[tests] Enhance timeouts awaitng for tenant Kubernetes cluster

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

.github/workflows/pull-requests-release.yaml

@@ -16,6 +16,7 @@ jobs:
       contents: read
       packages: write
 
+    # Run only when the PR carries the "release" label and not closed.
     if: |
       contains(github.event.pull_request.labels.*.name, 'release') &&
       github.event.action != 'closed'
@@ -34,64 +35,6 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
 
-      - name: Extract tag from PR branch
-        id: get_tag
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const branch = context.payload.pull_request.head.ref;
-            const m = branch.match(/^release-(\d+\.\d+\.\d+(?:[-\w\.]+)?)$/);
-            if (!m) {
-              core.setFailed(`❌ Branch '${branch}' does not match 'release-X.Y.Z[-suffix]'`);
-              return;
-            }
-            const tag = `v${m[1]}`;
-            core.setOutput('tag', tag);
-
-      - name: Find draft release and get asset IDs
-        id: fetch_assets
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GH_PAT }}
-          script: |
-            const tag = '${{ steps.get_tag.outputs.tag }}';
-            const releases = await github.rest.repos.listReleases({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              per_page: 100
-            });
-            const draft = releases.data.find(r => r.tag_name === tag && r.draft);
-            if (!draft) {
-              core.setFailed(`Draft release '${tag}' not found`);
-              return;
-            }
-            const findAssetId = (name) =>
-              draft.assets.find(a => a.name === name)?.id;
-            const installerId = findAssetId("cozystack-installer.yaml");
-            const diskId = findAssetId("nocloud-amd64.raw.xz");
-            if (!installerId || !diskId) {
-              core.setFailed("Missing required assets");
-              return;
-            }
-            core.setOutput("installer_id", installerId);
-            core.setOutput("disk_id", diskId);
-      
-      - name: Download assets from GitHub API
-        run: |
-          mkdir -p _out/assets
-          curl -sSL \
-            -H "Authorization: token ${GH_PAT}" \
-            -H "Accept: application/octet-stream" \
-            -o _out/assets/cozystack-installer.yaml \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${{ steps.fetch_assets.outputs.installer_id }}"
-          curl -sSL \
-            -H "Authorization: token ${GH_PAT}" \
-            -H "Accept: application/octet-stream" \
-            -o _out/assets/nocloud-amd64.raw.xz \
-            "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${{ steps.fetch_assets.outputs.disk_id }}"
-        env:
-          GH_PAT: ${{ secrets.GH_PAT }}
-
       - name: Run tests
         run: make test
 

.github/workflows/pull-requests.yaml

@@ -9,8 +9,8 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  e2e:
-    name: Build
+    name: Build and Test
     runs-on: [self-hosted]
     permissions:
       contents: read
@@ -37,38 +37,5 @@ jobs:
       - name: Build
         run: make build
 
-      - name: Build Talos image
-        run: make -C packages/core/installer talos-nocloud
-
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: cozystack-artefacts
-          path: |
-            _out/assets/nocloud-amd64.raw.xz
-            _out/assets/cozystack-installer.yaml
-
-  test:
-    name: Test
-    runs-on: [self-hosted]
-    needs: build
-
-    # Never run when the PR carries the "release" label.
-    if: |
-      !contains(github.event.pull_request.labels.*.name, 'release')
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          fetch-tags: true
-
-      - name: Download artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: cozystack-artefacts
-          path: _out/assets/
-
       - name: Test
         run: make test

Makefile

@@ -43,7 +43,7 @@ manifests:
 	(cd packages/core/installer/; helm template -n cozy-installer installer .) > _out/assets/cozystack-installer.yaml
 
 assets:
-	make -C packages/core/installer assets
+	make -C packages/core/installer/ assets
 
 test:
 	make -C packages/core/testing apply

docs/changelogs/v0.31.0.md

@@ -1,129 +1,39 @@
-Cozystack v0.31.0 is a significant release that brings new features, key fixes, and updates to underlying components.
+This is the third release candidate for the upcoming Cozystack v0.31.0 release.
-This version enhances GPU support, improves many components of Cozystack, and introduces a more robust release process to improve stability.
+The release notes show changes accumulated since the release of previous version, Cozystack v0.30.0.
-Below, we'll go over the highlights in each area for current users, developers, and our community.
 
-## Major Features and Improvements
+Cozystack 0.31.0 further advances GPU support, monitoring, and all-around convenience features.
 
-### GPU support for tenant Kubernetes clusters
+## New Features and Changes
 
-Cozystack now integrates NVIDIA GPU Operator support for tenant Kubernetes clusters.
-This enables platform users to run GPU-powered AI/ML applications in their own clusters.
-To enable GPU Operator, set `addons.gpuOperator.enabled: true` in the cluster configuration.
-(@kvaps in https://github.com/cozystack/cozystack/pull/834)
-
-Check out Andrei Kvapil's CNCF webinar [showcasing the GPU support by running Stable Diffusion in Cozystack](https://www.youtube.com/watch?v=S__h_QaoYEk).
-
-<!--
 * [kubernetes] Introduce GPU support for tenant Kubernetes clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/834)
--->
-
-### Cilium Improvements
-
-Cozystack’s Cilium integration received two significant enhancements.
-First, Gateway API support in Cilium is now enabled, allowing advanced L4/L7 routing features via Kubernetes Gateway API.
-We thank Zdenek Janda @zdenekjanda for contributing this feature in https://github.com/cozystack/cozystack/pull/924.
-
-Second, Cozystack now permits custom user-provided parameters in the tenant cluster’s Cilium configuration.
-(@lllamnyp in https://github.com/cozystack/cozystack/pull/917)
-
-<!--
-* [cilium] Enable Cilium Gateway API. (@zdenekjanda in https://github.com/cozystack/cozystack/pull/924)
-* [cilium] Enable user-added parameters in a tenant cluster Cilium. (@lllamnyp in https://github.com/cozystack/cozystack/pull/917)
--->
-
-### Cross-Architecture Builds (ARM Support Beta)
-
-Cozystack's build system was refactored to support multi-architecture binaries and container images.
-This paves the road to running Cozystack on ARM64 servers.
-Changes include Makefile improvements (https://github.com/cozystack/cozystack/pull/907)
-and multi-arch Docker image builds (https://github.com/cozystack/cozystack/pull/932 and https://github.com/cozystack/cozystack/pull/970).
-
-We thank Nikita Bykov @nbykov0 for his ongoing work on ARM support!
-
-<!--
-* Introduce support for cross-architecture builds and Cozystack on ARM:
-    * [build] Refactor Makefiles introducing build variables. (@nbykov0 in https://github.com/cozystack/cozystack/pull/907)
-    * [build] Add support for multi-architecture and cross-platform image builds. (@nbykov0 in https://github.com/cozystack/cozystack/pull/932 and https://github.com/cozystack/cozystack/pull/970)
--->
-
-### VerticalPodAutoscaler (VPA) Expansion
-
-The VerticalPodAutoscaler is now enabled for more Cozystack components to automate resource tuning.
-Specifically, VPA was added for tenant Kubernetes control planes (@klinch0 in https://github.com/cozystack/cozystack/pull/806),
-the Cozystack Dashboard (https://github.com/cozystack/cozystack/pull/828),
-and the Cozystack etcd-operator (https://github.com/cozystack/cozystack/pull/850).
-All Cozystack components that have VPA enabled can automatically adjust their CPU and memory requests based on usage, improving platform and application stability.
-
-<!--
 * Add VerticalPodAutoscaler to a few more components:
     * [kubernetes] Kubernetes clusters in user tenants. (@klinch0 in https://github.com/cozystack/cozystack/pull/806)
     * [platform] Cozystack dashboard. (@klinch0 in https://github.com/cozystack/cozystack/pull/828)
     * [platform] Cozystack etcd-operator (@klinch0 in https://github.com/cozystack/cozystack/pull/850)
--->
+* Introduce support for cross-architecture builds and Cozystack on ARM:
-
+    * [build] Refactor Makefiles introducing build variables. (@nbykov0 in https://github.com/cozystack/cozystack/pull/907)
-### Tenant HelmRelease Reconcile Controller
+    * [build] Add support for multi-architecture and cross-platform image builds. (@nbykov0 in https://github.com/cozystack/cozystack/pull/932 and https://github.com/cozystack/cozystack/pull/970)
-
-A new controller was introduced to monitor and synchronize HelmRelease resources across tenants.
-This controller propagates configuration changes to tenant workloads and ensures that any HelmRelease defined in a tenant
-stays in sync with platform updates.
-It improves the reliability of deploying managed applications in Cozystack.
-(@klinch0 in https://github.com/cozystack/cozystack/pull/870)
-
-<!--
 * [platform] Introduce a new controller to synchronize tenant HelmReleases and propagate configuration changes. (@klinch0 in https://github.com/cozystack/cozystack/pull/870)
--->
+* [platform] Introduce options `expose-services`, `expose-ingress` and `expose-external-ips` to the ingress service. (@kvaps in https://github.com/cozystack/cozystack/pull/929)
-
-### Virtual Machine Improvements
-
-**Configurable KubeVirt CPU Overcommit**: The CPU allocation ratio in KubeVirt (how virtual CPUs are overcommitted relative to physical) is now configurable
-via the `cpu-allocation-ratio` value in the Cozystack configmap.
-This means Cozystack administrators can now tune CPU overcommitment for VMs to balance performance vs. density.
-(@lllamnyp in https://github.com/cozystack/cozystack/pull/905)
-
-**KubeVirt VM Export**: Cozystack now allows exporting KubeVirt virtual machines.
-This feature, enabled via KubeVirt's `VirtualMachineExport` capability, lets users snapshot or back up VM images.
-(@kvaps in https://github.com/cozystack/cozystack/pull/808)
-
-**Support for various storage classes in Virtual Machines**: The `virtual-machine` application (since version 0.9.2) lets you pick any StorageClass for a VM's 
-system disk instead of relying on a hard-coded PVC.
-Refer to values `systemDisk.storage` and `systemDisk.storageClass` in the [application's configs](https://cozystack.io/docs/reference/applications/virtual-machine/#common-parameters).
-(@kvaps in https://github.com/cozystack/cozystack/pull/974)
-
-<!--
 * [kubevirt] Enable exporting VMs. (@kvaps in https://github.com/cozystack/cozystack/pull/808)
 * [kubevirt] Make KubeVirt's CPU allocation ratio configurable. (@lllamnyp in https://github.com/cozystack/cozystack/pull/905)
 * [virtual-machine] Add support for various storages. (@kvaps in https://github.com/cozystack/cozystack/pull/974)
--->
-
-### Other Features and Improvements
-
-* [platform] Introduce options `expose-services`, `expose-ingress`, and `expose-external-ips` to the ingress service. (@kvaps in https://github.com/cozystack/cozystack/pull/929)
 * [cozystack-controller] Record the IP address pool and storage class in Workload objects. (@lllamnyp in https://github.com/cozystack/cozystack/pull/831)
+* [cilium] Enable Cilium Gateway API. (@zdenekjanda in https://github.com/cozystack/cozystack/pull/924)
+* [cilium] Enable user-added parameters in a tenant cluster Cilium. (@lllamnyp in https://github.com/cozystack/cozystack/pull/917)
 * [apps] Remove user-facing config of limits and requests. (@lllamnyp in https://github.com/cozystack/cozystack/pull/935)
-
+* Update the Cozystack release policy to include long-lived release branches and start with release candidates. Update CI workflows and docs accordingly.
-## New Release Lifecycle
+    * Use release branches `release-X.Y` for gathering and releasing fixes after initial `vX.Y.0` release. (@kvaps in https://github.com/cozystack/cozystack/pull/816)
-
+    * Automatically create release branches after initial `vX.Y.0` release is published. (@kvaps in https://github.com/cozystack/cozystack/pull/886)
-Cozystack release lifecycle is changing to provide a more stable and predictable lifecycle to customers running Cozystack in mission-critical environments.
+    * Introduce Release Candidate versions. Automate patch backporting by applying patches from pull requests labeled `[backport]` to the current release branch. (@kvaps in https://github.com/cozystack/cozystack/pull/841 and https://github.com/cozystack/cozystack/pull/901, @nickvolynkin in https://github.com/cozystack/cozystack/pull/890)
-
+    * Support alpha and beta pre-releases. (@kvaps in https://github.com/cozystack/cozystack/pull/978)
-* **Gradual Release with Alpha, Beta, and Release Candidates**: Cozystack will now publish pre-release versions (alpha, beta, release candidates) before a stable release.
+    * Commit changes in release pipelines under `github-actions <github-actions@github.com>`. (@kvaps in https://github.com/cozystack/cozystack/pull/823)
-  Starting with v0.31.0, the team made three release candidates before releasing version v0.31.0.
+    * Describe the Cozystack release workflow. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/817 and https://github.com/cozystack/cozystack/pull/897)
-  This allows more testing and feedback before marking a release as stable.
-
-* **Prolonged Release Support with Patch Versions**: After the initial `vX.Y.0` release, a long-lived branch `release-X.Y` will be created to backport fixes.
-  For example, with 0.31.0’s release, a `release-0.31` branch will track patch fixes (`0.31.x`).
-  This strategy lets Cozystack users receive timely patch releases and updates with minimal risks.
-
-To implement these new changes, we have rebuilt our CI/CD workflows and introduced automation, enabling automatic backports.
-You can read more about how it's implemented in the Development section below.
-
-For more information, read the [Cozystack Release Workflow](https://github.com/cozystack/cozystack/blob/main/docs/release.md) documentation.
 
