Prepare release v0.13.0 (#321)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Enhanced monitoring capabilities for Kubernetes deployments, including
checks for `vmalert`, `vlogs`, and `vmcluster`.

- **Updates**
- Updated container images for `cozystack` and `darkhttpd` to version
`v0.13.0`.
- Version mapping updates for `ferretdb`, `kubernetes`, and
`virtual-machine` packages.
- Updated image tags and digests for Kubeapps components to version
`v0.13.0`.
	- Updated image tag for Kamaji to version `v0.13.0`.
	- Added new pod metadata labels to the `vmalertmanager` configuration.

- **Bug Fixes**
- Improved operational status checks for Kubernetes resources using
JSONPath expressions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

hack/e2e.sh

@@ -309,8 +309,9 @@ kubectl wait --timeout=5m --for=condition=available -n tenant-root deploy root-i
 kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=3 -n tenant-root sts etcd
 
 # Wait for Victoria metrics
-kubectl wait --timeout=5m --for=condition=available deploy -n tenant-root vmalert-vmalert-longterm vmalert-vmalert-shortterm vminsert-longterm vminsert-shortterm
-kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=2 -n tenant-root sts vmalertmanager-alertmanager vmselect-longterm vmselect-shortterm vmstorage-longterm vmstorage-shortterm
+kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vmalert/vmalert-longterm vmalert/vmalert-shortterm vmalertmanager/alertmanager
+kubectl wait --timeout=5m --for=jsonpath=.status.status=operational -n tenant-root vlogs/generic
+kubectl wait --timeout=5m --for=jsonpath=.status.clusterStatus=operational -n tenant-root vmcluster/shortterm vmcluster/longterm
 
 # Wait for grafana
 kubectl wait --timeout=5m --for=condition=ready -n tenant-root clusters.postgresql.cnpg.io grafana-db

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.12.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.13.0"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.12.0"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.13.0"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/clickhouse/templates/clickhouse.yaml

@@ -31,7 +31,7 @@ spec:
         spec:
           accessModes:
             - ReadWriteOnce
-          {{- with .Values.stroageClass }}
+          {{- with .Values.storageClass }}
           storageClassName: {{ . }}
           {{- end }}
           resources:

packages/apps/ferretdb/templates/postgres.yaml

@@ -15,7 +15,7 @@ spec:
 
   storage:
     size: {{ required ".Values.size is required" .Values.size }}
-    {{- with .Values.stroageClass }}
+    {{- with .Values.storageClass }}
     storageClass: {{ . }}
     {{- end }}
 

packages/apps/ferretdb/values2.yaml

@@ -1,56 +0,0 @@
-## @section Common parameters
-
-## @param external Enable external access from outside the cluster
-## @param size Persistent Volume size
-## @param replicas Number of Postgres replicas
-##
-external: false
-size: 10Gi
-replicas: 1
-
-## Configuration for the quorum-based synchronous replication
-## @param quorum.minSyncReplicas Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
-## @param quorum.maxSyncReplicas Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
-quorum:
-  minSyncReplicas: 0
-  maxSyncReplicas: 0
-
-## @section Configuration parameters
-
-## @param users [object] Users configuration
-## Example:
-## users:
-##   user1:
-##     password: strongpassword
-##   user2:
-##     password: hackme
-##
-users:
-  foo:
-    password: asd
-  bar:
-    password: asd
-  baz:
-    password: asd
-  boo:
-    password: asd
-
-## @section Backup parameters
-
-## @param backup.enabled Enable pereiodic backups
-## @param backup.s3Region The AWS S3 region where backups are stored
-## @param backup.s3Bucket The S3 bucket used for storing backups
-## @param backup.schedule Cron schedule for automated backups
-## @param backup.cleanupStrategy The strategy for cleaning up old backups
-## @param backup.s3AccessKey The access key for S3, used for authentication
-## @param backup.s3SecretKey The secret key for S3, used for authentication
-## @param backup.resticPassword The password for Restic backup encryption
-backup:
-  enabled: false
-  s3Region: us-east-1
-  s3Bucket: s3.example.org/postgres-backups
-  schedule: "0 2 * * *"
-  cleanupStrategy: "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
-  s3AccessKey: oobaiRus9pah8PhohL1ThaeTa4UVa7gu
-  s3SecretKey: ju3eum4dekeich9ahM1te8waeGai0oog
-  resticPassword: ChaXoveekoh6eigh4siesheeda2quai0

