Release v0.38.1 (#1668 )

This PR prepares the release `v0.38.1`.
Prepare release v0.38.1
2026-03-05 06:28:55 +00:00 · 2025-11-27 15:53:07 +01:00 · 2025-11-27 13:48:02 +00:00 · 2025-11-27 14:39:50 +01:00 · 2025-11-27 14:37:00 +01:00 · 2025-11-27 14:35:07 +01:00
26 changed files with 199 additions and 140 deletions
--- a/packages/apps/http-cache/images/nginx-cache.tag
+++ b/packages/apps/http-cache/images/nginx-cache.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:b7633717cd7449c0042ae92d8ca9b36e4d69566561f5c7d44e21058e7d05c6d5
+ghcr.io/cozystack/cozystack/nginx-cache:0.0.0@sha256:e0a07082bb6fc6aeaae2315f335386f1705a646c72f9e0af512aebbca5cb2b15
--- a/packages/apps/kubernetes/templates/delete.yaml
+++ b/packages/apps/kubernetes/templates/delete.yaml
@@ -3,12 +3,15 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  annotations:
-    "helm.sh/hook": post-delete
+    "helm.sh/hook": pre-delete
    "helm.sh/hook-weight": "10"
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
  name: {{ .Release.Name }}-cleanup
 spec:
  template:
+    metadata:
+      labels:
+        policy.cozystack.io/allow-to-apiserver: "true"
    spec:
      serviceAccountName: {{ .Release.Name }}-cleanup
      restartPolicy: Never
@@ -24,14 +27,43 @@ spec:
          command:
            - /bin/sh
            - -c
-            - kubectl -n {{ .Release.Namespace }} delete datavolumes
-              -l "cluster.x-k8s.io/cluster-name={{ .Release.Name }}"
-              --ignore-not-found=true
+            - |
+              set -e
+              echo "Step 1: Suspending all HelmReleases with label cozystack.io/target-cluster-name={{ .Release.Name }}"
+              for hr in $(kubectl -n {{ .Release.Namespace }} get helmreleases.helm.toolkit.fluxcd.io -l "cozystack.io/target-cluster-name={{ .Release.Name }}" -o name 2>/dev/null || true); do
+                if [ -n "$hr" ]; then           
+                  echo "  Suspending $hr"
+                  kubectl -n {{ .Release.Namespace }} patch "$hr" \
+                    -p '{"spec": {"suspend": true}}' \
+                    --type=merge --field-manager=flux-client-side-apply
+                fi
+              done

-              kubectl -n {{ .Release.Namespace }} delete services
-              -l "cluster.x-k8s.io/cluster-name={{ .Release.Name }}"
-              --field-selector spec.type=LoadBalancer
-              --ignore-not-found=true
+              echo "Step 2: Deleting HelmReleases with label cozystack.io/target-cluster-name={{ .Release.Name }}"
+              kubectl -n {{ .Release.Namespace }} delete helmreleases.helm.toolkit.fluxcd.io \
+                -l "cozystack.io/target-cluster-name={{ .Release.Name }}" \
+                --ignore-not-found=true --wait=true
+
+              echo "Step 3: Deleting KamajiControlPlane {{ .Release.Name }}"
+              kubectl -n {{ .Release.Namespace }} delete kamajicontrolplanes.controlplane.cluster.x-k8s.io {{ .Release.Name }} \
+                --ignore-not-found=true
+
+              echo "Step 4: Deleting TenantControlPlane {{ .Release.Name }}"
+              kubectl -n {{ .Release.Namespace }} delete tenantcontrolplanes.kamaji.clastix.io {{ .Release.Name }} \
+                --ignore-not-found=true
+
+              echo "Step 5: Cleaning up DataVolumes"
+              kubectl -n {{ .Release.Namespace }} delete datavolumes \
+                -l "cluster.x-k8s.io/cluster-name={{ .Release.Name }}" \
+                --ignore-not-found=true
