Refactor e2e tests for applications

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

.github/workflows/pre-commit.yml

@@ -0,0 +1,35 @@
+name: Pre-Commit Checks
+
+on: [push, pull_request]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install pre-commit
+        run: pip install pre-commit
+
+      - name: Run pre-commit hooks
+        run: |
+          git fetch origin main || git fetch origin master
+          base_commit=$(git rev-parse --verify origin/main || git rev-parse --verify origin/master || echo "")
+
+          if [ -z "$base_commit" ]; then
+            files=$(git ls-files '*.yaml' '*.md')
+          else
+            files=$(git diff --name-only "$base_commit" -- '*.yaml' '*.md')
+          fi
+
+          if [ -n "$files" ]; then
+            echo "$files" | xargs pre-commit run --files
+          else
+            echo "No YAML or Markdown files to lint"
+          fi

.pre-commit-config.yaml

@@ -0,0 +1,25 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.5.0
+  hooks:
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+    - id: mixed-line-ending
+      args: [--fix=lf]
+    - id: check-yaml
+      exclude: .*/init-script\.yaml$
+      args: [--unsafe]
+- repo: https://github.com/igorshubovych/markdownlint-cli
+  rev: v0.41.0
+  hooks:
+    - id: markdownlint
+      args: [--fix, --disable, MD013, MD041, --]
+-   repo: local
+    hooks:
+    - id: gen-versions-map
+      name: Generate versions map and check for changes
+      entry: bash -c 'cd packages/apps && make check-version-map'
+      language: system
+      types: [file]
+      pass_filenames: false
+      description: Run the script and fail if it generates changes

Makefile

@@ -10,6 +10,7 @@ build:
 	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
 	make -C packages/system/kamaji image
+	make -C packages/system/bucket image
 	make -C packages/core/testing image
 	make -C packages/core/installer image
 	make manifests

hack/Makefile

@@ -0,0 +1,16 @@
+.PHONY: test clean help
+
+SCRIPT=./e2e.applications.sh
+PRECHECKS=./pre-checks.sh
+
+help:
+	@echo "Usage: make {test|clean}"
+	@echo "  test  - Run the end-to-end tests."
+	@echo "  clean - Clean up resources."
+
+test:
+	@bash $(PRECHECKS) test
+	@bash $(SCRIPT) test
+
+clean:
+	@bash $(SCRIPT) clean

hack/e2e.applications.sh

@@ -0,0 +1,47 @@
+for file in ./modules/*.sh; do
+    source "$file"
+done
+
+ROOT_NS="tenant-root"
+TEST_TENANT="tenant-e2e"
+
+function test() {
+    install_tenant $TEST_TENANT $ROOT_NS
+    check_helmrelease_status $TEST_TENANT $ROOT_NS
+
+    install_all_apps "../packages/apps" "$TEST_TENANT" cozystack-apps cozy-public
+
+    if true; then
+        echo -e "${GREEN}All tests passed!${RESET}"
+        return 0
+    else
+        echo -e "${RED}Some tests failed!${RESET}"
+        return 1
+    fi
+}
+
+function clean() {
+    kubectl delete helmrelease.helm.toolkit.fluxcd.io $TEST_TENANT -n $ROOT_NS
+    if true; then
+        echo -e "${GREEN}Cleanup successful!${RESET}"
+        return 0
+    else
+        echo -e "${RED}Cleanup failed!${RESET}"
+        return 1
+    fi
+}
+
+case "$1" in
+    test)
+        echo -e "${YELLOW}Running tests...${RESET}"
+        test
+        ;;
+    clean)
+        echo -e "${YELLOW}Cleaning up...${RESET}"
+        clean
+        ;;
+    *)
+        echo -e "${RED}Usage: $0 {test|clean}${RESET}"
+        exit 1
+        ;;
+esac

hack/e2e.sh

@@ -36,7 +36,7 @@ mkdir -p srv1 srv2 srv3
 
 # Prepare cloud-init
 for i in 1 2 3; do
-  echo "local-hostname: srv$i" > "srv$i/meta-data"
+  echo "hostname: srv$i" > "srv$i/meta-data"
   echo '#cloud-config' > "srv$i/user-data"
   cat > "srv$i/network-config" <<EOT
 version: 2
@@ -182,7 +182,7 @@ timeout 60 sh -c 'until nc -nzv 192.168.123.11 50000 && nc -nzv 192.168.123.12 5
 talosctl bootstrap -n 192.168.123.11 -e 192.168.123.11
 
