Set replicas type to integer

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>

.github/workflows/pull-requests-release.yaml

@@ -0,0 +1,96 @@
+name: Releasing PR
+
+on:
+  pull_request:
+    types: [labeled, opened, synchronize, reopened, closed]
+
+jobs:
+  verify:
+    name: Test Release
+    runs-on: [self-hosted]
+    permissions:
+      contents: read
+      packages: write
+
+    if: |
+      contains(github.event.pull_request.labels.*.name, 'ok-to-test') &&
+      contains(github.event.pull_request.labels.*.name, 'release') &&
+      github.event.action != 'closed'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+
+      - name: Run tests
+        run: make test
+
+  finalize:
+    name: Finalize Release
+    runs-on: [self-hosted]
+    permissions:
+      contents: write
+  
+    if: |
+      github.event.pull_request.merged == true &&
+      contains(github.event.pull_request.labels.*.name, 'release')
+  
+    steps:
+      - name: Extract tag from branch name
+        id: get_tag
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const branch = context.payload.pull_request.head.ref;
+            const match = branch.match(/^release-(v\d+\.\d+\.\d+(?:[-\w\.]+)?)$/);
+  
+            if (!match) {
+              core.setFailed(`Branch '${branch}' does not match expected format 'release-vX.Y.Z[-suffix]'`);
+            } else {
+              const tag = match[1];
+              core.setOutput('tag', tag);
+              console.log(`✅ Extracted tag: ${tag}`);
+            }
+  
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+  
+      - name: Create tag on merged commit
+        run: |
+          git tag ${{ steps.get_tag.outputs.tag }} ${{ github.sha }}
+          git push origin ${{ steps.get_tag.outputs.tag }}
+  
+      - name: Publish draft release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const tag = '${{ steps.get_tag.outputs.tag }}';
+            const releases = await github.rest.repos.listReleases({
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            });
+  
+            const release = releases.data.find(r => r.tag_name === tag && r.draft);
+            if (!release) {
+              throw new Error(`Draft release with tag ${tag} not found`);
+            }
+  
+            await github.rest.repos.updateRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              release_id: release.id,
+              draft: false
+            });
+  
+            console.log(`✅ Published release for ${tag}`);

.github/workflows/pull-requests.yaml

@@ -0,0 +1,39 @@
+name: Pull Request
+
+on:
+  pull_request:
+    types: [labeled, opened, synchronize, reopened]
+
+jobs:
+  e2e:
+    name: Build and Test
+    runs-on: [self-hosted]
+    permissions:
+      contents: read
+      packages: write
+
+    if: |
+      contains(github.event.pull_request.labels.*.name, 'ok-to-test') &&
+      !contains(github.event.pull_request.labels.*.name, 'release')
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+
+      - name: make build
+        run: |
+          make build
+
+      - name: make test
+        run: |
+          make test

