cozystack/docs/changelogs/v0.37.0.md

Cozystack v0.37 — “OpenAPI Dashboard & Lineage Everywhere”

We’ve shipped a big usability push this cycle: a brand-new OpenAPI-driven dashboard, lineage labeling across core resource types, and several reliability improvements to smooth upgrades from 0.36→ 0.37. Below are the highlights and the full categorized lists.

Highlights

• New OpenAPI-based Dashboard replaces the old UI, adds module-aware navigation, dynamic branding, and richer Kubernetes resource views (@kvaps in #1269, #1463, #1460).
• Lineage Webhook tags Pods, PVCs, Services, Ingresses, and Secrets, adding labels referencing the managing Cozystack application (@lllamnyp in #1448, #1452, #1477, #1486, #1497; @kvaps in #1454).
• Smoother upgrades with installer and migration hardening, decoupled CRDs vs. API server (@lllamnyp in #1494, #1498; @kvaps in #1506).
• Operations quality: Kubernetes tests with smarter waits/readiness checks (@IvanHunters in #1485).

---

New features

Dashboard

• Introduce the OpenAPI-based dashboard and controller; implement TenantNamespace, TenantModules, TenantSecret/SecretsTable resources (@kvaps in #1269).
• Module-aware navigation, richer detail views (Services/Secrets/Ingresses), improved sidebars; “Tenant Modules” grouping (@kvaps in #1463).
• Dynamic branding via cluster config (tenant name, footer/title, logo/icon SVGs) (@kvaps in #1460).
• Dashboard: fix namespace listing for unprivileged users and stabilize streamed requests; build-time patching (@kvaps in #1456).
• Dashboard UX set: marketplace hides module resources; consistent navigation/links; prefill “name” in forms; ingress factory; formatted TenantNamespaces tables (@kvaps in #1463).
• Dashboard: list modules reliably; remove Tenant from Marketplace; fix field override while typing (@kvaps in #1501, #1503).
• Dashboard: correct API group for applications; sidebars; disable auto-expand; fix /docs redirect (@kvaps in #1463, #1465, #1462).
• Dashboard: show Secrets with empty values correctly (@kvaps in #1480).
• Dashboard configuration refactor: generate static resources at startup; auto-cleanup stale objects; higher controller client throughput (@kvaps in #1457).

Migration to v0.37

• Installer/Migrations: prevent unintended deletion of platform resource definitions; resilient timestamping; tolerant annotations; stronger migrate-then-reconcile flow (@kvaps in #1475; Andrei Kvapil & @lllamnyp in #1498).
• Installer hardening for migration #20: packaged apply, ordered waits/readiness checks, RFC3339(nano) stamping; Helm in installer image (Andrei Kvapil & @lllamnyp in #1498).
• Decoupled API & CozyRDs: You can now upgrade the Cozystack API server independently of CRDs/CozyRD instances, easing 0.36 → 0.37 migrations (@lllamnyp in #1494).
• Migration #20: The installer runs migration from packaged Helm charts with ordered waits/readiness checks; annotations are tolerant; timestamps are environment-robust (Andrei Kvapil & @lllamnyp in #1498; @kvaps in #1475).

Webhook / Lineage

• Add a lineage mutating webhook to auto-label Pods/Secrets/PVCs/Ingresses/WorkloadMonitors with owning app (@lllamnyp in #1448, #1497, @kvaps in #1454).
• Name-based selectors for Secret visibility (templates supported) (@lllamnyp in #1477).
• Select Services and Ingresses in CRDs/API; treat them as user-facing when configured (@lllamnyp in #1486).
• VictoriaMetrics integration: Lineage labels are explicitly set on VM resources; managedMetadata is configured to avoid controller “fights” over labels (@lllamnyp in #1452).
• Webhook excludes default and kube-system to avoid unintended mutations (part of the installer/migration hardening by Andrei Kvapil & @lllamnyp in #1498).

API / Platform

• Decouple the Cozystack API from Cozystack Resource Definitions to allow independent upgrades (@lllamnyp in #1494).
• Add label selectors to app definitions for Secret include/exclude (@lllamnyp in #1447).

Monitoring & Ops

• Reduce node labelsets in target relabeling configs on cadvisor/kubelet metrics to reduce cardinality while keeping useful CPU metrics (@IvanHunters in #1455).

Storage & Backups

• PVC expansion in tenant clusters via KubeVirt CSI resizer; RBAC updates (Klinch0 in #1438).
• Velero upgraded to v1.17.0; node agent enabled by default and a raft of usability features (@kvaps in #1484).

Kubernetes/tests & Tooling

• Smarter Kubernetes test flows: node readiness checks, kubelet version validation, longer rollout waits, per-component readiness (@IvanHunters in #1485).

UI/Icons

• New VM-Disk SVG icon (@kvapsova in #1435).

---

Improvements (minor)

• Make the Info app deploy irrespective of OIDC settings (klinch0 in #1474).
• Move SA token Secret creation to Info app (@lllamnyp in #1446).
• Explicitly set lineage labels for VictoriaMetrics resources (@lllamnyp in #1452).

---

Bug fixes

• Kubernetes: fix MachineDeployment spec.selector mismatch to ensure proper targeting (@kvaps in #1502).
• Old dashboard: FerretDB spec typo prevented deploy/display (@lllamnyp in #1440).
• SeaweedFS: fix per-zone size fallback for multi-DC volumes; make migrations more robust (@kvaps in #1476, #1430).
• CoreDNS: pin tag to v1.12.4 (@kvaps in #1469).
• OIDC: avoid creating KeycloakRealmGroup before operator API is available (@lllamnyp in #1495).
• Kafka: disable noisy alerts when Kafka isn’t deployed (@lllamnyp in #1488).

---

Dependency & version updates

• Velero → v1.17.0; Helm chart v11; node agent default-on (@kvaps in #1484).
• Cilium → v1.17.8 (@kvaps in #1473).
• Flux Operator → v0.29.0 (Kingdon Barrett in #1466).

---

Refactors & chores

• Remove legacy versions_map; unify packaging targets; tighten HelmRelease defaults; replace many chart versions with build-time placeholders (@kvaps in #1453).
• Pin CoreDNS image and refresh numerous images (@kvaps in #1469; related image refreshes across #1448 work).

---

Documentation & governance

• Contributor Ladder created and later updated (Timur Tukaev in #1224; Andrei Kvapil & Timur Tukaev in #1492).
• Code of Conduct updated with a Vendor Neutrality Manifesto (Timur Tukaev in #1493).
• Adopters: add Hidora (Matthieu Robin in #1429).
• MAINTAINERS: add/remove entries (Nikita Bykov in #1487; Timur Tukaev in #1491).
• Issue templates: new bug-report template and tweaks (Moriarti).
• README: updated dark-theme screenshot (@kvaps in #1459).

---

Breaking changes & upgrade notes

---

Security & stability