docs: add changelog for v1.0.5 (#2221 )

This PR adds the changelog for release `v1.0.5`. ✅ Changelog has been automatically generated in `docs/changelogs/v1.0.5.md`.  ## Summary by CodeRabbit * **Bug Fixes** * Resolved spurious error messages in OpenAPI post-processing for certain configurations. * **Documentation** * Enhanced troubleshooting guides and installation instructions. * Expanded operational procedures for backups and CA rotation. * Added custom metrics collection guidance and architecture documentation. * Completed comprehensive v1 documentation refresh.
docs: add changelog for v1.0.5
2026-03-14 10:58:57 +00:00 · 2026-03-13 18:30:18 +01:00 · 2026-03-13 15:41:31 +00:00 · 2026-03-13 16:23:18 +01:00 · 2026-03-13 16:23:03 +01:00 · 2026-03-13 08:46:32 +01:00
24 changed files with 1408 additions and 19 deletions
--- a/docs/changelogs/v1.0.5.md
+++ b/docs/changelogs/v1.0.5.md
@@ -0,0 +1,29 @@
+<!--
+https://github.com/cozystack/cozystack/releases/tag/v1.0.5
+-->
+
+## Fixes
+
+* **[api] Fix spurious OpenAPI post-processing errors for non-apps group versions**: The API server no longer logs false errors while generating OpenAPI specs for core and other non-`apps.cozystack.io` group versions. The post-processor now exits early when the base `Application` schemas are absent, reducing noisy startup logs without affecting application schema generation ([**@kvaps**](https://github.com/kvaps) in #2212, #2216).
+
+## Documentation
+
+* **[website] Add `DependenciesNotReady` troubleshooting and correct packages management build target**: Added a troubleshooting guide for packages stuck in `DependenciesNotReady`, including how to inspect operator logs and identify missing dependencies, and fixed the outdated `make image-cozystack` command to `make image-packages` in the packages management guide ([**@kvaps**](https://github.com/kvaps) in cozystack/website#450).
+
+* **[website] Clarify operator-first installation order**: Reordered the platform installation guide and tutorial so users install the Cozystack operator before preparing and applying the Platform Package, matching the rest of the installation docs and reducing setup confusion during fresh installs ([**@sircthulhu**](https://github.com/sircthulhu) in cozystack/website#449).
+
+* **[website] Add automated installation guide for Ansible**: Added end-to-end documentation for deploying Cozystack with the `cozystack.installer` Ansible collection, including inventory examples, distro-specific playbooks, configuration reference, verification steps, and explicit version pinning guidance to help operators automate installs safely ([**@lexfrei**](https://github.com/lexfrei) in cozystack/website#442).
+
+* **[website] Expand CA rotation operations guide**: Completed the CA rotation documentation with separate Talos and Kubernetes certificate rotation procedures, dry-run preview steps, and post-rotation guidance for fetching updated `talosconfig` and `kubeconfig` files after certificate changes ([**@kvaps**](https://github.com/kvaps) in cozystack/website#406).
+
+* **[website] Improve backup operations documentation**: Enhanced the operator backup and recovery guide with clearer Velero enablement steps, concrete provider and bucket examples, and more useful commands for inspecting backups, schedules, restores, CRD status, and logs ([**@androndo**](https://github.com/androndo) in cozystack/website#440).
+
+* **[website] Add custom metrics collection guide**: Added a monitoring guide showing how tenants can expose their own Prometheus exporters through `VMServiceScrape` and `VMPodScrape`, including namespace labeling requirements, example manifests, verification steps, and troubleshooting advice ([**@IvanHunters**](https://github.com/IvanHunters) in cozystack/website#444).
+
+* **[website] Document PackageSource and Package architecture**: Added a Key Concepts reference covering `PackageSource` and `Package` reconciliation flow, dependency handling, update propagation, rollback behavior, FluxPlunger recovery, and the `cozypkg` CLI for package management ([**@IvanHunters**](https://github.com/IvanHunters) in cozystack/website#445).