 # Wait for etcd
-timeout 120 sh -c 'while talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1 | grep "rpc error"; do sleep 1; done'
+timeout 180 sh -c 'while talosctl etcd members -n 192.168.123.11,192.168.123.12,192.168.123.13 -e 192.168.123.10 2>&1 | grep "rpc error"; do sleep 1; done'
 
 rm -f kubeconfig
 talosctl kubeconfig kubeconfig -e 192.168.123.10 -n 192.168.123.10
@@ -217,6 +217,10 @@ timeout 60 sh -c 'until kubectl get hr -A | grep cozy; do sleep 1; done'
 sleep 5
 
 kubectl get hr -A | awk 'NR>1 {print "kubectl wait --timeout=15m --for=condition=ready -n " $1 " hr/" $2 " &"} END{print "wait"}' | sh -x
+
+# Wait for Cluster-API providers
+kubectl wait deploy --timeout=30s --for=condition=available -n cozy-cluster-api capi-controller-manager capi-kamaji-controller-manager capi-kubeadm-bootstrap-controller-manager capi-operator-cluster-api-operator capk-controller-manager
+
 # Wait for linstor controller
 kubectl wait deploy --timeout=5m --for=condition=available -n cozy-linstor linstor-controller
 

hack/modules/check_helmrelease_status.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+source ./modules/colors.sh
+
+function check_helmrelease_status() {
+    local release_name="$1"
+    local namespace="$2"
+    local timeout=300  # Timeout in seconds
+    local interval=5   # Interval between checks in seconds
+    local elapsed=0
+
+    while [[ $elapsed -lt $timeout ]]; do
+        local status_output
+        status_output=$(kubectl get helmrelease "$release_name" -n "$namespace" -o json | jq -r '.status.conditions[-1].reason')
+
+        if [[ "$status_output" == "InstallSucceeded" ]]; then
+            echo -e "${GREEN}Helm release '$release_name' is ready.${RESET}"
+            return 0
+        elif [[ "$status_output" == "InstallFailed" ]]; then
+          echo -e "${RED}Helm release '$release_name': InstallFailed${RESET}"
+          exit 1
+        else
+            echo -e "${YELLOW}Helm release '$release_name' is not ready. Current status: $status_output${RESET}"
+        fi
+
+        sleep "$interval"
+        elapsed=$((elapsed + interval))
+    done
+
+    echo -e "${RED}Timeout reached. Helm release '$release_name' is still not ready after $timeout seconds.${RESET}"
+    exit 1
+}

hack/modules/colors.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+RESET='\033[0m'
+YELLOW='\033[0;33m'

hack/modules/ignored_charts

@@ -0,0 +1,6 @@
+tenant
+http-cache
+mysql
+rabbitmq
+virtual-machine
+vpn

hack/modules/install_all_apps.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+source ./modules/colors.sh
+
+# Function to load ignored charts from a file
+function load_ignored_charts() {
+    local ignore_file="$1"
+    local ignored_charts=()
+
+    if [[ -f "$ignore_file" ]]; then
+        while IFS= read -r chart; do
+            ignored_charts+=("$chart")
+        done < "$ignore_file"
+    else
+        echo "Ignore file not found: $ignore_file"
+    fi
+
+    # Return the array of ignored charts
+    echo "${ignored_charts[@]}"
+}
+
+# Function to check if a chart is in the ignored list
+function is_chart_ignored() {
+    local chart_name="$1"
+    shift
+    local ignored_charts=("$@")
+
+    for ignored_chart in "${ignored_charts[@]}"; do
+        if [[ "$ignored_chart" == "$chart_name" ]]; then
+            return 0
+        fi
+    done
+    return 1
+}
+
+function install_all_apps() {
+    local charts_dir="$1"
+    local namespace="$2"
+    local repo_name="$3"
+    local repo_ns="$4"
+
+    local ignore_file="./modules/ignored_charts"
+    local ignored_charts
+    ignored_charts=($(load_ignored_charts "$ignore_file"))
+
+    for chart_path in "$charts_dir"/*; do
+        if [[ -d "$chart_path" ]]; then
+            local chart_name
+            chart_name=$(basename "$chart_path")
+            # Check if the chart is in the ignored list
+            if is_chart_ignored "$chart_name" "${ignored_charts[@]}"; then
+                echo "Skipping chart: $chart_name (listed in ignored charts)"
+                continue
+            fi
+
+            release_name="$chart_name-e2e"
+            echo "Installing release: $release_name"
+            install_helmrelease "$release_name" "$namespace" "$chart_name" "$repo_name" "$repo_ns"
+
+            echo "Checking status for HelmRelease: $release_name"
+            check_helmrelease_status "$release_name" "$namespace"
+        else
+            echo "$chart_path is not a directory. Skipping."
+        fi
+    done
+}