packages/apps/http-cache/templates/nginx/deployment.yaml

@@ -114,7 +114,7 @@ spec:
   resources:
     requests:
       storage: "{{ $.Values.size }}"
-  {{- with $.Values.stroageClass }}
+  {{- with $.Values.storageClass }}
   storageClassName: {{ . }}
   {{- end }}
 ---

packages/apps/kafka/templates/kafka.yaml

@@ -53,7 +53,7 @@ spec:
         {{- with .Values.kafka.size }}
         size: {{ . }}
         {{- end }}
-        {{- with .Values.kafka.stroageClass }}
+        {{- with .Values.kafka.storageClass }}
         class: {{ . }}
         {{- end }}
         deleteClaim: true
@@ -64,7 +64,7 @@ spec:
       {{- with .Values.zookeeper.size }}
       size: {{ . }}
       {{- end }}
-      {{- with .Values.kafka.stroageClass }}
+      {{- with .Values.kafka.storageClass }}
       class: {{ . }}
       {{- end }}
       deleteClaim: false

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.0
+version: 0.10.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/templates/cluster.yaml

@@ -18,6 +18,8 @@ spec:
       runStrategy: Always
       template:
         metadata:
+          annotations:
+            kubevirt.io/allow-pod-bridge-network-live-migration: "true"
           labels:
             {{- range .group.roles }}
             node-role.kubernetes.io/{{ . }}: ""
@@ -38,7 +40,9 @@ spec:
                 disk:
                   bus: virtio
                   pciAddress: 0000:08:00.0
-              networkInterfaceMultiqueue: true
+              interfaces:
+              - name: default
+                bridge: {}
             memory:
               guest: {{ .group.resources.memory }}
           evictionStrategy: External
@@ -49,6 +53,9 @@ spec:
           - name: ephemeral
             emptyDisk:
               capacity: {{ .group.ephemeralStorage | default "20Gi" }}
+          networks:
+          - name: default
+            pod: {}
 {{- end }}
 ---
 apiVersion: cluster.x-k8s.io/v1beta1

packages/apps/kubernetes/templates/helmreleases/cilium.yaml

@@ -31,20 +31,8 @@ spec:
   values:
     cilium:
       tunnel: disabled
-      autoDirectNodeRoutes: false
-      bpf:
-        masquerade: true
-      cgroup:
-        autoMount:
-          enabled: true
-        hostRoot: /run/cilium/cgroupv2
       k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
       k8sServicePort: 6443
-    
-      cni:
-        chainingMode: ~
-        customConf: false
-        configMap: ""
       routingMode: tunnel
       enableIPv4Masquerade: true
       ipv4NativeRoutingCIDR: ""

packages/apps/kubernetes/templates/helmreleases/csi.yaml

@@ -28,7 +28,7 @@ spec:
   upgrade:
     remediation:
       retries: -1
-  {{- with .Values.stroageClass }}
+  {{- with .Values.storageClass }}
   values:
     storageClass: "{{ . }}"
   {{- end }}

packages/apps/mysql/templates/mariadb.yaml

@@ -62,7 +62,7 @@ spec:
     size: {{ .Values.size }}
     resizeInUseVolumes: true
     waitForVolumeResize: true
-    {{- with .Values.stroageClass }}
+    {{- with .Values.storageClass }}
     storageClassName: {{ . }}
     {{- end }}
 

packages/apps/postgres/templates/db.yaml

@@ -19,7 +19,7 @@ spec:
 
   storage:
     size: {{ required ".Values.size is required" .Values.size }}
-    {{- with .Values.stroageClass }}
+    {{- with .Values.storageClass }}
     storageClass: {{ . }}
     {{- end }}
 