+
+* **[website] Refresh v1 application and platform documentation**: Fixed the documentation auto-update flow and published a broad v1 documentation refresh covering newly documented applications, updated naming and navigation, virtualization and platform content updates, and reorganized versioned docs pages ([**@myasnikovdaniil**](https://github.com/myasnikovdaniil) in cozystack/website#439).
+
+---
+
+**Full Changelog**: https://github.com/cozystack/cozystack/compare/v1.0.4...v1.0.5
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -1,4 +1,4 @@
-KUBERNETES_VERSION = v1.35
+KUBERNETES_VERSIONS = $(shell awk -F'"' '{print $$2}' files/versions.yaml)
 KUBERNETES_PKG_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)

 include ../../../hack/common-envs.mk
@@ -15,17 +15,19 @@ update:
 image: image-ubuntu-container-disk image-kubevirt-cloud-provider image-kubevirt-csi-driver image-cluster-autoscaler

 image-ubuntu-container-disk:
-	docker buildx build images/ubuntu-container-disk \
-		--build-arg KUBERNETES_VERSION=${KUBERNETES_VERSION} \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)) \
-		--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION)-$(TAG)) \
-		--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:latest \
-		--cache-to type=inline \
-		--metadata-file images/ubuntu-container-disk.json \
-		$(BUILDX_ARGS)
-	echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(KUBERNETES_VERSION))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk.json -o json -r)" \
-		> images/ubuntu-container-disk.tag
-	rm -f images/ubuntu-container-disk.json
+	$(foreach ver,$(KUBERNETES_VERSIONS), \
+		docker buildx build images/ubuntu-container-disk \
+			--build-arg KUBERNETES_VERSION=$(ver) \
+			--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver)) \
+			--tag $(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver)-$(TAG)) \
+			--cache-from type=registry,ref=$(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver)) \
+			--cache-to type=inline \
+			--metadata-file images/ubuntu-container-disk-$(ver).json \
+			$(BUILDX_ARGS) && \
+		echo "$(REGISTRY)/ubuntu-container-disk:$(call settag,$(ver))@$$(yq e '."containerimage.digest"' images/ubuntu-container-disk-$(ver).json -o json -r)" \
+			> images/ubuntu-container-disk-$(ver).tag && \
+		rm -f images/ubuntu-container-disk-$(ver).json; \
+	)

 image-kubevirt-cloud-provider:
 	docker buildx build images/kubevirt-cloud-provider \
--- a/packages/apps/kubernetes/images/ubuntu-container-disk-v1.30.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk-v1.30.tag
@@ -0,0 +1 @@
+ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.30@sha256:8c2276f68beb67edf5bf76d6c97b271dd9303b336e1d5850ae2b91a590c9bb57
--- a/packages/apps/kubernetes/images/ubuntu-container-disk-v1.31.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk-v1.31.tag
@@ -0,0 +1 @@
+ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.31@sha256:2b631cd227bc9b1bae16de033830e756cd6590b512dc0d2b13367ee626f3e4ca
--- a/packages/apps/kubernetes/images/ubuntu-container-disk-v1.32.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk-v1.32.tag
@@ -0,0 +1 @@
+ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.32@sha256:600d6ce7df4eaa8cc79c7d6d1b01ecac43e7696beb84eafce752d9210a16455f
--- a/packages/apps/kubernetes/images/ubuntu-container-disk-v1.33.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk-v1.33.tag
@@ -0,0 +1 @@
+ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.33@sha256:243e55d6f2887a4f6ce8526de52fd083b7b88194d5c7f3eaa51b87efb557ac88
--- a/packages/apps/kubernetes/images/ubuntu-container-disk-v1.34.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk-v1.34.tag
@@ -0,0 +1 @@
+ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.34@sha256:ad8377d5644ba51729dc69dff4c9f6b4a48957075d054a58c61a45d0bb41f6af
--- a/packages/apps/kubernetes/images/ubuntu-container-disk-v1.35.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk-v1.35.tag
@@ -0,0 +1 @@
+ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.35@sha256:1c2f2430383a9b9882358c60c194465c1b6092b4aa77536a0343cf74155c0067
--- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag
+++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag
@@ -1 +0,0 @@
-ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.35@sha256:39f626c802dd84f95720ffb54fcd80dfb8a58ac280498870d0a1aa30d4252f94
--- a/packages/apps/kubernetes/templates/cluster.yaml
+++ b/packages/apps/kubernetes/templates/cluster.yaml
@@ -74,7 +74,7 @@ spec:
          volumes:
          - name: system
            containerDisk:
-              image: "{{ $.Files.Get "images/ubuntu-container-disk.tag" | trim }}"
+              image: "{{ $.Files.Get (printf "images/ubuntu-container-disk-%s.tag" $.Values.version) | trim }}"
          - name: ephemeral
            emptyDisk:
              capacity: {{ .group.ephemeralStorage | default "20Gi" }}
@@ -249,6 +249,9 @@ spec:
      joinConfiguration:
        nodeRegistration:
          kubeletExtraArgs: {}
+          # Ignore this for 1.31
+          ignorePreflightErrors:
+          - FileExisting-conntrack
        discovery:
          bootstrapToken:
            apiServerEndpoint: {{ $.Release.Name }}.{{ $.Release.Namespace }}.svc:6443
--- a/packages/core/platform/sources/cozystack-scheduler.yaml
+++ b/packages/core/platform/sources/cozystack-scheduler.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: cozystack.io/v1alpha1
+kind: PackageSource
+metadata:
+  name: cozystack.cozystack-scheduler
+spec:
+  sourceRef:
+    kind: OCIRepository
+    name: cozystack-packages
+    namespace: cozy-system
+    path: /
+  variants:
+  - name: default
+    components:
+    - name: cozystack-scheduler
+      path: system/cozystack-scheduler
+      install:
+        namespace: kube-system
+        releaseName: cozystack-scheduler
--- a/packages/core/platform/templates/bundles/system.yaml
+++ b/packages/core/platform/templates/bundles/system.yaml
@@ -156,5 +156,6 @@
 {{include "cozystack.platform.package.default" (list "cozystack.bootbox" $) }}
 {{- end }}
 {{include "cozystack.platform.package.optional.default" (list "cozystack.hetzner-robotlb" $) }}
+{{include "cozystack.platform.package.optional.default" (list "cozystack.cozystack-scheduler" $) }}

 {{- end }}
--- a/packages/system/bucket/templates/deployment.yaml
+++ b/packages/system/bucket/templates/deployment.yaml
@@ -1,3 +1,12 @@
+{{- $endpoint := printf "s3.%s" .Values._namespace.host }}
+{{- range $name, $user := .Values.users }}
+  {{- $secretName := printf "%s-%s" $.Values.bucketName $name }}
+  {{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }}
+  {{- if $existingSecret }}
+    {{- $bucketInfo := fromJson (b64dec (index $existingSecret.data "BucketInfo")) }}
+    {{- $endpoint = trimPrefix "https://" (index $bucketInfo.spec.secretS3 "endpoint") }}
+  {{- end }}
+{{- end }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -17,6 +26,6 @@ spec:
        image: "{{ $.Files.Get "images/s3manager.tag" | trim }}"
        env:
        - name: ENDPOINT
-          value: "s3.{{ .Values._namespace.host }}"
+          value: {{ $endpoint | quote }}
        - name: SKIP_SSL_VERIFICATION
          value: "true"
--- a/packages/system/cozystack-scheduler/Chart.yaml
+++ b/packages/system/cozystack-scheduler/Chart.yaml
@@ -0,0 +1,3 @@
+apiVersion: v2
+name: cozy-cozystack-scheduler
+version: 0.1.0
--- a/packages/system/cozystack-scheduler/Makefile
+++ b/packages/system/cozystack-scheduler/Makefile
@@ -0,0 +1,10 @@
+export NAME=cozystack-scheduler
+export NAMESPACE=kube-system
+
+include ../../../hack/package.mk
+
+update:
+	rm -rf crds templates values.yaml Chart.yaml
+	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/cozystack/cozystack-scheduler | awk -F'[/^]' 'END{print $$3}') && \
+	curl -sSL https://github.com/cozystack/cozystack-scheduler/archive/refs/tags/$${tag}.tar.gz | \
+	tar xzvf - --strip 2 cozystack-scheduler-$${tag#*v}/chart
--- a/packages/system/cozystack-scheduler/crds/cozystack.io_schedulingclasses.yaml
+++ b/packages/system/cozystack-scheduler/crds/cozystack.io_schedulingclasses.yaml
--- a/packages/system/cozystack-scheduler/templates/clusterrole.yaml