hack/modules/install_chart.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+source ./modules/colors.sh
+
+function install_helmrelease() {
+    local release_name="$1"
+    local namespace="$2"
+    local chart_path="$3"
+    local repo_name="$4"
+    local repo_ns="$5"
+    local values_file="$6"
+
+    if [[ -z "$release_name" ]]; then
+        echo -e "${RED}Error: Release name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$namespace" ]]; then
+        echo -e "${RED}Error: Namespace name is required.${RESET}"
+        exit 1
+    fi
+
+    if [[ -z "$chart_path" ]]; then
+        echo -e "${RED}Error: Chart path name is required.${RESET}"
+        exit 1
+    fi
+
+    local helmrelease_file=$(mktemp /tmp/HelmRelease.XXXXXX.yaml)
+
+    {
+        echo "apiVersion: helm.toolkit.fluxcd.io/v2"
+        echo "kind: HelmRelease"
+        echo "metadata:"
+        echo "  labels:"
+        echo "    cozystack.io/ui: \"true\""
+        echo "  name: \"$release_name\""
+        echo "  namespace: \"$namespace\""
+        echo "spec:"
+        echo "  chart:"
+        echo "    spec:"
+        echo "      chart: \"$chart_path\""
+        echo "      reconcileStrategy: Revision"
+        echo "      sourceRef:"
+        echo "        kind: HelmRepository"
+        echo "        name: \"$repo_name\""
+        echo "        namespace: \"$repo_ns\""
+        echo "      version: '*'"
+        echo "  interval: 1m0s"
+        echo "  timeout: 5m0s"
+
+        if [[ -n "$values_file" && -f "$values_file" ]]; then
+            echo "  values:"
+            cat "$values_file" | sed 's/^/    /'
+        fi
+    } > "$helmrelease_file"
+
+    kubectl apply -f "$helmrelease_file"
+
+    rm -f "$helmrelease_file"
+}

hack/modules/install_tenant.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+function install_tenant (){
+    local release_name="$1"
+    local namespace="$2"
+    local values_file="${3:-tenant.yaml}"
+    local repo_name="cozystack-apps"
+    local repo_ns="cozy-public"
+
+    install_helmrelease "$release_name" "$namespace" "tenant" "$repo_name" "$repo_ns" "$values_file"
+}

hack/pre-checks.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+YQ_VERSION="v4.35.1"
+RED='\033[31m'
+RESET='\033[0m'
+
+check-yq-version() {
+    current_version=$(yq -V | awk '$(NF-1) == "version" {print $NF}')
+    if [ -z "$current_version" ]; then
+        echo "yq is not installed or version cannot be determined."
+        exit 1
+    fi
+    echo "Current yq version: $current_version"
+
+    if [ "$(printf '%s\n' "$YQ_VERSION" "$current_version" | sort -V | head -n1)" = "$YQ_VERSION" ]; then
+        echo "Greater than or equal to $YQ_VERSION"
+    else
+        echo -e "${RED}ERROR: yq version less than $YQ_VERSION${RESET}"
+        exit 1
+    fi
+}
+
+check-yq-version

hack/values/tenant.yaml

@@ -0,0 +1,6 @@
+host: ""
+etcd: false
+monitoring: true
+ingress: false
+seaweedfs: true
+isolated: true

manifests/cozystack-installer.yaml

@@ -68,7 +68,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.16.2"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.16.5"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -87,7 +87,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.16.2"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.16.5"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/README.md