.github/workflows/tags.yaml

@@ -0,0 +1,159 @@
+name: Versioned Tag
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  prepare-release:
+    name: Prepare Release
+    runs-on: [self-hosted]
+    permissions:
+      contents: write
+      packages: write
+      pull-requests: write
+
+    steps:
+      - name: Check if release already exists
+        id: check_release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const tag = context.ref.replace('refs/tags/', '');
+            const releases = await github.rest.repos.listReleases({
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            });
+
+            const existing = releases.data.find(r => r.tag_name === tag && !r.draft);
+            if (existing) {
+              core.setOutput('skip', 'true');
+            } else {
+              core.setOutput('skip', 'false');
+            }
+
+      - name: Skip if release already exists
+        if: steps.check_release.outputs.skip == 'true'
+        run: echo "Release already exists, skipping workflow."
+
+      - name: Checkout code
+        if: steps.check_release.outputs.skip == 'false'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Login to GitHub Container Registry
+        if: steps.check_release.outputs.skip == 'false'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+
+      - name: Build
+        if: steps.check_release.outputs.skip == 'false'
+        run: make build
+
+      - name: Commit release artifacts
+        if: steps.check_release.outputs.skip == 'false'
+        env:
+          GIT_AUTHOR_NAME: ${{ github.actor }}
+          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+        run: |
+          git config user.name "$GIT_AUTHOR_NAME"
+          git config user.email "$GIT_AUTHOR_EMAIL"
+          git add .
+          git commit -m "Prepare release ${GITHUB_REF#refs/tags/}" -s || echo "No changes to commit"
+
+      - name: Create release branch
+        if: steps.check_release.outputs.skip == 'false'
+        run: |
+          BRANCH_NAME="release-${GITHUB_REF#refs/tags/v}"
+          git branch -f "$BRANCH_NAME"
+          git push origin "$BRANCH_NAME" --force
+
+      - name: Create pull request if not exists
+        if: steps.check_release.outputs.skip == 'false'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const version = context.ref.replace('refs/tags/v', '');
+            const branch = `release-${version}`;
+            const base = 'main';
+      
+            const prs = await github.rest.pulls.list({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              head: `${context.repo.owner}:${branch}`,
+              base
+            });
+      
+            if (prs.data.length === 0) {
+              const newPr = await github.rest.pulls.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                head: branch,
+                base: base,
+                title: `Release v${version}`,
+                body:
+                  `This PR prepares the release \`v${version}\`.\n` +
+                  `(Please merge it before releasing draft)`,
+                draft: false
+              });
+      
+              console.log(`Created pull request #${newPr.data.number} from ${branch} to ${base}`);
+      
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: newPr.data.number,
+                labels: ['release', 'ok-to-test']
+              });
+      
+            } else {
+              console.log(`Pull request already exists from ${branch} to ${base}`);
+            }
+
+      - name: Create or reuse draft release
+        if: steps.check_release.outputs.skip == 'false'
+        id: create_release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const tag = context.ref.replace('refs/tags/', '');
+            const releases = await github.rest.repos.listReleases({
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            });
+
+            let release = releases.data.find(r => r.tag_name === tag);
+            if (!release) {
+              release = await github.rest.repos.createRelease({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                tag_name: tag,
+                name: `${tag}`,
+                draft: true,
+                prerelease: false
+              });
+            }
+            core.setOutput('upload_url', release.upload_url);
+
+      - name: Build assets
+        if: steps.check_release.outputs.skip == 'false'
+        run: make assets
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload assets
+        if: steps.check_release.outputs.skip == 'false'
+        run: make upload_assets VERSION=${GITHUB_REF#refs/tags/}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Delete pushed tag
+        if: steps.check_release.outputs.skip == 'false'
+        run: |
+          git push --delete origin ${GITHUB_REF#refs/tags/}

Makefile

@@ -1,6 +1,13 @@
 .PHONY: manifests repos assets
 
-build:
+build-deps:
+	@command -V find docker skopeo jq gh helm > /dev/null
+	@yq --version | grep -q "mikefarah" || (echo "mikefarah/yq is required" && exit 1)
+	@tar --version | grep -q GNU || (echo "GNU tar is required" && exit 1)
+	@sed --version | grep -q GNU || (echo "GNU sed is required" && exit 1)
+	@awk --version | grep -q GNU || (echo "GNU awk is required" && exit 1)
+
+build: build-deps
 	make -C packages/apps/http-cache image
 	make -C packages/apps/postgres image
 	make -C packages/apps/mysql image
@@ -19,10 +26,6 @@ build:
 	make -C packages/core/installer image
 	make manifests
 
-manifests:
-	mkdir -p _out/assets
-	(cd packages/core/installer/; helm template -n cozy-installer installer .) > _out/assets/cozystack-installer.yaml
-
 repos:
 	rm -rf _out
 	make -C packages/apps check-version-map
@@ -33,17 +36,21 @@ repos:
 	mkdir -p _out/logos
 	cp ./packages/apps/*/logos/*.svg ./packages/extra/*/logos/*.svg _out/logos/
 
+
+manifests:
+	mkdir -p _out/assets
+	(cd packages/core/installer/; helm template -n cozy-installer installer .) > _out/assets/cozystack-installer.yaml
+
 assets:
 	make -C packages/core/installer/ assets
 
 test:
-	test -f _out/assets/nocloud-amd64.raw.xz || make -C packages/core/installer talos-nocloud
 	make -C packages/core/testing apply
 	make -C packages/core/testing test
-	make -C packages/core/testing test-applications
+	#make -C packages/core/testing test-applications
 
 generate:
 	hack/update-codegen.sh
 
-upload_assets: assets
+upload_assets: manifests
 	hack/upload-assets.sh

hack/e2e.sh

@@ -84,7 +84,7 @@ done
 
 # Start VMs
 for i in 1 2 3; do
-  qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \
+  qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 8 -m 16384 \
     -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \
     -drive file=srv$i/system.img,if=virtio,format=raw \
     -drive file=srv$i/seed.img,if=virtio,format=raw \