 ## Fixes
 
 * [virtual-machine] Add GPU names to the virtual machine specifications. (@kvaps in https://github.com/cozystack/cozystack/pull/862)
 * [virtual-machine] Count Workload resources for pods by requests, not limits. Other improvements to VM resource tracking. (@lllamnyp in https://github.com/cozystack/cozystack/pull/904)
-* [virtual-machine] Set PortList method by default. (@kvaps in https://github.com/cozystack/cozystack/pull/996)
-* [virtual-machine] Specify ports even for wholeIP mode. (@kvaps in https://github.com/cozystack/cozystack/pull/1000)
 * [platform] Fix installing HelmReleases on initial setup. (@kvaps in https://github.com/cozystack/cozystack/pull/833)
 * [platform] Migration scripts update Kubernetes ConfigMap with the current stack version for improved version tracking. (@klinch0 in https://github.com/cozystack/cozystack/pull/840)
 * [platform] Reduce requested CPU and RAM for the `kamaji` provider. (@klinch0 in https://github.com/cozystack/cozystack/pull/825)
@@ -135,8 +45,7 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * [kubernetes] Fix merging `valuesOverride` for tenant clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/879)
 * [kubernetes] Fix `ubuntu-container-disk` tag. (@kvaps in https://github.com/cozystack/cozystack/pull/887)
 * [kubernetes] Refactor Helm manifests for tenant Kubernetes clusters. (@kvaps in https://github.com/cozystack/cozystack/pull/866)
-* [kubernetes] Fix Ingress-NGINX depends on Cert-Manager. (@kvaps in https://github.com/cozystack/cozystack/pull/976)
+* [kubernetes] Fix Ingress-NGINX depends on Cert-Manager . (@kvaps in https://github.com/cozystack/cozystack/pull/976)
-* [kubernetes, apps] Enable `topologySpreadConstraints` for tenant Kubernetes clusters and fix it for managed PostgreSQL. (@klinch0 in https://github.com/cozystack/cozystack/pull/995)
 * [tenant] Fix an issue with accessing external IPs of a cluster from the cluster itself. (@kvaps in https://github.com/cozystack/cozystack/pull/854)
 * [cluster-api] Remove the no longer necessary workaround for Kamaji. (@kvaps in https://github.com/cozystack/cozystack/pull/867, patched in https://github.com/cozystack/cozystack/pull/956) 
 * [monitoring] Remove legacy label "POD" from the exclude filter in metrics. (@xy2 in https://github.com/cozystack/cozystack/pull/826)
@@ -145,13 +54,24 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * [postgres] Remove duplicated `template` entry from backup manifest. (@etoshutka in https://github.com/cozystack/cozystack/pull/872)
 * [kube-ovn] Fix versions mapping in Makefile. (@kvaps in https://github.com/cozystack/cozystack/pull/883)
 * [dx] Automatically detect version for migrations in the installer.sh. (@kvaps in https://github.com/cozystack/cozystack/pull/837)
-* [dx] remove version_map and building for library charts. (@kvaps in https://github.com/cozystack/cozystack/pull/998)
+* [e2e] Increase timeout durations for `capi` and `keycloak` to improve reliability during environment setup. (@kvaps in https://github.com/cozystack/cozystack/pull/858)
-* [docs] Review the tenant Kubernetes cluster docs. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/969)
+* [e2e] Fix `device_ownership_from_security_context` CRI. (@dtrdnk in https://github.com/cozystack/cozystack/pull/896)
-* [docs] Explain that tenants cannot have dashes in their names. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/980)
+* [e2e] Return `genisoimage` to the e2e-test Dockerfile (@gwynbleidd2106 in https://github.com/cozystack/cozystack/pull/962)
+* [ci] Improve the check for `versions_map` running on pull requests. (@kvaps and @klinch0 in https://github.com/cozystack/cozystack/pull/836, https://github.com/cozystack/cozystack/pull/842, and https://github.com/cozystack/cozystack/pull/845)
+* [ci] If the release step was skipped on a tag, skip tests as well. (@kvaps in https://github.com/cozystack/cozystack/pull/822)
+* [ci] Allow CI to cancel the previous job if a new one is scheduled. (@kvaps in https://github.com/cozystack/cozystack/pull/873)
+* [ci] Use the correct version name when uploading build assets to the release page. (@kvaps in https://github.com/cozystack/cozystack/pull/876)
+* [ci] Stop using `ok-to-test` label to trigger CI in pull requests. (@kvaps in https://github.com/cozystack/cozystack/pull/875)
+* [ci] Do not run tests in the release building pipeline. (@kvaps in https://github.com/cozystack/cozystack/pull/882)
+* [ci] Fix release branch creation. (@kvaps in https://github.com/cozystack/cozystack/pull/884)
+* [ci, dx] Reduce noise in the test logs by suppressing the `wget` progress bar. (@lllamnyp in https://github.com/cozystack/cozystack/pull/865)
+* [ci] Revert "automatically trigger tests in releasing PR". (@kvaps in https://github.com/cozystack/cozystack/pull/900)
+* [ci] Force-update release branch on tagged main commits . (@kvaps in https://github.com/cozystack/cozystack/pull/977)
+* [docs] Explain that tenants cannot have dashes in the names. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/980)
 
 ## Dependencies
 
-* MetalLB images are now built in-tree based on version 0.14.9 with additional critical patches. (@lllamnyp in https://github.com/cozystack/cozystack/pull/945)
+* MetalLB s now included directly as a patched image based on version 0.14.9. (@lllamnyp in https://github.com/cozystack/cozystack/pull/945)
 * Update Kubernetes to v1.32.4. (@kvaps in https://github.com/cozystack/cozystack/pull/949)
 * Update Talos Linux to v1.10.1. (@kvaps in https://github.com/cozystack/cozystack/pull/931)
 * Update Cilium to v1.17.3. (@kvaps in https://github.com/cozystack/cozystack/pull/848)
@@ -163,81 +83,15 @@ For more information, read the [Cozystack Release Workflow](https://github.com/c
 * Update KamajiControlPlane to edge-25.4.1. (@kvaps in https://github.com/cozystack/cozystack/pull/953, fixed by @nbykov0 in https://github.com/cozystack/cozystack/pull/983)
 * Update cert-manager to v1.17.2. (@kvaps in https://github.com/cozystack/cozystack/pull/975)
 