+++ b/packages/system/cozystack-scheduler/templates/clusterrole.yaml
@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cozystack-scheduler
+rules:
+  - apiGroups: ["cozystack.io"]
+    resources:
+      - schedulingclasses
+    verbs: ["get", "list", "watch"]
--- a/packages/system/cozystack-scheduler/templates/clusterrolebinding.yaml
+++ b/packages/system/cozystack-scheduler/templates/clusterrolebinding.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cozystack-scheduler:kube-scheduler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:kube-scheduler
+subjects:
+  - kind: ServiceAccount
+    name: cozystack-scheduler
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cozystack-scheduler:volume-scheduler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:volume-scheduler
+subjects:
+  - kind: ServiceAccount
+    name: cozystack-scheduler
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cozystack-scheduler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cozystack-scheduler
+subjects:
+  - kind: ServiceAccount
+    name: cozystack-scheduler
+    namespace: {{ .Release.Namespace }}
--- a/packages/system/cozystack-scheduler/templates/configmap.yaml
+++ b/packages/system/cozystack-scheduler/templates/configmap.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cozystack-scheduler-config
+  namespace: {{ .Release.Namespace }}
+data:
+  scheduler-config.yaml: |
+    apiVersion: kubescheduler.config.k8s.io/v1
+    kind: KubeSchedulerConfiguration
+    leaderElection:
+      leaderElect: true
+      resourceNamespace: {{ .Release.Namespace }}
+      resourceName: cozystack-scheduler
+    profiles:
+      - schedulerName: cozystack-scheduler
+        plugins:
+          preFilter:
+            disabled:
+              - name: InterPodAffinity
+              - name: NodeAffinity
+              - name: PodTopologySpread
+            enabled:
+              - name: CozystackInterPodAffinity
+              - name: CozystackNodeAffinity
+              - name: CozystackPodTopologySpread
+              - name: CozystackSchedulingClass
+          filter:
+            disabled:
+              - name: InterPodAffinity
+              - name: NodeAffinity
+              - name: PodTopologySpread
+            enabled:
+              - name: CozystackInterPodAffinity
+              - name: CozystackNodeAffinity
+              - name: CozystackPodTopologySpread
+              - name: CozystackSchedulingClass
+          preScore:
+            disabled:
+              - name: InterPodAffinity
+              - name: NodeAffinity
+              - name: PodTopologySpread
+            enabled:
+              - name: CozystackInterPodAffinity
+              - name: CozystackNodeAffinity
+              - name: CozystackPodTopologySpread
+          score:
+            disabled:
+              - name: InterPodAffinity
+              - name: NodeAffinity
+              - name: PodTopologySpread
+            enabled:
+              - name: CozystackInterPodAffinity
+              - name: CozystackNodeAffinity
+              - name: CozystackPodTopologySpread
--- a/packages/system/cozystack-scheduler/templates/deployment.yaml
+++ b/packages/system/cozystack-scheduler/templates/deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cozystack-scheduler
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: cozystack-scheduler
+  template:
+    metadata:
+      labels:
+        app: cozystack-scheduler
+    spec:
+      serviceAccountName: cozystack-scheduler
+      containers:
+        - name: cozystack-scheduler
+          image: {{ .Values.image }}
+          command:
+            - /cozystack-scheduler
+            - --config=/etc/kubernetes/scheduler-config.yaml
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 10259
+              scheme: HTTPS
+            initialDelaySeconds: 15
+          volumeMounts:
+            - name: config
+              mountPath: /etc/kubernetes/scheduler-config.yaml
+              subPath: scheduler-config.yaml
+              readOnly: true
+      volumes:
+        - name: config
+          configMap:
+            name: cozystack-scheduler-config