+
+              echo "Step 6: Cleaning up LoadBalancer Services"
+              kubectl -n {{ .Release.Namespace }} delete services \
+                -l "cluster.x-k8s.io/cluster-name={{ .Release.Name }}" \
+                --field-selector spec.type=LoadBalancer \
+                --ignore-not-found=true
+
+              echo "Cleanup completed successfully"


 ---
@@ -40,7 +72,7 @@ kind: ServiceAccount
 metadata:
  name: {{ .Release.Name }}-cleanup
  annotations:
-    helm.sh/hook: post-delete
+    helm.sh/hook: pre-delete
    helm.sh/hook-delete-policy: before-hook-creation,hook-failed,hook-succeeded
    helm.sh/hook-weight: "0"
 ---
@@ -48,11 +80,39 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    "helm.sh/hook": post-delete
+    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
    "helm.sh/hook-weight": "5"
  name: {{ .Release.Name }}-cleanup
 rules:
+  - apiGroups:
+      - "helm.toolkit.fluxcd.io"
+    resources:
+      - helmreleases
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - delete
+  - apiGroups:
+      - "controlplane.cluster.x-k8s.io"
+    resources:
+      - kamajicontrolplanes
+    verbs:
+      - get
+      - list
+      - watch
+      - delete
+  - apiGroups:
+      - "kamaji.clastix.io"
+    resources:
+      - tenantcontrolplanes
+    verbs:
+      - get
+      - list
+      - watch
+      - delete
  - apiGroups:
      - "cdi.kubevirt.io"
    resources:
@@ -60,6 +120,7 @@ rules:
    verbs:
      - get
      - list
+      - watch
      - delete
  - apiGroups:
      - ""
@@ -68,13 +129,14 @@ rules:
    verbs:
      - get
      - list
+      - watch
      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    "helm.sh/hook": post-delete
+    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
    "helm.sh/hook-weight": "5"
  name: {{ .Release.Name }}-cleanup
@@ -86,4 +148,3 @@ subjects:
  - kind: ServiceAccount
    name: {{ .Release.Name }}-cleanup
    namespace: {{ .Release.Namespace }}
-
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -1,104 +0,0 @@
---
-apiVersion: batch/v1
-kind: Job
-metadata:
-  annotations:
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-weight": "10"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
-  name: {{ .Release.Name }}-flux-teardown
-spec:
-  template:
-    spec:
-      serviceAccountName: {{ .Release.Name }}-flux-teardown
-      restartPolicy: Never
-      tolerations:
-        - key: CriticalAddonsOnly
-          operator: Exists
-        - key: node-role.kubernetes.io/control-plane
-          operator: Exists
-          effect: "NoSchedule"
-      containers:
-        - name: kubectl
-          image: docker.io/clastix/kubectl:v1.32
-          command:
-            - /bin/sh
-            - -c
-            - >-
-              kubectl
-              --namespace={{ .Release.Namespace }}
-              patch
-              helmrelease
-              {{ .Release.Name }}-cilium
-              {{ .Release.Name }}-gateway-api-crds
-              {{ .Release.Name }}-csi
-              {{ .Release.Name }}-cert-manager
-              {{ .Release.Name }}-cert-manager-crds
-              {{ .Release.Name }}-vertical-pod-autoscaler
-              {{ .Release.Name }}-vertical-pod-autoscaler-crds
-              {{ .Release.Name }}-ingress-nginx
-              {{ .Release.Name }}-fluxcd-operator
-              {{ .Release.Name }}-fluxcd
-              {{ .Release.Name }}-gpu-operator
-              {{ .Release.Name }}-velero
