PoC: Move workloadmonitors to controller

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
[dashboard-controller] Move bages generation logic to internal dashboard component (#1567 )
2026-03-05 14:38:57 +00:00 · 2025-11-04 19:31:31 +01:00 · 2025-11-04 17:36:33 +01:00 · 2025-11-04 17:33:22 +01:00 · 2025-11-04 20:27:57 +04:00 · 2025-11-04 17:13:43 +01:00
216 changed files with 5173 additions and 3661 deletions
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -28,7 +28,7 @@ jobs:

      - name: Install generate
        run: |
-          curl -sSL https://github.com/cozystack/cozyvalues-gen/releases/download/v0.9.0/cozyvalues-gen-linux-amd64.tar.gz | tar -xzvf- -C /usr/local/bin/ cozyvalues-gen
+          curl -sSL https://github.com/cozystack/cozyvalues-gen/releases/download/v1.0.5/cozyvalues-gen-linux-amd64.tar.gz | tar -xzvf- -C /usr/local/bin/ cozyvalues-gen

      - name: Run pre-commit hooks
        run: |
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -31,4 +31,5 @@ This list is sorted in chronological order, based on the submission date.
 | [gohost](https://gohost.kz/) | @karabass_off | 2024-02-01 | Our company has been working in the market of Kazakhstan for more than 15 years, providing clients with a standard set of services: VPS/VDC, IaaS, shared hosting, etc. Now we are expanding the lineup by introducing Bare Metal Kubenetes cluster under Cozystack management. |
 | [Urmanac](https://urmanac.com) | @kingdonb | 2024-12-04 | Urmanac is the future home of a hosting platform for the knowledge base of a community of personal server enthusiasts. We use Cozystack to provide support services for web sites hosted using both conventional deployments and on SpinKube, with WASM. |
 | [Hidora](https://hikube.cloud) | @matthieu-robin | 2025-09-17 | Hidora is a Swiss cloud provider delivering managed services and infrastructure solutions through datacenters located in Switzerland, ensuring data sovereignty and reliability. Its sovereign cloud platform, Hikube, is designed to run workloads with high availability across multiple datacenters, providing enterprises with a secure and scalable foundation for their applications based on Cozystack. |
-| 
+| [QOSI](https://qosi.kz) | @tabu-a | 2025-10-04 | QOSI is a non-profit organization driving open-source adoption and digital sovereignty across Kazakhstan and Central Asia. We use Cozystack as a platform for deploying sovereign, GPU-enabled clouds and educational environments under the National AI Program. Our goal is to accelerate the region’s transition toward open, self-hosted cloud-native technologies |
+|
--- a/api/v1alpha1/cozystackresourcedefinitions_types.go
+++ b/api/v1alpha1/cozystackresourcedefinitions_types.go
@@ -59,6 +59,10 @@ type CozystackResourceDefinitionSpec struct {

 	// Dashboard configuration for this resource
 	Dashboard *CozystackResourceDefinitionDashboard `json:"dashboard,omitempty"`
+
+	// WorkloadMonitors configuration for this resource
+	// List of WorkloadMonitor templates to be created for each application instance
+	WorkloadMonitors []WorkloadMonitorTemplate `json:"workloadMonitors,omitempty"`
 }

 type CozystackResourceDefinitionChart struct {
@@ -110,17 +114,18 @@ type CozystackResourceDefinitionRelease struct {
 // - {{ .namespace }}: The namespace of the resource being processed
 //
 // Example YAML:
-//   secrets:
-//     include:
-//     - matchExpressions:
-//       - key: badlabel
-//         operator: DoesNotExist
-//       matchLabels:
-//         goodlabel: goodvalue
-//       resourceNames:
-//       - "{{ .name }}-secret"
-//       - "{{ .kind }}-{{ .name }}-tls"
-//       - "specificname"
+//
+//	secrets:
+//	  include:
+//	  - matchExpressions:
+//	    - key: badlabel
+//	      operator: DoesNotExist
+//	    matchLabels:
+//	      goodlabel: goodvalue
+//	    resourceNames:
+//	    - "{{ .name }}-secret"
+//	    - "{{ .kind }}-{{ .name }}-tls"
+//	    - "specificname"
 type CozystackResourceDefinitionResourceSelector struct {
 	metav1.LabelSelector `json:",inline"`
 	// ResourceNames is a list of resource names to match
@@ -191,3 +196,47 @@ type CozystackResourceDefinitionDashboard struct {
 	// +optional
 	Module bool `json:"module,omitempty"`
 }
+
+// ---- WorkloadMonitor types ----
+
+// WorkloadMonitorTemplate defines a template for creating WorkloadMonitor resources
+// for application instances. Fields support Go template syntax with the following variables:
+// - {{ .Release.Name }}: The name of the Helm release
+// - {{ .Release.Namespace }}: The namespace of the Helm release
+// - {{ .Chart.Version }}: The version of the Helm chart
+// - {{ .Values.<path> }}: Any value from the Helm values
+type WorkloadMonitorTemplate struct {
+	// Name is the name of the WorkloadMonitor.
+	// Supports Go template syntax (e.g., "{{ .Release.Name }}-keeper")
+	// +required
+	Name string `json:"name"`
+
+	// Kind specifies the kind of the workload (e.g., "postgres", "kafka")
+	// +required
+	Kind string `json:"kind"`
+
+	// Type specifies the type of the workload (e.g., "postgres", "zookeeper")
+	// +required
+	Type string `json:"type"`
+
+	// Selector is a map of label key-value pairs for matching workloads.
+	// Supports Go template syntax in values (e.g., "app.kubernetes.io/instance: {{ .Release.Name }}")
+	// +required
+	Selector map[string]string `json:"selector"`
+
+	// Replicas is a Go template expression that evaluates to the desired number of replicas.
+	// Example: "{{ .Values.replicas }}" or "{{ .Values.clickhouseKeeper.replicas }}"
+	// +optional
+	Replicas string `json:"replicas,omitempty"`
+
+	// MinReplicas is a Go template expression that evaluates to the minimum number of replicas.
+	// Example: "1" or "{{ div .Values.replicas 2 | add1 }}"
+	// +optional
+	MinReplicas string `json:"minReplicas,omitempty"`
+
+	// Condition is a Go template expression that must evaluate to "true" for the monitor to be created.
+	// Example: "{{ .Values.clickhouseKeeper.enabled }}"
+	// If empty, the monitor is always created.
+	// +optional
+	Condition string `json:"condition,omitempty"`
+}
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -244,6 +244,13 @@ func (in *CozystackResourceDefinitionSpec) DeepCopyInto(out *CozystackResourceDe
 		*out = new(CozystackResourceDefinitionDashboard)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.WorkloadMonitors != nil {
+		in, out := &in.WorkloadMonitors, &out.WorkloadMonitors
+		*out = make([]WorkloadMonitorTemplate, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CozystackResourceDefinitionSpec.
@@ -461,6 +468,28 @@ func (in *WorkloadMonitorStatus) DeepCopy() *WorkloadMonitorStatus {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WorkloadMonitorTemplate) DeepCopyInto(out *WorkloadMonitorTemplate) {
+	*out = *in
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadMonitorTemplate.
+func (in *WorkloadMonitorTemplate) DeepCopy() *WorkloadMonitorTemplate {
+	if in == nil {
+		return nil
+	}
+	out := new(WorkloadMonitorTemplate)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WorkloadStatus) DeepCopyInto(out *WorkloadStatus) {
 	*out = *in
--- a/cmd/cozystack-controller/main.go
+++ b/cmd/cozystack-controller/main.go
@@ -69,6 +69,7 @@ func main() {
 	var telemetryEndpoint string
 	var telemetryInterval string
 	var cozystackVersion string
+	var reconcileDeployment bool
 	var tlsOpts []func(*tls.Config)
 	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
 		"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
@@ -88,6 +89,8 @@ func main() {
 		"Interval between telemetry data collection (e.g. 15m, 1h)")
 	flag.StringVar(&cozystackVersion, "cozystack-version", "unknown",
 		"Version of Cozystack")
+	flag.BoolVar(&reconcileDeployment, "reconcile-deployment", false,
+		"If set, the Cozystack API server is assumed to run as a Deployment, else as a DaemonSet.")
 	opts := zap.Options{
 		Development: false,
 	}
@@ -189,6 +192,14 @@ func main() {
 		os.Exit(1)
 	}

+	if err = (&controller.WorkloadMonitorFromCRDReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "WorkloadMonitorFromCRD")
+		os.Exit(1)
+	}
+
 	if err = (&controller.WorkloadReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
@@ -213,14 +224,28 @@ func main() {
 		os.Exit(1)
 	}

+	cozyAPIKind := "DaemonSet"
+	if reconcileDeployment {
+		cozyAPIKind = "Deployment"
+	}
 	if err = (&controller.CozystackResourceDefinitionReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Client:           mgr.GetClient(),
+		Scheme:           mgr.GetScheme(),
+		CozystackAPIKind: cozyAPIKind,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "CozystackResourceDefinitionReconciler")
 		os.Exit(1)
 	}

+	dashboardManager := &dashboard.Manager{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}
+	if err = dashboardManager.SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "DashboardReconciler")
+		os.Exit(1)
+	}
+
 	// +kubebuilder:scaffold:builder

 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
@@ -246,7 +271,9 @@ func main() {
 	}

 	setupLog.Info("starting manager")
-	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+	ctx := ctrl.SetupSignalHandler()
+	dashboardManager.InitializeStaticResources(ctx)
+	if err := mgr.Start(ctx); err != nil {
 		setupLog.Error(err, "problem running manager")
 		os.Exit(1)
 	}
--- a/hack/e2e-apps/run-kubernetes.sh
+++ b/hack/e2e-apps/run-kubernetes.sh
@@ -87,14 +87,14 @@ EOF


  # Set up port forwarding to the Kubernetes API server for a 200 second timeout
-  bash -c 'timeout 200s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &'
+  bash -c 'timeout 300s kubectl port-forward service/kubernetes-'"${test_name}"' -n tenant-test '"${port}"':6443 > /dev/null 2>&1 &'
  # Verify the Kubernetes version matches what we expect (retry for up to 20 seconds)
  timeout 20 sh -ec 'until kubectl --kubeconfig tenantkubeconfig version 2>/dev/null | grep -Fq "Server Version: ${k8s_version}"; do sleep 5; done'

  # Wait for the nodes to be ready (timeout after 2 minutes)
-  timeout 2m bash -c '
+  timeout 3m bash -c '
    until [ "$(kubectl --kubeconfig tenantkubeconfig get nodes -o jsonpath="{.items[*].metadata.name}" | wc -w)" -eq 2 ]; do
-      sleep 3
+      sleep 2
    done
  '
  # Verify the nodes are ready
--- a/hack/e2e-prepare-cluster.bats
+++ b/hack/e2e-prepare-cluster.bats
@@ -132,7 +132,6 @@ machine:
        - usermode_helper=disabled
    - name: zfs
    - name: spl
-    - name: lldpd
  registries:
    mirrors:
      docker.io:
--- a/internal/controller/cozystackresource_controller.go
+++ b/internal/controller/cozystackresource_controller.go
@@ -5,28 +5,21 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
-	"sort"
+	"slices"
 	"sync"
 	"time"

-	"github.com/cozystack/cozystack/internal/controller/dashboard"
-	"github.com/cozystack/cozystack/internal/shared/crdmem"
-
 	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"

-	"github.com/go-logr/logr"
 	appsv1 "k8s.io/api/apps/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"

 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )

@@ -40,128 +33,20 @@ type CozystackResourceDefinitionReconciler struct {
 	lastEvent   time.Time
 	lastHandled time.Time

-	mem *crdmem.Memory
-
-	// Track static resources initialization
-	staticResourcesInitialized bool
-	staticResourcesMutex       sync.Mutex
+	CozystackAPIKind string
 }

 func (r *CozystackResourceDefinitionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	logger := log.FromContext(ctx)
-
-	crd := &cozyv1alpha1.CozystackResourceDefinition{}
-	err := r.Get(ctx, types.NamespacedName{Name: req.Name}, crd)
-	if err == nil {
-		if r.mem != nil {
-			r.mem.Upsert(crd)
-		}
-
-		mgr := dashboard.NewManager(
-			r.Client,
-			r.Scheme,
-			dashboard.WithCRDListFunc(func(c context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error) {
-				if r.mem != nil {
-					return r.mem.ListFromCacheOrAPI(c, r.Client)
-				}
-				var list cozyv1alpha1.CozystackResourceDefinitionList
-				if err := r.Client.List(c, &list); err != nil {
-					return nil, err
-				}
-				return list.Items, nil
-			}),
-		)
-
-		if res, derr := mgr.EnsureForCRD(ctx, crd); derr != nil || res.Requeue || res.RequeueAfter > 0 {
-			return res, derr
-		}
-
-		// After processing CRD, perform cleanup of orphaned resources
-		// This should be done after cache warming to ensure all current resources are known
-		if cleanupErr := mgr.CleanupOrphanedResources(ctx); cleanupErr != nil {
-			logger.Error(cleanupErr, "Failed to cleanup orphaned dashboard resources")
-			// Don't fail the reconciliation, just log the error
-		}
-
-		r.mu.Lock()
-		r.lastEvent = time.Now()
-		r.mu.Unlock()
-		return ctrl.Result{}, nil
-	}
-
-	// Handle error cases (err is guaranteed to be non-nil here)
-	if !apierrors.IsNotFound(err) {
-		return ctrl.Result{}, err
-	}
-	// If resource is not found, clean up from memory
-	if r.mem != nil {
-		r.mem.Delete(req.Name)
-	}
-	if req.Namespace == "cozy-system" && req.Name == "cozystack-api" {
-		return r.debouncedRestart(ctx, logger)
-	}
-	return ctrl.Result{}, nil
-}
-
-// initializeStaticResourcesOnce ensures static resources are created only once
-func (r *CozystackResourceDefinitionReconciler) initializeStaticResourcesOnce(ctx context.Context) error {
-	r.staticResourcesMutex.Lock()
-	defer r.staticResourcesMutex.Unlock()
-
-	if r.staticResourcesInitialized {
-		return nil // Already initialized
-	}
-
-	// Create dashboard manager and initialize static resources
-	mgr := dashboard.NewManager(
-		r.Client,
-		r.Scheme,
-		dashboard.WithCRDListFunc(func(c context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error) {
-			if r.mem != nil {
-				return r.mem.ListFromCacheOrAPI(c, r.Client)
-			}
-			var list cozyv1alpha1.CozystackResourceDefinitionList
-			if err := r.Client.List(c, &list); err != nil {
-				return nil, err
-			}
-			return list.Items, nil
-		}),
-	)
-
-	if err := mgr.InitializeStaticResources(ctx); err != nil {
-		return err
-	}
-
-	r.staticResourcesInitialized = true
-	log.FromContext(ctx).Info("Static dashboard resources initialized successfully")
-	return nil
+	return r.debouncedRestart(ctx)
 }

 func (r *CozystackResourceDefinitionReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	if r.Debounce == 0 {
 		r.Debounce = 5 * time.Second
 	}
-	if r.mem == nil {
-		r.mem = crdmem.Global()
-	}
-	if err := r.mem.EnsurePrimingWithManager(mgr); err != nil {
-		return err
-	}
-
-	// Initialize static resources once during controller startup using manager.Runnable
-	if err := mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
-		if err := r.initializeStaticResourcesOnce(ctx); err != nil {
-			log.FromContext(ctx).Error(err, "Failed to initialize static resources")
-			return err
-		}
-		return nil
-	})); err != nil {
-		return err
-	}

 	return ctrl.NewControllerManagedBy(mgr).
 		Named("cozystackresource-controller").
-		For(&cozyv1alpha1.CozystackResourceDefinition{}, builder.WithPredicates()).
 		Watches(
 			&cozyv1alpha1.CozystackResourceDefinition{},
 			handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request {
@@ -176,9 +61,6 @@ func (r *CozystackResourceDefinitionReconciler) SetupWithManager(mgr ctrl.Manage
 				}}
 			}),
 		).
-		WithOptions(controller.Options{
-			MaxConcurrentReconciles: 5, // Allow more concurrent reconciles with proper rate limiting
-		}).
 		Complete(r)
 }

@@ -188,22 +70,18 @@ type crdHashView struct {
 }

 func (r *CozystackResourceDefinitionReconciler) computeConfigHash(ctx context.Context) (string, error) {
-	var items []cozyv1alpha1.CozystackResourceDefinition
-	if r.mem != nil {
-		list, err := r.mem.ListFromCacheOrAPI(ctx, r.Client)
-		if err != nil {
-			return "", err
-		}
-		items = list
+	list := &cozyv1alpha1.CozystackResourceDefinitionList{}
+	if err := r.List(ctx, list); err != nil {
+		return "", err
 	}

-	sort.Slice(items, func(i, j int) bool { return items[i].Name < items[j].Name })
+	slices.SortFunc(list.Items, sortCozyRDs)

-	views := make([]crdHashView, 0, len(items))
-	for i := range items {
+	views := make([]crdHashView, 0, len(list.Items))
+	for i := range list.Items {
 		views = append(views, crdHashView{
-			Name: items[i].Name,
-			Spec: items[i].Spec,
+			Name: list.Items[i].Name,
+			Spec: list.Items[i].Spec,
 		})
 	}
 	b, err := json.Marshal(views)
@@ -214,7 +92,9 @@ func (r *CozystackResourceDefinitionReconciler) computeConfigHash(ctx context.Co
 	return hex.EncodeToString(sum[:]), nil
 }

-func (r *CozystackResourceDefinitionReconciler) debouncedRestart(ctx context.Context, logger logr.Logger) (ctrl.Result, error) {
+func (r *CozystackResourceDefinitionReconciler) debouncedRestart(ctx context.Context) (ctrl.Result, error) {
+	logger := log.FromContext(ctx)
+
 	r.mu.Lock()
 	le := r.lastEvent
 	lh := r.lastHandled
@@ -239,15 +119,12 @@ func (r *CozystackResourceDefinitionReconciler) debouncedRestart(ctx context.Con
 		return ctrl.Result{}, err
 	}

-	deploy := &appsv1.Deployment{}
-	if err := r.Get(ctx, types.NamespacedName{Namespace: "cozy-system", Name: "cozystack-api"}, deploy); err != nil {
+	tpl, obj, patch, err := r.getWorkload(ctx, types.NamespacedName{Namespace: "cozy-system", Name: "cozystack-api"})
+	if err != nil {
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}

-	if deploy.Spec.Template.Annotations == nil {
-		deploy.Spec.Template.Annotations = map[string]string{}
-	}
-	oldHash := deploy.Spec.Template.Annotations["cozystack.io/config-hash"]
+	oldHash := tpl.Annotations["cozystack.io/config-hash"]

 	if oldHash == newHash && oldHash != "" {
 		r.mu.Lock()
@@ -257,10 +134,9 @@ func (r *CozystackResourceDefinitionReconciler) debouncedRestart(ctx context.Con
 		return ctrl.Result{}, nil
 	}

-	patch := client.MergeFrom(deploy.DeepCopy())
-	deploy.Spec.Template.Annotations["cozystack.io/config-hash"] = newHash
+	tpl.Annotations["cozystack.io/config-hash"] = newHash

-	if err := r.Patch(ctx, deploy, patch); err != nil {
+	if err := r.Patch(ctx, obj, patch); err != nil {
 		return ctrl.Result{}, err
 	}

@@ -272,3 +148,40 @@ func (r *CozystackResourceDefinitionReconciler) debouncedRestart(ctx context.Con
 		"old", oldHash, "new", newHash)
 	return ctrl.Result{}, nil
 }
+
+func (r *CozystackResourceDefinitionReconciler) getWorkload(
+	ctx context.Context,
+	key types.NamespacedName,
+) (tpl *corev1.PodTemplateSpec, obj client.Object, patch client.Patch, err error) {
+	if r.CozystackAPIKind == "Deployment" {
+		dep := &appsv1.Deployment{}
+		if err := r.Get(ctx, key, dep); err != nil {
+			return nil, nil, nil, err
+		}
+		obj = dep
+		tpl = &dep.Spec.Template
+		patch = client.MergeFrom(dep.DeepCopy())
+	} else {
+		ds := &appsv1.DaemonSet{}
+		if err := r.Get(ctx, key, ds); err != nil {
+			return nil, nil, nil, err
+		}
+		obj = ds
+		tpl = &ds.Spec.Template
+		patch = client.MergeFrom(ds.DeepCopy())
+	}
+	if tpl.Annotations == nil {
+		tpl.Annotations = make(map[string]string)
+	}
+	return tpl, obj, patch, nil
+}
+
+func sortCozyRDs(a, b cozyv1alpha1.CozystackResourceDefinition) int {
+	if a.Name == b.Name {
+		return 0
+	}
+	if a.Name < b.Name {
+		return -1
+	}
+	return 1
+}
--- a/internal/controller/dashboard/breadcrumb.go
+++ b/internal/controller/dashboard/breadcrumb.go
@@ -58,8 +58,8 @@ func (m *Manager) ensureBreadcrumb(ctx context.Context, crd *cozyv1alpha1.Cozyst
 		"breadcrumbItems": items,
 	}

-	_, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error {
-		if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil {
+	_, err := controllerutil.CreateOrUpdate(ctx, m.Client, obj, func() error {
+		if err := controllerutil.SetOwnerReference(crd, obj, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
--- a/internal/controller/dashboard/customcolumns.go
+++ b/internal/controller/dashboard/customcolumns.go
@@ -30,10 +30,6 @@ func (m *Manager) ensureCustomColumnsOverride(ctx context.Context, crd *cozyv1al
 	name := fmt.Sprintf("stock-namespace-%s.%s.%s", g, v, plural)
 	id := fmt.Sprintf("stock-namespace-/%s/%s/%s", g, v, plural)

-	// Badge content & color derived from kind
-	badgeText := initialsFromKind(kind) // e.g., "VirtualMachine" -> "VM", "Bucket" -> "B"
-	badgeColor := hexColorForKind(kind) // deterministic, dark enough for white text
-
 	obj := &dashv1alpha1.CustomColumnsOverride{}
 	obj.SetName(name)

@@ -62,25 +58,11 @@ func (m *Manager) ensureCustomColumnsOverride(ctx context.Context, crd *cozyv1al
 								},
 								"children": []any{
 									map[string]any{
-										"type": "antdText",
+										"type": "ResourceBadge",
 										"data": map[string]any{
 											"id":    "header-badge",
-											"text":  badgeText,
-											"title": strings.ToLower(kind), // optional tooltip
-											"style": map[string]any{
-												"backgroundColor": badgeColor,
-												"borderRadius":    "20px",
-												"color":           "#fff",
-												"display":         "inline-block",
-												"fontFamily":      "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif",
-												"fontSize":        "15px",
-												"fontWeight":      400,
-												"lineHeight":      "24px",
-												"minWidth":        24,
-												"padding":         "0 9px",
-												"textAlign":       "center",
-												"whiteSpace":      "nowrap",
-											},
+											"value": kind,
+											// abbreviation auto-generated by ResourceBadge from value
 										},
 									},
 									map[string]any{
@@ -145,8 +127,8 @@ func (m *Manager) ensureCustomColumnsOverride(ctx context.Context, crd *cozyv1al
 		},
 	}

-	_, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error {
-		if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil {
+	_, err := controllerutil.CreateOrUpdate(ctx, m.Client, obj, func() error {
+		if err := controllerutil.SetOwnerReference(crd, obj, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
--- a/internal/controller/dashboard/customformsoverride.go
+++ b/internal/controller/dashboard/customformsoverride.go
@@ -53,8 +53,8 @@ func (m *Manager) ensureCustomFormsOverride(ctx context.Context, crd *cozyv1alph
 		"strategy":        "merge",
 	}

-	_, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error {
-		if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil {
+	_, err := controllerutil.CreateOrUpdate(ctx, m.Client, obj, func() error {
+		if err := controllerutil.SetOwnerReference(crd, obj, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
--- a/internal/controller/dashboard/customformsprefill.go
+++ b/internal/controller/dashboard/customformsprefill.go
@@ -56,8 +56,8 @@ func (m *Manager) ensureCustomFormsPrefill(ctx context.Context, crd *cozyv1alpha
 		return reconcile.Result{}, err
 	}

-	_, err = controllerutil.CreateOrUpdate(ctx, m.client, cfp, func() error {
-		if err := controllerutil.SetOwnerReference(crd, cfp, m.scheme); err != nil {
+	_, err = controllerutil.CreateOrUpdate(ctx, m.Client, cfp, func() error {
+		if err := controllerutil.SetOwnerReference(crd, cfp, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
--- a/internal/controller/dashboard/factory.go
+++ b/internal/controller/dashboard/factory.go
@@ -53,7 +53,6 @@ func (m *Manager) ensureFactory(ctx context.Context, crd *cozyv1alpha1.Cozystack
 		Kind:         kind,
 		Plural:       plural,
 		Title:        strings.ToLower(plural),
-		Size:         BadgeSizeLarge,
 	}

 	spec := createUnifiedFactory(config, tabs, []any{resourceFetch})
@@ -61,8 +60,8 @@ func (m *Manager) ensureFactory(ctx context.Context, crd *cozyv1alpha1.Cozystack
 	obj := &dashv1alpha1.Factory{}
 	obj.SetName(factoryName)

-	_, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error {
-		if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil {
+	_, err := controllerutil.CreateOrUpdate(ctx, m.Client, obj, func() error {
+		if err := controllerutil.SetOwnerReference(crd, obj, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
@@ -115,7 +114,7 @@ func detailsTab(kind, endpoint, schemaJSON string, keysOrder [][]string) map[str
 					"gap":   float64(6),
 				},
 				"children": []any{
-					createUnifiedBadgeFromKind("ns-badge", "Namespace", "namespace", BadgeSizeMedium),
+					createUnifiedBadgeFromKind("ns-badge", "Namespace"),
 					antdLink("namespace-link",
 						"{reqsJsonPath[0]['.metadata.namespace']['-']}",
 						"/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace",
@@ -324,6 +323,7 @@ func yamlTab(plural string) map[string]any {
 					"type":                      "builtin",
 					"typeName":                  plural,
 					"prefillValuesRequestIndex": float64(0),
+					"readOnly":                  true,
 					"substractHeight":           float64(400),
 				},
 			},
--- a/internal/controller/dashboard/helpers.go
+++ b/internal/controller/dashboard/helpers.go
@@ -1,12 +1,9 @@
 package dashboard

 import (
-	"crypto/sha1"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"reflect"
-	"regexp"
 	"sort"
 	"strings"

@@ -57,97 +54,6 @@ func pickPlural(kind string, crd *cozyv1alpha1.CozystackResourceDefinition) stri
 	return k + "s"
 }

-// initialsFromKind splits CamelCase and returns the first letters in upper case.
-// "VirtualMachine" -> "VM"; "Bucket" -> "B".
-func initialsFromKind(kind string) string {
-	parts := splitCamel(kind)
-	if len(parts) == 0 {
-		return strings.ToUpper(kind)
-	}
-	var b strings.Builder
-	for _, p := range parts {
-		if p == "" {
-			continue
-		}
-		b.WriteString(strings.ToUpper(string(p[0])))
-		// Limit to 3 chars to keep the badge compact (VM, PVC, etc.)
-		if b.Len() >= 3 {
-			break
-		}
-	}
-	return b.String()
-}
-
-// hexColorForKind returns a dark, saturated color (hex) derived from a stable hash of the kind.
-// We map the hash to an HSL hue; fix S/L for consistent readability with white text.
-func hexColorForKind(kind string) string {
-	// Stable short hash (sha1 → bytes → hue)
-	sum := sha1.Sum([]byte(kind))
-	// Use first two bytes for hue [0..359]
-	hue := int(sum[0])<<8 | int(sum[1])
-	hue = hue % 360
-
-	// Fixed S/L chosen to contrast with white text:
-	// S = 80%, L = 35% (dark enough so #fff is readable)
-	r, g, b := hslToRGB(float64(hue), 0.80, 0.35)
-
-	return fmt.Sprintf("#%02x%02x%02x", r, g, b)
-}
-
-// hslToRGB converts HSL (0..360, 0..1, 0..1) to sRGB (0..255).
-func hslToRGB(h float64, s float64, l float64) (uint8, uint8, uint8) {
-	c := (1 - absFloat(2*l-1)) * s
-	hp := h / 60.0
-	x := c * (1 - absFloat(modFloat(hp, 2)-1))
-	var r1, g1, b1 float64
-	switch {
-	case 0 <= hp && hp < 1:
-		r1, g1, b1 = c, x, 0
-	case 1 <= hp && hp < 2:
-		r1, g1, b1 = x, c, 0
-	case 2 <= hp && hp < 3:
-		r1, g1, b1 = 0, c, x
-	case 3 <= hp && hp < 4:
-		r1, g1, b1 = 0, x, c
-	case 4 <= hp && hp < 5:
-		r1, g1, b1 = x, 0, c
-	default:
-		r1, g1, b1 = c, 0, x
-	}
-	m := l - c/2
-	r := uint8(clamp01(r1+m) * 255.0)
-	g := uint8(clamp01(g1+m) * 255.0)
-	b := uint8(clamp01(b1+m) * 255.0)
-	return r, g, b
-}
-
-func absFloat(v float64) float64 {
-	if v < 0 {
-		return -v
-	}
-	return v
-}
-
-func modFloat(a, b float64) float64 {
-	return a - b*float64(int(a/b))
-}
-
-func clamp01(v float64) float64 {
-	if v < 0 {
-		return 0
-	}
-	if v > 1 {
-		return 1
-	}
-	return v
-}
-
-// optional: tiny helper to expose the compact color hash (useful for debugging)
-func shortHashHex(s string) string {
-	sum := sha1.Sum([]byte(s))
-	return hex.EncodeToString(sum[:4])
-}
-
 // ----------------------- Helpers (OpenAPI → values) -----------------------

 // defaultOrZero returns the schema default if present; otherwise a reasonable zero value.
@@ -295,12 +201,6 @@ func normalizeJSON(v any) any {
 	}
 }

-var camelSplitter = regexp.MustCompile(`(?m)([A-Z]+[a-z0-9]*|[a-z0-9]+)`)
-
-func splitCamel(s string) []string {
-	return camelSplitter.FindAllString(s, -1)
-}
-
 // --- helpers for schema inspection ---

 func isScalarType(n map[string]any) bool {
--- a/internal/controller/dashboard/manager.go
+++ b/internal/controller/dashboard/manager.go
@@ -10,7 +10,9 @@ import (

 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"

+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
@@ -40,28 +42,42 @@ func AddToScheme(s *runtime.Scheme) error {
 // Manager owns logic for creating/updating dashboard resources derived from CRDs.
 // It’s easy to extend: add new ensure* methods and wire them into EnsureForCRD.
 type Manager struct {
-	client    client.Client
-	scheme    *runtime.Scheme
-	crdListFn func(context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error)
-}
-
-// Option pattern so callers can inject a custom lister.
-type Option func(*Manager)
-
-// WithCRDListFunc overrides how Manager lists all CozystackResourceDefinitions.
-func WithCRDListFunc(fn func(context.Context) ([]cozyv1alpha1.CozystackResourceDefinition, error)) Option {
-	return func(m *Manager) { m.crdListFn = fn }
+	client.Client
+	Scheme *runtime.Scheme
 }

 // NewManager constructs a dashboard Manager.
-func NewManager(c client.Client, scheme *runtime.Scheme, opts ...Option) *Manager {
-	m := &Manager{client: c, scheme: scheme}
-	for _, o := range opts {
-		o(m)
-	}
+func NewManager(c client.Client, scheme *runtime.Scheme) *Manager {
+	m := &Manager{Client: c, Scheme: scheme}
 	return m
 }

+func (m *Manager) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		Named("dashboard-reconciler").
+		For(&cozyv1alpha1.CozystackResourceDefinition{}).
+		Complete(m)
+}
+
+func (m *Manager) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	l := log.FromContext(ctx)
+
+	crd := &cozyv1alpha1.CozystackResourceDefinition{}
+
+	err := m.Get(ctx, types.NamespacedName{Name: req.Name}, crd)
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			if err := m.CleanupOrphanedResources(ctx); err != nil {
+				l.Error(err, "Failed to cleanup orphaned dashboard resources")
+			}
+			return ctrl.Result{}, nil // no point in requeuing here
+		}
+		return ctrl.Result{}, err
+	}
+
+	return m.EnsureForCRD(ctx, crd)
+}
+
 // EnsureForCRD is the single entry-point used by the controller.
 // Add more ensure* calls here as you implement support for other resources:
 //
@@ -171,21 +187,11 @@ func (m *Manager) getStaticResourceSelector() client.MatchingLabels {
 // CleanupOrphanedResources removes dashboard resources that are no longer needed
 // This should be called after cache warming to ensure all current resources are known
 func (m *Manager) CleanupOrphanedResources(ctx context.Context) error {
-	// Get all current CRDs to determine which resources should exist
-	var allCRDs []cozyv1alpha1.CozystackResourceDefinition
-	if m.crdListFn != nil {
-		s, err := m.crdListFn(ctx)
-		if err != nil {
-			return err
-		}
-		allCRDs = s
-	} else {
-		var crdList cozyv1alpha1.CozystackResourceDefinitionList
-		if err := m.client.List(ctx, &crdList, &client.ListOptions{}); err != nil {
-			return err
-		}
-		allCRDs = crdList.Items
+	var crdList cozyv1alpha1.CozystackResourceDefinitionList
+	if err := m.List(ctx, &crdList, &client.ListOptions{}); err != nil {
+		return err
 	}
+	allCRDs := crdList.Items

 	// Build a set of expected resource names for each type
 	expectedResources := m.buildExpectedResourceSet(allCRDs)
@@ -349,7 +355,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	}

 	// List with dashboard labels
-	if err := m.client.List(ctx, list, m.getDashboardResourceSelector()); err != nil {
+	if err := m.List(ctx, list, m.getDashboardResourceSelector()); err != nil {
 		return err
 	}

@@ -358,7 +364,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	case *dashv1alpha1.CustomColumnsOverrideList:
 		for _, item := range l.Items {
 			if !expected[item.Name] {
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -369,7 +375,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	case *dashv1alpha1.CustomFormsOverrideList:
 		for _, item := range l.Items {
 			if !expected[item.Name] {
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -380,7 +386,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	case *dashv1alpha1.CustomFormsPrefillList:
 		for _, item := range l.Items {
 			if !expected[item.Name] {
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -391,7 +397,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	case *dashv1alpha1.MarketplacePanelList:
 		for _, item := range l.Items {
 			if !expected[item.Name] {
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -402,7 +408,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	case *dashv1alpha1.SidebarList:
 		for _, item := range l.Items {
 			if !expected[item.Name] {
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -413,7 +419,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 	case *dashv1alpha1.TableUriMappingList:
 		for _, item := range l.Items {
 			if !expected[item.Name] {
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -426,7 +432,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 			if !expected[item.Name] {
 				logger := log.FromContext(ctx)
 				logger.Info("Deleting orphaned Breadcrumb resource", "name", item.Name)
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
@@ -438,7 +444,7 @@ func (m *Manager) cleanupResourceType(ctx context.Context, resourceType client.O
 			if !expected[item.Name] {
 				logger := log.FromContext(ctx)
 				logger.Info("Deleting orphaned Factory resource", "name", item.Name)
-				if err := m.client.Delete(ctx, &item); err != nil {
+				if err := m.Delete(ctx, &item); err != nil {
 					if !apierrors.IsNotFound(err) {
 						return err
 					}
--- a/internal/controller/dashboard/marketplacepanel.go
+++ b/internal/controller/dashboard/marketplacepanel.go
@@ -24,14 +24,14 @@ func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1.

 	// If dashboard is not set, delete the panel if it exists.
 	if crd.Spec.Dashboard == nil {
-		err := m.client.Get(ctx, client.ObjectKey{Name: mp.Name}, mp)
+		err := m.Get(ctx, client.ObjectKey{Name: mp.Name}, mp)
 		if apierrors.IsNotFound(err) {
 			return reconcile.Result{}, nil
 		}
 		if err != nil {
 			return reconcile.Result{}, err
 		}
-		if err := m.client.Delete(ctx, mp); err != nil && !apierrors.IsNotFound(err) {
+		if err := m.Delete(ctx, mp); err != nil && !apierrors.IsNotFound(err) {
 			return reconcile.Result{}, err
 		}
 		logger.Info("Deleted MarketplacePanel because dashboard is not set", "name", mp.Name)
@@ -40,14 +40,14 @@ func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1.