-## Documentation
+## Maintenance
 
-* [Installing Talos in Air-Gapped Environment](https://cozystack.io/docs/operations/talos/configuration/air-gapped/):
+* Add @klinch0 to CODEOWNERS. (@kvaps in https://github.com/cozystack/cozystack/pull/838)
-  new guide for configuring and bootstrapping Talos Linux clusters in air-gapped environments.
-  (@klinch0 in https://github.com/cozystack/website/pull/203)
 
-* [Cozystack Bundles](https://cozystack.io/docs/guides/bundles/): new page in the learning section explaining how Cozystack bundles work and how to choose a bundle.
+## New Contributors
-  (@NickVolynkin in https://github.com/cozystack/website/pull/188, https://github.com/cozystack/website/pull/189, and others;
-  updated by @kvaps in https://github.com/cozystack/website/pull/192 and https://github.com/cozystack/website/pull/193)
-
-* [Managed Application Reference](https://cozystack.io/docs/reference/applications/): A set of new pages in the docs, mirroring application docs from the Cozystack dashboard.
-  (@NickVolynkin in https://github.com/cozystack/website/pull/198, https://github.com/cozystack/website/pull/202, and https://github.com/cozystack/website/pull/204)
-
-* **LINSTOR Networking**: Guides on [configuring dedicated network for LINSTOR](https://cozystack.io/docs/operations/storage/dedicated-network/)
-and [configuring network for distributed storage in multi-datacenter setup](https://cozystack.io/docs/operations/stretched/linstor-dedicated-network/).
-(@xy2, edited by @NickVolynkin in https://github.com/cozystack/website/pull/171, https://github.com/cozystack/website/pull/182, and https://github.com/cozystack/website/pull/184)
-
-### Fixes
-
-* Correct error in the doc for the command to edit the configmap. (@lb0o in https://github.com/cozystack/website/pull/207)
-* Fix group name in OIDC docs (@kingdonb in https://github.com/cozystack/website/pull/179)
-* A bit more explanation of Docker buildx builders. (@nbykov0 in https://github.com/cozystack/website/pull/187)
-
-## Development, Testing, and CI/CD
-
-### Testing
-
-Improvements:
-
-* Introduce `cozytest` — a new [BATS-based](https://github.com/bats-core/bats-core) testing framework. (@kvaps in https://github.com/cozystack/cozystack/pull/982)
-
-Fixes:
-
-* Fix `device_ownership_from_security_context` CRI. (@dtrdnk in https://github.com/cozystack/cozystack/pull/896)
-* Increase timeout durations for `capi` and `keycloak` to improve reliability during e2e-tests. (@kvaps in https://github.com/cozystack/cozystack/pull/858)
-* Return `genisoimage` to the e2e-test Dockerfile (@gwynbleidd2106 in https://github.com/cozystack/cozystack/pull/962)
-
-### CI/CD Changes
-                          
-Improvements:
-
-* Use release branches `release-X.Y` for gathering and releasing fixes after initial `vX.Y.0` release. (@kvaps in https://github.com/cozystack/cozystack/pull/816)
-* Automatically create release branches after initial `vX.Y.0` release is published. (@kvaps in https://github.com/cozystack/cozystack/pull/886)
-* Introduce Release Candidate versions. Automate patch backporting by applying patches from pull requests labeled `[backport]` to the current release branch. (@kvaps in https://github.com/cozystack/cozystack/pull/841 and https://github.com/cozystack/cozystack/pull/901, @nickvolynkin in https://github.com/cozystack/cozystack/pull/890)
-* Support alpha and beta pre-releases. (@kvaps in https://github.com/cozystack/cozystack/pull/978)
-* Commit changes in release pipelines under `github-actions <github-actions@github.com>`. (@kvaps in https://github.com/cozystack/cozystack/pull/823)
-* Describe the Cozystack release workflow. (@NickVolynkin in https://github.com/cozystack/cozystack/pull/817 and https://github.com/cozystack/cozystack/pull/897)
-
-Fixes:
-
-* Improve the check for `versions_map` running on pull requests. (@kvaps and @klinch0 in https://github.com/cozystack/cozystack/pull/836, https://github.com/cozystack/cozystack/pull/842, and https://github.com/cozystack/cozystack/pull/845)
-* If the release step was skipped on a tag, skip tests as well. (@kvaps in https://github.com/cozystack/cozystack/pull/822)
-* Allow CI to cancel the previous job if a new one is scheduled. (@kvaps in https://github.com/cozystack/cozystack/pull/873)
-* Use the correct version name when uploading build assets to the release page. (@kvaps in https://github.com/cozystack/cozystack/pull/876)
-* Stop using `ok-to-test` label to trigger CI in pull requests. (@kvaps in https://github.com/cozystack/cozystack/pull/875)
-* Do not run tests in the release building pipeline. (@kvaps in https://github.com/cozystack/cozystack/pull/882)
-* Fix release branch creation. (@kvaps in https://github.com/cozystack/cozystack/pull/884)
-* Reduce noise in the test logs by suppressing the `wget` progress bar. (@lllamnyp in https://github.com/cozystack/cozystack/pull/865)
-* Revert "automatically trigger tests in releasing PR". (@kvaps in https://github.com/cozystack/cozystack/pull/900)
-* Force-update release branch on tagged main commits. (@kvaps in https://github.com/cozystack/cozystack/pull/977)
-* Show detailed errors in the `pull-request-release` workflow. (@lllamnyp in https://github.com/cozystack/cozystack/pull/992)
-
-## Community and Maintenance
-
-### Repository Maintenance
-
-Added @klinch0 to CODEOWNERS. (@kvaps in https://github.com/cozystack/cozystack/pull/838)
-
-### New Contributors
 
 * @etoshutka made their first contribution in https://github.com/cozystack/cozystack/pull/872
 * @dtrdnk made their first contribution in https://github.com/cozystack/cozystack/pull/896
 * @zdenekjanda made their first contribution in https://github.com/cozystack/cozystack/pull/924
 * @gwynbleidd2106 made their first contribution in https://github.com/cozystack/cozystack/pull/962
 
-## Full Changelog
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.30.0...v0.31.0-rc.3
-
-See https://github.com/cozystack/cozystack/compare/v0.30.0...v0.31.0

hack/e2e-apps.bats

@@ -23,7 +23,7 @@ EOF
   kubectl wait namespace tenant-test --timeout=20s --for=jsonpath='{.status.phase}'=Active
 }
 
-@test "Create a tenant Kubernetes control plane" {
+@test "Create a tenant Kubernetes cluster" {
   kubectl create -f - <<EOF
 apiVersion: apps.cozystack.io/v1alpha1
 kind: Kubernetes
@@ -90,5 +90,5 @@ EOF
   kubectl wait tcp -n tenant-test kubernetes-test --timeout=2m --for=jsonpath='{.status.kubernetesResources.version.status}'=Ready
   kubectl wait deploy --timeout=4m --for=condition=available -n tenant-test kubernetes-test kubernetes-test-cluster-autoscaler kubernetes-test-kccm kubernetes-test-kcsi-controller
   kubectl wait machinedeployment kubernetes-test-md0 -n tenant-test --timeout=1m --for=jsonpath='{.status.replicas}'=2
-  kubectl wait machinedeployment kubernetes-test-md0 -n tenant-test --timeout=5m --for=jsonpath='{.status.v1beta2.readyReplicas}'=2
+  kubectl wait machinedeployment kubernetes-test-md0 -n tenant-test --timeout=8m --for=jsonpath='{.status.v1beta2.readyReplicas}'=2
 }

hack/e2e-cluster.bats

@@ -3,14 +3,12 @@
 # Cozystack end‑to‑end provisioning test (Bats)
 # -----------------------------------------------------------------------------
 
-@test "Required installer assets exist" {
+@test "Environment variable COZYSTACK_INSTALLER_YAML is defined" {
-  if [ ! -f _out/assets/cozystack-installer.yaml ]; then
+  if [ -z "${COZYSTACK_INSTALLER_YAML:-}" ]; then
-    echo "Missing: _out/assets/cozystack-installer.yaml" >&2
+    echo 'COZYSTACK_INSTALLER_YAML environment variable is not set!' >&2
-    exit 1
+    echo >&2
-  fi
+    echo 'Please export it with the following command:' >&2
-
+    echo '  export COZYSTACK_INSTALLER_YAML=$(helm template -n cozy-system installer packages/core/installer)' >&2
-  if [ ! -f _out/assets/nocloud-amd64.raw.xz ]; then
-    echo "Missing: _out/assets/nocloud-amd64.raw.xz" >&2
     exit 1
   fi
 }
@@ -72,15 +70,13 @@ EOF
   done
 }
 
-@test "Use Talos NoCloud image from assets" {
+@test "Download Talos NoCloud image" {
-  if [ ! -f _out/assets/nocloud-amd64.raw.xz ]; then
+  if [ ! -f nocloud-amd64.raw ]; then
-    echo "Missing _out/assets/nocloud-amd64.raw.xz" 2>&1
+    wget https://github.com/cozystack/cozystack/releases/latest/download/nocloud-amd64.raw.xz \
-    exit 1
+      -O nocloud-amd64.raw.xz --show-progress --output-file /dev/stdout --progress=dot:giga 2>/dev/null
+    rm -f nocloud-amd64.raw
+    xz --decompress nocloud-amd64.raw.xz
   fi
-
-  rm -f nocloud-amd64.raw
-  cp _out/assets/nocloud-amd64.raw.xz .
-  xz --decompress nocloud-amd64.raw.xz
 }
 
 @test "Prepare VM disks" {
@@ -247,8 +243,8 @@ EOF
           --from-literal=api-server-endpoint=https://192.168.123.10:6443 \
           --dry-run=client -o yaml | kubectl apply -f -
 
