selector:
    {{- include "virtual-machine.selectorLabels" . | nindent 4 }}
  ports:
-    {{- if and (eq .Values.externalMethod "WholeIP") (not .Values.externalPorts) }}
+    {{- if eq .Values.externalMethod "WholeIP" }}
    - port: 65535
    {{- else }}
    {{- range .Values.externalPorts }}
--- a/packages/core/installer/hack/gen-profiles.sh
+++ b/packages/core/installer/hack/gen-profiles.sh
@@ -32,36 +32,17 @@ done

 for profile in $PROFILES; do
  echo "writing profile images/talos/profiles/$profile.yaml"
-  case "$profile" in
-    initramfs|kernel|iso)
-      image_options="{}"
-      out_format="raw"
-      platform="metal"
-      kind="$profile"
-      ;;
-    installer)
-      image_options="{}"
-      out_format="raw"
-      platform="metal"
-      kind="installer"
-      ;;
-    metal)
-      image_options="{ diskSize: 1306525696, diskFormat: raw }"
-      out_format=".xz"
-      platform="metal"
-      kind="image"
-      ;;
-    nocloud)
-      image_options="{ diskSize: 1306525696, diskFormat: raw }"
-      out_format=".xz"
-      platform="nocloud"
-      kind="image"
-      ;;
-    *)
-      echo "Unknown profile: $profile" >&2
-      exit 1
-      ;;
-  esac
+  if [ "$profile" = "nocloud" ] || [ "$profile" = "metal" ]; then
+    image_options="{ diskSize: 1306525696, diskFormat: raw }"
+    out_format=".xz"
+    platform="$profile"
+    kind="image"
+  else
+    image_options="{}"
+    out_format="raw"
+    platform="metal"
+    kind="$profile"
+  fi

  cat > images/talos/profiles/$profile.yaml <<EOT
 # this file generated by hack/gen-profiles.sh
@@ -76,10 +57,12 @@ input:
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:${TALOS_VERSION}
  systemExtensions:
    - imageRef: ghcr.io/siderolabs/amd-ucode:${AMD_UCODE_VERSION}
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:${AMDGPU_FIRMWARE_VERSION}
    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:${BNX2_BNX2X_VERSION}
+    - imageRef: ghcr.io/siderolabs/i915-ucode:${I915_UCODE_VERSION}
    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:${INTEL_ICE_FIRMWARE_VERSION}
    - imageRef: ghcr.io/siderolabs/intel-ucode:${INTEL_UCODE_VERSION}
    - imageRef: ghcr.io/siderolabs/qlogic-firmware:${QLOGIC_FIRMWARE_VERSION}
--- a/packages/core/installer/images/talos/profiles/initramfs.yaml
+++ b/packages/core/installer/images/talos/profiles/initramfs.yaml
@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
  kind: initramfs
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/installer.yaml
+++ b/packages/core/installer/images/talos/profiles/installer.yaml
@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
  kind: installer
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/iso.yaml
+++ b/packages/core/installer/images/talos/profiles/iso.yaml
@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
  kind: iso
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/kernel.yaml
+++ b/packages/core/installer/images/talos/profiles/kernel.yaml
@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
  kind: kernel
  imageOptions: {}
--- a/packages/core/installer/images/talos/profiles/metal.yaml
+++ b/packages/core/installer/images/talos/profiles/metal.yaml
@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
--- a/packages/core/installer/images/talos/profiles/nocloud.yaml
+++ b/packages/core/installer/images/talos/profiles/nocloud.yaml
@@ -3,22 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
  systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
  kind: image
  imageOptions: { diskSize: 1306525696, diskFormat: raw }
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.31.1@sha256:b8f418e45dcbf351b13ce743f3528b195159753430d35c619dd82a1c676ae3bb
+  image: ghcr.io/cozystack/cozystack/installer:v0.31.0-rc.3@sha256:5fc6b88de670878b66f2b5bf381b89b68253ab3e69ff1cb7359470bc65beb3fa
--- a/packages/core/testing/Makefile
+++ b/packages/core/testing/Makefile
@@ -33,9 +33,7 @@ image-e2e-sandbox:
 test: test-cluster test-apps ## Run the end-to-end tests in existing sandbox

 test-cluster: ## Run the end-to-end for creating a cluster
-	docker cp ../../../_out/assets/cozystack-installer.yaml "${SANDBOX_NAME}":/workspace/_out/assets/cozystack-installer.yaml
-	docker cp ../../../_out/assets/nocloud-amd64.raw.xz "${SANDBOX_NAME}":/workspace/_out/assets/nocloud-amd64.raw.xz
-	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && hack/cozytest.sh hack/e2e-cluster.bats'
+	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/cozytest.sh hack/e2e-cluster.bats'