 	// Skip module and tenant resources (they don't need MarketplacePanel)
 	if crd.Spec.Dashboard.Module || crd.Spec.Application.Kind == "Tenant" {
-		err := m.client.Get(ctx, client.ObjectKey{Name: mp.Name}, mp)
+		err := m.Get(ctx, client.ObjectKey{Name: mp.Name}, mp)
 		if apierrors.IsNotFound(err) {
 			return reconcile.Result{}, nil
 		}
 		if err != nil {
 			return reconcile.Result{}, err
 		}
-		if err := m.client.Delete(ctx, mp); err != nil && !apierrors.IsNotFound(err) {
+		if err := m.Delete(ctx, mp); err != nil && !apierrors.IsNotFound(err) {
 			return reconcile.Result{}, err
 		}
 		logger.Info("Deleted MarketplacePanel because resource is a module", "name", mp.Name)
@@ -86,8 +86,8 @@ func (m *Manager) ensureMarketplacePanel(ctx context.Context, crd *cozyv1alpha1.
 		return reconcile.Result{}, err
 	}

-	_, err = controllerutil.CreateOrUpdate(ctx, m.client, mp, func() error {
-		if err := controllerutil.SetOwnerReference(crd, mp, m.scheme); err != nil {
+	_, err = controllerutil.CreateOrUpdate(ctx, m.Client, mp, func() error {
+		if err := controllerutil.SetOwnerReference(crd, mp, m.Scheme); err != nil {
 			return err
 		}
 		// Add dashboard labels to dynamic resources
--- a/internal/controller/dashboard/sidebar.go
+++ b/internal/controller/dashboard/sidebar.go
@@ -33,19 +33,11 @@ func (m *Manager) ensureSidebar(ctx context.Context, crd *cozyv1alpha1.Cozystack

 	// 1) Fetch all CRDs
 	var all []cozyv1alpha1.CozystackResourceDefinition
-	if m.crdListFn != nil {
-		s, err := m.crdListFn(ctx)
-		if err != nil {
-			return err
-		}
-		all = s
-	} else {
-		var crdList cozyv1alpha1.CozystackResourceDefinitionList
-		if err := m.client.List(ctx, &crdList, &client.ListOptions{}); err != nil {
-			return err
-		}
-		all = crdList.Items
+	var crdList cozyv1alpha1.CozystackResourceDefinitionList
+	if err := m.List(ctx, &crdList, &client.ListOptions{}); err != nil {
+		return err
 	}
+	all = crdList.Items

 	// 2) Build category -> []item map (only for CRDs with spec.dashboard != nil)
 	type item struct {
@@ -251,7 +243,7 @@ func (m *Manager) upsertMultipleSidebars(
 		obj := &dashv1alpha1.Sidebar{}
 		obj.SetName(id)

-		if _, err := controllerutil.CreateOrUpdate(ctx, m.client, obj, func() error {
+		if _, err := controllerutil.CreateOrUpdate(ctx, m.Client, obj, func() error {
 			// Only set owner reference for dynamic sidebars (stock-project-factory-{kind}-details)
 			// Static sidebars (stock-instance-*, stock-project-*) should not have owner references
 			if strings.HasPrefix(id, "stock-project-factory-") && strings.HasSuffix(id, "-details") {
@@ -260,7 +252,7 @@ func (m *Manager) upsertMultipleSidebars(
 				lowerKind := strings.ToLower(kind)
 				expectedID := fmt.Sprintf("stock-project-factory-%s-details", lowerKind)
 				if id == expectedID {
-					if err := controllerutil.SetOwnerReference(crd, obj, m.scheme); err != nil {
+					if err := controllerutil.SetOwnerReference(crd, obj, m.Scheme); err != nil {
 						return err
 					}
 					// Add dashboard labels to dynamic resources
--- a/internal/controller/dashboard/static_helpers.go
+++ b/internal/controller/dashboard/static_helpers.go
@@ -531,7 +531,6 @@ func createBreadcrumbItem(key, label string, link ...string) map[string]any {

 // createCustomColumn creates a custom column with factory type and badge
 func createCustomColumn(name, kind, plural, href string) map[string]any {
-	badge := createUnifiedBadgeFromKind("header-badge", kind, plural, BadgeSizeMedium)
 	link := antdLink("name-link", "{reqsJsonPath[0]['.metadata.name']['-']}", href)

 	return map[string]any{
@@ -541,8 +540,18 @@ func createCustomColumn(name, kind, plural, href string) map[string]any {
 			"disableEventBubbling": true,
 			"items": []any{
 				map[string]any{
-					"children": []any{badge, link},
-					"type":     "antdFlex",
+					"children": []any{
+						map[string]any{
+							"type": "ResourceBadge",
+							"data": map[string]any{
+								"id":    "header-badge",
+								"value": kind,
+								// abbreviation auto-generated by ResourceBadge from value
+							},
+						},
+						link,
+					},
+					"type": "antdFlex",
 					"data": map[string]any{
 						"align": "center",
 						"gap":   float64(6),
@@ -554,16 +563,16 @@ func createCustomColumn(name, kind, plural, href string) map[string]any {
 }

 // createCustomColumnWithBadge creates a custom column with a specific badge
-func createCustomColumnWithBadge(name, badgeText, badgeColor, title, href string) map[string]any {
-	config := BadgeConfig{
-		Text:  badgeText,
-		Color: badgeColor,
-		Title: title,
-		Size:  BadgeSizeMedium,
-	}
-	badge := createUnifiedBadge("header-badge", config)
+// badgeValue should be the kind in PascalCase (e.g., "Service", "Pod")
+// abbreviation is auto-generated by ResourceBadge from badgeValue
+func createCustomColumnWithBadge(name, badgeValue, href string) map[string]any {
 	link := antdLink("name-link", "{reqsJsonPath[0]['.metadata.name']['-']}", href)

+	badgeData := map[string]any{
+		"id":    "header-badge",
+		"value": badgeValue,
+	}
+
 	return map[string]any{
 		"name": name,
 		"type": "factory",
@@ -571,8 +580,14 @@ func createCustomColumnWithBadge(name, badgeText, badgeColor, title, href string
 			"disableEventBubbling": true,
 			"items": []any{
 				map[string]any{
-					"children": []any{badge, link},
-					"type":     "antdFlex",
+					"children": []any{
+						map[string]any{
+							"type": "ResourceBadge",
+							"data": badgeData,
+						},
+						link,
+					},
+					"type": "antdFlex",
 					"data": map[string]any{
 						"align": "center",
 						"gap":   float64(6),
@@ -583,17 +598,22 @@ func createCustomColumnWithBadge(name, badgeText, badgeColor, title, href string
 	}
 }

-// createCustomColumnWithSpecificColor creates a custom column with a specific color
-func createCustomColumnWithSpecificColor(name, kind, title, color, href string) map[string]any {
-	config := BadgeConfig{
-		Text:  initialsFromKind(kind),
-		Color: color,
-		Title: title,
-		Size:  BadgeSizeMedium,
-	}
-	badge := createUnifiedBadge("header-badge", config)
+// createCustomColumnWithSpecificColor creates a custom column with a specific kind and optional color
+// badgeValue should be the kind in PascalCase (e.g., "Service", "Pod")
+func createCustomColumnWithSpecificColor(name, kind, color, href string) map[string]any {
 	link := antdLink("name-link", "{reqsJsonPath[0]['.metadata.name']['-']}", href)

+	badgeData := map[string]any{
+		"id":    "header-badge",
+		"value": kind,
+	}
+	// Add custom color if specified
+	if color != "" {
+		badgeData["style"] = map[string]any{
+			"backgroundColor": color,
+		}
+	}
+
 	return map[string]any{
 		"name":     name,
 		"type":     "factory",
@@ -602,8 +622,14 @@ func createCustomColumnWithSpecificColor(name, kind, title, color, href string)
 			"disableEventBubbling": true,
 			"items": []any{
 				map[string]any{
-					"children": []any{badge, link},
-					"type":     "antdFlex",
+					"children": []any{
+						map[string]any{
+							"type": "ResourceBadge",
+							"data": badgeData,
+						},
+						link,
+					},
+					"type": "antdFlex",
 					"data": map[string]any{
 						"align": "center",
 						"gap":   float64(6),
@@ -668,7 +694,7 @@ func createTimestampColumn(name, jsonPath string) map[string]any {
 // createFactoryHeader creates a header for factory resources
 func createFactoryHeader(kind, plural string) map[string]any {
 	lowerKind := strings.ToLower(kind)
-	badge := createUnifiedBadgeFromKind("badge-"+lowerKind, kind, plural, BadgeSizeLarge)
+	badge := createUnifiedBadgeFromKind("badge-"+lowerKind, kind)
 	nameText := parsedText(lowerKind+"-name", "{reqsJsonPath[0]['.metadata.name']['-']}", map[string]any{
 		"fontFamily": "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif",
 		"fontSize":   float64(20),
@@ -718,13 +744,26 @@ func createFactorySpec(key string, sidebarTags []any, urlsToFetch []any, header
 }

 // createCustomColumnWithJsonPath creates a column with a custom badge and link using jsonPath
-func createCustomColumnWithJsonPath(name, jsonPath, badgeText, badgeTitle, badgeColor, linkHref string) map[string]any {
+// badgeValue should be the kind in PascalCase (e.g., "Service", "VirtualMachine")
+// abbreviation is auto-generated by ResourceBadge from badgeValue
+func createCustomColumnWithJsonPath(name, jsonPath, badgeValue, badgeColor, linkHref string) map[string]any {
 	// Determine link ID based on jsonPath
 	linkId := "name-link"
 	if jsonPath == ".metadata.namespace" {
 		linkId = "namespace-link"
 	}

+	badgeData := map[string]any{
+		"id":    "header-badge",
+		"value": badgeValue,
+	}
+	// Add custom color if specified
+	if badgeColor != "" {
+		badgeData["style"] = map[string]any{
+			"backgroundColor": badgeColor,
+		}
+	}
+
 	return map[string]any{
 		"name":     name,
 		"type":     "factory",
@@ -741,26 +780,8 @@ func createCustomColumnWithJsonPath(name, jsonPath, badgeText, badgeTitle, badge
 					},
 					"children": []any{
 						map[string]any{
-							"type": "antdText",
-							"data": map[string]any{
-								"id":    "header-badge",
-								"text":  badgeText,
-								"title": badgeTitle,
-								"style": map[string]any{
-									"backgroundColor": badgeColor,
-									"borderRadius":    "20px",
-									"color":           "#fff",
-									"display":         "inline-block",
-									"fontFamily":      "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif",
-									"fontSize":        "15px",
-									"fontWeight":      400,
-									"lineHeight":      "24px",
-									"minWidth":        24,
-									"padding":         "0 9px",
-									"textAlign":       "center",
-									"whiteSpace":      "nowrap",
-								},
-							},
+							"type": "ResourceBadge",
+							"data": badgeData,
 						},
 						map[string]any{
 							"type": "antdLink",
@@ -778,7 +799,20 @@ func createCustomColumnWithJsonPath(name, jsonPath, badgeText, badgeTitle, badge
 }

 // createCustomColumnWithoutJsonPath creates a column with a custom badge and link without jsonPath
-func createCustomColumnWithoutJsonPath(name, badgeText, badgeTitle, badgeColor, linkHref string) map[string]any {
+// badgeValue should be the kind in PascalCase (e.g., "Node", "Pod")
+// abbreviation is auto-generated by ResourceBadge from badgeValue
+func createCustomColumnWithoutJsonPath(name, badgeValue, badgeColor, linkHref string) map[string]any {
+	badgeData := map[string]any{
+		"id":    "header-badge",
+		"value": badgeValue,
+	}
+	// Add custom color if specified
+	if badgeColor != "" {
+		badgeData["style"] = map[string]any{
+			"backgroundColor": badgeColor,
+		}
+	}
+
 	return map[string]any{
 		"name": name,
 		"type": "factory",
@@ -794,26 +828,8 @@ func createCustomColumnWithoutJsonPath(name, badgeText, badgeTitle, badgeColor,
 					},
 					"children": []any{
 						map[string]any{
-							"type": "antdText",
-							"data": map[string]any{
-								"id":    "header-badge",
-								"text":  badgeText,
-								"title": badgeTitle,
-								"style": map[string]any{
-									"backgroundColor": badgeColor,
-									"borderRadius":    "20px",
-									"color":           "#fff",
-									"display":         "inline-block",
-									"fontFamily":      "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif",
-									"fontSize":        "15px",
-									"fontWeight":      400,
-									"lineHeight":      "24px",
-									"minWidth":        24,
-									"padding":         "0 9px",
-									"textAlign":       "center",
-									"whiteSpace":      "nowrap",
-								},
-							},
+							"type": "ResourceBadge",
+							"data": badgeData,
 						},
 						map[string]any{
 							"type": "antdLink",
--- a/internal/controller/dashboard/static_processor.go
+++ b/internal/controller/dashboard/static_processor.go
@@ -32,7 +32,7 @@ func (m *Manager) ensureStaticResource(ctx context.Context, obj client.Object) e
 	// Add dashboard labels to static resources
 	m.addDashboardLabels(resource, nil, ResourceTypeStatic)

-	_, err := controllerutil.CreateOrUpdate(ctx, m.client, resource, func() error {
+	_, err := controllerutil.CreateOrUpdate(ctx, m.Client, resource, func() error {
 		// For static resources, we don't need to set owner references
 		// as they are meant to be persistent across CRD changes
 		// Copy Spec from the original object to the live object
--- a/internal/controller/dashboard/static_refactored.go
+++ b/internal/controller/dashboard/static_refactored.go
@@ -132,7 +132,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid
 	return []*dashboardv1alpha1.CustomColumnsOverride{
 		// Factory details v1 services
 		createCustomColumnsOverride("factory-details-v1.services", []any{
-			createCustomColumnWithSpecificColor("Name", "Service", "service", getColorForType("service"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithSpecificColor("Name", "Service", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("ClusterIP", ".spec.clusterIP"),
 			createStringColumn("LoadbalancerIP", ".spec.loadBalancerIP"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
@@ -140,7 +140,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock namespace v1 services
 		createCustomColumnsOverride("stock-namespace-/v1/services", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "S", "service", getColorForType("service"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Service", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("ClusterIP", ".spec.clusterIP"),
 			createStringColumn("LoadbalancerIP", ".status.loadBalancer.ingress[0].ip"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
@@ -148,7 +148,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock namespace core cozystack io v1alpha1 tenantmodules
 		createCustomColumnsOverride("stock-namespace-/core.cozystack.io/v1alpha1/tenantmodules", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "M", "module", getColorForType("module"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/{reqsJsonPath[0]['.metadata.name']['-']}-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Module", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/{reqsJsonPath[0]['.metadata.name']['-']}-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createReadyColumn(),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 			createStringColumn("Version", ".status.version"),
@@ -164,7 +164,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Factory details v1alpha1 cozystack io workloadmonitors
 		createCustomColumnsOverride("factory-details-v1alpha1.cozystack.io.workloadmonitors", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "W", "workloadmonitor", getColorForType("workloadmonitor"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/workloadmonitor-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "WorkloadMonitor", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/workloadmonitor-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("TYPE", ".spec.type"),
 			createStringColumn("VERSION", ".spec.version"),
 			createStringColumn("REPLICAS", ".spec.replicas"),
@@ -175,7 +175,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Factory details v1alpha1 core cozystack io tenantsecretstables
 		createCustomColumnsOverride("factory-details-v1alpha1.core.cozystack.io.tenantsecretstables", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "S", "secret", getColorForType("secret"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-secret-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Secret", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-secret-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("Key", ".data.key"),
 			createSecretBase64Column("Value", ".data.value"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
@@ -184,7 +184,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid
 		// Factory ingress details rules
 		createCustomColumnsOverride("factory-kube-ingress-details-rules", []any{
 			createStringColumn("Host", ".host"),
-			createCustomColumnWithJsonPath("Service", ".http.paths[0].backend.service.name", "S", "service", getColorForType("service"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.http.paths[0].backend.service.name']['-']}"),
+			createCustomColumnWithJsonPath("Service", ".http.paths[0].backend.service.name", "Service", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-service-details/{reqsJsonPath[0]['.http.paths[0].backend.service.name']['-']}"),
 			createStringColumn("Port", ".http.paths[0].backend.service.port.number"),
 			createStringColumn("Path", ".http.paths[0].path"),
 		}),
@@ -250,7 +250,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Factory details networking k8s io v1 ingresses
 		createCustomColumnsOverride("factory-details-networking.k8s.io.v1.ingresses", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "I", "ingress", getColorForType("ingress"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-ingress-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Ingress", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-ingress-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("Hosts", ".spec.rules[*].host"),
 			createStringColumn("Address", ".status.loadBalancer.ingress[0].ip"),
 			createStringColumn("Port", ".spec.defaultBackend.service.port.number"),
@@ -259,7 +259,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock namespace networking k8s io v1 ingresses
 		createCustomColumnsOverride("stock-namespace-/networking.k8s.io/v1/ingresses", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "I", "ingress", getColorForType("ingress"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-ingress-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Ingress", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-ingress-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("Hosts", ".spec.rules[*].host"),
 			createStringColumn("Address", ".status.loadBalancer.ingress[0].ip"),
 			createStringColumn("Port", ".spec.defaultBackend.service.port.number"),
@@ -268,34 +268,34 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock cluster v1 configmaps
 		createCustomColumnsOverride("stock-cluster-/v1/configmaps", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "CM", "configmap", getColorForType("configmap"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/configmap-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "NS", "namespace", getColorForType("namespace"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "ConfigMap", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/configmap-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "Namespace", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 		}),

 		// Stock namespace v1 configmaps
 		createCustomColumnsOverride("stock-namespace-/v1/configmaps", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "CM", "configmap", getColorForType("configmap"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/configmap-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "ConfigMap", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/configmap-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 		}),

 		// Cluster v1 configmaps
 		createCustomColumnsOverride("cluster-/v1/configmaps", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "CM", "configmap", getColorForType("configmap"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/configmap-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "NS", "namespace", getColorForType("namespace"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "ConfigMap", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/configmap-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "Namespace", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 		}),

 		// Stock cluster v1 nodes
 		createCustomColumnsOverride("stock-cluster-/v1/nodes", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "N", "node", getColorForType("node"), "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Node", "", "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createSimpleStatusColumn("Status", "node-status"),
 		}),

 		// Factory node details v1 pods
 		createCustomColumnsOverride("factory-node-details-v1.pods", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "P", "pod", getColorForType("pod"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "NS", "namespace", getColorForType("namespace"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Pod", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "Namespace", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace"),
 			createStringColumn("Restart Policy", ".spec.restartPolicy"),
 			createStringColumn("Pod IP", ".status.podIP"),
 			createStringColumn("QOS", ".status.qosClass"),
@@ -304,8 +304,8 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Factory v1 pods
 		createCustomColumnsOverride("factory-v1.pods", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "P", "pod", getColorForType("pod"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithoutJsonPath("Node", "N", "node", getColorForType("node"), "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.spec.nodeName']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Pod", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithoutJsonPath("Node", "Node", "", "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.spec.nodeName']['-']}"),
 			createStringColumn("Restart Policy", ".spec.restartPolicy"),
 			createStringColumn("Pod IP", ".status.podIP"),
 			createStringColumn("QOS", ".status.qosClass"),
@@ -314,9 +314,9 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock cluster v1 pods
 		createCustomColumnsOverride("stock-cluster-/v1/pods", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "P", "pod", "#009596", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "NS", "namespace", "#a25792ff", "/openapi-ui/{2}/factory/tenantnamespace/{reqsJsonPath[0]['.metadata.namespace']['-']}"),
-			createCustomColumnWithJsonPath("Node", ".spec.nodeName", "N", "node", "#8476d1", "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.spec.nodeName']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Pod", "#009596", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "Namespace", "#a25792ff", "/openapi-ui/{2}/factory/tenantnamespace/{reqsJsonPath[0]['.metadata.namespace']['-']}"),
+			createCustomColumnWithJsonPath("Node", ".spec.nodeName", "Node", "#8476d1", "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.spec.nodeName']['-']}"),
 			createStringColumn("Restart Policy", ".spec.restartPolicy"),
 			createStringColumn("Pod IP", ".status.podIP"),
 			createStringColumn("QOS", ".status.qosClass"),
@@ -325,8 +325,8 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock namespace v1 pods
 		createCustomColumnsOverride("stock-namespace-/v1/pods", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "P", "pod", "#009596", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithoutJsonPath("Node", "N", "node", "#8476d1", "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.spec.nodeName']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Pod", "#009596", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/pod-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithoutJsonPath("Node", "Node", "#8476d1", "/openapi-ui/{2}/factory/node-details/{reqsJsonPath[0]['.spec.nodeName']['-']}"),
 			createStringColumn("Restart Policy", ".spec.restartPolicy"),
 			createStringColumn("Pod IP", ".status.podIP"),
 			createStringColumn("QOS", ".status.qosClass"),
@@ -335,15 +335,15 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock cluster v1 secrets
 		createCustomColumnsOverride("stock-cluster-/v1/secrets", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "S", "secret", "#c46100", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-secret-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
-			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "NS", "namespace", "#a25792ff", "/openapi-ui/{2}/factory/tenantnamespace/{reqsJsonPath[0]['.metadata.namespace']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Secret", "#c46100", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-secret-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Namespace", ".metadata.namespace", "Namespace", "#a25792ff", "/openapi-ui/{2}/factory/tenantnamespace/{reqsJsonPath[0]['.metadata.namespace']['-']}"),
 			createStringColumn("Type", ".type"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 		}),

 		// Stock namespace v1 secrets
 		createCustomColumnsOverride("stock-namespace-/v1/secrets", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "S", "secret", "#c46100", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-secret-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "Secret", "#c46100", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/kube-secret-details/{reqsJsonPath[0]['.metadata.name']['-']}"),
 			createStringColumn("Type", ".type"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 		}),
@@ -360,7 +360,7 @@ func CreateAllCustomColumnsOverrides() []*dashboardv1alpha1.CustomColumnsOverrid

 		// Stock cluster core cozystack io v1alpha1 tenantnamespaces
 		createCustomColumnsOverride("stock-cluster-/core.cozystack.io/v1alpha1/tenantnamespaces", []any{
-			createCustomColumnWithJsonPath("Name", ".metadata.name", "TN", "tenantnamespace", getColorForType("tenantnamespace"), "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.name']['-']}/factory/marketplace"),
+			createCustomColumnWithJsonPath("Name", ".metadata.name", "TenantNamespace", "", "/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.name']['-']}/factory/marketplace"),
 			createTimestampColumn("Created", ".metadata.creationTimestamp"),
 		}),
 	}
@@ -496,7 +496,6 @@ func CreateAllFactories() []*dashboardv1alpha1.Factory {
 		Kind:         "Namespace",
 		Plural:       "namespaces",
 		Title:        "namespace",
-		Size:         BadgeSizeLarge,
 	}
 	namespaceSpec := createUnifiedFactory(namespaceConfig, nil, []any{"/api/clusters/{2}/k8s/api/v1/namespaces/{5}"})

@@ -796,6 +795,7 @@ func CreateAllFactories() []*dashboardv1alpha1.Factory {
 						"substractHeight":           float64(400),
 						"type":                      "builtin",
 						"typeName":                  "secrets",
+						"readOnly":                  true,
 					},
 				},
 			},
@@ -1201,7 +1201,7 @@ func CreateAllFactories() []*dashboardv1alpha1.Factory {
 											"gap":   6,
 										},
 										"children": []any{
-											createUnifiedBadgeFromKind("ns-badge", "Namespace", "namespace", BadgeSizeMedium),
+											createUnifiedBadgeFromKind("ns-badge", "Namespace"),
 											antdLink("namespace-link",
 												"{reqsJsonPath[0]['.metadata.namespace']['-']}",
 												"/openapi-ui/{2}/{reqsJsonPath[0]['.metadata.namespace']['-']}/factory/marketplace",
--- a/internal/controller/dashboard/ui_helpers.go
+++ b/internal/controller/dashboard/ui_helpers.go
@@ -1,7 +1,5 @@
 package dashboard

-import "strings"
-
 // ---------------- UI helpers (use float64 for numeric fields) ----------------

 func contentCard(id string, style map[string]any, children []any) map[string]any {
@@ -200,10 +198,10 @@ func createBadge(id, text, color, title string) map[string]any {

 // createBadgeFromKind creates a badge using the existing badge generation functions
 func createBadgeFromKind(id, kind, title string) map[string]any {
-	return createUnifiedBadgeFromKind(id, kind, title, BadgeSizeMedium)
+	return createUnifiedBadgeFromKind(id, kind)
 }

 // createHeaderBadge creates a badge specifically for headers with consistent styling
 func createHeaderBadge(id, kind, plural string) map[string]any {
-	return createUnifiedBadgeFromKind(id, kind, strings.ToLower(plural), BadgeSizeLarge)
+	return createUnifiedBadgeFromKind(id, kind)
 }
--- a/internal/controller/dashboard/unified_helpers.go
+++ b/internal/controller/dashboard/unified_helpers.go
@@ -81,86 +81,47 @@ func isAlphanumeric(c byte) bool {

 // BadgeConfig holds configuration for badge generation
 type BadgeConfig struct {
-	Text  string
-	Color string
-	Title string
-	Size  BadgeSize
+	Kind  string // Resource kind in PascalCase (e.g., "VirtualMachine") - used for value and auto-generation
+	Text  string // Optional abbreviation override (if empty, ResourceBadge auto-generates from Kind)
+	Color string // Optional custom backgroundColor override
 }

-// BadgeSize represents the size of the badge
-type BadgeSize int
-
-const (
-	BadgeSizeSmall BadgeSize = iota
-	BadgeSizeMedium
-	BadgeSizeLarge
-)
-
-// generateBadgeConfig creates a BadgeConfig from kind and optional custom values
-func generateBadgeConfig(kind string, customText, customColor, customTitle string) BadgeConfig {
-	config := BadgeConfig{
-		Text:  initialsFromKind(kind),
-		Color: hexColorForKind(kind),
-		Title: strings.ToLower(kind),
-		Size:  BadgeSizeMedium,
-	}
-
-	// Override with custom values if provided
-	if customText != "" {
-		config.Text = customText
-	}
-	if customColor != "" {
-		config.Color = customColor
-	}
-	if customTitle != "" {
-		config.Title = customTitle
-	}
-
-	return config
-}
-
-// createUnifiedBadge creates a badge using the unified BadgeConfig
+// createUnifiedBadge creates a badge using the unified BadgeConfig with ResourceBadge component
 func createUnifiedBadge(id string, config BadgeConfig) map[string]any {
-	fontSize := "15px"
-	if config.Size == BadgeSizeLarge {
-		fontSize = "20px"
-	} else if config.Size == BadgeSizeSmall {
-		fontSize = "12px"
+	data := map[string]any{
+		"id":    id,
+		"value": config.Kind,
+	}
+
+	// Add abbreviation override if specified (otherwise ResourceBadge auto-generates from Kind)
+	if config.Text != "" {
+		data["abbreviation"] = config.Text
+	}
+
+	// Add custom color if specified
+	if config.Color != "" {
+		data["style"] = map[string]any{
+			"backgroundColor": config.Color,
+		}
 	}

 	return map[string]any{
-		"type": "antdText",
-		"data": map[string]any{
-			"id":    id,
-			"text":  config.Text,
-			"title": config.Title,
-			"style": map[string]any{
-				"backgroundColor": config.Color,
-				"borderRadius":    "20px",
-				"color":           "#fff",
-				"display":         "inline-block",
-				"fontFamily":      "RedHatDisplay, Overpass, overpass, helvetica, arial, sans-serif",
-				"fontSize":        fontSize,
-				"fontWeight":      float64(400),
-				"lineHeight":      "24px",
-				"minWidth":        float64(24),
-				"padding":         "0 9px",
-				"textAlign":       "center",
-				"whiteSpace":      "nowrap",
-			},
-		},
+		"type": "ResourceBadge",
+		"data": data,
 	}
 }

-// createUnifiedBadgeFromKind creates a badge from kind with automatic color generation
-func createUnifiedBadgeFromKind(id, kind, title string, size BadgeSize) map[string]any {
-	config := BadgeConfig{
-		Text:  initialsFromKind(kind),
-		Color: hexColorForKind(kind),
-		Title: title,
-		Size:  size,
+// createUnifiedBadgeFromKind creates a badge from kind with ResourceBadge component
+// Abbreviation is auto-generated by ResourceBadge from kind, but can be customized if needed
+func createUnifiedBadgeFromKind(id, kind string) map[string]any {
+	return map[string]any{
+		"type": "ResourceBadge",
+		"data": map[string]any{
+			"id":    id,
+			"value": kind,
+			// abbreviation is optional - ResourceBadge auto-generates from value
+		},
 	}
-	return createUnifiedBadge(id, config)
 }

 // ---------------- Resource creation helpers with unified approach ----------------
@@ -183,7 +144,9 @@ func createResourceConfig(components []string, kind, title string) ResourceConfi
 	metadataName := generateMetadataName(specID)

 	// Generate badge config
-	badgeConfig := generateBadgeConfig(kind, "", "", title)
+	badgeConfig := BadgeConfig{
+		Kind: kind,
+	}

 	return ResourceConfig{
 		SpecID:       specID,
@@ -196,35 +159,6 @@ func createResourceConfig(components []string, kind, title string) ResourceConfi

 // ---------------- Enhanced color generation ----------------

-// getColorForKind returns a color for a specific kind with improved distribution
-func getColorForKind(kind string) string {
-	// Use existing hexColorForKind function
-	return hexColorForKind(kind)
-}
-
-// getColorForType returns a color for a specific type (like "namespace", "service", etc.)
-func getColorForType(typeName string) string {
-	// Map common types to specific colors for consistency
-	colorMap := map[string]string{
-		"namespace":       "#a25792ff",
-		"service":         "#6ca100",
-		"pod":             "#009596",
-		"node":            "#8476d1",
-		"secret":          "#c46100",
-		"configmap":       "#b48c78ff",
-		"ingress":         "#2e7dff",
-		"workloadmonitor": "#c46100",
-		"module":          "#8b5cf6",
-	}
-
-	if color, exists := colorMap[strings.ToLower(typeName)]; exists {
-		return color
-	}
-
-	// Fall back to hash-based color generation
-	return hexColorForKind(typeName)
-}
-
 // ---------------- Automatic ID generation for UI elements ----------------

 // generateElementID creates an ID for UI elements based on context and type
@@ -282,7 +216,6 @@ type UnifiedResourceConfig struct {
 	Title        string
 	Color        string
 	BadgeText    string
-	Size         BadgeSize
 }

 // createUnifiedFactory creates a factory using unified approach
@@ -292,16 +225,9 @@ func createUnifiedFactory(config UnifiedResourceConfig, tabs []any, urlsToFetch

 	// Create header with unified badge
 	badgeConfig := BadgeConfig{
+		Kind:  config.Kind,
 		Text:  config.BadgeText,
 		Color: config.Color,
-		Title: config.Title,
-		Size:  config.Size,
-	}
-	if badgeConfig.Text == "" {
-		badgeConfig.Text = initialsFromKind(config.Kind)
-	}
-	if badgeConfig.Color == "" {
-		badgeConfig.Color = getColorForKind(config.Kind)
 	}

 	badge := createUnifiedBadge(generateBadgeID("header", config.Kind), badgeConfig)
@@ -348,7 +274,9 @@ func createUnifiedFactory(config UnifiedResourceConfig, tabs []any, urlsToFetch

 // createUnifiedCustomColumn creates a custom column using unified approach
 func createUnifiedCustomColumn(name, jsonPath, kind, title, href string) map[string]any {
-	badgeConfig := generateBadgeConfig(kind, "", "", title)
+	badgeConfig := BadgeConfig{
+		Kind: kind,
+	}
 	badge := createUnifiedBadge(generateBadgeID("column", kind), badgeConfig)

 	linkID := generateLinkID("column", "name")
--- a/internal/controller/workloadmonitor_reconciler.go
+++ b/internal/controller/workloadmonitor_reconciler.go
@@ -0,0 +1,439 @@
+package controller
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+	"text/template"
+
+	cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/utils/pointer"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+// WorkloadMonitorFromCRDReconciler reconciles HelmReleases and creates WorkloadMonitors
+// based on CozystackResourceDefinition templates
+type WorkloadMonitorFromCRDReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=helm.toolkit.fluxcd.io,resources=helmreleases,verbs=get;list;watch
+// +kubebuilder:rbac:groups=cozystack.io,resources=cozystackresourcedefinitions,verbs=get;list;watch
+// +kubebuilder:rbac:groups=cozystack.io,resources=workloadmonitors,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch
+
+const (
+	WorkloadMonitorOwnerLabel  = "workloadmonitor.cozystack.io/owned-by-crd"
+	WorkloadMonitorSourceLabel = "workloadmonitor.cozystack.io/helm-release"
+)
+
+// Reconcile processes HelmRelease resources and creates corresponding WorkloadMonitors
+func (r *WorkloadMonitorFromCRDReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	logger := log.FromContext(ctx)
+
+	// Get the HelmRelease
+	hr := &helmv2.HelmRelease{}
+	if err := r.Get(ctx, req.NamespacedName, hr); err != nil {
+		if errors.IsNotFound(err) {
+			// HelmRelease deleted - cleanup will be handled by owner references
+			return ctrl.Result{}, nil
+		}
+		logger.Error(err, "unable to fetch HelmRelease")
+		return ctrl.Result{}, err
+	}
+
+	// Skip system HelmReleases
+	if strings.HasPrefix(hr.Name, "tenant-") {
+		return ctrl.Result{}, nil
+	}
+
+	// Find the matching CozystackResourceDefinition
+	crd, err := r.findCRDForHelmRelease(ctx, hr)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			// No CRD found for this HelmRelease - skip
+			logger.V(1).Info("No CozystackResourceDefinition found for HelmRelease", "name", hr.Name)
+			return ctrl.Result{}, nil
+		}
+		logger.Error(err, "unable to find CozystackResourceDefinition")
+		return ctrl.Result{}, err
+	}
+
+	// If CRD doesn't have WorkloadMonitors, cleanup any existing ones we created
+	if len(crd.Spec.WorkloadMonitors) == 0 {
+		if err := r.cleanupWorkloadMonitors(ctx, hr); err != nil {
+			logger.Error(err, "failed to cleanup WorkloadMonitors")
+			return ctrl.Result{}, err
+		}
+		return ctrl.Result{}, nil
+	}
+
+	// Get the HelmRelease values for template rendering
+	values, err := r.getHelmReleaseValues(ctx, hr)
+	if err != nil {
+		logger.Error(err, "unable to get HelmRelease values")
+		return ctrl.Result{}, err
+	}
+
+	// Create/update WorkloadMonitors based on templates
+	if err := r.reconcileWorkloadMonitors(ctx, hr, crd, values); err != nil {
+		logger.Error(err, "failed to reconcile WorkloadMonitors")
+		return ctrl.Result{}, err
+	}
+
+	return ctrl.Result{}, nil
+}
+
+// findCRDForHelmRelease finds the CozystackResourceDefinition for a given HelmRelease
+func (r *WorkloadMonitorFromCRDReconciler) findCRDForHelmRelease(ctx context.Context, hr *helmv2.HelmRelease) (*cozyv1alpha1.CozystackResourceDefinition, error) {
+	// List all CozystackResourceDefinitions
+	var crdList cozyv1alpha1.CozystackResourceDefinitionList
+	if err := r.List(ctx, &crdList); err != nil {
+		return nil, err
+	}
+
+	// Match by chart name and prefix
+	for i := range crdList.Items {
+		crd := &crdList.Items[i]
+		if crd.Spec.Release.Chart.Name == hr.Spec.Chart.Spec.Chart {
+			// Check if HelmRelease name matches the prefix
+			if strings.HasPrefix(hr.Name, crd.Spec.Release.Prefix) {
+				return crd, nil
+			}
+		}
+	}
+
+	return nil, errors.NewNotFound(schema.GroupResource{Group: "cozystack.io", Resource: "cozystackresourcedefinitions"}, "")
+}
+
+// getHelmReleaseValues extracts the values from HelmRelease spec
+func (r *WorkloadMonitorFromCRDReconciler) getHelmReleaseValues(ctx context.Context, hr *helmv2.HelmRelease) (map[string]interface{}, error) {
+	if hr.Spec.Values == nil {
+		return make(map[string]interface{}), nil
+	}
+
+	// Convert apiextensionsv1.JSON to map
+	values := make(map[string]interface{})
+	if err := json.Unmarshal(hr.Spec.Values.Raw, &values); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal values: %w", err)
+	}
+
+	return values, nil
+}
+
+// reconcileWorkloadMonitors creates or updates WorkloadMonitors based on CRD templates
+func (r *WorkloadMonitorFromCRDReconciler) reconcileWorkloadMonitors(
+	ctx context.Context,
+	hr *helmv2.HelmRelease,
+	crd *cozyv1alpha1.CozystackResourceDefinition,
+	values map[string]interface{},
+) error {
+	logger := log.FromContext(ctx)
+
+	// Get chart version from HelmRelease
+	chartVersion := ""
+	if hr.Status.History != nil && len(hr.Status.History) > 0 {
+		chartVersion = hr.Status.History[0].ChartVersion
+	}
+
+	// Template context
+	templateData := map[string]interface{}{
+		"Release": map[string]interface{}{
+			"Name":      hr.Name,
+			"Namespace": hr.Namespace,
+		},
+		"Chart": map[string]interface{}{
+			"Version": chartVersion,
+		},
+		"Values": values,
+	}
+
+	// Track which monitors we should have
+	expectedMonitors := make(map[string]bool)
+
+	// Process each WorkloadMonitor template
+	for _, tmpl := range crd.Spec.WorkloadMonitors {
+		// Check condition
+		if tmpl.Condition != "" {
+			shouldCreate, err := evaluateCondition(tmpl.Condition, templateData)
+			if err != nil {
+				logger.Error(err, "failed to evaluate condition", "template", tmpl.Name, "condition", tmpl.Condition)
+				continue
+			}
+			if !shouldCreate {
+				logger.V(1).Info("Skipping WorkloadMonitor due to condition", "template", tmpl.Name)
+				continue
+			}
+		}
+
+		// Render monitor name
+		monitorName, err := renderTemplate(tmpl.Name, templateData)
+		if err != nil {
+			logger.Error(err, "failed to render monitor name", "template", tmpl.Name)
+			continue
+		}
+
+		expectedMonitors[monitorName] = true
+
+		// Render selector values
+		selector := make(map[string]string)
+		for key, valueTmpl := range tmpl.Selector {
+			renderedValue, err := renderTemplate(valueTmpl, templateData)
+			if err != nil {
+				logger.Error(err, "failed to render selector value", "key", key, "template", valueTmpl)
+				continue
+			}
+			selector[key] = renderedValue
+		}
+
+		// Render replicas
+		var replicas *int32
+		if tmpl.Replicas != "" {
+			replicasStr, err := renderTemplate(tmpl.Replicas, templateData)
+			if err != nil {
+				logger.Error(err, "failed to render replicas", "template", tmpl.Replicas)
+			} else {
+				if replicasInt, err := strconv.ParseInt(replicasStr, 10, 32); err == nil {
+					replicas = pointer.Int32(int32(replicasInt))
+				}
+			}
+		}
+
+		// Render minReplicas
+		var minReplicas *int32
+		if tmpl.MinReplicas != "" {
+			minReplicasStr, err := renderTemplate(tmpl.MinReplicas, templateData)
+			if err != nil {
+				logger.Error(err, "failed to render minReplicas", "template", tmpl.MinReplicas)
+			} else {
+				if minReplicasInt, err := strconv.ParseInt(minReplicasStr, 10, 32); err == nil {
+					minReplicas = pointer.Int32(int32(minReplicasInt))
+				}
+			}
+		}
+
+		// Create or update WorkloadMonitor
+		monitor := &cozyv1alpha1.WorkloadMonitor{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      monitorName,
+				Namespace: hr.Namespace,
+			},
+		}
+
+		_, err = controllerutil.CreateOrUpdate(ctx, r.Client, monitor, func() error {
+			// Set labels
+			if monitor.Labels == nil {
+				monitor.Labels = make(map[string]string)
+			}
+			monitor.Labels[WorkloadMonitorOwnerLabel] = "true"
+			monitor.Labels[WorkloadMonitorSourceLabel] = hr.Name
+
+			// Set owner reference to HelmRelease for automatic cleanup
+			if err := controllerutil.SetControllerReference(hr, monitor, r.Scheme); err != nil {
+				return err
+			}
+
+			// Update spec
+			monitor.Spec.Selector = selector
+			monitor.Spec.Kind = tmpl.Kind
+			monitor.Spec.Type = tmpl.Type
+			monitor.Spec.Version = chartVersion
+			monitor.Spec.Replicas = replicas
+			monitor.Spec.MinReplicas = minReplicas
+
+			return nil
+		})
+
+		if err != nil {
+			logger.Error(err, "failed to create/update WorkloadMonitor", "name", monitorName)
+			continue
+		}
+
+		logger.V(1).Info("WorkloadMonitor reconciled", "name", monitorName)
+	}
+
+	// Cleanup WorkloadMonitors that are no longer in templates
+	if err := r.cleanupUnexpectedMonitors(ctx, hr, expectedMonitors); err != nil {
+		logger.Error(err, "failed to cleanup unexpected WorkloadMonitors")
+		return err
+	}
+
+	return nil
+}
+
+// cleanupWorkloadMonitors removes all WorkloadMonitors created for a HelmRelease
+func (r *WorkloadMonitorFromCRDReconciler) cleanupWorkloadMonitors(ctx context.Context, hr *helmv2.HelmRelease) error {
+	return r.cleanupUnexpectedMonitors(ctx, hr, make(map[string]bool))
+}
+
+// cleanupUnexpectedMonitors removes WorkloadMonitors that are no longer expected
+func (r *WorkloadMonitorFromCRDReconciler) cleanupUnexpectedMonitors(
+	ctx context.Context,
+	hr *helmv2.HelmRelease,
+	expectedMonitors map[string]bool,
+) error {
+	logger := log.FromContext(ctx)
+
+	// List all WorkloadMonitors in the namespace that we created
+	var monitorList cozyv1alpha1.WorkloadMonitorList
+	labelSelector := labels.SelectorFromSet(labels.Set{
+		WorkloadMonitorOwnerLabel:  "true",
+		WorkloadMonitorSourceLabel: hr.Name,
+	})
+	if err := r.List(ctx, &monitorList,
+		client.InNamespace(hr.Namespace),
+		client.MatchingLabelsSelector{Selector: labelSelector},
+	); err != nil {
+		return err
+	}
+
+	// Delete monitors that are not expected
+	for i := range monitorList.Items {
+		monitor := &monitorList.Items[i]
+		if !expectedMonitors[monitor.Name] {
+			logger.Info("Deleting unexpected WorkloadMonitor", "name", monitor.Name)
+			if err := r.Delete(ctx, monitor); err != nil && !errors.IsNotFound(err) {
+				logger.Error(err, "failed to delete WorkloadMonitor", "name", monitor.Name)
+			}
+		}
+	}
+
+	return nil
+}
+
+// renderTemplate renders a Go template string with the given data
+func renderTemplate(tmplStr string, data interface{}) (string, error) {
+	// Check if it's already a simple value (no template markers)
+	if !strings.Contains(tmplStr, "{{") {
+		return tmplStr, nil
+	}
+
+	// Add Sprig functions for compatibility with Helm templates
+	tmpl, err := template.New("").Funcs(getTemplateFuncs()).Parse(tmplStr)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse template: %w", err)
+	}
+
+	var buf bytes.Buffer
+	if err := tmpl.Execute(&buf, data); err != nil {
+		return "", fmt.Errorf("failed to execute template: %w", err)
+	}
+
+	return strings.TrimSpace(buf.String()), nil
+}
+
+// evaluateCondition evaluates a template condition (should return "true" or non-empty for true)
+func evaluateCondition(condition string, data interface{}) (bool, error) {
+	result, err := renderTemplate(condition, data)
+	if err != nil {
+		return false, err
+	}
+
+	// Check for truthy values
+	result = strings.TrimSpace(strings.ToLower(result))
+	return result == "true" || result == "1" || result == "yes", nil
+}
+
+// getTemplateFuncs returns template functions compatible with Helm
+func getTemplateFuncs() template.FuncMap {
+	return template.FuncMap{
+		// Math functions
+		"add": func(a, b int) int { return a + b },
+		"sub": func(a, b int) int { return a - b },
+		"mul": func(a, b int) int { return a * b },
+		"div": func(a, b int) int {
+			if b == 0 {
+				return 0
+			}
+			return a / b
+		},
+		"add1": func(a int) int { return a + 1 },
+		"sub1": func(a int) int { return a - 1 },
+
+		// String functions
+		"upper":   strings.ToUpper,
+		"lower":   strings.ToLower,
+		"trim":    strings.TrimSpace,
+		"trimAll": func(cutset, s string) string { return strings.Trim(s, cutset) },
+		"replace": func(old, new string, n int, s string) string { return strings.Replace(s, old, new, n) },
+
+		// Logic functions
+		"default": func(defaultVal, val interface{}) interface{} {
+			if val == nil || val == "" {
+				return defaultVal
+			}
+			return val
+		},
+		"empty": func(val interface{}) bool {
+			return val == nil || val == ""
+		},
+		"not": func(val bool) bool {
+			return !val
+		},
+	}
+}
+
+// SetupWithManager sets up the controller with the Manager
+func (r *WorkloadMonitorFromCRDReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		Named("workloadmonitor-from-crd-controller").
+		For(&helmv2.HelmRelease{}).
+		Owns(&cozyv1alpha1.WorkloadMonitor{}).
+		Watches(
+			&cozyv1alpha1.CozystackResourceDefinition{},
+			handler.EnqueueRequestsFromMapFunc(r.mapCRDToHelmReleases),
+		).
+		Complete(r)
+}
+
+// mapCRDToHelmReleases maps CRD changes to HelmRelease reconcile requests
+func (r *WorkloadMonitorFromCRDReconciler) mapCRDToHelmReleases(ctx context.Context, obj client.Object) []reconcile.Request {
+	crd, ok := obj.(*cozyv1alpha1.CozystackResourceDefinition)
+	if !ok {
+		return nil
+	}
+
+	// List all HelmReleases
+	var hrList helmv2.HelmReleaseList
+	if err := r.List(ctx, &hrList); err != nil {
+		return nil
+	}
+
+	var requests []reconcile.Request
+	for i := range hrList.Items {
+		hr := &hrList.Items[i]
+		// Skip tenant HelmReleases
+		if strings.HasPrefix(hr.Name, "tenant-") {
+			continue
+		}
+		// Match by chart name and prefix
+		if crd.Spec.Release.Chart.Name == hr.Spec.Chart.Spec.Chart {
+			if strings.HasPrefix(hr.Name, crd.Spec.Release.Prefix) {
+				requests = append(requests, reconcile.Request{
+					NamespacedName: types.NamespacedName{
+						Name:      hr.Name,
+						Namespace: hr.Namespace,
+					},
+				})
+			}
+		}
+	}
+
+	return requests
+}
--- a/packages/apps/clickhouse/README.md
+++ b/packages/apps/clickhouse/README.md
@@ -23,53 +23,53 @@ For more details, read [Restic: Effective Backup from Stdin](https://blog.aenix.