-  # Apply installer manifests from file
+  # Apply installer manifests from env variable
-  kubectl apply -f _out/assets/cozystack-installer.yaml
+  echo "$COZYSTACK_INSTALLER_YAML" | kubectl apply -f -
 
   # Wait for the installer deployment to become available
   kubectl wait deployment/cozystack -n cozy-system --timeout=1m --for=condition=Available

packages/apps/clickhouse/README.md

@@ -1,35 +1,32 @@
 # Managed Clickhouse Service
 
-ClickHouse is an open source high-performance and column-oriented SQL database management system (DBMS).
-It is used for online analytical processing (OLAP).
-Cozystack platform uses Altinity operator to provide ClickHouse.
-
 ### How to restore backup:
 
-1. Find a snapshot:
+find snapshot:
-    ```
+```
-    restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
+restic -r s3:s3.example.org/clickhouse-backups/table_name snapshots
-    ```
+```
 
-2.  Restore it:
+restore:
-    ```
+```
-    restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
+restic -r s3:s3.example.org/clickhouse-backups/table_name restore latest --target /tmp/
-    ```
+```
 
-For more details, read [Restic: Effective Backup from Stdin](https://blog.aenix.io/restic-effective-backup-from-stdin-4bc1e8f083c1).
+more details:
+- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
 
 ## Parameters
 
 ### Common parameters
 
-| Name             | Description                                              | Value  |
+| Name             | Description                         | Value  |
-| ---------------- | -------------------------------------------------------- | ------ |
+| ---------------- | ----------------------------------- | ------ |
-| `size`           | Size of Persistent Volume for data                       | `10Gi` |
+| `size`           | Persistent Volume size              | `10Gi` |
-| `logStorageSize` | Size of Persistent Volume for logs                       | `2Gi`  |
+| `logStorageSize` | Persistent Volume for logs size     | `2Gi`  |
-| `shards`         | Number of Clickhouse shards                              | `1`    |
+| `shards`         | Number of Clickhouse replicas       | `1`    |
-| `replicas`       | Number of Clickhouse replicas                            | `2`    |
+| `replicas`       | Number of Clickhouse shards         | `2`    |
-| `storageClass`   | StorageClass used to store the data                      | `""`   |
+| `storageClass`   | StorageClass used to store the data | `""`   |
-| `logTTL`         | TTL (expiration time) for query_log and query_thread_log | `15`   |
+| `logTTL`         | for query_log and query_thread_log  | `15`   |
 
 ### Configuration parameters
 
@@ -39,32 +36,15 @@ For more details, read [Restic: Effective Backup from Stdin](https://blog.aenix.
 
 ### Backup parameters
 
-| Name                     | Description                                                                 | Value                                                  |
+| Name                     | Description                                                                                                                                                                                                       | Value                                                  |
-| ------------------------ | --------------------------------------------------------------------------- | ------------------------------------------------------ |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
-| `backup.enabled`         | Enable periodic backups                                                     | `false`                                                |
+| `backup.enabled`         | Enable pereiodic backups                                                                                                                                                                                          | `false`                                                |
-| `backup.s3Region`        | AWS S3 region where backups are stored                                      | `us-east-1`                                            |
+| `backup.s3Region`        | The AWS S3 region where backups are stored                                                                                                                                                                        | `us-east-1`                                            |
-| `backup.s3Bucket`        | S3 bucket used for storing backups                                          | `s3.example.org/clickhouse-backups`                    |
+| `backup.s3Bucket`        | The S3 bucket used for storing backups                                                                                                                                                                            | `s3.example.org/clickhouse-backups`                    |
-| `backup.schedule`        | Cron schedule for automated backups                                         | `0 2 * * *`                                            |
+| `backup.schedule`        | Cron schedule for automated backups                                                                                                                                                                               | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups                              | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.cleanupStrategy` | The strategy for cleaning up old backups                                                                                                                                                                          | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication                                  | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
+| `backup.s3AccessKey`     | The access key for S3, used for authentication                                                                                                                                                                    | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication                                  | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
+| `backup.s3SecretKey`     | The secret key for S3, used for authentication                                                                                                                                                                    | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
-| `backup.resticPassword`  | Password for Restic backup encryption                                       | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
+| `backup.resticPassword`  | The password for Restic backup encryption                                                                                                                                                                         | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
-| `resources`              | Explicit CPU/memory resource requests and limits for the Clickhouse service | `{}`                                                   |
+| `resources`              | Resources                                                                                                                                                                                                         | `{}`                                                   |
-| `resourcesPreset`        | Use a common resources preset when `resources` is not set explicitly.       | `nano`                                                 |
+| `resourcesPreset`        | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano`                                                 |
-
-
-In production environments, it's recommended to set `resources` explicitly.
-Example of `resources`:
-
-```yaml
-resources:
-  limits:
-    cpu: 4000m
-    memory: 4Gi
-  requests:
-    cpu: 100m
-    memory: 512Mi
-```
-
-Allowed values for `resourcesPreset` are `none`, `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-This value is ignored if `resources` value is set. 

packages/apps/clickhouse/values.schema.json

@@ -4,22 +4,22 @@
     "properties": {
         "size": {
             "type": "string",
-            "description": "Size of Persistent Volume for data",
+            "description": "Persistent Volume size",
             "default": "10Gi"
         },
         "logStorageSize": {
             "type": "string",
-            "description": "Size of Persistent Volume for logs",
+            "description": "Persistent Volume for logs size",
             "default": "2Gi"
         },
         "shards": {
             "type": "number",
-            "description": "Number of Clickhouse shards",
+            "description": "Number of Clickhouse replicas",
             "default": 1
         },
         "replicas": {
             "type": "number",
-            "description": "Number of Clickhouse replicas",
+            "description": "Number of Clickhouse shards",
             "default": 2
         },
         "storageClass": {
@@ -29,7 +29,7 @@
         },
         "logTTL": {
             "type": "number",
-            "description": "TTL (expiration time) for query_log and query_thread_log",
+            "description": "for query_log and query_thread_log",
             "default": 15
         },
         "backup": {
@@ -37,17 +37,17 @@
             "properties": {
                 "enabled": {
                     "type": "boolean",
-                    "description": "Enable periodic backups",
+                    "description": "Enable pereiodic backups",
                     "default": false
                 },
                 "s3Region": {
                     "type": "string",
-                    "description": "AWS S3 region where backups are stored",
+                    "description": "The AWS S3 region where backups are stored",
                     "default": "us-east-1"
                 },
                 "s3Bucket": {
                     "type": "string",
-                    "description": "S3 bucket used for storing backups",
+                    "description": "The S3 bucket used for storing backups",
                     "default": "s3.example.org/clickhouse-backups"
                 },
                 "schedule": {
@@ -57,34 +57,34 @@
                 },
                 "cleanupStrategy": {
                     "type": "string",
-                    "description": "Retention strategy for cleaning up old backups",
+                    "description": "The strategy for cleaning up old backups",
                     "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
                 },
                 "s3AccessKey": {
                     "type": "string",
-                    "description": "Access key for S3, used for authentication",
+                    "description": "The access key for S3, used for authentication",
                     "default": "oobaiRus9pah8PhohL1ThaeTa4UVa7gu"
                 },
                 "s3SecretKey": {
                     "type": "string",
-                    "description": "Secret key for S3, used for authentication",
+                    "description": "The secret key for S3, used for authentication",
                     "default": "ju3eum4dekeich9ahM1te8waeGai0oog"
                 },
                 "resticPassword": {
                     "type": "string",
-                    "description": "Password for Restic backup encryption",
+                    "description": "The password for Restic backup encryption",
                     "default": "ChaXoveekoh6eigh4siesheeda2quai0"
                 }
             }
         },
         "resources": {
             "type": "object",
-            "description": "Explicit CPU/memory resource requests and limits for the Clickhouse service",
+            "description": "Resources",
             "default": {}
         },
         "resourcesPreset": {
             "type": "string",
-            "description": "Use a common resources preset when `resources` is not set explicitly.",
+            "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
             "default": "nano"
         }
     }

packages/apps/clickhouse/values.yaml

@@ -1,11 +1,11 @@
 ## @section Common parameters
 
-## @param size Size of Persistent Volume for data
+## @param size Persistent Volume size
-## @param logStorageSize Size of Persistent Volume for logs
+## @param logStorageSize Persistent Volume for logs size
-## @param shards Number of Clickhouse shards
+## @param shards Number of Clickhouse replicas
-## @param replicas Number of Clickhouse replicas
+## @param replicas Number of Clickhouse shards
 ## @param storageClass StorageClass used to store the data
-## @param logTTL TTL (expiration time) for query_log and query_thread_log
+## @param logTTL for query_log and query_thread_log
 ##
 size: 10Gi
 logStorageSize: 2Gi
@@ -29,14 +29,14 @@ users: {}
 
 ## @section Backup parameters
 
-## @param backup.enabled Enable periodic backups
+## @param backup.enabled Enable pereiodic backups
-## @param backup.s3Region AWS S3 region where backups are stored
+## @param backup.s3Region The AWS S3 region where backups are stored
-## @param backup.s3Bucket S3 bucket used for storing backups
+## @param backup.s3Bucket The S3 bucket used for storing backups
 ## @param backup.schedule Cron schedule for automated backups
-## @param backup.cleanupStrategy Retention strategy for cleaning up old backups
+## @param backup.cleanupStrategy The strategy for cleaning up old backups
-## @param backup.s3AccessKey Access key for S3, used for authentication
+## @param backup.s3AccessKey The access key for S3, used for authentication
-## @param backup.s3SecretKey Secret key for S3, used for authentication
+## @param backup.s3SecretKey The secret key for S3, used for authentication
-## @param backup.resticPassword Password for Restic backup encryption
+## @param backup.resticPassword The password for Restic backup encryption
 backup:
   enabled: false
   s3Region: us-east-1
@@ -47,7 +47,7 @@ backup:
   s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
   resticPassword: ChaXoveekoh6eigh4siesheeda2quai0
 