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -13,7 +13,7 @@ spec:
   {{- end }}
 
   persistence:
-    {{- with .Values.stroageClass }}
+    {{- with .Values.storageClass }}
     storageClassName: {{ . }}
     {{- end }}
     storage: {{ .Values.size }}

packages/apps/versions_map

@@ -5,7 +5,8 @@ clickhouse 0.2.1 5ca8823
 clickhouse 0.3.0 HEAD
 ferretdb 0.1.0 4ffa8615
 ferretdb 0.1.1 5ca8823
-ferretdb 0.2.0 HEAD
+ferretdb 0.2.0 adaf603
+ferretdb 0.3.0 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 5ca8823
 http-cache 0.3.0 HEAD
@@ -25,7 +26,8 @@ kubernetes 0.7.0 ceefae03
 kubernetes 0.8.0 ac11056e
 kubernetes 0.8.1 e54608d8
 kubernetes 0.8.2 5ca8823
-kubernetes 0.9.0 HEAD
+kubernetes 0.9.0 9b6dd19
+kubernetes 0.10.0 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 5ca8823
@@ -59,7 +61,8 @@ tenant 1.4.0 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 7cd7de7
 virtual-machine 0.2.0 5ca8823
-virtual-machine 0.3.0 HEAD
+virtual-machine 0.3.0 b908400
+virtual-machine 0.4.0 HEAD
 vpn 0.1.0 f642698
 vpn 0.2.0 7151424
 vpn 0.3.0 HEAD

packages/apps/virtual-machine/Chart.yaml

@@ -17,7 +17,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/virtual-machine/Makefile

@@ -3,7 +3,8 @@ include ../../../scripts/package.mk
 generate:
 	readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
 	cat values.schema.json.tmp | \
-		jq '.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora"]' | \
-		jq '.properties.resources.properties.memory["x-display"] = "slider"' \
+		jq '.properties.image.enum = ["ubuntu", "cirros", "alpine", "fedora", "talos"]' | \
+		jq '.properties.resources.properties.memory["x-display"] = "slider"' | \
+		jq '.properties.externalPorts.items.type = "integer"' \
 		> values.schema.json
 	rm -f values.schema.json.tmp

packages/apps/virtual-machine/README.md

@@ -9,51 +9,67 @@ The virtual machine is managed and hosted through KubeVirt, allowing you to harn
 - Docs: [KubeVirt User Guide](https://kubevirt.io/user-guide/)
 - GitHub: [KubeVirt Repository](https://github.com/kubevirt/kubevirt)
 
+## Accessing virtual machine
+
+You can access the virtual machine using the virtctl tool:
+- [KubeVirt User Guide - Virtctl Client Tool](https://kubevirt.io/user-guide/user_workloads/virtctl_client_tool/)
+
+To access the serial console:
+
+```
+virtctl console <vm>
+```
+
+To access the VM using VNC:
+
+```
+virtctl vnc <vm>
+```
+
+To SSH into the VM:
+
+```
+virtctl ssh <user>@<vm>
+```
+
 ## Parameters
 