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of Clickhouse replicas                                                                                                             | `int`       | `2`     |
-| `shards`           | Number of Clickhouse shards                                                                                                               | `int`       | `1`     |
-| `resources`        | Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.   | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `small` |
-| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
+| Name               | Description                                                                                                                          | Type       | Value   |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ---------- | ------- |
+| `replicas`         | Number of ClickHouse replicas.                                                                                                       | `int`      | `2`     |
+| `shards`           | Number of ClickHouse shards.                                                                                                         | `int`      | `1`     |
+| `resources`        | Explicit CPU and memory configuration for each ClickHouse replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                       | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                              | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                              | `string`   | `small` |
+| `size`             | Persistent Volume Claim size available for application data.                                                                         | `quantity` | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data.                                                                                                 | `string`   | `""`    |


 ### Application-specific parameters

-| Name                   | Description                                                  | Type                | Value   |
-| ---------------------- | ------------------------------------------------------------ | ------------------- | ------- |
-| `logStorageSize`       | Size of Persistent Volume for logs                           | `quantity`          | `2Gi`   |
-| `logTTL`               | TTL (expiration time) for `query_log` and `query_thread_log` | `int`               | `15`    |
-| `users`                | Users configuration                                          | `map[string]object` | `{...}` |
-| `users[name].password` | Password for the user                                        | `*string`           | `null`  |
-| `users[name].readonly` | User is `readonly`, default is `false`.                      | `*bool`             | `null`  |
+| Name                   | Description                                                   | Type                | Value   |
+| ---------------------- | ------------------------------------------------------------- | ------------------- | ------- |
+| `logStorageSize`       | Size of Persistent Volume for logs.                           | `quantity`          | `2Gi`   |
+| `logTTL`               | TTL (expiration time) for `query_log` and `query_thread_log`. | `int`               | `15`    |
+| `users`                | Users configuration map.                                      | `map[string]object` | `{}`    |
+| `users[name].password` | Password for the user.                                        | `string`            | `""`    |
+| `users[name].readonly` | User is readonly (default: false).                            | `bool`              | `false` |


 ### Backup parameters

-| Name                     | Description                                    | Type     | Value                                                  |
-| ------------------------ | ---------------------------------------------- | -------- | ------------------------------------------------------ |
-| `backup`                 | Backup configuration                           | `object` | `{}`                                                   |
-| `backup.enabled`         | Enable regular backups, default is `false`     | `bool`   | `false`                                                |
-| `backup.s3Region`        | AWS S3 region where backups are stored         | `string` | `us-east-1`                                            |
-| `backup.s3Bucket`        | S3 bucket used for storing backups             | `string` | `s3.example.org/clickhouse-backups`                    |
-| `backup.schedule`        | Cron schedule for automated backups            | `string` | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups | `string` | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication     | `string` | `<your-access-key>`                                    |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication     | `string` | `<your-secret-key>`                                    |
-| `backup.resticPassword`  | Password for Restic backup encryption          | `string` | `<password>`                                           |
+| Name                     | Description                                     | Type     | Value                                                  |
+| ------------------------ | ----------------------------------------------- | -------- | ------------------------------------------------------ |
+| `backup`                 | Backup configuration.                           | `object` | `{}`                                                   |
+| `backup.enabled`         | Enable regular backups (default: false).        | `bool`   | `false`                                                |
+| `backup.s3Region`        | AWS S3 region where backups are stored.         | `string` | `us-east-1`                                            |
+| `backup.s3Bucket`        | S3 bucket used for storing backups.             | `string` | `s3.example.org/clickhouse-backups`                    |
+| `backup.schedule`        | Cron schedule for automated backups.            | `string` | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups. | `string` | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | Access key for S3 authentication.               | `string` | `<your-access-key>`                                    |
+| `backup.s3SecretKey`     | Secret key for S3 authentication.               | `string` | `<your-secret-key>`                                    |
+| `backup.resticPassword`  | Password for Restic backup encryption.          | `string` | `<password>`                                           |


-### Clickhouse Keeper parameters
+### ClickHouse Keeper parameters

-| Name                               | Description                                                                                                                               | Type        | Value   |
-| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `clickhouseKeeper`                 | Clickhouse Keeper configuration                                                                                                           | `*object`   | `null`  |
-| `clickhouseKeeper.enabled`         | Deploy ClickHouse Keeper for cluster coordination                                                                                         | `*bool`     | `true`  |
-| `clickhouseKeeper.size`            | Persistent Volume Claim size, available for application data                                                                              | `*quantity` | `1Gi`   |
-| `clickhouseKeeper.resourcesPreset` | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro` |
-| `clickhouseKeeper.replicas`        | Number of Keeper replicas                                                                                                                 | `*int`      | `3`     |
+| Name                               | Description                                                  | Type       | Value   |
+| ---------------------------------- | ------------------------------------------------------------ | ---------- | ------- |
+| `clickhouseKeeper`                 | ClickHouse Keeper configuration.                             | `object`   | `{}`    |
+| `clickhouseKeeper.enabled`         | Deploy ClickHouse Keeper for cluster coordination.           | `bool`     | `true`  |
+| `clickhouseKeeper.size`            | Persistent Volume Claim size available for application data. | `quantity` | `1Gi`   |
+| `clickhouseKeeper.resourcesPreset` | Default sizing preset.                                       | `string`   | `micro` |
+| `clickhouseKeeper.replicas`        | Number of Keeper replicas.                                   | `int`      | `3`     |


 ## Parameter examples and reference
--- a/packages/apps/clickhouse/templates/workloadmonitor.yaml
+++ b/packages/apps/clickhouse/templates/workloadmonitor.yaml
@@ -1,28 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: clickhouse
-  type: clickhouse
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
-{{- if .Values.clickhouseKeeper.enabled }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-keeper
-spec:
-  replicas: {{ .Values.clickhouseKeeper.replicas }}
-  minReplicas: 1
-  kind: clickhouse
-  type: clickhouse
-  selector:
-    app: {{ $.Release.Name }}-keeper
-  version: {{ $.Chart.Version }}
-{{- end }}
--- a/packages/apps/clickhouse/values.schema.json
+++ b/packages/apps/clickhouse/values.schema.json
@@ -3,7 +3,7 @@
  "type": "object",
  "properties": {
    "backup": {
-      "description": "Backup configuration",
+      "description": "Backup configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -18,67 +18,64 @@
      ],
      "properties": {
        "cleanupStrategy": {
-          "description": "Retention strategy for cleaning up old backups",
+          "description": "Retention strategy for cleaning up old backups.",
          "type": "string",
          "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
        },
        "enabled": {
-          "description": "Enable regular backups, default is `false`",
+          "description": "Enable regular backups (default: false).",
          "type": "boolean",
          "default": false
        },
        "resticPassword": {
-          "description": "Password for Restic backup encryption",
+          "description": "Password for Restic backup encryption.",
          "type": "string",
          "default": "\u003cpassword\u003e"
        },
        "s3AccessKey": {
-          "description": "Access key for S3, used for authentication",
+          "description": "Access key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-access-key\u003e"
        },
        "s3Bucket": {
-          "description": "S3 bucket used for storing backups",
+          "description": "S3 bucket used for storing backups.",
          "type": "string",
          "default": "s3.example.org/clickhouse-backups"
        },
        "s3Region": {
-          "description": "AWS S3 region where backups are stored",
+          "description": "AWS S3 region where backups are stored.",
          "type": "string",
          "default": "us-east-1"
        },
        "s3SecretKey": {
-          "description": "Secret key for S3, used for authentication",
+          "description": "Secret key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-secret-key\u003e"
        },
        "schedule": {
-          "description": "Cron schedule for automated backups",
+          "description": "Cron schedule for automated backups.",
          "type": "string",
          "default": "0 2 * * *"
        }
      }
    },
    "clickhouseKeeper": {
-      "description": "Clickhouse Keeper configuration",
+      "description": "ClickHouse Keeper configuration.",
      "type": "object",
      "default": {},
-      "required": [
-        "resourcesPreset"
-      ],
      "properties": {
        "enabled": {
-          "description": "Deploy ClickHouse Keeper for cluster coordination",
+          "description": "Deploy ClickHouse Keeper for cluster coordination.",
          "type": "boolean",
          "default": true
        },
        "replicas": {
-          "description": "Number of Keeper replicas",
+          "description": "Number of Keeper replicas.",
          "type": "integer",
          "default": 3
        },
        "resourcesPreset": {
-          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "description": "Default sizing preset.",
          "type": "string",
          "default": "micro",
          "enum": [
@@ -92,7 +89,7 @@
          ]
        },
        "size": {
-          "description": "Persistent Volume Claim size, available for application data",
+          "description": "Persistent Volume Claim size available for application data.",
          "default": "1Gi",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
@@ -108,7 +105,7 @@
      }
    },
    "logStorageSize": {
-      "description": "Size of Persistent Volume for logs",
+      "description": "Size of Persistent Volume for logs.",
      "default": "2Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -122,22 +119,22 @@
      "x-kubernetes-int-or-string": true
    },
    "logTTL": {
-      "description": "TTL (expiration time) for `query_log` and `query_thread_log`",
+      "description": "TTL (expiration time) for `query_log` and `query_thread_log`.",
      "type": "integer",
      "default": 15
    },
    "replicas": {
-      "description": "Number of Clickhouse replicas",
+      "description": "Number of ClickHouse replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each ClickHouse replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -150,7 +147,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -165,7 +162,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "small",
      "enum": [
@@ -179,12 +176,12 @@
      ]
    },
    "shards": {
-      "description": "Number of Clickhouse shards",
+      "description": "Number of ClickHouse shards.",
      "type": "integer",
      "default": 1
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "10Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -198,22 +195,23 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "password": {
-            "description": "Password for the user",
+            "description": "Password for the user.",
            "type": "string"
          },
          "readonly": {
-            "description": "User is `readonly`, default is `false`.",
+            "description": "User is readonly (default: false).",
            "type": "boolean"
          }
        }
--- a/packages/apps/clickhouse/values.yaml
+++ b/packages/apps/clickhouse/values.yaml
@@ -1,36 +1,54 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of Clickhouse replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each ClickHouse replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of ClickHouse replicas.
 replicas: 2
-## @param shards {int} Number of Clickhouse shards
+
+## @param {int} shards - Number of ClickHouse shards.
 shards: 1
-## @param resources {*resources} Explicit CPU and memory configuration for each Clickhouse replica. When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
-#  resources:
-#    cpu: 4000m
-#    memory: 4Gi
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each ClickHouse replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}

-
-
-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+## @param {ResourcesPreset} resourcesPreset="small" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "small"
-## @param size {quantity} Persistent Volume Claim size, available for application data
+
+## @param {quantity} size - Persistent Volume Claim size available for application data.
 size: 10Gi
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""

-
+##
 ## @section Application-specific parameters
 ##
-## @param logStorageSize {quantity} Size of Persistent Volume for logs
+
+## @param {quantity} logStorageSize - Size of Persistent Volume for logs.
 logStorageSize: 2Gi
-## @param logTTL {int} TTL (expiration time) for `query_log` and `query_thread_log`
+
+## @param {int} logTTL - TTL (expiration time) for `query_log` and `query_thread_log`.
 logTTL: 15
-## @param users {map[string]user} Users configuration
-## @field user.password {*string} Password for the user
-## @field user.readonly {*bool} User is `readonly`, default is `false`.
+
+## @typedef {struct} User - User configuration.
+## @field {string} [password] - Password for the user.
+## @field {bool} [readonly] - User is readonly (default: false).
+
+## @param {map[string]User} users - Users configuration map.
+users: {}
 ## Example:
 ## users:
 ##   user1:
@@ -39,20 +57,22 @@ logTTL: 15
 ##     readonly: true
 ##     password: hackme
 ##
-users: {}
-

+##
 ## @section Backup parameters
+##

-## @param backup {backup} Backup configuration
-## @field backup.enabled {bool} Enable regular backups, default is `false`
-## @field backup.s3Region {string} AWS S3 region where backups are stored
-## @field backup.s3Bucket {string} S3 bucket used for storing backups
-## @field backup.schedule {string} Cron schedule for automated backups
-## @field backup.cleanupStrategy {string} Retention strategy for cleaning up old backups
-## @field backup.s3AccessKey {string} Access key for S3, used for authentication
-## @field backup.s3SecretKey {string} Secret key for S3, used for authentication
-## @field backup.resticPassword {string} Password for Restic backup encryption
+## @typedef {struct} Backup - Backup configuration.
+## @field {bool} enabled - Enable regular backups (default: false).
+## @field {string} s3Region - AWS S3 region where backups are stored.
+## @field {string} s3Bucket - S3 bucket used for storing backups.
+## @field {string} schedule - Cron schedule for automated backups.
+## @field {string} cleanupStrategy - Retention strategy for cleaning up old backups.
+## @field {string} s3AccessKey - Access key for S3 authentication.
+## @field {string} s3SecretKey - Secret key for S3 authentication.
+## @field {string} resticPassword - Password for Restic backup encryption.
+
+## @param {Backup} backup - Backup configuration.
 backup:
  enabled: false
  s3Region: us-east-1
@@ -63,13 +83,17 @@ backup:
  s3SecretKey: "<your-secret-key>"
  resticPassword: "<password>"

+##
+## @section ClickHouse Keeper parameters
+##

-## @section Clickhouse Keeper parameters
-## @param clickhouseKeeper {*clickhouseKeeper} Clickhouse Keeper configuration
-## @field clickhouseKeeper.enabled {*bool} Deploy ClickHouse Keeper for cluster coordination
-## @field clickhouseKeeper.size {*quantity} Persistent Volume Claim size, available for application data
-## @field clickhouseKeeper.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-## @field clickhouseKeeper.replicas {*int} Number of Keeper replicas
+## @typedef {struct} ClickHouseKeeper - ClickHouse Keeper configuration.
+## @field {bool} [enabled] - Deploy ClickHouse Keeper for cluster coordination.
+## @field {quantity} [size] - Persistent Volume Claim size available for application data.
+## @field {ResourcesPreset} [resourcesPreset] - Default sizing preset.
+## @field {int} [replicas] - Number of Keeper replicas.
+
+## @param {ClickHouseKeeper} clickhouseKeeper - ClickHouse Keeper configuration.
 clickhouseKeeper:
  enabled: true
  size: 1Gi
--- a/packages/apps/ferretdb/README.md
+++ b/packages/apps/ferretdb/README.md
@@ -8,51 +8,51 @@ Internally, FerretDB service is backed by Postgres.

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of replicas                                                                                                                        | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.     | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro` |
-| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                        | Type       | Value   |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `replicas`         | Number of replicas.                                                                                                                | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each FerretDB replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                     | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                            | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                            | `string`   | `micro` |
+| `size`             | Persistent Volume Claim size available for application data.                                                                       | `quantity` | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data.                                                                                               | `string`   | `""`    |
+| `external`         | Enable external access from outside the cluster.                                                                                   | `bool`     | `false` |


 ### Application-specific parameters

-| Name                     | Description                                                                                                                 | Type                | Value   |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ------------------- | ------- |
-| `quorum`                 | Configuration for the quorum-based synchronous replication                                                                  | `object`            | `{}`    |
-| `quorum.minSyncReplicas` | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed                | `int`               | `0`     |
-| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas) | `int`               | `0`     |
-| `users`                  | Users configuration                                                                                                         | `map[string]object` | `{...}` |
-| `users[name].password`   | Password for the user                                                                                                       | `*string`           | `null`  |
+| Name                     | Description                                                                        | Type                | Value |
+| ------------------------ | ---------------------------------------------------------------------------------- | ------------------- | ----- |
+| `quorum`                 | Configuration for quorum-based synchronous replication.                            | `object`            | `{}`  |
+| `quorum.minSyncReplicas` | Minimum number of synchronous replicas required for commit.                        | `int`               | `0`   |
+| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas allowed (must be less than total replicas). | `int`               | `0`   |
+| `users`                  | Users configuration map.                                                           | `map[string]object` | `{}`  |
+| `users[name].password`   | Password for the user.                                                             | `string`            | `""`  |


 ### Backup parameters

-| Name                     | Description                                                | Type     | Value                               |
-| ------------------------ | ---------------------------------------------------------- | -------- | ----------------------------------- |
-| `backup`                 | Backup configuration                                       | `object` | `{}`                                |
-| `backup.enabled`         | Enable regular backups, default is `false`.                | `bool`   | `false`                             |
-| `backup.schedule`        | Cron schedule for automated backups                        | `string` | `0 2 * * * *`                       |
-| `backup.retentionPolicy` | Retention policy                                           | `string` | `30d`                               |
-| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `string` | `http://minio-gateway-service:9000` |
-| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `string` | `s3://bucket/path/to/folder/`       |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `string` | `<your-access-key>`                 |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `string` | `<your-secret-key>`                 |
+| Name                     | Description                                                  | Type     | Value                               |
+| ------------------------ | ------------------------------------------------------------ | -------- | ----------------------------------- |
+| `backup`                 | Backup configuration.                                        | `object` | `{}`                                |
+| `backup.enabled`         | Enable regular backups (default: false).                     | `bool`   | `false`                             |
+| `backup.schedule`        | Cron schedule for automated backups.                         | `string` | `0 2 * * * *`                       |
+| `backup.retentionPolicy` | Retention policy.                                            | `string` | `30d`                               |
+| `backup.endpointURL`     | S3 endpoint URL for uploads.                                 | `string` | `http://minio-gateway-service:9000` |
+| `backup.destinationPath` | Path to store the backup (e.g. s3://bucket/path/to/folder/). | `string` | `s3://bucket/path/to/folder/`       |
+| `backup.s3AccessKey`     | Access key for S3 authentication.                            | `string` | `<your-access-key>`                 |
+| `backup.s3SecretKey`     | Secret key for S3 authentication.                            | `string` | `<your-secret-key>`                 |


 ### Bootstrap (recovery) parameters

-| Name                     | Description                                                                                                           | Type      | Value   |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
-| `bootstrap`              | Bootstrap (recovery) configuration                                                                                    | `object`  | `{}`    |
-| `bootstrap.enabled`      | Restore database cluster from a backup                                                                                | `*bool`   | `false` |
-| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest. | `*string` | `""`    |
-| `bootstrap.oldName`      | Name of database cluster before deleting                                                                              | `*string` | `""`    |
+| Name                     | Description                                                         | Type     | Value   |
+| ------------------------ | ------------------------------------------------------------------- | -------- | ------- |
+| `bootstrap`              | Bootstrap configuration.                                            | `object` | `{}`    |
+| `bootstrap.enabled`      | Restore database cluster from a backup.                             | `bool`   | `false` |
+| `bootstrap.recoveryTime` | Timestamp (RFC3339) for point-in-time recovery; empty means latest. | `string` | `""`    |
+| `bootstrap.oldName`      | Name of database cluster before deletion.                           | `string` | `""`    |


 ## Parameter examples and reference
--- a/packages/apps/ferretdb/templates/workloadmonitor.yaml
+++ b/packages/apps/ferretdb/templates/workloadmonitor.yaml
@@ -1,13 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: ferretdb
-  type: ferretdb
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/ferretdb/values.schema.json
+++ b/packages/apps/ferretdb/values.schema.json
@@ -3,7 +3,7 @@
  "type": "object",
  "properties": {
    "backup": {
-      "description": "Backup configuration",
+      "description": "Backup configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -17,69 +17,71 @@
      ],
      "properties": {
        "destinationPath": {
-          "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
+          "description": "Path to store the backup (e.g. s3://bucket/path/to/folder/).",
          "type": "string",
          "default": "s3://bucket/path/to/folder/"
        },
        "enabled": {
-          "description": "Enable regular backups, default is `false`.",
+          "description": "Enable regular backups (default: false).",
          "type": "boolean",
          "default": false
        },
        "endpointURL": {
-          "description": "S3 Endpoint used to upload data to the cloud",
+          "description": "S3 endpoint URL for uploads.",
          "type": "string",
          "default": "http://minio-gateway-service:9000"
        },
        "retentionPolicy": {
-          "description": "Retention policy",
+          "description": "Retention policy.",
          "type": "string",
          "default": "30d"
        },
        "s3AccessKey": {
-          "description": "Access key for S3, used for authentication",
+          "description": "Access key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-access-key\u003e"
        },
        "s3SecretKey": {
-          "description": "Secret key for S3, used for authentication",
+          "description": "Secret key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-secret-key\u003e"
        },
        "schedule": {
-          "description": "Cron schedule for automated backups",
+          "description": "Cron schedule for automated backups.",
          "type": "string",
          "default": "0 2 * * * *"
        }
      }
    },
    "bootstrap": {
-      "description": "Bootstrap (recovery) configuration",
+      "description": "Bootstrap configuration.",
      "type": "object",
      "default": {},
      "properties": {
        "enabled": {
-          "description": "Restore database cluster from a backup",
+          "description": "Restore database cluster from a backup.",
          "type": "boolean",
          "default": false
        },
        "oldName": {
-          "description": "Name of database cluster before deleting",
-          "type": "string"
+          "description": "Name of database cluster before deletion.",
+          "type": "string",
+          "default": ""
        },
        "recoveryTime": {
-          "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest.",
-          "type": "string"
+          "description": "Timestamp (RFC3339) for point-in-time recovery; empty means latest.",
+          "type": "string",
+          "default": ""
        }
      }
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "quorum": {
-      "description": "Configuration for the quorum-based synchronous replication",
+      "description": "Configuration for quorum-based synchronous replication.",
      "type": "object",
      "default": {},
      "required": [
@@ -88,29 +90,29 @@
      ],
      "properties": {
        "maxSyncReplicas": {
-          "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)",
+          "description": "Maximum number of synchronous replicas allowed (must be less than total replicas).",
          "type": "integer",
          "default": 0
        },
        "minSyncReplicas": {
-          "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed",
+          "description": "Minimum number of synchronous replicas required for commit.",
          "type": "integer",
          "default": 0
        }
      }
    },
    "replicas": {
-      "description": "Number of replicas",
+      "description": "Number of replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each FerretDB replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -123,7 +125,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -138,7 +140,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "micro",
      "enum": [
@@ -152,7 +154,7 @@
      ]
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "10Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -166,18 +168,19 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "password": {
-            "description": "Password for the user",
+            "description": "Password for the user.",
            "type": "string"
          }
        }
--- a/packages/apps/ferretdb/values.yaml
+++ b/packages/apps/ferretdb/values.yaml
@@ -1,35 +1,56 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each FerretDB replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of replicas.
 replicas: 2
-## @param resources {*resources} Explicit CPU and memory configuration for each FerretDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
-#  resources:
-#    cpu: 4000m
-#    memory: 4Gi
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each FerretDB replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}

-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+## @param {ResourcesPreset} resourcesPreset="micro" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "micro"
-## @param size {quantity} Persistent Volume Claim size, available for application data
+
+## @param {quantity} size - Persistent Volume Claim size available for application data.
 size: 10Gi
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

+##
 ## @section Application-specific parameters
 ##
-## @param quorum {quorum} Configuration for the quorum-based synchronous replication
-## @field quorum.minSyncReplicas {int} Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed
-## @field quorum.maxSyncReplicas {int} Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the total number of replicas)
+
+## @typedef {struct} Quorum - Configuration for quorum-based synchronous replication.
+## @field {int} minSyncReplicas - Minimum number of synchronous replicas required for commit.
+## @field {int} maxSyncReplicas - Maximum number of synchronous replicas allowed (must be less than total replicas).
+
+## @param {Quorum} quorum - Configuration for quorum-based synchronous replication.
 quorum:
  minSyncReplicas: 0
  maxSyncReplicas: 0

-## @param users {map[string]user} Users configuration
-## @field user.password {*string} Password for the user
+## @typedef {struct} User - User configuration.
+## @field {string} [password] - Password for the user.
+
+## @param {map[string]User} users - Users configuration map.
+users: {}
 ## Example:
 ## users:
 ##   user1:
@@ -37,21 +58,21 @@ quorum:
 ##   user2:
 ##     password: hackme
 ##
-users: {}
-
-

+##
 ## @section Backup parameters
 ##

-## @param backup {backup} Backup configuration
-## @field backup.enabled {bool} Enable regular backups, default is `false`.
-## @field backup.schedule {string} Cron schedule for automated backups
-## @field backup.retentionPolicy {string} Retention policy
-## @field backup.endpointURL {string} S3 Endpoint used to upload data to the cloud
-## @field backup.destinationPath {string} Path to store the backup (i.e. s3://bucket/path/to/folder)
-## @field backup.s3AccessKey {string} Access key for S3, used for authentication
-## @field backup.s3SecretKey {string} Secret key for S3, used for authentication
+## @typedef {struct} Backup - Backup configuration.
+## @field {bool} enabled - Enable regular backups (default: false).
+## @field {string} schedule - Cron schedule for automated backups.
+## @field {string} retentionPolicy - Retention policy.
+## @field {string} endpointURL - S3 endpoint URL for uploads.
+## @field {string} destinationPath - Path to store the backup (e.g. s3://bucket/path/to/folder/).
+## @field {string} s3AccessKey - Access key for S3 authentication.
+## @field {string} s3SecretKey - Secret key for S3 authentication.
+
+## @param {Backup} backup - Backup configuration.
 backup:
  enabled: false
  schedule: "0 2 * * * *"
@@ -61,18 +82,17 @@ backup:
  s3AccessKey: "<your-access-key>"
  s3SecretKey: "<your-secret-key>"

-
+##
 ## @section Bootstrap (recovery) parameters
 ##
-## @param bootstrap {bootstrap} Bootstrap (recovery) configuration
-## @field bootstrap.enabled {*bool} Restore database cluster from a backup
-## @field bootstrap.recoveryTime {*string} Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest.
-## @field bootstrap.oldName {*string} Name of database cluster before deleting
-##
+
+## @typedef {struct} Bootstrap - Bootstrap configuration for restoring a database cluster from a backup.
+## @field {bool} [enabled] - Restore database cluster from a backup.
+## @field {string} [recoveryTime] - Timestamp (RFC3339) for point-in-time recovery; empty means latest.
+## @field {string} [oldName] - Name of database cluster before deletion.
+
+## @param {Bootstrap} bootstrap - Bootstrap configuration.
 bootstrap:
  enabled: false
-  # example: 2020-11-26 15:22:00.00000+00
  recoveryTime: ""
  oldName: ""
-
-
--- a/packages/apps/foundationdb/README.md
+++ b/packages/apps/foundationdb/README.md
@@ -148,48 +148,48 @@ For Cozystack-specific issues, consult the Cozystack documentation or support ch

 ### Common parameters

-| Name                                       | Description                                                                                                                                | Type        | Value                    |
-| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ------------------------ |
-| `cluster`                                  | Cluster configuration                                                                                                                      | `object`    | `{}`                     |
-| `cluster.processCounts`                    | Process counts for different roles                                                                                                         | `object`    | `{}`                     |
-| `cluster.processCounts.stateless`          | Number of stateless processes (-1 for automatic)                                                                                           | `int`       | `-1`                     |
-| `cluster.processCounts.storage`            | Number of storage processes (determines cluster size)                                                                                      | `int`       | `3`                      |
-| `cluster.processCounts.cluster_controller` | Number of cluster controller processes                                                                                                     | `int`       | `1`                      |
-| `cluster.version`                          | Version of FoundationDB to use                                                                                                             | `string`    | `7.3.63`                 |
-| `cluster.redundancyMode`                   | Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)                                             | `string`    | `double`                 |
-| `cluster.storageEngine`                    | Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)                                                                             | `string`    | `ssd-2`                  |
-| `cluster.faultDomain`                      | Fault domain configuration                                                                                                                 | `object`    | `{}`                     |
-| `cluster.faultDomain.key`                  | Fault domain key                                                                                                                           | `string`    | `kubernetes.io/hostname` |
-| `cluster.faultDomain.valueFrom`            | Fault domain value source                                                                                                                  | `string`    | `spec.nodeName`          |
-| `storage`                                  | Storage configuration                                                                                                                      | `object`    | `{}`                     |
-| `storage.size`                             | Size of persistent volumes for each instance                                                                                               | `quantity`  | `16Gi`                   |
-| `storage.storageClass`                     | Storage class (if not set, uses cluster default)                                                                                           | `string`    | `""`                     |
-| `resources`                                | Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied. | `*object`   | `null`                   |
-| `resources.cpu`                            | CPU available to each instance                                                                                                             | `*quantity` | `null`                   |
-| `resources.memory`                         | Memory (RAM) available to each instance                                                                                                    | `*quantity` | `null`                   |
-| `resourcesPreset`                          | Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.                   | `string`    | `medium`                 |
-| `backup`                                   | Backup configuration                                                                                                                       | `object`    | `{}`                     |
-| `backup.enabled`                           | Enable backups                                                                                                                             | `bool`      | `false`                  |
-| `backup.s3`                                | S3 configuration for backups                                                                                                               | `object`    | `{}`                     |
-| `backup.s3.bucket`                         | S3 bucket name                                                                                                                             | `string`    | `""`                     |
-| `backup.s3.endpoint`                       | S3 endpoint URL                                                                                                                            | `string`    | `""`                     |
-| `backup.s3.region`                         | S3 region                                                                                                                                  | `string`    | `us-east-1`              |
-| `backup.s3.credentials`                    | S3 credentials                                                                                                                             | `object`    | `{}`                     |
-| `backup.s3.credentials.accessKeyId`        | S3 access key ID                                                                                                                           | `string`    | `""`                     |
-| `backup.s3.credentials.secretAccessKey`    | S3 secret access key                                                                                                                       | `string`    | `""`                     |
-| `backup.retentionPolicy`                   | Retention policy for backups                                                                                                               | `string`    | `7d`                     |
-| `monitoring`                               | Monitoring configuration                                                                                                                   | `object`    | `{}`                     |
-| `monitoring.enabled`                       | Enable WorkloadMonitor integration                                                                                                         | `bool`      | `true`                   |
+| Name                                       | Description                                                                                                                             | Type       | Value                    |
+| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------------------------ |
+| `cluster`                                  | Cluster configuration.                                                                                                                  | `object`   | `{}`                     |
+| `cluster.processCounts`                    | Process counts for different roles.                                                                                                     | `object`   | `{}`                     |
+| `cluster.processCounts.stateless`          | Number of stateless processes (-1 for automatic).                                                                                       | `int`      | `-1`                     |
+| `cluster.processCounts.storage`            | Number of storage processes (determines cluster size).                                                                                  | `int`      | `3`                      |
+| `cluster.processCounts.cluster_controller` | Number of cluster controller processes.                                                                                                 | `int`      | `1`                      |
+| `cluster.version`                          | Version of FoundationDB to use.                                                                                                         | `string`   | `7.3.63`                 |
+| `cluster.redundancyMode`                   | Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback).                                         | `string`   | `double`                 |
+| `cluster.storageEngine`                    | Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory).                                                                         | `string`   | `ssd-2`                  |
+| `cluster.faultDomain`                      | Fault domain configuration.                                                                                                             | `object`   | `{}`                     |
+| `cluster.faultDomain.key`                  | Fault domain key.                                                                                                                       | `string`   | `kubernetes.io/hostname` |
+| `cluster.faultDomain.valueFrom`            | Fault domain value source.                                                                                                              | `string`   | `spec.nodeName`          |
+| `storage`                                  | Storage configuration.                                                                                                                  | `object`   | `{}`                     |
+| `storage.size`                             | Size of persistent volumes for each instance.                                                                                           | `quantity` | `16Gi`                   |
+| `storage.storageClass`                     | Storage class (if not set, uses cluster default).                                                                                       | `string`   | `""`                     |
+| `resources`                                | Explicit CPU and memory configuration for each FoundationDB instance. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`                     |
+| `resources.cpu`                            | CPU available to each instance.                                                                                                         | `quantity` | `""`                     |
+| `resources.memory`                         | Memory (RAM) available to each instance.                                                                                                | `quantity` | `""`                     |
+| `resourcesPreset`                          | Default sizing preset used when `resources` is omitted.                                                                                 | `string`   | `medium`                 |
+| `backup`                                   | Backup configuration.                                                                                                                   | `object`   | `{}`                     |
+| `backup.enabled`                           | Enable backups.                                                                                                                         | `bool`     | `false`                  |
+| `backup.s3`                                | S3 configuration for backups.                                                                                                           | `object`   | `{}`                     |
+| `backup.s3.bucket`                         | S3 bucket name.                                                                                                                         | `string`   | `""`                     |
+| `backup.s3.endpoint`                       | S3 endpoint URL.                                                                                                                        | `string`   | `""`                     |
+| `backup.s3.region`                         | S3 region.                                                                                                                              | `string`   | `us-east-1`              |
+| `backup.s3.credentials`                    | S3 credentials.                                                                                                                         | `object`   | `{}`                     |
+| `backup.s3.credentials.accessKeyId`        | S3 access key ID.                                                                                                                       | `string`   | `""`                     |
+| `backup.s3.credentials.secretAccessKey`    | S3 secret access key.                                                                                                                   | `string`   | `""`                     |
+| `backup.retentionPolicy`                   | Retention policy for backups.                                                                                                           | `string`   | `7d`                     |
+| `monitoring`                               | Monitoring configuration.                                                                                                               | `object`   | `{}`                     |
+| `monitoring.enabled`                       | Enable WorkloadMonitor integration.                                                                                                     | `bool`     | `true`                   |