@@ -0,0 +1,9 @@
+### How to test packages local
+
+```bash
+cd packages/core/installer
+make image-cozystack REGISTRY=YOUR_CUSTOM_REGISTRY
+make apply
+kubectl delete pod dashboard-redis-master-0 -n cozy-dashboard
+kubectl delete po -l app=source-controller -n cozy-fluxcd
+```

packages/apps/bucket/templates/dashboard-resourcemap.yaml

@@ -9,4 +9,12 @@ rules:
   - secrets
   resourceNames:
   - {{ .Release.Name }}
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  resourceNames:
+  - {{ .Release.Name }}-ui
   verbs: ["get", "list", "watch"]

packages/apps/bucket/templates/helmrelease.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-system
+spec:
+  chart:
+    spec:
+      chart: cozy-bucket
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    bucketName: {{ .Release.Name }}

packages/apps/ferretdb/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 0.4.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/ferretdb/templates/init-script.yaml

@@ -34,6 +34,9 @@ stringData:
   init.sh: |
     #!/bin/bash
     set -e
+
+    until pg_isready ; do sleep 5; done
+
     echo "== create users"
     {{- if .Values.users }}
     psql -v ON_ERROR_STOP=1 <<\EOT
@@ -60,7 +63,7 @@ stringData:
     DROP USER $user;
     EOT
     done
-    
+
     echo "== create roles"
     psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
     SELECT 'CREATE ROLE app_admin NOINHERIT;'
@@ -80,7 +83,7 @@ stringData:
         FOR schema_record IN SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT IN ('pg_catalog', 'information_schema') LOOP
             -- Changing Schema Ownership
             EXECUTE format('ALTER SCHEMA %I OWNER TO %I', schema_record.schema_name, 'app_admin');
-    
+
             -- Add rights for the admin role
             EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');
             EXECUTE format('GRANT ALL ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, 'app_admin');

packages/apps/kafka/templates/kafka.yaml

@@ -76,3 +76,5 @@ spec:
         metadata:
          labels:
            policy.cozystack.io/allow-to-apiserver: "true"
+      spec:
+        enableServiceLinks: false

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.12.0
+version: 0.12.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.11.1@sha256:7f617de5a24de790a15d9e97c6287ff2b390922e6e74c7a665cbf498f634514d
+ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.12.1@sha256:7f617de5a24de790a15d9e97c6287ff2b390922e6e74c7a665cbf498f634514d

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.11.1@sha256:b5aa62a53be566b49dea635ce8f6b9280566e260f8493ff3d71f8c7501fb4cbc
+ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.12.1@sha256:ca606d6039ed43a48d4dfd98a91fd3cec120f08c1e221cd4e99ea94239389742

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.11.1@sha256:705e20e638315501aaa8b8156ceb8b260086b21876aa994bec9d6c406955c6d4
+ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.12.1@sha256:86029548078960feecca116087b2135230d676b83c503f292eb50e1199be2790

packages/apps/kubernetes/images/kubevirt-csi-driver/Dockerfile

@@ -3,7 +3,7 @@ ARG builder_image=docker.io/library/golang:1.22.5
 FROM ${builder_image} AS builder
 RUN git clone https://github.com/kubevirt/csi-driver /src/kubevirt-csi-driver \
  && cd /src/kubevirt-csi-driver \
- && git checkout fa92820448e583c7fd722dc20270544e0c3eca53
+ && git checkout 35836e0c8b68d9916d29a838ea60cdd3fc6199cf
 
 WORKDIR /src/kubevirt-csi-driver
 RUN make build

packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml

@@ -16,6 +16,7 @@ spec:
         app: {{ .Release.Name }}-cluster-autoscaler
         policy.cozystack.io/allow-to-apiserver: "true"
     spec:
+      enableServiceLinks: false
       tolerations:
         - key: CriticalAddonsOnly
           operator: Exists

packages/apps/kubernetes/templates/cluster.yaml

@@ -229,7 +229,7 @@ spec:
     timeout: 30s
   - type: Ready
     status: "False"
-    timeout: 30s
+    timeout: 300s
 {{- end }}
 ---
 {{- /*

packages/apps/kubernetes/templates/csi/deploy.yaml

@@ -15,6 +15,7 @@ spec:
         app: {{ .Release.Name }}-kcsi-driver
         policy.cozystack.io/allow-to-apiserver: "true"
     spec:
+      enableServiceLinks: false
       serviceAccountName: {{ .Release.Name }}-kcsi
       priorityClassName: system-cluster-critical
       tolerations:

packages/apps/kubernetes/templates/kccm/manager.yaml

@@ -15,6 +15,7 @@ spec:
         k8s-app: {{ .Release.Name }}-kccm
         policy.cozystack.io/allow-to-apiserver: "true"
     spec:
+      enableServiceLinks: false
       tolerations:
         - key: CriticalAddonsOnly
           operator: Exists

packages/apps/postgres/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.0
+version: 0.7.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/postgres/README.md