hack/upload-assets.sh

@@ -1,8 +1,9 @@
 #!/bin/bash
 set -xe
 
-version=$(git describe --tags)
+version=${VERSION:-$(git describe --tags)}
-gh release upload $version _out/assets/cozystack-installer.yaml
+
-gh release upload $version _out/assets/metal-amd64.iso
+gh release upload --clobber $version _out/assets/cozystack-installer.yaml
-gh release upload $version _out/assets/metal-amd64.raw.xz
+gh release upload --clobber $version _out/assets/metal-amd64.iso
-gh release upload $version _out/assets/nocloud-amd64.raw.xz
+gh release upload --clobber $version _out/assets/metal-amd64.raw.xz
+gh release upload --clobber $version _out/assets/nocloud-amd64.raw.xz

packages/apps/clickhouse/images/clickhouse-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/clickhouse-backup:0.6.2@sha256:67dd53efa86b704fc5cb876aca055fef294b31ab67899b683a4821ea12582ea7
+ghcr.io/cozystack/cozystack/clickhouse-backup:0.7.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205

packages/apps/ferretdb/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521
+ghcr.io/cozystack/cozystack/postgres-backup:0.10.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f

packages/apps/http-cache/images/nginx-cache.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.3.1@sha256:2b82eae28239ca0f9968602c69bbb752cd2a5818e64934ccd06cb91d95d019c7
+ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:0f4d8e6863ed074e90f8a7a8390ccd98dae0220119346aba19e85054bb902e2f

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.17.0
+version: 0.17.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/images/cluster-autoscaler.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/cluster-autoscaler:0.15.2@sha256:967e51702102d0dbd97f9847de4159d62681b31eb606322d2c29755393c2236e
+ghcr.io/cozystack/cozystack/cluster-autoscaler:0.17.0@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3

packages/apps/kubernetes/images/kubevirt-cloud-provider.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:latest@sha256:47ad85a2bb2b11818df85e80cbc6e07021e97e429d5bb020ce8db002b37a77f1
+ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.17.0@sha256:53f4734109799da8b27f35a3b1afdb4746b5992f1d7b9d1c132ea6242cdd8cf0

packages/apps/kubernetes/images/kubevirt-csi-driver.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.15.2@sha256:cb4ab74099662f73e058f7c7495fb403488622c3425c06ad23b687bfa8bc805b
+ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.17.0@sha256:1a6605d3bff6342e12bcc257e852a4f89e97e8af6d3d259930ec07c7ad5f001d

packages/apps/kubernetes/images/ubuntu-container-disk.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:bc08ea0ced2cb7dd98b26d72a9462fc0a3863adb908a5effbfcdf7227656ea65
+ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:d842de4637ea6188999464f133c89f63a3bd13f1cb202c10f1f8c0c1c3c3dbd4

packages/apps/kubernetes/values.yaml

@@ -85,7 +85,7 @@ kamajiControlPlane:
     #     memory: 512Mi
     
     ## @param kamajiControlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
-    resourcesPreset: "micro"
+    resourcesPreset: "small"
 
   controllerManager:
     ## @param kamajiControlPlane.controllerManager.resources Resources

packages/apps/mysql/images/mariadb-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/mariadb-backup:0.5.3@sha256:8ca1fb01e880d351ee7d984a0b437c1142836963cd079986156ed28750067138
+ghcr.io/cozystack/cozystack/mariadb-backup:0.6.0@sha256:cfd1c37d8ad24e10681d82d6e6ce8a641b4602c1b0ffa8516ae15b4958bb12d4

packages/apps/postgres/images/postgres-backup.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521
+ghcr.io/cozystack/cozystack/postgres-backup:0.10.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f

packages/apps/versions_map

@@ -56,7 +56,8 @@ kubernetes 0.15.0 4e68e65c
 kubernetes 0.15.1 160e4e2a
 kubernetes 0.15.2 8267072d
 kubernetes 0.16.0 077045b0
-kubernetes 0.17.0 HEAD
+kubernetes 0.17.0 1fbbfcd0
+kubernetes 0.17.1 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
@@ -140,7 +141,8 @@ virtual-machine 0.7.1 0ab39f20
 virtual-machine 0.8.0 3fa4dd3a
 virtual-machine 0.8.1 93c46161
 virtual-machine 0.8.2 HEAD
-vm-disk 0.1.0 HEAD
+vm-disk 0.1.0 d971f2ff
+vm-disk 0.1.1 HEAD
 vm-instance 0.1.0 1ec10165
 vm-instance 0.2.0 84f3ccc0
 vm-instance 0.3.0 4e68e65c