--- a/packages/system/cozystack-scheduler/templates/rolebinding.yaml
+++ b/packages/system/cozystack-scheduler/templates/rolebinding.yaml
@@ -0,0 +1,40 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cozystack-scheduler:extension-apiserver-authentication-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - kind: ServiceAccount
+    name: cozystack-scheduler
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cozystack-scheduler:leader-election
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create", "get", "list", "update", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leasecandidates"]
+    verbs: ["create", "get", "list", "update", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cozystack-scheduler:leader-election
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cozystack-scheduler:leader-election
+subjects:
+  - kind: ServiceAccount
+    name: cozystack-scheduler
+    namespace: {{ .Release.Namespace }}
--- a/packages/system/cozystack-scheduler/templates/serviceaccount.yaml
+++ b/packages/system/cozystack-scheduler/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cozystack-scheduler
+  namespace: {{ .Release.Namespace }}
--- a/packages/system/cozystack-scheduler/values.yaml
+++ b/packages/system/cozystack-scheduler/values.yaml
@@ -0,0 +1,2 @@
+image: ghcr.io/cozystack/cozystack/cozystack-scheduler:v0.1.0@sha256:5f7150c82177478467ff80628acb5a400291aff503364aa9e26fc346d79a73cf
+replicas: 1
--- a/pkg/cmd/server/openapi.go
+++ b/pkg/cmd/server/openapi.go
@@ -224,8 +224,8 @@ func buildPostProcessV3(kindSchemas map[string]string) func(*spec3.OpenAPI) (*sp
 		base, ok1 := doc.Components.Schemas[baseRef]
 		list, ok2 := doc.Components.Schemas[baseListRef]
 		stat, ok3 := doc.Components.Schemas[baseStatusRef]
-		if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 {
-			return doc, fmt.Errorf("base Application* schemas not found")
+		if !(ok1 && ok2 && ok3) {
+			return doc, nil // not the apps GV — nothing to patch
 		}

 		// Clone base schemas for each kind
@@ -339,8 +339,8 @@ func buildPostProcessV2(kindSchemas map[string]string) func(*spec.Swagger) (*spe
 		base, ok1 := defs[baseRef]
 		list, ok2 := defs[baseListRef]
 		stat, ok3 := defs[baseStatusRef]
-		if !(ok1 && ok2 && ok3) && len(kindSchemas) > 0 {
-			return sw, fmt.Errorf("base Application* schemas not found")
+		if !(ok1 && ok2 && ok3) {
+			return sw, nil // not the apps GV — nothing to patch
 		}

 		for kind, raw := range kindSchemas {
Author	SHA1	Message	Date
Andrei Kvapil	ee8533647b	docs: add changelog for v1.0.5 (#2221 ) This PR adds the changelog for release `v1.0.5`. ✅ Changelog has been automatically generated in `docs/changelogs/v1.0.5.md`. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Bug Fixes * Resolved spurious error messages in OpenAPI post-processing for certain configurations. * Documentation * Enhanced troubleshooting guides and installation instructions. * Expanded operational procedures for backups and CA rotation. * Added custom metrics collection guidance and architecture documentation. * Completed comprehensive v1 documentation refresh. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-13 18:30:18 +01:00
cozystack-bot	b3f356a5ed	docs: add changelog for v1.0.5 Signed-off-by: cozystack-bot <217169706+cozystack-bot@users.noreply.github.com>	2026-03-13 15:41:31 +00:00
Andrei Kvapil	ffd6e628e2	fix(api): skip OpenAPI post-processor for non-apps group versions (#2212 ) ## What this PR does The OpenAPI `PostProcessSpec` callback is invoked for every registered group-version (apps, core, version, etc.), but the Application schema cloning logic only applies to `apps.cozystack.io`. When called for other GVs the base Application schemas are absent, producing a spurious error on every API server start: ``` ERROR klog Failed to build OpenAPI v3 for group version, "base Application* schemas not found" ``` This PR changes the post-processor (both v2 and v3) to return early when the base schemas are not found, instead of returning an error. ### Release note ```release-note [platform] Fix spurious "base Application* schemas not found" error logged on cozystack-api startup ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Bug Fixes * Improved error handling for missing OpenAPI schema components. The system now gracefully continues processing instead of halting when certain base schemas are unavailable. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-13 16:23:18 +01:00