-              {{ .Release.Name }}-coredns
-              -p '{"spec": {"suspend": true}}'
-              --type=merge --field-manager=flux-client-side-apply || true
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}-flux-teardown
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-failed,hook-succeeded
-    helm.sh/hook-weight: "0"
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  annotations:
-    "helm.sh/hook": pre-install,post-install,pre-delete
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
-    "helm.sh/hook-weight": "5"
-  name: {{ .Release.Name }}-flux-teardown
-rules:
-  - apiGroups:
-      - "helm.toolkit.fluxcd.io"
-    resources:
-      - helmreleases
-    verbs:
-      - get
-      - patch
-    resourceNames:
-      - {{ .Release.Name }}-cilium
-      - {{ .Release.Name }}-csi
-      - {{ .Release.Name }}-cert-manager
-      - {{ .Release.Name }}-cert-manager-crds
-      - {{ .Release.Name }}-gateway-api-crds
-      - {{ .Release.Name }}-vertical-pod-autoscaler
-      - {{ .Release.Name }}-vertical-pod-autoscaler-crds
-      - {{ .Release.Name }}-ingress-nginx
-      - {{ .Release.Name }}-fluxcd-operator
-      - {{ .Release.Name }}-fluxcd
-      - {{ .Release.Name }}-gpu-operator
-      - {{ .Release.Name }}-velero
-      - {{ .Release.Name }}-coredns
-
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed
-    helm.sh/hook-weight: "5"
-  name: {{ .Release.Name }}-flux-teardown
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ .Release.Name }}-flux-teardown
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Release.Name }}-flux-teardown
-    namespace: {{ .Release.Namespace }}
--- a/packages/apps/tenant/templates/cleanup-job.yaml
+++ b/packages/apps/tenant/templates/cleanup-job.yaml
@@ -0,0 +1,85 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "tenant.name" . }}-cleanup
+  namespace: {{ include "tenant.name" . }}
+  annotations:
+    helm.sh/hook: pre-delete
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+    helm.sh/hook-weight: "-5"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tenant.name" . }}-cleanup
+  namespace: {{ include "tenant.name" . }}
+  annotations:
+    helm.sh/hook: pre-delete
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+    helm.sh/hook-weight: "-5"
+rules:
+- apiGroups: ["helm.toolkit.fluxcd.io"]
+  resources: ["helmreleases"]
+  verbs: ["get", "list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tenant.name" . }}-cleanup
+  namespace: {{ include "tenant.name" . }}
+  annotations:
+    helm.sh/hook: pre-delete
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+    helm.sh/hook-weight: "-5"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "tenant.name" . }}-cleanup
+subjects:
+- kind: ServiceAccount
+  name: {{ include "tenant.name" . }}-cleanup
+  namespace: {{ include "tenant.name" . }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "tenant.name" . }}-cleanup
+  namespace: {{ include "tenant.name" . }}
+  annotations:
+    helm.sh/hook: pre-delete
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+    helm.sh/hook-weight: "0"
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    metadata:
+      name: {{ include "tenant.name" . }}-cleanup
+      labels:
+        policy.cozystack.io/allow-to-apiserver: "true"
+    spec:
+      serviceAccountName: {{ include "tenant.name" . }}-cleanup
+      restartPolicy: OnFailure
+      containers:
+      - name: cleanup
+        image: bitnami/kubectl:latest