packages/apps/vm-disk/Chart.yaml

@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: 0.1.0
+appVersion: 0.1.1

packages/apps/vm-disk/templates/dv.yaml

@@ -3,7 +3,9 @@ apiVersion: cdi.kubevirt.io/v1beta1
 kind: DataVolume
 metadata:
   annotations:
+    {{- if hasKey .Values.source "upload" }}
     cdi.kubevirt.io/storage.bind.immediate.requested: ""
+    {{- end }}
     vm-disk.cozystack.io/optical: "{{ .Values.optical }}"
   name: {{ .Release.Name }}
 spec:

packages/core/builder/Makefile

@@ -1,35 +0,0 @@
-NAMESPACE=cozy-builder
-NAME := builder
-
-TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' ../installer/images/talos/profiles/installer.yaml)
-
-include ../../../scripts/common-envs.mk
-
-help: ## Show this help.
-	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
-
-show:
-	helm template -n $(NAMESPACE) $(NAME) .
-
-apply: ## Create builder sandbox in existing Kubernetes cluster.
-	helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f -
-	docker buildx ls | grep -q '^buildkit-builder*' || docker buildx create \
-		--bootstrap \
-		--name=buildkit-$(NAME) \
-		--driver=kubernetes \
-		--driver-opt=namespace=$(NAMESPACE),replicas=1 \
-		--platform=linux/amd64 \
-		--platform=linux/arm64 \
-		--use \
-		--config config.toml
-
-diff:
-	helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f -
-
-delete: ## Remove builder sandbox from existing Kubernetes cluster.
-	kubectl delete deploy -n $(NAMESPACE) $(NAME)-talos-imager
-	docker buildx rm buildkit-$(NAME)
-
-wait-for-builder:
-	kubectl wait deploy --for=condition=Progressing -n $(NAMESPACE) $(NAME)-talos-imager
-	kubectl wait pod --for=condition=Ready -n $(NAMESPACE) -l app=$(NAME)-talos-imager

packages/core/builder/config.toml

@@ -1,11 +0,0 @@
-[worker.oci]
-  gc = true
-  gckeepstorage = 50000
-
-  [[worker.oci.gcpolicy]]
-    keepBytes = 10737418240
-    keepDuration = 604800
-    filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
-  [[worker.oci.gcpolicy]]
-    all = true
-    keepBytes = 53687091200

packages/core/builder/templates/sandbox.yaml

@@ -1,43 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Release.Namespace }}
-  labels:
-    pod-security.kubernetes.io/enforce: privileged
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-talos-imager
-  namespace: {{ .Release.Namespace }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-talos-imager
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-talos-imager
-    spec:
-      automountServiceAccountToken: false
-      terminationGracePeriodSeconds: 1
-      containers:
-      - name: imager
-        image: "{{ .Values.talos.imager.image }}"
-        securityContext:
-          privileged: true
-        command:
-        - sleep
-        - infinity
-        volumeMounts:
-        - mountPath: /dev
-          name: dev
-      volumes:
-      - hostPath:
-          path: /dev
-          type: Directory
-        name: dev

packages/core/builder/values.yaml

@@ -1,3 +0,0 @@
-talos:
-  imager:
-    image: ghcr.io/siderolabs/imager:v1.9.3

packages/core/installer/Makefile

@@ -19,12 +19,10 @@ diff:
 
 update:
 	hack/gen-profiles.sh
-	IMAGE=$$(yq '.input.baseInstaller.imageRef | sub("/installer:", "/imager:")' images/talos/profiles/installer.yaml) \
-		yq -i '.talos.imager.image = strenv(IMAGE)' ../builder/values.yaml
 
-image: pre-checks image-cozystack image-talos image-matchbox
+image: pre-checks image-matchbox image-cozystack image-talos
 
-image-cozystack: run-builder
+image-cozystack:
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
@@ -40,11 +38,11 @@ image-cozystack: run-builder
 		yq -i '.cozystack.image = strenv(IMAGE)' values.yaml
 	rm -f images/installer.json
 
-image-talos: run-builder
+image-talos:
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
 	skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
 
-image-matchbox: run-builder
+image-matchbox:
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
 	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
@@ -66,8 +64,5 @@ assets: talos-iso talos-nocloud talos-metal
 talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
 	mkdir -p ../../../_out/assets
 	cat images/talos/profiles/$(subst talos-,,$@).yaml | \
-		kubectl exec -i -n cozy-builder deploy/builder-talos-imager -- imager --tar-to-stdout - | \
+		docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
 		tar -C ../../../_out/assets -xzf-
-
-run-builder:
-	make -C ../builder/ apply wait-for-builder