Andrei Kvapil	22f2e4f82a	[bucket] Fix s3manager endpoint mismatch with COSI credentials (#2211 ) ## What this PR does Fixes s3manager UI deployment to use the actual S3 endpoint from BucketInfo (COSI) instead of constructing it from the tenant namespace host. The deployment was using `s3.<tenant>.<cluster-domain>` while credentials issued by COSI point to the root-level S3 endpoint. This mismatch caused "invalid credentials" errors on login even with correct credentials from the bucket secret. Falls back to the constructed namespace host on first deploy before BucketAccess secrets exist. ### Release note ```release-note [bucket] Fix s3manager endpoint mismatch causing "invalid credentials" errors in login mode ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * Refactor * Deployment configuration now supports per-user endpoint customization. Endpoints are dynamically retrieved from account-specific settings, enabling flexible configurations while maintaining backward compatibility for standard deployments without custom settings. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-13 16:23:03 +01:00
Andrei Kvapil	39df52542b	[kubernetes] Fixed k8s<1.32 creation (#2209 ) <!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does This PR adds version specific ubuntu base images to fix errors when base image has new deb packages of kubeadm and kubelet installed, but at runtime it was downgraded by replacing just binaries. Now update by replacing binaries works as intended - latest patch version of minor version used. Core issue was in kubeadm<1.32 expecting conntrack binary in its preflight checks but it was not found. It happened because kubelet deb package dropped conntrack dependency since 1.32 (actually it absent in 1.31.14 too). So now status of supported tenant k8s versions is: - 1.30 - works because kubelet package provided conntrack, also conntrack preflight check ignored (see 1.31). - 1.31 - works because conntrack preflight check ignored (for some reason kubelet 1.31.14 did't provide conntrack dependency, unlike 1.31.13 did). - \>=1.32 - works because conntrack preflight check removed from `kubeadm init` entirely. Conntrack preflight check ignoring is legit for tenant kubernetes clusters because until 1.32 it was used in kube-proxy but cozystack k8s approach doesn't use kube-proxy (replaced with cilium). Issue with conntrack may be mitigated with only `ignorePreflightErrors`, but I think proper base image build will help to avoid similar bugs in future. ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [kubernetes] Fixed tenant k8s older than 1.32 creation by adding version specific ubuntu base images ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * New Features * Added multi-version Kubernetes support with version-specific container images. * Enhanced compatibility with newer Kubernetes releases, including version 1.31. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-13 08:46:32 +01:00
Andrei Kvapil	2b60c010dd	Revert "fix(operator): requeue packages when dependencies are not ready" This reverts commit `f906a0d8ad`. Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2026-03-13 00:56:27 +01:00
Andrei Kvapil	f906a0d8ad	fix(operator): requeue packages when dependencies are not ready When dependencies are not ready the reconciler returned without requeueing, relying solely on watch events to re-trigger. If a watch event was missed (controller restart, race condition, dependency already ready before watch setup), the package would stay stuck in DependenciesNotReady forever. Add RequeueAfter: 30s so dependencies are periodically rechecked. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2026-03-13 00:31:56 +01:00