-## @param resources Explicit CPU/memory resource requests and limits for the Clickhouse service
+## @param resources Resources
 resources: {}
  # resources:
  #   limits:
@@ -56,6 +56,6 @@ resources: {}
  #   requests:
  #     cpu: 100m
  #     memory: 512Mi
-
+ 
-## @param resourcesPreset Use a common resources preset when `resources` is not set explicitly.
+## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
 resourcesPreset: "nano"

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.12.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
+ghcr.io/cozystack/cozystack/postgres-backup:0.11.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.5.0@sha256:c1944c60a449e36e29153a38db6feee41139d38b02fe3670efb673feb3bc0ee6
+ghcr.io/cozystack/cozystack/nginx-cache:0.5.0@sha256:158c35dd6a512bd14e86a423be5c8c7ca91ac71999c73cce2714e4db60a2db43

packages/apps/kafka/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.1
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kafka/README.md

@@ -14,9 +14,9 @@
 | `zookeeper.replicas`        | Number of ZooKeeper replicas                                                                                                                                                                                      | `3`     |
 | `zookeeper.storageClass`    | StorageClass used to store the ZooKeeper data                                                                                                                                                                     | `""`    |
 | `kafka.resources`           | Resources                                                                                                                                                                                                         | `{}`    |
-| `kafka.resourcesPreset`     | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `small` |
+| `kafka.resourcesPreset`     | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano`  |
 | `zookeeper.resources`       | Resources                                                                                                                                                                                                         | `{}`    |
-| `zookeeper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` |
+| `zookeeper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano`  |
 
 ### Configuration parameters
 

packages/apps/kafka/values.schema.json

@@ -33,7 +33,7 @@
                 "resourcesPreset": {
                     "type": "string",
                     "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
-                    "default": "small"
+                    "default": "nano"
                 }
             }
         },
@@ -63,7 +63,7 @@
                 "resourcesPreset": {
                     "type": "string",
                     "description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
-                    "default": "micro"
+                    "default": "nano"
                 }
             }
         },

packages/apps/kafka/values.yaml

@@ -25,7 +25,7 @@ kafka:
   #     memory: 512Mi
   
   ## @param kafka.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-  resourcesPreset: "small"
+  resourcesPreset: "nano"
 
 zookeeper:
   size: 5Gi
@@ -42,7 +42,7 @@ zookeeper:
   #     memory: 512Mi
   
   ## @param zookeeper.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-  resourcesPreset: "micro"
+  resourcesPreset: "nano"
 
 ## @section Configuration parameters
 

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.21.0@sha256:3a8170433e1632e5cc2b6d9db34d0605e8e6c63c158282c38450415e700e932e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.20.1@sha256:720148128917fa10f860a8b7e74f9428de72481c466c880c5ad894e1f0026d43

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.21.0@sha256:c53cff22980c754eb45f552cb1ccd3d9ad0b4ce4c12b024012e0ae256fd114f0
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.20.1@sha256:1b48a4725a33ccb48604bb2e1be3171271e7daac2726d3119228212d8a9da5bb

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.21.0@sha256:510e4c8db50126391b94668fccce9f6ed82d298a02882d2585596b5c6213ddc3
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.20.1@sha256:fb6d3ce9d6d948285a6d399c852e15259d6922162ec7c44177d2274243f59d1f

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:e53f2394c7aa76ad10818ffb945e40006cd77406999e47e036d41b8b0bf094cc
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.32@sha256:184b81529ae72684279799b12f436cc7a511d8ff5bd1e9a30478799c7707c625

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.12.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f
+ghcr.io/cozystack/cozystack/postgres-backup:0.11.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f

packages/apps/tenant/Chart.yaml

@@ -4,4 +4,4 @@ description: Separated tenant namespace
 icon: /logos/tenant.svg
 
 type: application
-version: 1.10.0
+version: 1.9.2

packages/apps/tenant/charts/cozy-lib

@@ -1 +0,0 @@
-../../../library/cozy-lib

packages/apps/tenant/templates/tenant.yaml

@@ -23,8 +23,8 @@ metadata:
   namespace: {{ include "tenant.name" . }}
 rules:
 - apiGroups: [""]
-  resources: ["pods", "services", "persistentvolumes", "endpoints", "events", "resourcequotas"]
+  resources: ["*"]
-  verbs: ["get", "list", "watch"]
+  verbs: ["get", "list", "watch", "create", "update", "patch"]
 - apiGroups: ["networking.k8s.io"]
   resources: ["ingresses"]
   verbs: ["get", "list", "watch"]
@@ -94,12 +94,7 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - pods
+      - "*"
-      - services
-      - persistentvolumes
-      - endpoints
-      - events
-      - resourcequotas
     verbs:
       - get
       - list
@@ -124,7 +119,24 @@ metadata:
   name: {{ include "tenant.name" . }}-view
   namespace: {{ include "tenant.name" . }}
 subjects:
-{{ include "cozy-lib.rbac.subjectsForTenant" (list "view" (include "tenant.name" .)) | nindent 2 }}
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-view
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-view
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-view
@@ -153,12 +165,7 @@ rules:
     - watch
   - apiGroups: [""]
     resources:
-      - pods
+    - "*"
-      - services
-      - persistentvolumes
-      - endpoints
-      - events
-      - resourcequotas
     verbs:
     - get
     - list
@@ -177,12 +184,6 @@ rules:
     verbs:
     - get
     - list
-  - apiGroups: ["subresources.kubevirt.io"]
-    resources:
-      - virtualmachineinstances/portforward
-    verbs:
-      - get
-      - update
   - apiGroups:
     - cozystack.io
     resources:
@@ -195,7 +196,24 @@ metadata:
   name: {{ include "tenant.name" . }}-use
   namespace: {{ include "tenant.name" . }}
 subjects:
-{{ include "cozy-lib.rbac.subjectsForTenant" (list "use" (include "tenant.name" .)) | nindent 2 }}
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-use
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-use
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-use
@@ -216,12 +234,7 @@ rules:
     - get
   - apiGroups: [""]
     resources:
-      - pods
+    - "*"
-      - services
-      - persistentvolumes
-      - endpoints
-      - events
-      - resourcequotas
     verbs:
     - get
     - list
@@ -240,12 +253,6 @@ rules:
     verbs:
     - get
     - list
-  - apiGroups: ["subresources.kubevirt.io"]
-    resources:
-      - virtualmachineinstances/portforward
-    verbs:
-      - get
-      - update
   - apiGroups: ["apps.cozystack.io"]
     resources:
     - buckets
@@ -286,7 +293,24 @@ metadata:
   name: {{ include "tenant.name" . }}-admin
   namespace: {{ include "tenant.name" . }}
 subjects:
-{{ include "cozy-lib.rbac.subjectsForTenant" (list "admin" (include "tenant.name" .)) | nindent 2 }}
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-admin
@@ -307,12 +331,7 @@ rules:
     - get
   - apiGroups: [""]
     resources:
-      - pods
+    - "*"
-      - services
-      - persistentvolumes
-      - endpoints
-      - events
-      - resourcequotas
     verbs:
     - get
     - list
@@ -330,12 +349,6 @@ rules:
     verbs:
     - get
     - list
-  - apiGroups: ["subresources.kubevirt.io"]
-    resources:
-      - virtualmachineinstances/portforward
-    verbs:
-      - get
-      - update
   - apiGroups: ["apps.cozystack.io"]
     resources:
     - '*'
@@ -353,7 +366,24 @@ metadata:
   name: {{ include "tenant.name" . }}-super-admin
   namespace: {{ include "tenant.name" . }}
 subjects:
-{{ include "cozy-lib.rbac.subjectsForTenant" (list "super-admin" (include "tenant.name" .) ) | nindent 2 }}
+{{- if ne .Release.Namespace "tenant-root" }}
+- kind: Group
+  name: tenant-root-super-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+- kind: Group
+  name: {{ include "tenant.name" . }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- if hasPrefix "tenant-" .Release.Namespace }}
+{{- $parts := splitList "-" .Release.Namespace }}
+{{- range $i, $v := $parts }}
+{{- if ne $i 0 }}
+- kind: Group
+  name: {{ join "-" (slice $parts 0 (add $i 1)) }}-super-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}
 roleRef:
   kind: Role
   name: {{ include "tenant.name" . }}-super-admin

packages/apps/versions_map

@@ -36,8 +36,7 @@ kafka 0.3.2 93c46161
 kafka 0.3.3 8267072d
 kafka 0.4.0 85ec09b8
 kafka 0.5.0 93bdf411
-kafka 0.6.0 6130f43d
+kafka 0.6.0 HEAD
-kafka 0.6.1 HEAD
 kubernetes 0.1.0 263e47be
 kubernetes 0.2.0 53f2365e
 kubernetes 0.3.0 007d414f
@@ -147,8 +146,7 @@ tenant 1.7.0 24fa7222
 tenant 1.8.0 160e4e2a
 tenant 1.9.0 728743db
 tenant 1.9.1 721c12a7
-tenant 1.9.2 8c86905b
+tenant 1.9.2 HEAD
-tenant 1.10.0 HEAD
 virtual-machine 0.1.4 f2015d65
 virtual-machine 0.1.5 263e47be
 virtual-machine 0.2.0 c0685f43

packages/core/installer/hack/gen-profiles.sh

@@ -32,36 +32,17 @@ done
 
 for profile in $PROFILES; do
   echo "writing profile images/talos/profiles/$profile.yaml"
-  case "$profile" in
+  if [ "$profile" = "nocloud" ] || [ "$profile" = "metal" ]; then
-    initramfs|kernel|iso)
+    image_options="{ diskSize: 1306525696, diskFormat: raw }"
-      image_options="{}"
+    out_format=".xz"
-      out_format="raw"
+    platform="$profile"
-      platform="metal"
+    kind="image"
-      kind="$profile"
+  else
-      ;;
+    image_options="{}"
-    installer)
+    out_format="raw"
-      image_options="{}"
+    platform="metal"
-      out_format="raw"
+    kind="$profile"
-      platform="metal"
+  fi
-      kind="installer"
-      ;;
-    metal)
-      image_options="{ diskSize: 1306525696, diskFormat: raw }"
-      out_format=".xz"
-      platform="metal"
-      kind="image"
-      ;;
-    nocloud)
-      image_options="{ diskSize: 1306525696, diskFormat: raw }"
-      out_format=".xz"
-      platform="nocloud"
-      kind="image"
-      ;;
-    *)
-      echo "Unknown profile: $profile" >&2
-      exit 1
-      ;;
-  esac
 