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          NAMESPACE="{{ include "tenant.name" . }}"
+          
+          echo "Cleaning up HelmReleases in namespace: $NAMESPACE"
+          
+          echo "Deleting Applications"
+          kubectl delete helmreleases.helm.toolkit.fluxcd.io -n "$NAMESPACE" \
+            -l 'cozystack.io/ui=true,internal.cozystack.io/tenantmodule!=true' \
+            --ignore-not-found=true --wait=true
+          
+          echo "Deleting Tenant Modules"
+          kubectl delete helmreleases.helm.toolkit.fluxcd.io -n "$NAMESPACE" \
+            -l 'cozystack.io/ui=true,internal.cozystack.io/tenantmodule=true' \
+            --ignore-not-found=true --wait=true
+          
+          echo "Cleanup completed successfully"
--- a/packages/core/installer/values.yaml
+++ b/packages/core/installer/values.yaml
@@ -1,2 +1,2 @@
 cozystack:
-  image: ghcr.io/cozystack/cozystack/installer:v0.38.0@sha256:1a902ebd15fe375079098c088dd5b40475926c8d9576faf6348433f0fd86a963
+  image: ghcr.io/cozystack/cozystack/installer:v0.38.1@sha256:b76b497cfb65e1f9eb40501c947dbf5c5e15578686a1047d58071d581d16984a
--- a/packages/core/testing/values.yaml
+++ b/packages/core/testing/values.yaml
@@ -1,2 +1,2 @@
 e2e:
-  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.38.0@sha256:cb17739b46eca263b2a31c714a3cb211da6f9de259b1641c2fc72c91bdfc93bb
+  image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.38.1@sha256:e8cdd1a2c24621299e2e48b87d2070e4401c6cb2ddda31b30b3bc2f3514fb78b
--- a/packages/extra/bootbox/images/matchbox.tag
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/matchbox:v0.38.0@sha256:9ff2bdcf802445f6c1cabdf0e6fc32ee10043b1067945232a91088abad63f583
+ghcr.io/cozystack/cozystack/matchbox:v0.38.1@sha256:c1122766930ba1e73fad93a0505b9542ba211d14d478e8934bbd7cd299b7439f
--- a/packages/extra/seaweedfs/images/objectstorage-sidecar.tag
+++ b/packages/extra/seaweedfs/images/objectstorage-sidecar.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.38.0@sha256:4548d85e7e69150aaf52fbb17fb9487e9714bdd8407aff49762cf39b9d0ab29c
+ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.38.1@sha256:7b21cea262f379db350fd30003266875241737777f43e3044e4e2c98e5cab31a
--- a/packages/system/bucket/images/s3manager.tag
+++ b/packages/system/bucket/images/s3manager.tag
@@ -1 +1 @@
-ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:f21b1c37872221323cee0490f9c58e04fa360c2b8c68700ab0455bc39f3ad160
+ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:ec77d572175945f6be3e3da6f77fa8a5988cce33ae2425e71a9012ed84cf439f
--- a/packages/system/cozystack-api/values.yaml
+++ b/packages/system/cozystack-api/values.yaml
@@ -1,5 +1,5 @@
 cozystackAPI:
-  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.38.0@sha256:5eb5d6369c7c7ba0fa6b34b7c5022faa15c860b72e441b5fbde3eceda94efc88
+  image: ghcr.io/cozystack/cozystack/cozystack-api:v0.38.1@sha256:33cc3dc3b38c804e607a7220cb6d5622a5b090ea22cef47789960dd24aea143a
  localK8sAPIEndpoint:
    enabled: true
  replicas: 2
--- a/packages/system/cozystack-controller/values.yaml
+++ b/packages/system/cozystack-controller/values.yaml
@@ -1,6 +1,6 @@
 cozystackController:
-  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.38.0@sha256:4628a3711b6a6fc2e446255ee172cd268b28b07c65e98c302ea8897574dcbf22
+  image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.38.1@sha256:98f220940a99e0cf102ffc413e0c150ff5067f1994ea9d771f833e291bfaed58
  debug: false
  disableTelemetry: false