 ### FoundationDB configuration

-| Name                         | Description                               | Type       | Value     |
-| ---------------------------- | ----------------------------------------- | ---------- | --------- |
-| `customParameters`           | Custom parameters to pass to FoundationDB | `[]string` | `[]`      |
-| `imageType`                  | Container image deployment type           | `string`   | `unified` |
-| `securityContext`            | Security context for containers           | `object`   | `{}`      |
-| `securityContext.runAsUser`  | User ID to run the container              | `int`      | `4059`    |
-| `securityContext.runAsGroup` | Group ID to run the container             | `int`      | `4059`    |
-| `automaticReplacements`      | Enable automatic pod replacements         | `bool`     | `true`    |
+| Name                         | Description                                | Type       | Value     |
+| ---------------------------- | ------------------------------------------ | ---------- | --------- |
+| `customParameters`           | Custom parameters to pass to FoundationDB. | `[]string` | `[]`      |
+| `imageType`                  | Container image deployment type.           | `string`   | `unified` |
+| `securityContext`            | Security context for containers.           | `object`   | `{}`      |
+| `securityContext.runAsUser`  | User ID to run the container.              | `int`      | `4059`    |
+| `securityContext.runAsGroup` | Group ID to run the container.             | `int`      | `4059`    |
+| `automaticReplacements`      | Enable automatic pod replacements.         | `bool`     | `true`    |

--- a/packages/apps/foundationdb/templates/workloadmonitor.yaml
+++ b/packages/apps/foundationdb/templates/workloadmonitor.yaml
@@ -1,20 +0,0 @@
-{{- if .Values.monitoring.enabled }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ .Release.Name }}
-  labels:
-    app.kubernetes.io/name: foundationdb
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.cluster.processCounts.storage }}
-  minReplicas: {{ include "foundationdb.minReplicas" . }}
-  kind: foundationdb
-  type: foundationdb
-  selector:
-    foundationdb.org/fdb-cluster-name: {{ .Release.Name }}
-    foundationdb.org/fdb-process-class: storage
-  version: {{ .Chart.Version }}
-{{- end }}
--- a/packages/apps/foundationdb/values.schema.json
+++ b/packages/apps/foundationdb/values.schema.json
@@ -3,12 +3,12 @@
  "type": "object",
  "properties": {
    "automaticReplacements": {
-      "description": "Enable automatic pod replacements",
+      "description": "Enable automatic pod replacements.",
      "type": "boolean",
      "default": true
    },
    "backup": {
-      "description": "Backup configuration",
+      "description": "Backup configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -18,17 +18,17 @@
      ],
      "properties": {
        "enabled": {
-          "description": "Enable backups",
+          "description": "Enable backups.",
          "type": "boolean",
          "default": false
        },
        "retentionPolicy": {
-          "description": "Retention policy for backups",
+          "description": "Retention policy for backups.",
          "type": "string",
          "default": "7d"
        },
        "s3": {
-          "description": "S3 configuration for backups",
+          "description": "S3 configuration for backups.",
          "type": "object",
          "default": {},
          "required": [
@@ -39,11 +39,12 @@
          ],
          "properties": {
            "bucket": {
-              "description": "S3 bucket name",
-              "type": "string"
+              "description": "S3 bucket name.",
+              "type": "string",
+              "default": ""
            },
            "credentials": {
-              "description": "S3 credentials",
+              "description": "S3 credentials.",
              "type": "object",
              "default": {},
              "required": [
@@ -52,21 +53,24 @@
              ],
              "properties": {
                "accessKeyId": {
-                  "description": "S3 access key ID",
-                  "type": "string"
+                  "description": "S3 access key ID.",
+                  "type": "string",
+                  "default": ""
                },
                "secretAccessKey": {
-                  "description": "S3 secret access key",
-                  "type": "string"
+                  "description": "S3 secret access key.",
+                  "type": "string",
+                  "default": ""
                }
              }
            },
            "endpoint": {
-              "description": "S3 endpoint URL",
-              "type": "string"
+              "description": "S3 endpoint URL.",
+              "type": "string",
+              "default": ""
            },
            "region": {
-              "description": "S3 region",
+              "description": "S3 region.",
              "type": "string",
              "default": "us-east-1"
            }
@@ -75,7 +79,7 @@
      }
    },
    "cluster": {
-      "description": "Cluster configuration",
+      "description": "Cluster configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -87,7 +91,7 @@
      ],
      "properties": {
        "faultDomain": {
-          "description": "Fault domain configuration",
+          "description": "Fault domain configuration.",
          "type": "object",
          "default": {},
          "required": [
@@ -96,19 +100,19 @@
          ],
          "properties": {
            "key": {
-              "description": "Fault domain key",
+              "description": "Fault domain key.",
              "type": "string",
              "default": "kubernetes.io/hostname"
            },
            "valueFrom": {
-              "description": "Fault domain value source",
+              "description": "Fault domain value source.",
              "type": "string",
              "default": "spec.nodeName"
            }
          }
        },
        "processCounts": {
-          "description": "Process counts for different roles",
+          "description": "Process counts for different roles.",
          "type": "object",
          "default": {},
          "required": [
@@ -118,41 +122,41 @@
          ],
          "properties": {
            "cluster_controller": {
-              "description": "Number of cluster controller processes",
+              "description": "Number of cluster controller processes.",
              "type": "integer",
              "default": 1
            },
            "stateless": {
-              "description": "Number of stateless processes (-1 for automatic)",
+              "description": "Number of stateless processes (-1 for automatic).",
              "type": "integer",
              "default": -1
            },
            "storage": {
-              "description": "Number of storage processes (determines cluster size)",
+              "description": "Number of storage processes (determines cluster size).",
              "type": "integer",
              "default": 3
            }
          }
        },
        "redundancyMode": {
-          "description": "Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)",
+          "description": "Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback).",
          "type": "string",
          "default": "double"
        },
        "storageEngine": {
-          "description": "Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)",
+          "description": "Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory).",
          "type": "string",
          "default": "ssd-2"
        },
        "version": {
-          "description": "Version of FoundationDB to use",
+          "description": "Version of FoundationDB to use.",
          "type": "string",
          "default": "7.3.63"
        }
      }
    },
    "customParameters": {
-      "description": "Custom parameters to pass to FoundationDB",
+      "description": "Custom parameters to pass to FoundationDB.",
      "type": "array",
      "default": [],
      "items": {
@@ -160,7 +164,7 @@
      }
    },
    "imageType": {
-      "description": "Container image deployment type",
+      "description": "Container image deployment type.",
      "type": "string",
      "default": "unified",
      "enum": [
@@ -169,7 +173,7 @@
      ]
    },
    "monitoring": {
-      "description": "Monitoring configuration",
+      "description": "Monitoring configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -177,19 +181,19 @@
      ],
      "properties": {
        "enabled": {
-          "description": "Enable WorkloadMonitor integration",
+          "description": "Enable WorkloadMonitor integration.",
          "type": "boolean",
          "default": true
        }
      }
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each FoundationDB instance. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each instance",
+          "description": "CPU available to each instance.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -202,7 +206,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each instance",
+          "description": "Memory (RAM) available to each instance.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -217,7 +221,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "medium",
      "enum": [
@@ -229,7 +233,7 @@
      ]
    },
    "securityContext": {
-      "description": "Security context for containers",
+      "description": "Security context for containers.",
      "type": "object",
      "default": {},
      "required": [
@@ -238,19 +242,19 @@
      ],
      "properties": {
        "runAsGroup": {
-          "description": "Group ID to run the container",
+          "description": "Group ID to run the container.",
          "type": "integer",
          "default": 4059
        },
        "runAsUser": {
-          "description": "User ID to run the container",
+          "description": "User ID to run the container.",
          "type": "integer",
          "default": 4059
        }
      }
    },
    "storage": {
-      "description": "Storage configuration",
+      "description": "Storage configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -259,7 +263,7 @@
      ],
      "properties": {
        "size": {
-          "description": "Size of persistent volumes for each instance",
+          "description": "Size of persistent volumes for each instance.",
          "default": "16Gi",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
@@ -273,8 +277,9 @@
          "x-kubernetes-int-or-string": true
        },
        "storageClass": {
-          "description": "Storage class (if not set, uses cluster default)",
-          "type": "string"
+          "description": "Storage class (if not set, uses cluster default).",
+          "type": "string",
+          "default": ""
        }
      }
    }
--- a/packages/apps/foundationdb/values.yaml
+++ b/packages/apps/foundationdb/values.yaml
@@ -1,61 +1,80 @@
-# Default values for foundationdb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
+##
 ## @section Common parameters
 ##
-## @param cluster {cluster} Cluster configuration
-## @field cluster.processCounts {clusterProcessCounts} Process counts for different roles
-## @field clusterProcessCounts.stateless {int} Number of stateless processes (-1 for automatic)
-## @field clusterProcessCounts.storage {int} Number of storage processes (determines cluster size)
-## @field clusterProcessCounts.cluster_controller {int} Number of cluster controller processes
-## @field cluster.version {string} Version of FoundationDB to use
-## @field cluster.redundancyMode {string} Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback)
-## @field cluster.storageEngine {string} Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory)
-## @field cluster.faultDomain {clusterFaultDomain} Fault domain configuration
-## @field clusterFaultDomain.key {string} Fault domain key
-## @field clusterFaultDomain.valueFrom {string} Fault domain value source
+
+## @typedef {struct} ClusterProcessCounts - Process counts for different roles.
+## @field {int} stateless - Number of stateless processes (-1 for automatic).
+## @field {int} storage - Number of storage processes (determines cluster size).
+## @field {int} cluster_controller - Number of cluster controller processes.
+
+## @typedef {struct} ClusterFaultDomain - Fault domain configuration.
+## @field {string} key - Fault domain key.
+## @field {string} valueFrom - Fault domain value source.
+
+## @typedef {struct} Cluster - Cluster configuration.
+## @field {ClusterProcessCounts} processCounts - Process counts for different roles.
+## @field {string} version - Version of FoundationDB to use.
+## @field {string} redundancyMode - Database redundancy mode (single, double, triple, three_datacenter, three_datacenter_fallback).
+## @field {string} storageEngine - Storage engine (ssd-2, ssd-redwood-v1, ssd-rocksdb-v1, memory).
+## @field {ClusterFaultDomain} faultDomain - Fault domain configuration.
+
+## @param {Cluster} cluster - Cluster configuration.
 cluster:
  processCounts:
-    stateless: -1  # Automatically calculated
-    storage: 3     # Number of storage processes (determines cluster size)
+    stateless: -1
+    storage: 3
    cluster_controller: 1

  version: "7.3.63"
-  redundancyMode: "double"  # Database redundancy mode
-  storageEngine: "ssd-2"    # Storage engine
+  redundancyMode: "double"
+  storageEngine: "ssd-2"

  faultDomain:
    key: "kubernetes.io/hostname"
    valueFrom: "spec.nodeName"

-## @param storage {storage} Storage configuration
-## @field storage.size {quantity} Size of persistent volumes for each instance
-## @field storage.storageClass {string} Storage class (if not set, uses cluster default)
+## @typedef {struct} Storage - Storage configuration.
+## @field {quantity} size - Size of persistent volumes for each instance.
+## @field {string} storageClass - Storage class (if not set, uses cluster default).
+
+## @param {Storage} storage - Storage configuration.
 storage:
  size: "16Gi"
  storageClass: ""

-## @param resources {*resources} Explicit CPU and memory configuration for each FoundationDB instance. When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each instance
-## @field resources.memory {*quantity} Memory (RAM) available to each instance
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each FoundationDB instance.
+## @field {quantity} [cpu] - CPU available to each instance.
+## @field {quantity} [memory] - Memory (RAM) available to each instance.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each FoundationDB instance. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}
-  # resources:
-  #   cpu: 2000m
-  #   memory: 4Gi
-## @param resourcesPreset {string enum:"small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+
+## @param {ResourcesPreset} resourcesPreset="medium" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "medium"

-## @param backup {backup} Backup configuration
-## @field backup.enabled {bool} Enable backups
-## @field backup.s3 {backupS3} S3 configuration for backups
-## @field backupS3.bucket {string} S3 bucket name
-## @field backupS3.endpoint {string} S3 endpoint URL
-## @field backupS3.region {string} S3 region
-## @field backupS3.credentials {backupS3Credentials} S3 credentials
-## @field backupS3Credentials.accessKeyId {string} S3 access key ID
-## @field backupS3Credentials.secretAccessKey {string} S3 secret access key
-## @field backup.retentionPolicy {string} Retention policy for backups
+## @typedef {struct} BackupS3Credentials - S3 credentials.
+## @field {string} accessKeyId - S3 access key ID.
+## @field {string} secretAccessKey - S3 secret access key.
+
+## @typedef {struct} BackupS3 - S3 configuration for backups.
+## @field {string} bucket - S3 bucket name.
+## @field {string} endpoint - S3 endpoint URL.
+## @field {string} region - S3 region.
+## @field {BackupS3Credentials} credentials - S3 credentials.
+
+## @typedef {struct} Backup - Backup configuration.
+## @field {bool} enabled - Enable backups.
+## @field {BackupS3} s3 - S3 configuration for backups.
+## @field {string} retentionPolicy - Retention policy for backups.
+
+## @param {Backup} backup - Backup configuration.
 backup:
  enabled: false
  s3:
@@ -67,27 +86,35 @@ backup:
      secretAccessKey: ""
  retentionPolicy: "7d"

-## @param monitoring {monitoring} Monitoring configuration
-## @field monitoring.enabled {bool} Enable WorkloadMonitor integration
+## @typedef {struct} Monitoring - Monitoring configuration.
+## @field {bool} enabled - Enable WorkloadMonitor integration.
+
+## @param {Monitoring} monitoring - Monitoring configuration.
 monitoring:
  enabled: true

+##
 ## @section FoundationDB configuration
 ##
-## @param customParameters {[]string} Custom parameters to pass to FoundationDB
-customParameters: []
-# Example:
-# - knob_disable_posix_kernel_aio=1

-## @param imageType {string enum:"unified,split"} Container image deployment type
+## @param {[]string} customParameters - Custom parameters to pass to FoundationDB.
+customParameters: []
+
+## @enum {string} ImageType - Container image deployment type.
+## @value unified
+## @value split
+
+## @param {ImageType} imageType="unified" - Container image deployment type.
 imageType: "unified"

-## @param securityContext {securityContext} Security context for containers
-## @field securityContext.runAsUser {int} User ID to run the container
-## @field securityContext.runAsGroup {int} Group ID to run the container
+## @typedef {struct} SecurityContext - Security context for containers.
+## @field {int} runAsUser - User ID to run the container.
+## @field {int} runAsGroup - Group ID to run the container.
+
+## @param {SecurityContext} securityContext - Security context for containers.
 securityContext:
  runAsUser: 4059
  runAsGroup: 4059

-## @param automaticReplacements {bool} Enable automatic pod replacements
-automaticReplacements: true
+## @param {bool} automaticReplacements - Enable automatic pod replacements.
+automaticReplacements: true
--- a/packages/apps/http-cache/README.md
+++ b/packages/apps/http-cache/README.md
@@ -62,40 +62,40 @@ The deployment architecture is illustrated in the diagram below:

 | Name           | Description                                                  | Type       | Value   |
 | -------------- | ------------------------------------------------------------ | ---------- | ------- |
-| `size`         | Persistent Volume Claim size, available for application data | `quantity` | `10Gi`  |
-| `storageClass` | StorageClass used to store the data                          | `string`   | `""`    |
-| `external`     | Enable external access from outside the cluster              | `bool`     | `false` |
+| `size`         | Persistent Volume Claim size available for application data. | `quantity` | `10Gi`  |
+| `storageClass` | StorageClass used to store the data.                         | `string`   | `""`    |
+| `external`     | Enable external access from outside the cluster.             | `bool`     | `false` |


 ### Application-specific parameters

-| Name        | Description                                     | Type       | Value |
-| ----------- | ----------------------------------------------- | ---------- | ----- |
-| `endpoints` | Endpoints configuration, as a list of <ip:port> | `[]string` | `[]`  |
+| Name        | Description                                      | Type       | Value |
+| ----------- | ------------------------------------------------ | ---------- | ----- |
+| `endpoints` | Endpoints configuration, as a list of <ip:port>. | `[]string` | `[]`  |


 ### HAProxy parameters

-| Name                       | Description                                                                                                                               | Type        | Value  |
-| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------ |
-| `haproxy`                  | HAProxy configuration                                                                                                                     | `object`    | `{}`   |
-| `haproxy.replicas`         | Number of HAProxy replicas                                                                                                                | `int`       | `2`    |
-| `haproxy.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `object`    | `{}`   |
-| `haproxy.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null` |
-| `haproxy.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null` |
-| `haproxy.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano` |
+| Name                       | Description                                                                                              | Type       | Value  |
+| -------------------------- | -------------------------------------------------------------------------------------------------------- | ---------- | ------ |
+| `haproxy`                  | HAProxy configuration.                                                                                   | `object`   | `{}`   |
+| `haproxy.replicas`         | Number of HAProxy replicas.                                                                              | `int`      | `2`    |
+| `haproxy.resources`        | Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`   |
+| `haproxy.resources.cpu`    | CPU available to each replica.                                                                           | `quantity` | `""`   |
+| `haproxy.resources.memory` | Memory (RAM) available to each replica.                                                                  | `quantity` | `""`   |
+| `haproxy.resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                  | `string`   | `nano` |


 ### Nginx parameters

-| Name                     | Description                                                                                                                               | Type        | Value  |
-| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------ |
-| `nginx`                  | Nginx configuration                                                                                                                       | `object`    | `{}`   |
-| `nginx.replicas`         | Number of Nginx replicas                                                                                                                  | `int`       | `2`    |
-| `nginx.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `*object`   | `null` |
-| `nginx.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null` |
-| `nginx.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null` |
-| `nginx.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano` |
+| Name                     | Description                                                                                              | Type       | Value  |
+| ------------------------ | -------------------------------------------------------------------------------------------------------- | ---------- | ------ |
+| `nginx`                  | Nginx configuration.                                                                                     | `object`   | `{}`   |
+| `nginx.replicas`         | Number of Nginx replicas.                                                                                | `int`      | `2`    |
+| `nginx.resources`        | Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`   |
+| `nginx.resources.cpu`    | CPU available to each replica.                                                                           | `quantity` | `""`   |
+| `nginx.resources.memory` | Memory (RAM) available to each replica.                                                                  | `quantity` | `""`   |
+| `nginx.resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                  | `string`   | `nano` |


 ## Parameter examples and reference
--- a/packages/apps/http-cache/templates/workloadmonitor.yaml
+++ b/packages/apps/http-cache/templates/workloadmonitor.yaml
@@ -1,39 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-haproxy
-spec:
-  replicas: {{ .Values.haproxy.replicas }}
-  minReplicas: 1
-  kind: http-cache
-  type: http-cache
-  selector:
-    app: {{ $.Release.Name }}-haproxy
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-nginx
-spec:
-  replicas: {{ .Values.nginx.replicas }}
-  minReplicas: 1
-  kind: http-cache
-  type: http-cache
-  selector:
-    app: {{ $.Release.Name }}-nginx-cache
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: http-cache
-  type: http-cache
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/http-cache/values.schema.json
+++ b/packages/apps/http-cache/values.schema.json
@@ -3,7 +3,7 @@
  "type": "object",
  "properties": {
    "endpoints": {
-      "description": "Endpoints configuration, as a list of \u003cip:port\u003e",
+      "description": "Endpoints configuration, as a list of \u003cip:port\u003e.",
      "type": "array",
      "default": [],
      "items": {
@@ -11,32 +11,31 @@
      }
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "haproxy": {
-      "description": "HAProxy configuration",
+      "description": "HAProxy configuration.",
      "type": "object",
      "default": {},
      "required": [
        "replicas",
-        "resources",
        "resourcesPreset"
      ],
      "properties": {
        "replicas": {
-          "description": "Number of HAProxy replicas",
+          "description": "Number of HAProxy replicas.",
          "type": "integer",
          "default": 2
        },
        "resources": {
-          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "description": "Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.",
          "type": "object",
          "default": {},
          "properties": {
            "cpu": {
-              "description": "CPU available to each replica",
+              "description": "CPU available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -49,7 +48,7 @@
              "x-kubernetes-int-or-string": true
            },
            "memory": {
-              "description": "Memory (RAM) available to each replica",
+              "description": "Memory (RAM) available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -64,7 +63,7 @@
          }
        },
        "resourcesPreset": {
-          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "description": "Default sizing preset used when `resources` is omitted.",
          "type": "string",
          "default": "nano",
          "enum": [
@@ -80,7 +79,7 @@
      }
    },
    "nginx": {
-      "description": "Nginx configuration",
+      "description": "Nginx configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -89,17 +88,17 @@
      ],
      "properties": {
        "replicas": {
-          "description": "Number of Nginx replicas",
+          "description": "Number of Nginx replicas.",
          "type": "integer",
          "default": 2
        },
        "resources": {
-          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "description": "Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.",
          "type": "object",
          "default": {},
          "properties": {
            "cpu": {
-              "description": "CPU available to each replica",
+              "description": "CPU available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -112,7 +111,7 @@
              "x-kubernetes-int-or-string": true
            },
            "memory": {
-              "description": "Memory (RAM) available to each replica",
+              "description": "Memory (RAM) available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -127,7 +126,7 @@
          }
        },
        "resourcesPreset": {
-          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "description": "Default sizing preset used when `resources` is omitted.",
          "type": "string",
          "default": "nano",
          "enum": [
@@ -143,7 +142,7 @@
      }
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "10Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -157,8 +156,9 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    }
  }
 }
--- a/packages/apps/http-cache/values.yaml
+++ b/packages/apps/http-cache/values.yaml
@@ -1,14 +1,22 @@
+##
 ## @section Common parameters
 ##
-## @param size {quantity} Persistent Volume Claim size, available for application data
-size: 10Gi
-## @param storageClass {string} StorageClass used to store the data
-storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
-external: false
-## @section Application-specific parameters

-## @param endpoints {[]string} Endpoints configuration, as a list of <ip:port>
+## @param {quantity} size - Persistent Volume Claim size available for application data.
+size: 10Gi
+
+## @param {string} storageClass - StorageClass used to store the data.
+storageClass: ""
+
+## @param {bool} external - Enable external access from outside the cluster.
+external: false
+
+##
+## @section Application-specific parameters
+##
+
+## @param {[]string} endpoints - Endpoints configuration, as a list of <ip:port>.
+endpoints: []
 ## Example:
 ## endpoints:
 ##   - 10.100.3.1:80
@@ -17,37 +25,46 @@ external: false
 ##   - 10.100.3.12:80
 ##   - 10.100.3.3:80
 ##   - 10.100.3.13:80
+
 ##
-endpoints: []
-
-
 ## @section HAProxy parameters
 ##
-## @param haproxy {haproxy} HAProxy configuration
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @typedef {struct} HAProxy - HAProxy configuration.
+## @field {int} replicas - Number of HAProxy replicas.
+## @field {Resources} [resources] - Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
+## @field {ResourcesPreset} resourcesPreset - Default sizing preset used when `resources` is omitted.
+
+## @param {HAProxy} haproxy - HAProxy configuration.
 haproxy:
-  ## @field haproxy.replicas {int} Number of HAProxy replicas
  replicas: 2
-  ## @field haproxy.resources {resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  ## @field resources.cpu {*quantity} CPU available to each replica
-  ## @field resources.memory {*quantity} Memory (RAM) available to each replica
  resources: {}
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-  ## @field haproxy.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "nano"

+##
 ## @section Nginx parameters
 ##
-## @param nginx {nginx} Nginx configuration
-nginx:
-  ## @field nginx.replicas {int} Number of Nginx replicas
-  replicas: 2
-  ## @field nginx.resources {*resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-  resources: {}

-  ## @field nginx.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+## @typedef {struct} Nginx - Nginx configuration.
+## @field {int} replicas - Number of Nginx replicas.
+## @field {Resources} [resources] - Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
+## @field {ResourcesPreset} resourcesPreset - Default sizing preset used when `resources` is omitted.
+
+## @param {Nginx} nginx - Nginx configuration.
+nginx:
+  replicas: 2
+  resources: {}
  resourcesPreset: "nano"
--- a/packages/apps/kafka/README.md
+++ b/packages/apps/kafka/README.md
@@ -4,48 +4,48 @@

 ### Common parameters

-| Name       | Description                                     | Type   | Value   |
-| ---------- | ----------------------------------------------- | ------ | ------- |
-| `external` | Enable external access from outside the cluster | `bool` | `false` |
+| Name       | Description                                      | Type   | Value   |
+| ---------- | ------------------------------------------------ | ------ | ------- |
+| `external` | Enable external access from outside the cluster. | `bool` | `false` |


 ### Application-specific parameters

-| Name                   | Description          | Type       | Value |
-| ---------------------- | -------------------- | ---------- | ----- |
-| `topics`               | Topics configuration | `[]object` | `[]`  |
-| `topics[i].name`       | Topic name           | `string`   | `""`  |
-| `topics[i].partitions` | Number of partitions | `int`      | `0`   |
-| `topics[i].replicas`   | Number of replicas   | `int`      | `0`   |
-| `topics[i].config`     | Topic configuration  | `object`   | `{}`  |
+| Name                   | Description           | Type       | Value |
+| ---------------------- | --------------------- | ---------- | ----- |
+| `topics`               | Topics configuration. | `[]object` | `[]`  |
+| `topics[i].name`       | Topic name.           | `string`   | `""`  |
+| `topics[i].partitions` | Number of partitions. | `int`      | `0`   |
+| `topics[i].replicas`   | Number of replicas.   | `int`      | `0`   |
+| `topics[i].config`     | Topic configuration.  | `object`   | `{}`  |


 ### Kafka configuration

-| Name                     | Description                                                                                                                               | Type        | Value   |
-| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `kafka`                  | Kafka configuration                                                                                                                       | `object`    | `{}`    |
-| `kafka.replicas`         | Number of Kafka replicas                                                                                                                  | `int`       | `3`     |
-| `kafka.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `*object`   | `null`  |
-| `kafka.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `kafka.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `kafka.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `small` |
-| `kafka.size`             | Persistent Volume size for Kafka                                                                                                          | `quantity`  | `10Gi`  |
-| `kafka.storageClass`     | StorageClass used to store the Kafka data                                                                                                 | `string`    | `""`    |
+| Name                     | Description                                                                                              | Type       | Value   |
+| ------------------------ | -------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `kafka`                  | Kafka configuration.                                                                                     | `object`   | `{}`    |
+| `kafka.replicas`         | Number of Kafka replicas.                                                                                | `int`      | `3`     |
+| `kafka.resources`        | Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `kafka.resources.cpu`    | CPU available to each replica.                                                                           | `quantity` | `""`    |
+| `kafka.resources.memory` | Memory (RAM) available to each replica.                                                                  | `quantity` | `""`    |
+| `kafka.resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                  | `string`   | `small` |
+| `kafka.size`             | Persistent Volume size for Kafka.                                                                        | `quantity` | `10Gi`  |
+| `kafka.storageClass`     | StorageClass used to store the Kafka data.                                                               | `string`   | `""`    |


-### Zookeeper configuration
+### ZooKeeper configuration

-| Name                         | Description                                                                                                                               | Type        | Value   |
-| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `zookeeper`                  | Zookeeper configuration                                                                                                                   | `object`    | `{}`    |
-| `zookeeper.replicas`         | Number of ZooKeeper replicas                                                                                                              | `int`       | `3`     |
-| `zookeeper.resources`        | Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.              | `*object`   | `null`  |
-| `zookeeper.resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `zookeeper.resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `zookeeper.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `small` |
-| `zookeeper.size`             | Persistent Volume size for ZooKeeper                                                                                                      | `quantity`  | `5Gi`   |
-| `zookeeper.storageClass`     | StorageClass used to store the ZooKeeper data                                                                                             | `string`    | `""`    |
+| Name                         | Description                                                                                              | Type       | Value   |
+| ---------------------------- | -------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `zookeeper`                  | ZooKeeper configuration.                                                                                 | `object`   | `{}`    |
+| `zookeeper.replicas`         | Number of ZooKeeper replicas.                                                                            | `int`      | `3`     |
+| `zookeeper.resources`        | Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `zookeeper.resources.cpu`    | CPU available to each replica.                                                                           | `quantity` | `""`    |
+| `zookeeper.resources.memory` | Memory (RAM) available to each replica.                                                                  | `quantity` | `""`    |
+| `zookeeper.resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                  | `string`   | `small` |
+| `zookeeper.size`             | Persistent Volume size for ZooKeeper.                                                                    | `quantity` | `5Gi`   |
+| `zookeeper.storageClass`     | StorageClass used to store the ZooKeeper data.                                                           | `string`   | `""`    |


 ## Parameter examples and reference
--- a/packages/apps/kafka/templates/workloadmonitor.yaml
+++ b/packages/apps/kafka/templates/workloadmonitor.yaml
@@ -1,30 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: kafka
-  type: kafka
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-    app.kubernetes.io/name: kafka
-  version: {{ $.Chart.Version }}
-
---
-
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-zookeeper
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: kafka
-  type: zookeeper
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-    app.kubernetes.io/name: zookeeper
-  version: {{ $.Chart.Version }}
--- a/packages/apps/kafka/values.schema.json
+++ b/packages/apps/kafka/values.schema.json
@@ -3,12 +3,12 @@
  "type": "object",
  "properties": {
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "kafka": {
-      "description": "Kafka configuration",
+      "description": "Kafka configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -19,17 +19,17 @@
      ],
      "properties": {
        "replicas": {
-          "description": "Number of Kafka replicas",
+          "description": "Number of Kafka replicas.",
          "type": "integer",
          "default": 3
        },
        "resources": {
-          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "description": "Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.",
          "type": "object",
          "default": {},
          "properties": {
            "cpu": {
-              "description": "CPU available to each replica",
+              "description": "CPU available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -42,7 +42,7 @@
              "x-kubernetes-int-or-string": true
            },
            "memory": {
-              "description": "Memory (RAM) available to each replica",
+              "description": "Memory (RAM) available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -57,7 +57,7 @@
          }
        },
        "resourcesPreset": {
-          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "description": "Default sizing preset used when `resources` is omitted.",
          "type": "string",
          "default": "small",
          "enum": [
@@ -71,7 +71,7 @@
          ]
        },
        "size": {
-          "description": "Persistent Volume size for Kafka",
+          "description": "Persistent Volume size for Kafka.",
          "default": "10Gi",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
@@ -85,13 +85,14 @@
          "x-kubernetes-int-or-string": true
        },
        "storageClass": {
-          "description": "StorageClass used to store the Kafka data",
-          "type": "string"
+          "description": "StorageClass used to store the Kafka data.",
+          "type": "string",
+          "default": ""
        }
      }
    },
    "topics": {
-      "description": "Topics configuration",
+      "description": "Topics configuration.",
      "type": "array",
      "default": [],
      "items": {
@@ -104,27 +105,27 @@
        ],
        "properties": {
          "config": {
-            "description": "Topic configuration",
+            "description": "Topic configuration.",
            "type": "object",
            "x-kubernetes-preserve-unknown-fields": true
          },
          "name": {
-            "description": "Topic name",
+            "description": "Topic name.",
            "type": "string"
          },
          "partitions": {
-            "description": "Number of partitions",
+            "description": "Number of partitions.",
            "type": "integer"
          },
          "replicas": {
-            "description": "Number of replicas",
+            "description": "Number of replicas.",
            "type": "integer"
          }
        }
      }
    },
    "zookeeper": {
-      "description": "Zookeeper configuration",
+      "description": "ZooKeeper configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -135,17 +136,17 @@
      ],
      "properties": {
        "replicas": {
-          "description": "Number of ZooKeeper replicas",
+          "description": "Number of ZooKeeper replicas.",
          "type": "integer",
          "default": 3
        },
        "resources": {
-          "description": "Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+          "description": "Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.",
          "type": "object",
          "default": {},
          "properties": {
            "cpu": {
-              "description": "CPU available to each replica",
+              "description": "CPU available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -158,7 +159,7 @@
              "x-kubernetes-int-or-string": true
            },
            "memory": {
-              "description": "Memory (RAM) available to each replica",
+              "description": "Memory (RAM) available to each replica.",
              "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
              "anyOf": [
                {
@@ -173,7 +174,7 @@
          }
        },
        "resourcesPreset": {
-          "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+          "description": "Default sizing preset used when `resources` is omitted.",
          "type": "string",
          "default": "small",
          "enum": [
@@ -187,7 +188,7 @@
          ]
        },
        "size": {
-          "description": "Persistent Volume size for ZooKeeper",
+          "description": "Persistent Volume size for ZooKeeper.",
          "default": "5Gi",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
@@ -201,8 +202,9 @@
          "x-kubernetes-int-or-string": true
        },
        "storageClass": {
-          "description": "StorageClass used to store the ZooKeeper data",
-          "type": "string"
+          "description": "StorageClass used to store the ZooKeeper data.",
+          "type": "string",
+          "default": ""
        }
      }
    }
--- a/packages/apps/kafka/values.yaml
+++ b/packages/apps/kafka/values.yaml
@@ -1,17 +1,22 @@
+##
 ## @section Common parameters
 ##
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

-
+##
 ## @section Application-specific parameters
 ##
-## @param topics {[]topic} Topics configuration
-## @field topic {topic} Topic
-## @field topic.name {string} Topic name
-## @field topic.partitions {int} Number of partitions
-## @field topic.replicas {int} Number of replicas
-## @field topic.config {object} Topic configuration
+
+## @typedef {struct} Topic - Topic configuration.
+## @field {string} name - Topic name.
+## @field {int} partitions - Number of partitions.
+## @field {int} replicas - Number of replicas.
+## @field {object} config - Topic configuration.
+
+## @param {[]Topic} topics - Topics configuration.
+topics: []
 ## Example:
 ## topics:
 ##   - name: Results
@@ -27,46 +32,54 @@ external: false
 ##       min.insync.replicas: 2
 ##     partitions: 1
 ##     replicas: 3
-##
-topics: []

+##
 ## @section Kafka configuration
 ##
-## @param kafka {kafka} Kafka configuration
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @typedef {struct} Kafka - Kafka configuration.
+## @field {int} replicas - Number of Kafka replicas.
+## @field {Resources} [resources] - Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
+## @field {ResourcesPreset} resourcesPreset - Default sizing preset used when `resources` is omitted.
+## @field {quantity} size - Persistent Volume size for Kafka.
+## @field {string} storageClass - StorageClass used to store the Kafka data.
+
+## @param {Kafka} kafka - Kafka configuration.
 kafka:
-  ## @field kafka.replicas {int} Number of Kafka replicas
  replicas: 3
-  ## @field kafka.resources {*resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  ## @field resources.cpu {*quantity} CPU available to each replica
-  ## @field resources.memory {*quantity} Memory (RAM) available to each replica
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
  resources: {}
-  ## @field kafka.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "small"
-  ## @field kafka.size {quantity} Persistent Volume size for Kafka
  size: 10Gi
-  ## @field kafka.storageClass {string} StorageClass used to store the Kafka data
  storageClass: ""

-
-## @section Zookeeper configuration
 ##
-## @param zookeeper {zookeeper} Zookeeper configuration
+## @section ZooKeeper configuration
+##
+
+## @typedef {struct} ZooKeeper - ZooKeeper configuration.
+## @field {int} replicas - Number of ZooKeeper replicas.
+## @field {Resources} [resources] - Explicit CPU and memory configuration. When omitted, the preset defined in `resourcesPreset` is applied.
+## @field {ResourcesPreset} resourcesPreset - Default sizing preset used when `resources` is omitted.
+## @field {quantity} size - Persistent Volume size for ZooKeeper.
+## @field {string} storageClass - StorageClass used to store the ZooKeeper data.
+
+## @param {ZooKeeper} zookeeper - ZooKeeper configuration.
 zookeeper:
-  ## @field zookeeper.replicas {int} Number of ZooKeeper replicas
  replicas: 3
-  ## @field zookeeper.resources {*resources} Explicit CPU and memory configuration for each replica. When left empty, the preset defined in `resourcesPreset` is applied.
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
  resources: {}
-
-  ## @field zookeeper.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
  resourcesPreset: "small"
-  ## @field zookeeper.size {quantity} Persistent Volume size for ZooKeeper
  size: 5Gi
-  ## @field zookeeper.storageClass {string} StorageClass used to store the ZooKeeper data
  storageClass: ""
-
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -84,92 +84,92 @@ See the reference for components utilized in this service:

 ### Common Parameters

-| Name           | Description                         | Type     | Value        |
-| -------------- | ----------------------------------- | -------- | ------------ |
-| `storageClass` | StorageClass used to store the data | `string` | `replicated` |
+| Name           | Description                          | Type     | Value        |
+| -------------- | ------------------------------------ | -------- | ------------ |
+| `storageClass` | StorageClass used to store the data. | `string` | `replicated` |