   cat > images/talos/profiles/$profile.yaml <<EOT
 # this file generated by hack/gen-profiles.sh
@@ -76,10 +57,12 @@ input:
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:${TALOS_VERSION}
   systemExtensions:
     - imageRef: ghcr.io/siderolabs/amd-ucode:${AMD_UCODE_VERSION}
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:${AMDGPU_FIRMWARE_VERSION}
     - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:${BNX2_BNX2X_VERSION}
+    - imageRef: ghcr.io/siderolabs/i915-ucode:${I915_UCODE_VERSION}
     - imageRef: ghcr.io/siderolabs/intel-ice-firmware:${INTEL_ICE_FIRMWARE_VERSION}
     - imageRef: ghcr.io/siderolabs/intel-ucode:${INTEL_UCODE_VERSION}
     - imageRef: ghcr.io/siderolabs/qlogic-firmware:${QLOGIC_FIRMWARE_VERSION}

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
     - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
   kind: initramfs
   imageOptions: {}

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
     - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
   kind: installer
   imageOptions: {}

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
     - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
   kind: iso
   imageOptions: {}

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
     - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
   kind: kernel
   imageOptions: {}

packages/core/installer/images/talos/profiles/metal.yaml

@@ -3,22 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
     - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,22 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.10.3
+version: v1.10.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250509
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250509
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
     - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250509
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
-    - imageRef: ghcr.io/siderolabs/zfs:2.3.2-v1.10.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.31.2@sha256:c45ab98465c0077337077f86f5e7d8ab3c051db6092854bbc9c26400c3317f9a
+  image: ghcr.io/cozystack/cozystack/installer:v0.31.0-rc.3@sha256:5fc6b88de670878b66f2b5bf381b89b68253ab3e69ff1cb7359470bc65beb3fa

packages/core/platform/bundles/distro-full.yaml

@@ -167,7 +167,7 @@ releases:
   releaseName: snapshot-controller
   chart: cozy-snapshot-controller
   namespace: cozy-snapshot-controller
-  dependsOn: [cilium]
+  dependsOn: [cilium,cert-manager-issuers]
 
 - name: objectstorage-controller
   releaseName: objectstorage-controller

packages/core/platform/templates/_helpers.tpl

@@ -69,10 +69,4 @@ kubeapps:
       .appview-first-row section[aria-labelledby="access-urls-title"] {
         width: 100%;
       }
-      .header-version {
-        display: none;
-      }
-      .label.label-info-secondary {
-        display: none;
-      }
 {{- end }}

packages/core/testing/Makefile

@@ -33,9 +33,7 @@ image-e2e-sandbox:
 test: test-cluster test-apps ## Run the end-to-end tests in existing sandbox
 
 test-cluster: ## Run the end-to-end for creating a cluster
-	docker cp ../../../_out/assets/cozystack-installer.yaml "${SANDBOX_NAME}":/workspace/_out/assets/cozystack-installer.yaml
+	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/cozytest.sh hack/e2e-cluster.bats'
-	docker cp ../../../_out/assets/nocloud-amd64.raw.xz "${SANDBOX_NAME}":/workspace/_out/assets/nocloud-amd64.raw.xz
-	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && hack/cozytest.sh hack/e2e-cluster.bats'
 
 test-apps: ## Run the end-to-end tests for apps
 	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && hack/cozytest.sh hack/e2e-apps.bats'

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.2@sha256:90468a068e64d41135e94104307dfee7c34baa97d1ad3661431a54a2a5742f5f
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.31.0-rc.3@sha256:8de0a8900994cb55f74ba25d265eeecac9958b07cdb8f86b9284b9f23668d2bb

packages/extra/bootbox/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.31.2@sha256:b680021f59d717929fe41bc974a0e39ab9b4d361bf8f5189c7a98c2267bd039e
+ghcr.io/cozystack/cozystack/matchbox:v0.31.0-rc.3@sha256:8b65a160333830bf4711246ae78f26095e3b33667440bf1bbdd36db60a7f92e2

packages/extra/monitoring/Chart.yaml

@@ -3,4 +3,4 @@ name: monitoring
 description: Monitoring and observability stack
 icon: /logos/monitoring.svg
 type: application
-version: 1.10.1
+version: 1.10.0

packages/extra/monitoring/images/grafana.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.10.1@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399
+ghcr.io/cozystack/cozystack/grafana:1.9.2@sha256:24382d445bf7a39ed988ef4dc7a0d9f084db891fcb5f42fd2e64622710b9457e

packages/extra/monitoring/templates/vpa.yaml

@@ -18,8 +18,8 @@ spec:
           {{- if and .vminsert .vminsert.minAllowed }}
           {{- toYaml .vminsert.minAllowed | nindent 10 }}
           {{- else }}
-          cpu: 25m
+          cpu: 250m
-          memory: 64Mi
+          memory: 256Mi
           {{- end }}
         maxAllowed:
           {{- if and .vminsert .vminsert.maxAllowed }}
@@ -47,8 +47,8 @@ spec:
           {{- if and .vmselect .vmselect.minAllowed }}
           {{- toYaml .vmselect.minAllowed | nindent 10 }}
           {{- else }}
-          cpu: 25m
+          cpu: 250m
-          memory: 64Mi
+          memory: 256Mi
           {{- end }}
         maxAllowed:
           {{- if and .vmselect .vmselect.maxAllowed }}
@@ -76,8 +76,8 @@ spec:
           {{- if and .vmstorage .vmstorage.minAllowed }}
           {{- toYaml .vmstorage.minAllowed | nindent 10 }}
           {{- else }}
-          cpu: 25m
+          cpu: 100m
-          memory: 64Mi
+          memory: 512Mi
           {{- end }}
         maxAllowed:
           {{- if and .vmstorage .vmstorage.maxAllowed }}

packages/extra/seaweedfs/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/extra/seaweedfs/templates/vpa.yaml

@@ -13,8 +13,8 @@ spec:
     containerPolicies:
       - containerName: seaweedfs
         minAllowed:
-          cpu: 25m
+          cpu: 250m
-          memory: 64Mi
+          memory: 256Mi
         maxAllowed:
           cpu: "1"
           memory: 2048Mi
@@ -36,8 +36,8 @@ spec:
     containerPolicies:
       - containerName: seaweedfs
         minAllowed:
-          cpu: 25m
+          cpu: 250m
-          memory: 64Mi
+          memory: 256Mi
         maxAllowed:
           cpu: "1"
           memory: 2048Mi
@@ -59,8 +59,8 @@ spec:
     containerPolicies:
       - containerName: seaweedfs
         minAllowed:
-          cpu: 25m
+          cpu: 250m
-          memory: 64Mi
+          memory: 256Mi
         maxAllowed:
           cpu: "1"
           memory: 2048Mi

packages/extra/versions_map

@@ -39,11 +39,9 @@ monitoring 1.8.1 8267072d
 monitoring 1.9.0 45a7416c
 monitoring 1.9.1 fd240701
 monitoring 1.9.2 f9f8bb2f
-monitoring 1.10.0 632224a3
+monitoring 1.10.0 HEAD
-monitoring 1.10.1 HEAD
 seaweedfs 0.1.0 71514249
 seaweedfs 0.2.0 5fb9cfe3
 seaweedfs 0.2.1 fde4bcfa
 seaweedfs 0.3.0 45a7416c
-seaweedfs 0.4.0 632224a3
+seaweedfs 0.4.0 HEAD
-seaweedfs 0.4.1 HEAD

packages/library/cozy-lib/Chart.yaml

@@ -15,4 +15,4 @@ type: library
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.1.0

packages/library/cozy-lib/templates/_checkinput.tpl

@@ -1,5 +0,0 @@
-{{- define "cozy-lib.checkInput" }}
-{{-   if not (kindIs "slice" .) }}
-{{-     fail (printf "called cozy-lib function without global scope, expected [<arg>, $], got %s" (kindOf .)) }}
-{{-   end }}
-{{- end }}

packages/library/cozy-lib/templates/_cozyconfig.tpl

@@ -1,7 +0,0 @@
-{{- define "cozy-lib.loadCozyConfig" }}
-{{-   include "cozy-lib.checkInput" . }}
-{{-   if not (hasKey (index . 1) "cozyConfig") }}
-{{-     $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
-{{-     $_ := set (index . 1) "cozyConfig" $cozyConfig }}
-{{-   end }}
-{{- end }}