Andrei Kvapil	ee83aaa82e	fix(api): skip OpenAPI post-processor for non-apps group versions The OpenAPI PostProcessSpec callback is invoked for every group-version (apps, core, version, etc.), but the Application schema cloning logic only applies to apps.cozystack.io. When called for other GVs the base Application schemas are absent, causing a spurious error log on every API server start. Return early instead of erroring when the base schemas are not found. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Andrei Kvapil <kvapss@gmail.com>	2026-03-12 23:58:55 +01:00
IvanHunters	f647cfd7b9	[bucket] Fix s3manager endpoint to use actual S3 endpoint from BucketInfo The deployment template was constructing the S3 endpoint from the tenant's namespace host (e.g. s3.freedom.infra.example.com), while COSI credentials are issued for the actual SeaweedFS endpoint (e.g. s3.infra.example.com). This mismatch caused 'invalid credentials' errors when users tried to log in with valid credentials from the bucket secret. Now the endpoint is resolved from BucketInfo (same source as credentials), with a fallback to the constructed namespace host for first-time deploys before BucketAccess secrets are created. Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>	2026-03-13 01:08:13 +03:00
Andrei Kvapil	941fb02cd1	[cozystack-scheduler] Add custom scheduler as an optional system package (#2205 ) ## What this PR does Adds the cozystack-scheduler as an optional system package, vendored from https://github.com/cozystack/cozystack-scheduler. The scheduler extends the default kube-scheduler with SchedulingClass-aware affinity plugins, allowing platform operators to define cluster-wide scheduling constraints via a SchedulingClass CRD. Pods opt in via the `scheduler.cozystack.io/scheduling-class` annotation. The package includes: - Helm chart with RBAC, ConfigMap, Deployment, and CRD - PackageSource definition for the cozystack package system - Optional inclusion in the platform system bundle ### Release note ```release-note [cozystack-scheduler] Add cozystack-scheduler as an optional system package. The custom scheduler supports SchedulingClass CRDs for cluster-wide node affinity, pod affinity, and topology spread constraints. ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Added cozystack-scheduler component as an optional system package. * Introduced SchedulingClass custom resource for advanced scheduling configurations. * Scheduler supports node affinity, pod affinity, pod anti-affinity, and topology spread constraints. <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-03-12 13:38:25 +01:00
Myasnikov Daniil	f82f13bf32	[kubernetes] Fixed k8s<1.32 creation Signed-off-by: Myasnikov Daniil <myasnikovdaniil2001@gmail.com>	2026-03-12 11:11:25 +05:00
Timofei Larkin	1dd27f6b23	[cozystack-scheduler] Add custom scheduler as an optional system package ## What this PR does Adds the cozystack-scheduler as an optional system package, vendored from https://github.com/cozystack/cozystack-scheduler. The scheduler extends the default kube-scheduler with SchedulingClass-aware affinity plugins, allowing platform operators to define cluster-wide scheduling constraints via a SchedulingClass CRD. Pods opt in via the `scheduler.cozystack.io/scheduling-class` annotation. The package includes: - Helm chart with RBAC, ConfigMap, Deployment, and CRD - PackageSource definition for the cozystack package system - Optional inclusion in the platform system bundle ### Release note ```release-note [cozystack-scheduler] Add cozystack-scheduler as an optional system package. The custom scheduler supports SchedulingClass CRDs for cluster-wide node affinity, pod affinity, and topology spread constraints. ``` Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>	2026-03-10 22:43:41 +03:00
				`@@ -0,0 +1 @@`
				`ttl.sh/rjfkdsjflsk/ubuntu-container-disk:v1.30@sha256:8c2276f68beb67edf5bf76d6c97b271dd9303b336e1d5850ae2b91a590c9bb57`
				`@@ -1 +0,0 @@`
				`ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.35@sha256:39f626c802dd84f95720ffb54fcd80dfb8a58ac280498870d0a1aa30d4252f94`