-  cozystackVersion: "v0.38.0"
+  cozystackVersion: "v0.38.1"
  cozystackAPIKind: "DaemonSet"
--- a/packages/system/dashboard/images/openapi-ui-k8s-bff/Dockerfile
+++ b/packages/system/dashboard/images/openapi-ui-k8s-bff/Dockerfile
@@ -3,7 +3,7 @@ ARG NODE_VERSION=20.18.1
 FROM node:${NODE_VERSION}-alpine AS builder
 WORKDIR /src

-ARG COMMIT_REF=ba56271739505284aee569f914fc90e6a9c670da
+ARG COMMIT_REF=183dc9dcbb0f8a1833dad642c35faa385c71e58d
 RUN wget -O- https://github.com/PRO-Robotech/openapi-ui-k8s-bff/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1

 ENV PATH=/src/node_modules/.bin:$PATH
--- a/packages/system/dashboard/templates/configmap.yaml
+++ b/packages/system/dashboard/templates/configmap.yaml
@@ -1,6 +1,6 @@
 {{- $brandingConfig:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }}

-{{- $tenantText := "v0.38.0" }}
+{{- $tenantText := "v0.38.1" }}
 {{- $footerText := "Cozystack" }}
 {{- $titleText := "Cozystack Dashboard" }}
 {{- $logoText := "" }}
--- a/packages/system/dashboard/templates/nginx.yaml
+++ b/packages/system/dashboard/templates/nginx.yaml
@@ -16,7 +16,7 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/configmap-configurationnginxfile: 258c66b019c8c7f4a5d0a78dfd7bf297ce486b213346fbd2879c466abfc377e0
+        checksum/config: {{ include (print $.Template.BasePath "/nginx-config.yaml") . | sha256sum }}
      labels:
        app.kubernetes.io/instance: incloud-web
        app.kubernetes.io/name: nginx
--- a/packages/system/dashboard/templates/web.yaml
+++ b/packages/system/dashboard/templates/web.yaml
@@ -15,7 +15,8 @@ spec:
    type: RollingUpdate
  template:
    metadata:
-      annotations: null
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
      labels:
        app.kubernetes.io/instance: incloud-web
        app.kubernetes.io/name: web
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -1,6 +1,6 @@
 openapiUI:
-  image: ghcr.io/cozystack/cozystack/openapi-ui:v0.38.0@sha256:78570edb9f4e329ffed0f8da3942acee1536323169d56324e57360df66044c28
+  image: ghcr.io/cozystack/cozystack/openapi-ui:v0.38.1@sha256:e968ddf4a5cecaccb6bde2a3390184b55b7ef469172a282aa85f8e293cfc994a
 openapiUIK8sBff:
-  image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.38.0@sha256:b7f18b86913d94338f1ceb93fca6409d19f565e35d6d6e683ca93441920fec71
+  image: ghcr.io/cozystack/cozystack/openapi-ui-k8s-bff:v0.38.1@sha256:7646364cda96f3b6da421f28293db0256ae5dbce0a8912bf076eef3349968af2
 tokenProxy:
-  image: ghcr.io/cozystack/cozystack/token-proxy:v0.38.0@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b
+  image: ghcr.io/cozystack/cozystack/token-proxy:v0.38.1@sha256:fad27112617bb17816702571e1f39d0ac3fe5283468d25eb12f79906cdab566b
--- a/packages/system/kamaji/values.yaml
+++ b/packages/system/kamaji/values.yaml
@@ -3,7 +3,7 @@ kamaji:
    deploy: false
  image:
    pullPolicy: IfNotPresent
-    tag: v0.38.0@sha256:125e4e6a8b86418e891416d29353053ab8b65182b7e443f221b557c11a385280
+    tag: v0.38.1@sha256:d8909d4ac16f6ca890304742a1c9382d09f2464330173a9d5762ca6909b1c086
    repository: ghcr.io/cozystack/cozystack/kamaji
  resources:
    limits:
@@ -13,4 +13,4 @@ kamaji:
      cpu: 100m
      memory: 100Mi
  extraArgs:
-    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.38.0@sha256:125e4e6a8b86418e891416d29353053ab8b65182b7e443f221b557c11a385280
+    - --migrate-image=ghcr.io/cozystack/cozystack/kamaji:v0.38.1@sha256:d8909d4ac16f6ca890304742a1c9382d09f2464330173a9d5762ca6909b1c086