-### Application-specific parameters
+### Application-specific Parameters

-| Name                                | Description                                                                                                       | Type                | Value       |
-| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- | ----------- |
-| `version`                           | Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.                               | `string`            | `v1.33`     |
-| `host`                              | Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty. | `string`            | `""`        |
-| `nodeGroups`                        | Worker nodes configuration                                                                                        | `map[string]object` | `{...}`     |
-| `nodeGroups[name].minReplicas`      | Minimum amount of replicas                                                                                        | `int`               | `0`         |
-| `nodeGroups[name].maxReplicas`      | Maximum amount of replicas                                                                                        | `int`               | `10`        |
-| `nodeGroups[name].instanceType`     | Virtual machine instance type                                                                                     | `string`            | `u1.medium` |
-| `nodeGroups[name].ephemeralStorage` | Ephemeral storage size                                                                                            | `quantity`          | `20Gi`      |
-| `nodeGroups[name].roles`            | List of node's roles                                                                                              | `[]string`          | `[]`        |
-| `nodeGroups[name].resources`        | Resources available to each worker node                                                                           | `object`            | `{}`        |
-| `nodeGroups[name].resources.cpu`    | CPU available to each worker node                                                                                 | `*quantity`         | `null`      |
-| `nodeGroups[name].resources.memory` | Memory (RAM) available to each worker node                                                                        | `*quantity`         | `null`      |
-| `nodeGroups[name].gpus`             | List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)                                       | `[]object`          | `{}`        |
-| `nodeGroups[name].gpus[i].name`     | Name of GPU, such as "nvidia.com/AD102GL_L40S"                                                                    | `string`            | `""`        |
+| Name                                | Description                                                                                    | Type                | Value       |
+| ----------------------------------- | ---------------------------------------------------------------------------------------------- | ------------------- | ----------- |
+| `nodeGroups`                        | Worker nodes configuration map.                                                                | `map[string]object` | `{...}`     |
+| `nodeGroups[name].minReplicas`      | Minimum number of replicas.                                                                    | `int`               | `0`         |
+| `nodeGroups[name].maxReplicas`      | Maximum number of replicas.                                                                    | `int`               | `10`        |
+| `nodeGroups[name].instanceType`     | Virtual machine instance type.                                                                 | `string`            | `u1.medium` |
+| `nodeGroups[name].ephemeralStorage` | Ephemeral storage size.                                                                        | `quantity`          | `20Gi`      |
+| `nodeGroups[name].roles`            | List of node roles.                                                                            | `[]string`          | `[]`        |
+| `nodeGroups[name].resources`        | CPU and memory resources for each worker node.                                                 | `object`            | `{}`        |
+| `nodeGroups[name].resources.cpu`    | CPU available.                                                                                 | `quantity`          | `""`        |
+| `nodeGroups[name].resources.memory` | Memory (RAM) available.                                                                        | `quantity`          | `""`        |
+| `nodeGroups[name].gpus`             | List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).                            | `[]object`          | `[]`        |
+| `nodeGroups[name].gpus[i].name`     | Name of GPU, such as "nvidia.com/AD102GL_L40S".                                                | `string`            | `""`        |
+| `version`                           | Kubernetes version (vMAJOR.MINOR). Supported: 1.28–1.33.                                     | `string`            | `v1.33`     |
+| `host`                              | External hostname for Kubernetes cluster. Defaults to `<cluster-name>.<tenant-host>` if empty. | `string`            | `""`        |


 ### Cluster Addons

-| Name                                          | Description                                                                                                                                                                       | Type       | Value     |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | --------- |
-| `addons`                                      | Cluster addons configuration                                                                                                                                                      | `object`   | `{}`      |
-| `addons.certManager`                          | Cert-manager: automatically creates and manages SSL/TLS certificate                                                                                                               | `object`   | `{}`      |
-| `addons.certManager.enabled`                  | Enable cert-manager, which automatically creates and manages SSL/TLS certificates.                                                                                                | `bool`     | `false`   |
-| `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.cilium`                               | Cilium CNI plugin                                                                                                                                                                 | `object`   | `{}`      |
-| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.gatewayAPI`                           | Gateway API                                                                                                                                                                       | `object`   | `{}`      |
-| `addons.gatewayAPI.enabled`                   | Enable the Gateway API                                                                                                                                                            | `bool`     | `false`   |
-| `addons.ingressNginx`                         | Ingress-NGINX Controller                                                                                                                                                          | `object`   | `{}`      |
-| `addons.ingressNginx.enabled`                 | Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).                                                                                       | `bool`     | `false`   |
-| `addons.ingressNginx.exposeMethod`            | Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.                                                                                         | `string`   | `Proxied` |
-| `addons.ingressNginx.hosts`                   | List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.                                | `[]string` | `[]`      |
-| `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.gpuOperator`                          | GPU-operator: NVIDIA GPU Operator                                                                                                                                                 | `object`   | `{}`      |
-| `addons.gpuOperator.enabled`                  | Enable the GPU-operator                                                                                                                                                           | `bool`     | `false`   |
-| `addons.gpuOperator.valuesOverride`           | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.fluxcd`                               | Flux CD                                                                                                                                                                           | `object`   | `{}`      |
-| `addons.fluxcd.enabled`                       | Enable FluxCD                                                                                                                                                                     | `bool`     | `false`   |
-| `addons.fluxcd.valuesOverride`                | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.monitoringAgents`                     | MonitoringAgents                                                                                                                                                                  | `object`   | `{}`      |
-| `addons.monitoringAgents.enabled`             | Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage. | `bool`     | `false`   |
-| `addons.monitoringAgents.valuesOverride`      | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.verticalPodAutoscaler`                | VerticalPodAutoscaler                                                                                                                                                             | `object`   | `{}`      |
-| `addons.verticalPodAutoscaler.valuesOverride` | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.velero`                               | Velero                                                                                                                                                                            | `object`   | `{}`      |
-| `addons.velero.enabled`                       | Enable Velero for backup and recovery of a tenant Kubernetes cluster.                                                                                                             | `bool`     | `false`   |
-| `addons.velero.valuesOverride`                | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
-| `addons.coredns`                              | Coredns                                                                                                                                                                           | `object`   | `{}`      |
-| `addons.coredns.valuesOverride`               | Custom values to override                                                                                                                                                         | `object`   | `{}`      |
+| Name                                          | Description                                                                 | Type       | Value     |
+| --------------------------------------------- | --------------------------------------------------------------------------- | ---------- | --------- |
+| `addons`                                      | Cluster addons configuration.                                               | `object`   | `{}`      |
+| `addons.certManager`                          | Cert-manager addon.                                                         | `object`   | `{}`      |
+| `addons.certManager.enabled`                  | Enable cert-manager.                                                        | `bool`     | `false`   |
+| `addons.certManager.valuesOverride`           | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.cilium`                               | Cilium CNI plugin.                                                          | `object`   | `{}`      |
+| `addons.cilium.valuesOverride`                | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.gatewayAPI`                           | Gateway API addon.                                                          | `object`   | `{}`      |
+| `addons.gatewayAPI.enabled`                   | Enable Gateway API.                                                         | `bool`     | `false`   |
+| `addons.ingressNginx`                         | Ingress-NGINX controller.                                                   | `object`   | `{}`      |
+| `addons.ingressNginx.enabled`                 | Enable the controller (requires nodes labeled `ingress-nginx`).             | `bool`     | `false`   |
+| `addons.ingressNginx.exposeMethod`            | Method to expose the controller. Allowed values: `Proxied`, `LoadBalancer`. | `string`   | `Proxied` |
+| `addons.ingressNginx.hosts`                   | Domains routed to this tenant cluster when `exposeMethod` is `Proxied`.     | `[]string` | `[]`      |
+| `addons.ingressNginx.valuesOverride`          | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.gpuOperator`                          | NVIDIA GPU Operator.                                                        | `object`   | `{}`      |
+| `addons.gpuOperator.enabled`                  | Enable GPU Operator.                                                        | `bool`     | `false`   |
+| `addons.gpuOperator.valuesOverride`           | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.fluxcd`                               | FluxCD GitOps operator.                                                     | `object`   | `{}`      |
+| `addons.fluxcd.enabled`                       | Enable FluxCD.                                                              | `bool`     | `false`   |
+| `addons.fluxcd.valuesOverride`                | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.monitoringAgents`                     | Monitoring agents.                                                          | `object`   | `{}`      |
+| `addons.monitoringAgents.enabled`             | Enable monitoring agents.                                                   | `bool`     | `false`   |
+| `addons.monitoringAgents.valuesOverride`      | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.verticalPodAutoscaler`                | Vertical Pod Autoscaler.                                                    | `object`   | `{}`      |
+| `addons.verticalPodAutoscaler.valuesOverride` | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.velero`                               | Velero backup/restore addon.                                                | `object`   | `{}`      |
+| `addons.velero.enabled`                       | Enable Velero.                                                              | `bool`     | `false`   |
+| `addons.velero.valuesOverride`                | Custom Helm values overrides.                                               | `object`   | `{}`      |
+| `addons.coredns`                              | CoreDNS addon.                                                              | `object`   | `{}`      |
+| `addons.coredns.valuesOverride`               | Custom Helm values overrides.                                               | `object`   | `{}`      |


 ### Kubernetes Control Plane Configuration

-| Name                                                | Description                                                                                                                               | Type        | Value    |
-| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -------- |
-| `controlPlane`                                      | Control Plane Configuration                                                                                                               | `object`    | `{}`     |
-| `controlPlane.replicas`                             | Number of replicas for Kubernetes control plane components.                                                                               | `int`       | `2`      |
-| `controlPlane.apiServer`                            | Control plane API server configuration.                                                                                                   | `object`    | `{}`     |
-| `controlPlane.apiServer.resources`                  | Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.            | `object`    | `{}`     |
-| `controlPlane.apiServer.resources.cpu`              | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
-| `controlPlane.apiServer.resources.memory`           | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
-| `controlPlane.apiServer.resourcesPreset`            | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `medium` |
-| `controlPlane.controllerManager`                    | Controller Manager configuration.                                                                                                         | `object`    | `{}`     |
-| `controlPlane.controllerManager.resources`          | Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.    | `object`    | `{}`     |
-| `controlPlane.controllerManager.resources.cpu`      | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
-| `controlPlane.controllerManager.resources.memory`   | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
-| `controlPlane.controllerManager.resourcesPreset`    | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro`  |
-| `controlPlane.scheduler`                            | Scheduler configuration.                                                                                                                  | `object`    | `{}`     |
-| `controlPlane.scheduler.resources`                  | Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.             | `object`    | `{}`     |
-| `controlPlane.scheduler.resources.cpu`              | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
-| `controlPlane.scheduler.resources.memory`           | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
-| `controlPlane.scheduler.resourcesPreset`            | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro`  |
-| `controlPlane.konnectivity`                         | Konnectivity configuration.                                                                                                               | `object`    | `{}`     |
-| `controlPlane.konnectivity.server`                  | Konnectivity server configuration.                                                                                                        | `object`    | `{}`     |
-| `controlPlane.konnectivity.server.resources`        | Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.              | `object`    | `{}`     |
-| `controlPlane.konnectivity.server.resources.cpu`    | CPU available to each worker node                                                                                                         | `*quantity` | `null`   |
-| `controlPlane.konnectivity.server.resources.memory` | Memory (RAM) available to each worker node                                                                                                | `*quantity` | `null`   |
-| `controlPlane.konnectivity.server.resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro`  |
+| Name                                                | Description                                      | Type       | Value    |
+| --------------------------------------------------- | ------------------------------------------------ | ---------- | -------- |
+| `controlPlane`                                      | Kubernetes control-plane configuration.          | `object`   | `{}`     |
+| `controlPlane.replicas`                             | Number of control-plane replicas.                | `int`      | `2`      |
+| `controlPlane.apiServer`                            | API Server configuration.                        | `object`   | `{}`     |
+| `controlPlane.apiServer.resources`                  | CPU and memory resources for API Server.         | `object`   | `{}`     |
+| `controlPlane.apiServer.resources.cpu`              | CPU available.                                   | `quantity` | `""`     |
+| `controlPlane.apiServer.resources.memory`           | Memory (RAM) available.                          | `quantity` | `""`     |
+| `controlPlane.apiServer.resourcesPreset`            | Preset if `resources` omitted.                   | `string`   | `medium` |
+| `controlPlane.controllerManager`                    | Controller Manager configuration.                | `object`   | `{}`     |
+| `controlPlane.controllerManager.resources`          | CPU and memory resources for Controller Manager. | `object`   | `{}`     |
+| `controlPlane.controllerManager.resources.cpu`      | CPU available.                                   | `quantity` | `""`     |
+| `controlPlane.controllerManager.resources.memory`   | Memory (RAM) available.                          | `quantity` | `""`     |
+| `controlPlane.controllerManager.resourcesPreset`    | Preset if `resources` omitted.                   | `string`   | `micro`  |
+| `controlPlane.scheduler`                            | Scheduler configuration.                         | `object`   | `{}`     |
+| `controlPlane.scheduler.resources`                  | CPU and memory resources for Scheduler.          | `object`   | `{}`     |
+| `controlPlane.scheduler.resources.cpu`              | CPU available.                                   | `quantity` | `""`     |
+| `controlPlane.scheduler.resources.memory`           | Memory (RAM) available.                          | `quantity` | `""`     |
+| `controlPlane.scheduler.resourcesPreset`            | Preset if `resources` omitted.                   | `string`   | `micro`  |
+| `controlPlane.konnectivity`                         | Konnectivity configuration.                      | `object`   | `{}`     |
+| `controlPlane.konnectivity.server`                  | Konnectivity Server configuration.               | `object`   | `{}`     |
+| `controlPlane.konnectivity.server.resources`        | CPU and memory resources for Konnectivity.       | `object`   | `{}`     |
+| `controlPlane.konnectivity.server.resources.cpu`    | CPU available.                                   | `quantity` | `""`     |
+| `controlPlane.konnectivity.server.resources.memory` | Memory (RAM) available.                          | `quantity` | `""`     |
+| `controlPlane.konnectivity.server.resourcesPreset`  | Preset if `resources` omitted.                   | `string`   | `micro`  |


 ## Parameter examples and reference
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -147,7 +147,7 @@ spec:
    podAdditionalMetadata:
      labels:
        policy.cozystack.io/allow-to-etcd: "true"
-  replicas: 2
+  replicas: {{ .Values.controlPlane.replicas }}
  version: {{ include "kubernetes.versionMap" $ }}
 ---
 apiVersion: cozystack.io/v1alpha1
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -3,7 +3,7 @@
  "type": "object",
  "properties": {
    "addons": {
-      "description": "Cluster addons configuration",
+      "description": "Cluster addons configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -20,7 +20,7 @@
      ],
      "properties": {
        "certManager": {
-          "description": "Cert-manager: automatically creates and manages SSL/TLS certificate",
+          "description": "Cert-manager addon.",
          "type": "object",
          "default": {},
          "required": [
@@ -29,12 +29,12 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable cert-manager, which automatically creates and manages SSL/TLS certificates.",
+              "description": "Enable cert-manager.",
              "type": "boolean",
              "default": false
            },
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -42,7 +42,7 @@
          }
        },
        "cilium": {
-          "description": "Cilium CNI plugin",
+          "description": "Cilium CNI plugin.",
          "type": "object",
          "default": {},
          "required": [
@@ -50,7 +50,7 @@
          ],
          "properties": {
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -58,7 +58,7 @@
          }
        },
        "coredns": {
-          "description": "Coredns",
+          "description": "CoreDNS addon.",
          "type": "object",
          "default": {},
          "required": [
@@ -66,7 +66,7 @@
          ],
          "properties": {
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -74,7 +74,7 @@
          }
        },
        "fluxcd": {
-          "description": "Flux CD",
+          "description": "FluxCD GitOps operator.",
          "type": "object",
          "default": {},
          "required": [
@@ -83,12 +83,12 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable FluxCD",
+              "description": "Enable FluxCD.",
              "type": "boolean",
              "default": false
            },
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -96,7 +96,7 @@
          }
        },
        "gatewayAPI": {
-          "description": "Gateway API",
+          "description": "Gateway API addon.",
          "type": "object",
          "default": {},
          "required": [
@@ -104,14 +104,14 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable the Gateway API",
+              "description": "Enable Gateway API.",
              "type": "boolean",
              "default": false
            }
          }
        },
        "gpuOperator": {
-          "description": "GPU-operator: NVIDIA GPU Operator",
+          "description": "NVIDIA GPU Operator.",
          "type": "object",
          "default": {},
          "required": [
@@ -120,12 +120,12 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable the GPU-operator",
+              "description": "Enable GPU Operator.",
              "type": "boolean",
              "default": false
            },
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -133,7 +133,7 @@
          }
        },
        "ingressNginx": {
-          "description": "Ingress-NGINX Controller",
+          "description": "Ingress-NGINX controller.",
          "type": "object",
          "default": {},
          "required": [
@@ -143,21 +143,17 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).",
+              "description": "Enable the controller (requires nodes labeled `ingress-nginx`).",
              "type": "boolean",
              "default": false
            },
            "exposeMethod": {
-              "description": "Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.",
+              "description": "Method to expose the controller. Allowed values: `Proxied`, `LoadBalancer`.",
              "type": "string",
-              "default": "Proxied",
-              "enum": [
-                "Proxied",
-                "LoadBalancer"
-              ]
+              "default": "Proxied"
            },
            "hosts": {
-              "description": "List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.",
+              "description": "Domains routed to this tenant cluster when `exposeMethod` is `Proxied`.",
              "type": "array",
              "default": [],
              "items": {
@@ -165,7 +161,7 @@
              }
            },
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -173,7 +169,7 @@
          }
        },
        "monitoringAgents": {
-          "description": "MonitoringAgents",
+          "description": "Monitoring agents.",
          "type": "object",
          "default": {},
          "required": [
@@ -182,12 +178,12 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.",
+              "description": "Enable monitoring agents.",
              "type": "boolean",
              "default": false
            },
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -195,7 +191,7 @@
          }
        },
        "velero": {
-          "description": "Velero",
+          "description": "Velero backup/restore addon.",
          "type": "object",
          "default": {},
          "required": [
@@ -204,12 +200,12 @@
          ],
          "properties": {
            "enabled": {
-              "description": "Enable Velero for backup and recovery of a tenant Kubernetes cluster.",
+              "description": "Enable Velero.",
              "type": "boolean",
              "default": false
            },
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -217,7 +213,7 @@
          }
        },
        "verticalPodAutoscaler": {
-          "description": "VerticalPodAutoscaler",
+          "description": "Vertical Pod Autoscaler.",
          "type": "object",
          "default": {},
          "required": [
@@ -225,7 +221,7 @@
          ],
          "properties": {
            "valuesOverride": {
-              "description": "Custom values to override",
+              "description": "Custom Helm values overrides.",
              "type": "object",
              "default": {},
              "x-kubernetes-preserve-unknown-fields": true
@@ -235,7 +231,7 @@
      }
    },
    "controlPlane": {
-      "description": "Control Plane Configuration",
+      "description": "Kubernetes control-plane configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -247,7 +243,7 @@
      ],
      "properties": {
        "apiServer": {
-          "description": "Control plane API server configuration.",
+          "description": "API Server configuration.",
          "type": "object",
          "default": {},
          "required": [
@@ -256,12 +252,12 @@
          ],
          "properties": {
            "resources": {
-              "description": "Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.",
+              "description": "CPU and memory resources for API Server.",
              "type": "object",
              "default": {},
              "properties": {
                "cpu": {
-                  "description": "CPU available to each worker node",
+                  "description": "CPU available.",
                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                  "anyOf": [
                    {
@@ -274,7 +270,7 @@
                  "x-kubernetes-int-or-string": true
                },
                "memory": {
-                  "description": "Memory (RAM) available to each worker node",
+                  "description": "Memory (RAM) available.",
                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                  "anyOf": [
                    {
@@ -289,7 +285,7 @@
              }
            },
            "resourcesPreset": {
-              "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+              "description": "Preset if `resources` omitted.",
              "type": "string",
              "default": "medium",
              "enum": [
@@ -314,12 +310,12 @@
          ],
          "properties": {
            "resources": {
-              "description": "Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.",
+              "description": "CPU and memory resources for Controller Manager.",
              "type": "object",
              "default": {},
              "properties": {
                "cpu": {
-                  "description": "CPU available to each worker node",
+                  "description": "CPU available.",
                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                  "anyOf": [
                    {
@@ -332,7 +328,7 @@
                  "x-kubernetes-int-or-string": true
                },
                "memory": {
-                  "description": "Memory (RAM) available to each worker node",
+                  "description": "Memory (RAM) available.",
                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                  "anyOf": [
                    {
@@ -347,7 +343,7 @@
              }
            },
            "resourcesPreset": {
-              "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+              "description": "Preset if `resources` omitted.",
              "type": "string",
              "default": "micro",
              "enum": [
@@ -371,7 +367,7 @@
          ],
          "properties": {
            "server": {
-              "description": "Konnectivity server configuration.",
+              "description": "Konnectivity Server configuration.",
              "type": "object",
              "default": {},
              "required": [
@@ -380,12 +376,12 @@
              ],
              "properties": {
                "resources": {
-                  "description": "Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.",
+                  "description": "CPU and memory resources for Konnectivity.",
                  "type": "object",
                  "default": {},
                  "properties": {
                    "cpu": {
-                      "description": "CPU available to each worker node",
+                      "description": "CPU available.",
                      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                      "anyOf": [
                        {
@@ -398,7 +394,7 @@
                      "x-kubernetes-int-or-string": true
                    },
                    "memory": {
-                      "description": "Memory (RAM) available to each worker node",
+                      "description": "Memory (RAM) available.",
                      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                      "anyOf": [
                        {
@@ -413,7 +409,7 @@
                  }
                },
                "resourcesPreset": {
-                  "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+                  "description": "Preset if `resources` omitted.",
                  "type": "string",
                  "default": "micro",
                  "enum": [
@@ -431,7 +427,7 @@
          }
        },
        "replicas": {
-          "description": "Number of replicas for Kubernetes control plane components.",
+          "description": "Number of control-plane replicas.",
          "type": "integer",
          "default": 2
        },
@@ -445,12 +441,12 @@
          ],
          "properties": {
            "resources": {
-              "description": "Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.",
+              "description": "CPU and memory resources for Scheduler.",
              "type": "object",
              "default": {},
              "properties": {
                "cpu": {
-                  "description": "CPU available to each worker node",
+                  "description": "CPU available.",
                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                  "anyOf": [
                    {
@@ -463,7 +459,7 @@
                  "x-kubernetes-int-or-string": true
                },
                "memory": {
-                  "description": "Memory (RAM) available to each worker node",
+                  "description": "Memory (RAM) available.",
                  "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                  "anyOf": [
                    {
@@ -478,7 +474,7 @@
              }
            },
            "resourcesPreset": {
-              "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+              "description": "Preset if `resources` omitted.",
              "type": "string",
              "default": "micro",
              "enum": [
@@ -496,11 +492,12 @@
      }
    },
    "host": {
-      "description": "Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.",
-      "type": "string"
+      "description": "External hostname for Kubernetes cluster. Defaults to `<cluster-name>.<tenant-host>` if empty.",
+      "type": "string",
+      "default": ""
    },
    "nodeGroups": {
-      "description": "Worker nodes configuration",
+      "description": "Worker nodes configuration map.",
      "type": "object",
      "default": {
        "md0": {
@@ -526,7 +523,7 @@
        ],
        "properties": {
          "ephemeralStorage": {
-            "description": "Ephemeral storage size",
+            "description": "Ephemeral storage size.",
            "default": "20Gi",
            "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
            "anyOf": [
@@ -540,9 +537,8 @@
            "x-kubernetes-int-or-string": true
          },
          "gpus": {
-            "description": "List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)",
+            "description": "List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).",
            "type": "array",
-            "default": [],
            "items": {
              "type": "object",
              "required": [
@@ -550,34 +546,33 @@
              ],
              "properties": {
                "name": {
-                  "description": "Name of GPU, such as \"nvidia.com/AD102GL_L40S\"",
+                  "description": "Name of GPU, such as \"nvidia.com/AD102GL_L40S\".",
                  "type": "string"
                }
              }
            }
          },
          "instanceType": {
-            "description": "Virtual machine instance type",
+            "description": "Virtual machine instance type.",
            "type": "string",
            "default": "u1.medium"
          },
          "maxReplicas": {
-            "description": "Maximum amount of replicas",
+            "description": "Maximum number of replicas.",
            "type": "integer",
            "default": 10
          },
          "minReplicas": {
-            "description": "Minimum amount of replicas",
+            "description": "Minimum number of replicas.",
            "type": "integer",
            "default": 0
          },
          "resources": {
-            "description": "Resources available to each worker node",
+            "description": "CPU and memory resources for each worker node.",
            "type": "object",
-            "default": {},
            "properties": {
              "cpu": {
-                "description": "CPU available to each worker node",
+                "description": "CPU available.",
                "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                "anyOf": [
                  {
@@ -590,7 +585,7 @@
                "x-kubernetes-int-or-string": true
              },
              "memory": {
-                "description": "Memory (RAM) available to each worker node",
+                "description": "Memory (RAM) available.",
                "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
                "anyOf": [
                  {
@@ -605,7 +600,7 @@
            }
          },
          "roles": {
-            "description": "List of node's roles",
+            "description": "List of node roles.",
            "type": "array",
            "items": {
              "type": "string"
@@ -615,12 +610,12 @@
      }
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
+      "description": "StorageClass used to store the data.",
      "type": "string",
      "default": "replicated"
    },
    "version": {
-      "description": "Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.",
+      "description": "Kubernetes version (vMAJOR.MINOR). Supported: 1.28–1.33.",
      "type": "string",
      "default": "v1.33",
      "enum": [
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -1,27 +1,40 @@
+##
 ## @section Common Parameters
+##

-## @param storageClass {string} StorageClass used to store the data
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: replicated

-## @section Application-specific parameters
-## @param version {string} Kubernetes version given as vMAJOR.MINOR. Available are versions from 1.28 to 1.33.
-version: "v1.33"
-## @param host {string} Hostname used to access the Kubernetes cluster externally. Defaults to `<cluster-name>.<tenant-host>` when empty.
-host: ""
-
-## @param nodeGroups {map[string]nodeGroup} Worker nodes configuration
-## @field nodeGroup {nodeGroup} Node configuration
-## @field nodeGroup.minReplicas {int default=0} Minimum amount of replicas
-## @field nodeGroup.maxReplicas {int default=10} Maximum amount of replicas
-## @field nodeGroup.instanceType {string default="u1.medium"} Virtual machine instance type
-## @field nodeGroup.ephemeralStorage {quantity default="20Gi"} Ephemeral storage size
-## @field nodeGroup.roles {[]string default=[]} List of node's roles
-## @field nodeGroup.resources {resources default={}} Resources available to each worker node
-## @field resources.cpu {*quantity} CPU available to each worker node
-## @field resources.memory {*quantity} Memory (RAM) available to each worker node
-## @field nodeGroup.gpus {[]gpu default={}} List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
-## @field gpu.name {string} Name of GPU, such as "nvidia.com/AD102GL_L40S"
 ##
+## @section Application-specific Parameters
+##
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for a node or component.
+## @field {quantity} [cpu] - CPU available.
+## @field {quantity} [memory] - Memory (RAM) available.
+
+## @typedef {struct} GPU - GPU configuration.
+## @field {string} name - Name of GPU, such as "nvidia.com/AD102GL_L40S".
+
+## @typedef {struct} NodeGroup - Worker node group configuration.
+## @field {int} minReplicas=0 - Minimum number of replicas.
+## @field {int} maxReplicas=10 - Maximum number of replicas.
+## @field {string} instanceType="u1.medium" - Virtual machine instance type.
+## @field {quantity} ephemeralStorage="20Gi" - Ephemeral storage size.
+## @field {[]string} roles - List of node roles.
+## @field {Resources} resources - CPU and memory resources for each worker node.
+## @field {[]GPU} gpus - List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).
+
+## @param {map[string]NodeGroup} nodeGroups - Worker nodes configuration map.
 nodeGroups:
  md0:
    minReplicas: 0
@@ -31,141 +44,142 @@ nodeGroups:
    roles:
    - ingress-nginx
    resources: {}
-    ## List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
-    ## e.g:
-    ## instanceType: "u1.xlarge"
-    ## gpus:
-    ## - name: nvidia.com/AD102GL_L40S
    gpus: []

+## @param {string} version - Kubernetes version (vMAJOR.MINOR). Supported: 1.28–1.33.
+version: "v1.33"

+## @param {string} host - External hostname for Kubernetes cluster. Defaults to `<cluster-name>.<tenant-host>` if empty.
+host: ""
+
+##
 ## @section Cluster Addons
 ##
-## @param addons {addons} Cluster addons configuration
+
+## @typedef {struct} CertManagerAddon - cert-manager addon.
+## @field {bool} enabled - Enable cert-manager.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} CiliumAddon - Cilium CNI plugin.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} GatewayAPIAddon - Gateway API addon.
+## @field {bool} enabled - Enable Gateway API.
+
+## @typedef {struct} IngressNginxAddon - Ingress-NGINX controller.
+## @field {bool} enabled - Enable the controller (requires nodes labeled `ingress-nginx`).
+## @field {string} exposeMethod - Method to expose the controller. Allowed values: `Proxied`, `LoadBalancer`.
+## @field {[]string} hosts - Domains routed to this tenant cluster when `exposeMethod` is `Proxied`.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} GPUOperatorAddon - NVIDIA GPU Operator.
+## @field {bool} enabled - Enable GPU Operator.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} FluxCDAddon - FluxCD GitOps operator.
+## @field {bool} enabled - Enable FluxCD.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} MonitoringAgentsAddon - Monitoring agents (Fluent Bit, VMAgents).
+## @field {bool} enabled - Enable monitoring agents.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} VerticalPodAutoscalerAddon - Vertical Pod Autoscaler.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} VeleroAddon - Velero backup and recovery addon.
+## @field {bool} enabled - Enable Velero.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} CoreDNSAddon - CoreDNS addon.
+## @field {object} valuesOverride - Custom Helm values overrides.
+
+## @typedef {struct} Addons - Cluster addons configuration.
+## @field {CertManagerAddon} certManager - Cert-manager addon.
+## @field {CiliumAddon} cilium - Cilium CNI plugin.
+## @field {GatewayAPIAddon} gatewayAPI - Gateway API addon.
+## @field {IngressNginxAddon} ingressNginx - Ingress-NGINX controller.
+## @field {GPUOperatorAddon} gpuOperator - NVIDIA GPU Operator.
+## @field {FluxCDAddon} fluxcd - FluxCD GitOps operator.
+## @field {MonitoringAgentsAddon} monitoringAgents - Monitoring agents.
+## @field {VerticalPodAutoscalerAddon} verticalPodAutoscaler - Vertical Pod Autoscaler.
+## @field {VeleroAddon} velero - Velero backup/restore addon.
+## @field {CoreDNSAddon} coredns - CoreDNS addon.
+
+## @param {Addons} addons - Cluster addons configuration.
 addons:
-  ## @field addons.certManager {certManager} Cert-manager: automatically creates and manages SSL/TLS certificate
-  ##
  certManager:
-    ## @field certManager.enabled {bool} Enable cert-manager, which automatically creates and manages SSL/TLS certificates.
    enabled: false
-    ## @field certManager.valuesOverride {object} Custom values to override
    valuesOverride: {}
-
-  ## @field addons.cilium {cilium} Cilium CNI plugin
-  ##
  cilium:
-    ## @field cilium.valuesOverride {object} Custom values to override
    valuesOverride: {}
-
-  ## @field addons.gatewayAPI {gatewayAPI} Gateway API
-  ##
  gatewayAPI:
-    ## @field gatewayAPI.enabled {bool} Enable the Gateway API
    enabled: false
-
-  ## @field addons.ingressNginx {ingressNginx} Ingress-NGINX Controller
-  ##
  ingressNginx:
-    ## @field ingressNginx.enabled {bool} Enable the Ingress-NGINX controller (requires nodes labeled with the 'ingress-nginx' role).
    enabled: false
-    ## @field ingressNginx.exposeMethod {string enum:"Proxied,LoadBalancer"} Method to expose the Ingress-NGINX controller. Allowed values: `Proxied`, `LoadBalancer`.
    exposeMethod: Proxied
-    ## @field ingressNginx.hosts {[]string} List of domain names that the parent cluster should route to this tenant cluster. Taken into account only when `exposeMethod` is set to `Proxied`.
-    ## e.g:
-    ## hosts:
-    ## - example.org
-    ## - foo.example.net
-    ##
    hosts: []
-    ## @field ingressNginx.valuesOverride {object} Custom values to override
    valuesOverride: {}
-
-  ## @field addons.gpuOperator {gpuOperator} GPU-operator: NVIDIA GPU Operator
-  ##
  gpuOperator:
-    ## @field gpuOperator.enabled {bool} Enable the GPU-operator
-    ## @field gpuOperator.valuesOverride {object} Custom values to override
    enabled: false
    valuesOverride: {}
-
-  ## @field addons.fluxcd {fluxcd} Flux CD
-  ##
  fluxcd:
-    ## @field fluxcd.enabled {bool} Enable FluxCD
-    ## @field fluxcd.valuesOverride {object} Custom values to override
-    ##
    enabled: false
    valuesOverride: {}
-
-  ## @field addons.monitoringAgents {monitoringAgents} MonitoringAgents
-  ##
  monitoringAgents:
-    ## @field monitoringAgents.enabled {bool} Enable monitoring agents (Fluent Bit and VMAgents) to send logs and metrics. If tenant monitoring is enabled, data is sent to tenant storage; otherwise, it goes to root storage.
-    ## @field monitoringAgents.valuesOverride {object} Custom values to override
-    ##
    enabled: false
    valuesOverride: {}
-
-  ## @field addons.verticalPodAutoscaler {verticalPodAutoscaler} VerticalPodAutoscaler
-  ##
  verticalPodAutoscaler:
-    ## @field verticalPodAutoscaler.valuesOverride {object} Custom values to override
-    ##
    valuesOverride: {}
-
-  ## @field addons.velero {velero} Velero
-  ##
  velero:
-    ## @field velero.enabled {bool} Enable Velero for backup and recovery of a tenant Kubernetes cluster.
-    ## @field velero.valuesOverride {object} Custom values to override
-    ##
    enabled: false
    valuesOverride: {}
-
-  ## @field addons.coredns {coredns} Coredns
-  ##
  coredns:
-    ## @field coredns.valuesOverride {object} Custom values to override
-    ##
    valuesOverride: {}

+##
 ## @section Kubernetes Control Plane Configuration
 ##
-## @param controlPlane {controlPlane} Control Plane Configuration
+
+## @typedef {struct} APIServer - API Server configuration.
+## @field {Resources} resources - CPU and memory resources for API Server.
+## @field {ResourcesPreset} resourcesPreset="medium" - Preset if `resources` omitted.
+
+## @typedef {struct} ControllerManager - Controller Manager configuration.
+## @field {Resources} resources - CPU and memory resources for Controller Manager.
+## @field {ResourcesPreset} resourcesPreset="micro" - Preset if `resources` omitted.
+
+## @typedef {struct} Scheduler - Scheduler configuration.
+## @field {Resources} resources - CPU and memory resources for Scheduler.
+## @field {ResourcesPreset} resourcesPreset="micro" - Preset if `resources` omitted.
+
+## @typedef {struct} KonnectivityServer - Konnectivity Server configuration.
+## @field {Resources} resources - CPU and memory resources for Konnectivity.
+## @field {ResourcesPreset} resourcesPreset="micro" - Preset if `resources` omitted.
+
+## @typedef {struct} Konnectivity - Konnectivity configuration.
+## @field {KonnectivityServer} server - Konnectivity Server configuration.
+
+## @typedef {struct} ControlPlane - Kubernetes control plane configuration.
+## @field {int} replicas=2 - Number of control-plane replicas.
+## @field {APIServer} apiServer - API Server configuration.
+## @field {ControllerManager} controllerManager - Controller Manager configuration.
+## @field {Scheduler} scheduler - Scheduler configuration.
+## @field {Konnectivity} konnectivity - Konnectivity configuration.
+
+## @param {ControlPlane} controlPlane - Kubernetes control-plane configuration.
 controlPlane:
-  ## @field controlPlane.replicas {int} Number of replicas for Kubernetes control plane components.
  replicas: 2
-  ## @field controlPlane.apiServer {apiServer} Control plane API server configuration.
  apiServer:
-    ## @field apiServer.resources {resources} Explicit CPU and memory configuration for the API Server. When left empty, the preset defined in `resourcesPreset` is applied.
-    ## e.g:
-    ## resources:
-    ##   cpu: 4000m
-    ##   memory: 4Gi
-    ##
    resources: {}
-    ## @field apiServer.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
    resourcesPreset: "medium"
-
-  ## @field controlPlane.controllerManager {controllerManager} Controller Manager configuration.
  controllerManager:
-    ## @field controllerManager.resources {resources} Explicit CPU and memory configuration for the Controller Manager. When left empty, the preset defined in `resourcesPreset` is applied.
-    ## @field controllerManager.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-    resourcesPreset: "micro"
    resources: {}
-
-  ## @field controlPlane.scheduler {scheduler} Scheduler configuration.
+    resourcesPreset: "micro"
  scheduler:
-    ## @field scheduler.resources {resources} Explicit CPU and memory configuration for the Scheduler. When left empty, the preset defined in `resourcesPreset` is applied.
-    ## @field scheduler.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-    resourcesPreset: "micro"
    resources: {}
-
-  ## @field controlPlane.konnectivity {konnectivity} Konnectivity configuration.
+    resourcesPreset: "micro"
  konnectivity:
-    ## @field konnectivity.server {konnectivityServer} Konnectivity server configuration.
    server:
-      ## @field konnectivityServer.resources {resources} Explicit CPU and memory configuration for Konnectivity. When left empty, the preset defined in `resourcesPreset` is applied.
-      ## @field konnectivityServer.resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
-      resourcesPreset: "micro"
      resources: {}
+      resourcesPreset: "micro"
--- a/packages/apps/mysql/README.md
+++ b/packages/apps/mysql/README.md
@@ -69,44 +69,44 @@ more details:

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of MariaDB replicas                                                                                                                | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.      | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
-| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                       | Type       | Value   |
+| ------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `replicas`         | Number of MariaDB replicas.                                                                                                       | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each MariaDB replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                    | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                           | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                           | `string`   | `nano`  |
+| `size`             | Persistent Volume Claim size available for application data.                                                                      | `quantity` | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data.                                                                                              | `string`   | `""`    |
+| `external`         | Enable external access from outside the cluster.                                                                                  | `bool`     | `false` |