@@ -6,30 +6,34 @@ PostgreSQL is currently the leading choice among relational databases, known for
 
 This managed service is controlled by the CloudNativePG operator, ensuring efficient management and seamless operation.
 
-- Docs: https://cloudnative-pg.io/docs/
-- Github: https://github.com/cloudnative-pg/cloudnative-pg
+- Docs: <https://cloudnative-pg.io/docs/>
+- Github: <https://github.com/cloudnative-pg/cloudnative-pg>
 
 ## HowTos
 
 ### How to switch master/slave replica
 
 See:
-- https://cloudnative-pg.io/documentation/1.15/rolling_update/#manual-updates-supervised
 
-### How to restore backup:
+- <https://cloudnative-pg.io/documentation/1.15/rolling_update/#manual-updates-supervised>
+
+### How to restore backup
 
 find snapshot:
-```
+
+```bash
 restic -r s3:s3.example.org/postgres-backups/database_name snapshots
 ```
 
 restore:
-```
+
+```bash
 restic -r s3:s3.example.org/postgres-backups/database_name restore latest --target /tmp/
 ```
 
 more details:
-- https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1
+
+- <https://itnext.io/restic-effective-backup-from-stdin-4bc1e8f083c1>
 
 ## Parameters
 
@@ -64,5 +68,3 @@ more details:
 | `backup.s3AccessKey`     | The access key for S3, used for authentication | `oobaiRus9pah8PhohL1ThaeTa4UVa7gu`                     |
 | `backup.s3SecretKey`     | The secret key for S3, used for authentication | `ju3eum4dekeich9ahM1te8waeGai0oog`                     |
 | `backup.resticPassword`  | The password for Restic backup encryption      | `ChaXoveekoh6eigh4siesheeda2quai0`                     |
-
-

packages/apps/postgres/templates/init-script.yaml

@@ -34,6 +34,9 @@ stringData:
   init.sh: |
     #!/bin/bash
     set -e
+
+    until pg_isready ; do sleep 5; done
+
     echo "== create users"
     {{- if .Values.users }}
     psql -v ON_ERROR_STOP=1 <<\EOT
@@ -60,7 +63,7 @@ stringData:
     DROP USER $user;
     EOT
     done
-    
+
     echo "== create databases and roles"
     {{- if .Values.databases }}
     psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
@@ -92,7 +95,7 @@ stringData:
         FOR schema_record IN SELECT schema_name FROM information_schema.schemata WHERE schema_name NOT IN ('pg_catalog', 'information_schema') LOOP
             -- Changing Schema Ownership
             EXECUTE format('ALTER SCHEMA %I OWNER TO %I', schema_record.schema_name, '{{ $database }}_admin');
-    
+
             -- Add rights for the admin role
             EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_admin');
             EXECUTE format('GRANT ALL ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_admin');
@@ -101,7 +104,7 @@ stringData:
             EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON TABLES TO %I', schema_record.schema_name, '{{ $database }}_admin');
             EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON SEQUENCES TO %I', schema_record.schema_name, '{{ $database }}_admin');
             EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT ALL ON FUNCTIONS TO %I', schema_record.schema_name, '{{ $database }}_admin');
-    
+
             -- Add rights for the readonly role
             EXECUTE format('GRANT USAGE ON SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_readonly');
             EXECUTE format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO %I', schema_record.schema_name, '{{ $database }}_readonly');
@@ -119,9 +122,9 @@ stringData:
     CREATE OR REPLACE FUNCTION auto_grant_schema_privileges()
     RETURNS event_trigger LANGUAGE plpgsql AS $$
     DECLARE
-      obj record;
+        obj record;
     BEGIN
-      FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands() WHERE command_tag = 'CREATE SCHEMA' LOOP
+        FOR obj IN SELECT * FROM pg_event_trigger_ddl_commands() WHERE command_tag = 'CREATE SCHEMA' LOOP
         EXECUTE format('ALTER SCHEMA %I OWNER TO %I', obj.object_identity, '{{ $database }}_admin');
         EXECUTE format('GRANT ALL ON SCHEMA %I TO %I', obj.object_identity, '{{ $database }}_admin');
         EXECUTE format('GRANT USAGE ON SCHEMA %I TO %I', obj.object_identity, '{{ $database }}_readonly');
@@ -146,7 +149,7 @@ stringData:
         EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT SELECT ON TABLES TO %I', obj.object_identity, '{{ $database }}_readonly');
         EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT USAGE ON SEQUENCES TO %I', obj.object_identity, '{{ $database }}_readonly');
         EXECUTE format('ALTER DEFAULT PRIVILEGES IN SCHEMA %I GRANT EXECUTE ON FUNCTIONS TO %I', obj.object_identity, '{{ $database }}_readonly');
-      END LOOP;
+        END LOOP;
     END;
     $$;
 