--- a/packages/system/kubeovn-plunger/values.yaml
+++ b/packages/system/kubeovn-plunger/values.yaml
@@ -1,4 +1,4 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.38.0@sha256:a140bdcc300bcfb63a5d64884d02d802d7669ba96dc65292a06f3b200ff627f8
+image: ghcr.io/cozystack/cozystack/kubeovn-plunger:v0.38.1@sha256:843ab1f551ca5b5197cc761b700085f0b464036b996a6aba311e1e0ae7b33faa
 ovnCentralName: ovn-central
--- a/packages/system/kubeovn-webhook/values.yaml
+++ b/packages/system/kubeovn-webhook/values.yaml
@@ -1,3 +1,3 @@
 portSecurity: true
 routes: ""
-image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.38.0@sha256:7bfd458299a507f2cf82cddb65941ded6991fd4ba92fd46010cbc8c363126085
+image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.38.1@sha256:5581d232c05d698c508c40c8fdc111901d24f7cff1327bb8dfa99a46acf82eb9
--- a/packages/system/kubeovn/values.yaml
+++ b/packages/system/kubeovn/values.yaml
@@ -65,4 +65,4 @@ global:
  images:
    kubeovn:
      repository: kubeovn
-      tag: v1.14.11@sha256:1b0f472cf30d5806e3afd10439ce8f9cfe8a004322dbd1911f7d69171fe936e5
+      tag: v1.14.11@sha256:35e64717c685b1b3fafa4c669ee3943595e1e02a5057a5e2c35a8043face00d3
--- a/packages/system/lineage-controller-webhook/values.yaml
+++ b/packages/system/lineage-controller-webhook/values.yaml
@@ -1,5 +1,5 @@
 lineageControllerWebhook:
-  image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v0.38.0@sha256:fc2b04f59757904ec1557a39529b84b595114b040ef95d677fd7f21ac3958e0a
+  image: ghcr.io/cozystack/cozystack/lineage-controller-webhook:v0.38.1@sha256:5729934ec876bc58d9307a1ff5b5bc04ac7a29098b51d026ca00a56c109973d0
  debug: false
  localK8sAPIEndpoint:
    enabled: true
--- a/packages/system/objectstorage-controller/values.yaml
+++ b/packages/system/objectstorage-controller/values.yaml
@@ -1,3 +1,3 @@
 objectstorage:
  controller:
-    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.38.0@sha256:7d37495cce46d30d4613ecfacaa7b7f140e7ea8f3dbcc3e8c976e271de6cc71b"
+    image: "ghcr.io/cozystack/cozystack/objectstorage-controller:v0.38.1@sha256:7d37495cce46d30d4613ecfacaa7b7f140e7ea8f3dbcc3e8c976e271de6cc71b"
--- a/packages/system/seaweedfs/Makefile
+++ b/packages/system/seaweedfs/Makefile
@@ -12,6 +12,7 @@ update:
 	sed -i.bak "/ARG VERSION/ s|=.*|=$${version}|g" images/seaweedfs/Dockerfile && \
 	rm -f images/seaweedfs/Dockerfile.bak
 	patch --no-backup-if-mismatch -p4 < patches/resize-api-server-annotation.diff
+	patch --no-backup-if-mismatch -p4 < patches/long-term-ca.diff
 	#patch --no-backup-if-mismatch -p4 < patches/retention-policy-delete.yaml

 image:
--- a/packages/system/seaweedfs/charts/seaweedfs/templates/cert/ca-cert.yaml
+++ b/packages/system/seaweedfs/charts/seaweedfs/templates/cert/ca-cert.yaml
@@ -13,6 +13,8 @@ spec:
  secretName: {{ template "seaweedfs.name" . }}-ca-cert
  commonName: "{{ template "seaweedfs.name" . }}-root-ca"
  isCA: true
+  duration: 87600h
+  renewBefore: 720h
  issuerRef:
    name: {{ template "seaweedfs.name" . }}-issuer
    kind: Issuer
--- a/packages/system/seaweedfs/patches/long-term-ca.diff
+++ b/packages/system/seaweedfs/patches/long-term-ca.diff
@@ -0,0 +1,13 @@
+diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/cert/ca-cert.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/cert/ca-cert.yaml
+index 0fd6615e..f2572558 100644
+--- a/packages/system/seaweedfs/charts/seaweedfs/templates/cert/ca-cert.yaml
+++ b/packages/system/seaweedfs/charts/seaweedfs/templates/cert/ca-cert.yaml
+@@ -13,6 +13,8 @@ spec:
