Add changelogs for v0.37.*

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

docs/changelogs/v0.37.0.md

@@ -1,6 +1,6 @@
-# Cozystack v0.37 — “OpenAPI Dashboard & Lineage Everywhere”
+# Cozystack v0.37 — "OpenAPI Dashboard & Lineage Everywhere"
 
-We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven dashboard**, lineage labeling across core resource types, and several reliability improvements to smooth upgrades from 0.36→ 0.37. Below are the highlights and the full categorized lists.
+We've shipped a big usability push this cycle: a brand-new **OpenAPI-driven dashboard**, lineage labeling across core resource types, and several reliability improvements to smooth upgrades from 0.36→ 0.37. Below are the highlights and the full categorized lists.
 
 ## Highlights
 
@@ -16,10 +16,10 @@ We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven da
 ### Dashboard
 
 * Introduce the OpenAPI-based dashboard and controller; implement TenantNamespace, TenantModules, TenantSecret/SecretsTable resources ([**@kvaps**](https://github.com/kvaps) in #1269).
-* Module-aware navigation, richer detail views (Services/Secrets/Ingresses), improved sidebars; “Tenant Modules” grouping ([**@kvaps**](https://github.com/kvaps) in #1463).
+* Module-aware navigation, richer detail views (Services/Secrets/Ingresses), improved sidebars; "Tenant Modules" grouping ([**@kvaps**](https://github.com/kvaps) in #1463).
 * Dynamic branding via cluster config (tenant name, footer/title, logo/icon SVGs) ([**@kvaps**](https://github.com/kvaps) in #1460).
 * Dashboard: fix namespace listing for unprivileged users and stabilize streamed requests; build-time patching ([**@kvaps**](https://github.com/kvaps) in #1456).
-* Dashboard UX set: marketplace hides module resources; consistent navigation/links; prefill “name” in forms; ingress factory; formatted TenantNamespaces tables ([**@kvaps**](https://github.com/kvaps) in #1463).
+* Dashboard UX set: marketplace hides module resources; consistent navigation/links; prefill "name" in forms; ingress factory; formatted TenantNamespaces tables ([**@kvaps**](https://github.com/kvaps) in #1463).
 * **Dashboard**: list modules reliably; remove Tenant from Marketplace; fix field override while typing ([**@kvaps**](https://github.com/kvaps) in #1501, #1503).
 * **Dashboard**: correct API group for applications; sidebars; disable auto-expand; fix `/docs` redirect ([**@kvaps**](https://github.com/kvaps) in #1463, #1465, #1462).
 * **Dashboard**: show Secrets with empty values correctly ([**@kvaps**](https://github.com/kvaps) in #1480).
@@ -36,7 +36,7 @@ We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven da
 * Add a lineage mutating webhook to auto-label Pods/Secrets/PVCs/Ingresses/WorkloadMonitors with owning app ([**@lllamnyp**](https://github.com/lllamnyp) in #1448, #1497, [**@kvaps**](https://github.com/kvaps) in #1454).
 * **Name-based** selectors for Secret visibility (templates supported) ([**@lllamnyp**](https://github.com/lllamnyp) in #1477).
 * Select **Services** and **Ingresses** in CRDs/API; treat them as user-facing when configured ([**@lllamnyp**](https://github.com/lllamnyp) in #1486).
-* **VictoriaMetrics integration**: Lineage labels are explicitly set on VM resources; `managedMetadata` is configured to avoid controller “fights” over labels ([**@lllamnyp**](https://github.com/lllamnyp) in #1452).
+* **VictoriaMetrics integration**: Lineage labels are explicitly set on VM resources; `managedMetadata` is configured to avoid controller "fights" over labels ([**@lllamnyp**](https://github.com/lllamnyp) in #1452).
 * Webhook **excludes** `default` and `kube-system` to avoid unintended mutations (part of the installer/migration hardening by Andrei Kvapil & [**@lllamnyp**](https://github.com/lllamnyp) in #1498).
 