 ### Application-specific parameters

-| Name                             | Description                             | Type                | Value   |
-| -------------------------------- | --------------------------------------- | ------------------- | ------- |
-| `users`                          | Users configuration                     | `map[string]object` | `{...}` |
-| `users[name].password`           | Password for the user                   | `string`            | `""`    |
-| `users[name].maxUserConnections` | Maximum amount of connections           | `int`               | `0`     |
-| `databases`                      | Databases configuration                 | `map[string]object` | `{...}` |
-| `databases[name].roles`          | Roles for the database                  | `*object`           | `null`  |
-| `databases[name].roles.admin`    | List of users with admin privileges     | `[]string`          | `[]`    |
-| `databases[name].roles.readonly` | List of users with read-only privileges | `[]string`          | `[]`    |
+| Name                             | Description                              | Type                | Value |
+| -------------------------------- | ---------------------------------------- | ------------------- | ----- |
+| `users`                          | Users configuration map.                 | `map[string]object` | `{}`  |
+| `users[name].password`           | Password for the user.                   | `string`            | `""`  |
+| `users[name].maxUserConnections` | Maximum number of connections.           | `int`               | `0`   |
+| `databases`                      | Databases configuration map.             | `map[string]object` | `{}`  |
+| `databases[name].roles`          | Roles assigned to users.                 | `object`            | `{}`  |
+| `databases[name].roles.admin`    | List of users with admin privileges.     | `[]string`          | `[]`  |
+| `databases[name].roles.readonly` | List of users with read-only privileges. | `[]string`          | `[]`  |


 ### Backup parameters

-| Name                     | Description                                    | Type     | Value                                                  |
-| ------------------------ | ---------------------------------------------- | -------- | ------------------------------------------------------ |
-| `backup`                 | Backup configuration                           | `object` | `{}`                                                   |
-| `backup.enabled`         | Enable regular backups, default is `false`.    | `bool`   | `false`                                                |
-| `backup.s3Region`        | AWS S3 region where backups are stored         | `string` | `us-east-1`                                            |
-| `backup.s3Bucket`        | S3 bucket used for storing backups             | `string` | `s3.example.org/mysql-backups`                         |
-| `backup.schedule`        | Cron schedule for automated backups            | `string` | `0 2 * * *`                                            |
-| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups | `string` | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication     | `string` | `<your-access-key>`                                    |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication     | `string` | `<your-secret-key>`                                    |
-| `backup.resticPassword`  | Password for Restic backup encryption          | `string` | `<password>`                                           |
+| Name                     | Description                                     | Type     | Value                                                  |
+| ------------------------ | ----------------------------------------------- | -------- | ------------------------------------------------------ |
+| `backup`                 | Backup configuration.                           | `object` | `{}`                                                   |
+| `backup.enabled`         | Enable regular backups (default: false).        | `bool`   | `false`                                                |
+| `backup.s3Region`        | AWS S3 region where backups are stored.         | `string` | `us-east-1`                                            |
+| `backup.s3Bucket`        | S3 bucket used for storing backups.             | `string` | `s3.example.org/mysql-backups`                         |
+| `backup.schedule`        | Cron schedule for automated backups.            | `string` | `0 2 * * *`                                            |
+| `backup.cleanupStrategy` | Retention strategy for cleaning up old backups. | `string` | `--keep-last=3 --keep-daily=3 --keep-within-weekly=1m` |
+| `backup.s3AccessKey`     | Access key for S3 authentication.               | `string` | `<your-access-key>`                                    |
+| `backup.s3SecretKey`     | Secret key for S3 authentication.               | `string` | `<your-secret-key>`                                    |
+| `backup.resticPassword`  | Password for Restic backup encryption.          | `string` | `<password>`                                           |


 ## Parameter examples and reference
--- a/packages/apps/mysql/templates/hooks/cleanup-pvc.yaml
+++ b/packages/apps/mysql/templates/hooks/cleanup-pvc.yaml
@@ -0,0 +1,74 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-cleanup
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-weight": "10"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        policy.cozystack.io/allow-to-apiserver: "true"
+    spec:
+      serviceAccountName: {{ .Release.Name }}-cleanup
+      restartPolicy: Never
+      containers:
+        - name: cleanup
+          image: docker.io/clastix/kubectl:v1.32
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Deleting orphaned PVCs for {{ .Release.Name }}..."
+              kubectl delete pvc -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} || true
+              echo "PVC cleanup complete."
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}-cleanup
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": post-delete
+    helm.sh/hook-weight: "0"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-cleanup
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-weight": "5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-cleanup
+  labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": post-delete
+    helm.sh/hook-weight: "5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Release.Name }}-cleanup
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}-cleanup
--- a/packages/apps/mysql/templates/workloadmonitor.yaml
+++ b/packages/apps/mysql/templates/workloadmonitor.yaml
@@ -1,13 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: mysql
-  type: mysql
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/mysql/values.schema.json
+++ b/packages/apps/mysql/values.schema.json
@@ -3,7 +3,7 @@
  "type": "object",
  "properties": {
    "backup": {
-      "description": "Backup configuration",
+      "description": "Backup configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -18,67 +18,67 @@
      ],
      "properties": {
        "cleanupStrategy": {
-          "description": "Retention strategy for cleaning up old backups",
+          "description": "Retention strategy for cleaning up old backups.",
          "type": "string",
          "default": "--keep-last=3 --keep-daily=3 --keep-within-weekly=1m"
        },
        "enabled": {
-          "description": "Enable regular backups, default is `false`.",
+          "description": "Enable regular backups (default: false).",
          "type": "boolean",
          "default": false
        },
        "resticPassword": {
-          "description": "Password for Restic backup encryption",
+          "description": "Password for Restic backup encryption.",
          "type": "string",
          "default": "\u003cpassword\u003e"
        },
        "s3AccessKey": {
-          "description": "Access key for S3, used for authentication",
+          "description": "Access key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-access-key\u003e"
        },
        "s3Bucket": {
-          "description": "S3 bucket used for storing backups",
+          "description": "S3 bucket used for storing backups.",
          "type": "string",
          "default": "s3.example.org/mysql-backups"
        },
        "s3Region": {
-          "description": "AWS S3 region where backups are stored",
+          "description": "AWS S3 region where backups are stored.",
          "type": "string",
          "default": "us-east-1"
        },
        "s3SecretKey": {
-          "description": "Secret key for S3, used for authentication",
+          "description": "Secret key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-secret-key\u003e"
        },
        "schedule": {
-          "description": "Cron schedule for automated backups",
+          "description": "Cron schedule for automated backups.",
          "type": "string",
          "default": "0 2 * * *"
        }
      }
    },
    "databases": {
-      "description": "Databases configuration",
+      "description": "Databases configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "roles": {
-            "description": "Roles for the database",
+            "description": "Roles assigned to users.",
            "type": "object",
            "properties": {
              "admin": {
-                "description": "List of users with admin privileges",
+                "description": "List of users with admin privileges.",
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "readonly": {
-                "description": "List of users with read-only privileges",
+                "description": "List of users with read-only privileges.",
                "type": "array",
                "items": {
                  "type": "string"
@@ -90,22 +90,22 @@
      }
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "replicas": {
-      "description": "Number of MariaDB replicas",
+      "description": "Number of MariaDB replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each MariaDB replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -118,7 +118,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -133,7 +133,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "nano",
      "enum": [
@@ -147,7 +147,7 @@
      ]
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "10Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -161,11 +161,12 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
@@ -176,11 +177,11 @@
        ],
        "properties": {
          "maxUserConnections": {
-            "description": "Maximum amount of connections",
+            "description": "Maximum number of connections.",
            "type": "integer"
          },
          "password": {
-            "description": "Password for the user",
+            "description": "Password for the user.",
            "type": "string"
          }
        }
--- a/packages/apps/mysql/values.yaml
+++ b/packages/apps/mysql/values.yaml
@@ -1,28 +1,48 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of MariaDB replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each MariaDB replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of MariaDB replicas.
 replicas: 2
-## @param resources {*resources} Explicit CPU and memory configuration for each MariaDB replica. When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each MariaDB replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+
+## @param {ResourcesPreset} resourcesPreset="nano" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "nano"
-## @param size {quantity} Persistent Volume Claim size, available for application data
+
+## @param {quantity} size - Persistent Volume Claim size available for application data.
 size: 10Gi
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

+##
 ## @section Application-specific parameters
 ##
-## @param users {map[string]user} Users configuration
-## @field user.password {string} Password for the user
-## @field user.maxUserConnections {int} Maximum amount of connections
+
+## @typedef {struct} User - User configuration.
+## @field {string} password - Password for the user.
+## @field {int} maxUserConnections - Maximum number of connections.
+
+## @param {map[string]User} users - Users configuration map.
+users: {}
 ## Example:
 ## users:
 ##   user1:
@@ -31,15 +51,16 @@ external: false
 ##   user2:
 ##     maxUserConnections: 1000
 ##     password: hackme
-##
-users: {}

+## @typedef {struct} DatabaseRoles - Role assignments for a database.
+## @field {[]string} [admin] - List of users with admin privileges.
+## @field {[]string} [readonly] - List of users with read-only privileges.

-## @param databases {map[string]database} Databases configuration
-## @field database.roles {*databaseRoles} Roles for the database
-## @field databaseRoles.admin {[]string} List of users with admin privileges
-## @field databaseRoles.readonly {[]string} List of users with read-only privileges
-##
+## @typedef {struct} Database - Database configuration.
+## @field {DatabaseRoles} [roles] - Roles assigned to users.
+
+## @param {map[string]Database} databases - Databases configuration map.
+databases: {}
 ## Example:
 ## databases:
 ##   myapp1:
@@ -48,19 +69,22 @@ users: {}
 ##       - user1
 ##       readonly:
 ##       - user2
-databases: {}

+##
 ## @section Backup parameters
 ##
-## @param backup {backup} Backup configuration
-## @field backup.enabled {bool} Enable regular backups, default is `false`.
-## @field backup.s3Region {string} AWS S3 region where backups are stored
-## @field backup.s3Bucket {string} S3 bucket used for storing backups
-## @field backup.schedule {string} Cron schedule for automated backups
-## @field backup.cleanupStrategy {string} Retention strategy for cleaning up old backups
-## @field backup.s3AccessKey {string} Access key for S3, used for authentication
-## @field backup.s3SecretKey {string} Secret key for S3, used for authentication
-## @field backup.resticPassword {string} Password for Restic backup encryption
+
+## @typedef {struct} Backup - Backup configuration.
+## @field {bool} enabled - Enable regular backups (default: false).
+## @field {string} s3Region - AWS S3 region where backups are stored.
+## @field {string} s3Bucket - S3 bucket used for storing backups.
+## @field {string} schedule - Cron schedule for automated backups.
+## @field {string} cleanupStrategy - Retention strategy for cleaning up old backups.
+## @field {string} s3AccessKey - Access key for S3 authentication.
+## @field {string} s3SecretKey - Secret key for S3 authentication.
+## @field {string} resticPassword - Password for Restic backup encryption.
+
+## @param {Backup} backup - Backup configuration.
 backup:
  enabled: false
  s3Region: us-east-1
@@ -70,4 +94,3 @@ backup:
  s3AccessKey: "<your-access-key>"
  s3SecretKey: "<your-secret-key>"
  resticPassword: "<password>"
-
--- a/packages/apps/nats/README.md
+++ b/packages/apps/nats/README.md
@@ -7,29 +7,29 @@ It provides a data layer for cloud native applications, IoT messaging, and micro

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of replicas                                                                                                                        | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.         | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                    | Type       | Value   |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------ | ---------- | ------- |
+| `replicas`         | Number of replicas.                                                                                                            | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each NATS replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                 | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                        | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                        | `string`   | `nano`  |
+| `storageClass`     | StorageClass used to store the data.                                                                                           | `string`   | `""`    |
+| `external`         | Enable external access from outside the cluster.                                                                               | `bool`     | `false` |


 ### Application-specific parameters

-| Name                   | Description                                                                                                    | Type                | Value   |
-| ---------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------- | ------- |
-| `users`                | Users configuration                                                                                            | `map[string]object` | `{...}` |
-| `users[name].password` | Password for the user                                                                                          | `*string`           | `null`  |
-| `jetstream`            | Jetstream configuration                                                                                        | `object`            | `{}`    |
-| `jetstream.enabled`    | Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.     | `bool`              | `true`  |
-| `jetstream.size`       | Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store). | `quantity`          | `10Gi`  |
-| `config`               | NATS configuration                                                                                             | `object`            | `{}`    |
-| `config.merge`         | Additional configuration to merge into NATS config (see example)                                               | `*object`           | `{}`    |
-| `config.resolver`      | Additional resolver configuration to merge into NATS config (see example)                                      | `*object`           | `{}`    |
+| Name                   | Description                                                   | Type                | Value  |
+| ---------------------- | ------------------------------------------------------------- | ------------------- | ------ |
+| `users`                | Users configuration map.                                      | `map[string]object` | `{}`   |
+| `users[name].password` | Password for the user.                                        | `string`            | `""`   |
+| `jetstream`            | Jetstream configuration.                                      | `object`            | `{}`   |
+| `jetstream.enabled`    | Enable or disable Jetstream for persistent messaging in NATS. | `bool`              | `true` |
+| `jetstream.size`       | Jetstream persistent storage size.                            | `quantity`          | `10Gi` |
+| `config`               | NATS configuration.                                           | `object`            | `{}`   |
+| `config.merge`         | Additional configuration to merge into NATS config.           | `*object`           | `{}`   |
+| `config.resolver`      | Additional resolver configuration to merge into NATS config.  | `*object`           | `{}`   |


 ## Parameter examples and reference
--- a/packages/apps/nats/templates/nats.yaml
+++ b/packages/apps/nats/templates/nats.yaml
@@ -47,18 +47,14 @@ spec:
      retries: -1
  values:
    nats:
-      podTemplate:
+      container:
        merge:
-          spec:
-            containers:
-              - name: nats
-                image: nats:2.10.17-alpine
-                resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 22 }}
+          resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 12 }}
      fullnameOverride: {{ .Release.Name }}
      config:
-        {{- if or (gt (len $passwords) 0) (gt (len .Values.config.merge) 0) }}
+        {{- if or $passwords .Values.config.merge }}
        merge:
-          {{- if gt (len $passwords) 0 }}
+          {{- if $passwords }}
          accounts:
            A:
              users:
@@ -67,13 +63,13 @@ spec:
                  password: "{{ $password }}"
                {{- end }}
          {{- end }}
-          {{- if and .Values.config (hasKey .Values.config "merge") }}
-          {{ toYaml .Values.config.merge | nindent 12 }}
+          {{- with .Values.config.merge }}
+          {{- toYaml . | nindent 10 }}
          {{- end }}
        {{- end }}
-        {{- if and .Values.config (hasKey .Values.config "resolver") }}
+        {{- with .Values.config.resolver }}
        resolver:
-          {{ toYaml .Values.config.resolver | nindent 12 }}
+          {{- toYaml . | nindent 10 }}
        {{- end }}
        cluster:
          enabled: true
--- a/packages/apps/nats/templates/workloadmonitor.yaml
+++ b/packages/apps/nats/templates/workloadmonitor.yaml
@@ -1,13 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: nats
-  type: nats
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}-system
-  version: {{ $.Chart.Version }}
--- a/packages/apps/nats/values.schema.json
+++ b/packages/apps/nats/values.schema.json
@@ -3,18 +3,18 @@
  "type": "object",
  "properties": {
    "config": {
-      "description": "NATS configuration",
+      "description": "NATS configuration.",
      "type": "object",
      "default": {},
      "properties": {
        "merge": {
-          "description": "Additional configuration to merge into NATS config (see example)",
+          "description": "Additional configuration to merge into NATS config.",
          "type": "object",
          "default": {},
          "x-kubernetes-preserve-unknown-fields": true
        },
        "resolver": {
-          "description": "Additional resolver configuration to merge into NATS config (see example)",
+          "description": "Additional resolver configuration to merge into NATS config.",
          "type": "object",
          "default": {},
          "x-kubernetes-preserve-unknown-fields": true
@@ -22,12 +22,12 @@
      }
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "jetstream": {
-      "description": "Jetstream configuration",
+      "description": "Jetstream configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -36,12 +36,12 @@
      ],
      "properties": {
        "enabled": {
-          "description": "Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.",
+          "description": "Enable or disable Jetstream for persistent messaging in NATS.",
          "type": "boolean",
          "default": true
        },
        "size": {
-          "description": "Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store).",
+          "description": "Jetstream persistent storage size.",
          "default": "10Gi",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
@@ -57,17 +57,17 @@
      }
    },
    "replicas": {
-      "description": "Number of replicas",
+      "description": "Number of replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each NATS replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -80,7 +80,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -95,7 +95,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "nano",
      "enum": [
@@ -109,18 +109,19 @@
      ]
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "password": {
-            "description": "Password for the user",
+            "description": "Password for the user.",
            "type": "string"
          }
        }
--- a/packages/apps/nats/values.yaml
+++ b/packages/apps/nats/values.yaml
@@ -1,75 +1,64 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each NATS replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of replicas.
 replicas: 2
-## @param resources {*resources} Explicit CPU and memory configuration for each NATS replica. When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each NATS replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+
+## @param {ResourcesPreset} resourcesPreset="nano" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "nano"
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

+##
 ## @section Application-specific parameters
 ##
-## @param users {map[string]user} Users configuration
-## @field user.password {*string} Password for the user
+
+## @typedef {struct} User - User configuration.
+## @field {string} [password] - Password for the user.
+
+## @param {map[string]User} users - Users configuration map.
+users: {}
 ## Example:
 ## users:
 ##   user1:
 ##     password: strongpassword
 ##   user2: {}
-users: {}

-## @param jetstream {jetstream} Jetstream configuration
+## @typedef {struct} Jetstream - Jetstream configuration.
+## @field {bool} enabled=true - Enable or disable Jetstream for persistent messaging in NATS.
+## @field {quantity} size - Jetstream persistent storage size.
+
+## @param {Jetstream} jetstream - Jetstream configuration.
 jetstream:
-  ## @field jetstream.enabled {bool} Enable or disable Jetstream. Set to `true` (default) to enable Jetstream for persistent messaging in NATS.
-  ##
-  ## Default: true
  enabled: true
-  ## @field jetstream.size {quantity} Jetstream persistent storage size. Specifies the size of the persistent storage for Jetstream (message store).
-  ##
  size: 10Gi

-## @param config {config} NATS configuration
-config:
-  ## @field config.merge {*object} Additional configuration to merge into NATS config (see example)
-  ## Allows you to customize NATS server settings by merging additional configurations.
-  ## For example, you can add extra parameters, configure authentication, or set custom settings.
-  ## Default: {}
-  ## example:
-  ##
-  ##   merge:
-  ##     $include: ./my-config.conf
-  ##     zzz$include: ./my-config-last.conf
-  ##     server_name: nats
-  ##     authorization:
-  ##       token: << $TOKEN >>
-  ##     jetstream:
-  ##       max_memory_store: << 1GB >>
-  ##
-  ## will yield the config:
-  ## {
-  ##   include ./my-config.conf;
-  ##   "authorization": {
-  ##     "token": $TOKEN
-  ##   },
-  ##   "jetstream": {
-  ##     "max_memory_store": 1GB
-  ##   },
-  ##   "server_name": "nats",
-  ##   include ./my-config-last.conf;
-  ## }
-  merge: {}
-  ## @field config.resolver {*object} Additional resolver configuration to merge into NATS config (see example)
-  ## Allows you to customize NATS server settings by merging resolver configurations.
-  ## Default: {}
-  ## Example: https://github.com/nats-io/k8s/blob/94414664c254b0bbac3a07fc9693f6c4f8f88709/helm/charts/nats/values.yaml#L248-L270
-  resolver: {}
+## @typedef {struct} Config - NATS configuration.
+## @field {*object} [merge] - Additional configuration to merge into NATS config.
+## @field {*object} [resolver] - Additional resolver configuration to merge into NATS config.

+## @param {Config} config - NATS configuration.
+config:
+  merge: {}
+  resolver: {}
--- a/packages/apps/postgres/README.md
+++ b/packages/apps/postgres/README.md
@@ -66,60 +66,78 @@ See:

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of Postgres replicas                                                                                                               | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.   | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `micro` |
-| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                          | Type       | Value   |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ---------- | ------- |
+| `replicas`         | Number of Postgres replicas.                                                                                                         | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each PostgreSQL replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                       | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                              | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                              | `string`   | `micro` |
+| `size`             | Persistent Volume Claim size available for application data.                                                                         | `quantity` | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data.                                                                                                 | `string`   | `""`    |
+| `external`         | Enable external access from outside the cluster.                                                                                     | `bool`     | `false` |


 ### Application-specific parameters

-| Name                                    | Description                                                                                                              | Type                | Value   |
-| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------- | ------- |
-| `postgresql`                            | PostgreSQL server configuration                                                                                          | `object`            | `{}`    |
-| `postgresql.parameters`                 | PostgreSQL server parameters                                                                                             | `object`            | `{}`    |
-| `postgresql.parameters.max_connections` | Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections | `int`               | `100`   |
-| `quorum`                                | Quorum configuration for synchronous replication                                                                         | `object`            | `{}`    |
-| `quorum.minSyncReplicas`                | Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.            | `int`               | `0`     |
-| `quorum.maxSyncReplicas`                | Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).  | `int`               | `0`     |
-| `users`                                 | Users configuration                                                                                                      | `map[string]object` | `{...}` |
-| `users[name].password`                  | Password for the user                                                                                                    | `*string`           | `null`  |
-| `users[name].replication`               | Whether the user has replication privileges                                                                              | `*bool`             | `null`  |
-| `databases`                             | Databases configuration                                                                                                  | `map[string]object` | `{...}` |
-| `databases[name].roles`                 | Roles for the database                                                                                                   | `*object`           | `null`  |
-| `databases[name].roles.admin`           | List of users with admin privileges                                                                                      | `[]string`          | `[]`    |
-| `databases[name].roles.readonly`        | List of users with read-only privileges                                                                                  | `[]string`          | `[]`    |
-| `databases[name].extensions`            | Extensions enabled for the database                                                                                      | `[]string`          | `[]`    |
+| Name                                    | Description                                                      | Type     | Value |
+| --------------------------------------- | ---------------------------------------------------------------- | -------- | ----- |
+| `postgresql`                            | PostgreSQL server configuration.                                 | `object` | `{}`  |
+| `postgresql.parameters`                 | PostgreSQL server parameters.                                    | `object` | `{}`  |
+| `postgresql.parameters.max_connections` | Maximum number of concurrent connections to the database server. | `int`    | `100` |
+
+
+### Quorum-based synchronous replication
+
+| Name                     | Description                                                                        | Type     | Value |
+| ------------------------ | ---------------------------------------------------------------------------------- | -------- | ----- |
+| `quorum`                 | Quorum configuration for synchronous replication.                                  | `object` | `{}`  |
+| `quorum.minSyncReplicas` | Minimum number of synchronous replicas required for commit.                        | `int`    | `0`   |
+| `quorum.maxSyncReplicas` | Maximum number of synchronous replicas allowed (must be less than total replicas). | `int`    | `0`   |
+
+
+### Users configuration
+
+| Name                      | Description                                  | Type                | Value   |
+| ------------------------- | -------------------------------------------- | ------------------- | ------- |
+| `users`                   | Users configuration map.                     | `map[string]object` | `{}`    |
+| `users[name].password`    | Password for the user.                       | `string`            | `""`    |
+| `users[name].replication` | Whether the user has replication privileges. | `bool`              | `false` |
+
+
+### Databases configuration
+
+| Name                             | Description                              | Type                | Value |
+| -------------------------------- | ---------------------------------------- | ------------------- | ----- |
+| `databases`                      | Databases configuration map.             | `map[string]object` | `{}`  |
+| `databases[name].roles`          | Roles assigned to users.                 | `object`            | `{}`  |
+| `databases[name].roles.admin`    | List of users with admin privileges.     | `[]string`          | `[]`  |
+| `databases[name].roles.readonly` | List of users with read-only privileges. | `[]string`          | `[]`  |
+| `databases[name].extensions`     | List of enabled PostgreSQL extensions.   | `[]string`          | `[]`  |


 ### Backup parameters

-| Name                     | Description                                                | Type      | Value                               |
-| ------------------------ | ---------------------------------------------------------- | --------- | ----------------------------------- |
-| `backup`                 | Backup configuration                                       | `object`  | `{}`                                |
-| `backup.enabled`         | Enable regular backups                                     | `*bool`   | `false`                             |
-| `backup.schedule`        | Cron schedule for automated backups                        | `*string` | `0 2 * * * *`                       |
-| `backup.retentionPolicy` | Retention policy                                           | `*string` | `30d`                               |
-| `backup.destinationPath` | Path to store the backup (i.e. s3://bucket/path/to/folder) | `*string` | `s3://bucket/path/to/folder/`       |
-| `backup.endpointURL`     | S3 Endpoint used to upload data to the cloud               | `*string` | `http://minio-gateway-service:9000` |
-| `backup.s3AccessKey`     | Access key for S3, used for authentication                 | `*string` | `<your-access-key>`                 |
-| `backup.s3SecretKey`     | Secret key for S3, used for authentication                 | `*string` | `<your-secret-key>`                 |
+| Name                     | Description                                            | Type     | Value                               |
+| ------------------------ | ------------------------------------------------------ | -------- | ----------------------------------- |
+| `backup`                 | Backup configuration.                                  | `object` | `{}`                                |
+| `backup.enabled`         | Enable regular backups.                                | `bool`   | `false`                             |
+| `backup.schedule`        | Cron schedule for automated backups.                   | `string` | `0 2 * * * *`                       |
+| `backup.retentionPolicy` | Retention policy (e.g. "30d").                         | `string` | `30d`                               |
+| `backup.destinationPath` | Destination path for backups (e.g. s3://bucket/path/). | `string` | `s3://bucket/path/to/folder/`       |
+| `backup.endpointURL`     | S3 endpoint URL for uploads.                           | `string` | `http://minio-gateway-service:9000` |
+| `backup.s3AccessKey`     | Access key for S3 authentication.                      | `string` | `<your-access-key>`                 |
+| `backup.s3SecretKey`     | Secret key for S3 authentication.                      | `string` | `<your-secret-key>`                 |


 ### Bootstrap (recovery) parameters

-| Name                     | Description                                                                                                          | Type      | Value   |
-| ------------------------ | -------------------------------------------------------------------------------------------------------------------- | --------- | ------- |
-| `bootstrap`              | Bootstrap configuration                                                                                              | `object`  | `{}`    |
-| `bootstrap.enabled`      | Restore database cluster from a backup                                                                               | `bool`    | `false` |
-| `bootstrap.recoveryTime` | Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest | `*string` | `""`    |
-| `bootstrap.oldName`      | Name of database cluster before deleting                                                                             | `string`  | `""`    |
+| Name                     | Description                                                         | Type     | Value   |
+| ------------------------ | ------------------------------------------------------------------- | -------- | ------- |
+| `bootstrap`              | Bootstrap configuration.                                            | `object` | `{}`    |
+| `bootstrap.enabled`      | Whether to restore from a backup.                                   | `bool`   | `false` |
+| `bootstrap.recoveryTime` | Timestamp (RFC3339) for point-in-time recovery; empty means latest. | `string` | `""`    |
+| `bootstrap.oldName`      | Previous cluster name before deletion.                              | `string` | `""`    |


 ## Parameter examples and reference
--- a/packages/apps/postgres/templates/db.yaml
+++ b/packages/apps/postgres/templates/db.yaml
@@ -79,17 +79,3 @@ spec:
      policy.cozystack.io/allow-to-apiserver: "true"
      app.kubernetes.io/name: postgres.apps.cozystack.io
      app.kubernetes.io/instance: {{ $.Release.Name }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: postgres
-  type: postgres
-  selector:
-    app.kubernetes.io/name: postgres.apps.cozystack.io
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/postgres/values.schema.json
+++ b/packages/apps/postgres/values.schema.json
@@ -3,49 +3,52 @@
  "type": "object",
  "properties": {
    "backup": {
-      "description": "Backup configuration",
+      "description": "Backup configuration.",
      "type": "object",
      "default": {},
+      "required": [
+        "enabled"
+      ],
      "properties": {
        "destinationPath": {
-          "description": "Path to store the backup (i.e. s3://bucket/path/to/folder)",
+          "description": "Destination path for backups (e.g. s3://bucket/path/).",
          "type": "string",
          "default": "s3://bucket/path/to/folder/"
        },
        "enabled": {
-          "description": "Enable regular backups",
+          "description": "Enable regular backups.",
          "type": "boolean",
          "default": false
        },
        "endpointURL": {
-          "description": "S3 Endpoint used to upload data to the cloud",
+          "description": "S3 endpoint URL for uploads.",
          "type": "string",
          "default": "http://minio-gateway-service:9000"
        },
        "retentionPolicy": {
-          "description": "Retention policy",
+          "description": "Retention policy (e.g. \"30d\").",
          "type": "string",
          "default": "30d"
        },
        "s3AccessKey": {
-          "description": "Access key for S3, used for authentication",
+          "description": "Access key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-access-key\u003e"
        },
        "s3SecretKey": {
-          "description": "Secret key for S3, used for authentication",
+          "description": "Secret key for S3 authentication.",
          "type": "string",
          "default": "\u003cyour-secret-key\u003e"
        },
        "schedule": {
-          "description": "Cron schedule for automated backups",
+          "description": "Cron schedule for automated backups.",
          "type": "string",
          "default": "0 2 * * * *"
        }
      }
    },
    "bootstrap": {
-      "description": "Bootstrap configuration",
+      "description": "Bootstrap configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -54,47 +57,49 @@
      ],
      "properties": {
        "enabled": {
-          "description": "Restore database cluster from a backup",
+          "description": "Whether to restore from a backup.",
          "type": "boolean",
          "default": false
        },
        "oldName": {
-          "description": "Name of database cluster before deleting",
-          "type": "string"
+          "description": "Previous cluster name before deletion.",
+          "type": "string",
+          "default": ""
        },
        "recoveryTime": {
-          "description": "Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest",
-          "type": "string"
+          "description": "Timestamp (RFC3339) for point-in-time recovery; empty means latest.",
+          "type": "string",
+          "default": ""
        }
      }
    },
    "databases": {
-      "description": "Databases configuration",
+      "description": "Databases configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "extensions": {
-            "description": "Extensions enabled for the database",
+            "description": "List of enabled PostgreSQL extensions.",
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "roles": {
-            "description": "Roles for the database",
+            "description": "Roles assigned to users.",
            "type": "object",
            "properties": {
              "admin": {
-                "description": "List of users with admin privileges",
+                "description": "List of users with admin privileges.",
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "readonly": {
-                "description": "List of users with read-only privileges",
+                "description": "List of users with read-only privileges.",
                "type": "array",
                "items": {
                  "type": "string"
@@ -106,28 +111,22 @@
      }
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "postgresql": {
-      "description": "PostgreSQL server configuration",
+      "description": "PostgreSQL server configuration.",
      "type": "object",
      "default": {},
-      "required": [
-        "parameters"
-      ],
      "properties": {
        "parameters": {
-          "description": "PostgreSQL server parameters",
+          "description": "PostgreSQL server parameters.",
          "type": "object",
          "default": {},
-          "required": [
-            "max_connections"
-          ],
          "properties": {
            "max_connections": {
-              "description": "Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections",
+              "description": "Maximum number of concurrent connections to the database server.",
              "type": "integer",
              "default": 100
            }
@@ -136,7 +135,7 @@
      }
    },
    "quorum": {
-      "description": "Quorum configuration for synchronous replication",
+      "description": "Quorum configuration for synchronous replication.",
      "type": "object",
      "default": {},
      "required": [
@@ -145,29 +144,29 @@
      ],
      "properties": {
        "maxSyncReplicas": {
-          "description": "Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).",
+          "description": "Maximum number of synchronous replicas allowed (must be less than total replicas).",
          "type": "integer",
          "default": 0
        },
        "minSyncReplicas": {
-          "description": "Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.",
+          "description": "Minimum number of synchronous replicas required for commit.",
          "type": "integer",
          "default": 0
        }
      }
    },
    "replicas": {
-      "description": "Number of Postgres replicas",
+      "description": "Number of Postgres replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each PostgreSQL replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -180,7 +179,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -195,7 +194,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "micro",
      "enum": [
@@ -209,7 +208,7 @@
      ]
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "10Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -223,22 +222,23 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "password": {
-            "description": "Password for the user",
+            "description": "Password for the user.",
            "type": "string"
          },
          "replication": {
-            "description": "Whether the user has replication privileges",
+            "description": "Whether the user has replication privileges.",
            "type": "boolean"
          }
        }
--- a/packages/apps/postgres/values.yaml
+++ b/packages/apps/postgres/values.yaml
@@ -1,44 +1,76 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of Postgres replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each PostgreSQL replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of Postgres replicas.
 replicas: 2
-## @param resources {*resources} Explicit CPU and memory configuration for each PostgreSQL replica. When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each PostgreSQL replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+
+## @param {ResourcesPreset} resourcesPreset="micro" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "micro"
-## @param size {quantity} Persistent Volume Claim size, available for application data
+
+## @param {quantity} size - Persistent Volume Claim size available for application data.
 size: 10Gi
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

-## @section Application-specific parameters
-## @param postgresql {postgresql} PostgreSQL server configuration
-## @field postgresql.parameters {postgresqlParameters} PostgreSQL server parameters
-## @field postgresqlParameters.max_connections {int} Determines the maximum number of concurrent connections to the database server. The default is typically 100 connections
 ##
+## @section Application-specific parameters
+##
+
+## @typedef {struct} PostgreSQLParameters - PostgreSQL server parameters.
+## @field {int} [max_connections] - Maximum number of concurrent connections to the database server.
+
+## @typedef {struct} PostgreSQL - PostgreSQL server configuration.
+## @field {PostgreSQLParameters} [parameters] - PostgreSQL server parameters.
+
+## @param {PostgreSQL} postgresql - PostgreSQL server configuration.
 postgresql:
  parameters:
    max_connections: 100

-## Configuration for the quorum-based synchronous replication
-## @param quorum {quorum} Quorum configuration for synchronous replication
-## @field quorum.minSyncReplicas {int} Minimum number of synchronous replicas that must acknowledge a transaction before it is considered committed.
-## @field quorum.maxSyncReplicas {int} Maximum number of synchronous replicas that can acknowledge a transaction (must be lower than the number of instances).
+##
+## @section Quorum-based synchronous replication
+##
+
+## @typedef {struct} Quorum - Quorum configuration for synchronous replication.
+## @field {int} minSyncReplicas - Minimum number of synchronous replicas required for commit.
+## @field {int} maxSyncReplicas - Maximum number of synchronous replicas allowed (must be less than total replicas).
+
+## @param {Quorum} quorum - Quorum configuration for synchronous replication.
 quorum:
  minSyncReplicas: 0
  maxSyncReplicas: 0

-## @param users {map[string]user} Users configuration
-## @field user.password {*string} Password for the user
-## @field user.replication {*bool} Whether the user has replication privileges
 ##
+## @section Users configuration
+##
+
+## @typedef {struct} User - User configuration.
+## @field {string} [password] - Password for the user.
+## @field {bool} [replication] - Whether the user has replication privileges.
+
+## @param {map[string]User} users - Users configuration map.
+users: {}
 ## Example:
 ## users:
 ##   user1:
@@ -49,15 +81,21 @@ quorum:
 ##     password: qwerty123
 ##   debezium:
 ##     replication: true
-##
-users: {}

-## @param databases {map[string]database} Databases configuration
-## @field database.roles {*databaseRoles} Roles for the database
-## @field databaseRoles.admin {[]string} List of users with admin privileges
-## @field databaseRoles.readonly {[]string} List of users with read-only privileges
-## @field database.extensions {[]string} Extensions enabled for the database
 ##
+## @section Databases configuration
+##
+
+## @typedef {struct} DatabaseRoles - Role assignments for a database.
+## @field {[]string} [admin] - List of users with admin privileges.
+## @field {[]string} [readonly] - List of users with read-only privileges.
+
+## @typedef {struct} Database - Database configuration.
+## @field {DatabaseRoles} [roles] - Roles assigned to users.
+## @field {[]string} [extensions] - List of enabled PostgreSQL extensions.
+
+## @param {map[string]Database} databases - Databases configuration map.
+databases: {}
 ## Example:
 ## databases:
 ##   myapp:
@@ -73,18 +111,21 @@ users: {}
 ##       - airflow
 ##     extensions:
 ##     - hstore
-databases: {}

+##
 ## @section Backup parameters
+##

-## @param backup {backup} Backup configuration
-## @field backup.enabled {*bool} Enable regular backups
-## @field backup.schedule {*string} Cron schedule for automated backups
-## @field backup.retentionPolicy {*string} Retention policy
-## @field backup.destinationPath {*string} Path to store the backup (i.e. s3://bucket/path/to/folder)
-## @field backup.endpointURL {*string} S3 Endpoint used to upload data to the cloud
-## @field backup.s3AccessKey {*string} Access key for S3, used for authentication
-## @field backup.s3SecretKey {*string} Secret key for S3, used for authentication
+## @typedef {struct} Backup - Backup configuration.
+## @field {bool} enabled - Enable regular backups.
+## @field {string} [schedule] - Cron schedule for automated backups.
+## @field {string} [retentionPolicy] - Retention policy (e.g. "30d").
+## @field {string} [destinationPath] - Destination path for backups (e.g. s3://bucket/path/).
+## @field {string} [endpointURL] - S3 endpoint URL for uploads.
+## @field {string} [s3AccessKey] - Access key for S3 authentication.
+## @field {string} [s3SecretKey] - Secret key for S3 authentication.
+
+## @param {Backup} backup - Backup configuration.
 backup:
  enabled: false
  retentionPolicy: 30d
@@ -94,16 +135,18 @@ backup:
  s3AccessKey: "<your-access-key>"
  s3SecretKey: "<your-secret-key>"

-## @section Bootstrap (recovery) parameters
-
-## @param bootstrap {bootstrap} Bootstrap configuration
-## @field bootstrap.enabled {bool} Restore database cluster from a backup
-## @field bootstrap.recoveryTime {*string} Timestamp (PITR) up to which recovery will proceed, expressed in RFC 3339 format. If left empty, will restore latest
-## @field bootstrap.oldName {string} Name of database cluster before deleting
 ##
+## @section Bootstrap (recovery) parameters
+##
+
+## @typedef {struct} Bootstrap - Bootstrap configuration for restoring a database cluster from a backup.
+## @field {bool} enabled - Whether to restore from a backup.
+## @field {string} [recoveryTime] - Timestamp (RFC3339) for point-in-time recovery; empty means latest.
+## @field {string} oldName - Previous cluster name before deletion.
+
+## @param {Bootstrap} bootstrap - Bootstrap configuration.
 bootstrap:
  enabled: false
  # example: 2020-11-26 15:22:00.00000+00
  recoveryTime: ""
  oldName: ""
-
--- a/packages/apps/rabbitmq/README.md
+++ b/packages/apps/rabbitmq/README.md
@@ -13,28 +13,28 @@ The service utilizes official RabbitMQ operator. This ensures the reliability an