 ### Common parameters
 
-| Name               | Description                                                                                       | Value                               |
-| ------------------ | ------------------------------------------------------------------------------------------------- | ----------------------------------- |
-| `external`         | Enable external access from outside the cluster                                                   | `false`                             |
-| `running`          | Determines if the virtual machine should be running                                               | `true`                              |
-| `image`            | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine` and `fedora` | `ubuntu`                            |
-| `storageClass`     | StorageClass used to store the data                                                               | `replicated`                        |
-| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                          | `1`                                 |
-| `resources.memory` | The amount of memory allocated to the virtual machine                                             | `1024M`                             |
-| `resources.disk`   | The size of the disk allocated for the virtual machine                                            | `5Gi`                               |
-| `sshPwauth`        | Enable password authentication for SSH. If set to `true`, users can log in using a password       | `true`                              |
-| `disableRoot`      | Disable root login via SSH. If set to `true`, root login will be disabled                         | `true`                              |
-| `password`         | The default password for the virtual machine                                                      | `hackme`                            |
-| `chpasswdExpire`   | Set whether the password should expire                                                            | `false`                             |
-| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys                 | `["ssh-rsa ...","ssh-ed25519 ..."]` |
+| Name               | Description                                                                                                | Value            |
+| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- |
+| `external`         | Enable external access from outside the cluster                                                            | `false`          |
+| `externalPorts`    | Specify ports to forward from outside the cluster                                                          | `[]`             |
+| `running`          | Determines if the virtual machine should be running                                                        | `true`           |
+| `image`            | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos` | `ubuntu`         |
+| `storageClass`     | StorageClass used to store the data                                                                        | `replicated`     |
+| `resources.cpu`    | The number of CPU cores allocated to the virtual machine                                                   | `1`              |
+| `resources.memory` | The amount of memory allocated to the virtual machine                                                      | `1024M`          |
+| `resources.disk`   | The size of the disk allocated for the virtual machine                                                     | `5Gi`            |
+| `sshKeys`          | List of SSH public keys for authentication. Can be a single key or a list of keys.                         | `[]`             |
+| `cloudInit`        | cloud-init user data config. See cloud-init documentation for more details.                                | `#cloud-config
+` |
 
 You can customize the exposed ports by specifying them under `service.ports` in the `values.yaml` file.
 
-## Example `values.yaml`
+## Example virtual machine:
 
 ```yaml
-external: false
 running: true
-image: ubuntu
+image: fedora
+storageClass: replicated
 resources:
   cpu: 1
   memory: 1024M
-  disk: 5Gi
-sshPwauth: true
-disableRoot: true
-password: hackme
-chpasswdExpire: false
-sshKeys: 
-  - YOUR_SSH_PUB_KEY_HERE
-  - ANOTHER_SSH_PUB_KEY_HERE
+  disk: 10Gi
 
-service:
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-    - name: https
-      port: 443
-      targetPort: 443
+sshKeys:
+- ssh-rsa ...
+
+cloudInit: |
+  #cloud-config
+  user: fedora
+  password: fedora
+  chpasswd: { expire: False }
+  ssh_pwauth: True
 ```

packages/apps/virtual-machine/templates/secret.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.sshKeys }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "virtual-machine.fullname" $ }}-ssh-keys
+stringData:
+  {{- range $k, $v := .Values.sshKeys }}
+  key{{ $k }}: {{ quote $v }} 
+  {{- end }}
+{{- end }}
+{{- if .Values.cloudInit }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "virtual-machine.fullname" . }}-cloud-init
+stringData:
+  userdata: |
+    {{- .Values.cloudInit | nindent 4 }}
+{{- end }}

packages/apps/virtual-machine/templates/service.yaml

@@ -8,21 +8,14 @@ metadata:
     {{- include "virtual-machine.labels" . | nindent 4 }}
 spec:
   type: {{ ternary "LoadBalancer" "ClusterIP" .Values.external }}
-  {{- if .Values.external }}
   externalTrafficPolicy: Local
   allocateLoadBalancerNodePorts: false
-  {{- end }}
   selector:
     {{- include "virtual-machine.labels" . | nindent 4 }}
   ports:
-    - name: ssh
-      port: 22
-      targetPort: 22
-    {{- if .Values.service.ports }}
-    {{- range .Values.service.ports }}
-    - name: {{ .name }}
-      port: {{ .port }}
-      targetPort: {{ .targetPort }}
-    {{- end }}
+    {{- range .Values.externalPorts }}
+    - name: port-{{ . }}
+      port: {{ . }}
+      targetPort: {{ . }}
     {{- end }}
 {{- end }}