+   secretName: {{ template "seaweedfs.name" . }}-ca-cert
+   commonName: "{{ template "seaweedfs.name" . }}-root-ca"
+   isCA: true
+  duration: 87600h
+  renewBefore: 720h
+   issuerRef:
+     name: {{ template "seaweedfs.name" . }}-issuer
+     kind: Issuer
--- a/packages/system/seaweedfs/values.yaml
+++ b/packages/system/seaweedfs/values.yaml
@@ -124,7 +124,7 @@ seaweedfs:
    bucketClassName: "seaweedfs"
    region: ""
    sidecar:
-      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.38.0@sha256:4548d85e7e69150aaf52fbb17fb9487e9714bdd8407aff49762cf39b9d0ab29c"
+      image: "ghcr.io/cozystack/cozystack/objectstorage-sidecar:v0.38.1@sha256:7b21cea262f379db350fd30003266875241737777f43e3044e4e2c98e5cab31a"
  certificates:
    commonName: "SeaweedFS CA"
    ipAddresses: []
Author	SHA1	Message	Date
Andrei Kvapil	4899c8e42f	Release v0.38.1 (#1668 ) This PR prepares the release `v0.38.1`.	2025-11-27 15:53:07 +01:00
cozystack-bot	e3854aca8a	Prepare release v0.38.1 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2025-11-27 13:48:02 +00:00
Andrei Kvapil	ef28980017	[tenant][kubernetes] Introduce better cleanup logic (#1661 ) Signed-off-by: Andrei Kvapil <kvapss@gmail.com> <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [tenant][kubernetes] Introduce better cleanup logic ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Added an automated pre-delete cleanup job for tenant namespaces to remove tenant-related releases during uninstall. * Improvements * Cleanup now runs early in the uninstall sequence with a clearer, stepwise orchestration for resource removal. * Expanded permissions and execution allowances to enable the cleanup workflow. * Deployment annotations now use a content checksum to better detect config changes. * Removals * Previous teardown sequence for certain release types was removed and replaced by the new workflow. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2025-11-27 14:39:50 +01:00
Andrei Kvapil	caa25fdf76	[dashboard] Fix loading arrays in forms when editing existing objects Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2025-11-27 14:37:00 +01:00
Andrei Kvapil	250b41d12f	[Backport release-0.38] [seaweedfs] Extended CA certificate duration to reduce disruptive CA rotations. (#1666 ) # Description Backport of #1657 to `release-0.38`.	2025-11-27 14:35:07 +01:00
IvanHunters	0b0968fdfa	add patch for long term ca Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> (cherry picked from commit `5d354a07d6`)	2025-11-27 13:34:41 +00:00
IvanHunters	fdaa6e7783	* Improvements * Extended CA certificate duration to reduce disruptive CA rotations. * Added mechanism to sync SeaweedFS client certificates across clusters. * Enhanced certificate management to ensure Hikube provisioner always receives up-to-date client certificates. * Chores * Updated SeaweedFS Helm chart templates with configurable certificate duration and renewal settings. Signed-off-by: IvanHunters <xorokhotnikov@gmail.com> (cherry picked from commit `8283714930`)	2025-11-27 13:34:41 +00:00
Andrei Kvapil	cc068f20f4	[Backport release-0.38] [dashboard] Add config hash annotations to restart pods on config changes (#1665 ) # Description Backport of #1662 to `release-0.38`.	2025-11-27 12:30:46 +01:00
Andrei Kvapil	e3fa9af34b	[dashboard] Add config hash annotations to restart pods on config changes Signed-off-by: Andrei Kvapil <kvapss@gmail.com> (cherry picked from commit `c72a9333e9`)	2025-11-27 11:21:40 +00:00