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.5
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.5
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250311
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5
 output:
   kind: initramfs
   imageOptions: {}

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.5
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.5
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250311
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5
 output:
   kind: installer
   imageOptions: {}

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.5
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.5
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250311
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5
 output:
   kind: iso
   imageOptions: {}

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.5
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.5
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250311
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5
 output:
   kind: kernel
   imageOptions: {}

packages/core/installer/images/talos/profiles/metal.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.9.3
+version: v1.9.5
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.5
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250311
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,24 +3,24 @@
 arch: amd64
 platform: nocloud
 secureboot: false
-version: v1.9.3
+version: v1.9.5
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.9.3
+    imageRef: ghcr.io/siderolabs/installer:v1.9.5
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20250109
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250311
     - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311
     - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20241112
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5
-    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5
 output:
   kind: image
   imageOptions: { diskSize: 1306525696, diskFormat: raw }

packages/core/installer/values.yaml

@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.28.0@sha256:71ae2037ca44d49bbcf8be56c127ee92f2486089a8ea1cdd6508af49705956ac
+  image: ghcr.io/cozystack/cozystack/installer:v0.29.1@sha256:d63b1cc791ca75d53a7270940189d1401bbeb08f0d54d8ae29dae0ab8a6ef230

packages/core/platform/bundles/distro-full.yaml

@@ -31,6 +31,13 @@ releases:
       autoDirectNodeRoutes: true
       routingMode: native
 
+- name: cilium-networkpolicy
+  releaseName: cilium-networkpolicy
+  chart: cozy-cilium-networkpolicy
+  namespace: cozy-cilium
+  privileged: true
+  dependsOn: [cilium]
+
 - name: cozy-proxy
   releaseName: cozystack
   chart: cozy-cozy-proxy
@@ -127,14 +134,14 @@ releases:
   chart: cozy-kafka-operator
   namespace: cozy-kafka-operator
   optional: true
-  dependsOn: [cilium]
+  dependsOn: [cilium,victoria-metrics-operator]
 
 - name: clickhouse-operator
   releaseName: clickhouse-operator
   chart: cozy-clickhouse-operator
   namespace: cozy-clickhouse-operator
   optional: true
-  dependsOn: [cilium]
+  dependsOn: [cilium,victoria-metrics-operator]
 
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator
@@ -154,7 +161,7 @@ releases:
   releaseName: piraeus-operator
   chart: cozy-piraeus-operator
   namespace: cozy-linstor
-  dependsOn: [cilium,cert-manager]
+  dependsOn: [cilium,cert-manager,victoria-metrics-operator]
 
 - name: snapshot-controller
   releaseName: snapshot-controller

packages/core/platform/bundles/distro-hosted.yaml

@@ -96,14 +96,14 @@ releases:
   chart: cozy-kafka-operator
   namespace: cozy-kafka-operator
   optional: true
-  dependsOn: []
+  dependsOn: [victoria-metrics-operator]
 
 - name: clickhouse-operator
   releaseName: clickhouse-operator
   chart: cozy-clickhouse-operator
   namespace: cozy-clickhouse-operator
   optional: true
-  dependsOn: []
+  dependsOn: [victoria-metrics-operator]
 
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator

packages/core/platform/bundles/paas-full.yaml

@@ -34,6 +34,13 @@ releases:
   - values-talos.yaml
   - values-kubeovn.yaml
 
+- name: cilium-networkpolicy
+  releaseName: cilium-networkpolicy
+  chart: cozy-cilium-networkpolicy
+  namespace: cozy-cilium
+  privileged: true
+  dependsOn: [cilium]
+
 - name: kubeovn
   releaseName: kubeovn
   chart: cozy-kubeovn
@@ -181,13 +188,13 @@ releases:
   releaseName: kafka-operator
   chart: cozy-kafka-operator
   namespace: cozy-kafka-operator
-  dependsOn: [cilium,kubeovn]
+  dependsOn: [cilium,kubeovn,victoria-metrics-operator]
 
 - name: clickhouse-operator
   releaseName: clickhouse-operator
   chart: cozy-clickhouse-operator
   namespace: cozy-clickhouse-operator
-  dependsOn: [cilium,kubeovn]
+  dependsOn: [cilium,kubeovn,victoria-metrics-operator]
 
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator

packages/core/platform/bundles/paas-hosted.yaml

@@ -103,13 +103,13 @@ releases:
   releaseName: kafka-operator
   chart: cozy-kafka-operator
   namespace: cozy-kafka-operator
-  dependsOn: []
+  dependsOn: [victoria-metrics-operator]
 