packages/apps/virtual-machine/templates/vm.yaml

@@ -11,8 +11,9 @@ spec:
       name: {{ include "virtual-machine.fullname" . }}
     spec:
       pvc:
+        volumeMode: Block
         accessModes:
-        - ReadWriteOnce
+        - ReadWriteMany
         resources:
           requests:
             storage: {{ .Values.resources.disk | quote }}
@@ -28,7 +29,9 @@ spec:
           {{- else if eq .Values.image "fedora" }}
           url: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2
           {{- else if eq .Values.image "alpine" }}
-          url: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-virt-3.20.2-x86_64.iso
+          url: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.2-x86_64-bios-tiny-r0.qcow2
+          {{- else if eq .Values.image "talos" }}
+          url: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
           {{- end }}
   template:
     metadata:
@@ -45,34 +48,39 @@ spec:
           - disk:
               bus: scsi
             name: systemdisk
+          {{- if or .Values.sshKeys .Values.cloudInit }}
           - disk:
               bus: virtio
             name: cloudinitdisk
+          {{- end }}
+          interfaces:
+          - name: default
+            bridge: {}
         machine:
           type: ""
         resources:
           requests:
             memory: {{ .Values.resources.memory | quote }}
+      {{- with .Values.sshKeys }}
+      accessCredentials:
+      - sshPublicKey:
+          source:
+            secret:
+              secretName: {{ include "virtual-machine.fullname" $ }}-ssh-keys
+          propagationMethod:
+            noCloud: {}
+      {{- end }}
       terminationGracePeriodSeconds: 30
       volumes:
-      - dataVolume:
+      - name: systemdisk
+        dataVolume:
           name: {{ include "virtual-machine.fullname" . }}
-        name: systemdisk
-      - cloudInitNoCloud:
-          userData: |-
-            #cloud-config
-            ssh_pwauth: {{ if .Values.sshPwauth | default false }}True{{ else }}False{{ end }}
-            disable_root: {{ if .Values.disableRoot | default false }}True{{ else }}False{{ end }}
-            password: {{ .Values.password }}
-            chpasswd: { expire: {{ if .Values.chpasswdExpire | default false }}True{{ else }}False{{ end }} }
-            ssh_authorized_keys:
-            {{- if .Values.sshKeys }}
-              {{- $keys := .Values.sshKeys }}
-              {{- if not (kindIs "slice" $keys) }}
-                {{- $keys = list $keys }}
-              {{- end }}
-              {{- range $keys }}
-              - {{ . }}
-              {{- end }}
-            {{- end }}
-        name: cloudinitdisk
+      {{- if or .Values.sshKeys .Values.cloudInit }}
+      - name: cloudinitdisk
+        cloudInitNoCloud:
+          secretRef:
+            name: {{ include "virtual-machine.fullname" . }}-cloud-init
+      {{- end }}
+      networks:
+      - name: default
+        pod: {}

packages/apps/virtual-machine/values.schema.json

@@ -7,6 +7,14 @@
       "description": "Enable external access from outside the cluster",
       "default": false
     },
+    "externalPorts": {
+      "type": "array",
+      "description": "Specify ports to forward from outside the cluster",
+      "default": "[]",
+      "items": {
+        "type": "integer"
+      }
+    },
     "running": {
       "type": "boolean",
       "description": "Determines if the virtual machine should be running",
@@ -14,13 +22,14 @@
     },
     "image": {
       "type": "string",
-      "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine` and `fedora`",
+      "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`",
       "default": "ubuntu",
       "enum": [
         "ubuntu",
         "cirros",
         "alpine",
-        "fedora"
+        "fedora",
+        "talos"
       ]
     },
     "storageClass": {
@@ -49,36 +58,18 @@
         }
       }
     },
-    "sshPwauth": {
-      "type": "boolean",
-      "description": "Enable password authentication for SSH. If set to `true`, users can log in using a password",
-      "default": true
-    },
-    "disableRoot": {
-      "type": "boolean",
-      "description": "Disable root login via SSH. If set to `true`, root login will be disabled",
-      "default": true
-    },
-    "password": {
-      "type": "string",
-      "description": "The default password for the virtual machine",
-      "default": "hackme"
-    },
-    "chpasswdExpire": {
-      "type": "boolean",
-      "description": "Set whether the password should expire",
-      "default": false
-    },
     "sshKeys": {
       "type": "array",
-      "description": "List of SSH public keys for authentication. Can be a single key or a list of keys",
-      "default": [
-        "ssh-rsa ...",
-        "ssh-ed25519 ..."
-      ],
+      "description": "List of SSH public keys for authentication. Can be a single key or a list of keys.",
+      "default": "[]",
       "items": {
         "type": "string"
       }
+    },
+    "cloudInit": {
+      "type": "string",
+      "description": "cloud-init user data config. See cloud-init documentation for more details.",
+      "default": "#cloud-config\n"
     }
   }
 }