 ### API / Platform
@@ -78,7 +78,7 @@ We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven da
 * **SeaweedFS**: fix per-zone size fallback for multi-DC volumes; make migrations more robust ([**@kvaps**](https://github.com/kvaps) in #1476, #1430).
 * **CoreDNS**: pin tag to v1.12.4 ([**@kvaps**](https://github.com/kvaps) in #1469).
 * **OIDC**: avoid creating KeycloakRealmGroup before operator API is available ([**@lllamnyp**](https://github.com/lllamnyp) in #1495).
-* **Kafka**: disable noisy alerts when Kafka isn’t deployed ([**@lllamnyp**](https://github.com/lllamnyp) in #1488).
+* **Kafka**: disable noisy alerts when Kafka isn't deployed ([**@lllamnyp**](https://github.com/lllamnyp) in #1488).
 
 ---
 
@@ -108,10 +108,35 @@ We’ve shipped a big usability push this cycle: a brand-new **OpenAPI-driven da
 
 ---
 
-## Breaking changes & upgrade notes
+## Upgrade notes
 
+After the upgrade, if you don't see any Secrets, Services, or Ingresses in your dashboard, run this migration script manually:
+
+```bash
+timestamp=$(date --rfc-3339=ns || date)
+kubectl get namespace -o custom-columns=NAME:.metadata.name --no-headers |
+  grep '^tenant-' |
+  while read namespace ; do
+    (set -x; \
+    kubectl annotate \
+      pods,services,pvc,secrets,ingresses.networking.k8s.io,workloadmonitors.cozystack.io \
+      -n "$namespace" --all \
+      migration.cozystack.io="$timestamp" --overwrite || true)
+  done
+```
+
+If you have broken helm releases with the error
+
+```
+Helm upgrade failed for release tenant-internal/mysql-asdasd with chart XXX: failed to create resource: Internal error occurred: failed calling webhook "lineage.cozystack.io": failed to call webhook: Post "https://cozystack-controller.cozy-system.svc:443/mutate-lineage?timeout=10s": context deadline exceeded
+```
+
+You can fix them by executing:
+
+```bash
+kubectl get hr -A | grep -v True | grep 'Helm upgrade failed.*lineage.cozystack.io' | awk '{print "flux reconcile hr -n " $1 " " $2 " --force"}' | sh -x
+```
 
 ---
 
-## Security & stability
-
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.36.0...v0.37.0

docs/changelogs/v0.37.1.md

@@ -0,0 +1,25 @@
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.37.1
+-->
+
+## Features and Improvements
+
+* [api] Efficient listing of TenantNamespaces for improved performance. (@kvaps in https://github.com/cozystack/cozystack/pull/1507)
+
+## Fixes
+
+* [api] Fix RBAC for listing of TenantNamespaces and handle system:masters group correctly. (@kvaps in https://github.com/cozystack/cozystack/pull/1511)
+* [api] Fix listing tenantnamespaces for non-OIDC users. (@kvaps in https://github.com/cozystack/cozystack/pull/1519)
+* [dashboard] Fix logout functionality. (@kvaps in https://github.com/cozystack/cozystack/pull/1510)
+* [lineage] Separate webhook from cozystack controller for better modularity. (@kvaps in https://github.com/cozystack/cozystack/pull/1515)
+* [installer] Add additional check to wait for lineage-webhook before proceeding. (@kvaps in https://github.com/cozystack/cozystack/pull/1506)
+
+## Development, Testing, and CI/CD
+
+* The Cozystack Kubernetes tests are now POSIX-compatible for broader compatibility. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1509)
+
+---
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.37.0...v0.37.1
+

docs/changelogs/v0.37.2.md

@@ -0,0 +1,13 @@
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.37.2
+-->
+
+## Fixes
+
+* [platform] Better migration for 0.36.2→0.37.2+ upgrades to ensure smoother transitions. (@kvaps in https://github.com/cozystack/cozystack/pull/1522)
+
+---
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.37.1...v0.37.2
+