 - name: clickhouse-operator
   releaseName: clickhouse-operator
   chart: cozy-clickhouse-operator
   namespace: cozy-clickhouse-operator
-  dependsOn: []
+  dependsOn: [victoria-metrics-operator]
 
 - name: rabbitmq-operator
   releaseName: rabbitmq-operator

packages/core/testing/Makefile

@@ -2,6 +2,9 @@ NAMESPACE=cozy-e2e-tests
 NAME := sandbox
 CLEAN := 1
 TESTING_APPS := $(shell find ../../apps -maxdepth 1 -mindepth 1 -type d | awk -F/ '{print $$NF}')
+SANDBOX_NAME := cozy-e2e-sandbox
+
+ROOT_DIR = $(dir $(abspath $(firstword $(MAKEFILE_LIST))/../../..))
 
 include ../../../scripts/common-envs.mk
 
@@ -24,7 +27,6 @@ image-e2e-sandbox:
 		--provenance false \
 		--tag $(REGISTRY)/e2e-sandbox:$(call settag,$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/e2e-sandbox:latest \
-		--platform linux/amd64,linux/arm64 \
 		--cache-to type=inline \
 		--metadata-file images/e2e-sandbox.json \
 		--push=$(PUSH) \
@@ -34,27 +36,20 @@ image-e2e-sandbox:
 		yq -i '.e2e.image = strenv(IMAGE)' values.yaml
 	rm -f images/e2e-sandbox.json
 
-copy-hack-dir:
+test: ## Run the end-to-end tests in existing sandbox.
-	tar -C ../../../ -cf- hack | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- tar -xf-
+	docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/e2e.sh'
 
-copy-image:
+test-applications: ## Run the end-to-end tests in existing sandbox for applications.
-	cat ../../../_out/assets/nocloud-amd64.raw.xz | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -xec 'xz --decompress > /nocloud-amd64.raw'
-
-test: wait-for-sandbox copy-hack-dir copy-image ## Run the end-to-end tests in existing sandbox.
-	helm template -n cozy-system installer ../installer | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'cat > /cozystack-installer.yaml'
-	kubectl exec -ti -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'export COZYSTACK_INSTALLER_YAML=$$(cat /cozystack-installer.yaml) && /hack/e2e.sh'
-
-test-applications: wait-for-sandbox copy-hack-dir ## Run the end-to-end tests in existing sandbox for applications.
 	for app in $(TESTING_APPS); do \
-		kubectl exec -ti -n cozy-e2e-tests deploy/cozystack-e2e-sandbox -- bash -c "/hack/e2e.application.sh $${app}"; \
+		docker exec ${SANDBOX_NAME} bash -c "/hack/e2e.application.sh $${app}"; \
 	done
-	kubectl exec -ti -n cozy-e2e-tests deploy/cozystack-e2e-sandbox -- bash -c "kubectl get hr -A | grep -v 'True'"
+	docker exec  ${SANDBOX_NAME} bash -c "kubectl get hr -A | grep -v 'True'"
 
 delete: ## Remove sandbox from existing Kubernetes cluster.
-	kubectl delete deploy -n $(NAMESPACE) cozystack-e2e-$(NAME)
+	docker rm -f "${SANDBOX_NAME}" || true
 
 exec:  ## Opens an interactive shell in the sandbox container.
-	kubectl exec -ti -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- bash
+	docker exec -ti "${SANDBOX_NAME}" -- bash
 
 proxy: sync-hosts ## Enable a SOCKS5 proxy server; mirrord and gost must be installed.
 	mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- gost -L=127.0.0.1:10080
@@ -65,6 +60,6 @@ login: ## Downloads the kubeconfig into a temporary directory and runs a shell w
 sync-hosts:
 	kubectl exec -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'kubectl get ing -A -o go-template='\''{{ "127.0.0.1 localhost\n"}}{{ range .items }}{{ range .status.loadBalancer.ingress }}{{ .ip }}{{ end }} {{ range .spec.rules }}{{ .host }}{{ end }}{{ "\n" }}{{ end }}'\'' > /etc/hosts'
 