packages/library/cozy-lib/templates/_rbac.tpl

@@ -1,106 +0,0 @@
-{{- define "cozy-lib.rbac.accessLevelMap" }}
-view: 0
-use: 1
-admin: 2
-super-admin: 3
-{{- end }}
-
-{{- define "cozy-lib.rbac.accessLevelToInt" }}
-{{-   $accessMap := include "cozy-lib.rbac.accessLevelMap" "" | fromYaml }}
-{{-   $accessLevel := dig . -1 $accessMap | int }}
-{{-   if eq $accessLevel -1 }}
-{{-     printf "encountered access level of %s, allowed values are %s" . ($accessMap | keys) | fail }}
-{{-   end }}
-{{-   $accessLevel }}
-{{- end }}
-
-{{- define "cozy-lib.rbac.accessLevelsAtOrAbove" }}
-{{-   $minLevelInt := include "cozy-lib.rbac.accessLevelToInt" . | int }}
-{{-   range $k, $v := (include "cozy-lib.rbac.accessLevelMap" "" | fromYaml) }}
-{{-     if ge (int $v) $minLevelInt }}
-- {{ $k }}
-{{-     end }}
-{{-   end }}
-{{- end }}
-
-{{- define "cozy-lib.rbac.allParentTenantsAndThis" }}
-{{-   if not (hasPrefix "tenant-" .) }}
-{{-     printf "'%s' is not a valid tenant identifier" . | fail }}
-{{-   end }}
-{{-   $parts := append (splitList "-" .) "" }}
-{{-   $tenants := list }}
-{{-   range untilStep 2 (len $parts) 1 }}
-{{-     $tenants = append $tenants (slice $parts 0 . | join "-") }}
-{{-   end }}
-{{-   range $tenants }}
-- {{ . }}
-{{-   end }}
-{{-   if not (eq . "tenant-root") }}
-- tenant-root
-{{-   end }}
-{{- end }}
-
-{{- define "cozy-lib.rbac.groupSubject" -}}
-- kind: Group
-  name: {{ . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
-
-{{- define "cozy-lib.rbac.serviceAccountSubject" -}}
-- kind: ServiceAccount
-  name: {{ . }}
-  namespace: {{ . }}
-{{- end }}
-
-{{- /* 
-  A helper function to get a list of groups that should have access, given a
-  minimal access level and the tenant. Invoked as:
-  {{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" $) }}
-  For an example input of (list "use" $) and a .Release.Namespace of
-  tenant-abc-def it will return:
-  ---
-  - kind: Group
-    name: tenant-abc-admin
-    apiGroup: rbac.authorization.k8s.io
-  - kind: Group
-    name: tenant-abc-def-admin
-    apiGroup: rbac.authorization.k8s.io
-  - kind: Group
-    name: tenant-abc-super-admin
-    apiGroup: rbac.authorization.k8s.io
-  - kind: Group
-    name: tenant-abc-def-super-admin
-    apiGroup: rbac.authorization.k8s.io
-  - kind: Group
-    name: tenant-abc-use
-    apiGroup: rbac.authorization.k8s.io
-  - kind: Group
-    name: tenant-abc-def-use
-    apiGroup: rbac.authorization.k8s.io
-
-  in other words, all roles including use and higher and for tenant-abc-def, as
-  well as all parent, grandparent, etc. tenants.
-*/}}
-{{- define "cozy-lib.rbac.subjectsForTenantAndAccessLevel" }}
-{{-   include "cozy-lib.checkInput" . }}
-{{-   $level := index . 0 }}
-{{-   $tenant := index . 1 }}
-{{-   $levels := include "cozy-lib.rbac.accessLevelsAtOrAbove" $level | fromYamlArray }}
-{{-   $tenants := include "cozy-lib.rbac.allParentTenantsAndThis" $tenant | fromYamlArray }}
-{{-   range $t := $tenants }}
-{{-     include "cozy-lib.rbac.serviceAccountSubject" $t }}{{ printf "\n" }}
-{{-     range $l := $levels }}
-{{-       include "cozy-lib.rbac.groupSubject" (printf "%s-%s" $t $l) }}{{ printf "\n" }}
-{{-     end }}
-{{-   end}}
-{{- end }}
-
-{{- define "cozy-lib.rbac.subjectsForTenant" }}
-{{-   include "cozy-lib.checkInput" . }}
-{{-   $level := index . 0 }}
-{{-   $tenant := index . 1 }}
-{{-   $tenants := include "cozy-lib.rbac.allParentTenantsAndThis" $tenant | fromYamlArray }}
-{{-   range $t := $tenants }}
-{{-     include "cozy-lib.rbac.groupSubject" (printf "%s-%s" $t $level) }}{{ printf "\n" }}
-{{-   end}}
-{{- end }}

packages/library/cozy-lib/templates/_resourcepresets.tpl

@@ -11,68 +11,38 @@ These presets are for basic testing and not meant to be used in production
 {{ include "cozy-lib.resources.preset" "nano" -}}
 */}}
 {{- define "cozy-lib.resources.preset" -}}
-{{-   $cpuAllocationRatio := include "cozy-lib.resources.cpuAllocationRatio" . | float64 }}
-{{-   $args := index . 0 }}
-
-{{-   $baseCPU := dict
-        "nano"    (dict "requests" (dict "cpu" "100m" ))
-        "micro"   (dict "requests" (dict "cpu" "250m" ))
-        "small"   (dict "requests" (dict "cpu" "500m" ))
-        "medium"  (dict "requests" (dict "cpu" "500m" ))
-        "large"   (dict "requests" (dict "cpu" "1"    ))
-        "xlarge"  (dict "requests" (dict "cpu" "2"    ))
-        "2xlarge" (dict "requests" (dict "cpu" "4"    ))
-}}
-{{-   $baseMemory := dict
-        "nano"    (dict "requests" (dict "memory" "128Mi" ))
-        "micro"   (dict "requests" (dict "memory" "256Mi" ))
-        "small"   (dict "requests" (dict "memory" "512Mi" ))
-        "medium"  (dict "requests" (dict "memory" "1Gi"   ))
-        "large"   (dict "requests" (dict "memory" "2Gi"   ))
-        "xlarge"  (dict "requests" (dict "memory" "4Gi"   ))
-        "2xlarge" (dict "requests" (dict "memory" "8Gi"   ))
-}}
-
-{{-   range $baseCPU }}
-{{-     $_ := set . "limits" (dict "cpu" (include "cozy-lib.resources.toFloat" .requests.cpu | float64 | mulf $cpuAllocationRatio | toString)) }}
-{{-   end }}
-{{-   range $baseMemory }}
-{{-     $_ := set . "limits" (dict "memory" .requests.memory) }}
-{{-   end }}
-
 {{- $presets := dict 
   "nano" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "128Mi" "ephemeral-storage" "2Gi")
    )
   "micro" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "256Mi" "ephemeral-storage" "2Gi")
    )
   "small" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "512Mi" "ephemeral-storage" "2Gi")
    )
   "medium" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "500m" "memory" "1Gi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "1Gi" "ephemeral-storage" "2Gi")
    )
   "large" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "1" "memory" "2Gi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "2Gi" "ephemeral-storage" "2Gi")
    )
   "xlarge" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "2" "memory" "4Gi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "4Gi" "ephemeral-storage" "2Gi")
    )
   "2xlarge" (dict 
-      "requests" (dict "ephemeral-storage" "50Mi")
+      "requests" (dict "cpu" "4" "memory" "8Gi" "ephemeral-storage" "50Mi")
-      "limits" (dict "ephemeral-storage" "2Gi")
+      "limits" (dict "memory" "8Gi" "ephemeral-storage" "2Gi")
    )
  }}
-{{- $_ := merge $presets $baseCPU $baseMemory }}
+{{- if hasKey $presets . -}}
-{{- if hasKey $presets $args -}}
+{{- index $presets . | toYaml -}}
-{{- index $presets $args | toYaml -}}
 {{- else -}}
 {{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" . (join "," (keys $presets)) | fail -}}
 {{- end -}}

packages/library/cozy-lib/templates/_resources.tpl

@@ -1,47 +1,16 @@
-{{- define "cozy-lib.resources.defaultCpuAllocationRatio" }}
-{{-   `10` }}
-{{- end }}
-
-{{- define "cozy-lib.resources.cpuAllocationRatio" }}
-{{-   include "cozy-lib.loadCozyConfig" . }}
-{{-   $cozyConfig := index . 1 "cozyConfig" }}
-{{-   if not $cozyConfig }}
-{{-     include "cozy-lib.resources.defaultCpuAllocationRatio" . }}
-{{-   else }}
-{{-     dig "data" "cpu-allocation-ratio" (include "cozy-lib.resources.defaultCpuAllocationRatio" dict) $cozyConfig }}
-{{-   end }}
-{{- end }}
-
-{{- define "cozy-lib.resources.toFloat" -}}
-    {{- $value := . -}}
-    {{- $unit := 1.0 -}}
-    {{- if typeIs "string" . -}}
-        {{- $base2 := dict "Ki" 0x1p10 "Mi" 0x1p20 "Gi" 0x1p30 "Ti" 0x1p40 "Pi" 0x1p50 "Ei" 0x1p60 -}}
-        {{- $base10 := dict "m" 1e-3 "k" 1e3 "M" 1e6 "G" 1e9 "T" 1e12 "P" 1e15 "E" 1e18 -}}
-        {{- range $k, $v := merge $base2 $base10 -}}
-            {{- if hasSuffix $k $ -}}
-                {{- $value = trimSuffix $k $ -}}
-                {{- $unit = $v -}}
-            {{- end -}}
-        {{- end -}}
-    {{- end -}}
-    {{- mulf (float64 $value) $unit | toString -}}
-{{- end -}}
-
 {{- /*
   A sanitized resource map is a dict with resource-name => resource-quantity.
   If not in such a form, requests are used, then limits. All resources are set
-  to have equal requests and limits, except CPU, where the limit is increased
+  to have equal requests and limits, except CPU, that has only requests. The
-  by a factor of the CPU allocation ratio. The template expects to receive a
+  template expects to receive a dict {"requests":{...}, "limits":{...}} as
-  dict {"requests":{...}, "limits":{...}} as input, e.g.
+  input, e.g. {{ include "cozy-lib.resources.sanitize" .Values.resources }}.
-  {{ include "cozy-lib.resources.sanitize" .Values.resources }}.
   Example input:
   ==============
   limits:
-    cpu: "1"
+    cpu: 100m
     memory: 1024Mi
   requests:
-    cpu: "2"
+    cpu: 200m
     memory: 512Mi
   memory: 256Mi
   devices.com/nvidia: "1"
@@ -49,42 +18,34 @@
   Example output:
   ===============
   limits:
-    devices.com/nvidia: "1" # only present in top level key
+    devices.com/nvidia: "1"
-    memory: 256Mi # value from top level key has priority over all others
+    memory: 256Mi
-    cpu: "2" # value from .requests.cpu has priority over .limits.cpu
   requests:
-    cpu: 200m # .limits.cpu divided by CPU allocation ratio
+    cpu: 200m
-    devices.com/nvidia: "1" # .requests == .limits
+    devices.com/nvidia: "1"
-    memory: 256Mi # .requests == .limits
+    memory: 256Mi
 */}}
 {{- define "cozy-lib.resources.sanitize" }}
-{{-   $cpuAllocationRatio := include "cozy-lib.resources.cpuAllocationRatio" . | float64 }}
 {{-   $sanitizedMap := dict }}
-{{-   $args := index . 0 }}
+{{-   if hasKey . "limits" }}
-{{-   if hasKey $args "limits" }}
+{{-     range $k, $v := .limits }}
-{{-     range $k, $v := $args.limits }}
 {{-       $_ := set $sanitizedMap $k $v }}
 {{-     end }}
 {{-   end }}
-{{-   if hasKey $args "requests" }}
+{{-   if hasKey . "requests" }}
-{{-     range $k, $v := $args.requests }}
+{{-     range $k, $v := .requests }}
 {{-       $_ := set $sanitizedMap $k $v }}
 {{-     end }}
 {{-   end }}
-{{-   range $k, $v := $args }}
+{{-   range $k, $v := . }}
 {{-     if not (or (eq $k "requests") (eq $k "limits")) }}
 {{-       $_ := set $sanitizedMap $k $v }}
 {{-     end }}
 {{-   end }}
 {{-   $output := dict "requests" dict "limits" dict }}
 {{-   range $k, $v := $sanitizedMap }}
+{{-     $_ := set $output.requests $k $v }}
 {{-     if not (eq $k "cpu") }}
-{{-       $_ := set $output.requests $k $v }}
-{{-       $_ := set $output.limits $k $v }}
-{{-     else }}
-{{-       $vcpuRequestF64 := (include "cozy-lib.resources.toFloat" $v) | float64 }}
-{{-       $cpuRequestF64 := divf $vcpuRequestF64 $cpuAllocationRatio }}
-{{-       $_ := set $output.requests $k ($cpuRequestF64 | toString) }}
 {{-       $_ := set $output.limits $k $v }}
 {{-     end }}
 {{-   end }}