docs/changelogs/v0.37.3.md

@@ -0,0 +1,32 @@
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.37.3
+-->
+
+## Features and Improvements
+
+* [dashboard] Update openapi-ui to v1.0.3 with additional fixes. (@kvaps in https://github.com/cozystack/cozystack/pull/1564)
+* [dashboard] Show service LoadBalancer IP addresses for better visibility. (@kvaps in https://github.com/cozystack/cozystack/pull/1524)
+* [seaweedfs] Allow users to discover their buckets for improved usability. (@kvaps in https://github.com/cozystack/cozystack/pull/1528)
+* [apps] Make VM service user-facing to improve virtual machine management. (@kvaps in https://github.com/cozystack/cozystack/pull/1523)
+* [kubernetes] Use controlPlane.replicas field for better configuration. (@kvaps in https://github.com/cozystack/cozystack/pull/1556)
+* [monitoring] Add settings alert for Slack notifications. (@IvanHunters in https://github.com/cozystack/cozystack/pull/1545)
+
+## Fixes
+
+* [lineage] Check for nil chart in HelmRelease to prevent crashes. (@kvaps in https://github.com/cozystack/cozystack/pull/1525)
+* [kamaji] Respect 3rd party labels to maintain compatibility. (@lllamnyp in https://github.com/cozystack/cozystack/pull/1534)
+* [mariadb-operator] Add post-delete job to remove PVCs for proper cleanup. (@kvaps in https://github.com/cozystack/cozystack/pull/1553)
+* [system] kube-ovn: turn off enableLb to fix networking issues. (@kvaps in https://github.com/cozystack/cozystack/pull/1548)
+
+## Dependencies
+
+* [seaweedfs] Update SeaweedFS to v3.99 and deploy S3 as stacked service. (@kvaps in https://github.com/cozystack/cozystack/pull/1562)
+* Update LINSTOR to v1.32.3. (@kvaps in https://github.com/cozystack/cozystack/pull/1565)
+* [redis-operator] Build patched operator in-tree for better maintainability. (@kvaps in https://github.com/cozystack/cozystack/pull/1547)
+* [velero] Set defaultItemOperationTimeout=24h for longer backup operations. (@kvaps in https://github.com/cozystack/cozystack/pull/1542)
+
+---
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.37.2...v0.37.3
+

docs/changelogs/v0.37.4.md

@@ -0,0 +1,22 @@
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.37.4
+-->
+
+## Features and Improvements
+
+* [tenant] Allow listing workloads for improved tenant visibility. (@kvaps in https://github.com/cozystack/cozystack/pull/1577)
+
+## Fixes
+
+* [seaweedfs] Fix migration to v3.99 to ensure smooth upgrades. (@kvaps in https://github.com/cozystack/cozystack/pull/1575)
+* [nats] Merge container spec, not podTemplate for proper configuration. (@kvaps in https://github.com/cozystack/cozystack/pull/1574)
+
+## Development, Testing, and CI/CD
+
+* [e2e] Increase Kubernetes connection timeouts to improve test stability under high load and slow cluster response conditions. (@kvaps in https://github.com/cozystack/cozystack/pull/1573)
+
+---
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.37.3...v0.37.4
+

docs/changelogs/v0.37.5.md

@@ -0,0 +1,25 @@
+
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v0.37.5
+-->
+
+## Features and Improvements
+
+* [dashboard-controller] Move badges generation logic to internal dashboard component for better architecture. (@kvaps in https://github.com/cozystack/cozystack/pull/1593)
+
+## Security
+
+* [ingress] Enforce HTTPS-only for API by adding force-ssl-redirect annotation, ensuring all HTTP traffic (port 80) is redirected to HTTPS (port 443). This prevents unencrypted external access and improves security. (@kvaps in https://github.com/cozystack/cozystack/pull/1585)
+* [flux] Close Flux Operator ports to external access by removing hostPort and hostNetwork, ensuring that ports 8080 and 8081 are only accessible within the cluster. (@kvaps in https://github.com/cozystack/cozystack/pull/1592)
+* [redis] Bump Redis image version for security fixes. (@kvaps in https://github.com/cozystack/cozystack/pull/1580)
+
+## Fixes
+
+* [nats] Fixes for NATS App Helm chart, fix template issues with config.merge value. (@kvaps in https://github.com/cozystack/cozystack/pull/1591)
+* [kubevirt] Fix kubevirt metrics rule. (@kvaps in https://github.com/cozystack/cozystack/pull/1588)
+* [core] Remove talos lldp extension. (@kvaps in https://github.com/cozystack/cozystack/pull/1586)
+
+---
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v0.37.4...v0.37.5
+