packages/apps/virtual-machine/values.yaml

@@ -1,19 +1,18 @@
 ## @section Common parameters
 
 ## @param external Enable external access from outside the cluster
+## @param externalPorts [array] Specify ports to forward from outside the cluster
 ## @param running Determines if the virtual machine should be running
-## @param image The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine` and `fedora`
+## @param image The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`
 ## @param storageClass StorageClass used to store the data
 ## @param resources.cpu The number of CPU cores allocated to the virtual machine
 ## @param resources.memory The amount of memory allocated to the virtual machine
 ## @param resources.disk The size of the disk allocated for the virtual machine
-## @param sshPwauth Enable password authentication for SSH. If set to `true`, users can log in using a password
-## @param disableRoot Disable root login via SSH. If set to `true`, root login will be disabled
-## @param password The default password for the virtual machine
-## @param chpasswdExpire Set whether the password should expire
-## @param sshKeys List of SSH public keys for authentication. Can be a single key or a list of keys
 
 external: false
+externalPorts:
+- 22
+
 running: true
 image: ubuntu
 storageClass: replicated
@@ -21,10 +20,24 @@ resources:
   cpu: 1
   memory: 1024M
   disk: 5Gi
-sshPwauth: true
-disableRoot: true
-password: hackme
-chpasswdExpire: false
-sshKeys:
-  - ssh-rsa ...
-  - ssh-ed25519 ...
+
+## @param sshKeys [array] List of SSH public keys for authentication. Can be a single key or a list of keys.
+## Example:
+## sshKeys:
+##   - ssh-rsa ...
+##   - ssh-ed25519 ...
+##
+sshKeys: []
+
+## @param cloudInit cloud-init user data config. See cloud-init documentation for more details.
+## - https://cloudinit.readthedocs.io/en/latest/explanation/format.html
+## - https://cloudinit.readthedocs.io/en/latest/reference/examples.html
+## Example:
+## cloudInit: |
+##   #cloud-config
+##   password: ubuntu
+##   chpasswd: { expire: False }
+##
+cloudInit: |
+  #cloud-config
+

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.12.0@sha256:0917812850fd0359d5ba78fd819c0e4ce6d7c12eed9cd46813e7284064b71d30
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.13.0@sha256:0943f277c63f20cea19bef0207dc47f47157b58309c09af18830aac7906d1416

packages/core/platform/bundles/distro-full.yaml

@@ -20,14 +20,11 @@ releases:
   namespace: cozy-cilium
   privileged: true
   dependsOn: []
+  valuesFiles:
+  - values.yaml
+  - values-talos.yaml
   values:
     cilium:
-      bpf:
-        masquerade: true
-      cni:
-        chainingMode: ~
-        customConf: false
-        configMap: ""
       enableIPv4Masquerade: true
       enableIdentityMark: true
       ipv4NativeRoutingCIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}"

packages/core/platform/bundles/paas-full.yaml

@@ -20,6 +20,10 @@ releases:
   namespace: cozy-cilium
   privileged: true
   dependsOn: []
+  valuesFiles:
+  - values.yaml
+  - values-talos.yaml
+  - values-kubeovn.yaml
 