-wait-for-sandbox:
+apply: delete
-	kubectl wait deploy --for=condition=Progressing -n $(NAMESPACE) cozystack-e2e-$(NAME)
+	docker run -d --rm --name "${SANDBOX_NAME}" --privileged "$$(yq .e2e.image values.yaml)" sleep infinity
-	kubectl wait pod --for=condition=Ready -n $(NAMESPACE) -l app=cozystack-e2e-$(NAME)
+	docker cp "${ROOT_DIR}" "${SANDBOX_NAME}":/workspace

packages/core/testing/images/e2e-sandbox/Dockerfile

@@ -1,11 +1,11 @@
 FROM ubuntu:22.04
 
 ARG KUBECTL_VERSION=1.32.0
-ARG TALOSCTL_VERSION=1.8.4
+ARG TALOSCTL_VERSION=1.9.5
 ARG HELM_VERSION=3.16.4
 
 RUN apt-get update
-RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq
+RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq make git
 RUN curl -LO "https://github.com/siderolabs/talos/releases/download/v${TALOSCTL_VERSION}/talosctl-linux-amd64" \
  && chmod +x talosctl-linux-amd64 \
  && mv talosctl-linux-amd64 /usr/local/bin/talosctl

packages/core/testing/templates/sandbox.yaml

@@ -1,40 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ .Release.Namespace }}
-  labels:
-    pod-security.kubernetes.io/enforce: privileged
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cozystack-e2e-{{ .Release.Name }}
-  namespace: cozy-e2e-tests
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: cozystack-e2e-{{ .Release.Name }}
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: cozystack-e2e-{{ .Release.Name }}
-    spec:
-      automountServiceAccountToken: false
-      terminationGracePeriodSeconds: 1
-      containers:
-      - name: sandbox
-        image: "{{ .Values.e2e.image }}"
-        securityContext:
-          privileged: true
-        env:
-        - name: KUBECONFIG
-          value: /kubeconfig
-        - name: TALOSCONFIG
-          value: /talosconfig
-        command:
-        - sleep
-        - infinity

packages/core/testing/values.yaml

@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.28.0@sha256:bb5e8f5d92e2e4305ea1cc7f007b3e98769645ab845f632b4788b9373cd207eb
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.29.1@sha256:f239dc2d06dfe43fb3192531e994bdb10414d42d56d8659b10951bb4fe434f80

packages/extra/bootbox/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.28.0@sha256:b2002815727b71e2657a6f5b8ed558cc38fc21e81a39b9699266e558be03561f
+ghcr.io/cozystack/cozystack/matchbox:v0.29.1@sha256:f0c1d531af04ffde003755df2b6fb2fef9ba0d8355aa55d728de523c623b08a0

packages/extra/ingress/values.schema.json

@@ -3,7 +3,7 @@
     "type": "object",
     "properties": {
         "replicas": {
-            "type": "number",
+            "type": "integer",
             "description": "Number of ingress-nginx replicas",
             "default": 2
         },
@@ -37,4 +37,4 @@
             "default": false
         }
     }
-}
+}

packages/extra/monitoring/images/grafana.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/grafana:1.9.0@sha256:a492931b49af55ad184b485bcd7ea06f1334722d2184702d9f6f2e4123032357
+ghcr.io/cozystack/cozystack/grafana:1.9.1@sha256:24382d445bf7a39ed988ef4dc7a0d9f084db891fcb5f42fd2e64622710b9457e

packages/system/bucket/images/s3manager.tag

@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:218d0c017ae556e5afd074366d9a3124f954c5aefc6474844942420cca8b7640
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:6e0a47fb639b27181848d38575577a3cc145486828f50d5fb899e167a3b46c84

packages/system/cilium-networkpolicy/Chart.yaml

@@ -1,3 +1,3 @@
 apiVersion: v2
-name: builder
+name: cozy-cilium-networkpolicy
 version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

packages/system/cilium-networkpolicy/Makefile

@@ -0,0 +1,5 @@
+export NAME=cilium-networkpolicy
+export NAMESPACE=cozy-$(NAME)
+
+include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk

packages/system/cilium/values.yaml

@@ -15,6 +15,6 @@ cilium:
   image:
     repository: ghcr.io/cozystack/cozystack/cilium
     tag: 1.17.1
-    digest: "sha256:bb2ad64dfc01f774b429a96108527740c1f08230cac4b848a4939627dfce7a4a"
+    digest: "sha256:ac154cd13711444f9fd1a7c6e947f504c769cc654039b93630ccc0479111f2a3"
   envoy:
     enabled: false

packages/system/cozystack-api/values.yaml

@@ -1,2 +1,2 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.28.0@sha256:718d6fbbb9806e3704c42b48ab28547da0618539761c5b2fa8740043966d7073
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.29.1@sha256:3ce1cd4a9c74999b08ee477811bdc048a8b3fc79f214d92db2e81bb3ae0bd516