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:a634d52923f2f6acc8bd9595b3fa500d1cbdc686dfbeb59e36060d805e5a2684
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:4399c240ce1f99660d5d1be9d6d7b3e8157c50e4aba58345d51a1d9ac25779a3

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.2@sha256:1b545911b21026f22eba46974294b8ac223e76a1ab84b42eae7f7c952547c9ca
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.31.0-rc.3@sha256:9940cffabedb510397e3c330887aee724c4d232c011df60f4c16891fcfe1d9bf

packages/system/cozystack-controller/templates/rbac.yaml

@@ -12,6 +12,3 @@ rules:
 - apiGroups: ["helm.toolkit.fluxcd.io"]
   resources: ["helmreleases"]
   verbs: ["get", "list", "watch", "patch", "update"]
-- apiGroups: [""]
-  resources: ["namespaces"]
-  verbs: ["get", "list", "watch", "patch", "update"]

packages/system/cozystack-controller/values.yaml

@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.2@sha256:0f07f4f796c3ca9f34ea36876ca2e86c6b10b11dc8122433021769681b0f15bf
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.31.0-rc.3@sha256:b2f0de3ae2d7f15956eb7cdec78d2267aeba7e56a7781c70473757df4989a05a
   debug: false
   disableTelemetry: false
-  cozystackVersion: "v0.31.2"
+  cozystackVersion: "v0.31.0-rc.3"

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.31.2",
+      "appVersion": "v0.31.0-rc.3",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/images/dashboard/Dockerfile

@@ -1,7 +1,7 @@
 FROM bitnami/node:20.15.1 AS build
 WORKDIR /app
 
-ARG COMMIT_REF=6856b66f9244ef1b2703a2f30899366e0ba040de
+ARG COMMIT_REF=190ea544aeb0be74bb6d1aa4bb474910559e7ecd
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=2 kubeapps-${COMMIT_REF}/dashboard
 
 RUN yarn install --frozen-lockfile

packages/system/dashboard/images/kubeapps-apis/Dockerfile

@@ -4,7 +4,7 @@
 # syntax = docker/dockerfile:1
 
 FROM alpine AS source
-ARG COMMIT_REF=6856b66f9244ef1b2703a2f30899366e0ba040de
+ARG COMMIT_REF=dd02680d796c962b8dcc4e5ea70960a846c1acdc
 RUN apk add --no-cache patch
 WORKDIR /source
 RUN wget -O- https://github.com/cozystack/kubeapps/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1

packages/system/dashboard/values.yaml

@@ -19,26 +19,24 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: dashboard
-      tag: v0.31.2
+      tag: v0.31.0-rc.3
-      digest: "sha256:5e514516bd3dc0c693bb346ddeb9740e0439a59deb2a56b87317286e3ce79ac9"
+      digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
   redis:
     master:
       resourcesPreset: "none"
       resources:
         requests:
-          cpu: 20m
+          cpu: 200m
-          memory: 32Mi
+          memory: 256Mi
         limits:
           memory: 256Mi
   kubeappsapis:
     resourcesPreset: "none"
-    qps: "250.0"
-    burst: "500"
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: kubeapps-apis
-      tag: v0.31.2
+      tag: v0.31.0-rc.3
-      digest: "sha256:930f8f4b9e69a82f3de7fee951ead272f5d3a4c5d8eddad33b068f9e9682a962"
+      digest: "sha256:1447c10fcc9a8de426ec381bce565aa56267d0c9f3bab8fe26ac502d433283c5"
     pluginConfig:
       flux:
         packages:

packages/system/fluxcd-operator/values.yaml

@@ -5,10 +5,3 @@ flux-operator:
       operator: Exists
       effect: NoSchedule
   hostNetwork: true
-  resources:
-    limits:
-      cpu: 1000m
-      memory: 1Gi
-    requests:
-      cpu: 10m
-      memory: 64Mi

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.31.2@sha256:39bd83f5e7dae9c462f25d3aaef4240749dc380469062b9184727d5b12d0d584
+    tag: v0.31.0-rc.3@sha256:5f828637ebd1717a5c2b828352fff7fc14c218c7bbfc2cb2ce55737f9b5bf500
     repository: ghcr.io/cozystack/cozystack/kamaji
   resources:
     limits:

packages/system/kubeovn-webhook/values.yaml

@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.2@sha256:afb08b32724c573d5b6503343271ae59cae2e7b554d7d441a276615416b59e71
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.31.0-rc.3@sha256:f3acc1c6dd87cebd76be5afe1789c19780cb24f9518c8bdafa46f823ae4ba46e

packages/system/kubeovn/values.yaml

@@ -16,48 +16,6 @@ kube-ovn:
   OPENVSWITCH_DIR: "/var/lib/openvswitch"
   OVN_DIR: "/var/lib/ovn"
   DISABLE_MODULES_MANAGEMENT: true
-  ovn-central:
-    requests:
-      cpu: "50m"
-      memory: "100Mi"
-    limits:
-      cpu: "3"
-      memory: "4Gi"
-  ovs-ovn:
-    requests:
-      cpu: "10m"
-      memory: "50Mi"
-    limits:
-      cpu: "2"
-      memory: "1000Mi"
-  kube-ovn-controller:
-    requests:
-      cpu: "10m"
-      memory: "100Mi"
-    limits:
-      cpu: "1000m"
-      memory: "1Gi"
-  kube-ovn-cni:
-    requests:
-      cpu: "50m"
-      memory: "50Mi"
-    limits:
-      cpu: "1000m"
-      memory: "1Gi"
-  kube-ovn-pinger:
-    requests:
-      cpu: "10m"
-      memory: "50Mi"
-    limits:
-      cpu: "200m"
-      memory: "400Mi"
-  kube-ovn-monitor:
-    requests:
-      cpu: "10m"
-      memory: "50Mi"
-    limits:
-      cpu: "200m"
-      memory: "200Mi"
 global:
   registry:
     address: ghcr.io/cozystack/cozystack

packages/system/metallb/values.yaml

@@ -4,8 +4,8 @@ metallb:
   controller:
     image:
       repository: ghcr.io/cozystack/cozystack/metallb-controller
-      tag: v0.14.9@sha256:9bd71ad21152915dc1c31c79aa1b64ea248d3785b1d6c08ae8c62cc6f688e59a
+      tag: v0.14.9@sha256:73c3156d913a2ff15a26ca42fcbeee6fa115602bcdb78870dcfab9359acd9cb3
   speaker:
     image:
       repository: ghcr.io/cozystack/cozystack/metallb-speaker
-      tag: v0.14.9@sha256:f63fe3478101c711d84ba7423f0deb6b0c403ca278ca1b9327c693aaf51a3d1e
+      tag: v0.14.9@sha256:9af9f0a6922784f066653f2c0d940d5f2de7ffea132d2df488457b61465b7716

packages/system/snapshot-controller/template/clusterissuer.yaml

@@ -1,8 +0,0 @@
-{{- if not (lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" "cozy-cert-manager" "cert-manager-issuers") }}
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-cluster-issuer
-spec:
-  selfSigned: {}
-{{- end }}

scripts/migrations/13

@@ -1,10 +0,0 @@
-#!/bin/sh
-# Migration 13 --> 14
-
-# Upgrade tenants.apps to new chart version
-kubectl get tenants.apps.cozystack.io -A --no-headers --output=custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' | while read NAMESPACE NAME; do
-  kubectl patch tenants.apps.cozystack.io -n "$NAMESPACE" "$NAME" --type merge -p '{"appVersion":"1.10.0"}'
-done
-
-# Write version to cozystack-version config
-kubectl create configmap -n cozy-system cozystack-version --from-literal=version=14 --dry-run=client -o yaml | kubectl apply -f-