packages/apps/rabbitmq/templates/rabbitmq.yaml

@@ -16,6 +16,8 @@ spec:
     statefulSet:
       spec:
         template:
+          spec:
+            enableServiceLinks: false
           metadata:
             labels:
               policy.cozystack.io/allow-to-apiserver: "true"

packages/apps/versions_map

@@ -9,7 +9,8 @@ ferretdb 0.1.0 4ffa8615
 ferretdb 0.1.1 5ca8823
 ferretdb 0.2.0 adaf603
 ferretdb 0.3.0 aa2f553
-ferretdb 0.4.0 HEAD
+ferretdb 0.4.0 def2eb0f
+ferretdb 0.4.1 HEAD
 http-cache 0.1.0 a956713
 http-cache 0.2.0 5ca8823
 http-cache 0.3.0 fab5940
@@ -34,7 +35,8 @@ kubernetes 0.9.0 9b6dd19
 kubernetes 0.10.0 ac5c38b
 kubernetes 0.11.0 4eaca42
 kubernetes 0.11.1 4f430a90
-kubernetes 0.12.0 HEAD
+kubernetes 0.12.0 74649f8
+kubernetes 0.12.1 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 5ca8823
@@ -52,7 +54,8 @@ postgres 0.4.1 5ca8823
 postgres 0.5.0 c07c4bbd
 postgres 0.6.0 2a4768a
 postgres 0.6.2 54fd61c
-postgres 0.7.0 HEAD
+postgres 0.7.0 dc9d8bb
+postgres 0.7.1 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 5ca8823
 rabbitmq 0.3.0 9e33dc0

packages/core/installer/Makefile

@@ -5,6 +5,9 @@ TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/instal
 
 include ../../../scripts/common-envs.mk
 
+pre-checks:
+	../../../hack/pre-checks.sh
+
 show:
 	helm template -n $(NAMESPACE) $(NAME) .
 
@@ -17,7 +20,7 @@ diff:
 update:
 	hack/gen-profiles.sh
 
-image: image-cozystack image-talos image-matchbox
+image: pre-checks image-cozystack image-talos image-matchbox
 
 image-cozystack:
 	make -C ../../.. repos

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/aenix-io/cozystack/cozystack:v0.16.2@sha256:0ee9d03a0453f19cc8deabf9ee4b9c6d9cc61e4ba833546a62a2f6b2265868f3
+  image: ghcr.io/aenix-io/cozystack/cozystack:v0.16.5@sha256:5bd08ec86b8392d31a1df7cb496d7c861142771c323c302729f7728da9b49ae2

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.16.2@sha256:25b298d621ec79431d106184d59849bbae634588742583d111628126ad8615c5
+  image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.16.5@sha256:25b298d621ec79431d106184d59849bbae634588742583d111628126ad8615c5

packages/extra/seaweedfs/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/extra/seaweedfs/templates/seaweedfs.yaml