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of RabbitMQ replicas                                                                                                               | `int`       | `3`     |
-| `resources`        | Explicit CPU and memory configuration for each RabbitMQ replica.  When left empty, the preset defined in `resourcesPreset` is applied.    | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
-| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `10Gi`  |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                        | Type       | Value   |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `replicas`         | Number of RabbitMQ replicas.                                                                                                       | `int`      | `3`     |
+| `resources`        | Explicit CPU and memory configuration for each RabbitMQ replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                     | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                            | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                            | `string`   | `nano`  |
+| `size`             | Persistent Volume Claim size available for application data.                                                                       | `quantity` | `10Gi`  |
+| `storageClass`     | StorageClass used to store the data.                                                                                               | `string`   | `""`    |
+| `external`         | Enable external access from outside the cluster.                                                                                   | `bool`     | `false` |


 ### Application-specific parameters

-| Name                          | Description                 | Type                | Value   |
-| ----------------------------- | --------------------------- | ------------------- | ------- |
-| `users`                       | Users configuration         | `map[string]object` | `{...}` |
-| `users[name].password`        | Password for the user       | `*string`           | `null`  |
-| `vhosts`                      | Virtual Hosts configuration | `map[string]object` | `{...}` |
-| `vhosts[name].roles`          | Virtual host roles list     | `object`            | `{}`    |
-| `vhosts[name].roles.admin`    | List of admin users         | `[]string`          | `[]`    |
-| `vhosts[name].roles.readonly` | List of readonly users      | `[]string`          | `[]`    |
+| Name                          | Description                      | Type                | Value |
+| ----------------------------- | -------------------------------- | ------------------- | ----- |
+| `users`                       | Users configuration map.         | `map[string]object` | `{}`  |
+| `users[name].password`        | Password for the user.           | `string`            | `""`  |
+| `vhosts`                      | Virtual hosts configuration map. | `map[string]object` | `{}`  |
+| `vhosts[name].roles`          | Virtual host roles list.         | `object`            | `{}`  |
+| `vhosts[name].roles.admin`    | List of admin users.             | `[]string`          | `[]`  |
+| `vhosts[name].roles.readonly` | List of readonly users.          | `[]string`          | `[]`  |


 ## Parameter examples and reference
--- a/packages/apps/rabbitmq/templates/workloadmonitor.yaml
+++ b/packages/apps/rabbitmq/templates/workloadmonitor.yaml
@@ -1,13 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: rabbitmq
-  type: rabbitmq
-  selector:
-    app.kubernetes.io/name: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/rabbitmq/values.schema.json
+++ b/packages/apps/rabbitmq/values.schema.json
@@ -3,22 +3,22 @@
  "type": "object",
  "properties": {
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "replicas": {
-      "description": "Number of RabbitMQ replicas",
+      "description": "Number of RabbitMQ replicas.",
      "type": "integer",
      "default": 3
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each RabbitMQ replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each RabbitMQ replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -31,7 +31,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -46,7 +46,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "nano",
      "enum": [
@@ -60,7 +60,7 @@
      ]
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "10Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -74,25 +74,26 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "password": {
-            "description": "Password for the user",
+            "description": "Password for the user.",
            "type": "string"
          }
        }
      }
    },
    "vhosts": {
-      "description": "Virtual Hosts configuration",
+      "description": "Virtual hosts configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
@@ -102,18 +103,18 @@
        ],
        "properties": {
          "roles": {
-            "description": "Virtual host roles list",
+            "description": "Virtual host roles list.",
            "type": "object",
            "properties": {
              "admin": {
-                "description": "List of admin users",
+                "description": "List of admin users.",
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "readonly": {
-                "description": "List of readonly users",
+                "description": "List of readonly users.",
                "type": "array",
                "items": {
                  "type": "string"
--- a/packages/apps/rabbitmq/values.yaml
+++ b/packages/apps/rabbitmq/values.yaml
@@ -1,29 +1,47 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of RabbitMQ replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each RabbitMQ replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of RabbitMQ replicas.
 replicas: 3
-## @param resources {*resources} Explicit CPU and memory configuration for each RabbitMQ replica.  When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
-# resources:
-#   cpu: 4000m
-#   memory: 4Gi
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each RabbitMQ replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}

-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+## @param {ResourcesPreset} resourcesPreset="nano" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "nano"
-## @param size {quantity} Persistent Volume Claim size, available for application data
+
+## @param {quantity} size - Persistent Volume Claim size available for application data.
 size: 10Gi
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

-
+##
 ## @section Application-specific parameters
 ##
-## @param users {map[string]user} Users configuration
-## @field user.password {*string} Password for the user
+
+## @typedef {struct} User - User configuration.
+## @field {string} [password] - Password for the user.
+
+## @param {map[string]User} users - Users configuration map.
+users: {}
 ## Example:
 ## users:
 ##   user1:
@@ -32,14 +50,16 @@ external: false
 ##     password: hackme
 ##   user3:
 ##     password: testtest
-##
-users: {}

-## @param vhosts {map[string]vhost} Virtual Hosts configuration
-## @field vhost.roles {roles} Virtual host roles list
-## @field roles.admin {[]string} List of admin users
-## @field roles.readonly {[]string} List of readonly users
-##
+## @typedef {struct} Roles - Virtual host roles.
+## @field {[]string} [admin] - List of admin users.
+## @field {[]string} [readonly] - List of readonly users.
+
+## @typedef {struct} Vhost - Virtual host configuration.
+## @field {Roles} roles - Virtual host roles list.
+
+## @param {map[string]Vhost} vhosts - Virtual hosts configuration map.
+vhosts: {}
 ## Example:
 ## vhosts:
 ##   myapp:
@@ -53,5 +73,3 @@ users: {}
 ##     roles:
 ##       admin:
 ##       - user3
-vhosts: {}
-
--- a/packages/apps/redis/README.md
+++ b/packages/apps/redis/README.md
@@ -13,23 +13,23 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of Redis replicas                                                                                                                  | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each Redis replica.  When left empty, the preset defined in `resourcesPreset` is applied.       | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
-| `size`             | Persistent Volume Claim size, available for application data                                                                              | `quantity`  | `1Gi`   |
-| `storageClass`     | StorageClass used to store the data                                                                                                       | `string`    | `""`    |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                     | Type       | Value   |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `replicas`         | Number of Redis replicas.                                                                                                       | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each Redis replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                  | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                         | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                         | `string`   | `nano`  |
+| `size`             | Persistent Volume Claim size available for application data.                                                                    | `quantity` | `1Gi`   |
+| `storageClass`     | StorageClass used to store the data.                                                                                            | `string`   | `""`    |
+| `external`         | Enable external access from outside the cluster.                                                                                | `bool`     | `false` |


 ### Application-specific parameters

-| Name          | Description                | Type   | Value  |
-| ------------- | -------------------------- | ------ | ------ |
-| `authEnabled` | Enable password generation | `bool` | `true` |
+| Name          | Description                 | Type   | Value  |
+| ------------- | --------------------------- | ------ | ------ |
+| `authEnabled` | Enable password generation. | `bool` | `true` |


 ## Parameter examples and reference
--- a/packages/apps/redis/templates/redisfailover.yaml
+++ b/packages/apps/redis/templates/redisfailover.yaml
@@ -27,6 +27,7 @@ spec:
    replicas: 3
    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 6 }}
  redis:
+    image: "redis:8.2.0"
    resources: {{- include "cozy-lib.resources.defaultingSanitize" (list .Values.resourcesPreset .Values.resources $) | nindent 6 }}
    replicas: {{ .Values.replicas }}
    {{- with .Values.size }}
@@ -67,34 +68,3 @@ spec:
  auth:
    secretPath: {{ .Release.Name }}-auth
  {{- end }}
-
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-redis
-  namespace: {{ $.Release.Namespace }}
-spec:
-  minReplicas: 1
-  replicas: {{ .Values.replicas }}
-  kind: redis
-  type: redis
-  selector:
-    app.kubernetes.io/component: redis
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}-sentinel
-  namespace: {{ $.Release.Namespace }}
-spec:
-  minReplicas: 2
-  replicas: 3
-  kind: redis
-  type: sentinel
-  selector:
-    app.kubernetes.io/component: sentinel
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/redis/values.schema.json
+++ b/packages/apps/redis/values.schema.json
@@ -3,27 +3,27 @@
  "type": "object",
  "properties": {
    "authEnabled": {
-      "description": "Enable password generation",
+      "description": "Enable password generation.",
      "type": "boolean",
      "default": true
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "replicas": {
-      "description": "Number of Redis replicas",
+      "description": "Number of Redis replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each Redis replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each Redis replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -36,7 +36,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -51,7 +51,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "nano",
      "enum": [
@@ -65,7 +65,7 @@
      ]
    },
    "size": {
-      "description": "Persistent Volume Claim size, available for application data",
+      "description": "Persistent Volume Claim size available for application data.",
      "default": "1Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -79,8 +79,9 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
-      "type": "string"
+      "description": "StorageClass used to store the data.",
+      "type": "string",
+      "default": ""
    }
  }
 }
--- a/packages/apps/redis/values.yaml
+++ b/packages/apps/redis/values.yaml
@@ -1,25 +1,41 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of Redis replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each Redis replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of Redis replicas.
 replicas: 2
-## @param resources {*resources} Explicit CPU and memory configuration for each Redis replica.  When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each Redis replica. When omitted, the preset defined in `resourcesPreset` is applied.
 resources: {}
-  # resources:
-  #   cpu: 4000m
-  #   memory: 4Gi
-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+
+## @param {ResourcesPreset} resourcesPreset="nano" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "nano"
-## @param size {quantity} Persistent Volume Claim size, available for application data
+
+## @param {quantity} size - Persistent Volume Claim size available for application data.
 size: 1Gi
-## @param storageClass {string} StorageClass used to store the data
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: ""
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

-
+##
 ## @section Application-specific parameters
 ##
-## @param authEnabled {bool} Enable password generation
+
+## @param {bool} authEnabled - Enable password generation.
 authEnabled: true
--- a/packages/apps/tcp-balancer/README.md
+++ b/packages/apps/tcp-balancer/README.md
@@ -12,28 +12,28 @@ Managed TCP Load Balancer Service efficiently utilizes HAProxy for load balancin

 ### Common parameters

-| Name               | Description                                                                                                                                | Type        | Value   |
-| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | ----------- | ------- |
-| `replicas`         | Number of HAProxy replicas                                                                                                                 | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each TCP Balancer replica.  When left empty, the preset defined in `resourcesPreset` is applied. | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                              | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                     | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.  | `string`    | `nano`  |
-| `external`         | Enable external access from outside the cluster                                                                                            | `bool`      | `false` |
+| Name               | Description                                                                                                                            | Type       | Value   |
+| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------- |
+| `replicas`         | Number of HAProxy replicas.                                                                                                            | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each TCP Balancer replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                         | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                                | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                                | `string`   | `nano`  |
+| `external`         | Enable external access from outside the cluster.                                                                                       | `bool`     | `false` |


 ### Application-specific parameters

-| Name                             | Description                                                      | Type       | Value   |
-| -------------------------------- | ---------------------------------------------------------------- | ---------- | ------- |
-| `httpAndHttps`                   | HTTP and HTTPS configuration                                     | `object`   | `{}`    |
-| `httpAndHttps.mode`              | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`    | `string`   | `tcp`   |
-| `httpAndHttps.targetPorts`       | Target ports configuration                                       | `object`   | `{}`    |
-| `httpAndHttps.targetPorts.http`  | HTTP port number.                                                | `int`      | `80`    |
-| `httpAndHttps.targetPorts.https` | HTTPS port number.                                               | `int`      | `443`   |
-| `httpAndHttps.endpoints`         | Endpoint addresses list                                          | `[]string` | `[]`    |
-| `whitelistHTTP`                  | Secure HTTP by whitelisting client networks, `false` by default. | `bool`     | `false` |
-| `whitelist`                      | List of allowed client networks                                  | `[]string` | `[]`    |
+| Name                             | Description                                                   | Type       | Value   |
+| -------------------------------- | ------------------------------------------------------------- | ---------- | ------- |
+| `httpAndHttps`                   | HTTP and HTTPS configuration.                                 | `object`   | `{}`    |
+| `httpAndHttps.mode`              | Mode for balancer.                                            | `string`   | `tcp`   |
+| `httpAndHttps.targetPorts`       | Target ports configuration.                                   | `object`   | `{}`    |
+| `httpAndHttps.targetPorts.http`  | HTTP port number.                                             | `int`      | `80`    |
+| `httpAndHttps.targetPorts.https` | HTTPS port number.                                            | `int`      | `443`   |
+| `httpAndHttps.endpoints`         | Endpoint addresses list.                                      | `[]string` | `[]`    |
+| `whitelistHTTP`                  | Secure HTTP by whitelisting client networks (default: false). | `bool`     | `false` |
+| `whitelist`                      | List of allowed client networks.                              | `[]string` | `[]`    |


 ## Parameter examples and reference
--- a/packages/apps/tcp-balancer/templates/workloadmonitor.yaml
+++ b/packages/apps/tcp-balancer/templates/workloadmonitor.yaml
@@ -1,13 +0,0 @@
---
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: tcp-balancer
-  type: haproxy
-  selector:
-    app.kubernetes.io/instance: {{ $.Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/tcp-balancer/values.schema.json
+++ b/packages/apps/tcp-balancer/values.schema.json
@@ -3,12 +3,12 @@
  "type": "object",
  "properties": {
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "httpAndHttps": {
-      "description": "HTTP and HTTPS configuration",
+      "description": "HTTP and HTTPS configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -17,7 +17,7 @@
      ],
      "properties": {
        "endpoints": {
-          "description": "Endpoint addresses list",
+          "description": "Endpoint addresses list.",
          "type": "array",
          "default": [],
          "items": {
@@ -25,7 +25,7 @@
          }
        },
        "mode": {
-          "description": "Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`",
+          "description": "Mode for balancer.",
          "type": "string",
          "default": "tcp",
          "enum": [
@@ -34,7 +34,7 @@
          ]
        },
        "targetPorts": {
-          "description": "Target ports configuration",
+          "description": "Target ports configuration.",
          "type": "object",
          "default": {},
          "required": [
@@ -57,16 +57,17 @@
      }
    },
    "replicas": {
-      "description": "Number of HAProxy replicas",
+      "description": "Number of HAProxy replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each TCP Balancer replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each TCP Balancer replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
+      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -79,7 +80,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -94,7 +95,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "nano",
      "enum": [
@@ -108,7 +109,7 @@
      ]
    },
    "whitelist": {
-      "description": "List of allowed client networks",
+      "description": "List of allowed client networks.",
      "type": "array",
      "default": [],
      "items": {
@@ -116,7 +117,7 @@
      }
    },
    "whitelistHTTP": {
-      "description": "Secure HTTP by whitelisting client networks, `false` by default.",
+      "description": "Secure HTTP by whitelisting client networks (default: false).",
      "type": "boolean",
      "default": false
    }
--- a/packages/apps/tcp-balancer/values.yaml
+++ b/packages/apps/tcp-balancer/values.yaml
@@ -1,44 +1,50 @@
+##
 ## @section Common parameters
 ##
-## @param replicas {int} Number of HAProxy replicas
+
+## @typedef {struct} Resources - Explicit CPU and memory configuration for each TCP Balancer replica.
+## @field {quantity} [cpu] - CPU available to each replica.
+## @field {quantity} [memory] - Memory (RAM) available to each replica.
+
+## @enum {string} ResourcesPreset - Default sizing preset.
+## @value nano
+## @value micro
+## @value small
+## @value medium
+## @value large
+## @value xlarge
+## @value 2xlarge
+
+## @param {int} replicas - Number of HAProxy replicas.
 replicas: 2
-## @param resources {*resources} Explicit CPU and memory configuration for each TCP Balancer replica.  When left empty, the preset defined in `resourcesPreset` is applied.
-## @field resources.cpu {*quantity} CPU available to each replica
-## @field resources.memory {*quantity} Memory (RAM) available to each replica
-#resources: {}
-# resources:
-#   cpu: 4000m
-#   memory: 4Gi
-## @param resourcesPreset {string enum:"nano,micro,small,medium,large,xlarge,2xlarge"} Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.
+
+## @param {Resources} [resources] - Explicit CPU and memory configuration for each TCP Balancer replica. When omitted, the preset defined in `resourcesPreset` is applied.
+resources: {}
+
+## @param {ResourcesPreset} resourcesPreset="nano" - Default sizing preset used when `resources` is omitted.
 resourcesPreset: "nano"
-##
-## @param external {bool} Enable external access from outside the cluster
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false

-
+##
 ## @section Application-specific parameters
 ##
-## @param httpAndHttps {httpAndHttps} HTTP and HTTPS configuration
-## @field httpAndHttps.mode {string enum:"tcp,tcp-with-proxy"} Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy`
-## @field httpAndHttps.targetPorts {targetPorts} Target ports configuration
-## @field targetPorts.http {int} HTTP port number.
-## @field targetPorts.https {int} HTTPS port number.
-## @field httpAndHttps.endpoints {[]string} Endpoint addresses list
-## Example:
-##
-## httpAndHttps:
-##   mode: tcp
-##   targetPorts:
-##     http: 80
-##     https: 443
-##   endpoints:
-##    - 10.100.3.1
-##    - 10.100.3.11
-##    - 10.100.3.2
-##    - 10.100.3.12
-##    - 10.100.3.3
-##    - 10.100.3.13

+## @enum {string} Mode - Mode for balancer.
+## @value tcp
+## @value tcp-with-proxy
+
+## @typedef {struct} TargetPorts - Target ports configuration.
+## @field {int} http - HTTP port number.
+## @field {int} https - HTTPS port number.
+
+## @typedef {struct} HttpAndHttps - HTTP and HTTPS configuration.
+## @field {Mode} mode - Mode for balancer.
+## @field {TargetPorts} targetPorts - Target ports configuration.
+## @field {[]string} endpoints - Endpoint addresses list.
+
+## @param {HttpAndHttps} httpAndHttps - HTTP and HTTPS configuration.
 httpAndHttps:
  mode: tcp
  targetPorts:
@@ -46,14 +52,14 @@ httpAndHttps:
    https: 443
  endpoints: []

-## @param whitelistHTTP {bool} Secure HTTP by whitelisting client networks, `false` by default.
-## @param whitelist {[]string} List of allowed client networks
+## @param {bool} whitelistHTTP - Secure HTTP by whitelisting client networks (default: false).
+whitelistHTTP: false
 ## Example:
 ## whitelistHTTP: true
 ## whitelist:
 ## - "1.2.3.4"
 ## - "10.100.0.0/16"
 ##
-whitelistHTTP: false
-whitelist: []

+## @param {[]string} whitelist - List of allowed client networks.
+whitelist: []
--- a/packages/apps/tenant/README.md
+++ b/packages/apps/tenant/README.md
@@ -69,13 +69,13 @@ tenant-u1

 ### Common parameters

-| Name             | Description                                                                                                                 | Type                  | Value   |
-| ---------------- | --------------------------------------------------------------------------------------------------------------------------- | --------------------- | ------- |
-| `host`           | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host). | `*string`             | `""`    |
-| `etcd`           | Deploy own Etcd cluster                                                                                                     | `bool`                | `false` |
-| `monitoring`     | Deploy own Monitoring Stack                                                                                                 | `bool`                | `false` |
-| `ingress`        | Deploy own Ingress Controller                                                                                               | `bool`                | `false` |
-| `seaweedfs`      | Deploy own SeaweedFS                                                                                                        | `bool`                | `false` |
-| `isolated`       | Enforce tenant namespace with network policies, `true` by default                                                           | `bool`                | `true`  |
-| `resourceQuotas` | Define resource quotas for the tenant                                                                                       | `map[string]quantity` | `{}`    |
+| Name             | Description                                                                                                                | Type                  | Value   |
+| ---------------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------- | ------- |
+| `host`           | The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host). | `string`              | `""`    |
+| `etcd`           | Deploy own Etcd cluster.                                                                                                   | `bool`                | `false` |
+| `monitoring`     | Deploy own Monitoring Stack.                                                                                               | `bool`                | `false` |
+| `ingress`        | Deploy own Ingress Controller.                                                                                             | `bool`                | `false` |
+| `seaweedfs`      | Deploy own SeaweedFS.                                                                                                      | `bool`                | `false` |
+| `isolated`       | Enforce tenant namespace with network policies (default: true).                                                            | `bool`                | `true`  |
+| `resourceQuotas` | Define resource quotas for the tenant.                                                                                     | `map[string]quantity` | `{}`    |

--- a/packages/apps/tenant/templates/tenant.yaml
+++ b/packages/apps/tenant/templates/tenant.yaml
@@ -28,6 +28,7 @@ rules:
  - cozystack.io
  resources:
  - workloadmonitors
+  - workloads
  verbs: ["get", "list", "watch"]
 - apiGroups:
  - core.cozystack.io
@@ -113,6 +114,7 @@ rules:
    - cozystack.io
    resources:
    - workloadmonitors
+    - workloads
    verbs: ["get", "list", "watch"]
 ---
 kind: RoleBinding
@@ -184,6 +186,7 @@ rules:
    - cozystack.io
    resources:
    - workloadmonitors
+    - workloads
    verbs: ["get", "list", "watch"]
  - apiGroups:
    - core.cozystack.io
@@ -270,6 +273,7 @@ rules:
    - vmdisks
    - vminstances
    - infos
+    - virtualprivateclouds
    verbs:
    - get
    - list
@@ -282,6 +286,7 @@ rules:
    - cozystack.io
    resources:
    - workloadmonitors
+    - workloads
    verbs: ["get", "list", "watch"]
  - apiGroups:
    - core.cozystack.io
@@ -356,6 +361,7 @@ rules:
    - cozystack.io
    resources:
    - workloadmonitors
+    - workloads
    verbs: ["get", "list", "watch"]
  - apiGroups:
    - core.cozystack.io
--- a/packages/apps/tenant/values.schema.json
+++ b/packages/apps/tenant/values.schema.json
@@ -3,31 +3,32 @@
  "type": "object",
  "properties": {
    "etcd": {
-      "description": "Deploy own Etcd cluster",
+      "description": "Deploy own Etcd cluster.",
      "type": "boolean",
      "default": false
    },
    "host": {
-      "description": "The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).",
-      "type": "string"
+      "description": "The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).",
+      "type": "string",
+      "default": ""
    },
    "ingress": {
-      "description": "Deploy own Ingress Controller",
+      "description": "Deploy own Ingress Controller.",
      "type": "boolean",
      "default": false
    },
    "isolated": {
-      "description": "Enforce tenant namespace with network policies, `true` by default",
+      "description": "Enforce tenant namespace with network policies (default: true).",
      "type": "boolean",
      "default": true
    },
    "monitoring": {
-      "description": "Deploy own Monitoring Stack",
+      "description": "Deploy own Monitoring Stack.",
      "type": "boolean",
      "default": false
    },
    "resourceQuotas": {
-      "description": "Define resource quotas for the tenant",
+      "description": "Define resource quotas for the tenant.",
      "type": "object",
      "default": {},
      "additionalProperties": {
@@ -44,7 +45,7 @@
      }
    },
    "seaweedfs": {
-      "description": "Deploy own SeaweedFS",
+      "description": "Deploy own SeaweedFS.",
      "type": "boolean",
      "default": false
    }
--- a/packages/apps/tenant/values.yaml
+++ b/packages/apps/tenant/values.yaml
@@ -1,21 +1,24 @@
+##
 ## @section Common parameters
+##

-## @param host {*string} The hostname used to access tenant services (defaults to using the tenant name as a subdomain for it's parent tenant host).
-## @param etcd {bool} Deploy own Etcd cluster
-## @param monitoring {bool} Deploy own Monitoring Stack
-## @param ingress {bool} Deploy own Ingress Controller
-## @param seaweedfs {bool} Deploy own SeaweedFS
-## @param isolated {bool} Enforce tenant namespace with network policies, `true` by default
+## @param {string} [host] - The hostname used to access tenant services (defaults to using the tenant name as a subdomain for its parent tenant host).
 host: ""
+
+## @param {bool} etcd - Deploy own Etcd cluster.
 etcd: false
+
+## @param {bool} monitoring - Deploy own Monitoring Stack.
 monitoring: false
+
+## @param {bool} ingress - Deploy own Ingress Controller.
 ingress: false
+
+## @param {bool} seaweedfs - Deploy own SeaweedFS.
 seaweedfs: false
+
+## @param {bool} isolated - Enforce tenant namespace with network policies (default: true).
 isolated: true
-## @param resourceQuotas {map[string]quantity} Define resource quotas for the tenant
+
+## @param {map[string]quantity} resourceQuotas - Define resource quotas for the tenant.
 resourceQuotas: {}
-# resourceQuotas:
-#   cpu: "1"
-#   memory: "1Gi"
-#   nvidia.com/gpu: 4
-#   storage: 100Gi
--- a/packages/apps/virtual-machine/README.md
+++ b/packages/apps/virtual-machine/README.md
@@ -36,27 +36,29 @@ virtctl ssh <user>@<vm>

 ### Common parameters

-| Name                      | Description                                                                                                                                                                                                                               | Type        | Value        |
-| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------------ |
-| `external`                | Enable external access from outside the cluster                                                                                                                                                                                           | `bool`      | `false`      |
-| `externalMethod`          | Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`                                                                                                                               | `string`    | `PortList`   |
-| `externalPorts`           | Specify ports to forward from outside the cluster                                                                                                                                                                                         | `[]int`     | `[22]`       |
-| `running`                 | if the virtual machine should be running                                                                                                                                                                                                  | `bool`      | `true`       |
-| `instanceType`            | Virtual Machine instance type                                                                                                                                                                                                             | `string`    | `u1.medium`  |
-| `instanceProfile`         | Virtual Machine preferences profile                                                                                                                                                                                                       | `string`    | `ubuntu`     |
-| `systemDisk`              | System disk configuration                                                                                                                                                                                                                 | `object`    | `{}`         |
-| `systemDisk.image`        | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`                                                                                                                                | `string`    | `ubuntu`     |
-| `systemDisk.storage`      | The size of the disk allocated for the virtual machine                                                                                                                                                                                    | `string`    | `5Gi`        |
-| `systemDisk.storageClass` | StorageClass used to store the data                                                                                                                                                                                                       | `*string`   | `replicated` |
-| `gpus`                    | List of GPUs to attach                                                                                                                                                                                                                    | `[]object`  | `[]`         |
-| `gpus[i].name`            | The name of the GPU to attach. This should match the GPU resource name in the cluster.                                                                                                                                                    | `string`    | `""`         |
-| `resources`               | Resources                                                                                                                                                                                                                                 | `*object`   | `null`       |
-| `resources.cpu`           | The number of CPU cores allocated to the virtual machine                                                                                                                                                                                  | `*quantity` | `null`       |
-| `resources.sockets`       | The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)                                                                                                                                                 | `*quantity` | `null`       |
-| `resources.memory`        | The amount of memory allocated to the virtual machine                                                                                                                                                                                     | `*quantity` | `null`       |
-| `sshKeys`                 | List of SSH public keys for authentication. Can be a single key or a list of keys.                                                                                                                                                        | `[]string`  | `[]`         |
-| `cloudInit`               | Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html). | `string`    | `""`         |
-| `cloudInitSeed`           | A seed string to generate an SMBIOS UUID for the VM.                                                                                                                                                                                      | `string`    | `""`         |
+| Name                      | Description                                             | Type       | Value        |
+| ------------------------- | ------------------------------------------------------- | ---------- | ------------ |
+| `external`                | Enable external access from outside the cluster.        | `bool`     | `false`      |
+| `externalMethod`          | Method to pass through traffic to the VM.               | `string`   | `PortList`   |
+| `externalPorts`           | Ports to forward from outside the cluster.              | `[]int`    | `[22]`       |
+| `running`                 | Whether the virtual machine should be running.          | `bool`     | `true`       |
+| `instanceType`            | Virtual Machine instance type.                          | `string`   | `u1.medium`  |
+| `instanceProfile`         | Virtual Machine preferences profile.                    | `string`   | `ubuntu`     |
+| `systemDisk`              | System disk configuration.                              | `object`   | `{}`         |
+| `systemDisk.image`        | The base image for the virtual machine.                 | `string`   | `ubuntu`     |
+| `systemDisk.storage`      | The size of the disk allocated for the virtual machine. | `string`   | `5Gi`        |
+| `systemDisk.storageClass` | StorageClass used to store the data.                    | `string`   | `replicated` |
+| `subnets`                 | Additional subnets                                      | `[]object` | `[]`         |
+| `subnets[i].name`         | Subnet name                                             | `string`   | `""`         |
+| `gpus`                    | List of GPUs to attach.                                 | `[]object` | `[]`         |
+| `gpus[i].name`            | The name of the GPU resource to attach.                 | `string`   | `""`         |
+| `resources`               | Resource configuration for the virtual machine.         | `object`   | `{}`         |
+| `resources.cpu`           | Number of CPU cores allocated.                          | `quantity` | `""`         |
+| `resources.sockets`       | Number of CPU sockets (vCPU topology).                  | `quantity` | `""`         |
+| `resources.memory`        | Amount of memory allocated.                             | `quantity` | `""`         |
+| `sshKeys`                 | List of SSH public keys for authentication.             | `[]string` | `[]`         |
+| `cloudInit`               | Cloud-init user data.                                   | `string`   | `""`         |
+| `cloudInitSeed`           | Seed string to generate SMBIOS UUID for the VM.         | `string`   | `""`         |


 ## U Series
--- a/packages/apps/virtual-machine/templates/secret-network-config.yaml
+++ b/packages/apps/virtual-machine/templates/secret-network-config.yaml
@@ -0,0 +1,40 @@
+# if subnets are specified and image is either ubunu or alpine
+{{- if and .Values.subnets (or (eq .Values.systemDisk.image "ubuntu") (eq .Values.systemDisk.image "alpine")) }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "virtual-machine.fullname" $ }}-network-config
+stringData:
+  networkData: |
+    network:
+      version: 1
+      config:
+      {{- if eq .Values.systemDisk.image "ubuntu" }}
+      # main iface
+      - type: physical
+        name: enp1s0
+        subnets:
+          - type: dhcp
+      # additional ifaces attached to subnets
+      {{- range $i, $subnet := .Values.subnets }}
+      - type: physical
+        name: enp{{ add 2 $i }}s0
+        subnets:
+          - type: dhcp
+      {{- end }}
+      {{- else if eq .Values.systemDisk.image "alpine" }}
+      #main iface
+      - type: physical
+        name: eth0
+        subnets:
+          - type: dhcp
+      # additional ifaces attached to subnets
+      {{- range $i, $subnet := .Values.subnets }}
+      - type: physical
+        name: eth{{ add1 $i }}
+        subnets:
+          - type: dhcp
+      {{- end }}
+      {{- end }}
+{{- end }}
--- a/packages/apps/virtual-machine/templates/vm.yaml
+++ b/packages/apps/virtual-machine/templates/vm.yaml
@@ -51,9 +51,9 @@ spec:
          {{- else if eq .Values.systemDisk.image "ubuntu" }}
          url: https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img
          {{- else if eq .Values.systemDisk.image "fedora" }}
-          url: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2
+          url: https://download.fedoraproject.org/pub/fedora/linux/releases/42/Cloud/x86_64/images/Fedora-Cloud-Base-Generic-42-1.1.x86_64.qcow2
          {{- else if eq .Values.systemDisk.image "alpine" }}
-          url: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.2-x86_64-bios-tiny-r0.qcow2
+          url: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.8-x86_64-bios-cloudinit-r0.qcow2
          {{- else if eq .Values.systemDisk.image "talos" }}
          url: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
          {{- end }}
@@ -93,7 +93,7 @@ spec:
          - disk:
              bus: scsi
            name: systemdisk
-          {{- if or .Values.cloudInit .Values.sshKeys }}
+          {{- if or .Values.cloudInit .Values.sshKeys (and .Values.subnets (or (eq .Values.systemDisk.image "ubuntu") (eq .Values.systemDisk.image "alpine"))) }}
          - disk:
              bus: virtio
            name: cloudinitdisk
@@ -102,6 +102,12 @@ spec:
          interfaces:
          - name: default
            bridge: {}
+          {{- if .Values.subnets }}
+          {{- range $i, $subnet := .Values.subnets }}
+          - name: {{ $subnet.name }}
+            bridge: {}
+          {{- end }}
+          {{- end }}

        machine:
          type: ""
@@ -123,13 +129,26 @@ spec:
        - name: systemdisk
          dataVolume:
            name: {{ include "virtual-machine.fullname" . }}
-        {{- if or .Values.cloudInit .Values.sshKeys }}
+        {{- if or .Values.cloudInit .Values.sshKeys (and .Values.subnets (or (eq .Values.systemDisk.image "ubuntu") (eq .Values.systemDisk.image "alpine"))) }}
        - name: cloudinitdisk
          cloudInitNoCloud:
+            {{- if or .Values.cloudInit .Values.sshKeys }}
            secretRef:
              name: {{ include "virtual-machine.fullname" . }}-cloud-init
+            {{- end }}
+            {{- if and .Values.subnets (or (eq .Values.systemDisk.image "ubuntu") (eq .Values.systemDisk.image "alpine")) }}
+            networkDataSecretRef:
+              name: {{ include "virtual-machine.fullname" . }}-network-config
+            {{- end }}
        {{- end }}

      networks:
      - name: default
        pod: {}
+      {{- if .Values.subnets }}
+      {{- range $i, $subnet := .Values.subnets }}
+      - name: {{ $subnet.name }}
+        multus:
+          networkName: {{ $.Release.Namespace }}/{{ $subnet.name }}
+      {{- end }}
+      {{- end }}
--- a/packages/apps/virtual-machine/values.schema.json
+++ b/packages/apps/virtual-machine/values.schema.json
@@ -3,20 +3,22 @@
  "type": "object",
  "properties": {
    "cloudInit": {
-      "description": "Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html).",
-      "type": "string"
+      "description": "Cloud-init user data.",
+      "type": "string",
+      "default": ""
    },
    "cloudInitSeed": {
-      "description": "A seed string to generate an SMBIOS UUID for the VM.",
-      "type": "string"
+      "description": "Seed string to generate SMBIOS UUID for the VM.",
+      "type": "string",
+      "default": ""
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "externalMethod": {
-      "description": "Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
+      "description": "Method to pass through traffic to the VM.",
      "type": "string",
      "default": "PortList",
      "enum": [
@@ -25,7 +27,7 @@
      ]
    },
    "externalPorts": {
-      "description": "Specify ports to forward from outside the cluster",
+      "description": "Ports to forward from outside the cluster.",
      "type": "array",
      "default": [
        22
@@ -35,7 +37,7 @@
      }
    },
    "gpus": {
-      "description": "List of GPUs to attach",
+      "description": "List of GPUs to attach.",
      "type": "array",
      "default": [],
      "items": {
@@ -45,14 +47,14 @@
        ],
        "properties": {
          "name": {
-            "description": "The name of the GPU to attach. This should match the GPU resource name in the cluster.",
+            "description": "The name of the GPU resource to attach.",
            "type": "string"
          }
        }
      }
    },
    "instanceProfile": {
-      "description": "Virtual Machine preferences profile",
+      "description": "Virtual Machine preferences profile.",
      "type": "string",
      "default": "ubuntu",
      "enum": [
@@ -102,17 +104,17 @@
      ]
    },
    "instanceType": {
-      "description": "Virtual Machine instance type",
+      "description": "Virtual Machine instance type.",
      "type": "string",
      "default": "u1.medium"
    },
    "resources": {
-      "description": "Resources",
+      "description": "Resource configuration for the virtual machine.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "The number of CPU cores allocated to the virtual machine",
+          "description": "Number of CPU cores allocated.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -125,7 +127,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "The amount of memory allocated to the virtual machine",
+          "description": "Amount of memory allocated.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -138,7 +140,7 @@
          "x-kubernetes-int-or-string": true
        },
        "sockets": {
-          "description": "The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)",
+          "description": "Number of CPU sockets (vCPU topology).",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -153,20 +155,34 @@
      }
    },
    "running": {
-      "description": "if the virtual machine should be running",
+      "description": "Whether the virtual machine should be running.",
      "type": "boolean",
      "default": true
    },
    "sshKeys": {
-      "description": "List of SSH public keys for authentication. Can be a single key or a list of keys.",
+      "description": "List of SSH public keys for authentication.",
      "type": "array",
      "default": [],
      "items": {
        "type": "string"
      }
    },
+    "subnets": {
+      "description": "Additional subnets",
+      "type": "array",
+      "default": [],
+      "items": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "description": "Subnet name",
+            "type": "string"
+          }
+        }
+      }
+    },
    "systemDisk": {
-      "description": "System disk configuration",
+      "description": "System disk configuration.",
      "type": "object",
      "default": {},
      "required": [
@@ -175,7 +191,7 @@
      ],
      "properties": {
        "image": {
-          "description": "The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`",
+          "description": "The base image for the virtual machine.",
          "type": "string",
          "default": "ubuntu",
          "enum": [
@@ -187,12 +203,12 @@
          ]
        },
        "storage": {
-          "description": "The size of the disk allocated for the virtual machine",
+          "description": "The size of the disk allocated for the virtual machine.",
          "type": "string",
          "default": "5Gi"
        },
        "storageClass": {
-          "description": "StorageClass used to store the data",
+          "description": "StorageClass used to store the data.",
          "type": "string",
          "default": "replicated"
        }
--- a/packages/apps/virtual-machine/values.yaml
+++ b/packages/apps/virtual-machine/values.yaml
@@ -1,76 +1,98 @@
-
+##
 ## @section Common parameters
 ##
-## @param external {bool} Enable external access from outside the cluster
+
+## @enum {string} ExternalMethod - Method to pass through traffic to the VM.
+## @value PortList - Forward selected ports only.
+## @value WholeIP - Forward all traffic for the IP.
+
+## @enum {string} SystemImage - The base image for the virtual machine.
+## @value ubuntu
+## @value cirros
+## @value alpine
+## @value fedora
+## @value talos
+
+## @typedef {struct} SystemDisk - System disk configuration.
+## @field {SystemImage} image - The base image for the virtual machine.
+## @field {string} storage - The size of the disk allocated for the virtual machine.
+## @field {string} [storageClass] - StorageClass used to store the data.
+
+## @typedef {struct} Subnet - Additional subnets
+## @field {string} [name] - Subnet name
+
+## @typedef {struct} GPU - GPU device configuration.
+## @field {string} name - The name of the GPU resource to attach.
+
+## @typedef {struct} Resources - Resource configuration for the virtual machine.
+## @field {quantity} [cpu] - Number of CPU cores allocated.
+## @field {quantity} [sockets] - Number of CPU sockets (vCPU topology).
+## @field {quantity} [memory] - Amount of memory allocated.
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false
-## @param externalMethod {string enum:"PortList,WholeIP"} Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
+
+## @param {ExternalMethod} externalMethod - Method to pass through traffic to the VM.
 externalMethod: "PortList"
-## @param externalPorts {[]int} Specify ports to forward from outside the cluster
+
+## @param {[]int} externalPorts - Ports to forward from outside the cluster.
 externalPorts:
  - 22