packages/system/cozystack-controller/values.yaml

@@ -1,5 +1,5 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.28.0@sha256:6f6d356c4efcbb4faa1e636d3bda129626773894ce0c4d55a80a552ab9dbd06a
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.29.1@sha256:e06f651a70268d0151c8d475cc1c002a66bb6e60cce7cbe7408403054ed167f7
   debug: false
   disableTelemetry: false
-  cozystackVersion: "v0.28.0"
+  cozystackVersion: "v0.29.1"

packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml

@@ -76,7 +76,7 @@ data:
       "kubeappsNamespace": {{ .Release.Namespace | quote }},
       "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
       "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
-      "appVersion": "v0.28.0",
+      "appVersion": "v0.29.1",
       "authProxyEnabled": {{ .Values.authProxy.enabled }},
       "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
       "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},

packages/system/dashboard/values.yaml

@@ -18,14 +18,14 @@ kubeapps:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: dashboard
-      tag: v0.28.0
+      tag: v0.29.1
-      digest: "sha256:ebef6a0c4b0c9f0857fc82699abcaa7a135d18b5dafe129febc0bf90707f2f48"
+      digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93"
   kubeappsapis:
     image:
       registry: ghcr.io/cozystack/cozystack
       repository: kubeapps-apis
-      tag: v0.28.0
+      tag: v0.29.1
-      digest: "sha256:281093b1e80221074188fdfea97775494de1cdef16974ee1f3c3d47b313eee0e"
+      digest: "sha256:8cc327760c33a15022b847d3fa8d22b87891e17a74dc56f50f52cae032a81d8c"
     pluginConfig:
       flux:
         packages:

packages/system/kamaji/values.yaml

@@ -3,7 +3,7 @@ kamaji:
     deploy: false
   image:
     pullPolicy: IfNotPresent
-    tag: v0.28.0@sha256:a08dfd9be67e0dc089be14a9d29cdd65e6301b3a43d1fa01ff479d43d384c2a7
+    tag: v0.29.1@sha256:8a1c6c6fe8b680aa48e909ad274ccf97bfcae20729f331e10b0d83038ec972cf
     repository: ghcr.io/cozystack/cozystack/kamaji
   resources:
     limits:

packages/system/kubeovn-webhook/values.yaml

@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.28.0@sha256:7412c1e3f5a1f0bc27b1d4a91c4715a88017fcbf758f838b51ea2005ec3cf7b2
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.29.1@sha256:03c677712fc07b960cd824fb4595e3919473b483d9a0d76578e2b6a7aba12415

packages/system/kubeovn/values.yaml

@@ -22,4 +22,4 @@ global:
   images:
     kubeovn:
       repository: kubeovn
-      tag: v1.13.3@sha256:1ce5fb7d596d2a6a52982e3d7541d56d75e14e8b0a1331c262bcbb9793a317af
+      tag: v1.13.3@sha256:4e3a9c1b477f12257f509b2bdfb96d2bcf5fcd935d2e4a787e44ab7833121d72

packages/system/linstor/templates/cluster.yaml

@@ -44,13 +44,24 @@ spec:
             name: linstor-plunger
             defaultMode: 0755
   patches:
-  - target:
+    - target:
-      group: apps
+        kind: Deployment
-      version: v1
+        name: linstor-controller
-      kind: Deployment
+      patch: |-
-    patch: |
+        - op: add
-      apiVersion: apps/v1
+          path: /metadata/annotations/reloader.stakater.com~1auto
-      kind: Deployment
+          value: "true"
-      metadata:
+    - target:
-        annotations:
+        kind: Deployment
-          secret.reloader.stakater.com/auto: "true"
+        name: linstor-csi-controller
+      patch: |-
+        - op: add
+          path: /metadata/annotations/reloader.stakater.com~1auto
+          value: "true"
+    - target:
+        kind: DaemonSet
+        name: linstor-csi-node
+      patch: |-
+        - op: add
+          path: /metadata/annotations/reloader.stakater.com~1auto
+          value: "true"

packages/system/linstor/templates/satellites-reloader.yaml

@@ -4,15 +4,10 @@ metadata:
   name: cozystack-reloader
 spec:
   patches:
-  - target:
+    - target:
-      group: apps
+        kind: DaemonSet
-      version: v1
-      kind: DaemonSet
-      name: linstor-satellite
-    patch: |
-      apiVersion: apps/v1
-      kind: DaemonSet
-      metadata:
         name: linstor-satellite
-        annotations:
+      patch: |-
-          secret.reloader.stakater.com/auto: "true"
+        - op: add
+          path: /metadata/annotations/reloader.stakater.com~1auto
+          value: "true"