@@ -38,6 +38,10 @@ spec:
           storageClass: {{ . }}
           {{- end }}
           maxVolumes: 0
+
+      filer:
+        s3:
+          domainName: {{ .Values.host | default (printf "s3.%s" $host) }}
       
       s3:
         ingress:

packages/extra/versions_map

@@ -15,4 +15,5 @@ monitoring 1.3.0 6c5cf5b
 monitoring 1.4.0 adaf603b
 monitoring 1.5.0 HEAD
 seaweedfs 0.1.0 5ca8823
-seaweedfs 0.2.0 HEAD
+seaweedfs 0.2.0 9e33dc0
+seaweedfs 0.2.1 HEAD

packages/system/bucket/.helmignore

@@ -0,0 +1,2 @@
+hack
+.gitkeep

packages/system/bucket/Chart.yaml

@@ -0,0 +1,3 @@
+apiVersion: v2
+name: cozy-bucket
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/bucket/Makefile

@@ -0,0 +1,25 @@
+S3MANAGER_TAG=v0.5.0
+
+export NAME=s3manager-system
+
+include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk
+
+update:
+	rm -rf charts
+	helm pull oci://ghcr.io/aenix-io/charts/etcd-operator --untar --untardir charts
+
+image: image-s3manager
+
+image-s3manager:
+	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/s3manager \
+		--provenance false \
+		--tag $(REGISTRY)/s3manager:$(call settag,$(S3MANAGER_TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/s3manager:latest \
+		--cache-to type=inline \
+		--metadata-file images/s3manager.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/s3manager:$(call settag,$(S3MANAGER_TAG))@$$(yq e '."containerimage.digest"' images/s3manager.json -o json -r)" \
+		> images/s3manager.tag
+	rm -f images/s3manager.json

packages/system/bucket/images/s3manager.tag

@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/s3manager:latest@sha256:7a1a0864f823dc3343d79dffa44ab73f77f0e1b3642a0fe0fa29b280c3184a9b

packages/system/bucket/images/s3manager/Dockerfile

@@ -0,0 +1,20 @@
+# Source: https://github.com/cloudlena/s3manager/blob/main/Dockerfile
+
+FROM docker.io/library/golang:1 AS builder
+WORKDIR /usr/src/app
+RUN wget -O- https://github.com/cloudlena/s3manager/archive/9a7c8e446b422f8973b8c461990f39fdafee9c27.tar.gz | tar -xzf- --strip 1
+ADD cozystack.patch /
+RUN git apply /cozystack.patch
+RUN CGO_ENABLED=0 go build -ldflags="-s -w" -a -installsuffix cgo -o bin/s3manager
+
+FROM docker.io/library/alpine:latest
+WORKDIR /usr/src/app
+RUN addgroup -S s3manager && adduser -S s3manager -G s3manager
+RUN apk add --no-cache \
+  ca-certificates \
+  dumb-init
+COPY --from=builder --chown=s3manager:s3manager /usr/src/app/bin/s3manager ./
+USER s3manager
+EXPOSE 8080
+ENTRYPOINT [ "/usr/bin/dumb-init", "--" ]
+CMD [ "/usr/src/app/s3manager" ]

packages/system/bucket/images/s3manager/cozystack.patch

@@ -0,0 +1,26 @@
+diff --git a/web/template/bucket.html.tmpl b/web/template/bucket.html.tmpl
+index e2f8d28..87add13 100644
+--- a/web/template/bucket.html.tmpl
++++ b/web/template/bucket.html.tmpl
+@@ -13,7 +13,7 @@
+ 
+ <nav class="nav-extended">
+     <div class="nav-wrapper container">
+-        <a href="/buckets/{{$.BucketName}}" class="brand-logo center"><i class="material-icons">folder_open</i>{{ .BucketName }}</a>
++        <a href="/" class="brand-logo">Cozystack S3 Manager</a>
+         {{ if not .Objects }}
+         <ul class="right">
+             <li>
+diff --git a/web/template/buckets.html.tmpl b/web/template/buckets.html.tmpl
+index c7ea184..fb1dce7 100644
+--- a/web/template/buckets.html.tmpl
++++ b/web/template/buckets.html.tmpl
+@@ -1,7 +1,7 @@
+ {{ define "content" }}
+ <nav>
+     <div class="nav-wrapper container">
+-        <a href="/" class="brand-logo">S3 Manager</a>
++        <a href="/" class="brand-logo">Cozystack S3 Manager</a>
+     </div>
+ </nav>
+ 