 - name: kubeovn
   releaseName: kubeovn

packages/core/platform/templates/helmreleases.yaml

@@ -39,6 +39,10 @@ spec:
         kind: HelmRepository
         name: cozystack-system
         namespace: cozy-system
+      {{- with $x.valuesFiles }}
+      valuesFiles:
+      {{- toYaml $x.valuesFiles | nindent 6 }}
+      {{- end }}
   {{- $values := dict }}
   {{- with $x.values }}
   {{- $values = merge . $values }}

packages/core/testing/templates/sandbox.yaml

@@ -10,6 +10,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: cozystack-e2e-{{ .Release.Name }}
+  namespace: cozy-e2e-tests
 spec:
   replicas: 1
   selector:

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.12.0@sha256:be1693c8ce6a9522499f79b1e42b2e08c7ca80405026a095299e5e990a3ab791
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.13.0@sha256:be1693c8ce6a9522499f79b1e42b2e08c7ca80405026a095299e5e990a3ab791

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -25,7 +25,7 @@ spec:
         resources:
           requests:
             storage: {{ .Values.size }}
-        {{- with .Values.stroageClass }}
+        {{- with .Values.storageClass }}
         storageClassName: {{ . }}
         {{- end }}
   security:

packages/extra/monitoring/templates/vm/vmalertmanager.yaml

@@ -27,3 +27,6 @@ metadata:
 spec:
   replicaCount: 2
   configSecret: alertmanager
+  podMetadata:
+    labels:
+      policy.cozystack.io/allow-to-apiserver: "true"

packages/extra/seaweedfs/templates/seaweedfs.yaml

@@ -34,7 +34,7 @@ spec:
         - name: data1
           type: "persistentVolumeClaim"
           size: "{{ .Values.size }}"
-          {{- with .Values.stroageClass }}
+          {{- with .Values.storageClass }}
           storageClass: {{ . }}
           {{- end }}
           maxVolumes: 0

packages/extra/versions_map

@@ -11,6 +11,7 @@ monitoring 1.0.0 f642698
 monitoring 1.1.0 15478a88
 monitoring 1.2.0 c9e0d63b
 monitoring 1.2.1 4471b4ba
-monitoring 1.3.0 HEAD
+monitoring 1.3.0 6c5cf5b
+monitoring 1.4.0 HEAD
 seaweedfs 0.1.0 5ca8823
 seaweedfs 0.2.0 HEAD

packages/system/cilium/values-kubeovn.yaml

@@ -0,0 +1,19 @@
+cilium:
+  sctp:
+    enabled: true
+  autoDirectNodeRoutes: false
+  kubeProxyReplacement: true
+  bpf:
+    masquerade: false
+  cni:
+    chainingMode: generic-veth
+    chainingTarget: kube-ovn
+    customConf: true
+    configMap: cni-configuration
+  routingMode: native
+  enableIPv4Masquerade: false
+  enableIPv6Masquerade: false
+  enableIdentityMark: false
+  enableRuntimeDeviceDetection: true
+  forceDeviceDetection: true
+  devices: ovn0

packages/system/cilium/values-talos.yaml

@@ -0,0 +1,7 @@
+cilium:
+  cgroup:
+    autoMount:
+      enabled: false
+    hostRoot: /sys/fs/cgroup
+  k8sServiceHost: localhost
+  k8sServicePort: 7445

packages/system/cilium/values.yaml

@@ -3,35 +3,12 @@ cilium:
     enabled: false
   externalIPs:
     enabled: true
-  autoDirectNodeRoutes: false
-  kubeProxyReplacement: true
-  bpf:
-    masquerade: false
-    hostLegacyRouting: false
+  nodePort:
+    enabled: true
   loadBalancer:
     algorithm: maglev
-  cgroup:
-    autoMount:
-      enabled: false
-    hostRoot: /sys/fs/cgroup
   ipam:
     mode: "kubernetes"
-  k8sServiceHost: localhost
-  k8sServicePort: 7445
-  cni:
-    chainingMode: generic-veth
-    customConf: true
-    configMap: cni-configuration
-  routingMode: native
-  enableIPv4Masquerade: false
-  enableIPv6Masquerade: false
-  enableIdentityMark: false
-  enableRuntimeDeviceDetection: true
-  forceDeviceDetection: true
-  devices: ovn0
-  extraEnv:
-    - name: CILIUM_ENFORCE_DEVICE_DETECTION
-      value: "true"
   image:
     repository: ghcr.io/aenix-io/cozystack/cilium
     tag: 1.16.1