-## @param running {bool} if the virtual machine should be running
+## @param {bool} running - Whether the virtual machine should be running.
 running: true

-## @param instanceType {string} Virtual Machine instance type
-## @param instanceProfile {string} Virtual Machine preferences profile
-##
+## @param {string} instanceType - Virtual Machine instance type.
+## @param {string} instanceProfile - Virtual Machine preferences profile.
 instanceType: "u1.medium"
 instanceProfile: ubuntu

-## @param systemDisk {systemDisk} System disk configuration
-## @field systemDisk.image {string enum:"ubuntu,cirros,alpine,fedora,talos"} The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos`
-## @field systemDisk.storage {string} The size of the disk allocated for the virtual machine
-## @field systemDisk.storageClass {*string} StorageClass used to store the data
-##
+## @param {SystemDisk} systemDisk - System disk configuration.
 systemDisk:
  image: ubuntu
  storage: 5Gi
  storageClass: replicated

-## @param gpus {[]gpu} List of GPUs to attach
-## @field gpu.name {string} The name of the GPU to attach. This should match the GPU resource name in the cluster.
+## @param {[]Subnet} subnets - Additional subnets
+subnets: []
+## Example:
+## subnets:
+##   - name: subnet-84dbec17
+##   - name: subnet-aa8896b5
+##   - name: subnet-e9b97196
+
+## @param {[]GPU} gpus - List of GPUs to attach.
+gpus: []
 ## Example:
 ## gpus:
 ## - name: nvidia.com/GA102GL_A10
-gpus: []

-
-## @param resources {*resources} Resources
-## @field resources.cpu {*quantity} The number of CPU cores allocated to the virtual machine
-## @field resources.sockets {*quantity} The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)
-## @field resources.memory {*quantity} The amount of memory allocated to the virtual machine
+## @param {Resources} [resources] - Resource configuration for the virtual machine.
+resources: {}
 ## Example:
 ## resources:
 ##   cpu: "4"
 ##   sockets: "1"
 ##   memory: "8Gi"
-resources: {}

-## @param sshKeys {[]string} List of SSH public keys for authentication. Can be a single key or a list of keys.
+## @param {[]string} sshKeys - List of SSH public keys for authentication.
+sshKeys: []
 ## Example:
 ## sshKeys:
 ##   - ssh-rsa ...
 ##   - ssh-ed25519 ...
 ##
-sshKeys: []

-## @param cloudInit {string} Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html).
-## - https://cloudinit.readthedocs.io/en/latest/explanation/format.html
-## - https://cloudinit.readthedocs.io/en/latest/reference/examples.html
+## @param {string} cloudInit - Cloud-init user data.
+cloudInit: ""
 ## Example:
 ## cloudInit: |
 ##   #cloud-config
 ##   password: ubuntu
 ##   chpasswd: { expire: False }
 ##
-cloudInit: ""

-## @param cloudInitSeed {string} A seed string to generate an SMBIOS UUID for the VM.
-## Change it to any new value to force a full cloud-init reconfiguration. Change it when you want to apply
-## to an existing VM settings that are usually written only once, like new SSH keys or new network configuration.
-## An empty value does nothing (and the existing UUID is not reverted). Please note that changing this value
-## does not trigger a VM restart. You must perform the restart separately.
+## @param {string} cloudInitSeed - Seed string to generate SMBIOS UUID for the VM.
+cloudInitSeed: ""
 ## Example:
 ## cloudInitSeed: "upd1"
-cloudInitSeed: ""
--- a/packages/apps/vm-disk/README.md
+++ b/packages/apps/vm-disk/README.md
@@ -6,15 +6,15 @@ A Virtual Machine Disk

 ### Common parameters

-| Name                | Description                                                                                                          | Type       | Value        |
-| ------------------- | -------------------------------------------------------------------------------------------------------------------- | ---------- | ------------ |
-| `source`            | The source image location used to create a disk                                                                      | `object`   | `{}`         |
-| `source.image`      | Use image by name: uploaded as "golden image" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, and `talos`. | `*object`  | `null`       |
-| `source.image.name` | Name of the image to use                                                                                             | `string`   | `""`         |
-| `source.upload`     | Upload local image                                                                                                   | `*object`  | `null`       |
-| `source.http`       | Download image from an HTTP source                                                                                   | `*object`  | `null`       |
-| `source.http.url`   | URL to download the image                                                                                            | `string`   | `""`         |
-| `optical`           | Defines if disk should be considered optical                                                                         | `bool`     | `false`      |
-| `storage`           | The size of the disk allocated for the virtual machine                                                               | `quantity` | `5Gi`        |
-| `storageClass`      | StorageClass used to store the data                                                                                  | `string`   | `replicated` |
+| Name                | Description                                                                                                              | Type       | Value        |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------- | ------------ |
+| `source`            | The source image location used to create a disk.                                                                         | `object`   | `{}`         |
+| `source.image`      | Use image by name.                                                                                                       | `*object`  | `null`       |
+| `source.image.name` | Name of the image to use (uploaded as "golden image" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, `talos`). | `string`   | `""`         |
+| `source.upload`     | Upload local image.                                                                                                      | `*object`  | `null`       |
+| `source.http`       | Download image from an HTTP source.                                                                                      | `*object`  | `null`       |
+| `source.http.url`   | URL to download the image.                                                                                               | `string`   | `""`         |
+| `optical`           | Defines if disk should be considered optical.                                                                            | `bool`     | `false`      |
+| `storage`           | The size of the disk allocated for the virtual machine.                                                                  | `quantity` | `5Gi`        |
+| `storageClass`      | StorageClass used to store the data.                                                                                     | `string`   | `replicated` |

--- a/packages/apps/vm-disk/templates/workloadmonitor.yaml
+++ b/packages/apps/vm-disk/templates/workloadmonitor.yaml
@@ -1,12 +0,0 @@
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: 0
-  minReplicas: 0
-  kind: vm-disk
-  type: vm-disk
-  selector:
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/vm-disk/values.schema.json
+++ b/packages/apps/vm-disk/values.schema.json
@@ -3,49 +3,48 @@
  "type": "object",
  "properties": {
    "optical": {
-      "description": "Defines if disk should be considered optical",
+      "description": "Defines if disk should be considered optical.",
      "type": "boolean",
      "default": false
    },
    "source": {
-      "description": "The source image location used to create a disk",
+      "description": "The source image location used to create a disk.",
      "type": "object",
      "default": {},
      "properties": {
        "http": {
-          "description": "Download image from an HTTP source",
+          "description": "Download image from an HTTP source.",
          "type": "object",
          "required": [
            "url"
          ],
          "properties": {
            "url": {
-              "description": "URL to download the image",
+              "description": "URL to download the image.",
              "type": "string"
            }
          }
        },
        "image": {
-          "description": "Use image by name: uploaded as \"golden image\" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, and `talos`.",
+          "description": "Use image by name.",
          "type": "object",
          "required": [
            "name"
          ],
          "properties": {
            "name": {
-              "description": "Name of the image to use",
+              "description": "Name of the image to use (uploaded as \"golden image\" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, `talos`).",
              "type": "string"
            }
          }
        },
        "upload": {
-          "description": "Upload local image",
-          "type": "object"
+          "description": "Upload local image."
        }
      }
    },
    "storage": {
-      "description": "The size of the disk allocated for the virtual machine",
+      "description": "The size of the disk allocated for the virtual machine.",
      "default": "5Gi",
      "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
      "anyOf": [
@@ -59,7 +58,7 @@
      "x-kubernetes-int-or-string": true
    },
    "storageClass": {
-      "description": "StorageClass used to store the data",
+      "description": "StorageClass used to store the data.",
      "type": "string",
      "default": "replicated"
    }
--- a/packages/apps/vm-disk/values.yaml
+++ b/packages/apps/vm-disk/values.yaml
@@ -1,38 +1,28 @@
+##
 ## @section Common parameters
+##

-## @param source {source} The source image location used to create a disk
-## @field source.image {*uploadImage} Use image by name: uploaded as "golden image" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, and `talos`.
-## @field uploadImage.name {string} Name of the image to use
-## Example using golden image:
-## source:
-##   image:
-##     name: ubuntu
-##
-## @field source.upload {*emptyobject} Upload local image
-## Example upload local image:
-## source:
-##   upload: {}
-##
-## @field source.http {*uploadHTTP} Download image from an HTTP source
-## @field uploadHTTP.url {string} URL to download the image
-## Example download image from http source:
-## source:
-##   http:
-##     url: "https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img"
-##
-## Well known public images:
-## ubuntu: https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img
-## fedora: https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Generic.x86_64-40-1.14.qcow2
-## cirros: https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
-## alpine: https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/cloud/nocloud_alpine-3.20.2-x86_64-bios-tiny-r0.qcow2
-## talos: https://github.com/siderolabs/talos/releases/download/v1.7.6/nocloud-amd64.raw.xz
+## @typedef {struct} SourceImage - Use image by name.
+## @field {string} name - Name of the image to use (uploaded as "golden image" or from the list: `ubuntu`, `fedora`, `cirros`, `alpine`, `talos`).

+## @typedef {struct} SourceUpload - Upload local image.
+
+## @typedef {struct} SourceHTTP - Download image from an HTTP source.
+## @field {string} url - URL to download the image.
+
+## @typedef {struct} Source - The source image location used to create a disk.
+## @field {*SourceImage} [image] - Use image by name.
+## @field {*SourceUpload} [upload] - Upload local image.
+## @field {*SourceHTTP} [http] - Download image from an HTTP source.
+
+## @param {Source} source - The source image location used to create a disk.
 source: {}

-## @param optical {bool} Defines if disk should be considered optical
+## @param {bool} optical - Defines if disk should be considered optical.
 optical: false

-## @param storage {quantity} The size of the disk allocated for the virtual machine
-## @param storageClass {string} StorageClass used to store the data
+## @param {quantity} storage - The size of the disk allocated for the virtual machine.
 storage: 5Gi
+
+## @param {string} storageClass - StorageClass used to store the data.
 storageClass: replicated
--- a/packages/apps/vm-instance/README.md
+++ b/packages/apps/vm-instance/README.md
@@ -36,26 +36,28 @@ virtctl ssh <user>@<vm>

 ### Common parameters

-| Name                | Description                                                                                                                                                                                                                               | Type        | Value       |
-| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ----------- |
-| `external`          | Enable external access from outside the cluster                                                                                                                                                                                           | `bool`      | `false`     |
-| `externalMethod`    | Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`                                                                                                                               | `string`    | `PortList`  |
-| `externalPorts`     | Ports to forward from outside the cluster                                                                                                                                                                                                 | `[]int`     | `[22]`      |
-| `running`           | Determines if the virtual machine should be running                                                                                                                                                                                       | `bool`      | `true`      |
-| `instanceType`      | Virtual Machine instance type                                                                                                                                                                                                             | `string`    | `u1.medium` |
-| `instanceProfile`   | Virtual Machine preferences profile                                                                                                                                                                                                       | `string`    | `ubuntu`    |
-| `disks`             | List of disks to attach                                                                                                                                                                                                                   | `[]object`  | `[]`        |
-| `disks[i].name`     | Disk name                                                                                                                                                                                                                                 | `string`    | `""`        |
-| `disks[i].bus`      | Disk bus type, such as "sata"                                                                                                                                                                                                             | `*string`   | `null`      |
-| `gpus`              | List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)                                                                                                                                                               | `[]object`  | `[]`        |
-| `gpus[i].name`      | Name of GPU, such as "nvidia.com/AD102GL_L40S"                                                                                                                                                                                            | `string`    | `""`        |
-| `resources`         | Resources                                                                                                                                                                                                                                 | `*object`   | `null`      |
-| `resources.cpu`     | The number of CPU cores allocated to the virtual machine                                                                                                                                                                                  | `*quantity` | `null`      |
-| `resources.memory`  | The amount of memory allocated to the virtual machine                                                                                                                                                                                     | `*quantity` | `null`      |
-| `resources.sockets` | The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)                                                                                                                                                 | `*quantity` | `null`      |
-| `sshKeys`           | List of SSH public keys for authentication. Can be a single key or a list of keys.                                                                                                                                                        | `[]string`  | `[]`        |
-| `cloudInit`         | Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html). | `string`    | `""`        |
-| `cloudInitSeed`     | A seed string to generate an SMBIOS UUID for the VM.                                                                                                                                                                                      | `string`    | `""`        |
+| Name                | Description                                                         | Type       | Value       |
+| ------------------- | ------------------------------------------------------------------- | ---------- | ----------- |
+| `external`          | Enable external access from outside the cluster.                    | `bool`     | `false`     |
+| `externalMethod`    | Method to pass through traffic to the VM.                           | `string`   | `PortList`  |
+| `externalPorts`     | Ports to forward from outside the cluster.                          | `[]int`    | `[22]`      |
+| `running`           | Determines if the virtual machine should be running.                | `bool`     | `true`      |
+| `instanceType`      | Virtual Machine instance type.                                      | `string`   | `u1.medium` |
+| `instanceProfile`   | Virtual Machine preferences profile.                                | `string`   | `ubuntu`    |
+| `disks`             | List of disks to attach.                                            | `[]object` | `[]`        |
+| `disks[i].name`     | Disk name.                                                          | `string`   | `""`        |
+| `disks[i].bus`      | Disk bus type (e.g. "sata").                                        | `string`   | `""`        |
+| `subnets`           | Additional subnets                                                  | `[]object` | `[]`        |
+| `subnets[i].name`   | Subnet name                                                         | `string`   | `""`        |
+| `gpus`              | List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM). | `[]object` | `[]`        |
+| `gpus[i].name`      | The name of the GPU resource to attach.                             | `string`   | `""`        |
+| `resources`         | Resource configuration for the virtual machine.                     | `object`   | `{}`        |
+| `resources.cpu`     | Number of CPU cores allocated.                                      | `quantity` | `""`        |
+| `resources.memory`  | Amount of memory allocated.                                         | `quantity` | `""`        |
+| `resources.sockets` | Number of CPU sockets (vCPU topology).                              | `quantity` | `""`        |
+| `sshKeys`           | List of SSH public keys for authentication.                         | `[]string` | `[]`        |
+| `cloudInit`         | Cloud-init user data.                                               | `string`   | `""`        |
+| `cloudInitSeed`     | Seed string to generate SMBIOS UUID for the VM.                     | `string`   | `""`        |


 ## U Series
--- a/packages/apps/vm-instance/templates/vm.yaml
+++ b/packages/apps/vm-instance/templates/vm.yaml
@@ -77,6 +77,12 @@ spec:
          interfaces:
          - name: default
            bridge: {}
+          {{- if .Values.subnets }}
+          {{- range $i, $subnet := .Values.subnets }}
+          - name: {{ $subnet.name }}
+            bridge: {}
+          {{- end }}
+          {{- end }}
        machine:
          type: ""
      {{- with .Values.sshKeys }}
@@ -105,3 +111,10 @@ spec:
      networks:
      - name: default
        pod: {}
+      {{- if .Values.subnets }}
+      {{- range $i, $subnet := .Values.subnets }}
+      - name: {{ $subnet.name }}
+        multus:
+          networkName: {{ $.Release.Namespace }}/{{ $subnet.name }}
+      {{- end }}
+      {{- end }}
--- a/packages/apps/vm-instance/values.schema.json
+++ b/packages/apps/vm-instance/values.schema.json
@@ -3,15 +3,17 @@
  "type": "object",
  "properties": {
    "cloudInit": {
-      "description": "Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html).",
-      "type": "string"
+      "description": "Cloud-init user data.",
+      "type": "string",
+      "default": ""
    },
    "cloudInitSeed": {
-      "description": "A seed string to generate an SMBIOS UUID for the VM.",
-      "type": "string"
+      "description": "Seed string to generate SMBIOS UUID for the VM.",
+      "type": "string",
+      "default": ""
    },
    "disks": {
-      "description": "List of disks to attach",
+      "description": "List of disks to attach.",
      "type": "array",
      "default": [],
      "items": {
@@ -21,23 +23,23 @@
        ],
        "properties": {
          "bus": {
-            "description": "Disk bus type, such as \"sata\"",
+            "description": "Disk bus type (e.g. \"sata\").",
            "type": "string"
          },
          "name": {
-            "description": "Disk name",
+            "description": "Disk name.",
            "type": "string"
          }
        }
      }
    },
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "externalMethod": {
-      "description": "Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`",
+      "description": "Method to pass through traffic to the VM.",
      "type": "string",
      "default": "PortList",
      "enum": [
@@ -46,7 +48,7 @@
      ]
    },
    "externalPorts": {
-      "description": "Ports to forward from outside the cluster",
+      "description": "Ports to forward from outside the cluster.",
      "type": "array",
      "default": [
        22
@@ -56,7 +58,7 @@
      }
    },
    "gpus": {
-      "description": "List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)",
+      "description": "List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).",
      "type": "array",
      "default": [],
      "items": {
@@ -66,14 +68,14 @@
        ],
        "properties": {
          "name": {
-            "description": "Name of GPU, such as \"nvidia.com/AD102GL_L40S\"",
+            "description": "The name of the GPU resource to attach.",
            "type": "string"
          }
        }
      }
    },
    "instanceProfile": {
-      "description": "Virtual Machine preferences profile",
+      "description": "Virtual Machine preferences profile.",
      "type": "string",
      "default": "ubuntu",
      "enum": [
@@ -123,17 +125,17 @@
      ]
    },
    "instanceType": {
-      "description": "Virtual Machine instance type",
+      "description": "Virtual Machine instance type.",
      "type": "string",
      "default": "u1.medium"
    },
    "resources": {
-      "description": "Resources",
+      "description": "Resource configuration for the virtual machine.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "The number of CPU cores allocated to the virtual machine",
+          "description": "Number of CPU cores allocated.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -146,7 +148,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "The amount of memory allocated to the virtual machine",
+          "description": "Amount of memory allocated.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -159,7 +161,7 @@
          "x-kubernetes-int-or-string": true
        },
        "sockets": {
-          "description": "The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)",
+          "description": "Number of CPU sockets (vCPU topology).",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -174,17 +176,31 @@
      }
    },
    "running": {
-      "description": "Determines if the virtual machine should be running",
+      "description": "Determines if the virtual machine should be running.",
      "type": "boolean",
      "default": true
    },
    "sshKeys": {
-      "description": "List of SSH public keys for authentication. Can be a single key or a list of keys.",
+      "description": "List of SSH public keys for authentication.",
      "type": "array",
      "default": [],
      "items": {
        "type": "string"
      }
+    },
+    "subnets": {
+      "description": "Additional subnets",
+      "type": "array",
+      "default": [],
+      "items": {
+        "type": "object",
+        "properties": {
+          "name": {
+            "description": "Subnet name",
+            "type": "string"
+          }
+        }
+      }
    }
  }
 }
--- a/packages/apps/vm-instance/values.yaml
+++ b/packages/apps/vm-instance/values.yaml
@@ -1,73 +1,88 @@
+##
 ## @section Common parameters
+##

-## @param external {bool} Enable external access from outside the cluster
+## @enum {string} ExternalMethod - Method to pass through traffic to the VM.
+## @value PortList - Forward selected ports only.
+## @value WholeIP - Forward all traffic for the IP.
+
+## @typedef {struct} Disk - Disk configuration.
+## @field {string} name - Disk name.
+## @field {string} [bus] - Disk bus type (e.g. "sata").
+
+## @typedef {struct} Subnet - Additional subnets
+## @field {string} [name] - Subnet name
+
+## @typedef {struct} GPU - GPU device configuration.
+## @field {string} name - The name of the GPU resource to attach.
+
+## @typedef {struct} Resources - Resource configuration for the virtual machine.
+## @field {quantity} [cpu] - Number of CPU cores allocated.
+## @field {quantity} [memory] - Amount of memory allocated.
+## @field {quantity} [sockets] - Number of CPU sockets (vCPU topology).
+
+## @param {bool} external - Enable external access from outside the cluster.
 external: false
-## @param externalMethod {string enum:"PortList,WholeIP"} Specify method to pass through the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList`
+
+## @param {ExternalMethod} externalMethod - Method to pass through traffic to the VM.
 externalMethod: PortList
-## @param externalPorts {[]int} Ports to forward from outside the cluster
+
+## @param {[]int} externalPorts - Ports to forward from outside the cluster.
 externalPorts:
 - 22

-## @param running {bool} Determines if the virtual machine should be running
+## @param {bool} running - Determines if the virtual machine should be running.
 running: true

-## @param instanceType {string} Virtual Machine instance type
+## @param {string} instanceType - Virtual Machine instance type.
 instanceType: "u1.medium"
-## @param instanceProfile {string} Virtual Machine preferences profile
+
+## @param {string} instanceProfile - Virtual Machine preferences profile.
 instanceProfile: ubuntu

-## @param disks {[]disk} List of disks to attach
-## @field disk.name {string} Disk name
-## @field disk.bus {*string} Disk bus type, such as "sata"
+## @param {[]Disk} disks - List of disks to attach.
+disks: []
 ## Example:
 ## disks:
 ## - name: example-system
 ## - name: example-data
 ##   bus: sata
-disks: []

-## @param gpus {[]gpu} List of GPUs to attach (WARN: NVIDIA driver requires at least 4 GiB of RAM)
-## @field gpu.name {string} Name of GPU, such as "nvidia.com/AD102GL_L40S"
+## @param {[]Subnet} subnets - Additional subnets
+subnets: []
+## Example:
+## subnets:
+##   - name: subnet-84dbec17
+##   - name: subnet-aa8896b5
+##   - name: subnet-e9b97196
+
+## @param {[]GPU} gpus - List of GPUs to attach (NVIDIA driver requires at least 4 GiB RAM).
+gpus: []
 ## Example:
 ## gpus:
 ## - name: nvidia.com/GA102GL_A10
-gpus: []

-## @param resources {*resources} Resources
-## @field resources.cpu {*quantity} The number of CPU cores allocated to the virtual machine
-## @field resources.memory {*quantity} The amount of memory allocated to the virtual machine
-## @field resources.sockets {*quantity} The number of CPU sockets allocated to the virtual machine (used to define vCPU topology)
-## Example
-## resources:
-##   cpu: "4"
-##   sockets: "1"
-##   memory: "8Gi"
+## @param {Resources} [resources] - Resource configuration for the virtual machine.
 resources: {}

-## @param sshKeys {[]string} List of SSH public keys for authentication. Can be a single key or a list of keys.
+## @param {[]string} sshKeys - List of SSH public keys for authentication.
+sshKeys: []
 ## Example:
 ## sshKeys:
 ##   - ssh-rsa ...
 ##   - ssh-ed25519 ...
 ##
-sshKeys: []

-## @param cloudInit {string} Cloud-init user data config. See cloud-init documentation for more details: [format](https://cloudinit.readthedocs.io/en/latest/explanation/format.html), [examples](https://cloudinit.readthedocs.io/en/latest/reference/examples.html).
-## - https://cloudinit.readthedocs.io/en/latest/explanation/format.html
-## - https://cloudinit.readthedocs.io/en/latest/reference/examples.html
+## @param {string} cloudInit - Cloud-init user data.
+cloudInit: ""
 ## Example:
 ## cloudInit: |
 ##   #cloud-config
 ##   password: ubuntu
 ##   chpasswd: { expire: False }
 ##
-cloudInit: ""

-## @param cloudInitSeed {string} A seed string to generate an SMBIOS UUID for the VM.
+## @param {string} cloudInitSeed - Seed string to generate SMBIOS UUID for the VM.
 cloudInitSeed: ""
-## Change it to any new value to force a full cloud-init reconfiguration. Change it when you want to apply
-## to an existing VM settings that are usually written only once, like new SSH keys or new network configuration.
-## An empty value does nothing (and the existing UUID is not reverted). Please note that changing this value
-## does not trigger a VM restart. You must perform the restart separately.
 ## Example:
 ## cloudInitSeed: "upd1"
--- a/packages/apps/vpc/Chart.yaml
+++ b/packages/apps/vpc/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: virtualprivatecloud
+description: Isolated networks
+icon: logos/vpc.svg
+type: application
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
--- a/packages/apps/vpc/Makefile
+++ b/packages/apps/vpc/Makefile
@@ -0,0 +1,8 @@
+include ../../../scripts/package.mk
+
+generate:
+	cozyvalues-gen -v values.yaml -s values.schema.json
+	../../../hack/update-crd.sh
+
+update:
+	echo
--- a/packages/apps/vpc/README.md
+++ b/packages/apps/vpc/README.md
@@ -0,0 +1,48 @@
+# VPC
+
+VPC offers a subset of dedicated subnets with networking services related to it.
+As the service evolves, it will provide more ways to isolate your workloads.
+
+## Service details
+
+The service utilizes kube-ovn VPC and Subnet resources, which use ovn logical routers and logical switches under the hood.
+Currently every workload will have a connection to a default management network which will also have a default gateway, and the majority of traffic will be going through it.
+VPC subnets are for now an additional dedicated networking spaces.
+
+A VM or a pod may be connected to multiple secondary Subnets at once.
+Each secondary connection will be represented as an additional network interface.
+
+## Deployment notes
+
+VPC name must be unique within a tenant.
+Subnet name and ip address range must be unique within a VPC.
+Subnet ip address space must not overlap with the default management network ip address range, subsets of 172.16.0.0/12 are recommended.
+Currently there are no fail-safe checks, however they are planned for the future.
+
+Different VPCs may have subnets with ovelapping ip address ranges.
+
+## Parameters
+
+### Common parameters
+
+| Name                 | Description                      | Type                | Value   |
+| -------------------- | -------------------------------- | ------------------- | ------- |
+| `subnets`            | Subnets of a VPC                 | `map[string]object` | `{...}` |
+| `subnets[name].cidr` | Subnet CIDR, e.g. 192.168.0.0/24 | `cidr`              | `{}`    |
+
+
+## Examples
+```yaml
+apiVersion: apps.cozystack.io/v1alpha1
+kind: VirtualPrivateCloud
+metadata:
+  name: vpc00
+spec:
+  subnets:
+    sub00:
+      cidr: 172.16.0.0/24
+    sub01:
+      cidr: 172.16.1.0/24
+    sub02:
+      cidr: 172.16.2.0/24
+```
--- a/packages/apps/vpc/logos/vpc.svg
+++ b/packages/apps/vpc/logos/vpc.svg
@@ -0,0 +1,10 @@
+<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="144" height="144" rx="24" fill="url(#paint0_linear_1025_3)"/>
+<path d="M109.6 86.1H114.3C116.885 86.1 119 88.215 119 90.847V104.853C119 107.485 116.885 109.6 114.3 109.6H95.5C92.915 109.6 90.8 107.485 90.8 104.853V90.847C90.8 88.215 92.915 86.1 95.5 86.1H100.2V76.7H76.7V86.1H81.4C83.985 86.1 86.1 88.215 86.1 90.847V104.853C86.1 107.485 83.985 109.6 81.4 109.6H62.6C60.015 109.6 57.9 107.485 57.9 104.853V90.847C57.9 88.215 60.015 86.1 62.6 86.1H67.3V76.7H43.8V86.1H48.5C51.085 86.1 53.2 88.215 53.2 90.847V104.853C53.2 107.485 51.085 109.6 48.5 109.6H29.7C27.115 109.6 25 107.485 25 104.853V90.847C25 88.215 27.115 86.1 29.7 86.1H34.4V76.7C34.4 71.53 38.63 67.3 43.8 67.3H67.3V57.9H62.6C60.015 57.9 57.9 55.785 57.9 53.153V39.147C57.9 36.515 60.015 34.4 62.6 34.4H81.4C83.985 34.4 86.1 36.515 86.1 39.147V53.153C86.1 55.785 83.985 57.9 81.4 57.9H76.7V67.3H100.2C105.37 67.3 109.6 71.53 109.6 76.7V86.1Z" fill="white"/>
+<defs>
+<linearGradient id="paint0_linear_1025_3" x1="142.5" y1="143" x2="3.99999" y2="9.49999" gradientUnits="userSpaceOnUse">
+<stop stop-color="#00082E"/>
+<stop offset="1" stop-color="#2E3067"/>
+</linearGradient>
+</defs>
+</svg>
--- a/packages/apps/vpc/templates/vpc.yaml
+++ b/packages/apps/vpc/templates/vpc.yaml
@@ -0,0 +1,72 @@
+## Release.Namespace == tenant name
+## Release.Name == vpc name
+
+{{ $vpcId := print "vpc-" (print .Release.Namespace "/" .Release.Name | sha256sum | trunc 6) }}
+
+---
+apiVersion: kubeovn.io/v1
+kind: Vpc
+metadata:
+  name: {{ $vpcId }}
+  labels:
+    cozystack.io/vpcName: {{ .Release.Name }}
+    cozystack.io/tenantName: {{ .Release.Namespace }}
+spec:
+  enableExternal: false
+  namespaces:
+    - {{ .Release.Namespace }}
+
+{{- range $subnetName, $subnetConfig := .Values.subnets  }}
+{{- $subnetId := print "subnet-" (print $.Release.Namespace "/" $vpcId "/" $subnetName | sha256sum | trunc 8) }}
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: {{ $subnetId }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    cozystack.io/subnetName: {{ $subnetName }}
+    cozystack.io/vpcId: {{ $vpcId }}
+    cozystack.io/vpcName: {{ $.Release.Name }}
+    cozystack.io/tenantName: {{ $.Release.Namespace }}
+spec:
+  config: '{
+      "cniVersion": "0.3.0",
+      "type": "kube-ovn",
+      "server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
+      "provider": "{{ $subnetId }}.{{ $.Release.Namespace }}.ovn"
+    }'
+---
+apiVersion: kubeovn.io/v1
+kind: Subnet
+metadata:
+  name: {{ $subnetId }}
+  labels:
+    cozystack.io/subnetName: {{ $subnetName }}
+    cozystack.io/vpcId: {{ $vpcId }}
+    cozystack.io/vpcName: {{ $.Release.Name }}
+    cozystack.io/tenantName: {{ $.Release.Namespace }}
+spec:
+  vpc: {{ $vpcId  }}
+  cidrBlock: {{ $subnetConfig.cidr }}
+  provider: "{{ $subnetId }}.{{ $.Release.Namespace }}.ovn"
+  protocol: IPv4
+  enableLb: false
+  private: true
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $.Release.Name }}-subnets
+  labels:
+    cozystack.io/vpcId: {{ $vpcId }}
+    cozystack.io/tenantName: {{ $.Release.Namespace }}
+data:
+  subnets: |
+    {{- range $subnetName, $subnetConfig := .Values.subnets }}
+    - subnetName: {{ $subnetName }}
+      subnetId: {{ print "subnet-" (print $.Release.Namespace "/" $vpcId "/" $subnetName | sha256sum | trunc 8) }}
+      subnetCIDR: {{ $subnetConfig.cidr }}
+    {{- end }}
+
--- a/packages/apps/vpc/values.schema.json
+++ b/packages/apps/vpc/values.schema.json
@@ -0,0 +1,20 @@
+{
+  "title": "Chart Values",
+  "type": "object",
+  "properties": {
+    "subnets": {
+      "description": "Subnets of a VPC",
+      "type": "object",
+      "default": {},
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "cidr": {
+            "description": "IP address range",
+            "type": "string"
+          }
+        }
+      }
+    }
+  }
+}
--- a/packages/apps/vpc/values.yaml
+++ b/packages/apps/vpc/values.yaml
@@ -0,0 +1,15 @@
+##
+## @section Common parameters
+##
+
+## @typedef {struct} Subnet - Subnet of a VPC
+## @field {string} [cidr] - IP address range
+
+## @param {map[string]Subnet} subnets - Subnets of a VPC
+subnets: {}
+## Example:
+## subnets:
+##   mysubnet0:
+##     cidr: "172.16.0.0/24"
+##   mysubnet1:
+##     cidr: "172.16.1.0/24"
--- a/packages/apps/vpn/README.md
+++ b/packages/apps/vpn/README.md
@@ -19,24 +19,24 @@ Furthermore, Shadowbox is compatible with standard Shadowsocks clients, providin

 ### Common parameters

-| Name               | Description                                                                                                                               | Type        | Value   |
-| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------- |
-| `replicas`         | Number of VPN server replicas                                                                                                             | `int`       | `2`     |
-| `resources`        | Explicit CPU and memory configuration for each VPN server replica.  When left empty, the preset defined in `resourcesPreset` is applied.  | `*object`   | `null`  |
-| `resources.cpu`    | CPU available to each replica                                                                                                             | `*quantity` | `null`  |
-| `resources.memory` | Memory (RAM) available to each replica                                                                                                    | `*quantity` | `null`  |
-| `resourcesPreset`  | Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`. | `string`    | `nano`  |
-| `external`         | Enable external access from outside the cluster                                                                                           | `bool`      | `false` |
+| Name               | Description                                                                                                                          | Type       | Value   |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ---------- | ------- |
+| `replicas`         | Number of VPN server replicas.                                                                                                       | `int`      | `2`     |
+| `resources`        | Explicit CPU and memory configuration for each VPN server replica. When omitted, the preset defined in `resourcesPreset` is applied. | `object`   | `{}`    |
+| `resources.cpu`    | CPU available to each replica.                                                                                                       | `quantity` | `""`    |
+| `resources.memory` | Memory (RAM) available to each replica.                                                                                              | `quantity` | `""`    |
+| `resourcesPreset`  | Default sizing preset used when `resources` is omitted.                                                                              | `string`   | `nano`  |
+| `external`         | Enable external access from outside the cluster.                                                                                     | `bool`     | `false` |


 ### Application-specific parameters

-| Name                   | Description                                                                                           | Type                | Value   |
-| ---------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | ------- |
-| `host`                 | Host used to substitute into generated URLs                                                           | `string`            | `""`    |
-| `users`                | Users configuration                                                                                   | `map[string]object` | `{...}` |
-| `users[name].password` | Password for the user, autogenerated if none provided                                                 | `*string`           | `null`  |
-| `externalIPs`          | List of externalIPs for service. Optional. If not specified will use LoadBalancer service by default. | `[]*string`         | `[]`    |
+| Name                   | Description                                                                                            | Type                | Value |
+| ---------------------- | ------------------------------------------------------------------------------------------------------ | ------------------- | ----- |
+| `host`                 | Host used to substitute into generated URLs.                                                           | `string`            | `""`  |
+| `users`                | Users configuration map.                                                                               | `map[string]object` | `{}`  |
+| `users[name].password` | Password for the user (autogenerated if not provided).                                                 | `string`            | `""`  |
+| `externalIPs`          | List of externalIPs for service. Optional. If not specified, will use LoadBalancer service by default. | `[]string`          | `[]`  |


 ## Parameter examples and reference
--- a/packages/apps/vpn/templates/workloadmonitor.yaml
+++ b/packages/apps/vpn/templates/workloadmonitor.yaml
@@ -1,12 +0,0 @@
-apiVersion: cozystack.io/v1alpha1
-kind: WorkloadMonitor
-metadata:
-  name: {{ $.Release.Name }}
-spec:
-  replicas: {{ .Values.replicas }}
-  minReplicas: 1
-  kind: vpn
-  type: vpn
-  selector:
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  version: {{ $.Chart.Version }}
--- a/packages/apps/vpn/values.schema.json
+++ b/packages/apps/vpn/values.schema.json
@@ -3,12 +3,12 @@
  "type": "object",
  "properties": {
    "external": {
-      "description": "Enable external access from outside the cluster",
+      "description": "Enable external access from outside the cluster.",
      "type": "boolean",
      "default": false
    },
    "externalIPs": {
-      "description": "List of externalIPs for service. Optional. If not specified will use LoadBalancer service by default.",
+      "description": "List of externalIPs for service. Optional. If not specified, will use LoadBalancer service by default.",
      "type": "array",
      "default": [],
      "items": {
@@ -16,21 +16,22 @@
      }
    },
    "host": {
-      "description": "Host used to substitute into generated URLs",
-      "type": "string"
+      "description": "Host used to substitute into generated URLs.",
+      "type": "string",
+      "default": ""
    },
    "replicas": {
-      "description": "Number of VPN server replicas",
+      "description": "Number of VPN server replicas.",
      "type": "integer",
      "default": 2
    },
    "resources": {
-      "description": "Explicit CPU and memory configuration for each VPN server replica.  When left empty, the preset defined in `resourcesPreset` is applied.",
+      "description": "Explicit CPU and memory configuration for each VPN server replica. When omitted, the preset defined in `resourcesPreset` is applied.",
      "type": "object",
      "default": {},
      "properties": {
        "cpu": {
-          "description": "CPU available to each replica",
+          "description": "CPU available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -43,7 +44,7 @@
          "x-kubernetes-int-or-string": true
        },
        "memory": {
-          "description": "Memory (RAM) available to each replica",
+          "description": "Memory (RAM) available to each replica.",
          "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$",
          "anyOf": [
            {
@@ -58,7 +59,7 @@
      }
    },
    "resourcesPreset": {
-      "description": "Default sizing preset used when `resources` is omitted. Allowed values: `nano`, `micro`, `small`, `medium`, `large`, `xlarge`, `2xlarge`.",
+      "description": "Default sizing preset used when `resources` is omitted.",
      "type": "string",
      "default": "nano",
      "enum": [
@@ -72,14 +73,14 @@
      ]
    },
    "users": {
-      "description": "Users configuration",
+      "description": "Users configuration map.",
      "type": "object",
      "default": {},
      "additionalProperties": {
        "type": "object",
        "properties": {
          "password": {
-            "description": "Password for the user, autogenerated if none provided",
+            "description": "Password for the user (autogenerated if not provided).",
            "type": "string"
          }
        }
--- a/Show More
+++ b/Show More