packages/system/bucket/templates/deployment.yaml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.bucketName }}-ui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.bucketName }}-ui
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.bucketName }}-ui
+    spec:
+      containers:
+      - name: s3manager
+        image: "{{ $.Files.Get "images/s3manager.tag" | trim }}"
+        env:
+        - name: ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bucketName }}-credentials
+              key: endpoint
+        - name: SKIP_SSL_VERIFICATION
+          value: "true"
+        - name: ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bucketName }}-credentials
+              key: accessKey
+        - name: SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bucketName }}-credentials
+              key: secretKey

packages/system/bucket/templates/ingress.yaml

@@ -0,0 +1,37 @@
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.bucketName }}-ui
+  annotations:
+    nginx.ingress.kubernetes.io/auth-type: "basic"
+    nginx.ingress.kubernetes.io/auth-secret: "{{ .Values.bucketName }}-ui-auth"
+    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "99999"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "99999"
+    {{- if ne $issuerType "cloudflare" }}
+    acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
+    {{- end }}
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: {{ $ingress }}
+  tls:
+    - hosts:
+        - "{{ .Values.bucketName }}.{{ $host }}"
+      secretName: {{ .Values.bucketName }}-ui-tls
+  rules:
+  - host: {{ .Values.bucketName }}.{{ $host }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ .Values.bucketName }}-ui
+            port:
+              number: 8080

packages/system/bucket/templates/secret.yaml

@@ -0,0 +1,22 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace .Values.bucketName }}
+{{- $bucketInfo := fromJson (b64dec (index $existingSecret.data "BucketInfo")) }}
+{{- $accessKeyID := index $bucketInfo.spec.secretS3 "accessKeyID" }}
+{{- $accessSecretKey := index $bucketInfo.spec.secretS3 "accessSecretKey" }}
+{{- $endpoint := index $bucketInfo.spec.secretS3 "endpoint" }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.bucketName }}-credentials
+type: Opaque
+stringData:
+  accessKey: {{ $accessKeyID | quote }}
+  secretKey: {{ $accessSecretKey | quote }}
+  endpoint: {{ trimPrefix "https://" $endpoint }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.bucketName }}-ui-auth
+data:
+  auth: {{ htpasswd $accessKeyID $accessSecretKey | b64enc | quote }}

packages/system/bucket/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.bucketName }}-ui
+spec:
+  selector:
+    app: {{ .Values.bucketName }}-ui
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP

packages/system/bucket/values.yaml

@@ -0,0 +1 @@
+bucketName: ""

packages/system/capi-operator/values.yaml

@@ -1,8 +1,9 @@
 cluster-api-operator:
   resources:
-    limits:
-      cpu: 200m
-      memory: 512Mi
-    requests:
-      cpu: 100m
-      memory: 100Mi
+    manager:
+      limits:
+        cpu: 200m
+        memory: 512Mi
+      requests:
+        cpu: 100m
+        memory: 100Mi

packages/system/dashboard/values.yaml

@@ -33,11 +33,11 @@ kubeapps:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: dashboard
-      tag: v0.16.2
+      tag: v0.16.5
       digest: "sha256:4818712e9fc9c57cc321512760c3226af564a04e69d4b3ec9229ab91fd39abeb"
   kubeappsapis:
     image:
       registry: ghcr.io/aenix-io/cozystack
       repository: kubeapps-apis
-      tag: v0.16.2
-      digest: "sha256:55bc8e2495933112c7cb4bb9e3b1fcb8df46aa14e27fa007f78388a9757e3238"
+      tag: v0.16.5
+      digest: "sha256:126bb6955ff142e7e00e712c037f3e97bd39b360641fba0b8ca8bc083d5e8224"

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.16.2@sha256:95a9658cbbe1cbfbc42b9ab1df4f2a39342d7a8f1ff10a10b81b8656f3744c39
+    tag: v0.16.5@sha256:95a9658cbbe1cbfbc42b9ab1df4f2a39342d7a8f1ff10a10b81b8656f3744c39
     repository: ghcr.io/aenix-io/cozystack/kamaji
   resources:
     limits:

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.0@sha256:d13ac4f916cd88d33d1d64c949978165272998d6594441a9dd4be5e6892caf4e
+      tag: v1.13.0@sha256:ba4e98866295db13d88b10984c230e1cb0db86782767c5b9aff452865cdd1012