 test-apps: ## Run the end-to-end tests for apps
 	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && hack/cozytest.sh hack/e2e-apps.bats'
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.1@sha256:55809f10d69d32b47b9ca306482861255408516eab7775498ac71368f362ee96
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.0-rc.3@sha256:8de0a8900994cb55f74ba25d265eeecac9958b07cdb8f86b9284b9f23668d2bb
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.31.1@sha256:31b267a3a542e4ddabcadb85fbfe1fb0746e57cc29d941d320437cfd0abae7d9
+ghcr.io/cozystack/cozystack/matchbox:v0.31.0-rc.3@sha256:8b65a160333830bf4711246ae78f26095e3b33667440bf1bbdd36db60a7f92e2
--- a/packages/extra/monitoring/Chart.yaml
+++ b/packages/extra/monitoring/Chart.yaml
@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.10.0
+version: 1.9.2
--- a/packages/extra/monitoring/images/grafana.tag
+++ b/packages/extra/monitoring/images/grafana.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.10.0@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399
+ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:24382d445bf7a39ed988ef4dc7a0d9f084db891fcb5f42fd2e64622710b9457e
--- a/packages/extra/monitoring/templates/alerta/alerta-db.yaml
+++ b/packages/extra/monitoring/templates/alerta/alerta-db.yaml
@@ -10,9 +10,6 @@ spec:
  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
  {{- if $rawConstraints }}
  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
-    labelSelector:
-      matchLabels:
-        cnpg.io/cluster: alerta-db
  {{- end }}
  {{- end }}
  storage:
--- a/packages/extra/monitoring/templates/grafana/db.yaml
+++ b/packages/extra/monitoring/templates/grafana/db.yaml
@@ -11,9 +11,6 @@ spec:
  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
  {{- if $rawConstraints }}
  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
-    labelSelector:
-      matchLabels:
-        cnpg.io/cluster: grafana-db
  {{- end }}
  {{- end }}
  monitoring:
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -38,8 +38,7 @@ monitoring 1.8.0 8c460528
 monitoring 1.8.1 8267072d
 monitoring 1.9.0 45a7416c
 monitoring 1.9.1 fd240701
-monitoring 1.9.2 f9f8bb2f
-monitoring 1.10.0 HEAD
+monitoring 1.9.2 HEAD
 seaweedfs 0.1.0 71514249
 seaweedfs 0.2.0 5fb9cfe3
 seaweedfs 0.2.1 fde4bcfa
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:87669221b6c51dfdf9d9b0c97b41b90cb9199de3739c1623351f604621a99ae3
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:4399c240ce1f99660d5d1be9d6d7b3e8157c50e4aba58345d51a1d9ac25779a3
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.1@sha256:4b6fc8f5a50ad02486aca663f6d29a800dcc1eb66763ca7f0e8f176b37f97f16
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.0-rc.3@sha256:9940cffabedb510397e3c330887aee724c4d232c011df60f4c16891fcfe1d9bf
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.1@sha256:7b415d9cbad18fdfbc13423a930a03164141d1972500fe3a1a45ba240da75c55
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.0-rc.3@sha256:b2f0de3ae2d7f15956eb7cdec78d2267aeba7e56a7781c70473757df4989a05a
  debug: false
  disableTelemetry: false
-  cozystackVersion: "v0.31.1"
+  cozystackVersion: "v0.31.0-rc.3"
--- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
+++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml
@@ -76,7 +76,7 @@ data:
      "kubeappsNamespace": {{ .Release.Namespace | quote }},
      "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
      "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.31.1",
+      "appVersion": "v0.31.0-rc.3",
      "authProxyEnabled": {{ .Values.authProxy.enabled }},
      "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
      "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -19,7 +19,7 @@ kubeapps:
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: dashboard
-      tag: v0.31.1
+      tag: v0.31.0-rc.3
      digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
  redis:
    master:
@@ -35,8 +35,8 @@ kubeapps:
    image:
      registry: ghcr.io/cozystack/cozystack
      repository: kubeapps-apis
-      tag: v0.31.1
-      digest: "sha256:07646be7508e443c2fe11b1f33757a716aec487c09b42343e490f9edccb1d57f"
+      tag: v0.31.0-rc.3
+      digest: "sha256:1447c10fcc9a8de426ec381bce565aa56267d0c9f3bab8fe26ac502d433283c5"
    pluginConfig:
      flux:
        packages:
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,7 +3,7 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v0.31.1@sha256:2402c2e4592d79983e074a2de8758a72f8cf2ea653cd30e0550ff2b988eb2e00
+    tag: v0.31.0-rc.3@sha256:5f828637ebd1717a5c2b828352fff7fc14c218c7bbfc2cb2ce55737f9b5bf500
    repository: ghcr.io/cozystack/cozystack/kamaji
  resources:
    limits:
--- a/packages/system/keycloak/templates/db.yaml
+++ b/packages/system/keycloak/templates/db.yaml
@@ -11,9 +11,6 @@ spec:
  {{- $rawConstraints := get $configMap.data "globalAppTopologySpreadConstraints" }}
  {{- if $rawConstraints }}
  {{- $rawConstraints | fromYaml | toYaml | nindent 2 }}
-    labelSelector:
-      matchLabels:
-        cnpg.io/cluster: keycloak-db
  {{- end }}
  {{- end }}
  monitoring:
--- a/packages/system/kubeovn-webhook/values.yaml
+++ b/packages/system/kubeovn-webhook/values.yaml
@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.1@sha256:c3f68266a7a43f87a392449939c0fe990821325bcb8070efb8e50f1f886b9c2c
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.0-rc.3@sha256:f3acc1c6dd87cebd76be5afe1789c19780cb24f9518c8bdafa46f823ae4ba46e
--- a/packages/system/metallb/values.yaml
+++ b/packages/system/metallb/values.yaml
@@ -4,8 +4,8 @@ metallb:
  controller:
    image:
      repository: ghcr.io/cozystack/cozystack/metallb-controller
-      tag: v0.14.9@sha256:d8fa1a8147f844fb6add20a2147e9be6d1c26424748439c2648a0f6d8e10804d
+      tag: v0.14.9@sha256:73c3156d913a2ff15a26ca42fcbeee6fa115602bcdb78870dcfab9359acd9cb3
  speaker:
    image:
      repository: ghcr.io/cozystack/cozystack/metallb-speaker
-      tag: v0.14.9@sha256:a65437314ef23acf030afb44c3a25c5cb6ee813041e9b36ee7e0988a1e21b762
+      tag: v0.14.9@sha256:9af9f0a6922784f066653f2c0d940d5f2de7ffea132d2df488457b61465b7716