packages/system/dashboard/values.yaml

@@ -33,11 +33,11 @@ kubeapps:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: dashboard
-      tag: v0.12.0
-      digest: sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb
+      tag: v0.13.0
+      digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
   kubeappsapis:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: kubeapps-apis
-      tag: v0.12.0
-      digest: "sha256:5eee4c2207f23a6d5317c08bbedfd71b8b22f733b834cd370f1313fb428a22d0"
+      tag: v0.13.0
+      digest: "sha256:a8cf2b536573f4bc29d4dce323ef3007a65567d6f1fe7803490bd71f422aca88"

packages/system/kamaji/values.yaml

@@ -3,5 +3,5 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.12.0@sha256:197d7c36f76d4d9c09cc82eb87f9e36f05799a2b9158ae27e4729f2dd636ad0d
+    tag: v0.13.0@sha256:197d7c36f76d4d9c09cc82eb87f9e36f05799a2b9158ae27e4729f2dd636ad0d
     repository: ghcr.io/aenix-io/cozystack/kamaji

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.0@sha256:55b3ed5d4b628216378040e445aadc3d1cd817ff4d17eb081d884c6e00fb51e2
+      tag: v1.13.0@sha256:5c27a22f6b0a19c9a546e838a80ef73c32b863278cc209d7393555ad8a4f744a

packages/system/kubevirt-cdi/templates/cdi-cr.yaml

@@ -6,6 +6,7 @@ spec:
   config:
     featureGates:
     - HonorWaitForFirstConsumer
+    - ExpandDisks
   imagePullPolicy: IfNotPresent
   infra:
     nodeSelector:

packages/system/kubevirt/templates/kubevirt-cr.yaml

@@ -10,6 +10,7 @@ spec:
     developerConfiguration:
       featureGates:
       - HotplugVolumes
+      - ExpandDisks
   customizeComponents: {}
   imagePullPolicy: IfNotPresent
   workloadUpdateStrategy: {}

scripts/package.mk

@@ -1,20 +1,21 @@
 .DEFAULT_GOAL=help
 .PHONY=help show diff apply delete update image
+.VALUES_FILES=$(shell kubectl get hr -n $(NAMESPACE) $(NAME) -o go-template='{{ range .spec.chart.spec.valuesFiles}}-f {{ . }} {{ end }}-f -')
 
 help: ## Show this help.
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
 show: check ## Show output of rendered templates
 	kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | NAMESPACE=$(NAMESPACE) NAME=$(NAME) \
-		helm template --dry-run=server --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . -f -
+		helm template --dry-run=server --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . $(.VALUES_FILES)
 
 apply: check suspend ## Apply Helm release to a Kubernetes cluster
 	kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | NAMESPACE=$(NAMESPACE) NAME=$(NAME) \
-		helm upgrade -i --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . -f -
+		helm upgrade -i --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . $(.VALUES_FILES)
 
 diff: check ## Diff Helm release against objects in a Kubernetes cluster
 	kubectl get hr -n $(NAMESPACE) $(NAME) -o jsonpath='{.spec.values}' | NAMESPACE=$(NAMESPACE) NAME=$(NAME) \
-		helm diff upgrade --show-secrets --allow-unreleased --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . -f -
+		helm diff upgrade --show-secrets --allow-unreleased --post-renderer ../../../scripts/fluxcd-kustomize.sh -n $(NAMESPACE) $(NAME) . $(.VALUES_FILES)
 
 suspend: check ## Suspend reconciliation for an existing Helm release
 	kubectl patch hr -n $(NAMESPACE) $(NAME) -p '{"spec": {"suspend": true}}' --type=merge --field-manager=flux-client-side-apply